498 files changed, 93680 insertions, 92033 deletions

diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c
index 373864cd..dff5cd8d 100644
--- a/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_cbc.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,73 +61,74 @@
 
 #if !defined(OPENSSL_FIPS_AES_ASM)
 void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
-		     const unsigned long length, const AES_KEY *key,
-		     unsigned char *ivec, const int enc) {
+                     const unsigned long length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc)
+{
 
-	unsigned long n;
-	unsigned long len = length;
-	unsigned char tmp[AES_BLOCK_SIZE];
-	const unsigned char *iv = ivec;
+    unsigned long n;
+    unsigned long len = length;
+    unsigned char tmp[AES_BLOCK_SIZE];
+    const unsigned char *iv = ivec;
 
-	assert(in && out && key && ivec);
-	assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+    assert(in && out && key && ivec);
+    assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
 
-	if (AES_ENCRYPT == enc) {
-		while (len >= AES_BLOCK_SIZE) {
-			for(n=0; n < AES_BLOCK_SIZE; ++n)
-				out[n] = in[n] ^ iv[n];
-			AES_encrypt(out, out, key);
-			iv = out;
-			len -= AES_BLOCK_SIZE;
-			in += AES_BLOCK_SIZE;
-			out += AES_BLOCK_SIZE;
-		}
-		if (len) {
-			for(n=0; n < len; ++n)
-				out[n] = in[n] ^ iv[n];
-			for(n=len; n < AES_BLOCK_SIZE; ++n)
-				out[n] = iv[n];
-			AES_encrypt(out, out, key);
-			iv = out;
-		}
-		memcpy(ivec,iv,AES_BLOCK_SIZE);
-	} else if (in != out) {
-		while (len >= AES_BLOCK_SIZE) {
-			AES_decrypt(in, out, key);
-			for(n=0; n < AES_BLOCK_SIZE; ++n)
-				out[n] ^= iv[n];
-			iv = in;
-			len -= AES_BLOCK_SIZE;
-			in  += AES_BLOCK_SIZE;
-			out += AES_BLOCK_SIZE;
-		}
-		if (len) {
-			AES_decrypt(in,tmp,key);
-			for(n=0; n < len; ++n)
-				out[n] = tmp[n] ^ iv[n];
-			iv = in;
-		}
-		memcpy(ivec,iv,AES_BLOCK_SIZE);
-	} else {
-		while (len >= AES_BLOCK_SIZE) {
-			memcpy(tmp, in, AES_BLOCK_SIZE);
-			AES_decrypt(in, out, key);
-			for(n=0; n < AES_BLOCK_SIZE; ++n)
-				out[n] ^= ivec[n];
-			memcpy(ivec, tmp, AES_BLOCK_SIZE);
-			len -= AES_BLOCK_SIZE;
-			in += AES_BLOCK_SIZE;
-			out += AES_BLOCK_SIZE;
-		}
-		if (len) {
-			memcpy(tmp, in, AES_BLOCK_SIZE);
-			AES_decrypt(tmp, out, key);
-			for(n=0; n < len; ++n)
-				out[n] ^= ivec[n];
-			for(n=len; n < AES_BLOCK_SIZE; ++n)
-				out[n] = tmp[n];
-			memcpy(ivec, tmp, AES_BLOCK_SIZE);
-		}
-	}
+    if (AES_ENCRYPT == enc) {
+        while (len >= AES_BLOCK_SIZE) {
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] = in[n] ^ iv[n];
+            AES_encrypt(out, out, key);
+            iv = out;
+            len -= AES_BLOCK_SIZE;
+            in += AES_BLOCK_SIZE;
+            out += AES_BLOCK_SIZE;
+        }
+        if (len) {
+            for (n = 0; n < len; ++n)
+                out[n] = in[n] ^ iv[n];
+            for (n = len; n < AES_BLOCK_SIZE; ++n)
+                out[n] = iv[n];
+            AES_encrypt(out, out, key);
+            iv = out;
+        }
+        memcpy(ivec, iv, AES_BLOCK_SIZE);
+    } else if (in != out) {
+        while (len >= AES_BLOCK_SIZE) {
+            AES_decrypt(in, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            iv = in;
+            len -= AES_BLOCK_SIZE;
+            in += AES_BLOCK_SIZE;
+            out += AES_BLOCK_SIZE;
+        }
+        if (len) {
+            AES_decrypt(in, tmp, key);
+            for (n = 0; n < len; ++n)
+                out[n] = tmp[n] ^ iv[n];
+            iv = in;
+        }
+        memcpy(ivec, iv, AES_BLOCK_SIZE);
+    } else {
+        while (len >= AES_BLOCK_SIZE) {
+            memcpy(tmp, in, AES_BLOCK_SIZE);
+            AES_decrypt(in, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= ivec[n];
+            memcpy(ivec, tmp, AES_BLOCK_SIZE);
+            len -= AES_BLOCK_SIZE;
+            in += AES_BLOCK_SIZE;
+            out += AES_BLOCK_SIZE;
+        }
+        if (len) {
+            memcpy(tmp, in, AES_BLOCK_SIZE);
+            AES_decrypt(tmp, out, key);
+            for (n = 0; n < len; ++n)
+                out[n] ^= ivec[n];
+            for (n = len; n < AES_BLOCK_SIZE; ++n)
+                out[n] = tmp[n];
+            memcpy(ivec, tmp, AES_BLOCK_SIZE);
+        }
+    }
 }
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c
index 9384ba67..ded1aa02 100644
--- a/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_cfb.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -54,21 +54,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -83,10 +83,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -98,7 +98,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -116,109 +116,113 @@
 #include "aes_locl.h"
 #include "e_os.h"
 
-/* The input and output encrypted as though 128bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
+/*
+ * The input and output encrypted as though 128bit cfb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
  */
 
 void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
-	const unsigned long length, const AES_KEY *key,
-	unsigned char *ivec, int *num, const int enc) {
-
-	unsigned int n;
-	unsigned long l = length;
-	unsigned char c;
-
-	assert(in && out && key && ivec && num);
-
-	n = *num;
-
-	if (enc) {
-		while (l--) {
-			if (n == 0) {
-				AES_encrypt(ivec, ivec, key);
-			}
-			ivec[n] = *(out++) = *(in++) ^ ivec[n];
-			n = (n+1) % AES_BLOCK_SIZE;
-		}
-	} else {
-		while (l--) {
-			if (n == 0) {
-				AES_encrypt(ivec, ivec, key);
-			}
-			c = *(in);
-			*(out++) = *(in++) ^ ivec[n];
-			ivec[n] = c;
-			n = (n+1) % AES_BLOCK_SIZE;
-		}
-	}
-
-	*num=n;
+                        const unsigned long length, const AES_KEY *key,
+                        unsigned char *ivec, int *num, const int enc)
+{
+
+    unsigned int n;
+    unsigned long l = length;
+    unsigned char c;
+
+    assert(in && out && key && ivec && num);
+
+    n = *num;
+
+    if (enc) {
+        while (l--) {
+            if (n == 0) {
+                AES_encrypt(ivec, ivec, key);
+            }
+            ivec[n] = *(out++) = *(in++) ^ ivec[n];
+            n = (n + 1) % AES_BLOCK_SIZE;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                AES_encrypt(ivec, ivec, key);
+            }
+            c = *(in);
+            *(out++) = *(in++) ^ ivec[n];
+            ivec[n] = c;
+            n = (n + 1) % AES_BLOCK_SIZE;
+        }
+    }
+
+    *num = n;
 }
 
-/* This expects a single block of size nbits for both in and out. Note that
-   it corrupts any extra bits in the last byte of out */
-void AES_cfbr_encrypt_block(const unsigned char *in,unsigned char *out,
-			    const int nbits,const AES_KEY *key,
-			    unsigned char *ivec,const int enc)
-    {
-    int n,rem,num;
-    unsigned char ovec[AES_BLOCK_SIZE*2];
-
-    if (nbits<=0 || nbits>128) return;
-
-	/* fill in the first half of the new IV with the current IV */
-	memcpy(ovec,ivec,AES_BLOCK_SIZE);
-	/* construct the new IV */
-	AES_encrypt(ivec,ivec,key);
-	num = (nbits+7)/8;
-	if (enc)	/* encrypt the input */
-	    for(n=0 ; n < num ; ++n)
-		out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n] ^ ivec[n]);
-	else		/* decrypt the input */
-	    for(n=0 ; n < num ; ++n)
-		out[n] = (ovec[AES_BLOCK_SIZE+n] = in[n]) ^ ivec[n];
-	/* shift ovec left... */
-	rem = nbits%8;
-	num = nbits/8;
-	if(rem==0)
-	    memcpy(ivec,ovec+num,AES_BLOCK_SIZE);
-	else
-	    for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-		ivec[n] = ovec[n+num]<<rem | ovec[n+num+1]>>(8-rem);
+/*
+ * This expects a single block of size nbits for both in and out. Note that
+ * it corrupts any extra bits in the last byte of out
+ */
+void AES_cfbr_encrypt_block(const unsigned char *in, unsigned char *out,
+                            const int nbits, const AES_KEY *key,
+                            unsigned char *ivec, const int enc)
+{
+    int n, rem, num;
+    unsigned char ovec[AES_BLOCK_SIZE * 2];
+
+    if (nbits <= 0 || nbits > 128)
+        return;
+
+    /* fill in the first half of the new IV with the current IV */
+    memcpy(ovec, ivec, AES_BLOCK_SIZE);
+    /* construct the new IV */
+    AES_encrypt(ivec, ivec, key);
+    num = (nbits + 7) / 8;
+    if (enc)                    /* encrypt the input */
+        for (n = 0; n < num; ++n)
+            out[n] = (ovec[AES_BLOCK_SIZE + n] = in[n] ^ ivec[n]);
+    else                        /* decrypt the input */
+        for (n = 0; n < num; ++n)
+            out[n] = (ovec[AES_BLOCK_SIZE + n] = in[n]) ^ ivec[n];
+    /* shift ovec left... */
+    rem = nbits % 8;
+    num = nbits / 8;
+    if (rem == 0)
+        memcpy(ivec, ovec + num, AES_BLOCK_SIZE);
+    else
+        for (n = 0; n < AES_BLOCK_SIZE; ++n)
+            ivec[n] = ovec[n + num] << rem | ovec[n + num + 1] >> (8 - rem);
 
     /* it is not necessary to cleanse ovec, since the IV is not secret */
-    }
+}
 
 /* N.B. This expects the input to be packed, MS bit first */
 void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
-		      const unsigned long length, const AES_KEY *key,
-		      unsigned char *ivec, int *num, const int enc)
-    {
+                      const unsigned long length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc)
+{
     unsigned int n;
-    unsigned char c[1],d[1];
+    unsigned char c[1], d[1];
 
     assert(in && out && key && ivec && num);
     assert(*num == 0);
 
-    for(n=0 ; n < length ; ++n)
-	{
-	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-	AES_cfbr_encrypt_block(c,d,1,key,ivec,enc);
-	out[n/8]=(out[n/8]&~(1 << (7-n%8)))|((d[0]&0x80) >> (n%8));
-	}
+    for (n = 0; n < length; ++n) {
+        c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+        AES_cfbr_encrypt_block(c, d, 1, key, ivec, enc);
+        out[n / 8] =
+            (out[n / 8] & ~(1 << (7 - n % 8))) | ((d[0] & 0x80) >> (n % 8));
     }
+}
 
 void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
-		      const unsigned long length, const AES_KEY *key,
-		      unsigned char *ivec, int *num, const int enc)
-    {
+                      const unsigned long length, const AES_KEY *key,
+                      unsigned char *ivec, int *num, const int enc)
+{
     unsigned int n;
 
     assert(in && out && key && ivec && num);
     assert(*num == 0);
 
-    for(n=0 ; n < length ; ++n)
-	AES_cfbr_encrypt_block(&in[n],&out[n],8,key,ivec,enc);
-    }
-
+    for (n = 0; n < length; ++n)
+        AES_cfbr_encrypt_block(&in[n], &out[n], 8, key, ivec, enc);
+}
diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_core.c b/Cryptlib/OpenSSL/crypto/aes/aes_core.c
index cffdd4da..cf73de8a 100644
--- a/Cryptlib/OpenSSL/crypto/aes/aes_core.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_core.c
@@ -43,7 +43,7 @@
 
 #include "aes_locl.h"
 
-/*
+/*-
 Te0[x] = S [x].[02, 01, 01, 03];
 Te1[x] = S [x].[03, 02, 01, 01];
 Te2[x] = S [x].[01, 03, 02, 01];
@@ -620,165 +620,166 @@ static const u8 Td4[256] = {
     0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU,
 };
 static const u32 rcon[] = {
-	0x01000000, 0x02000000, 0x04000000, 0x08000000,
-	0x10000000, 0x20000000, 0x40000000, 0x80000000,
-	0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
+    0x01000000, 0x02000000, 0x04000000, 0x08000000,
+    0x10000000, 0x20000000, 0x40000000, 0x80000000,
+    0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */
 };
 
 /**
  * Expand the cipher key into the encryption key schedule.
  */
 int AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-			AES_KEY *key) {
-
-	u32 *rk;
-   	int i = 0;
-	u32 temp;
+                        AES_KEY *key)
+{
+    u32 *rk;
+    int i = 0;
+    u32 temp;
 
 #ifdef OPENSSL_FIPS
-	FIPS_selftest_check();
+    FIPS_selftest_check();
 #endif
 
-	if (!userKey || !key)
-		return -1;
-	if (bits != 128 && bits != 192 && bits != 256)
-		return -2;
+    if (!userKey || !key)
+        return -1;
+    if (bits != 128 && bits != 192 && bits != 256)
+        return -2;
 
-	rk = key->rd_key;
+    rk = key->rd_key;
 
-	if (bits==128)
-		key->rounds = 10;
-	else if (bits==192)
-		key->rounds = 12;
-	else
-		key->rounds = 14;
+    if (bits==128)
+        key->rounds = 10;
+    else if (bits==192)
+        key->rounds = 12;
+    else
+        key->rounds = 14;
 
-	rk[0] = GETU32(userKey     );
-	rk[1] = GETU32(userKey +  4);
-	rk[2] = GETU32(userKey +  8);
-	rk[3] = GETU32(userKey + 12);
-	if (bits == 128) {
-		while (1) {
-			temp  = rk[3];
-			rk[4] = rk[0] ^
-				(Te2[(temp >> 16) & 0xff] & 0xff000000) ^
-				(Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
-				(Te0[(temp      ) & 0xff] & 0x0000ff00) ^
-				(Te1[(temp >> 24)       ] & 0x000000ff) ^
-				rcon[i];
-			rk[5] = rk[1] ^ rk[4];
-			rk[6] = rk[2] ^ rk[5];
-			rk[7] = rk[3] ^ rk[6];
-			if (++i == 10) {
-				return 0;
-			}
-			rk += 4;
-		}
-	}
-	rk[4] = GETU32(userKey + 16);
-	rk[5] = GETU32(userKey + 20);
-	if (bits == 192) {
-		while (1) {
-			temp = rk[ 5];
-			rk[ 6] = rk[ 0] ^
-				(Te2[(temp >> 16) & 0xff] & 0xff000000) ^
-				(Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
-				(Te0[(temp      ) & 0xff] & 0x0000ff00) ^
-				(Te1[(temp >> 24)       ] & 0x000000ff) ^
-				rcon[i];
-			rk[ 7] = rk[ 1] ^ rk[ 6];
-			rk[ 8] = rk[ 2] ^ rk[ 7];
-			rk[ 9] = rk[ 3] ^ rk[ 8];
-			if (++i == 8) {
-				return 0;
-			}
-			rk[10] = rk[ 4] ^ rk[ 9];
-			rk[11] = rk[ 5] ^ rk[10];
-			rk += 6;
-		}
-	}
-	rk[6] = GETU32(userKey + 24);
-	rk[7] = GETU32(userKey + 28);
-	if (bits == 256) {
-		while (1) {
-			temp = rk[ 7];
-			rk[ 8] = rk[ 0] ^
-				(Te2[(temp >> 16) & 0xff] & 0xff000000) ^
-				(Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
-				(Te0[(temp      ) & 0xff] & 0x0000ff00) ^
-				(Te1[(temp >> 24)       ] & 0x000000ff) ^
-				rcon[i];
-			rk[ 9] = rk[ 1] ^ rk[ 8];
-			rk[10] = rk[ 2] ^ rk[ 9];
-			rk[11] = rk[ 3] ^ rk[10];
-			if (++i == 7) {
-				return 0;
-			}
-			temp = rk[11];
-			rk[12] = rk[ 4] ^
-				(Te2[(temp >> 24)       ] & 0xff000000) ^
-				(Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
-				(Te0[(temp >>  8) & 0xff] & 0x0000ff00) ^
-				(Te1[(temp      ) & 0xff] & 0x000000ff);
-			rk[13] = rk[ 5] ^ rk[12];
-			rk[14] = rk[ 6] ^ rk[13];
-			rk[15] = rk[ 7] ^ rk[14];
+    rk[0] = GETU32(userKey     );
+    rk[1] = GETU32(userKey +  4);
+    rk[2] = GETU32(userKey +  8);
+    rk[3] = GETU32(userKey + 12);
+    if (bits == 128) {
+        while (1) {
+            temp  = rk[3];
+            rk[4] = rk[0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[5] = rk[1] ^ rk[4];
+            rk[6] = rk[2] ^ rk[5];
+            rk[7] = rk[3] ^ rk[6];
+            if (++i == 10) {
+                return 0;
+            }
+            rk += 4;
+        }
+    }
+    rk[4] = GETU32(userKey + 16);
+    rk[5] = GETU32(userKey + 20);
+    if (bits == 192) {
+        while (1) {
+            temp = rk[ 5];
+            rk[ 6] = rk[ 0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[ 7] = rk[ 1] ^ rk[ 6];
+            rk[ 8] = rk[ 2] ^ rk[ 7];
+            rk[ 9] = rk[ 3] ^ rk[ 8];
+            if (++i == 8) {
+                return 0;
+            }
+            rk[10] = rk[ 4] ^ rk[ 9];
+            rk[11] = rk[ 5] ^ rk[10];
+            rk += 6;
+        }
+    }
+    rk[6] = GETU32(userKey + 24);
+    rk[7] = GETU32(userKey + 28);
+    if (bits == 256) {
+        while (1) {
+            temp = rk[ 7];
+            rk[ 8] = rk[ 0] ^
+                (Te2[(temp >> 16) & 0xff] & 0xff000000) ^
+                (Te3[(temp >>  8) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp      ) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp >> 24)       ] & 0x000000ff) ^
+                rcon[i];
+            rk[ 9] = rk[ 1] ^ rk[ 8];
+            rk[10] = rk[ 2] ^ rk[ 9];
+            rk[11] = rk[ 3] ^ rk[10];
+            if (++i == 7) {
+                return 0;
+            }
+            temp = rk[11];
+            rk[12] = rk[ 4] ^
+                (Te2[(temp >> 24)       ] & 0xff000000) ^
+                (Te3[(temp >> 16) & 0xff] & 0x00ff0000) ^
+                (Te0[(temp >>  8) & 0xff] & 0x0000ff00) ^
+                (Te1[(temp      ) & 0xff] & 0x000000ff);
+            rk[13] = rk[ 5] ^ rk[12];
+            rk[14] = rk[ 6] ^ rk[13];
+            rk[15] = rk[ 7] ^ rk[14];
 
-			rk += 8;
-        	}
-	}
-	return 0;
+            rk += 8;
+            }
+    }
+    return 0;
 }
 
 /**
  * Expand the cipher key into the decryption key schedule.
  */
 int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-			 AES_KEY *key) {
+                        AES_KEY *key)
+{
 
-        u32 *rk;
-	int i, j, status;
-	u32 temp;
+    u32 *rk;
+    int i, j, status;
+    u32 temp;
 
-	/* first, start with an encryption schedule */
-	status = AES_set_encrypt_key(userKey, bits, key);
-	if (status < 0)
-		return status;
+    /* first, start with an encryption schedule */
+    status = AES_set_encrypt_key(userKey, bits, key);
+    if (status < 0)
+        return status;
 
-	rk = key->rd_key;
+    rk = key->rd_key;
 
-	/* invert the order of the round keys: */
-	for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
-		temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
-		temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
-		temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
-		temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
-	}
-	/* apply the inverse MixColumn transform to all round keys but the first and the last: */
-	for (i = 1; i < (key->rounds); i++) {
-		rk += 4;
-		rk[0] =
-			Td0[Te1[(rk[0] >> 24)       ] & 0xff] ^
-			Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
-			Td2[Te1[(rk[0] >>  8) & 0xff] & 0xff] ^
-			Td3[Te1[(rk[0]      ) & 0xff] & 0xff];
-		rk[1] =
-			Td0[Te1[(rk[1] >> 24)       ] & 0xff] ^
-			Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
-			Td2[Te1[(rk[1] >>  8) & 0xff] & 0xff] ^
-			Td3[Te1[(rk[1]      ) & 0xff] & 0xff];
-		rk[2] =
-			Td0[Te1[(rk[2] >> 24)       ] & 0xff] ^
-			Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
-			Td2[Te1[(rk[2] >>  8) & 0xff] & 0xff] ^
-			Td3[Te1[(rk[2]      ) & 0xff] & 0xff];
-		rk[3] =
-			Td0[Te1[(rk[3] >> 24)       ] & 0xff] ^
-			Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
-			Td2[Te1[(rk[3] >>  8) & 0xff] & 0xff] ^
-			Td3[Te1[(rk[3]      ) & 0xff] & 0xff];
-	}
-	return 0;
+    /* invert the order of the round keys: */
+    for (i = 0, j = 4*(key->rounds); i < j; i += 4, j -= 4) {
+        temp = rk[i    ]; rk[i    ] = rk[j    ]; rk[j    ] = temp;
+        temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp;
+        temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp;
+        temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp;
+    }
+    /* apply the inverse MixColumn transform to all round keys but the first and the last: */
+    for (i = 1; i < (key->rounds); i++) {
+        rk += 4;
+        rk[0] =
+            Td0[Te1[(rk[0] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[0] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[0] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[0]      ) & 0xff] & 0xff];
+        rk[1] =
+            Td0[Te1[(rk[1] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[1] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[1] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[1]      ) & 0xff] & 0xff];
+        rk[2] =
+            Td0[Te1[(rk[2] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[2] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[2] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[2]      ) & 0xff] & 0xff];
+        rk[3] =
+            Td0[Te1[(rk[3] >> 24)       ] & 0xff] ^
+            Td1[Te1[(rk[3] >> 16) & 0xff] & 0xff] ^
+            Td2[Te1[(rk[3] >>  8) & 0xff] & 0xff] ^
+            Td3[Te1[(rk[3]      ) & 0xff] & 0xff];
+    }
+    return 0;
 }
 
 #ifndef AES_ASM
@@ -787,71 +788,71 @@ int AES_set_decrypt_key(const unsigned char *userKey, const int bits,
  * in and out can overlap
  */
 void AES_encrypt(const unsigned char *in, unsigned char *out,
-		 const AES_KEY *key) {
+                 const AES_KEY *key) {
 
-	const u32 *rk;
-	u32 s0, s1, s2, s3, t0, t1, t2, t3;
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t0, t1, t2, t3;
 #ifndef FULL_UNROLL
-	int r;
+    int r;
 #endif /* ?FULL_UNROLL */
 
-	assert(in && out && key);
-	rk = key->rd_key;
+    assert(in && out && key);
+    rk = key->rd_key;
 
-	/*
-	 * map byte array block to cipher state
-	 * and add initial round key:
-	 */
-	s0 = GETU32(in     ) ^ rk[0];
-	s1 = GETU32(in +  4) ^ rk[1];
-	s2 = GETU32(in +  8) ^ rk[2];
-	s3 = GETU32(in + 12) ^ rk[3];
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
+    s0 = GETU32(in     ) ^ rk[0];
+    s1 = GETU32(in +  4) ^ rk[1];
+    s2 = GETU32(in +  8) ^ rk[2];
+    s3 = GETU32(in + 12) ^ rk[3];
 #ifdef FULL_UNROLL
-	/* round 1: */
-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
-   	/* round 2: */
-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
-	/* round 3: */
-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
-   	/* round 4: */
-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
-	/* round 5: */
-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
-   	/* round 6: */
-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
-	/* round 7: */
-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
-   	/* round 8: */
-   	s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
-   	s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
-   	s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
-   	s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
-	/* round 9: */
-   	t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
-   	t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
-   	t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
-   	t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
+    /* round 1: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[ 4];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[ 5];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[ 6];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[ 7];
+    /* round 2: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[ 8];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[ 9];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[10];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[11];
+    /* round 3: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[12];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[13];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[14];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[15];
+    /* round 4: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[16];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[17];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[18];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[19];
+    /* round 5: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[20];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[21];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[22];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[23];
+    /* round 6: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[24];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[25];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[26];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[27];
+    /* round 7: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[28];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[29];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[30];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[31];
+    /* round 8: */
+    s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[32];
+    s1 = Te0[t1 >> 24] ^ Te1[(t2 >> 16) & 0xff] ^ Te2[(t3 >>  8) & 0xff] ^ Te3[t0 & 0xff] ^ rk[33];
+    s2 = Te0[t2 >> 24] ^ Te1[(t3 >> 16) & 0xff] ^ Te2[(t0 >>  8) & 0xff] ^ Te3[t1 & 0xff] ^ rk[34];
+    s3 = Te0[t3 >> 24] ^ Te1[(t0 >> 16) & 0xff] ^ Te2[(t1 >>  8) & 0xff] ^ Te3[t2 & 0xff] ^ rk[35];
+    /* round 9: */
+    t0 = Te0[s0 >> 24] ^ Te1[(s1 >> 16) & 0xff] ^ Te2[(s2 >>  8) & 0xff] ^ Te3[s3 & 0xff] ^ rk[36];
+    t1 = Te0[s1 >> 24] ^ Te1[(s2 >> 16) & 0xff] ^ Te2[(s3 >>  8) & 0xff] ^ Te3[s0 & 0xff] ^ rk[37];
+    t2 = Te0[s2 >> 24] ^ Te1[(s3 >> 16) & 0xff] ^ Te2[(s0 >>  8) & 0xff] ^ Te3[s1 & 0xff] ^ rk[38];
+    t3 = Te0[s3 >> 24] ^ Te1[(s0 >> 16) & 0xff] ^ Te2[(s1 >>  8) & 0xff] ^ Te3[s2 & 0xff] ^ rk[39];
     if (key->rounds > 10) {
         /* round 10: */
         s0 = Te0[t0 >> 24] ^ Te1[(t1 >> 16) & 0xff] ^ Te2[(t2 >>  8) & 0xff] ^ Te3[t3 & 0xff] ^ rk[40];
@@ -940,37 +941,37 @@ void AES_encrypt(const unsigned char *in, unsigned char *out,
     }
 #endif /* ?FULL_UNROLL */
     /*
-	 * apply last round and
-	 * map cipher state to byte array block:
-	 */
-	s0 =
-		(Te2[(t0 >> 24)       ] & 0xff000000) ^
-		(Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te0[(t2 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te1[(t3      ) & 0xff] & 0x000000ff) ^
-		rk[0];
-	PUTU32(out     , s0);
-	s1 =
-		(Te2[(t1 >> 24)       ] & 0xff000000) ^
-		(Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te0[(t3 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te1[(t0      ) & 0xff] & 0x000000ff) ^
-		rk[1];
-	PUTU32(out +  4, s1);
-	s2 =
-		(Te2[(t2 >> 24)       ] & 0xff000000) ^
-		(Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te0[(t0 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te1[(t1      ) & 0xff] & 0x000000ff) ^
-		rk[2];
-	PUTU32(out +  8, s2);
-	s3 =
-		(Te2[(t3 >> 24)       ] & 0xff000000) ^
-		(Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
-		(Te0[(t1 >>  8) & 0xff] & 0x0000ff00) ^
-		(Te1[(t2      ) & 0xff] & 0x000000ff) ^
-		rk[3];
-	PUTU32(out + 12, s3);
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        (Te2[(t0 >> 24)       ] & 0xff000000) ^
+        (Te3[(t1 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t2 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t3      ) & 0xff] & 0x000000ff) ^
+        rk[0];
+    PUTU32(out     , s0);
+    s1 =
+        (Te2[(t1 >> 24)       ] & 0xff000000) ^
+        (Te3[(t2 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t3 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t0      ) & 0xff] & 0x000000ff) ^
+        rk[1];
+    PUTU32(out +  4, s1);
+    s2 =
+        (Te2[(t2 >> 24)       ] & 0xff000000) ^
+        (Te3[(t3 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t0 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t1      ) & 0xff] & 0x000000ff) ^
+        rk[2];
+    PUTU32(out +  8, s2);
+    s3 =
+        (Te2[(t3 >> 24)       ] & 0xff000000) ^
+        (Te3[(t0 >> 16) & 0xff] & 0x00ff0000) ^
+        (Te0[(t1 >>  8) & 0xff] & 0x0000ff00) ^
+        (Te1[(t2      ) & 0xff] & 0x000000ff) ^
+        rk[3];
+    PUTU32(out + 12, s3);
 }
 
 /*
@@ -978,21 +979,22 @@ void AES_encrypt(const unsigned char *in, unsigned char *out,
  * in and out can overlap
  */
 void AES_decrypt(const unsigned char *in, unsigned char *out,
-		 const AES_KEY *key) {
+                 const AES_KEY *key)
+{
 
-	const u32 *rk;
-	u32 s0, s1, s2, s3, t0, t1, t2, t3;
+    const u32 *rk;
+    u32 s0, s1, s2, s3, t0, t1, t2, t3;
 #ifndef FULL_UNROLL
-	int r;
+    int r;
 #endif /* ?FULL_UNROLL */
 
-	assert(in && out && key);
-	rk = key->rd_key;
+    assert(in && out && key);
+    rk = key->rd_key;
 
-	/*
-	 * map byte array block to cipher state
-	 * and add initial round key:
-	 */
+    /*
+     * map byte array block to cipher state
+     * and add initial round key:
+     */
     s0 = GETU32(in     ) ^ rk[0];
     s1 = GETU32(in +  4) ^ rk[1];
     s2 = GETU32(in +  8) ^ rk[2];
@@ -1067,7 +1069,7 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
             t3 = Td0[s3 >> 24] ^ Td1[(s2 >> 16) & 0xff] ^ Td2[(s1 >>  8) & 0xff] ^ Td3[s0 & 0xff] ^ rk[55];
         }
     }
-	rk += key->rounds << 2;
+    rk += key->rounds << 2;
 #else  /* !FULL_UNROLL */
     /*
      * Nr - 1 full rounds:
@@ -1131,37 +1133,37 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
     }
 #endif /* ?FULL_UNROLL */
     /*
-	 * apply last round and
-	 * map cipher state to byte array block:
-	 */
-   	s0 =
-   		(Td4[(t0 >> 24)       ] << 24) ^
-   		(Td4[(t3 >> 16) & 0xff] << 16) ^
-   		(Td4[(t2 >>  8) & 0xff] <<  8) ^
-   		(Td4[(t1      ) & 0xff])       ^
-   		rk[0];
-	PUTU32(out     , s0);
-   	s1 =
-   		(Td4[(t1 >> 24)       ] << 24) ^
-   		(Td4[(t0 >> 16) & 0xff] << 16) ^
-   		(Td4[(t3 >>  8) & 0xff] <<  8) ^
-   		(Td4[(t2      ) & 0xff])       ^
-   		rk[1];
-	PUTU32(out +  4, s1);
-   	s2 =
-   		(Td4[(t2 >> 24)       ] << 24) ^
-   		(Td4[(t1 >> 16) & 0xff] << 16) ^
-   		(Td4[(t0 >>  8) & 0xff] <<  8) ^
-   		(Td4[(t3      ) & 0xff])       ^
-   		rk[2];
-	PUTU32(out +  8, s2);
-   	s3 =
-   		(Td4[(t3 >> 24)       ] << 24) ^
-   		(Td4[(t2 >> 16) & 0xff] << 16) ^
-   		(Td4[(t1 >>  8) & 0xff] <<  8) ^
-   		(Td4[(t0      ) & 0xff])       ^
-   		rk[3];
-	PUTU32(out + 12, s3);
+     * apply last round and
+     * map cipher state to byte array block:
+     */
+    s0 =
+        (Td4[(t0 >> 24)       ] << 24) ^
+        (Td4[(t3 >> 16) & 0xff] << 16) ^
+        (Td4[(t2 >>  8) & 0xff] <<  8) ^
+        (Td4[(t1      ) & 0xff])       ^
+        rk[0];
+    PUTU32(out     , s0);
+    s1 =
+        (Td4[(t1 >> 24)       ] << 24) ^
+        (Td4[(t0 >> 16) & 0xff] << 16) ^
+        (Td4[(t3 >>  8) & 0xff] <<  8) ^
+        (Td4[(t2      ) & 0xff])       ^
+        rk[1];
+    PUTU32(out +  4, s1);
+    s2 =
+        (Td4[(t2 >> 24)       ] << 24) ^
+        (Td4[(t1 >> 16) & 0xff] << 16) ^
+        (Td4[(t0 >>  8) & 0xff] <<  8) ^
+        (Td4[(t3      ) & 0xff])       ^
+        rk[2];
+    PUTU32(out +  8, s2);
+    s3 =
+        (Td4[(t3 >> 24)       ] << 24) ^
+        (Td4[(t2 >> 16) & 0xff] << 16) ^
+        (Td4[(t1 >>  8) & 0xff] <<  8) ^
+        (Td4[(t0      ) & 0xff])       ^
+        rk[3];
+    PUTU32(out + 12, s3);
 }
 
 #endif /* AES_ASM */
diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c
index f36982be..fa82b2c4 100644
--- a/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ctr.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -59,81 +59,87 @@
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
-/* NOTE: the IV/counter CTR mode is big-endian.  The rest of the AES code
- * is endian-neutral. */
+/*
+ * NOTE: the IV/counter CTR mode is big-endian.  The rest of the AES code is
+ * endian-neutral.
+ */
 
 /* increment counter (128-bit int) by 1 */
-static void AES_ctr128_inc(unsigned char *counter) {
-	unsigned long c;
-
-	/* Grab bottom dword of counter and increment */
-	c = GETU32(counter + 12);
-	c++;	c &= 0xFFFFFFFF;
-	PUTU32(counter + 12, c);
-
-	/* if no overflow, we're done */
-	if (c)
-		return;
-
-	/* Grab 1st dword of counter and increment */
-	c = GETU32(counter +  8);
-	c++;	c &= 0xFFFFFFFF;
-	PUTU32(counter +  8, c);
-
-	/* if no overflow, we're done */
-	if (c)
-		return;
-
-	/* Grab 2nd dword of counter and increment */
-	c = GETU32(counter +  4);
-	c++;	c &= 0xFFFFFFFF;
-	PUTU32(counter +  4, c);
-
-	/* if no overflow, we're done */
-	if (c)
-		return;
-
-	/* Grab top dword of counter and increment */
-	c = GETU32(counter +  0);
-	c++;	c &= 0xFFFFFFFF;
-	PUTU32(counter +  0, c);
+static void AES_ctr128_inc(unsigned char *counter)
+{
+    unsigned long c;
+
+    /* Grab bottom dword of counter and increment */
+    c = GETU32(counter + 12);
+    c++;
+    c &= 0xFFFFFFFF;
+    PUTU32(counter + 12, c);
+
+    /* if no overflow, we're done */
+    if (c)
+        return;
+
+    /* Grab 1st dword of counter and increment */
+    c = GETU32(counter + 8);
+    c++;
+    c &= 0xFFFFFFFF;
+    PUTU32(counter + 8, c);
+
+    /* if no overflow, we're done */
+    if (c)
+        return;
+
+    /* Grab 2nd dword of counter and increment */
+    c = GETU32(counter + 4);
+    c++;
+    c &= 0xFFFFFFFF;
+    PUTU32(counter + 4, c);
+
+    /* if no overflow, we're done */
+    if (c)
+        return;
+
+    /* Grab top dword of counter and increment */
+    c = GETU32(counter + 0);
+    c++;
+    c &= 0xFFFFFFFF;
+    PUTU32(counter + 0, c);
 }
 
-/* The input encrypted as though 128bit counter mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num, and the
- * encrypted counter is kept in ecount_buf.  Both *num and
- * ecount_buf must be initialised with zeros before the first
- * call to AES_ctr128_encrypt().
- *
- * This algorithm assumes that the counter is in the x lower bits
- * of the IV (ivec), and that the application has full control over
- * overflow and the rest of the IV.  This implementation takes NO
- * responsability for checking that the counter doesn't overflow
- * into the rest of the IV when incremented.
+/*
+ * The input encrypted as though 128bit counter mode is being used.  The
+ * extra state information to record how much of the 128bit block we have
+ * used is contained in *num, and the encrypted counter is kept in
+ * ecount_buf.  Both *num and ecount_buf must be initialised with zeros
+ * before the first call to AES_ctr128_encrypt(). This algorithm assumes
+ * that the counter is in the x lower bits of the IV (ivec), and that the
+ * application has full control over overflow and the rest of the IV.  This
+ * implementation takes NO responsability for checking that the counter
+ * doesn't overflow into the rest of the IV when incremented.
  */
 void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
-	const unsigned long length, const AES_KEY *key,
-	unsigned char ivec[AES_BLOCK_SIZE],
-	unsigned char ecount_buf[AES_BLOCK_SIZE],
-	unsigned int *num) {
-
-	unsigned int n;
-	unsigned long l=length;
-
-	assert(in && out && key && counter && num);
-	assert(*num < AES_BLOCK_SIZE);
-
-	n = *num;
-
-	while (l--) {
-		if (n == 0) {
-			AES_encrypt(ivec, ecount_buf, key);
- 			AES_ctr128_inc(ivec);
-		}
-		*(out++) = *(in++) ^ ecount_buf[n];
-		n = (n+1) % AES_BLOCK_SIZE;
-	}
-
-	*num=n;
+                        const unsigned long length, const AES_KEY *key,
+                        unsigned char ivec[AES_BLOCK_SIZE],
+                        unsigned char ecount_buf[AES_BLOCK_SIZE],
+                        unsigned int *num)
+{
+
+    unsigned int n;
+    unsigned long l = length;
+
+    assert(in && out && key && counter && num);
+    assert(*num < AES_BLOCK_SIZE);
+
+    n = *num;
+
+    while (l--) {
+        if (n == 0) {
+            AES_encrypt(ivec, ecount_buf, key);
+            AES_ctr128_inc(ivec);
+        }
+        *(out++) = *(in++) ^ ecount_buf[n];
+        n = (n + 1) % AES_BLOCK_SIZE;
+    }
+
+    *num = n;
 }
diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c
index 28aa561c..2e0d20ca 100644
--- a/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ecb.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,14 +60,14 @@
 #include "aes_locl.h"
 
 void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
-		     const AES_KEY *key, const int enc) {
+                     const AES_KEY *key, const int enc)
+{
 
-        assert(in && out && key);
-	assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
+    assert(in && out && key);
+    assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
 
-	if (AES_ENCRYPT == enc)
-		AES_encrypt(in, out, key);
-	else
-		AES_decrypt(in, out, key);
+    if (AES_ENCRYPT == enc)
+        AES_encrypt(in, out, key);
+    else
+        AES_decrypt(in, out, key);
 }
-
diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c
index 45d70961..0fa28c38 100644
--- a/Cryptlib/OpenSSL/crypto/aes/aes_ige.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ige.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,152 +56,147 @@
 
 #define N_WORDS (AES_BLOCK_SIZE / sizeof(unsigned long))
 typedef struct {
-        unsigned long data[N_WORDS];
+    unsigned long data[N_WORDS];
 } aes_block_t;
 
 /* XXX: probably some better way to do this */
 #if defined(__i386__) || defined(__x86_64__)
-#define UNALIGNED_MEMOPS_ARE_FAST 1
+# define UNALIGNED_MEMOPS_ARE_FAST 1
 #else
-#define UNALIGNED_MEMOPS_ARE_FAST 0
+# define UNALIGNED_MEMOPS_ARE_FAST 0
 #endif
 
 #if UNALIGNED_MEMOPS_ARE_FAST
-#define load_block(d, s)        (d) = *(const aes_block_t *)(s)
-#define store_block(d, s)       *(aes_block_t *)(d) = (s)
+# define load_block(d, s)        (d) = *(const aes_block_t *)(s)
+# define store_block(d, s)       *(aes_block_t *)(d) = (s)
 #else
-#define load_block(d, s)        memcpy((d).data, (s), AES_BLOCK_SIZE)
-#define store_block(d, s)       memcpy((d), (s).data, AES_BLOCK_SIZE)
+# define load_block(d, s)        memcpy((d).data, (s), AES_BLOCK_SIZE)
+# define store_block(d, s)       memcpy((d), (s).data, AES_BLOCK_SIZE)
 #endif
 
 /* N.B. The IV for this mode is _twice_ the block size */
 
 void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
-					 const unsigned long length, const AES_KEY *key,
-					 unsigned char *ivec, const int enc)
-	{
-	unsigned long n;
-	unsigned long len;
+                     const unsigned long length, const AES_KEY *key,
+                     unsigned char *ivec, const int enc)
+{
+    unsigned long n;
+    unsigned long len;
 
-	OPENSSL_assert(in && out && key && ivec);
-	OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
-	OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);
+    OPENSSL_assert(in && out && key && ivec);
+    OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+    OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
 
-	len = length / AES_BLOCK_SIZE;
+    len = length / AES_BLOCK_SIZE;
 
-	if (AES_ENCRYPT == enc)
-		{
-		if (in != out &&
-		    (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
-			{
-			aes_block_t *ivp = (aes_block_t *)ivec;
-			aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
+    if (AES_ENCRYPT == enc) {
+        if (in != out &&
+            (UNALIGNED_MEMOPS_ARE_FAST
+             || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
+             0)) {
+            aes_block_t *ivp = (aes_block_t *) ivec;
+            aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
 
-			while (len)
-				{
-				aes_block_t *inp = (aes_block_t *)in;
-				aes_block_t *outp = (aes_block_t *)out;
+            while (len) {
+                aes_block_t *inp = (aes_block_t *) in;
+                aes_block_t *outp = (aes_block_t *) out;
 
-				for(n=0 ; n < N_WORDS; ++n)
-					outp->data[n] = inp->data[n] ^ ivp->data[n];
-				AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key);
-				for(n=0 ; n < N_WORDS; ++n)
-					outp->data[n] ^= iv2p->data[n];
-				ivp = outp;
-				iv2p = inp;
-				--len;
-				in += AES_BLOCK_SIZE;
-				out += AES_BLOCK_SIZE;
-				}
-			memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
-			memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
-			}
-		else
-			{
-			aes_block_t tmp, tmp2;
-			aes_block_t iv;
-			aes_block_t iv2;
+                for (n = 0; n < N_WORDS; ++n)
+                    outp->data[n] = inp->data[n] ^ ivp->data[n];
+                AES_encrypt((unsigned char *)outp->data,
+                            (unsigned char *)outp->data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    outp->data[n] ^= iv2p->data[n];
+                ivp = outp;
+                iv2p = inp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+        } else {
+            aes_block_t tmp, tmp2;
+            aes_block_t iv;
+            aes_block_t iv2;
 
-			load_block(iv, ivec);
-			load_block(iv2, ivec + AES_BLOCK_SIZE);
+            load_block(iv, ivec);
+            load_block(iv2, ivec + AES_BLOCK_SIZE);
 
-			while (len)
-				{
-				load_block(tmp, in);
-				for(n=0 ; n < N_WORDS; ++n)
-					tmp2.data[n] = tmp.data[n] ^ iv.data[n];
-				AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key);
-				for(n=0 ; n < N_WORDS; ++n)
-					tmp2.data[n] ^= iv2.data[n];
-				store_block(out, tmp2);
-				iv = tmp2;
-				iv2 = tmp;
-				--len;
-				in += AES_BLOCK_SIZE;
-				out += AES_BLOCK_SIZE;
-				}
-			memcpy(ivec, iv.data, AES_BLOCK_SIZE);
-			memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
-			}
-		}
-	else
-		{
-		if (in != out &&
-		    (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
-			{
-			aes_block_t *ivp = (aes_block_t *)ivec;
-			aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);
+            while (len) {
+                load_block(tmp, in);
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp2.data[n] = tmp.data[n] ^ iv.data[n];
+                AES_encrypt((unsigned char *)tmp2.data,
+                            (unsigned char *)tmp2.data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp2.data[n] ^= iv2.data[n];
+                store_block(out, tmp2);
+                iv = tmp2;
+                iv2 = tmp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+        }
+    } else {
+        if (in != out &&
+            (UNALIGNED_MEMOPS_ARE_FAST
+             || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
+             0)) {
+            aes_block_t *ivp = (aes_block_t *) ivec;
+            aes_block_t *iv2p = (aes_block_t *) (ivec + AES_BLOCK_SIZE);
 
-			while (len)
-				{
-				aes_block_t tmp;
-				aes_block_t *inp = (aes_block_t *)in;
-				aes_block_t *outp = (aes_block_t *)out;
+            while (len) {
+                aes_block_t tmp;
+                aes_block_t *inp = (aes_block_t *) in;
+                aes_block_t *outp = (aes_block_t *) out;
 
-				for(n=0 ; n < N_WORDS; ++n)
-					tmp.data[n] = inp->data[n] ^ iv2p->data[n];
-				AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key);
-				for(n=0 ; n < N_WORDS; ++n)
-					outp->data[n] ^= ivp->data[n];
-				ivp = inp;
-				iv2p = outp;
-				--len;
-				in += AES_BLOCK_SIZE;
-				out += AES_BLOCK_SIZE;
-				}
-			memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
-			memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
-			}
-		else
-			{
-			aes_block_t tmp, tmp2;
-			aes_block_t iv;
-			aes_block_t iv2;
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp.data[n] = inp->data[n] ^ iv2p->data[n];
+                AES_decrypt((unsigned char *)tmp.data,
+                            (unsigned char *)outp->data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    outp->data[n] ^= ivp->data[n];
+                ivp = inp;
+                iv2p = outp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
+        } else {
+            aes_block_t tmp, tmp2;
+            aes_block_t iv;
+            aes_block_t iv2;
 
-			load_block(iv, ivec);
-			load_block(iv2, ivec + AES_BLOCK_SIZE);
+            load_block(iv, ivec);
+            load_block(iv2, ivec + AES_BLOCK_SIZE);
 
-			while (len)
-				{
-				load_block(tmp, in);
-				tmp2 = tmp;
-				for(n=0 ; n < N_WORDS; ++n)
-					tmp.data[n] ^= iv2.data[n];
-				AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key);
-				for(n=0 ; n < N_WORDS; ++n)
-					tmp.data[n] ^= iv.data[n];
-				store_block(out, tmp);
-				iv = tmp2;
-				iv2 = tmp;
-				--len;
-				in += AES_BLOCK_SIZE;
-				out += AES_BLOCK_SIZE;
-				}
-			memcpy(ivec, iv.data, AES_BLOCK_SIZE);
-			memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
-			}
-		}
-	}
+            while (len) {
+                load_block(tmp, in);
+                tmp2 = tmp;
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp.data[n] ^= iv2.data[n];
+                AES_decrypt((unsigned char *)tmp.data,
+                            (unsigned char *)tmp.data, key);
+                for (n = 0; n < N_WORDS; ++n)
+                    tmp.data[n] ^= iv.data[n];
+                store_block(out, tmp);
+                iv = tmp2;
+                iv2 = tmp;
+                --len;
+                in += AES_BLOCK_SIZE;
+                out += AES_BLOCK_SIZE;
+            }
+            memcpy(ivec, iv.data, AES_BLOCK_SIZE);
+            memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
+        }
+    }
+}
 
 /*
  * Note that its effectively impossible to do biIGE in anything other
@@ -211,113 +206,118 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
 /* N.B. The IV for this mode is _four times_ the block size */
 
 void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
-						const unsigned long length, const AES_KEY *key,
-						const AES_KEY *key2, const unsigned char *ivec,
-						const int enc)
-	{
-	unsigned long n;
-	unsigned long len = length;
-	unsigned char tmp[AES_BLOCK_SIZE];
-	unsigned char tmp2[AES_BLOCK_SIZE];
-	unsigned char tmp3[AES_BLOCK_SIZE];
-	unsigned char prev[AES_BLOCK_SIZE];
-	const unsigned char *iv;
-	const unsigned char *iv2;
+                        const unsigned long length, const AES_KEY *key,
+                        const AES_KEY *key2, const unsigned char *ivec,
+                        const int enc)
+{
+    unsigned long n;
+    unsigned long len = length;
+    unsigned char tmp[AES_BLOCK_SIZE];
+    unsigned char tmp2[AES_BLOCK_SIZE];
+    unsigned char tmp3[AES_BLOCK_SIZE];
+    unsigned char prev[AES_BLOCK_SIZE];
+    const unsigned char *iv;
+    const unsigned char *iv2;
 
-	OPENSSL_assert(in && out && key && ivec);
-	OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
-	OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);
+    OPENSSL_assert(in && out && key && ivec);
+    OPENSSL_assert((AES_ENCRYPT == enc) || (AES_DECRYPT == enc));
+    OPENSSL_assert((length % AES_BLOCK_SIZE) == 0);
 
-	if (AES_ENCRYPT == enc)
-		{
-		/* XXX: Do a separate case for when in != out (strictly should
-		   check for overlap, too) */
+    if (AES_ENCRYPT == enc) {
+        /*
+         * XXX: Do a separate case for when in != out (strictly should check
+         * for overlap, too)
+         */
 
-		/* First the forward pass */ 
-		iv = ivec;
-		iv2 = ivec + AES_BLOCK_SIZE;
-		while (len >= AES_BLOCK_SIZE)
-			{
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				out[n] = in[n] ^ iv[n];
-			AES_encrypt(out, out, key);
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				out[n] ^= iv2[n];
-			iv = out;
-			memcpy(prev, in, AES_BLOCK_SIZE);
-			iv2 = prev;
-			len -= AES_BLOCK_SIZE;
-			in += AES_BLOCK_SIZE;
-			out += AES_BLOCK_SIZE;
-			}
+        /* First the forward pass */
+        iv = ivec;
+        iv2 = ivec + AES_BLOCK_SIZE;
+        while (len >= AES_BLOCK_SIZE) {
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] = in[n] ^ iv[n];
+            AES_encrypt(out, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv2[n];
+            iv = out;
+            memcpy(prev, in, AES_BLOCK_SIZE);
+            iv2 = prev;
+            len -= AES_BLOCK_SIZE;
+            in += AES_BLOCK_SIZE;
+            out += AES_BLOCK_SIZE;
+        }
 
-		/* And now backwards */
-		iv = ivec + AES_BLOCK_SIZE*2;
-		iv2 = ivec + AES_BLOCK_SIZE*3;
-		len = length;
-		while(len >= AES_BLOCK_SIZE)
-			{
-			out -= AES_BLOCK_SIZE;
-			/* XXX: reduce copies by alternating between buffers */
-			memcpy(tmp, out, AES_BLOCK_SIZE);
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				out[n] ^= iv[n];
-			/*			hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
-			AES_encrypt(out, out, key);
-			/*			hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
-			/*			hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				out[n] ^= iv2[n];
-			/*			hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
-			iv = out;
-			memcpy(prev, tmp, AES_BLOCK_SIZE);
-			iv2 = prev;
-			len -= AES_BLOCK_SIZE;
-			}
-		}
-	else
-		{
-		/* First backwards */
-		iv = ivec + AES_BLOCK_SIZE*2;
-		iv2 = ivec + AES_BLOCK_SIZE*3;
-		in += length;
-		out += length;
-		while (len >= AES_BLOCK_SIZE)
-			{
-			in -= AES_BLOCK_SIZE;
-			out -= AES_BLOCK_SIZE;
-			memcpy(tmp, in, AES_BLOCK_SIZE);
-			memcpy(tmp2, in, AES_BLOCK_SIZE);
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				tmp[n] ^= iv2[n];
-			AES_decrypt(tmp, out, key);
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				out[n] ^= iv[n];
-			memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
-			iv = tmp3;
-			iv2 = out;
-			len -= AES_BLOCK_SIZE;
-			}
+        /* And now backwards */
+        iv = ivec + AES_BLOCK_SIZE * 2;
+        iv2 = ivec + AES_BLOCK_SIZE * 3;
+        len = length;
+        while (len >= AES_BLOCK_SIZE) {
+            out -= AES_BLOCK_SIZE;
+            /*
+             * XXX: reduce copies by alternating between buffers
+             */
+            memcpy(tmp, out, AES_BLOCK_SIZE);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            /*
+             * hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE);
+             */
+            AES_encrypt(out, out, key);
+            /*
+             * hexdump(stdout,"enc", out, AES_BLOCK_SIZE);
+             */
+            /*
+             * hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE);
+             */
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv2[n];
+            /*
+             * hexdump(stdout,"out", out, AES_BLOCK_SIZE);
+             */
+            iv = out;
+            memcpy(prev, tmp, AES_BLOCK_SIZE);
+            iv2 = prev;
+            len -= AES_BLOCK_SIZE;
+        }
+    } else {
+        /* First backwards */
+        iv = ivec + AES_BLOCK_SIZE * 2;
+        iv2 = ivec + AES_BLOCK_SIZE * 3;
+        in += length;
+        out += length;
+        while (len >= AES_BLOCK_SIZE) {
+            in -= AES_BLOCK_SIZE;
+            out -= AES_BLOCK_SIZE;
+            memcpy(tmp, in, AES_BLOCK_SIZE);
+            memcpy(tmp2, in, AES_BLOCK_SIZE);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                tmp[n] ^= iv2[n];
+            AES_decrypt(tmp, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+            iv = tmp3;
+            iv2 = out;
+            len -= AES_BLOCK_SIZE;
+        }
 
-		/* And now forwards */
-		iv = ivec;
-		iv2 = ivec + AES_BLOCK_SIZE;
-		len = length;
-		while (len >= AES_BLOCK_SIZE)
-			{
-			memcpy(tmp, out, AES_BLOCK_SIZE);
-			memcpy(tmp2, out, AES_BLOCK_SIZE);
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				tmp[n] ^= iv2[n];
-			AES_decrypt(tmp, out, key);
-			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
-				out[n] ^= iv[n];
-			memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
-			iv = tmp3;
-			iv2 = out;
-			len -= AES_BLOCK_SIZE;
-			in += AES_BLOCK_SIZE;
-			out += AES_BLOCK_SIZE;
-			}
-		}
-	}
+        /* And now forwards */
+        iv = ivec;
+        iv2 = ivec + AES_BLOCK_SIZE;
+        len = length;
+        while (len >= AES_BLOCK_SIZE) {
+            memcpy(tmp, out, AES_BLOCK_SIZE);
+            memcpy(tmp2, out, AES_BLOCK_SIZE);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                tmp[n] ^= iv2[n];
+            AES_decrypt(tmp, out, key);
+            for (n = 0; n < AES_BLOCK_SIZE; ++n)
+                out[n] ^= iv[n];
+            memcpy(tmp3, tmp2, AES_BLOCK_SIZE);
+            iv = tmp3;
+            iv2 = out;
+            len -= AES_BLOCK_SIZE;
+            in += AES_BLOCK_SIZE;
+            out += AES_BLOCK_SIZE;
+        }
+    }
+}
diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c
index 4fead1b4..68a48bac 100644
--- a/Cryptlib/OpenSSL/crypto/aes/aes_misc.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_misc.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,12 +53,13 @@
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
-const char AES_version[]="AES" OPENSSL_VERSION_PTEXT;
+const char AES_version[] = "AES" OPENSSL_VERSION_PTEXT;
 
-const char *AES_options(void) {
+const char *AES_options(void)
+{
 #ifdef FULL_UNROLL
-        return "aes(full)";
-#else   
-        return "aes(partial)";
+    return "aes(full)";
+#else
+    return "aes(partial)";
 #endif
 }
diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c
index f358bb39..07b2610c 100644
--- a/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_ofb.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -54,21 +54,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -83,10 +83,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -98,7 +98,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -115,28 +115,30 @@
 #include <openssl/aes.h>
 #include "aes_locl.h"
 
-/* The input and output encrypted as though 128bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 128bit block we have used is contained in *num;
+/*
+ * The input and output encrypted as though 128bit ofb mode is being used.
+ * The extra state information to record how much of the 128bit block we have
+ * used is contained in *num;
  */
 void AES_ofb128_encrypt(const unsigned char *in, unsigned char *out,
-	const unsigned long length, const AES_KEY *key,
-	unsigned char *ivec, int *num) {
+                        const unsigned long length, const AES_KEY *key,
+                        unsigned char *ivec, int *num)
+{
 
-	unsigned int n;
-	unsigned long l=length;
+    unsigned int n;
+    unsigned long l = length;
 
-	assert(in && out && key && ivec && num);
+    assert(in && out && key && ivec && num);
 
-	n = *num;
+    n = *num;
 
-	while (l--) {
-		if (n == 0) {
-			AES_encrypt(ivec, ivec, key);
-		}
-		*(out++) = *(in++) ^ ivec[n];
-		n = (n+1) % AES_BLOCK_SIZE;
-	}
+    while (l--) {
+        if (n == 0) {
+            AES_encrypt(ivec, ivec, key);
+        }
+        *(out++) = *(in++) ^ ivec[n];
+        n = (n + 1) % AES_BLOCK_SIZE;
+    }
 
-	*num=n;
+    *num = n;
 }
diff --git a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c
index e2d73d37..b1ab8e25 100644
--- a/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c
+++ b/Cryptlib/OpenSSL/crypto/aes/aes_wrap.c
@@ -1,5 +1,6 @@
 /* crypto/aes/aes_wrap.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,204 +57,194 @@
 #include <openssl/bio.h>
 
 static const unsigned char default_iv[] = {
-  0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
+    0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6,
 };
 
 int AES_wrap_key(AES_KEY *key, const unsigned char *iv,
-		unsigned char *out,
-		const unsigned char *in, unsigned int inlen)
-	{
-	unsigned char *A, B[16], *R;
-	unsigned int i, j, t;
-	if ((inlen & 0x7) || (inlen < 8))
-		return -1;
-	A = B;
-	t = 1;
-	memcpy(out + 8, in, inlen);
-	if (!iv)
-		iv = default_iv;
-
-	memcpy(A, iv, 8);
-
-	for (j = 0; j < 6; j++)
-		{
-		R = out + 8;
-		for (i = 0; i < inlen; i += 8, t++, R += 8)
-			{
-			memcpy(B + 8, R, 8);
-			AES_encrypt(B, B, key);
-			A[7] ^= (unsigned char)(t & 0xff);
-			if (t > 0xff)	
-				{
-				A[6] ^= (unsigned char)((t >> 8) & 0xff);
-				A[5] ^= (unsigned char)((t >> 16) & 0xff);
-				A[4] ^= (unsigned char)((t >> 24) & 0xff);
-				}
-			memcpy(R, B + 8, 8);
-			}
-		}
-	memcpy(out, A, 8);
-	return inlen + 8;
-	}
+                 unsigned char *out,
+                 const unsigned char *in, unsigned int inlen)
+{
+    unsigned char *A, B[16], *R;
+    unsigned int i, j, t;
+    if ((inlen & 0x7) || (inlen < 8))
+        return -1;
+    A = B;
+    t = 1;
+    memcpy(out + 8, in, inlen);
+    if (!iv)
+        iv = default_iv;
+
+    memcpy(A, iv, 8);
+
+    for (j = 0; j < 6; j++) {
+        R = out + 8;
+        for (i = 0; i < inlen; i += 8, t++, R += 8) {
+            memcpy(B + 8, R, 8);
+            AES_encrypt(B, B, key);
+            A[7] ^= (unsigned char)(t & 0xff);
+            if (t > 0xff) {
+                A[6] ^= (unsigned char)((t >> 8) & 0xff);
+                A[5] ^= (unsigned char)((t >> 16) & 0xff);
+                A[4] ^= (unsigned char)((t >> 24) & 0xff);
+            }
+            memcpy(R, B + 8, 8);
+        }
+    }
+    memcpy(out, A, 8);
+    return inlen + 8;
+}
 
 int AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
-		unsigned char *out,
-		const unsigned char *in, unsigned int inlen)
-	{
-	unsigned char *A, B[16], *R;
-	unsigned int i, j, t;
-	inlen -= 8;
-	if (inlen & 0x7)
-		return -1;
-	if (inlen < 8)
-		return -1;
-	A = B;
-	t =  6 * (inlen >> 3);
-	memcpy(A, in, 8);
-	memcpy(out, in + 8, inlen);
-	for (j = 0; j < 6; j++)
-		{
-		R = out + inlen - 8;
-		for (i = 0; i < inlen; i += 8, t--, R -= 8)
-			{
-			A[7] ^= (unsigned char)(t & 0xff);
-			if (t > 0xff)	
-				{
-				A[6] ^= (unsigned char)((t >> 8) & 0xff);
-				A[5] ^= (unsigned char)((t >> 16) & 0xff);
-				A[4] ^= (unsigned char)((t >> 24) & 0xff);
-				}
-			memcpy(B + 8, R, 8);
-			AES_decrypt(B, B, key);
-			memcpy(R, B + 8, 8);
-			}
-		}
-	if (!iv)
-		iv = default_iv;
-	if (memcmp(A, iv, 8))
-		{
-		OPENSSL_cleanse(out, inlen);
-		return 0;
-		}
-	return inlen;
-	}
+                   unsigned char *out,
+                   const unsigned char *in, unsigned int inlen)
+{
+    unsigned char *A, B[16], *R;
+    unsigned int i, j, t;
+    inlen -= 8;
+    if (inlen & 0x7)
+        return -1;
+    if (inlen < 8)
+        return -1;
+    A = B;
+    t = 6 * (inlen >> 3);
+    memcpy(A, in, 8);
+    memcpy(out, in + 8, inlen);
+    for (j = 0; j < 6; j++) {
+        R = out + inlen - 8;
+        for (i = 0; i < inlen; i += 8, t--, R -= 8) {
+            A[7] ^= (unsigned char)(t & 0xff);
+            if (t > 0xff) {
+                A[6] ^= (unsigned char)((t >> 8) & 0xff);
+                A[5] ^= (unsigned char)((t >> 16) & 0xff);
+                A[4] ^= (unsigned char)((t >> 24) & 0xff);
+            }
+            memcpy(B + 8, R, 8);
+            AES_decrypt(B, B, key);
+            memcpy(R, B + 8, 8);
+        }
+    }
+    if (!iv)
+        iv = default_iv;
+    if (memcmp(A, iv, 8)) {
+        OPENSSL_cleanse(out, inlen);
+        return 0;
+    }
+    return inlen;
+}
 
 #ifdef AES_WRAP_TEST
 
 int AES_wrap_unwrap_test(const unsigned char *kek, int keybits,
-			 const unsigned char *iv,
-			 const unsigned char *eout,
-			 const unsigned char *key, int keylen)
-	{
-	unsigned char *otmp = NULL, *ptmp = NULL;
-	int r, ret = 0;
-	AES_KEY wctx;
-	otmp = OPENSSL_malloc(keylen + 8);
-	ptmp = OPENSSL_malloc(keylen);
-	if (!otmp || !ptmp)
-		return 0;
-	if (AES_set_encrypt_key(kek, keybits, &wctx))
-		goto err;
-	r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
-	if (r <= 0)
-		goto err;
-
-	if (eout && memcmp(eout, otmp, keylen))
-		goto err;
-		
-	if (AES_set_decrypt_key(kek, keybits, &wctx))
-		goto err;
-	r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
-
-	if (memcmp(key, ptmp, keylen))
-		goto err;
-
-	ret = 1;
-
-	err:
-	if (otmp)
-		OPENSSL_free(otmp);
-	if (ptmp)
-		OPENSSL_free(ptmp);
-
-	return ret;
-
-	}
-
+                         const unsigned char *iv,
+                         const unsigned char *eout,
+                         const unsigned char *key, int keylen)
+{
+    unsigned char *otmp = NULL, *ptmp = NULL;
+    int r, ret = 0;
+    AES_KEY wctx;
+    otmp = OPENSSL_malloc(keylen + 8);
+    ptmp = OPENSSL_malloc(keylen);
+    if (!otmp || !ptmp)
+        return 0;
+    if (AES_set_encrypt_key(kek, keybits, &wctx))
+        goto err;
+    r = AES_wrap_key(&wctx, iv, otmp, key, keylen);
+    if (r <= 0)
+        goto err;
+
+    if (eout && memcmp(eout, otmp, keylen))
+        goto err;
+
+    if (AES_set_decrypt_key(kek, keybits, &wctx))
+        goto err;
+    r = AES_unwrap_key(&wctx, iv, ptmp, otmp, r);
+
+    if (memcmp(key, ptmp, keylen))
+        goto err;
+
+    ret = 1;
+
+ err:
+    if (otmp)
+        OPENSSL_free(otmp);
+    if (ptmp)
+        OPENSSL_free(ptmp);
+
+    return ret;
 
+}
 
 int main(int argc, char **argv)
 {
 
-static const unsigned char kek[] = {
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
-  0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
-  0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
-};
-
-static const unsigned char key[] = {
-  0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
-  0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
-  0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
-  0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
-};
-
-static const unsigned char e1[] = {
-  0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
-  0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
-  0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5
-};
-
-static const unsigned char e2[] = {
-  0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35,
-  0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2,
-  0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d
-};
-
-static const unsigned char e3[] = {
-  0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2,
-  0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a,
-  0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7
-};
-
-static const unsigned char e4[] = {
-  0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32,
-  0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc,
-  0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93,
-  0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2
-};
-
-static const unsigned char e5[] = {
-  0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f,
-  0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4,
-  0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95,
-  0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1
-};
-
-static const unsigned char e6[] = {
-  0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4,
-  0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26,
-  0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26,
-  0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b,
-  0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21
-};
-
-	AES_KEY wctx, xctx;
-	int ret;
-	ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
-	fprintf(stderr, "Key test result %d\n", ret);
-	ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
-	fprintf(stderr, "Key test result %d\n", ret);
-	ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16);
-	fprintf(stderr, "Key test result %d\n", ret);
-	ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24);
-	fprintf(stderr, "Key test result %d\n", ret);
-	ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24);
-	fprintf(stderr, "Key test result %d\n", ret);
-	ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
-	fprintf(stderr, "Key test result %d\n", ret);
+    static const unsigned char kek[] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+        0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
+        0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
+    };
+
+    static const unsigned char key[] = {
+        0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
+        0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff,
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+    };
+
+    static const unsigned char e1[] = {
+        0x1f, 0xa6, 0x8b, 0x0a, 0x81, 0x12, 0xb4, 0x47,
+        0xae, 0xf3, 0x4b, 0xd8, 0xfb, 0x5a, 0x7b, 0x82,
+        0x9d, 0x3e, 0x86, 0x23, 0x71, 0xd2, 0xcf, 0xe5
+    };
+
+    static const unsigned char e2[] = {
+        0x96, 0x77, 0x8b, 0x25, 0xae, 0x6c, 0xa4, 0x35,
+        0xf9, 0x2b, 0x5b, 0x97, 0xc0, 0x50, 0xae, 0xd2,
+        0x46, 0x8a, 0xb8, 0xa1, 0x7a, 0xd8, 0x4e, 0x5d
+    };
+
+    static const unsigned char e3[] = {
+        0x64, 0xe8, 0xc3, 0xf9, 0xce, 0x0f, 0x5b, 0xa2,
+        0x63, 0xe9, 0x77, 0x79, 0x05, 0x81, 0x8a, 0x2a,
+        0x93, 0xc8, 0x19, 0x1e, 0x7d, 0x6e, 0x8a, 0xe7
+    };
+
+    static const unsigned char e4[] = {
+        0x03, 0x1d, 0x33, 0x26, 0x4e, 0x15, 0xd3, 0x32,
+        0x68, 0xf2, 0x4e, 0xc2, 0x60, 0x74, 0x3e, 0xdc,
+        0xe1, 0xc6, 0xc7, 0xdd, 0xee, 0x72, 0x5a, 0x93,
+        0x6b, 0xa8, 0x14, 0x91, 0x5c, 0x67, 0x62, 0xd2
+    };
+
+    static const unsigned char e5[] = {
+        0xa8, 0xf9, 0xbc, 0x16, 0x12, 0xc6, 0x8b, 0x3f,
+        0xf6, 0xe6, 0xf4, 0xfb, 0xe3, 0x0e, 0x71, 0xe4,
+        0x76, 0x9c, 0x8b, 0x80, 0xa3, 0x2c, 0xb8, 0x95,
+        0x8c, 0xd5, 0xd1, 0x7d, 0x6b, 0x25, 0x4d, 0xa1
+    };
+
+    static const unsigned char e6[] = {
+        0x28, 0xc9, 0xf4, 0x04, 0xc4, 0xb8, 0x10, 0xf4,
+        0xcb, 0xcc, 0xb3, 0x5c, 0xfb, 0x87, 0xf8, 0x26,
+        0x3f, 0x57, 0x86, 0xe2, 0xd8, 0x0e, 0xd3, 0x26,
+        0xcb, 0xc7, 0xf0, 0xe7, 0x1a, 0x99, 0xf4, 0x3b,
+        0xfb, 0x98, 0x8b, 0x9b, 0x7a, 0x02, 0xdd, 0x21
+    };
+
+    AES_KEY wctx, xctx;
+    int ret;
+    ret = AES_wrap_unwrap_test(kek, 128, NULL, e1, key, 16);
+    fprintf(stderr, "Key test result %d\n", ret);
+    ret = AES_wrap_unwrap_test(kek, 192, NULL, e2, key, 16);
+    fprintf(stderr, "Key test result %d\n", ret);
+    ret = AES_wrap_unwrap_test(kek, 256, NULL, e3, key, 16);
+    fprintf(stderr, "Key test result %d\n", ret);
+    ret = AES_wrap_unwrap_test(kek, 192, NULL, e4, key, 24);
+    fprintf(stderr, "Key test result %d\n", ret);
+    ret = AES_wrap_unwrap_test(kek, 256, NULL, e5, key, 24);
+    fprintf(stderr, "Key test result %d\n", ret);
+    ret = AES_wrap_unwrap_test(kek, 256, NULL, e6, key, 32);
+    fprintf(stderr, "Key test result %d\n", ret);
 }
-	
-	
+
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c
index 0fb9ce0c..ef1caa4e 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_bitstr.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,165 +61,176 @@
 #include <openssl/asn1.h>
 
 int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
-{ return M_ASN1_BIT_STRING_set(x, d, len); }
+{
+    return M_ASN1_BIT_STRING_set(x, d, len);
+}
 
 int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
-	{
-	int ret,j,bits,len;
-	unsigned char *p,*d;
-
-	if (a == NULL) return(0);
-
-	len=a->length;
-
-	if (len > 0)
-		{
-		if (a->flags & ASN1_STRING_FLAG_BITS_LEFT)
-			{
-			bits=(int)a->flags&0x07;
-			}
-		else
-			{
-			for ( ; len > 0; len--)
-				{
-				if (a->data[len-1]) break;
-				}
-			j=a->data[len-1];
-			if      (j & 0x01) bits=0;
-			else if (j & 0x02) bits=1;
-			else if (j & 0x04) bits=2;
-			else if (j & 0x08) bits=3;
-			else if (j & 0x10) bits=4;
-			else if (j & 0x20) bits=5;
-			else if (j & 0x40) bits=6;
-			else if (j & 0x80) bits=7;
-			else bits=0; /* should not happen */
-			}
-		}
-	else
-		bits=0;
-
-	ret=1+len;
-	if (pp == NULL) return(ret);
-
-	p= *pp;
-
-	*(p++)=(unsigned char)bits;
-	d=a->data;
-	memcpy(p,d,len);
-	p+=len;
-	if (len > 0) p[-1]&=(0xff<<bits);
-	*pp=p;
-	return(ret);
-	}
+{
+    int ret, j, bits, len;
+    unsigned char *p, *d;
+
+    if (a == NULL)
+        return (0);
+
+    len = a->length;
+
+    if (len > 0) {
+        if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) {
+            bits = (int)a->flags & 0x07;
+        } else {
+            for (; len > 0; len--) {
+                if (a->data[len - 1])
+                    break;
+            }
+            j = a->data[len - 1];
+            if (j & 0x01)
+                bits = 0;
+            else if (j & 0x02)
+                bits = 1;
+            else if (j & 0x04)
+                bits = 2;
+            else if (j & 0x08)
+                bits = 3;
+            else if (j & 0x10)
+                bits = 4;
+            else if (j & 0x20)
+                bits = 5;
+            else if (j & 0x40)
+                bits = 6;
+            else if (j & 0x80)
+                bits = 7;
+            else
+                bits = 0;       /* should not happen */
+        }
+    } else
+        bits = 0;
+
+    ret = 1 + len;
+    if (pp == NULL)
+        return (ret);
+
+    p = *pp;
+
+    *(p++) = (unsigned char)bits;
+    d = a->data;
+    memcpy(p, d, len);
+    p += len;
+    if (len > 0)
+        p[-1] &= (0xff << bits);
+    *pp = p;
+    return (ret);
+}
 
 ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
-	const unsigned char **pp, long len)
-	{
-	ASN1_BIT_STRING *ret=NULL;
-	const unsigned char *p;
-	unsigned char *s;
-	int i;
-
-	if (len < 1)
-		{
-		i=ASN1_R_STRING_TOO_SHORT;
-		goto err;
-		}
-
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL);
-		}
-	else
-		ret=(*a);
-
-	p= *pp;
-	i= *(p++);
-	/* We do this to preserve the settings.  If we modify
-	 * the settings, via the _set_bit function, we will recalculate
-	 * on output */
-	ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */
-	ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */
-
-	if (len-- > 1) /* using one because of the bits left byte */
-		{
-		s=(unsigned char *)OPENSSL_malloc((int)len);
-		if (s == NULL)
-			{
-			i=ERR_R_MALLOC_FAILURE;
-			goto err;
-			}
-		memcpy(s,p,(int)len);
-		s[len-1]&=(0xff<<i);
-		p+=len;
-		}
-	else
-		s=NULL;
-
-	ret->length=(int)len;
-	if (ret->data != NULL) OPENSSL_free(ret->data);
-	ret->data=s;
-	ret->type=V_ASN1_BIT_STRING;
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	ASN1err(ASN1_F_C2I_ASN1_BIT_STRING,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		M_ASN1_BIT_STRING_free(ret);
-	return(NULL);
-	}
-
-/* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
+                                     const unsigned char **pp, long len)
+{
+    ASN1_BIT_STRING *ret = NULL;
+    const unsigned char *p;
+    unsigned char *s;
+    int i;
+
+    if (len < 1) {
+        i = ASN1_R_STRING_TOO_SHORT;
+        goto err;
+    }
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        if ((ret = M_ASN1_BIT_STRING_new()) == NULL)
+            return (NULL);
+    } else
+        ret = (*a);
+
+    p = *pp;
+    i = *(p++);
+    if (i > 7) {
+        i = ASN1_R_INVALID_BIT_STRING_BITS_LEFT;
+        goto err;
+    }
+    /*
+     * We do this to preserve the settings.  If we modify the settings, via
+     * the _set_bit function, we will recalculate on output
+     */
+    ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */
+    ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | i); /* set */
+
+    if (len-- > 1) {            /* using one because of the bits left byte */
+        s = (unsigned char *)OPENSSL_malloc((int)len);
+        if (s == NULL) {
+            i = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+        memcpy(s, p, (int)len);
+        s[len - 1] &= (0xff << i);
+        p += len;
+    } else
+        s = NULL;
+
+    ret->length = (int)len;
+    if (ret->data != NULL)
+        OPENSSL_free(ret->data);
+    ret->data = s;
+    ret->type = V_ASN1_BIT_STRING;
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return (ret);
+ err:
+    ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i);
+    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+        M_ASN1_BIT_STRING_free(ret);
+    return (NULL);
+}
+
+/*
+ * These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
  */
 int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
-	{
-	int w,v,iv;
-	unsigned char *c;
-
-	w=n/8;
-	v=1<<(7-(n&0x07));
-	iv= ~v;
-	if (!value) v=0;
-
-	if (a == NULL)
-		return 0;
-
-	a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
-
-	if ((a->length < (w+1)) || (a->data == NULL))
-		{
-		if (!value) return(1); /* Don't need to set */
-		if (a->data == NULL)
-			c=(unsigned char *)OPENSSL_malloc(w+1);
-		else
-			c=(unsigned char *)OPENSSL_realloc_clean(a->data,
-								 a->length,
-								 w+1);
-		if (c == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-  		if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length);
-		a->data=c;
-		a->length=w+1;
-	}
-	a->data[w]=((a->data[w])&iv)|v;
-	while ((a->length > 0) && (a->data[a->length-1] == 0))
-		a->length--;
-	return(1);
-	}
+{
+    int w, v, iv;
+    unsigned char *c;
+
+    w = n / 8;
+    v = 1 << (7 - (n & 0x07));
+    iv = ~v;
+    if (!value)
+        v = 0;
+
+    if (a == NULL)
+        return 0;
+
+    a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */
+
+    if ((a->length < (w + 1)) || (a->data == NULL)) {
+        if (!value)
+            return (1);         /* Don't need to set */
+        if (a->data == NULL)
+            c = (unsigned char *)OPENSSL_malloc(w + 1);
+        else
+            c = (unsigned char *)OPENSSL_realloc_clean(a->data,
+                                                       a->length, w + 1);
+        if (c == NULL) {
+            ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (w + 1 - a->length > 0)
+            memset(c + a->length, 0, w + 1 - a->length);
+        a->data = c;
+        a->length = w + 1;
+    }
+    a->data[w] = ((a->data[w]) & iv) | v;
+    while ((a->length > 0) && (a->data[a->length - 1] == 0))
+        a->length--;
+    return (1);
+}
 
 int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n)
-	{
-	int w,v;
-
-	w=n/8;
-	v=1<<(7-(n&0x07));
-	if ((a == NULL) || (a->length < (w+1)) || (a->data == NULL))
-		return(0);
-	return((a->data[w]&v) != 0);
-	}
-
+{
+    int w, v;
+
+    w = n / 8;
+    v = 1 << (7 - (n & 0x07));
+    if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
+        return (0);
+    return ((a->data[w] & v) != 0);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bool.c b/Cryptlib/OpenSSL/crypto/asn1/a_bool.c
index 331acdf0..1b85bc9e 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_bool.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_bool.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,54 +61,51 @@
 #include <openssl/asn1t.h>
 
 int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
-	{
-	int r;
-	unsigned char *p;
+{
+    int r;
+    unsigned char *p;
 
-	r=ASN1_object_size(0,1,V_ASN1_BOOLEAN);
-	if (pp == NULL) return(r);
-	p= *pp;
+    r = ASN1_object_size(0, 1, V_ASN1_BOOLEAN);
+    if (pp == NULL)
+        return (r);
+    p = *pp;
 
-	ASN1_put_object(&p,0,1,V_ASN1_BOOLEAN,V_ASN1_UNIVERSAL);
-	*(p++)= (unsigned char)a;
-	*pp=p;
-	return(r);
-	}
+    ASN1_put_object(&p, 0, 1, V_ASN1_BOOLEAN, V_ASN1_UNIVERSAL);
+    *(p++) = (unsigned char)a;
+    *pp = p;
+    return (r);
+}
 
 int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
-	{
-	int ret= -1;
-	const unsigned char *p;
-	long len;
-	int inf,tag,xclass;
-	int i=0;
-
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
-
-	if (tag != V_ASN1_BOOLEAN)
-		{
-		i=ASN1_R_EXPECTING_A_BOOLEAN;
-		goto err;
-		}
+{
+    int ret = -1;
+    const unsigned char *p;
+    long len;
+    int inf, tag, xclass;
+    int i = 0;
 
-	if (len != 1)
-		{
-		i=ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
-		goto err;
-		}
-	ret= (int)*(p++);
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i);
-	return(ret);
-	}
+    p = *pp;
+    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+    if (inf & 0x80) {
+        i = ASN1_R_BAD_OBJECT_HEADER;
+        goto err;
+    }
 
+    if (tag != V_ASN1_BOOLEAN) {
+        i = ASN1_R_EXPECTING_A_BOOLEAN;
+        goto err;
+    }
 
+    if (len != 1) {
+        i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
+        goto err;
+    }
+    ret = (int)*(p++);
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return (ret);
+ err:
+    ASN1err(ASN1_F_D2I_ASN1_BOOLEAN, i);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c b/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c
index 92d630cd..12715a72 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_bytes.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,254 +61,246 @@
 #include <openssl/asn1.h>
 
 static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c);
-/* type is a 'bitmap' of acceptable string types.
+/*
+ * type is a 'bitmap' of acceptable string types.
  */
 ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, const unsigned char **pp,
-	     long length, int type)
-	{
-	ASN1_STRING *ret=NULL;
-	const unsigned char *p;
-	unsigned char *s;
-	long len;
-	int inf,tag,xclass;
-	int i=0;
+                                 long length, int type)
+{
+    ASN1_STRING *ret = NULL;
+    const unsigned char *p;
+    unsigned char *s;
+    long len;
+    int inf, tag, xclass;
+    int i = 0;
 
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80) goto err;
+    p = *pp;
+    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+    if (inf & 0x80)
+        goto err;
 
-	if (tag >= 32)
-		{
-		i=ASN1_R_TAG_VALUE_TOO_HIGH;
-		goto err;
-		}
-	if (!(ASN1_tag2bit(tag) & type))
-		{
-		i=ASN1_R_WRONG_TYPE;
-		goto err;
-		}
+    if (tag >= 32) {
+        i = ASN1_R_TAG_VALUE_TOO_HIGH;
+        goto err;
+    }
+    if (!(ASN1_tag2bit(tag) & type)) {
+        i = ASN1_R_WRONG_TYPE;
+        goto err;
+    }
 
-	/* If a bit-string, exit early */
-	if (tag == V_ASN1_BIT_STRING)
-		return(d2i_ASN1_BIT_STRING(a,pp,length));
+    /* If a bit-string, exit early */
+    if (tag == V_ASN1_BIT_STRING)
+        return (d2i_ASN1_BIT_STRING(a, pp, length));
 
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
-		}
-	else
-		ret=(*a);
+    if ((a == NULL) || ((*a) == NULL)) {
+        if ((ret = ASN1_STRING_new()) == NULL)
+            return (NULL);
+    } else
+        ret = (*a);
 
-	if (len != 0)
-		{
-		s=(unsigned char *)OPENSSL_malloc((int)len+1);
-		if (s == NULL)
-			{
-			i=ERR_R_MALLOC_FAILURE;
-			goto err;
-			}
-		memcpy(s,p,(int)len);
-		s[len]='\0';
-		p+=len;
-		}
-	else
-		s=NULL;
+    if (len != 0) {
+        s = (unsigned char *)OPENSSL_malloc((int)len + 1);
+        if (s == NULL) {
+            i = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+        memcpy(s, p, (int)len);
+        s[len] = '\0';
+        p += len;
+    } else
+        s = NULL;
 
-	if (ret->data != NULL) OPENSSL_free(ret->data);
-	ret->length=(int)len;
-	ret->data=s;
-	ret->type=tag;
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		ASN1_STRING_free(ret);
-	return(NULL);
-	}
+    if (ret->data != NULL)
+        OPENSSL_free(ret->data);
+    ret->length = (int)len;
+    ret->data = s;
+    ret->type = tag;
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return (ret);
+ err:
+    ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES, i);
+    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+        ASN1_STRING_free(ret);
+    return (NULL);
+}
 
 int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass)
-	{
-	int ret,r,constructed;
-	unsigned char *p;
+{
+    int ret, r, constructed;
+    unsigned char *p;
 
-	if (a == NULL)  return(0);
+    if (a == NULL)
+        return (0);
 
-	if (tag == V_ASN1_BIT_STRING)
-		return(i2d_ASN1_BIT_STRING(a,pp));
-		
-	ret=a->length;
-	r=ASN1_object_size(0,ret,tag);
-	if (pp == NULL) return(r);
-	p= *pp;
+    if (tag == V_ASN1_BIT_STRING)
+        return (i2d_ASN1_BIT_STRING(a, pp));
 
-	if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
-		constructed=1;
-	else
-		constructed=0;
-	ASN1_put_object(&p,constructed,ret,tag,xclass);
-	memcpy(p,a->data,a->length);
-	p+=a->length;
-	*pp= p;
-	return(r);
-	}
+    ret = a->length;
+    r = ASN1_object_size(0, ret, tag);
+    if (pp == NULL)
+        return (r);
+    p = *pp;
 
-ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
-	     long length, int Ptag, int Pclass)
-	{
-	ASN1_STRING *ret=NULL;
-	const unsigned char *p;
-	unsigned char *s;
-	long len;
-	int inf,tag,xclass;
-	int i=0;
+    if ((tag == V_ASN1_SEQUENCE) || (tag == V_ASN1_SET))
+        constructed = 1;
+    else
+        constructed = 0;
+    ASN1_put_object(&p, constructed, ret, tag, xclass);
+    memcpy(p, a->data, a->length);
+    p += a->length;
+    *pp = p;
+    return (r);
+}
 
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=ASN1_STRING_new()) == NULL) return(NULL);
-		}
-	else
-		ret=(*a);
+ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, const unsigned char **pp,
+                            long length, int Ptag, int Pclass)
+{
+    ASN1_STRING *ret = NULL;
+    const unsigned char *p;
+    unsigned char *s;
+    long len;
+    int inf, tag, xclass;
+    int i = 0;
 
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
+    if ((a == NULL) || ((*a) == NULL)) {
+        if ((ret = ASN1_STRING_new()) == NULL)
+            return (NULL);
+    } else
+        ret = (*a);
 
-	if (tag != Ptag)
-		{
-		i=ASN1_R_WRONG_TAG;
-		goto err;
-		}
+    p = *pp;
+    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+    if (inf & 0x80) {
+        i = ASN1_R_BAD_OBJECT_HEADER;
+        goto err;
+    }
 
-	if (inf & V_ASN1_CONSTRUCTED)
-		{
-		ASN1_const_CTX c;
+    if (tag != Ptag) {
+        i = ASN1_R_WRONG_TAG;
+        goto err;
+    }
 
-		c.pp=pp;
-		c.p=p;
-		c.inf=inf;
-		c.slen=len;
-		c.tag=Ptag;
-		c.xclass=Pclass;
-		c.max=(length == 0)?0:(p+length);
-		if (!asn1_collate_primitive(ret,&c)) 
-			goto err; 
-		else
-			{
-			p=c.p;
-			}
-		}
-	else
-		{
-		if (len != 0)
-			{
-			if ((ret->length < len) || (ret->data == NULL))
-				{
-				if (ret->data != NULL) OPENSSL_free(ret->data);
-				s=(unsigned char *)OPENSSL_malloc((int)len + 1);
-				if (s == NULL)
-					{
-					i=ERR_R_MALLOC_FAILURE;
-					goto err;
-					}
-				}
-			else
-				s=ret->data;
-			memcpy(s,p,(int)len);
-			s[len] = '\0';
-			p+=len;
-			}
-		else
-			{
-			s=NULL;
-			if (ret->data != NULL) OPENSSL_free(ret->data);
-			}
+    if (inf & V_ASN1_CONSTRUCTED) {
+        ASN1_const_CTX c;
 
-		ret->length=(int)len;
-		ret->data=s;
-		ret->type=Ptag;
-		}
+        c.pp = pp;
+        c.p = p;
+        c.inf = inf;
+        c.slen = len;
+        c.tag = Ptag;
+        c.xclass = Pclass;
+        c.max = (length == 0) ? 0 : (p + length);
+        if (!asn1_collate_primitive(ret, &c))
+            goto err;
+        else {
+            p = c.p;
+        }
+    } else {
+        if (len != 0) {
+            if ((ret->length < len) || (ret->data == NULL)) {
+                if (ret->data != NULL)
+                    OPENSSL_free(ret->data);
+                s = (unsigned char *)OPENSSL_malloc((int)len + 1);
+                if (s == NULL) {
+                    i = ERR_R_MALLOC_FAILURE;
+                    goto err;
+                }
+            } else
+                s = ret->data;
+            memcpy(s, p, (int)len);
+            s[len] = '\0';
+            p += len;
+        } else {
+            s = NULL;
+            if (ret->data != NULL)
+                OPENSSL_free(ret->data);
+        }
 
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		ASN1_STRING_free(ret);
-	ASN1err(ASN1_F_D2I_ASN1_BYTES,i);
-	return(NULL);
-	}
+        ret->length = (int)len;
+        ret->data = s;
+        ret->type = Ptag;
+    }
 
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return (ret);
+ err:
+    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+        ASN1_STRING_free(ret);
+    ASN1err(ASN1_F_D2I_ASN1_BYTES, i);
+    return (NULL);
+}
 
-/* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse
- * them into the one structure that is then returned */
-/* There have been a few bug fixes for this function from
- * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */
+/*
+ * We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse them
+ * into the one structure that is then returned
+ */
+/*
+ * There have been a few bug fixes for this function from Paul Keogh
+ * <paul.keogh@sse.ie>, many thanks to him
+ */
 static int asn1_collate_primitive(ASN1_STRING *a, ASN1_const_CTX *c)
-	{
-	ASN1_STRING *os=NULL;
-	BUF_MEM b;
-	int num;
-
-	b.length=0;
-	b.max=0;
-	b.data=NULL;
+{
+    ASN1_STRING *os = NULL;
+    BUF_MEM b;
+    int num;
 
-	if (a == NULL)
-		{
-		c->error=ERR_R_PASSED_NULL_PARAMETER;
-		goto err;
-		}
+    b.length = 0;
+    b.max = 0;
+    b.data = NULL;
 
-	num=0;
-	for (;;)
-		{
-		if (c->inf & 1)
-			{
-			c->eos=ASN1_const_check_infinite_end(&c->p,
-				(long)(c->max-c->p));
-			if (c->eos) break;
-			}
-		else
-			{
-			if (c->slen <= 0) break;
-			}
+    if (a == NULL) {
+        c->error = ERR_R_PASSED_NULL_PARAMETER;
+        goto err;
+    }
 
-		c->q=c->p;
-		if (d2i_ASN1_bytes(&os,&c->p,c->max-c->p,c->tag,c->xclass)
-			== NULL)
-			{
-			c->error=ERR_R_ASN1_LIB;
-			goto err;
-			}
+    num = 0;
+    for (;;) {
+        if (c->inf & 1) {
+            c->eos = ASN1_const_check_infinite_end(&c->p,
+                                                   (long)(c->max - c->p));
+            if (c->eos)
+                break;
+        } else {
+            if (c->slen <= 0)
+                break;
+        }
 
-		if (!BUF_MEM_grow_clean(&b,num+os->length))
-			{
-			c->error=ERR_R_BUF_LIB;
-			goto err;
-			}
-		memcpy(&(b.data[num]),os->data,os->length);
-		if (!(c->inf & 1))
-			c->slen-=(c->p-c->q);
-		num+=os->length;
-		}
+        c->q = c->p;
+        if (d2i_ASN1_bytes(&os, &c->p, c->max - c->p, c->tag, c->xclass)
+            == NULL) {
+            c->error = ERR_R_ASN1_LIB;
+            goto err;
+        }
 
-	if (!asn1_const_Finish(c)) goto err;
+        if (!BUF_MEM_grow_clean(&b, num + os->length)) {
+            c->error = ERR_R_BUF_LIB;
+            goto err;
+        }
+        memcpy(&(b.data[num]), os->data, os->length);
+        if (!(c->inf & 1))
+            c->slen -= (c->p - c->q);
+        num += os->length;
+    }
 
-	a->length=num;
-	if (a->data != NULL) OPENSSL_free(a->data);
-	a->data=(unsigned char *)b.data;
-	if (os != NULL) ASN1_STRING_free(os);
-	return(1);
-err:
-	ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error);
-	if (os != NULL) ASN1_STRING_free(os);
-	if (b.data != NULL) OPENSSL_free(b.data);
-	return(0);
-	}
+    if (!asn1_const_Finish(c))
+        goto err;
 
+    a->length = num;
+    if (a->data != NULL)
+        OPENSSL_free(a->data);
+    a->data = (unsigned char *)b.data;
+    if (os != NULL)
+        ASN1_STRING_free(os);
+    return (1);
+ err:
+    ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE, c->error);
+    if (os != NULL)
+        ASN1_STRING_free(os);
+    if (b.data != NULL)
+        OPENSSL_free(b.data);
+    return (0);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c
index 52b2ebdb..a1864b42 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_d2i_fp.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -65,222 +65,204 @@
 static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
 
 #ifndef NO_OLD_ASN1
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 
-void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
-        {
-        BIO *b;
-        void *ret;
+void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
+{
+    BIO *b;
+    void *ret;
 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB);
-                return(NULL);
-		}
-        BIO_set_fp(b,in,BIO_NOCLOSE);
-        ret=ASN1_d2i_bio(xnew,d2i,b,x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB);
+        return (NULL);
+    }
+    BIO_set_fp(b, in, BIO_NOCLOSE);
+    ret = ASN1_d2i_bio(xnew, d2i, b, x);
+    BIO_free(b);
+    return (ret);
+}
+# endif
 
-void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x)
-	{
-	BUF_MEM *b = NULL;
-	const unsigned char *p;
-	void *ret=NULL;
-	int len;
+void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
+{
+    BUF_MEM *b = NULL;
+    const unsigned char *p;
+    void *ret = NULL;
+    int len;
 
-	len = asn1_d2i_read_bio(in, &b);
-	if(len < 0) goto err;
+    len = asn1_d2i_read_bio(in, &b);
+    if (len < 0)
+        goto err;
 
-	p=(unsigned char *)b->data;
-	ret=d2i(x,&p,len);
-err:
-	if (b != NULL) BUF_MEM_free(b);
-	return(ret);
-	}
+    p = (unsigned char *)b->data;
+    ret = d2i(x, &p, len);
+ err:
+    if (b != NULL)
+        BUF_MEM_free(b);
+    return (ret);
+}
 
 #endif
 
 void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
-	{
-	BUF_MEM *b = NULL;
-	const unsigned char *p;
-	void *ret=NULL;
-	int len;
+{
+    BUF_MEM *b = NULL;
+    const unsigned char *p;
+    void *ret = NULL;
+    int len;
 
-	len = asn1_d2i_read_bio(in, &b);
-	if(len < 0) goto err;
+    len = asn1_d2i_read_bio(in, &b);
+    if (len < 0)
+        goto err;
 
-	p=(const unsigned char *)b->data;
-	ret=ASN1_item_d2i(x,&p,len, it);
-err:
-	if (b != NULL) BUF_MEM_free(b);
-	return(ret);
-	}
+    p = (const unsigned char *)b->data;
+    ret = ASN1_item_d2i(x, &p, len, it);
+ err:
+    if (b != NULL)
+        BUF_MEM_free(b);
+    return (ret);
+}
 
 #ifndef OPENSSL_NO_FP_API
 void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
-        {
-        BIO *b;
-        char *ret;
+{
+    BIO *b;
+    char *ret;
 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_D2I_FP,ERR_R_BUF_LIB);
-                return(NULL);
-		}
-        BIO_set_fp(b,in,BIO_NOCLOSE);
-        ret=ASN1_item_d2i_bio(it,b,x);
-        BIO_free(b);
-        return(ret);
-        }
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB);
+        return (NULL);
+    }
+    BIO_set_fp(b, in, BIO_NOCLOSE);
+    ret = ASN1_item_d2i_bio(it, b, x);
+    BIO_free(b);
+    return (ret);
+}
 #endif
 
 #define HEADER_SIZE   8
 static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
-	{
-	BUF_MEM *b;
-	unsigned char *p;
-	int i;
-	ASN1_const_CTX c;
-	size_t want=HEADER_SIZE;
-	int eos=0;
-	size_t off=0;
-	size_t len=0;
+{
+    BUF_MEM *b;
+    unsigned char *p;
+    int i;
+    ASN1_const_CTX c;
+    size_t want = HEADER_SIZE;
+    int eos = 0;
+    size_t off = 0;
+    size_t len = 0;
 
-	b=BUF_MEM_new();
-	if (b == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
-		return -1;
-		}
+    b = BUF_MEM_new();
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
 
-	ERR_clear_error();
-	for (;;)
-		{
-		if (want >= (len-off))
-			{
-			want-=(len-off);
+    ERR_clear_error();
+    for (;;) {
+        if (want >= (len - off)) {
+            want -= (len - off);
 
-			if (len + want < len || !BUF_MEM_grow_clean(b,len+want))
-				{
-				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			i=BIO_read(in,&(b->data[len]),want);
-			if ((i < 0) && ((len-off) == 0))
-				{
-				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_NOT_ENOUGH_DATA);
-				goto err;
-				}
-			if (i > 0)
-				{
-				if (len+i < len)
-					{
-					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
-					goto err;
-					}
-				len+=i;
-				}
-			}
-		/* else data already loaded */
+            if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            i = BIO_read(in, &(b->data[len]), want);
+            if ((i < 0) && ((len - off) == 0)) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
+                goto err;
+            }
+            if (i > 0) {
+                if (len + i < len) {
+                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                    goto err;
+                }
+                len += i;
+            }
+        }
+        /* else data already loaded */
 
-		p=(unsigned char *)&(b->data[off]);
-		c.p=p;
-		c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass),
-			len-off);
-		if (c.inf & 0x80)
-			{
-			unsigned long e;
+        p = (unsigned char *)&(b->data[off]);
+        c.p = p;
+        c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass),
+                                len - off);
+        if (c.inf & 0x80) {
+            unsigned long e;
 
-			e=ERR_GET_REASON(ERR_peek_error());
-			if (e != ASN1_R_TOO_LONG)
-				goto err;
-			else
-				ERR_clear_error(); /* clear error */
-			}
-		i=c.p-p;/* header length */
-		off+=i;	/* end of data */
+            e = ERR_GET_REASON(ERR_peek_error());
+            if (e != ASN1_R_TOO_LONG)
+                goto err;
+            else
+                ERR_clear_error(); /* clear error */
+        }
+        i = c.p - p;            /* header length */
+        off += i;               /* end of data */
 
-		if (c.inf & 1)
-			{
-			/* no data body so go round again */
-			eos++;
-			if (eos < 0)
-				{
-				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG);
-				goto err;
-				}
-			want=HEADER_SIZE;
-			}
-		else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
-			{
-			/* eos value, so go back and read another header */
-			eos--;
-			if (eos <= 0)
-				break;
-			else
-				want=HEADER_SIZE;
-			}
-		else 
-			{
-			/* suck in c.slen bytes of data */
-			want=c.slen;
-			if (want > (len-off))
-				{
-				want-=(len-off);
-				if (want > INT_MAX /* BIO_read takes an int length */ ||
-					len+want < len)
-						{
-						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
-						goto err;
-						}
-				if (!BUF_MEM_grow_clean(b,len+want))
-					{
-					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-				while (want > 0)
-					{
-					i=BIO_read(in,&(b->data[len]),want);
-					if (i <= 0)
-						{
-						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
-						    ASN1_R_NOT_ENOUGH_DATA);
-						goto err;
-						}
-					/* This can't overflow because
-					 * |len+want| didn't overflow. */
-					len+=i;
-					want-=i;
-					}
-				}
-			if (off + c.slen < off)
-				{
-				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
-				goto err;
-				}
-			off+=c.slen;
-			if (eos <= 0)
-				{
-				break;
-				}
-			else
-				want=HEADER_SIZE;
-			}
-		}
+        if (c.inf & 1) {
+            /* no data body so go round again */
+            eos++;
+            if (eos < 0) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
+                goto err;
+            }
+            want = HEADER_SIZE;
+        } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
+            /* eos value, so go back and read another header */
+            eos--;
+            if (eos <= 0)
+                break;
+            else
+                want = HEADER_SIZE;
+        } else {
+            /* suck in c.slen bytes of data */
+            want = c.slen;
+            if (want > (len - off)) {
+                want -= (len - off);
+                if (want > INT_MAX /* BIO_read takes an int length */  ||
+                    len + want < len) {
+                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                    goto err;
+                }
+                if (!BUF_MEM_grow_clean(b, len + want)) {
+                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
+                while (want > 0) {
+                    i = BIO_read(in, &(b->data[len]), want);
+                    if (i <= 0) {
+                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
+                                ASN1_R_NOT_ENOUGH_DATA);
+                        goto err;
+                    }
+                    /*
+                     * This can't overflow because |len+want| didn't
+                     * overflow.
+                     */
+                    len += i;
+                    want -= i;
+                }
+            }
+            if (off + c.slen < off) {
+                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+                goto err;
+            }
+            off += c.slen;
+            if (eos <= 0) {
+                break;
+            } else
+                want = HEADER_SIZE;
+        }
+    }
 
-	if (off > INT_MAX)
-		{
-		ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
-		goto err;
-		}
+    if (off > INT_MAX) {
+        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
+        goto err;
+    }
 
-	*pb = b;
-	return off;
-err:
-	if (b != NULL) BUF_MEM_free(b);
-	return -1;
-	}
+    *pb = b;
+    return off;
+ err:
+    if (b != NULL)
+        BUF_MEM_free(b);
+    return -1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c
index d00d9e22..2c0a9bad 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_digest.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_digest.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -73,39 +73,37 @@
 #ifndef NO_ASN1_OLD
 
 int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data,
-		unsigned char *md, unsigned int *len)
-	{
-	int i;
-	unsigned char *str,*p;
+                unsigned char *md, unsigned int *len)
+{
+    int i;
+    unsigned char *str, *p;
 
-	i=i2d(data,NULL);
-	if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_DIGEST,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	p=str;
-	i2d(data,&p);
+    i = i2d(data, NULL);
+    if ((str = (unsigned char *)OPENSSL_malloc(i)) == NULL) {
+        ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    p = str;
+    i2d(data, &p);
 
-	EVP_Digest(str, i, md, len, type, NULL);
-	OPENSSL_free(str);
-	return(1);
-	}
+    EVP_Digest(str, i, md, len, type, NULL);
+    OPENSSL_free(str);
+    return (1);
+}
 
 #endif
 
-
 int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
-		unsigned char *md, unsigned int *len)
-	{
-	int i;
-	unsigned char *str = NULL;
-
-	i=ASN1_item_i2d(asn,&str, it);
-	if (!str) return(0);
+                     unsigned char *md, unsigned int *len)
+{
+    int i;
+    unsigned char *str = NULL;
 
-	EVP_Digest(str, i, md, len, type, NULL);
-	OPENSSL_free(str);
-	return(1);
-	}
+    i = ASN1_item_i2d(asn, &str, it);
+    if (!str)
+        return (0);
 
+    EVP_Digest(str, i, md, len, type, NULL);
+    OPENSSL_free(str);
+    return (1);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c
index 199d50f5..35e65409 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_dup.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_dup.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,47 +63,55 @@
 #ifndef NO_OLD_ASN1
 
 void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, char *x)
-	{
-	unsigned char *b,*p;
-	const unsigned char *p2;
-	int i;
-	char *ret;
+{
+    unsigned char *b, *p;
+    const unsigned char *p2;
+    int i;
+    char *ret;
 
-	if (x == NULL) return(NULL);
+    if (x == NULL)
+        return (NULL);
 
-	i=i2d(x,NULL);
-	b=OPENSSL_malloc(i+10);
-	if (b == NULL)
-		{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
-	p= b;
-	i=i2d(x,&p);
-	p2= b;
-	ret=d2i(NULL,&p2,i);
-	OPENSSL_free(b);
-	return(ret);
-	}
+    i = i2d(x, NULL);
+    b = OPENSSL_malloc(i + 10);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    p = b;
+    i = i2d(x, &p);
+    p2 = b;
+    ret = d2i(NULL, &p2, i);
+    OPENSSL_free(b);
+    return (ret);
+}
 
 #endif
 
-/* ASN1_ITEM version of dup: this follows the model above except we don't need
- * to allocate the buffer. At some point this could be rewritten to directly dup
- * the underlying structure instead of doing and encode and decode.
+/*
+ * ASN1_ITEM version of dup: this follows the model above except we don't
+ * need to allocate the buffer. At some point this could be rewritten to
+ * directly dup the underlying structure instead of doing and encode and
+ * decode.
  */
 
 void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
-	{
-	unsigned char *b = NULL;
-	const unsigned char *p;
-	long i;
-	void *ret;
+{
+    unsigned char *b = NULL;
+    const unsigned char *p;
+    long i;
+    void *ret;
 
-	if (x == NULL) return(NULL);
+    if (x == NULL)
+        return (NULL);
 
-	i=ASN1_item_i2d(x,&b,it);
-	if (b == NULL)
-		{ ASN1err(ASN1_F_ASN1_ITEM_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
-	p= b;
-	ret=ASN1_item_d2i(NULL,&p,i, it);
-	OPENSSL_free(b);
-	return(ret);
-	}
+    i = ASN1_item_i2d(x, &b, it);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    p = b;
+    ret = ASN1_item_d2i(NULL, &p, i, it);
+    OPENSSL_free(b);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_enum.c b/Cryptlib/OpenSSL/crypto/asn1/a_enum.c
index fe9aa13b..c3498ac9 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_enum.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_enum.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,122 +61,121 @@
 #include <openssl/asn1.h>
 #include <openssl/bn.h>
 
-/* 
+/*
  * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
  * for comments on encoding see a_int.c
  */
 
 int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
-	{
-	int j,k;
-	unsigned int i;
-	unsigned char buf[sizeof(long)+1];
-	long d;
+{
+    int j, k;
+    unsigned int i;
+    unsigned char buf[sizeof(long) + 1];
+    long d;
 
-	a->type=V_ASN1_ENUMERATED;
-	if (a->length < (int)(sizeof(long)+1))
-		{
-		if (a->data != NULL)
-			OPENSSL_free(a->data);
-		if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
-			memset((char *)a->data,0,sizeof(long)+1);
-		}
-	if (a->data == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_ENUMERATED_SET,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	d=v;
-	if (d < 0)
-		{
-		d= -d;
-		a->type=V_ASN1_NEG_ENUMERATED;
-		}
+    a->type = V_ASN1_ENUMERATED;
+    if (a->length < (int)(sizeof(long) + 1)) {
+        if (a->data != NULL)
+            OPENSSL_free(a->data);
+        if ((a->data =
+             (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL)
+            memset((char *)a->data, 0, sizeof(long) + 1);
+    }
+    if (a->data == NULL) {
+        ASN1err(ASN1_F_ASN1_ENUMERATED_SET, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    d = v;
+    if (d < 0) {
+        d = -d;
+        a->type = V_ASN1_NEG_ENUMERATED;
+    }
 
-	for (i=0; i<sizeof(long); i++)
-		{
-		if (d == 0) break;
-		buf[i]=(int)d&0xff;
-		d>>=8;
-		}
-	j=0;
-	for (k=i-1; k >=0; k--)
-		a->data[j++]=buf[k];
-	a->length=j;
-	return(1);
-	}
+    for (i = 0; i < sizeof(long); i++) {
+        if (d == 0)
+            break;
+        buf[i] = (int)d & 0xff;
+        d >>= 8;
+    }
+    j = 0;
+    for (k = i - 1; k >= 0; k--)
+        a->data[j++] = buf[k];
+    a->length = j;
+    return (1);
+}
 
 long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a)
-	{
-	int neg=0,i;
-	long r=0;
+{
+    int neg = 0, i;
+    long r = 0;
+
+    if (a == NULL)
+        return (0L);
+    i = a->type;
+    if (i == V_ASN1_NEG_ENUMERATED)
+        neg = 1;
+    else if (i != V_ASN1_ENUMERATED)
+        return -1;
 
-	if (a == NULL) return(0L);
-	i=a->type;
-	if (i == V_ASN1_NEG_ENUMERATED)
-		neg=1;
-	else if (i != V_ASN1_ENUMERATED)
-		return -1;
-	
-	if (a->length > (int)sizeof(long))
-		{
-		/* hmm... a bit ugly */
-		return(0xffffffffL);
-		}
-	if (a->data == NULL)
-		return 0;
+    if (a->length > (int)sizeof(long)) {
+        /* hmm... a bit ugly */
+        return (0xffffffffL);
+    }
+    if (a->data == NULL)
+        return 0;
 
-	for (i=0; i<a->length; i++)
-		{
-		r<<=8;
-		r|=(unsigned char)a->data[i];
-		}
-	if (neg) r= -r;
-	return(r);
-	}
+    for (i = 0; i < a->length; i++) {
+        r <<= 8;
+        r |= (unsigned char)a->data[i];
+    }
+    if (neg)
+        r = -r;
+    return (r);
+}
 
 ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai)
-	{
-	ASN1_ENUMERATED *ret;
-	int len,j;
+{
+    ASN1_ENUMERATED *ret;
+    int len, j;
 
-	if (ai == NULL)
-		ret=M_ASN1_ENUMERATED_new();
-	else
-		ret=ai;
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_NESTED_ASN1_ERROR);
-		goto err;
-		}
-	if(BN_is_negative(bn)) ret->type = V_ASN1_NEG_ENUMERATED;
-	else ret->type=V_ASN1_ENUMERATED;
-	j=BN_num_bits(bn);
-	len=((j == 0)?0:((j/8)+1));
-	if (ret->length < len+4)
-		{
-		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
-		if (!new_data)
-			{
-			ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		ret->data=new_data;
-		}
+    if (ai == NULL)
+        ret = M_ASN1_ENUMERATED_new();
+    else
+        ret = ai;
+    if (ret == NULL) {
+        ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_NESTED_ASN1_ERROR);
+        goto err;
+    }
+    if (BN_is_negative(bn))
+        ret->type = V_ASN1_NEG_ENUMERATED;
+    else
+        ret->type = V_ASN1_ENUMERATED;
+    j = BN_num_bits(bn);
+    len = ((j == 0) ? 0 : ((j / 8) + 1));
+    if (ret->length < len + 4) {
+        unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4);
+        if (!new_data) {
+            ASN1err(ASN1_F_BN_TO_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        ret->data = new_data;
+    }
 
-	ret->length=BN_bn2bin(bn,ret->data);
-	return(ret);
-err:
-	if (ret != ai) M_ASN1_ENUMERATED_free(ret);
-	return(NULL);
-	}
+    ret->length = BN_bn2bin(bn, ret->data);
+    return (ret);
+ err:
+    if (ret != ai)
+        M_ASN1_ENUMERATED_free(ret);
+    return (NULL);
+}
 
 BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn)
-	{
-	BIGNUM *ret;
+{
+    BIGNUM *ret;
 
-	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
-		ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB);
-	else if(ai->type == V_ASN1_NEG_ENUMERATED) BN_set_negative(ret,1);
-	return(ret);
-	}
+    if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
+        ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN, ASN1_R_BN_LIB);
+    else if (ai->type == V_ASN1_NEG_ENUMERATED)
+        BN_set_negative(ret, 1);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c
index def79062..b504f2e7 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_gentm.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,14 +49,16 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-/* GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME */
+/*
+ * GENERALIZEDTIME implementation, written by Steve Henson. Based on UTCTIME
+ */
 
 #include <stdio.h>
 #include <time.h>
@@ -67,180 +69,187 @@
 #if 0
 
 int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **pp)
-	{
-#ifdef CHARSET_EBCDIC
-	/* KLUDGE! We convert to ascii before writing DER */
-	int len;
-	char tmp[24];
-	ASN1_STRING tmpstr = *(ASN1_STRING *)a;
-
-	len = tmpstr.length;
-	ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
-	tmpstr.data = tmp;
-
-	a = (ASN1_GENERALIZEDTIME *) &tmpstr;
-#endif
-	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
-		V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL));
-	}
-
+{
+# ifdef CHARSET_EBCDIC
+    /* KLUDGE! We convert to ascii before writing DER */
+    int len;
+    char tmp[24];
+    ASN1_STRING tmpstr = *(ASN1_STRING *)a;
+
+    len = tmpstr.length;
+    ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
+    tmpstr.data = tmp;
+
+    a = (ASN1_GENERALIZEDTIME *)&tmpstr;
+# endif
+    return (i2d_ASN1_bytes((ASN1_STRING *)a, pp,
+                           V_ASN1_GENERALIZEDTIME, V_ASN1_UNIVERSAL));
+}
 
 ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a,
-	     unsigned char **pp, long length)
-	{
-	ASN1_GENERALIZEDTIME *ret=NULL;
-
-	ret=(ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
-		V_ASN1_GENERALIZEDTIME,V_ASN1_UNIVERSAL);
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ERR_R_NESTED_ASN1_ERROR);
-		return(NULL);
-		}
-#ifdef CHARSET_EBCDIC
-	ascii2ebcdic(ret->data, ret->data, ret->length);
-#endif
-	if (!ASN1_GENERALIZEDTIME_check(ret))
-		{
-		ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME,ASN1_R_INVALID_TIME_FORMAT);
-		goto err;
-		}
-
-	return(ret);
-err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		M_ASN1_GENERALIZEDTIME_free(ret);
-	return(NULL);
-	}
+                                               unsigned char **pp,
+                                               long length)
+{
+    ASN1_GENERALIZEDTIME *ret = NULL;
+
+    ret =
+        (ASN1_GENERALIZEDTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length,
+                                               V_ASN1_GENERALIZEDTIME,
+                                               V_ASN1_UNIVERSAL);
+    if (ret == NULL) {
+        ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ERR_R_NESTED_ASN1_ERROR);
+        return (NULL);
+    }
+# ifdef CHARSET_EBCDIC
+    ascii2ebcdic(ret->data, ret->data, ret->length);
+# endif
+    if (!ASN1_GENERALIZEDTIME_check(ret)) {
+        ASN1err(ASN1_F_D2I_ASN1_GENERALIZEDTIME, ASN1_R_INVALID_TIME_FORMAT);
+        goto err;
+    }
+
+    return (ret);
+ err:
+    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+        M_ASN1_GENERALIZEDTIME_free(ret);
+    return (NULL);
+}
 
 #endif
 
 int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *d)
-	{
-	static int min[9]={ 0, 0, 1, 1, 0, 0, 0, 0, 0};
-	static int max[9]={99, 99,12,31,23,59,59,12,59};
-	char *a;
-	int n,i,l,o;
-
-	if (d->type != V_ASN1_GENERALIZEDTIME) return(0);
-	l=d->length;
-	a=(char *)d->data;
-	o=0;
-	/* GENERALIZEDTIME is similar to UTCTIME except the year is
-         * represented as YYYY. This stuff treats everything as a two digit
-         * field so make first two fields 00 to 99
-         */
-	if (l < 13) goto err;
-	for (i=0; i<7; i++)
-		{
-		if ((i == 6) && ((a[o] == 'Z') ||
-			(a[o] == '+') || (a[o] == '-')))
-			{ i++; break; }
-		if ((a[o] < '0') || (a[o] > '9')) goto err;
-		n= a[o]-'0';
-		if (++o > l) goto err;
-
-		if ((a[o] < '0') || (a[o] > '9')) goto err;
-		n=(n*10)+ a[o]-'0';
-		if (++o > l) goto err;
-
-		if ((n < min[i]) || (n > max[i])) goto err;
-		}
-	/* Optional fractional seconds: decimal point followed by one
-	 * or more digits.
-	 */
-	if (a[o] == '.')
-		{
-		if (++o > l) goto err;
-		i = o;
-		while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
-			o++;
-		/* Must have at least one digit after decimal point */
-		if (i == o) goto err;
-		}
-
-	if (a[o] == 'Z')
-		o++;
-	else if ((a[o] == '+') || (a[o] == '-'))
-		{
-		o++;
-		if (o+4 > l) goto err;
-		for (i=7; i<9; i++)
-			{
-			if ((a[o] < '0') || (a[o] > '9')) goto err;
-			n= a[o]-'0';
-			o++;
-			if ((a[o] < '0') || (a[o] > '9')) goto err;
-			n=(n*10)+ a[o]-'0';
-			if ((n < min[i]) || (n > max[i])) goto err;
-			o++;
-			}
-		}
-	return(o == l);
-err:
-	return(0);
-	}
+{
+    static int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 };
+    static int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 };
+    char *a;
+    int n, i, l, o;
+
+    if (d->type != V_ASN1_GENERALIZEDTIME)
+        return (0);
+    l = d->length;
+    a = (char *)d->data;
+    o = 0;
+    /*
+     * GENERALIZEDTIME is similar to UTCTIME except the year is represented
+     * as YYYY. This stuff treats everything as a two digit field so make
+     * first two fields 00 to 99
+     */
+    if (l < 13)
+        goto err;
+    for (i = 0; i < 7; i++) {
+        if ((i == 6) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
+            i++;
+            break;
+        }
+        if ((a[o] < '0') || (a[o] > '9'))
+            goto err;
+        n = a[o] - '0';
+        if (++o > l)
+            goto err;
+
+        if ((a[o] < '0') || (a[o] > '9'))
+            goto err;
+        n = (n * 10) + a[o] - '0';
+        if (++o > l)
+            goto err;
+
+        if ((n < min[i]) || (n > max[i]))
+            goto err;
+    }
+    /*
+     * Optional fractional seconds: decimal point followed by one or more
+     * digits.
+     */
+    if (a[o] == '.') {
+        if (++o > l)
+            goto err;
+        i = o;
+        while ((a[o] >= '0') && (a[o] <= '9') && (o <= l))
+            o++;
+        /* Must have at least one digit after decimal point */
+        if (i == o)
+            goto err;
+    }
+
+    if (a[o] == 'Z')
+        o++;
+    else if ((a[o] == '+') || (a[o] == '-')) {
+        o++;
+        if (o + 4 > l)
+            goto err;
+        for (i = 7; i < 9; i++) {
+            if ((a[o] < '0') || (a[o] > '9'))
+                goto err;
+            n = a[o] - '0';
+            o++;
+            if ((a[o] < '0') || (a[o] > '9'))
+                goto err;
+            n = (n * 10) + a[o] - '0';
+            if ((n < min[i]) || (n > max[i]))
+                goto err;
+            o++;
+        }
+    }
+    return (o == l);
+ err:
+    return (0);
+}
 
 int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
-	{
-	ASN1_GENERALIZEDTIME t;
-
-	t.type=V_ASN1_GENERALIZEDTIME;
-	t.length=strlen(str);
-	t.data=(unsigned char *)str;
-	if (ASN1_GENERALIZEDTIME_check(&t))
-		{
-		if (s != NULL)
-			{
-			if (!ASN1_STRING_set((ASN1_STRING *)s,
-				(unsigned char *)str,t.length))
-				return 0;
-			s->type=V_ASN1_GENERALIZEDTIME;
-			}
-		return(1);
-		}
-	else
-		return(0);
-	}
+{
+    ASN1_GENERALIZEDTIME t;
+
+    t.type = V_ASN1_GENERALIZEDTIME;
+    t.length = strlen(str);
+    t.data = (unsigned char *)str;
+    if (ASN1_GENERALIZEDTIME_check(&t)) {
+        if (s != NULL) {
+            if (!ASN1_STRING_set((ASN1_STRING *)s,
+                                 (unsigned char *)str, t.length))
+                return 0;
+            s->type = V_ASN1_GENERALIZEDTIME;
+        }
+        return (1);
+    } else
+        return (0);
+}
 
 ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
-	     time_t t)
-	{
-	char *p;
-	struct tm *ts;
-	struct tm data;
-	size_t len = 20; 
-
-	if (s == NULL)
-		s=M_ASN1_GENERALIZEDTIME_new();
-	if (s == NULL)
-		return(NULL);
-
-	ts=OPENSSL_gmtime(&t, &data);
-	if (ts == NULL)
-		return(NULL);
-
-	p=(char *)s->data;
-	if ((p == NULL) || ((size_t)s->length < len))
-		{
-		p=OPENSSL_malloc(len);
-		if (p == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		if (s->data != NULL)
-			OPENSSL_free(s->data);
-		s->data=(unsigned char *)p;
-		}
-
-	BIO_snprintf(p,len,"%04d%02d%02d%02d%02d%02dZ",ts->tm_year + 1900,
-		     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
-	s->length=strlen(p);
-	s->type=V_ASN1_GENERALIZEDTIME;
+                                               time_t t)
+{
+    char *p;
+    struct tm *ts;
+    struct tm data;
+    size_t len = 20;
+
+    if (s == NULL)
+        s = M_ASN1_GENERALIZEDTIME_new();
+    if (s == NULL)
+        return (NULL);
+
+    ts = OPENSSL_gmtime(&t, &data);
+    if (ts == NULL)
+        return (NULL);
+
+    p = (char *)s->data;
+    if ((p == NULL) || ((size_t)s->length < len)) {
+        p = OPENSSL_malloc(len);
+        if (p == NULL) {
+            ASN1err(ASN1_F_ASN1_GENERALIZEDTIME_SET, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        if (s->data != NULL)
+            OPENSSL_free(s->data);
+        s->data = (unsigned char *)p;
+    }
+
+    BIO_snprintf(p, len, "%04d%02d%02d%02d%02d%02dZ", ts->tm_year + 1900,
+                 ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
+                 ts->tm_sec);
+    s->length = strlen(p);
+    s->type = V_ASN1_GENERALIZEDTIME;
 #ifdef CHARSET_EBCDIC_not
-	ebcdic2ascii(s->data, s->data, s->length);
+    ebcdic2ascii(s->data, s->data, s->length);
 #endif
-	return(s);
-	}
+    return (s);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c b/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c
index d1c2a7b9..e67afdc6 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_hdr.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,59 +61,58 @@
 #include <openssl/asn1_mac.h>
 #include <openssl/asn1.h>
 
-int i2d_ASN1_HEADER(ASN1_HEADER *a, unsigned char **pp)
-	{
-	M_ASN1_I2D_vars(a);
+int i2d_ASN1_HEADER(ASN1_HEADER * a, unsigned char **pp)
+{
+    M_ASN1_I2D_vars(a);
 
-	M_ASN1_I2D_len(a->header,	i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_len(a->data,		a->meth->i2d);
+    M_ASN1_I2D_len(a->header, i2d_ASN1_OCTET_STRING);
+    M_ASN1_I2D_len(a->data, a->meth->i2d);
 
-	M_ASN1_I2D_seq_total();
+    M_ASN1_I2D_seq_total();
 
-	M_ASN1_I2D_put(a->header,	i2d_ASN1_OCTET_STRING);
-	M_ASN1_I2D_put(a->data,		a->meth->i2d);
+    M_ASN1_I2D_put(a->header, i2d_ASN1_OCTET_STRING);
+    M_ASN1_I2D_put(a->data, a->meth->i2d);
 
-	M_ASN1_I2D_finish();
-	}
+    M_ASN1_I2D_finish();
+}
 
-ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER **a, const unsigned char **pp,
-	     long length)
-	{
-	M_ASN1_D2I_vars(a,ASN1_HEADER *,ASN1_HEADER_new);
+ASN1_HEADER *d2i_ASN1_HEADER(ASN1_HEADER ** a, const unsigned char **pp,
+                             long length)
+{
+    M_ASN1_D2I_vars(a, ASN1_HEADER *, ASN1_HEADER_new);
 
-	M_ASN1_D2I_Init();
-        M_ASN1_D2I_start_sequence();
-        M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->header,d2i_ASN1_OCTET_STRING);
-	if (ret->meth != NULL)
-		{
-		M_ASN1_D2I_get_x(void,ret->data,ret->meth->d2i);
-		}
-	else
-		{
-		if (a != NULL) (*a)=ret;
-		return(ret);
-		}
-        M_ASN1_D2I_Finish(a,ASN1_HEADER_free,ASN1_F_D2I_ASN1_HEADER);
-	}
+    M_ASN1_D2I_Init();
+    M_ASN1_D2I_start_sequence();
+    M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->header, d2i_ASN1_OCTET_STRING);
+    if (ret->meth != NULL) {
+        M_ASN1_D2I_get_x(void, ret->data, ret->meth->d2i);
+    } else {
+        if (a != NULL)
+            (*a) = ret;
+        return (ret);
+    }
+    M_ASN1_D2I_Finish(a, ASN1_HEADER_free, ASN1_F_D2I_ASN1_HEADER);
+}
 
 ASN1_HEADER *ASN1_HEADER_new(void)
-	{
-	ASN1_HEADER *ret=NULL;
-	ASN1_CTX c;
+{
+    ASN1_HEADER *ret = NULL;
+    ASN1_CTX c;
 
-	M_ASN1_New_Malloc(ret,ASN1_HEADER);
-	M_ASN1_New(ret->header,M_ASN1_OCTET_STRING_new);
-	ret->meth=NULL;
-	ret->data=NULL;
-	return(ret);
-        M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
-	}
+    M_ASN1_New_Malloc(ret, ASN1_HEADER);
+    M_ASN1_New(ret->header, M_ASN1_OCTET_STRING_new);
+    ret->meth = NULL;
+    ret->data = NULL;
+    return (ret);
+    M_ASN1_New_Error(ASN1_F_ASN1_HEADER_NEW);
+}
 
-void ASN1_HEADER_free(ASN1_HEADER *a)
-	{
-	if (a == NULL) return;
-	M_ASN1_OCTET_STRING_free(a->header);
-	if (a->meth != NULL)
-		a->meth->destroy(a->data);
-	OPENSSL_free(a);
-	}
+void ASN1_HEADER_free(ASN1_HEADER * a)
+{
+    if (a == NULL)
+        return;
+    M_ASN1_OCTET_STRING_free(a->header);
+    if (a->meth != NULL)
+        a->meth->destroy(a->data);
+    OPENSSL_free(a);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c b/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c
index a3ad76d3..0f56cd4e 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_i2d_fp.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,101 +63,95 @@
 
 #ifndef NO_OLD_ASN1
 
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
-        {
-        BIO *b;
-        int ret;
+{
+    BIO *b;
+    int ret;
 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,out,BIO_NOCLOSE);
-        ret=ASN1_i2d_bio(i2d,b,x);
-        BIO_free(b);
-        return(ret);
-        }
-#endif
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, out, BIO_NOCLOSE);
+    ret = ASN1_i2d_bio(i2d, b, x);
+    BIO_free(b);
+    return (ret);
+}
+# endif
 
 int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
-	{
-	char *b;
-	unsigned char *p;
-	int i,j=0,n,ret=1;
+{
+    char *b;
+    unsigned char *p;
+    int i, j = 0, n, ret = 1;
+
+    n = i2d(x, NULL);
+    b = (char *)OPENSSL_malloc(n);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
 
-	n=i2d(x,NULL);
-	b=(char *)OPENSSL_malloc(n);
-	if (b == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
+    p = (unsigned char *)b;
+    i2d(x, &p);
 
-	p=(unsigned char *)b;
-	i2d(x,&p);
-	
-	for (;;)
-		{
-		i=BIO_write(out,&(b[j]),n);
-		if (i == n) break;
-		if (i <= 0)
-			{
-			ret=0;
-			break;
-			}
-		j+=i;
-		n-=i;
-		}
-	OPENSSL_free(b);
-	return(ret);
-	}
+    for (;;) {
+        i = BIO_write(out, &(b[j]), n);
+        if (i == n)
+            break;
+        if (i <= 0) {
+            ret = 0;
+            break;
+        }
+        j += i;
+        n -= i;
+    }
+    OPENSSL_free(b);
+    return (ret);
+}
 
 #endif
 
 #ifndef OPENSSL_NO_FP_API
 int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
-        {
-        BIO *b;
-        int ret;
+{
+    BIO *b;
+    int ret;
 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_I2D_FP,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,out,BIO_NOCLOSE);
-        ret=ASN1_item_i2d_bio(it,b,x);
-        BIO_free(b);
-        return(ret);
-        }
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, out, BIO_NOCLOSE);
+    ret = ASN1_item_i2d_bio(it, b, x);
+    BIO_free(b);
+    return (ret);
+}
 #endif
 
 int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
-	{
-	unsigned char *b = NULL;
-	int i,j=0,n,ret=1;
+{
+    unsigned char *b = NULL;
+    int i, j = 0, n, ret = 1;
 
-	n = ASN1_item_i2d(x, &b, it);
-	if (b == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
+    n = ASN1_item_i2d(x, &b, it);
+    if (b == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
 
-	for (;;)
-		{
-		i=BIO_write(out,&(b[j]),n);
-		if (i == n) break;
-		if (i <= 0)
-			{
-			ret=0;
-			break;
-			}
-		j+=i;
-		n-=i;
-		}
-	OPENSSL_free(b);
-	return(ret);
-	}
+    for (;;) {
+        i = BIO_write(out, &(b[j]), n);
+        if (i == n)
+            break;
+        if (i <= 0) {
+            ret = 0;
+            break;
+        }
+        j += i;
+        n -= i;
+    }
+    OPENSSL_free(b);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_int.c b/Cryptlib/OpenSSL/crypto/asn1/a_int.c
index ee26c31b..b788617f 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_int.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_int.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,45 +62,45 @@
 #include <openssl/bn.h>
 
 ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x)
-{ return M_ASN1_INTEGER_dup(x);}
+{
+    return M_ASN1_INTEGER_dup(x);
+}
 
 int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
-	{ 
-	int neg, ret;
-	/* Compare signs */
-	neg = x->type & V_ASN1_NEG;
-	if (neg != (y->type & V_ASN1_NEG))
-		{
-		if (neg)
-			return -1;
-		else
-			return 1;
-		}
-
-	ret = ASN1_STRING_cmp(x, y);
-
-	if (neg)
-		return -ret;
-	else
-		return ret;
-	}
-	
-
-/* 
+{
+    int neg, ret;
+    /* Compare signs */
+    neg = x->type & V_ASN1_NEG;
+    if (neg != (y->type & V_ASN1_NEG)) {
+        if (neg)
+            return -1;
+        else
+            return 1;
+    }
+
+    ret = ASN1_STRING_cmp(x, y);
+
+    if (neg)
+        return -ret;
+    else
+        return ret;
+}
+
+/*-
  * This converts an ASN1 INTEGER into its content encoding.
  * The internal representation is an ASN1_STRING whose data is a big endian
  * representation of the value, ignoring the sign. The sign is determined by
- * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. 
+ * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative.
  *
  * Positive integers are no problem: they are almost the same as the DER
  * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
  *
  * Negative integers are a bit trickier...
  * The DER representation of negative integers is in 2s complement form.
- * The internal form is converted by complementing each octet and finally 
+ * The internal form is converted by complementing each octet and finally
  * adding one to the result. This can be done less messily with a little trick.
  * If the internal form has trailing zeroes then they will become FF by the
- * complement and 0 by the add one (due to carry) so just copy as many trailing 
+ * complement and 0 by the add one (due to carry) so just copy as many trailing
  * zeros to the destination as there are in the source. The carry will add one
  * to the last none zero octet: so complement this octet and add one and finally
  * complement any left over until you get to the start of the string.
@@ -112,347 +112,351 @@ int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y)
  */
 
 int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
-	{
-	int pad=0,ret,i,neg;
-	unsigned char *p,*n,pb=0;
-
-	if (a == NULL) return(0);
-	neg=a->type & V_ASN1_NEG;
-	if (a->length == 0)
-		ret=1;
-	else
-		{
-		ret=a->length;
-		i=a->data[0];
-		if (!neg && (i > 127)) {
-			pad=1;
-			pb=0;
-		} else if(neg) {
-			if(i>128) {
-				pad=1;
-				pb=0xFF;
-			} else if(i == 128) {
-			/*
-			 * Special case: if any other bytes non zero we pad:
-			 * otherwise we don't.
-			 */
-				for(i = 1; i < a->length; i++) if(a->data[i]) {
-						pad=1;
-						pb=0xFF;
-						break;
-				}
-			}
-		}
-		ret+=pad;
-		}
-	if (pp == NULL) return(ret);
-	p= *pp;
-
-	if (pad) *(p++)=pb;
-	if (a->length == 0) *(p++)=0;
-	else if (!neg) memcpy(p,a->data,(unsigned int)a->length);
-	else {
-		/* Begin at the end of the encoding */
-		n=a->data + a->length - 1;
-		p += a->length - 1;
-		i = a->length;
-		/* Copy zeros to destination as long as source is zero */
-		while(!*n) {
-			*(p--) = 0;
-			n--;
-			i--;
-		}
-		/* Complement and increment next octet */
-		*(p--) = ((*(n--)) ^ 0xff) + 1;
-		i--;
-		/* Complement any octets left */
-		for(;i > 0; i--) *(p--) = *(n--) ^ 0xff;
-	}
-
-	*pp+=ret;
-	return(ret);
-	}
+{
+    int pad = 0, ret, i, neg;
+    unsigned char *p, *n, pb = 0;
+
+    if (a == NULL)
+        return (0);
+    neg = a->type & V_ASN1_NEG;
+    if (a->length == 0)
+        ret = 1;
+    else {
+        ret = a->length;
+        i = a->data[0];
+        if (!neg && (i > 127)) {
+            pad = 1;
+            pb = 0;
+        } else if (neg) {
+            if (i > 128) {
+                pad = 1;
+                pb = 0xFF;
+            } else if (i == 128) {
+                /*
+                 * Special case: if any other bytes non zero we pad:
+                 * otherwise we don't.
+                 */
+                for (i = 1; i < a->length; i++)
+                    if (a->data[i]) {
+                        pad = 1;
+                        pb = 0xFF;
+                        break;
+                    }
+            }
+        }
+        ret += pad;
+    }
+    if (pp == NULL)
+        return (ret);
+    p = *pp;
+
+    if (pad)
+        *(p++) = pb;
+    if (a->length == 0)
+        *(p++) = 0;
+    else if (!neg)
+        memcpy(p, a->data, (unsigned int)a->length);
+    else {
+        /* Begin at the end of the encoding */
+        n = a->data + a->length - 1;
+        p += a->length - 1;
+        i = a->length;
+        /* Copy zeros to destination as long as source is zero */
+        while (!*n) {
+            *(p--) = 0;
+            n--;
+            i--;
+        }
+        /* Complement and increment next octet */
+        *(p--) = ((*(n--)) ^ 0xff) + 1;
+        i--;
+        /* Complement any octets left */
+        for (; i > 0; i--)
+            *(p--) = *(n--) ^ 0xff;
+    }
+
+    *pp += ret;
+    return (ret);
+}
 
 /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
 
 ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
-	     long len)
-	{
-	ASN1_INTEGER *ret=NULL;
-	const unsigned char *p, *pend;
-	unsigned char *to,*s;
-	int i;
-
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
-		ret->type=V_ASN1_INTEGER;
-		}
-	else
-		ret=(*a);
-
-	p= *pp;
-	pend = p + len;
-
-	/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
-	 * signifies a missing NULL parameter. */
-	s=(unsigned char *)OPENSSL_malloc((int)len+1);
-	if (s == NULL)
-		{
-		i=ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-	to=s;
-	if(!len) {
-		/* Strictly speaking this is an illegal INTEGER but we
-		 * tolerate it.
-		 */
-		ret->type=V_ASN1_INTEGER;
-	} else if (*p & 0x80) /* a negative number */
-		{
-		ret->type=V_ASN1_NEG_INTEGER;
-		if ((*p == 0xff) && (len != 1)) {
-			p++;
-			len--;
-		}
-		i = len;
-		p += i - 1;
-		to += i - 1;
-		while((!*p) && i) {
-			*(to--) = 0;
-			i--;
-			p--;
-		}
-		/* Special case: if all zeros then the number will be of
-		 * the form FF followed by n zero bytes: this corresponds to
-		 * 1 followed by n zero bytes. We've already written n zeros
-		 * so we just append an extra one and set the first byte to
-		 * a 1. This is treated separately because it is the only case
-		 * where the number of bytes is larger than len.
-		 */
-		if(!i) {
-			*s = 1;
-			s[len] = 0;
-			len++;
-		} else {
-			*(to--) = (*(p--) ^ 0xff) + 1;
-			i--;
-			for(;i > 0; i--) *(to--) = *(p--) ^ 0xff;
-		}
-	} else {
-		ret->type=V_ASN1_INTEGER;
-		if ((*p == 0) && (len != 1))
-			{
-			p++;
-			len--;
-			}
-		memcpy(s,p,(int)len);
-	}
-
-	if (ret->data != NULL) OPENSSL_free(ret->data);
-	ret->data=s;
-	ret->length=(int)len;
-	if (a != NULL) (*a)=ret;
-	*pp=pend;
-	return(ret);
-err:
-	ASN1err(ASN1_F_C2I_ASN1_INTEGER,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		M_ASN1_INTEGER_free(ret);
-	return(NULL);
-	}
-
-
-/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
- * ASN1 integers: some broken software can encode a positive INTEGER
- * with its MSB set as negative (it doesn't add a padding zero).
+                               long len)
+{
+    ASN1_INTEGER *ret = NULL;
+    const unsigned char *p, *pend;
+    unsigned char *to, *s;
+    int i;
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        if ((ret = M_ASN1_INTEGER_new()) == NULL)
+            return (NULL);
+        ret->type = V_ASN1_INTEGER;
+    } else
+        ret = (*a);
+
+    p = *pp;
+    pend = p + len;
+
+    /*
+     * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
+     * a missing NULL parameter.
+     */
+    s = (unsigned char *)OPENSSL_malloc((int)len + 1);
+    if (s == NULL) {
+        i = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+    to = s;
+    if (!len) {
+        /*
+         * Strictly speaking this is an illegal INTEGER but we tolerate it.
+         */
+        ret->type = V_ASN1_INTEGER;
+    } else if (*p & 0x80) {     /* a negative number */
+        ret->type = V_ASN1_NEG_INTEGER;
+        if ((*p == 0xff) && (len != 1)) {
+            p++;
+            len--;
+        }
+        i = len;
+        p += i - 1;
+        to += i - 1;
+        while ((!*p) && i) {
+            *(to--) = 0;
+            i--;
+            p--;
+        }
+        /*
+         * Special case: if all zeros then the number will be of the form FF
+         * followed by n zero bytes: this corresponds to 1 followed by n zero
+         * bytes. We've already written n zeros so we just append an extra
+         * one and set the first byte to a 1. This is treated separately
+         * because it is the only case where the number of bytes is larger
+         * than len.
+         */
+        if (!i) {
+            *s = 1;
+            s[len] = 0;
+            len++;
+        } else {
+            *(to--) = (*(p--) ^ 0xff) + 1;
+            i--;
+            for (; i > 0; i--)
+                *(to--) = *(p--) ^ 0xff;
+        }
+    } else {
+        ret->type = V_ASN1_INTEGER;
+        if ((*p == 0) && (len != 1)) {
+            p++;
+            len--;
+        }
+        memcpy(s, p, (int)len);
+    }
+
+    if (ret->data != NULL)
+        OPENSSL_free(ret->data);
+    ret->data = s;
+    ret->length = (int)len;
+    if (a != NULL)
+        (*a) = ret;
+    *pp = pend;
+    return (ret);
+ err:
+    ASN1err(ASN1_F_C2I_ASN1_INTEGER, i);
+    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+        M_ASN1_INTEGER_free(ret);
+    return (NULL);
+}
+
+/*
+ * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
+ * integers: some broken software can encode a positive INTEGER with its MSB
+ * set as negative (it doesn't add a padding zero).
  */
 
 ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
-	     long length)
-	{
-	ASN1_INTEGER *ret=NULL;
-	const unsigned char *p;
-	unsigned char *s;
-	long len;
-	int inf,tag,xclass;
-	int i;
-
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL);
-		ret->type=V_ASN1_INTEGER;
-		}
-	else
-		ret=(*a);
-
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
-
-	if (tag != V_ASN1_INTEGER)
-		{
-		i=ASN1_R_EXPECTING_AN_INTEGER;
-		goto err;
-		}
-
-	/* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it
-	 * signifies a missing NULL parameter. */
-	s=(unsigned char *)OPENSSL_malloc((int)len+1);
-	if (s == NULL)
-		{
-		i=ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-	ret->type=V_ASN1_INTEGER;
-	if(len) {
-		if ((*p == 0) && (len != 1))
-			{
-			p++;
-			len--;
-			}
-		memcpy(s,p,(int)len);
-		p+=len;
-	}
-
-	if (ret->data != NULL) OPENSSL_free(ret->data);
-	ret->data=s;
-	ret->length=(int)len;
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		M_ASN1_INTEGER_free(ret);
-	return(NULL);
-	}
+                                long length)
+{
+    ASN1_INTEGER *ret = NULL;
+    const unsigned char *p;
+    unsigned char *s;
+    long len;
+    int inf, tag, xclass;
+    int i;
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        if ((ret = M_ASN1_INTEGER_new()) == NULL)
+            return (NULL);
+        ret->type = V_ASN1_INTEGER;
+    } else
+        ret = (*a);
+
+    p = *pp;
+    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+    if (inf & 0x80) {
+        i = ASN1_R_BAD_OBJECT_HEADER;
+        goto err;
+    }
+
+    if (tag != V_ASN1_INTEGER) {
+        i = ASN1_R_EXPECTING_AN_INTEGER;
+        goto err;
+    }
+
+    /*
+     * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
+     * a missing NULL parameter.
+     */
+    s = (unsigned char *)OPENSSL_malloc((int)len + 1);
+    if (s == NULL) {
+        i = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+    ret->type = V_ASN1_INTEGER;
+    if (len) {
+        if ((*p == 0) && (len != 1)) {
+            p++;
+            len--;
+        }
+        memcpy(s, p, (int)len);
+        p += len;
+    }
+
+    if (ret->data != NULL)
+        OPENSSL_free(ret->data);
+    ret->data = s;
+    ret->length = (int)len;
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return (ret);
+ err:
+    ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
+    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+        M_ASN1_INTEGER_free(ret);
+    return (NULL);
+}
 
 int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
-	{
-	int j,k;
-	unsigned int i;
-	unsigned char buf[sizeof(long)+1];
-	long d;
-
-	a->type=V_ASN1_INTEGER;
-	if (a->length < (int)(sizeof(long)+1))
-		{
-		if (a->data != NULL)
-			OPENSSL_free(a->data);
-		if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL)
-			memset((char *)a->data,0,sizeof(long)+1);
-		}
-	if (a->data == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_INTEGER_SET,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	d=v;
-	if (d < 0)
-		{
-		d= -d;
-		a->type=V_ASN1_NEG_INTEGER;
-		}
-
-	for (i=0; i<sizeof(long); i++)
-		{
-		if (d == 0) break;
-		buf[i]=(int)d&0xff;
-		d>>=8;
-		}
-	j=0;
-	for (k=i-1; k >=0; k--)
-		a->data[j++]=buf[k];
-	a->length=j;
-	return(1);
-	}
+{
+    int j, k;
+    unsigned int i;
+    unsigned char buf[sizeof(long) + 1];
+    long d;
+
+    a->type = V_ASN1_INTEGER;
+    if (a->length < (int)(sizeof(long) + 1)) {
+        if (a->data != NULL)
+            OPENSSL_free(a->data);
+        if ((a->data =
+             (unsigned char *)OPENSSL_malloc(sizeof(long) + 1)) != NULL)
+            memset((char *)a->data, 0, sizeof(long) + 1);
+    }
+    if (a->data == NULL) {
+        ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    d = v;
+    if (d < 0) {
+        d = -d;
+        a->type = V_ASN1_NEG_INTEGER;
+    }
+
+    for (i = 0; i < sizeof(long); i++) {
+        if (d == 0)
+            break;
+        buf[i] = (int)d & 0xff;
+        d >>= 8;
+    }
+    j = 0;
+    for (k = i - 1; k >= 0; k--)
+        a->data[j++] = buf[k];
+    a->length = j;
+    return (1);
+}
 
 long ASN1_INTEGER_get(ASN1_INTEGER *a)
-	{
-	int neg=0,i;
-	long r=0;
-
-	if (a == NULL) return(0L);
-	i=a->type;
-	if (i == V_ASN1_NEG_INTEGER)
-		neg=1;
-	else if (i != V_ASN1_INTEGER)
-		return -1;
-	
-	if (a->length > (int)sizeof(long))
-		{
-		/* hmm... a bit ugly */
-		return(0xffffffffL);
-		}
-	if (a->data == NULL)
-		return 0;
-
-	for (i=0; i<a->length; i++)
-		{
-		r<<=8;
-		r|=(unsigned char)a->data[i];
-		}
-	if (neg) r= -r;
-	return(r);
-	}
+{
+    int neg = 0, i;
+    long r = 0;
+
+    if (a == NULL)
+        return (0L);
+    i = a->type;
+    if (i == V_ASN1_NEG_INTEGER)
+        neg = 1;
+    else if (i != V_ASN1_INTEGER)
+        return -1;
+
+    if (a->length > (int)sizeof(long)) {
+        /* hmm... a bit ugly */
+        return (0xffffffffL);
+    }
+    if (a->data == NULL)
+        return 0;
+
+    for (i = 0; i < a->length; i++) {
+        r <<= 8;
+        r |= (unsigned char)a->data[i];
+    }
+    if (neg)
+        r = -r;
+    return (r);
+}
 
 ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai)
-	{
-	ASN1_INTEGER *ret;
-	int len,j;
-
-	if (ai == NULL)
-		ret=M_ASN1_INTEGER_new();
-	else
-		ret=ai;
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR);
-		goto err;
-		}
-	if (BN_is_negative(bn))
-		ret->type = V_ASN1_NEG_INTEGER;
-	else ret->type=V_ASN1_INTEGER;
-	j=BN_num_bits(bn);
-	len=((j == 0)?0:((j/8)+1));
-	if (ret->length < len+4)
-		{
-		unsigned char *new_data=OPENSSL_realloc(ret->data, len+4);
-		if (!new_data)
-			{
-			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		ret->data=new_data;
-		}
-	ret->length=BN_bn2bin(bn,ret->data);
-	/* Correct zero case */
-	if(!ret->length)
-		{
-		ret->data[0] = 0;
-		ret->length = 1;
-		}
-	return(ret);
-err:
-	if (ret != ai) M_ASN1_INTEGER_free(ret);
-	return(NULL);
-	}
+{
+    ASN1_INTEGER *ret;
+    int len, j;
+
+    if (ai == NULL)
+        ret = M_ASN1_INTEGER_new();
+    else
+        ret = ai;
+    if (ret == NULL) {
+        ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
+        goto err;
+    }
+    if (BN_is_negative(bn))
+        ret->type = V_ASN1_NEG_INTEGER;
+    else
+        ret->type = V_ASN1_INTEGER;
+    j = BN_num_bits(bn);
+    len = ((j == 0) ? 0 : ((j / 8) + 1));
+    if (ret->length < len + 4) {
+        unsigned char *new_data = OPENSSL_realloc(ret->data, len + 4);
+        if (!new_data) {
+            ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        ret->data = new_data;
+    }
+    ret->length = BN_bn2bin(bn, ret->data);
+    /* Correct zero case */
+    if (!ret->length) {
+        ret->data[0] = 0;
+        ret->length = 1;
+    }
+    return (ret);
+ err:
+    if (ret != ai)
+        M_ASN1_INTEGER_free(ret);
+    return (NULL);
+}
 
 BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn)
-	{
-	BIGNUM *ret;
+{
+    BIGNUM *ret;
 
-	if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL)
-		ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB);
-	else if(ai->type == V_ASN1_NEG_INTEGER)
-		BN_set_negative(ret, 1);
-	return(ret);
-	}
+    if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
+        ASN1err(ASN1_F_ASN1_INTEGER_TO_BN, ASN1_R_BN_LIB);
+    else if (ai->type == V_ASN1_NEG_INTEGER)
+        BN_set_negative(ret, 1);
+    return (ret);
+}
 
 IMPLEMENT_STACK_OF(ASN1_INTEGER)
+
 IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c b/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c
index 1538e0a4..6935efe0 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_mbstr.c
@@ -1,6 +1,7 @@
 /* a_mbstr.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,7 +63,8 @@
 #include <openssl/asn1.h>
 
 static int traverse_string(const unsigned char *p, int len, int inform,
-		 int (*rfunc)(unsigned long value, void *in), void *arg);
+                           int (*rfunc) (unsigned long value, void *in),
+                           void *arg);
 static int in_utf8(unsigned long value, void *arg);
 static int out_utf8(unsigned long value, void *arg);
 static int type_str(unsigned long value, void *arg);
@@ -72,212 +74,221 @@ static int cpy_univ(unsigned long value, void *arg);
 static int cpy_utf8(unsigned long value, void *arg);
 static int is_printable(unsigned long value);
 
-/* These functions take a string in UTF8, ASCII or multibyte form and
- * a mask of permissible ASN1 string types. It then works out the minimal
- * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8)
- * and creates a string of the correct type with the supplied data.
- * Yes this is horrible: it has to be :-(
- * The 'ncopy' form checks minimum and maximum size limits too.
+/*
+ * These functions take a string in UTF8, ASCII or multibyte form and a mask
+ * of permissible ASN1 string types. It then works out the minimal type
+ * (using the order Printable < IA5 < T61 < BMP < Universal < UTF8) and
+ * creates a string of the correct type with the supplied data. Yes this is
+ * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum
+ * size limits too.
  */
 
 int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
-					int inform, unsigned long mask)
+                       int inform, unsigned long mask)
 {
-	return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
+    return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
 }
 
 int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
-					int inform, unsigned long mask, 
-					long minsize, long maxsize)
+                        int inform, unsigned long mask,
+                        long minsize, long maxsize)
 {
-	int str_type;
-	int ret;
-	char free_out;
-	int outform, outlen = 0;
-	ASN1_STRING *dest;
-	unsigned char *p;
-	int nchar;
-	char strbuf[32];
-	int (*cpyfunc)(unsigned long,void *) = NULL;
-	if(len == -1) len = strlen((const char *)in);
-	if(!mask) mask = DIRSTRING_TYPE;
-
-	/* First do a string check and work out the number of characters */
-	switch(inform) {
-
-		case MBSTRING_BMP:
-		if(len & 1) {
-			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
-					 ASN1_R_INVALID_BMPSTRING_LENGTH);
-			return -1;
-		}
-		nchar = len >> 1;
-		break;
-
-		case MBSTRING_UNIV:
-		if(len & 3) {
-			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
-					 ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
-			return -1;
-		}
-		nchar = len >> 2;
-		break;
-
-		case MBSTRING_UTF8:
-		nchar = 0;
-		/* This counts the characters and does utf8 syntax checking */
-		ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
-		if(ret < 0) {
-			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
-						 ASN1_R_INVALID_UTF8STRING);
-			return -1;
-		}
-		break;
-
-		case MBSTRING_ASC:
-		nchar = len;
-		break;
-
-		default:
-		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
-		return -1;
-	}
-
-	if((minsize > 0) && (nchar < minsize)) {
-		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
-		BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
-		ERR_add_error_data(2, "minsize=", strbuf);
-		return -1;
-	}
-
-	if((maxsize > 0) && (nchar > maxsize)) {
-		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
-		BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
-		ERR_add_error_data(2, "maxsize=", strbuf);
-		return -1;
-	}
-
-	/* Now work out minimal type (if any) */
-	if(traverse_string(in, len, inform, type_str, &mask) < 0) {
-		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
-		return -1;
-	}
-
-
-	/* Now work out output format and string type */
-	outform = MBSTRING_ASC;
-	if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING;
-	else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING;
-	else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING;
-	else if(mask & B_ASN1_BMPSTRING) {
-		str_type = V_ASN1_BMPSTRING;
-		outform = MBSTRING_BMP;
-	} else if(mask & B_ASN1_UNIVERSALSTRING) {
-		str_type = V_ASN1_UNIVERSALSTRING;
-		outform = MBSTRING_UNIV;
-	} else {
-		str_type = V_ASN1_UTF8STRING;
-		outform = MBSTRING_UTF8;
-	}
-	if(!out) return str_type;
-	if(*out) {
-		free_out = 0;
-		dest = *out;
-		if(dest->data) {
-			dest->length = 0;
-			OPENSSL_free(dest->data);
-			dest->data = NULL;
-		}
-		dest->type = str_type;
-	} else {
-		free_out = 1;
-		dest = ASN1_STRING_type_new(str_type);
-		if(!dest) {
-			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
-							ERR_R_MALLOC_FAILURE);
-			return -1;
-		}
-		*out = dest;
-	}
-	/* If both the same type just copy across */
-	if(inform == outform) {
-		if(!ASN1_STRING_set(dest, in, len)) {
-			ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE);
-			return -1;
-		}
-		return str_type;
-	} 
-
-	/* Work out how much space the destination will need */
-	switch(outform) {
-		case MBSTRING_ASC:
-		outlen = nchar;
-		cpyfunc = cpy_asc;
-		break;
-
-		case MBSTRING_BMP:
-		outlen = nchar << 1;
-		cpyfunc = cpy_bmp;
-		break;
-
-		case MBSTRING_UNIV:
-		outlen = nchar << 2;
-		cpyfunc = cpy_univ;
-		break;
-
-		case MBSTRING_UTF8:
-		outlen = 0;
-		traverse_string(in, len, inform, out_utf8, &outlen);
-		cpyfunc = cpy_utf8;
-		break;
-	}
-	if(!(p = OPENSSL_malloc(outlen + 1))) {
-		if(free_out) ASN1_STRING_free(dest);
-		ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,ERR_R_MALLOC_FAILURE);
-		return -1;
-	}
-	dest->length = outlen;
-	dest->data = p;
-	p[outlen] = 0;
-	traverse_string(in, len, inform, cpyfunc, &p);
-	return str_type;	
+    int str_type;
+    int ret;
+    char free_out;
+    int outform, outlen = 0;
+    ASN1_STRING *dest;
+    unsigned char *p;
+    int nchar;
+    char strbuf[32];
+    int (*cpyfunc) (unsigned long, void *) = NULL;
+    if (len == -1)
+        len = strlen((const char *)in);
+    if (!mask)
+        mask = DIRSTRING_TYPE;
+
+    /* First do a string check and work out the number of characters */
+    switch (inform) {
+
+    case MBSTRING_BMP:
+        if (len & 1) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                    ASN1_R_INVALID_BMPSTRING_LENGTH);
+            return -1;
+        }
+        nchar = len >> 1;
+        break;
+
+    case MBSTRING_UNIV:
+        if (len & 3) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
+                    ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
+            return -1;
+        }
+        nchar = len >> 2;
+        break;
+
+    case MBSTRING_UTF8:
+        nchar = 0;
+        /* This counts the characters and does utf8 syntax checking */
+        ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
+        if (ret < 0) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING);
+            return -1;
+        }
+        break;
+
+    case MBSTRING_ASC:
+        nchar = len;
+        break;
+
+    default:
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
+        return -1;
+    }
+
+    if ((minsize > 0) && (nchar < minsize)) {
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
+        BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
+        ERR_add_error_data(2, "minsize=", strbuf);
+        return -1;
+    }
+
+    if ((maxsize > 0) && (nchar > maxsize)) {
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
+        BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
+        ERR_add_error_data(2, "maxsize=", strbuf);
+        return -1;
+    }
+
+    /* Now work out minimal type (if any) */
+    if (traverse_string(in, len, inform, type_str, &mask) < 0) {
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
+        return -1;
+    }
+
+    /* Now work out output format and string type */
+    outform = MBSTRING_ASC;
+    if (mask & B_ASN1_PRINTABLESTRING)
+        str_type = V_ASN1_PRINTABLESTRING;
+    else if (mask & B_ASN1_IA5STRING)
+        str_type = V_ASN1_IA5STRING;
+    else if (mask & B_ASN1_T61STRING)
+        str_type = V_ASN1_T61STRING;
+    else if (mask & B_ASN1_BMPSTRING) {
+        str_type = V_ASN1_BMPSTRING;
+        outform = MBSTRING_BMP;
+    } else if (mask & B_ASN1_UNIVERSALSTRING) {
+        str_type = V_ASN1_UNIVERSALSTRING;
+        outform = MBSTRING_UNIV;
+    } else {
+        str_type = V_ASN1_UTF8STRING;
+        outform = MBSTRING_UTF8;
+    }
+    if (!out)
+        return str_type;
+    if (*out) {
+        free_out = 0;
+        dest = *out;
+        if (dest->data) {
+            dest->length = 0;
+            OPENSSL_free(dest->data);
+            dest->data = NULL;
+        }
+        dest->type = str_type;
+    } else {
+        free_out = 1;
+        dest = ASN1_STRING_type_new(str_type);
+        if (!dest) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        *out = dest;
+    }
+    /* If both the same type just copy across */
+    if (inform == outform) {
+        if (!ASN1_STRING_set(dest, in, len)) {
+            ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+        return str_type;
+    }
+
+    /* Work out how much space the destination will need */
+    switch (outform) {
+    case MBSTRING_ASC:
+        outlen = nchar;
+        cpyfunc = cpy_asc;
+        break;
+
+    case MBSTRING_BMP:
+        outlen = nchar << 1;
+        cpyfunc = cpy_bmp;
+        break;
+
+    case MBSTRING_UNIV:
+        outlen = nchar << 2;
+        cpyfunc = cpy_univ;
+        break;
+
+    case MBSTRING_UTF8:
+        outlen = 0;
+        traverse_string(in, len, inform, out_utf8, &outlen);
+        cpyfunc = cpy_utf8;
+        break;
+    }
+    if (!(p = OPENSSL_malloc(outlen + 1))) {
+        if (free_out)
+            ASN1_STRING_free(dest);
+        ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    dest->length = outlen;
+    dest->data = p;
+    p[outlen] = 0;
+    traverse_string(in, len, inform, cpyfunc, &p);
+    return str_type;
 }
 
-/* This function traverses a string and passes the value of each character
- * to an optional function along with a void * argument.
+/*
+ * This function traverses a string and passes the value of each character to
+ * an optional function along with a void * argument.
  */
 
 static int traverse_string(const unsigned char *p, int len, int inform,
-		 int (*rfunc)(unsigned long value, void *in), void *arg)
+                           int (*rfunc) (unsigned long value, void *in),
+                           void *arg)
 {
-	unsigned long value;
-	int ret;
-	while(len) {
-		if(inform == MBSTRING_ASC) {
-			value = *p++;
-			len--;
-		} else if(inform == MBSTRING_BMP) {
-			value = *p++ << 8;
-			value |= *p++;
-			len -= 2;
-		} else if(inform == MBSTRING_UNIV) {
-			value = ((unsigned long)*p++) << 24;
-			value |= ((unsigned long)*p++) << 16;
-			value |= *p++ << 8;
-			value |= *p++;
-			len -= 4;
-		} else {
-			ret = UTF8_getc(p, len, &value);
-			if(ret < 0) return -1;
-			len -= ret;
-			p += ret;
-		}
-		if(rfunc) {
-			ret = rfunc(value, arg);
-			if(ret <= 0) return ret;
-		}
-	}
-	return 1;
+    unsigned long value;
+    int ret;
+    while (len) {
+        if (inform == MBSTRING_ASC) {
+            value = *p++;
+            len--;
+        } else if (inform == MBSTRING_BMP) {
+            value = *p++ << 8;
+            value |= *p++;
+            len -= 2;
+        } else if (inform == MBSTRING_UNIV) {
+            value = ((unsigned long)*p++) << 24;
+            value |= ((unsigned long)*p++) << 16;
+            value |= *p++ << 8;
+            value |= *p++;
+            len -= 4;
+        } else {
+            ret = UTF8_getc(p, len, &value);
+            if (ret < 0)
+                return -1;
+            len -= ret;
+            p += ret;
+        }
+        if (rfunc) {
+            ret = rfunc(value, arg);
+            if (ret <= 0)
+                return ret;
+        }
+    }
+    return 1;
 }
 
 /* Various utility functions for traverse_string */
@@ -286,115 +297,127 @@ static int traverse_string(const unsigned char *p, int len, int inform,
 
 static int in_utf8(unsigned long value, void *arg)
 {
-	int *nchar;
-	nchar = arg;
-	(*nchar)++;
-	return 1;
+    int *nchar;
+    nchar = arg;
+    (*nchar)++;
+    return 1;
 }
 
 /* Determine size of output as a UTF8 String */
 
 static int out_utf8(unsigned long value, void *arg)
 {
-	int *outlen;
-	outlen = arg;
-	*outlen += UTF8_putc(NULL, -1, value);
-	return 1;
+    int *outlen;
+    outlen = arg;
+    *outlen += UTF8_putc(NULL, -1, value);
+    return 1;
 }
 
-/* Determine the "type" of a string: check each character against a
- * supplied "mask".
+/*
+ * Determine the "type" of a string: check each character against a supplied
+ * "mask".
  */
 
 static int type_str(unsigned long value, void *arg)
 {
-	unsigned long types;
-	types = *((unsigned long *)arg);
-	if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
-					types &= ~B_ASN1_PRINTABLESTRING;
-	if((types & B_ASN1_IA5STRING) && (value > 127))
-					types &= ~B_ASN1_IA5STRING;
-	if((types & B_ASN1_T61STRING) && (value > 0xff))
-					types &= ~B_ASN1_T61STRING;
-	if((types & B_ASN1_BMPSTRING) && (value > 0xffff))
-					types &= ~B_ASN1_BMPSTRING;
-	if(!types) return -1;
-	*((unsigned long *)arg) = types;
-	return 1;
+    unsigned long types;
+    types = *((unsigned long *)arg);
+    if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
+        types &= ~B_ASN1_PRINTABLESTRING;
+    if ((types & B_ASN1_IA5STRING) && (value > 127))
+        types &= ~B_ASN1_IA5STRING;
+    if ((types & B_ASN1_T61STRING) && (value > 0xff))
+        types &= ~B_ASN1_T61STRING;
+    if ((types & B_ASN1_BMPSTRING) && (value > 0xffff))
+        types &= ~B_ASN1_BMPSTRING;
+    if (!types)
+        return -1;
+    *((unsigned long *)arg) = types;
+    return 1;
 }
 
 /* Copy one byte per character ASCII like strings */
 
 static int cpy_asc(unsigned long value, void *arg)
 {
-	unsigned char **p, *q;
-	p = arg;
-	q = *p;
-	*q = (unsigned char) value;
-	(*p)++;
-	return 1;
+    unsigned char **p, *q;
+    p = arg;
+    q = *p;
+    *q = (unsigned char)value;
+    (*p)++;
+    return 1;
 }
 
 /* Copy two byte per character BMPStrings */
 
 static int cpy_bmp(unsigned long value, void *arg)
 {
-	unsigned char **p, *q;
-	p = arg;
-	q = *p;
-	*q++ = (unsigned char) ((value >> 8) & 0xff);
-	*q = (unsigned char) (value & 0xff);
-	*p += 2;
-	return 1;
+    unsigned char **p, *q;
+    p = arg;
+    q = *p;
+    *q++ = (unsigned char)((value >> 8) & 0xff);
+    *q = (unsigned char)(value & 0xff);
+    *p += 2;
+    return 1;
 }
 
 /* Copy four byte per character UniversalStrings */
 
 static int cpy_univ(unsigned long value, void *arg)
 {
-	unsigned char **p, *q;
-	p = arg;
-	q = *p;
-	*q++ = (unsigned char) ((value >> 24) & 0xff);
-	*q++ = (unsigned char) ((value >> 16) & 0xff);
-	*q++ = (unsigned char) ((value >> 8) & 0xff);
-	*q = (unsigned char) (value & 0xff);
-	*p += 4;
-	return 1;
+    unsigned char **p, *q;
+    p = arg;
+    q = *p;
+    *q++ = (unsigned char)((value >> 24) & 0xff);
+    *q++ = (unsigned char)((value >> 16) & 0xff);
+    *q++ = (unsigned char)((value >> 8) & 0xff);
+    *q = (unsigned char)(value & 0xff);
+    *p += 4;
+    return 1;
 }
 
 /* Copy to a UTF8String */
 
 static int cpy_utf8(unsigned long value, void *arg)
 {
-	unsigned char **p;
-	int ret;
-	p = arg;
-	/* We already know there is enough room so pass 0xff as the length */
-	ret = UTF8_putc(*p, 0xff, value);
-	*p += ret;
-	return 1;
+    unsigned char **p;
+    int ret;
+    p = arg;
+    /* We already know there is enough room so pass 0xff as the length */
+    ret = UTF8_putc(*p, 0xff, value);
+    *p += ret;
+    return 1;
 }
 
 /* Return 1 if the character is permitted in a PrintableString */
 static int is_printable(unsigned long value)
 {
-	int ch;
-	if(value > 0x7f) return 0;
-	ch = (int) value;
-	/* Note: we can't use 'isalnum' because certain accented 
-	 * characters may count as alphanumeric in some environments.
-	 */
+    int ch;
+    if (value > 0x7f)
+        return 0;
+    ch = (int)value;
+    /*
+     * Note: we can't use 'isalnum' because certain accented characters may
+     * count as alphanumeric in some environments.
+     */
 #ifndef CHARSET_EBCDIC
-	if((ch >= 'a') && (ch <= 'z')) return 1;
-	if((ch >= 'A') && (ch <= 'Z')) return 1;
-	if((ch >= '0') && (ch <= '9')) return 1;
-	if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;
-#else /*CHARSET_EBCDIC*/
-	if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1;
-	if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1;
-	if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1;
-	if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1;
-#endif /*CHARSET_EBCDIC*/
-	return 0;
+    if ((ch >= 'a') && (ch <= 'z'))
+        return 1;
+    if ((ch >= 'A') && (ch <= 'Z'))
+        return 1;
+    if ((ch >= '0') && (ch <= '9'))
+        return 1;
+    if ((ch == ' ') || strchr("'()+,-./:=?", ch))
+        return 1;
+#else                           /* CHARSET_EBCDIC */
+    if ((ch >= os_toascii['a']) && (ch <= os_toascii['z']))
+        return 1;
+    if ((ch >= os_toascii['A']) && (ch <= os_toascii['Z']))
+        return 1;
+    if ((ch >= os_toascii['0']) && (ch <= os_toascii['9']))
+        return 1;
+    if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch]))
+        return 1;
+#endif                          /* CHARSET_EBCDIC */
+    return 0;
 }
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_meth.c b/Cryptlib/OpenSSL/crypto/asn1/a_meth.c
index 50bea917..9c5efabc 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_meth.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_meth.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,24 +61,26 @@
 #include <openssl/buffer.h>
 #include <openssl/asn1.h>
 
-static  ASN1_METHOD ia5string_meth={
-	(I2D_OF(void))	i2d_ASN1_IA5STRING,
-	(D2I_OF(void))	d2i_ASN1_IA5STRING,
-	(void *(*)(void))ASN1_STRING_new,
-	(void (*)(void *))ASN1_STRING_free};
+static ASN1_METHOD ia5string_meth = {
+    (I2D_OF(void)) i2d_ASN1_IA5STRING,
+    (D2I_OF(void)) d2i_ASN1_IA5STRING,
+    (void *(*)(void))ASN1_STRING_new,
+    (void (*)(void *))ASN1_STRING_free
+};
 
-static  ASN1_METHOD bit_string_meth={
-	(I2D_OF(void))	i2d_ASN1_BIT_STRING,
-	(D2I_OF(void))	d2i_ASN1_BIT_STRING,
-	(void *(*)(void))ASN1_STRING_new,
-	(void (*)(void *))ASN1_STRING_free};
+static ASN1_METHOD bit_string_meth = {
+    (I2D_OF(void)) i2d_ASN1_BIT_STRING,
+    (D2I_OF(void)) d2i_ASN1_BIT_STRING,
+    (void *(*)(void))ASN1_STRING_new,
+    (void (*)(void *))ASN1_STRING_free
+};
 
 ASN1_METHOD *ASN1_IA5STRING_asn1_meth(void)
-	{
-	return(&ia5string_meth);
-	}
+{
+    return (&ia5string_meth);
+}
 
 ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(void)
-	{
-	return(&bit_string_meth);
-	}
+{
+    return (&bit_string_meth);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_object.c b/Cryptlib/OpenSSL/crypto/asn1/a_object.c
index e50501ad..aa1847cf 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_object.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_object.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -65,345 +65,332 @@
 #include <openssl/bn.h>
 
 int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp)
-	{
-	unsigned char *p;
-	int objsize;
+{
+    unsigned char *p;
+    int objsize;
 
-	if ((a == NULL) || (a->data == NULL)) return(0);
+    if ((a == NULL) || (a->data == NULL))
+        return (0);
 
-	objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT);
-	if (pp == NULL) return objsize;
+    objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
+    if (pp == NULL)
+        return objsize;
 
-	p= *pp;
-	ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
-	memcpy(p,a->data,a->length);
-	p+=a->length;
+    p = *pp;
+    ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
+    memcpy(p, a->data, a->length);
+    p += a->length;
 
-	*pp=p;
-	return(objsize);
-	}
+    *pp = p;
+    return (objsize);
+}
 
 int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
-	{
-	int i,first,len=0,c, use_bn;
-	char ftmp[24], *tmp = ftmp;
-	int tmpsize = sizeof ftmp;
-	const char *p;
-	unsigned long l;
-	BIGNUM *bl = NULL;
+{
+    int i, first, len = 0, c, use_bn;
+    char ftmp[24], *tmp = ftmp;
+    int tmpsize = sizeof ftmp;
+    const char *p;
+    unsigned long l;
+    BIGNUM *bl = NULL;
 
-	if (num == 0)
-		return(0);
-	else if (num == -1)
-		num=strlen(buf);
+    if (num == 0)
+        return (0);
+    else if (num == -1)
+        num = strlen(buf);
 
-	p=buf;
-	c= *(p++);
-	num--;
-	if ((c >= '0') && (c <= '2'))
-		{
-		first= c-'0';
-		}
-	else
-		{
-		ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_FIRST_NUM_TOO_LARGE);
-		goto err;
-		}
+    p = buf;
+    c = *(p++);
+    num--;
+    if ((c >= '0') && (c <= '2')) {
+        first = c - '0';
+    } else {
+        ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE);
+        goto err;
+    }
 
-	if (num <= 0)
-		{
-		ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_MISSING_SECOND_NUMBER);
-		goto err;
-		}
-	c= *(p++);
-	num--;
-	for (;;)
-		{
-		if (num <= 0) break;
-		if ((c != '.') && (c != ' '))
-			{
-			ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_SEPARATOR);
-			goto err;
-			}
-		l=0;
-		use_bn = 0;
-		for (;;)
-			{
-			if (num <= 0) break;
-			num--;
-			c= *(p++);
-			if ((c == ' ') || (c == '.'))
-				break;
-			if ((c < '0') || (c > '9'))
-				{
-				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_INVALID_DIGIT);
-				goto err;
-				}
-			if (!use_bn && l >= ((ULONG_MAX - 80) / 10L))
-				{
-				use_bn = 1;
-				if (!bl)
-					bl = BN_new();
-				if (!bl || !BN_set_word(bl, l))
-					goto err;
-				}
-			if (use_bn)
-				{
-				if (!BN_mul_word(bl, 10L)
-					|| !BN_add_word(bl, c-'0'))
-					goto err;
-				}
-			else
-				l=l*10L+(long)(c-'0');
-			}
-		if (len == 0)
-			{
-			if ((first < 2) && (l >= 40))
-				{
-				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_SECOND_NUMBER_TOO_LARGE);
-				goto err;
-				}
-			if (use_bn)
-				{
-				if (!BN_add_word(bl, first * 40))
-					goto err;
-				}
-			else
-				l+=(long)first*40;
-			}
-		i=0;
-		if (use_bn)
-			{
-			int blsize;
-			blsize = BN_num_bits(bl);
-			blsize = (blsize + 6)/7;
-			if (blsize > tmpsize)
-				{
-				if (tmp != ftmp)
-					OPENSSL_free(tmp);
-				tmpsize = blsize + 32;
-				tmp = OPENSSL_malloc(tmpsize);
-				if (!tmp)
-					goto err;
-				}
-			while(blsize--)
-				tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
-			}
-		else
-			{
-					
-			for (;;)
-				{
-				tmp[i++]=(unsigned char)l&0x7f;
-				l>>=7L;
-				if (l == 0L) break;
-				}
+    if (num <= 0) {
+        ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER);
+        goto err;
+    }
+    c = *(p++);
+    num--;
+    for (;;) {
+        if (num <= 0)
+            break;
+        if ((c != '.') && (c != ' ')) {
+            ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_SEPARATOR);
+            goto err;
+        }
+        l = 0;
+        use_bn = 0;
+        for (;;) {
+            if (num <= 0)
+                break;
+            num--;
+            c = *(p++);
+            if ((c == ' ') || (c == '.'))
+                break;
+            if ((c < '0') || (c > '9')) {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT);
+                goto err;
+            }
+            if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) {
+                use_bn = 1;
+                if (!bl)
+                    bl = BN_new();
+                if (!bl || !BN_set_word(bl, l))
+                    goto err;
+            }
+            if (use_bn) {
+                if (!BN_mul_word(bl, 10L)
+                    || !BN_add_word(bl, c - '0'))
+                    goto err;
+            } else
+                l = l * 10L + (long)(c - '0');
+        }
+        if (len == 0) {
+            if ((first < 2) && (l >= 40)) {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT,
+                        ASN1_R_SECOND_NUMBER_TOO_LARGE);
+                goto err;
+            }
+            if (use_bn) {
+                if (!BN_add_word(bl, first * 40))
+                    goto err;
+            } else
+                l += (long)first *40;
+        }
+        i = 0;
+        if (use_bn) {
+            int blsize;
+            blsize = BN_num_bits(bl);
+            blsize = (blsize + 6) / 7;
+            if (blsize > tmpsize) {
+                if (tmp != ftmp)
+                    OPENSSL_free(tmp);
+                tmpsize = blsize + 32;
+                tmp = OPENSSL_malloc(tmpsize);
+                if (!tmp)
+                    goto err;
+            }
+            while (blsize--)
+                tmp[i++] = (unsigned char)BN_div_word(bl, 0x80L);
+        } else {
 
-			}
-		if (out != NULL)
-			{
-			if (len+i > olen)
-				{
-				ASN1err(ASN1_F_A2D_ASN1_OBJECT,ASN1_R_BUFFER_TOO_SMALL);
-				goto err;
-				}
-			while (--i > 0)
-				out[len++]=tmp[i]|0x80;
-			out[len++]=tmp[0];
-			}
-		else
-			len+=i;
-		}
-	if (tmp != ftmp)
-		OPENSSL_free(tmp);
-	if (bl)
-		BN_free(bl);
-	return(len);
-err:
-	if (tmp != ftmp)
-		OPENSSL_free(tmp);
-	if (bl)
-		BN_free(bl);
-	return(0);
-	}
+            for (;;) {
+                tmp[i++] = (unsigned char)l & 0x7f;
+                l >>= 7L;
+                if (l == 0L)
+                    break;
+            }
+
+        }
+        if (out != NULL) {
+            if (len + i > olen) {
+                ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_BUFFER_TOO_SMALL);
+                goto err;
+            }
+            while (--i > 0)
+                out[len++] = tmp[i] | 0x80;
+            out[len++] = tmp[0];
+        } else
+            len += i;
+    }
+    if (tmp != ftmp)
+        OPENSSL_free(tmp);
+    if (bl)
+        BN_free(bl);
+    return (len);
+ err:
+    if (tmp != ftmp)
+        OPENSSL_free(tmp);
+    if (bl)
+        BN_free(bl);
+    return (0);
+}
 
 int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a)
 {
-	return OBJ_obj2txt(buf, buf_len, a, 0);
+    return OBJ_obj2txt(buf, buf_len, a, 0);
 }
 
 int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a)
-	{
-	char buf[80], *p = buf;
-	int i;
+{
+    char buf[80], *p = buf;
+    int i;
 
-	if ((a == NULL) || (a->data == NULL))
-		return(BIO_write(bp,"NULL",4));
-	i=i2t_ASN1_OBJECT(buf,sizeof buf,a);
-	if (i > (int)(sizeof(buf) - 1))
-		{
-		p = OPENSSL_malloc(i + 1);
-		if (!p)
-			return -1;
-		i2t_ASN1_OBJECT(p,i + 1,a);
-		}
-	if (i <= 0)
-		return BIO_write(bp, "<INVALID>", 9);
-	BIO_write(bp,p,i);
-	if (p != buf)
-		OPENSSL_free(p);
-	return(i);
-	}
+    if ((a == NULL) || (a->data == NULL))
+        return (BIO_write(bp, "NULL", 4));
+    i = i2t_ASN1_OBJECT(buf, sizeof buf, a);
+    if (i > (int)(sizeof(buf) - 1)) {
+        p = OPENSSL_malloc(i + 1);
+        if (!p)
+            return -1;
+        i2t_ASN1_OBJECT(p, i + 1, a);
+    }
+    if (i <= 0)
+        return BIO_write(bp, "<INVALID>", 9);
+    BIO_write(bp, p, i);
+    if (p != buf)
+        OPENSSL_free(p);
+    return (i);
+}
 
 ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
-	     long length)
+                             long length)
 {
-	const unsigned char *p;
-	long len;
-	int tag,xclass;
-	int inf,i;
-	ASN1_OBJECT *ret = NULL;
-	p= *pp;
-	inf=ASN1_get_object(&p,&len,&tag,&xclass,length);
-	if (inf & 0x80)
-		{
-		i=ASN1_R_BAD_OBJECT_HEADER;
-		goto err;
-		}
+    const unsigned char *p;
+    long len;
+    int tag, xclass;
+    int inf, i;
+    ASN1_OBJECT *ret = NULL;
+    p = *pp;
+    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
+    if (inf & 0x80) {
+        i = ASN1_R_BAD_OBJECT_HEADER;
+        goto err;
+    }
 
-	if (tag != V_ASN1_OBJECT)
-		{
-		i=ASN1_R_EXPECTING_AN_OBJECT;
-		goto err;
-		}
-	ret = c2i_ASN1_OBJECT(a, &p, len);
-	if(ret) *pp = p;
-	return ret;
-err:
-	ASN1err(ASN1_F_D2I_ASN1_OBJECT,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		ASN1_OBJECT_free(ret);
-	return(NULL);
+    if (tag != V_ASN1_OBJECT) {
+        i = ASN1_R_EXPECTING_AN_OBJECT;
+        goto err;
+    }
+    ret = c2i_ASN1_OBJECT(a, &p, len);
+    if (ret)
+        *pp = p;
+    return ret;
+ err:
+    ASN1err(ASN1_F_D2I_ASN1_OBJECT, i);
+    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+        ASN1_OBJECT_free(ret);
+    return (NULL);
 }
 
 ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
-	     long len)
-	{
-	ASN1_OBJECT *ret=NULL;
-	const unsigned char *p;
-	int i, length;
+                             long len)
+{
+    ASN1_OBJECT *ret = NULL;
+    const unsigned char *p;
+    int i, length;
 
-	/* Sanity check OID encoding.
-	 * Need at least one content octet.
-	 * MSB must be clear in the last octet.
-	 * can't have leading 0x80 in subidentifiers, see: X.690 8.19.2
-	 */
-	if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
-	    p[len - 1] & 0x80)
-		{
-		ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
-		return NULL;
-		}
-	/* Now 0 < len <= INT_MAX, so the cast is safe. */
-	length = (int)len;
-	for (i = 0; i < length; i++, p++)
-		{
-		if (*p == 0x80 && (!i || !(p[-1] & 0x80)))
-			{
-			ASN1err(ASN1_F_C2I_ASN1_OBJECT,ASN1_R_INVALID_OBJECT_ENCODING);
-			return NULL;
-			}
-		}
+    /*
+     * Sanity check OID encoding. Need at least one content octet. MSB must
+     * be clear in the last octet. can't have leading 0x80 in subidentifiers,
+     * see: X.690 8.19.2
+     */
+    if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
+        p[len - 1] & 0x80) {
+        ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
+        return NULL;
+    }
+    /* Now 0 < len <= INT_MAX, so the cast is safe. */
+    length = (int)len;
+    for (i = 0; i < length; i++, p++) {
+        if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
+            ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING);
+            return NULL;
+        }
+    }
 
-	/* only the ASN1_OBJECTs from the 'table' will have values
-	 * for ->sn or ->ln */
-	if ((a == NULL) || ((*a) == NULL) ||
-		!((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC))
-		{
-		if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL);
-		}
-	else	ret=(*a);
+    /*
+     * only the ASN1_OBJECTs from the 'table' will have values for ->sn or
+     * ->ln
+     */
+    if ((a == NULL) || ((*a) == NULL) ||
+        !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
+        if ((ret = ASN1_OBJECT_new()) == NULL)
+            return (NULL);
+    } else
+        ret = (*a);
 
-	p= *pp;
-	if ((ret->data == NULL) || (ret->length < length))
-		{
-		if (ret->data != NULL) OPENSSL_free(ret->data);
-		ret->data=(unsigned char *)OPENSSL_malloc(length);
-		ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA;
-		if (ret->data == NULL)
-			{ i=ERR_R_MALLOC_FAILURE; goto err; }
-		}
-	memcpy(ret->data,p,length);
-	ret->length=length;
-	ret->sn=NULL;
-	ret->ln=NULL;
-	/* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
-	p+=length;
+    p = *pp;
+    if ((ret->data == NULL) || (ret->length < length)) {
+        if (ret->data != NULL)
+            OPENSSL_free(ret->data);
+        ret->data = (unsigned char *)OPENSSL_malloc(length);
+        ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+        if (ret->data == NULL) {
+            i = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+    }
+    memcpy(ret->data, p, length);
+    ret->length = length;
+    ret->sn = NULL;
+    ret->ln = NULL;
+    /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
+    p += length;
 
-	if (a != NULL) (*a)=ret;
-	*pp=p;
-	return(ret);
-err:
-	ASN1err(ASN1_F_C2I_ASN1_OBJECT,i);
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		ASN1_OBJECT_free(ret);
-	return(NULL);
-	}
+    if (a != NULL)
+        (*a) = ret;
+    *pp = p;
+    return (ret);
+ err:
+    ASN1err(ASN1_F_C2I_ASN1_OBJECT, i);
+    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+        ASN1_OBJECT_free(ret);
+    return (NULL);
+}
 
 ASN1_OBJECT *ASN1_OBJECT_new(void)
-	{
-	ASN1_OBJECT *ret;
+{
+    ASN1_OBJECT *ret;
 
-	ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	ret->length=0;
-	ret->data=NULL;
-	ret->nid=0;
-	ret->sn=NULL;
-	ret->ln=NULL;
-	ret->flags=ASN1_OBJECT_FLAG_DYNAMIC;
-	return(ret);
-	}
+    ret = (ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    ret->length = 0;
+    ret->data = NULL;
+    ret->nid = 0;
+    ret->sn = NULL;
+    ret->ln = NULL;
+    ret->flags = ASN1_OBJECT_FLAG_DYNAMIC;
+    return (ret);
+}
 
 void ASN1_OBJECT_free(ASN1_OBJECT *a)
-	{
-	if (a == NULL) return;
-	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS)
-		{
-#ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */
-		if (a->sn != NULL) OPENSSL_free((void *)a->sn);
-		if (a->ln != NULL) OPENSSL_free((void *)a->ln);
+{
+    if (a == NULL)
+        return;
+    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) {
+#ifndef CONST_STRICT            /* disable purely for compile-time strict
+                                 * const checking. Doing this on a "real"
+                                 * compile will cause memory leaks */
+        if (a->sn != NULL)
+            OPENSSL_free((void *)a->sn);
+        if (a->ln != NULL)
+            OPENSSL_free((void *)a->ln);
 #endif
-		a->sn=a->ln=NULL;
-		}
-	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA)
-		{
-		if (a->data != NULL) OPENSSL_free(a->data);
-		a->data=NULL;
-		a->length=0;
-		}
-	if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
-		OPENSSL_free(a);
-	}
+        a->sn = a->ln = NULL;
+    }
+    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
+        if (a->data != NULL)
+            OPENSSL_free(a->data);
+        a->data = NULL;
+        a->length = 0;
+    }
+    if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
+        OPENSSL_free(a);
+}
 
 ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
-	     const char *sn, const char *ln)
-	{
-	ASN1_OBJECT o;
+                                const char *sn, const char *ln)
+{
+    ASN1_OBJECT o;
 
-	o.sn=sn;
-	o.ln=ln;
-	o.data=data;
-	o.nid=nid;
-	o.length=len;
-	o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
-		ASN1_OBJECT_FLAG_DYNAMIC_DATA;
-	return(OBJ_dup(&o));
-	}
+    o.sn = sn;
+    o.ln = ln;
+    o.data = data;
+    o.nid = nid;
+    o.length = len;
+    o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+        ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+    return (OBJ_dup(&o));
+}
 
 IMPLEMENT_STACK_OF(ASN1_OBJECT)
+
 IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT)
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c
index 24fd0f8e..6ea1950a 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_octet.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_octet.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,11 +61,17 @@
 #include <openssl/asn1.h>
 
 ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x)
-{ return M_ASN1_OCTET_STRING_dup(x); }
+{
+    return M_ASN1_OCTET_STRING_dup(x);
+}
 
 int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b)
-{ return M_ASN1_OCTET_STRING_cmp(a, b); }
-
-int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len)
-{ return M_ASN1_OCTET_STRING_set(x, d, len); }
+{
+    return M_ASN1_OCTET_STRING_cmp(a, b);
+}
 
+int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d,
+                          int len)
+{
+    return M_ASN1_OCTET_STRING_set(x, d, len);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_print.c b/Cryptlib/OpenSSL/crypto/asn1/a_print.c
index d18e7723..d83e4ad8 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_print.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_print.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,67 +61,69 @@
 #include <openssl/asn1.h>
 
 int ASN1_PRINTABLE_type(const unsigned char *s, int len)
-	{
-	int c;
-	int ia5=0;
-	int t61=0;
+{
+    int c;
+    int ia5 = 0;
+    int t61 = 0;
 
-	if (len <= 0) len= -1;
-	if (s == NULL) return(V_ASN1_PRINTABLESTRING);
+    if (len <= 0)
+        len = -1;
+    if (s == NULL)
+        return (V_ASN1_PRINTABLESTRING);
 
-	while ((*s) && (len-- != 0))
-		{
-		c= *(s++);
+    while ((*s) && (len-- != 0)) {
+        c = *(s++);
 #ifndef CHARSET_EBCDIC
-		if (!(	((c >= 'a') && (c <= 'z')) ||
-			((c >= 'A') && (c <= 'Z')) ||
-			(c == ' ') ||
-			((c >= '0') && (c <= '9')) ||
-			(c == ' ') || (c == '\'') ||
-			(c == '(') || (c == ')') ||
-			(c == '+') || (c == ',') ||
-			(c == '-') || (c == '.') ||
-			(c == '/') || (c == ':') ||
-			(c == '=') || (c == '?')))
-			ia5=1;
-		if (c&0x80)
-			t61=1;
+        if (!(((c >= 'a') && (c <= 'z')) ||
+              ((c >= 'A') && (c <= 'Z')) ||
+              (c == ' ') ||
+              ((c >= '0') && (c <= '9')) ||
+              (c == ' ') || (c == '\'') ||
+              (c == '(') || (c == ')') ||
+              (c == '+') || (c == ',') ||
+              (c == '-') || (c == '.') ||
+              (c == '/') || (c == ':') || (c == '=') || (c == '?')))
+            ia5 = 1;
+        if (c & 0x80)
+            t61 = 1;
 #else
-		if (!isalnum(c) && (c != ' ') &&
-		    strchr("'()+,-./:=?", c) == NULL)
-			ia5=1;
-		if (os_toascii[c] & 0x80)
-			t61=1;
+        if (!isalnum(c) && (c != ' ') && strchr("'()+,-./:=?", c) == NULL)
+            ia5 = 1;
+        if (os_toascii[c] & 0x80)
+            t61 = 1;
 #endif
-		}
-	if (t61) return(V_ASN1_T61STRING);
-	if (ia5) return(V_ASN1_IA5STRING);
-	return(V_ASN1_PRINTABLESTRING);
-	}
+    }
+    if (t61)
+        return (V_ASN1_T61STRING);
+    if (ia5)
+        return (V_ASN1_IA5STRING);
+    return (V_ASN1_PRINTABLESTRING);
+}
 
 int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
-	{
-	int i;
-	unsigned char *p;
+{
+    int i;
+    unsigned char *p;
 
-	if (s->type != V_ASN1_UNIVERSALSTRING) return(0);
-	if ((s->length%4) != 0) return(0);
-	p=s->data;
-	for (i=0; i<s->length; i+=4)
-		{
-		if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
-			break;
-		else
-			p+=4;
-		}
-	if (i < s->length) return(0);
-	p=s->data;
-	for (i=3; i<s->length; i+=4)
-		{
-		*(p++)=s->data[i];
-		}
-	*(p)='\0';
-	s->length/=4;
-	s->type=ASN1_PRINTABLE_type(s->data,s->length);
-	return(1);
-	}
+    if (s->type != V_ASN1_UNIVERSALSTRING)
+        return (0);
+    if ((s->length % 4) != 0)
+        return (0);
+    p = s->data;
+    for (i = 0; i < s->length; i += 4) {
+        if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
+            break;
+        else
+            p += 4;
+    }
+    if (i < s->length)
+        return (0);
+    p = s->data;
+    for (i = 3; i < s->length; i += 4) {
+        *(p++) = s->data[i];
+    }
+    *(p) = '\0';
+    s->length /= 4;
+    s->type = ASN1_PRINTABLE_type(s->data, s->length);
+    return (1);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_set.c b/Cryptlib/OpenSSL/crypto/asn1/a_set.c
index 958558c2..18bb408c 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_set.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_set.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,177 +62,175 @@
 
 #ifndef NO_ASN1_OLD
 
-typedef struct
-    {
+typedef struct {
     unsigned char *pbData;
     int cbData;
-    } MYBLOB;
+} MYBLOB;
 
-/* SetBlobCmp
- * This function compares two elements of SET_OF block
+/*
+ * SetBlobCmp This function compares two elements of SET_OF block
  */
-static int SetBlobCmp(const void *elem1, const void *elem2 )
-    {
+static int SetBlobCmp(const void *elem1, const void *elem2)
+{
     const MYBLOB *b1 = (const MYBLOB *)elem1;
     const MYBLOB *b2 = (const MYBLOB *)elem2;
     int r;
 
     r = memcmp(b1->pbData, b2->pbData,
-	       b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
-    if(r != 0)
-	return r;
-    return b1->cbData-b2->cbData;
+               b1->cbData < b2->cbData ? b1->cbData : b2->cbData);
+    if (r != 0)
+        return r;
+    return b1->cbData - b2->cbData;
+}
+
+/*
+ * int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)
+ */
+int i2d_ASN1_SET(STACK * a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
+                 int ex_class, int is_set)
+{
+    int ret = 0, r;
+    int i;
+    unsigned char *p;
+    unsigned char *pStart, *pTempMem;
+    MYBLOB *rgSetBlob;
+    int totSize;
+
+    if (a == NULL)
+        return (0);
+    for (i = sk_num(a) - 1; i >= 0; i--)
+        ret += i2d(sk_value(a, i), NULL);
+    r = ASN1_object_size(1, ret, ex_tag);
+    if (pp == NULL)
+        return (r);
+
+    p = *pp;
+    ASN1_put_object(&p, 1, ret, ex_tag, ex_class);
+
+/* Modified by gp@nsj.co.jp */
+    /* And then again by Ben */
+    /* And again by Steve */
+
+    if (!is_set || (sk_num(a) < 2)) {
+        for (i = 0; i < sk_num(a); i++)
+            i2d(sk_value(a, i), &p);
+
+        *pp = p;
+        return (r);
     }
 
-/* int is_set:  if TRUE, then sort the contents (i.e. it isn't a SEQUENCE)    */
-int i2d_ASN1_SET(STACK *a, unsigned char **pp, i2d_of_void *i2d, int ex_tag,
-		 int ex_class, int is_set)
-	{
-	int ret=0,r;
-	int i;
-	unsigned char *p;
-        unsigned char *pStart, *pTempMem;
-        MYBLOB *rgSetBlob;
-        int totSize;
-
-	if (a == NULL) return(0);
-	for (i=sk_num(a)-1; i>=0; i--)
-		ret+=i2d(sk_value(a,i),NULL);
-	r=ASN1_object_size(1,ret,ex_tag);
-	if (pp == NULL) return(r);
-
-	p= *pp;
-	ASN1_put_object(&p,1,ret,ex_tag,ex_class);
+    pStart = p;                 /* Catch the beg of Setblobs */
+    /* In this array we will store the SET blobs */
+    rgSetBlob = (MYBLOB *) OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
+    if (rgSetBlob == NULL) {
+        ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
 
-/* Modified by gp@nsj.co.jp */
-	/* And then again by Ben */
-	/* And again by Steve */
-
-	if(!is_set || (sk_num(a) < 2))
-		{
-		for (i=0; i<sk_num(a); i++)
-                	i2d(sk_value(a,i),&p);
-
-		*pp=p;
-		return(r);
-		}
-
-        pStart  = p; /* Catch the beg of Setblobs*/
-		/* In this array we will store the SET blobs */
-		rgSetBlob = (MYBLOB *)OPENSSL_malloc(sk_num(a) * sizeof(MYBLOB));
-		if (rgSetBlob == NULL)
-			{
-			ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-
-        for (i=0; i<sk_num(a); i++)
-	        {
-                rgSetBlob[i].pbData = p;  /* catch each set encode blob */
-                i2d(sk_value(a,i),&p);
-                rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
-SetBlob
-*/
-		}
-        *pp=p;
-        totSize = p - pStart; /* This is the total size of all set blobs */
-
- /* Now we have to sort the blobs. I am using a simple algo.
-    *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
-        qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
-		if (!(pTempMem = OPENSSL_malloc(totSize)))
-			{
-			ASN1err(ASN1_F_I2D_ASN1_SET,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
+    for (i = 0; i < sk_num(a); i++) {
+        rgSetBlob[i].pbData = p; /* catch each set encode blob */
+        i2d(sk_value(a, i), &p);
+        rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this
+                                                        * SetBlob */
+    }
+    *pp = p;
+    totSize = p - pStart;       /* This is the total size of all set blobs */
+
+    /*
+     * Now we have to sort the blobs. I am using a simple algo. *Sort ptrs
+     * *Copy to temp-mem *Copy from temp-mem to user-mem
+     */
+    qsort(rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
+    if (!(pTempMem = OPENSSL_malloc(totSize))) {
+        ASN1err(ASN1_F_I2D_ASN1_SET, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
 
 /* Copy to temp mem */
-        p = pTempMem;
-        for(i=0; i<sk_num(a); ++i)
-		{
-                memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
-                p += rgSetBlob[i].cbData;
-		}
+    p = pTempMem;
+    for (i = 0; i < sk_num(a); ++i) {
+        memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData);
+        p += rgSetBlob[i].cbData;
+    }
 
 /* Copy back to user mem*/
-        memcpy(pStart, pTempMem, totSize);
-        OPENSSL_free(pTempMem);
-        OPENSSL_free(rgSetBlob);
-
-        return(r);
+    memcpy(pStart, pTempMem, totSize);
+    OPENSSL_free(pTempMem);
+    OPENSSL_free(rgSetBlob);
+
+    return (r);
+}
+
+STACK *d2i_ASN1_SET(STACK ** a, const unsigned char **pp, long length,
+                    d2i_of_void *d2i, void (*free_func) (void *), int ex_tag,
+                    int ex_class)
+{
+    ASN1_const_CTX c;
+    STACK *ret = NULL;
+
+    if ((a == NULL) || ((*a) == NULL)) {
+        if ((ret = sk_new_null()) == NULL) {
+            ASN1err(ASN1_F_D2I_ASN1_SET, ERR_R_MALLOC_FAILURE);
+            goto err;
         }
-
-STACK *d2i_ASN1_SET(STACK **a, const unsigned char **pp, long length,
-		    d2i_of_void *d2i, void (*free_func)(void *), int ex_tag,
-		    int ex_class)
-	{
-	ASN1_const_CTX c;
-	STACK *ret=NULL;
-
-	if ((a == NULL) || ((*a) == NULL))
-		{
-		if ((ret=sk_new_null()) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_ASN1_SET,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	else
-		ret=(*a);
-
-	c.p= *pp;
-	c.max=(length == 0)?0:(c.p+length);
-
-	c.inf=ASN1_get_object(&c.p,&c.slen,&c.tag,&c.xclass,c.max-c.p);
-	if (c.inf & 0x80) goto err;
-	if (ex_class != c.xclass)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_CLASS);
-		goto err;
-		}
-	if (ex_tag != c.tag)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_BAD_TAG);
-		goto err;
-		}
-	if ((c.slen+c.p) > c.max)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_LENGTH_ERROR);
-		goto err;
-		}
-	/* check for infinite constructed - it can be as long
-	 * as the amount of data passed to us */
-	if (c.inf == (V_ASN1_CONSTRUCTED+1))
-		c.slen=length+ *pp-c.p;
-	c.max=c.p+c.slen;
-
-	while (c.p < c.max)
-		{
-		char *s;
-
-		if (M_ASN1_D2I_end_sequence()) break;
-		/* XXX: This was called with 4 arguments, incorrectly, it seems
-		   if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) */
-		if ((s=d2i(NULL,&c.p,c.slen)) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT);
-			asn1_add_error(*pp,(int)(c.q- *pp));
-			goto err;
-			}
-		if (!sk_push(ret,s)) goto err;
-		}
-	if (a != NULL) (*a)=ret;
-	*pp=c.p;
-	return(ret);
-err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		{
-		if (free_func != NULL)
-			sk_pop_free(ret,free_func);
-		else
-			sk_free(ret);
-		}
-	return(NULL);
-	}
+    } else
+        ret = (*a);
+
+    c.p = *pp;
+    c.max = (length == 0) ? 0 : (c.p + length);
+
+    c.inf = ASN1_get_object(&c.p, &c.slen, &c.tag, &c.xclass, c.max - c.p);
+    if (c.inf & 0x80)
+        goto err;
+    if (ex_class != c.xclass) {
+        ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_CLASS);
+        goto err;
+    }
+    if (ex_tag != c.tag) {
+        ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_BAD_TAG);
+        goto err;
+    }
+    if ((c.slen + c.p) > c.max) {
+        ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_LENGTH_ERROR);
+        goto err;
+    }
+    /*
+     * check for infinite constructed - it can be as long as the amount of
+     * data passed to us
+     */
+    if (c.inf == (V_ASN1_CONSTRUCTED + 1))
+        c.slen = length + *pp - c.p;
+    c.max = c.p + c.slen;
+
+    while (c.p < c.max) {
+        char *s;
+
+        if (M_ASN1_D2I_end_sequence())
+            break;
+        /*
+         * XXX: This was called with 4 arguments, incorrectly, it seems if
+         * ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL)
+         */
+        if ((s = d2i(NULL, &c.p, c.slen)) == NULL) {
+            ASN1err(ASN1_F_D2I_ASN1_SET, ASN1_R_ERROR_PARSING_SET_ELEMENT);
+            asn1_add_error(*pp, (int)(c.q - *pp));
+            goto err;
+        }
+        if (!sk_push(ret, s))
+            goto err;
+    }
+    if (a != NULL)
+        (*a) = ret;
+    *pp = c.p;
+    return (ret);
+ err:
+    if ((ret != NULL) && ((a == NULL) || (*a != ret))) {
+        if (free_func != NULL)
+            sk_pop_free(ret, free_func);
+        else
+            sk_free(ret);
+    }
+    return (NULL);
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c
index 4dee45fb..92a5a6c6 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_sign.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_sign.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -127,174 +127,179 @@
 #ifndef NO_ASN1_OLD
 
 int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2,
-	      ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
-	      const EVP_MD *type)
-	{
-	EVP_MD_CTX ctx;
-	unsigned char *p,*buf_in=NULL,*buf_out=NULL;
-	int i,inl=0,outl=0,outll=0;
-	X509_ALGOR *a;
+              ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
+              const EVP_MD *type)
+{
+    EVP_MD_CTX ctx;
+    unsigned char *p, *buf_in = NULL, *buf_out = NULL;
+    int i, inl = 0, outl = 0, outll = 0;
+    X509_ALGOR *a;
 
-	EVP_MD_CTX_init(&ctx);
-	for (i=0; i<2; i++)
-		{
-		if (i == 0)
-			a=algor1;
-		else
-			a=algor2;
-		if (a == NULL) continue;
-                if (type->pkey_type == NID_dsaWithSHA1)
-			{
-			/* special case: RFC 2459 tells us to omit 'parameters'
-			 * with id-dsa-with-sha1 */
-			ASN1_TYPE_free(a->parameter);
-			a->parameter = NULL;
-			}
-		else if ((a->parameter == NULL) || 
-			(a->parameter->type != V_ASN1_NULL))
-			{
-			ASN1_TYPE_free(a->parameter);
-			if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
-			a->parameter->type=V_ASN1_NULL;
-			}
-		ASN1_OBJECT_free(a->algorithm);
-		a->algorithm=OBJ_nid2obj(type->pkey_type);
-		if (a->algorithm == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
-			goto err;
-			}
-		if (a->algorithm->length == 0)
-			{
-			ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-			goto err;
-			}
-		}
-	inl=i2d(data,NULL);
-	buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl);
-	outll=outl=EVP_PKEY_size(pkey);
-	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
-	if ((buf_in == NULL) || (buf_out == NULL))
-		{
-		outl=0;
-		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	p=buf_in;
+    EVP_MD_CTX_init(&ctx);
+    for (i = 0; i < 2; i++) {
+        if (i == 0)
+            a = algor1;
+        else
+            a = algor2;
+        if (a == NULL)
+            continue;
+        if (type->pkey_type == NID_dsaWithSHA1) {
+            /*
+             * special case: RFC 2459 tells us to omit 'parameters' with
+             * id-dsa-with-sha1
+             */
+            ASN1_TYPE_free(a->parameter);
+            a->parameter = NULL;
+        } else if ((a->parameter == NULL) ||
+                   (a->parameter->type != V_ASN1_NULL)) {
+            ASN1_TYPE_free(a->parameter);
+            if ((a->parameter = ASN1_TYPE_new()) == NULL)
+                goto err;
+            a->parameter->type = V_ASN1_NULL;
+        }
+        ASN1_OBJECT_free(a->algorithm);
+        a->algorithm = OBJ_nid2obj(type->pkey_type);
+        if (a->algorithm == NULL) {
+            ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE);
+            goto err;
+        }
+        if (a->algorithm->length == 0) {
+            ASN1err(ASN1_F_ASN1_SIGN,
+                    ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+            goto err;
+        }
+    }
+    inl = i2d(data, NULL);
+    buf_in = (unsigned char *)OPENSSL_malloc((unsigned int)inl);
+    outll = outl = EVP_PKEY_size(pkey);
+    buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl);
+    if ((buf_in == NULL) || (buf_out == NULL)) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf_in;
 
-	i2d(data,&p);
-	EVP_SignInit_ex(&ctx,type, NULL);
-	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
-	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
-			(unsigned int *)&outl,pkey))
-		{
-		outl=0;
-		ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB);
-		goto err;
-		}
-	if (signature->data != NULL) OPENSSL_free(signature->data);
-	signature->data=buf_out;
-	buf_out=NULL;
-	signature->length=outl;
-	/* In the interests of compatibility, I'll make sure that
-	 * the bit string has a 'not-used bits' value of 0
-	 */
-	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-err:
-	EVP_MD_CTX_cleanup(&ctx);
-	if (buf_in != NULL)
-		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
-	if (buf_out != NULL)
-		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
-	return(outl);
-	}
+    i2d(data, &p);
+    EVP_SignInit_ex(&ctx, type, NULL);
+    EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl);
+    if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out,
+                       (unsigned int *)&outl, pkey)) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB);
+        goto err;
+    }
+    if (signature->data != NULL)
+        OPENSSL_free(signature->data);
+    signature->data = buf_out;
+    buf_out = NULL;
+    signature->length = outl;
+    /*
+     * In the interests of compatibility, I'll make sure that the bit string
+     * has a 'not-used bits' value of 0
+     */
+    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ err:
+    EVP_MD_CTX_cleanup(&ctx);
+    if (buf_in != NULL) {
+        OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);
+        OPENSSL_free(buf_in);
+    }
+    if (buf_out != NULL) {
+        OPENSSL_cleanse((char *)buf_out, outll);
+        OPENSSL_free(buf_out);
+    }
+    return (outl);
+}
 
 #endif
 
-int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
-	     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
-	     const EVP_MD *type)
-	{
-	EVP_MD_CTX ctx;
-	unsigned char *buf_in=NULL,*buf_out=NULL;
-	int i,inl=0,outl=0,outll=0;
-	X509_ALGOR *a;
+int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1,
+                   X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn,
+                   EVP_PKEY *pkey, const EVP_MD *type)
+{
+    EVP_MD_CTX ctx;
+    unsigned char *buf_in = NULL, *buf_out = NULL;
+    int i, inl = 0, outl = 0, outll = 0;
+    X509_ALGOR *a;
 
-	EVP_MD_CTX_init(&ctx);
-	for (i=0; i<2; i++)
-		{
-		if (i == 0)
-			a=algor1;
-		else
-			a=algor2;
-		if (a == NULL) continue;
-                if (type->pkey_type == NID_dsaWithSHA1 ||
-			type->pkey_type == NID_ecdsa_with_SHA1)
-			{
-			/* special case: RFC 3279 tells us to omit 'parameters'
-			 * with id-dsa-with-sha1 and ecdsa-with-SHA1 */
-			ASN1_TYPE_free(a->parameter);
-			a->parameter = NULL;
-			}
-		else if ((a->parameter == NULL) || 
-			(a->parameter->type != V_ASN1_NULL))
-			{
-			ASN1_TYPE_free(a->parameter);
-			if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err;
-			a->parameter->type=V_ASN1_NULL;
-			}
-		ASN1_OBJECT_free(a->algorithm);
-		a->algorithm=OBJ_nid2obj(type->pkey_type);
-		if (a->algorithm == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE);
-			goto err;
-			}
-		if (a->algorithm->length == 0)
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-			goto err;
-			}
-		}
-	inl=ASN1_item_i2d(asn,&buf_in, it);
-	outll=outl=EVP_PKEY_size(pkey);
-	buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl);
-	if ((buf_in == NULL) || (buf_out == NULL))
-		{
-		outl=0;
-		ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
+    EVP_MD_CTX_init(&ctx);
+    for (i = 0; i < 2; i++) {
+        if (i == 0)
+            a = algor1;
+        else
+            a = algor2;
+        if (a == NULL)
+            continue;
+        if (type->pkey_type == NID_dsaWithSHA1 ||
+            type->pkey_type == NID_ecdsa_with_SHA1) {
+            /*
+             * special case: RFC 3279 tells us to omit 'parameters' with
+             * id-dsa-with-sha1 and ecdsa-with-SHA1
+             */
+            ASN1_TYPE_free(a->parameter);
+            a->parameter = NULL;
+        } else if ((a->parameter == NULL) ||
+                   (a->parameter->type != V_ASN1_NULL)) {
+            ASN1_TYPE_free(a->parameter);
+            if ((a->parameter = ASN1_TYPE_new()) == NULL)
+                goto err;
+            a->parameter->type = V_ASN1_NULL;
+        }
+        ASN1_OBJECT_free(a->algorithm);
+        a->algorithm = OBJ_nid2obj(type->pkey_type);
+        if (a->algorithm == NULL) {
+            ASN1err(ASN1_F_ASN1_ITEM_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE);
+            goto err;
+        }
+        if (a->algorithm->length == 0) {
+            ASN1err(ASN1_F_ASN1_ITEM_SIGN,
+                    ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+            goto err;
+        }
+    }
+    inl = ASN1_item_i2d(asn, &buf_in, it);
+    outll = outl = EVP_PKEY_size(pkey);
+    buf_out = (unsigned char *)OPENSSL_malloc((unsigned int)outl);
+    if ((buf_in == NULL) || (buf_out == NULL)) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
-	if (!EVP_SignInit_ex(&ctx,type, NULL))
-		{
-		outl=0;
-		ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
-		goto err;
-		}
-	EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl);
-	if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out,
-			(unsigned int *)&outl,pkey))
-		{
-		outl=0;
-		ASN1err(ASN1_F_ASN1_ITEM_SIGN,ERR_R_EVP_LIB);
-		goto err;
-		}
-	if (signature->data != NULL) OPENSSL_free(signature->data);
-	signature->data=buf_out;
-	buf_out=NULL;
-	signature->length=outl;
-	/* In the interests of compatibility, I'll make sure that
-	 * the bit string has a 'not-used bits' value of 0
-	 */
-	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-err:
-	EVP_MD_CTX_cleanup(&ctx);
-	if (buf_in != NULL)
-		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
-	if (buf_out != NULL)
-		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
-	return(outl);
-	}
+    if (!EVP_SignInit_ex(&ctx, type, NULL)) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB);
+        goto err;
+    }
+    EVP_SignUpdate(&ctx, (unsigned char *)buf_in, inl);
+    if (!EVP_SignFinal(&ctx, (unsigned char *)buf_out,
+                       (unsigned int *)&outl, pkey)) {
+        outl = 0;
+        ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_EVP_LIB);
+        goto err;
+    }
+    if (signature->data != NULL)
+        OPENSSL_free(signature->data);
+    signature->data = buf_out;
+    buf_out = NULL;
+    signature->length = outl;
+    /*
+     * In the interests of compatibility, I'll make sure that the bit string
+     * has a 'not-used bits' value of 0
+     */
+    signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+    signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+ err:
+    EVP_MD_CTX_cleanup(&ctx);
+    if (buf_in != NULL) {
+        OPENSSL_cleanse((char *)buf_in, (unsigned int)inl);
+        OPENSSL_free(buf_in);
+    }
+    if (buf_out != NULL) {
+        OPENSSL_cleanse((char *)buf_out, outll);
+        OPENSSL_free(buf_out);
+    }
+    return (outl);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c
index ead37ac3..f650708c 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_strex.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_strex.c
@@ -1,6 +1,7 @@
 /* a_strex.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -65,511 +66,583 @@
 
 #include "charmap.h"
 
-/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
- * Enhanced string and name printing routines handling
- * multibyte characters, RFC2253 and a host of other
- * options.
+/*
+ * ASN1_STRING_print_ex() and X509_NAME_print_ex(). Enhanced string and name
+ * printing routines handling multibyte characters, RFC2253 and a host of
+ * other options.
  */
 
-
-#define CHARTYPE_BS_ESC		(ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
+#define CHARTYPE_BS_ESC         (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
 
 #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
-		  ASN1_STRFLGS_ESC_QUOTE | \
-		  ASN1_STRFLGS_ESC_CTRL | \
-		  ASN1_STRFLGS_ESC_MSB)
-
+                  ASN1_STRFLGS_ESC_QUOTE | \
+                  ASN1_STRFLGS_ESC_CTRL | \
+                  ASN1_STRFLGS_ESC_MSB)
 
-/* Three IO functions for sending data to memory, a BIO and
- * and a FILE pointer.
+/*
+ * Three IO functions for sending data to memory, a BIO and and a FILE
+ * pointer.
  */
-#if 0				/* never used */
+#if 0                           /* never used */
 static int send_mem_chars(void *arg, const void *buf, int len)
 {
-	unsigned char **out = arg;
-	if(!out) return 1;
-	memcpy(*out, buf, len);
-	*out += len;
-	return 1;
+    unsigned char **out = arg;
+    if (!out)
+        return 1;
+    memcpy(*out, buf, len);
+    *out += len;
+    return 1;
 }
 #endif
 
 static int send_bio_chars(void *arg, const void *buf, int len)
 {
-	if(!arg) return 1;
-	if(BIO_write(arg, buf, len) != len) return 0;
-	return 1;
+    if (!arg)
+        return 1;
+    if (BIO_write(arg, buf, len) != len)
+        return 0;
+    return 1;
 }
 
 static int send_fp_chars(void *arg, const void *buf, int len)
 {
-	if(!arg) return 1;
-	if(fwrite(buf, 1, len, arg) != (unsigned int)len) return 0;
-	return 1;
+    if (!arg)
+        return 1;
+    if (fwrite(buf, 1, len, arg) != (unsigned int)len)
+        return 0;
+    return 1;
 }
 
-typedef int char_io(void *arg, const void *buf, int len);
+typedef int char_io (void *arg, const void *buf, int len);
 
-/* This function handles display of
- * strings, one character at a time.
- * It is passed an unsigned long for each
- * character because it could come from 2 or even
- * 4 byte forms.
+/*
+ * This function handles display of strings, one character at a time. It is
+ * passed an unsigned long for each character because it could come from 2 or
+ * even 4 byte forms.
  */
 
-static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, char_io *io_ch, void *arg)
+static int do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
+                       char_io *io_ch, void *arg)
 {
-	unsigned char chflgs, chtmp;
-	char tmphex[HEX_SIZE(long)+3];
-
-	if(c > 0xffffffffL)
-		return -1;
-	if(c > 0xffff) {
-		BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
-		if(!io_ch(arg, tmphex, 10)) return -1;
-		return 10;
-	}
-	if(c > 0xff) {
-		BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
-		if(!io_ch(arg, tmphex, 6)) return -1;
-		return 6;
-	}
-	chtmp = (unsigned char)c;
-	if(chtmp > 0x7f) chflgs = flags & ASN1_STRFLGS_ESC_MSB;
-	else chflgs = char_type[chtmp] & flags;
-	if(chflgs & CHARTYPE_BS_ESC) {
-		/* If we don't escape with quotes, signal we need quotes */
-		if(chflgs & ASN1_STRFLGS_ESC_QUOTE) {
-			if(do_quotes) *do_quotes = 1;
-			if(!io_ch(arg, &chtmp, 1)) return -1;
-			return 1;
-		}
-		if(!io_ch(arg, "\\", 1)) return -1;
-		if(!io_ch(arg, &chtmp, 1)) return -1;
-		return 2;
-	}
-	if(chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) {
-		BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
-		if(!io_ch(arg, tmphex, 3)) return -1;
-		return 3;
-	}
-	/* If we get this far and do any escaping at all must escape 
-	 * the escape character itself: backslash.
-	 */
-	if (chtmp == '\\' && flags & ESC_FLAGS) {
-		if(!io_ch(arg, "\\\\", 2)) return -1;
-		return 2;
-	}
-	if(!io_ch(arg, &chtmp, 1)) return -1;
-	return 1;
+    unsigned char chflgs, chtmp;
+    char tmphex[HEX_SIZE(long) + 3];
+
+    if (c > 0xffffffffL)
+        return -1;
+    if (c > 0xffff) {
+        BIO_snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
+        if (!io_ch(arg, tmphex, 10))
+            return -1;
+        return 10;
+    }
+    if (c > 0xff) {
+        BIO_snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
+        if (!io_ch(arg, tmphex, 6))
+            return -1;
+        return 6;
+    }
+    chtmp = (unsigned char)c;
+    if (chtmp > 0x7f)
+        chflgs = flags & ASN1_STRFLGS_ESC_MSB;
+    else
+        chflgs = char_type[chtmp] & flags;
+    if (chflgs & CHARTYPE_BS_ESC) {
+        /* If we don't escape with quotes, signal we need quotes */
+        if (chflgs & ASN1_STRFLGS_ESC_QUOTE) {
+            if (do_quotes)
+                *do_quotes = 1;
+            if (!io_ch(arg, &chtmp, 1))
+                return -1;
+            return 1;
+        }
+        if (!io_ch(arg, "\\", 1))
+            return -1;
+        if (!io_ch(arg, &chtmp, 1))
+            return -1;
+        return 2;
+    }
+    if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB)) {
+        BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
+        if (!io_ch(arg, tmphex, 3))
+            return -1;
+        return 3;
+    }
+    /*
+     * If we get this far and do any escaping at all must escape the escape
+     * character itself: backslash.
+     */
+    if (chtmp == '\\' && flags & ESC_FLAGS) {
+        if (!io_ch(arg, "\\\\", 2))
+            return -1;
+        return 2;
+    }
+    if (!io_ch(arg, &chtmp, 1))
+        return -1;
+    return 1;
 }
 
-#define BUF_TYPE_WIDTH_MASK	0x7
-#define BUF_TYPE_CONVUTF8	0x8
+#define BUF_TYPE_WIDTH_MASK     0x7
+#define BUF_TYPE_CONVUTF8       0x8
 
-/* This function sends each character in a buffer to
- * do_esc_char(). It interprets the content formats
- * and converts to or from UTF8 as appropriate.
+/*
+ * This function sends each character in a buffer to do_esc_char(). It
+ * interprets the content formats and converts to or from UTF8 as
+ * appropriate.
  */
 
 static int do_buf(unsigned char *buf, int buflen,
-			int type, unsigned char flags, char *quotes, char_io *io_ch, void *arg)
+                  int type, unsigned char flags, char *quotes, char_io *io_ch,
+                  void *arg)
 {
-	int i, outlen, len;
-	unsigned char orflags, *p, *q;
-	unsigned long c;
-	p = buf;
-	q = buf + buflen;
-	outlen = 0;
-	while(p != q) {
-		if(p == buf && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_FIRST_ESC_2253;
-		else orflags = 0;
-		switch(type & BUF_TYPE_WIDTH_MASK) {
-			case 4:
-			c = ((unsigned long)*p++) << 24;
-			c |= ((unsigned long)*p++) << 16;
-			c |= ((unsigned long)*p++) << 8;
-			c |= *p++;
-			break;
-
-			case 2:
-			c = ((unsigned long)*p++) << 8;
-			c |= *p++;
-			break;
-
-			case 1:
-			c = *p++;
-			break;
-			
-			case 0:
-			i = UTF8_getc(p, buflen, &c);
-			if(i < 0) return -1;	/* Invalid UTF8String */
-			p += i;
-			break;
-			default:
-			return -1;	/* invalid width */
-		}
-		if (p == q && flags & ASN1_STRFLGS_ESC_2253) orflags = CHARTYPE_LAST_ESC_2253;
-		if(type & BUF_TYPE_CONVUTF8) {
-			unsigned char utfbuf[6];
-			int utflen;
-			utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
-			for(i = 0; i < utflen; i++) {
-				/* We don't need to worry about setting orflags correctly
-				 * because if utflen==1 its value will be correct anyway 
-				 * otherwise each character will be > 0x7f and so the 
-				 * character will never be escaped on first and last.
-				 */
-				len = do_esc_char(utfbuf[i], (unsigned char)(flags | orflags), quotes, io_ch, arg);
-				if(len < 0) return -1;
-				outlen += len;
-			}
-		} else {
-			len = do_esc_char(c, (unsigned char)(flags | orflags), quotes, io_ch, arg);
-			if(len < 0) return -1;
-			outlen += len;
-		}
-	}
-	return outlen;
+    int i, outlen, len;
+    unsigned char orflags, *p, *q;
+    unsigned long c;
+    p = buf;
+    q = buf + buflen;
+    outlen = 0;
+    while (p != q) {
+        if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
+            orflags = CHARTYPE_FIRST_ESC_2253;
+        else
+            orflags = 0;
+        switch (type & BUF_TYPE_WIDTH_MASK) {
+        case 4:
+            c = ((unsigned long)*p++) << 24;
+            c |= ((unsigned long)*p++) << 16;
+            c |= ((unsigned long)*p++) << 8;
+            c |= *p++;
+            break;
+
+        case 2:
+            c = ((unsigned long)*p++) << 8;
+            c |= *p++;
+            break;
+
+        case 1:
+            c = *p++;
+            break;
+
+        case 0:
+            i = UTF8_getc(p, buflen, &c);
+            if (i < 0)
+                return -1;      /* Invalid UTF8String */
+            p += i;
+            break;
+        default:
+            return -1;          /* invalid width */
+        }
+        if (p == q && flags & ASN1_STRFLGS_ESC_2253)
+            orflags = CHARTYPE_LAST_ESC_2253;
+        if (type & BUF_TYPE_CONVUTF8) {
+            unsigned char utfbuf[6];
+            int utflen;
+            utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
+            for (i = 0; i < utflen; i++) {
+                /*
+                 * We don't need to worry about setting orflags correctly
+                 * because if utflen==1 its value will be correct anyway
+                 * otherwise each character will be > 0x7f and so the
+                 * character will never be escaped on first and last.
+                 */
+                len =
+                    do_esc_char(utfbuf[i], (unsigned char)(flags | orflags),
+                                quotes, io_ch, arg);
+                if (len < 0)
+                    return -1;
+                outlen += len;
+            }
+        } else {
+            len =
+                do_esc_char(c, (unsigned char)(flags | orflags), quotes,
+                            io_ch, arg);
+            if (len < 0)
+                return -1;
+            outlen += len;
+        }
+    }
+    return outlen;
 }
 
 /* This function hex dumps a buffer of characters */
 
-static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)
+static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf,
+                       int buflen)
 {
-	static const char hexdig[] = "0123456789ABCDEF";
-	unsigned char *p, *q;
-	char hextmp[2];
-	if(arg) {
-		p = buf;
-		q = buf + buflen;
-		while(p != q) {
-			hextmp[0] = hexdig[*p >> 4];
-			hextmp[1] = hexdig[*p & 0xf];
-			if(!io_ch(arg, hextmp, 2)) return -1;
-			p++;
-		}
-	}
-	return buflen << 1;
+    static const char hexdig[] = "0123456789ABCDEF";
+    unsigned char *p, *q;
+    char hextmp[2];
+    if (arg) {
+        p = buf;
+        q = buf + buflen;
+        while (p != q) {
+            hextmp[0] = hexdig[*p >> 4];
+            hextmp[1] = hexdig[*p & 0xf];
+            if (!io_ch(arg, hextmp, 2))
+                return -1;
+            p++;
+        }
+    }
+    return buflen << 1;
 }
 
-/* "dump" a string. This is done when the type is unknown,
- * or the flags request it. We can either dump the content
- * octets or the entire DER encoding. This uses the RFC2253
- * #01234 format.
+/*
+ * "dump" a string. This is done when the type is unknown, or the flags
+ * request it. We can either dump the content octets or the entire DER
+ * encoding. This uses the RFC2253 #01234 format.
  */
 
-static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str)
+static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
+                   ASN1_STRING *str)
 {
-	/* Placing the ASN1_STRING in a temp ASN1_TYPE allows
-	 * the DER encoding to readily obtained
-	 */
-	ASN1_TYPE t;
-	unsigned char *der_buf, *p;
-	int outlen, der_len;
-
-	if(!io_ch(arg, "#", 1)) return -1;
-	/* If we don't dump DER encoding just dump content octets */
-	if(!(lflags & ASN1_STRFLGS_DUMP_DER)) {
-		outlen = do_hex_dump(io_ch, arg, str->data, str->length);
-		if(outlen < 0) return -1;
-		return outlen + 1;
-	}
-	t.type = str->type;
-	t.value.ptr = (char *)str;
-	der_len = i2d_ASN1_TYPE(&t, NULL);
-	der_buf = OPENSSL_malloc(der_len);
-	if(!der_buf) return -1;
-	p = der_buf;
-	i2d_ASN1_TYPE(&t, &p);
-	outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
-	OPENSSL_free(der_buf);
-	if(outlen < 0) return -1;
-	return outlen + 1;
+    /*
+     * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to
+     * readily obtained
+     */
+    ASN1_TYPE t;
+    unsigned char *der_buf, *p;
+    int outlen, der_len;
+
+    if (!io_ch(arg, "#", 1))
+        return -1;
+    /* If we don't dump DER encoding just dump content octets */
+    if (!(lflags & ASN1_STRFLGS_DUMP_DER)) {
+        outlen = do_hex_dump(io_ch, arg, str->data, str->length);
+        if (outlen < 0)
+            return -1;
+        return outlen + 1;
+    }
+    t.type = str->type;
+    t.value.ptr = (char *)str;
+    der_len = i2d_ASN1_TYPE(&t, NULL);
+    der_buf = OPENSSL_malloc(der_len);
+    if (!der_buf)
+        return -1;
+    p = der_buf;
+    i2d_ASN1_TYPE(&t, &p);
+    outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
+    OPENSSL_free(der_buf);
+    if (outlen < 0)
+        return -1;
+    return outlen + 1;
 }
 
-/* Lookup table to convert tags to character widths,
- * 0 = UTF8 encoded, -1 is used for non string types
- * otherwise it is the number of bytes per character
+/*
+ * Lookup table to convert tags to character widths, 0 = UTF8 encoded, -1 is
+ * used for non string types otherwise it is the number of bytes per
+ * character
  */
 
 static const signed char tag2nbyte[] = {
-	-1, -1, -1, -1, -1,	/* 0-4 */
-	-1, -1, -1, -1, -1,	/* 5-9 */
-	-1, -1, 0, -1,		/* 10-13 */
-	-1, -1, -1, -1,		/* 15-17 */
-	-1, 1, 1,		/* 18-20 */
-	-1, 1, 1, 1,		/* 21-24 */
-	-1, 1, -1,		/* 25-27 */
-	4, -1, 2		/* 28-30 */
+    -1, -1, -1, -1, -1,         /* 0-4 */
+    -1, -1, -1, -1, -1,         /* 5-9 */
+    -1, -1, 0, -1,              /* 10-13 */
+    -1, -1, -1, -1,             /* 15-17 */
+    -1, 1, 1,                   /* 18-20 */
+    -1, 1, 1, 1,                /* 21-24 */
+    -1, 1, -1,                  /* 25-27 */
+    4, -1, 2                    /* 28-30 */
 };
 
-/* This is the main function, print out an
- * ASN1_STRING taking note of various escape
- * and display options. Returns number of
- * characters written or -1 if an error
- * occurred.
+/*
+ * This is the main function, print out an ASN1_STRING taking note of various
+ * escape and display options. Returns number of characters written or -1 if
+ * an error occurred.
  */
 
-static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str)
+static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
+                       ASN1_STRING *str)
 {
-	int outlen, len;
-	int type;
-	char quotes;
-	unsigned char flags;
-	quotes = 0;
-	/* Keep a copy of escape flags */
-	flags = (unsigned char)(lflags & ESC_FLAGS);
-
-	type = str->type;
-
-	outlen = 0;
-
-
-	if(lflags & ASN1_STRFLGS_SHOW_TYPE) {
-		const char *tagname;
-		tagname = ASN1_tag2str(type);
-		outlen += strlen(tagname);
-		if(!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) return -1; 
-		outlen++;
-	}
-
-	/* Decide what to do with type, either dump content or display it */
-
-	/* Dump everything */
-	if(lflags & ASN1_STRFLGS_DUMP_ALL) type = -1;
-	/* Ignore the string type */
-	else if(lflags & ASN1_STRFLGS_IGNORE_TYPE) type = 1;
-	else {
-		/* Else determine width based on type */
-		if((type > 0) && (type < 31)) type = tag2nbyte[type];
-		else type = -1;
-		if((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) type = 1;
-	}
-
-	if(type == -1) {
-		len = do_dump(lflags, io_ch, arg, str);
-		if(len < 0) return -1;
-		outlen += len;
-		return outlen;
-	}
-
-	if(lflags & ASN1_STRFLGS_UTF8_CONVERT) {
-		/* Note: if string is UTF8 and we want
-		 * to convert to UTF8 then we just interpret
-		 * it as 1 byte per character to avoid converting
-		 * twice.
-		 */
-		if(!type) type = 1;
-		else type |= BUF_TYPE_CONVUTF8;
-	}
-
-	len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
-	if(len < 0) return -1;
-	outlen += len;
-	if(quotes) outlen += 2;
-	if(!arg) return outlen;
-	if(quotes && !io_ch(arg, "\"", 1)) return -1;
-	if(do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
-		return -1;
-	if(quotes && !io_ch(arg, "\"", 1)) return -1;
-	return outlen;
+    int outlen, len;
+    int type;
+    char quotes;
+    unsigned char flags;
+    quotes = 0;
+    /* Keep a copy of escape flags */
+    flags = (unsigned char)(lflags & ESC_FLAGS);
+
+    type = str->type;
+
+    outlen = 0;
+
+    if (lflags & ASN1_STRFLGS_SHOW_TYPE) {
+        const char *tagname;
+        tagname = ASN1_tag2str(type);
+        outlen += strlen(tagname);
+        if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1))
+            return -1;
+        outlen++;
+    }
+
+    /* Decide what to do with type, either dump content or display it */
+
+    /* Dump everything */
+    if (lflags & ASN1_STRFLGS_DUMP_ALL)
+        type = -1;
+    /* Ignore the string type */
+    else if (lflags & ASN1_STRFLGS_IGNORE_TYPE)
+        type = 1;
+    else {
+        /* Else determine width based on type */
+        if ((type > 0) && (type < 31))
+            type = tag2nbyte[type];
+        else
+            type = -1;
+        if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN))
+            type = 1;
+    }
+
+    if (type == -1) {
+        len = do_dump(lflags, io_ch, arg, str);
+        if (len < 0)
+            return -1;
+        outlen += len;
+        return outlen;
+    }
+
+    if (lflags & ASN1_STRFLGS_UTF8_CONVERT) {
+        /*
+         * Note: if string is UTF8 and we want to convert to UTF8 then we
+         * just interpret it as 1 byte per character to avoid converting
+         * twice.
+         */
+        if (!type)
+            type = 1;
+        else
+            type |= BUF_TYPE_CONVUTF8;
+    }
+
+    len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
+    if (len < 0)
+        return -1;
+    outlen += len;
+    if (quotes)
+        outlen += 2;
+    if (!arg)
+        return outlen;
+    if (quotes && !io_ch(arg, "\"", 1))
+        return -1;
+    if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
+        return -1;
+    if (quotes && !io_ch(arg, "\"", 1))
+        return -1;
+    return outlen;
 }
 
 /* Used for line indenting: print 'indent' spaces */
 
 static int do_indent(char_io *io_ch, void *arg, int indent)
 {
-	int i;
-	for(i = 0; i < indent; i++)
-			if(!io_ch(arg, " ", 1)) return 0;
-	return 1;
+    int i;
+    for (i = 0; i < indent; i++)
+        if (!io_ch(arg, " ", 1))
+            return 0;
+    return 1;
 }
 
-#define FN_WIDTH_LN	25
-#define FN_WIDTH_SN	10
+#define FN_WIDTH_LN     25
+#define FN_WIDTH_SN     10
 
 static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
-				int indent, unsigned long flags)
+                      int indent, unsigned long flags)
 {
-	int i, prev = -1, orflags, cnt;
-	int fn_opt, fn_nid;
-	ASN1_OBJECT *fn;
-	ASN1_STRING *val;
-	X509_NAME_ENTRY *ent;
-	char objtmp[80];
-	const char *objbuf;
-	int outlen, len;
-	char *sep_dn, *sep_mv, *sep_eq;
-	int sep_dn_len, sep_mv_len, sep_eq_len;
-	if(indent < 0) indent = 0;
-	outlen = indent;
-	if(!do_indent(io_ch, arg, indent)) return -1;
-	switch (flags & XN_FLAG_SEP_MASK)
-	{
-		case XN_FLAG_SEP_MULTILINE:
-		sep_dn = "\n";
-		sep_dn_len = 1;
-		sep_mv = " + ";
-		sep_mv_len = 3;
-		break;
-
-		case XN_FLAG_SEP_COMMA_PLUS:
-		sep_dn = ",";
-		sep_dn_len = 1;
-		sep_mv = "+";
-		sep_mv_len = 1;
-		indent = 0;
-		break;
-
-		case XN_FLAG_SEP_CPLUS_SPC:
-		sep_dn = ", ";
-		sep_dn_len = 2;
-		sep_mv = " + ";
-		sep_mv_len = 3;
-		indent = 0;
-		break;
-
-		case XN_FLAG_SEP_SPLUS_SPC:
-		sep_dn = "; ";
-		sep_dn_len = 2;
-		sep_mv = " + ";
-		sep_mv_len = 3;
-		indent = 0;
-		break;
-
-		default:
-		return -1;
-	}
-
-	if(flags & XN_FLAG_SPC_EQ) {
-		sep_eq = " = ";
-		sep_eq_len = 3;
-	} else {
-		sep_eq = "=";
-		sep_eq_len = 1;
-	}
-
-	fn_opt = flags & XN_FLAG_FN_MASK;
-
-	cnt = X509_NAME_entry_count(n);	
-	for(i = 0; i < cnt; i++) {
-		if(flags & XN_FLAG_DN_REV)
-				ent = X509_NAME_get_entry(n, cnt - i - 1);
-		else ent = X509_NAME_get_entry(n, i);
-		if(prev != -1) {
-			if(prev == ent->set) {
-				if(!io_ch(arg, sep_mv, sep_mv_len)) return -1;
-				outlen += sep_mv_len;
-			} else {
-				if(!io_ch(arg, sep_dn, sep_dn_len)) return -1;
-				outlen += sep_dn_len;
-				if(!do_indent(io_ch, arg, indent)) return -1;
-				outlen += indent;
-			}
-		}
-		prev = ent->set;
-		fn = X509_NAME_ENTRY_get_object(ent);
-		val = X509_NAME_ENTRY_get_data(ent);
-		fn_nid = OBJ_obj2nid(fn);
-		if(fn_opt != XN_FLAG_FN_NONE) {
-			int objlen, fld_len;
-			if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) {
-				OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
-				fld_len = 0; /* XXX: what should this be? */
-				objbuf = objtmp;
-			} else {
-				if(fn_opt == XN_FLAG_FN_SN) {
-					fld_len = FN_WIDTH_SN;
-					objbuf = OBJ_nid2sn(fn_nid);
-				} else if(fn_opt == XN_FLAG_FN_LN) {
-					fld_len = FN_WIDTH_LN;
-					objbuf = OBJ_nid2ln(fn_nid);
-				} else {
-					fld_len = 0; /* XXX: what should this be? */
-					objbuf = "";
-				}
-			}
-			objlen = strlen(objbuf);
-			if(!io_ch(arg, objbuf, objlen)) return -1;
-			if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
-				if (!do_indent(io_ch, arg, fld_len - objlen)) return -1;
-				outlen += fld_len - objlen;
-			}
-			if(!io_ch(arg, sep_eq, sep_eq_len)) return -1;
-			outlen += objlen + sep_eq_len;
-		}
-		/* If the field name is unknown then fix up the DER dump
-		 * flag. We might want to limit this further so it will
- 		 * DER dump on anything other than a few 'standard' fields.
-		 */
-		if((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) 
-					orflags = ASN1_STRFLGS_DUMP_ALL;
-		else orflags = 0;
-     
-		len = do_print_ex(io_ch, arg, flags | orflags, val);
-		if(len < 0) return -1;
-		outlen += len;
-	}
-	return outlen;
+    int i, prev = -1, orflags, cnt;
+    int fn_opt, fn_nid;
+    ASN1_OBJECT *fn;
+    ASN1_STRING *val;
+    X509_NAME_ENTRY *ent;
+    char objtmp[80];
+    const char *objbuf;
+    int outlen, len;
+    char *sep_dn, *sep_mv, *sep_eq;
+    int sep_dn_len, sep_mv_len, sep_eq_len;
+    if (indent < 0)
+        indent = 0;
+    outlen = indent;
+    if (!do_indent(io_ch, arg, indent))
+        return -1;
+    switch (flags & XN_FLAG_SEP_MASK) {
+    case XN_FLAG_SEP_MULTILINE:
+        sep_dn = "\n";
+        sep_dn_len = 1;
+        sep_mv = " + ";
+        sep_mv_len = 3;
+        break;
+
+    case XN_FLAG_SEP_COMMA_PLUS:
+        sep_dn = ",";
+        sep_dn_len = 1;
+        sep_mv = "+";
+        sep_mv_len = 1;
+        indent = 0;
+        break;
+
+    case XN_FLAG_SEP_CPLUS_SPC:
+        sep_dn = ", ";
+        sep_dn_len = 2;
+        sep_mv = " + ";
+        sep_mv_len = 3;
+        indent = 0;
+        break;
+
+    case XN_FLAG_SEP_SPLUS_SPC:
+        sep_dn = "; ";
+        sep_dn_len = 2;
+        sep_mv = " + ";
+        sep_mv_len = 3;
+        indent = 0;
+        break;
+
+    default:
+        return -1;
+    }
+
+    if (flags & XN_FLAG_SPC_EQ) {
+        sep_eq = " = ";
+        sep_eq_len = 3;
+    } else {
+        sep_eq = "=";
+        sep_eq_len = 1;
+    }
+
+    fn_opt = flags & XN_FLAG_FN_MASK;
+
+    cnt = X509_NAME_entry_count(n);
+    for (i = 0; i < cnt; i++) {
+        if (flags & XN_FLAG_DN_REV)
+            ent = X509_NAME_get_entry(n, cnt - i - 1);
+        else
+            ent = X509_NAME_get_entry(n, i);
+        if (prev != -1) {
+            if (prev == ent->set) {
+                if (!io_ch(arg, sep_mv, sep_mv_len))
+                    return -1;
+                outlen += sep_mv_len;
+            } else {
+                if (!io_ch(arg, sep_dn, sep_dn_len))
+                    return -1;
+                outlen += sep_dn_len;
+                if (!do_indent(io_ch, arg, indent))
+                    return -1;
+                outlen += indent;
+            }
+        }
+        prev = ent->set;
+        fn = X509_NAME_ENTRY_get_object(ent);
+        val = X509_NAME_ENTRY_get_data(ent);
+        fn_nid = OBJ_obj2nid(fn);
+        if (fn_opt != XN_FLAG_FN_NONE) {
+            int objlen, fld_len;
+            if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
+                OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
+                fld_len = 0;    /* XXX: what should this be? */
+                objbuf = objtmp;
+            } else {
+                if (fn_opt == XN_FLAG_FN_SN) {
+                    fld_len = FN_WIDTH_SN;
+                    objbuf = OBJ_nid2sn(fn_nid);
+                } else if (fn_opt == XN_FLAG_FN_LN) {
+                    fld_len = FN_WIDTH_LN;
+                    objbuf = OBJ_nid2ln(fn_nid);
+                } else {
+                    fld_len = 0; /* XXX: what should this be? */
+                    objbuf = "";
+                }
+            }
+            objlen = strlen(objbuf);
+            if (!io_ch(arg, objbuf, objlen))
+                return -1;
+            if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
+                if (!do_indent(io_ch, arg, fld_len - objlen))
+                    return -1;
+                outlen += fld_len - objlen;
+            }
+            if (!io_ch(arg, sep_eq, sep_eq_len))
+                return -1;
+            outlen += objlen + sep_eq_len;
+        }
+        /*
+         * If the field name is unknown then fix up the DER dump flag. We
+         * might want to limit this further so it will DER dump on anything
+         * other than a few 'standard' fields.
+         */
+        if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
+            orflags = ASN1_STRFLGS_DUMP_ALL;
+        else
+            orflags = 0;
+
+        len = do_print_ex(io_ch, arg, flags | orflags, val);
+        if (len < 0)
+            return -1;
+        outlen += len;
+    }
+    return outlen;
 }
 
 /* Wrappers round the main functions */
 
-int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags)
+int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
+                       unsigned long flags)
 {
-	if(flags == XN_FLAG_COMPAT)
-		return X509_NAME_print(out, nm, indent);
-	return do_name_ex(send_bio_chars, out, nm, indent, flags);
+    if (flags == XN_FLAG_COMPAT)
+        return X509_NAME_print(out, nm, indent);
+    return do_name_ex(send_bio_chars, out, nm, indent, flags);
 }
 
 #ifndef OPENSSL_NO_FP_API
-int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags)
+int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
+                          unsigned long flags)
 {
-	if(flags == XN_FLAG_COMPAT)
-		{
-		BIO *btmp;
-		int ret;
-		btmp = BIO_new_fp(fp, BIO_NOCLOSE);
-		if(!btmp) return -1;
-		ret = X509_NAME_print(btmp, nm, indent);
-		BIO_free(btmp);
-		return ret;
-		}
-	return do_name_ex(send_fp_chars, fp, nm, indent, flags);
+    if (flags == XN_FLAG_COMPAT) {
+        BIO *btmp;
+        int ret;
+        btmp = BIO_new_fp(fp, BIO_NOCLOSE);
+        if (!btmp)
+            return -1;
+        ret = X509_NAME_print(btmp, nm, indent);
+        BIO_free(btmp);
+        return ret;
+    }
+    return do_name_ex(send_fp_chars, fp, nm, indent, flags);
 }
 #endif
 
 int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
 {
-	return do_print_ex(send_bio_chars, out, flags, str);
+    return do_print_ex(send_bio_chars, out, flags, str);
 }
 
 #ifndef OPENSSL_NO_FP_API
 int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
 {
-	return do_print_ex(send_fp_chars, fp, flags, str);
+    return do_print_ex(send_fp_chars, fp, flags, str);
 }
 #endif
 
-/* Utility function: convert any string type to UTF8, returns number of bytes
+/*
+ * Utility function: convert any string type to UTF8, returns number of bytes
  * in output string or a negative error code
  */
 
 int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
 {
-	ASN1_STRING stmp, *str = &stmp;
-	int mbflag, type, ret;
-	if(!in) return -1;
-	type = in->type;
-	if((type < 0) || (type > 30)) return -1;
-	mbflag = tag2nbyte[type];
-	if(mbflag == -1) return -1;
-	mbflag |= MBSTRING_FLAG;
-	stmp.data = NULL;
-	stmp.length = 0;
-	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
-	if(ret < 0) return ret;
-	*out = stmp.data;
-	return stmp.length;
+    ASN1_STRING stmp, *str = &stmp;
+    int mbflag, type, ret;
+    if (!in)
+        return -1;
+    type = in->type;
+    if ((type < 0) || (type > 30))
+        return -1;
+    mbflag = tag2nbyte[type];
+    if (mbflag == -1)
+        return -1;
+    mbflag |= MBSTRING_FLAG;
+    stmp.data = NULL;
+    stmp.length = 0;
+    ret =
+        ASN1_mbstring_copy(&str, in->data, in->length, mbflag,
+                           B_ASN1_UTF8STRING);
+    if (ret < 0)
+        return ret;
+    *out = stmp.data;
+    return stmp.length;
 }
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c
index 9b7d6881..1796fba9 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_strnid.c
@@ -1,6 +1,7 @@
 /* a_strnid.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,32 +63,32 @@
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
 
-
 static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
 static void st_free(ASN1_STRING_TABLE *tbl);
-static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
-			const ASN1_STRING_TABLE * const *b);
+static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
+                        const ASN1_STRING_TABLE *const *b);
 static int table_cmp(const void *a, const void *b);
 
-
-/* This is the global mask for the mbstring functions: this is use to
- * mask out certain types (such as BMPString and UTF8String) because
- * certain software (e.g. Netscape) has problems with them.
+/*
+ * This is the global mask for the mbstring functions: this is use to mask
+ * out certain types (such as BMPString and UTF8String) because certain
+ * software (e.g. Netscape) has problems with them.
  */
 
 static unsigned long global_mask = B_ASN1_UTF8STRING;
 
 void ASN1_STRING_set_default_mask(unsigned long mask)
 {
-	global_mask = mask;
+    global_mask = mask;
 }
 
 unsigned long ASN1_STRING_get_default_mask(void)
 {
-	return global_mask;
+    return global_mask;
 }
 
-/* This function sets the default to various "flavours" of configuration.
+/*-
+ * This function sets the default to various "flavours" of configuration.
  * based on an ASCII string. Currently this is:
  * MASK:XXXX : a numerical mask value.
  * nobmp : Don't use BMPStrings (just Printable, T61).
@@ -98,159 +99,185 @@ unsigned long ASN1_STRING_get_default_mask(void)
 
 int ASN1_STRING_set_default_mask_asc(const char *p)
 {
-	unsigned long mask;
-	char *end;
-	if(!strncmp(p, "MASK:", 5)) {
-		if(!p[5]) return 0;
-		mask = strtoul(p + 5, &end, 0);
-		if(*end) return 0;
-	} else if(!strcmp(p, "nombstr"))
-			 mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
-	else if(!strcmp(p, "pkix"))
-			mask = ~((unsigned long)B_ASN1_T61STRING);
-	else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
-	else if(!strcmp(p, "default"))
-	    mask = 0xFFFFFFFFL;
-	else return 0;
-	ASN1_STRING_set_default_mask(mask);
-	return 1;
+    unsigned long mask;
+    char *end;
+    if (!strncmp(p, "MASK:", 5)) {
+        if (!p[5])
+            return 0;
+        mask = strtoul(p + 5, &end, 0);
+        if (*end)
+            return 0;
+    } else if (!strcmp(p, "nombstr"))
+        mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING));
+    else if (!strcmp(p, "pkix"))
+        mask = ~((unsigned long)B_ASN1_T61STRING);
+    else if (!strcmp(p, "utf8only"))
+        mask = B_ASN1_UTF8STRING;
+    else if (!strcmp(p, "default"))
+        mask = 0xFFFFFFFFL;
+    else
+        return 0;
+    ASN1_STRING_set_default_mask(mask);
+    return 1;
 }
 
-/* The following function generates an ASN1_STRING based on limits in a table.
- * Frequently the types and length of an ASN1_STRING are restricted by a 
- * corresponding OID. For example certificates and certificate requests.
+/*
+ * The following function generates an ASN1_STRING based on limits in a
+ * table. Frequently the types and length of an ASN1_STRING are restricted by
+ * a corresponding OID. For example certificates and certificate requests.
  */
 
-ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
-					int inlen, int inform, int nid)
+ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
+                                    const unsigned char *in, int inlen,
+                                    int inform, int nid)
 {
-	ASN1_STRING_TABLE *tbl;
-	ASN1_STRING *str = NULL;
-	unsigned long mask;
-	int ret;
-	if(!out) out = &str;
-	tbl = ASN1_STRING_TABLE_get(nid);
-	if(tbl) {
-		mask = tbl->mask;
-		if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask;
-		ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
-					tbl->minsize, tbl->maxsize);
-	} else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask);
-	if(ret <= 0) return NULL;
-	return *out;
+    ASN1_STRING_TABLE *tbl;
+    ASN1_STRING *str = NULL;
+    unsigned long mask;
+    int ret;
+    if (!out)
+        out = &str;
+    tbl = ASN1_STRING_TABLE_get(nid);
+    if (tbl) {
+        mask = tbl->mask;
+        if (!(tbl->flags & STABLE_NO_MASK))
+            mask &= global_mask;
+        ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
+                                  tbl->minsize, tbl->maxsize);
+    } else
+        ret =
+            ASN1_mbstring_copy(out, in, inlen, inform,
+                               DIRSTRING_TYPE & global_mask);
+    if (ret <= 0)
+        return NULL;
+    return *out;
 }
 
-/* Now the tables and helper functions for the string table:
+/*
+ * Now the tables and helper functions for the string table:
  */
 
 /* size limits: this stuff is taken straight from RFC3280 */
 
-#define ub_name				32768
-#define ub_common_name			64
-#define ub_locality_name		128
-#define ub_state_name			128
-#define ub_organization_name		64
-#define ub_organization_unit_name	64
-#define ub_title			64
-#define ub_email_address		128
-#define ub_serial_number		64
-
+#define ub_name                         32768
+#define ub_common_name                  64
+#define ub_locality_name                128
+#define ub_state_name                   128
+#define ub_organization_name            64
+#define ub_organization_unit_name       64
+#define ub_title                        64
+#define ub_email_address                128
+#define ub_serial_number                64
 
 /* This table must be kept in NID order */
 
 static ASN1_STRING_TABLE tbl_standard[] = {
-{NID_commonName,		1, ub_common_name, DIRSTRING_TYPE, 0},
-{NID_countryName,		2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-{NID_localityName,		1, ub_locality_name, DIRSTRING_TYPE, 0},
-{NID_stateOrProvinceName,	1, ub_state_name, DIRSTRING_TYPE, 0},
-{NID_organizationName,		1, ub_organization_name, DIRSTRING_TYPE, 0},
-{NID_organizationalUnitName,	1, ub_organization_unit_name, DIRSTRING_TYPE, 0},
-{NID_pkcs9_emailAddress,	1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK},
-{NID_pkcs9_unstructuredName,	1, -1, PKCS9STRING_TYPE, 0},
-{NID_pkcs9_challengePassword,	1, -1, PKCS9STRING_TYPE, 0},
-{NID_pkcs9_unstructuredAddress,	1, -1, DIRSTRING_TYPE, 0},
-{NID_givenName,			1, ub_name, DIRSTRING_TYPE, 0},
-{NID_surname,			1, ub_name, DIRSTRING_TYPE, 0},
-{NID_initials,			1, ub_name, DIRSTRING_TYPE, 0},
-{NID_serialNumber,		1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-{NID_friendlyName,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
-{NID_name,			1, ub_name, DIRSTRING_TYPE, 0},
-{NID_dnQualifier,		-1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
-{NID_domainComponent,		1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
-{NID_ms_csp_name,		-1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
+    {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
+    {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
+    {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
+    {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
+    {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE,
+     0},
+    {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING,
+     STABLE_NO_MASK},
+    {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
+    {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
+    {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
+    {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING,
+     STABLE_NO_MASK},
+    {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
+    {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
+    {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
+    {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
+    {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
 };
 
-static int sk_table_cmp(const ASN1_STRING_TABLE * const *a,
-			const ASN1_STRING_TABLE * const *b)
+static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
+                        const ASN1_STRING_TABLE *const *b)
 {
-	return (*a)->nid - (*b)->nid;
+    return (*a)->nid - (*b)->nid;
 }
 
 static int table_cmp(const void *a, const void *b)
 {
-	const ASN1_STRING_TABLE *sa = a, *sb = b;
-	return sa->nid - sb->nid;
+    const ASN1_STRING_TABLE *sa = a, *sb = b;
+    return sa->nid - sb->nid;
 }
 
 ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
 {
-	int idx;
-	ASN1_STRING_TABLE *ttmp;
-	ASN1_STRING_TABLE fnd;
-	fnd.nid = nid;
-	ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd,
-					(char *)tbl_standard, 
-			sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE),
-			sizeof(ASN1_STRING_TABLE), table_cmp);
-	if(ttmp) return ttmp;
-	if(!stable) return NULL;
-	idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
-	if(idx < 0) return NULL;
-	return sk_ASN1_STRING_TABLE_value(stable, idx);
+    int idx;
+    ASN1_STRING_TABLE *ttmp;
+    ASN1_STRING_TABLE fnd;
+    fnd.nid = nid;
+    ttmp = (ASN1_STRING_TABLE *)OBJ_bsearch((char *)&fnd,
+                                            (char *)tbl_standard,
+                                            sizeof(tbl_standard) /
+                                            sizeof(ASN1_STRING_TABLE),
+                                            sizeof(ASN1_STRING_TABLE),
+                                            table_cmp);
+    if (ttmp)
+        return ttmp;
+    if (!stable)
+        return NULL;
+    idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
+    if (idx < 0)
+        return NULL;
+    return sk_ASN1_STRING_TABLE_value(stable, idx);
 }
-	
+
 int ASN1_STRING_TABLE_add(int nid,
-		 long minsize, long maxsize, unsigned long mask,
-				unsigned long flags)
+                          long minsize, long maxsize, unsigned long mask,
+                          unsigned long flags)
 {
-	ASN1_STRING_TABLE *tmp;
-	char new_nid = 0;
-	flags &= ~STABLE_FLAGS_MALLOC;
-	if(!stable) stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
-	if(!stable) {
-		ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	if(!(tmp = ASN1_STRING_TABLE_get(nid))) {
-		tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
-		if(!tmp) {
-			ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD,
-							ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		tmp->flags = flags | STABLE_FLAGS_MALLOC;
-		tmp->nid = nid;
-		new_nid = 1;
-	} else tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
-	if(minsize != -1) tmp->minsize = minsize;
-	if(maxsize != -1) tmp->maxsize = maxsize;
-	tmp->mask = mask;
-	if(new_nid) sk_ASN1_STRING_TABLE_push(stable, tmp);
-	return 1;
+    ASN1_STRING_TABLE *tmp;
+    char new_nid = 0;
+    flags &= ~STABLE_FLAGS_MALLOC;
+    if (!stable)
+        stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
+    if (!stable) {
+        ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!(tmp = ASN1_STRING_TABLE_get(nid))) {
+        tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
+        if (!tmp) {
+            ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        tmp->flags = flags | STABLE_FLAGS_MALLOC;
+        tmp->nid = nid;
+        new_nid = 1;
+    } else
+        tmp->flags = (tmp->flags & STABLE_FLAGS_MALLOC) | flags;
+    if (minsize != -1)
+        tmp->minsize = minsize;
+    if (maxsize != -1)
+        tmp->maxsize = maxsize;
+    tmp->mask = mask;
+    if (new_nid)
+        sk_ASN1_STRING_TABLE_push(stable, tmp);
+    return 1;
 }
 
 void ASN1_STRING_TABLE_cleanup(void)
 {
-	STACK_OF(ASN1_STRING_TABLE) *tmp;
-	tmp = stable;
-	if(!tmp) return;
-	stable = NULL;
-	sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
+    STACK_OF(ASN1_STRING_TABLE) *tmp;
+    tmp = stable;
+    if (!tmp)
+        return;
+    stable = NULL;
+    sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
 }
 
 static void st_free(ASN1_STRING_TABLE *tbl)
 {
-	if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl);
+    if (tbl->flags & STABLE_FLAGS_MALLOC)
+        OPENSSL_free(tbl);
 }
 
 
@@ -260,30 +287,27 @@ IMPLEMENT_STACK_OF(ASN1_STRING_TABLE)
 
 main()
 {
-	ASN1_STRING_TABLE *tmp;
-	int i, last_nid = -1;
-
-	for (tmp = tbl_standard, i = 0;
-		i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
-		{
-			if (tmp->nid < last_nid)
-				{
-				last_nid = 0;
-				break;
-				}
-			last_nid = tmp->nid;
-		}
-
-	if (last_nid != 0)
-		{
-		printf("Table order OK\n");
-		exit(0);
-		}
-
-	for (tmp = tbl_standard, i = 0;
-		i < sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE); i++, tmp++)
-			printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
-							OBJ_nid2ln(tmp->nid));
+    ASN1_STRING_TABLE *tmp;
+    int i, last_nid = -1;
+
+    for (tmp = tbl_standard, i = 0;
+         i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++) {
+        if (tmp->nid < last_nid) {
+            last_nid = 0;
+            break;
+        }
+        last_nid = tmp->nid;
+    }
+
+    if (last_nid != 0) {
+        printf("Table order OK\n");
+        exit(0);
+    }
+
+    for (tmp = tbl_standard, i = 0;
+         i < sizeof(tbl_standard) / sizeof(ASN1_STRING_TABLE); i++, tmp++)
+        printf("Index %d, NID %d, Name=%s\n", i, tmp->nid,
+               OBJ_nid2ln(tmp->nid));
 
 }
 
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_time.c b/Cryptlib/OpenSSL/crypto/asn1/a_time.c
index 159681fb..34ac7202 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_time.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_time.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,8 +53,8 @@
  *
  */
 
-
-/* This is an implementation of the ASN1 Time structure which is:
+/*-
+ * This is an implementation of the ASN1 Time structure which is:
  *    Time ::= CHOICE {
  *      utcTime        UTCTime,
  *      generalTime    GeneralizedTime }
@@ -73,92 +73,94 @@ IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME)
 
 #if 0
 int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp)
-	{
-#ifdef CHARSET_EBCDIC
-	/* KLUDGE! We convert to ascii before writing DER */
-	char tmp[24];
-	ASN1_STRING tmpstr;
-
-	if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
-	    int len;
-
-	    tmpstr = *(ASN1_STRING *)a;
-	    len = tmpstr.length;
-	    ebcdic2ascii(tmp, tmpstr.data, (len >= sizeof tmp) ? sizeof tmp : len);
-	    tmpstr.data = tmp;
-	    a = (ASN1_GENERALIZEDTIME *) &tmpstr;
-	}
-#endif
-	if(a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
-				return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
-				     a->type ,V_ASN1_UNIVERSAL));
-	ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME);
-	return -1;
-	}
+{
+# ifdef CHARSET_EBCDIC
+    /* KLUDGE! We convert to ascii before writing DER */
+    char tmp[24];
+    ASN1_STRING tmpstr;
+
+    if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME) {
+        int len;
+
+        tmpstr = *(ASN1_STRING *)a;
+        len = tmpstr.length;
+        ebcdic2ascii(tmp, tmpstr.data,
+                     (len >= sizeof tmp) ? sizeof tmp : len);
+        tmpstr.data = tmp;
+        a = (ASN1_GENERALIZEDTIME *)&tmpstr;
+    }
+# endif
+    if (a->type == V_ASN1_UTCTIME || a->type == V_ASN1_GENERALIZEDTIME)
+        return (i2d_ASN1_bytes((ASN1_STRING *)a, pp,
+                               a->type, V_ASN1_UNIVERSAL));
+    ASN1err(ASN1_F_I2D_ASN1_TIME, ASN1_R_EXPECTING_A_TIME);
+    return -1;
+}
 #endif
 
-
 ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
-	{
-	struct tm *ts;
-	struct tm data;
-
-	ts=OPENSSL_gmtime(&t,&data);
-	if (ts == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
-		return NULL;
-		}
-	if((ts->tm_year >= 50) && (ts->tm_year < 150))
-					return ASN1_UTCTIME_set(s, t);
-	return ASN1_GENERALIZEDTIME_set(s,t);
-	}
+{
+    struct tm *ts;
+    struct tm data;
+
+    ts = OPENSSL_gmtime(&t, &data);
+    if (ts == NULL) {
+        ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
+        return NULL;
+    }
+    if ((ts->tm_year >= 50) && (ts->tm_year < 150))
+        return ASN1_UTCTIME_set(s, t);
+    return ASN1_GENERALIZEDTIME_set(s, t);
+}
 
 int ASN1_TIME_check(ASN1_TIME *t)
-	{
-	if (t->type == V_ASN1_GENERALIZEDTIME)
-		return ASN1_GENERALIZEDTIME_check(t);
-	else if (t->type == V_ASN1_UTCTIME)
-		return ASN1_UTCTIME_check(t);
-	return 0;
-	}
+{
+    if (t->type == V_ASN1_GENERALIZEDTIME)
+        return ASN1_GENERALIZEDTIME_check(t);
+    else if (t->type == V_ASN1_UTCTIME)
+        return ASN1_UTCTIME_check(t);
+    return 0;
+}
 
 /* Convert an ASN1_TIME structure to GeneralizedTime */
-ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
-	{
-	ASN1_GENERALIZEDTIME *ret;
-	char *str;
-	int newlen;
-
-	if (!ASN1_TIME_check(t)) return NULL;
-
-	if (!out || !*out)
-		{
-		if (!(ret = ASN1_GENERALIZEDTIME_new ()))
-			return NULL;
-		if (out) *out = ret;
-		}
-	else ret = *out;
-
-	/* If already GeneralizedTime just copy across */
-	if (t->type == V_ASN1_GENERALIZEDTIME)
-		{
-		if(!ASN1_STRING_set(ret, t->data, t->length))
-			return NULL;
-		return ret;
-		}
-
-	/* grow the string */
-	if (!ASN1_STRING_set(ret, NULL, t->length + 2))
-		return NULL;
-	/* ASN1_STRING_set() allocated 'len + 1' bytes. */
-	newlen = t->length + 2 + 1;
-	str = (char *)ret->data;
-	/* Work out the century and prepend */
-	if (t->data[0] >= '5') BUF_strlcpy(str, "19", newlen);
-	else BUF_strlcpy(str, "20", newlen);
-
-	BUF_strlcat(str, (char *)t->data, newlen);
-
-	return ret;
-	}
+ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t,
+                                                   ASN1_GENERALIZEDTIME **out)
+{
+    ASN1_GENERALIZEDTIME *ret;
+    char *str;
+    int newlen;
+
+    if (!ASN1_TIME_check(t))
+        return NULL;
+
+    if (!out || !*out) {
+        if (!(ret = ASN1_GENERALIZEDTIME_new()))
+            return NULL;
+        if (out)
+            *out = ret;
+    } else
+        ret = *out;
+
+    /* If already GeneralizedTime just copy across */
+    if (t->type == V_ASN1_GENERALIZEDTIME) {
+        if (!ASN1_STRING_set(ret, t->data, t->length))
+            return NULL;
+        return ret;
+    }
+
+    /* grow the string */
+    if (!ASN1_STRING_set(ret, NULL, t->length + 2))
+        return NULL;
+    /* ASN1_STRING_set() allocated 'len + 1' bytes. */
+    newlen = t->length + 2 + 1;
+    str = (char *)ret->data;
+    /* Work out the century and prepend */
+    if (t->data[0] >= '5')
+        BUF_strlcpy(str, "19", newlen);
+    else
+        BUF_strlcpy(str, "20", newlen);
+
+    BUF_strlcat(str, (char *)t->data, newlen);
+
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_type.c b/Cryptlib/OpenSSL/crypto/asn1/a_type.c
index 36beceac..69a5cf6f 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_type.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_type.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,49 +62,93 @@
 #include <openssl/objects.h>
 
 int ASN1_TYPE_get(ASN1_TYPE *a)
-	{
-	if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
-		return(a->type);
-	else
-		return(0);
-	}
+{
+    if ((a->value.ptr != NULL) || (a->type == V_ASN1_NULL))
+        return (a->type);
+    else
+        return (0);
+}
 
 void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
-	{
-	if (a->value.ptr != NULL)
-		{
-		ASN1_TYPE **tmp_a = &a;
-		ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
-		}
-	a->type=type;
-	a->value.ptr=value;
-	}
+{
+    if (a->value.ptr != NULL) {
+        ASN1_TYPE **tmp_a = &a;
+        ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
+    }
+    a->type = type;
+    a->value.ptr = value;
+}
 
 int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
-	{
-	if (!value || (type == V_ASN1_BOOLEAN))
-		{
-		void *p = (void *)value;
-		ASN1_TYPE_set(a, type, p);
-		}
-	else if (type == V_ASN1_OBJECT)
-		{
-		ASN1_OBJECT *odup;
-		odup = OBJ_dup(value);
-		if (!odup)
-			return 0;
-		ASN1_TYPE_set(a, type, odup);
-		}
-	else
-		{
-		ASN1_STRING *sdup;
-		sdup = ASN1_STRING_dup((ASN1_STRING *)value);
-		if (!sdup)
-			return 0;
-		ASN1_TYPE_set(a, type, sdup);
-		}
-	return 1;
-	}
+{
+    if (!value || (type == V_ASN1_BOOLEAN)) {
+        void *p = (void *)value;
+        ASN1_TYPE_set(a, type, p);
+    } else if (type == V_ASN1_OBJECT) {
+        ASN1_OBJECT *odup;
+        odup = OBJ_dup(value);
+        if (!odup)
+            return 0;
+        ASN1_TYPE_set(a, type, odup);
+    } else {
+        ASN1_STRING *sdup;
+        sdup = ASN1_STRING_dup((ASN1_STRING *)value);
+        if (!sdup)
+            return 0;
+        ASN1_TYPE_set(a, type, sdup);
+    }
+    return 1;
+}
 
 IMPLEMENT_STACK_OF(ASN1_TYPE)
+
 IMPLEMENT_ASN1_SET_OF(ASN1_TYPE)
+
+/* Returns 0 if they are equal, != 0 otherwise. */
+int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
+{
+    int result = -1;
+
+    if (!a || !b || a->type != b->type)
+        return -1;
+
+    switch (a->type) {
+    case V_ASN1_OBJECT:
+        result = OBJ_cmp(a->value.object, b->value.object);
+        break;
+    case V_ASN1_BOOLEAN:
+        result = a->value.boolean - b->value.boolean;
+        break;
+    case V_ASN1_NULL:
+        result = 0;             /* They do not have content. */
+        break;
+    case V_ASN1_INTEGER:
+    case V_ASN1_NEG_INTEGER:
+    case V_ASN1_ENUMERATED:
+    case V_ASN1_NEG_ENUMERATED:
+    case V_ASN1_BIT_STRING:
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_SEQUENCE:
+    case V_ASN1_SET:
+    case V_ASN1_NUMERICSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_VIDEOTEXSTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+    case V_ASN1_GRAPHICSTRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_OTHER:
+    default:
+        result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr,
+                                 (ASN1_STRING *)b->value.ptr);
+        break;
+    }
+
+    return result;
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c
index d31c0281..2aabc675 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_utctm.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,240 +64,241 @@
 
 #if 0
 int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **pp)
-	{
-#ifndef CHARSET_EBCDIC
-	return(i2d_ASN1_bytes((ASN1_STRING *)a,pp,
-		V_ASN1_UTCTIME,V_ASN1_UNIVERSAL));
-#else
-	/* KLUDGE! We convert to ascii before writing DER */
-	int len;
-	char tmp[24];
-	ASN1_STRING x = *(ASN1_STRING *)a;
-
-	len = x.length;
-	ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
-	x.data = tmp;
-	return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
-#endif
-	}
-
+{
+# ifndef CHARSET_EBCDIC
+    return (i2d_ASN1_bytes((ASN1_STRING *)a, pp,
+                           V_ASN1_UTCTIME, V_ASN1_UNIVERSAL));
+# else
+    /* KLUDGE! We convert to ascii before writing DER */
+    int len;
+    char tmp[24];
+    ASN1_STRING x = *(ASN1_STRING *)a;
+
+    len = x.length;
+    ebcdic2ascii(tmp, x.data, (len >= sizeof tmp) ? sizeof tmp : len);
+    x.data = tmp;
+    return i2d_ASN1_bytes(&x, pp, V_ASN1_UTCTIME, V_ASN1_UNIVERSAL);
+# endif
+}
 
 ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, unsigned char **pp,
-	     long length)
-	{
-	ASN1_UTCTIME *ret=NULL;
-
-	ret=(ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a,pp,length,
-		V_ASN1_UTCTIME,V_ASN1_UNIVERSAL);
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ERR_R_NESTED_ASN1_ERROR);
-		return(NULL);
-		}
-#ifdef CHARSET_EBCDIC
-	ascii2ebcdic(ret->data, ret->data, ret->length);
-#endif
-	if (!ASN1_UTCTIME_check(ret))
-		{
-		ASN1err(ASN1_F_D2I_ASN1_UTCTIME,ASN1_R_INVALID_TIME_FORMAT);
-		goto err;
-		}
-
-	return(ret);
-err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
-		M_ASN1_UTCTIME_free(ret);
-	return(NULL);
-	}
+                               long length)
+{
+    ASN1_UTCTIME *ret = NULL;
+
+    ret = (ASN1_UTCTIME *)d2i_ASN1_bytes((ASN1_STRING **)a, pp, length,
+                                         V_ASN1_UTCTIME, V_ASN1_UNIVERSAL);
+    if (ret == NULL) {
+        ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ERR_R_NESTED_ASN1_ERROR);
+        return (NULL);
+    }
+# ifdef CHARSET_EBCDIC
+    ascii2ebcdic(ret->data, ret->data, ret->length);
+# endif
+    if (!ASN1_UTCTIME_check(ret)) {
+        ASN1err(ASN1_F_D2I_ASN1_UTCTIME, ASN1_R_INVALID_TIME_FORMAT);
+        goto err;
+    }
+
+    return (ret);
+ err:
+    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+        M_ASN1_UTCTIME_free(ret);
+    return (NULL);
+}
 
 #endif
 
 int ASN1_UTCTIME_check(ASN1_UTCTIME *d)
-	{
-	static int min[8]={ 0, 1, 1, 0, 0, 0, 0, 0};
-	static int max[8]={99,12,31,23,59,59,12,59};
-	char *a;
-	int n,i,l,o;
-
-	if (d->type != V_ASN1_UTCTIME) return(0);
-	l=d->length;
-	a=(char *)d->data;
-	o=0;
-
-	if (l < 11) goto err;
-	for (i=0; i<6; i++)
-		{
-		if ((i == 5) && ((a[o] == 'Z') ||
-			(a[o] == '+') || (a[o] == '-')))
-			{ i++; break; }
-		if ((a[o] < '0') || (a[o] > '9')) goto err;
-		n= a[o]-'0';
-		if (++o > l) goto err;
-
-		if ((a[o] < '0') || (a[o] > '9')) goto err;
-		n=(n*10)+ a[o]-'0';
-		if (++o > l) goto err;
-
-		if ((n < min[i]) || (n > max[i])) goto err;
-		}
-	if (a[o] == 'Z')
-		o++;
-	else if ((a[o] == '+') || (a[o] == '-'))
-		{
-		o++;
-		if (o+4 > l) goto err;
-		for (i=6; i<8; i++)
-			{
-			if ((a[o] < '0') || (a[o] > '9')) goto err;
-			n= a[o]-'0';
-			o++;
-			if ((a[o] < '0') || (a[o] > '9')) goto err;
-			n=(n*10)+ a[o]-'0';
-			if ((n < min[i]) || (n > max[i])) goto err;
-			o++;
-			}
-		}
-	return(o == l);
-err:
-	return(0);
-	}
+{
+    static int min[8] = { 0, 1, 1, 0, 0, 0, 0, 0 };
+    static int max[8] = { 99, 12, 31, 23, 59, 59, 12, 59 };
+    char *a;
+    int n, i, l, o;
+
+    if (d->type != V_ASN1_UTCTIME)
+        return (0);
+    l = d->length;
+    a = (char *)d->data;
+    o = 0;
+
+    if (l < 11)
+        goto err;
+    for (i = 0; i < 6; i++) {
+        if ((i == 5) && ((a[o] == 'Z') || (a[o] == '+') || (a[o] == '-'))) {
+            i++;
+            break;
+        }
+        if ((a[o] < '0') || (a[o] > '9'))
+            goto err;
+        n = a[o] - '0';
+        if (++o > l)
+            goto err;
+
+        if ((a[o] < '0') || (a[o] > '9'))
+            goto err;
+        n = (n * 10) + a[o] - '0';
+        if (++o > l)
+            goto err;
+
+        if ((n < min[i]) || (n > max[i]))
+            goto err;
+    }
+    if (a[o] == 'Z')
+        o++;
+    else if ((a[o] == '+') || (a[o] == '-')) {
+        o++;
+        if (o + 4 > l)
+            goto err;
+        for (i = 6; i < 8; i++) {
+            if ((a[o] < '0') || (a[o] > '9'))
+                goto err;
+            n = a[o] - '0';
+            o++;
+            if ((a[o] < '0') || (a[o] > '9'))
+                goto err;
+            n = (n * 10) + a[o] - '0';
+            if ((n < min[i]) || (n > max[i]))
+                goto err;
+            o++;
+        }
+    }
+    return (o == l);
+ err:
+    return (0);
+}
 
 int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
-	{
-	ASN1_UTCTIME t;
-
-	t.type=V_ASN1_UTCTIME;
-	t.length=strlen(str);
-	t.data=(unsigned char *)str;
-	if (ASN1_UTCTIME_check(&t))
-		{
-		if (s != NULL)
-			{
-			if (!ASN1_STRING_set((ASN1_STRING *)s,
-				(unsigned char *)str,t.length))
-				return 0;
-			s->type = V_ASN1_UTCTIME;
-			}
-		return(1);
-		}
-	else
-		return(0);
-	}
+{
+    ASN1_UTCTIME t;
+
+    t.type = V_ASN1_UTCTIME;
+    t.length = strlen(str);
+    t.data = (unsigned char *)str;
+    if (ASN1_UTCTIME_check(&t)) {
+        if (s != NULL) {
+            if (!ASN1_STRING_set((ASN1_STRING *)s,
+                                 (unsigned char *)str, t.length))
+                return 0;
+            s->type = V_ASN1_UTCTIME;
+        }
+        return (1);
+    } else
+        return (0);
+}
 
 ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
-	{
-	char *p;
-	struct tm *ts;
-	struct tm data;
-	size_t len = 20;
-
-	if (s == NULL)
-		s=M_ASN1_UTCTIME_new();
-	if (s == NULL)
-		return(NULL);
-
-	ts=OPENSSL_gmtime(&t, &data);
-	if (ts == NULL)
-		return(NULL);
-
-	p=(char *)s->data;
-	if ((p == NULL) || ((size_t)s->length < len))
-		{
-		p=OPENSSL_malloc(len);
-		if (p == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_UTCTIME_SET,ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		if (s->data != NULL)
-			OPENSSL_free(s->data);
-		s->data=(unsigned char *)p;
-		}
-
-	BIO_snprintf(p,len,"%02d%02d%02d%02d%02d%02dZ",ts->tm_year%100,
-		     ts->tm_mon+1,ts->tm_mday,ts->tm_hour,ts->tm_min,ts->tm_sec);
-	s->length=strlen(p);
-	s->type=V_ASN1_UTCTIME;
+{
+    char *p;
+    struct tm *ts;
+    struct tm data;
+    size_t len = 20;
+
+    if (s == NULL)
+        s = M_ASN1_UTCTIME_new();
+    if (s == NULL)
+        return (NULL);
+
+    ts = OPENSSL_gmtime(&t, &data);
+    if (ts == NULL)
+        return (NULL);
+
+    p = (char *)s->data;
+    if ((p == NULL) || ((size_t)s->length < len)) {
+        p = OPENSSL_malloc(len);
+        if (p == NULL) {
+            ASN1err(ASN1_F_ASN1_UTCTIME_SET, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        if (s->data != NULL)
+            OPENSSL_free(s->data);
+        s->data = (unsigned char *)p;
+    }
+
+    BIO_snprintf(p, len, "%02d%02d%02d%02d%02d%02dZ", ts->tm_year % 100,
+                 ts->tm_mon + 1, ts->tm_mday, ts->tm_hour, ts->tm_min,
+                 ts->tm_sec);
+    s->length = strlen(p);
+    s->type = V_ASN1_UTCTIME;
 #ifdef CHARSET_EBCDIC_not
-	ebcdic2ascii(s->data, s->data, s->length);
+    ebcdic2ascii(s->data, s->data, s->length);
 #endif
-	return(s);
-	}
-
+    return (s);
+}
 
 int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
-	{
-	struct tm *tm;
-	struct tm data;
-	int offset;
-	int year;
+{
+    struct tm *tm;
+    struct tm data;
+    int offset;
+    int year;
 
 #define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
 
-	if (s->data[12] == 'Z')
-		offset=0;
-	else
-		{
-		offset = g2(s->data+13)*60+g2(s->data+15);
-		if (s->data[12] == '-')
-			offset = -offset;
-		}
+    if (s->data[12] == 'Z')
+        offset = 0;
+    else {
+        offset = g2(s->data + 13) * 60 + g2(s->data + 15);
+        if (s->data[12] == '-')
+            offset = -offset;
+    }
 
-	t -= offset*60; /* FIXME: may overflow in extreme cases */
+    t -= offset * 60;           /* FIXME: may overflow in extreme cases */
+
+    tm = OPENSSL_gmtime(&t, &data);
 
-	tm = OPENSSL_gmtime(&t, &data);
-	
 #define return_cmp(a,b) if ((a)<(b)) return -1; else if ((a)>(b)) return 1
-	year = g2(s->data);
-	if (year < 50)
-		year += 100;
-	return_cmp(year,              tm->tm_year);
-	return_cmp(g2(s->data+2) - 1, tm->tm_mon);
-	return_cmp(g2(s->data+4),     tm->tm_mday);
-	return_cmp(g2(s->data+6),     tm->tm_hour);
-	return_cmp(g2(s->data+8),     tm->tm_min);
-	return_cmp(g2(s->data+10),    tm->tm_sec);
+    year = g2(s->data);
+    if (year < 50)
+        year += 100;
+    return_cmp(year, tm->tm_year);
+    return_cmp(g2(s->data + 2) - 1, tm->tm_mon);
+    return_cmp(g2(s->data + 4), tm->tm_mday);
+    return_cmp(g2(s->data + 6), tm->tm_hour);
+    return_cmp(g2(s->data + 8), tm->tm_min);
+    return_cmp(g2(s->data + 10), tm->tm_sec);
 #undef g2
 #undef return_cmp
 
-	return 0;
-	}
-
+    return 0;
+}
 
 #if 0
 time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s)
-	{
-	struct tm tm;
-	int offset;
-
-	memset(&tm,'\0',sizeof tm);
-
-#define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
-	tm.tm_year=g2(s->data);
-	if(tm.tm_year < 50)
-		tm.tm_year+=100;
-	tm.tm_mon=g2(s->data+2)-1;
-	tm.tm_mday=g2(s->data+4);
-	tm.tm_hour=g2(s->data+6);
-	tm.tm_min=g2(s->data+8);
-	tm.tm_sec=g2(s->data+10);
-	if(s->data[12] == 'Z')
-		offset=0;
-	else
-		{
-		offset=g2(s->data+13)*60+g2(s->data+15);
-		if(s->data[12] == '-')
-			offset= -offset;
-		}
-#undef g2
-
-	return mktime(&tm)-offset*60; /* FIXME: mktime assumes the current timezone
-	                               * instead of UTC, and unless we rewrite OpenSSL
-				       * in Lisp we cannot locally change the timezone
-				       * without possibly interfering with other parts
-	                               * of the program. timegm, which uses UTC, is
-				       * non-standard.
-	                               * Also time_t is inappropriate for general
-	                               * UTC times because it may a 32 bit type. */
-	}
+{
+    struct tm tm;
+    int offset;
+
+    memset(&tm, '\0', sizeof tm);
+
+# define g2(p) (((p)[0]-'0')*10+(p)[1]-'0')
+    tm.tm_year = g2(s->data);
+    if (tm.tm_year < 50)
+        tm.tm_year += 100;
+    tm.tm_mon = g2(s->data + 2) - 1;
+    tm.tm_mday = g2(s->data + 4);
+    tm.tm_hour = g2(s->data + 6);
+    tm.tm_min = g2(s->data + 8);
+    tm.tm_sec = g2(s->data + 10);
+    if (s->data[12] == 'Z')
+        offset = 0;
+    else {
+        offset = g2(s->data + 13) * 60 + g2(s->data + 15);
+        if (s->data[12] == '-')
+            offset = -offset;
+    }
+# undef g2
+
+    /*
+     * FIXME: mktime assumes the current timezone
+     * instead of UTC, and unless we rewrite OpenSSL
+     * in Lisp we cannot locally change the timezone
+     * without possibly interfering with other parts
+     * of the program. timegm, which uses UTC, is
+     * non-standard.
+     * Also time_t is inappropriate for general
+     * UTC times because it may a 32 bit type.
+     */
+    return mktime(&tm) - offset * 60;
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c b/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c
index 508e11e5..23dc2e82 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_utf8.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,10 +60,10 @@
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 
-
 /* UTF8 utilities */
 
-/* This parses a UTF8 string one character at a time. It is passed a pointer
+/*-
+ * This parses a UTF8 string one character at a time. It is passed a pointer
  * to the string and the length of the string. It sets 'value' to the value of
  * the current character. It returns the number of characters read or a
  * negative error code:
@@ -75,137 +75,163 @@
 
 int UTF8_getc(const unsigned char *str, int len, unsigned long *val)
 {
-	const unsigned char *p;
-	unsigned long value;
-	int ret;
-	if(len <= 0) return 0;
-	p = str;
+    const unsigned char *p;
+    unsigned long value;
+    int ret;
+    if (len <= 0)
+        return 0;
+    p = str;
 
-	/* Check syntax and work out the encoded value (if correct) */
-	if((*p & 0x80) == 0) {
-		value = *p++ & 0x7f;
-		ret = 1;
-	} else if((*p & 0xe0) == 0xc0) {
-		if(len < 2) return -1;
-		if((p[1] & 0xc0) != 0x80) return -3;
-		value = (*p++ & 0x1f) << 6;
-		value |= *p++ & 0x3f;
-		if(value < 0x80) return -4;
-		ret = 2;
-	} else if((*p & 0xf0) == 0xe0) {
-		if(len < 3) return -1;
-		if( ((p[1] & 0xc0) != 0x80)
-		   || ((p[2] & 0xc0) != 0x80) ) return -3;
-		value = (*p++ & 0xf) << 12;
-		value |= (*p++ & 0x3f) << 6;
-		value |= *p++ & 0x3f;
-		if(value < 0x800) return -4;
-		ret = 3;
-	} else if((*p & 0xf8) == 0xf0) {
-		if(len < 4) return -1;
-		if( ((p[1] & 0xc0) != 0x80)
-		   || ((p[2] & 0xc0) != 0x80) 
-		   || ((p[3] & 0xc0) != 0x80) ) return -3;
-		value = ((unsigned long)(*p++ & 0x7)) << 18;
-		value |= (*p++ & 0x3f) << 12;
-		value |= (*p++ & 0x3f) << 6;
-		value |= *p++ & 0x3f;
-		if(value < 0x10000) return -4;
-		ret = 4;
-	} else if((*p & 0xfc) == 0xf8) {
-		if(len < 5) return -1;
-		if( ((p[1] & 0xc0) != 0x80)
-		   || ((p[2] & 0xc0) != 0x80) 
-		   || ((p[3] & 0xc0) != 0x80) 
-		   || ((p[4] & 0xc0) != 0x80) ) return -3;
-		value = ((unsigned long)(*p++ & 0x3)) << 24;
-		value |= ((unsigned long)(*p++ & 0x3f)) << 18;
-		value |= ((unsigned long)(*p++ & 0x3f)) << 12;
-		value |= (*p++ & 0x3f) << 6;
-		value |= *p++ & 0x3f;
-		if(value < 0x200000) return -4;
-		ret = 5;
-	} else if((*p & 0xfe) == 0xfc) {
-		if(len < 6) return -1;
-		if( ((p[1] & 0xc0) != 0x80)
-		   || ((p[2] & 0xc0) != 0x80) 
-		   || ((p[3] & 0xc0) != 0x80) 
-		   || ((p[4] & 0xc0) != 0x80) 
-		   || ((p[5] & 0xc0) != 0x80) ) return -3;
-		value = ((unsigned long)(*p++ & 0x1)) << 30;
-		value |= ((unsigned long)(*p++ & 0x3f)) << 24;
-		value |= ((unsigned long)(*p++ & 0x3f)) << 18;
-		value |= ((unsigned long)(*p++ & 0x3f)) << 12;
-		value |= (*p++ & 0x3f) << 6;
-		value |= *p++ & 0x3f;
-		if(value < 0x4000000) return -4;
-		ret = 6;
-	} else return -2;
-	*val = value;
-	return ret;
+    /* Check syntax and work out the encoded value (if correct) */
+    if ((*p & 0x80) == 0) {
+        value = *p++ & 0x7f;
+        ret = 1;
+    } else if ((*p & 0xe0) == 0xc0) {
+        if (len < 2)
+            return -1;
+        if ((p[1] & 0xc0) != 0x80)
+            return -3;
+        value = (*p++ & 0x1f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x80)
+            return -4;
+        ret = 2;
+    } else if ((*p & 0xf0) == 0xe0) {
+        if (len < 3)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80))
+            return -3;
+        value = (*p++ & 0xf) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x800)
+            return -4;
+        ret = 3;
+    } else if ((*p & 0xf8) == 0xf0) {
+        if (len < 4)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80)
+            || ((p[3] & 0xc0) != 0x80))
+            return -3;
+        value = ((unsigned long)(*p++ & 0x7)) << 18;
+        value |= (*p++ & 0x3f) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x10000)
+            return -4;
+        ret = 4;
+    } else if ((*p & 0xfc) == 0xf8) {
+        if (len < 5)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80)
+            || ((p[3] & 0xc0) != 0x80)
+            || ((p[4] & 0xc0) != 0x80))
+            return -3;
+        value = ((unsigned long)(*p++ & 0x3)) << 24;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x200000)
+            return -4;
+        ret = 5;
+    } else if ((*p & 0xfe) == 0xfc) {
+        if (len < 6)
+            return -1;
+        if (((p[1] & 0xc0) != 0x80)
+            || ((p[2] & 0xc0) != 0x80)
+            || ((p[3] & 0xc0) != 0x80)
+            || ((p[4] & 0xc0) != 0x80)
+            || ((p[5] & 0xc0) != 0x80))
+            return -3;
+        value = ((unsigned long)(*p++ & 0x1)) << 30;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 24;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 18;
+        value |= ((unsigned long)(*p++ & 0x3f)) << 12;
+        value |= (*p++ & 0x3f) << 6;
+        value |= *p++ & 0x3f;
+        if (value < 0x4000000)
+            return -4;
+        ret = 6;
+    } else
+        return -2;
+    *val = value;
+    return ret;
 }
 
-/* This takes a character 'value' and writes the UTF8 encoded value in
- * 'str' where 'str' is a buffer containing 'len' characters. Returns
- * the number of characters written or -1 if 'len' is too small. 'str' can
- * be set to NULL in which case it just returns the number of characters.
- * It will need at most 6 characters.
+/*
+ * This takes a character 'value' and writes the UTF8 encoded value in 'str'
+ * where 'str' is a buffer containing 'len' characters. Returns the number of
+ * characters written or -1 if 'len' is too small. 'str' can be set to NULL
+ * in which case it just returns the number of characters. It will need at
+ * most 6 characters.
  */
 
 int UTF8_putc(unsigned char *str, int len, unsigned long value)
 {
-	if(!str) len = 6;	/* Maximum we will need */
-	else if(len <= 0) return -1;
-	if(value < 0x80) {
-		if(str) *str = (unsigned char)value;
-		return 1;
-	}
-	if(value < 0x800) {
-		if(len < 2) return -1;
-		if(str) {
-			*str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
-			*str = (unsigned char)((value & 0x3f) | 0x80);
-		}
-		return 2;
-	}
-	if(value < 0x10000) {
-		if(len < 3) return -1;
-		if(str) {
-			*str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
-			*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-			*str = (unsigned char)((value & 0x3f) | 0x80);
-		}
-		return 3;
-	}
-	if(value < 0x200000) {
-		if(len < 4) return -1;
-		if(str) {
-			*str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
-			*str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
-			*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-			*str = (unsigned char)((value & 0x3f) | 0x80);
-		}
-		return 4;
-	}
-	if(value < 0x4000000) {
-		if(len < 5) return -1;
-		if(str) {
-			*str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
-			*str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
-			*str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
-			*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-			*str = (unsigned char)((value & 0x3f) | 0x80);
-		}
-		return 5;
-	}
-	if(len < 6) return -1;
-	if(str) {
-		*str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
-		*str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
-		*str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
-		*str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
-		*str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
-		*str = (unsigned char)((value & 0x3f) | 0x80);
-	}
-	return 6;
+    if (!str)
+        len = 6;                /* Maximum we will need */
+    else if (len <= 0)
+        return -1;
+    if (value < 0x80) {
+        if (str)
+            *str = (unsigned char)value;
+        return 1;
+    }
+    if (value < 0x800) {
+        if (len < 2)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 2;
+    }
+    if (value < 0x10000) {
+        if (len < 3)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
+            *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 3;
+    }
+    if (value < 0x200000) {
+        if (len < 4)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
+            *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+            *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 4;
+    }
+    if (value < 0x4000000) {
+        if (len < 5)
+            return -1;
+        if (str) {
+            *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8);
+            *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+            *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+            *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+            *str = (unsigned char)((value & 0x3f) | 0x80);
+        }
+        return 5;
+    }
+    if (len < 6)
+        return -1;
+    if (str) {
+        *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc);
+        *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80);
+        *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80);
+        *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
+        *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
+        *str = (unsigned char)((value & 0x3f) | 0x80);
+    }
+    return 6;
 }
diff --git a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c
index 7ded69b1..afbfa021 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/a_verify.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/a_verify.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -74,119 +74,122 @@
 #ifndef NO_ASN1_OLD
 
 int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature,
-		char *data, EVP_PKEY *pkey)
-	{
-	EVP_MD_CTX ctx;
-	const EVP_MD *type;
-	unsigned char *p,*buf_in=NULL;
-	int ret= -1,i,inl;
-
-	EVP_MD_CTX_init(&ctx);
-	i=OBJ_obj2nid(a->algorithm);
-	type=EVP_get_digestbyname(OBJ_nid2sn(i));
-	if (type == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-		goto err;
-		}
-	
-	inl=i2d(data,NULL);
-	buf_in=OPENSSL_malloc((unsigned int)inl);
-	if (buf_in == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	p=buf_in;
-
-	i2d(data,&p);
-	if (!EVP_VerifyInit_ex(&ctx,type, NULL))
-		{
-		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-		ret=0;
-		goto err;
-		}
-	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
-
-	OPENSSL_cleanse(buf_in,(unsigned int)inl);
-	OPENSSL_free(buf_in);
-
-	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
-			(unsigned int)signature->length,pkey) <= 0)
-		{
-		ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB);
-		ret=0;
-		goto err;
-		}
-	/* we don't need to zero the 'ctx' because we just checked
-	 * public information */
-	/* memset(&ctx,0,sizeof(ctx)); */
-	ret=1;
-err:
-	EVP_MD_CTX_cleanup(&ctx);
-	return(ret);
-	}
+                char *data, EVP_PKEY *pkey)
+{
+    EVP_MD_CTX ctx;
+    const EVP_MD *type;
+    unsigned char *p, *buf_in = NULL;
+    int ret = -1, i, inl;
+
+    EVP_MD_CTX_init(&ctx);
+    i = OBJ_obj2nid(a->algorithm);
+    type = EVP_get_digestbyname(OBJ_nid2sn(i));
+    if (type == NULL) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+        goto err;
+    }
+
+    if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+        goto err;
+    }
+
+    inl = i2d(data, NULL);
+    buf_in = OPENSSL_malloc((unsigned int)inl);
+    if (buf_in == NULL) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf_in;
+
+    i2d(data, &p);
+    if (!EVP_VerifyInit_ex(&ctx, type, NULL)) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
+        ret = 0;
+        goto err;
+    }
+    EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl);
+
+    OPENSSL_cleanse(buf_in, (unsigned int)inl);
+    OPENSSL_free(buf_in);
+
+    if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data,
+                        (unsigned int)signature->length, pkey) <= 0) {
+        ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB);
+        ret = 0;
+        goto err;
+    }
+    /*
+     * we don't need to zero the 'ctx' because we just checked public
+     * information
+     */
+    /* memset(&ctx,0,sizeof(ctx)); */
+    ret = 1;
+ err:
+    EVP_MD_CTX_cleanup(&ctx);
+    return (ret);
+}
 
 #endif
 
-
-int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
-	     void *asn, EVP_PKEY *pkey)
-	{
-	EVP_MD_CTX ctx;
-	const EVP_MD *type;
-	unsigned char *buf_in=NULL;
-	int ret= -1,i,inl;
-
-	if (!pkey)
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
-		return -1;
-		}
-
-	EVP_MD_CTX_init(&ctx);
-	i=OBJ_obj2nid(a->algorithm);
-	type=EVP_get_digestbyname(OBJ_nid2sn(i));
-	if (type == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-		goto err;
-		}
-
-	if (!EVP_VerifyInit_ex(&ctx,type, NULL))
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
-		ret=0;
-		goto err;
-		}
-
-	inl = ASN1_item_i2d(asn, &buf_in, it);
-	
-	if (buf_in == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
-
-	OPENSSL_cleanse(buf_in,(unsigned int)inl);
-	OPENSSL_free(buf_in);
-
-	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
-			(unsigned int)signature->length,pkey) <= 0)
-		{
-		ASN1err(ASN1_F_ASN1_ITEM_VERIFY,ERR_R_EVP_LIB);
-		ret=0;
-		goto err;
-		}
-	/* we don't need to zero the 'ctx' because we just checked
-	 * public information */
-	/* memset(&ctx,0,sizeof(ctx)); */
-	ret=1;
-err:
-	EVP_MD_CTX_cleanup(&ctx);
-	return(ret);
-	}
-
-
+int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
+                     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
+{
+    EVP_MD_CTX ctx;
+    const EVP_MD *type;
+    unsigned char *buf_in = NULL;
+    int ret = -1, i, inl;
+
+    if (!pkey) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
+    }
+
+    if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+        return -1;
+    }
+
+    EVP_MD_CTX_init(&ctx);
+    i = OBJ_obj2nid(a->algorithm);
+    type = EVP_get_digestbyname(OBJ_nid2sn(i));
+    if (type == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY,
+                ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+        goto err;
+    }
+
+    if (!EVP_VerifyInit_ex(&ctx, type, NULL)) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
+        ret = 0;
+        goto err;
+    }
+
+    inl = ASN1_item_i2d(asn, &buf_in, it);
+
+    if (buf_in == NULL) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    EVP_VerifyUpdate(&ctx, (unsigned char *)buf_in, inl);
+
+    OPENSSL_cleanse(buf_in, (unsigned int)inl);
+    OPENSSL_free(buf_in);
+
+    if (EVP_VerifyFinal(&ctx, (unsigned char *)signature->data,
+                        (unsigned int)signature->length, pkey) <= 0) {
+        ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB);
+        ret = 0;
+        goto err;
+    }
+    /*
+     * we don't need to zero the 'ctx' because we just checked public
+     * information
+     */
+    /* memset(&ctx,0,sizeof(ctx)); */
+    ret = 1;
+ err:
+    EVP_MD_CTX_cleanup(&ctx);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c
index ba88eb31..43e4c195 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_err.c
@@ -1,13 +1,13 @@
 /* crypto/asn1/asn1_err.c */
 /* ====================================================================
- * Copyright (c) 1999-2008 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2014 The OpenSSL Project.  All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,254 +66,273 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
 
-static ERR_STRING_DATA ASN1_str_functs[]=
-	{
-{ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT),	"a2d_ASN1_OBJECT"},
-{ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED),	"a2i_ASN1_ENUMERATED"},
-{ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER),	"a2i_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_A2I_ASN1_STRING),	"a2i_ASN1_STRING"},
-{ERR_FUNC(ASN1_F_APPEND_EXP),	"APPEND_EXP"},
-{ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT),	"ASN1_BIT_STRING_set_bit"},
-{ERR_FUNC(ASN1_F_ASN1_CB),	"ASN1_CB"},
-{ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN),	"ASN1_CHECK_TLEN"},
-{ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE),	"ASN1_COLLATE_PRIMITIVE"},
-{ERR_FUNC(ASN1_F_ASN1_COLLECT),	"ASN1_COLLECT"},
-{ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE),	"ASN1_D2I_EX_PRIMITIVE"},
-{ERR_FUNC(ASN1_F_ASN1_D2I_FP),	"ASN1_d2i_fp"},
-{ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO),	"ASN1_D2I_READ_BIO"},
-{ERR_FUNC(ASN1_F_ASN1_DIGEST),	"ASN1_digest"},
-{ERR_FUNC(ASN1_F_ASN1_DO_ADB),	"ASN1_DO_ADB"},
-{ERR_FUNC(ASN1_F_ASN1_DUP),	"ASN1_dup"},
-{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET),	"ASN1_ENUMERATED_set"},
-{ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN),	"ASN1_ENUMERATED_to_BN"},
-{ERR_FUNC(ASN1_F_ASN1_EX_C2I),	"ASN1_EX_C2I"},
-{ERR_FUNC(ASN1_F_ASN1_FIND_END),	"ASN1_FIND_END"},
-{ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET),	"ASN1_GENERALIZEDTIME_set"},
-{ERR_FUNC(ASN1_F_ASN1_GENERATE_V3),	"ASN1_generate_v3"},
-{ERR_FUNC(ASN1_F_ASN1_GET_OBJECT),	"ASN1_get_object"},
-{ERR_FUNC(ASN1_F_ASN1_HEADER_NEW),	"ASN1_HEADER_new"},
-{ERR_FUNC(ASN1_F_ASN1_I2D_BIO),	"ASN1_i2d_bio"},
-{ERR_FUNC(ASN1_F_ASN1_I2D_FP),	"ASN1_i2d_fp"},
-{ERR_FUNC(ASN1_F_ASN1_INTEGER_SET),	"ASN1_INTEGER_set"},
-{ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN),	"ASN1_INTEGER_to_BN"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP),	"ASN1_item_d2i_fp"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_DUP),	"ASN1_item_dup"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW),	"ASN1_ITEM_EX_COMBINE_NEW"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I),	"ASN1_ITEM_EX_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO),	"ASN1_item_i2d_bio"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP),	"ASN1_item_i2d_fp"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_PACK),	"ASN1_item_pack"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN),	"ASN1_item_sign"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK),	"ASN1_item_unpack"},
-{ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY),	"ASN1_item_verify"},
-{ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY),	"ASN1_mbstring_ncopy"},
-{ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW),	"ASN1_OBJECT_new"},
-{ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA),	"ASN1_OUTPUT_DATA"},
-{ERR_FUNC(ASN1_F_ASN1_PACK_STRING),	"ASN1_pack_string"},
-{ERR_FUNC(ASN1_F_ASN1_PCTX_NEW),	"ASN1_PCTX_NEW"},
-{ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET),	"ASN1_PKCS5_PBE_SET"},
-{ERR_FUNC(ASN1_F_ASN1_SEQ_PACK),	"ASN1_seq_pack"},
-{ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK),	"ASN1_seq_unpack"},
-{ERR_FUNC(ASN1_F_ASN1_SIGN),	"ASN1_sign"},
-{ERR_FUNC(ASN1_F_ASN1_STR2TYPE),	"ASN1_STR2TYPE"},
-{ERR_FUNC(ASN1_F_ASN1_STRING_SET),	"ASN1_STRING_set"},
-{ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD),	"ASN1_STRING_TABLE_add"},
-{ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW),	"ASN1_STRING_type_new"},
-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I),	"ASN1_TEMPLATE_EX_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW),	"ASN1_TEMPLATE_NEW"},
-{ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I),	"ASN1_TEMPLATE_NOEXP_D2I"},
-{ERR_FUNC(ASN1_F_ASN1_TIME_SET),	"ASN1_TIME_set"},
-{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),	"ASN1_TYPE_get_int_octetstring"},
-{ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING),	"ASN1_TYPE_get_octetstring"},
-{ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING),	"ASN1_unpack_string"},
-{ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET),	"ASN1_UTCTIME_set"},
-{ERR_FUNC(ASN1_F_ASN1_VERIFY),	"ASN1_verify"},
-{ERR_FUNC(ASN1_F_B64_READ_ASN1),	"B64_READ_ASN1"},
-{ERR_FUNC(ASN1_F_B64_WRITE_ASN1),	"B64_WRITE_ASN1"},
-{ERR_FUNC(ASN1_F_BITSTR_CB),	"BITSTR_CB"},
-{ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED),	"BN_to_ASN1_ENUMERATED"},
-{ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER),	"BN_to_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING),	"c2i_ASN1_BIT_STRING"},
-{ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER),	"c2i_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT),	"c2i_ASN1_OBJECT"},
-{ERR_FUNC(ASN1_F_COLLECT_DATA),	"COLLECT_DATA"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING),	"D2I_ASN1_BIT_STRING"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN),	"d2i_ASN1_BOOLEAN"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_BYTES),	"d2i_ASN1_bytes"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME),	"D2I_ASN1_GENERALIZEDTIME"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_HEADER),	"d2i_ASN1_HEADER"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER),	"D2I_ASN1_INTEGER"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT),	"d2i_ASN1_OBJECT"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_SET),	"d2i_ASN1_SET"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES),	"d2i_ASN1_type_bytes"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER),	"d2i_ASN1_UINTEGER"},
-{ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME),	"D2I_ASN1_UTCTIME"},
-{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA),	"d2i_Netscape_RSA"},
-{ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2),	"D2I_NETSCAPE_RSA_2"},
-{ERR_FUNC(ASN1_F_D2I_PRIVATEKEY),	"d2i_PrivateKey"},
-{ERR_FUNC(ASN1_F_D2I_PUBLICKEY),	"d2i_PublicKey"},
-{ERR_FUNC(ASN1_F_D2I_RSA_NET),	"d2i_RSA_NET"},
-{ERR_FUNC(ASN1_F_D2I_RSA_NET_2),	"D2I_RSA_NET_2"},
-{ERR_FUNC(ASN1_F_D2I_X509),	"D2I_X509"},
-{ERR_FUNC(ASN1_F_D2I_X509_CINF),	"D2I_X509_CINF"},
-{ERR_FUNC(ASN1_F_D2I_X509_PKEY),	"d2i_X509_PKEY"},
-{ERR_FUNC(ASN1_F_I2D_ASN1_SET),	"i2d_ASN1_SET"},
-{ERR_FUNC(ASN1_F_I2D_ASN1_TIME),	"I2D_ASN1_TIME"},
-{ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY),	"i2d_DSA_PUBKEY"},
-{ERR_FUNC(ASN1_F_I2D_EC_PUBKEY),	"i2d_EC_PUBKEY"},
-{ERR_FUNC(ASN1_F_I2D_PRIVATEKEY),	"i2d_PrivateKey"},
-{ERR_FUNC(ASN1_F_I2D_PUBLICKEY),	"i2d_PublicKey"},
-{ERR_FUNC(ASN1_F_I2D_RSA_NET),	"i2d_RSA_NET"},
-{ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY),	"i2d_RSA_PUBKEY"},
-{ERR_FUNC(ASN1_F_LONG_C2I),	"LONG_C2I"},
-{ERR_FUNC(ASN1_F_OID_MODULE_INIT),	"OID_MODULE_INIT"},
-{ERR_FUNC(ASN1_F_PARSE_TAGGING),	"PARSE_TAGGING"},
-{ERR_FUNC(ASN1_F_PKCS5_PBE2_SET),	"PKCS5_pbe2_set"},
-{ERR_FUNC(ASN1_F_PKCS5_PBE_SET),	"PKCS5_pbe_set"},
-{ERR_FUNC(ASN1_F_SMIME_READ_ASN1),	"SMIME_read_ASN1"},
-{ERR_FUNC(ASN1_F_SMIME_TEXT),	"SMIME_text"},
-{ERR_FUNC(ASN1_F_X509_CINF_NEW),	"X509_CINF_NEW"},
-{ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED),	"X509_CRL_add0_revoked"},
-{ERR_FUNC(ASN1_F_X509_INFO_NEW),	"X509_INFO_new"},
-{ERR_FUNC(ASN1_F_X509_NAME_ENCODE),	"X509_NAME_ENCODE"},
-{ERR_FUNC(ASN1_F_X509_NAME_EX_D2I),	"X509_NAME_EX_D2I"},
-{ERR_FUNC(ASN1_F_X509_NAME_EX_NEW),	"X509_NAME_EX_NEW"},
-{ERR_FUNC(ASN1_F_X509_NEW),	"X509_NEW"},
-{ERR_FUNC(ASN1_F_X509_PKEY_NEW),	"X509_PKEY_new"},
-{0,NULL}
-	};
+static ERR_STRING_DATA ASN1_str_functs[] = {
+    {ERR_FUNC(ASN1_F_A2D_ASN1_OBJECT), "a2d_ASN1_OBJECT"},
+    {ERR_FUNC(ASN1_F_A2I_ASN1_ENUMERATED), "a2i_ASN1_ENUMERATED"},
+    {ERR_FUNC(ASN1_F_A2I_ASN1_INTEGER), "a2i_ASN1_INTEGER"},
+    {ERR_FUNC(ASN1_F_A2I_ASN1_STRING), "a2i_ASN1_STRING"},
+    {ERR_FUNC(ASN1_F_APPEND_EXP), "APPEND_EXP"},
+    {ERR_FUNC(ASN1_F_ASN1_BIT_STRING_SET_BIT), "ASN1_BIT_STRING_set_bit"},
+    {ERR_FUNC(ASN1_F_ASN1_CB), "ASN1_CB"},
+    {ERR_FUNC(ASN1_F_ASN1_CHECK_TLEN), "ASN1_CHECK_TLEN"},
+    {ERR_FUNC(ASN1_F_ASN1_COLLATE_PRIMITIVE), "ASN1_COLLATE_PRIMITIVE"},
+    {ERR_FUNC(ASN1_F_ASN1_COLLECT), "ASN1_COLLECT"},
+    {ERR_FUNC(ASN1_F_ASN1_D2I_EX_PRIMITIVE), "ASN1_D2I_EX_PRIMITIVE"},
+    {ERR_FUNC(ASN1_F_ASN1_D2I_FP), "ASN1_d2i_fp"},
+    {ERR_FUNC(ASN1_F_ASN1_D2I_READ_BIO), "ASN1_D2I_READ_BIO"},
+    {ERR_FUNC(ASN1_F_ASN1_DIGEST), "ASN1_digest"},
+    {ERR_FUNC(ASN1_F_ASN1_DO_ADB), "ASN1_DO_ADB"},
+    {ERR_FUNC(ASN1_F_ASN1_DUP), "ASN1_dup"},
+    {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_SET), "ASN1_ENUMERATED_set"},
+    {ERR_FUNC(ASN1_F_ASN1_ENUMERATED_TO_BN), "ASN1_ENUMERATED_to_BN"},
+    {ERR_FUNC(ASN1_F_ASN1_EX_C2I), "ASN1_EX_C2I"},
+    {ERR_FUNC(ASN1_F_ASN1_FIND_END), "ASN1_FIND_END"},
+    {ERR_FUNC(ASN1_F_ASN1_GENERALIZEDTIME_SET), "ASN1_GENERALIZEDTIME_set"},
+    {ERR_FUNC(ASN1_F_ASN1_GENERATE_V3), "ASN1_generate_v3"},
+    {ERR_FUNC(ASN1_F_ASN1_GET_OBJECT), "ASN1_get_object"},
+    {ERR_FUNC(ASN1_F_ASN1_HEADER_NEW), "ASN1_HEADER_new"},
+    {ERR_FUNC(ASN1_F_ASN1_I2D_BIO), "ASN1_i2d_bio"},
+    {ERR_FUNC(ASN1_F_ASN1_I2D_FP), "ASN1_i2d_fp"},
+    {ERR_FUNC(ASN1_F_ASN1_INTEGER_SET), "ASN1_INTEGER_set"},
+    {ERR_FUNC(ASN1_F_ASN1_INTEGER_TO_BN), "ASN1_INTEGER_to_BN"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_D2I_FP), "ASN1_item_d2i_fp"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_DUP), "ASN1_item_dup"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW), "ASN1_ITEM_EX_COMBINE_NEW"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_EX_D2I), "ASN1_ITEM_EX_D2I"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_BIO), "ASN1_item_i2d_bio"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_I2D_FP), "ASN1_item_i2d_fp"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_PACK), "ASN1_item_pack"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_SIGN), "ASN1_item_sign"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_UNPACK), "ASN1_item_unpack"},
+    {ERR_FUNC(ASN1_F_ASN1_ITEM_VERIFY), "ASN1_item_verify"},
+    {ERR_FUNC(ASN1_F_ASN1_MBSTRING_NCOPY), "ASN1_mbstring_ncopy"},
+    {ERR_FUNC(ASN1_F_ASN1_OBJECT_NEW), "ASN1_OBJECT_new"},
+    {ERR_FUNC(ASN1_F_ASN1_OUTPUT_DATA), "ASN1_OUTPUT_DATA"},
+    {ERR_FUNC(ASN1_F_ASN1_PACK_STRING), "ASN1_pack_string"},
+    {ERR_FUNC(ASN1_F_ASN1_PCTX_NEW), "ASN1_PCTX_NEW"},
+    {ERR_FUNC(ASN1_F_ASN1_PKCS5_PBE_SET), "ASN1_PKCS5_PBE_SET"},
+    {ERR_FUNC(ASN1_F_ASN1_SEQ_PACK), "ASN1_seq_pack"},
+    {ERR_FUNC(ASN1_F_ASN1_SEQ_UNPACK), "ASN1_seq_unpack"},
+    {ERR_FUNC(ASN1_F_ASN1_SIGN), "ASN1_sign"},
+    {ERR_FUNC(ASN1_F_ASN1_STR2TYPE), "ASN1_STR2TYPE"},
+    {ERR_FUNC(ASN1_F_ASN1_STRING_SET), "ASN1_STRING_set"},
+    {ERR_FUNC(ASN1_F_ASN1_STRING_TABLE_ADD), "ASN1_STRING_TABLE_add"},
+    {ERR_FUNC(ASN1_F_ASN1_STRING_TYPE_NEW), "ASN1_STRING_type_new"},
+    {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_EX_D2I), "ASN1_TEMPLATE_EX_D2I"},
+    {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NEW), "ASN1_TEMPLATE_NEW"},
+    {ERR_FUNC(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I), "ASN1_TEMPLATE_NOEXP_D2I"},
+    {ERR_FUNC(ASN1_F_ASN1_TIME_SET), "ASN1_TIME_set"},
+    {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING),
+     "ASN1_TYPE_get_int_octetstring"},
+    {ERR_FUNC(ASN1_F_ASN1_TYPE_GET_OCTETSTRING), "ASN1_TYPE_get_octetstring"},
+    {ERR_FUNC(ASN1_F_ASN1_UNPACK_STRING), "ASN1_unpack_string"},
+    {ERR_FUNC(ASN1_F_ASN1_UTCTIME_SET), "ASN1_UTCTIME_set"},
+    {ERR_FUNC(ASN1_F_ASN1_VERIFY), "ASN1_verify"},
+    {ERR_FUNC(ASN1_F_B64_READ_ASN1), "B64_READ_ASN1"},
+    {ERR_FUNC(ASN1_F_B64_WRITE_ASN1), "B64_WRITE_ASN1"},
+    {ERR_FUNC(ASN1_F_BITSTR_CB), "BITSTR_CB"},
+    {ERR_FUNC(ASN1_F_BN_TO_ASN1_ENUMERATED), "BN_to_ASN1_ENUMERATED"},
+    {ERR_FUNC(ASN1_F_BN_TO_ASN1_INTEGER), "BN_to_ASN1_INTEGER"},
+    {ERR_FUNC(ASN1_F_C2I_ASN1_BIT_STRING), "c2i_ASN1_BIT_STRING"},
+    {ERR_FUNC(ASN1_F_C2I_ASN1_INTEGER), "c2i_ASN1_INTEGER"},
+    {ERR_FUNC(ASN1_F_C2I_ASN1_OBJECT), "c2i_ASN1_OBJECT"},
+    {ERR_FUNC(ASN1_F_COLLECT_DATA), "COLLECT_DATA"},
+    {ERR_FUNC(ASN1_F_D2I_ASN1_BIT_STRING), "D2I_ASN1_BIT_STRING"},
+    {ERR_FUNC(ASN1_F_D2I_ASN1_BOOLEAN), "d2i_ASN1_BOOLEAN"},
+    {ERR_FUNC(ASN1_F_D2I_ASN1_BYTES), "d2i_ASN1_bytes"},
+    {ERR_FUNC(ASN1_F_D2I_ASN1_GENERALIZEDTIME), "D2I_ASN1_GENERALIZEDTIME"},
+    {ERR_FUNC(ASN1_F_D2I_ASN1_HEADER), "d2i_ASN1_HEADER"},
+    {ERR_FUNC(ASN1_F_D2I_ASN1_INTEGER), "D2I_ASN1_INTEGER"},
+    {ERR_FUNC(ASN1_F_D2I_ASN1_OBJECT), "d2i_ASN1_OBJECT"},
+    {ERR_FUNC(ASN1_F_D2I_ASN1_SET), "d2i_ASN1_SET"},
+    {ERR_FUNC(ASN1_F_D2I_ASN1_TYPE_BYTES), "d2i_ASN1_type_bytes"},
+    {ERR_FUNC(ASN1_F_D2I_ASN1_UINTEGER), "d2i_ASN1_UINTEGER"},
+    {ERR_FUNC(ASN1_F_D2I_ASN1_UTCTIME), "D2I_ASN1_UTCTIME"},
+    {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA), "d2i_Netscape_RSA"},
+    {ERR_FUNC(ASN1_F_D2I_NETSCAPE_RSA_2), "D2I_NETSCAPE_RSA_2"},
+    {ERR_FUNC(ASN1_F_D2I_PRIVATEKEY), "d2i_PrivateKey"},
+    {ERR_FUNC(ASN1_F_D2I_PUBLICKEY), "d2i_PublicKey"},
+    {ERR_FUNC(ASN1_F_D2I_RSA_NET), "d2i_RSA_NET"},
+    {ERR_FUNC(ASN1_F_D2I_RSA_NET_2), "D2I_RSA_NET_2"},
+    {ERR_FUNC(ASN1_F_D2I_X509), "D2I_X509"},
+    {ERR_FUNC(ASN1_F_D2I_X509_CINF), "D2I_X509_CINF"},
+    {ERR_FUNC(ASN1_F_D2I_X509_PKEY), "d2i_X509_PKEY"},
+    {ERR_FUNC(ASN1_F_I2D_ASN1_SET), "i2d_ASN1_SET"},
+    {ERR_FUNC(ASN1_F_I2D_ASN1_TIME), "I2D_ASN1_TIME"},
+    {ERR_FUNC(ASN1_F_I2D_DSA_PUBKEY), "i2d_DSA_PUBKEY"},
+    {ERR_FUNC(ASN1_F_I2D_EC_PUBKEY), "i2d_EC_PUBKEY"},
+    {ERR_FUNC(ASN1_F_I2D_PRIVATEKEY), "i2d_PrivateKey"},
+    {ERR_FUNC(ASN1_F_I2D_PUBLICKEY), "i2d_PublicKey"},
+    {ERR_FUNC(ASN1_F_I2D_RSA_NET), "i2d_RSA_NET"},
+    {ERR_FUNC(ASN1_F_I2D_RSA_PUBKEY), "i2d_RSA_PUBKEY"},
+    {ERR_FUNC(ASN1_F_LONG_C2I), "LONG_C2I"},
+    {ERR_FUNC(ASN1_F_OID_MODULE_INIT), "OID_MODULE_INIT"},
+    {ERR_FUNC(ASN1_F_PARSE_TAGGING), "PARSE_TAGGING"},
+    {ERR_FUNC(ASN1_F_PKCS5_PBE2_SET), "PKCS5_pbe2_set"},
+    {ERR_FUNC(ASN1_F_PKCS5_PBE_SET), "PKCS5_pbe_set"},
+    {ERR_FUNC(ASN1_F_SMIME_READ_ASN1), "SMIME_read_ASN1"},
+    {ERR_FUNC(ASN1_F_SMIME_TEXT), "SMIME_text"},
+    {ERR_FUNC(ASN1_F_X509_CINF_NEW), "X509_CINF_NEW"},
+    {ERR_FUNC(ASN1_F_X509_CRL_ADD0_REVOKED), "X509_CRL_add0_revoked"},
+    {ERR_FUNC(ASN1_F_X509_INFO_NEW), "X509_INFO_new"},
+    {ERR_FUNC(ASN1_F_X509_NAME_ENCODE), "X509_NAME_ENCODE"},
+    {ERR_FUNC(ASN1_F_X509_NAME_EX_D2I), "X509_NAME_EX_D2I"},
+    {ERR_FUNC(ASN1_F_X509_NAME_EX_NEW), "X509_NAME_EX_NEW"},
+    {ERR_FUNC(ASN1_F_X509_NEW), "X509_NEW"},
+    {ERR_FUNC(ASN1_F_X509_PKEY_NEW), "X509_PKEY_new"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA ASN1_str_reasons[]=
-	{
-{ERR_REASON(ASN1_R_ADDING_OBJECT)        ,"adding object"},
-{ERR_REASON(ASN1_R_ASN1_PARSE_ERROR)     ,"asn1 parse error"},
-{ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) ,"asn1 sig parse error"},
-{ERR_REASON(ASN1_R_AUX_ERROR)            ,"aux error"},
-{ERR_REASON(ASN1_R_BAD_CLASS)            ,"bad class"},
-{ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
-{ERR_REASON(ASN1_R_BAD_PASSWORD_READ)    ,"bad password read"},
-{ERR_REASON(ASN1_R_BAD_TAG)              ,"bad tag"},
-{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
-{ERR_REASON(ASN1_R_BN_LIB)               ,"bn lib"},
-{ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
-{ERR_REASON(ASN1_R_BUFFER_TOO_SMALL)     ,"buffer too small"},
-{ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
-{ERR_REASON(ASN1_R_DATA_IS_WRONG)        ,"data is wrong"},
-{ERR_REASON(ASN1_R_DECODE_ERROR)         ,"decode error"},
-{ERR_REASON(ASN1_R_DECODING_ERROR)       ,"decoding error"},
-{ERR_REASON(ASN1_R_DEPTH_EXCEEDED)       ,"depth exceeded"},
-{ERR_REASON(ASN1_R_ENCODE_ERROR)         ,"encode error"},
-{ERR_REASON(ASN1_R_ERROR_GETTING_TIME)   ,"error getting time"},
-{ERR_REASON(ASN1_R_ERROR_LOADING_SECTION),"error loading section"},
-{ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),"error parsing set element"},
-{ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),"error setting cipher params"},
-{ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) ,"expecting an integer"},
-{ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT)  ,"expecting an object"},
-{ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN)  ,"expecting a boolean"},
-{ERR_REASON(ASN1_R_EXPECTING_A_TIME)     ,"expecting a time"},
-{ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH),"explicit length mismatch"},
-{ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),"explicit tag not constructed"},
-{ERR_REASON(ASN1_R_FIELD_MISSING)        ,"field missing"},
-{ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE)  ,"first num too large"},
-{ERR_REASON(ASN1_R_HEADER_TOO_LONG)      ,"header too long"},
-{ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT),"illegal bitstring format"},
-{ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN)      ,"illegal boolean"},
-{ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS)   ,"illegal characters"},
-{ERR_REASON(ASN1_R_ILLEGAL_FORMAT)       ,"illegal format"},
-{ERR_REASON(ASN1_R_ILLEGAL_HEX)          ,"illegal hex"},
-{ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG) ,"illegal implicit tag"},
-{ERR_REASON(ASN1_R_ILLEGAL_INTEGER)      ,"illegal integer"},
-{ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING),"illegal nested tagging"},
-{ERR_REASON(ASN1_R_ILLEGAL_NULL)         ,"illegal null"},
-{ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE)   ,"illegal null value"},
-{ERR_REASON(ASN1_R_ILLEGAL_OBJECT)       ,"illegal object"},
-{ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) ,"illegal optional any"},
-{ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),"illegal options on item template"},
-{ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY)   ,"illegal tagged any"},
-{ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE)   ,"illegal time value"},
-{ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT),"integer not ascii format"},
-{ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),"integer too large for long"},
-{ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH),"invalid bmpstring length"},
-{ERR_REASON(ASN1_R_INVALID_DIGIT)        ,"invalid digit"},
-{ERR_REASON(ASN1_R_INVALID_MIME_TYPE)    ,"invalid mime type"},
-{ERR_REASON(ASN1_R_INVALID_MODIFIER)     ,"invalid modifier"},
-{ERR_REASON(ASN1_R_INVALID_NUMBER)       ,"invalid number"},
-{ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING),"invalid object encoding"},
-{ERR_REASON(ASN1_R_INVALID_SEPARATOR)    ,"invalid separator"},
-{ERR_REASON(ASN1_R_INVALID_TIME_FORMAT)  ,"invalid time format"},
-{ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),"invalid universalstring length"},
-{ERR_REASON(ASN1_R_INVALID_UTF8STRING)   ,"invalid utf8string"},
-{ERR_REASON(ASN1_R_IV_TOO_LARGE)         ,"iv too large"},
-{ERR_REASON(ASN1_R_LENGTH_ERROR)         ,"length error"},
-{ERR_REASON(ASN1_R_LIST_ERROR)           ,"list error"},
-{ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) ,"mime no content type"},
-{ERR_REASON(ASN1_R_MIME_PARSE_ERROR)     ,"mime parse error"},
-{ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) ,"mime sig parse error"},
-{ERR_REASON(ASN1_R_MISSING_EOC)          ,"missing eoc"},
-{ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER),"missing second number"},
-{ERR_REASON(ASN1_R_MISSING_VALUE)        ,"missing value"},
-{ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL),"mstring not universal"},
-{ERR_REASON(ASN1_R_MSTRING_WRONG_TAG)    ,"mstring wrong tag"},
-{ERR_REASON(ASN1_R_NESTED_ASN1_STRING)   ,"nested asn1 string"},
-{ERR_REASON(ASN1_R_NON_HEX_CHARACTERS)   ,"non hex characters"},
-{ERR_REASON(ASN1_R_NOT_ASCII_FORMAT)     ,"not ascii format"},
-{ERR_REASON(ASN1_R_NOT_ENOUGH_DATA)      ,"not enough data"},
-{ERR_REASON(ASN1_R_NO_CONTENT_TYPE)      ,"no content type"},
-{ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE),"no matching choice type"},
-{ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
-{ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
-{ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE)  ,"no sig content type"},
-{ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) ,"null is wrong length"},
-{ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT),"object not ascii format"},
-{ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS)  ,"odd number of chars"},
-{ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),"private key header missing"},
-{ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE),"second number too large"},
-{ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH),"sequence length mismatch"},
-{ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED),"sequence not constructed"},
-{ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),"sequence or set needs config"},
-{ERR_REASON(ASN1_R_SHORT_LINE)           ,"short line"},
-{ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
-{ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED),"streaming not supported"},
-{ERR_REASON(ASN1_R_STRING_TOO_LONG)      ,"string too long"},
-{ERR_REASON(ASN1_R_STRING_TOO_SHORT)     ,"string too short"},
-{ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH)   ,"tag value too high"},
-{ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
-{ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT),"time not ascii format"},
-{ERR_REASON(ASN1_R_TOO_LONG)             ,"too long"},
-{ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) ,"type not constructed"},
-{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
-{ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
-{ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},
-{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
-{ERR_REASON(ASN1_R_UNKNOWN_FORMAT)       ,"unknown format"},
-{ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
-{ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},
-{ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE),"unknown public key type"},
-{ERR_REASON(ASN1_R_UNKNOWN_TAG)          ,"unknown tag"},
-{ERR_REASON(ASN1_R_UNKOWN_FORMAT)        ,"unkown format"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),"unsupported any defined by type"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER)   ,"unsupported cipher"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),"unsupported encryption algorithm"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),"unsupported public key type"},
-{ERR_REASON(ASN1_R_UNSUPPORTED_TYPE)     ,"unsupported type"},
-{ERR_REASON(ASN1_R_WRONG_TAG)            ,"wrong tag"},
-{ERR_REASON(ASN1_R_WRONG_TYPE)           ,"wrong type"},
-{0,NULL}
-	};
+static ERR_STRING_DATA ASN1_str_reasons[] = {
+    {ERR_REASON(ASN1_R_ADDING_OBJECT), "adding object"},
+    {ERR_REASON(ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"},
+    {ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR), "asn1 sig parse error"},
+    {ERR_REASON(ASN1_R_AUX_ERROR), "aux error"},
+    {ERR_REASON(ASN1_R_BAD_CLASS), "bad class"},
+    {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER), "bad object header"},
+    {ERR_REASON(ASN1_R_BAD_PASSWORD_READ), "bad password read"},
+    {ERR_REASON(ASN1_R_BAD_TAG), "bad tag"},
+    {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),
+     "bmpstring is wrong length"},
+    {ERR_REASON(ASN1_R_BN_LIB), "bn lib"},
+    {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"},
+    {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
+     "cipher has no object identifier"},
+    {ERR_REASON(ASN1_R_DATA_IS_WRONG), "data is wrong"},
+    {ERR_REASON(ASN1_R_DECODE_ERROR), "decode error"},
+    {ERR_REASON(ASN1_R_DECODING_ERROR), "decoding error"},
+    {ERR_REASON(ASN1_R_DEPTH_EXCEEDED), "depth exceeded"},
+    {ERR_REASON(ASN1_R_ENCODE_ERROR), "encode error"},
+    {ERR_REASON(ASN1_R_ERROR_GETTING_TIME), "error getting time"},
+    {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"},
+    {ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT),
+     "error parsing set element"},
+    {ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS),
+     "error setting cipher params"},
+    {ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER), "expecting an integer"},
+    {ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT), "expecting an object"},
+    {ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN), "expecting a boolean"},
+    {ERR_REASON(ASN1_R_EXPECTING_A_TIME), "expecting a time"},
+    {ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"},
+    {ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED),
+     "explicit tag not constructed"},
+    {ERR_REASON(ASN1_R_FIELD_MISSING), "field missing"},
+    {ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE), "first num too large"},
+    {ERR_REASON(ASN1_R_HEADER_TOO_LONG), "header too long"},
+    {ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT), "illegal bitstring format"},
+    {ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN), "illegal boolean"},
+    {ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS), "illegal characters"},
+    {ERR_REASON(ASN1_R_ILLEGAL_FORMAT), "illegal format"},
+    {ERR_REASON(ASN1_R_ILLEGAL_HEX), "illegal hex"},
+    {ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG), "illegal implicit tag"},
+    {ERR_REASON(ASN1_R_ILLEGAL_INTEGER), "illegal integer"},
+    {ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING), "illegal nested tagging"},
+    {ERR_REASON(ASN1_R_ILLEGAL_NULL), "illegal null"},
+    {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE), "illegal null value"},
+    {ERR_REASON(ASN1_R_ILLEGAL_OBJECT), "illegal object"},
+    {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY), "illegal optional any"},
+    {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE),
+     "illegal options on item template"},
+    {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY), "illegal tagged any"},
+    {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE), "illegal time value"},
+    {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"},
+    {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG),
+     "integer too large for long"},
+    {ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT),
+     "invalid bit string bits left"},
+    {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH), "invalid bmpstring length"},
+    {ERR_REASON(ASN1_R_INVALID_DIGIT), "invalid digit"},
+    {ERR_REASON(ASN1_R_INVALID_MIME_TYPE), "invalid mime type"},
+    {ERR_REASON(ASN1_R_INVALID_MODIFIER), "invalid modifier"},
+    {ERR_REASON(ASN1_R_INVALID_NUMBER), "invalid number"},
+    {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING), "invalid object encoding"},
+    {ERR_REASON(ASN1_R_INVALID_SEPARATOR), "invalid separator"},
+    {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT), "invalid time format"},
+    {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH),
+     "invalid universalstring length"},
+    {ERR_REASON(ASN1_R_INVALID_UTF8STRING), "invalid utf8string"},
+    {ERR_REASON(ASN1_R_IV_TOO_LARGE), "iv too large"},
+    {ERR_REASON(ASN1_R_LENGTH_ERROR), "length error"},
+    {ERR_REASON(ASN1_R_LIST_ERROR), "list error"},
+    {ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE), "mime no content type"},
+    {ERR_REASON(ASN1_R_MIME_PARSE_ERROR), "mime parse error"},
+    {ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"},
+    {ERR_REASON(ASN1_R_MISSING_EOC), "missing eoc"},
+    {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER), "missing second number"},
+    {ERR_REASON(ASN1_R_MISSING_VALUE), "missing value"},
+    {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
+    {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG), "mstring wrong tag"},
+    {ERR_REASON(ASN1_R_NESTED_ASN1_STRING), "nested asn1 string"},
+    {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS), "non hex characters"},
+    {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT), "not ascii format"},
+    {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA), "not enough data"},
+    {ERR_REASON(ASN1_R_NO_CONTENT_TYPE), "no content type"},
+    {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"},
+    {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE),
+     "no multipart body failure"},
+    {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"},
+    {ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE), "no sig content type"},
+    {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH), "null is wrong length"},
+    {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"},
+    {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS), "odd number of chars"},
+    {ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING),
+     "private key header missing"},
+    {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"},
+    {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"},
+    {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"},
+    {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG),
+     "sequence or set needs config"},
+    {ERR_REASON(ASN1_R_SHORT_LINE), "short line"},
+    {ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"},
+    {ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"},
+    {ERR_REASON(ASN1_R_STRING_TOO_LONG), "string too long"},
+    {ERR_REASON(ASN1_R_STRING_TOO_SHORT), "string too short"},
+    {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH), "tag value too high"},
+    {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
+     "the asn1 object identifier is not known for this md"},
+    {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"},
+    {ERR_REASON(ASN1_R_TOO_LONG), "too long"},
+    {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED), "type not constructed"},
+    {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE), "type not primitive"},
+    {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"},
+    {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),
+     "unable to decode rsa private key"},
+    {ERR_REASON(ASN1_R_UNEXPECTED_EOC), "unexpected eoc"},
+    {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),
+     "universalstring is wrong length"},
+    {ERR_REASON(ASN1_R_UNKNOWN_FORMAT), "unknown format"},
+    {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),
+     "unknown message digest algorithm"},
+    {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE), "unknown object type"},
+    {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), "unknown public key type"},
+    {ERR_REASON(ASN1_R_UNKNOWN_TAG), "unknown tag"},
+    {ERR_REASON(ASN1_R_UNKOWN_FORMAT), "unkown format"},
+    {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE),
+     "unsupported any defined by type"},
+    {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+    {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM),
+     "unsupported encryption algorithm"},
+    {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE),
+     "unsupported public key type"},
+    {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE), "unsupported type"},
+    {ERR_REASON(ASN1_R_WRONG_TAG), "wrong tag"},
+    {ERR_REASON(ASN1_R_WRONG_TYPE), "wrong type"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_ASN1_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,ASN1_str_functs);
-		ERR_load_strings(0,ASN1_str_reasons);
-		}
+    if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, ASN1_str_functs);
+        ERR_load_strings(0, ASN1_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c
index 213a8e98..596b6564 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c
@@ -1,6 +1,7 @@
 /* asn1_gen.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2002.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2002.
  */
 /* ====================================================================
  * Copyright (c) 2002 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,796 +61,742 @@
 #include <openssl/asn1.h>
 #include <openssl/x509v3.h>
 
-#define ASN1_GEN_FLAG		0x10000
-#define ASN1_GEN_FLAG_IMP	(ASN1_GEN_FLAG|1)
-#define ASN1_GEN_FLAG_EXP	(ASN1_GEN_FLAG|2)
-#define ASN1_GEN_FLAG_TAG	(ASN1_GEN_FLAG|3)
-#define ASN1_GEN_FLAG_BITWRAP	(ASN1_GEN_FLAG|4)
-#define ASN1_GEN_FLAG_OCTWRAP	(ASN1_GEN_FLAG|5)
-#define ASN1_GEN_FLAG_SEQWRAP	(ASN1_GEN_FLAG|6)
-#define ASN1_GEN_FLAG_SETWRAP	(ASN1_GEN_FLAG|7)
-#define ASN1_GEN_FLAG_FORMAT	(ASN1_GEN_FLAG|8)
+#define ASN1_GEN_FLAG           0x10000
+#define ASN1_GEN_FLAG_IMP       (ASN1_GEN_FLAG|1)
+#define ASN1_GEN_FLAG_EXP       (ASN1_GEN_FLAG|2)
+#define ASN1_GEN_FLAG_TAG       (ASN1_GEN_FLAG|3)
+#define ASN1_GEN_FLAG_BITWRAP   (ASN1_GEN_FLAG|4)
+#define ASN1_GEN_FLAG_OCTWRAP   (ASN1_GEN_FLAG|5)
+#define ASN1_GEN_FLAG_SEQWRAP   (ASN1_GEN_FLAG|6)
+#define ASN1_GEN_FLAG_SETWRAP   (ASN1_GEN_FLAG|7)
+#define ASN1_GEN_FLAG_FORMAT    (ASN1_GEN_FLAG|8)
 
-#define ASN1_GEN_STR(str,val)	{str, sizeof(str) - 1, val}
+#define ASN1_GEN_STR(str,val)   {str, sizeof(str) - 1, val}
 
-#define ASN1_FLAG_EXP_MAX	20
+#define ASN1_FLAG_EXP_MAX       20
 
 /* Input formats */
 
 /* ASCII: default */
-#define ASN1_GEN_FORMAT_ASCII	1
+#define ASN1_GEN_FORMAT_ASCII   1
 /* UTF8 */
-#define ASN1_GEN_FORMAT_UTF8	2
+#define ASN1_GEN_FORMAT_UTF8    2
 /* Hex */
-#define ASN1_GEN_FORMAT_HEX	3
+#define ASN1_GEN_FORMAT_HEX     3
 /* List of bits */
-#define ASN1_GEN_FORMAT_BITLIST	4
-
-
-struct tag_name_st
-	{
-	const char *strnam;
-	int len;
-	int tag;
-	};
-
-typedef struct
-	{
-	int exp_tag;
-	int exp_class;
-	int exp_constructed;
-	int exp_pad;
-	long exp_len;
-	} tag_exp_type;
-
-typedef struct
-	{
-	int imp_tag;
-	int imp_class;
-	int utype;
-	int format;
-	const char *str;
-	tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
-	int exp_count;
-	} tag_exp_arg;
+#define ASN1_GEN_FORMAT_BITLIST 4
+
+struct tag_name_st {
+    const char *strnam;
+    int len;
+    int tag;
+};
+
+typedef struct {
+    int exp_tag;
+    int exp_class;
+    int exp_constructed;
+    int exp_pad;
+    long exp_len;
+} tag_exp_type;
+
+typedef struct {
+    int imp_tag;
+    int imp_class;
+    int utype;
+    int format;
+    const char *str;
+    tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
+    int exp_count;
+} tag_exp_arg;
 
 static int bitstr_cb(const char *elem, int len, void *bitstr);
 static int asn1_cb(const char *elem, int len, void *bitstr);
-static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);
-static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
+                      int exp_constructed, int exp_pad, int imp_ok);
+static int parse_tagging(const char *vstart, int vlen, int *ptag,
+                         int *pclass);
 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
 static int asn1_str2tag(const char *tagstr, int len);
 
 ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
-	{
-	X509V3_CTX cnf;
+{
+    X509V3_CTX cnf;
 
-	if (!nconf)
-		return ASN1_generate_v3(str, NULL);
+    if (!nconf)
+        return ASN1_generate_v3(str, NULL);
 
-	X509V3_set_nconf(&cnf, nconf);
-	return ASN1_generate_v3(str, &cnf);
-	}
+    X509V3_set_nconf(&cnf, nconf);
+    return ASN1_generate_v3(str, &cnf);
+}
 
 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
-	{
-	ASN1_TYPE *ret;
-	tag_exp_arg asn1_tags;
-	tag_exp_type *etmp;
-
-	int i, len;
-
-	unsigned char *orig_der = NULL, *new_der = NULL;
-	const unsigned char *cpy_start;
-	unsigned char *p;
-	const unsigned char *cp;
-	int cpy_len;
-	long hdr_len;
-	int hdr_constructed = 0, hdr_tag, hdr_class;
-	int r;
-
-	asn1_tags.imp_tag = -1;
-	asn1_tags.imp_class = -1;
-	asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
-	asn1_tags.exp_count = 0;
-	if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
-		return NULL;
-
-	if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))
-		{
-		if (!cnf)
-			{
-			ASN1err(ASN1_F_ASN1_GENERATE_V3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
-			return NULL;
-			}
-		ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
-		}
-	else
-		ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
-
-	if (!ret)
-		return NULL;
-
-	/* If no tagging return base type */
-	if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
-		return ret;
-
-	/* Generate the encoding */
-	cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
-	ASN1_TYPE_free(ret);
-	ret = NULL;
-	/* Set point to start copying for modified encoding */
-	cpy_start = orig_der;
-
-	/* Do we need IMPLICIT tagging? */
-	if (asn1_tags.imp_tag != -1)
-		{
-		/* If IMPLICIT we will replace the underlying tag */
-		/* Skip existing tag+len */
-		r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);
-		if (r & 0x80)
-			goto err;
-		/* Update copy length */
-		cpy_len -= cpy_start - orig_der;
-		/* For IMPLICIT tagging the length should match the
-		 * original length and constructed flag should be
-		 * consistent.
-		 */
-		if (r & 0x1)
-			{
-			/* Indefinite length constructed */
-			hdr_constructed = 2;
-			hdr_len = 0;
-			}
-		else
-			/* Just retain constructed flag */
-			hdr_constructed = r & V_ASN1_CONSTRUCTED;
-		/* Work out new length with IMPLICIT tag: ignore constructed
-		 * because it will mess up if indefinite length
-		 */
-		len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
-		}
-	else
-		len = cpy_len;
-
-	/* Work out length in any EXPLICIT, starting from end */
-
-	for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)
-		{
-		/* Content length: number of content octets + any padding */
-		len += etmp->exp_pad;
-		etmp->exp_len = len;
-		/* Total object length: length including new header */
-		len = ASN1_object_size(0, len, etmp->exp_tag);
-		}
-
-	/* Allocate buffer for new encoding */
-
-	new_der = OPENSSL_malloc(len);
-	if (!new_der)
-		goto err;
-
-	/* Generate tagged encoding */
-
-	p = new_der;
-
-	/* Output explicit tags first */
-
-	for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)
-		{
-		ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
-					etmp->exp_tag, etmp->exp_class);
-		if (etmp->exp_pad)
-			*p++ = 0;
-		}
-
-	/* If IMPLICIT, output tag */
-
-	if (asn1_tags.imp_tag != -1)
-		ASN1_put_object(&p, hdr_constructed, hdr_len,
-					asn1_tags.imp_tag, asn1_tags.imp_class);
-
-	/* Copy across original encoding */
-	memcpy(p, cpy_start, cpy_len);
-
-	cp = new_der;
-
-	/* Obtain new ASN1_TYPE structure */
-	ret = d2i_ASN1_TYPE(NULL, &cp, len);
-
-	err:
-	if (orig_der)
-		OPENSSL_free(orig_der);
-	if (new_der)
-		OPENSSL_free(new_der);
-
-	return ret;
-
-	}
+{
+    ASN1_TYPE *ret;
+    tag_exp_arg asn1_tags;
+    tag_exp_type *etmp;
+
+    int i, len;
+
+    unsigned char *orig_der = NULL, *new_der = NULL;
+    const unsigned char *cpy_start;
+    unsigned char *p;
+    const unsigned char *cp;
+    int cpy_len;
+    long hdr_len;
+    int hdr_constructed = 0, hdr_tag, hdr_class;
+    int r;
+
+    asn1_tags.imp_tag = -1;
+    asn1_tags.imp_class = -1;
+    asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
+    asn1_tags.exp_count = 0;
+    if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
+        return NULL;
+
+    if ((asn1_tags.utype == V_ASN1_SEQUENCE)
+        || (asn1_tags.utype == V_ASN1_SET)) {
+        if (!cnf) {
+            ASN1err(ASN1_F_ASN1_GENERATE_V3,
+                    ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
+            return NULL;
+        }
+        ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
+    } else
+        ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
+
+    if (!ret)
+        return NULL;
+
+    /* If no tagging return base type */
+    if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
+        return ret;
+
+    /* Generate the encoding */
+    cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
+    ASN1_TYPE_free(ret);
+    ret = NULL;
+    /* Set point to start copying for modified encoding */
+    cpy_start = orig_der;
+
+    /* Do we need IMPLICIT tagging? */
+    if (asn1_tags.imp_tag != -1) {
+        /* If IMPLICIT we will replace the underlying tag */
+        /* Skip existing tag+len */
+        r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class,
+                            cpy_len);
+        if (r & 0x80)
+            goto err;
+        /* Update copy length */
+        cpy_len -= cpy_start - orig_der;
+        /*
+         * For IMPLICIT tagging the length should match the original length
+         * and constructed flag should be consistent.
+         */
+        if (r & 0x1) {
+            /* Indefinite length constructed */
+            hdr_constructed = 2;
+            hdr_len = 0;
+        } else
+            /* Just retain constructed flag */
+            hdr_constructed = r & V_ASN1_CONSTRUCTED;
+        /*
+         * Work out new length with IMPLICIT tag: ignore constructed because
+         * it will mess up if indefinite length
+         */
+        len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
+    } else
+        len = cpy_len;
+
+    /* Work out length in any EXPLICIT, starting from end */
+
+    for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1;
+         i < asn1_tags.exp_count; i++, etmp--) {
+        /* Content length: number of content octets + any padding */
+        len += etmp->exp_pad;
+        etmp->exp_len = len;
+        /* Total object length: length including new header */
+        len = ASN1_object_size(0, len, etmp->exp_tag);
+    }
+
+    /* Allocate buffer for new encoding */
+
+    new_der = OPENSSL_malloc(len);
+    if (!new_der)
+        goto err;
+
+    /* Generate tagged encoding */
+
+    p = new_der;
+
+    /* Output explicit tags first */
+
+    for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count;
+         i++, etmp++) {
+        ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
+                        etmp->exp_tag, etmp->exp_class);
+        if (etmp->exp_pad)
+            *p++ = 0;
+    }
+
+    /* If IMPLICIT, output tag */
+
+    if (asn1_tags.imp_tag != -1)
+        ASN1_put_object(&p, hdr_constructed, hdr_len,
+                        asn1_tags.imp_tag, asn1_tags.imp_class);
+
+    /* Copy across original encoding */
+    memcpy(p, cpy_start, cpy_len);
+
+    cp = new_der;
+
+    /* Obtain new ASN1_TYPE structure */
+    ret = d2i_ASN1_TYPE(NULL, &cp, len);
+
+ err:
+    if (orig_der)
+        OPENSSL_free(orig_der);
+    if (new_der)
+        OPENSSL_free(new_der);
+
+    return ret;
+
+}
 
 static int asn1_cb(const char *elem, int len, void *bitstr)
-	{
-	tag_exp_arg *arg = bitstr;
-	int i;
-	int utype;
-	int vlen = 0;
-	const char *p, *vstart = NULL;
-
-	int tmp_tag, tmp_class;
-
-	for(i = 0, p = elem; i < len; p++, i++)
-		{
-		/* Look for the ':' in name value pairs */
-		if (*p == ':')
-			{
-			vstart = p + 1;
-			vlen = len - (vstart - elem);
-			len = p - elem;
-			break;
-			}
-		}
-
-	utype = asn1_str2tag(elem, len);
-
-	if (utype == -1)
-		{
-		ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
-		ERR_add_error_data(2, "tag=", elem);
-		return -1;
-		}
-
-	/* If this is not a modifier mark end of string and exit */
-	if (!(utype & ASN1_GEN_FLAG))
-		{
-		arg->utype = utype;
-		arg->str = vstart;
-		/* If no value and not end of string, error */
-		if (!vstart && elem[len])
-			{
-			ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
-			return -1;
-			}
-		return 0;
-		}
-
-	switch(utype)
-		{
-
-		case ASN1_GEN_FLAG_IMP:
-		/* Check for illegal multiple IMPLICIT tagging */
-		if (arg->imp_tag != -1)
-			{
-			ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
-			return -1;
-			}
-		if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_EXP:
-
-		if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
-			return -1;
-		if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_SEQWRAP:
-		if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_SETWRAP:
-		if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_BITWRAP:
-		if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_OCTWRAP:
-		if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
-			return -1;
-		break;
-
-		case ASN1_GEN_FLAG_FORMAT:
-		if (!strncmp(vstart, "ASCII", 5))
-			arg->format = ASN1_GEN_FORMAT_ASCII;
-		else if (!strncmp(vstart, "UTF8", 4))
-			arg->format = ASN1_GEN_FORMAT_UTF8;
-		else if (!strncmp(vstart, "HEX", 3))
-			arg->format = ASN1_GEN_FORMAT_HEX;
-		else if (!strncmp(vstart, "BITLIST", 3))
-			arg->format = ASN1_GEN_FORMAT_BITLIST;
-		else
-			{
-			ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
-			return -1;
-			}
-		break;
-
-		}
-
-	return 1;
-
-	}
+{
+    tag_exp_arg *arg = bitstr;
+    int i;
+    int utype;
+    int vlen = 0;
+    const char *p, *vstart = NULL;
+
+    int tmp_tag, tmp_class;
+
+    for (i = 0, p = elem; i < len; p++, i++) {
+        /* Look for the ':' in name value pairs */
+        if (*p == ':') {
+            vstart = p + 1;
+            vlen = len - (vstart - elem);
+            len = p - elem;
+            break;
+        }
+    }
+
+    utype = asn1_str2tag(elem, len);
+
+    if (utype == -1) {
+        ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG);
+        ERR_add_error_data(2, "tag=", elem);
+        return -1;
+    }
+
+    /* If this is not a modifier mark end of string and exit */
+    if (!(utype & ASN1_GEN_FLAG)) {
+        arg->utype = utype;
+        arg->str = vstart;
+        /* If no value and not end of string, error */
+        if (!vstart && elem[len]) {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE);
+            return -1;
+        }
+        return 0;
+    }
+
+    switch (utype) {
+
+    case ASN1_GEN_FLAG_IMP:
+        /* Check for illegal multiple IMPLICIT tagging */
+        if (arg->imp_tag != -1) {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING);
+            return -1;
+        }
+        if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_EXP:
+
+        if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
+            return -1;
+        if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_SEQWRAP:
+        if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_SETWRAP:
+        if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_BITWRAP:
+        if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_OCTWRAP:
+        if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
+            return -1;
+        break;
+
+    case ASN1_GEN_FLAG_FORMAT:
+        if (!strncmp(vstart, "ASCII", 5))
+            arg->format = ASN1_GEN_FORMAT_ASCII;
+        else if (!strncmp(vstart, "UTF8", 4))
+            arg->format = ASN1_GEN_FORMAT_UTF8;
+        else if (!strncmp(vstart, "HEX", 3))
+            arg->format = ASN1_GEN_FORMAT_HEX;
+        else if (!strncmp(vstart, "BITLIST", 3))
+            arg->format = ASN1_GEN_FORMAT_BITLIST;
+        else {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
+            return -1;
+        }
+        break;
+
+    }
+
+    return 1;
+
+}
 
 static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
-	{
-	char erch[2];
-	long tag_num;
-	char *eptr;
-	if (!vstart)
-		return 0;
-	tag_num = strtoul(vstart, &eptr, 10);
-	/* Check we haven't gone past max length: should be impossible */
-	if (eptr && *eptr && (eptr > vstart + vlen))
-		return 0;
-	if (tag_num < 0)
-		{
-		ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
-		return 0;
-		}
-	*ptag = tag_num;
-	/* If we have non numeric characters, parse them */
-	if (eptr)
-		vlen -= eptr - vstart;
-	else 
-		vlen = 0;
-	if (vlen)
-		{
-		switch (*eptr)
-			{
-
-			case 'U':
-			*pclass = V_ASN1_UNIVERSAL;
-			break;
-
-			case 'A':
-			*pclass = V_ASN1_APPLICATION;
-			break;
-
-			case 'P':
-			*pclass = V_ASN1_PRIVATE;
-			break;
-
-			case 'C':
-			*pclass = V_ASN1_CONTEXT_SPECIFIC;
-			break;
-
-			default:
-			erch[0] = *eptr;
-			erch[1] = 0;
-			ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
-			ERR_add_error_data(2, "Char=", erch);
-			return 0;
-			break;
-
-			}
-		}
-	else
-		*pclass = V_ASN1_CONTEXT_SPECIFIC;
-
-	return 1;
-
-	}
+{
+    char erch[2];
+    long tag_num;
+    char *eptr;
+    if (!vstart)
+        return 0;
+    tag_num = strtoul(vstart, &eptr, 10);
+    /* Check we haven't gone past max length: should be impossible */
+    if (eptr && *eptr && (eptr > vstart + vlen))
+        return 0;
+    if (tag_num < 0) {
+        ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER);
+        return 0;
+    }
+    *ptag = tag_num;
+    /* If we have non numeric characters, parse them */
+    if (eptr)
+        vlen -= eptr - vstart;
+    else
+        vlen = 0;
+    if (vlen) {
+        switch (*eptr) {
+
+        case 'U':
+            *pclass = V_ASN1_UNIVERSAL;
+            break;
+
+        case 'A':
+            *pclass = V_ASN1_APPLICATION;
+            break;
+
+        case 'P':
+            *pclass = V_ASN1_PRIVATE;
+            break;
+
+        case 'C':
+            *pclass = V_ASN1_CONTEXT_SPECIFIC;
+            break;
+
+        default:
+            erch[0] = *eptr;
+            erch[1] = 0;
+            ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER);
+            ERR_add_error_data(2, "Char=", erch);
+            return 0;
+            break;
+
+        }
+    } else
+        *pclass = V_ASN1_CONTEXT_SPECIFIC;
+
+    return 1;
+
+}
 
 /* Handle multiple types: SET and SEQUENCE */
 
 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
-	{
-	ASN1_TYPE *ret = NULL, *typ = NULL;
-	STACK_OF(ASN1_TYPE) *sk = NULL;
-	STACK_OF(CONF_VALUE) *sect = NULL;
-	unsigned char *der = NULL, *p;
-	int derlen;
-	int i, is_set;
-	sk = sk_ASN1_TYPE_new_null();
-	if (!sk)
-		goto bad;
-	if (section)
-		{
-		if (!cnf)
-			goto bad;
-		sect = X509V3_get_section(cnf, (char *)section);
-		if (!sect)
-			goto bad;
-		for (i = 0; i < sk_CONF_VALUE_num(sect); i++)
-			{
-			typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
-			if (!typ)
-				goto bad;
-			if (!sk_ASN1_TYPE_push(sk, typ))
-				goto bad;
-			typ = NULL;
-			}
-		}
-
-	/* Now we has a STACK of the components, convert to the correct form */
-
-	if (utype == V_ASN1_SET)
-		is_set = 1;
-	else
-		is_set = 0;
-
-
-	derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype,
-					   V_ASN1_UNIVERSAL, is_set);
-	der = OPENSSL_malloc(derlen);
-	if (!der)
-		goto bad;
-	p = der;
-	i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype,
-				  V_ASN1_UNIVERSAL, is_set);
-
-	if (!(ret = ASN1_TYPE_new()))
-		goto bad;
-
-	if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
-		goto bad;
-
-	ret->type = utype;
-
-	ret->value.asn1_string->data = der;
-	ret->value.asn1_string->length = derlen;
-
-	der = NULL;
-
-	bad:
-
-	if (der)
-		OPENSSL_free(der);
-
-	if (sk)
-		sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
-	if (typ)
-		ASN1_TYPE_free(typ);
-	if (sect)
-		X509V3_section_free(cnf, sect);
-
-	return ret;
-	}
-
-static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)
-	{
-	tag_exp_type *exp_tmp;
-	/* Can only have IMPLICIT if permitted */
-	if ((arg->imp_tag != -1) && !imp_ok)
-		{
-		ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG);
-		return 0;
-		}
-
-	if (arg->exp_count == ASN1_FLAG_EXP_MAX)
-		{
-		ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED);
-		return 0;
-		}
-
-	exp_tmp = &arg->exp_list[arg->exp_count++];
-
-	/* If IMPLICIT set tag to implicit value then
-	 * reset implicit tag since it has been used.
-	 */
-	if (arg->imp_tag != -1)
-		{
-		exp_tmp->exp_tag = arg->imp_tag;
-		exp_tmp->exp_class = arg->imp_class;
-		arg->imp_tag = -1;
-		arg->imp_class = -1;
-		}
-	else
-		{
-		exp_tmp->exp_tag = exp_tag;
-		exp_tmp->exp_class = exp_class;
-		}
-	exp_tmp->exp_constructed = exp_constructed;
-	exp_tmp->exp_pad = exp_pad;
-
-	return 1;
-	}
-
+{
+    ASN1_TYPE *ret = NULL, *typ = NULL;
+    STACK_OF(ASN1_TYPE) *sk = NULL;
+    STACK_OF(CONF_VALUE) *sect = NULL;
+    unsigned char *der = NULL, *p;
+    int derlen;
+    int i, is_set;
+    sk = sk_ASN1_TYPE_new_null();
+    if (!sk)
+        goto bad;
+    if (section) {
+        if (!cnf)
+            goto bad;
+        sect = X509V3_get_section(cnf, (char *)section);
+        if (!sect)
+            goto bad;
+        for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
+            typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
+            if (!typ)
+                goto bad;
+            if (!sk_ASN1_TYPE_push(sk, typ))
+                goto bad;
+            typ = NULL;
+        }
+    }
+
+    /*
+     * Now we has a STACK of the components, convert to the correct form
+     */
+
+    if (utype == V_ASN1_SET)
+        is_set = 1;
+    else
+        is_set = 0;
+
+    derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype,
+                                       V_ASN1_UNIVERSAL, is_set);
+    der = OPENSSL_malloc(derlen);
+    if (!der)
+        goto bad;
+    p = der;
+    i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype,
+                              V_ASN1_UNIVERSAL, is_set);
+
+    if (!(ret = ASN1_TYPE_new()))
+        goto bad;
+
+    if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
+        goto bad;
+
+    ret->type = utype;
+
+    ret->value.asn1_string->data = der;
+    ret->value.asn1_string->length = derlen;
+
+    der = NULL;
+
+ bad:
+
+    if (der)
+        OPENSSL_free(der);
+
+    if (sk)
+        sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
+    if (typ)
+        ASN1_TYPE_free(typ);
+    if (sect)
+        X509V3_section_free(cnf, sect);
+
+    return ret;
+}
+
+static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
+                      int exp_constructed, int exp_pad, int imp_ok)
+{
+    tag_exp_type *exp_tmp;
+    /* Can only have IMPLICIT if permitted */
+    if ((arg->imp_tag != -1) && !imp_ok) {
+        ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG);
+        return 0;
+    }
+
+    if (arg->exp_count == ASN1_FLAG_EXP_MAX) {
+        ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED);
+        return 0;
+    }
+
+    exp_tmp = &arg->exp_list[arg->exp_count++];
+
+    /*
+     * If IMPLICIT set tag to implicit value then reset implicit tag since it
+     * has been used.
+     */
+    if (arg->imp_tag != -1) {
+        exp_tmp->exp_tag = arg->imp_tag;
+        exp_tmp->exp_class = arg->imp_class;
+        arg->imp_tag = -1;
+        arg->imp_class = -1;
+    } else {
+        exp_tmp->exp_tag = exp_tag;
+        exp_tmp->exp_class = exp_class;
+    }
+    exp_tmp->exp_constructed = exp_constructed;
+    exp_tmp->exp_pad = exp_pad;
+
+    return 1;
+}
 
 static int asn1_str2tag(const char *tagstr, int len)
-	{
-	unsigned int i;
-	static struct tag_name_st *tntmp, tnst [] = {
-		ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
-		ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
-		ASN1_GEN_STR("NULL", V_ASN1_NULL),
-		ASN1_GEN_STR("INT", V_ASN1_INTEGER),
-		ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
-		ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
-		ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
-		ASN1_GEN_STR("OID", V_ASN1_OBJECT),
-		ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
-		ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
-		ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
-		ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
-		ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
-		ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
-		ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
-		ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
-		ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
-		ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
-		ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
-		ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
-		ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
-		ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
-		ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
-		ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
-		ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
-		ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
-		ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
-		ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
-		ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
-		ASN1_GEN_STR("T61", V_ASN1_T61STRING),
-		ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
-		ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
-		ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
-		ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
-
-		/* Special cases */
-		ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
-		ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
-		ASN1_GEN_STR("SET", V_ASN1_SET),
-		/* type modifiers */
-		/* Explicit tag */
-		ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
-		ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
-		/* Implicit tag */
-		ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
-		ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
-		/* OCTET STRING wrapper */
-		ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
-		/* SEQUENCE wrapper */
-		ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
-		/* SET wrapper */
-		ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
-		/* BIT STRING wrapper */
-		ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
-		ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
-		ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
-	};
-
-	if (len == -1)
-		len = strlen(tagstr);
-	
-	tntmp = tnst;	
-	for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)
-		{
-		if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
-			return tntmp->tag;
-		}
-	
-	return -1;
-	}
+{
+    unsigned int i;
+    static struct tag_name_st *tntmp, tnst[] = {
+        ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
+        ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
+        ASN1_GEN_STR("NULL", V_ASN1_NULL),
+        ASN1_GEN_STR("INT", V_ASN1_INTEGER),
+        ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
+        ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
+        ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
+        ASN1_GEN_STR("OID", V_ASN1_OBJECT),
+        ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
+        ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
+        ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
+        ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
+        ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
+        ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
+        ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
+        ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
+        ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
+        ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
+        ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
+        ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
+        ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
+        ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
+        ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
+        ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
+        ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
+        ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
+        ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
+        ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
+        ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
+        ASN1_GEN_STR("T61", V_ASN1_T61STRING),
+        ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
+        ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
+        ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
+        ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
+
+        /* Special cases */
+        ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
+        ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
+        ASN1_GEN_STR("SET", V_ASN1_SET),
+        /* type modifiers */
+        /* Explicit tag */
+        ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
+        ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
+        /* Implicit tag */
+        ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
+        ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
+        /* OCTET STRING wrapper */
+        ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
+        /* SEQUENCE wrapper */
+        ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
+        /* SET wrapper */
+        ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
+        /* BIT STRING wrapper */
+        ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
+        ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
+        ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
+    };
+
+    if (len == -1)
+        len = strlen(tagstr);
+
+    tntmp = tnst;
+    for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) {
+        if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
+            return tntmp->tag;
+    }
+
+    return -1;
+}
 
 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
-	{
-	ASN1_TYPE *atmp = NULL;
-
-	CONF_VALUE vtmp;
-
-	unsigned char *rdata;
-	long rdlen;
-
-	int no_unused = 1;
-
-	if (!(atmp = ASN1_TYPE_new()))
-		{
-		ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	if (!str)
-		str = "";
-
-	switch(utype)
-		{
-
-		case V_ASN1_NULL:
-		if (str && *str)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);
-			goto bad_form;
-			}
-		break;
-		
-		case V_ASN1_BOOLEAN:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		vtmp.name = NULL;
-		vtmp.section = NULL;
-		vtmp.value = (char *)str;
-		if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
-			goto bad_str;
-			}
-		break;
-
-		case V_ASN1_INTEGER:
-		case V_ASN1_ENUMERATED:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
-			goto bad_str;
-			}
-		break;
-
-		case V_ASN1_OBJECT:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		if (!(atmp->value.object = OBJ_txt2obj(str, 0)))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
-			goto bad_str;
-			}
-		break;
-
-		case V_ASN1_UTCTIME:
-		case V_ASN1_GENERALIZEDTIME:
-		if (format != ASN1_GEN_FORMAT_ASCII)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
-			goto bad_form;
-			}
-		if (!(atmp->value.asn1_string = ASN1_STRING_new()))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_str;
-			}
-		if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_str;
-			}
-		atmp->value.asn1_string->type = utype;
-		if (!ASN1_TIME_check(atmp->value.asn1_string))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);
-			goto bad_str;
-			}
-
-		break;
-
-		case V_ASN1_BMPSTRING:
-		case V_ASN1_PRINTABLESTRING:
-		case V_ASN1_IA5STRING:
-		case V_ASN1_T61STRING:
-		case V_ASN1_UTF8STRING:
-		case V_ASN1_VISIBLESTRING:
-		case V_ASN1_UNIVERSALSTRING:
-		case V_ASN1_GENERALSTRING:
-
-		if (format == ASN1_GEN_FORMAT_ASCII)
-			format = MBSTRING_ASC;
-		else if (format == ASN1_GEN_FORMAT_UTF8)
-			format = MBSTRING_UTF8;
-		else
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
-			goto bad_form;
-			}
-
-
-		if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
-						-1, format, ASN1_tag2bit(utype)) <= 0)
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_str;
-			}
-		
-
-		break;
-
-		case V_ASN1_BIT_STRING:
-
-		case V_ASN1_OCTET_STRING:
-
-		if (!(atmp->value.asn1_string = ASN1_STRING_new()))
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
-			goto bad_form;
-			}
-
-		if (format == ASN1_GEN_FORMAT_HEX)
-			{
-
-			if (!(rdata = string_to_hex((char *)str, &rdlen)))
-				{
-				ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
-				goto bad_str;
-				}
-
-			atmp->value.asn1_string->data = rdata;
-			atmp->value.asn1_string->length = rdlen;
-			atmp->value.asn1_string->type = utype;
-
-			}
-		else if (format == ASN1_GEN_FORMAT_ASCII)
-			ASN1_STRING_set(atmp->value.asn1_string, str, -1);
-		else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))
-			{
-			if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))
-				{
-				ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);
-				goto bad_str;
-				}
-			no_unused = 0;
-			
-			}
-		else 
-			{
-			ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
-			goto bad_form;
-			}
-
-		if ((utype == V_ASN1_BIT_STRING) && no_unused)
-			{
-			atmp->value.asn1_string->flags
-				&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-        		atmp->value.asn1_string->flags
-				|= ASN1_STRING_FLAG_BITS_LEFT;
-			}
-
-
-		break;
-
-		default:
-		ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
-		goto bad_str;
-		break;
-		}
-
-
-	atmp->type = utype;
-	return atmp;
-
-
-	bad_str:
-	ERR_add_error_data(2, "string=", str);
-	bad_form:
-
-	ASN1_TYPE_free(atmp);
-	return NULL;
-
-	}
+{
+    ASN1_TYPE *atmp = NULL;
+
+    CONF_VALUE vtmp;
+
+    unsigned char *rdata;
+    long rdlen;
+
+    int no_unused = 1;
+
+    if (!(atmp = ASN1_TYPE_new())) {
+        ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!str)
+        str = "";
+
+    switch (utype) {
+
+    case V_ASN1_NULL:
+        if (str && *str) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE);
+            goto bad_form;
+        }
+        break;
+
+    case V_ASN1_BOOLEAN:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        vtmp.name = NULL;
+        vtmp.section = NULL;
+        vtmp.value = (char *)str;
+        if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN);
+            goto bad_str;
+        }
+        break;
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_ENUMERATED:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER);
+            goto bad_str;
+        }
+        break;
+
+    case V_ASN1_OBJECT:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        if (!(atmp->value.object = OBJ_txt2obj(str, 0))) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT);
+            goto bad_str;
+        }
+        break;
+
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+        if (format != ASN1_GEN_FORMAT_ASCII) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT);
+            goto bad_form;
+        }
+        if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_str;
+        }
+        if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_str;
+        }
+        atmp->value.asn1_string->type = utype;
+        if (!ASN1_TIME_check(atmp->value.asn1_string)) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE);
+            goto bad_str;
+        }
+
+        break;
+
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_GENERALSTRING:
+
+        if (format == ASN1_GEN_FORMAT_ASCII)
+            format = MBSTRING_ASC;
+        else if (format == ASN1_GEN_FORMAT_UTF8)
+            format = MBSTRING_UTF8;
+        else {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT);
+            goto bad_form;
+        }
+
+        if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
+                               -1, format, ASN1_tag2bit(utype)) <= 0) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_str;
+        }
+
+        break;
+
+    case V_ASN1_BIT_STRING:
+
+    case V_ASN1_OCTET_STRING:
+
+        if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE);
+            goto bad_form;
+        }
+
+        if (format == ASN1_GEN_FORMAT_HEX) {
+
+            if (!(rdata = string_to_hex((char *)str, &rdlen))) {
+                ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX);
+                goto bad_str;
+            }
+
+            atmp->value.asn1_string->data = rdata;
+            atmp->value.asn1_string->length = rdlen;
+            atmp->value.asn1_string->type = utype;
+
+        } else if (format == ASN1_GEN_FORMAT_ASCII)
+            ASN1_STRING_set(atmp->value.asn1_string, str, -1);
+        else if ((format == ASN1_GEN_FORMAT_BITLIST)
+                 && (utype == V_ASN1_BIT_STRING)) {
+            if (!CONF_parse_list
+                (str, ',', 1, bitstr_cb, atmp->value.bit_string)) {
+                ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR);
+                goto bad_str;
+            }
+            no_unused = 0;
+
+        } else {
+            ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
+            goto bad_form;
+        }
+
+        if ((utype == V_ASN1_BIT_STRING) && no_unused) {
+            atmp->value.asn1_string->flags
+                &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+            atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+        }
+
+        break;
+
+    default:
+        ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE);
+        goto bad_str;
+        break;
+    }
+
+    atmp->type = utype;
+    return atmp;
+
+ bad_str:
+    ERR_add_error_data(2, "string=", str);
+ bad_form:
+
+    ASN1_TYPE_free(atmp);
+    return NULL;
+
+}
 
 static int bitstr_cb(const char *elem, int len, void *bitstr)
-	{
-	long bitnum;
-	char *eptr;
-	if (!elem)
-		return 0;
-	bitnum = strtoul(elem, &eptr, 10);
-	if (eptr && *eptr && (eptr != elem + len))
-		return 0;
-	if (bitnum < 0)
-		{
-		ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
-		return 0;
-		}
-	if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))
-		{
-		ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	return 1;
-	}
-
+{
+    long bitnum;
+    char *eptr;
+    if (!elem)
+        return 0;
+    bitnum = strtoul(elem, &eptr, 10);
+    if (eptr && *eptr && (eptr != elem + len))
+        return 0;
+    if (bitnum < 0) {
+        ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER);
+        return 0;
+    }
+    if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) {
+        ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c
index d3451557..dd667f2d 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_lib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,412 +62,405 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1_mac.h>
 
-static int asn1_get_length(const unsigned char **pp,int *inf,long *rl,int max);
+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
+                           int max);
 static void asn1_put_length(unsigned char **pp, int length);
-const char ASN1_version[]="ASN.1" OPENSSL_VERSION_PTEXT;
+const char ASN1_version[] = "ASN.1" OPENSSL_VERSION_PTEXT;
 
 static int _asn1_check_infinite_end(const unsigned char **p, long len)
-	{
-	/* If there is 0 or 1 byte left, the length check should pick
-	 * things up */
-	if (len <= 0)
-		return(1);
-	else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0))
-		{
-		(*p)+=2;
-		return(1);
-		}
-	return(0);
-	}
+{
+    /*
+     * If there is 0 or 1 byte left, the length check should pick things up
+     */
+    if (len <= 0)
+        return (1);
+    else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) {
+        (*p) += 2;
+        return (1);
+    }
+    return (0);
+}
 
 int ASN1_check_infinite_end(unsigned char **p, long len)
-	{
-	return _asn1_check_infinite_end((const unsigned char **)p, len);
-	}
+{
+    return _asn1_check_infinite_end((const unsigned char **)p, len);
+}
 
 int ASN1_const_check_infinite_end(const unsigned char **p, long len)
-	{
-	return _asn1_check_infinite_end(p, len);
-	}
-
+{
+    return _asn1_check_infinite_end(p, len);
+}
 
 int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
-	int *pclass, long omax)
-	{
-	int i,ret;
-	long l;
-	const unsigned char *p= *pp;
-	int tag,xclass,inf;
-	long max=omax;
-
-	if (!max) goto err;
-	ret=(*p&V_ASN1_CONSTRUCTED);
-	xclass=(*p&V_ASN1_PRIVATE);
-	i= *p&V_ASN1_PRIMITIVE_TAG;
-	if (i == V_ASN1_PRIMITIVE_TAG)
-		{		/* high-tag */
-		p++;
-		if (--max == 0) goto err;
-		l=0;
-		while (*p&0x80)
-			{
-			l<<=7L;
-			l|= *(p++)&0x7f;
-			if (--max == 0) goto err;
-			if (l > (INT_MAX >> 7L)) goto err;
-			}
-		l<<=7L;
-		l|= *(p++)&0x7f;
-		tag=(int)l;
-		if (--max == 0) goto err;
-		}
-	else
-		{ 
-		tag=i;
-		p++;
-		if (--max == 0) goto err;
-		}
-	*ptag=tag;
-	*pclass=xclass;
-	if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err;
-
-	if (inf && !(ret & V_ASN1_CONSTRUCTED))
-		goto err;
+                    int *pclass, long omax)
+{
+    int i, ret;
+    long l;
+    const unsigned char *p = *pp;
+    int tag, xclass, inf;
+    long max = omax;
+
+    if (!max)
+        goto err;
+    ret = (*p & V_ASN1_CONSTRUCTED);
+    xclass = (*p & V_ASN1_PRIVATE);
+    i = *p & V_ASN1_PRIMITIVE_TAG;
+    if (i == V_ASN1_PRIMITIVE_TAG) { /* high-tag */
+        p++;
+        if (--max == 0)
+            goto err;
+        l = 0;
+        while (*p & 0x80) {
+            l <<= 7L;
+            l |= *(p++) & 0x7f;
+            if (--max == 0)
+                goto err;
+            if (l > (INT_MAX >> 7L))
+                goto err;
+        }
+        l <<= 7L;
+        l |= *(p++) & 0x7f;
+        tag = (int)l;
+        if (--max == 0)
+            goto err;
+    } else {
+        tag = i;
+        p++;
+        if (--max == 0)
+            goto err;
+    }
+    *ptag = tag;
+    *pclass = xclass;
+    if (!asn1_get_length(&p, &inf, plength, (int)max))
+        goto err;
+
+    if (inf && !(ret & V_ASN1_CONSTRUCTED))
+        goto err;
 
 #if 0
-	fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n", 
-		(int)p,*plength,omax,(int)*pp,(int)(p+ *plength),
-		(int)(omax+ *pp));
+    fprintf(stderr, "p=%d + *plength=%ld > omax=%ld + *pp=%d  (%d > %d)\n",
+            (int)p, *plength, omax, (int)*pp, (int)(p + *plength),
+            (int)(omax + *pp));
 
 #endif
-	if (*plength > (omax - (p - *pp)))
-		{
-		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
-		/* Set this so that even if things are not long enough
-		 * the values are set correctly */
-		ret|=0x80;
-		}
-	*pp=p;
-	return(ret|inf);
-err:
-	ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG);
-	return(0x80);
-	}
-
-static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, int max)
-	{
-	const unsigned char *p= *pp;
-	unsigned long ret=0;
-	unsigned int i;
-
-	if (max-- < 1) return(0);
-	if (*p == 0x80)
-		{
-		*inf=1;
-		ret=0;
-		p++;
-		}
-	else
-		{
-		*inf=0;
-		i= *p&0x7f;
-		if (*(p++) & 0x80)
-			{
-			if (i > sizeof(long))
-				return 0;
-			if (max-- == 0) return(0);
-			while (i-- > 0)
-				{
-				ret<<=8L;
-				ret|= *(p++);
-				if (max-- == 0) return(0);
-				}
-			}
-		else
-			ret=i;
-		}
-	if (ret > LONG_MAX)
-		return 0;
-	*pp=p;
-	*rl=(long)ret;
-	return(1);
-	}
-
-/* class 0 is constructed
- * constructed == 2 for indefinite length constructed */
+    if (*plength > (omax - (p - *pp))) {
+        ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG);
+        /*
+         * Set this so that even if things are not long enough the values are
+         * set correctly
+         */
+        ret |= 0x80;
+    }
+    *pp = p;
+    return (ret | inf);
+ err:
+    ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG);
+    return (0x80);
+}
+
+static int asn1_get_length(const unsigned char **pp, int *inf, long *rl,
+                           int max)
+{
+    const unsigned char *p = *pp;
+    unsigned long ret = 0;
+    unsigned int i;
+
+    if (max-- < 1)
+        return (0);
+    if (*p == 0x80) {
+        *inf = 1;
+        ret = 0;
+        p++;
+    } else {
+        *inf = 0;
+        i = *p & 0x7f;
+        if (*(p++) & 0x80) {
+            if (i > sizeof(long))
+                return 0;
+            if (max-- == 0)
+                return (0);
+            while (i-- > 0) {
+                ret <<= 8L;
+                ret |= *(p++);
+                if (max-- == 0)
+                    return (0);
+            }
+        } else
+            ret = i;
+    }
+    if (ret > LONG_MAX)
+        return 0;
+    *pp = p;
+    *rl = (long)ret;
+    return (1);
+}
+
+/*
+ * class 0 is constructed constructed == 2 for indefinite length constructed
+ */
 void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
-	     int xclass)
-	{
-	unsigned char *p= *pp;
-	int i, ttag;
-
-	i=(constructed)?V_ASN1_CONSTRUCTED:0;
-	i|=(xclass&V_ASN1_PRIVATE);
-	if (tag < 31)
-		*(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG);
-	else
-		{
-		*(p++)=i|V_ASN1_PRIMITIVE_TAG;
-		for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7;
-		ttag = i;
-		while(i-- > 0)
-			{
-			p[i] = tag & 0x7f;
-			if(i != (ttag - 1)) p[i] |= 0x80;
-			tag >>= 7;
-			}
-		p += ttag;
-		}
-	if (constructed == 2)
-		*(p++)=0x80;
-	else
-		asn1_put_length(&p,length);
-	*pp=p;
-	}
+                     int xclass)
+{
+    unsigned char *p = *pp;
+    int i, ttag;
+
+    i = (constructed) ? V_ASN1_CONSTRUCTED : 0;
+    i |= (xclass & V_ASN1_PRIVATE);
+    if (tag < 31)
+        *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG);
+    else {
+        *(p++) = i | V_ASN1_PRIMITIVE_TAG;
+        for (i = 0, ttag = tag; ttag > 0; i++)
+            ttag >>= 7;
+        ttag = i;
+        while (i-- > 0) {
+            p[i] = tag & 0x7f;
+            if (i != (ttag - 1))
+                p[i] |= 0x80;
+            tag >>= 7;
+        }
+        p += ttag;
+    }
+    if (constructed == 2)
+        *(p++) = 0x80;
+    else
+        asn1_put_length(&p, length);
+    *pp = p;
+}
 
 int ASN1_put_eoc(unsigned char **pp)
-	{
-	unsigned char *p = *pp;
-	*p++ = 0;
-	*p++ = 0;
-	*pp = p;
-	return 2;
-	}
+{
+    unsigned char *p = *pp;
+    *p++ = 0;
+    *p++ = 0;
+    *pp = p;
+    return 2;
+}
 
 static void asn1_put_length(unsigned char **pp, int length)
-	{
-	unsigned char *p= *pp;
-	int i,l;
-	if (length <= 127)
-		*(p++)=(unsigned char)length;
-	else
-		{
-		l=length;
-		for (i=0; l > 0; i++)
-			l>>=8;
-		*(p++)=i|0x80;
-		l=i;
-		while (i-- > 0)
-			{
-			p[i]=length&0xff;
-			length>>=8;
-			}
-		p+=l;
-		}
-	*pp=p;
-	}
+{
+    unsigned char *p = *pp;
+    int i, l;
+    if (length <= 127)
+        *(p++) = (unsigned char)length;
+    else {
+        l = length;
+        for (i = 0; l > 0; i++)
+            l >>= 8;
+        *(p++) = i | 0x80;
+        l = i;
+        while (i-- > 0) {
+            p[i] = length & 0xff;
+            length >>= 8;
+        }
+        p += l;
+    }
+    *pp = p;
+}
 
 int ASN1_object_size(int constructed, int length, int tag)
-	{
-	int ret;
-
-	ret=length;
-	ret++;
-	if (tag >= 31)
-		{
-		while (tag > 0)
-			{
-			tag>>=7;
-			ret++;
-			}
-		}
-	if (constructed == 2)
-		return ret + 3;
-	ret++;
-	if (length > 127)
-		{
-		while (length > 0)
-			{
-			length>>=8;
-			ret++;
-			}
-		}
-	return(ret);
-	}
+{
+    int ret;
+
+    ret = length;
+    ret++;
+    if (tag >= 31) {
+        while (tag > 0) {
+            tag >>= 7;
+            ret++;
+        }
+    }
+    if (constructed == 2)
+        return ret + 3;
+    ret++;
+    if (length > 127) {
+        while (length > 0) {
+            length >>= 8;
+            ret++;
+        }
+    }
+    return (ret);
+}
 
 static int _asn1_Finish(ASN1_const_CTX *c)
-	{
-	if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos))
-		{
-		if (!ASN1_const_check_infinite_end(&c->p,c->slen))
-			{
-			c->error=ERR_R_MISSING_ASN1_EOS;
-			return(0);
-			}
-		}
-	if (	((c->slen != 0) && !(c->inf & 1)) ||
-		((c->slen < 0) && (c->inf & 1)))
-		{
-		c->error=ERR_R_ASN1_LENGTH_MISMATCH;
-		return(0);
-		}
-	return(1);
-	}
+{
+    if ((c->inf == (1 | V_ASN1_CONSTRUCTED)) && (!c->eos)) {
+        if (!ASN1_const_check_infinite_end(&c->p, c->slen)) {
+            c->error = ERR_R_MISSING_ASN1_EOS;
+            return (0);
+        }
+    }
+    if (((c->slen != 0) && !(c->inf & 1)) || ((c->slen < 0) && (c->inf & 1))) {
+        c->error = ERR_R_ASN1_LENGTH_MISMATCH;
+        return (0);
+    }
+    return (1);
+}
 
 int asn1_Finish(ASN1_CTX *c)
-	{
-	return _asn1_Finish((ASN1_const_CTX *)c);
-	}
+{
+    return _asn1_Finish((ASN1_const_CTX *)c);
+}
 
 int asn1_const_Finish(ASN1_const_CTX *c)
-	{
-	return _asn1_Finish(c);
-	}
+{
+    return _asn1_Finish(c);
+}
 
 int asn1_GetSequence(ASN1_const_CTX *c, long *length)
-	{
-	const unsigned char *q;
-
-	q=c->p;
-	c->inf=ASN1_get_object(&(c->p),&(c->slen),&(c->tag),&(c->xclass),
-		*length);
-	if (c->inf & 0x80)
-		{
-		c->error=ERR_R_BAD_GET_ASN1_OBJECT_CALL;
-		return(0);
-		}
-	if (c->tag != V_ASN1_SEQUENCE)
-		{
-		c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
-		return(0);
-		}
-	(*length)-=(c->p-q);
-	if (c->max && (*length < 0))
-		{
-		c->error=ERR_R_ASN1_LENGTH_MISMATCH;
-		return(0);
-		}
-	if (c->inf == (1|V_ASN1_CONSTRUCTED))
-		c->slen= *length+ *(c->pp)-c->p;
-	c->eos=0;
-	return(1);
-	}
+{
+    const unsigned char *q;
+
+    q = c->p;
+    c->inf = ASN1_get_object(&(c->p), &(c->slen), &(c->tag), &(c->xclass),
+                             *length);
+    if (c->inf & 0x80) {
+        c->error = ERR_R_BAD_GET_ASN1_OBJECT_CALL;
+        return (0);
+    }
+    if (c->tag != V_ASN1_SEQUENCE) {
+        c->error = ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
+        return (0);
+    }
+    (*length) -= (c->p - q);
+    if (c->max && (*length < 0)) {
+        c->error = ERR_R_ASN1_LENGTH_MISMATCH;
+        return (0);
+    }
+    if (c->inf == (1 | V_ASN1_CONSTRUCTED))
+        c->slen = *length + *(c->pp) - c->p;
+    c->eos = 0;
+    return (1);
+}
 
 ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str)
-	{
-	ASN1_STRING *ret;
-
-	if (str == NULL) return(NULL);
-	if ((ret=ASN1_STRING_type_new(str->type)) == NULL)
-		return(NULL);
-	if (!ASN1_STRING_set(ret,str->data,str->length))
-		{
-		ASN1_STRING_free(ret);
-		return(NULL);
-		}
-	ret->flags = str->flags;
-	return(ret);
-	}
+{
+    ASN1_STRING *ret;
+
+    if (str == NULL)
+        return (NULL);
+    if ((ret = ASN1_STRING_type_new(str->type)) == NULL)
+        return (NULL);
+    if (!ASN1_STRING_set(ret, str->data, str->length)) {
+        ASN1_STRING_free(ret);
+        return (NULL);
+    }
+    ret->flags = str->flags;
+    return (ret);
+}
 
 int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len)
-	{
-	unsigned char *c;
-	const char *data=_data;
-
-	if (len < 0)
-		{
-		if (data == NULL)
-			return(0);
-		else
-			len=strlen(data);
-		}
-	if ((str->length < len) || (str->data == NULL))
-		{
-		c=str->data;
-		if (c == NULL)
-			str->data=OPENSSL_malloc(len+1);
-		else
-			str->data=OPENSSL_realloc(c,len+1);
-
-		if (str->data == NULL)
-			{
-			ASN1err(ASN1_F_ASN1_STRING_SET,ERR_R_MALLOC_FAILURE);
-			str->data=c;
-			return(0);
-			}
-		}
-	str->length=len;
-	if (data != NULL)
-		{
-		memcpy(str->data,data,len);
-		/* an allowance for strings :-) */
-		str->data[len]='\0';
-		}
-	return(1);
-	}
+{
+    unsigned char *c;
+    const char *data = _data;
+
+    if (len < 0) {
+        if (data == NULL)
+            return (0);
+        else
+            len = strlen(data);
+    }
+    if ((str->length < len) || (str->data == NULL)) {
+        c = str->data;
+        if (c == NULL)
+            str->data = OPENSSL_malloc(len + 1);
+        else
+            str->data = OPENSSL_realloc(c, len + 1);
+
+        if (str->data == NULL) {
+            ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE);
+            str->data = c;
+            return (0);
+        }
+    }
+    str->length = len;
+    if (data != NULL) {
+        memcpy(str->data, data, len);
+        /* an allowance for strings :-) */
+        str->data[len] = '\0';
+    }
+    return (1);
+}
 
 void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len)
-	{
-	if (str->data)
-		OPENSSL_free(str->data);
-	str->data = data;
-	str->length = len;
-	}
+{
+    if (str->data)
+        OPENSSL_free(str->data);
+    str->data = data;
+    str->length = len;
+}
 
 ASN1_STRING *ASN1_STRING_new(void)
-	{
-	return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
-	}
-
+{
+    return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
+}
 
 ASN1_STRING *ASN1_STRING_type_new(int type)
-	{
-	ASN1_STRING *ret;
-
-	ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	ret->length=0;
-	ret->type=type;
-	ret->data=NULL;
-	ret->flags=0;
-	return(ret);
-	}
+{
+    ASN1_STRING *ret;
+
+    ret = (ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    ret->length = 0;
+    ret->type = type;
+    ret->data = NULL;
+    ret->flags = 0;
+    return (ret);
+}
 
 void ASN1_STRING_free(ASN1_STRING *a)
-	{
-	if (a == NULL) return;
-	if (a->data != NULL) OPENSSL_free(a->data);
-	OPENSSL_free(a);
-	}
+{
+    if (a == NULL)
+        return;
+    if (a->data != NULL)
+        OPENSSL_free(a->data);
+    OPENSSL_free(a);
+}
 
 int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b)
-	{
-	int i;
-
-	i=(a->length-b->length);
-	if (i == 0)
-		{
-		i=memcmp(a->data,b->data,a->length);
-		if (i == 0)
-			return(a->type-b->type);
-		else
-			return(i);
-		}
-	else
-		return(i);
-	}
+{
+    int i;
+
+    i = (a->length - b->length);
+    if (i == 0) {
+        i = memcmp(a->data, b->data, a->length);
+        if (i == 0)
+            return (a->type - b->type);
+        else
+            return (i);
+    } else
+        return (i);
+}
 
 void asn1_add_error(const unsigned char *address, int offset)
-	{
-	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
+{
+    char buf1[DECIMAL_SIZE(address) + 1], buf2[DECIMAL_SIZE(offset) + 1];
 
-	BIO_snprintf(buf1,sizeof buf1,"%lu",(unsigned long)address);
-	BIO_snprintf(buf2,sizeof buf2,"%d",offset);
-	ERR_add_error_data(4,"address=",buf1," offset=",buf2);
-	}
+    BIO_snprintf(buf1, sizeof buf1, "%lu", (unsigned long)address);
+    BIO_snprintf(buf2, sizeof buf2, "%d", offset);
+    ERR_add_error_data(4, "address=", buf1, " offset=", buf2);
+}
 
 int ASN1_STRING_length(ASN1_STRING *x)
-{ return M_ASN1_STRING_length(x); }
+{
+    return M_ASN1_STRING_length(x);
+}
 
 void ASN1_STRING_length_set(ASN1_STRING *x, int len)
-{ M_ASN1_STRING_length_set(x, len); return; }
+{
+    M_ASN1_STRING_length_set(x, len);
+    return;
+}
 
 int ASN1_STRING_type(ASN1_STRING *x)
-{ return M_ASN1_STRING_type(x); }
-
-unsigned char * ASN1_STRING_data(ASN1_STRING *x)
-{ return M_ASN1_STRING_data(x); }
+{
+    return M_ASN1_STRING_type(x);
+}
+
+unsigned char *ASN1_STRING_data(ASN1_STRING *x)
+{
+    return M_ASN1_STRING_data(x);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c
index cb08e154..e15e341a 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_par.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,383 +62,350 @@
 #include <openssl/objects.h>
 #include <openssl/asn1.h>
 
-static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed,
-	int indent);
+static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
+                           int indent);
 static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
-	int offset, int depth, int indent, int dump);
+                       int offset, int depth, int indent, int dump);
 static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
-	     int indent)
-	{
-	static const char fmt[]="%-18s";
-	static const char fmt2[]="%2d %-15s";
-	char str[128];
-	const char *p,*p2=NULL;
+                           int indent)
+{
+    static const char fmt[] = "%-18s";
+    static const char fmt2[] = "%2d %-15s";
+    char str[128];
+    const char *p, *p2 = NULL;
 
-	if (constructed & V_ASN1_CONSTRUCTED)
-		p="cons: ";
-	else
-		p="prim: ";
-	if (BIO_write(bp,p,6) < 6) goto err;
-	BIO_indent(bp,indent,128);
+    if (constructed & V_ASN1_CONSTRUCTED)
+        p = "cons: ";
+    else
+        p = "prim: ";
+    if (BIO_write(bp, p, 6) < 6)
+        goto err;
+    BIO_indent(bp, indent, 128);
 
-	p=str;
-	if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
-		BIO_snprintf(str,sizeof str,"priv [ %d ] ",tag);
-	else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
-		BIO_snprintf(str,sizeof str,"cont [ %d ]",tag);
-	else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
-		BIO_snprintf(str,sizeof str,"appl [ %d ]",tag);
-	else if (tag > 30)
-		BIO_snprintf(str,sizeof str,"<ASN1 %d>",tag);
-	else
-		p = ASN1_tag2str(tag);
+    p = str;
+    if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
+        BIO_snprintf(str, sizeof str, "priv [ %d ] ", tag);
+    else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
+        BIO_snprintf(str, sizeof str, "cont [ %d ]", tag);
+    else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
+        BIO_snprintf(str, sizeof str, "appl [ %d ]", tag);
+    else if (tag > 30)
+        BIO_snprintf(str, sizeof str, "<ASN1 %d>", tag);
+    else
+        p = ASN1_tag2str(tag);
 
-	if (p2 != NULL)
-		{
-		if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err;
-		}
-	else
-		{
-		if (BIO_printf(bp,fmt,p) <= 0) goto err;
-		}
-	return(1);
-err:
-	return(0);
-	}
+    if (p2 != NULL) {
+        if (BIO_printf(bp, fmt2, tag, p2) <= 0)
+            goto err;
+    } else {
+        if (BIO_printf(bp, fmt, p) <= 0)
+            goto err;
+    }
+    return (1);
+ err:
+    return (0);
+}
 
 int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
-	{
-	return(asn1_parse2(bp,&pp,len,0,0,indent,0));
-	}
+{
+    return (asn1_parse2(bp, &pp, len, 0, 0, indent, 0));
+}
 
-int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump)
-	{
-	return(asn1_parse2(bp,&pp,len,0,0,indent,dump));
-	}
+int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent,
+                    int dump)
+{
+    return (asn1_parse2(bp, &pp, len, 0, 0, indent, dump));
+}
 
-static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset,
-	     int depth, int indent, int dump)
-	{
-	const unsigned char *p,*ep,*tot,*op,*opp;
-	long len;
-	int tag,xclass,ret=0;
-	int nl,hl,j,r;
-	ASN1_OBJECT *o=NULL;
-	ASN1_OCTET_STRING *os=NULL;
-	/* ASN1_BMPSTRING *bmp=NULL;*/
-	int dump_indent;
+static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
+                       int offset, int depth, int indent, int dump)
+{
+    const unsigned char *p, *ep, *tot, *op, *opp;
+    long len;
+    int tag, xclass, ret = 0;
+    int nl, hl, j, r;
+    ASN1_OBJECT *o = NULL;
+    ASN1_OCTET_STRING *os = NULL;
+    /* ASN1_BMPSTRING *bmp=NULL; */
+    int dump_indent;
 
 #if 0
-	dump_indent = indent;
+    dump_indent = indent;
 #else
-	dump_indent = 6;	/* Because we know BIO_dump_indent() */
+    dump_indent = 6;            /* Because we know BIO_dump_indent() */
 #endif
-	p= *pp;
-	tot=p+length;
-	op=p-1;
-	while ((p < tot) && (op < p))
-		{
-		op=p;
-		j=ASN1_get_object(&p,&len,&tag,&xclass,length);
+    p = *pp;
+    tot = p + length;
+    op = p - 1;
+    while ((p < tot) && (op < p)) {
+        op = p;
+        j = ASN1_get_object(&p, &len, &tag, &xclass, length);
 #ifdef LINT
-		j=j;
+        j = j;
 #endif
-		if (j & 0x80)
-			{
-			if (BIO_write(bp,"Error in encoding\n",18) <= 0)
-				goto end;
-			ret=0;
-			goto end;
-			}
-		hl=(p-op);
-		length-=hl;
-		/* if j == 0x21 it is a constructed indefinite length object */
-		if (BIO_printf(bp,"%5ld:",(long)offset+(long)(op- *pp))
-			<= 0) goto end;
+        if (j & 0x80) {
+            if (BIO_write(bp, "Error in encoding\n", 18) <= 0)
+                goto end;
+            ret = 0;
+            goto end;
+        }
+        hl = (p - op);
+        length -= hl;
+        /*
+         * if j == 0x21 it is a constructed indefinite length object
+         */
+        if (BIO_printf(bp, "%5ld:", (long)offset + (long)(op - *pp))
+            <= 0)
+            goto end;
 
-		if (j != (V_ASN1_CONSTRUCTED | 1))
-			{
-			if (BIO_printf(bp,"d=%-2d hl=%ld l=%4ld ",
-				depth,(long)hl,len) <= 0)
-				goto end;
-			}
-		else
-			{
-			if (BIO_printf(bp,"d=%-2d hl=%ld l=inf  ",
-				depth,(long)hl) <= 0)
-				goto end;
-			}
-		if (!asn1_print_info(bp,tag,xclass,j,(indent)?depth:0))
-			goto end;
-		if (j & V_ASN1_CONSTRUCTED)
-			{
-			ep=p+len;
-			if (BIO_write(bp,"\n",1) <= 0) goto end;
-			if (len > length)
-				{
-				BIO_printf(bp,
-					"length is greater than %ld\n",length);
-				ret=0;
-				goto end;
-				}
-			if ((j == 0x21) && (len == 0))
-				{
-				for (;;)
-					{
-					r=asn1_parse2(bp,&p,(long)(tot-p),
-						offset+(p - *pp),depth+1,
-						indent,dump);
-					if (r == 0) { ret=0; goto end; }
-					if ((r == 2) || (p >= tot)) break;
-					}
-				}
-			else
-				while (p < ep)
-					{
-					r=asn1_parse2(bp,&p,(long)len,
-						offset+(p - *pp),depth+1,
-						indent,dump);
-					if (r == 0) { ret=0; goto end; }
-					}
-			}
-		else if (xclass != 0)
-			{
-			p+=len;
-			if (BIO_write(bp,"\n",1) <= 0) goto end;
-			}
-		else
-			{
-			nl=0;
-			if (	(tag == V_ASN1_PRINTABLESTRING) ||
-				(tag == V_ASN1_T61STRING) ||
-				(tag == V_ASN1_IA5STRING) ||
-				(tag == V_ASN1_VISIBLESTRING) ||
-				(tag == V_ASN1_NUMERICSTRING) ||
-				(tag == V_ASN1_UTF8STRING) ||
-				(tag == V_ASN1_UTCTIME) ||
-				(tag == V_ASN1_GENERALIZEDTIME))
-				{
-				if (BIO_write(bp,":",1) <= 0) goto end;
-				if ((len > 0) &&
-					BIO_write(bp,(const char *)p,(int)len)
-					!= (int)len)
-					goto end;
-				}
-			else if (tag == V_ASN1_OBJECT)
-				{
-				opp=op;
-				if (d2i_ASN1_OBJECT(&o,&opp,len+hl) != NULL)
-					{
-					if (BIO_write(bp,":",1) <= 0) goto end;
-					i2a_ASN1_OBJECT(bp,o);
-					}
-				else
-					{
-					if (BIO_write(bp,":BAD OBJECT",11) <= 0)
-						goto end;
-					}
-				}
-			else if (tag == V_ASN1_BOOLEAN)
-				{
-				int ii;
+        if (j != (V_ASN1_CONSTRUCTED | 1)) {
+            if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ",
+                           depth, (long)hl, len) <= 0)
+                goto end;
+        } else {
+            if (BIO_printf(bp, "d=%-2d hl=%ld l=inf  ", depth, (long)hl) <= 0)
+                goto end;
+        }
+        if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
+            goto end;
+        if (j & V_ASN1_CONSTRUCTED) {
+            ep = p + len;
+            if (BIO_write(bp, "\n", 1) <= 0)
+                goto end;
+            if (len > length) {
+                BIO_printf(bp, "length is greater than %ld\n", length);
+                ret = 0;
+                goto end;
+            }
+            if ((j == 0x21) && (len == 0)) {
+                for (;;) {
+                    r = asn1_parse2(bp, &p, (long)(tot - p),
+                                    offset + (p - *pp), depth + 1,
+                                    indent, dump);
+                    if (r == 0) {
+                        ret = 0;
+                        goto end;
+                    }
+                    if ((r == 2) || (p >= tot))
+                        break;
+                }
+            } else
+                while (p < ep) {
+                    r = asn1_parse2(bp, &p, (long)len,
+                                    offset + (p - *pp), depth + 1,
+                                    indent, dump);
+                    if (r == 0) {
+                        ret = 0;
+                        goto end;
+                    }
+                }
+        } else if (xclass != 0) {
+            p += len;
+            if (BIO_write(bp, "\n", 1) <= 0)
+                goto end;
+        } else {
+            nl = 0;
+            if ((tag == V_ASN1_PRINTABLESTRING) ||
+                (tag == V_ASN1_T61STRING) ||
+                (tag == V_ASN1_IA5STRING) ||
+                (tag == V_ASN1_VISIBLESTRING) ||
+                (tag == V_ASN1_NUMERICSTRING) ||
+                (tag == V_ASN1_UTF8STRING) ||
+                (tag == V_ASN1_UTCTIME) || (tag == V_ASN1_GENERALIZEDTIME)) {
+                if (BIO_write(bp, ":", 1) <= 0)
+                    goto end;
+                if ((len > 0) && BIO_write(bp, (const char *)p, (int)len)
+                    != (int)len)
+                    goto end;
+            } else if (tag == V_ASN1_OBJECT) {
+                opp = op;
+                if (d2i_ASN1_OBJECT(&o, &opp, len + hl) != NULL) {
+                    if (BIO_write(bp, ":", 1) <= 0)
+                        goto end;
+                    i2a_ASN1_OBJECT(bp, o);
+                } else {
+                    if (BIO_write(bp, ":BAD OBJECT", 11) <= 0)
+                        goto end;
+                }
+            } else if (tag == V_ASN1_BOOLEAN) {
+                int ii;
 
-				opp=op;
-				ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
-				if (ii < 0)
-					{
-					if (BIO_write(bp,"Bad boolean\n",12) <= 0)
-						goto end;
-					}
-				BIO_printf(bp,":%d",ii);
-				}
-			else if (tag == V_ASN1_BMPSTRING)
-				{
-				/* do the BMP thang */
-				}
-			else if (tag == V_ASN1_OCTET_STRING)
-				{
-				int i,printable=1;
+                opp = op;
+                ii = d2i_ASN1_BOOLEAN(NULL, &opp, len + hl);
+                if (ii < 0) {
+                    if (BIO_write(bp, "Bad boolean\n", 12) <= 0)
+                        goto end;
+                }
+                BIO_printf(bp, ":%d", ii);
+            } else if (tag == V_ASN1_BMPSTRING) {
+                /* do the BMP thang */
+            } else if (tag == V_ASN1_OCTET_STRING) {
+                int i, printable = 1;
 
-				opp=op;
-				os=d2i_ASN1_OCTET_STRING(NULL,&opp,len+hl);
-				if (os != NULL && os->length > 0)
-					{
-					opp = os->data;
-					/* testing whether the octet string is
-					 * printable */
-					for (i=0; i<os->length; i++)
-						{
-						if ((	(opp[i] < ' ') &&
-							(opp[i] != '\n') &&
-							(opp[i] != '\r') &&
-							(opp[i] != '\t')) ||
-							(opp[i] > '~'))
-							{
-							printable=0;
-							break;
-							}
-						}
-					if (printable)
-					/* printable string */
-						{
-						if (BIO_write(bp,":",1) <= 0)
-							goto end;
-						if (BIO_write(bp,(const char *)opp,
-							os->length) <= 0)
-							goto end;
-						}
-					else if (!dump)
-					/* not printable => print octet string
-					 * as hex dump */
-						{
-						if (BIO_write(bp,"[HEX DUMP]:",11) <= 0)
-							goto end;
-						for (i=0; i<os->length; i++)
-							{
-							if (BIO_printf(bp,"%02X"
-								, opp[i]) <= 0)
-								goto end;
-							}
-						}
-					else
-					/* print the normal dump */
-						{
-						if (!nl) 
-							{
-							if (BIO_write(bp,"\n",1) <= 0)
-								goto end;
-							}
-						if (BIO_dump_indent(bp,
-							(const char *)opp,
-							((dump == -1 || dump > 
-							os->length)?os->length:dump),
-							dump_indent) <= 0)
-							goto end;
-						nl=1;
-						}
-					}
-				if (os != NULL)
-					{
-					M_ASN1_OCTET_STRING_free(os);
-					os=NULL;
-					}
-				}
-			else if (tag == V_ASN1_INTEGER)
-				{
-				ASN1_INTEGER *bs;
-				int i;
+                opp = op;
+                os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl);
+                if (os != NULL && os->length > 0) {
+                    opp = os->data;
+                    /*
+                     * testing whether the octet string is printable
+                     */
+                    for (i = 0; i < os->length; i++) {
+                        if (((opp[i] < ' ') &&
+                             (opp[i] != '\n') &&
+                             (opp[i] != '\r') &&
+                             (opp[i] != '\t')) || (opp[i] > '~')) {
+                            printable = 0;
+                            break;
+                        }
+                    }
+                    if (printable)
+                        /* printable string */
+                    {
+                        if (BIO_write(bp, ":", 1) <= 0)
+                            goto end;
+                        if (BIO_write(bp, (const char *)opp, os->length) <= 0)
+                            goto end;
+                    } else if (!dump)
+                        /*
+                         * not printable => print octet string as hex dump
+                         */
+                    {
+                        if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0)
+                            goto end;
+                        for (i = 0; i < os->length; i++) {
+                            if (BIO_printf(bp, "%02X", opp[i]) <= 0)
+                                goto end;
+                        }
+                    } else
+                        /* print the normal dump */
+                    {
+                        if (!nl) {
+                            if (BIO_write(bp, "\n", 1) <= 0)
+                                goto end;
+                        }
+                        if (BIO_dump_indent(bp,
+                                            (const char *)opp,
+                                            ((dump == -1 || dump >
+                                              os->
+                                              length) ? os->length : dump),
+                                            dump_indent) <= 0)
+                            goto end;
+                        nl = 1;
+                    }
+                }
+                if (os != NULL) {
+                    M_ASN1_OCTET_STRING_free(os);
+                    os = NULL;
+                }
+            } else if (tag == V_ASN1_INTEGER) {
+                ASN1_INTEGER *bs;
+                int i;
 
-				opp=op;
-				bs=d2i_ASN1_INTEGER(NULL,&opp,len+hl);
-				if (bs != NULL)
-					{
-					if (BIO_write(bp,":",1) <= 0) goto end;
-					if (bs->type == V_ASN1_NEG_INTEGER)
-						if (BIO_write(bp,"-",1) <= 0)
-							goto end;
-					for (i=0; i<bs->length; i++)
-						{
-						if (BIO_printf(bp,"%02X",
-							bs->data[i]) <= 0)
-							goto end;
-						}
-					if (bs->length == 0)
-						{
-						if (BIO_write(bp,"00",2) <= 0)
-							goto end;
-						}
-					}
-				else
-					{
-					if (BIO_write(bp,"BAD INTEGER",11) <= 0)
-						goto end;
-					}
-				M_ASN1_INTEGER_free(bs);
-				}
-			else if (tag == V_ASN1_ENUMERATED)
-				{
-				ASN1_ENUMERATED *bs;
-				int i;
+                opp = op;
+                bs = d2i_ASN1_INTEGER(NULL, &opp, len + hl);
+                if (bs != NULL) {
+                    if (BIO_write(bp, ":", 1) <= 0)
+                        goto end;
+                    if (bs->type == V_ASN1_NEG_INTEGER)
+                        if (BIO_write(bp, "-", 1) <= 0)
+                            goto end;
+                    for (i = 0; i < bs->length; i++) {
+                        if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
+                            goto end;
+                    }
+                    if (bs->length == 0) {
+                        if (BIO_write(bp, "00", 2) <= 0)
+                            goto end;
+                    }
+                } else {
+                    if (BIO_write(bp, "BAD INTEGER", 11) <= 0)
+                        goto end;
+                }
+                M_ASN1_INTEGER_free(bs);
+            } else if (tag == V_ASN1_ENUMERATED) {
+                ASN1_ENUMERATED *bs;
+                int i;
 
-				opp=op;
-				bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl);
-				if (bs != NULL)
-					{
-					if (BIO_write(bp,":",1) <= 0) goto end;
-					if (bs->type == V_ASN1_NEG_ENUMERATED)
-						if (BIO_write(bp,"-",1) <= 0)
-							goto end;
-					for (i=0; i<bs->length; i++)
-						{
-						if (BIO_printf(bp,"%02X",
-							bs->data[i]) <= 0)
-							goto end;
-						}
-					if (bs->length == 0)
-						{
-						if (BIO_write(bp,"00",2) <= 0)
-							goto end;
-						}
-					}
-				else
-					{
-					if (BIO_write(bp,"BAD ENUMERATED",11) <= 0)
-						goto end;
-					}
-				M_ASN1_ENUMERATED_free(bs);
-				}
-			else if (len > 0 && dump)
-				{
-				if (!nl) 
-					{
-					if (BIO_write(bp,"\n",1) <= 0)
-						goto end;
-					}
-				if (BIO_dump_indent(bp,(const char *)p,
-					((dump == -1 || dump > len)?len:dump),
-					dump_indent) <= 0)
-					goto end;
-				nl=1;
-				}
+                opp = op;
+                bs = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl);
+                if (bs != NULL) {
+                    if (BIO_write(bp, ":", 1) <= 0)
+                        goto end;
+                    if (bs->type == V_ASN1_NEG_ENUMERATED)
+                        if (BIO_write(bp, "-", 1) <= 0)
+                            goto end;
+                    for (i = 0; i < bs->length; i++) {
+                        if (BIO_printf(bp, "%02X", bs->data[i]) <= 0)
+                            goto end;
+                    }
+                    if (bs->length == 0) {
+                        if (BIO_write(bp, "00", 2) <= 0)
+                            goto end;
+                    }
+                } else {
+                    if (BIO_write(bp, "BAD ENUMERATED", 11) <= 0)
+                        goto end;
+                }
+                M_ASN1_ENUMERATED_free(bs);
+            } else if (len > 0 && dump) {
+                if (!nl) {
+                    if (BIO_write(bp, "\n", 1) <= 0)
+                        goto end;
+                }
+                if (BIO_dump_indent(bp, (const char *)p,
+                                    ((dump == -1 || dump > len) ? len : dump),
+                                    dump_indent) <= 0)
+                    goto end;
+                nl = 1;
+            }
 
-			if (!nl) 
-				{
-				if (BIO_write(bp,"\n",1) <= 0) goto end;
-				}
-			p+=len;
-			if ((tag == V_ASN1_EOC) && (xclass == 0))
-				{
-				ret=2; /* End of sequence */
-				goto end;
-				}
-			}
-		length-=len;
-		}
-	ret=1;
-end:
-	if (o != NULL) ASN1_OBJECT_free(o);
-	if (os != NULL) M_ASN1_OCTET_STRING_free(os);
-	*pp=p;
-	return(ret);
-	}
+            if (!nl) {
+                if (BIO_write(bp, "\n", 1) <= 0)
+                    goto end;
+            }
+            p += len;
+            if ((tag == V_ASN1_EOC) && (xclass == 0)) {
+                ret = 2;        /* End of sequence */
+                goto end;
+            }
+        }
+        length -= len;
+    }
+    ret = 1;
+ end:
+    if (o != NULL)
+        ASN1_OBJECT_free(o);
+    if (os != NULL)
+        M_ASN1_OCTET_STRING_free(os);
+    *pp = p;
+    return (ret);
+}
 
 const char *ASN1_tag2str(int tag)
 {
-	static const char *tag2str[] = {
-	 "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */
-	 "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */
-	 "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>", 	    /* 10-13 */
-	"<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET", 		    /* 15-17 */
-	"NUMERICSTRING", "PRINTABLESTRING", "T61STRING",	    /* 18-20 */
-	"VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */
-	"GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",	    /* 25-27 */
-	"UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"		    /* 28-30 */
-	};
+    static const char *tag2str[] = {
+        /* 0-4 */
+        "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING",
+        /* 5-9 */
+        "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL",
+        /* 10-13 */
+        "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>",
+        /* 15-17 */
+        "<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET",
+        /* 18-20 */
+        "NUMERICSTRING", "PRINTABLESTRING", "T61STRING",
+        /* 21-24 */
+        "VIDEOTEXSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME",
+        /* 25-27 */
+        "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING",
+        /* 28-30 */
+        "UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING"
+    };
 
-	if((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
-							tag &= ~0x100;
+    if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
+        tag &= ~0x100;
 
-	if(tag < 0 || tag > 30) return "(unknown)";
-	return tag2str[tag];
+    if (tag < 0 || tag > 30)
+        return "(unknown)";
+    return tag2str[tag];
 }
-
diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c
index 095887f2..e7c5696b 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/asn_mime.c
@@ -1,5 +1,6 @@
 /* asn_mime.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,42 +61,43 @@
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 
-/* Generalised MIME like utilities for streaming ASN1. Although many
- * have a PKCS7/CMS like flavour others are more general purpose.
+/*
+ * Generalised MIME like utilities for streaming ASN1. Although many have a
+ * PKCS7/CMS like flavour others are more general purpose.
  */
 
-/* MIME format structures
- * Note that all are translated to lower case apart from
- * parameter values. Quotes are stripped off
+/*
+ * MIME format structures Note that all are translated to lower case apart
+ * from parameter values. Quotes are stripped off
  */
 
 typedef struct {
-char *param_name;			/* Param name e.g. "micalg" */
-char *param_value;			/* Param value e.g. "sha1" */
+    char *param_name;           /* Param name e.g. "micalg" */
+    char *param_value;          /* Param value e.g. "sha1" */
 } MIME_PARAM;
 
 DECLARE_STACK_OF(MIME_PARAM)
 IMPLEMENT_STACK_OF(MIME_PARAM)
 
 typedef struct {
-char *name;				/* Name of line e.g. "content-type" */
-char *value;				/* Value of line e.g. "text/plain" */
-STACK_OF(MIME_PARAM) *params;		/* Zero or more parameters */
+    char *name;                 /* Name of line e.g. "content-type" */
+    char *value;                /* Value of line e.g. "text/plain" */
+    STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
 } MIME_HEADER;
 
 DECLARE_STACK_OF(MIME_HEADER)
 IMPLEMENT_STACK_OF(MIME_HEADER)
 
-static char * strip_ends(char *name);
-static char * strip_start(char *name);
-static char * strip_end(char *name);
+static char *strip_ends(char *name);
+static char *strip_start(char *name);
+static char *strip_end(char *name);
 static MIME_HEADER *mime_hdr_new(char *name, char *value);
 static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
 static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
-static int mime_hdr_cmp(const MIME_HEADER * const *a,
-			const MIME_HEADER * const *b);
-static int mime_param_cmp(const MIME_PARAM * const *a,
-			const MIME_PARAM * const *b);
+static int mime_hdr_cmp(const MIME_HEADER *const *a,
+                        const MIME_HEADER *const *b);
+static int mime_param_cmp(const MIME_PARAM *const *a,
+                          const MIME_PARAM *const *b);
 static void mime_param_free(MIME_PARAM *param);
 static int mime_bound_check(char *line, int linelen, char *bound, int blen);
 static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
@@ -105,777 +107,799 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
 static void mime_hdr_free(MIME_HEADER *hdr);
 
 #define MAX_SMLEN 1024
-#define mime_debug(x) /* x */
+#define mime_debug(x)           /* x */
 
 /* Base 64 read and write of ASN1 structure */
 
 static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
-				const ASN1_ITEM *it)
-	{
-	BIO *b64;
-	int r;
-	b64 = BIO_new(BIO_f_base64());
-	if(!b64)
-		{
-		ASN1err(ASN1_F_B64_WRITE_ASN1,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	/* prepend the b64 BIO so all data is base64 encoded.
-	 */
-	out = BIO_push(b64, out);
-	r = ASN1_item_i2d_bio(it, out, val);
-	(void)BIO_flush(out);
-	BIO_pop(out);
-	BIO_free(b64);
-	return r;
-	}
+                          const ASN1_ITEM *it)
+{
+    BIO *b64;
+    int r;
+    b64 = BIO_new(BIO_f_base64());
+    if (!b64) {
+        ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /*
+     * prepend the b64 BIO so all data is base64 encoded.
+     */
+    out = BIO_push(b64, out);
+    r = ASN1_item_i2d_bio(it, out, val);
+    (void)BIO_flush(out);
+    BIO_pop(out);
+    BIO_free(b64);
+    return r;
+}
 
 static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
 {
-	BIO *b64;
-	ASN1_VALUE *val;
-	if(!(b64 = BIO_new(BIO_f_base64()))) {
-		ASN1err(ASN1_F_B64_READ_ASN1,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	bio = BIO_push(b64, bio);
-	val = ASN1_item_d2i_bio(it, bio, NULL);
-	if(!val)
-		ASN1err(ASN1_F_B64_READ_ASN1,ASN1_R_DECODE_ERROR);
-	(void)BIO_flush(bio);
-	bio = BIO_pop(bio);
-	BIO_free(b64);
-	return val;
+    BIO *b64;
+    ASN1_VALUE *val;
+    if (!(b64 = BIO_new(BIO_f_base64()))) {
+        ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    bio = BIO_push(b64, bio);
+    val = ASN1_item_d2i_bio(it, bio, NULL);
+    if (!val)
+        ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR);
+    (void)BIO_flush(bio);
+    bio = BIO_pop(bio);
+    BIO_free(b64);
+    return val;
 }
 
 /* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
 
 static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
-	{
-	int i, have_unknown = 0, write_comma, md_nid;
-	have_unknown = 0;
-	write_comma = 0;
-	for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++)
-		{
-		if (write_comma)
-			BIO_write(out, ",", 1);
-		write_comma = 1;
-		md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
-		switch(md_nid)
-			{
-			case NID_sha1:
-			BIO_puts(out, "sha1");
-			break;
-
-			case NID_md5:
-			BIO_puts(out, "md5");
-			break;
-
-			case NID_sha256:
-			BIO_puts(out, "sha-256");
-			break;
-
-			case NID_sha384:
-			BIO_puts(out, "sha-384");
-			break;
-
-			case NID_sha512:
-			BIO_puts(out, "sha-512");
-			break;
-
-			default:
-			if (have_unknown)
-				write_comma = 0;
-			else
-				{
-				BIO_puts(out, "unknown");
-				have_unknown = 1;
-				}
-			break;
-
-			}
-		}
-
-	return 1;
-
-	}
+{
+    int i, have_unknown = 0, write_comma, md_nid;
+    have_unknown = 0;
+    write_comma = 0;
+    for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) {
+        if (write_comma)
+            BIO_write(out, ",", 1);
+        write_comma = 1;
+        md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
+        switch (md_nid) {
+        case NID_sha1:
+            BIO_puts(out, "sha1");
+            break;
+
+        case NID_md5:
+            BIO_puts(out, "md5");
+            break;
+
+        case NID_sha256:
+            BIO_puts(out, "sha-256");
+            break;
+
+        case NID_sha384:
+            BIO_puts(out, "sha-384");
+            break;
+
+        case NID_sha512:
+            BIO_puts(out, "sha-512");
+            break;
+
+        default:
+            if (have_unknown)
+                write_comma = 0;
+            else {
+                BIO_puts(out, "unknown");
+                have_unknown = 1;
+            }
+            break;
+
+        }
+    }
+
+    return 1;
+
+}
 
 /* SMIME sender */
 
 int int_smime_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
-				int ctype_nid, int econt_nid,
-				STACK_OF(X509_ALGOR) *mdalgs,
-				asn1_output_data_fn *data_fn,
-				const ASN1_ITEM *it)
+                         int ctype_nid, int econt_nid,
+                         STACK_OF(X509_ALGOR) *mdalgs,
+                         asn1_output_data_fn * data_fn, const ASN1_ITEM *it)
 {
-	char bound[33], c;
-	int i;
-	const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
-	const char *msg_type=NULL;
-	if (flags & SMIME_OLDMIME)
-		mime_prefix = "application/x-pkcs7-";
-	else
-		mime_prefix = "application/pkcs7-";
-
-	if (flags & SMIME_CRLFEOL)
-		mime_eol = "\r\n";
-	else
-		mime_eol = "\n";
-	if((flags & SMIME_DETACHED) && data) {
-	/* We want multipart/signed */
-		/* Generate a random boundary */
-		RAND_pseudo_bytes((unsigned char *)bound, 32);
-		for(i = 0; i < 32; i++) {
-			c = bound[i] & 0xf;
-			if(c < 10) c += '0';
-			else c += 'A' - 10;
-			bound[i] = c;
-		}
-		bound[32] = 0;
-		BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-		BIO_printf(bio, "Content-Type: multipart/signed;");
-		BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
-		BIO_puts(bio, " micalg=\"");
-		asn1_write_micalg(bio, mdalgs);
-		BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
-						bound, mime_eol, mime_eol);
-		BIO_printf(bio, "This is an S/MIME signed message%s%s",
-						mime_eol, mime_eol);
-		/* Now write out the first part */
-		BIO_printf(bio, "------%s%s", bound, mime_eol);
-		if (!data_fn(bio, data, val, flags, it))
-			return 0;
-		BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
-
-		/* Headers for signature */
-
-		BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix); 
-		BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
-		BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
-								mime_eol);
-		BIO_printf(bio, "Content-Disposition: attachment;");
-		BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
-							mime_eol, mime_eol);
-		B64_write_ASN1(bio, val, NULL, 0, it);
-		BIO_printf(bio,"%s------%s--%s%s", mime_eol, bound,
-							mime_eol, mime_eol);
-		return 1;
-	}
-
-	/* Determine smime-type header */
-
-	if (ctype_nid == NID_pkcs7_enveloped)
-		msg_type = "enveloped-data";
-	else if (ctype_nid == NID_pkcs7_signed)
-		{
-		if (econt_nid == NID_id_smime_ct_receipt)
-			msg_type = "signed-receipt";
-		else if (sk_X509_ALGOR_num(mdalgs) >= 0)
-			msg_type = "signed-data";
-		else
-			msg_type = "certs-only";
-		}
-	else if (ctype_nid == NID_id_smime_ct_compressedData)
-		{
-		msg_type = "compressed-data";
-		cname = "smime.p7z";
-		}
-	/* MIME headers */
-	BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
-	BIO_printf(bio, "Content-Disposition: attachment;");
-	BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
-	BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
-	if (msg_type)
-		BIO_printf(bio, " smime-type=%s;", msg_type);
-	BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
-	BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
-						mime_eol, mime_eol);
-	if (!B64_write_ASN1(bio, val, data, flags, it))
-		return 0;
-	BIO_printf(bio, "%s", mime_eol);
-	return 1;
+    char bound[33], c;
+    int i;
+    const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
+    const char *msg_type = NULL;
+    if (flags & SMIME_OLDMIME)
+        mime_prefix = "application/x-pkcs7-";
+    else
+        mime_prefix = "application/pkcs7-";
+
+    if (flags & SMIME_CRLFEOL)
+        mime_eol = "\r\n";
+    else
+        mime_eol = "\n";
+    if ((flags & SMIME_DETACHED) && data) {
+        /* We want multipart/signed */
+        /* Generate a random boundary */
+        RAND_pseudo_bytes((unsigned char *)bound, 32);
+        for (i = 0; i < 32; i++) {
+            c = bound[i] & 0xf;
+            if (c < 10)
+                c += '0';
+            else
+                c += 'A' - 10;
+            bound[i] = c;
+        }
+        bound[32] = 0;
+        BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+        BIO_printf(bio, "Content-Type: multipart/signed;");
+        BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
+        BIO_puts(bio, " micalg=\"");
+        asn1_write_micalg(bio, mdalgs);
+        BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
+                   bound, mime_eol, mime_eol);
+        BIO_printf(bio, "This is an S/MIME signed message%s%s",
+                   mime_eol, mime_eol);
+        /* Now write out the first part */
+        BIO_printf(bio, "------%s%s", bound, mime_eol);
+        if (!data_fn(bio, data, val, flags, it))
+            return 0;
+        BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
+
+        /* Headers for signature */
+
+        BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
+        BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
+        BIO_printf(bio, "Content-Transfer-Encoding: base64%s", mime_eol);
+        BIO_printf(bio, "Content-Disposition: attachment;");
+        BIO_printf(bio, " filename=\"smime.p7s\"%s%s", mime_eol, mime_eol);
+        B64_write_ASN1(bio, val, NULL, 0, it);
+        BIO_printf(bio, "%s------%s--%s%s", mime_eol, bound,
+                   mime_eol, mime_eol);
+        return 1;
+    }
+
+    /* Determine smime-type header */
+
+    if (ctype_nid == NID_pkcs7_enveloped)
+        msg_type = "enveloped-data";
+    else if (ctype_nid == NID_pkcs7_signed) {
+        if (econt_nid == NID_id_smime_ct_receipt)
+            msg_type = "signed-receipt";
+        else if (sk_X509_ALGOR_num(mdalgs) >= 0)
+            msg_type = "signed-data";
+        else
+            msg_type = "certs-only";
+    } else if (ctype_nid == NID_id_smime_ct_compressedData) {
+        msg_type = "compressed-data";
+        cname = "smime.p7z";
+    }
+    /* MIME headers */
+    BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
+    BIO_printf(bio, "Content-Disposition: attachment;");
+    BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
+    BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
+    if (msg_type)
+        BIO_printf(bio, " smime-type=%s;", msg_type);
+    BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
+    BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
+               mime_eol, mime_eol);
+    if (!B64_write_ASN1(bio, val, data, flags, it))
+        return 0;
+    BIO_printf(bio, "%s", mime_eol);
+    return 1;
 }
 
 #if 0
 
 /* Handle output of ASN1 data */
 
-
 static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
-					const ASN1_ITEM *it)
-	{
-	BIO *tmpbio;
-	const ASN1_AUX *aux = it->funcs;
-	ASN1_STREAM_ARG sarg;
+                            const ASN1_ITEM *it)
+{
+    BIO *tmpbio;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_STREAM_ARG sarg;
 
-	if (!(flags & SMIME_DETACHED))
-		{
-		SMIME_crlf_copy(data, out, flags);
-		return 1;
-		}
+    if (!(flags & SMIME_DETACHED)) {
+        SMIME_crlf_copy(data, out, flags);
+        return 1;
+    }
 
-	if (!aux || !aux->asn1_cb)
-		{
-		ASN1err(ASN1_F_ASN1_OUTPUT_DATA,
-					ASN1_R_STREAMING_NOT_SUPPORTED);
-		return 0;
-		}
+    if (!aux || !aux->asn1_cb) {
+        ASN1err(ASN1_F_ASN1_OUTPUT_DATA, ASN1_R_STREAMING_NOT_SUPPORTED);
+        return 0;
+    }
 
-	sarg.out = out;
-	sarg.ndef_bio = NULL;
-	sarg.boundary = NULL;
+    sarg.out = out;
+    sarg.ndef_bio = NULL;
+    sarg.boundary = NULL;
 
-	/* Let ASN1 code prepend any needed BIOs */
+    /* Let ASN1 code prepend any needed BIOs */
 
-	if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
-		return 0;
+    if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
+        return 0;
 
-	/* Copy data across, passing through filter BIOs for processing */
-	SMIME_crlf_copy(data, sarg.ndef_bio, flags);
+    /* Copy data across, passing through filter BIOs for processing */
+    SMIME_crlf_copy(data, sarg.ndef_bio, flags);
 
-	/* Finalize structure */
-	if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
-		return 0;
+    /* Finalize structure */
+    if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
+        return 0;
 
-	/* Now remove any digests prepended to the BIO */
+    /* Now remove any digests prepended to the BIO */
 
-	while (sarg.ndef_bio != out)
-		{
-		tmpbio = BIO_pop(sarg.ndef_bio);
-		BIO_free(sarg.ndef_bio);
-		sarg.ndef_bio = tmpbio;
-		}
+    while (sarg.ndef_bio != out) {
+        tmpbio = BIO_pop(sarg.ndef_bio);
+        BIO_free(sarg.ndef_bio);
+        sarg.ndef_bio = tmpbio;
+    }
 
-	return 1;
+    return 1;
 
-	}
+}
 
 #endif
 
-/* SMIME reader: handle multipart/signed and opaque signing.
- * in multipart case the content is placed in a memory BIO
- * pointed to by "bcont". In opaque this is set to NULL
+/*
+ * SMIME reader: handle multipart/signed and opaque signing. in multipart
+ * case the content is placed in a memory BIO pointed to by "bcont". In
+ * opaque this is set to NULL
  */
 
 ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
 {
-	BIO *asnin;
-	STACK_OF(MIME_HEADER) *headers = NULL;
-	STACK_OF(BIO) *parts = NULL;
-	MIME_HEADER *hdr;
-	MIME_PARAM *prm;
-	ASN1_VALUE *val;
-	int ret;
-
-	if(bcont) *bcont = NULL;
-
-	if (!(headers = mime_parse_hdr(bio))) {
-		ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_PARSE_ERROR);
-		return NULL;
-	}
-
-	if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
-		return NULL;
-	}
-
-	/* Handle multipart/signed */
-
-	if(!strcmp(hdr->value, "multipart/signed")) {
-		/* Split into two parts */
-		prm = mime_param_find(hdr, "boundary");
-		if(!prm || !prm->param_value) {
-			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-			ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
-			return NULL;
-		}
-		ret = multi_split(bio, prm->param_value, &parts);
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		if(!ret || (sk_BIO_num(parts) != 2) ) {
-			ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
-			sk_BIO_pop_free(parts, BIO_vfree);
-			return NULL;
-		}
-
-		/* Parse the signature piece */
-		asnin = sk_BIO_value(parts, 1);
-
-		if (!(headers = mime_parse_hdr(asnin))) {
-			ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_MIME_SIG_PARSE_ERROR);
-			sk_BIO_pop_free(parts, BIO_vfree);
-			return NULL;
-		}
-
-		/* Get content type */
-
-		if(!(hdr = mime_hdr_find(headers, "content-type")) ||
-								 !hdr->value) {
-			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-			ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
-			return NULL;
-		}
-
-		if(strcmp(hdr->value, "application/x-pkcs7-signature") &&
-			strcmp(hdr->value, "application/pkcs7-signature")) {
-			ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_SIG_INVALID_MIME_TYPE);
-			ERR_add_error_data(2, "type: ", hdr->value);
-			sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-			sk_BIO_pop_free(parts, BIO_vfree);
-			return NULL;
-		}
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		/* Read in ASN1 */
-		if(!(val = b64_read_asn1(asnin, it))) {
-			ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_ASN1_SIG_PARSE_ERROR);
-			sk_BIO_pop_free(parts, BIO_vfree);
-			return NULL;
-		}
-
-		if(bcont) {
-			*bcont = sk_BIO_value(parts, 0);
-			BIO_free(asnin);
-			sk_BIO_free(parts);
-		} else sk_BIO_pop_free(parts, BIO_vfree);
-		return val;
-	}
-		
-	/* OK, if not multipart/signed try opaque signature */
-
-	if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
-	    strcmp (hdr->value, "application/pkcs7-mime")) {
-		ASN1err(ASN1_F_SMIME_READ_ASN1,ASN1_R_INVALID_MIME_TYPE);
-		ERR_add_error_data(2, "type: ", hdr->value);
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		return NULL;
-	}
-
-	sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-	
-	if(!(val = b64_read_asn1(bio, it))) {
-		ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
-		return NULL;
-	}
-	return val;
+    BIO *asnin;
+    STACK_OF(MIME_HEADER) *headers = NULL;
+    STACK_OF(BIO) *parts = NULL;
+    MIME_HEADER *hdr;
+    MIME_PARAM *prm;
+    ASN1_VALUE *val;
+    int ret;
+
+    if (bcont)
+        *bcont = NULL;
+
+    if (!(headers = mime_parse_hdr(bio))) {
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR);
+        return NULL;
+    }
+
+    if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE);
+        return NULL;
+    }
+
+    /* Handle multipart/signed */
+
+    if (!strcmp(hdr->value, "multipart/signed")) {
+        /* Split into two parts */
+        prm = mime_param_find(hdr, "boundary");
+        if (!prm || !prm->param_value) {
+            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY);
+            return NULL;
+        }
+        ret = multi_split(bio, prm->param_value, &parts);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        if (!ret || (sk_BIO_num(parts) != 2)) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        /* Parse the signature piece */
+        asnin = sk_BIO_value(parts, 1);
+
+        if (!(headers = mime_parse_hdr(asnin))) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        /* Get content type */
+
+        if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE);
+            return NULL;
+        }
+
+        if (strcmp(hdr->value, "application/x-pkcs7-signature") &&
+            strcmp(hdr->value, "application/pkcs7-signature")) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_SIG_INVALID_MIME_TYPE);
+            ERR_add_error_data(2, "type: ", hdr->value);
+            sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        /* Read in ASN1 */
+        if (!(val = b64_read_asn1(asnin, it))) {
+            ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR);
+            sk_BIO_pop_free(parts, BIO_vfree);
+            return NULL;
+        }
+
+        if (bcont) {
+            *bcont = sk_BIO_value(parts, 0);
+            BIO_free(asnin);
+            sk_BIO_free(parts);
+        } else
+            sk_BIO_pop_free(parts, BIO_vfree);
+        return val;
+    }
+
+    /* OK, if not multipart/signed try opaque signature */
+
+    if (strcmp(hdr->value, "application/x-pkcs7-mime") &&
+        strcmp(hdr->value, "application/pkcs7-mime")) {
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_INVALID_MIME_TYPE);
+        ERR_add_error_data(2, "type: ", hdr->value);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        return NULL;
+    }
+
+    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+
+    if (!(val = b64_read_asn1(bio, it))) {
+        ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR);
+        return NULL;
+    }
+    return val;
 
 }
 
 /* Copy text from one BIO to another making the output CRLF at EOL */
 int SMIME_crlf_copy(BIO *in, BIO *out, int flags)
 {
-	BIO *bf;
-	char eol;
-	int len;
-	char linebuf[MAX_SMLEN];
-	/* Buffer output so we don't write one line at a time. This is
-	 * useful when streaming as we don't end up with one OCTET STRING
-	 * per line.
-	 */
-	bf = BIO_new(BIO_f_buffer());
-	if (!bf)
-		return 0;
-	out = BIO_push(bf, out);
-	if(flags & SMIME_BINARY)
-		{
-		while((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
-						BIO_write(out, linebuf, len);
-		}
-	else
-		{
-		if(flags & SMIME_TEXT)
-			BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
-		while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0)
-			{
-			eol = strip_eol(linebuf, &len);
-			if (len)
-				BIO_write(out, linebuf, len);
-			if(eol) BIO_write(out, "\r\n", 2);
-			}
-		}
-	(void)BIO_flush(out);
-	BIO_pop(out);
-	BIO_free(bf);
-	return 1;
+    BIO *bf;
+    char eol;
+    int len;
+    char linebuf[MAX_SMLEN];
+    /*
+     * Buffer output so we don't write one line at a time. This is useful
+     * when streaming as we don't end up with one OCTET STRING per line.
+     */
+    bf = BIO_new(BIO_f_buffer());
+    if (!bf)
+        return 0;
+    out = BIO_push(bf, out);
+    if (flags & SMIME_BINARY) {
+        while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
+            BIO_write(out, linebuf, len);
+    } else {
+        if (flags & SMIME_TEXT)
+            BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
+        while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
+            eol = strip_eol(linebuf, &len);
+            if (len)
+                BIO_write(out, linebuf, len);
+            if (eol)
+                BIO_write(out, "\r\n", 2);
+        }
+    }
+    (void)BIO_flush(out);
+    BIO_pop(out);
+    BIO_free(bf);
+    return 1;
 }
 
 /* Strip off headers if they are text/plain */
 int SMIME_text(BIO *in, BIO *out)
 {
-	char iobuf[4096];
-	int len;
-	STACK_OF(MIME_HEADER) *headers;
-	MIME_HEADER *hdr;
-
-	if (!(headers = mime_parse_hdr(in))) {
-		ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_PARSE_ERROR);
-		return 0;
-	}
-	if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
-		ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_MIME_NO_CONTENT_TYPE);
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		return 0;
-	}
-	if (strcmp (hdr->value, "text/plain")) {
-		ASN1err(ASN1_F_SMIME_TEXT,ASN1_R_INVALID_MIME_TYPE);
-		ERR_add_error_data(2, "type: ", hdr->value);
-		sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-		return 0;
-	}
-	sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
-	while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
-						BIO_write(out, iobuf, len);
-	if (len < 0)
-		return 0;
-	return 1;
+    char iobuf[4096];
+    int len;
+    STACK_OF(MIME_HEADER) *headers;
+    MIME_HEADER *hdr;
+
+    if (!(headers = mime_parse_hdr(in))) {
+        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR);
+        return 0;
+    }
+    if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
+        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        return 0;
+    }
+    if (strcmp(hdr->value, "text/plain")) {
+        ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_INVALID_MIME_TYPE);
+        ERR_add_error_data(2, "type: ", hdr->value);
+        sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+        return 0;
+    }
+    sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
+    while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
+        BIO_write(out, iobuf, len);
+    if (len < 0)
+        return 0;
+    return 1;
 }
 
-/* Split a multipart/XXX message body into component parts: result is
+/*
+ * Split a multipart/XXX message body into component parts: result is
  * canonical parts in a STACK of bios
  */
 
 static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
 {
-	char linebuf[MAX_SMLEN];
-	int len, blen;
-	int eol = 0, next_eol = 0;
-	BIO *bpart = NULL;
-	STACK_OF(BIO) *parts;
-	char state, part, first;
-
-	blen = strlen(bound);
-	part = 0;
-	state = 0;
-	first = 1;
-	parts = sk_BIO_new_null();
-	*ret = parts;
-	while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
-		state = mime_bound_check(linebuf, len, bound, blen);
-		if(state == 1) {
-			first = 1;
-			part++;
-		} else if(state == 2) {
-			sk_BIO_push(parts, bpart);
-			return 1;
-		} else if(part) {
-			/* Strip CR+LF from linebuf */
-			next_eol = strip_eol(linebuf, &len);
-			if(first) {
-				first = 0;
-				if(bpart) sk_BIO_push(parts, bpart);
-				bpart = BIO_new(BIO_s_mem());
-				BIO_set_mem_eof_return(bpart, 0);
-			} else if (eol)
-				BIO_write(bpart, "\r\n", 2);
-			eol = next_eol;
-			if (len)
-				BIO_write(bpart, linebuf, len);
-		}
-	}
-	return 0;
+    char linebuf[MAX_SMLEN];
+    int len, blen;
+    int eol = 0, next_eol = 0;
+    BIO *bpart = NULL;
+    STACK_OF(BIO) *parts;
+    char state, part, first;
+
+    blen = strlen(bound);
+    part = 0;
+    state = 0;
+    first = 1;
+    parts = sk_BIO_new_null();
+    *ret = parts;
+    while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+        state = mime_bound_check(linebuf, len, bound, blen);
+        if (state == 1) {
+            first = 1;
+            part++;
+        } else if (state == 2) {
+            sk_BIO_push(parts, bpart);
+            return 1;
+        } else if (part) {
+            /* Strip CR+LF from linebuf */
+            next_eol = strip_eol(linebuf, &len);
+            if (first) {
+                first = 0;
+                if (bpart)
+                    sk_BIO_push(parts, bpart);
+                bpart = BIO_new(BIO_s_mem());
+                BIO_set_mem_eof_return(bpart, 0);
+            } else if (eol)
+                BIO_write(bpart, "\r\n", 2);
+            eol = next_eol;
+            if (len)
+                BIO_write(bpart, linebuf, len);
+        }
+    }
+    return 0;
 }
 
 /* This is the big one: parse MIME header lines up to message body */
 
-#define MIME_INVALID	0
-#define MIME_START	1
-#define MIME_TYPE	2
-#define MIME_NAME	3
-#define MIME_VALUE	4
-#define MIME_QUOTE	5
-#define MIME_COMMENT	6
-
+#define MIME_INVALID    0
+#define MIME_START      1
+#define MIME_TYPE       2
+#define MIME_NAME       3
+#define MIME_VALUE      4
+#define MIME_QUOTE      5
+#define MIME_COMMENT    6
 
 static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio)
 {
-	char *p, *q, c;
-	char *ntmp;
-	char linebuf[MAX_SMLEN];
-	MIME_HEADER *mhdr = NULL;
-	STACK_OF(MIME_HEADER) *headers;
-	int len, state, save_state = 0;
-
-	headers = sk_MIME_HEADER_new(mime_hdr_cmp);
-	if (!headers)
-		return NULL;
-	while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
-	/* If whitespace at line start then continuation line */
-	if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME;
-	else state = MIME_START;
-	ntmp = NULL;
-	/* Go through all characters */
-	for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
-
-	/* State machine to handle MIME headers
-	 * if this looks horrible that's because it *is*
-         */
-
-		switch(state) {
-			case MIME_START:
-			if(c == ':') {
-				state = MIME_TYPE;
-				*p = 0;
-				ntmp = strip_ends(q);
-				q = p + 1;
-			}
-			break;
-
-			case MIME_TYPE:
-			if(c == ';') {
-				mime_debug("Found End Value\n");
-				*p = 0;
-				mhdr = mime_hdr_new(ntmp, strip_ends(q));
-				sk_MIME_HEADER_push(headers, mhdr);
-				ntmp = NULL;
-				q = p + 1;
-				state = MIME_NAME;
-			} else if(c == '(') {
-				save_state = state;
-				state = MIME_COMMENT;
-			}
-			break;
-
-			case MIME_COMMENT:
-			if(c == ')') {
-				state = save_state;
-			}
-			break;
-
-			case MIME_NAME:
-			if(c == '=') {
-				state = MIME_VALUE;
-				*p = 0;
-				ntmp = strip_ends(q);
-				q = p + 1;
-			}
-			break ;
-
-			case MIME_VALUE:
-			if(c == ';') {
-				state = MIME_NAME;
-				*p = 0;
-				mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
-				ntmp = NULL;
-				q = p + 1;
-			} else if (c == '"') {
-				mime_debug("Found Quote\n");
-				state = MIME_QUOTE;
-			} else if(c == '(') {
-				save_state = state;
-				state = MIME_COMMENT;
-			}
-			break;
-
-			case MIME_QUOTE:
-			if(c == '"') {
-				mime_debug("Found Match Quote\n");
-				state = MIME_VALUE;
-			}
-			break;
-		}
-	}
-
-	if(state == MIME_TYPE) {
-		mhdr = mime_hdr_new(ntmp, strip_ends(q));
-		sk_MIME_HEADER_push(headers, mhdr);
-	} else if(state == MIME_VALUE)
-			 mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
-	if(p == linebuf) break;	/* Blank line means end of headers */
-}
-
-return headers;
+    char *p, *q, c;
+    char *ntmp;
+    char linebuf[MAX_SMLEN];
+    MIME_HEADER *mhdr = NULL;
+    STACK_OF(MIME_HEADER) *headers;
+    int len, state, save_state = 0;
+
+    headers = sk_MIME_HEADER_new(mime_hdr_cmp);
+    if (!headers)
+        return NULL;
+    while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
+        /* If whitespace at line start then continuation line */
+        if (mhdr && isspace((unsigned char)linebuf[0]))
+            state = MIME_NAME;
+        else
+            state = MIME_START;
+        ntmp = NULL;
+        /* Go through all characters */
+        for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n');
+             p++) {
+
+            /*
+             * State machine to handle MIME headers if this looks horrible
+             * that's because it *is*
+             */
+
+            switch (state) {
+            case MIME_START:
+                if (c == ':') {
+                    state = MIME_TYPE;
+                    *p = 0;
+                    ntmp = strip_ends(q);
+                    q = p + 1;
+                }
+                break;
+
+            case MIME_TYPE:
+                if (c == ';') {
+                    mime_debug("Found End Value\n");
+                    *p = 0;
+                    mhdr = mime_hdr_new(ntmp, strip_ends(q));
+                    sk_MIME_HEADER_push(headers, mhdr);
+                    ntmp = NULL;
+                    q = p + 1;
+                    state = MIME_NAME;
+                } else if (c == '(') {
+                    save_state = state;
+                    state = MIME_COMMENT;
+                }
+                break;
+
+            case MIME_COMMENT:
+                if (c == ')') {
+                    state = save_state;
+                }
+                break;
+
+            case MIME_NAME:
+                if (c == '=') {
+                    state = MIME_VALUE;
+                    *p = 0;
+                    ntmp = strip_ends(q);
+                    q = p + 1;
+                }
+                break;
+
+            case MIME_VALUE:
+                if (c == ';') {
+                    state = MIME_NAME;
+                    *p = 0;
+                    mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+                    ntmp = NULL;
+                    q = p + 1;
+                } else if (c == '"') {
+                    mime_debug("Found Quote\n");
+                    state = MIME_QUOTE;
+                } else if (c == '(') {
+                    save_state = state;
+                    state = MIME_COMMENT;
+                }
+                break;
+
+            case MIME_QUOTE:
+                if (c == '"') {
+                    mime_debug("Found Match Quote\n");
+                    state = MIME_VALUE;
+                }
+                break;
+            }
+        }
+
+        if (state == MIME_TYPE) {
+            mhdr = mime_hdr_new(ntmp, strip_ends(q));
+            sk_MIME_HEADER_push(headers, mhdr);
+        } else if (state == MIME_VALUE)
+            mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
+        if (p == linebuf)
+            break;              /* Blank line means end of headers */
+    }
+
+    return headers;
 
 }
 
 static char *strip_ends(char *name)
 {
-	return strip_end(strip_start(name));
+    return strip_end(strip_start(name));
 }
 
 /* Strip a parameter of whitespace from start of param */
 static char *strip_start(char *name)
 {
-	char *p, c;
-	/* Look for first non white space or quote */
-	for(p = name; (c = *p) ;p++) {
-		if(c == '"') {
-			/* Next char is start of string if non null */
-			if(p[1]) return p + 1;
-			/* Else null string */
-			return NULL;
-		}
-		if(!isspace((unsigned char)c)) return p;
-	}
-	return NULL;
+    char *p, c;
+    /* Look for first non white space or quote */
+    for (p = name; (c = *p); p++) {
+        if (c == '"') {
+            /* Next char is start of string if non null */
+            if (p[1])
+                return p + 1;
+            /* Else null string */
+            return NULL;
+        }
+        if (!isspace((unsigned char)c))
+            return p;
+    }
+    return NULL;
 }
 
 /* As above but strip from end of string : maybe should handle brackets? */
 static char *strip_end(char *name)
 {
-	char *p, c;
-	if(!name) return NULL;
-	/* Look for first non white space or quote */
-	for(p = name + strlen(name) - 1; p >= name ;p--) {
-		c = *p;
-		if(c == '"') {
-			if(p - 1 == name) return NULL;
-			*p = 0;
-			return name;
-		}
-		if(isspace((unsigned char)c)) *p = 0;	
-		else return name;
-	}
-	return NULL;
+    char *p, c;
+    if (!name)
+        return NULL;
+    /* Look for first non white space or quote */
+    for (p = name + strlen(name) - 1; p >= name; p--) {
+        c = *p;
+        if (c == '"') {
+            if (p - 1 == name)
+                return NULL;
+            *p = 0;
+            return name;
+        }
+        if (isspace((unsigned char)c))
+            *p = 0;
+        else
+            return name;
+    }
+    return NULL;
 }
 
 static MIME_HEADER *mime_hdr_new(char *name, char *value)
 {
-	MIME_HEADER *mhdr;
-	char *tmpname, *tmpval, *p;
-	int c;
-	if(name) {
-		if(!(tmpname = BUF_strdup(name))) return NULL;
-		for(p = tmpname ; *p; p++) {
-			c = *p;
-			if(isupper(c)) {
-				c = tolower(c);
-				*p = c;
-			}
-		}
-	} else tmpname = NULL;
-	if(value) {
-		if(!(tmpval = BUF_strdup(value))) return NULL;
-		for(p = tmpval ; *p; p++) {
-			c = *p;
-			if(isupper(c)) {
-				c = tolower(c);
-				*p = c;
-			}
-		}
-	} else tmpval = NULL;
-	mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER));
-	if(!mhdr) return NULL;
-	mhdr->name = tmpname;
-	mhdr->value = tmpval;
-	if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL;
-	return mhdr;
+    MIME_HEADER *mhdr;
+    char *tmpname, *tmpval, *p;
+    int c;
+    if (name) {
+        if (!(tmpname = BUF_strdup(name)))
+            return NULL;
+        for (p = tmpname; *p; p++) {
+            c = *p;
+            if (isupper(c)) {
+                c = tolower(c);
+                *p = c;
+            }
+        }
+    } else
+        tmpname = NULL;
+    if (value) {
+        if (!(tmpval = BUF_strdup(value)))
+            return NULL;
+        for (p = tmpval; *p; p++) {
+            c = *p;
+            if (isupper(c)) {
+                c = tolower(c);
+                *p = c;
+            }
+        }
+    } else
+        tmpval = NULL;
+    mhdr = (MIME_HEADER *)OPENSSL_malloc(sizeof(MIME_HEADER));
+    if (!mhdr)
+        return NULL;
+    mhdr->name = tmpname;
+    mhdr->value = tmpval;
+    if (!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp)))
+        return NULL;
+    return mhdr;
 }
-		
+
 static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
 {
-	char *tmpname, *tmpval, *p;
-	int c;
-	MIME_PARAM *mparam;
-	if(name) {
-		tmpname = BUF_strdup(name);
-		if(!tmpname) return 0;
-		for(p = tmpname ; *p; p++) {
-			c = *p;
-			if(isupper(c)) {
-				c = tolower(c);
-				*p = c;
-			}
-		}
-	} else tmpname = NULL;
-	if(value) {
-		tmpval = BUF_strdup(value);
-		if(!tmpval) return 0;
-	} else tmpval = NULL;
-	/* Parameter values are case sensitive so leave as is */
-	mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM));
-	if(!mparam) return 0;
-	mparam->param_name = tmpname;
-	mparam->param_value = tmpval;
-	sk_MIME_PARAM_push(mhdr->params, mparam);
-	return 1;
+    char *tmpname, *tmpval, *p;
+    int c;
+    MIME_PARAM *mparam;
+    if (name) {
+        tmpname = BUF_strdup(name);
+        if (!tmpname)
+            return 0;
+        for (p = tmpname; *p; p++) {
+            c = *p;
+            if (isupper(c)) {
+                c = tolower(c);
+                *p = c;
+            }
+        }
+    } else
+        tmpname = NULL;
+    if (value) {
+        tmpval = BUF_strdup(value);
+        if (!tmpval)
+            return 0;
+    } else
+        tmpval = NULL;
+    /* Parameter values are case sensitive so leave as is */
+    mparam = (MIME_PARAM *)OPENSSL_malloc(sizeof(MIME_PARAM));
+    if (!mparam)
+        return 0;
+    mparam->param_name = tmpname;
+    mparam->param_value = tmpval;
+    sk_MIME_PARAM_push(mhdr->params, mparam);
+    return 1;
 }
 
-static int mime_hdr_cmp(const MIME_HEADER * const *a,
-			const MIME_HEADER * const *b)
+static int mime_hdr_cmp(const MIME_HEADER *const *a,
+                        const MIME_HEADER *const *b)
 {
-	if (!(*a)->name || !(*b)->name)
-		return !!(*a)->name - !!(*b)->name;
+    if (!(*a)->name || !(*b)->name)
+        return ! !(*a)->name - ! !(*b)->name;
 
-	return(strcmp((*a)->name, (*b)->name));
+    return (strcmp((*a)->name, (*b)->name));
 }
 
-static int mime_param_cmp(const MIME_PARAM * const *a,
-			const MIME_PARAM * const *b)
+static int mime_param_cmp(const MIME_PARAM *const *a,
+                          const MIME_PARAM *const *b)
 {
-	if (!(*a)->param_name || !(*b)->param_name)
-		return !!(*a)->param_name - !!(*b)->param_name;
-	return(strcmp((*a)->param_name, (*b)->param_name));
+    if (!(*a)->param_name || !(*b)->param_name)
+        return ! !(*a)->param_name - ! !(*b)->param_name;
+    return (strcmp((*a)->param_name, (*b)->param_name));
 }
 
 /* Find a header with a given name (if possible) */
 
 static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
 {
-	MIME_HEADER htmp;
-	int idx;
-	htmp.name = name;
-	idx = sk_MIME_HEADER_find(hdrs, &htmp);
-	if(idx < 0) return NULL;
-	return sk_MIME_HEADER_value(hdrs, idx);
+    MIME_HEADER htmp;
+    int idx;
+    htmp.name = name;
+    idx = sk_MIME_HEADER_find(hdrs, &htmp);
+    if (idx < 0)
+        return NULL;
+    return sk_MIME_HEADER_value(hdrs, idx);
 }
 
 static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name)
 {
-	MIME_PARAM param;
-	int idx;
-	param.param_name = name;
-	idx = sk_MIME_PARAM_find(hdr->params, &param);
-	if(idx < 0) return NULL;
-	return sk_MIME_PARAM_value(hdr->params, idx);
+    MIME_PARAM param;
+    int idx;
+    param.param_name = name;
+    idx = sk_MIME_PARAM_find(hdr->params, &param);
+    if (idx < 0)
+        return NULL;
+    return sk_MIME_PARAM_value(hdr->params, idx);
 }
 
 static void mime_hdr_free(MIME_HEADER *hdr)
 {
-	if(hdr->name) OPENSSL_free(hdr->name);
-	if(hdr->value) OPENSSL_free(hdr->value);
-	if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
-	OPENSSL_free(hdr);
+    if (hdr->name)
+        OPENSSL_free(hdr->name);
+    if (hdr->value)
+        OPENSSL_free(hdr->value);
+    if (hdr->params)
+        sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
+    OPENSSL_free(hdr);
 }
 
 static void mime_param_free(MIME_PARAM *param)
 {
-	if(param->param_name) OPENSSL_free(param->param_name);
-	if(param->param_value) OPENSSL_free(param->param_value);
-	OPENSSL_free(param);
+    if (param->param_name)
+        OPENSSL_free(param->param_name);
+    if (param->param_value)
+        OPENSSL_free(param->param_value);
+    OPENSSL_free(param);
 }
 
-/* Check for a multipart boundary. Returns:
+/*-
+ * Check for a multipart boundary. Returns:
  * 0 : no boundary
  * 1 : part boundary
  * 2 : final boundary
  */
 static int mime_bound_check(char *line, int linelen, char *bound, int blen)
 {
-	if(linelen == -1) linelen = strlen(line);
-	if(blen == -1) blen = strlen(bound);
-	/* Quickly eliminate if line length too short */
-	if(blen + 2 > linelen) return 0;
-	/* Check for part boundary */
-	if(!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
-		if(!strncmp(line + blen + 2, "--", 2)) return 2;
-		else return 1;
-	}
-	return 0;
+    if (linelen == -1)
+        linelen = strlen(line);
+    if (blen == -1)
+        blen = strlen(bound);
+    /* Quickly eliminate if line length too short */
+    if (blen + 2 > linelen)
+        return 0;
+    /* Check for part boundary */
+    if (!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
+        if (!strncmp(line + blen + 2, "--", 2))
+            return 2;
+        else
+            return 1;
+    }
+    return 0;
 }
 
 static int strip_eol(char *linebuf, int *plen)
-	{
-	int len = *plen;
-	char *p, c;
-	int is_eol = 0;
-	p = linebuf + len - 1;
-	for (p = linebuf + len - 1; len > 0; len--, p--)
-		{
-		c = *p;
-		if (c == '\n')
-			is_eol = 1;
-		else if (c != '\r')
-			break;
-		}
-	*plen = len;
-	return is_eol;
-	}
+{
+    int len = *plen;
+    char *p, c;
+    int is_eol = 0;
+    p = linebuf + len - 1;
+    for (p = linebuf + len - 1; len > 0; len--, p--) {
+        c = *p;
+        if (c == '\n')
+            is_eol = 1;
+        else if (c != '\r')
+            break;
+    }
+    *plen = len;
+    return is_eol;
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c b/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c
index 1ea6a592..fab2dd92 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/asn_moid.c
@@ -1,6 +1,7 @@
 /* asn_moid.c */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -69,92 +70,84 @@
 static int do_create(char *value, char *name);
 
 static int oid_module_init(CONF_IMODULE *md, const CONF *cnf)
-	{
-	int i;
-	const char *oid_section;
-	STACK_OF(CONF_VALUE) *sktmp;
-	CONF_VALUE *oval;
-	oid_section = CONF_imodule_get_value(md);
-	if(!(sktmp = NCONF_get_section(cnf, oid_section)))
-		{
-		ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
-		return 0;
-		}
-	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
-		{
-		oval = sk_CONF_VALUE_value(sktmp, i);
-		if(!do_create(oval->value, oval->name))
-			{
-			ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
-			return 0;
-			}
-		}
-	return 1;
-	}
+{
+    int i;
+    const char *oid_section;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *oval;
+    oid_section = CONF_imodule_get_value(md);
+    if (!(sktmp = NCONF_get_section(cnf, oid_section))) {
+        ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        oval = sk_CONF_VALUE_value(sktmp, i);
+        if (!do_create(oval->value, oval->name)) {
+            ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT);
+            return 0;
+        }
+    }
+    return 1;
+}
 
 static void oid_module_finish(CONF_IMODULE *md)
-	{
-	OBJ_cleanup();
-	}
+{
+    OBJ_cleanup();
+}
 
 void ASN1_add_oid_module(void)
-	{
-	CONF_module_add("oid_section", oid_module_init, oid_module_finish);
-	}
+{
+    CONF_module_add("oid_section", oid_module_init, oid_module_finish);
+}
 
-/* Create an OID based on a name value pair. Accept two formats.
+/*-
+ * Create an OID based on a name value pair. Accept two formats.
  * shortname = 1.2.3.4
  * shortname = some long name, 1.2.3.4
  */
 
-
 static int do_create(char *value, char *name)
-	{
-	int nid;
-	ASN1_OBJECT *oid;
-	char *ln, *ostr, *p, *lntmp;
-	p = strrchr(value, ',');
-	if (!p)
-		{
-		ln = name;
-		ostr = value;
-		}
-	else
-		{
-		ln = NULL;
-		ostr = p + 1;
-		if (!*ostr)
-			return 0;
-		while(isspace((unsigned char)*ostr)) ostr++;
-		}
+{
+    int nid;
+    ASN1_OBJECT *oid;
+    char *ln, *ostr, *p, *lntmp;
+    p = strrchr(value, ',');
+    if (!p) {
+        ln = name;
+        ostr = value;
+    } else {
+        ln = NULL;
+        ostr = p + 1;
+        if (!*ostr)
+            return 0;
+        while (isspace((unsigned char)*ostr))
+            ostr++;
+    }
 
-	nid = OBJ_create(ostr, name, ln);
+    nid = OBJ_create(ostr, name, ln);
 
-	if (nid == NID_undef)
-		return 0;
+    if (nid == NID_undef)
+        return 0;
 
-	if (p)
-		{
-		ln = value;
-		while(isspace((unsigned char)*ln)) ln++;
-		p--;
-		while(isspace((unsigned char)*p))
-			{
-			if (p == ln)
-				return 0;
-			p--;
-			}
-		p++;
-		lntmp = OPENSSL_malloc((p - ln) + 1);
-		if (lntmp == NULL)
-			return 0;
-		memcpy(lntmp, ln, p - ln);
-		lntmp[p - ln] = 0;
-		oid = OBJ_nid2obj(nid);
-		oid->ln = lntmp;
-		}
+    if (p) {
+        ln = value;
+        while (isspace((unsigned char)*ln))
+            ln++;
+        p--;
+        while (isspace((unsigned char)*p)) {
+            if (p == ln)
+                return 0;
+            p--;
+        }
+        p++;
+        lntmp = OPENSSL_malloc((p - ln) + 1);
+        if (lntmp == NULL)
+            return 0;
+        memcpy(lntmp, ln, p - ln);
+        lntmp[p - ln] = 0;
+        oid = OBJ_nid2obj(nid);
+        oid->ln = lntmp;
+    }
 
-	return 1;
-	}
-		
-		
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c
index c373714b..0f460d0a 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/asn_pack.c
@@ -1,6 +1,7 @@
 /* asn_pack.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -67,90 +68,94 @@
 /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */
 
 STACK *ASN1_seq_unpack(const unsigned char *buf, int len,
-		       d2i_of_void *d2i,void (*free_func)(void *))
+                       d2i_of_void *d2i, void (*free_func) (void *))
 {
     STACK *sk;
     const unsigned char *pbuf;
-    pbuf =  buf;
+    pbuf = buf;
     if (!(sk = d2i_ASN1_SET(NULL, &pbuf, len, d2i, free_func,
-					V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
-		 ASN1err(ASN1_F_ASN1_SEQ_UNPACK,ASN1_R_DECODE_ERROR);
+                            V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL)))
+        ASN1err(ASN1_F_ASN1_SEQ_UNPACK, ASN1_R_DECODE_ERROR);
     return sk;
 }
 
-/* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
+/*
+ * Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a
  * OPENSSL_malloc'ed buffer
  */
 
-unsigned char *ASN1_seq_pack(STACK *safes, i2d_of_void *i2d,
-			     unsigned char **buf, int *len)
+unsigned char *ASN1_seq_pack(STACK * safes, i2d_of_void *i2d,
+                             unsigned char **buf, int *len)
 {
-	int safelen;
-	unsigned char *safe, *p;
-	if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
-					      V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
-		ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR);
-		return NULL;
-	}
-	if (!(safe = OPENSSL_malloc (safelen))) {
-		ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	p = safe;
-	i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
-								 IS_SEQUENCE);
-	if (len) *len = safelen;
-	if (buf) *buf = safe;
-	return safe;
+    int safelen;
+    unsigned char *safe, *p;
+    if (!(safelen = i2d_ASN1_SET(safes, NULL, i2d, V_ASN1_SEQUENCE,
+                                 V_ASN1_UNIVERSAL, IS_SEQUENCE))) {
+        ASN1err(ASN1_F_ASN1_SEQ_PACK, ASN1_R_ENCODE_ERROR);
+        return NULL;
+    }
+    if (!(safe = OPENSSL_malloc(safelen))) {
+        ASN1err(ASN1_F_ASN1_SEQ_PACK, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    p = safe;
+    i2d_ASN1_SET(safes, &p, i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
+                 IS_SEQUENCE);
+    if (len)
+        *len = safelen;
+    if (buf)
+        *buf = safe;
+    return safe;
 }
 
 /* Extract an ASN1 object from an ASN1_STRING */
 
 void *ASN1_unpack_string(ASN1_STRING *oct, d2i_of_void *d2i)
 {
-	const unsigned char *p;
-	char *ret;
+    const unsigned char *p;
+    char *ret;
 
-	p = oct->data;
-	if(!(ret = d2i(NULL, &p, oct->length)))
-		ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR);
-	return ret;
+    p = oct->data;
+    if (!(ret = d2i(NULL, &p, oct->length)))
+        ASN1err(ASN1_F_ASN1_UNPACK_STRING, ASN1_R_DECODE_ERROR);
+    return ret;
 }
 
 /* Pack an ASN1 object into an ASN1_STRING */
 
 ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
 {
-	unsigned char *p;
-	ASN1_STRING *octmp;
-
-	if (!oct || !*oct) {
-		if (!(octmp = ASN1_STRING_new ())) {
-			ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-			return NULL;
-		}
-		if (oct) *oct = octmp;
-	} else octmp = *oct;
-		
-	if (!(octmp->length = i2d(obj, NULL))) {
-		ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR);
-		goto err;
-	}
-	if (!(p = OPENSSL_malloc (octmp->length))) {
-		ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	octmp->data = p;
-	i2d (obj, &p);
-	return octmp;
-	err:
-	if (!oct || !*oct)
-		{
-		ASN1_STRING_free(octmp);
-		if (oct)
-			*oct = NULL;
-		}
-	return NULL;
+    unsigned char *p;
+    ASN1_STRING *octmp;
+
+    if (!oct || !*oct) {
+        if (!(octmp = ASN1_STRING_new())) {
+            ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        if (oct)
+            *oct = octmp;
+    } else
+        octmp = *oct;
+
+    if (!(octmp->length = i2d(obj, NULL))) {
+        ASN1err(ASN1_F_ASN1_PACK_STRING, ASN1_R_ENCODE_ERROR);
+        goto err;
+    }
+    if (!(p = OPENSSL_malloc(octmp->length))) {
+        ASN1err(ASN1_F_ASN1_PACK_STRING, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    octmp->data = p;
+    i2d(obj, &p);
+    return octmp;
+ err:
+    if (!oct || !*oct) {
+        ASN1_STRING_free(octmp);
+        if (oct)
+            *oct = NULL;
+    }
+    return NULL;
 }
 
 #endif
@@ -159,41 +164,43 @@ ASN1_STRING *ASN1_pack_string(void *obj, i2d_of_void *i2d, ASN1_STRING **oct)
 
 ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
 {
-	ASN1_STRING *octmp;
-
-	if (!oct || !*oct) {
-		if (!(octmp = ASN1_STRING_new ())) {
-			ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE);
-			return NULL;
-		}
-		if (oct) *oct = octmp;
-	} else octmp = *oct;
-
-	if(octmp->data) {
-		OPENSSL_free(octmp->data);
-		octmp->data = NULL;
-	}
-		
-	if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
-		ASN1err(ASN1_F_ASN1_ITEM_PACK,ASN1_R_ENCODE_ERROR);
-		return NULL;
-	}
-	if (!octmp->data) {
-		ASN1err(ASN1_F_ASN1_ITEM_PACK,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	return octmp;
+    ASN1_STRING *octmp;
+
+    if (!oct || !*oct) {
+        if (!(octmp = ASN1_STRING_new())) {
+            ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        if (oct)
+            *oct = octmp;
+    } else
+        octmp = *oct;
+
+    if (octmp->data) {
+        OPENSSL_free(octmp->data);
+        octmp->data = NULL;
+    }
+
+    if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
+        ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR);
+        return NULL;
+    }
+    if (!octmp->data) {
+        ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    return octmp;
 }
 
 /* Extract an ASN1 object from an ASN1_STRING */
 
 void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
 {
-	const unsigned char *p;
-	void *ret;
+    const unsigned char *p;
+    void *ret;
 
-	p = oct->data;
-	if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
-		ASN1err(ASN1_F_ASN1_ITEM_UNPACK,ASN1_R_DECODE_ERROR);
-	return ret;
+    p = oct->data;
+    if (!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
+        ASN1err(ASN1_F_ASN1_ITEM_UNPACK, ASN1_R_DECODE_ERROR);
+    return ret;
 }
diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c
index 207ccda5..3218862f 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/d2i_pr.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,99 +63,107 @@
 #include <openssl/objects.h>
 #include <openssl/asn1.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 #ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
+# include <openssl/ec.h>
 #endif
 
 EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp,
-	     long length)
-	{
-	EVP_PKEY *ret;
+                         long length)
+{
+    EVP_PKEY *ret;
 
-	if ((a == NULL) || (*a == NULL))
-		{
-		if ((ret=EVP_PKEY_new()) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_EVP_LIB);
-			return(NULL);
-			}
-		}
-	else	ret= *a;
+    if ((a == NULL) || (*a == NULL)) {
+        if ((ret = EVP_PKEY_new()) == NULL) {
+            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB);
+            return (NULL);
+        }
+    } else
+        ret = *a;
 
-	ret->save_type=type;
-	ret->type=EVP_PKEY_type(type);
-	switch (ret->type)
-		{
+    ret->save_type = type;
+    ret->type = EVP_PKEY_type(type);
+    switch (ret->type) {
 #ifndef OPENSSL_NO_RSA
-	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,
-			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
-			{
-			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
-			goto err;
-			}
-		break;
+    case EVP_PKEY_RSA:
+        /* TMP UGLY CAST */
+        if ((ret->pkey.rsa = d2i_RSAPrivateKey(NULL,
+                                               (const unsigned char **)pp,
+                                               length)) == NULL) {
+            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        break;
 #endif
 #ifndef OPENSSL_NO_DSA
-	case EVP_PKEY_DSA:
-		if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,
-			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
-			{
-			ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB);
-			goto err;
-			}
-		break;
+    case EVP_PKEY_DSA:
+        /* TMP UGLY CAST */
+        if ((ret->pkey.dsa = d2i_DSAPrivateKey(NULL,
+                                               (const unsigned char **)pp,
+                                               length)) == NULL) {
+            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        break;
 #endif
 #ifndef OPENSSL_NO_EC
-	case EVP_PKEY_EC:
-		if ((ret->pkey.ec = d2i_ECPrivateKey(NULL, 
-			(const unsigned char **)pp, length)) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
-			goto err;
-			}
-		break;
+    case EVP_PKEY_EC:
+        if ((ret->pkey.ec = d2i_ECPrivateKey(NULL,
+                                             (const unsigned char **)pp,
+                                             length)) == NULL) {
+            ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        break;
 #endif
-	default:
-		ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
-		goto err;
-		/* break; */
-		}
-	if (a != NULL) (*a)=ret;
-	return(ret);
-err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
-	return(NULL);
-	}
+    default:
+        ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+        goto err;
+        /* break; */
+    }
+    if (a != NULL)
+        (*a) = ret;
+    return (ret);
+ err:
+    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+        EVP_PKEY_free(ret);
+    return (NULL);
+}
 
-/* This works like d2i_PrivateKey() except it automatically works out the type */
+/*
+ * This works like d2i_PrivateKey() except it automatically works out the
+ * type
+ */
 
 EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp,
-	     long length)
+                             long length)
 {
-	STACK_OF(ASN1_TYPE) *inkey;
-	const unsigned char *p;
-	int keytype;
-	p = *pp;
-	/* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
-	 * by analyzing it we can determine the passed structure: this
-	 * assumes the input is surrounded by an ASN1 SEQUENCE.
-	 */
-	inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, 
-			ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-	/* Since we only need to discern "traditional format" RSA and DSA
-	 * keys we can just count the elements.
-         */
-	if(sk_ASN1_TYPE_num(inkey) == 6) 
-		keytype = EVP_PKEY_DSA;
-	else if (sk_ASN1_TYPE_num(inkey) == 4)
-		keytype = EVP_PKEY_EC;
-	else keytype = EVP_PKEY_RSA;
-	sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
-	return d2i_PrivateKey(keytype, a, pp, length);
+    STACK_OF(ASN1_TYPE) *inkey;
+    const unsigned char *p;
+    int keytype;
+    p = *pp;
+    /*
+     * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by
+     * analyzing it we can determine the passed structure: this assumes the
+     * input is surrounded by an ASN1 SEQUENCE.
+     */
+    inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE,
+                                      ASN1_TYPE_free, V_ASN1_SEQUENCE,
+                                      V_ASN1_UNIVERSAL);
+    /*
+     * Since we only need to discern "traditional format" RSA and DSA keys we
+     * can just count the elements.
+     */
+    if (sk_ASN1_TYPE_num(inkey) == 6)
+        keytype = EVP_PKEY_DSA;
+    else if (sk_ASN1_TYPE_num(inkey) == 4)
+        keytype = EVP_PKEY_EC;
+    else
+        keytype = EVP_PKEY_RSA;
+    sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
+    return d2i_PrivateKey(keytype, a, pp, length);
 }
diff --git a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c
index 3694f51a..1f05fee2 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/d2i_pu.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,73 +63,71 @@
 #include <openssl/objects.h>
 #include <openssl/asn1.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 #ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
+# include <openssl/ec.h>
 #endif
 
 EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp,
-	     long length)
-	{
-	EVP_PKEY *ret;
+                        long length)
+{
+    EVP_PKEY *ret;
 
-	if ((a == NULL) || (*a == NULL))
-		{
-		if ((ret=EVP_PKEY_new()) == NULL)
-			{
-			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_EVP_LIB);
-			return(NULL);
-			}
-		}
-	else	ret= *a;
+    if ((a == NULL) || (*a == NULL)) {
+        if ((ret = EVP_PKEY_new()) == NULL) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB);
+            return (NULL);
+        }
+    } else
+        ret = *a;
 
-	ret->save_type=type;
-	ret->type=EVP_PKEY_type(type);
-	switch (ret->type)
-		{
+    ret->save_type = type;
+    ret->type = EVP_PKEY_type(type);
+    switch (ret->type) {
 #ifndef OPENSSL_NO_RSA
-	case EVP_PKEY_RSA:
-		if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,
-			(const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */
-			{
-			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
-			goto err;
-			}
-		break;
+    case EVP_PKEY_RSA:
+        /* TMP UGLY CAST */
+        if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL,
+                                              (const unsigned char **)pp,
+                                              length)) == NULL) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        break;
 #endif
 #ifndef OPENSSL_NO_DSA
-	case EVP_PKEY_DSA:
-		if (!d2i_DSAPublicKey(&(ret->pkey.dsa),
-			(const unsigned char **)pp,length)) /* TMP UGLY CAST */
-			{
-			ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB);
-			goto err;
-			}
-		break;
+    case EVP_PKEY_DSA:
+        /* TMP UGLY CAST */
+        if (!d2i_DSAPublicKey(&(ret->pkey.dsa),
+                              (const unsigned char **)pp, length)) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        break;
 #endif
 #ifndef OPENSSL_NO_EC
-	case EVP_PKEY_EC:
-		if (!o2i_ECPublicKey(&(ret->pkey.ec),
-				     (const unsigned char **)pp, length))
-			{
-			ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
-			goto err;
-			}
-	break;
+    case EVP_PKEY_EC:
+        if (!o2i_ECPublicKey(&(ret->pkey.ec),
+                             (const unsigned char **)pp, length)) {
+            ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        break;
 #endif
-	default:
-		ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
-		goto err;
-		/* break; */
-		}
-	if (a != NULL) (*a)=ret;
-	return(ret);
-err:
-	if ((ret != NULL) && ((a == NULL) || (*a != ret))) EVP_PKEY_free(ret);
-	return(NULL);
-	}
-
+    default:
+        ASN1err(ASN1_F_D2I_PUBLICKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
+        goto err;
+        /* break; */
+    }
+    if (a != NULL)
+        (*a) = ret;
+    return (ret);
+ err:
+    if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+        EVP_PKEY_free(ret);
+    return (NULL);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c
index 1b944597..5876afa5 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/evp_asn1.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,132 +62,134 @@
 #include <openssl/asn1_mac.h>
 
 int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len)
-	{
-	ASN1_STRING *os;
-
-	if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0);
-	if (!M_ASN1_OCTET_STRING_set(os,data,len))
-		{
-		M_ASN1_OCTET_STRING_free(os);
-		return 0;
-		}
-	ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os);
-	return(1);
-	}
+{
+    ASN1_STRING *os;
+
+    if ((os = M_ASN1_OCTET_STRING_new()) == NULL)
+        return (0);
+    if (!M_ASN1_OCTET_STRING_set(os, data, len)) {
+        M_ASN1_OCTET_STRING_free(os);
+        return 0;
+    }
+    ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os);
+    return (1);
+}
 
 /* int max_len:  for returned value    */
-int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data,
-	     int max_len)
-	{
-	int ret,num;
-	unsigned char *p;
-
-	if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL))
-		{
-		ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
-		return(-1);
-		}
-	p=M_ASN1_STRING_data(a->value.octet_string);
-	ret=M_ASN1_STRING_length(a->value.octet_string);
-	if (ret < max_len)
-		num=ret;
-	else
-		num=max_len;
-	memcpy(data,p,num);
-	return(ret);
-	}
+int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, int max_len)
+{
+    int ret, num;
+    unsigned char *p;
+
+    if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) {
+        ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
+        return (-1);
+    }
+    p = M_ASN1_STRING_data(a->value.octet_string);
+    ret = M_ASN1_STRING_length(a->value.octet_string);
+    if (ret < max_len)
+        num = ret;
+    else
+        num = max_len;
+    memcpy(data, p, num);
+    return (ret);
+}
 
 int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
-	     int len)
-	{
-	int n,size;
-	ASN1_OCTET_STRING os,*osp;
-	ASN1_INTEGER in;
-	unsigned char *p;
-	unsigned char buf[32]; /* when they have 256bit longs, 
-				* I'll be in trouble */
-	in.data=buf;
-	in.length=32;
-	os.data=data;
-	os.type=V_ASN1_OCTET_STRING;
-	os.length=len;
-	ASN1_INTEGER_set(&in,num);
-	n =  i2d_ASN1_INTEGER(&in,NULL);
-	n+=M_i2d_ASN1_OCTET_STRING(&os,NULL);
-
-	size=ASN1_object_size(1,n,V_ASN1_SEQUENCE);
-
-	if ((osp=ASN1_STRING_new()) == NULL) return(0);
-	/* Grow the 'string' */
-	if (!ASN1_STRING_set(osp,NULL,size))
-		{
-		ASN1_STRING_free(osp);
-		return(0);
-		}
-
-	M_ASN1_STRING_length_set(osp, size);
-	p=M_ASN1_STRING_data(osp);
-
-	ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL);
-	  i2d_ASN1_INTEGER(&in,&p);
-	M_i2d_ASN1_OCTET_STRING(&os,&p);
-
-	ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp);
-	return(1);
-	}
-
-/* we return the actual length..., num may be missing, in which
- * case, set it to zero */
+                                  int len)
+{
+    int n, size;
+    ASN1_OCTET_STRING os, *osp;
+    ASN1_INTEGER in;
+    unsigned char *p;
+    unsigned char buf[32];      /* when they have 256bit longs, I'll be in
+                                 * trouble */
+    in.data = buf;
+    in.length = 32;
+    os.data = data;
+    os.type = V_ASN1_OCTET_STRING;
+    os.length = len;
+    ASN1_INTEGER_set(&in, num);
+    n = i2d_ASN1_INTEGER(&in, NULL);
+    n += M_i2d_ASN1_OCTET_STRING(&os, NULL);
+
+    size = ASN1_object_size(1, n, V_ASN1_SEQUENCE);
+
+    if ((osp = ASN1_STRING_new()) == NULL)
+        return (0);
+    /* Grow the 'string' */
+    if (!ASN1_STRING_set(osp, NULL, size)) {
+        ASN1_STRING_free(osp);
+        return (0);
+    }
+
+    M_ASN1_STRING_length_set(osp, size);
+    p = M_ASN1_STRING_data(osp);
+
+    ASN1_put_object(&p, 1, n, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+    i2d_ASN1_INTEGER(&in, &p);
+    M_i2d_ASN1_OCTET_STRING(&os, &p);
+
+    ASN1_TYPE_set(a, V_ASN1_SEQUENCE, osp);
+    return (1);
+}
+
+/*
+ * we return the actual length..., num may be missing, in which case, set it
+ * to zero
+ */
 /* int max_len:  for returned value    */
-int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data,
-	     int max_len)
-	{
-	int ret= -1,n;
-	ASN1_INTEGER *ai=NULL;
-	ASN1_OCTET_STRING *os=NULL;
-	const unsigned char *p;
-	long length;
-	ASN1_const_CTX c;
-
-	if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL))
-		{
-		goto err;
-		}
-	p=M_ASN1_STRING_data(a->value.sequence);
-	length=M_ASN1_STRING_length(a->value.sequence);
-
-	c.pp= &p;
-	c.p=p;
-	c.max=p+length;
-	c.error=ASN1_R_DATA_IS_WRONG;
-
-	M_ASN1_D2I_start_sequence();
-	c.q=c.p;
-	if ((ai=d2i_ASN1_INTEGER(NULL,&c.p,c.slen)) == NULL) goto err;
-        c.slen-=(c.p-c.q);
-	c.q=c.p;
-	if ((os=d2i_ASN1_OCTET_STRING(NULL,&c.p,c.slen)) == NULL) goto err;
-        c.slen-=(c.p-c.q);
-	if (!M_ASN1_D2I_end_sequence()) goto err;
-
-	if (num != NULL)
-		*num=ASN1_INTEGER_get(ai);
-
-	ret=M_ASN1_STRING_length(os);
-	if (max_len > ret)
-		n=ret;
-	else
-		n=max_len;
-
-	if (data != NULL)
-		memcpy(data,M_ASN1_STRING_data(os),n);
-	if (0)
-		{
-err:
-		ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG);
-		}
-	if (os != NULL) M_ASN1_OCTET_STRING_free(os);
-	if (ai != NULL) M_ASN1_INTEGER_free(ai);
-	return(ret);
-	}
-
+int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num,
+                                  unsigned char *data, int max_len)
+{
+    int ret = -1, n;
+    ASN1_INTEGER *ai = NULL;
+    ASN1_OCTET_STRING *os = NULL;
+    const unsigned char *p;
+    long length;
+    ASN1_const_CTX c;
+
+    if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) {
+        goto err;
+    }
+    p = M_ASN1_STRING_data(a->value.sequence);
+    length = M_ASN1_STRING_length(a->value.sequence);
+
+    c.pp = &p;
+    c.p = p;
+    c.max = p + length;
+    c.error = ASN1_R_DATA_IS_WRONG;
+
+    M_ASN1_D2I_start_sequence();
+    c.q = c.p;
+    if ((ai = d2i_ASN1_INTEGER(NULL, &c.p, c.slen)) == NULL)
+        goto err;
+    c.slen -= (c.p - c.q);
+    c.q = c.p;
+    if ((os = d2i_ASN1_OCTET_STRING(NULL, &c.p, c.slen)) == NULL)
+        goto err;
+    c.slen -= (c.p - c.q);
+    if (!M_ASN1_D2I_end_sequence())
+        goto err;
+
+    if (num != NULL)
+        *num = ASN1_INTEGER_get(ai);
+
+    ret = M_ASN1_STRING_length(os);
+    if (max_len > ret)
+        n = ret;
+    else
+        n = max_len;
+
+    if (data != NULL)
+        memcpy(data, M_ASN1_STRING_data(os), n);
+    if (0) {
+ err:
+        ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG);
+    }
+    if (os != NULL)
+        M_ASN1_OCTET_STRING_free(os);
+    if (ai != NULL)
+        M_ASN1_INTEGER_free(ai);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_enum.c b/Cryptlib/OpenSSL/crypto/asn1/f_enum.c
index 56e3cc8d..591c3b57 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/f_enum.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/f_enum.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,144 +64,140 @@
 /* Based on a_int.c: equivalent ENUMERATED functions */
 
 int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a)
-	{
-	int i,n=0;
-	static const char *h="0123456789ABCDEF";
-	char buf[2];
+{
+    int i, n = 0;
+    static const char *h = "0123456789ABCDEF";
+    char buf[2];
 
-	if (a == NULL) return(0);
+    if (a == NULL)
+        return (0);
 
-	if (a->length == 0)
-		{
-		if (BIO_write(bp,"00",2) != 2) goto err;
-		n=2;
-		}
-	else
-		{
-		for (i=0; i<a->length; i++)
-			{
-			if ((i != 0) && (i%35 == 0))
-				{
-				if (BIO_write(bp,"\\\n",2) != 2) goto err;
-				n+=2;
-				}
-			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
-			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
-			if (BIO_write(bp,buf,2) != 2) goto err;
-			n+=2;
-			}
-		}
-	return(n);
-err:
-	return(-1);
-	}
+    if (a->length == 0) {
+        if (BIO_write(bp, "00", 2) != 2)
+            goto err;
+        n = 2;
+    } else {
+        for (i = 0; i < a->length; i++) {
+            if ((i != 0) && (i % 35 == 0)) {
+                if (BIO_write(bp, "\\\n", 2) != 2)
+                    goto err;
+                n += 2;
+            }
+            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
+            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
+            if (BIO_write(bp, buf, 2) != 2)
+                goto err;
+            n += 2;
+        }
+    }
+    return (n);
+ err:
+    return (-1);
+}
 
 int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
-	{
-	int ret=0;
-	int i,j,k,m,n,again,bufsize;
-	unsigned char *s=NULL,*sp;
-	unsigned char *bufp;
-	int num=0,slen=0,first=1;
-
-	bs->type=V_ASN1_ENUMERATED;
+{
+    int ret = 0;
+    int i, j, k, m, n, again, bufsize;
+    unsigned char *s = NULL, *sp;
+    unsigned char *bufp;
+    int num = 0, slen = 0, first = 1;
 
-	bufsize=BIO_gets(bp,buf,size);
-	for (;;)
-		{
-		if (bufsize < 1) goto err_sl;
-		i=bufsize;
-		if (buf[i-1] == '\n') buf[--i]='\0';
-		if (i == 0) goto err_sl;
-		if (buf[i-1] == '\r') buf[--i]='\0';
-		if (i == 0) goto err_sl;
-		again=(buf[i-1] == '\\');
+    bs->type = V_ASN1_ENUMERATED;
 
-		for (j=0; j<i; j++)
-			{
-			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
-				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-				((buf[j] >= 'A') && (buf[j] <= 'F'))))
-				{
-				i=j;
-				break;
-				}
-			}
-		buf[i]='\0';
-		/* We have now cleared all the crap off the end of the
-		 * line */
-		if (i < 2) goto err_sl;
+    bufsize = BIO_gets(bp, buf, size);
+    for (;;) {
+        if (bufsize < 1)
+            goto err_sl;
+        i = bufsize;
+        if (buf[i - 1] == '\n')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err_sl;
+        if (buf[i - 1] == '\r')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err_sl;
+        again = (buf[i - 1] == '\\');
 
-		bufp=(unsigned char *)buf;
-		if (first)
-			{
-			first=0;
-			if ((bufp[0] == '0') && (buf[1] == '0'))
-				{
-				bufp+=2;
-				i-=2;
-				}
-			}
-		k=0;
-		i-=again;
-		if (i%2 != 0)
-			{
-			ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_ODD_NUMBER_OF_CHARS);
-			goto err;
-			}
-		i/=2;
-		if (num+i > slen)
-			{
-			if (s == NULL)
-				sp=(unsigned char *)OPENSSL_malloc(
-					(unsigned int)num+i*2);
-			else
-				sp=(unsigned char *)OPENSSL_realloc(s,
-					(unsigned int)num+i*2);
-			if (sp == NULL)
-				{
-				ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
-				if (s != NULL) OPENSSL_free(s);
-				goto err;
-				}
-			s=sp;
-			slen=num+i*2;
-			}
-		for (j=0; j<i; j++,k+=2)
-			{
-			for (n=0; n<2; n++)
-				{
-				m=bufp[k+n];
-				if ((m >= '0') && (m <= '9'))
-					m-='0';
-				else if ((m >= 'a') && (m <= 'f'))
-					m=m-'a'+10;
-				else if ((m >= 'A') && (m <= 'F'))
-					m=m-'A'+10;
-				else
-					{
-					ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_NON_HEX_CHARACTERS);
-					goto err;
-					}
-				s[num+j]<<=4;
-				s[num+j]|=m;
-				}
-			}
-		num+=i;
-		if (again)
-			bufsize=BIO_gets(bp,buf,size);
-		else
-			break;
-		}
-	bs->length=num;
-	bs->data=s;
-	ret=1;
-err:
-	if (0)
-		{
-err_sl:
-		ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ASN1_R_SHORT_LINE);
-		}
-	return(ret);
-	}
+        for (j = 0; j < i; j++) {
+            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
+                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                  ((buf[j] >= 'A') && (buf[j] <= 'F')))) {
+                i = j;
+                break;
+            }
+        }
+        buf[i] = '\0';
+        /*
+         * We have now cleared all the crap off the end of the line
+         */
+        if (i < 2)
+            goto err_sl;
 
+        bufp = (unsigned char *)buf;
+        if (first) {
+            first = 0;
+            if ((bufp[0] == '0') && (buf[1] == '0')) {
+                bufp += 2;
+                i -= 2;
+            }
+        }
+        k = 0;
+        i -= again;
+        if (i % 2 != 0) {
+            ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_ODD_NUMBER_OF_CHARS);
+            goto err;
+        }
+        i /= 2;
+        if (num + i > slen) {
+            if (s == NULL)
+                sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +
+                                                     i * 2);
+            else
+                sp = (unsigned char *)OPENSSL_realloc(s,
+                                                      (unsigned int)num +
+                                                      i * 2);
+            if (sp == NULL) {
+                ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
+                if (s != NULL)
+                    OPENSSL_free(s);
+                goto err;
+            }
+            s = sp;
+            slen = num + i * 2;
+        }
+        for (j = 0; j < i; j++, k += 2) {
+            for (n = 0; n < 2; n++) {
+                m = bufp[k + n];
+                if ((m >= '0') && (m <= '9'))
+                    m -= '0';
+                else if ((m >= 'a') && (m <= 'f'))
+                    m = m - 'a' + 10;
+                else if ((m >= 'A') && (m <= 'F'))
+                    m = m - 'A' + 10;
+                else {
+                    ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,
+                            ASN1_R_NON_HEX_CHARACTERS);
+                    goto err;
+                }
+                s[num + j] <<= 4;
+                s[num + j] |= m;
+            }
+        }
+        num += i;
+        if (again)
+            bufsize = BIO_gets(bp, buf, size);
+        else
+            break;
+    }
+    bs->length = num;
+    bs->data = s;
+    ret = 1;
+ err:
+    if (0) {
+ err_sl:
+        ASN1err(ASN1_F_A2I_ASN1_ENUMERATED, ASN1_R_SHORT_LINE);
+    }
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_int.c b/Cryptlib/OpenSSL/crypto/asn1/f_int.c
index 9494e597..4a81f81c 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/f_int.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/f_int.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,158 +62,154 @@
 #include <openssl/asn1.h>
 
 int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a)
-	{
-	int i,n=0;
-	static const char *h="0123456789ABCDEF";
-	char buf[2];
+{
+    int i, n = 0;
+    static const char *h = "0123456789ABCDEF";
+    char buf[2];
 
-	if (a == NULL) return(0);
+    if (a == NULL)
+        return (0);
 
-	if (a->type & V_ASN1_NEG)
-		{
-		if (BIO_write(bp, "-", 1) != 1) goto err;
-		n = 1;
-		}
+    if (a->type & V_ASN1_NEG) {
+        if (BIO_write(bp, "-", 1) != 1)
+            goto err;
+        n = 1;
+    }
 
-	if (a->length == 0)
-		{
-		if (BIO_write(bp,"00",2) != 2) goto err;
-		n += 2;
-		}
-	else
-		{
-		for (i=0; i<a->length; i++)
-			{
-			if ((i != 0) && (i%35 == 0))
-				{
-				if (BIO_write(bp,"\\\n",2) != 2) goto err;
-				n+=2;
-				}
-			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
-			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
-			if (BIO_write(bp,buf,2) != 2) goto err;
-			n+=2;
-			}
-		}
-	return(n);
-err:
-	return(-1);
-	}
+    if (a->length == 0) {
+        if (BIO_write(bp, "00", 2) != 2)
+            goto err;
+        n += 2;
+    } else {
+        for (i = 0; i < a->length; i++) {
+            if ((i != 0) && (i % 35 == 0)) {
+                if (BIO_write(bp, "\\\n", 2) != 2)
+                    goto err;
+                n += 2;
+            }
+            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
+            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
+            if (BIO_write(bp, buf, 2) != 2)
+                goto err;
+            n += 2;
+        }
+    }
+    return (n);
+ err:
+    return (-1);
+}
 
 int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
-	{
-	int ret=0;
-	int i,j,k,m,n,again,bufsize;
-	unsigned char *s=NULL,*sp;
-	unsigned char *bufp;
-	int num=0,slen=0,first=1;
+{
+    int ret = 0;
+    int i, j, k, m, n, again, bufsize;
+    unsigned char *s = NULL, *sp;
+    unsigned char *bufp;
+    int num = 0, slen = 0, first = 1;
 
-	bs->type=V_ASN1_INTEGER;
+    bs->type = V_ASN1_INTEGER;
 
-	bufsize=BIO_gets(bp,buf,size);
-	for (;;)
-		{
-		if (bufsize < 1) goto err_sl;
-		i=bufsize;
-		if (buf[i-1] == '\n') buf[--i]='\0';
-		if (i == 0) goto err_sl;
-		if (buf[i-1] == '\r') buf[--i]='\0';
-		if (i == 0) goto err_sl;
-		again=(buf[i-1] == '\\');
+    bufsize = BIO_gets(bp, buf, size);
+    for (;;) {
+        if (bufsize < 1)
+            goto err_sl;
+        i = bufsize;
+        if (buf[i - 1] == '\n')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err_sl;
+        if (buf[i - 1] == '\r')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err_sl;
+        again = (buf[i - 1] == '\\');
 
-		for (j=0; j<i; j++)
-			{
+        for (j = 0; j < i; j++) {
 #ifndef CHARSET_EBCDIC
-			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
-				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-				((buf[j] >= 'A') && (buf[j] <= 'F'))))
+            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
+                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                  ((buf[j] >= 'A') && (buf[j] <= 'F'))))
 #else
-			/* This #ifdef is not strictly necessary, since
-			 * the characters A...F a...f 0...9 are contiguous
-			 * (yes, even in EBCDIC - but not the whole alphabet).
-			 * Nevertheless, isxdigit() is faster.
-			 */
-			if (!isxdigit(buf[j]))
+            /*
+             * This #ifdef is not strictly necessary, since the characters
+             * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but
+             * not the whole alphabet). Nevertheless, isxdigit() is faster.
+             */
+            if (!isxdigit(buf[j]))
 #endif
-				{
-				i=j;
-				break;
-				}
-			}
-		buf[i]='\0';
-		/* We have now cleared all the crap off the end of the
-		 * line */
-		if (i < 2) goto err_sl;
-
-		bufp=(unsigned char *)buf;
-		if (first)
-			{
-			first=0;
-			if ((bufp[0] == '0') && (buf[1] == '0'))
-				{
-				bufp+=2;
-				i-=2;
-				}
-			}
-		k=0;
-		i-=again;
-		if (i%2 != 0)
-			{
-			ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_ODD_NUMBER_OF_CHARS);
-			goto err;
-			}
-		i/=2;
-		if (num+i > slen)
-			{
-			if (s == NULL)
-				sp=(unsigned char *)OPENSSL_malloc(
-					(unsigned int)num+i*2);
-			else
-				sp=OPENSSL_realloc_clean(s,slen,num+i*2);
-			if (sp == NULL)
-				{
-				ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-				if (s != NULL) OPENSSL_free(s);
-				goto err;
-				}
-			s=sp;
-			slen=num+i*2;
-			}
-		for (j=0; j<i; j++,k+=2)
-			{
-			for (n=0; n<2; n++)
-				{
-				m=bufp[k+n];
-				if ((m >= '0') && (m <= '9'))
-					m-='0';
-				else if ((m >= 'a') && (m <= 'f'))
-					m=m-'a'+10;
-				else if ((m >= 'A') && (m <= 'F'))
-					m=m-'A'+10;
-				else
-					{
-					ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_NON_HEX_CHARACTERS);
-					goto err;
-					}
-				s[num+j]<<=4;
-				s[num+j]|=m;
-				}
-			}
-		num+=i;
-		if (again)
-			bufsize=BIO_gets(bp,buf,size);
-		else
-			break;
-		}
-	bs->length=num;
-	bs->data=s;
-	ret=1;
-err:
-	if (0)
-		{
-err_sl:
-		ASN1err(ASN1_F_A2I_ASN1_INTEGER,ASN1_R_SHORT_LINE);
-		}
-	return(ret);
-	}
+            {
+                i = j;
+                break;
+            }
+        }
+        buf[i] = '\0';
+        /*
+         * We have now cleared all the crap off the end of the line
+         */
+        if (i < 2)
+            goto err_sl;
 
+        bufp = (unsigned char *)buf;
+        if (first) {
+            first = 0;
+            if ((bufp[0] == '0') && (buf[1] == '0')) {
+                bufp += 2;
+                i -= 2;
+            }
+        }
+        k = 0;
+        i -= again;
+        if (i % 2 != 0) {
+            ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_ODD_NUMBER_OF_CHARS);
+            goto err;
+        }
+        i /= 2;
+        if (num + i > slen) {
+            if (s == NULL)
+                sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +
+                                                     i * 2);
+            else
+                sp = OPENSSL_realloc_clean(s, slen, num + i * 2);
+            if (sp == NULL) {
+                ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+                if (s != NULL)
+                    OPENSSL_free(s);
+                goto err;
+            }
+            s = sp;
+            slen = num + i * 2;
+        }
+        for (j = 0; j < i; j++, k += 2) {
+            for (n = 0; n < 2; n++) {
+                m = bufp[k + n];
+                if ((m >= '0') && (m <= '9'))
+                    m -= '0';
+                else if ((m >= 'a') && (m <= 'f'))
+                    m = m - 'a' + 10;
+                else if ((m >= 'A') && (m <= 'F'))
+                    m = m - 'A' + 10;
+                else {
+                    ASN1err(ASN1_F_A2I_ASN1_INTEGER,
+                            ASN1_R_NON_HEX_CHARACTERS);
+                    goto err;
+                }
+                s[num + j] <<= 4;
+                s[num + j] |= m;
+            }
+        }
+        num += i;
+        if (again)
+            bufsize = BIO_gets(bp, buf, size);
+        else
+            break;
+    }
+    bs->length = num;
+    bs->data = s;
+    ret = 1;
+ err:
+    if (0) {
+ err_sl:
+        ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE);
+    }
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/f_string.c b/Cryptlib/OpenSSL/crypto/asn1/f_string.c
index 968698a7..6a6cf347 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/f_string.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/f_string.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,151 +62,148 @@
 #include <openssl/asn1.h>
 
 int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type)
-	{
-	int i,n=0;
-	static const char *h="0123456789ABCDEF";
-	char buf[2];
+{
+    int i, n = 0;
+    static const char *h = "0123456789ABCDEF";
+    char buf[2];
 
-	if (a == NULL) return(0);
+    if (a == NULL)
+        return (0);
 
-	if (a->length == 0)
-		{
-		if (BIO_write(bp,"0",1) != 1) goto err;
-		n=1;
-		}
-	else
-		{
-		for (i=0; i<a->length; i++)
-			{
-			if ((i != 0) && (i%35 == 0))
-				{
-				if (BIO_write(bp,"\\\n",2) != 2) goto err;
-				n+=2;
-				}
-			buf[0]=h[((unsigned char)a->data[i]>>4)&0x0f];
-			buf[1]=h[((unsigned char)a->data[i]   )&0x0f];
-			if (BIO_write(bp,buf,2) != 2) goto err;
-			n+=2;
-			}
-		}
-	return(n);
-err:
-	return(-1);
-	}
+    if (a->length == 0) {
+        if (BIO_write(bp, "0", 1) != 1)
+            goto err;
+        n = 1;
+    } else {
+        for (i = 0; i < a->length; i++) {
+            if ((i != 0) && (i % 35 == 0)) {
+                if (BIO_write(bp, "\\\n", 2) != 2)
+                    goto err;
+                n += 2;
+            }
+            buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
+            buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
+            if (BIO_write(bp, buf, 2) != 2)
+                goto err;
+            n += 2;
+        }
+    }
+    return (n);
+ err:
+    return (-1);
+}
 
 int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size)
-	{
-	int ret=0;
-	int i,j,k,m,n,again,bufsize;
-	unsigned char *s=NULL,*sp;
-	unsigned char *bufp;
-	int num=0,slen=0,first=1;
+{
+    int ret = 0;
+    int i, j, k, m, n, again, bufsize;
+    unsigned char *s = NULL, *sp;
+    unsigned char *bufp;
+    int num = 0, slen = 0, first = 1;
 
-	bufsize=BIO_gets(bp,buf,size);
-	for (;;)
-		{
-		if (bufsize < 1)
-			{
-			if (first)
-				break;
-			else
-				goto err_sl;
-			}
-		first=0;
+    bufsize = BIO_gets(bp, buf, size);
+    for (;;) {
+        if (bufsize < 1) {
+            if (first)
+                break;
+            else
+                goto err_sl;
+        }
+        first = 0;
 
-		i=bufsize;
-		if (buf[i-1] == '\n') buf[--i]='\0';
-		if (i == 0) goto err_sl;
-		if (buf[i-1] == '\r') buf[--i]='\0';
-		if (i == 0) goto err_sl;
-		again=(buf[i-1] == '\\');
+        i = bufsize;
+        if (buf[i - 1] == '\n')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err_sl;
+        if (buf[i - 1] == '\r')
+            buf[--i] = '\0';
+        if (i == 0)
+            goto err_sl;
+        again = (buf[i - 1] == '\\');
 
-		for (j=i-1; j>0; j--)
-			{
+        for (j = i - 1; j > 0; j--) {
 #ifndef CHARSET_EBCDIC
-			if (!(	((buf[j] >= '0') && (buf[j] <= '9')) ||
-				((buf[j] >= 'a') && (buf[j] <= 'f')) ||
-				((buf[j] >= 'A') && (buf[j] <= 'F'))))
+            if (!(((buf[j] >= '0') && (buf[j] <= '9')) ||
+                  ((buf[j] >= 'a') && (buf[j] <= 'f')) ||
+                  ((buf[j] >= 'A') && (buf[j] <= 'F'))))
 #else
-			/* This #ifdef is not strictly necessary, since
-			 * the characters A...F a...f 0...9 are contiguous
-			 * (yes, even in EBCDIC - but not the whole alphabet).
-			 * Nevertheless, isxdigit() is faster.
-			 */
-			if (!isxdigit(buf[j]))
+            /*
+             * This #ifdef is not strictly necessary, since the characters
+             * A...F a...f 0...9 are contiguous (yes, even in EBCDIC - but
+             * not the whole alphabet). Nevertheless, isxdigit() is faster.
+             */
+            if (!isxdigit(buf[j]))
 #endif
-				{
-				i=j;
-				break;
-				}
-			}
-		buf[i]='\0';
-		/* We have now cleared all the crap off the end of the
-		 * line */
-		if (i < 2) goto err_sl;
-
-		bufp=(unsigned char *)buf;
+            {
+                i = j;
+                break;
+            }
+        }
+        buf[i] = '\0';
+        /*
+         * We have now cleared all the crap off the end of the line
+         */
+        if (i < 2)
+            goto err_sl;
 
-		k=0;
-		i-=again;
-		if (i%2 != 0)
-			{
-			ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_ODD_NUMBER_OF_CHARS);
-			goto err;
-			}
-		i/=2;
-		if (num+i > slen)
-			{
-			if (s == NULL)
-				sp=(unsigned char *)OPENSSL_malloc(
-					(unsigned int)num+i*2);
-			else
-				sp=(unsigned char *)OPENSSL_realloc(s,
-					(unsigned int)num+i*2);
-			if (sp == NULL)
-				{
-				ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE);
-				if (s != NULL) OPENSSL_free(s);
-				goto err;
-				}
-			s=sp;
-			slen=num+i*2;
-			}
-		for (j=0; j<i; j++,k+=2)
-			{
-			for (n=0; n<2; n++)
-				{
-				m=bufp[k+n];
-				if ((m >= '0') && (m <= '9'))
-					m-='0';
-				else if ((m >= 'a') && (m <= 'f'))
-					m=m-'a'+10;
-				else if ((m >= 'A') && (m <= 'F'))
-					m=m-'A'+10;
-				else
-					{
-					ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_NON_HEX_CHARACTERS);
-					goto err;
-					}
-				s[num+j]<<=4;
-				s[num+j]|=m;
-				}
-			}
-		num+=i;
-		if (again)
-			bufsize=BIO_gets(bp,buf,size);
-		else
-			break;
-		}
-	bs->length=num;
-	bs->data=s;
-	ret=1;
-err:
-	if (0)
-		{
-err_sl:
-		ASN1err(ASN1_F_A2I_ASN1_STRING,ASN1_R_SHORT_LINE);
-		}
-	return(ret);
-	}
+        bufp = (unsigned char *)buf;
 
+        k = 0;
+        i -= again;
+        if (i % 2 != 0) {
+            ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS);
+            goto err;
+        }
+        i /= 2;
+        if (num + i > slen) {
+            if (s == NULL)
+                sp = (unsigned char *)OPENSSL_malloc((unsigned int)num +
+                                                     i * 2);
+            else
+                sp = (unsigned char *)OPENSSL_realloc(s,
+                                                      (unsigned int)num +
+                                                      i * 2);
+            if (sp == NULL) {
+                ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE);
+                if (s != NULL)
+                    OPENSSL_free(s);
+                goto err;
+            }
+            s = sp;
+            slen = num + i * 2;
+        }
+        for (j = 0; j < i; j++, k += 2) {
+            for (n = 0; n < 2; n++) {
+                m = bufp[k + n];
+                if ((m >= '0') && (m <= '9'))
+                    m -= '0';
+                else if ((m >= 'a') && (m <= 'f'))
+                    m = m - 'a' + 10;
+                else if ((m >= 'A') && (m <= 'F'))
+                    m = m - 'A' + 10;
+                else {
+                    ASN1err(ASN1_F_A2I_ASN1_STRING,
+                            ASN1_R_NON_HEX_CHARACTERS);
+                    goto err;
+                }
+                s[num + j] <<= 4;
+                s[num + j] |= m;
+            }
+        }
+        num += i;
+        if (again)
+            bufsize = BIO_gets(bp, buf, size);
+        else
+            break;
+    }
+    bs->length = num;
+    bs->data = s;
+    ret = 1;
+ err:
+    if (0) {
+ err_sl:
+        ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE);
+    }
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c
index 0be52c5b..2919e48d 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/i2d_pr.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,38 +62,33 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 #ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
+# include <openssl/ec.h>
 #endif
 
 int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
-	{
+{
 #ifndef OPENSSL_NO_RSA
-	if (a->type == EVP_PKEY_RSA)
-		{
-		return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
-		}
-	else
+    if (a->type == EVP_PKEY_RSA) {
+        return (i2d_RSAPrivateKey(a->pkey.rsa, pp));
+    } else
 #endif
 #ifndef OPENSSL_NO_DSA
-	if (a->type == EVP_PKEY_DSA)
-		{
-		return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
-		}
+    if (a->type == EVP_PKEY_DSA) {
+        return (i2d_DSAPrivateKey(a->pkey.dsa, pp));
+    }
 #endif
 #ifndef OPENSSL_NO_EC
-	if (a->type == EVP_PKEY_EC)
-		{
-		return(i2d_ECPrivateKey(a->pkey.ec, pp));
-		}
+    if (a->type == EVP_PKEY_EC) {
+        return (i2d_ECPrivateKey(a->pkey.ec, pp));
+    }
 #endif
 
-	ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-	return(-1);
-	}
-
+    ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+    return (-1);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c b/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c
index 34286dbd..b8ed3554 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/i2d_pu.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,34 +62,32 @@
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 #ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
+# include <openssl/ec.h>
 #endif
 
 int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
-	{
-	switch (a->type)
-		{
+{
+    switch (a->type) {
 #ifndef OPENSSL_NO_RSA
-	case EVP_PKEY_RSA:
-		return(i2d_RSAPublicKey(a->pkey.rsa,pp));
+    case EVP_PKEY_RSA:
+        return (i2d_RSAPublicKey(a->pkey.rsa, pp));
 #endif
 #ifndef OPENSSL_NO_DSA
-	case EVP_PKEY_DSA:
-		return(i2d_DSAPublicKey(a->pkey.dsa,pp));
+    case EVP_PKEY_DSA:
+        return (i2d_DSAPublicKey(a->pkey.dsa, pp));
 #endif
 #ifndef OPENSSL_NO_EC
-	case EVP_PKEY_EC:
-		return(i2o_ECPublicKey(a->pkey.ec, pp));
+    case EVP_PKEY_EC:
+        return (i2o_ECPublicKey(a->pkey.ec, pp));
 #endif
-	default:
-		ASN1err(ASN1_F_I2D_PUBLICKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
-		return(-1);
-		}
-	}
-
+    default:
+        ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
+        return (-1);
+    }
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c
index e7d04390..f7b874eb 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/n_pkey.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,37 +59,34 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#include <openssl/objects.h>
-#include <openssl/asn1t.h>
-#include <openssl/asn1_mac.h>
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-
-#ifndef OPENSSL_NO_RC4
-
-typedef struct netscape_pkey_st
-	{
-	long version;
-	X509_ALGOR *algor;
-	ASN1_OCTET_STRING *private_key;
-	} NETSCAPE_PKEY;
-
-typedef struct netscape_encrypted_pkey_st
-	{
-	ASN1_OCTET_STRING *os;
-	/* This is the same structure as DigestInfo so use it:
-	 * although this isn't really anything to do with
-	 * digests.
-	 */
-	X509_SIG *enckey;
-	} NETSCAPE_ENCRYPTED_PKEY;
+# include <openssl/rsa.h>
+# include <openssl/objects.h>
+# include <openssl/asn1t.h>
+# include <openssl/asn1_mac.h>
+# include <openssl/evp.h>
+# include <openssl/x509.h>
+
+# ifndef OPENSSL_NO_RC4
+
+typedef struct netscape_pkey_st {
+    long version;
+    X509_ALGOR *algor;
+    ASN1_OCTET_STRING *private_key;
+} NETSCAPE_PKEY;
+
+typedef struct netscape_encrypted_pkey_st {
+    ASN1_OCTET_STRING *os;
+    /*
+     * This is the same structure as DigestInfo so use it: although this
+     * isn't really anything to do with digests.
+     */
+    X509_SIG *enckey;
+} NETSCAPE_ENCRYPTED_PKEY;
 
 
 ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = {
-	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG)
 } ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY)
 
 DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
@@ -97,9 +94,9 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_P
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY)
 
 ASN1_SEQUENCE(NETSCAPE_PKEY) = {
-	ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
-	ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
-	ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
+        ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG),
+        ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(NETSCAPE_PKEY)
 
 DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
@@ -107,237 +104,232 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY)
 
 static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-			  int (*cb)(char *buf, int len, const char *prompt,
-				    int verify),
-			  int sgckey);
+                          int (*cb) (char *buf, int len, const char *prompt,
+                                     int verify), int sgckey);
 
 int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
-		     int (*cb)(char *buf, int len, const char *prompt,
-			       int verify))
+                     int (*cb) (char *buf, int len, const char *prompt,
+                                int verify))
 {
-	return i2d_RSA_NET(a, pp, cb, 0);
+    return i2d_RSA_NET(a, pp, cb, 0);
 }
 
 int i2d_RSA_NET(const RSA *a, unsigned char **pp,
-		int (*cb)(char *buf, int len, const char *prompt, int verify),
-		int sgckey)
-	{
-	int i, j, ret = 0;
-	int rsalen, pkeylen, olen;
-	NETSCAPE_PKEY *pkey = NULL;
-	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-	unsigned char buf[256],*zz;
-	unsigned char key[EVP_MAX_KEY_LENGTH];
-	EVP_CIPHER_CTX ctx;
-
-	if (a == NULL) return(0);
-
-	if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err;
-	if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err;
-	pkey->version = 0;
-
-	pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption);
-	if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
-	pkey->algor->parameter->type=V_ASN1_NULL;
-
-	rsalen = i2d_RSAPrivateKey(a, NULL);
-
-	/* Fake some octet strings just for the initial length
-	 * calculation.
- 	 */
-
-	pkey->private_key->length=rsalen;
-
-	pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL);
-
-	enckey->enckey->digest->length = pkeylen;
-
-	enckey->os->length = 11;	/* "private-key" */
-
-	enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4);
-	if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err;
-	enckey->enckey->algor->parameter->type=V_ASN1_NULL;
-
-	if (pp == NULL)
-		{
-		olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
-		NETSCAPE_PKEY_free(pkey);
-		NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-		return olen;
-		}
-
-
-	/* Since its RC4 encrypted length is actual length */
-	if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL)
-		{
-		ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	pkey->private_key->data = zz;
-	/* Write out private key encoding */
-	i2d_RSAPrivateKey(a,&zz);
-
-	if ((zz=OPENSSL_malloc(pkeylen)) == NULL)
-		{
-		ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (!ASN1_STRING_set(enckey->os, "private-key", -1)) 
-		{
-		ASN1err(ASN1_F_I2D_RSA_NET,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	enckey->enckey->digest->data = zz;
-	i2d_NETSCAPE_PKEY(pkey,&zz);
-
-	/* Wipe the private key encoding */
-	OPENSSL_cleanse(pkey->private_key->data, rsalen);
-		
-	if (cb == NULL)
-		cb=EVP_read_pw_string;
-	i=cb((char *)buf,256,"Enter Private Key password:",1);
-	if (i != 0)
-		{
-		ASN1err(ASN1_F_I2D_RSA_NET,ASN1_R_BAD_PASSWORD_READ);
-		goto err;
-		}
-	i = strlen((char *)buf);
-	/* If the key is used for SGC the algorithm is modified a little. */
-	if(sgckey) {
-		EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
-		memcpy(buf + 16, "SGCKEYSALT", 10);
-		i = 26;
-	}
-
-	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-	OPENSSL_cleanse(buf,256);
-
-	/* Encrypt private key in place */
-	zz = enckey->enckey->digest->data;
-	EVP_CIPHER_CTX_init(&ctx);
-	EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL);
-	EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen);
-	EVP_EncryptFinal_ex(&ctx,zz + i,&j);
-	EVP_CIPHER_CTX_cleanup(&ctx);
-
-	ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
-err:
-	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-	NETSCAPE_PKEY_free(pkey);
-	return(ret);
-	}
-
+                int (*cb) (char *buf, int len, const char *prompt,
+                           int verify), int sgckey)
+{
+    int i, j, ret = 0;
+    int rsalen, pkeylen, olen;
+    NETSCAPE_PKEY *pkey = NULL;
+    NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+    unsigned char buf[256], *zz;
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    EVP_CIPHER_CTX ctx;
+
+    if (a == NULL)
+        return (0);
+
+    if ((pkey = NETSCAPE_PKEY_new()) == NULL)
+        goto err;
+    if ((enckey = NETSCAPE_ENCRYPTED_PKEY_new()) == NULL)
+        goto err;
+    pkey->version = 0;
+
+    pkey->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
+    if ((pkey->algor->parameter = ASN1_TYPE_new()) == NULL)
+        goto err;
+    pkey->algor->parameter->type = V_ASN1_NULL;
+
+    rsalen = i2d_RSAPrivateKey(a, NULL);
+
+    /*
+     * Fake some octet strings just for the initial length calculation.
+     */
+
+    pkey->private_key->length = rsalen;
+
+    pkeylen = i2d_NETSCAPE_PKEY(pkey, NULL);
+
+    enckey->enckey->digest->length = pkeylen;
+
+    enckey->os->length = 11;    /* "private-key" */
+
+    enckey->enckey->algor->algorithm = OBJ_nid2obj(NID_rc4);
+    if ((enckey->enckey->algor->parameter = ASN1_TYPE_new()) == NULL)
+        goto err;
+    enckey->enckey->algor->parameter->type = V_ASN1_NULL;
+
+    if (pp == NULL) {
+        olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL);
+        NETSCAPE_PKEY_free(pkey);
+        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+        return olen;
+    }
+
+    /* Since its RC4 encrypted length is actual length */
+    if ((zz = (unsigned char *)OPENSSL_malloc(rsalen)) == NULL) {
+        ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    pkey->private_key->data = zz;
+    /* Write out private key encoding */
+    i2d_RSAPrivateKey(a, &zz);
+
+    if ((zz = OPENSSL_malloc(pkeylen)) == NULL) {
+        ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!ASN1_STRING_set(enckey->os, "private-key", -1)) {
+        ASN1err(ASN1_F_I2D_RSA_NET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    enckey->enckey->digest->data = zz;
+    i2d_NETSCAPE_PKEY(pkey, &zz);
+
+    /* Wipe the private key encoding */
+    OPENSSL_cleanse(pkey->private_key->data, rsalen);
+
+    if (cb == NULL)
+        cb = EVP_read_pw_string;
+    i = cb((char *)buf, 256, "Enter Private Key password:", 1);
+    if (i != 0) {
+        ASN1err(ASN1_F_I2D_RSA_NET, ASN1_R_BAD_PASSWORD_READ);
+        goto err;
+    }
+    i = strlen((char *)buf);
+    /* If the key is used for SGC the algorithm is modified a little. */
+    if (sgckey) {
+        EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+        memcpy(buf + 16, "SGCKEYSALT", 10);
+        i = 26;
+    }
+
+    EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL);
+    OPENSSL_cleanse(buf, 256);
+
+    /* Encrypt private key in place */
+    zz = enckey->enckey->digest->data;
+    EVP_CIPHER_CTX_init(&ctx);
+    EVP_EncryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL);
+    EVP_EncryptUpdate(&ctx, zz, &i, zz, pkeylen);
+    EVP_EncryptFinal_ex(&ctx, zz + i, &j);
+    EVP_CIPHER_CTX_cleanup(&ctx);
+
+    ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp);
+ err:
+    NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+    NETSCAPE_PKEY_free(pkey);
+    return (ret);
+}
 
 RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
-		      int (*cb)(char *buf, int len, const char *prompt,
-				int verify))
+                      int (*cb) (char *buf, int len, const char *prompt,
+                                 int verify))
 {
-	return d2i_RSA_NET(a, pp, length, cb, 0);
+    return d2i_RSA_NET(a, pp, length, cb, 0);
 }
 
 RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
-		 int (*cb)(char *buf, int len, const char *prompt, int verify),
-		 int sgckey)
-	{
-	RSA *ret=NULL;
-	const unsigned char *p;
-	NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
-
-	p = *pp;
-
-	enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
-	if(!enckey) {
-		ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_DECODING_ERROR);
-		return NULL;
-	}
-
-	if ((enckey->os->length != 11) || (strncmp("private-key",
-		(char *)enckey->os->data,11) != 0))
-		{
-		ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_PRIVATE_KEY_HEADER_MISSING);
-		NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-		return NULL;
-		}
-	if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4)
-		{
-		ASN1err(ASN1_F_D2I_RSA_NET,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
-		goto err;
-	}
-	if (cb == NULL)
-		cb=EVP_read_pw_string;
-	if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err;
-
-	*pp = p;
-
-	err:
-	NETSCAPE_ENCRYPTED_PKEY_free(enckey);
-	return ret;
-
-	}
+                 int (*cb) (char *buf, int len, const char *prompt,
+                            int verify), int sgckey)
+{
+    RSA *ret = NULL;
+    const unsigned char *p;
+    NETSCAPE_ENCRYPTED_PKEY *enckey = NULL;
+
+    p = *pp;
+
+    enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length);
+    if (!enckey) {
+        ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_DECODING_ERROR);
+        return NULL;
+    }
+
+    if ((enckey->os->length != 11) || (strncmp("private-key",
+                                               (char *)enckey->os->data,
+                                               11) != 0)) {
+        ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_PRIVATE_KEY_HEADER_MISSING);
+        NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+        return NULL;
+    }
+    if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) {
+        ASN1err(ASN1_F_D2I_RSA_NET, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM);
+        goto err;
+    }
+    if (cb == NULL)
+        cb = EVP_read_pw_string;
+    if ((ret = d2i_RSA_NET_2(a, enckey->enckey->digest, cb, sgckey)) == NULL)
+        goto err;
+
+    *pp = p;
+
+ err:
+    NETSCAPE_ENCRYPTED_PKEY_free(enckey);
+    return ret;
+
+}
 
 static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os,
-			  int (*cb)(char *buf, int len, const char *prompt,
-				    int verify), int sgckey)
-	{
-	NETSCAPE_PKEY *pkey=NULL;
-	RSA *ret=NULL;
-	int i,j;
-	unsigned char buf[256];
-	const unsigned char *zz;
-	unsigned char key[EVP_MAX_KEY_LENGTH];
-	EVP_CIPHER_CTX ctx;
-
-	i=cb((char *)buf,256,"Enter Private Key password:",0);
-	if (i != 0)
-		{
-		ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_BAD_PASSWORD_READ);
-		goto err;
-		}
-
-	i = strlen((char *)buf);
-	if(sgckey){
-		EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
-		memcpy(buf + 16, "SGCKEYSALT", 10);
-		i = 26;
-	}
-		
-	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
-	OPENSSL_cleanse(buf,256);
-
-	EVP_CIPHER_CTX_init(&ctx);
-	EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL);
-	EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length);
-	EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j);
-	EVP_CIPHER_CTX_cleanup(&ctx);
-	os->length=i+j;
-
-	zz=os->data;
-
-	if ((pkey=d2i_NETSCAPE_PKEY(NULL,&zz,os->length)) == NULL)
-		{
-		ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
-		goto err;
-		}
-		
-	zz=pkey->private_key->data;
-	if ((ret=d2i_RSAPrivateKey(a,&zz,pkey->private_key->length)) == NULL)
-		{
-		ASN1err(ASN1_F_D2I_RSA_NET_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
-		goto err;
-		}
-err:
-	NETSCAPE_PKEY_free(pkey);
-	return(ret);
-	}
-
-#endif /* OPENSSL_NO_RC4 */
-
-#else /* !OPENSSL_NO_RSA */
+                          int (*cb) (char *buf, int len, const char *prompt,
+                                     int verify), int sgckey)
+{
+    NETSCAPE_PKEY *pkey = NULL;
+    RSA *ret = NULL;
+    int i, j;
+    unsigned char buf[256];
+    const unsigned char *zz;
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    EVP_CIPHER_CTX ctx;
+
+    i = cb((char *)buf, 256, "Enter Private Key password:", 0);
+    if (i != 0) {
+        ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_BAD_PASSWORD_READ);
+        goto err;
+    }
+
+    i = strlen((char *)buf);
+    if (sgckey) {
+        EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL);
+        memcpy(buf + 16, "SGCKEYSALT", 10);
+        i = 26;
+    }
+
+    EVP_BytesToKey(EVP_rc4(), EVP_md5(), NULL, buf, i, 1, key, NULL);
+    OPENSSL_cleanse(buf, 256);
+
+    EVP_CIPHER_CTX_init(&ctx);
+    EVP_DecryptInit_ex(&ctx, EVP_rc4(), NULL, key, NULL);
+    EVP_DecryptUpdate(&ctx, os->data, &i, os->data, os->length);
+    EVP_DecryptFinal_ex(&ctx, &(os->data[i]), &j);
+    EVP_CIPHER_CTX_cleanup(&ctx);
+    os->length = i + j;
+
+    zz = os->data;
+
+    if ((pkey = d2i_NETSCAPE_PKEY(NULL, &zz, os->length)) == NULL) {
+        ASN1err(ASN1_F_D2I_RSA_NET_2,
+                ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY);
+        goto err;
+    }
+
+    zz = pkey->private_key->data;
+    if ((ret = d2i_RSAPrivateKey(a, &zz, pkey->private_key->length)) == NULL) {
+        ASN1err(ASN1_F_D2I_RSA_NET_2, ASN1_R_UNABLE_TO_DECODE_RSA_KEY);
+        goto err;
+    }
+ err:
+    NETSCAPE_PKEY_free(pkey);
+    return (ret);
+}
+
+# endif                         /* OPENSSL_NO_RC4 */
+
+#else                           /* !OPENSSL_NO_RSA */
 
 # if PEDANTIC
-static void *dummy=&dummy;
+static void *dummy = &dummy;
 # endif
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c
index e551c57d..186e8b0b 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/nsseq.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/nsseq.c
@@ -1,6 +1,7 @@
 /* nsseq.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,19 +65,19 @@
 
 static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	if(operation == ASN1_OP_NEW_POST) {
-		NETSCAPE_CERT_SEQUENCE *nsseq;
-		nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
-		nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
-	}
-	return 1;
+    if (operation == ASN1_OP_NEW_POST) {
+        NETSCAPE_CERT_SEQUENCE *nsseq;
+        nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval;
+        nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence);
+    }
+    return 1;
 }
 
 /* Netscape certificate sequence structure */
 
 ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = {
-	ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
-	ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
+        ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT),
+        ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0)
 } ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE)
 
 IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE)
diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c
index c4582f80..096ccdd3 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/p5_pbe.c
@@ -1,6 +1,7 @@
 /* p5_pbe.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -65,67 +66,71 @@
 /* PKCS#5 password based encryption structure */
 
 ASN1_SEQUENCE(PBEPARAM) = {
-	ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
+        ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER)
 } ASN1_SEQUENCE_END(PBEPARAM)
 
 IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM)
 
 /* Return an algorithm identifier for a PKCS#5 PBE algorithm */
 
-X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt,
-	     int saltlen)
+X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen)
 {
-	PBEPARAM *pbe=NULL;
-	ASN1_OBJECT *al;
-	X509_ALGOR *algor;
-	ASN1_TYPE *astype=NULL;
+    PBEPARAM *pbe = NULL;
+    ASN1_OBJECT *al;
+    X509_ALGOR *algor;
+    ASN1_TYPE *astype = NULL;
 
-	if (!(pbe = PBEPARAM_new ())) {
-		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
-	if (!ASN1_INTEGER_set(pbe->iter, iter)) {
-		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	if (!saltlen) saltlen = PKCS5_SALT_LEN;
-	if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) {
-		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	pbe->salt->length = saltlen;
-	if (salt) memcpy (pbe->salt->data, salt, saltlen);
-	else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0)
-		goto err;
+    if (!(pbe = PBEPARAM_new())) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (iter <= 0)
+        iter = PKCS5_DEFAULT_ITER;
+    if (!ASN1_INTEGER_set(pbe->iter, iter)) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!saltlen)
+        saltlen = PKCS5_SALT_LEN;
+    if (!(pbe->salt->data = OPENSSL_malloc(saltlen))) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    pbe->salt->length = saltlen;
+    if (salt)
+        memcpy(pbe->salt->data, salt, saltlen);
+    else if (RAND_pseudo_bytes(pbe->salt->data, saltlen) < 0)
+        goto err;
 
-	if (!(astype = ASN1_TYPE_new())) {
-		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
+    if (!(astype = ASN1_TYPE_new())) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
-	astype->type = V_ASN1_SEQUENCE;
-	if(!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM,
-				&astype->value.sequence)) {
-		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	PBEPARAM_free (pbe);
-	pbe = NULL;
-	
-	al = OBJ_nid2obj(alg); /* never need to free al */
-	if (!(algor = X509_ALGOR_new())) {
-		ASN1err(ASN1_F_PKCS5_PBE_SET,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	ASN1_OBJECT_free(algor->algorithm);
-	algor->algorithm = al;
-	algor->parameter = astype;
+    astype->type = V_ASN1_SEQUENCE;
+    if (!ASN1_pack_string_of(PBEPARAM, pbe, i2d_PBEPARAM,
+                             &astype->value.sequence)) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    PBEPARAM_free(pbe);
+    pbe = NULL;
 
-	return (algor);
-err:
-	if (pbe != NULL) PBEPARAM_free(pbe);
-	if (astype != NULL) ASN1_TYPE_free(astype);
-	return NULL;
+    al = OBJ_nid2obj(alg);      /* never need to free al */
+    if (!(algor = X509_ALGOR_new())) {
+        ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    ASN1_OBJECT_free(algor->algorithm);
+    algor->algorithm = al;
+    algor->parameter = astype;
+
+    return (algor);
+ err:
+    if (pbe != NULL)
+        PBEPARAM_free(pbe);
+    if (astype != NULL)
+        ASN1_TYPE_free(astype);
+    return NULL;
 }
diff --git a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c
index 2b0516af..5054f0c4 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/p5_pbev2.c
@@ -1,6 +1,7 @@
 /* p5_pbev2.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999-2004.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999-2004.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -65,141 +66,157 @@
 /* PKCS#5 v2.0 password based encryption structures */
 
 ASN1_SEQUENCE(PBE2PARAM) = {
-	ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
-	ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
+        ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR),
+        ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR)
 } ASN1_SEQUENCE_END(PBE2PARAM)
 
 IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM)
 
 ASN1_SEQUENCE(PBKDF2PARAM) = {
-	ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
-	ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
-	ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
-	ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
+        ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY),
+        ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER),
+        ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR)
 } ASN1_SEQUENCE_END(PBKDF2PARAM)
 
 IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
 
-/* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
- * yes I know this is horrible!
+/*
+ * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know
+ * this is horrible!
  */
 
 X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
-				 unsigned char *salt, int saltlen)
+                           unsigned char *salt, int saltlen)
 {
-	X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
-	int alg_nid;
-	EVP_CIPHER_CTX ctx;
-	unsigned char iv[EVP_MAX_IV_LENGTH];
-	PBKDF2PARAM *kdf = NULL;
-	PBE2PARAM *pbe2 = NULL;
-	ASN1_OCTET_STRING *osalt = NULL;
-	ASN1_OBJECT *obj;
+    X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
+    int alg_nid;
+    EVP_CIPHER_CTX ctx;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+    PBKDF2PARAM *kdf = NULL;
+    PBE2PARAM *pbe2 = NULL;
+    ASN1_OCTET_STRING *osalt = NULL;
+    ASN1_OBJECT *obj;
+
+    alg_nid = EVP_CIPHER_type(cipher);
+    if (alg_nid == NID_undef) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET,
+                ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+        goto err;
+    }
+    obj = OBJ_nid2obj(alg_nid);
+
+    if (!(pbe2 = PBE2PARAM_new()))
+        goto merr;
+
+    /* Setup the AlgorithmIdentifier for the encryption scheme */
+    scheme = pbe2->encryption;
+
+    scheme->algorithm = obj;
+    if (!(scheme->parameter = ASN1_TYPE_new()))
+        goto merr;
+
+    /* Create random IV */
+    if (EVP_CIPHER_iv_length(cipher) &&
+        RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
+        goto err;
+
+    EVP_CIPHER_CTX_init(&ctx);
+
+    /* Dummy cipherinit to just setup the IV */
+    EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
+    if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
+        ASN1err(ASN1_F_PKCS5_PBE2_SET, ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        goto err;
+    }
+    EVP_CIPHER_CTX_cleanup(&ctx);
+
+    if (!(kdf = PBKDF2PARAM_new()))
+        goto merr;
+    if (!(osalt = M_ASN1_OCTET_STRING_new()))
+        goto merr;
+
+    if (!saltlen)
+        saltlen = PKCS5_SALT_LEN;
+    if (!(osalt->data = OPENSSL_malloc(saltlen)))
+        goto merr;
+    osalt->length = saltlen;
+    if (salt)
+        memcpy(osalt->data, salt, saltlen);
+    else if (RAND_pseudo_bytes(osalt->data, saltlen) < 0)
+        goto merr;
+
+    if (iter <= 0)
+        iter = PKCS5_DEFAULT_ITER;
+    if (!ASN1_INTEGER_set(kdf->iter, iter))
+        goto merr;
+
+    /* Now include salt in kdf structure */
+    kdf->salt->value.octet_string = osalt;
+    kdf->salt->type = V_ASN1_OCTET_STRING;
+    osalt = NULL;
+
+    /* If its RC2 then we'd better setup the key length */
+
+    if (alg_nid == NID_rc2_cbc) {
+        if (!(kdf->keylength = M_ASN1_INTEGER_new()))
+            goto merr;
+        if (!ASN1_INTEGER_set(kdf->keylength, EVP_CIPHER_key_length(cipher)))
+            goto merr;
+    }
+
+    /* prf can stay NULL because we are using hmacWithSHA1 */
+
+    /* Now setup the PBE2PARAM keyfunc structure */
+
+    pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
+
+    /* Encode PBKDF2PARAM into parameter of pbe2 */
+
+    if (!(pbe2->keyfunc->parameter = ASN1_TYPE_new()))
+        goto merr;
+
+    if (!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM,
+                             &pbe2->keyfunc->parameter->value.sequence))
+         goto merr;
+    pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
+
+    PBKDF2PARAM_free(kdf);
+    kdf = NULL;
+
+    /* Now set up top level AlgorithmIdentifier */
+
+    if (!(ret = X509_ALGOR_new()))
+        goto merr;
+    if (!(ret->parameter = ASN1_TYPE_new()))
+        goto merr;
+
+    ret->algorithm = OBJ_nid2obj(NID_pbes2);
+
+    /* Encode PBE2PARAM into parameter */
 
-	alg_nid = EVP_CIPHER_type(cipher);
-	if(alg_nid == NID_undef) {
-		ASN1err(ASN1_F_PKCS5_PBE2_SET,
-				ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
-		goto err;
-	}
-	obj = OBJ_nid2obj(alg_nid);
+    if (!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM,
+                             &ret->parameter->value.sequence))
+         goto merr;
+    ret->parameter->type = V_ASN1_SEQUENCE;
 
-	if(!(pbe2 = PBE2PARAM_new())) goto merr;
+    PBE2PARAM_free(pbe2);
+    pbe2 = NULL;
 
-	/* Setup the AlgorithmIdentifier for the encryption scheme */
-	scheme = pbe2->encryption;
+    return ret;
 
-	scheme->algorithm = obj;
-	if(!(scheme->parameter = ASN1_TYPE_new())) goto merr;
+ merr:
+    ASN1err(ASN1_F_PKCS5_PBE2_SET, ERR_R_MALLOC_FAILURE);
 
-	/* Create random IV */
-	if (EVP_CIPHER_iv_length(cipher) &&
-		RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0)
-  		goto err;
+ err:
+    PBE2PARAM_free(pbe2);
+    /* Note 'scheme' is freed as part of pbe2 */
+    M_ASN1_OCTET_STRING_free(osalt);
+    PBKDF2PARAM_free(kdf);
+    X509_ALGOR_free(kalg);
+    X509_ALGOR_free(ret);
 
-	EVP_CIPHER_CTX_init(&ctx);
-
-	/* Dummy cipherinit to just setup the IV */
-	EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0);
-	if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
-		ASN1err(ASN1_F_PKCS5_PBE2_SET,
-					ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
-		EVP_CIPHER_CTX_cleanup(&ctx);
-		goto err;
-	}
-	EVP_CIPHER_CTX_cleanup(&ctx);
-
-	if(!(kdf = PBKDF2PARAM_new())) goto merr;
-	if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr;
-
-	if (!saltlen) saltlen = PKCS5_SALT_LEN;
-	if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr;
-	osalt->length = saltlen;
-	if (salt) memcpy (osalt->data, salt, saltlen);
-	else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr;
-
-	if(iter <= 0) iter = PKCS5_DEFAULT_ITER;
-	if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr;
-
-	/* Now include salt in kdf structure */
-	kdf->salt->value.octet_string = osalt;
-	kdf->salt->type = V_ASN1_OCTET_STRING;
-	osalt = NULL;
-
-	/* If its RC2 then we'd better setup the key length */
-
-	if(alg_nid == NID_rc2_cbc) {
-		if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr;
-		if(!ASN1_INTEGER_set (kdf->keylength,
-				 EVP_CIPHER_key_length(cipher))) goto merr;
-	}
-
-	/* prf can stay NULL because we are using hmacWithSHA1 */
-
-	/* Now setup the PBE2PARAM keyfunc structure */
-
-	pbe2->keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
-
-	/* Encode PBKDF2PARAM into parameter of pbe2 */
-
-	if(!(pbe2->keyfunc->parameter = ASN1_TYPE_new())) goto merr;
-
-	if(!ASN1_pack_string_of(PBKDF2PARAM, kdf, i2d_PBKDF2PARAM,
-			 &pbe2->keyfunc->parameter->value.sequence)) goto merr;
-	pbe2->keyfunc->parameter->type = V_ASN1_SEQUENCE;
-
-	PBKDF2PARAM_free(kdf);
-	kdf = NULL;
-
-	/* Now set up top level AlgorithmIdentifier */
-
-	if(!(ret = X509_ALGOR_new())) goto merr;
-	if(!(ret->parameter = ASN1_TYPE_new())) goto merr;
-
-	ret->algorithm = OBJ_nid2obj(NID_pbes2);
-
-	/* Encode PBE2PARAM into parameter */
-
-	if(!ASN1_pack_string_of(PBE2PARAM, pbe2, i2d_PBE2PARAM,
-				 &ret->parameter->value.sequence)) goto merr;
-	ret->parameter->type = V_ASN1_SEQUENCE;
-
-	PBE2PARAM_free(pbe2);
-	pbe2 = NULL;
-
-	return ret;
-
-	merr:
-	ASN1err(ASN1_F_PKCS5_PBE2_SET,ERR_R_MALLOC_FAILURE);
-
-	err:
-	PBE2PARAM_free(pbe2);
-	/* Note 'scheme' is freed as part of pbe2 */
-	M_ASN1_OCTET_STRING_free(osalt);
-	PBKDF2PARAM_free(kdf);
-	X509_ALGOR_free(kalg);
-	X509_ALGOR_free(ret);
-
-	return NULL;
+    return NULL;
 
 }
diff --git a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c
index 0a195755..6cd36ce8 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/p8_pkey.c
@@ -1,6 +1,7 @@
 /* p8_pkey.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,21 +65,22 @@
 /* Minor tweak to operation: zero private key data */
 static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	/* Since the structure must still be valid use ASN1_OP_FREE_PRE */
-	if(operation == ASN1_OP_FREE_PRE) {
-		PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
-		if (key->pkey->value.octet_string)
-		OPENSSL_cleanse(key->pkey->value.octet_string->data,
-			key->pkey->value.octet_string->length);
-	}
-	return 1;
+    /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
+    if (operation == ASN1_OP_FREE_PRE) {
+        PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
+        if (key->pkey && key->pkey->type == V_ASN1_OCTET_STRING
+            && key->pkey->value.octet_string != NULL)
+            OPENSSL_cleanse(key->pkey->value.octet_string->data,
+                            key->pkey->value.octet_string->length);
+    }
+    return 1;
 }
 
 ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = {
-	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
-	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
-	ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
-	ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR),
+        ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY),
+        ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0)
 } ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c b/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c
index 2e59a25f..d5cf3c77 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/t_bitst.c
@@ -1,6 +1,7 @@
 /* t_bitst.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,41 +63,43 @@
 #include <openssl/x509v3.h>
 
 int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs,
-				BIT_STRING_BITNAME *tbl, int indent)
+                               BIT_STRING_BITNAME *tbl, int indent)
 {
-	BIT_STRING_BITNAME *bnam;
-	char first = 1;
-	BIO_printf(out, "%*s", indent, "");
-	for(bnam = tbl; bnam->lname; bnam++) {
-		if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) {
-			if(!first) BIO_puts(out, ", ");
-			BIO_puts(out, bnam->lname);
-			first = 0;
-		}
-	}
-	BIO_puts(out, "\n");
-	return 1;
+    BIT_STRING_BITNAME *bnam;
+    char first = 1;
+    BIO_printf(out, "%*s", indent, "");
+    for (bnam = tbl; bnam->lname; bnam++) {
+        if (ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) {
+            if (!first)
+                BIO_puts(out, ", ");
+            BIO_puts(out, bnam->lname);
+            first = 0;
+        }
+    }
+    BIO_puts(out, "\n");
+    return 1;
 }
 
 int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value,
-				BIT_STRING_BITNAME *tbl)
+                            BIT_STRING_BITNAME *tbl)
 {
-	int bitnum;
-	bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
-	if(bitnum < 0) return 0;
-	if(bs) {
-		if(!ASN1_BIT_STRING_set_bit(bs, bitnum, value))
-			return 0;
-	}
-	return 1;
+    int bitnum;
+    bitnum = ASN1_BIT_STRING_num_asc(name, tbl);
+    if (bitnum < 0)
+        return 0;
+    if (bs) {
+        if (!ASN1_BIT_STRING_set_bit(bs, bitnum, value))
+            return 0;
+    }
+    return 1;
 }
 
 int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl)
 {
-	BIT_STRING_BITNAME *bnam;
-	for(bnam = tbl; bnam->lname; bnam++) {
-		if(!strcmp(bnam->sname, name) ||
-			!strcmp(bnam->lname, name) ) return bnam->bitnum;
-	}
-	return -1;
+    BIT_STRING_BITNAME *bnam;
+    for (bnam = tbl; bnam->lname; bnam++) {
+        if (!strcmp(bnam->sname, name) || !strcmp(bnam->lname, name))
+            return bnam->bitnum;
+    }
+    return -1;
 }
diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_crl.c b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c
index ee5a687c..75a753b8 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/t_crl.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/t_crl.c
@@ -1,6 +1,7 @@
 /* t_crl.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -66,68 +67,68 @@
 
 #ifndef OPENSSL_NO_FP_API
 int X509_CRL_print_fp(FILE *fp, X509_CRL *x)
-        {
-        BIO *b;
-        int ret;
+{
+    BIO *b;
+    int ret;
 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		X509err(X509_F_X509_CRL_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_CRL_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_CRL_PRINT_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_CRL_print(b, x);
+    BIO_free(b);
+    return (ret);
+}
 #endif
 
 int X509_CRL_print(BIO *out, X509_CRL *x)
 {
-	STACK_OF(X509_REVOKED) *rev;
-	X509_REVOKED *r;
-	long l;
-	int i;
-	char *p;
+    STACK_OF(X509_REVOKED) *rev;
+    X509_REVOKED *r;
+    long l;
+    int i;
+    char *p;
 
-	BIO_printf(out, "Certificate Revocation List (CRL):\n");
-	l = X509_CRL_get_version(x);
-	BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l+1, l);
-	i = OBJ_obj2nid(x->sig_alg->algorithm);
-	BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
-				 (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
-	p=X509_NAME_oneline(X509_CRL_get_issuer(x),NULL,0);
-	BIO_printf(out,"%8sIssuer: %s\n","",p);
-	OPENSSL_free(p);
-	BIO_printf(out,"%8sLast Update: ","");
-	ASN1_TIME_print(out,X509_CRL_get_lastUpdate(x));
-	BIO_printf(out,"\n%8sNext Update: ","");
-	if (X509_CRL_get_nextUpdate(x))
-		 ASN1_TIME_print(out,X509_CRL_get_nextUpdate(x));
-	else BIO_printf(out,"NONE");
-	BIO_printf(out,"\n");
+    BIO_printf(out, "Certificate Revocation List (CRL):\n");
+    l = X509_CRL_get_version(x);
+    BIO_printf(out, "%8sVersion %lu (0x%lx)\n", "", l + 1, l);
+    i = OBJ_obj2nid(x->sig_alg->algorithm);
+    BIO_printf(out, "%8sSignature Algorithm: %s\n", "",
+               (i == NID_undef) ? "NONE" : OBJ_nid2ln(i));
+    p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);
+    BIO_printf(out, "%8sIssuer: %s\n", "", p);
+    OPENSSL_free(p);
+    BIO_printf(out, "%8sLast Update: ", "");
+    ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x));
+    BIO_printf(out, "\n%8sNext Update: ", "");
+    if (X509_CRL_get_nextUpdate(x))
+        ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x));
+    else
+        BIO_printf(out, "NONE");
+    BIO_printf(out, "\n");
 
-	X509V3_extensions_print(out, "CRL extensions",
-						x->crl->extensions, 0, 8);
+    X509V3_extensions_print(out, "CRL extensions", x->crl->extensions, 0, 8);
 
-	rev = X509_CRL_get_REVOKED(x);
+    rev = X509_CRL_get_REVOKED(x);
 
-	if(sk_X509_REVOKED_num(rev) > 0)
-	    BIO_printf(out, "Revoked Certificates:\n");
-	else BIO_printf(out, "No Revoked Certificates.\n");
+    if (sk_X509_REVOKED_num(rev) > 0)
+        BIO_printf(out, "Revoked Certificates:\n");
+    else
+        BIO_printf(out, "No Revoked Certificates.\n");
 
-	for(i = 0; i < sk_X509_REVOKED_num(rev); i++) {
-		r = sk_X509_REVOKED_value(rev, i);
-		BIO_printf(out,"    Serial Number: ");
-		i2a_ASN1_INTEGER(out,r->serialNumber);
-		BIO_printf(out,"\n        Revocation Date: ");
-		ASN1_TIME_print(out,r->revocationDate);
-		BIO_printf(out,"\n");
-		X509V3_extensions_print(out, "CRL entry extensions",
-						r->extensions, 0, 8);
-	}
-	X509_signature_print(out, x->sig_alg, x->signature);
+    for (i = 0; i < sk_X509_REVOKED_num(rev); i++) {
+        r = sk_X509_REVOKED_value(rev, i);
+        BIO_printf(out, "    Serial Number: ");
+        i2a_ASN1_INTEGER(out, r->serialNumber);
+        BIO_printf(out, "\n        Revocation Date: ");
+        ASN1_TIME_print(out, r->revocationDate);
+        BIO_printf(out, "\n");
+        X509V3_extensions_print(out, "CRL entry extensions",
+                                r->extensions, 0, 8);
+    }
+    X509_signature_print(out, x->sig_alg, x->signature);
 
-	return 1;
+    return 1;
 
 }
diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c
index bc23f567..4821821b 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/t_pkey.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -57,7 +57,7 @@
  */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by 
+ * Binary polynomial ECC support in OpenSSL originally developed by
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 
@@ -67,768 +67,732 @@
 #include <openssl/buffer.h>
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 #ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
+# include <openssl/ec.h>
 #endif
 
-static int print(BIO *fp,const char *str, const BIGNUM *num,
-		unsigned char *buf,int off);
+static int print(BIO *fp, const char *str, const BIGNUM *num,
+                 unsigned char *buf, int off);
 #ifndef OPENSSL_NO_EC
 static int print_bin(BIO *fp, const char *str, const unsigned char *num,
-		size_t len, int off);
+                     size_t len, int off);
 #endif
 #ifndef OPENSSL_NO_RSA
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 int RSA_print_fp(FILE *fp, const RSA *x, int off)
-	{
-	BIO *b;
-	int ret;
-
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
-		}
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=RSA_print(b,x,off);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = RSA_print(b, x, off);
+    BIO_free(b);
+    return (ret);
+}
+# endif
 
 int RSA_print(BIO *bp, const RSA *x, int off)
-	{
-	char str[128];
-	const char *s;
-	unsigned char *m=NULL;
-	int ret=0, mod_len = 0;
-	size_t buf_len=0, i;
-
-	if (x->n)
-		buf_len = (size_t)BN_num_bytes(x->n);
-	if (x->e)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
-			buf_len = i;
-	if (x->d)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
-			buf_len = i;
-	if (x->p)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
-			buf_len = i;
-	if (x->q)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-			buf_len = i;
-	if (x->dmp1)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
-			buf_len = i;
-	if (x->dmq1)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
-			buf_len = i;
-	if (x->iqmp)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
-			buf_len = i;
-
-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-	if (m == NULL)
-		{
-		RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (x->n != NULL)
-		mod_len = BN_num_bits(x->n);
-
-	if (x->d != NULL)
-		{
-		if(!BIO_indent(bp,off,128))
-		   goto err;
-		if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
-			<= 0) goto err;
-		}
-
-	if (x->d == NULL)
-		BIO_snprintf(str,sizeof str,"Modulus (%d bit):", mod_len);
-	else
-		BUF_strlcpy(str,"modulus:",sizeof str);
-	if (!print(bp,str,x->n,m,off)) goto err;
-	s=(x->d == NULL)?"Exponent:":"publicExponent:";
-	if ((x->e != NULL) && !print(bp,s,x->e,m,off))
-		goto err;
-	if ((x->d != NULL) && !print(bp,"privateExponent:",x->d,m,off))
-		goto err;
-	if ((x->p != NULL) && !print(bp,"prime1:",x->p,m,off))
-		goto err;
-	if ((x->q != NULL) && !print(bp,"prime2:",x->q,m,off))
-		goto err;
-	if ((x->dmp1 != NULL) && !print(bp,"exponent1:",x->dmp1,m,off))
-		goto err;
-	if ((x->dmq1 != NULL) && !print(bp,"exponent2:",x->dmq1,m,off))
-		goto err;
-	if ((x->iqmp != NULL) && !print(bp,"coefficient:",x->iqmp,m,off))
-		goto err;
-	ret=1;
-err:
-	if (m != NULL) OPENSSL_free(m);
-	return(ret);
-	}
-#endif /* OPENSSL_NO_RSA */
+{
+    char str[128];
+    const char *s;
+    unsigned char *m = NULL;
+    int ret = 0, mod_len = 0;
+    size_t buf_len = 0, i;
+
+    if (x->n)
+        buf_len = (size_t)BN_num_bytes(x->n);
+    if (x->e)
+        if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
+            buf_len = i;
+    if (x->d)
+        if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
+            buf_len = i;
+    if (x->p)
+        if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
+            buf_len = i;
+    if (x->q)
+        if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+            buf_len = i;
+    if (x->dmp1)
+        if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
+            buf_len = i;
+    if (x->dmq1)
+        if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
+            buf_len = i;
+    if (x->iqmp)
+        if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
+            buf_len = i;
+
+    m = (unsigned char *)OPENSSL_malloc(buf_len + 10);
+    if (m == NULL) {
+        RSAerr(RSA_F_RSA_PRINT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (x->n != NULL)
+        mod_len = BN_num_bits(x->n);
+
+    if (x->d != NULL) {
+        if (!BIO_indent(bp, off, 128))
+            goto err;
+        if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len)
+            <= 0)
+            goto err;
+    }
+
+    if (x->d == NULL)
+        BIO_snprintf(str, sizeof str, "Modulus (%d bit):", mod_len);
+    else
+        BUF_strlcpy(str, "modulus:", sizeof str);
+    if (!print(bp, str, x->n, m, off))
+        goto err;
+    s = (x->d == NULL) ? "Exponent:" : "publicExponent:";
+    if ((x->e != NULL) && !print(bp, s, x->e, m, off))
+        goto err;
+    if ((x->d != NULL) && !print(bp, "privateExponent:", x->d, m, off))
+        goto err;
+    if ((x->p != NULL) && !print(bp, "prime1:", x->p, m, off))
+        goto err;
+    if ((x->q != NULL) && !print(bp, "prime2:", x->q, m, off))
+        goto err;
+    if ((x->dmp1 != NULL) && !print(bp, "exponent1:", x->dmp1, m, off))
+        goto err;
+    if ((x->dmq1 != NULL) && !print(bp, "exponent2:", x->dmq1, m, off))
+        goto err;
+    if ((x->iqmp != NULL) && !print(bp, "coefficient:", x->iqmp, m, off))
+        goto err;
+    ret = 1;
+ err:
+    if (m != NULL)
+        OPENSSL_free(m);
+    return (ret);
+}
+#endif                          /* OPENSSL_NO_RSA */
 
 #ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 int DSA_print_fp(FILE *fp, const DSA *x, int off)
-	{
-	BIO *b;
-	int ret;
-
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		DSAerr(DSA_F_DSA_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
-		}
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=DSA_print(b,x,off);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        DSAerr(DSA_F_DSA_PRINT_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = DSA_print(b, x, off);
+    BIO_free(b);
+    return (ret);
+}
+# endif
 
 int DSA_print(BIO *bp, const DSA *x, int off)
-	{
-	unsigned char *m=NULL;
-	int ret=0;
-	size_t buf_len=0,i;
-
-	if (x->p)
-		buf_len = (size_t)BN_num_bytes(x->p);
-	if (x->q)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-			buf_len = i;
-	if (x->g)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-			buf_len = i;
-	if (x->priv_key)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
-			buf_len = i;
-	if (x->pub_key)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
-			buf_len = i;
-
-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-	if (m == NULL)
-		{
-		DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (x->priv_key != NULL)
-		{
-		if(!BIO_indent(bp,off,128))
-		   goto err;
-		if (BIO_printf(bp,"Private-Key: (%d bit)\n",BN_num_bits(x->p))
-			<= 0) goto err;
-		}
-
-	if ((x->priv_key != NULL) && !print(bp,"priv:",x->priv_key,m,off))
-		goto err;
-	if ((x->pub_key  != NULL) && !print(bp,"pub: ",x->pub_key,m,off))
-		goto err;
-	if ((x->p != NULL) && !print(bp,"P:   ",x->p,m,off)) goto err;
-	if ((x->q != NULL) && !print(bp,"Q:   ",x->q,m,off)) goto err;
-	if ((x->g != NULL) && !print(bp,"G:   ",x->g,m,off)) goto err;
-	ret=1;
-err:
-	if (m != NULL) OPENSSL_free(m);
-	return(ret);
-	}
-#endif /* !OPENSSL_NO_DSA */
+{
+    unsigned char *m = NULL;
+    int ret = 0;
+    size_t buf_len = 0, i;
+
+    if (x->p)
+        buf_len = (size_t)BN_num_bytes(x->p);
+    if (x->q)
+        if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+            buf_len = i;
+    if (x->g)
+        if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+            buf_len = i;
+    if (x->priv_key)
+        if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
+            buf_len = i;
+    if (x->pub_key)
+        if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
+            buf_len = i;
+
+    m = (unsigned char *)OPENSSL_malloc(buf_len + 10);
+    if (m == NULL) {
+        DSAerr(DSA_F_DSA_PRINT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (x->priv_key != NULL) {
+        if (!BIO_indent(bp, off, 128))
+            goto err;
+        if (BIO_printf(bp, "Private-Key: (%d bit)\n", BN_num_bits(x->p))
+            <= 0)
+            goto err;
+    }
+
+    if ((x->priv_key != NULL) && !print(bp, "priv:", x->priv_key, m, off))
+        goto err;
+    if ((x->pub_key != NULL) && !print(bp, "pub: ", x->pub_key, m, off))
+        goto err;
+    if ((x->p != NULL) && !print(bp, "P:   ", x->p, m, off))
+        goto err;
+    if ((x->q != NULL) && !print(bp, "Q:   ", x->q, m, off))
+        goto err;
+    if ((x->g != NULL) && !print(bp, "G:   ", x->g, m, off))
+        goto err;
+    ret = 1;
+ err:
+    if (m != NULL)
+        OPENSSL_free(m);
+    return (ret);
+}
+#endif                          /* !OPENSSL_NO_DSA */
 
 #ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 int ECPKParameters_print_fp(FILE *fp, const EC_GROUP *x, int off)
-	{
-	BIO *b;
-	int ret;
-
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ECerr(EC_F_ECPKPARAMETERS_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
-		}
-	BIO_set_fp(b, fp, BIO_NOCLOSE);
-	ret = ECPKParameters_print(b, x, off);
-	BIO_free(b);
-	return(ret);
-	}
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ECerr(EC_F_ECPKPARAMETERS_PRINT_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = ECPKParameters_print(b, x, off);
+    BIO_free(b);
+    return (ret);
+}
 
 int EC_KEY_print_fp(FILE *fp, const EC_KEY *x, int off)
-	{
-	BIO *b;
-	int ret;
- 
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
-		return(0);
-		}
-	BIO_set_fp(b, fp, BIO_NOCLOSE);
-	ret = EC_KEY_print(b, x, off);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ECerr(EC_F_EC_KEY_PRINT_FP, ERR_R_BIO_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = EC_KEY_print(b, x, off);
+    BIO_free(b);
+    return (ret);
+}
+# endif
 
 int ECPKParameters_print(BIO *bp, const EC_GROUP *x, int off)
-	{
-	unsigned char *buffer=NULL;
-	size_t	buf_len=0, i;
-	int     ret=0, reason=ERR_R_BIO_LIB;
-	BN_CTX  *ctx=NULL;
-	const EC_POINT *point=NULL;
-	BIGNUM	*p=NULL, *a=NULL, *b=NULL, *gen=NULL,
-		*order=NULL, *cofactor=NULL;
-	const unsigned char *seed;
-	size_t	seed_len=0;
-	
-	static const char *gen_compressed = "Generator (compressed):";
-	static const char *gen_uncompressed = "Generator (uncompressed):";
-	static const char *gen_hybrid = "Generator (hybrid):";
- 
-	if (!x)
-		{
-		reason = ERR_R_PASSED_NULL_PARAMETER;
-		goto err;
-		}
-
-	if (EC_GROUP_get_asn1_flag(x))
-		{
-		/* the curve parameter are given by an asn1 OID */
-		int nid;
-
-		if (!BIO_indent(bp, off, 128))
-			goto err;
-
-		nid = EC_GROUP_get_curve_name(x);
-		if (nid == 0)
-			goto err;
-
-		if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
-			goto err;
-		if (BIO_printf(bp, "\n") <= 0)
-			goto err;
-		}
-	else
-		{
-		/* explicit parameters */
-		int is_char_two = 0;
-		point_conversion_form_t form;
-		int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
-
-		if (tmp_nid == NID_X9_62_characteristic_two_field)
-			is_char_two = 1;
-
-		if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
-			(b = BN_new()) == NULL || (order = BN_new()) == NULL ||
-			(cofactor = BN_new()) == NULL)
-			{
-			reason = ERR_R_MALLOC_FAILURE;
-			goto err;
-			}
-
-		if (is_char_two)
-			{
-			if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx))
-				{
-				reason = ERR_R_EC_LIB;
-				goto err;
-				}
-			}
-		else /* prime field */
-			{
-			if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx))
-				{
-				reason = ERR_R_EC_LIB;
-				goto err;
-				}
-			}
-
-		if ((point = EC_GROUP_get0_generator(x)) == NULL)
-			{
-			reason = ERR_R_EC_LIB;
-			goto err;
-			}
-		if (!EC_GROUP_get_order(x, order, NULL) || 
-            		!EC_GROUP_get_cofactor(x, cofactor, NULL))
-			{
-			reason = ERR_R_EC_LIB;
-			goto err;
-			}
-		
-		form = EC_GROUP_get_point_conversion_form(x);
-
-		if ((gen = EC_POINT_point2bn(x, point, 
-				form, NULL, ctx)) == NULL)
-			{
-			reason = ERR_R_EC_LIB;
-			goto err;
-			}
-
-		buf_len = (size_t)BN_num_bytes(p);
-		if (buf_len < (i = (size_t)BN_num_bytes(a)))
-			buf_len = i;
-		if (buf_len < (i = (size_t)BN_num_bytes(b)))
-			buf_len = i;
-		if (buf_len < (i = (size_t)BN_num_bytes(gen)))
-			buf_len = i;
-		if (buf_len < (i = (size_t)BN_num_bytes(order)))
-			buf_len = i;
-		if (buf_len < (i = (size_t)BN_num_bytes(cofactor))) 
-			buf_len = i;
-
-		if ((seed = EC_GROUP_get0_seed(x)) != NULL)
-			seed_len = EC_GROUP_get_seed_len(x);
-
-		buf_len += 10;
-		if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-			{
-			reason = ERR_R_MALLOC_FAILURE;
-			goto err;
-			}
-
-		if (!BIO_indent(bp, off, 128))
-			goto err;
-
-		/* print the 'short name' of the field type */
-		if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
-			<= 0)
-			goto err;  
-
-		if (is_char_two)
-			{
-			/* print the 'short name' of the base type OID */
-			int basis_type = EC_GROUP_get_basis_type(x);
-			if (basis_type == 0)
-				goto err;
-
-			if (!BIO_indent(bp, off, 128))
-				goto err;
-
-			if (BIO_printf(bp, "Basis Type: %s\n", 
-				OBJ_nid2sn(basis_type)) <= 0)
-				goto err;
-
-			/* print the polynomial */
-			if ((p != NULL) && !print(bp, "Polynomial:", p, buffer,
-				off))
-				goto err;
-			}
-		else
-			{
-			if ((p != NULL) && !print(bp, "Prime:", p, buffer,off))
-				goto err;
-			}
-		if ((a != NULL) && !print(bp, "A:   ", a, buffer, off)) 
-			goto err;
-		if ((b != NULL) && !print(bp, "B:   ", b, buffer, off))
-			goto err;
-		if (form == POINT_CONVERSION_COMPRESSED)
-			{
-			if ((gen != NULL) && !print(bp, gen_compressed, gen,
-				buffer, off))
-				goto err;
-			}
-		else if (form == POINT_CONVERSION_UNCOMPRESSED)
-			{
-			if ((gen != NULL) && !print(bp, gen_uncompressed, gen,
-				buffer, off))
-				goto err;
-			}
-		else /* form == POINT_CONVERSION_HYBRID */
-			{
-			if ((gen != NULL) && !print(bp, gen_hybrid, gen,
-				buffer, off))
-				goto err;
-			}
-		if ((order != NULL) && !print(bp, "Order: ", order, 
-			buffer, off)) goto err;
-		if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor, 
-			buffer, off)) goto err;
-		if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
-			goto err;
-		}
-	ret=1;
-err:
-	if (!ret)
- 		ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
-	if (p) 
-		BN_free(p);
-	if (a) 
-		BN_free(a);
-	if (b)
-		BN_free(b);
-	if (gen)
-		BN_free(gen);
-	if (order)
-		BN_free(order);
-	if (cofactor)
-		BN_free(cofactor);
-	if (ctx)
-		BN_CTX_free(ctx);
-	if (buffer != NULL) 
-		OPENSSL_free(buffer);
-	return(ret);	
-	}
+{
+    unsigned char *buffer = NULL;
+    size_t buf_len = 0, i;
+    int ret = 0, reason = ERR_R_BIO_LIB;
+    BN_CTX *ctx = NULL;
+    const EC_POINT *point = NULL;
+    BIGNUM *p = NULL, *a = NULL, *b = NULL, *gen = NULL,
+        *order = NULL, *cofactor = NULL;
+    const unsigned char *seed;
+    size_t seed_len = 0;
+
+    static const char *gen_compressed = "Generator (compressed):";
+    static const char *gen_uncompressed = "Generator (uncompressed):";
+    static const char *gen_hybrid = "Generator (hybrid):";
+
+    if (!x) {
+        reason = ERR_R_PASSED_NULL_PARAMETER;
+        goto err;
+    }
+
+    if (EC_GROUP_get_asn1_flag(x)) {
+        /* the curve parameter are given by an asn1 OID */
+        int nid;
+
+        if (!BIO_indent(bp, off, 128))
+            goto err;
+
+        nid = EC_GROUP_get_curve_name(x);
+        if (nid == 0)
+            goto err;
+
+        if (BIO_printf(bp, "ASN1 OID: %s", OBJ_nid2sn(nid)) <= 0)
+            goto err;
+        if (BIO_printf(bp, "\n") <= 0)
+            goto err;
+    } else {
+        /* explicit parameters */
+        int is_char_two = 0;
+        point_conversion_form_t form;
+        int tmp_nid = EC_METHOD_get_field_type(EC_GROUP_method_of(x));
+
+        if (tmp_nid == NID_X9_62_characteristic_two_field)
+            is_char_two = 1;
+
+        if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
+            (b = BN_new()) == NULL || (order = BN_new()) == NULL ||
+            (cofactor = BN_new()) == NULL) {
+            reason = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+
+        if (is_char_two) {
+            if (!EC_GROUP_get_curve_GF2m(x, p, a, b, ctx)) {
+                reason = ERR_R_EC_LIB;
+                goto err;
+            }
+        } else {                /* prime field */
+
+            if (!EC_GROUP_get_curve_GFp(x, p, a, b, ctx)) {
+                reason = ERR_R_EC_LIB;
+                goto err;
+            }
+        }
+
+        if ((point = EC_GROUP_get0_generator(x)) == NULL) {
+            reason = ERR_R_EC_LIB;
+            goto err;
+        }
+        if (!EC_GROUP_get_order(x, order, NULL) ||
+            !EC_GROUP_get_cofactor(x, cofactor, NULL)) {
+            reason = ERR_R_EC_LIB;
+            goto err;
+        }
+
+        form = EC_GROUP_get_point_conversion_form(x);
+
+        if ((gen = EC_POINT_point2bn(x, point, form, NULL, ctx)) == NULL) {
+            reason = ERR_R_EC_LIB;
+            goto err;
+        }
+
+        buf_len = (size_t)BN_num_bytes(p);
+        if (buf_len < (i = (size_t)BN_num_bytes(a)))
+            buf_len = i;
+        if (buf_len < (i = (size_t)BN_num_bytes(b)))
+            buf_len = i;
+        if (buf_len < (i = (size_t)BN_num_bytes(gen)))
+            buf_len = i;
+        if (buf_len < (i = (size_t)BN_num_bytes(order)))
+            buf_len = i;
+        if (buf_len < (i = (size_t)BN_num_bytes(cofactor)))
+            buf_len = i;
+
+        if ((seed = EC_GROUP_get0_seed(x)) != NULL)
+            seed_len = EC_GROUP_get_seed_len(x);
+
+        buf_len += 10;
+        if ((buffer = OPENSSL_malloc(buf_len)) == NULL) {
+            reason = ERR_R_MALLOC_FAILURE;
+            goto err;
+        }
+
+        if (!BIO_indent(bp, off, 128))
+            goto err;
+
+        /* print the 'short name' of the field type */
+        if (BIO_printf(bp, "Field Type: %s\n", OBJ_nid2sn(tmp_nid))
+            <= 0)
+            goto err;
+
+        if (is_char_two) {
+            /* print the 'short name' of the base type OID */
+            int basis_type = EC_GROUP_get_basis_type(x);
+            if (basis_type == 0)
+                goto err;
+
+            if (!BIO_indent(bp, off, 128))
+                goto err;
+
+            if (BIO_printf(bp, "Basis Type: %s\n",
+                           OBJ_nid2sn(basis_type)) <= 0)
+                goto err;
+
+            /* print the polynomial */
+            if ((p != NULL) && !print(bp, "Polynomial:", p, buffer, off))
+                goto err;
+        } else {
+            if ((p != NULL) && !print(bp, "Prime:", p, buffer, off))
+                goto err;
+        }
+        if ((a != NULL) && !print(bp, "A:   ", a, buffer, off))
+            goto err;
+        if ((b != NULL) && !print(bp, "B:   ", b, buffer, off))
+            goto err;
+        if (form == POINT_CONVERSION_COMPRESSED) {
+            if ((gen != NULL) && !print(bp, gen_compressed, gen, buffer, off))
+                goto err;
+        } else if (form == POINT_CONVERSION_UNCOMPRESSED) {
+            if ((gen != NULL) && !print(bp, gen_uncompressed, gen,
+                                        buffer, off))
+                goto err;
+        } else {                /* form == POINT_CONVERSION_HYBRID */
+
+            if ((gen != NULL) && !print(bp, gen_hybrid, gen, buffer, off))
+                goto err;
+        }
+        if ((order != NULL) && !print(bp, "Order: ", order, buffer, off))
+            goto err;
+        if ((cofactor != NULL) && !print(bp, "Cofactor: ", cofactor,
+                                         buffer, off))
+            goto err;
+        if (seed && !print_bin(bp, "Seed:", seed, seed_len, off))
+            goto err;
+    }
+    ret = 1;
+ err:
+    if (!ret)
+        ECerr(EC_F_ECPKPARAMETERS_PRINT, reason);
+    if (p)
+        BN_free(p);
+    if (a)
+        BN_free(a);
+    if (b)
+        BN_free(b);
+    if (gen)
+        BN_free(gen);
+    if (order)
+        BN_free(order);
+    if (cofactor)
+        BN_free(cofactor);
+    if (ctx)
+        BN_CTX_free(ctx);
+    if (buffer != NULL)
+        OPENSSL_free(buffer);
+    return (ret);
+}
 
 int EC_KEY_print(BIO *bp, const EC_KEY *x, int off)
-	{
-	unsigned char *buffer=NULL;
-	size_t	buf_len=0, i;
-	int     ret=0, reason=ERR_R_BIO_LIB;
-	BIGNUM  *pub_key=NULL, *order=NULL;
-	BN_CTX  *ctx=NULL;
-	const EC_GROUP *group;
-	const EC_POINT *public_key;
-	const BIGNUM *priv_key;
- 
-	if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
-		{
-		reason = ERR_R_PASSED_NULL_PARAMETER;
-		goto err;
-		}
-
-	public_key = EC_KEY_get0_public_key(x);
-	if ((pub_key = EC_POINT_point2bn(group, public_key,
-		EC_KEY_get_conv_form(x), NULL, ctx)) == NULL)
-		{
-		reason = ERR_R_EC_LIB;
-		goto err;
-		}
-
-	buf_len = (size_t)BN_num_bytes(pub_key);
-	priv_key = EC_KEY_get0_private_key(x);
-	if (priv_key != NULL)
-		{
-		if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len)
-			buf_len = i;
-		}
-
-	buf_len += 10;
-	if ((buffer = OPENSSL_malloc(buf_len)) == NULL)
-		{
-		reason = ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-
-	if (priv_key != NULL)
-		{
-		if (!BIO_indent(bp, off, 128))
-			goto err;
-		if ((order = BN_new()) == NULL)
-			goto err;
-		if (!EC_GROUP_get_order(group, order, NULL))
-			goto err;
-		if (BIO_printf(bp, "Private-Key: (%d bit)\n", 
-			BN_num_bits(order)) <= 0) goto err;
-		}
-  
-	if ((priv_key != NULL) && !print(bp, "priv:", priv_key, 
-		buffer, off))
-		goto err;
-	if ((pub_key != NULL) && !print(bp, "pub: ", pub_key,
-		buffer, off))
-		goto err;
-	if (!ECPKParameters_print(bp, group, off))
-		goto err;
-	ret=1;
-err:
-	if (!ret)
- 		ECerr(EC_F_EC_KEY_PRINT, reason);
-	if (pub_key) 
-		BN_free(pub_key);
-	if (order)
-		BN_free(order);
-	if (ctx)
-		BN_CTX_free(ctx);
-	if (buffer != NULL)
-		OPENSSL_free(buffer);
-	return(ret);
-	}
-#endif /* OPENSSL_NO_EC */
-
-static int print(BIO *bp, const char *number, const BIGNUM *num, unsigned char *buf,
-	     int off)
-	{
-	int n,i;
-	const char *neg;
-
-	if (num == NULL) return(1);
-	neg = (BN_is_negative(num))?"-":"";
-	if(!BIO_indent(bp,off,128))
-		return 0;
-	if (BN_is_zero(num))
-		{
-		if (BIO_printf(bp, "%s 0\n", number) <= 0)
-			return 0;
-		return 1;
-		}
-
-	if (BN_num_bytes(num) <= BN_BYTES)
-		{
-		if (BIO_printf(bp,"%s %s%lu (%s0x%lx)\n",number,neg,
-			(unsigned long)num->d[0],neg,(unsigned long)num->d[0])
-			<= 0) return(0);
-		}
-	else
-		{
-		buf[0]=0;
-		if (BIO_printf(bp,"%s%s",number,
-			(neg[0] == '-')?" (Negative)":"") <= 0)
-			return(0);
-		n=BN_bn2bin(num,&buf[1]);
-	
-		if (buf[1] & 0x80)
-			n++;
-		else	buf++;
-
-		for (i=0; i<n; i++)
-			{
-			if ((i%15) == 0)
-				{
-				if(BIO_puts(bp,"\n") <= 0
-				   || !BIO_indent(bp,off+4,128))
-				    return 0;
-				}
-			if (BIO_printf(bp,"%02x%s",buf[i],((i+1) == n)?"":":")
-				<= 0) return(0);
-			}
-		if (BIO_write(bp,"\n",1) <= 0) return(0);
-		}
-	return(1);
-	}
+{
+    unsigned char *buffer = NULL;
+    size_t buf_len = 0, i;
+    int ret = 0, reason = ERR_R_BIO_LIB;
+    BIGNUM *pub_key = NULL, *order = NULL;
+    BN_CTX *ctx = NULL;
+    const EC_GROUP *group;
+    const EC_POINT *public_key;
+    const BIGNUM *priv_key;
+
+    if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) {
+        reason = ERR_R_PASSED_NULL_PARAMETER;
+        goto err;
+    }
+
+    public_key = EC_KEY_get0_public_key(x);
+    if ((pub_key = EC_POINT_point2bn(group, public_key,
+                                     EC_KEY_get_conv_form(x), NULL,
+                                     ctx)) == NULL) {
+        reason = ERR_R_EC_LIB;
+        goto err;
+    }
+
+    buf_len = (size_t)BN_num_bytes(pub_key);
+    priv_key = EC_KEY_get0_private_key(x);
+    if (priv_key != NULL) {
+        if ((i = (size_t)BN_num_bytes(priv_key)) > buf_len)
+            buf_len = i;
+    }
+
+    buf_len += 10;
+    if ((buffer = OPENSSL_malloc(buf_len)) == NULL) {
+        reason = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+
+    if (priv_key != NULL) {
+        if (!BIO_indent(bp, off, 128))
+            goto err;
+        if ((order = BN_new()) == NULL)
+            goto err;
+        if (!EC_GROUP_get_order(group, order, NULL))
+            goto err;
+        if (BIO_printf(bp, "Private-Key: (%d bit)\n",
+                       BN_num_bits(order)) <= 0)
+            goto err;
+    }
+
+    if ((priv_key != NULL) && !print(bp, "priv:", priv_key, buffer, off))
+        goto err;
+    if ((pub_key != NULL) && !print(bp, "pub: ", pub_key, buffer, off))
+        goto err;
+    if (!ECPKParameters_print(bp, group, off))
+        goto err;
+    ret = 1;
+ err:
+    if (!ret)
+        ECerr(EC_F_EC_KEY_PRINT, reason);
+    if (pub_key)
+        BN_free(pub_key);
+    if (order)
+        BN_free(order);
+    if (ctx)
+        BN_CTX_free(ctx);
+    if (buffer != NULL)
+        OPENSSL_free(buffer);
+    return (ret);
+}
+#endif                          /* OPENSSL_NO_EC */
+
+static int print(BIO *bp, const char *number, const BIGNUM *num,
+                 unsigned char *buf, int off)
+{
+    int n, i;
+    const char *neg;
+
+    if (num == NULL)
+        return (1);
+    neg = (BN_is_negative(num)) ? "-" : "";
+    if (!BIO_indent(bp, off, 128))
+        return 0;
+    if (BN_is_zero(num)) {
+        if (BIO_printf(bp, "%s 0\n", number) <= 0)
+            return 0;
+        return 1;
+    }
+
+    if (BN_num_bytes(num) <= BN_BYTES) {
+        if (BIO_printf(bp, "%s %s%lu (%s0x%lx)\n", number, neg,
+                       (unsigned long)num->d[0], neg,
+                       (unsigned long)num->d[0])
+            <= 0)
+            return (0);
+    } else {
+        buf[0] = 0;
+        if (BIO_printf(bp, "%s%s", number,
+                       (neg[0] == '-') ? " (Negative)" : "") <= 0)
+            return (0);
+        n = BN_bn2bin(num, &buf[1]);
+
+        if (buf[1] & 0x80)
+            n++;
+        else
+            buf++;
+
+        for (i = 0; i < n; i++) {
+            if ((i % 15) == 0) {
+                if (BIO_puts(bp, "\n") <= 0 || !BIO_indent(bp, off + 4, 128))
+                    return 0;
+            }
+            if (BIO_printf(bp, "%02x%s", buf[i], ((i + 1) == n) ? "" : ":")
+                <= 0)
+                return (0);
+        }
+        if (BIO_write(bp, "\n", 1) <= 0)
+            return (0);
+    }
+    return (1);
+}
 
 #ifndef OPENSSL_NO_EC
 static int print_bin(BIO *fp, const char *name, const unsigned char *buf,
-		size_t len, int off)
-	{
-	size_t i;
-	char str[128];
-
-	if (buf == NULL)
-		return 1;
-	if (off)
-		{
-		if (off > 128)
-			off=128;
-		memset(str,' ',off);
-		if (BIO_write(fp, str, off) <= 0)
-			return 0;
-		}
-
-	if (BIO_printf(fp,"%s", name) <= 0)
-		return 0;
-
-	for (i=0; i<len; i++)
-		{
-		if ((i%15) == 0)
-			{
-			str[0]='\n';
-			memset(&(str[1]),' ',off+4);
-			if (BIO_write(fp, str, off+1+4) <= 0)
-				return 0;
-			}
-		if (BIO_printf(fp,"%02x%s",buf[i],((i+1) == len)?"":":") <= 0)
-			return 0;
-		}
-	if (BIO_write(fp,"\n",1) <= 0)
-		return 0;
-
-	return 1;
-	}
+                     size_t len, int off)
+{
+    size_t i;
+    char str[128];
+
+    if (buf == NULL)
+        return 1;
+    if (off) {
+        if (off > 128)
+            off = 128;
+        memset(str, ' ', off);
+        if (BIO_write(fp, str, off) <= 0)
+            return 0;
+    }
+
+    if (BIO_printf(fp, "%s", name) <= 0)
+        return 0;
+
+    for (i = 0; i < len; i++) {
+        if ((i % 15) == 0) {
+            str[0] = '\n';
+            memset(&(str[1]), ' ', off + 4);
+            if (BIO_write(fp, str, off + 1 + 4) <= 0)
+                return 0;
+        }
+        if (BIO_printf(fp, "%02x%s", buf[i], ((i + 1) == len) ? "" : ":") <=
+            0)
+            return 0;
+    }
+    if (BIO_write(fp, "\n", 1) <= 0)
+        return 0;
+
+    return 1;
+}
 #endif
 
 #ifndef OPENSSL_NO_DH
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 int DHparams_print_fp(FILE *fp, const DH *x)
-	{
-	BIO *b;
-	int ret;
-
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
-		}
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=DHparams_print(b, x);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        DHerr(DH_F_DHPARAMS_PRINT_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = DHparams_print(b, x);
+    BIO_free(b);
+    return (ret);
+}
+# endif
 
 int DHparams_print(BIO *bp, const DH *x)
-	{
-	unsigned char *m=NULL;
-	int reason=ERR_R_BUF_LIB,ret=0;
-	size_t buf_len=0, i;
-
-	if (x->p)
-		buf_len = (size_t)BN_num_bytes(x->p);
-	else
-		{
-		reason = ERR_R_PASSED_NULL_PARAMETER;
-		goto err;
-		}
-	if (x->g)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-			buf_len = i;
-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-	if (m == NULL)
-		{
-		reason=ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-
-	if (BIO_printf(bp,"Diffie-Hellman-Parameters: (%d bit)\n",
-		BN_num_bits(x->p)) <= 0)
-		goto err;
-	if (!print(bp,"prime:",x->p,m,4)) goto err;
-	if (!print(bp,"generator:",x->g,m,4)) goto err;
-	if (x->length != 0)
-		{
-		if (BIO_printf(bp,"    recommended-private-length: %d bits\n",
-			(int)x->length) <= 0) goto err;
-		}
-	ret=1;
-	if (0)
-		{
-err:
-		DHerr(DH_F_DHPARAMS_PRINT,reason);
-		}
-	if (m != NULL) OPENSSL_free(m);
-	return(ret);
-	}
+{
+    unsigned char *m = NULL;
+    int reason = ERR_R_BUF_LIB, ret = 0;
+    size_t buf_len = 0, i;
+
+    if (x->p)
+        buf_len = (size_t)BN_num_bytes(x->p);
+    else {
+        reason = ERR_R_PASSED_NULL_PARAMETER;
+        goto err;
+    }
+    if (x->g)
+        if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+            buf_len = i;
+    m = (unsigned char *)OPENSSL_malloc(buf_len + 10);
+    if (m == NULL) {
+        reason = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+
+    if (BIO_printf(bp, "Diffie-Hellman-Parameters: (%d bit)\n",
+                   BN_num_bits(x->p)) <= 0)
+        goto err;
+    if (!print(bp, "prime:", x->p, m, 4))
+        goto err;
+    if (!print(bp, "generator:", x->g, m, 4))
+        goto err;
+    if (x->length != 0) {
+        if (BIO_printf(bp, "    recommended-private-length: %d bits\n",
+                       (int)x->length) <= 0)
+            goto err;
+    }
+    ret = 1;
+    if (0) {
+ err:
+        DHerr(DH_F_DHPARAMS_PRINT, reason);
+    }
+    if (m != NULL)
+        OPENSSL_free(m);
+    return (ret);
+}
 #endif
 
 #ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 int DSAparams_print_fp(FILE *fp, const DSA *x)
-	{
-	BIO *b;
-	int ret;
-
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		DSAerr(DSA_F_DSAPARAMS_PRINT_FP,ERR_R_BUF_LIB);
-		return(0);
-		}
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=DSAparams_print(b, x);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        DSAerr(DSA_F_DSAPARAMS_PRINT_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = DSAparams_print(b, x);
+    BIO_free(b);
+    return (ret);
+}
+# endif
 
 int DSAparams_print(BIO *bp, const DSA *x)
-	{
-	unsigned char *m=NULL;
-	int ret=0;
-	size_t buf_len=0,i;
-
-	if (x->p)
-		buf_len = (size_t)BN_num_bytes(x->p);
-	else
-		{
-		DSAerr(DSA_F_DSAPARAMS_PRINT,DSA_R_MISSING_PARAMETERS);
-		goto err;
-		}
-	if (x->q)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
-			buf_len = i;
-	if (x->g)
-		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
-			buf_len = i;
-	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
-	if (m == NULL)
-		{
-		DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (BIO_printf(bp,"DSA-Parameters: (%d bit)\n",
-		BN_num_bits(x->p)) <= 0)
-		goto err;
-	if (!print(bp,"p:",x->p,m,4)) goto err;
-	if ((x->q != NULL) && !print(bp,"q:",x->q,m,4)) goto err;
-	if ((x->g != NULL) && !print(bp,"g:",x->g,m,4)) goto err;
-	ret=1;
-err:
-	if (m != NULL) OPENSSL_free(m);
-	return(ret);
-	}
-
-#endif /* !OPENSSL_NO_DSA */
+{
+    unsigned char *m = NULL;
+    int ret = 0;
+    size_t buf_len = 0, i;
+
+    if (x->p)
+        buf_len = (size_t)BN_num_bytes(x->p);
+    else {
+        DSAerr(DSA_F_DSAPARAMS_PRINT, DSA_R_MISSING_PARAMETERS);
+        goto err;
+    }
+    if (x->q)
+        if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+            buf_len = i;
+    if (x->g)
+        if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+            buf_len = i;
+    m = (unsigned char *)OPENSSL_malloc(buf_len + 10);
+    if (m == NULL) {
+        DSAerr(DSA_F_DSAPARAMS_PRINT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (BIO_printf(bp, "DSA-Parameters: (%d bit)\n", BN_num_bits(x->p)) <= 0)
+        goto err;
+    if (!print(bp, "p:", x->p, m, 4))
+        goto err;
+    if ((x->q != NULL) && !print(bp, "q:", x->q, m, 4))
+        goto err;
+    if ((x->g != NULL) && !print(bp, "g:", x->g, m, 4))
+        goto err;
+    ret = 1;
+ err:
+    if (m != NULL)
+        OPENSSL_free(m);
+    return (ret);
+}
+
+#endif                          /* !OPENSSL_NO_DSA */
 
 #ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 int ECParameters_print_fp(FILE *fp, const EC_KEY *x)
-	{
-	BIO *b;
-	int ret;
- 
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
-		return(0);
-		}
-	BIO_set_fp(b, fp, BIO_NOCLOSE);
-	ret = ECParameters_print(b, x);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        ECerr(EC_F_ECPARAMETERS_PRINT_FP, ERR_R_BIO_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = ECParameters_print(b, x);
+    BIO_free(b);
+    return (ret);
+}
+# endif
 
 int ECParameters_print(BIO *bp, const EC_KEY *x)
-	{
-	int     reason=ERR_R_EC_LIB, ret=0;
-	BIGNUM	*order=NULL;
-	const EC_GROUP *group;
- 
-	if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL)
-		{
-		reason = ERR_R_PASSED_NULL_PARAMETER;;
-		goto err;
-		}
-
-	if ((order = BN_new()) == NULL)
-		{
-		reason = ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-
-	if (!EC_GROUP_get_order(group, order, NULL))
-		{
-		reason = ERR_R_EC_LIB;
-		goto err;
-		}
- 
-	if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n", 
-		BN_num_bits(order)) <= 0)
-		goto err;
-	if (!ECPKParameters_print(bp, group, 4))
-		goto err;
-	ret=1;
-err:
-	if (order)
-		BN_free(order);
-	ECerr(EC_F_ECPARAMETERS_PRINT, reason);
-	return(ret);
-	}
-  
+{
+    int reason = ERR_R_EC_LIB, ret = 0;
+    BIGNUM *order = NULL;
+    const EC_GROUP *group;
+
+    if (x == NULL || (group = EC_KEY_get0_group(x)) == NULL) {
+        reason = ERR_R_PASSED_NULL_PARAMETER;;
+        goto err;
+    }
+
+    if ((order = BN_new()) == NULL) {
+        reason = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+
+    if (!EC_GROUP_get_order(group, order, NULL)) {
+        reason = ERR_R_EC_LIB;
+        goto err;
+    }
+
+    if (BIO_printf(bp, "ECDSA-Parameters: (%d bit)\n",
+                   BN_num_bits(order)) <= 0)
+        goto err;
+    if (!ECPKParameters_print(bp, group, 4))
+        goto err;
+    ret = 1;
+ err:
+    if (order)
+        BN_free(order);
+    ECerr(EC_F_ECPARAMETERS_PRINT, reason);
+    return (ret);
+}
+
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_req.c b/Cryptlib/OpenSSL/crypto/asn1/t_req.c
index 5557e065..b578b685 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/t_req.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/t_req.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,227 +64,210 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 
 #ifndef OPENSSL_NO_FP_API
 int X509_REQ_print_fp(FILE *fp, X509_REQ *x)
-        {
-        BIO *b;
-        int ret;
+{
+    BIO *b;
+    int ret;
 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		X509err(X509_F_X509_REQ_PRINT_FP,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_REQ_print(b, x);
-        BIO_free(b);
-        return(ret);
-        }
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_REQ_PRINT_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_REQ_print(b, x);
+    BIO_free(b);
+    return (ret);
+}
 #endif
 
-int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags, unsigned long cflag)
-	{
-	unsigned long l;
-	int i;
-	const char *neg;
-	X509_REQ_INFO *ri;
-	EVP_PKEY *pkey;
-	STACK_OF(X509_ATTRIBUTE) *sk;
-	STACK_OF(X509_EXTENSION) *exts;
-	char mlch = ' ';
-	int nmindent = 0;
-
-	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-		mlch = '\n';
-		nmindent = 12;
-	}
+int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
+                      unsigned long cflag)
+{
+    unsigned long l;
+    int i;
+    const char *neg;
+    X509_REQ_INFO *ri;
+    EVP_PKEY *pkey;
+    STACK_OF(X509_ATTRIBUTE) *sk;
+    STACK_OF(X509_EXTENSION) *exts;
+    char mlch = ' ';
+    int nmindent = 0;
 
-	if(nmflags == X509_FLAG_COMPAT)
-		nmindent = 16;
+    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+        mlch = '\n';
+        nmindent = 12;
+    }
 
+    if (nmflags == X509_FLAG_COMPAT)
+        nmindent = 16;
 
-	ri=x->req_info;
-	if(!(cflag & X509_FLAG_NO_HEADER))
-		{
-		if (BIO_write(bp,"Certificate Request:\n",21) <= 0) goto err;
-		if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_VERSION))
-		{
-		neg=(ri->version->type == V_ASN1_NEG_INTEGER)?"-":"";
-		l=0;
-		for (i=0; i<ri->version->length; i++)
-			{ l<<=8; l+=ri->version->data[i]; }
-		if(BIO_printf(bp,"%8sVersion: %s%lu (%s0x%lx)\n","",neg,l,neg,
-			      l) <= 0)
-		    goto err;
-		}
-        if(!(cflag & X509_FLAG_NO_SUBJECT))
-                {
-                if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
-                if (X509_NAME_print_ex(bp,ri->subject,nmindent, nmflags) < 0) goto err;
-                if (BIO_write(bp,"\n",1) <= 0) goto err;
-                }
-	if(!(cflag & X509_FLAG_NO_PUBKEY))
-		{
-		if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
-			goto err;
-		if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
-			goto err;
-		if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
-			goto err;
-		if (BIO_puts(bp, "\n") <= 0)
-			goto err;
+    ri = x->req_info;
+    if (!(cflag & X509_FLAG_NO_HEADER)) {
+        if (BIO_write(bp, "Certificate Request:\n", 21) <= 0)
+            goto err;
+        if (BIO_write(bp, "    Data:\n", 10) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VERSION)) {
+        neg = (ri->version->type == V_ASN1_NEG_INTEGER) ? "-" : "";
+        l = 0;
+        for (i = 0; i < ri->version->length; i++) {
+            l <<= 8;
+            l += ri->version->data[i];
+        }
+        if (BIO_printf(bp, "%8sVersion: %s%lu (%s0x%lx)\n", "", neg, l, neg,
+                       l) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_SUBJECT)) {
+        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex(bp, ri->subject, nmindent, nmflags) < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_PUBKEY)) {
+        if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)
+            goto err;
+        if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
+            goto err;
+        if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
+            goto err;
+        if (BIO_puts(bp, "\n") <= 0)
+            goto err;
 
-		pkey=X509_REQ_get_pubkey(x);
-		if (pkey == NULL)
-			{
-			BIO_printf(bp,"%12sUnable to load Public Key\n","");
-			ERR_print_errors(bp);
-			}
-		else
+        pkey = X509_REQ_get_pubkey(x);
+        if (pkey == NULL) {
+            BIO_printf(bp, "%12sUnable to load Public Key\n", "");
+            ERR_print_errors(bp);
+        } else
 #ifndef OPENSSL_NO_RSA
-		if (pkey->type == EVP_PKEY_RSA)
-			{
-			BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-			BN_num_bits(pkey->pkey.rsa->n));
-			RSA_print(bp,pkey->pkey.rsa,16);
-			}
-		else
+        if (pkey->type == EVP_PKEY_RSA) {
+            BIO_printf(bp, "%12sRSA Public Key: (%d bit)\n", "",
+                       BN_num_bits(pkey->pkey.rsa->n));
+            RSA_print(bp, pkey->pkey.rsa, 16);
+        } else
 #endif
 #ifndef OPENSSL_NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
-			{
-			BIO_printf(bp,"%12sDSA Public Key:\n","");
-			DSA_print(bp,pkey->pkey.dsa,16);
-			}
-		else
+        if (pkey->type == EVP_PKEY_DSA) {
+            BIO_printf(bp, "%12sDSA Public Key:\n", "");
+            DSA_print(bp, pkey->pkey.dsa, 16);
+        } else
 #endif
 #ifndef OPENSSL_NO_EC
-		if (pkey->type == EVP_PKEY_EC)
-		{
-			BIO_printf(bp, "%12sEC Public Key: \n","");
-			EC_KEY_print(bp, pkey->pkey.ec, 16);
-		}
-	else
+        if (pkey->type == EVP_PKEY_EC) {
+            BIO_printf(bp, "%12sEC Public Key: \n", "");
+            EC_KEY_print(bp, pkey->pkey.ec, 16);
+        } else
 #endif
-			BIO_printf(bp,"%12sUnknown Public Key:\n","");
+            BIO_printf(bp, "%12sUnknown Public Key:\n", "");
 
-		EVP_PKEY_free(pkey);
-		}
+        EVP_PKEY_free(pkey);
+    }
 
-	if(!(cflag & X509_FLAG_NO_ATTRIBUTES))
-		{
-		/* may not be */
-		if(BIO_printf(bp,"%8sAttributes:\n","") <= 0)
-		    goto err;
+    if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) {
+        /* may not be */
+        if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0)
+            goto err;
 
-		sk=x->req_info->attributes;
-		if (sk_X509_ATTRIBUTE_num(sk) == 0)
-			{
-			if(BIO_printf(bp,"%12sa0:00\n","") <= 0)
-			    goto err;
-			}
-		else
-			{
-			for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
-				{
-				ASN1_TYPE *at;
-				X509_ATTRIBUTE *a;
-				ASN1_BIT_STRING *bs=NULL;
-				ASN1_TYPE *t;
-				int j,type=0,count=1,ii=0;
+        sk = x->req_info->attributes;
+        if (sk_X509_ATTRIBUTE_num(sk) == 0) {
+            if (BIO_printf(bp, "%12sa0:00\n", "") <= 0)
+                goto err;
+        } else {
+            for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+                ASN1_TYPE *at;
+                X509_ATTRIBUTE *a;
+                ASN1_BIT_STRING *bs = NULL;
+                ASN1_TYPE *t;
+                int j, type = 0, count = 1, ii = 0;
 
-				a=sk_X509_ATTRIBUTE_value(sk,i);
-				if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
-									continue;
-				if(BIO_printf(bp,"%12s","") <= 0)
-				    goto err;
-				if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
-				{
-				if (a->single)
-					{
-					t=a->value.single;
-					type=t->type;
-					bs=t->value.bit_string;
-					}
-				else
-					{
-					ii=0;
-					count=sk_ASN1_TYPE_num(a->value.set);
-get_next:
-					at=sk_ASN1_TYPE_value(a->value.set,ii);
-					type=at->type;
-					bs=at->value.asn1_string;
-					}
-				}
-				for (j=25-j; j>0; j--)
-					if (BIO_write(bp," ",1) != 1) goto err;
-				if (BIO_puts(bp,":") <= 0) goto err;
-				if (	(type == V_ASN1_PRINTABLESTRING) ||
-					(type == V_ASN1_T61STRING) ||
-					(type == V_ASN1_IA5STRING))
-					{
-					if (BIO_write(bp,(char *)bs->data,bs->length)
-						!= bs->length)
-						goto err;
-					BIO_puts(bp,"\n");
-					}
-				else
-					{
-					BIO_puts(bp,"unable to print attribute\n");
-					}
-				if (++ii < count) goto get_next;
-				}
-			}
-		}
-	if(!(cflag & X509_FLAG_NO_EXTENSIONS))
-		{
-		exts = X509_REQ_get_extensions(x);
-		if(exts)
-			{
-			BIO_printf(bp,"%8sRequested Extensions:\n","");
-			for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
-				{
-				ASN1_OBJECT *obj;
-				X509_EXTENSION *ex;
-				int j;
-				ex=sk_X509_EXTENSION_value(exts, i);
-				if (BIO_printf(bp,"%12s","") <= 0) goto err;
-				obj=X509_EXTENSION_get_object(ex);
-				i2a_ASN1_OBJECT(bp,obj);
-				j=X509_EXTENSION_get_critical(ex);
-				if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)
-					goto err;
-				if(!X509V3_EXT_print(bp, ex, cflag, 16))
-					{
-					BIO_printf(bp, "%16s", "");
-					M_ASN1_OCTET_STRING_print(bp,ex->value);
-					}
-				if (BIO_write(bp,"\n",1) <= 0) goto err;
-				}
-			sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-			}
-		}
+                a = sk_X509_ATTRIBUTE_value(sk, i);
+                if (X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
+                    continue;
+                if (BIO_printf(bp, "%12s", "") <= 0)
+                    goto err;
+                if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) {
+                    if (a->single) {
+                        t = a->value.single;
+                        type = t->type;
+                        bs = t->value.bit_string;
+                    } else {
+                        ii = 0;
+                        count = sk_ASN1_TYPE_num(a->value.set);
+ get_next:
+                        at = sk_ASN1_TYPE_value(a->value.set, ii);
+                        type = at->type;
+                        bs = at->value.asn1_string;
+                    }
+                }
+                for (j = 25 - j; j > 0; j--)
+                    if (BIO_write(bp, " ", 1) != 1)
+                        goto err;
+                if (BIO_puts(bp, ":") <= 0)
+                    goto err;
+                if ((type == V_ASN1_PRINTABLESTRING) ||
+                    (type == V_ASN1_T61STRING) ||
+                    (type == V_ASN1_IA5STRING)) {
+                    if (BIO_write(bp, (char *)bs->data, bs->length)
+                        != bs->length)
+                        goto err;
+                    BIO_puts(bp, "\n");
+                } else {
+                    BIO_puts(bp, "unable to print attribute\n");
+                }
+                if (++ii < count)
+                    goto get_next;
+            }
+        }
+    }
+    if (!(cflag & X509_FLAG_NO_EXTENSIONS)) {
+        exts = X509_REQ_get_extensions(x);
+        if (exts) {
+            BIO_printf(bp, "%8sRequested Extensions:\n", "");
+            for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+                ASN1_OBJECT *obj;
+                X509_EXTENSION *ex;
+                int j;
+                ex = sk_X509_EXTENSION_value(exts, i);
+                if (BIO_printf(bp, "%12s", "") <= 0)
+                    goto err;
+                obj = X509_EXTENSION_get_object(ex);
+                i2a_ASN1_OBJECT(bp, obj);
+                j = X509_EXTENSION_get_critical(ex);
+                if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0)
+                    goto err;
+                if (!X509V3_EXT_print(bp, ex, cflag, 16)) {
+                    BIO_printf(bp, "%16s", "");
+                    M_ASN1_OCTET_STRING_print(bp, ex->value);
+                }
+                if (BIO_write(bp, "\n", 1) <= 0)
+                    goto err;
+            }
+            sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+        }
+    }
 
-	if(!(cflag & X509_FLAG_NO_SIGDUMP))
-		{
-		if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err;
-		}
+    if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
+        if (!X509_signature_print(bp, x->sig_alg, x->signature))
+            goto err;
+    }
 
-	return(1);
-err:
-	X509err(X509_F_X509_REQ_PRINT_EX,ERR_R_BUF_LIB);
-	return(0);
-	}
+    return (1);
+ err:
+    X509err(X509_F_X509_REQ_PRINT_EX, ERR_R_BUF_LIB);
+    return (0);
+}
 
 int X509_REQ_print(BIO *bp, X509_REQ *x)
-	{
-	return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-	}
+{
+    return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c
index a73369b9..b0ce0891 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/t_spki.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/t_spki.c
@@ -1,6 +1,7 @@
 /* t_spki.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,10 +62,10 @@
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 #include <openssl/bn.h>
 
@@ -72,61 +73,56 @@
 
 int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
 {
-	EVP_PKEY *pkey;
-	ASN1_IA5STRING *chal;
-	int i, n;
-	char *s;
-	BIO_printf(out, "Netscape SPKI:\n");
-	i=OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
-	BIO_printf(out,"  Public Key Algorithm: %s\n",
-				(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
-	pkey = X509_PUBKEY_get(spki->spkac->pubkey);
-	if(!pkey) BIO_printf(out, "  Unable to load public key\n");
-	else {
+    EVP_PKEY *pkey;
+    ASN1_IA5STRING *chal;
+    int i, n;
+    char *s;
+    BIO_printf(out, "Netscape SPKI:\n");
+    i = OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
+    BIO_printf(out, "  Public Key Algorithm: %s\n",
+               (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
+    pkey = X509_PUBKEY_get(spki->spkac->pubkey);
+    if (!pkey)
+        BIO_printf(out, "  Unable to load public key\n");
+    else {
 #ifndef OPENSSL_NO_RSA
-		if (pkey->type == EVP_PKEY_RSA)
-			{
-			BIO_printf(out,"  RSA Public Key: (%d bit)\n",
-				BN_num_bits(pkey->pkey.rsa->n));
-			RSA_print(out,pkey->pkey.rsa,2);
-			}
-		else 
+        if (pkey->type == EVP_PKEY_RSA) {
+            BIO_printf(out, "  RSA Public Key: (%d bit)\n",
+                       BN_num_bits(pkey->pkey.rsa->n));
+            RSA_print(out, pkey->pkey.rsa, 2);
+        } else
 #endif
 #ifndef OPENSSL_NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
-		{
-		BIO_printf(out,"  DSA Public Key:\n");
-		DSA_print(out,pkey->pkey.dsa,2);
-		}
-		else
+        if (pkey->type == EVP_PKEY_DSA) {
+            BIO_printf(out, "  DSA Public Key:\n");
+            DSA_print(out, pkey->pkey.dsa, 2);
+        } else
 #endif
 #ifndef OPENSSL_NO_EC
-		if (pkey->type == EVP_PKEY_EC)
-		{
-			BIO_printf(out, "  EC Public Key:\n");
-			EC_KEY_print(out, pkey->pkey.ec,2);
-		}
-		else
+        if (pkey->type == EVP_PKEY_EC) {
+            BIO_printf(out, "  EC Public Key:\n");
+            EC_KEY_print(out, pkey->pkey.ec, 2);
+        } else
 #endif
 
-			BIO_printf(out,"  Unknown Public Key:\n");
-		EVP_PKEY_free(pkey);
-	}
-	chal = spki->spkac->challenge;
-	if(chal->length)
-		BIO_printf(out, "  Challenge String: %s\n", chal->data);
-	i=OBJ_obj2nid(spki->sig_algor->algorithm);
-	BIO_printf(out,"  Signature Algorithm: %s",
-				(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));
+            BIO_printf(out, "  Unknown Public Key:\n");
+        EVP_PKEY_free(pkey);
+    }
+    chal = spki->spkac->challenge;
+    if (chal->length)
+        BIO_printf(out, "  Challenge String: %s\n", chal->data);
+    i = OBJ_obj2nid(spki->sig_algor->algorithm);
+    BIO_printf(out, "  Signature Algorithm: %s",
+               (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
 
-	n=spki->signature->length;
-	s=(char *)spki->signature->data;
-	for (i=0; i<n; i++)
-		{
-		if ((i%18) == 0) BIO_write(out,"\n      ",7);
-		BIO_printf(out,"%02x%s",(unsigned char)s[i],
-						((i+1) == n)?"":":");
-		}
-	BIO_write(out,"\n",1);
-	return 1;
+    n = spki->signature->length;
+    s = (char *)spki->signature->data;
+    for (i = 0; i < n; i++) {
+        if ((i % 18) == 0)
+            BIO_write(out, "\n      ", 7);
+        BIO_printf(out, "%02x%s", (unsigned char)s[i],
+                   ((i + 1) == n) ? "" : ":");
+    }
+    BIO_write(out, "\n", 1);
+    return 1;
 }
diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c
index f9dad0e6..53f631d1 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/t_x509.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,13 +61,13 @@
 #include <openssl/buffer.h>
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 #ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
+# include <openssl/ec.h>
 #endif
 #include <openssl/objects.h>
 #include <openssl/x509.h>
@@ -75,446 +75,455 @@
 
 #ifndef OPENSSL_NO_FP_API
 int X509_print_fp(FILE *fp, X509 *x)
-	{
-	return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
-	}
+{
+    return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+}
 
-int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		X509err(X509_F_X509_PRINT_EX_FP,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=X509_print_ex(b, x, nmflag, cflag);
-        BIO_free(b);
-        return(ret);
-        }
+int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag,
+                     unsigned long cflag)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        X509err(X509_F_X509_PRINT_EX_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = X509_print_ex(b, x, nmflag, cflag);
+    BIO_free(b);
+    return (ret);
+}
 #endif
 
 int X509_print(BIO *bp, X509 *x)
 {
-	return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
+    return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
 }
 
-int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
-	{
-	long l;
-	int ret=0,i;
-	char *m=NULL,mlch = ' ';
-	int nmindent = 0;
-	X509_CINF *ci;
-	ASN1_INTEGER *bs;
-	EVP_PKEY *pkey=NULL;
-	const char *neg;
-	ASN1_STRING *str=NULL;
-
-	if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
-			mlch = '\n';
-			nmindent = 12;
-	}
-
-	if(nmflags == X509_FLAG_COMPAT)
-		nmindent = 16;
-
-	ci=x->cert_info;
-	if(!(cflag & X509_FLAG_NO_HEADER))
-		{
-		if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err;
-		if (BIO_write(bp,"    Data:\n",10) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_VERSION))
-		{
-		l=X509_get_version(x);
-		if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_SERIAL))
-		{
-
-		if (BIO_write(bp,"        Serial Number:",22) <= 0) goto err;
-
-		bs=X509_get_serialNumber(x);
-		if (bs->length <= 4)
-			{
-			l=ASN1_INTEGER_get(bs);
-			if (l < 0)
-				{
-				l= -l;
-				neg="-";
-				}
-			else
-				neg="";
-			if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0)
-				goto err;
-			}
-		else
-			{
-			neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":"";
-			if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err;
-
-			for (i=0; i<bs->length; i++)
-				{
-				if (BIO_printf(bp,"%02x%c",bs->data[i],
-					((i+1 == bs->length)?'\n':':')) <= 0)
-					goto err;
-				}
-			}
-
-		}
-
-	if(!(cflag & X509_FLAG_NO_SIGNAME))
-		{
-		if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) 
-			goto err;
-		if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
-			goto err;
-		if (BIO_puts(bp, "\n") <= 0)
-			goto err;
-		}
-
-	if(!(cflag & X509_FLAG_NO_ISSUER))
-		{
-		if (BIO_printf(bp,"        Issuer:%c",mlch) <= 0) goto err;
-		if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err;
-		if (BIO_write(bp,"\n",1) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_VALIDITY))
-		{
-		if (BIO_write(bp,"        Validity\n",17) <= 0) goto err;
-		if (BIO_write(bp,"            Not Before: ",24) <= 0) goto err;
-		if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err;
-		if (BIO_write(bp,"\n            Not After : ",25) <= 0) goto err;
-		if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err;
-		if (BIO_write(bp,"\n",1) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_SUBJECT))
-		{
-		if (BIO_printf(bp,"        Subject:%c",mlch) <= 0) goto err;
-		if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err;
-		if (BIO_write(bp,"\n",1) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_PUBKEY))
-		{
-		if (BIO_write(bp,"        Subject Public Key Info:\n",33) <= 0)
-			goto err;
-		if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0)
-			goto err;
-		if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
-			goto err;
-		if (BIO_puts(bp, "\n") <= 0)
-			goto err;
-
-		pkey=X509_get_pubkey(x);
-		if (pkey == NULL)
-			{
-			BIO_printf(bp,"%12sUnable to load Public Key\n","");
-			ERR_print_errors(bp);
-			}
-		else
+int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags,
+                  unsigned long cflag)
+{
+    long l;
+    int ret = 0, i;
+    char *m = NULL, mlch = ' ';
+    int nmindent = 0;
+    X509_CINF *ci;
+    ASN1_INTEGER *bs;
+    EVP_PKEY *pkey = NULL;
+    const char *neg;
+    ASN1_STRING *str = NULL;
+
+    if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
+        mlch = '\n';
+        nmindent = 12;
+    }
+
+    if (nmflags == X509_FLAG_COMPAT)
+        nmindent = 16;
+
+    ci = x->cert_info;
+    if (!(cflag & X509_FLAG_NO_HEADER)) {
+        if (BIO_write(bp, "Certificate:\n", 13) <= 0)
+            goto err;
+        if (BIO_write(bp, "    Data:\n", 10) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VERSION)) {
+        l = X509_get_version(x);
+        if (BIO_printf(bp, "%8sVersion: %lu (0x%lx)\n", "", l + 1, l) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_SERIAL)) {
+
+        if (BIO_write(bp, "        Serial Number:", 22) <= 0)
+            goto err;
+
+        bs = X509_get_serialNumber(x);
+        if (bs->length <= 4) {
+            l = ASN1_INTEGER_get(bs);
+            if (l < 0) {
+                l = -l;
+                neg = "-";
+            } else
+                neg = "";
+            if (BIO_printf(bp, " %s%lu (%s0x%lx)\n", neg, l, neg, l) <= 0)
+                goto err;
+        } else {
+            neg = (bs->type == V_ASN1_NEG_INTEGER) ? " (Negative)" : "";
+            if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)
+                goto err;
+
+            for (i = 0; i < bs->length; i++) {
+                if (BIO_printf(bp, "%02x%c", bs->data[i],
+                               ((i + 1 == bs->length) ? '\n' : ':')) <= 0)
+                    goto err;
+            }
+        }
+
+    }
+
+    if (!(cflag & X509_FLAG_NO_SIGNAME)) {
+        if (BIO_printf(bp, "%8sSignature Algorithm: ", "") <= 0)
+            goto err;
+        if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0)
+            goto err;
+        if (BIO_puts(bp, "\n") <= 0)
+            goto err;
+    }
+
+    if (!(cflag & X509_FLAG_NO_ISSUER)) {
+        if (BIO_printf(bp, "        Issuer:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex(bp, X509_get_issuer_name(x), nmindent, nmflags)
+            < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_VALIDITY)) {
+        if (BIO_write(bp, "        Validity\n", 17) <= 0)
+            goto err;
+        if (BIO_write(bp, "            Not Before: ", 24) <= 0)
+            goto err;
+        if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))
+            goto err;
+        if (BIO_write(bp, "\n            Not After : ", 25) <= 0)
+            goto err;
+        if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_SUBJECT)) {
+        if (BIO_printf(bp, "        Subject:%c", mlch) <= 0)
+            goto err;
+        if (X509_NAME_print_ex
+            (bp, X509_get_subject_name(x), nmindent, nmflags) < 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_PUBKEY)) {
+        if (BIO_write(bp, "        Subject Public Key Info:\n", 33) <= 0)
+            goto err;
+        if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
+            goto err;
+        if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
+            goto err;
+        if (BIO_puts(bp, "\n") <= 0)
+            goto err;
+
+        pkey = X509_get_pubkey(x);
+        if (pkey == NULL) {
+            BIO_printf(bp, "%12sUnable to load Public Key\n", "");
+            ERR_print_errors(bp);
+        } else
 #ifndef OPENSSL_NO_RSA
-		if (pkey->type == EVP_PKEY_RSA)
-			{
-			BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","",
-			BN_num_bits(pkey->pkey.rsa->n));
-			RSA_print(bp,pkey->pkey.rsa,16);
-			}
-		else
+        if (pkey->type == EVP_PKEY_RSA) {
+            BIO_printf(bp, "%12sRSA Public Key: (%d bit)\n", "",
+                       BN_num_bits(pkey->pkey.rsa->n));
+            RSA_print(bp, pkey->pkey.rsa, 16);
+        } else
 #endif
 #ifndef OPENSSL_NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
-			{
-			BIO_printf(bp,"%12sDSA Public Key:\n","");
-			DSA_print(bp,pkey->pkey.dsa,16);
-			}
-		else
+        if (pkey->type == EVP_PKEY_DSA) {
+            BIO_printf(bp, "%12sDSA Public Key:\n", "");
+            DSA_print(bp, pkey->pkey.dsa, 16);
+        } else
 #endif
 #ifndef OPENSSL_NO_EC
-		if (pkey->type == EVP_PKEY_EC)
-			{
-			BIO_printf(bp, "%12sEC Public Key:\n","");
-			EC_KEY_print(bp, pkey->pkey.ec, 16);
-			}
-		else
+        if (pkey->type == EVP_PKEY_EC) {
+            BIO_printf(bp, "%12sEC Public Key:\n", "");
+            EC_KEY_print(bp, pkey->pkey.ec, 16);
+        } else
 #endif
-			BIO_printf(bp,"%12sUnknown Public Key:\n","");
-
-		EVP_PKEY_free(pkey);
-		}
-
-	if (!(cflag & X509_FLAG_NO_EXTENSIONS))
-		X509V3_extensions_print(bp, "X509v3 extensions",
-					ci->extensions, cflag, 8);
-
-	if(!(cflag & X509_FLAG_NO_SIGDUMP))
-		{
-		if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err;
-		}
-	if(!(cflag & X509_FLAG_NO_AUX))
-		{
-		if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err;
-		}
-	ret=1;
-err:
-	if (str != NULL) ASN1_STRING_free(str);
-	if (m != NULL) OPENSSL_free(m);
-	return(ret);
-	}
-
-int X509_ocspid_print (BIO *bp, X509 *x)
-	{
-	unsigned char *der=NULL ;
-	unsigned char *dertmp;
-	int derlen;
-	int i;
-	unsigned char SHA1md[SHA_DIGEST_LENGTH];
-
-	/* display the hash of the subject as it would appear
-	   in OCSP requests */
-	if (BIO_printf(bp,"        Subject OCSP hash: ") <= 0)
-		goto err;
-	derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
-	if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
-		goto err;
-	i2d_X509_NAME(x->cert_info->subject, &dertmp);
-
-	EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);
-	for (i=0; i < SHA_DIGEST_LENGTH; i++)
-		{
-		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
-		}
-	OPENSSL_free (der);
-	der=NULL;
-
-	/* display the hash of the public key as it would appear
-	   in OCSP requests */
-	if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
-		goto err;
-
-	EVP_Digest(x->cert_info->key->public_key->data,
-		x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL);
-	for (i=0; i < SHA_DIGEST_LENGTH; i++)
-		{
-		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
-			goto err;
-		}
-	BIO_printf(bp,"\n");
-
-	return (1);
-err:
-	if (der != NULL) OPENSSL_free(der);
-	return(0);
-	}
+            BIO_printf(bp, "%12sUnknown Public Key:\n", "");
+
+        EVP_PKEY_free(pkey);
+    }
+
+    if (!(cflag & X509_FLAG_NO_EXTENSIONS))
+        X509V3_extensions_print(bp, "X509v3 extensions",
+                                ci->extensions, cflag, 8);
+
+    if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
+        if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0)
+            goto err;
+    }
+    if (!(cflag & X509_FLAG_NO_AUX)) {
+        if (!X509_CERT_AUX_print(bp, x->aux, 0))
+            goto err;
+    }
+    ret = 1;
+ err:
+    if (str != NULL)
+        ASN1_STRING_free(str);
+    if (m != NULL)
+        OPENSSL_free(m);
+    return (ret);
+}
+
+int X509_ocspid_print(BIO *bp, X509 *x)
+{
+    unsigned char *der = NULL;
+    unsigned char *dertmp;
+    int derlen;
+    int i;
+    unsigned char SHA1md[SHA_DIGEST_LENGTH];
+
+    /*
+     * display the hash of the subject as it would appear in OCSP requests
+     */
+    if (BIO_printf(bp, "        Subject OCSP hash: ") <= 0)
+        goto err;
+    derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
+    if ((der = dertmp = (unsigned char *)OPENSSL_malloc(derlen)) == NULL)
+        goto err;
+    i2d_X509_NAME(x->cert_info->subject, &dertmp);
+
+    EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL);
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
+        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+            goto err;
+    }
+    OPENSSL_free(der);
+    der = NULL;
+
+    /*
+     * display the hash of the public key as it would appear in OCSP requests
+     */
+    if (BIO_printf(bp, "\n        Public key OCSP hash: ") <= 0)
+        goto err;
+
+    EVP_Digest(x->cert_info->key->public_key->data,
+               x->cert_info->key->public_key->length, SHA1md, NULL,
+               EVP_sha1(), NULL);
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
+        if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
+            goto err;
+    }
+    BIO_printf(bp, "\n");
+
+    return (1);
+ err:
+    if (der != NULL)
+        OPENSSL_free(der);
+    return (0);
+}
 
 int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig)
 {
-	unsigned char *s;
-	int i, n;
-	if (BIO_puts(bp,"    Signature Algorithm: ") <= 0) return 0;
-	if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0;
-
-	n=sig->length;
-	s=sig->data;
-	for (i=0; i<n; i++)
-		{
-		if ((i%18) == 0)
-			if (BIO_write(bp,"\n        ",9) <= 0) return 0;
-			if (BIO_printf(bp,"%02x%s",s[i],
-				((i+1) == n)?"":":") <= 0) return 0;
-		}
-	if (BIO_write(bp,"\n",1) != 1) return 0;
-	return 1;
+    unsigned char *s;
+    int i, n;
+    if (BIO_puts(bp, "    Signature Algorithm: ") <= 0)
+        return 0;
+    if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)
+        return 0;
+
+    n = sig->length;
+    s = sig->data;
+    for (i = 0; i < n; i++) {
+        if ((i % 18) == 0)
+            if (BIO_write(bp, "\n        ", 9) <= 0)
+                return 0;
+        if (BIO_printf(bp, "%02x%s", s[i], ((i + 1) == n) ? "" : ":") <= 0)
+            return 0;
+    }
+    if (BIO_write(bp, "\n", 1) != 1)
+        return 0;
+    return 1;
 }
 
 int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
-	{
-	int i,n;
-	char buf[80],*p;
-
-	if (v == NULL) return(0);
-	n=0;
-	p=(char *)v->data;
-	for (i=0; i<v->length; i++)
-		{
-		if ((p[i] > '~') || ((p[i] < ' ') &&
-			(p[i] != '\n') && (p[i] != '\r')))
-			buf[n]='.';
-		else
-			buf[n]=p[i];
-		n++;
-		if (n >= 80)
-			{
-			if (BIO_write(bp,buf,n) <= 0)
-				return(0);
-			n=0;
-			}
-		}
-	if (n > 0)
-		if (BIO_write(bp,buf,n) <= 0)
-			return(0);
-	return(1);
-	}
+{
+    int i, n;
+    char buf[80], *p;
+
+    if (v == NULL)
+        return (0);
+    n = 0;
+    p = (char *)v->data;
+    for (i = 0; i < v->length; i++) {
+        if ((p[i] > '~') || ((p[i] < ' ') &&
+                             (p[i] != '\n') && (p[i] != '\r')))
+            buf[n] = '.';
+        else
+            buf[n] = p[i];
+        n++;
+        if (n >= 80) {
+            if (BIO_write(bp, buf, n) <= 0)
+                return (0);
+            n = 0;
+        }
+    }
+    if (n > 0)
+        if (BIO_write(bp, buf, n) <= 0)
+            return (0);
+    return (1);
+}
 
 int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm)
 {
-	if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm);
-	if(tm->type == V_ASN1_GENERALIZEDTIME)
-				return ASN1_GENERALIZEDTIME_print(bp, tm);
-	BIO_write(bp,"Bad time value",14);
-	return(0);
+    if (tm->type == V_ASN1_UTCTIME)
+        return ASN1_UTCTIME_print(bp, tm);
+    if (tm->type == V_ASN1_GENERALIZEDTIME)
+        return ASN1_GENERALIZEDTIME_print(bp, tm);
+    BIO_write(bp, "Bad time value", 14);
+    return (0);
 }
 
-static const char *mon[12]=
-    {
-    "Jan","Feb","Mar","Apr","May","Jun",
-    "Jul","Aug","Sep","Oct","Nov","Dec"
-    };
+static const char *mon[12] = {
+    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
+};
 
 int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm)
-	{
-	char *v;
-	int gmt=0;
-	int i;
-	int y=0,M=0,d=0,h=0,m=0,s=0;
-	char *f = NULL;
-	int f_len = 0;
-
-	i=tm->length;
-	v=(char *)tm->data;
-
-	if (i < 12) goto err;
-	if (v[i-1] == 'Z') gmt=1;
-	for (i=0; i<12; i++)
-		if ((v[i] > '9') || (v[i] < '0')) goto err;
-	y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0');
-	M= (v[4]-'0')*10+(v[5]-'0');
-	if ((M > 12) || (M < 1)) goto err;
-	d= (v[6]-'0')*10+(v[7]-'0');
-	h= (v[8]-'0')*10+(v[9]-'0');
-	m=  (v[10]-'0')*10+(v[11]-'0');
-	if (tm->length >= 14 &&
-	    (v[12] >= '0') && (v[12] <= '9') &&
-	    (v[13] >= '0') && (v[13] <= '9'))
-		{
-		s=  (v[12]-'0')*10+(v[13]-'0');
-		/* Check for fractions of seconds. */
-		if (tm->length >= 15 && v[14] == '.')
-			{
-			int l = tm->length;
-			f = &v[14];	/* The decimal point. */
-			f_len = 1;
-			while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
-				++f_len;
-			}
-		}
-
-	if (BIO_printf(bp,"%s %2d %02d:%02d:%02d%.*s %d%s",
-		mon[M-1],d,h,m,s,f_len,f,y,(gmt)?" GMT":"") <= 0)
-		return(0);
-	else
-		return(1);
-err:
-	BIO_write(bp,"Bad time value",14);
-	return(0);
-	}
+{
+    char *v;
+    int gmt = 0;
+    int i;
+    int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
+    char *f = NULL;
+    int f_len = 0;
+
+    i = tm->length;
+    v = (char *)tm->data;
+
+    if (i < 12)
+        goto err;
+    if (v[i - 1] == 'Z')
+        gmt = 1;
+    for (i = 0; i < 12; i++)
+        if ((v[i] > '9') || (v[i] < '0'))
+            goto err;
+    y = (v[0] - '0') * 1000 + (v[1] - '0') * 100
+        + (v[2] - '0') * 10 + (v[3] - '0');
+    M = (v[4] - '0') * 10 + (v[5] - '0');
+    if ((M > 12) || (M < 1))
+        goto err;
+    d = (v[6] - '0') * 10 + (v[7] - '0');
+    h = (v[8] - '0') * 10 + (v[9] - '0');
+    m = (v[10] - '0') * 10 + (v[11] - '0');
+    if (tm->length >= 14 &&
+        (v[12] >= '0') && (v[12] <= '9') &&
+        (v[13] >= '0') && (v[13] <= '9')) {
+        s = (v[12] - '0') * 10 + (v[13] - '0');
+        /* Check for fractions of seconds. */
+        if (tm->length >= 15 && v[14] == '.') {
+            int l = tm->length;
+            f = &v[14];         /* The decimal point. */
+            f_len = 1;
+            while (14 + f_len < l && f[f_len] >= '0' && f[f_len] <= '9')
+                ++f_len;
+        }
+    }
+
+    if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
+                   mon[M - 1], d, h, m, s, f_len, f, y,
+                   (gmt) ? " GMT" : "") <= 0)
+        return (0);
+    else
+        return (1);
+ err:
+    BIO_write(bp, "Bad time value", 14);
+    return (0);
+}
 
 int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm)
-	{
-	char *v;
-	int gmt=0;
-	int i;
-	int y=0,M=0,d=0,h=0,m=0,s=0;
-
-	i=tm->length;
-	v=(char *)tm->data;
-
-	if (i < 10) goto err;
-	if (v[i-1] == 'Z') gmt=1;
-	for (i=0; i<10; i++)
-		if ((v[i] > '9') || (v[i] < '0')) goto err;
-	y= (v[0]-'0')*10+(v[1]-'0');
-	if (y < 50) y+=100;
-	M= (v[2]-'0')*10+(v[3]-'0');
-	if ((M > 12) || (M < 1)) goto err;
-	d= (v[4]-'0')*10+(v[5]-'0');
-	h= (v[6]-'0')*10+(v[7]-'0');
-	m=  (v[8]-'0')*10+(v[9]-'0');
-	if (tm->length >=12 &&
-	    (v[10] >= '0') && (v[10] <= '9') &&
-	    (v[11] >= '0') && (v[11] <= '9'))
-		s=  (v[10]-'0')*10+(v[11]-'0');
-
-	if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s",
-		mon[M-1],d,h,m,s,y+1900,(gmt)?" GMT":"") <= 0)
-		return(0);
-	else
-		return(1);
-err:
-	BIO_write(bp,"Bad time value",14);
-	return(0);
-	}
+{
+    char *v;
+    int gmt = 0;
+    int i;
+    int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
+
+    i = tm->length;
+    v = (char *)tm->data;
+
+    if (i < 10)
+        goto err;
+    if (v[i - 1] == 'Z')
+        gmt = 1;
+    for (i = 0; i < 10; i++)
+        if ((v[i] > '9') || (v[i] < '0'))
+            goto err;
+    y = (v[0] - '0') * 10 + (v[1] - '0');
+    if (y < 50)
+        y += 100;
+    M = (v[2] - '0') * 10 + (v[3] - '0');
+    if ((M > 12) || (M < 1))
+        goto err;
+    d = (v[4] - '0') * 10 + (v[5] - '0');
+    h = (v[6] - '0') * 10 + (v[7] - '0');
+    m = (v[8] - '0') * 10 + (v[9] - '0');
+    if (tm->length >= 12 &&
+        (v[10] >= '0') && (v[10] <= '9') && (v[11] >= '0') && (v[11] <= '9'))
+        s = (v[10] - '0') * 10 + (v[11] - '0');
+
+    if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
+                   mon[M - 1], d, h, m, s, y + 1900,
+                   (gmt) ? " GMT" : "") <= 0)
+        return (0);
+    else
+        return (1);
+ err:
+    BIO_write(bp, "Bad time value", 14);
+    return (0);
+}
 
 int X509_NAME_print(BIO *bp, X509_NAME *name, int obase)
-	{
-	char *s,*c,*b;
-	int ret=0,l,i;
-
-	l=80-2-obase;
-
-	b=X509_NAME_oneline(name,NULL,0);
-	if (!b)
-		return 0;
-	if (!*b)
-		{
-		OPENSSL_free(b);
-		return 1;
-		}
-	s=b+1; /* skip the first slash */
-
-	c=s;
-	for (;;)
-		{
+{
+    char *s, *c, *b;
+    int ret = 0, l, i;
+
+    l = 80 - 2 - obase;
+
+    b = X509_NAME_oneline(name, NULL, 0);
+    if (!b)
+        return 0;
+    if (!*b) {
+        OPENSSL_free(b);
+        return 1;
+    }
+    s = b + 1;                  /* skip the first slash */
+
+    c = s;
+    for (;;) {
 #ifndef CHARSET_EBCDIC
-		if (	((*s == '/') &&
-				((s[1] >= 'A') && (s[1] <= 'Z') && (
-					(s[2] == '=') ||
-					((s[2] >= 'A') && (s[2] <= 'Z') &&
-					(s[3] == '='))
-				 ))) ||
-			(*s == '\0'))
+        if (((*s == '/') &&
+             ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') ||
+                                                 ((s[2] >= 'A')
+                                                  && (s[2] <= 'Z')
+                                                  && (s[3] == '='))
+              ))) || (*s == '\0'))
 #else
-		if (	((*s == '/') &&
-				(isupper(s[1]) && (
-					(s[2] == '=') ||
-					(isupper(s[2]) &&
-					(s[3] == '='))
-				 ))) ||
-			(*s == '\0'))
+        if (((*s == '/') &&
+             (isupper(s[1]) && ((s[2] == '=') ||
+                                (isupper(s[2]) && (s[3] == '='))
+              ))) || (*s == '\0'))
 #endif
-			{
-			i=s-c;
-			if (BIO_write(bp,c,i) != i) goto err;
-			c=s+1;	/* skip following slash */
-			if (*s != '\0')
-				{
-				if (BIO_write(bp,", ",2) != 2) goto err;
-				}
-			l--;
-			}
-		if (*s == '\0') break;
-		s++;
-		l--;
-		}
-	
-	ret=1;
-	if (0)
-		{
-err:
-		X509err(X509_F_X509_NAME_PRINT,ERR_R_BUF_LIB);
-		}
-	OPENSSL_free(b);
-	return(ret);
-	}
+        {
+            i = s - c;
+            if (BIO_write(bp, c, i) != i)
+                goto err;
+            c = s + 1;          /* skip following slash */
+            if (*s != '\0') {
+                if (BIO_write(bp, ", ", 2) != 2)
+                    goto err;
+            }
+            l--;
+        }
+        if (*s == '\0')
+            break;
+        s++;
+        l--;
+    }
+
+    ret = 1;
+    if (0) {
+ err:
+        X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB);
+    }
+    OPENSSL_free(b);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c
index 8b18801a..f4b8f94c 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/t_x509a.c
@@ -1,6 +1,7 @@
 /* t_x509a.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,49 +63,53 @@
 #include <openssl/asn1.h>
 #include <openssl/x509.h>
 
-/* X509_CERT_AUX and string set routines
+/*
+ * X509_CERT_AUX and string set routines
  */
 
 int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
 {
-	char oidstr[80], first;
-	int i;
-	if(!aux) return 1;
-	if(aux->trust) {
-		first = 1;
-		BIO_printf(out, "%*sTrusted Uses:\n%*s",
-						indent, "", indent + 2, "");
-		for(i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
-			if(!first) BIO_puts(out, ", ");
-			else first = 0;
-			OBJ_obj2txt(oidstr, sizeof oidstr,
-				sk_ASN1_OBJECT_value(aux->trust, i), 0);
-			BIO_puts(out, oidstr);
-		}
-		BIO_puts(out, "\n");
-	} else BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
-	if(aux->reject) {
-		first = 1;
-		BIO_printf(out, "%*sRejected Uses:\n%*s",
-						indent, "", indent + 2, "");
-		for(i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
-			if(!first) BIO_puts(out, ", ");
-			else first = 0;
-			OBJ_obj2txt(oidstr, sizeof oidstr,
-				sk_ASN1_OBJECT_value(aux->reject, i), 0);
-			BIO_puts(out, oidstr);
-		}
-		BIO_puts(out, "\n");
-	} else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
-	if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "",
-							aux->alias->data);
-	if(aux->keyid) {
-		BIO_printf(out, "%*sKey Id: ", indent, "");
-		for(i = 0; i < aux->keyid->length; i++) 
-			BIO_printf(out, "%s%02X", 
-				i ? ":" : "",
-				aux->keyid->data[i]);
-		BIO_write(out,"\n",1);
-	}
-	return 1;
+    char oidstr[80], first;
+    int i;
+    if (!aux)
+        return 1;
+    if (aux->trust) {
+        first = 1;
+        BIO_printf(out, "%*sTrusted Uses:\n%*s", indent, "", indent + 2, "");
+        for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
+            if (!first)
+                BIO_puts(out, ", ");
+            else
+                first = 0;
+            OBJ_obj2txt(oidstr, sizeof oidstr,
+                        sk_ASN1_OBJECT_value(aux->trust, i), 0);
+            BIO_puts(out, oidstr);
+        }
+        BIO_puts(out, "\n");
+    } else
+        BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
+    if (aux->reject) {
+        first = 1;
+        BIO_printf(out, "%*sRejected Uses:\n%*s", indent, "", indent + 2, "");
+        for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
+            if (!first)
+                BIO_puts(out, ", ");
+            else
+                first = 0;
+            OBJ_obj2txt(oidstr, sizeof oidstr,
+                        sk_ASN1_OBJECT_value(aux->reject, i), 0);
+            BIO_puts(out, oidstr);
+        }
+        BIO_puts(out, "\n");
+    } else
+        BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
+    if (aux->alias)
+        BIO_printf(out, "%*sAlias: %s\n", indent, "", aux->alias->data);
+    if (aux->keyid) {
+        BIO_printf(out, "%*sKey Id: ", indent, "");
+        for (i = 0; i < aux->keyid->length; i++)
+            BIO_printf(out, "%s%02X", i ? ":" : "", aux->keyid->data[i]);
+        BIO_write(out, "\n", 1);
+    }
+    return 1;
 }
diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c
index a228c0d6..6e4a3252 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_dec.c
@@ -1,6 +1,7 @@
 /* tasn_dec.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000-2005 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,7 +57,6 @@
  *
  */
 
-
 #include <stddef.h>
 #include <string.h>
 #include <openssl/asn1.h>
@@ -69,1275 +69,1158 @@ static int asn1_check_eoc(const unsigned char **in, long len);
 static int asn1_find_end(const unsigned char **in, long len, char inf);
 
 static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
-			char inf, int tag, int aclass, int depth);
+                        char inf, int tag, int aclass, int depth);
 
 static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
 
 static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
-				char *inf, char *cst,
-				const unsigned char **in, long len,
-				int exptag, int expclass, char opt,
-				ASN1_TLC *ctx);
+                           char *inf, char *cst,
+                           const unsigned char **in, long len,
+                           int exptag, int expclass, char opt, ASN1_TLC *ctx);
 
 static int asn1_template_ex_d2i(ASN1_VALUE **pval,
-				const unsigned char **in, long len,
-				const ASN1_TEMPLATE *tt, char opt,
-				ASN1_TLC *ctx);
+                                const unsigned char **in, long len,
+                                const ASN1_TEMPLATE *tt, char opt,
+                                ASN1_TLC *ctx);
 static int asn1_template_noexp_d2i(ASN1_VALUE **val,
-				const unsigned char **in, long len,
-				const ASN1_TEMPLATE *tt, char opt,
-				ASN1_TLC *ctx);
+                                   const unsigned char **in, long len,
+                                   const ASN1_TEMPLATE *tt, char opt,
+                                   ASN1_TLC *ctx);
 static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
-				const unsigned char **in, long len,
-				const ASN1_ITEM *it,
-				int tag, int aclass, char opt, ASN1_TLC *ctx);
+                                 const unsigned char **in, long len,
+                                 const ASN1_ITEM *it,
+                                 int tag, int aclass, char opt,
+                                 ASN1_TLC *ctx);
 
 /* Table to convert tags to bit values, used for MSTRING type */
 static const unsigned long tag2bit[32] = {
-0,	0,	0,	B_ASN1_BIT_STRING,	/* tags  0 -  3 */
-B_ASN1_OCTET_STRING,	0,	0,		B_ASN1_UNKNOWN,/* tags  4- 7 */
-B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,	B_ASN1_UNKNOWN,/* tags  8-11 */
-B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
-B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */
-B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,       /* tags 20-22 */
-B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,			       /* tags 23-24 */	
-B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING,  /* tags 25-27 */
-B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
-	};
+    /* tags  0 -  3 */
+    0, 0, 0, B_ASN1_BIT_STRING,
+    /* tags  4- 7 */
+    B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,
+    /* tags  8-11 */
+    B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,
+    /* tags 12-15 */
+    B_ASN1_UTF8STRING, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,
+    /* tags 16-19 */
+    B_ASN1_SEQUENCE, 0, B_ASN1_NUMERICSTRING, B_ASN1_PRINTABLESTRING,
+    /* tags 20-22 */
+    B_ASN1_T61STRING, B_ASN1_VIDEOTEXSTRING, B_ASN1_IA5STRING,
+    /* tags 23-24 */
+    B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME,
+    /* tags 25-27 */
+    B_ASN1_GRAPHICSTRING, B_ASN1_ISO64STRING, B_ASN1_GENERALSTRING,
+    /* tags 28-31 */
+    B_ASN1_UNIVERSALSTRING, B_ASN1_UNKNOWN, B_ASN1_BMPSTRING, B_ASN1_UNKNOWN,
+};
 
 unsigned long ASN1_tag2bit(int tag)
-	{
-	if ((tag < 0) || (tag > 30)) return 0;
-	return tag2bit[tag];
-	}
+{
+    if ((tag < 0) || (tag > 30))
+        return 0;
+    return tag2bit[tag];
+}
 
 /* Macro to initialize and invalidate the cache */
 
-#define asn1_tlc_clear(c)	if (c) (c)->valid = 0
+#define asn1_tlc_clear(c)       if (c) (c)->valid = 0
 
-/* Decode an ASN1 item, this currently behaves just 
- * like a standard 'd2i' function. 'in' points to 
- * a buffer to read the data from, in future we will
- * have more advanced versions that can input data
- * a piece at a time and this will simply be a special
- * case.
+/*
+ * Decode an ASN1 item, this currently behaves just like a standard 'd2i'
+ * function. 'in' points to a buffer to read the data from, in future we
+ * will have more advanced versions that can input data a piece at a time and
+ * this will simply be a special case.
  */
 
 ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
-		const unsigned char **in, long len, const ASN1_ITEM *it)
-	{
-	ASN1_TLC c;
-	ASN1_VALUE *ptmpval = NULL;
-	if (!pval)
-		pval = &ptmpval;
-	c.valid = 0;
-	if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) 
-		return *pval;
-	return NULL;
-	}
+                          const unsigned char **in, long len,
+                          const ASN1_ITEM *it)
+{
+    ASN1_TLC c;
+    ASN1_VALUE *ptmpval = NULL;
+    if (!pval)
+        pval = &ptmpval;
+    c.valid = 0;
+    if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+        return *pval;
+    return NULL;
+}
 
 int ASN1_template_d2i(ASN1_VALUE **pval,
-		const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
-	{
-	ASN1_TLC c;
-	c.valid = 0;
-	return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
-	}
-
-
-/* Decode an item, taking care of IMPLICIT tagging, if any.
- * If 'opt' set and tag mismatch return -1 to handle OPTIONAL
+                      const unsigned char **in, long len,
+                      const ASN1_TEMPLATE *tt)
+{
+    ASN1_TLC c;
+    c.valid = 0;
+    return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
+}
+
+/*
+ * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
+ * tag mismatch return -1 to handle OPTIONAL
  */
 
 int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
-			const ASN1_ITEM *it,
-			int tag, int aclass, char opt, ASN1_TLC *ctx)
-	{
-	const ASN1_TEMPLATE *tt, *errtt = NULL;
-	const ASN1_COMPAT_FUNCS *cf;
-	const ASN1_EXTERN_FUNCS *ef;
-	const ASN1_AUX *aux = it->funcs;
-	ASN1_aux_cb *asn1_cb;
-	const unsigned char *p = NULL, *q;
-	unsigned char *wp=NULL;	/* BIG FAT WARNING!  BREAKS CONST WHERE USED */
-	unsigned char imphack = 0, oclass;
-	char seq_eoc, seq_nolen, cst, isopt;
-	long tmplen;
-	int i;
-	int otag;
-	int ret = 0;
-	ASN1_VALUE **pchptr, *ptmpval;
-	if (!pval)
-		return 0;
-	if (aux && aux->asn1_cb)
-		asn1_cb = aux->asn1_cb;
-	else asn1_cb = 0;
-
-	switch(it->itype)
-		{
-		case ASN1_ITYPE_PRIMITIVE:
-		if (it->templates)
-			{
-			/* tagging or OPTIONAL is currently illegal on an item
-			 * template because the flags can't get passed down.
-			 * In practice this isn't a problem: we include the
-			 * relevant flags from the item template in the
-			 * template itself.
-			 */
-			if ((tag != -1) || opt)
-				{
-				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-				ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
-				goto err;
-				}
-			return asn1_template_ex_d2i(pval, in, len,
-					it->templates, opt, ctx);
-		}
-		return asn1_d2i_ex_primitive(pval, in, len, it,
-						tag, aclass, opt, ctx);
-		break;
-
-		case ASN1_ITYPE_MSTRING:
-		p = *in;
-		/* Just read in tag and class */
-		ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
-						&p, len, -1, 0, 1, ctx);
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-			goto err;
-			}
-
-		/* Must be UNIVERSAL class */
-		if (oclass != V_ASN1_UNIVERSAL)
-			{
-			/* If OPTIONAL, assume this is OK */
-			if (opt) return -1;
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ASN1_R_MSTRING_NOT_UNIVERSAL);
-			goto err;
-			}
-		/* Check tag matches bit map */
-		if (!(ASN1_tag2bit(otag) & it->utype))
-			{
-			/* If OPTIONAL, assume this is OK */
-			if (opt)
-				return -1;
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ASN1_R_MSTRING_WRONG_TAG);
-			goto err;
-			}
-		return asn1_d2i_ex_primitive(pval, in, len,
-						it, otag, 0, 0, ctx);
-
-		case ASN1_ITYPE_EXTERN:
-		/* Use new style d2i */
-		ef = it->funcs;
-		return ef->asn1_ex_d2i(pval, in, len,
-						it, tag, aclass, opt, ctx);
-
-		case ASN1_ITYPE_COMPAT:
-		/* we must resort to old style evil hackery */
-		cf = it->funcs;
-
-		/* If OPTIONAL see if it is there */
-		if (opt)
-			{
-			int exptag;
-			p = *in;
-			if (tag == -1)
-				exptag = it->utype;
-			else exptag = tag;
-			/* Don't care about anything other than presence
-			 * of expected tag */
-
-			ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
-					&p, len, exptag, aclass, 1, ctx);
-			if (!ret)
-				{
-				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-				goto err;
-				}
-			if (ret == -1)
-				return -1;
-			}
-
-		/* This is the old style evil hack IMPLICIT handling:
-		 * since the underlying code is expecting a tag and
-		 * class other than the one present we change the
-		 * buffer temporarily then change it back afterwards.
-		 * This doesn't and never did work for tags > 30.
-		 *
-		 * Yes this is *horrible* but it is only needed for
-		 * old style d2i which will hopefully not be around
-		 * for much longer.
-		 * FIXME: should copy the buffer then modify it so
-		 * the input buffer can be const: we should *always*
-		 * copy because the old style d2i might modify the
-		 * buffer.
-		 */
-
-		if (tag != -1)
-			{
-			wp = *(unsigned char **)in;
-			imphack = *wp;
-			if (p == NULL)
-				{
-				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-				goto err;
-				}
-			*wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
-								| it->utype);
-			}
-
-		ptmpval = cf->asn1_d2i(pval, in, len);
-
-		if (tag != -1)
-			*wp = imphack;
-
-		if (ptmpval)
-			return 1;
-
-		ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-		goto err;
-
-
-		case ASN1_ITYPE_CHOICE:
-		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
-				goto auxerr;
-
-		/* Allocate structure */
-		if (!*pval && !ASN1_item_ex_new(pval, it))
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-						ERR_R_NESTED_ASN1_ERROR);
-			goto err;
-			}
-		/* CHOICE type, try each possibility in turn */
-		p = *in;
-		for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
-			{
-			pchptr = asn1_get_field_ptr(pval, tt);
-			/* We mark field as OPTIONAL so its absence
-			 * can be recognised.
-			 */
-			ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
-			/* If field not present, try the next one */
-			if (ret == -1)
-				continue;
-			/* If positive return, read OK, break loop */
-			if (ret > 0)
-				break;
-			/* Otherwise must be an ASN1 parsing error */
-			errtt = tt;
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-						ERR_R_NESTED_ASN1_ERROR);
-			goto err;
-			}
-
-		/* Did we fall off the end without reading anything? */
-		if (i == it->tcount)
-			{
-			/* If OPTIONAL, this is OK */
-			if (opt)
-				{
-				/* Free and zero it */
-				ASN1_item_ex_free(pval, it);
-				return -1;
-				}
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ASN1_R_NO_MATCHING_CHOICE_TYPE);
-			goto err;
-			}
-
-		asn1_set_choice_selector(pval, i, it);
-		*in = p;
-		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
-				goto auxerr;
-		return 1;
-
-		case ASN1_ITYPE_NDEF_SEQUENCE:
-		case ASN1_ITYPE_SEQUENCE:
-		p = *in;
-		tmplen = len;
-
-		/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
-		if (tag == -1)
-			{
-			tag = V_ASN1_SEQUENCE;
-			aclass = V_ASN1_UNIVERSAL;
-			}
-		/* Get SEQUENCE length and update len, p */
-		ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
-					&p, len, tag, aclass, opt, ctx);
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-			goto err;
-			}
-		else if (ret == -1)
-			return -1;
-		if (aux && (aux->flags & ASN1_AFLG_BROKEN))
-			{
-			len = tmplen - (p - *in);
-			seq_nolen = 1;
-			}
-		/* If indefinite we don't do a length check */
-		else seq_nolen = seq_eoc;
-		if (!cst)
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-				ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
-			goto err;
-			}
-
-		if (!*pval && !ASN1_item_ex_new(pval, it))
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-				ERR_R_NESTED_ASN1_ERROR);
-			goto err;
-			}
-
-		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
-				goto auxerr;
-
-		/* Get each field entry */
-		for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
-			{
-			const ASN1_TEMPLATE *seqtt;
-			ASN1_VALUE **pseqval;
-			seqtt = asn1_do_adb(pval, tt, 1);
-			if (!seqtt)
-				goto err;
-			pseqval = asn1_get_field_ptr(pval, seqtt);
-			/* Have we ran out of data? */
-			if (!len)
-				break;
-			q = p;
-			if (asn1_check_eoc(&p, len))
-				{
-				if (!seq_eoc)
-					{
-					ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-							ASN1_R_UNEXPECTED_EOC);
-					goto err;
-					}
-				len -= p - q;
-				seq_eoc = 0;
-				q = p;
-				break;
-				}
-			/* This determines the OPTIONAL flag value. The field
-			 * cannot be omitted if it is the last of a SEQUENCE
-			 * and there is still data to be read. This isn't
-			 * strictly necessary but it increases efficiency in
-			 * some cases.
-			 */
-			if (i == (it->tcount - 1))
-				isopt = 0;
-			else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
-			/* attempt to read in field, allowing each to be
-			 * OPTIONAL */
-
-			ret = asn1_template_ex_d2i(pseqval, &p, len,
-							seqtt, isopt, ctx);
-			if (!ret)
-				{
-				errtt = seqtt;
-				goto err;
-				}
-			else if (ret == -1)
-				{
-				/* OPTIONAL component absent.
-				 * Free and zero the field.
-				 */
-				ASN1_template_free(pseqval, seqtt);
-				continue;
-				}
-			/* Update length */
-			len -= p - q;
-			}
-
-		/* Check for EOC if expecting one */
-		if (seq_eoc && !asn1_check_eoc(&p, len))
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
-			goto err;
-			}
-		/* Check all data read */
-		if (!seq_nolen && len)
-			{
-			ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-					ASN1_R_SEQUENCE_LENGTH_MISMATCH);
-			goto err;
-			}
-
-		/* If we get here we've got no more data in the SEQUENCE,
-		 * however we may not have read all fields so check all
-		 * remaining are OPTIONAL and clear any that are.
-		 */
-		for (; i < it->tcount; tt++, i++)
-			{
-			const ASN1_TEMPLATE *seqtt;
-			seqtt = asn1_do_adb(pval, tt, 1);
-			if (!seqtt)
-				goto err;
-			if (seqtt->flags & ASN1_TFLG_OPTIONAL)
-				{
-				ASN1_VALUE **pseqval;
-				pseqval = asn1_get_field_ptr(pval, seqtt);
-				ASN1_template_free(pseqval, seqtt);
-				}
-			else
-				{
-				errtt = seqtt;
-				ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
-							ASN1_R_FIELD_MISSING);
-				goto err;
-				}
-			}
-		/* Save encoding */
-		if (!asn1_enc_save(pval, *in, p - *in, it))
-			goto auxerr;
-		*in = p;
-		if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
-				goto auxerr;
-		return 1;
-
-		default:
-		return 0;
-		}
-	auxerr:
-	ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
-	err:
-	ASN1_item_ex_free(pval, it);
-	if (errtt)
-		ERR_add_error_data(4, "Field=", errtt->field_name,
-					", Type=", it->sname);
-	else
-		ERR_add_error_data(2, "Type=", it->sname);
-	return 0;
-	}
-
-/* Templates are handled with two separate functions.
- * One handles any EXPLICIT tag and the other handles the rest.
+                     const ASN1_ITEM *it,
+                     int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+    const ASN1_TEMPLATE *tt, *errtt = NULL;
+    const ASN1_COMPAT_FUNCS *cf;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    const unsigned char *p = NULL, *q;
+    unsigned char *wp = NULL;   /* BIG FAT WARNING! BREAKS CONST WHERE USED */
+    unsigned char imphack = 0, oclass;
+    char seq_eoc, seq_nolen, cst, isopt;
+    long tmplen;
+    int i;
+    int otag;
+    int ret = 0;
+    ASN1_VALUE **pchptr, *ptmpval;
+    if (!pval)
+        return 0;
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+    else
+        asn1_cb = 0;
+
+    switch (it->itype) {
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates) {
+            /*
+             * tagging or OPTIONAL is currently illegal on an item template
+             * because the flags can't get passed down. In practice this
+             * isn't a problem: we include the relevant flags from the item
+             * template in the template itself.
+             */
+            if ((tag != -1) || opt) {
+                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
+                        ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
+                goto err;
+            }
+            return asn1_template_ex_d2i(pval, in, len,
+                                        it->templates, opt, ctx);
+        }
+        return asn1_d2i_ex_primitive(pval, in, len, it,
+                                     tag, aclass, opt, ctx);
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        p = *in;
+        /* Just read in tag and class */
+        ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
+                              &p, len, -1, 0, 1, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+
+        /* Must be UNIVERSAL class */
+        if (oclass != V_ASN1_UNIVERSAL) {
+            /* If OPTIONAL, assume this is OK */
+            if (opt)
+                return -1;
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL);
+            goto err;
+        }
+        /* Check tag matches bit map */
+        if (!(ASN1_tag2bit(otag) & it->utype)) {
+            /* If OPTIONAL, assume this is OK */
+            if (opt)
+                return -1;
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG);
+            goto err;
+        }
+        return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
+
+    case ASN1_ITYPE_EXTERN:
+        /* Use new style d2i */
+        ef = it->funcs;
+        return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
+
+    case ASN1_ITYPE_COMPAT:
+        /* we must resort to old style evil hackery */
+        cf = it->funcs;
+
+        /* If OPTIONAL see if it is there */
+        if (opt) {
+            int exptag;
+            p = *in;
+            if (tag == -1)
+                exptag = it->utype;
+            else
+                exptag = tag;
+            /*
+             * Don't care about anything other than presence of expected tag
+             */
+
+            ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
+                                  &p, len, exptag, aclass, 1, ctx);
+            if (!ret) {
+                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                goto err;
+            }
+            if (ret == -1)
+                return -1;
+        }
+
+        /*
+         * This is the old style evil hack IMPLICIT handling: since the
+         * underlying code is expecting a tag and class other than the one
+         * present we change the buffer temporarily then change it back
+         * afterwards. This doesn't and never did work for tags > 30. Yes
+         * this is *horrible* but it is only needed for old style d2i which
+         * will hopefully not be around for much longer. FIXME: should copy
+         * the buffer then modify it so the input buffer can be const: we
+         * should *always* copy because the old style d2i might modify the
+         * buffer.
+         */
+
+        if (tag != -1) {
+            wp = *(unsigned char **)in;
+            imphack = *wp;
+            if (p == NULL) {
+                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+                goto err;
+            }
+            *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
+                                  | it->utype);
+        }
+
+        ptmpval = cf->asn1_d2i(pval, in, len);
+
+        if (tag != -1)
+            *wp = imphack;
+
+        if (ptmpval)
+            return 1;
+
+        ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+        goto err;
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+            goto auxerr;
+        if (*pval) {
+            /* Free up and zero CHOICE value if initialised */
+            i = asn1_get_choice_selector(pval, it);
+            if ((i >= 0) && (i < it->tcount)) {
+                tt = it->templates + i;
+                pchptr = asn1_get_field_ptr(pval, tt);
+                ASN1_template_free(pchptr, tt);
+                asn1_set_choice_selector(pval, -1, it);
+            }
+        } else if (!ASN1_item_ex_new(pval, it)) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+        /* CHOICE type, try each possibility in turn */
+        p = *in;
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            pchptr = asn1_get_field_ptr(pval, tt);
+            /*
+             * We mark field as OPTIONAL so its absence can be recognised.
+             */
+            ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
+            /* If field not present, try the next one */
+            if (ret == -1)
+                continue;
+            /* If positive return, read OK, break loop */
+            if (ret > 0)
+                break;
+            /* Otherwise must be an ASN1 parsing error */
+            errtt = tt;
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+
+        /* Did we fall off the end without reading anything? */
+        if (i == it->tcount) {
+            /* If OPTIONAL, this is OK */
+            if (opt) {
+                /* Free and zero it */
+                ASN1_item_ex_free(pval, it);
+                return -1;
+            }
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE);
+            goto err;
+        }
+
+        asn1_set_choice_selector(pval, i, it);
+        *in = p;
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+            goto auxerr;
+        return 1;
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+    case ASN1_ITYPE_SEQUENCE:
+        p = *in;
+        tmplen = len;
+
+        /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+        if (tag == -1) {
+            tag = V_ASN1_SEQUENCE;
+            aclass = V_ASN1_UNIVERSAL;
+        }
+        /* Get SEQUENCE length and update len, p */
+        ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
+                              &p, len, tag, aclass, opt, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        } else if (ret == -1)
+            return -1;
+        if (aux && (aux->flags & ASN1_AFLG_BROKEN)) {
+            len = tmplen - (p - *in);
+            seq_nolen = 1;
+        }
+        /* If indefinite we don't do a length check */
+        else
+            seq_nolen = seq_eoc;
+        if (!cst) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
+            goto err;
+        }
+
+        if (!*pval && !ASN1_item_ex_new(pval, it)) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        }
+
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
+            goto auxerr;
+
+        /* Free up and zero any ADB found */
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            if (tt->flags & ASN1_TFLG_ADB_MASK) {
+                const ASN1_TEMPLATE *seqtt;
+                ASN1_VALUE **pseqval;
+                seqtt = asn1_do_adb(pval, tt, 1);
+                pseqval = asn1_get_field_ptr(pval, seqtt);
+                ASN1_template_free(pseqval, seqtt);
+            }
+        }
+
+        /* Get each field entry */
+        for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
+            const ASN1_TEMPLATE *seqtt;
+            ASN1_VALUE **pseqval;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (!seqtt)
+                goto err;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            /* Have we ran out of data? */
+            if (!len)
+                break;
+            q = p;
+            if (asn1_check_eoc(&p, len)) {
+                if (!seq_eoc) {
+                    ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC);
+                    goto err;
+                }
+                len -= p - q;
+                seq_eoc = 0;
+                q = p;
+                break;
+            }
+            /*
+             * This determines the OPTIONAL flag value. The field cannot be
+             * omitted if it is the last of a SEQUENCE and there is still
+             * data to be read. This isn't strictly necessary but it
+             * increases efficiency in some cases.
+             */
+            if (i == (it->tcount - 1))
+                isopt = 0;
+            else
+                isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
+            /*
+             * attempt to read in field, allowing each to be OPTIONAL
+             */
+
+            ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx);
+            if (!ret) {
+                errtt = seqtt;
+                goto err;
+            } else if (ret == -1) {
+                /*
+                 * OPTIONAL component absent. Free and zero the field.
+                 */
+                ASN1_template_free(pseqval, seqtt);
+                continue;
+            }
+            /* Update length */
+            len -= p - q;
+        }
+
+        /* Check for EOC if expecting one */
+        if (seq_eoc && !asn1_check_eoc(&p, len)) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
+            goto err;
+        }
+        /* Check all data read */
+        if (!seq_nolen && len) {
+            ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
+            goto err;
+        }
+
+        /*
+         * If we get here we've got no more data in the SEQUENCE, however we
+         * may not have read all fields so check all remaining are OPTIONAL
+         * and clear any that are.
+         */
+        for (; i < it->tcount; tt++, i++) {
+            const ASN1_TEMPLATE *seqtt;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (!seqtt)
+                goto err;
+            if (seqtt->flags & ASN1_TFLG_OPTIONAL) {
+                ASN1_VALUE **pseqval;
+                pseqval = asn1_get_field_ptr(pval, seqtt);
+                ASN1_template_free(pseqval, seqtt);
+            } else {
+                errtt = seqtt;
+                ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING);
+                goto err;
+            }
+        }
+        /* Save encoding */
+        if (!asn1_enc_save(pval, *in, p - *in, it))
+            goto auxerr;
+        *in = p;
+        if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
+            goto auxerr;
+        return 1;
+
+    default:
+        return 0;
+    }
+ auxerr:
+    ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
+ err:
+    ASN1_item_ex_free(pval, it);
+    if (errtt)
+        ERR_add_error_data(4, "Field=", errtt->field_name,
+                           ", Type=", it->sname);
+    else
+        ERR_add_error_data(2, "Type=", it->sname);
+    return 0;
+}
+
+/*
+ * Templates are handled with two separate functions. One handles any
+ * EXPLICIT tag and the other handles the rest.
  */
 
 static int asn1_template_ex_d2i(ASN1_VALUE **val,
-				const unsigned char **in, long inlen,
-				const ASN1_TEMPLATE *tt, char opt,
-							ASN1_TLC *ctx)
-	{
-	int flags, aclass;
-	int ret;
-	long len;
-	const unsigned char *p, *q;
-	char exp_eoc;
-	if (!val)
-		return 0;
-	flags = tt->flags;
-	aclass = flags & ASN1_TFLG_TAG_CLASS;
-
-	p = *in;
-
-	/* Check if EXPLICIT tag expected */
-	if (flags & ASN1_TFLG_EXPTAG)
-		{
-		char cst;
-		/* Need to work out amount of data available to the inner
-		 * content and where it starts: so read in EXPLICIT header to
-		 * get the info.
-		 */
-		ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
-					&p, inlen, tt->tag, aclass, opt, ctx);
-		q = p;
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-			return 0;
-			}
-		else if (ret == -1)
-			return -1;
-		if (!cst)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-					ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
-			return 0;
-			}
-		/* We've found the field so it can't be OPTIONAL now */
-		ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-			return 0;
-			}
-		/* We read the field in OK so update length */
-		len -= p - q;
-		if (exp_eoc)
-			{
-			/* If NDEF we must have an EOC here */
-			if (!asn1_check_eoc(&p, len))
-				{
-				ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-						ASN1_R_MISSING_EOC);
-				goto err;
-				}
-			}
-		else
-			{
-			/* Otherwise we must hit the EXPLICIT tag end or its
-			 * an error */
-			if (len)
-				{
-				ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
-					ASN1_R_EXPLICIT_LENGTH_MISMATCH);
-				goto err;
-				}
-			}
-		}
-		else 
-			return asn1_template_noexp_d2i(val, in, inlen,
-								tt, opt, ctx);
-
-	*in = p;
-	return 1;
-
-	err:
-	ASN1_template_free(val, tt);
-	return 0;
-	}
+                                const unsigned char **in, long inlen,
+                                const ASN1_TEMPLATE *tt, char opt,
+                                ASN1_TLC *ctx)
+{
+    int flags, aclass;
+    int ret;
+    long len;
+    const unsigned char *p, *q;
+    char exp_eoc;
+    if (!val)
+        return 0;
+    flags = tt->flags;
+    aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+    p = *in;
+
+    /* Check if EXPLICIT tag expected */
+    if (flags & ASN1_TFLG_EXPTAG) {
+        char cst;
+        /*
+         * Need to work out amount of data available to the inner content and
+         * where it starts: so read in EXPLICIT header to get the info.
+         */
+        ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
+                              &p, inlen, tt->tag, aclass, opt, ctx);
+        q = p;
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        } else if (ret == -1)
+            return -1;
+        if (!cst) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+                    ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
+            return 0;
+        }
+        /* We've found the field so it can't be OPTIONAL now */
+        ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+        /* We read the field in OK so update length */
+        len -= p - q;
+        if (exp_eoc) {
+            /* If NDEF we must have an EOC here */
+            if (!asn1_check_eoc(&p, len)) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_MISSING_EOC);
+                goto err;
+            }
+        } else {
+            /*
+             * Otherwise we must hit the EXPLICIT tag end or its an error
+             */
+            if (len) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
+                        ASN1_R_EXPLICIT_LENGTH_MISMATCH);
+                goto err;
+            }
+        }
+    } else
+        return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx);
+
+    *in = p;
+    return 1;
+
+ err:
+    ASN1_template_free(val, tt);
+    return 0;
+}
 
 static int asn1_template_noexp_d2i(ASN1_VALUE **val,
-				const unsigned char **in, long len,
-				const ASN1_TEMPLATE *tt, char opt,
-				ASN1_TLC *ctx)
-	{
-	int flags, aclass;
-	int ret;
-	const unsigned char *p, *q;
-	if (!val)
-		return 0;
-	flags = tt->flags;
-	aclass = flags & ASN1_TFLG_TAG_CLASS;
-
-	p = *in;
-	q = p;
-
-	if (flags & ASN1_TFLG_SK_MASK)
-		{
-		/* SET OF, SEQUENCE OF */
-		int sktag, skaclass;
-		char sk_eoc;
-		/* First work out expected inner tag value */
-		if (flags & ASN1_TFLG_IMPTAG)
-			{
-			sktag = tt->tag;
-			skaclass = aclass;
-			}
-		else
-			{
-			skaclass = V_ASN1_UNIVERSAL;
-			if (flags & ASN1_TFLG_SET_OF)
-				sktag = V_ASN1_SET;
-			else
-				sktag = V_ASN1_SEQUENCE;
-			}
-		/* Get the tag */
-		ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
-					&p, len, sktag, skaclass, opt, ctx);
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-						ERR_R_NESTED_ASN1_ERROR);
-			return 0;
-			}
-		else if (ret == -1)
-			return -1;
-		if (!*val)
-			*val = (ASN1_VALUE *)sk_new_null();
-		else
-			{
-			/* We've got a valid STACK: free up any items present */
-			STACK *sktmp = (STACK *)*val;
-			ASN1_VALUE *vtmp;
-			while(sk_num(sktmp) > 0)
-				{
-				vtmp = (ASN1_VALUE *)sk_pop(sktmp);
-				ASN1_item_ex_free(&vtmp,
-						ASN1_ITEM_ptr(tt->item));
-				}
-			}
-				
-		if (!*val)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-						ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-
-		/* Read as many items as we can */
-		while(len > 0)
-			{
-			ASN1_VALUE *skfield;
-			q = p;
-			/* See if EOC found */
-			if (asn1_check_eoc(&p, len))
-				{
-				if (!sk_eoc)
-					{
-					ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-							ASN1_R_UNEXPECTED_EOC);
-					goto err;
-					}
-				len -= p - q;
-				sk_eoc = 0;
-				break;
-				}
-			skfield = NULL;
-			if (!ASN1_item_ex_d2i(&skfield, &p, len,
-						ASN1_ITEM_ptr(tt->item),
-						-1, 0, 0, ctx))
-				{
-				ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-				goto err;
-				}
-			len -= p - q;
-			if (!sk_push((STACK *)*val, (char *)skfield))
-				{
-				ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-						ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			}
-		if (sk_eoc)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);
-			goto err;
-			}
-		}
-	else if (flags & ASN1_TFLG_IMPTAG)
-		{
-		/* IMPLICIT tagging */
-		ret = ASN1_item_ex_d2i(val, &p, len,
-			ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-						ERR_R_NESTED_ASN1_ERROR);
-			goto err;
-			}
-		else if (ret == -1)
-			return -1;
-		}
-	else
-		{
-		/* Nothing special */
-		ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
-							-1, 0, opt, ctx);
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
-					ERR_R_NESTED_ASN1_ERROR);
-			goto err;
-			}
-		else if (ret == -1)
-			return -1;
-		}
-
-	*in = p;
-	return 1;
-
-	err:
-	ASN1_template_free(val, tt);
-	return 0;
-	}
+                                   const unsigned char **in, long len,
+                                   const ASN1_TEMPLATE *tt, char opt,
+                                   ASN1_TLC *ctx)
+{
+    int flags, aclass;
+    int ret;
+    const unsigned char *p, *q;
+    if (!val)
+        return 0;
+    flags = tt->flags;
+    aclass = flags & ASN1_TFLG_TAG_CLASS;
+
+    p = *in;
+    q = p;
+
+    if (flags & ASN1_TFLG_SK_MASK) {
+        /* SET OF, SEQUENCE OF */
+        int sktag, skaclass;
+        char sk_eoc;
+        /* First work out expected inner tag value */
+        if (flags & ASN1_TFLG_IMPTAG) {
+            sktag = tt->tag;
+            skaclass = aclass;
+        } else {
+            skaclass = V_ASN1_UNIVERSAL;
+            if (flags & ASN1_TFLG_SET_OF)
+                sktag = V_ASN1_SET;
+            else
+                sktag = V_ASN1_SEQUENCE;
+        }
+        /* Get the tag */
+        ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
+                              &p, len, sktag, skaclass, opt, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        } else if (ret == -1)
+            return -1;
+        if (!*val)
+            *val = (ASN1_VALUE *)sk_new_null();
+        else {
+            /*
+             * We've got a valid STACK: free up any items present
+             */
+            STACK *sktmp = (STACK *) * val;
+            ASN1_VALUE *vtmp;
+            while (sk_num(sktmp) > 0) {
+                vtmp = (ASN1_VALUE *)sk_pop(sktmp);
+                ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item));
+            }
+        }
+
+        if (!*val) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /* Read as many items as we can */
+        while (len > 0) {
+            ASN1_VALUE *skfield;
+            q = p;
+            /* See if EOC found */
+            if (asn1_check_eoc(&p, len)) {
+                if (!sk_eoc) {
+                    ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                            ASN1_R_UNEXPECTED_EOC);
+                    goto err;
+                }
+                len -= p - q;
+                sk_eoc = 0;
+                break;
+            }
+            skfield = NULL;
+            if (!ASN1_item_ex_d2i(&skfield, &p, len,
+                                  ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
+                        ERR_R_NESTED_ASN1_ERROR);
+                goto err;
+            }
+            len -= p - q;
+            if (!sk_push((STACK *) * val, (char *)skfield)) {
+                ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        if (sk_eoc) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);
+            goto err;
+        }
+    } else if (flags & ASN1_TFLG_IMPTAG) {
+        /* IMPLICIT tagging */
+        ret = ASN1_item_ex_d2i(val, &p, len,
+                               ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
+                               ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        } else if (ret == -1)
+            return -1;
+    } else {
+        /* Nothing special */
+        ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
+                               -1, 0, opt, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR);
+            goto err;
+        } else if (ret == -1)
+            return -1;
+    }
+
+    *in = p;
+    return 1;
+
+ err:
+    ASN1_template_free(val, tt);
+    return 0;
+}
 
 static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
-				const unsigned char **in, long inlen, 
-				const ASN1_ITEM *it,
-				int tag, int aclass, char opt, ASN1_TLC *ctx)
-	{
-	int ret = 0, utype;
-	long plen;
-	char cst, inf, free_cont = 0;
-	const unsigned char *p;
-	BUF_MEM buf;
-	const unsigned char *cont = NULL;
-	long len; 
-	if (!pval)
-		{
-		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
-		return 0; /* Should never happen */
-		}
-
-	if (it->itype == ASN1_ITYPE_MSTRING)
-		{
-		utype = tag;
-		tag = -1;
-		}
-	else
-		utype = it->utype;
-
-	if (utype == V_ASN1_ANY)
-		{
-		/* If type is ANY need to figure out type from tag */
-		unsigned char oclass;
-		if (tag >= 0)
-			{
-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-					ASN1_R_ILLEGAL_TAGGED_ANY);
-			return 0;
-			}
-		if (opt)
-			{
-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-					ASN1_R_ILLEGAL_OPTIONAL_ANY);
-			return 0;
-			}
-		p = *in;
-		ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
-					&p, inlen, -1, 0, 0, ctx);
-		if (!ret)
-			{
-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-					ERR_R_NESTED_ASN1_ERROR);
-			return 0;
-			}
-		if (oclass != V_ASN1_UNIVERSAL)
-			utype = V_ASN1_OTHER;
-		}
-	if (tag == -1)
-		{
-		tag = utype;
-		aclass = V_ASN1_UNIVERSAL;
-		}
-	p = *in;
-	/* Check header */
-	ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
-				&p, inlen, tag, aclass, opt, ctx);
-	if (!ret)
-		{
-		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
-		return 0;
-		}
-	else if (ret == -1)
-		return -1;
-        ret = 0;
-	/* SEQUENCE, SET and "OTHER" are left in encoded form */
-	if ((utype == V_ASN1_SEQUENCE)
-		|| (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
-		{
-		/* Clear context cache for type OTHER because the auto clear
-		 * when we have a exact match wont work
-		 */
-		if (utype == V_ASN1_OTHER)
-			{
-			asn1_tlc_clear(ctx);
-			}
-		/* SEQUENCE and SET must be constructed */
-		else if (!cst)
-			{
-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-				ASN1_R_TYPE_NOT_CONSTRUCTED);
-			return 0;
-			}
-
-		cont = *in;
-		/* If indefinite length constructed find the real end */
-		if (inf)
-			{
-			if (!asn1_find_end(&p, plen, inf))
-				 goto err;
-			len = p - cont;
-			}
-		else
-			{
-			len = p - cont + plen;
-			p += plen;
-			buf.data = NULL;
-			}
-		}
-	else if (cst)
-		{
-		buf.length = 0;
-		buf.max = 0;
-		buf.data = NULL;
-		/* Should really check the internal tags are correct but
-		 * some things may get this wrong. The relevant specs
-		 * say that constructed string types should be OCTET STRINGs
-		 * internally irrespective of the type. So instead just check
-		 * for UNIVERSAL class and ignore the tag.
-		 */
-		if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0))
-			{
-			free_cont = 1;
-			goto err;
-			}
-		len = buf.length;
-		/* Append a final null to string */
-		if (!BUF_MEM_grow_clean(&buf, len + 1))
-			{
-			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
-						ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		buf.data[len] = 0;
-		cont = (const unsigned char *)buf.data;
-		free_cont = 1;
-		}
-	else
-		{
-		cont = p;
-		len = plen;
-		p += plen;
-		}
-
-	/* We now have content length and type: translate into a structure */
-	if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
-		goto err;
-
-	*in = p;
-	ret = 1;
-	err:
-	if (free_cont && buf.data) OPENSSL_free(buf.data);
-	return ret;
-	}
+                                 const unsigned char **in, long inlen,
+                                 const ASN1_ITEM *it,
+                                 int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+    int ret = 0, utype;
+    long plen;
+    char cst, inf, free_cont = 0;
+    const unsigned char *p;
+    BUF_MEM buf;
+    const unsigned char *cont = NULL;
+    long len;
+    if (!pval) {
+        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
+        return 0;               /* Should never happen */
+    }
+
+    if (it->itype == ASN1_ITYPE_MSTRING) {
+        utype = tag;
+        tag = -1;
+    } else
+        utype = it->utype;
+
+    if (utype == V_ASN1_ANY) {
+        /* If type is ANY need to figure out type from tag */
+        unsigned char oclass;
+        if (tag >= 0) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY);
+            return 0;
+        }
+        if (opt) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                    ASN1_R_ILLEGAL_OPTIONAL_ANY);
+            return 0;
+        }
+        p = *in;
+        ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
+                              &p, inlen, -1, 0, 0, ctx);
+        if (!ret) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+        if (oclass != V_ASN1_UNIVERSAL)
+            utype = V_ASN1_OTHER;
+    }
+    if (tag == -1) {
+        tag = utype;
+        aclass = V_ASN1_UNIVERSAL;
+    }
+    p = *in;
+    /* Check header */
+    ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
+                          &p, inlen, tag, aclass, opt, ctx);
+    if (!ret) {
+        ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+        return 0;
+    } else if (ret == -1)
+        return -1;
+    ret = 0;
+    /* SEQUENCE, SET and "OTHER" are left in encoded form */
+    if ((utype == V_ASN1_SEQUENCE)
+        || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
+        /*
+         * Clear context cache for type OTHER because the auto clear when we
+         * have a exact match wont work
+         */
+        if (utype == V_ASN1_OTHER) {
+            asn1_tlc_clear(ctx);
+        }
+        /* SEQUENCE and SET must be constructed */
+        else if (!cst) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
+                    ASN1_R_TYPE_NOT_CONSTRUCTED);
+            return 0;
+        }
+
+        cont = *in;
+        /* If indefinite length constructed find the real end */
+        if (inf) {
+            if (!asn1_find_end(&p, plen, inf))
+                goto err;
+            len = p - cont;
+        } else {
+            len = p - cont + plen;
+            p += plen;
+            buf.data = NULL;
+        }
+    } else if (cst) {
+        if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
+            || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
+            || utype == V_ASN1_ENUMERATED) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE);
+            return 0;
+        }
+        buf.length = 0;
+        buf.max = 0;
+        buf.data = NULL;
+        /*
+         * Should really check the internal tags are correct but some things
+         * may get this wrong. The relevant specs say that constructed string
+         * types should be OCTET STRINGs internally irrespective of the type.
+         * So instead just check for UNIVERSAL class and ignore the tag.
+         */
+        if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) {
+            free_cont = 1;
+            goto err;
+        }
+        len = buf.length;
+        /* Append a final null to string */
+        if (!BUF_MEM_grow_clean(&buf, len + 1)) {
+            ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        buf.data[len] = 0;
+        cont = (const unsigned char *)buf.data;
+        free_cont = 1;
+    } else {
+        cont = p;
+        len = plen;
+        p += plen;
+    }
+
+    /* We now have content length and type: translate into a structure */
+    if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
+        goto err;
+
+    *in = p;
+    ret = 1;
+ err:
+    if (free_cont && buf.data)
+        OPENSSL_free(buf.data);
+    return ret;
+}
 
 /* Translate ASN1 content octets into a structure */
 
 int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
-			int utype, char *free_cont, const ASN1_ITEM *it)
-	{
-	ASN1_VALUE **opval = NULL;
-	ASN1_STRING *stmp;
-	ASN1_TYPE *typ = NULL;
-	int ret = 0;
-	const ASN1_PRIMITIVE_FUNCS *pf;
-	ASN1_INTEGER **tint;
-	pf = it->funcs;
-
-	if (pf && pf->prim_c2i)
-		return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
-	/* If ANY type clear type and set pointer to internal value */
-	if (it->utype == V_ASN1_ANY)
-		{
-		if (!*pval)
-			{
-			typ = ASN1_TYPE_new();
-			if (typ == NULL)
-				goto err;
-			*pval = (ASN1_VALUE *)typ;
-			}
-		else
-			typ = (ASN1_TYPE *)*pval;
-
-		if (utype != typ->type)
-			ASN1_TYPE_set(typ, utype, NULL);
-		opval = pval;
-		pval = &typ->value.asn1_value;
-		}
-	switch(utype)
-		{
-		case V_ASN1_OBJECT:
-		if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
-			goto err;
-		break;
-
-		case V_ASN1_NULL:
-		if (len)
-			{
-			ASN1err(ASN1_F_ASN1_EX_C2I,
-						ASN1_R_NULL_IS_WRONG_LENGTH);
-			goto err;
-			}
-		*pval = (ASN1_VALUE *)1;
-		break;
-
-		case V_ASN1_BOOLEAN:
-		if (len != 1)
-			{
-			ASN1err(ASN1_F_ASN1_EX_C2I,
-						ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
-			goto err;
-			}
-		else
-			{
-			ASN1_BOOLEAN *tbool;
-			tbool = (ASN1_BOOLEAN *)pval;
-			*tbool = *cont;
-			}
-		break;
-
-		case V_ASN1_BIT_STRING:
-		if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
-			goto err;
-		break;
-
-		case V_ASN1_INTEGER:
-		case V_ASN1_NEG_INTEGER:
-		case V_ASN1_ENUMERATED:
-		case V_ASN1_NEG_ENUMERATED:
-		tint = (ASN1_INTEGER **)pval;
-		if (!c2i_ASN1_INTEGER(tint, &cont, len))
-			goto err;
-		/* Fixup type to match the expected form */
-		(*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
-		break;
-
-		case V_ASN1_OCTET_STRING:
-		case V_ASN1_NUMERICSTRING:
-		case V_ASN1_PRINTABLESTRING:
-		case V_ASN1_T61STRING:
-		case V_ASN1_VIDEOTEXSTRING:
-		case V_ASN1_IA5STRING:
-		case V_ASN1_UTCTIME:
-		case V_ASN1_GENERALIZEDTIME:
-		case V_ASN1_GRAPHICSTRING:
-		case V_ASN1_VISIBLESTRING:
-		case V_ASN1_GENERALSTRING:
-		case V_ASN1_UNIVERSALSTRING:
-		case V_ASN1_BMPSTRING:
-		case V_ASN1_UTF8STRING:
-		case V_ASN1_OTHER:
-		case V_ASN1_SET:
-		case V_ASN1_SEQUENCE:
-		default:
-		if (utype == V_ASN1_BMPSTRING && (len & 1))
-			{
-			ASN1err(ASN1_F_ASN1_EX_C2I,
-					ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
-			goto err;
-			}
-		if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
-			{
-			ASN1err(ASN1_F_ASN1_EX_C2I,
-					ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
-			goto err;
-			}
-		/* All based on ASN1_STRING and handled the same */
-		if (!*pval)
-			{
-			stmp = ASN1_STRING_type_new(utype);
-			if (!stmp)
-				{
-				ASN1err(ASN1_F_ASN1_EX_C2I,
-							ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			*pval = (ASN1_VALUE *)stmp;
-			}
-		else
-			{
-			stmp = (ASN1_STRING *)*pval;
-			stmp->type = utype;
-			}
-		/* If we've already allocated a buffer use it */
-		if (*free_cont)
-			{
-			if (stmp->data)
-				OPENSSL_free(stmp->data);
-			stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
-			stmp->length = len;
-			*free_cont = 0;
-			}
-		else
-			{
-			if (!ASN1_STRING_set(stmp, cont, len))
-				{
-				ASN1err(ASN1_F_ASN1_EX_C2I,
-							ERR_R_MALLOC_FAILURE);
-				ASN1_STRING_free(stmp);	
-				*pval = NULL;
-				goto err;
-				}
-			}
-		break;
-		}
-	/* If ASN1_ANY and NULL type fix up value */
-	if (typ && (utype == V_ASN1_NULL))
-		 typ->value.ptr = NULL;
-
-	ret = 1;
-	err:
-	if (!ret)
-		{
-		ASN1_TYPE_free(typ);
-		if (opval)
-			*opval = NULL;
-		}
-	return ret;
-	}
-
-
-/* This function finds the end of an ASN1 structure when passed its maximum
- * length, whether it is indefinite length and a pointer to the content.
- * This is more efficient than calling asn1_collect because it does not
- * recurse on each indefinite length header.
+                int utype, char *free_cont, const ASN1_ITEM *it)
+{
+    ASN1_VALUE **opval = NULL;
+    ASN1_STRING *stmp;
+    ASN1_TYPE *typ = NULL;
+    int ret = 0;
+    const ASN1_PRIMITIVE_FUNCS *pf;
+    ASN1_INTEGER **tint;
+    pf = it->funcs;
+
+    if (pf && pf->prim_c2i)
+        return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
+    /* If ANY type clear type and set pointer to internal value */
+    if (it->utype == V_ASN1_ANY) {
+        if (!*pval) {
+            typ = ASN1_TYPE_new();
+            if (typ == NULL)
+                goto err;
+            *pval = (ASN1_VALUE *)typ;
+        } else
+            typ = (ASN1_TYPE *)*pval;
+
+        if (utype != typ->type)
+            ASN1_TYPE_set(typ, utype, NULL);
+        opval = pval;
+        pval = &typ->value.asn1_value;
+    }
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
+            goto err;
+        break;
+
+    case V_ASN1_NULL:
+        if (len) {
+            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_NULL_IS_WRONG_LENGTH);
+            goto err;
+        }
+        *pval = (ASN1_VALUE *)1;
+        break;
+
+    case V_ASN1_BOOLEAN:
+        if (len != 1) {
+            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+            goto err;
+        } else {
+            ASN1_BOOLEAN *tbool;
+            tbool = (ASN1_BOOLEAN *)pval;
+            *tbool = *cont;
+        }
+        break;
+
+    case V_ASN1_BIT_STRING:
+        if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
+            goto err;
+        break;
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_NEG_INTEGER:
+    case V_ASN1_ENUMERATED:
+    case V_ASN1_NEG_ENUMERATED:
+        tint = (ASN1_INTEGER **)pval;
+        if (!c2i_ASN1_INTEGER(tint, &cont, len))
+            goto err;
+        /* Fixup type to match the expected form */
+        (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
+        break;
+
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_NUMERICSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_VIDEOTEXSTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+    case V_ASN1_GRAPHICSTRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_OTHER:
+    case V_ASN1_SET:
+    case V_ASN1_SEQUENCE:
+    default:
+        if (utype == V_ASN1_BMPSTRING && (len & 1)) {
+            ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+            goto err;
+        }
+        if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) {
+            ASN1err(ASN1_F_ASN1_EX_C2I,
+                    ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+            goto err;
+        }
+        /* All based on ASN1_STRING and handled the same */
+        if (!*pval) {
+            stmp = ASN1_STRING_type_new(utype);
+            if (!stmp) {
+                ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            *pval = (ASN1_VALUE *)stmp;
+        } else {
+            stmp = (ASN1_STRING *)*pval;
+            stmp->type = utype;
+        }
+        /* If we've already allocated a buffer use it */
+        if (*free_cont) {
+            if (stmp->data)
+                OPENSSL_free(stmp->data);
+            stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
+            stmp->length = len;
+            *free_cont = 0;
+        } else {
+            if (!ASN1_STRING_set(stmp, cont, len)) {
+                ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE);
+                ASN1_STRING_free(stmp);
+                *pval = NULL;
+                goto err;
+            }
+        }
+        break;
+    }
+    /* If ASN1_ANY and NULL type fix up value */
+    if (typ && (utype == V_ASN1_NULL))
+        typ->value.ptr = NULL;
+
+    ret = 1;
+ err:
+    if (!ret) {
+        ASN1_TYPE_free(typ);
+        if (opval)
+            *opval = NULL;
+    }
+    return ret;
+}
+
+/*
+ * This function finds the end of an ASN1 structure when passed its maximum
+ * length, whether it is indefinite length and a pointer to the content. This
+ * is more efficient than calling asn1_collect because it does not recurse on
+ * each indefinite length header.
  */
 
 static int asn1_find_end(const unsigned char **in, long len, char inf)
-	{
-	int expected_eoc;
-	long plen;
-	const unsigned char *p = *in, *q;
-	/* If not indefinite length constructed just add length */
-	if (inf == 0)
-		{
-		*in += len;
-		return 1;
-		}
-	expected_eoc = 1;
-	/* Indefinite length constructed form. Find the end when enough EOCs
-	 * are found. If more indefinite length constructed headers
-	 * are encountered increment the expected eoc count otherwise just
-	 * skip to the end of the data.
-	 */
-	while (len > 0)
-		{
-		if(asn1_check_eoc(&p, len))
-			{
-			expected_eoc--;
-			if (expected_eoc == 0)
-				break;
-			len -= 2;
-			continue;
-			}
-		q = p;
-		/* Just read in a header: only care about the length */
-		if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
-				-1, 0, 0, NULL))
-			{
-			ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
-			return 0;
-			}
-		if (inf)
-			expected_eoc++;
-		else
-			p += plen;
-		len -= p - q;
-		}
-	if (expected_eoc)
-		{
-		ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
-		return 0;
-		}
-	*in = p;
-	return 1;
-	}
-/* This function collects the asn1 data from a constructred string
- * type into a buffer. The values of 'in' and 'len' should refer
- * to the contents of the constructed type and 'inf' should be set
- * if it is indefinite length.
+{
+    int expected_eoc;
+    long plen;
+    const unsigned char *p = *in, *q;
+    /* If not indefinite length constructed just add length */
+    if (inf == 0) {
+        *in += len;
+        return 1;
+    }
+    expected_eoc = 1;
+    /*
+     * Indefinite length constructed form. Find the end when enough EOCs are
+     * found. If more indefinite length constructed headers are encountered
+     * increment the expected eoc count otherwise just skip to the end of the
+     * data.
+     */
+    while (len > 0) {
+        if (asn1_check_eoc(&p, len)) {
+            expected_eoc--;
+            if (expected_eoc == 0)
+                break;
+            len -= 2;
+            continue;
+        }
+        q = p;
+        /* Just read in a header: only care about the length */
+        if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
+                             -1, 0, 0, NULL)) {
+            ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+        if (inf)
+            expected_eoc++;
+        else
+            p += plen;
+        len -= p - q;
+    }
+    if (expected_eoc) {
+        ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
+        return 0;
+    }
+    *in = p;
+    return 1;
+}
+
+/*
+ * This function collects the asn1 data from a constructred string type into
+ * a buffer. The values of 'in' and 'len' should refer to the contents of the
+ * constructed type and 'inf' should be set if it is indefinite length.
  */
 
 #ifndef ASN1_MAX_STRING_NEST
-/* This determines how many levels of recursion are permitted in ASN1
- * string types. If it is not limited stack overflows can occur. If set
- * to zero no recursion is allowed at all. Although zero should be adequate
- * examples exist that require a value of 1. So 5 should be more than enough.
+/*
+ * This determines how many levels of recursion are permitted in ASN1 string
+ * types. If it is not limited stack overflows can occur. If set to zero no
+ * recursion is allowed at all. Although zero should be adequate examples
+ * exist that require a value of 1. So 5 should be more than enough.
  */
-#define ASN1_MAX_STRING_NEST 5
+# define ASN1_MAX_STRING_NEST 5
 #endif
 
-
 static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
-			char inf, int tag, int aclass, int depth)
-	{
-	const unsigned char *p, *q;
-	long plen;
-	char cst, ininf;
-	p = *in;
-	inf &= 1;
-	/* If no buffer and not indefinite length constructed just pass over
-	 * the encoded data */
-	if (!buf && !inf)
-		{
-		*in += len;
-		return 1;
-		}
-	while(len > 0)
-		{
-		q = p;
-		/* Check for EOC */
-		if (asn1_check_eoc(&p, len))
-			{
-			/* EOC is illegal outside indefinite length
-			 * constructed form */
-			if (!inf)
-				{
-				ASN1err(ASN1_F_ASN1_COLLECT,
-					ASN1_R_UNEXPECTED_EOC);
-				return 0;
-				}
-			inf = 0;
-			break;
-			}
-
-		if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
-					len, tag, aclass, 0, NULL))
-			{
-			ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
-			return 0;
-			}
-
-		/* If indefinite length constructed update max length */
-		if (cst)
-			{
-			if (depth >= ASN1_MAX_STRING_NEST)
-				{
-				ASN1err(ASN1_F_ASN1_COLLECT,
-					ASN1_R_NESTED_ASN1_STRING);
-				return 0;
-				}
-			if (!asn1_collect(buf, &p, plen, ininf, tag, aclass,
-						depth + 1))
-				return 0;
-			}
-		else if (plen && !collect_data(buf, &p, plen))
-			return 0;
-		len -= p - q;
-		}
-	if (inf)
-		{
-		ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
-		return 0;
-		}
-	*in = p;
-	return 1;
-	}
+                        char inf, int tag, int aclass, int depth)
+{
+    const unsigned char *p, *q;
+    long plen;
+    char cst, ininf;
+    p = *in;
+    inf &= 1;
+    /*
+     * If no buffer and not indefinite length constructed just pass over the
+     * encoded data
+     */
+    if (!buf && !inf) {
+        *in += len;
+        return 1;
+    }
+    while (len > 0) {
+        q = p;
+        /* Check for EOC */
+        if (asn1_check_eoc(&p, len)) {
+            /*
+             * EOC is illegal outside indefinite length constructed form
+             */
+            if (!inf) {
+                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC);
+                return 0;
+            }
+            inf = 0;
+            break;
+        }
+
+        if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
+                             len, tag, aclass, 0, NULL)) {
+            ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
+            return 0;
+        }
+
+        /* If indefinite length constructed update max length */
+        if (cst) {
+            if (depth >= ASN1_MAX_STRING_NEST) {
+                ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
+                return 0;
+            }
+            if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, depth + 1))
+                return 0;
+        } else if (plen && !collect_data(buf, &p, plen))
+            return 0;
+        len -= p - q;
+    }
+    if (inf) {
+        ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
+        return 0;
+    }
+    *in = p;
+    return 1;
+}
 
 static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
-	{
-	int len;
-	if (buf)
-		{
-		len = buf->length;
-		if (!BUF_MEM_grow_clean(buf, len + plen))
-			{
-			ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		memcpy(buf->data + len, *p, plen);
-		}
-	*p += plen;
-	return 1;
-	}
+{
+    int len;
+    if (buf) {
+        len = buf->length;
+        if (!BUF_MEM_grow_clean(buf, len + plen)) {
+            ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        memcpy(buf->data + len, *p, plen);
+    }
+    *p += plen;
+    return 1;
+}
 
 /* Check for ASN1 EOC and swallow it if found */
 
 static int asn1_check_eoc(const unsigned char **in, long len)
-	{
-	const unsigned char *p;
-	if (len < 2) return 0;
-	p = *in;
-	if (!p[0] && !p[1])
-		{
-		*in += 2;
-		return 1;
-		}
-	return 0;
-	}
-
-/* Check an ASN1 tag and length: a bit like ASN1_get_object
- * but it sets the length for indefinite length constructed
- * form, we don't know the exact length but we can set an
- * upper bound to the amount of data available minus the
- * header length just read.
+{
+    const unsigned char *p;
+    if (len < 2)
+        return 0;
+    p = *in;
+    if (!p[0] && !p[1]) {
+        *in += 2;
+        return 1;
+    }
+    return 0;
+}
+
+/*
+ * Check an ASN1 tag and length: a bit like ASN1_get_object but it sets the
+ * length for indefinite length constructed form, we don't know the exact
+ * length but we can set an upper bound to the amount of data available minus
+ * the header length just read.
  */
 
 static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
-				char *inf, char *cst,
-				const unsigned char **in, long len,
-				int exptag, int expclass, char opt,
-				ASN1_TLC *ctx)
-	{
-	int i;
-	int ptag, pclass;
-	long plen;
-	const unsigned char *p, *q;
-	p = *in;
-	q = p;
-
-	if (ctx && ctx->valid)
-		{
-		i = ctx->ret;
-		plen = ctx->plen;
-		pclass = ctx->pclass;
-		ptag = ctx->ptag;
-		p += ctx->hdrlen;
-		}
-	else
-		{
-		i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
-		if (ctx)
-			{
-			ctx->ret = i;
-			ctx->plen = plen;
-			ctx->pclass = pclass;
-			ctx->ptag = ptag;
-			ctx->hdrlen = p - q;
-			ctx->valid = 1;
-			/* If definite length, and no error, length +
-			 * header can't exceed total amount of data available. 
-			 */
-			if (!(i & 0x81) && ((plen + ctx->hdrlen) > len))
-				{
-				ASN1err(ASN1_F_ASN1_CHECK_TLEN,
-							ASN1_R_TOO_LONG);
-				asn1_tlc_clear(ctx);
-				return 0;
-				}
-			}
-		}
-
-	if (i & 0x80)
-		{
-		ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
-		asn1_tlc_clear(ctx);
-		return 0;
-		}
-	if (exptag >= 0)
-		{
-		if ((exptag != ptag) || (expclass != pclass))
-			{
-			/* If type is OPTIONAL, not an error:
-			 * indicate missing type.
-			 */
-			if (opt) return -1;
-			asn1_tlc_clear(ctx);
-			ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
-			return 0;
-			}
-		/* We have a tag and class match:
-		 * assume we are going to do something with it */
-		asn1_tlc_clear(ctx);
-		}
-
-	if (i & 1)
-		plen = len - (p - q);
-
-	if (inf)
-		*inf = i & 1;
-
-	if (cst)
-		*cst = i & V_ASN1_CONSTRUCTED;
-
-	if (olen)
-		*olen = plen;
-
-	if (oclass)
-		*oclass = pclass;
-
-	if (otag)
-		*otag = ptag;
-
-	*in = p;
-	return 1;
-	}
+                           char *inf, char *cst,
+                           const unsigned char **in, long len,
+                           int exptag, int expclass, char opt, ASN1_TLC *ctx)
+{
+    int i;
+    int ptag, pclass;
+    long plen;
+    const unsigned char *p, *q;
+    p = *in;
+    q = p;
+
+    if (ctx && ctx->valid) {
+        i = ctx->ret;
+        plen = ctx->plen;
+        pclass = ctx->pclass;
+        ptag = ctx->ptag;
+        p += ctx->hdrlen;
+    } else {
+        i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
+        if (ctx) {
+            ctx->ret = i;
+            ctx->plen = plen;
+            ctx->pclass = pclass;
+            ctx->ptag = ptag;
+            ctx->hdrlen = p - q;
+            ctx->valid = 1;
+            /*
+             * If definite length, and no error, length + header can't exceed
+             * total amount of data available.
+             */
+            if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
+                ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG);
+                asn1_tlc_clear(ctx);
+                return 0;
+            }
+        }
+    }
+
+    if (i & 0x80) {
+        ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
+        asn1_tlc_clear(ctx);
+        return 0;
+    }
+    if (exptag >= 0) {
+        if ((exptag != ptag) || (expclass != pclass)) {
+            /*
+             * If type is OPTIONAL, not an error: indicate missing type.
+             */
+            if (opt)
+                return -1;
+            asn1_tlc_clear(ctx);
+            ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
+            return 0;
+        }
+        /*
+         * We have a tag and class match: assume we are going to do something
+         * with it
+         */
+        asn1_tlc_clear(ctx);
+    }
+
+    if (i & 1)
+        plen = len - (p - q);
+
+    if (inf)
+        *inf = i & 1;
+
+    if (cst)
+        *cst = i & V_ASN1_CONSTRUCTED;
+
+    if (olen)
+        *olen = plen;
+
+    if (oclass)
+        *oclass = pclass;
+
+    if (otag)
+        *otag = ptag;
+
+    *in = p;
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c
index b3687f9f..b93f3f69 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_enc.c
@@ -1,6 +1,7 @@
 /* tasn_enc.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,7 +57,6 @@
  *
  */
 
-
 #include <stddef.h>
 #include <string.h>
 #include "cryptlib.h"
@@ -65,631 +65,596 @@
 #include <openssl/objects.h>
 
 static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
-					const ASN1_ITEM *it,
-					int tag, int aclass);
+                                 const ASN1_ITEM *it, int tag, int aclass);
 static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
-					int skcontlen, const ASN1_ITEM *item,
-					int do_sort, int iclass);
+                            int skcontlen, const ASN1_ITEM *item,
+                            int do_sort, int iclass);
 static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
-					const ASN1_TEMPLATE *tt,
-					int tag, int aclass);
+                                const ASN1_TEMPLATE *tt, int tag, int aclass);
 static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
-					const ASN1_ITEM *it, int flags);
+                               const ASN1_ITEM *it, int flags);
 
-/* Top level i2d equivalents: the 'ndef' variant instructs the encoder
- * to use indefinite length constructed encoding, where appropriate
+/*
+ * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use
+ * indefinite length constructed encoding, where appropriate
  */
 
 int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out,
-						const ASN1_ITEM *it)
-	{
-	return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
-	}
+                       const ASN1_ITEM *it)
+{
+    return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
+}
 
 int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
-	{
-	return asn1_item_flags_i2d(val, out, it, 0);
-	}
+{
+    return asn1_item_flags_i2d(val, out, it, 0);
+}
 
-/* Encode an ASN1 item, this is use by the
- * standard 'i2d' function. 'out' points to 
- * a buffer to output the data to.
- *
- * The new i2d has one additional feature. If the output
- * buffer is NULL (i.e. *out == NULL) then a buffer is
+/*
+ * Encode an ASN1 item, this is use by the standard 'i2d' function. 'out'
+ * points to a buffer to output the data to. The new i2d has one additional
+ * feature. If the output buffer is NULL (i.e. *out == NULL) then a buffer is
  * allocated and populated with the encoding.
  */
 
 static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
-					const ASN1_ITEM *it, int flags)
-	{
-	if (out && !*out)
-		{
-		unsigned char *p, *buf;
-		int len;
-		len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
-		if (len <= 0)
-			return len;
-		buf = OPENSSL_malloc(len);
-		if (!buf)
-			return -1;
-		p = buf;
-		ASN1_item_ex_i2d(&val, &p, it, -1, flags);
-		*out = buf;
-		return len;
-		}
-
-	return ASN1_item_ex_i2d(&val, out, it, -1, flags);
-	}
-
-/* Encode an item, taking care of IMPLICIT tagging (if any).
- * This function performs the normal item handling: it can be
- * used in external types.
+                               const ASN1_ITEM *it, int flags)
+{
+    if (out && !*out) {
+        unsigned char *p, *buf;
+        int len;
+        len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
+        if (len <= 0)
+            return len;
+        buf = OPENSSL_malloc(len);
+        if (!buf)
+            return -1;
+        p = buf;
+        ASN1_item_ex_i2d(&val, &p, it, -1, flags);
+        *out = buf;
+        return len;
+    }
+
+    return ASN1_item_ex_i2d(&val, out, it, -1, flags);
+}
+
+/*
+ * Encode an item, taking care of IMPLICIT tagging (if any). This function
+ * performs the normal item handling: it can be used in external types.
  */
 
 int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
-			const ASN1_ITEM *it, int tag, int aclass)
-	{
-	const ASN1_TEMPLATE *tt = NULL;
-	unsigned char *p = NULL;
-	int i, seqcontlen, seqlen, ndef = 1;
-	const ASN1_COMPAT_FUNCS *cf;
-	const ASN1_EXTERN_FUNCS *ef;
-	const ASN1_AUX *aux = it->funcs;
-	ASN1_aux_cb *asn1_cb = 0;
-
-	if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
-		return 0;
-
-	if (aux && aux->asn1_cb)
-		 asn1_cb = aux->asn1_cb;
-
-	switch(it->itype)
-		{
-
-		case ASN1_ITYPE_PRIMITIVE:
-		if (it->templates)
-			return asn1_template_ex_i2d(pval, out, it->templates,
-								tag, aclass);
-		return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
-		break;
-
-		case ASN1_ITYPE_MSTRING:
-		return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
-
-		case ASN1_ITYPE_CHOICE:
-		if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
-				return 0;
-		i = asn1_get_choice_selector(pval, it);
-		if ((i >= 0) && (i < it->tcount))
-			{
-			ASN1_VALUE **pchval;
-			const ASN1_TEMPLATE *chtt;
-			chtt = it->templates + i;
-			pchval = asn1_get_field_ptr(pval, chtt);
-			return asn1_template_ex_i2d(pchval, out, chtt,
-								-1, aclass);
-			}
-		/* Fixme: error condition if selector out of range */
-		if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
-				return 0;
-		break;
-
-		case ASN1_ITYPE_EXTERN:
-		/* If new style i2d it does all the work */
-		ef = it->funcs;
-		return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
-
-		case ASN1_ITYPE_COMPAT:
-		/* old style hackery... */
-		cf = it->funcs;
-		if (out)
-			p = *out;
-		i = cf->asn1_i2d(*pval, out);
-		/* Fixup for IMPLICIT tag: note this messes up for tags > 30,
-		 * but so did the old code. Tags > 30 are very rare anyway.
-		 */
-		if (out && (tag != -1))
-			*p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
-		return i;
-		
-		case ASN1_ITYPE_NDEF_SEQUENCE:
-		/* Use indefinite length constructed if requested */
-		if (aclass & ASN1_TFLG_NDEF) ndef = 2;
-		/* fall through */
-
-		case ASN1_ITYPE_SEQUENCE:
-		i = asn1_enc_restore(&seqcontlen, out, pval, it);
-		/* An error occurred */
-		if (i < 0)
-			return 0;
-		/* We have a valid cached encoding... */
-		if (i > 0)
-			return seqcontlen;
-		/* Otherwise carry on */
-		seqcontlen = 0;
-		/* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
-		if (tag == -1)
-			{
-			tag = V_ASN1_SEQUENCE;
-			/* Retain any other flags in aclass */
-			aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
-					| V_ASN1_UNIVERSAL;
-			}
-		if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
-				return 0;
-		/* First work out sequence content length */
-		for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
-			{
-			const ASN1_TEMPLATE *seqtt;
-			ASN1_VALUE **pseqval;
-			seqtt = asn1_do_adb(pval, tt, 1);
-			if (!seqtt)
-				return 0;
-			pseqval = asn1_get_field_ptr(pval, seqtt);
-			/* FIXME: check for errors in enhanced version */
-			seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt,
-								-1, aclass);
-			}
-
-		seqlen = ASN1_object_size(ndef, seqcontlen, tag);
-		if (!out)
-			return seqlen;
-		/* Output SEQUENCE header */
-		ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
-		for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
-			{
-			const ASN1_TEMPLATE *seqtt;
-			ASN1_VALUE **pseqval;
-			seqtt = asn1_do_adb(pval, tt, 1);
-			if (!seqtt)
-				return 0;
-			pseqval = asn1_get_field_ptr(pval, seqtt);
-			/* FIXME: check for errors in enhanced version */
-			asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
-			}
-		if (ndef == 2)
-			ASN1_put_eoc(out);
-		if (asn1_cb  && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
-				return 0;
-		return seqlen;
-
-		default:
-		return 0;
-
-		}
-	return 0;
-	}
+                     const ASN1_ITEM *it, int tag, int aclass)
+{
+    const ASN1_TEMPLATE *tt = NULL;
+    unsigned char *p = NULL;
+    int i, seqcontlen, seqlen, ndef = 1;
+    const ASN1_COMPAT_FUNCS *cf;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb = 0;
+
+    if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+        return 0;
+
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates)
+            return asn1_template_ex_i2d(pval, out, it->templates,
+                                        tag, aclass);
+        return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+            return 0;
+        i = asn1_get_choice_selector(pval, it);
+        if ((i >= 0) && (i < it->tcount)) {
+            ASN1_VALUE **pchval;
+            const ASN1_TEMPLATE *chtt;
+            chtt = it->templates + i;
+            pchval = asn1_get_field_ptr(pval, chtt);
+            return asn1_template_ex_i2d(pchval, out, chtt, -1, aclass);
+        }
+        /* Fixme: error condition if selector out of range */
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+            return 0;
+        break;
+
+    case ASN1_ITYPE_EXTERN:
+        /* If new style i2d it does all the work */
+        ef = it->funcs;
+        return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
+
+    case ASN1_ITYPE_COMPAT:
+        /* old style hackery... */
+        cf = it->funcs;
+        if (out)
+            p = *out;
+        i = cf->asn1_i2d(*pval, out);
+        /*
+         * Fixup for IMPLICIT tag: note this messes up for tags > 30, but so
+         * did the old code. Tags > 30 are very rare anyway.
+         */
+        if (out && (tag != -1))
+            *p = aclass | tag | (*p & V_ASN1_CONSTRUCTED);
+        return i;
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+        /* Use indefinite length constructed if requested */
+        if (aclass & ASN1_TFLG_NDEF)
+            ndef = 2;
+        /* fall through */
+
+    case ASN1_ITYPE_SEQUENCE:
+        i = asn1_enc_restore(&seqcontlen, out, pval, it);
+        /* An error occurred */
+        if (i < 0)
+            return 0;
+        /* We have a valid cached encoding... */
+        if (i > 0)
+            return seqcontlen;
+        /* Otherwise carry on */
+        seqcontlen = 0;
+        /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
+        if (tag == -1) {
+            tag = V_ASN1_SEQUENCE;
+            /* Retain any other flags in aclass */
+            aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
+                | V_ASN1_UNIVERSAL;
+        }
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it))
+            return 0;
+        /* First work out sequence content length */
+        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+            const ASN1_TEMPLATE *seqtt;
+            ASN1_VALUE **pseqval;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (!seqtt)
+                return 0;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            /* FIXME: check for errors in enhanced version */
+            seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt,
+                                               -1, aclass);
+        }
+
+        seqlen = ASN1_object_size(ndef, seqcontlen, tag);
+        if (!out)
+            return seqlen;
+        /* Output SEQUENCE header */
+        ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
+        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+            const ASN1_TEMPLATE *seqtt;
+            ASN1_VALUE **pseqval;
+            seqtt = asn1_do_adb(pval, tt, 1);
+            if (!seqtt)
+                return 0;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            /* FIXME: check for errors in enhanced version */
+            asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
+        }
+        if (ndef == 2)
+            ASN1_put_eoc(out);
+        if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it))
+            return 0;
+        return seqlen;
+
+    default:
+        return 0;
+
+    }
+    return 0;
+}
 
 int ASN1_template_i2d(ASN1_VALUE **pval, unsigned char **out,
-							const ASN1_TEMPLATE *tt)
-	{
-	return asn1_template_ex_i2d(pval, out, tt, -1, 0);
-	}
+                      const ASN1_TEMPLATE *tt)
+{
+    return asn1_template_ex_i2d(pval, out, tt, -1, 0);
+}
 
 static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
-				const ASN1_TEMPLATE *tt, int tag, int iclass)
-	{
-	int i, ret, flags, ttag, tclass, ndef;
-	flags = tt->flags;
-	/* Work out tag and class to use: tagging may come
-	 * either from the template or the arguments, not both
-	 * because this would create ambiguity. Additionally
-	 * the iclass argument may contain some additional flags
-	 * which should be noted and passed down to other levels.
-	 */
-	if (flags & ASN1_TFLG_TAG_MASK)
-		{
-		/* Error if argument and template tagging */
-		if (tag != -1)
-			/* FIXME: error code here */
-			return -1;
-		/* Get tagging from template */
-		ttag = tt->tag;
-		tclass = flags & ASN1_TFLG_TAG_CLASS;
-		}
-	else if (tag != -1)
-		{
-		/* No template tagging, get from arguments */
-		ttag = tag;
-		tclass = iclass & ASN1_TFLG_TAG_CLASS;
-		}
-	else
-		{
-		ttag = -1;
-		tclass = 0;
-		}
-	/* 
-	 * Remove any class mask from iflag.
-	 */
-	iclass &= ~ASN1_TFLG_TAG_CLASS;
-
-	/* At this point 'ttag' contains the outer tag to use,
-	 * 'tclass' is the class and iclass is any flags passed
-	 * to this function.
-	 */
-
-	/* if template and arguments require ndef, use it */
-	if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
-		ndef = 2;
-	else ndef = 1;
-
-	if (flags & ASN1_TFLG_SK_MASK)
-		{
-		/* SET OF, SEQUENCE OF */
-		STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
-		int isset, sktag, skaclass;
-		int skcontlen, sklen;
-		ASN1_VALUE *skitem;
-
-		if (!*pval)
-			return 0;
-
-		if (flags & ASN1_TFLG_SET_OF)
-			{
-			isset = 1;
-			/* 2 means we reorder */
-			if (flags & ASN1_TFLG_SEQUENCE_OF)
-				isset = 2;
-			}
-		else isset = 0;
-
-		/* Work out inner tag value: if EXPLICIT
-		 * or no tagging use underlying type.
-		 */
-		if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG))
-			{
-			sktag = ttag;
-			skaclass = tclass;
-			}
-		else
-			{
-			skaclass = V_ASN1_UNIVERSAL;
-			if (isset)
-				sktag = V_ASN1_SET;
-			else sktag = V_ASN1_SEQUENCE;
-			}
-
-		/* Determine total length of items */
-		skcontlen = 0;
-		for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
-			{
-			skitem = sk_ASN1_VALUE_value(sk, i);
-			skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
-						ASN1_ITEM_ptr(tt->item),
-							-1, iclass);
-			}
-		sklen = ASN1_object_size(ndef, skcontlen, sktag);
-		/* If EXPLICIT need length of surrounding tag */
-		if (flags & ASN1_TFLG_EXPTAG)
-			ret = ASN1_object_size(ndef, sklen, ttag);
-		else ret = sklen;
-
-		if (!out)
-			return ret;
-
-		/* Now encode this lot... */
-		/* EXPLICIT tag */
-		if (flags & ASN1_TFLG_EXPTAG)
-			ASN1_put_object(out, ndef, sklen, ttag, tclass);
-		/* SET or SEQUENCE and IMPLICIT tag */
-		ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
-		/* And the stuff itself */
-		asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
-								isset, iclass);
-		if (ndef == 2)
-			{
-			ASN1_put_eoc(out);
-			if (flags & ASN1_TFLG_EXPTAG)
-				ASN1_put_eoc(out);
-			}
-
-		return ret;
-		}
-
-	if (flags & ASN1_TFLG_EXPTAG)
-		{
-		/* EXPLICIT tagging */
-		/* Find length of tagged item */
-		i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item),
-								-1, iclass);
-		if (!i)
-			return 0;
-		/* Find length of EXPLICIT tag */
-		ret = ASN1_object_size(ndef, i, ttag);
-		if (out)
-			{
-			/* Output tag and item */
-			ASN1_put_object(out, ndef, i, ttag, tclass);
-			ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
-								-1, iclass);
-			if (ndef == 2)
-				ASN1_put_eoc(out);
-			}
-		return ret;
-		}
-
-	/* Either normal or IMPLICIT tagging: combine class and flags */
-	return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
-						ttag, tclass | iclass);
+                                const ASN1_TEMPLATE *tt, int tag, int iclass)
+{
+    int i, ret, flags, ttag, tclass, ndef;
+    flags = tt->flags;
+    /*
+     * Work out tag and class to use: tagging may come either from the
+     * template or the arguments, not both because this would create
+     * ambiguity. Additionally the iclass argument may contain some
+     * additional flags which should be noted and passed down to other
+     * levels.
+     */
+    if (flags & ASN1_TFLG_TAG_MASK) {
+        /* Error if argument and template tagging */
+        if (tag != -1)
+            /* FIXME: error code here */
+            return -1;
+        /* Get tagging from template */
+        ttag = tt->tag;
+        tclass = flags & ASN1_TFLG_TAG_CLASS;
+    } else if (tag != -1) {
+        /* No template tagging, get from arguments */
+        ttag = tag;
+        tclass = iclass & ASN1_TFLG_TAG_CLASS;
+    } else {
+        ttag = -1;
+        tclass = 0;
+    }
+    /*
+     * Remove any class mask from iflag.
+     */
+    iclass &= ~ASN1_TFLG_TAG_CLASS;
+
+    /*
+     * At this point 'ttag' contains the outer tag to use, 'tclass' is the
+     * class and iclass is any flags passed to this function.
+     */
+
+    /* if template and arguments require ndef, use it */
+    if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
+        ndef = 2;
+    else
+        ndef = 1;
+
+    if (flags & ASN1_TFLG_SK_MASK) {
+        /* SET OF, SEQUENCE OF */
+        STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+        int isset, sktag, skaclass;
+        int skcontlen, sklen;
+        ASN1_VALUE *skitem;
+
+        if (!*pval)
+            return 0;
+
+        if (flags & ASN1_TFLG_SET_OF) {
+            isset = 1;
+            /* 2 means we reorder */
+            if (flags & ASN1_TFLG_SEQUENCE_OF)
+                isset = 2;
+        } else
+            isset = 0;
+
+        /*
+         * Work out inner tag value: if EXPLICIT or no tagging use underlying
+         * type.
+         */
+        if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) {
+            sktag = ttag;
+            skaclass = tclass;
+        } else {
+            skaclass = V_ASN1_UNIVERSAL;
+            if (isset)
+                sktag = V_ASN1_SET;
+            else
+                sktag = V_ASN1_SEQUENCE;
+        }
+
+        /* Determine total length of items */
+        skcontlen = 0;
+        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            skitem = sk_ASN1_VALUE_value(sk, i);
+            skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
+                                          ASN1_ITEM_ptr(tt->item),
+                                          -1, iclass);
+        }
+        sklen = ASN1_object_size(ndef, skcontlen, sktag);
+        /* If EXPLICIT need length of surrounding tag */
+        if (flags & ASN1_TFLG_EXPTAG)
+            ret = ASN1_object_size(ndef, sklen, ttag);
+        else
+            ret = sklen;
+
+        if (!out)
+            return ret;
+
+        /* Now encode this lot... */
+        /* EXPLICIT tag */
+        if (flags & ASN1_TFLG_EXPTAG)
+            ASN1_put_object(out, ndef, sklen, ttag, tclass);
+        /* SET or SEQUENCE and IMPLICIT tag */
+        ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
+        /* And the stuff itself */
+        asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
+                         isset, iclass);
+        if (ndef == 2) {
+            ASN1_put_eoc(out);
+            if (flags & ASN1_TFLG_EXPTAG)
+                ASN1_put_eoc(out);
+        }
+
+        return ret;
+    }
+
+    if (flags & ASN1_TFLG_EXPTAG) {
+        /* EXPLICIT tagging */
+        /* Find length of tagged item */
+        i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass);
+        if (!i)
+            return 0;
+        /* Find length of EXPLICIT tag */
+        ret = ASN1_object_size(ndef, i, ttag);
+        if (out) {
+            /* Output tag and item */
+            ASN1_put_object(out, ndef, i, ttag, tclass);
+            ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass);
+            if (ndef == 2)
+                ASN1_put_eoc(out);
+        }
+        return ret;
+    }
+
+    /* Either normal or IMPLICIT tagging: combine class and flags */
+    return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
+                            ttag, tclass | iclass);
 
 }
 
 /* Temporary structure used to hold DER encoding of items for SET OF */
 
-typedef	struct {
-	unsigned char *data;
-	int length;
-	ASN1_VALUE *field;
+typedef struct {
+    unsigned char *data;
+    int length;
+    ASN1_VALUE *field;
 } DER_ENC;
 
 static int der_cmp(const void *a, const void *b)
-	{
-	const DER_ENC *d1 = a, *d2 = b;
-	int cmplen, i;
-	cmplen = (d1->length < d2->length) ? d1->length : d2->length;
-	i = memcmp(d1->data, d2->data, cmplen);
-	if (i)
-		return i;
-	return d1->length - d2->length;
-	}
+{
+    const DER_ENC *d1 = a, *d2 = b;
+    int cmplen, i;
+    cmplen = (d1->length < d2->length) ? d1->length : d2->length;
+    i = memcmp(d1->data, d2->data, cmplen);
+    if (i)
+        return i;
+    return d1->length - d2->length;
+}
 
 /* Output the content octets of SET OF or SEQUENCE OF */
 
 static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
-					int skcontlen, const ASN1_ITEM *item,
-					int do_sort, int iclass)
-	{
-	int i;
-	ASN1_VALUE *skitem;
-	unsigned char *tmpdat = NULL, *p = NULL;
-	DER_ENC *derlst = NULL, *tder;
-	if (do_sort)
-		 {
-		/* Don't need to sort less than 2 items */
-		if (sk_ASN1_VALUE_num(sk) < 2)
-			do_sort = 0;
-		else
-			{
-			derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
-						* sizeof(*derlst));
-			if (!derlst)
-				return 0;
-			tmpdat = OPENSSL_malloc(skcontlen);
-			if (!tmpdat)
-				{
-				OPENSSL_free(derlst);
-				return 0;
-				}
-			}
-		}
-	/* If not sorting just output each item */
-	if (!do_sort)
-		{
-		for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
-			{
-			skitem = sk_ASN1_VALUE_value(sk, i);
-			ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
-			}
-		return 1;
-		}
-	p = tmpdat;
-
-	/* Doing sort: build up a list of each member's DER encoding */
-	for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
-		{
-		skitem = sk_ASN1_VALUE_value(sk, i);
-		tder->data = p;
-		tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
-		tder->field = skitem;
-		}
-
-	/* Now sort them */
-	qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
-	/* Output sorted DER encoding */	
-	p = *out;
-	for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
-		{
-		memcpy(p, tder->data, tder->length);
-		p += tder->length;
-		}
-	*out = p;
-	/* If do_sort is 2 then reorder the STACK */
-	if (do_sort == 2)
-		{
-		for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk);
-							i++, tder++)
-			(void)sk_ASN1_VALUE_set(sk, i, tder->field);
-		}
-	OPENSSL_free(derlst);
-	OPENSSL_free(tmpdat);
-	return 1;
-	}
+                            int skcontlen, const ASN1_ITEM *item,
+                            int do_sort, int iclass)
+{
+    int i;
+    ASN1_VALUE *skitem;
+    unsigned char *tmpdat = NULL, *p = NULL;
+    DER_ENC *derlst = NULL, *tder;
+    if (do_sort) {
+        /* Don't need to sort less than 2 items */
+        if (sk_ASN1_VALUE_num(sk) < 2)
+            do_sort = 0;
+        else {
+            derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk)
+                                    * sizeof(*derlst));
+            if (!derlst)
+                return 0;
+            tmpdat = OPENSSL_malloc(skcontlen);
+            if (!tmpdat) {
+                OPENSSL_free(derlst);
+                return 0;
+            }
+        }
+    }
+    /* If not sorting just output each item */
+    if (!do_sort) {
+        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            skitem = sk_ASN1_VALUE_value(sk, i);
+            ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
+        }
+        return 1;
+    }
+    p = tmpdat;
+
+    /* Doing sort: build up a list of each member's DER encoding */
+    for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+        skitem = sk_ASN1_VALUE_value(sk, i);
+        tder->data = p;
+        tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
+        tder->field = skitem;
+    }
+
+    /* Now sort them */
+    qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
+    /* Output sorted DER encoding */
+    p = *out;
+    for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
+        memcpy(p, tder->data, tder->length);
+        p += tder->length;
+    }
+    *out = p;
+    /* If do_sort is 2 then reorder the STACK */
+    if (do_sort == 2) {
+        for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
+            (void)sk_ASN1_VALUE_set(sk, i, tder->field);
+    }
+    OPENSSL_free(derlst);
+    OPENSSL_free(tmpdat);
+    return 1;
+}
 
 static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
-				const ASN1_ITEM *it, int tag, int aclass)
-	{
-	int len;
-	int utype;
-	int usetag;
-	int ndef = 0;
-
-	utype = it->utype;
-
-	/* Get length of content octets and maybe find
-	 * out the underlying type.
-	 */
-
-	len = asn1_ex_i2c(pval, NULL, &utype, it);
-
-	/* If SEQUENCE, SET or OTHER then header is
-	 * included in pseudo content octets so don't
-	 * include tag+length. We need to check here
-	 * because the call to asn1_ex_i2c() could change
-	 * utype.
-	 */
-	if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
-	   (utype == V_ASN1_OTHER))
-		usetag = 0;
-	else usetag = 1;
-
-	/* -1 means omit type */
-
-	if (len == -1)
-		return 0;
-
-	/* -2 return is special meaning use ndef */
-	if (len == -2)
-		{
-		ndef = 2;
-		len = 0;
-		}
-
-	/* If not implicitly tagged get tag from underlying type */
-	if (tag == -1) tag = utype;
-
-	/* Output tag+length followed by content octets */
-	if (out)
-		{
-		if (usetag)
-			ASN1_put_object(out, ndef, len, tag, aclass);
-		asn1_ex_i2c(pval, *out, &utype, it);
-		if (ndef)
-			ASN1_put_eoc(out);
-		else
-			*out += len;
-		}
-
-	if (usetag)
-		return ASN1_object_size(ndef, len, tag);
-	return len;
-	}
+                                 const ASN1_ITEM *it, int tag, int aclass)
+{
+    int len;
+    int utype;
+    int usetag;
+    int ndef = 0;
+
+    utype = it->utype;
+
+    /*
+     * Get length of content octets and maybe find out the underlying type.
+     */
+
+    len = asn1_ex_i2c(pval, NULL, &utype, it);
+
+    /*
+     * If SEQUENCE, SET or OTHER then header is included in pseudo content
+     * octets so don't include tag+length. We need to check here because the
+     * call to asn1_ex_i2c() could change utype.
+     */
+    if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
+        (utype == V_ASN1_OTHER))
+        usetag = 0;
+    else
+        usetag = 1;
+
+    /* -1 means omit type */
+
+    if (len == -1)
+        return 0;
+
+    /* -2 return is special meaning use ndef */
+    if (len == -2) {
+        ndef = 2;
+        len = 0;
+    }
+
+    /* If not implicitly tagged get tag from underlying type */
+    if (tag == -1)
+        tag = utype;
+
+    /* Output tag+length followed by content octets */
+    if (out) {
+        if (usetag)
+            ASN1_put_object(out, ndef, len, tag, aclass);
+        asn1_ex_i2c(pval, *out, &utype, it);
+        if (ndef)
+            ASN1_put_eoc(out);
+        else
+            *out += len;
+    }
+
+    if (usetag)
+        return ASN1_object_size(ndef, len, tag);
+    return len;
+}
 
 /* Produce content octets from a structure */
 
 int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
-				const ASN1_ITEM *it)
-	{
-	ASN1_BOOLEAN *tbool = NULL;
-	ASN1_STRING *strtmp;
-	ASN1_OBJECT *otmp;
-	int utype;
-	unsigned char *cont, c;
-	int len;
-	const ASN1_PRIMITIVE_FUNCS *pf;
-	pf = it->funcs;
-	if (pf && pf->prim_i2c)
-		return pf->prim_i2c(pval, cout, putype, it);
-
-	/* Should type be omitted? */
-	if ((it->itype != ASN1_ITYPE_PRIMITIVE)
-		|| (it->utype != V_ASN1_BOOLEAN))
-		{
-		if (!*pval) return -1;
-		}
-
-	if (it->itype == ASN1_ITYPE_MSTRING)
-		{
-		/* If MSTRING type set the underlying type */
-		strtmp = (ASN1_STRING *)*pval;
-		utype = strtmp->type;
-		*putype = utype;
-		}
-	else if (it->utype == V_ASN1_ANY)
-		{
-		/* If ANY set type and pointer to value */
-		ASN1_TYPE *typ;
-		typ = (ASN1_TYPE *)*pval;
-		utype = typ->type;
-		*putype = utype;
-		pval = &typ->value.asn1_value;
-		}
-	else utype = *putype;
-
-	switch(utype)
-		{
-		case V_ASN1_OBJECT:
-		otmp = (ASN1_OBJECT *)*pval;
-		cont = otmp->data;
-		len = otmp->length;
-		break;
-
-		case V_ASN1_NULL:
-		cont = NULL;
-		len = 0;
-		break;
-
-		case V_ASN1_BOOLEAN:
-		tbool = (ASN1_BOOLEAN *)pval;
-		if (*tbool == -1)
-			return -1;
-		if (it->utype != V_ASN1_ANY)
-			{
-			/* Default handling if value == size field then omit */
-			if (*tbool && (it->size > 0))
-				return -1;
-			if (!*tbool && !it->size)
-				return -1;
-			}
-		c = (unsigned char)*tbool;
-		cont = &c;
-		len = 1;
-		break;
-
-		case V_ASN1_BIT_STRING:
-		return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
-							cout ? &cout : NULL);
-		break;
-
-		case V_ASN1_INTEGER:
-		case V_ASN1_NEG_INTEGER:
-		case V_ASN1_ENUMERATED:
-		case V_ASN1_NEG_ENUMERATED:
-		/* These are all have the same content format
-		 * as ASN1_INTEGER
-		 */
-		return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval,
-							cout ? &cout : NULL);
-		break;
-
-		case V_ASN1_OCTET_STRING:
-		case V_ASN1_NUMERICSTRING:
-		case V_ASN1_PRINTABLESTRING:
-		case V_ASN1_T61STRING:
-		case V_ASN1_VIDEOTEXSTRING:
-		case V_ASN1_IA5STRING:
-		case V_ASN1_UTCTIME:
-		case V_ASN1_GENERALIZEDTIME:
-		case V_ASN1_GRAPHICSTRING:
-		case V_ASN1_VISIBLESTRING:
-		case V_ASN1_GENERALSTRING:
-		case V_ASN1_UNIVERSALSTRING:
-		case V_ASN1_BMPSTRING:
-		case V_ASN1_UTF8STRING:
-		case V_ASN1_SEQUENCE:
-		case V_ASN1_SET:
-		default:
-		/* All based on ASN1_STRING and handled the same */
-		strtmp = (ASN1_STRING *)*pval;
-		/* Special handling for NDEF */
-		if ((it->size == ASN1_TFLG_NDEF)
-			&& (strtmp->flags & ASN1_STRING_FLAG_NDEF))
-			{
-			if (cout)
-				{
-				strtmp->data = cout;
-				strtmp->length = 0;
-				}
-			/* Special return code */
-			return -2;
-			}
-		cont = strtmp->data;
-		len = strtmp->length;
-
-		break;
-
-		}
-	if (cout && len)
-		memcpy(cout, cont, len);
-	return len;
-	}
+                const ASN1_ITEM *it)
+{
+    ASN1_BOOLEAN *tbool = NULL;
+    ASN1_STRING *strtmp;
+    ASN1_OBJECT *otmp;
+    int utype;
+    unsigned char *cont, c;
+    int len;
+    const ASN1_PRIMITIVE_FUNCS *pf;
+    pf = it->funcs;
+    if (pf && pf->prim_i2c)
+        return pf->prim_i2c(pval, cout, putype, it);
+
+    /* Should type be omitted? */
+    if ((it->itype != ASN1_ITYPE_PRIMITIVE)
+        || (it->utype != V_ASN1_BOOLEAN)) {
+        if (!*pval)
+            return -1;
+    }
+
+    if (it->itype == ASN1_ITYPE_MSTRING) {
+        /* If MSTRING type set the underlying type */
+        strtmp = (ASN1_STRING *)*pval;
+        utype = strtmp->type;
+        *putype = utype;
+    } else if (it->utype == V_ASN1_ANY) {
+        /* If ANY set type and pointer to value */
+        ASN1_TYPE *typ;
+        typ = (ASN1_TYPE *)*pval;
+        utype = typ->type;
+        *putype = utype;
+        pval = &typ->value.asn1_value;
+    } else
+        utype = *putype;
+
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        otmp = (ASN1_OBJECT *)*pval;
+        cont = otmp->data;
+        len = otmp->length;
+        break;
+
+    case V_ASN1_NULL:
+        cont = NULL;
+        len = 0;
+        break;
+
+    case V_ASN1_BOOLEAN:
+        tbool = (ASN1_BOOLEAN *)pval;
+        if (*tbool == -1)
+            return -1;
+        if (it->utype != V_ASN1_ANY) {
+            /*
+             * Default handling if value == size field then omit
+             */
+            if (*tbool && (it->size > 0))
+                return -1;
+            if (!*tbool && !it->size)
+                return -1;
+        }
+        c = (unsigned char)*tbool;
+        cont = &c;
+        len = 1;
+        break;
+
+    case V_ASN1_BIT_STRING:
+        return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
+                                   cout ? &cout : NULL);
+        break;
+
+    case V_ASN1_INTEGER:
+    case V_ASN1_NEG_INTEGER:
+    case V_ASN1_ENUMERATED:
+    case V_ASN1_NEG_ENUMERATED:
+        /*
+         * These are all have the same content format as ASN1_INTEGER
+         */
+        return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
+        break;
+
+    case V_ASN1_OCTET_STRING:
+    case V_ASN1_NUMERICSTRING:
+    case V_ASN1_PRINTABLESTRING:
+    case V_ASN1_T61STRING:
+    case V_ASN1_VIDEOTEXSTRING:
+    case V_ASN1_IA5STRING:
+    case V_ASN1_UTCTIME:
+    case V_ASN1_GENERALIZEDTIME:
+    case V_ASN1_GRAPHICSTRING:
+    case V_ASN1_VISIBLESTRING:
+    case V_ASN1_GENERALSTRING:
+    case V_ASN1_UNIVERSALSTRING:
+    case V_ASN1_BMPSTRING:
+    case V_ASN1_UTF8STRING:
+    case V_ASN1_SEQUENCE:
+    case V_ASN1_SET:
+    default:
+        /* All based on ASN1_STRING and handled the same */
+        strtmp = (ASN1_STRING *)*pval;
+        /* Special handling for NDEF */
+        if ((it->size == ASN1_TFLG_NDEF)
+            && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) {
+            if (cout) {
+                strtmp->data = cout;
+                strtmp->length = 0;
+            }
+            /* Special return code */
+            return -2;
+        }
+        cont = strtmp->data;
+        len = strtmp->length;
+
+        break;
+
+    }
+    if (cout && len)
+        memcpy(cout, cont, len);
+    return len;
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c
index d7c017fa..a56d89b6 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_fre.c
@@ -1,6 +1,7 @@
 /* tasn_fre.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,211 +57,193 @@
  *
  */
 
-
 #include <stddef.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
 
-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine);
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                   int combine);
 
 /* Free up an ASN1 structure */
 
 void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
-	{
-	asn1_item_combine_free(&val, it, 0);
-	}
+{
+    asn1_item_combine_free(&val, it, 0);
+}
 
 void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	asn1_item_combine_free(pval, it, 0);
-	}
-
-static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int combine)
-	{
-	const ASN1_TEMPLATE *tt = NULL, *seqtt;
-	const ASN1_EXTERN_FUNCS *ef;
-	const ASN1_COMPAT_FUNCS *cf;
-	const ASN1_AUX *aux = it->funcs;
-	ASN1_aux_cb *asn1_cb;
-	int i;
-	if (!pval)
-		return;
-	if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
-		return;
-	if (aux && aux->asn1_cb)
-		asn1_cb = aux->asn1_cb;
-	else
-		asn1_cb = 0;
-
-	switch(it->itype)
-		{
-
-		case ASN1_ITYPE_PRIMITIVE:
-		if (it->templates)
-			ASN1_template_free(pval, it->templates);
-		else
-			ASN1_primitive_free(pval, it);
-		break;
-
-		case ASN1_ITYPE_MSTRING:
-		ASN1_primitive_free(pval, it);
-		break;
-
-		case ASN1_ITYPE_CHOICE:
-		if (asn1_cb)
-			{
-			i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
-			if (i == 2)
-				return;
-			}
-		i = asn1_get_choice_selector(pval, it);
-		if ((i >= 0) && (i < it->tcount))
-			{
-			ASN1_VALUE **pchval;
-			tt = it->templates + i;
-			pchval = asn1_get_field_ptr(pval, tt);
-			ASN1_template_free(pchval, tt);
-			}
-		if (asn1_cb)
-			asn1_cb(ASN1_OP_FREE_POST, pval, it);
-		if (!combine)
-			{
-			OPENSSL_free(*pval);
-			*pval = NULL;
-			}
-		break;
-
-		case ASN1_ITYPE_COMPAT:
-		cf = it->funcs;
-		if (cf && cf->asn1_free)
-			cf->asn1_free(*pval);
-		break;
-
-		case ASN1_ITYPE_EXTERN:
-		ef = it->funcs;
-		if (ef && ef->asn1_ex_free)
-			ef->asn1_ex_free(pval, it);
-		break;
-
-		case ASN1_ITYPE_NDEF_SEQUENCE:
-		case ASN1_ITYPE_SEQUENCE:
-		if (asn1_do_lock(pval, -1, it) > 0)
-			return;
-		if (asn1_cb)
-			{
-			i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
-			if (i == 2)
-				return;
-			}		
-		asn1_enc_free(pval, it);
-		/* If we free up as normal we will invalidate any
-		 * ANY DEFINED BY field and we wont be able to 
-		 * determine the type of the field it defines. So
-		 * free up in reverse order.
-		 */
-		tt = it->templates + it->tcount - 1;
-		for (i = 0; i < it->tcount; tt--, i++)
-			{
-			ASN1_VALUE **pseqval;
-			seqtt = asn1_do_adb(pval, tt, 0);
-			if (!seqtt)
-				continue;
-			pseqval = asn1_get_field_ptr(pval, seqtt);
-			ASN1_template_free(pseqval, seqtt);
-			}
-		if (asn1_cb)
-			asn1_cb(ASN1_OP_FREE_POST, pval, it);
-		if (!combine)
-			{
-			OPENSSL_free(*pval);
-			*pval = NULL;
-			}
-		break;
-		}
-	}
+{
+    asn1_item_combine_free(pval, it, 0);
+}
+
+static void asn1_item_combine_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
+                                   int combine)
+{
+    const ASN1_TEMPLATE *tt = NULL, *seqtt;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_COMPAT_FUNCS *cf;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    int i;
+    if (!pval)
+        return;
+    if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
+        return;
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+    else
+        asn1_cb = 0;
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates)
+            ASN1_template_free(pval, it->templates);
+        else
+            ASN1_primitive_free(pval, it);
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        ASN1_primitive_free(pval, it);
+        break;
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+            if (i == 2)
+                return;
+        }
+        i = asn1_get_choice_selector(pval, it);
+        if ((i >= 0) && (i < it->tcount)) {
+            ASN1_VALUE **pchval;
+            tt = it->templates + i;
+            pchval = asn1_get_field_ptr(pval, tt);
+            ASN1_template_free(pchval, tt);
+        }
+        if (asn1_cb)
+            asn1_cb(ASN1_OP_FREE_POST, pval, it);
+        if (!combine) {
+            OPENSSL_free(*pval);
+            *pval = NULL;
+        }
+        break;
+
+    case ASN1_ITYPE_COMPAT:
+        cf = it->funcs;
+        if (cf && cf->asn1_free)
+            cf->asn1_free(*pval);
+        break;
+
+    case ASN1_ITYPE_EXTERN:
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_free)
+            ef->asn1_ex_free(pval, it);
+        break;
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+    case ASN1_ITYPE_SEQUENCE:
+        if (asn1_do_lock(pval, -1, it) > 0)
+            return;
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_FREE_PRE, pval, it);
+            if (i == 2)
+                return;
+        }
+        asn1_enc_free(pval, it);
+        /*
+         * If we free up as normal we will invalidate any ANY DEFINED BY
+         * field and we wont be able to determine the type of the field it
+         * defines. So free up in reverse order.
+         */
+        tt = it->templates + it->tcount - 1;
+        for (i = 0; i < it->tcount; tt--, i++) {
+            ASN1_VALUE **pseqval;
+            seqtt = asn1_do_adb(pval, tt, 0);
+            if (!seqtt)
+                continue;
+            pseqval = asn1_get_field_ptr(pval, seqtt);
+            ASN1_template_free(pseqval, seqtt);
+        }
+        if (asn1_cb)
+            asn1_cb(ASN1_OP_FREE_POST, pval, it);
+        if (!combine) {
+            OPENSSL_free(*pval);
+            *pval = NULL;
+        }
+        break;
+    }
+}
 
 void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-	{
-	int i;
-	if (tt->flags & ASN1_TFLG_SK_MASK)
-		{
-		STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
-		for (i = 0; i < sk_ASN1_VALUE_num(sk); i++)
-			{
-			ASN1_VALUE *vtmp;
-			vtmp = sk_ASN1_VALUE_value(sk, i);
-			asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item),
-									0);
-			}
-		sk_ASN1_VALUE_free(sk);
-		*pval = NULL;
-		}
-	else
-		asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
-						tt->flags & ASN1_TFLG_COMBINE);
-	}
+{
+    int i;
+    if (tt->flags & ASN1_TFLG_SK_MASK) {
+        STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
+        for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
+            ASN1_VALUE *vtmp;
+            vtmp = sk_ASN1_VALUE_value(sk, i);
+            asn1_item_combine_free(&vtmp, ASN1_ITEM_ptr(tt->item), 0);
+        }
+        sk_ASN1_VALUE_free(sk);
+        *pval = NULL;
+    } else
+        asn1_item_combine_free(pval, ASN1_ITEM_ptr(tt->item),
+                               tt->flags & ASN1_TFLG_COMBINE);
+}
 
 void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	int utype;
-	if (it)
-		{
-		const ASN1_PRIMITIVE_FUNCS *pf;
-		pf = it->funcs;
-		if (pf && pf->prim_free)
-			{
-			pf->prim_free(pval, it);
-			return;
-			}
-		}
-	/* Special case: if 'it' is NULL free contents of ASN1_TYPE */
-	if (!it)
-		{
-		ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
-		utype = typ->type;
-		pval = &typ->value.asn1_value;
-		if (!*pval)
-			return;
-		}
-	else if (it->itype == ASN1_ITYPE_MSTRING)
-		{
-		utype = -1;
-		if (!*pval)
-			return;
-		}
-	else
-		{
-		utype = it->utype;
-		if ((utype != V_ASN1_BOOLEAN) && !*pval)
-			return;
-		}
-
-	switch(utype)
-		{
-		case V_ASN1_OBJECT:
-		ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
-		break;
-
-		case V_ASN1_BOOLEAN:
-		if (it)
-			*(ASN1_BOOLEAN *)pval = it->size;
-		else
-			*(ASN1_BOOLEAN *)pval = -1;
-		return;
-
-		case V_ASN1_NULL:
-		break;
-
-		case V_ASN1_ANY:
-		ASN1_primitive_free(pval, NULL);
-		OPENSSL_free(*pval);
-		break;
-
-		default:
-		ASN1_STRING_free((ASN1_STRING *)*pval);
-		*pval = NULL;
-		break;
-		}
-	*pval = NULL;
-	}
+{
+    int utype;
+    if (it) {
+        const ASN1_PRIMITIVE_FUNCS *pf;
+        pf = it->funcs;
+        if (pf && pf->prim_free) {
+            pf->prim_free(pval, it);
+            return;
+        }
+    }
+    /* Special case: if 'it' is NULL free contents of ASN1_TYPE */
+    if (!it) {
+        ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
+        utype = typ->type;
+        pval = &typ->value.asn1_value;
+        if (!*pval)
+            return;
+    } else if (it->itype == ASN1_ITYPE_MSTRING) {
+        utype = -1;
+        if (!*pval)
+            return;
+    } else {
+        utype = it->utype;
+        if ((utype != V_ASN1_BOOLEAN) && !*pval)
+            return;
+    }
+
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
+        break;
+
+    case V_ASN1_BOOLEAN:
+        if (it)
+            *(ASN1_BOOLEAN *)pval = it->size;
+        else
+            *(ASN1_BOOLEAN *)pval = -1;
+        return;
+
+    case V_ASN1_NULL:
+        break;
+
+    case V_ASN1_ANY:
+        ASN1_primitive_free(pval, NULL);
+        OPENSSL_free(*pval);
+        break;
+
+    default:
+        ASN1_STRING_free((ASN1_STRING *)*pval);
+        *pval = NULL;
+        break;
+    }
+    *pval = NULL;
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c
index 5c6a2ebd..8c540cc7 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_new.c
@@ -1,6 +1,7 @@
 /* tasn_new.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,7 +57,6 @@
  *
  */
 
-
 #include <stddef.h>
 #include <openssl/asn1.h>
 #include <openssl/objects.h>
@@ -65,331 +65,316 @@
 #include <string.h>
 
 static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
-								int combine);
+                                    int combine);
 static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
 void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
 
 ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it)
-	{
-	ASN1_VALUE *ret = NULL;
-	if (ASN1_item_ex_new(&ret, it) > 0)
-		return ret;
-	return NULL;
-	}
+{
+    ASN1_VALUE *ret = NULL;
+    if (ASN1_item_ex_new(&ret, it) > 0)
+        return ret;
+    return NULL;
+}
 
 /* Allocate an ASN1 structure */
 
 int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	return asn1_item_ex_combine_new(pval, it, 0);
-	}
+{
+    return asn1_item_ex_combine_new(pval, it, 0);
+}
 
 static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
-								int combine)
-	{
-	const ASN1_TEMPLATE *tt = NULL;
-	const ASN1_COMPAT_FUNCS *cf;
-	const ASN1_EXTERN_FUNCS *ef;
-	const ASN1_AUX *aux = it->funcs;
-	ASN1_aux_cb *asn1_cb;
-	ASN1_VALUE **pseqval;
-	int i;
-	if (aux && aux->asn1_cb)
-		asn1_cb = aux->asn1_cb;
-	else
-		asn1_cb = 0;
-
-	if (!combine) *pval = NULL;
+                                    int combine)
+{
+    const ASN1_TEMPLATE *tt = NULL;
+    const ASN1_COMPAT_FUNCS *cf;
+    const ASN1_EXTERN_FUNCS *ef;
+    const ASN1_AUX *aux = it->funcs;
+    ASN1_aux_cb *asn1_cb;
+    ASN1_VALUE **pseqval;
+    int i;
+    if (aux && aux->asn1_cb)
+        asn1_cb = aux->asn1_cb;
+    else
+        asn1_cb = 0;
+
+    if (!combine)
+        *pval = NULL;
 
 #ifdef CRYPTO_MDEBUG
-	if (it->sname)
-		CRYPTO_push_info(it->sname);
+    if (it->sname)
+        CRYPTO_push_info(it->sname);
 #endif
 
-	switch(it->itype)
-		{
-
-		case ASN1_ITYPE_EXTERN:
-		ef = it->funcs;
-		if (ef && ef->asn1_ex_new)
-			{
-			if (!ef->asn1_ex_new(pval, it))
-				goto memerr;
-			}
-		break;
-
-		case ASN1_ITYPE_COMPAT:
-		cf = it->funcs;
-		if (cf && cf->asn1_new) {
-			*pval = cf->asn1_new();
-			if (!*pval)
-				goto memerr;
-		}
-		break;
-
-		case ASN1_ITYPE_PRIMITIVE:
-		if (it->templates)
-			{
-			if (!ASN1_template_new(pval, it->templates))
-				goto memerr;
-			}
-		else if (!ASN1_primitive_new(pval, it))
-				goto memerr;
-		break;
-
-		case ASN1_ITYPE_MSTRING:
-		if (!ASN1_primitive_new(pval, it))
-				goto memerr;
-		break;
-
-		case ASN1_ITYPE_CHOICE:
-		if (asn1_cb)
-			{
-			i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
-			if (!i)
-				goto auxerr;
-			if (i==2)
-				{
+    switch (it->itype) {
+
+    case ASN1_ITYPE_EXTERN:
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_new) {
+            if (!ef->asn1_ex_new(pval, it))
+                goto memerr;
+        }
+        break;
+
+    case ASN1_ITYPE_COMPAT:
+        cf = it->funcs;
+        if (cf && cf->asn1_new) {
+            *pval = cf->asn1_new();
+            if (!*pval)
+                goto memerr;
+        }
+        break;
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates) {
+            if (!ASN1_template_new(pval, it->templates))
+                goto memerr;
+        } else if (!ASN1_primitive_new(pval, it))
+            goto memerr;
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        if (!ASN1_primitive_new(pval, it))
+            goto memerr;
+        break;
+
+    case ASN1_ITYPE_CHOICE:
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+            if (!i)
+                goto auxerr;
+            if (i == 2) {
 #ifdef CRYPTO_MDEBUG
-				if (it->sname)
-					CRYPTO_pop_info();
+                if (it->sname)
+                    CRYPTO_pop_info();
 #endif
-				return 1;
-				}
-			}
-		if (!combine)
-			{
-			*pval = OPENSSL_malloc(it->size);
-			if (!*pval)
-				goto memerr;
-			memset(*pval, 0, it->size);
-			}
-		asn1_set_choice_selector(pval, -1, it);
-		if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
-				goto auxerr;
-		break;
-
-		case ASN1_ITYPE_NDEF_SEQUENCE:
-		case ASN1_ITYPE_SEQUENCE:
-		if (asn1_cb)
-			{
-			i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
-			if (!i)
-				goto auxerr;
-			if (i==2)
-				{
+                return 1;
+            }
+        }
+        if (!combine) {
+            *pval = OPENSSL_malloc(it->size);
+            if (!*pval)
+                goto memerr;
+            memset(*pval, 0, it->size);
+        }
+        asn1_set_choice_selector(pval, -1, it);
+        if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+            goto auxerr;
+        break;
+
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+    case ASN1_ITYPE_SEQUENCE:
+        if (asn1_cb) {
+            i = asn1_cb(ASN1_OP_NEW_PRE, pval, it);
+            if (!i)
+                goto auxerr;
+            if (i == 2) {
 #ifdef CRYPTO_MDEBUG
-				if (it->sname)
-					CRYPTO_pop_info();
+                if (it->sname)
+                    CRYPTO_pop_info();
 #endif
-				return 1;
-				}
-			}
-		if (!combine)
-			{
-			*pval = OPENSSL_malloc(it->size);
-			if (!*pval)
-				goto memerr;
-			memset(*pval, 0, it->size);
-			asn1_do_lock(pval, 0, it);
-			asn1_enc_init(pval, it);
-			}
-		for (i = 0, tt = it->templates; i < it->tcount; tt++, i++)
-			{
-			pseqval = asn1_get_field_ptr(pval, tt);
-			if (!ASN1_template_new(pseqval, tt))
-				goto memerr;
-			}
-		if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
-				goto auxerr;
-		break;
-	}
+                return 1;
+            }
+        }
+        if (!combine) {
+            *pval = OPENSSL_malloc(it->size);
+            if (!*pval)
+                goto memerr;
+            memset(*pval, 0, it->size);
+            asn1_do_lock(pval, 0, it);
+            asn1_enc_init(pval, it);
+        }
+        for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
+            pseqval = asn1_get_field_ptr(pval, tt);
+            if (!ASN1_template_new(pseqval, tt))
+                goto memerr;
+        }
+        if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it))
+            goto auxerr;
+        break;
+    }
 #ifdef CRYPTO_MDEBUG
-	if (it->sname) CRYPTO_pop_info();
+    if (it->sname)
+        CRYPTO_pop_info();
 #endif
-	return 1;
+    return 1;
 
-	memerr:
-	ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
+ memerr:
+    ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ERR_R_MALLOC_FAILURE);
 #ifdef CRYPTO_MDEBUG
-	if (it->sname) CRYPTO_pop_info();
+    if (it->sname)
+        CRYPTO_pop_info();
 #endif
-	return 0;
+    return 0;
 
-	auxerr:
-	ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
-	ASN1_item_ex_free(pval, it);
+ auxerr:
+    ASN1err(ASN1_F_ASN1_ITEM_EX_COMBINE_NEW, ASN1_R_AUX_ERROR);
+    ASN1_item_ex_free(pval, it);
 #ifdef CRYPTO_MDEBUG
-	if (it->sname) CRYPTO_pop_info();
+    if (it->sname)
+        CRYPTO_pop_info();
 #endif
-	return 0;
+    return 0;
 
-	}
+}
 
 static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	const ASN1_EXTERN_FUNCS *ef;
-
-	switch(it->itype)
-		{
-
-		case ASN1_ITYPE_EXTERN:
-		ef = it->funcs;
-		if (ef && ef->asn1_ex_clear) 
-			ef->asn1_ex_clear(pval, it);
-		else *pval = NULL;
-		break;
-
-
-		case ASN1_ITYPE_PRIMITIVE:
-		if (it->templates) 
-			asn1_template_clear(pval, it->templates);
-		else
-			asn1_primitive_clear(pval, it);
-		break;
-
-		case ASN1_ITYPE_MSTRING:
-		asn1_primitive_clear(pval, it);
-		break;
-
-		case ASN1_ITYPE_COMPAT:
-		case ASN1_ITYPE_CHOICE:
-		case ASN1_ITYPE_SEQUENCE:
-		case ASN1_ITYPE_NDEF_SEQUENCE:
-		*pval = NULL;
-		break;
-		}
-	}
-
+{
+    const ASN1_EXTERN_FUNCS *ef;
+
+    switch (it->itype) {
+
+    case ASN1_ITYPE_EXTERN:
+        ef = it->funcs;
+        if (ef && ef->asn1_ex_clear)
+            ef->asn1_ex_clear(pval, it);
+        else
+            *pval = NULL;
+        break;
+
+    case ASN1_ITYPE_PRIMITIVE:
+        if (it->templates)
+            asn1_template_clear(pval, it->templates);
+        else
+            asn1_primitive_clear(pval, it);
+        break;
+
+    case ASN1_ITYPE_MSTRING:
+        asn1_primitive_clear(pval, it);
+        break;
+
+    case ASN1_ITYPE_COMPAT:
+    case ASN1_ITYPE_CHOICE:
+    case ASN1_ITYPE_SEQUENCE:
+    case ASN1_ITYPE_NDEF_SEQUENCE:
+        *pval = NULL;
+        break;
+    }
+}
 
 int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-	{
-	const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
-	int ret;
-	if (tt->flags & ASN1_TFLG_OPTIONAL)
-		{
-		asn1_template_clear(pval, tt);
-		return 1;
-		}
-	/* If ANY DEFINED BY nothing to do */
-
-	if (tt->flags & ASN1_TFLG_ADB_MASK)
-		{
-		*pval = NULL;
-		return 1;
-		}
+{
+    const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item);
+    int ret;
+    if (tt->flags & ASN1_TFLG_OPTIONAL) {
+        asn1_template_clear(pval, tt);
+        return 1;
+    }
+    /* If ANY DEFINED BY nothing to do */
+
+    if (tt->flags & ASN1_TFLG_ADB_MASK) {
+        *pval = NULL;
+        return 1;
+    }
 #ifdef CRYPTO_MDEBUG
-	if (tt->field_name)
-		CRYPTO_push_info(tt->field_name);
+    if (tt->field_name)
+        CRYPTO_push_info(tt->field_name);
 #endif
-	/* If SET OF or SEQUENCE OF, its a STACK */
-	if (tt->flags & ASN1_TFLG_SK_MASK)
-		{
-		STACK_OF(ASN1_VALUE) *skval;
-		skval = sk_ASN1_VALUE_new_null();
-		if (!skval)
-			{
-			ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
-			ret = 0;
-			goto done;
-			}
-		*pval = (ASN1_VALUE *)skval;
-		ret = 1;
-		goto done;
-		}
-	/* Otherwise pass it back to the item routine */
-	ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
-	done:
+    /* If SET OF or SEQUENCE OF, its a STACK */
+    if (tt->flags & ASN1_TFLG_SK_MASK) {
+        STACK_OF(ASN1_VALUE) *skval;
+        skval = sk_ASN1_VALUE_new_null();
+        if (!skval) {
+            ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE);
+            ret = 0;
+            goto done;
+        }
+        *pval = (ASN1_VALUE *)skval;
+        ret = 1;
+        goto done;
+    }
+    /* Otherwise pass it back to the item routine */
+    ret = asn1_item_ex_combine_new(pval, it, tt->flags & ASN1_TFLG_COMBINE);
+ done:
 #ifdef CRYPTO_MDEBUG
-	if (it->sname)
-		CRYPTO_pop_info();
+    if (it->sname)
+        CRYPTO_pop_info();
 #endif
-	return ret;
-	}
+    return ret;
+}
 
 static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-	{
-	/* If ADB or STACK just NULL the field */
-	if (tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK)) 
-		*pval = NULL;
-	else
-		asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
-	}
-
-
-/* NB: could probably combine most of the real XXX_new() behaviour and junk
+{
+    /* If ADB or STACK just NULL the field */
+    if (tt->flags & (ASN1_TFLG_ADB_MASK | ASN1_TFLG_SK_MASK))
+        *pval = NULL;
+    else
+        asn1_item_clear(pval, ASN1_ITEM_ptr(tt->item));
+}
+
+/*
+ * NB: could probably combine most of the real XXX_new() behaviour and junk
  * all the old functions.
  */
 
 int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	ASN1_TYPE *typ;
-	int utype;
-
-	if (it && it->funcs)
-		{
-		const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
-		if (pf->prim_new)
-			return pf->prim_new(pval, it);
-		}
-
-	if (!it || (it->itype == ASN1_ITYPE_MSTRING))
-		utype = -1;
-	else
-		utype = it->utype;
-	switch(utype)
-		{
-		case V_ASN1_OBJECT:
-		*pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
-		return 1;
-
-		case V_ASN1_BOOLEAN:
-		if (it)
-			*(ASN1_BOOLEAN *)pval = it->size;
-		else
-			*(ASN1_BOOLEAN *)pval = -1;
-		return 1;
-
-		case V_ASN1_NULL:
-		*pval = (ASN1_VALUE *)1;
-		return 1;
-
-		case V_ASN1_ANY:
-		typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
-		if (!typ)
-			return 0;
-		typ->value.ptr = NULL;
-		typ->type = -1;
-		*pval = (ASN1_VALUE *)typ;
-		break;
-
-		default:
-		*pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
-		break;
-		}
-	if (*pval)
-		return 1;
-	return 0;
-	}
+{
+    ASN1_TYPE *typ;
+    int utype;
+
+    if (it && it->funcs) {
+        const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+        if (pf->prim_new)
+            return pf->prim_new(pval, it);
+    }
+
+    if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+        utype = -1;
+    else
+        utype = it->utype;
+    switch (utype) {
+    case V_ASN1_OBJECT:
+        *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
+        return 1;
+
+    case V_ASN1_BOOLEAN:
+        if (it)
+            *(ASN1_BOOLEAN *)pval = it->size;
+        else
+            *(ASN1_BOOLEAN *)pval = -1;
+        return 1;
+
+    case V_ASN1_NULL:
+        *pval = (ASN1_VALUE *)1;
+        return 1;
+
+    case V_ASN1_ANY:
+        typ = OPENSSL_malloc(sizeof(ASN1_TYPE));
+        if (!typ)
+            return 0;
+        typ->value.ptr = NULL;
+        typ->type = -1;
+        *pval = (ASN1_VALUE *)typ;
+        break;
+
+    default:
+        *pval = (ASN1_VALUE *)ASN1_STRING_type_new(utype);
+        break;
+    }
+    if (*pval)
+        return 1;
+    return 0;
+}
 
 void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	int utype;
-	if (it && it->funcs)
-		{
-		const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
-		if (pf->prim_clear)
-			pf->prim_clear(pval, it);
-		else 
-			*pval = NULL;
-		return;
-		}
-	if (!it || (it->itype == ASN1_ITYPE_MSTRING))
-		utype = -1;
-	else
-		utype = it->utype;
-	if (utype == V_ASN1_BOOLEAN)
-		*(ASN1_BOOLEAN *)pval = it->size;
-	else *pval = NULL;
-	}
+{
+    int utype;
+    if (it && it->funcs) {
+        const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
+        if (pf->prim_clear)
+            pf->prim_clear(pval, it);
+        else
+            *pval = NULL;
+        return;
+    }
+    if (!it || (it->itype == ASN1_ITYPE_MSTRING))
+        utype = -1;
+    else
+        utype = it->utype;
+    if (utype == V_ASN1_BOOLEAN)
+        *(ASN1_BOOLEAN *)pval = it->size;
+    else
+        *pval = NULL;
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c
index 6252213d..4820035b 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_typ.c
@@ -1,6 +1,7 @@
 /* tasn_typ.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
diff --git a/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c b/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c
index ca9ec7a3..41726d8f 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/tasn_utl.c
@@ -1,6 +1,7 @@
 /* tasn_utl.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,7 +57,6 @@
  *
  */
 
-
 #include <stddef.h>
 #include <string.h>
 #include <openssl/asn1.h>
@@ -69,211 +69,207 @@
 /* Add 'offset' to 'addr' */
 #define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
 
-/* Given an ASN1_ITEM CHOICE type return
- * the selector value
+/*
+ * Given an ASN1_ITEM CHOICE type return the selector value
  */
 
 int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	int *sel = offset2ptr(*pval, it->utype);
-	return *sel;
-	}
+{
+    int *sel = offset2ptr(*pval, it->utype);
+    return *sel;
+}
 
-/* Given an ASN1_ITEM CHOICE type set
- * the selector value, return old value.
+/*
+ * Given an ASN1_ITEM CHOICE type set the selector value, return old value.
  */
 
-int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
-	{	
-	int *sel, ret;
-	sel = offset2ptr(*pval, it->utype);
-	ret = *sel;
-	*sel = value;
-	return ret;
-	}
+int asn1_set_choice_selector(ASN1_VALUE **pval, int value,
+                             const ASN1_ITEM *it)
+{
+    int *sel, ret;
+    sel = offset2ptr(*pval, it->utype);
+    ret = *sel;
+    *sel = value;
+    return ret;
+}
 
-/* Do reference counting. The value 'op' decides what to do. 
- * if it is +1 then the count is incremented. If op is 0 count is
- * set to 1. If op is -1 count is decremented and the return value
- * is the current refrence count or 0 if no reference count exists.
+/*
+ * Do reference counting. The value 'op' decides what to do. if it is +1
+ * then the count is incremented. If op is 0 count is set to 1. If op is -1
+ * count is decremented and the return value is the current refrence count or
+ * 0 if no reference count exists.
  */
 
 int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
-	{
-	const ASN1_AUX *aux;
-	int *lck, ret;
-	if ((it->itype != ASN1_ITYPE_SEQUENCE)
-	   && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))
-		return 0;
-	aux = it->funcs;
-	if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT))
-		return 0;
-	lck = offset2ptr(*pval, aux->ref_offset);
-	if (op == 0)
-		{
-		*lck = 1;
-		return 1;
-		}
-	ret = CRYPTO_add(lck, op, aux->ref_lock);
+{
+    const ASN1_AUX *aux;
+    int *lck, ret;
+    if ((it->itype != ASN1_ITYPE_SEQUENCE)
+        && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))
+        return 0;
+    aux = it->funcs;
+    if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT))
+        return 0;
+    lck = offset2ptr(*pval, aux->ref_offset);
+    if (op == 0) {
+        *lck = 1;
+        return 1;
+    }
+    ret = CRYPTO_add(lck, op, aux->ref_lock);
 #ifdef REF_PRINT
-	fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);
+    fprintf(stderr, "%s: Reference Count: %d\n", it->sname, *lck);
 #endif
 #ifdef REF_CHECK
-	if (ret < 0) 
-		fprintf(stderr, "%s, bad reference count\n", it->sname);
+    if (ret < 0)
+        fprintf(stderr, "%s, bad reference count\n", it->sname);
 #endif
-	return ret;
-	}
+    return ret;
+}
 
 static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	const ASN1_AUX *aux;
-	if (!pval || !*pval)
-		return NULL;
-	aux = it->funcs;
-	if (!aux || !(aux->flags & ASN1_AFLG_ENCODING))
-		return NULL;
-	return offset2ptr(*pval, aux->enc_offset);
-	}
+{
+    const ASN1_AUX *aux;
+    if (!pval || !*pval)
+        return NULL;
+    aux = it->funcs;
+    if (!aux || !(aux->flags & ASN1_AFLG_ENCODING))
+        return NULL;
+    return offset2ptr(*pval, aux->enc_offset);
+}
 
 void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	ASN1_ENCODING *enc;
-	enc = asn1_get_enc_ptr(pval, it);
-	if (enc)
-		{
-		enc->enc = NULL;
-		enc->len = 0;
-		enc->modified = 1;
-		}
-	}
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (enc) {
+        enc->enc = NULL;
+        enc->len = 0;
+        enc->modified = 1;
+    }
+}
 
 void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	ASN1_ENCODING *enc;
-	enc = asn1_get_enc_ptr(pval, it);
-	if (enc)
-		{
-		if (enc->enc)
-			OPENSSL_free(enc->enc);
-		enc->enc = NULL;
-		enc->len = 0;
-		enc->modified = 1;
-		}
-	}
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (enc) {
+        if (enc->enc)
+            OPENSSL_free(enc->enc);
+        enc->enc = NULL;
+        enc->len = 0;
+        enc->modified = 1;
+    }
+}
 
 int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen,
-							 const ASN1_ITEM *it)
-	{
-	ASN1_ENCODING *enc;
-	enc = asn1_get_enc_ptr(pval, it);
-	if (!enc)
-		return 1;
+                  const ASN1_ITEM *it)
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (!enc)
+        return 1;
+
+    if (enc->enc)
+        OPENSSL_free(enc->enc);
+    enc->enc = OPENSSL_malloc(inlen);
+    if (!enc->enc)
+        return 0;
+    memcpy(enc->enc, in, inlen);
+    enc->len = inlen;
+    enc->modified = 0;
 
-	if (enc->enc)
-		OPENSSL_free(enc->enc);
-	enc->enc = OPENSSL_malloc(inlen);
-	if (!enc->enc)
-		return 0;
-	memcpy(enc->enc, in, inlen);
-	enc->len = inlen;
-	enc->modified = 0;
+    return 1;
+}
 
-	return 1;
-	}
-		
 int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval,
-							const ASN1_ITEM *it)
-	{
-	ASN1_ENCODING *enc;
-	enc = asn1_get_enc_ptr(pval, it);
-	if (!enc || enc->modified)
-		return 0;
-	if (out)
-		{
-		memcpy(*out, enc->enc, enc->len);
-		*out += enc->len;
-		}
-	if (len)
-		*len = enc->len;
-	return 1;
-	}
+                     const ASN1_ITEM *it)
+{
+    ASN1_ENCODING *enc;
+    enc = asn1_get_enc_ptr(pval, it);
+    if (!enc || enc->modified)
+        return 0;
+    if (out) {
+        memcpy(*out, enc->enc, enc->len);
+        *out += enc->len;
+    }
+    if (len)
+        *len = enc->len;
+    return 1;
+}
 
 /* Given an ASN1_TEMPLATE get a pointer to a field */
-ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
-	{
-	ASN1_VALUE **pvaltmp;
-	if (tt->flags & ASN1_TFLG_COMBINE)
-		return pval;
-	pvaltmp = offset2ptr(*pval, tt->offset);
-	/* NOTE for BOOLEAN types the field is just a plain
- 	 * int so we can't return int **, so settle for
-	 * (int *).
-	 */
-	return pvaltmp;
-	}
+ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
+{
+    ASN1_VALUE **pvaltmp;
+    if (tt->flags & ASN1_TFLG_COMBINE)
+        return pval;
+    pvaltmp = offset2ptr(*pval, tt->offset);
+    /*
+     * NOTE for BOOLEAN types the field is just a plain int so we can't
+     * return int **, so settle for (int *).
+     */
+    return pvaltmp;
+}
 
-/* Handle ANY DEFINED BY template, find the selector, look up
- * the relevant ASN1_TEMPLATE in the table and return it.
+/*
+ * Handle ANY DEFINED BY template, find the selector, look up the relevant
+ * ASN1_TEMPLATE in the table and return it.
  */
 
 const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt,
-								int nullerr)
-	{
-	const ASN1_ADB *adb;
-	const ASN1_ADB_TABLE *atbl;
-	long selector;
-	ASN1_VALUE **sfld;
-	int i;
-	if (!(tt->flags & ASN1_TFLG_ADB_MASK))
-		return tt;
+                                 int nullerr)
+{
+    const ASN1_ADB *adb;
+    const ASN1_ADB_TABLE *atbl;
+    long selector;
+    ASN1_VALUE **sfld;
+    int i;
+    if (!(tt->flags & ASN1_TFLG_ADB_MASK))
+        return tt;
+
+    /* Else ANY DEFINED BY ... get the table */
+    adb = ASN1_ADB_ptr(tt->item);
 
-	/* Else ANY DEFINED BY ... get the table */
-	adb = ASN1_ADB_ptr(tt->item);
+    /* Get the selector field */
+    sfld = offset2ptr(*pval, adb->offset);
 
-	/* Get the selector field */
-	sfld = offset2ptr(*pval, adb->offset);
+    /* Check if NULL */
+    if (!sfld) {
+        if (!adb->null_tt)
+            goto err;
+        return adb->null_tt;
+    }
 
-	/* Check if NULL */
-	if (!sfld)
-		{
-		if (!adb->null_tt)
-			goto err;
-		return adb->null_tt;
-		}
+    /*
+     * Convert type to a long: NB: don't check for NID_undef here because it
+     * might be a legitimate value in the table
+     */
+    if (tt->flags & ASN1_TFLG_ADB_OID)
+        selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
+    else
+        selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
 
-	/* Convert type to a long:
-	 * NB: don't check for NID_undef here because it
-	 * might be a legitimate value in the table
-	 */
-	if (tt->flags & ASN1_TFLG_ADB_OID) 
-		selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
-	else 
-		selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
+    /*
+     * Try to find matching entry in table Maybe should check application
+     * types first to allow application override? Might also be useful to
+     * have a flag which indicates table is sorted and we can do a binary
+     * search. For now stick to a linear search.
+     */
 
-	/* Try to find matching entry in table
-	 * Maybe should check application types first to
-	 * allow application override? Might also be useful
-	 * to have a flag which indicates table is sorted and
-	 * we can do a binary search. For now stick to a
-	 * linear search.
-	 */
+    for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
+        if (atbl->value == selector)
+            return &atbl->tt;
 
-	for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
-		if (atbl->value == selector)
-			return &atbl->tt;
+    /* FIXME: need to search application table too */
 
-	/* FIXME: need to search application table too */
+    /* No match, return default type */
+    if (!adb->default_tt)
+        goto err;
+    return adb->default_tt;
 
-	/* No match, return default type */
-	if (!adb->default_tt)
-		goto err;		
-	return adb->default_tt;
-	
-	err:
-	/* FIXME: should log the value or OID of unsupported type */
-	if (nullerr)
-		ASN1err(ASN1_F_ASN1_DO_ADB,
-			ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
-	return NULL;
-	}
+ err:
+    /* FIXME: should log the value or OID of unsupported type */
+    if (nullerr)
+        ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
+    return NULL;
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c
index 99e53429..babc2e17 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_algor.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_algor.c
@@ -1,6 +1,7 @@
 /* x_algor.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,12 +63,12 @@
 #include <openssl/asn1t.h>
 
 ASN1_SEQUENCE(X509_ALGOR) = {
-	ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
-	ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
+        ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT),
+        ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY)
 } ASN1_SEQUENCE_END(X509_ALGOR)
 
-ASN1_ITEM_TEMPLATE(X509_ALGORS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
+ASN1_ITEM_TEMPLATE(X509_ALGORS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, algorithms, X509_ALGOR)
 ASN1_ITEM_TEMPLATE_END(X509_ALGORS)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR)
@@ -78,53 +79,55 @@ IMPLEMENT_STACK_OF(X509_ALGOR)
 IMPLEMENT_ASN1_SET_OF(X509_ALGOR)
 
 int X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int ptype, void *pval)
-	{
-	if (!alg)
-		return 0;
-	if (ptype != V_ASN1_UNDEF)
-		{
-		if (alg->parameter == NULL)
-			alg->parameter = ASN1_TYPE_new();
-		if (alg->parameter == NULL)
-			return 0;
-		}
-	if (alg)
-		{
-		if (alg->algorithm)
-			ASN1_OBJECT_free(alg->algorithm);
-		alg->algorithm = aobj;
-		}
-	if (ptype == 0)
-		return 1;	
-	if (ptype == V_ASN1_UNDEF)
-		{
-		if (alg->parameter)
-			{
-			ASN1_TYPE_free(alg->parameter);
-			alg->parameter = NULL;
-			}
-		}
-	else
-		ASN1_TYPE_set(alg->parameter, ptype, pval);
-	return 1;
-	}
+{
+    if (!alg)
+        return 0;
+    if (ptype != V_ASN1_UNDEF) {
+        if (alg->parameter == NULL)
+            alg->parameter = ASN1_TYPE_new();
+        if (alg->parameter == NULL)
+            return 0;
+    }
+    if (alg) {
+        if (alg->algorithm)
+            ASN1_OBJECT_free(alg->algorithm);
+        alg->algorithm = aobj;
+    }
+    if (ptype == 0)
+        return 1;
+    if (ptype == V_ASN1_UNDEF) {
+        if (alg->parameter) {
+            ASN1_TYPE_free(alg->parameter);
+            alg->parameter = NULL;
+        }
+    } else
+        ASN1_TYPE_set(alg->parameter, ptype, pval);
+    return 1;
+}
 
 void X509_ALGOR_get0(ASN1_OBJECT **paobj, int *pptype, void **ppval,
-						X509_ALGOR *algor)
-	{
-	if (paobj)
-		*paobj = algor->algorithm;
-	if (pptype)
-		{
-		if (algor->parameter == NULL)
-			{
-			*pptype = V_ASN1_UNDEF;
-			return;
-			}
-		else
-			*pptype = algor->parameter->type;
-		if (ppval)
-			*ppval = algor->parameter->value.ptr;
-		}
-	}
+                     X509_ALGOR *algor)
+{
+    if (paobj)
+        *paobj = algor->algorithm;
+    if (pptype) {
+        if (algor->parameter == NULL) {
+            *pptype = V_ASN1_UNDEF;
+            return;
+        } else
+            *pptype = algor->parameter->type;
+        if (ppval)
+            *ppval = algor->parameter->value.ptr;
+    }
+}
 
+int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
+{
+    int rv;
+    rv = OBJ_cmp(a->algorithm, b->algorithm);
+    if (rv)
+        return rv;
+    if (!a->parameter && !b->parameter)
+        return 0;
+    return ASN1_TYPE_cmp(a->parameter, b->parameter);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c b/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c
index 1e3713f1..93ef53bd 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_attrib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,18 +62,19 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-/* X509_ATTRIBUTE: this has the following form:
+/*-
+ * X509_ATTRIBUTE: this has the following form:
  *
  * typedef struct x509_attributes_st
- *	{
- *	ASN1_OBJECT *object;
- *	int single;
- *	union	{
- *		char		*ptr;
- * 		STACK_OF(ASN1_TYPE) *set;
- * 		ASN1_TYPE	*single;
- *		} value;
- *	} X509_ATTRIBUTE;
+ *      {
+ *      ASN1_OBJECT *object;
+ *      int single;
+ *      union   {
+ *              char            *ptr;
+ *              STACK_OF(ASN1_TYPE) *set;
+ *              ASN1_TYPE       *single;
+ *              } value;
+ *      } X509_ATTRIBUTE;
  *
  * this needs some extra thought because the CHOICE type is
  * merged with the main structure and because the value can
@@ -83,36 +84,41 @@
  */
 
 ASN1_CHOICE(X509_ATTRIBUTE_SET) = {
-	ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
-	ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
+        ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY),
+        ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY)
 } ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single)
 
 ASN1_SEQUENCE(X509_ATTRIBUTE) = {
-	ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
-	/* CHOICE type merged with parent */
-	ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
+        ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT),
+        /* CHOICE type merged with parent */
+        ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET)
 } ASN1_SEQUENCE_END(X509_ATTRIBUTE)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE)
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
-	{
-	X509_ATTRIBUTE *ret=NULL;
-	ASN1_TYPE *val=NULL;
+{
+    X509_ATTRIBUTE *ret = NULL;
+    ASN1_TYPE *val = NULL;
 
-	if ((ret=X509_ATTRIBUTE_new()) == NULL)
-		return(NULL);
-	ret->object=OBJ_nid2obj(nid);
-	ret->single=0;
-	if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err;
-	if ((val=ASN1_TYPE_new()) == NULL) goto err;
-	if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err;
+    if ((ret = X509_ATTRIBUTE_new()) == NULL)
+        return (NULL);
+    ret->object = OBJ_nid2obj(nid);
+    ret->single = 0;
+    if ((ret->value.set = sk_ASN1_TYPE_new_null()) == NULL)
+        goto err;
+    if ((val = ASN1_TYPE_new()) == NULL)
+        goto err;
+    if (!sk_ASN1_TYPE_push(ret->value.set, val))
+        goto err;
 
-	ASN1_TYPE_set(val,atrtype,value);
-	return(ret);
-err:
-	if (ret != NULL) X509_ATTRIBUTE_free(ret);
-	if (val != NULL) ASN1_TYPE_free(val);
-	return(NULL);
-	}
+    ASN1_TYPE_set(val, atrtype, value);
+    return (ret);
+ err:
+    if (ret != NULL)
+        X509_ATTRIBUTE_free(ret);
+    if (val != NULL)
+        ASN1_TYPE_free(val);
+    return (NULL);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c b/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c
index 9cf3204a..a5a403c2 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_bignum.c
@@ -1,6 +1,7 @@
 /* x_bignum.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,79 +62,91 @@
 #include <openssl/asn1t.h>
 #include <openssl/bn.h>
 
-/* Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER as a
- * BIGNUM directly. Currently it ignores the sign which isn't a problem since all
- * BIGNUMs used are non negative and anything that looks negative is normally due
- * to an encoding error.
+/*
+ * Custom primitive type for BIGNUM handling. This reads in an ASN1_INTEGER
+ * as a BIGNUM directly. Currently it ignores the sign which isn't a problem
+ * since all BIGNUMs used are non negative and anything that looks negative
+ * is normally due to an encoding error.
  */
 
-#define BN_SENSITIVE	1
+#define BN_SENSITIVE    1
 
 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                  const ASN1_ITEM *it);
+static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                  int utype, char *free_cont, const ASN1_ITEM *it);
 
 static ASN1_PRIMITIVE_FUNCS bignum_pf = {
-	NULL, 0,
-	bn_new,
-	bn_free,
-	0,
-	bn_c2i,
-	bn_i2c
+    NULL, 0,
+    bn_new,
+    bn_free,
+    0,
+    bn_c2i,
+    bn_i2c
 };
 
 ASN1_ITEM_start(BIGNUM)
-	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, 0, "BIGNUM"
 ASN1_ITEM_end(BIGNUM)
 
 ASN1_ITEM_start(CBIGNUM)
-	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &bignum_pf, BN_SENSITIVE, "BIGNUM"
 ASN1_ITEM_end(CBIGNUM)
 
 static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	*pval = (ASN1_VALUE *)BN_new();
-	if(*pval) return 1;
-	else return 0;
+    *pval = (ASN1_VALUE *)BN_new();
+    if (*pval)
+        return 1;
+    else
+        return 0;
 }
 
 static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	if(!*pval) return;
-	if(it->size & BN_SENSITIVE) BN_clear_free((BIGNUM *)*pval);
-	else BN_free((BIGNUM *)*pval);
-	*pval = NULL;
+    if (!*pval)
+        return;
+    if (it->size & BN_SENSITIVE)
+        BN_clear_free((BIGNUM *)*pval);
+    else
+        BN_free((BIGNUM *)*pval);
+    *pval = NULL;
 }
 
-static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                  const ASN1_ITEM *it)
 {
-	BIGNUM *bn;
-	int pad;
-	if(!*pval) return -1;
-	bn = (BIGNUM *)*pval;
-	/* If MSB set in an octet we need a padding byte */
-	if(BN_num_bits(bn) & 0x7) pad = 0;
-	else pad = 1;
-	if(cont) {
-		if(pad) *cont++ = 0;
-		BN_bn2bin(bn, cont);
-	}
-	return pad + BN_num_bytes(bn);
+    BIGNUM *bn;
+    int pad;
+    if (!*pval)
+        return -1;
+    bn = (BIGNUM *)*pval;
+    /* If MSB set in an octet we need a padding byte */
+    if (BN_num_bits(bn) & 0x7)
+        pad = 0;
+    else
+        pad = 1;
+    if (cont) {
+        if (pad)
+            *cont++ = 0;
+        BN_bn2bin(bn, cont);
+    }
+    return pad + BN_num_bytes(bn);
 }
 
 static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
-		  int utype, char *free_cont, const ASN1_ITEM *it)
+                  int utype, char *free_cont, const ASN1_ITEM *it)
 {
-	BIGNUM *bn;
-	if(!*pval) bn_new(pval, it);
-	bn  = (BIGNUM *)*pval;
-	if(!BN_bin2bn(cont, len, bn)) {
-		bn_free(pval, it);
-		return 0;
-	}
-	return 1;
+    BIGNUM *bn;
+    if (!*pval)
+        bn_new(pval, it);
+    bn = (BIGNUM *)*pval;
+    if (!BN_bin2bn(cont, len, bn)) {
+        bn_free(pval, it);
+        return 0;
+    }
+    return 1;
 }
-
-
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_crl.c b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c
index 70d56a67..099b2646 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_crl.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_crl.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,80 +61,88 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
-				const X509_REVOKED * const *b);
+static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
+                            const X509_REVOKED *const *b);
 
 ASN1_SEQUENCE(X509_REVOKED) = {
-	ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
-	ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
-	ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
+        ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION)
 } ASN1_SEQUENCE_END(X509_REVOKED)
 
-/* The X509_CRL_INFO structure needs a bit of customisation.
- * Since we cache the original encoding the signature wont be affected by
- * reordering of the revoked field.
+/*
+ * The X509_CRL_INFO structure needs a bit of customisation. Since we cache
+ * the original encoding the signature wont be affected by reordering of the
+ * revoked field.
  */
 static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
-
-	if(!a || !a->revoked) return 1;
-	switch(operation) {
-		/* Just set cmp function here. We don't sort because that
-		 * would affect the output of X509_CRL_print().
-		 */
-		case ASN1_OP_D2I_POST:
-		(void)sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp);
-		break;
-	}
-	return 1;
+    X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
+
+    if (!a || !a->revoked)
+        return 1;
+    switch (operation) {
+        /*
+         * Just set cmp function here. We don't sort because that would
+         * affect the output of X509_CRL_print().
+         */
+    case ASN1_OP_D2I_POST:
+        (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp);
+        break;
+    }
+    return 1;
 }
 
 
 ASN1_SEQUENCE_enc(X509_CRL_INFO, enc, crl_inf_cb) = {
-	ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
-	ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
-	ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
-	ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
-	ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
-	ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
-	ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
+        ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME),
+        ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME),
+        ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME),
+        ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0)
 } ASN1_SEQUENCE_END_enc(X509_CRL_INFO, X509_CRL_INFO)
 
 ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = {
-	ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
-	ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
-	ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
+        ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO),
+        ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING)
 } ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED)
+
 IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO)
+
 IMPLEMENT_ASN1_FUNCTIONS(X509_CRL)
+
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL)
 
-static int X509_REVOKED_cmp(const X509_REVOKED * const *a,
-			const X509_REVOKED * const *b)
-	{
-	return(ASN1_STRING_cmp(
-		(ASN1_STRING *)(*a)->serialNumber,
-		(ASN1_STRING *)(*b)->serialNumber));
-	}
+static int X509_REVOKED_cmp(const X509_REVOKED *const *a,
+                            const X509_REVOKED *const *b)
+{
+    return (ASN1_STRING_cmp((ASN1_STRING *)(*a)->serialNumber,
+                            (ASN1_STRING *)(*b)->serialNumber));
+}
 
 int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
 {
-	X509_CRL_INFO *inf;
-	inf = crl->crl;
-	if(!inf->revoked)
-		inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
-	if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
-		ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	inf->enc.modified = 1;
-	return 1;
+    X509_CRL_INFO *inf;
+    inf = crl->crl;
+    if (!inf->revoked)
+        inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
+    if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
+        ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    inf->enc.modified = 1;
+    return 1;
 }
 
 IMPLEMENT_STACK_OF(X509_REVOKED)
+
 IMPLEMENT_ASN1_SET_OF(X509_REVOKED)
+
 IMPLEMENT_STACK_OF(X509_CRL)
+
 IMPLEMENT_ASN1_SET_OF(X509_CRL)
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_exten.c b/Cryptlib/OpenSSL/crypto/asn1/x_exten.c
index 3a212399..00a9580a 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_exten.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_exten.c
@@ -1,6 +1,7 @@
 /* x_exten.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,13 +63,13 @@
 #include <openssl/asn1t.h>
 
 ASN1_SEQUENCE(X509_EXTENSION) = {
-	ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
-	ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
-	ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
+        ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
+        ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
+        ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(X509_EXTENSION)
 
-ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
+ASN1_ITEM_TEMPLATE(X509_EXTENSIONS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Extension, X509_EXTENSION)
 ASN1_ITEM_TEMPLATE_END(X509_EXTENSIONS)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION)
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_info.c b/Cryptlib/OpenSSL/crypto/asn1/x_info.c
index d44f6cdb..067fd72a 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_info.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_info.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,52 +63,55 @@
 #include <openssl/x509.h>
 
 X509_INFO *X509_INFO_new(void)
-	{
-	X509_INFO *ret=NULL;
+{
+    X509_INFO *ret = NULL;
+
+    ret = (X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO));
+    if (ret == NULL) {
+        ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
 
-	ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO));
-	if (ret == NULL)
-		{
-		ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
- 
-        ret->enc_cipher.cipher=NULL;
-        ret->enc_len=0;
-        ret->enc_data=NULL;
- 
-	ret->references=1;
-	ret->x509=NULL;
-	ret->crl=NULL;
-	ret->x_pkey=NULL;
-	return(ret);
-	}
+    ret->enc_cipher.cipher = NULL;
+    ret->enc_len = 0;
+    ret->enc_data = NULL;
+
+    ret->references = 1;
+    ret->x509 = NULL;
+    ret->crl = NULL;
+    ret->x_pkey = NULL;
+    return (ret);
+}
 
 void X509_INFO_free(X509_INFO *x)
-	{
-	int i;
+{
+    int i;
 
-	if (x == NULL) return;
+    if (x == NULL)
+        return;
 
-	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_INFO);
+    i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_INFO);
 #ifdef REF_PRINT
-	REF_PRINT("X509_INFO",x);
+    REF_PRINT("X509_INFO", x);
 #endif
-	if (i > 0) return;
+    if (i > 0)
+        return;
 #ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"X509_INFO_free, bad reference count\n");
-		abort();
-		}
+    if (i < 0) {
+        fprintf(stderr, "X509_INFO_free, bad reference count\n");
+        abort();
+    }
 #endif
 
-	if (x->x509 != NULL) X509_free(x->x509);
-	if (x->crl != NULL) X509_CRL_free(x->crl);
-	if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey);
-	if (x->enc_data != NULL) OPENSSL_free(x->enc_data);
-	OPENSSL_free(x);
-	}
+    if (x->x509 != NULL)
+        X509_free(x->x509);
+    if (x->crl != NULL)
+        X509_CRL_free(x->crl);
+    if (x->x_pkey != NULL)
+        X509_PKEY_free(x->x_pkey);
+    if (x->enc_data != NULL)
+        OPENSSL_free(x->enc_data);
+    OPENSSL_free(x);
+}
 
 IMPLEMENT_STACK_OF(X509_INFO)
-
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_long.c b/Cryptlib/OpenSSL/crypto/asn1/x_long.c
index bf35457c..e0dab2be 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_long.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_long.c
@@ -1,6 +1,7 @@
 /* x_long.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,111 +62,126 @@
 #include <openssl/asn1t.h>
 #include <openssl/bn.h>
 
-/* Custom primitive type for long handling. This converts between an ASN1_INTEGER
- * and a long directly.
+/*
+ * Custom primitive type for long handling. This converts between an
+ * ASN1_INTEGER and a long directly.
  */
 
-
 static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
 static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
 
-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
-static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it);
+static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
+                    int utype, char *free_cont, const ASN1_ITEM *it);
 
 static ASN1_PRIMITIVE_FUNCS long_pf = {
-	NULL, 0,
-	long_new,
-	long_free,
-	long_free,	/* Clear should set to initial value */
-	long_c2i,
-	long_i2c
+    NULL, 0,
+    long_new,
+    long_free,
+    long_free,                  /* Clear should set to initial value */
+    long_c2i,
+    long_i2c
 };
 
 ASN1_ITEM_start(LONG)
-	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
 ASN1_ITEM_end(LONG)
 
 ASN1_ITEM_start(ZLONG)
-	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
+        ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
 ASN1_ITEM_end(ZLONG)
 
 static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	*(long *)pval = it->size;
-	return 1;
+    *(long *)pval = it->size;
+    return 1;
 }
 
 static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	*(long *)pval = it->size;
+    *(long *)pval = it->size;
 }
 
-static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it)
+static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
+                    const ASN1_ITEM *it)
 {
-	long ltmp;
-	unsigned long utmp;
-	int clen, pad, i;
-	/* this exists to bypass broken gcc optimization */
-	char *cp = (char *)pval;
-
-	/* use memcpy, because we may not be long aligned */
-	memcpy(&ltmp, cp, sizeof(long));
-
-	if(ltmp == it->size) return -1;
-	/* Convert the long to positive: we subtract one if negative so
-	 * we can cleanly handle the padding if only the MSB of the leading
-	 * octet is set. 
-	 */
-	if(ltmp < 0) utmp = -ltmp - 1;
-	else utmp = ltmp;
-	clen = BN_num_bits_word(utmp);
-	/* If MSB of leading octet set we need to pad */
-	if(!(clen & 0x7)) pad = 1;
-	else pad = 0;
-
-	/* Convert number of bits to number of octets */
-	clen = (clen + 7) >> 3;
-
-	if(cont) {
-		if(pad) *cont++ = (ltmp < 0) ? 0xff : 0;
-		for(i = clen - 1; i >= 0; i--) {
-			cont[i] = (unsigned char)(utmp & 0xff);
-			if(ltmp < 0) cont[i] ^= 0xff;
-			utmp >>= 8;
-		}
-	}
-	return clen + pad;
+    long ltmp;
+    unsigned long utmp;
+    int clen, pad, i;
+    /* this exists to bypass broken gcc optimization */
+    char *cp = (char *)pval;
+
+    /* use memcpy, because we may not be long aligned */
+    memcpy(&ltmp, cp, sizeof(long));
+
+    if (ltmp == it->size)
+        return -1;
+    /*
+     * Convert the long to positive: we subtract one if negative so we can
+     * cleanly handle the padding if only the MSB of the leading octet is
+     * set.
+     */
+    if (ltmp < 0)
+        utmp = -ltmp - 1;
+    else
+        utmp = ltmp;
+    clen = BN_num_bits_word(utmp);
+    /* If MSB of leading octet set we need to pad */
+    if (!(clen & 0x7))
+        pad = 1;
+    else
+        pad = 0;
+
+    /* Convert number of bits to number of octets */
+    clen = (clen + 7) >> 3;
+
+    if (cont) {
+        if (pad)
+            *cont++ = (ltmp < 0) ? 0xff : 0;
+        for (i = clen - 1; i >= 0; i--) {
+            cont[i] = (unsigned char)(utmp & 0xff);
+            if (ltmp < 0)
+                cont[i] ^= 0xff;
+            utmp >>= 8;
+        }
+    }
+    return clen + pad;
 }
 
 static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
-		    int utype, char *free_cont, const ASN1_ITEM *it)
+                    int utype, char *free_cont, const ASN1_ITEM *it)
 {
-	int neg, i;
-	long ltmp;
-	unsigned long utmp = 0;
-	char *cp = (char *)pval;
-	if(len > (int)sizeof(long)) {
-		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
-		return 0;
-	}
-	/* Is it negative? */
-	if(len && (cont[0] & 0x80)) neg = 1;
-	else neg = 0;
-	utmp = 0;
-	for(i = 0; i < len; i++) {
-		utmp <<= 8;
-		if(neg) utmp |= cont[i] ^ 0xff;
-		else utmp |= cont[i];
-	}
-	ltmp = (long)utmp;
-	if(neg) {
-		ltmp++;
-		ltmp = -ltmp;
-	}
-	if(ltmp == it->size) {
-		ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
-		return 0;
-	}
-	memcpy(cp, &ltmp, sizeof(long));
-	return 1;
+    int neg, i;
+    long ltmp;
+    unsigned long utmp = 0;
+    char *cp = (char *)pval;
+    if (len > (int)sizeof(long)) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+        return 0;
+    }
+    /* Is it negative? */
+    if (len && (cont[0] & 0x80))
+        neg = 1;
+    else
+        neg = 0;
+    utmp = 0;
+    for (i = 0; i < len; i++) {
+        utmp <<= 8;
+        if (neg)
+            utmp |= cont[i] ^ 0xff;
+        else
+            utmp |= cont[i];
+    }
+    ltmp = (long)utmp;
+    if (neg) {
+        ltmp++;
+        ltmp = -ltmp;
+    }
+    if (ltmp == it->size) {
+        ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
+        return 0;
+    }
+    memcpy(cp, &ltmp, sizeof(long));
+    return 1;
 }
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_name.c b/Cryptlib/OpenSSL/crypto/asn1/x_name.c
index 9a1a9f41..85be1a62 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_name.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_name.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,217 +61,250 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
-					int tag, int aclass, char opt, ASN1_TLC *ctx);
+static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in,
+                            long len, const ASN1_ITEM *it, int tag,
+                            int aclass, char opt, ASN1_TLC *ctx);
 
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
+                            const ASN1_ITEM *it, int tag, int aclass);
 static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
 static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
 
 static int x509_name_encode(X509_NAME *a);
 
 ASN1_SEQUENCE(X509_NAME_ENTRY) = {
-	ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
-	ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
+        ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
+        ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
 } ASN1_SEQUENCE_END(X509_NAME_ENTRY)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
 
-/* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY }
- * so declare two template wrappers for this
+/*
+ * For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so
+ * declare two template wrappers for this
  */
 
 ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
 ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
 
 ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
 ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
 
-/* Normally that's where it would end: we'd have two nested STACK structures
+/*
+ * Normally that's where it would end: we'd have two nested STACK structures
  * representing the ASN1. Unfortunately X509_NAME uses a completely different
- * form and caches encodings so we have to process the internal form and convert
- * to the external form.
+ * form and caches encodings so we have to process the internal form and
+ * convert to the external form.
  */
 
 const ASN1_EXTERN_FUNCS x509_name_ff = {
-	NULL,
-	x509_name_ex_new,
-	x509_name_ex_free,
-	0,	/* Default clear behaviour is OK */
-	x509_name_ex_d2i,
-	x509_name_ex_i2d
+    NULL,
+    x509_name_ex_new,
+    x509_name_ex_free,
+    0,                          /* Default clear behaviour is OK */
+    x509_name_ex_d2i,
+    x509_name_ex_i2d
 };
 
-IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) 
+IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
+
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
 
 static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
 {
-	X509_NAME *ret = NULL;
-	ret = OPENSSL_malloc(sizeof(X509_NAME));
-	if(!ret) goto memerr;
-	if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL)
-		goto memerr;
-	if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr;
-	ret->modified=1;
-	*val = (ASN1_VALUE *)ret;
-	return 1;
+    X509_NAME *ret = NULL;
+    ret = OPENSSL_malloc(sizeof(X509_NAME));
+    if (!ret)
+        goto memerr;
+    if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
+        goto memerr;
+    if ((ret->bytes = BUF_MEM_new()) == NULL)
+        goto memerr;
+    ret->modified = 1;
+    *val = (ASN1_VALUE *)ret;
+    return 1;
 
  memerr:
-	ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
-	if (ret)
-		{
-		if (ret->entries)
-			sk_X509_NAME_ENTRY_free(ret->entries);
-		OPENSSL_free(ret);
-		}
-	return 0;
+    ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
+    if (ret) {
+        if (ret->entries)
+            sk_X509_NAME_ENTRY_free(ret->entries);
+        OPENSSL_free(ret);
+    }
+    return 0;
 }
 
 static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	X509_NAME *a;
-	if(!pval || !*pval)
-	    return;
-	a = (X509_NAME *)*pval;
-
-	BUF_MEM_free(a->bytes);
-	sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free);
-	OPENSSL_free(a);
-	*pval = NULL;
+    X509_NAME *a;
+    if (!pval || !*pval)
+        return;
+    a = (X509_NAME *)*pval;
+
+    BUF_MEM_free(a->bytes);
+    sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
+    OPENSSL_free(a);
+    *pval = NULL;
 }
 
-/* Used with sk_pop_free() to free up the internal representation.
- * NB: we only free the STACK and not its contents because it is
- * already present in the X509_NAME structure.
+/*
+ * Used with sk_pop_free() to free up the internal representation. NB: we
+ * only free the STACK and not its contents because it is already present in
+ * the X509_NAME structure.
  */
 
 static void sk_internal_free(void *a)
 {
-	sk_free(a);
+    sk_free(a);
 }
 
-static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_ITEM *it,
-					int tag, int aclass, char opt, ASN1_TLC *ctx)
+static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in,
+                            long len, const ASN1_ITEM *it, int tag,
+                            int aclass, char opt, ASN1_TLC *ctx)
 {
-	const unsigned char *p = *in, *q;
-	union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
-	union { X509_NAME *x; ASN1_VALUE *a; } nm = {NULL};
-	int i, j, ret;
-	STACK_OF(X509_NAME_ENTRY) *entries;
-	X509_NAME_ENTRY *entry;
-	q = p;
-
-	/* Get internal representation of Name */
-	ret = ASN1_item_ex_d2i(&intname.a,
-			       &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
-			       tag, aclass, opt, ctx);
-	
-	if(ret <= 0) return ret;
-
-	if(*val) x509_name_ex_free(val, NULL);
-	if(!x509_name_ex_new(&nm.a, NULL)) goto err;
-	/* We've decoded it: now cache encoding */
-	if(!BUF_MEM_grow(nm.x->bytes, p - q)) goto err;
-	memcpy(nm.x->bytes->data, q, p - q);
-
-	/* Convert internal representation to X509_NAME structure */
-	for(i = 0; i < sk_num(intname.s); i++) {
-		entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i);
-		for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
-			entry = sk_X509_NAME_ENTRY_value(entries, j);
-			entry->set = i;
-			if(!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
-				goto err;
-		}
-		sk_X509_NAME_ENTRY_free(entries);
-	}
-	sk_free(intname.s);
-	nm.x->modified = 0;
-	*val = nm.a;
-	*in = p;
-	return ret;
-err:
-        if (nm.x != NULL)
-		X509_NAME_free(nm.x);
-	ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
-	return 0;
+    const unsigned char *p = *in, *q;
+    union {
+        STACK *s;
+        ASN1_VALUE *a;
+    } intname = {
+        NULL
+    };
+    union {
+        X509_NAME *x;
+        ASN1_VALUE *a;
+    } nm = {
+        NULL
+    };
+    int i, j, ret;
+    STACK_OF(X509_NAME_ENTRY) *entries;
+    X509_NAME_ENTRY *entry;
+    q = p;
+
+    /* Get internal representation of Name */
+    ret = ASN1_item_ex_d2i(&intname.a,
+                           &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
+                           tag, aclass, opt, ctx);
+
+    if (ret <= 0)
+        return ret;
+
+    if (*val)
+        x509_name_ex_free(val, NULL);
+    if (!x509_name_ex_new(&nm.a, NULL))
+        goto err;
+    /* We've decoded it: now cache encoding */
+    if (!BUF_MEM_grow(nm.x->bytes, p - q))
+        goto err;
+    memcpy(nm.x->bytes->data, q, p - q);
+
+    /* Convert internal representation to X509_NAME structure */
+    for (i = 0; i < sk_num(intname.s); i++) {
+        entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname.s, i);
+        for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
+            entry = sk_X509_NAME_ENTRY_value(entries, j);
+            entry->set = i;
+            if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
+                goto err;
+        }
+        sk_X509_NAME_ENTRY_free(entries);
+    }
+    sk_free(intname.s);
+    nm.x->modified = 0;
+    *val = nm.a;
+    *in = p;
+    return ret;
+ err:
+    if (nm.x != NULL)
+        X509_NAME_free(nm.x);
+    ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
+    return 0;
 }
 
-static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass)
+static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
+                            const ASN1_ITEM *it, int tag, int aclass)
 {
-	int ret;
-	X509_NAME *a = (X509_NAME *)*val;
-	if(a->modified) {
-		ret = x509_name_encode((X509_NAME *)a);
-		if(ret < 0) return ret;
-	}
-	ret = a->bytes->length;
-	if(out != NULL) {
-		memcpy(*out,a->bytes->data,ret);
-		*out+=ret;
-	}
-	return ret;
+    int ret;
+    X509_NAME *a = (X509_NAME *)*val;
+    if (a->modified) {
+        ret = x509_name_encode((X509_NAME *)a);
+        if (ret < 0)
+            return ret;
+    }
+    ret = a->bytes->length;
+    if (out != NULL) {
+        memcpy(*out, a->bytes->data, ret);
+        *out += ret;
+    }
+    return ret;
 }
 
 static int x509_name_encode(X509_NAME *a)
 {
-	union { STACK *s; ASN1_VALUE *a; } intname = {NULL};
-	int len;
-	unsigned char *p;
-	STACK_OF(X509_NAME_ENTRY) *entries = NULL;
-	X509_NAME_ENTRY *entry;
-	int i, set = -1;
-	intname.s = sk_new_null();
-	if(!intname.s) goto memerr;
-	for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
-		entry = sk_X509_NAME_ENTRY_value(a->entries, i);
-		if(entry->set != set) {
-			entries = sk_X509_NAME_ENTRY_new_null();
-			if(!entries) goto memerr;
-			if(!sk_push(intname.s, (char *)entries)) goto memerr;
-			set = entry->set;
-		}
-		if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr;
-	}
-	len = ASN1_item_ex_i2d(&intname.a, NULL,
-			       ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-	if (!BUF_MEM_grow(a->bytes,len)) goto memerr;
-	p=(unsigned char *)a->bytes->data;
-	ASN1_item_ex_i2d(&intname.a,
-			 &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
-	sk_pop_free(intname.s, sk_internal_free);
-	a->modified = 0;
-	return len;
-	memerr:
-	sk_pop_free(intname.s, sk_internal_free);
-	ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
-	return -1;
+    union {
+        STACK *s;
+        ASN1_VALUE *a;
+    } intname = {
+        NULL
+    };
+    int len;
+    unsigned char *p;
+    STACK_OF(X509_NAME_ENTRY) *entries = NULL;
+    X509_NAME_ENTRY *entry;
+    int i, set = -1;
+    intname.s = sk_new_null();
+    if (!intname.s)
+        goto memerr;
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        entry = sk_X509_NAME_ENTRY_value(a->entries, i);
+        if (entry->set != set) {
+            entries = sk_X509_NAME_ENTRY_new_null();
+            if (!entries)
+                goto memerr;
+            if (!sk_push(intname.s, (char *)entries))
+                goto memerr;
+            set = entry->set;
+        }
+        if (!sk_X509_NAME_ENTRY_push(entries, entry))
+            goto memerr;
+    }
+    len = ASN1_item_ex_i2d(&intname.a, NULL,
+                           ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+    if (!BUF_MEM_grow(a->bytes, len))
+        goto memerr;
+    p = (unsigned char *)a->bytes->data;
+    ASN1_item_ex_i2d(&intname.a,
+                     &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
+    sk_pop_free(intname.s, sk_internal_free);
+    a->modified = 0;
+    return len;
+ memerr:
+    sk_pop_free(intname.s, sk_internal_free);
+    ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
+    return -1;
 }
 
-
 int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
-	{
-	X509_NAME *in;
-
-	if (!xn || !name) return(0);
-
-	if (*xn != name)
-		{
-		in=X509_NAME_dup(name);
-		if (in != NULL)
-			{
-			X509_NAME_free(*xn);
-			*xn=in;
-			}
-		}
-	return(*xn != NULL);
-	}
-	
+{
+    X509_NAME *in;
+
+    if (!xn || !name)
+        return (0);
+
+    if (*xn != name) {
+        in = X509_NAME_dup(name);
+        if (in != NULL) {
+            X509_NAME_free(*xn);
+            *xn = in;
+        }
+    }
+    return (*xn != NULL);
+}
+
 IMPLEMENT_STACK_OF(X509_NAME_ENTRY)
+
 IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY)
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c
index 84536184..2da23e47 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_pkey.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -65,87 +65,89 @@
 
 /* need to implement */
 int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp)
-	{
-	return(0);
-	}
+{
+    return (0);
+}
 
 X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, const unsigned char **pp, long length)
-	{
-	int i;
-	M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new);
+{
+    int i;
+    M_ASN1_D2I_vars(a, X509_PKEY *, X509_PKEY_new);
 
-	M_ASN1_D2I_Init();
-	M_ASN1_D2I_start_sequence();
-	M_ASN1_D2I_get_x(X509_ALGOR,ret->enc_algor,d2i_X509_ALGOR);
-	M_ASN1_D2I_get_x(ASN1_OCTET_STRING,ret->enc_pkey,d2i_ASN1_OCTET_STRING);
+    M_ASN1_D2I_Init();
+    M_ASN1_D2I_start_sequence();
+    M_ASN1_D2I_get_x(X509_ALGOR, ret->enc_algor, d2i_X509_ALGOR);
+    M_ASN1_D2I_get_x(ASN1_OCTET_STRING, ret->enc_pkey, d2i_ASN1_OCTET_STRING);
 
-	ret->cipher.cipher=EVP_get_cipherbyname(
-		OBJ_nid2ln(OBJ_obj2nid(ret->enc_algor->algorithm)));
-	if (ret->cipher.cipher == NULL)
-		{
-		c.error=ASN1_R_UNSUPPORTED_CIPHER;
-		c.line=__LINE__;
-		goto err;
-		}
-	if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) 
-		{
-		i=ret->enc_algor->parameter->value.octet_string->length;
-		if (i > EVP_MAX_IV_LENGTH)
-			{
-			c.error=ASN1_R_IV_TOO_LARGE;
-			c.line=__LINE__;
-			goto err;
-			}
-		memcpy(ret->cipher.iv,
-			ret->enc_algor->parameter->value.octet_string->data,i);
-		}
-	else
-		memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
-	M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY);
-	}
+    ret->cipher.cipher =
+        EVP_get_cipherbyname(OBJ_nid2ln
+                             (OBJ_obj2nid(ret->enc_algor->algorithm)));
+    if (ret->cipher.cipher == NULL) {
+        c.error = ASN1_R_UNSUPPORTED_CIPHER;
+        c.line = __LINE__;
+        goto err;
+    }
+    if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) {
+        i = ret->enc_algor->parameter->value.octet_string->length;
+        if (i > EVP_MAX_IV_LENGTH) {
+            c.error = ASN1_R_IV_TOO_LARGE;
+            c.line = __LINE__;
+            goto err;
+        }
+        memcpy(ret->cipher.iv,
+               ret->enc_algor->parameter->value.octet_string->data, i);
+    } else
+        memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
+    M_ASN1_D2I_Finish(a, X509_PKEY_free, ASN1_F_D2I_X509_PKEY);
+}
 
 X509_PKEY *X509_PKEY_new(void)
-	{
-	X509_PKEY *ret=NULL;
-	ASN1_CTX c;
+{
+    X509_PKEY *ret = NULL;
+    ASN1_CTX c;
 
-	M_ASN1_New_Malloc(ret,X509_PKEY);
-	ret->version=0;
-	M_ASN1_New(ret->enc_algor,X509_ALGOR_new);
-	M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new);
-	ret->dec_pkey=NULL;
-	ret->key_length=0;
-	ret->key_data=NULL;
-	ret->key_free=0;
-	ret->cipher.cipher=NULL;
-	memset(ret->cipher.iv,0,EVP_MAX_IV_LENGTH);
-	ret->references=1;
-	return(ret);
-	M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
-	}
+    M_ASN1_New_Malloc(ret, X509_PKEY);
+    ret->version = 0;
+    M_ASN1_New(ret->enc_algor, X509_ALGOR_new);
+    M_ASN1_New(ret->enc_pkey, M_ASN1_OCTET_STRING_new);
+    ret->dec_pkey = NULL;
+    ret->key_length = 0;
+    ret->key_data = NULL;
+    ret->key_free = 0;
+    ret->cipher.cipher = NULL;
+    memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
+    ret->references = 1;
+    return (ret);
+    M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW);
+}
 
 void X509_PKEY_free(X509_PKEY *x)
-	{
-	int i;
+{
+    int i;
 
-	if (x == NULL) return;
+    if (x == NULL)
+        return;
 
-	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_X509_PKEY);
+    i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY);
 #ifdef REF_PRINT
-	REF_PRINT("X509_PKEY",x);
+    REF_PRINT("X509_PKEY", x);
 #endif
-	if (i > 0) return;
+    if (i > 0)
+        return;
 #ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"X509_PKEY_free, bad reference count\n");
-		abort();
-		}
+    if (i < 0) {
+        fprintf(stderr, "X509_PKEY_free, bad reference count\n");
+        abort();
+    }
 #endif
 
-	if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor);
-	if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey);
-	if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey);
-	if ((x->key_data != NULL) && (x->key_free)) OPENSSL_free(x->key_data);
-	OPENSSL_free(x);
-	}
+    if (x->enc_algor != NULL)
+        X509_ALGOR_free(x->enc_algor);
+    if (x->enc_pkey != NULL)
+        M_ASN1_OCTET_STRING_free(x->enc_pkey);
+    if (x->dec_pkey != NULL)
+        EVP_PKEY_free(x->dec_pkey);
+    if ((x->key_data != NULL) && (x->key_free))
+        OPENSSL_free(x->key_data);
+    OPENSSL_free(x);
+}
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c
index bc8a7bf3..307798c7 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_pubkey.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,483 +61,462 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 
 /* Minor tweak to operation: free up EVP_PKEY */
 static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
-	{
-	if (operation == ASN1_OP_FREE_POST)
-		{
-		X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
-		EVP_PKEY_free(pubkey->pkey);
-		}
-	return 1;
-	}
+{
+    if (operation == ASN1_OP_FREE_POST) {
+        X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
+        EVP_PKEY_free(pubkey->pkey);
+    }
+    return 1;
+}
 
 ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = {
-	ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
-	ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
+        ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR),
+        ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
 } ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY)
 
 int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
-	{
-	X509_PUBKEY *pk=NULL;
-	X509_ALGOR *a;
-	ASN1_OBJECT *o;
-	unsigned char *s,*p = NULL;
-	int i;
-
-	if (x == NULL) return(0);
-
-	if ((pk=X509_PUBKEY_new()) == NULL) goto err;
-	a=pk->algor;
-
-	/* set the algorithm id */
-	if ((o=OBJ_nid2obj(pkey->type)) == NULL) goto err;
-	ASN1_OBJECT_free(a->algorithm);
-	a->algorithm=o;
-
-	/* Set the parameter list */
-	if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA))
-		{
-		if ((a->parameter == NULL) ||
-			(a->parameter->type != V_ASN1_NULL))
-			{
-			ASN1_TYPE_free(a->parameter);
-			if (!(a->parameter=ASN1_TYPE_new()))
-				{
-				X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			a->parameter->type=V_ASN1_NULL;
-			}
-		}
+{
+    X509_PUBKEY *pk = NULL;
+    X509_ALGOR *a;
+    ASN1_OBJECT *o;
+    unsigned char *s, *p = NULL;
+    int i;
+
+    if (x == NULL)
+        return (0);
+
+    if ((pk = X509_PUBKEY_new()) == NULL)
+        goto err;
+    a = pk->algor;
+
+    /* set the algorithm id */
+    if ((o = OBJ_nid2obj(pkey->type)) == NULL)
+        goto err;
+    ASN1_OBJECT_free(a->algorithm);
+    a->algorithm = o;
+
+    /* Set the parameter list */
+    if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) {
+        if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) {
+            ASN1_TYPE_free(a->parameter);
+            if (!(a->parameter = ASN1_TYPE_new())) {
+                X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            a->parameter->type = V_ASN1_NULL;
+        }
+    }
 #ifndef OPENSSL_NO_DSA
-	else if (pkey->type == EVP_PKEY_DSA)
-		{
-		unsigned char *pp;
-		DSA *dsa;
-		
-		dsa=pkey->pkey.dsa;
-		dsa->write_params=0;
-		ASN1_TYPE_free(a->parameter);
-		if ((i=i2d_DSAparams(dsa,NULL)) <= 0)
-			goto err;
-		if (!(p=(unsigned char *)OPENSSL_malloc(i)))
-			{
-			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		pp=p;
-		i2d_DSAparams(dsa,&pp);
-		if (!(a->parameter=ASN1_TYPE_new()))
-			{
-			OPENSSL_free(p);
-			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		a->parameter->type=V_ASN1_SEQUENCE;
-		if (!(a->parameter->value.sequence=ASN1_STRING_new()))
-			{
-			OPENSSL_free(p);
-			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if (!ASN1_STRING_set(a->parameter->value.sequence,p,i))
-			{
-			OPENSSL_free(p);
-			X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		OPENSSL_free(p);
-		}
+    else if (pkey->type == EVP_PKEY_DSA) {
+        unsigned char *pp;
+        DSA *dsa;
+
+        dsa = pkey->pkey.dsa;
+        dsa->write_params = 0;
+        ASN1_TYPE_free(a->parameter);
+        if ((i = i2d_DSAparams(dsa, NULL)) <= 0)
+            goto err;
+        if (!(p = (unsigned char *)OPENSSL_malloc(i))) {
+            X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        pp = p;
+        i2d_DSAparams(dsa, &pp);
+        if (!(a->parameter = ASN1_TYPE_new())) {
+            OPENSSL_free(p);
+            X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        a->parameter->type = V_ASN1_SEQUENCE;
+        if (!(a->parameter->value.sequence = ASN1_STRING_new())) {
+            OPENSSL_free(p);
+            X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!ASN1_STRING_set(a->parameter->value.sequence, p, i)) {
+            OPENSSL_free(p);
+            X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        OPENSSL_free(p);
+    }
 #endif
 #ifndef OPENSSL_NO_EC
-	else if (pkey->type == EVP_PKEY_EC)
-		{
-		int nid=0;
-		unsigned char *pp;
-		EC_KEY *ec_key;
-		const EC_GROUP *group;
-		
-		ec_key = pkey->pkey.ec;
-		ASN1_TYPE_free(a->parameter);
-
-		if ((a->parameter = ASN1_TYPE_new()) == NULL)
-			{
-			X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-			goto err;
-			}
-
-		group = EC_KEY_get0_group(ec_key);
-		if (EC_GROUP_get_asn1_flag(group)
-                     && (nid = EC_GROUP_get_curve_name(group)))
-			{
-			/* just set the OID */
-			a->parameter->type = V_ASN1_OBJECT;
-			a->parameter->value.object = OBJ_nid2obj(nid);
-			}
-		else /* explicit parameters */
-			{
-			if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
-				goto err;
-				}
-			if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}	
-			pp = p;
-			if (!i2d_ECParameters(ec_key, &pp))
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
-				OPENSSL_free(p);
-				goto err;
-				}
-			a->parameter->type = V_ASN1_SEQUENCE;
-			if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
-				OPENSSL_free(p);
-				goto err;
-				}
-			ASN1_STRING_set(a->parameter->value.sequence, p, i);
-			OPENSSL_free(p);
-			}
-		}
+    else if (pkey->type == EVP_PKEY_EC) {
+        int nid = 0;
+        unsigned char *pp;
+        EC_KEY *ec_key;
+        const EC_GROUP *group;
+
+        ec_key = pkey->pkey.ec;
+        ASN1_TYPE_free(a->parameter);
+
+        if ((a->parameter = ASN1_TYPE_new()) == NULL) {
+            X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
+            goto err;
+        }
+
+        group = EC_KEY_get0_group(ec_key);
+        if (EC_GROUP_get_asn1_flag(group)
+            && (nid = EC_GROUP_get_curve_name(group))) {
+            /* just set the OID */
+            a->parameter->type = V_ASN1_OBJECT;
+            a->parameter->value.object = OBJ_nid2obj(nid);
+        } else {                /* explicit parameters */
+
+            if ((i = i2d_ECParameters(ec_key, NULL)) == 0) {
+                X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
+                goto err;
+            }
+            if ((p = (unsigned char *)OPENSSL_malloc(i)) == NULL) {
+                X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            pp = p;
+            if (!i2d_ECParameters(ec_key, &pp)) {
+                X509err(X509_F_X509_PUBKEY_SET, ERR_R_EC_LIB);
+                OPENSSL_free(p);
+                goto err;
+            }
+            a->parameter->type = V_ASN1_SEQUENCE;
+            if ((a->parameter->value.sequence = ASN1_STRING_new()) == NULL) {
+                X509err(X509_F_X509_PUBKEY_SET, ERR_R_ASN1_LIB);
+                OPENSSL_free(p);
+                goto err;
+            }
+            ASN1_STRING_set(a->parameter->value.sequence, p, i);
+            OPENSSL_free(p);
+        }
+    }
 #endif
-	else if (1)
-		{
-		X509err(X509_F_X509_PUBKEY_SET,X509_R_UNSUPPORTED_ALGORITHM);
-		goto err;
-		}
-
-	if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err;
-	if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL)
-		{
-		X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	p=s;
-	i2d_PublicKey(pkey,&p);
-	if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i))
-		{
-		X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-  	/* Set number of unused bits to zero */
-	pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-	pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT;
-
-	OPENSSL_free(s);
+    else if (1) {
+        X509err(X509_F_X509_PUBKEY_SET, X509_R_UNSUPPORTED_ALGORITHM);
+        goto err;
+    }
+
+    if ((i = i2d_PublicKey(pkey, NULL)) <= 0)
+        goto err;
+    if ((s = (unsigned char *)OPENSSL_malloc(i + 1)) == NULL) {
+        X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = s;
+    i2d_PublicKey(pkey, &p);
+    if (!M_ASN1_BIT_STRING_set(pk->public_key, s, i)) {
+        X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    /* Set number of unused bits to zero */
+    pk->public_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+    pk->public_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+
+    OPENSSL_free(s);
 
 #if 0
-	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-	pk->pkey=pkey;
+    CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    pk->pkey = pkey;
 #endif
 
-	if (*x != NULL)
-		X509_PUBKEY_free(*x);
+    if (*x != NULL)
+        X509_PUBKEY_free(*x);
 
-	*x=pk;
+    *x = pk;
 
-	return 1;
-err:
-	if (pk != NULL) X509_PUBKEY_free(pk);
-	return 0;
-	}
+    return 1;
+ err:
+    if (pk != NULL)
+        X509_PUBKEY_free(pk);
+    return 0;
+}
 
 EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key)
-	{
-	EVP_PKEY *ret=NULL;
-	long j;
-	int type;
-	const unsigned char *p;
+{
+    EVP_PKEY *ret = NULL;
+    long j;
+    int type;
+    const unsigned char *p;
 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-	const unsigned char *cp;
-	X509_ALGOR *a;
+    const unsigned char *cp;
+    X509_ALGOR *a;
 #endif
 
-	if (key == NULL) goto err;
+    if (key == NULL)
+        goto err;
+
+    if (key->pkey != NULL) {
+        CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+        return (key->pkey);
+    }
 
-	if (key->pkey != NULL)
-		{
-		CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-		return(key->pkey);
-		}
+    if (key->public_key == NULL)
+        goto err;
 
-	if (key->public_key == NULL) goto err;
+    type = OBJ_obj2nid(key->algor->algorithm);
+    if ((ret = EVP_PKEY_new()) == NULL) {
+        X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    ret->type = EVP_PKEY_type(type);
 
-	type=OBJ_obj2nid(key->algor->algorithm);
-	if ((ret = EVP_PKEY_new()) == NULL)
-		{
-		X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	ret->type = EVP_PKEY_type(type);
+    /* the parameters must be extracted before the public key (ECDSA!) */
 
-	/* the parameters must be extracted before the public key (ECDSA!) */
-	
 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_ECDSA)
-	a=key->algor;
+    a = key->algor;
 #endif
 
-	if (0)
-		;
+    if (0) ;
 #ifndef OPENSSL_NO_DSA
-	else if (ret->type == EVP_PKEY_DSA)
-		{
-		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
-			{
-			if ((ret->pkey.dsa = DSA_new()) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			ret->pkey.dsa->write_params=0;
-			cp=p=a->parameter->value.sequence->data;
-			j=a->parameter->value.sequence->length;
-			if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
-				goto err;
-			}
-		ret->save_parameters=1;
-		}
+    else if (ret->type == EVP_PKEY_DSA) {
+        if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) {
+            if ((ret->pkey.dsa = DSA_new()) == NULL) {
+                X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            ret->pkey.dsa->write_params = 0;
+            cp = p = a->parameter->value.sequence->data;
+            j = a->parameter->value.sequence->length;
+            if (!d2i_DSAparams(&ret->pkey.dsa, &cp, (long)j))
+                goto err;
+        }
+        ret->save_parameters = 1;
+    }
 #endif
 #ifndef OPENSSL_NO_EC
-	else if (ret->type == EVP_PKEY_EC)
-		{
-		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
-			{
-			/* type == V_ASN1_SEQUENCE => we have explicit parameters
-                         * (e.g. parameters in the X9_62_EC_PARAMETERS-structure )
-			 */
-			if ((ret->pkey.ec= EC_KEY_new()) == NULL)
-				{
-				X509err(X509_F_X509_PUBKEY_GET, 
-					ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			cp = p = a->parameter->value.sequence->data;
-			j = a->parameter->value.sequence->length;
-			if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j))
-				{
-				X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
-				goto err;
-				}
-			}
-		else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT))
-			{
-			/* type == V_ASN1_OBJECT => the parameters are given
-			 * by an asn1 OID
-			 */
-			EC_KEY   *ec_key;
-			EC_GROUP *group;
-
-			if (ret->pkey.ec == NULL)
-				ret->pkey.ec = EC_KEY_new();
-			ec_key = ret->pkey.ec;
-			if (ec_key == NULL)
-				goto err;
-			group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
-			if (group == NULL)
-				goto err;
-			EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
-			if (EC_KEY_set_group(ec_key, group) == 0)
-				goto err;
-			EC_GROUP_free(group);
-			}
-			/* the case implicitlyCA is currently not implemented */
-		ret->save_parameters = 1;
-		}
+    else if (ret->type == EVP_PKEY_EC) {
+        if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) {
+            /*
+             * type == V_ASN1_SEQUENCE => we have explicit parameters (e.g.
+             * parameters in the X9_62_EC_PARAMETERS-structure )
+             */
+            if ((ret->pkey.ec = EC_KEY_new()) == NULL) {
+                X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            cp = p = a->parameter->value.sequence->data;
+            j = a->parameter->value.sequence->length;
+            if (!d2i_ECParameters(&ret->pkey.ec, &cp, (long)j)) {
+                X509err(X509_F_X509_PUBKEY_GET, ERR_R_EC_LIB);
+                goto err;
+            }
+        } else if (a->parameter && (a->parameter->type == V_ASN1_OBJECT)) {
+            /*
+             * type == V_ASN1_OBJECT => the parameters are given by an asn1
+             * OID
+             */
+            EC_KEY *ec_key;
+            EC_GROUP *group;
+
+            if (ret->pkey.ec == NULL)
+                ret->pkey.ec = EC_KEY_new();
+            ec_key = ret->pkey.ec;
+            if (ec_key == NULL)
+                goto err;
+            group =
+                EC_GROUP_new_by_curve_name(OBJ_obj2nid
+                                           (a->parameter->value.object));
+            if (group == NULL)
+                goto err;
+            EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+            if (EC_KEY_set_group(ec_key, group) == 0)
+                goto err;
+            EC_GROUP_free(group);
+        }
+        /*
+         * the case implicitlyCA is currently not implemented
+         */
+        ret->save_parameters = 1;
+    }
 #endif
 
-	p=key->public_key->data;
-        j=key->public_key->length;
-        if (!d2i_PublicKey(type, &ret, &p, (long)j))
-		{
-		X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
-		goto err;
-		}
-
-	/* Check to see if another thread set key->pkey first */
-	CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
-	if (key->pkey)
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
-		EVP_PKEY_free(ret);
-		ret = key->pkey;
-		}
-	else
-		{
-		key->pkey = ret;
-		CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
-		}
-	CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
-	return(ret);
-err:
-	if (ret != NULL)
-		EVP_PKEY_free(ret);
-	return(NULL);
-	}
-
-/* Now two pseudo ASN1 routines that take an EVP_PKEY structure
- * and encode or decode as X509_PUBKEY
+    p = key->public_key->data;
+    j = key->public_key->length;
+    if (!d2i_PublicKey(type, &ret, &p, (long)j)) {
+        X509err(X509_F_X509_PUBKEY_GET, X509_R_ERR_ASN1_LIB);
+        goto err;
+    }
+
+    /* Check to see if another thread set key->pkey first */
+    CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
+    if (key->pkey) {
+        CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+        EVP_PKEY_free(ret);
+        ret = key->pkey;
+    } else {
+        key->pkey = ret;
+        CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
+    }
+    CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    return (ret);
+ err:
+    if (ret != NULL)
+        EVP_PKEY_free(ret);
+    return (NULL);
+}
+
+/*
+ * Now two pseudo ASN1 routines that take an EVP_PKEY structure and encode or
+ * decode as X509_PUBKEY
  */
 
-EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp,
-	     long length)
-	{
-	X509_PUBKEY *xpk;
-	EVP_PKEY *pktmp;
-	xpk = d2i_X509_PUBKEY(NULL, pp, length);
-	if(!xpk) return NULL;
-	pktmp = X509_PUBKEY_get(xpk);
-	X509_PUBKEY_free(xpk);
-	if(!pktmp) return NULL;
-	if(a)
-		{
-		EVP_PKEY_free(*a);
-		*a = pktmp;
-		}
-	return pktmp;
-	}
+EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, const unsigned char **pp, long length)
+{
+    X509_PUBKEY *xpk;
+    EVP_PKEY *pktmp;
+    xpk = d2i_X509_PUBKEY(NULL, pp, length);
+    if (!xpk)
+        return NULL;
+    pktmp = X509_PUBKEY_get(xpk);
+    X509_PUBKEY_free(xpk);
+    if (!pktmp)
+        return NULL;
+    if (a) {
+        EVP_PKEY_free(*a);
+        *a = pktmp;
+    }
+    return pktmp;
+}
 
 int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp)
-	{
-	X509_PUBKEY *xpk=NULL;
-	int ret;
-	if(!a) return 0;
-	if(!X509_PUBKEY_set(&xpk, a)) return 0;
-	ret = i2d_X509_PUBKEY(xpk, pp);
-	X509_PUBKEY_free(xpk);
-	return ret;
-	}
-
-/* The following are equivalents but which return RSA and DSA
- * keys
+{
+    X509_PUBKEY *xpk = NULL;
+    int ret;
+    if (!a)
+        return 0;
+    if (!X509_PUBKEY_set(&xpk, a))
+        return 0;
+    ret = i2d_X509_PUBKEY(xpk, pp);
+    X509_PUBKEY_free(xpk);
+    return ret;
+}
+
+/*
+ * The following are equivalents but which return RSA and DSA keys
  */
 #ifndef OPENSSL_NO_RSA
-RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp,
-	     long length)
-	{
-	EVP_PKEY *pkey;
-	RSA *key;
-	const unsigned char *q;
-	q = *pp;
-	pkey = d2i_PUBKEY(NULL, &q, length);
-	if (!pkey) return NULL;
-	key = EVP_PKEY_get1_RSA(pkey);
-	EVP_PKEY_free(pkey);
-	if (!key) return NULL;
-	*pp = q;
-	if (a)
-		{
-		RSA_free(*a);
-		*a = key;
-		}
-	return key;
-	}
+RSA *d2i_RSA_PUBKEY(RSA **a, const unsigned char **pp, long length)
+{
+    EVP_PKEY *pkey;
+    RSA *key;
+    const unsigned char *q;
+    q = *pp;
+    pkey = d2i_PUBKEY(NULL, &q, length);
+    if (!pkey)
+        return NULL;
+    key = EVP_PKEY_get1_RSA(pkey);
+    EVP_PKEY_free(pkey);
+    if (!key)
+        return NULL;
+    *pp = q;
+    if (a) {
+        RSA_free(*a);
+        *a = key;
+    }
+    return key;
+}
 
 int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp)
-	{
-	EVP_PKEY *pktmp;
-	int ret;
-	if (!a) return 0;
-	pktmp = EVP_PKEY_new();
-	if (!pktmp)
-		{
-		ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	EVP_PKEY_set1_RSA(pktmp, a);
-	ret = i2d_PUBKEY(pktmp, pp);
-	EVP_PKEY_free(pktmp);
-	return ret;
-	}
+{
+    EVP_PKEY *pktmp;
+    int ret;
+    if (!a)
+        return 0;
+    pktmp = EVP_PKEY_new();
+    if (!pktmp) {
+        ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    EVP_PKEY_set1_RSA(pktmp, a);
+    ret = i2d_PUBKEY(pktmp, pp);
+    EVP_PKEY_free(pktmp);
+    return ret;
+}
 #endif
 
 #ifndef OPENSSL_NO_DSA
-DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp,
-	     long length)
-	{
-	EVP_PKEY *pkey;
-	DSA *key;
-	const unsigned char *q;
-	q = *pp;
-	pkey = d2i_PUBKEY(NULL, &q, length);
-	if (!pkey) return NULL;
-	key = EVP_PKEY_get1_DSA(pkey);
-	EVP_PKEY_free(pkey);
-	if (!key) return NULL;
-	*pp = q;
-	if (a)
-		{
-		DSA_free(*a);
-		*a = key;
-		}
-	return key;
-	}
+DSA *d2i_DSA_PUBKEY(DSA **a, const unsigned char **pp, long length)
+{
+    EVP_PKEY *pkey;
+    DSA *key;
+    const unsigned char *q;
+    q = *pp;
+    pkey = d2i_PUBKEY(NULL, &q, length);
+    if (!pkey)
+        return NULL;
+    key = EVP_PKEY_get1_DSA(pkey);
+    EVP_PKEY_free(pkey);
+    if (!key)
+        return NULL;
+    *pp = q;
+    if (a) {
+        DSA_free(*a);
+        *a = key;
+    }
+    return key;
+}
 
 int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp)
-	{
-	EVP_PKEY *pktmp;
-	int ret;
-	if(!a) return 0;
-	pktmp = EVP_PKEY_new();
-	if(!pktmp)
-		{
-		ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	EVP_PKEY_set1_DSA(pktmp, a);
-	ret = i2d_PUBKEY(pktmp, pp);
-	EVP_PKEY_free(pktmp);
-	return ret;
-	}
+{
+    EVP_PKEY *pktmp;
+    int ret;
+    if (!a)
+        return 0;
+    pktmp = EVP_PKEY_new();
+    if (!pktmp) {
+        ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    EVP_PKEY_set1_DSA(pktmp, a);
+    ret = i2d_PUBKEY(pktmp, pp);
+    EVP_PKEY_free(pktmp);
+    return ret;
+}
 #endif
 
 #ifndef OPENSSL_NO_EC
 EC_KEY *d2i_EC_PUBKEY(EC_KEY **a, const unsigned char **pp, long length)
-	{
-	EVP_PKEY *pkey;
-	EC_KEY *key;
-	const unsigned char *q;
-	q = *pp;
-	pkey = d2i_PUBKEY(NULL, &q, length);
-	if (!pkey) return(NULL);
-	key = EVP_PKEY_get1_EC_KEY(pkey);
-	EVP_PKEY_free(pkey);
-	if (!key)  return(NULL);
-	*pp = q;
-	if (a)
-		{
-		EC_KEY_free(*a);
-		*a = key;
-		}
-	return(key);
-	}
+{
+    EVP_PKEY *pkey;
+    EC_KEY *key;
+    const unsigned char *q;
+    q = *pp;
+    pkey = d2i_PUBKEY(NULL, &q, length);
+    if (!pkey)
+        return (NULL);
+    key = EVP_PKEY_get1_EC_KEY(pkey);
+    EVP_PKEY_free(pkey);
+    if (!key)
+        return (NULL);
+    *pp = q;
+    if (a) {
+        EC_KEY_free(*a);
+        *a = key;
+    }
+    return (key);
+}
 
 int i2d_EC_PUBKEY(EC_KEY *a, unsigned char **pp)
-	{
-	EVP_PKEY *pktmp;
-	int ret;
-	if (!a)	return(0);
-	if ((pktmp = EVP_PKEY_new()) == NULL)
-		{
-		ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	EVP_PKEY_set1_EC_KEY(pktmp, a);
-	ret = i2d_PUBKEY(pktmp, pp);
-	EVP_PKEY_free(pktmp);
-	return(ret);
-	}
+{
+    EVP_PKEY *pktmp;
+    int ret;
+    if (!a)
+        return (0);
+    if ((pktmp = EVP_PKEY_new()) == NULL) {
+        ASN1err(ASN1_F_I2D_EC_PUBKEY, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    EVP_PKEY_set1_EC_KEY(pktmp, a);
+    ret = i2d_PUBKEY(pktmp, pp);
+    EVP_PKEY_free(pktmp);
+    return (ret);
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_req.c b/Cryptlib/OpenSSL/crypto/asn1/x_req.c
index 59ca8ce3..5b303fb6 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_req.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_req.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,12 +61,13 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-/* X509_REQ_INFO is handled in an unusual way to get round
+/*-
+ * X509_REQ_INFO is handled in an unusual way to get round
  * invalid encodings. Some broken certificate requests don't
  * encode the attributes field if it is empty. This is in
  * violation of PKCS#10 but we need to tolerate it. We do
  * this by making the attributes field OPTIONAL then using
- * the callback to initialise it to an empty STACK. 
+ * the callback to initialise it to an empty STACK.
  *
  * This means that the field will be correctly encoded unless
  * we NULL out the field.
@@ -81,32 +82,34 @@
 
 static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
+    X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
 
-	if(operation == ASN1_OP_NEW_POST) {
-		rinf->attributes = sk_X509_ATTRIBUTE_new_null();
-		if(!rinf->attributes) return 0;
-	}
-	return 1;
+    if (operation == ASN1_OP_NEW_POST) {
+        rinf->attributes = sk_X509_ATTRIBUTE_new_null();
+        if (!rinf->attributes)
+            return 0;
+    }
+    return 1;
 }
 
 ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = {
-	ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
-	ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
-	ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
-	/* This isn't really OPTIONAL but it gets round invalid
-	 * encodings
-	 */
-	ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
+        ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME),
+        ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY),
+        /* This isn't really OPTIONAL but it gets round invalid
+         * encodings
+         */
+        ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0)
 } ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO)
 
 ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_REQ) = {
-	ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
-	ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
-	ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
+        ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO),
+        ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING)
 } ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_REQ)
+
 IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ)
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_sig.c b/Cryptlib/OpenSSL/crypto/asn1/x_sig.c
index 42efa86c..dd33720c 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_sig.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_sig.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,8 +62,8 @@
 #include <openssl/x509.h>
 
 ASN1_SEQUENCE(X509_SIG) = {
-	ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
-	ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
+        ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR),
+        ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(X509_SIG)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_SIG)
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_spki.c b/Cryptlib/OpenSSL/crypto/asn1/x_spki.c
index 2aece077..1df6b87d 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_spki.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_spki.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,15 +49,16 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
- /* This module was send to me my Pat Richards <patr@x509.com> who
-  * wrote it.  It is under my Copyright with his permission
+ /*
+  * This module was send to me my Pat Richards <patr@x509.com> who wrote it.
+  * It is under my Copyright with his permission
   */
 
 #include <stdio.h>
@@ -66,16 +67,16 @@
 #include <openssl/asn1t.h>
 
 ASN1_SEQUENCE(NETSCAPE_SPKAC) = {
-	ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
-	ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
+        ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY),
+        ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING)
 } ASN1_SEQUENCE_END(NETSCAPE_SPKAC)
 
 IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC)
 
 ASN1_SEQUENCE(NETSCAPE_SPKI) = {
-	ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
-	ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
-	ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
+        ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC),
+        ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR),
+        ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING)
 } ASN1_SEQUENCE_END(NETSCAPE_SPKI)
 
 IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI)
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_val.c b/Cryptlib/OpenSSL/crypto/asn1/x_val.c
index dc17c677..ee75a1e2 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_val.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_val.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,8 +62,8 @@
 #include <openssl/x509.h>
 
 ASN1_SEQUENCE(X509_VAL) = {
-	ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
-	ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
+        ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME),
+        ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME)
 } ASN1_SEQUENCE_END(X509_VAL)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_VAL)
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c
index 088d5507..d6958f6c 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_x509.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_x509.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,16 +64,16 @@
 #include <openssl/x509v3.h>
 
 ASN1_SEQUENCE_enc(X509_CINF, enc, 0) = {
-	ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
-	ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
-	ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
-	ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
-	ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
-	ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
-	ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
-	ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
-	ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
-	ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
+        ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0),
+        ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER),
+        ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR),
+        ASN1_SIMPLE(X509_CINF, issuer, X509_NAME),
+        ASN1_SIMPLE(X509_CINF, validity, X509_VAL),
+        ASN1_SIMPLE(X509_CINF, subject, X509_NAME),
+        ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY),
+        ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1),
+        ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2),
+        ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3)
 } ASN1_SEQUENCE_END_enc(X509_CINF, X509_CINF)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_CINF)
@@ -83,120 +83,135 @@ extern void policy_cache_free(X509_POLICY_CACHE *cache);
 
 static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	X509 *ret = (X509 *)*pval;
+    X509 *ret = (X509 *)*pval;
 
-	switch(operation) {
+    switch (operation) {
 
-		case ASN1_OP_NEW_POST:
-		ret->valid=0;
-		ret->name = NULL;
-		ret->ex_flags = 0;
-		ret->ex_pathlen = -1;
-		ret->skid = NULL;
-		ret->akid = NULL;
+    case ASN1_OP_NEW_POST:
+        ret->valid = 0;
+        ret->name = NULL;
+        ret->ex_flags = 0;
+        ret->ex_pathlen = -1;
+        ret->skid = NULL;
+        ret->akid = NULL;
 #ifndef OPENSSL_NO_RFC3779
-		ret->rfc3779_addr = NULL;
-		ret->rfc3779_asid = NULL;
+        ret->rfc3779_addr = NULL;
+        ret->rfc3779_asid = NULL;
 #endif
-		ret->aux = NULL;
-		CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
-		break;
-
-		case ASN1_OP_D2I_POST:
-		if (ret->name != NULL) OPENSSL_free(ret->name);
-		ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0);
-		break;
-
-		case ASN1_OP_FREE_POST:
-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
-		X509_CERT_AUX_free(ret->aux);
-		ASN1_OCTET_STRING_free(ret->skid);
-		AUTHORITY_KEYID_free(ret->akid);
-		policy_cache_free(ret->policy_cache);
+        ret->aux = NULL;
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+        break;
+
+    case ASN1_OP_D2I_POST:
+        if (ret->name != NULL)
+            OPENSSL_free(ret->name);
+        ret->name = X509_NAME_oneline(ret->cert_info->subject, NULL, 0);
+        break;
+
+    case ASN1_OP_FREE_POST:
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
+        X509_CERT_AUX_free(ret->aux);
+        ASN1_OCTET_STRING_free(ret->skid);
+        AUTHORITY_KEYID_free(ret->akid);
+        policy_cache_free(ret->policy_cache);
 #ifndef OPENSSL_NO_RFC3779
-		sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
-		ASIdentifiers_free(ret->rfc3779_asid);
+        sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
+        ASIdentifiers_free(ret->rfc3779_asid);
 #endif
 
-		if (ret->name != NULL) OPENSSL_free(ret->name);
-		break;
+        if (ret->name != NULL)
+            OPENSSL_free(ret->name);
+        break;
 
-	}
+    }
 
-	return 1;
+    return 1;
 
 }
 
 ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = {
-	ASN1_SIMPLE(X509, cert_info, X509_CINF),
-	ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
-	ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
+        ASN1_SIMPLE(X509, cert_info, X509_CINF),
+        ASN1_SIMPLE(X509, sig_alg, X509_ALGOR),
+        ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING)
 } ASN1_SEQUENCE_END_ref(X509, X509)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509)
+
 IMPLEMENT_ASN1_DUP_FUNCTION(X509)
 
-static ASN1_METHOD meth=
-    {
-    (I2D_OF(void))  i2d_X509,
+static ASN1_METHOD meth = {
+    (I2D_OF(void)) i2d_X509,
     (D2I_OF(void)) d2i_X509,
     (void *(*)(void))X509_new,
-    (void (*)(void *)) X509_free
-    };
+    (void (*)(void *))X509_free
+};
 
 ASN1_METHOD *X509_asn1_meth(void)
-	{
-	return(&meth);
-	}
+{
+    return (&meth);
+}
 
 int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
-				new_func, dup_func, free_func);
-        }
+                          CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
+                                   new_func, dup_func, free_func);
+}
 
 int X509_set_ex_data(X509 *r, int idx, void *arg)
-	{
-	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
-	}
+{
+    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+}
 
 void *X509_get_ex_data(X509 *r, int idx)
-	{
-	return(CRYPTO_get_ex_data(&r->ex_data,idx));
-	}
-
-/* X509_AUX ASN1 routines. X509_AUX is the name given to
- * a certificate with extra info tagged on the end. Since these
- * functions set how a certificate is trusted they should only
- * be used when the certificate comes from a reliable source
- * such as local storage.
- *
+{
+    return (CRYPTO_get_ex_data(&r->ex_data, idx));
+}
+
+/*
+ * X509_AUX ASN1 routines. X509_AUX is the name given to a certificate with
+ * extra info tagged on the end. Since these functions set how a certificate
+ * is trusted they should only be used when the certificate comes from a
+ * reliable source such as local storage.
  */
 
 X509 *d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
 {
-	const unsigned char *q;
-	X509 *ret;
-	/* Save start position */
-	q = *pp;
-	ret = d2i_X509(a, pp, length);
-	/* If certificate unreadable then forget it */
-	if(!ret) return NULL;
-	/* update length */
-	length -= *pp - q;
-	if(!length) return ret;
-	if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err;
-	return ret;
-	err:
-	X509_free(ret);
-	return NULL;
+    const unsigned char *q;
+    X509 *ret;
+    int freeret = 0;
+
+    /* Save start position */
+    q = *pp;
+
+    if(!a || *a == NULL) {
+        freeret = 1;
+    }
+    ret = d2i_X509(a, pp, length);
+    /* If certificate unreadable then forget it */
+    if (!ret)
+        return NULL;
+    /* update length */
+    length -= *pp - q;
+    if (!length)
+        return ret;
+    if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
+        goto err;
+    return ret;
+ err:
+    if(freeret) {
+        X509_free(ret);
+        if (a)
+            *a = NULL;
+    }
+    return NULL;
 }
 
 int i2d_X509_AUX(X509 *a, unsigned char **pp)
 {
-	int length;
-	length = i2d_X509(a, pp);
-	if(a) length += i2d_X509_CERT_AUX(a->aux, pp);
-	return length;
+    int length;
+    length = i2d_X509(a, pp);
+    if (a)
+        length += i2d_X509_CERT_AUX(a->aux, pp);
+    return length;
 }
diff --git a/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c b/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c
index b603f82d..76bbc137 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/x_x509a.c
@@ -1,6 +1,7 @@
 /* a_x509a.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,119 +63,131 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509.h>
 
-/* X509_CERT_AUX routines. These are used to encode additional
- * user modifiable data about a certificate. This data is
- * appended to the X509 encoding when the *_X509_AUX routines
- * are used. This means that the "traditional" X509 routines
- * will simply ignore the extra data. 
+/*
+ * X509_CERT_AUX routines. These are used to encode additional user
+ * modifiable data about a certificate. This data is appended to the X509
+ * encoding when the *_X509_AUX routines are used. This means that the
+ * "traditional" X509 routines will simply ignore the extra data.
  */
 
 static X509_CERT_AUX *aux_get(X509 *x);
 
 ASN1_SEQUENCE(X509_CERT_AUX) = {
-	ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
-	ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
-	ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
-	ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
-	ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
+        ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0),
+        ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING),
+        ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING),
+        ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1)
 } ASN1_SEQUENCE_END(X509_CERT_AUX)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX)
 
 static X509_CERT_AUX *aux_get(X509 *x)
 {
-	if(!x) return NULL;
-	if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL;
-	return x->aux;
+    if (!x)
+        return NULL;
+    if (!x->aux && !(x->aux = X509_CERT_AUX_new()))
+        return NULL;
+    return x->aux;
 }
 
 int X509_alias_set1(X509 *x, unsigned char *name, int len)
 {
-	X509_CERT_AUX *aux;
-	if (!name)
-		{
-		if (!x || !x->aux || !x->aux->alias)
-			return 1;
-		ASN1_UTF8STRING_free(x->aux->alias);
-		x->aux->alias = NULL;
-		return 1;
-		}
-	if(!(aux = aux_get(x))) return 0;
-	if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0;
-	return ASN1_STRING_set(aux->alias, name, len);
+    X509_CERT_AUX *aux;
+    if (!name) {
+        if (!x || !x->aux || !x->aux->alias)
+            return 1;
+        ASN1_UTF8STRING_free(x->aux->alias);
+        x->aux->alias = NULL;
+        return 1;
+    }
+    if (!(aux = aux_get(x)))
+        return 0;
+    if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new()))
+        return 0;
+    return ASN1_STRING_set(aux->alias, name, len);
 }
 
 int X509_keyid_set1(X509 *x, unsigned char *id, int len)
 {
-	X509_CERT_AUX *aux;
-	if (!id)
-		{
-		if (!x || !x->aux || !x->aux->keyid)
-			return 1;
-		ASN1_OCTET_STRING_free(x->aux->keyid);
-		x->aux->keyid = NULL;
-		return 1;
-		}
-	if(!(aux = aux_get(x))) return 0;
-	if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0;
-	return ASN1_STRING_set(aux->keyid, id, len);
+    X509_CERT_AUX *aux;
+    if (!id) {
+        if (!x || !x->aux || !x->aux->keyid)
+            return 1;
+        ASN1_OCTET_STRING_free(x->aux->keyid);
+        x->aux->keyid = NULL;
+        return 1;
+    }
+    if (!(aux = aux_get(x)))
+        return 0;
+    if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new()))
+        return 0;
+    return ASN1_STRING_set(aux->keyid, id, len);
 }
 
 unsigned char *X509_alias_get0(X509 *x, int *len)
 {
-	if(!x->aux || !x->aux->alias) return NULL;
-	if(len) *len = x->aux->alias->length;
-	return x->aux->alias->data;
+    if (!x->aux || !x->aux->alias)
+        return NULL;
+    if (len)
+        *len = x->aux->alias->length;
+    return x->aux->alias->data;
 }
 
 unsigned char *X509_keyid_get0(X509 *x, int *len)
 {
-	if(!x->aux || !x->aux->keyid) return NULL;
-	if(len) *len = x->aux->keyid->length;
-	return x->aux->keyid->data;
+    if (!x->aux || !x->aux->keyid)
+        return NULL;
+    if (len)
+        *len = x->aux->keyid->length;
+    return x->aux->keyid->data;
 }
 
 int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj)
 {
-	X509_CERT_AUX *aux;
-	ASN1_OBJECT *objtmp;
-	if(!(objtmp = OBJ_dup(obj))) return 0;
-	if(!(aux = aux_get(x))) return 0;
-	if(!aux->trust
-		&& !(aux->trust = sk_ASN1_OBJECT_new_null())) return 0;
-	return sk_ASN1_OBJECT_push(aux->trust, objtmp);
+    X509_CERT_AUX *aux;
+    ASN1_OBJECT *objtmp;
+    if (!(objtmp = OBJ_dup(obj)))
+        return 0;
+    if (!(aux = aux_get(x)))
+        return 0;
+    if (!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null()))
+        return 0;
+    return sk_ASN1_OBJECT_push(aux->trust, objtmp);
 }
 
 int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj)
 {
-	X509_CERT_AUX *aux;
-	ASN1_OBJECT *objtmp;
-	if(!(objtmp = OBJ_dup(obj))) return 0;
-	if(!(aux = aux_get(x))) return 0;
-	if(!aux->reject
-		&& !(aux->reject = sk_ASN1_OBJECT_new_null())) return 0;
-	return sk_ASN1_OBJECT_push(aux->reject, objtmp);
+    X509_CERT_AUX *aux;
+    ASN1_OBJECT *objtmp;
+    if (!(objtmp = OBJ_dup(obj)))
+        return 0;
+    if (!(aux = aux_get(x)))
+        return 0;
+    if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null()))
+        return 0;
+    return sk_ASN1_OBJECT_push(aux->reject, objtmp);
 }
 
 void X509_trust_clear(X509 *x)
 {
-	if(x->aux && x->aux->trust) {
-		sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
-		x->aux->trust = NULL;
-	}
+    if (x->aux && x->aux->trust) {
+        sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
+        x->aux->trust = NULL;
+    }
 }
 
 void X509_reject_clear(X509 *x)
 {
-	if(x->aux && x->aux->reject) {
-		sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
-		x->aux->reject = NULL;
-	}
+    if (x->aux && x->aux->reject) {
+        sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
+        x->aux->reject = NULL;
+    }
 }
 
 ASN1_SEQUENCE(X509_CERT_PAIR) = {
-	ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),
-	ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)
+        ASN1_EXP_OPT(X509_CERT_PAIR, forward, X509, 0),
+        ASN1_EXP_OPT(X509_CERT_PAIR, reverse, X509, 1)
 } ASN1_SEQUENCE_END(X509_CERT_PAIR)
 
 IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_PAIR)
diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c
index 6451c8d4..ddeab6eb 100644
--- a/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c
+++ b/Cryptlib/OpenSSL/crypto/bf/bf_cfb64.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,63 +59,65 @@
 #include <openssl/blowfish.h>
 #include "bf_locl.h"
 
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
  */
 
-void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-	     const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt)
-	{
-	register BF_LONG v0,v1,t;
-	register int n= *num;
-	register long l=length;
-	BF_LONG ti[2];
-	unsigned char *iv,c,cc;
-
-	iv=(unsigned char *)ivec;
-	if (encrypt)
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				n2l(iv,v0); ti[0]=v0;
-				n2l(iv,v1); ti[1]=v1;
-				BF_encrypt((BF_LONG *)ti,schedule);
-				iv=(unsigned char *)ivec;
-				t=ti[0]; l2n(t,iv);
-				t=ti[1]; l2n(t,iv);
-				iv=(unsigned char *)ivec;
-				}
-			c= *(in++)^iv[n];
-			*(out++)=c;
-			iv[n]=c;
-			n=(n+1)&0x07;
-			}
-		}
-	else
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				n2l(iv,v0); ti[0]=v0;
-				n2l(iv,v1); ti[1]=v1;
-				BF_encrypt((BF_LONG *)ti,schedule);
-				iv=(unsigned char *)ivec;
-				t=ti[0]; l2n(t,iv);
-				t=ti[1]; l2n(t,iv);
-				iv=(unsigned char *)ivec;
-				}
-			cc= *(in++);
-			c=iv[n];
-			iv[n]=cc;
-			*(out++)=c^cc;
-			n=(n+1)&0x07;
-			}
-		}
-	v0=v1=ti[0]=ti[1]=t=c=cc=0;
-	*num=n;
-	}
+void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num, int encrypt)
+{
+    register BF_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    BF_LONG ti[2];
+    unsigned char *iv, c, cc;
 
+    iv = (unsigned char *)ivec;
+    if (encrypt) {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                BF_encrypt((BF_LONG *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                BF_encrypt((BF_LONG *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c b/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c
index 1607cefa..967a7f55 100644
--- a/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c
+++ b/Cryptlib/OpenSSL/crypto/bf/bf_ecb.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,37 +60,41 @@
 #include "bf_locl.h"
 #include <openssl/opensslv.h>
 
-/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+/*
+ * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From
+ * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE
+ * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
  */
 
-const char BF_version[]="Blowfish" OPENSSL_VERSION_PTEXT;
+const char BF_version[] = "Blowfish" OPENSSL_VERSION_PTEXT;
 
 const char *BF_options(void)
-	{
+{
 #ifdef BF_PTR
-	return("blowfish(ptr)");
+    return ("blowfish(ptr)");
 #elif defined(BF_PTR2)
-	return("blowfish(ptr2)");
+    return ("blowfish(ptr2)");
 #else
-	return("blowfish(idx)");
+    return ("blowfish(idx)");
 #endif
-	}
+}
 
 void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
-	     const BF_KEY *key, int encrypt)
-	{
-	BF_LONG l,d[2];
-
-	n2l(in,l); d[0]=l;
-	n2l(in,l); d[1]=l;
-	if (encrypt)
-		BF_encrypt(d,key);
-	else
-		BF_decrypt(d,key);
-	l=d[0]; l2n(l,out);
-	l=d[1]; l2n(l,out);
-	l=d[0]=d[1]=0;
-	}
+                    const BF_KEY *key, int encrypt)
+{
+    BF_LONG l, d[2];
 
+    n2l(in, l);
+    d[0] = l;
+    n2l(in, l);
+    d[1] = l;
+    if (encrypt)
+        BF_encrypt(d, key);
+    else
+        BF_decrypt(d, key);
+    l = d[0];
+    l2n(l, out);
+    l = d[1];
+    l2n(l, out);
+    l = d[0] = d[1] = 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_enc.c b/Cryptlib/OpenSSL/crypto/bf/bf_enc.c
index 2d21d09f..b268795f 100644
--- a/Cryptlib/OpenSSL/crypto/bf/bf_enc.c
+++ b/Cryptlib/OpenSSL/crypto/bf/bf_enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,248 +59,242 @@
 #include <openssl/blowfish.h>
 #include "bf_locl.h"
 
-/* Blowfish as implemented from 'Blowfish: Springer-Verlag paper'
- * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION,
- * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
+/*
+ * Blowfish as implemented from 'Blowfish: Springer-Verlag paper' (From
+ * LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, CAMBRIDGE
+ * SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993)
  */
 
 #if (BF_ROUNDS != 16) && (BF_ROUNDS != 20)
-#error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
+# error If you set BF_ROUNDS to some value other than 16 or 20, you will have \
 to modify the code.
 #endif
 
 void BF_encrypt(BF_LONG *data, const BF_KEY *key)
-	{
+{
 #ifndef BF_PTR2
-	register BF_LONG l,r;
-	register const BF_LONG *p,*s;
+    register BF_LONG l, r;
+    register const BF_LONG *p, *s;
 
-	p=key->P;
-	s= &(key->S[0]);
-	l=data[0];
-	r=data[1];
+    p = key->P;
+    s = &(key->S[0]);
+    l = data[0];
+    r = data[1];
 
-	l^=p[0];
-	BF_ENC(r,l,s,p[ 1]);
-	BF_ENC(l,r,s,p[ 2]);
-	BF_ENC(r,l,s,p[ 3]);
-	BF_ENC(l,r,s,p[ 4]);
-	BF_ENC(r,l,s,p[ 5]);
-	BF_ENC(l,r,s,p[ 6]);
-	BF_ENC(r,l,s,p[ 7]);
-	BF_ENC(l,r,s,p[ 8]);
-	BF_ENC(r,l,s,p[ 9]);
-	BF_ENC(l,r,s,p[10]);
-	BF_ENC(r,l,s,p[11]);
-	BF_ENC(l,r,s,p[12]);
-	BF_ENC(r,l,s,p[13]);
-	BF_ENC(l,r,s,p[14]);
-	BF_ENC(r,l,s,p[15]);
-	BF_ENC(l,r,s,p[16]);
-#if BF_ROUNDS == 20
-	BF_ENC(r,l,s,p[17]);
-	BF_ENC(l,r,s,p[18]);
-	BF_ENC(r,l,s,p[19]);
-	BF_ENC(l,r,s,p[20]);
-#endif
-	r^=p[BF_ROUNDS+1];
+    l ^= p[0];
+    BF_ENC(r, l, s, p[1]);
+    BF_ENC(l, r, s, p[2]);
+    BF_ENC(r, l, s, p[3]);
+    BF_ENC(l, r, s, p[4]);
+    BF_ENC(r, l, s, p[5]);
+    BF_ENC(l, r, s, p[6]);
+    BF_ENC(r, l, s, p[7]);
+    BF_ENC(l, r, s, p[8]);
+    BF_ENC(r, l, s, p[9]);
+    BF_ENC(l, r, s, p[10]);
+    BF_ENC(r, l, s, p[11]);
+    BF_ENC(l, r, s, p[12]);
+    BF_ENC(r, l, s, p[13]);
+    BF_ENC(l, r, s, p[14]);
+    BF_ENC(r, l, s, p[15]);
+    BF_ENC(l, r, s, p[16]);
+# if BF_ROUNDS == 20
+    BF_ENC(r, l, s, p[17]);
+    BF_ENC(l, r, s, p[18]);
+    BF_ENC(r, l, s, p[19]);
+    BF_ENC(l, r, s, p[20]);
+# endif
+    r ^= p[BF_ROUNDS + 1];
 
-	data[1]=l&0xffffffffL;
-	data[0]=r&0xffffffffL;
+    data[1] = l & 0xffffffffL;
+    data[0] = r & 0xffffffffL;
 #else
-	register BF_LONG l,r,t,*k;
+    register BF_LONG l, r, t, *k;
 
-	l=data[0];
-	r=data[1];
-	k=(BF_LONG*)key;
+    l = data[0];
+    r = data[1];
+    k = (BF_LONG *)key;
 
-	l^=k[0];
-	BF_ENC(r,l,k, 1);
-	BF_ENC(l,r,k, 2);
-	BF_ENC(r,l,k, 3);
-	BF_ENC(l,r,k, 4);
-	BF_ENC(r,l,k, 5);
-	BF_ENC(l,r,k, 6);
-	BF_ENC(r,l,k, 7);
-	BF_ENC(l,r,k, 8);
-	BF_ENC(r,l,k, 9);
-	BF_ENC(l,r,k,10);
-	BF_ENC(r,l,k,11);
-	BF_ENC(l,r,k,12);
-	BF_ENC(r,l,k,13);
-	BF_ENC(l,r,k,14);
-	BF_ENC(r,l,k,15);
-	BF_ENC(l,r,k,16);
-#if BF_ROUNDS == 20
-	BF_ENC(r,l,k,17);
-	BF_ENC(l,r,k,18);
-	BF_ENC(r,l,k,19);
-	BF_ENC(l,r,k,20);
-#endif
-	r^=k[BF_ROUNDS+1];
+    l ^= k[0];
+    BF_ENC(r, l, k, 1);
+    BF_ENC(l, r, k, 2);
+    BF_ENC(r, l, k, 3);
+    BF_ENC(l, r, k, 4);
+    BF_ENC(r, l, k, 5);
+    BF_ENC(l, r, k, 6);
+    BF_ENC(r, l, k, 7);
+    BF_ENC(l, r, k, 8);
+    BF_ENC(r, l, k, 9);
+    BF_ENC(l, r, k, 10);
+    BF_ENC(r, l, k, 11);
+    BF_ENC(l, r, k, 12);
+    BF_ENC(r, l, k, 13);
+    BF_ENC(l, r, k, 14);
+    BF_ENC(r, l, k, 15);
+    BF_ENC(l, r, k, 16);
+# if BF_ROUNDS == 20
+    BF_ENC(r, l, k, 17);
+    BF_ENC(l, r, k, 18);
+    BF_ENC(r, l, k, 19);
+    BF_ENC(l, r, k, 20);
+# endif
+    r ^= k[BF_ROUNDS + 1];
 
-	data[1]=l&0xffffffffL;
-	data[0]=r&0xffffffffL;
+    data[1] = l & 0xffffffffL;
+    data[0] = r & 0xffffffffL;
 #endif
-	}
+}
 
 #ifndef BF_DEFAULT_OPTIONS
 
 void BF_decrypt(BF_LONG *data, const BF_KEY *key)
-	{
-#ifndef BF_PTR2
-	register BF_LONG l,r;
-	register const BF_LONG *p,*s;
+{
+# ifndef BF_PTR2
+    register BF_LONG l, r;
+    register const BF_LONG *p, *s;
 
-	p=key->P;
-	s= &(key->S[0]);
-	l=data[0];
-	r=data[1];
+    p = key->P;
+    s = &(key->S[0]);
+    l = data[0];
+    r = data[1];
 
-	l^=p[BF_ROUNDS+1];
-#if BF_ROUNDS == 20
-	BF_ENC(r,l,s,p[20]);
-	BF_ENC(l,r,s,p[19]);
-	BF_ENC(r,l,s,p[18]);
-	BF_ENC(l,r,s,p[17]);
-#endif
-	BF_ENC(r,l,s,p[16]);
-	BF_ENC(l,r,s,p[15]);
-	BF_ENC(r,l,s,p[14]);
-	BF_ENC(l,r,s,p[13]);
-	BF_ENC(r,l,s,p[12]);
-	BF_ENC(l,r,s,p[11]);
-	BF_ENC(r,l,s,p[10]);
-	BF_ENC(l,r,s,p[ 9]);
-	BF_ENC(r,l,s,p[ 8]);
-	BF_ENC(l,r,s,p[ 7]);
-	BF_ENC(r,l,s,p[ 6]);
-	BF_ENC(l,r,s,p[ 5]);
-	BF_ENC(r,l,s,p[ 4]);
-	BF_ENC(l,r,s,p[ 3]);
-	BF_ENC(r,l,s,p[ 2]);
-	BF_ENC(l,r,s,p[ 1]);
-	r^=p[0];
+    l ^= p[BF_ROUNDS + 1];
+#  if BF_ROUNDS == 20
+    BF_ENC(r, l, s, p[20]);
+    BF_ENC(l, r, s, p[19]);
+    BF_ENC(r, l, s, p[18]);
+    BF_ENC(l, r, s, p[17]);
+#  endif
+    BF_ENC(r, l, s, p[16]);
+    BF_ENC(l, r, s, p[15]);
+    BF_ENC(r, l, s, p[14]);
+    BF_ENC(l, r, s, p[13]);
+    BF_ENC(r, l, s, p[12]);
+    BF_ENC(l, r, s, p[11]);
+    BF_ENC(r, l, s, p[10]);
+    BF_ENC(l, r, s, p[9]);
+    BF_ENC(r, l, s, p[8]);
+    BF_ENC(l, r, s, p[7]);
+    BF_ENC(r, l, s, p[6]);
+    BF_ENC(l, r, s, p[5]);
+    BF_ENC(r, l, s, p[4]);
+    BF_ENC(l, r, s, p[3]);
+    BF_ENC(r, l, s, p[2]);
+    BF_ENC(l, r, s, p[1]);
+    r ^= p[0];
 
-	data[1]=l&0xffffffffL;
-	data[0]=r&0xffffffffL;
-#else
-	register BF_LONG l,r,t,*k;
+    data[1] = l & 0xffffffffL;
+    data[0] = r & 0xffffffffL;
+# else
+    register BF_LONG l, r, t, *k;
 
-	l=data[0];
-	r=data[1];
-	k=(BF_LONG *)key;
+    l = data[0];
+    r = data[1];
+    k = (BF_LONG *)key;
 
-	l^=k[BF_ROUNDS+1];
-#if BF_ROUNDS == 20
-	BF_ENC(r,l,k,20);
-	BF_ENC(l,r,k,19);
-	BF_ENC(r,l,k,18);
-	BF_ENC(l,r,k,17);
-#endif
-	BF_ENC(r,l,k,16);
-	BF_ENC(l,r,k,15);
-	BF_ENC(r,l,k,14);
-	BF_ENC(l,r,k,13);
-	BF_ENC(r,l,k,12);
-	BF_ENC(l,r,k,11);
-	BF_ENC(r,l,k,10);
-	BF_ENC(l,r,k, 9);
-	BF_ENC(r,l,k, 8);
-	BF_ENC(l,r,k, 7);
-	BF_ENC(r,l,k, 6);
-	BF_ENC(l,r,k, 5);
-	BF_ENC(r,l,k, 4);
-	BF_ENC(l,r,k, 3);
-	BF_ENC(r,l,k, 2);
-	BF_ENC(l,r,k, 1);
-	r^=k[0];
+    l ^= k[BF_ROUNDS + 1];
+#  if BF_ROUNDS == 20
+    BF_ENC(r, l, k, 20);
+    BF_ENC(l, r, k, 19);
+    BF_ENC(r, l, k, 18);
+    BF_ENC(l, r, k, 17);
+#  endif
+    BF_ENC(r, l, k, 16);
+    BF_ENC(l, r, k, 15);
+    BF_ENC(r, l, k, 14);
+    BF_ENC(l, r, k, 13);
+    BF_ENC(r, l, k, 12);
+    BF_ENC(l, r, k, 11);
+    BF_ENC(r, l, k, 10);
+    BF_ENC(l, r, k, 9);
+    BF_ENC(r, l, k, 8);
+    BF_ENC(l, r, k, 7);
+    BF_ENC(r, l, k, 6);
+    BF_ENC(l, r, k, 5);
+    BF_ENC(r, l, k, 4);
+    BF_ENC(l, r, k, 3);
+    BF_ENC(r, l, k, 2);
+    BF_ENC(l, r, k, 1);
+    r ^= k[0];
 
-	data[1]=l&0xffffffffL;
-	data[0]=r&0xffffffffL;
-#endif
-	}
+    data[1] = l & 0xffffffffL;
+    data[0] = r & 0xffffffffL;
+# endif
+}
 
 void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	     const BF_KEY *schedule, unsigned char *ivec, int encrypt)
-	{
-	register BF_LONG tin0,tin1;
-	register BF_LONG tout0,tout1,xor0,xor1;
-	register long l=length;
-	BF_LONG tin[2];
+                    const BF_KEY *schedule, unsigned char *ivec, int encrypt)
+{
+    register BF_LONG tin0, tin1;
+    register BF_LONG tout0, tout1, xor0, xor1;
+    register long l = length;
+    BF_LONG tin[2];
 
-	if (encrypt)
-		{
-		n2l(ivec,tout0);
-		n2l(ivec,tout1);
-		ivec-=8;
-		for (l-=8; l>=0; l-=8)
-			{
-			n2l(in,tin0);
-			n2l(in,tin1);
-			tin0^=tout0;
-			tin1^=tout1;
-			tin[0]=tin0;
-			tin[1]=tin1;
-			BF_encrypt(tin,schedule);
-			tout0=tin[0];
-			tout1=tin[1];
-			l2n(tout0,out);
-			l2n(tout1,out);
-			}
-		if (l != -8)
-			{
-			n2ln(in,tin0,tin1,l+8);
-			tin0^=tout0;
-			tin1^=tout1;
-			tin[0]=tin0;
-			tin[1]=tin1;
-			BF_encrypt(tin,schedule);
-			tout0=tin[0];
-			tout1=tin[1];
-			l2n(tout0,out);
-			l2n(tout1,out);
-			}
-		l2n(tout0,ivec);
-		l2n(tout1,ivec);
-		}
-	else
-		{
-		n2l(ivec,xor0);
-		n2l(ivec,xor1);
-		ivec-=8;
-		for (l-=8; l>=0; l-=8)
-			{
-			n2l(in,tin0);
-			n2l(in,tin1);
-			tin[0]=tin0;
-			tin[1]=tin1;
-			BF_decrypt(tin,schedule);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2n(tout0,out);
-			l2n(tout1,out);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		if (l != -8)
-			{
-			n2l(in,tin0);
-			n2l(in,tin1);
-			tin[0]=tin0;
-			tin[1]=tin1;
-			BF_decrypt(tin,schedule);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2nn(tout0,tout1,out,l+8);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		l2n(xor0,ivec);
-		l2n(xor1,ivec);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
+    if (encrypt) {
+        n2l(ivec, tout0);
+        n2l(ivec, tout1);
+        ivec -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_encrypt(tin, schedule);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        if (l != -8) {
+            n2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_encrypt(tin, schedule);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        l2n(tout0, ivec);
+        l2n(tout1, ivec);
+    } else {
+        n2l(ivec, xor0);
+        n2l(ivec, xor1);
+        ivec -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_decrypt(tin, schedule);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2n(tout0, out);
+            l2n(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            BF_decrypt(tin, schedule);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2nn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2n(xor0, ivec);
+        l2n(xor1, ivec);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c b/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c
index f2a9ff6e..a8d190b5 100644
--- a/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c
+++ b/Cryptlib/OpenSSL/crypto/bf/bf_ofb64.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,52 +59,52 @@
 #include <openssl/blowfish.h>
 #include "bf_locl.h"
 
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
  */
-void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length,
-	     const BF_KEY *schedule, unsigned char *ivec, int *num)
-	{
-	register BF_LONG v0,v1,t;
-	register int n= *num;
-	register long l=length;
-	unsigned char d[8];
-	register char *dp;
-	BF_LONG ti[2];
-	unsigned char *iv;
-	int save=0;
-
-	iv=(unsigned char *)ivec;
-	n2l(iv,v0);
-	n2l(iv,v1);
-	ti[0]=v0;
-	ti[1]=v1;
-	dp=(char *)d;
-	l2n(v0,dp);
-	l2n(v1,dp);
-	while (l--)
-		{
-		if (n == 0)
-			{
-			BF_encrypt((BF_LONG *)ti,schedule);
-			dp=(char *)d;
-			t=ti[0]; l2n(t,dp);
-			t=ti[1]; l2n(t,dp);
-			save++;
-			}
-		*(out++)= *(in++)^d[n];
-		n=(n+1)&0x07;
-		}
-	if (save)
-		{
-		v0=ti[0];
-		v1=ti[1];
-		iv=(unsigned char *)ivec;
-		l2n(v0,iv);
-		l2n(v1,iv);
-		}
-	t=v0=v1=ti[0]=ti[1]=0;
-	*num=n;
-	}
+void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const BF_KEY *schedule,
+                      unsigned char *ivec, int *num)
+{
+    register BF_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    BF_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
 
+    iv = (unsigned char *)ivec;
+    n2l(iv, v0);
+    n2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2n(v0, dp);
+    l2n(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            BF_encrypt((BF_LONG *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2n(t, dp);
+            t = ti[1];
+            l2n(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = (unsigned char *)ivec;
+        l2n(v0, iv);
+        l2n(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/Cryptlib/OpenSSL/crypto/bf/bf_skey.c b/Cryptlib/OpenSSL/crypto/bf/bf_skey.c
index 6ac2aeb2..c7b74ff5 100644
--- a/Cryptlib/OpenSSL/crypto/bf/bf_skey.c
+++ b/Cryptlib/OpenSSL/crypto/bf/bf_skey.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,61 +61,61 @@
 #include <openssl/blowfish.h>
 #include <openssl/crypto.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
 #include "bf_locl.h"
 #include "bf_pi.h"
 
 FIPS_NON_FIPS_VCIPHER_Init(BF)
-	{
-	int i;
-	BF_LONG *p,ri,in[2];
-	const unsigned char *d,*end;
-
-
-	memcpy(key,&bf_init,sizeof(BF_KEY));
-	p=key->P;
+{
+    int i;
+    BF_LONG *p, ri, in[2];
+    const unsigned char *d, *end;
 
-	if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4;
+    memcpy(key, &bf_init, sizeof(BF_KEY));
+    p = key->P;
 
-	d=data;
-	end= &(data[len]);
-	for (i=0; i<(BF_ROUNDS+2); i++)
-		{
-		ri= *(d++);
-		if (d >= end) d=data;
+    if (len > ((BF_ROUNDS + 2) * 4))
+        len = (BF_ROUNDS + 2) * 4;
 
-		ri<<=8;
-		ri|= *(d++);
-		if (d >= end) d=data;
+    d = data;
+    end = &(data[len]);
+    for (i = 0; i < (BF_ROUNDS + 2); i++) {
+        ri = *(d++);
+        if (d >= end)
+            d = data;
 
-		ri<<=8;
-		ri|= *(d++);
-		if (d >= end) d=data;
+        ri <<= 8;
+        ri |= *(d++);
+        if (d >= end)
+            d = data;
 
-		ri<<=8;
-		ri|= *(d++);
-		if (d >= end) d=data;
+        ri <<= 8;
+        ri |= *(d++);
+        if (d >= end)
+            d = data;
 
-		p[i]^=ri;
-		}
+        ri <<= 8;
+        ri |= *(d++);
+        if (d >= end)
+            d = data;
 
-	in[0]=0L;
-	in[1]=0L;
-	for (i=0; i<(BF_ROUNDS+2); i+=2)
-		{
-		BF_encrypt(in,key);
-		p[i  ]=in[0];
-		p[i+1]=in[1];
-		}
+        p[i] ^= ri;
+    }
 
-	p=key->S;
-	for (i=0; i<4*256; i+=2)
-		{
-		BF_encrypt(in,key);
-		p[i  ]=in[0];
-		p[i+1]=in[1];
-		}
-	}
+    in[0] = 0L;
+    in[1] = 0L;
+    for (i = 0; i < (BF_ROUNDS + 2); i += 2) {
+        BF_encrypt(in, key);
+        p[i] = in[0];
+        p[i + 1] = in[1];
+    }
 
+    p = key->S;
+    for (i = 0; i < 4 * 256; i += 2) {
+        BF_encrypt(in, key);
+        p[i] = in[0];
+        p[i + 1] = in[1];
+    }
+}
diff --git a/Cryptlib/OpenSSL/crypto/bio/b_dump.c b/Cryptlib/OpenSSL/crypto/bio/b_dump.c
index c80ecc42..3293c724 100644
--- a/Cryptlib/OpenSSL/crypto/bio/b_dump.c
+++ b/Cryptlib/OpenSSL/crypto/bio/b_dump.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,14 +49,14 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-/* 
+/*
  * Stolen from tjh's ssl/ssl_trc.c stuff.
  */
 
@@ -65,123 +65,120 @@
 #include "bio_lcl.h"
 
 #define TRUNCATE
-#define DUMP_WIDTH	16
+#define DUMP_WIDTH      16
 #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4))
 
-int BIO_dump_cb(int (*cb)(const void *data, size_t len, void *u),
-	void *u, const char *s, int len)
-	{
-	return BIO_dump_indent_cb(cb, u, s, len, 0);
-	}
+int BIO_dump_cb(int (*cb) (const void *data, size_t len, void *u),
+                void *u, const char *s, int len)
+{
+    return BIO_dump_indent_cb(cb, u, s, len, 0);
+}
 
-int BIO_dump_indent_cb(int (*cb)(const void *data, size_t len, void *u),
-	void *u, const char *s, int len, int indent)
-	{
-	int ret=0;
-	char buf[288+1],tmp[20],str[128+1];
-	int i,j,rows,trc;
-	unsigned char ch;
-	int dump_width;
+int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
+                       void *u, const char *s, int len, int indent)
+{
+    int ret = 0;
+    char buf[288 + 1], tmp[20], str[128 + 1];
+    int i, j, rows, trc;
+    unsigned char ch;
+    int dump_width;
 
-	trc=0;
+    trc = 0;
 
 #ifdef TRUNCATE
-	for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--)
-		trc++;
+    for (; (len > 0) && ((s[len - 1] == ' ') || (s[len - 1] == '\0')); len--)
+        trc++;
 #endif
 
-	if (indent < 0)
-		indent = 0;
-	if (indent)
-		{
-		if (indent > 128) indent=128;
-		memset(str,' ',indent);
-		}
-	str[indent]='\0';
+    if (indent < 0)
+        indent = 0;
+    if (indent) {
+        if (indent > 128)
+            indent = 128;
+        memset(str, ' ', indent);
+    }
+    str[indent] = '\0';
 
-	dump_width=DUMP_WIDTH_LESS_INDENT(indent);
-	rows=(len/dump_width);
-	if ((rows*dump_width)<len)
-		rows++;
-	for(i=0;i<rows;i++)
-		{
-		buf[0]='\0';	/* start with empty string */
-		BUF_strlcpy(buf,str,sizeof buf);
-		BIO_snprintf(tmp,sizeof tmp,"%04x - ",i*dump_width);
-		BUF_strlcat(buf,tmp,sizeof buf);
-		for(j=0;j<dump_width;j++)
-			{
-			if (((i*dump_width)+j)>=len)
-				{
-				BUF_strlcat(buf,"   ",sizeof buf);
-				}
-			else
-				{
-				ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
-				BIO_snprintf(tmp,sizeof tmp,"%02x%c",ch,
-					j==7?'-':' ');
-				BUF_strlcat(buf,tmp,sizeof buf);
-				}
-			}
-		BUF_strlcat(buf,"  ",sizeof buf);
-		for(j=0;j<dump_width;j++)
-			{
-			if (((i*dump_width)+j)>=len)
-				break;
-			ch=((unsigned char)*(s+i*dump_width+j)) & 0xff;
+    dump_width = DUMP_WIDTH_LESS_INDENT(indent);
+    rows = (len / dump_width);
+    if ((rows * dump_width) < len)
+        rows++;
+    for (i = 0; i < rows; i++) {
+        buf[0] = '\0';          /* start with empty string */
+        BUF_strlcpy(buf, str, sizeof buf);
+        BIO_snprintf(tmp, sizeof tmp, "%04x - ", i * dump_width);
+        BUF_strlcat(buf, tmp, sizeof buf);
+        for (j = 0; j < dump_width; j++) {
+            if (((i * dump_width) + j) >= len) {
+                BUF_strlcat(buf, "   ", sizeof buf);
+            } else {
+                ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
+                BIO_snprintf(tmp, sizeof tmp, "%02x%c", ch,
+                             j == 7 ? '-' : ' ');
+                BUF_strlcat(buf, tmp, sizeof buf);
+            }
+        }
+        BUF_strlcat(buf, "  ", sizeof buf);
+        for (j = 0; j < dump_width; j++) {
+            if (((i * dump_width) + j) >= len)
+                break;
+            ch = ((unsigned char)*(s + i * dump_width + j)) & 0xff;
 #ifndef CHARSET_EBCDIC
-			BIO_snprintf(tmp,sizeof tmp,"%c",
-				((ch>=' ')&&(ch<='~'))?ch:'.');
+            BIO_snprintf(tmp, sizeof tmp, "%c",
+                         ((ch >= ' ') && (ch <= '~')) ? ch : '.');
 #else
-			BIO_snprintf(tmp,sizeof tmp,"%c",
-				((ch>=os_toascii[' '])&&(ch<=os_toascii['~']))
-				? os_toebcdic[ch]
-				: '.');
+            BIO_snprintf(tmp, sizeof tmp, "%c",
+                         ((ch >= os_toascii[' ']) && (ch <= os_toascii['~']))
+                         ? os_toebcdic[ch]
+                         : '.');
 #endif
-			BUF_strlcat(buf,tmp,sizeof buf);
-			}
-		BUF_strlcat(buf,"\n",sizeof buf);
-		/* if this is the last call then update the ddt_dump thing so
-		 * that we will move the selection point in the debug window
-		 */
-		ret+=cb((void *)buf,strlen(buf),u);
-		}
+            BUF_strlcat(buf, tmp, sizeof buf);
+        }
+        BUF_strlcat(buf, "\n", sizeof buf);
+        /*
+         * if this is the last call then update the ddt_dump thing so that we
+         * will move the selection point in the debug window
+         */
+        ret += cb((void *)buf, strlen(buf), u);
+    }
 #ifdef TRUNCATE
-	if (trc > 0)
-		{
-		BIO_snprintf(buf,sizeof buf,"%s%04x - <SPACES/NULS>\n",str,
-			len+trc);
-		ret+=cb((void *)buf,strlen(buf),u);
-		}
+    if (trc > 0) {
+        BIO_snprintf(buf, sizeof buf, "%s%04x - <SPACES/NULS>\n", str,
+                     len + trc);
+        ret += cb((void *)buf, strlen(buf), u);
+    }
 #endif
-	return(ret);
-	}
+    return (ret);
+}
 
 #ifndef OPENSSL_NO_FP_API
 static int write_fp(const void *data, size_t len, void *fp)
-	{
-	return UP_fwrite(data, len, 1, fp);
-	}
+{
+    return UP_fwrite(data, len, 1, fp);
+}
+
 int BIO_dump_fp(FILE *fp, const char *s, int len)
-	{
-	return BIO_dump_cb(write_fp, fp, s, len);
-	}
+{
+    return BIO_dump_cb(write_fp, fp, s, len);
+}
+
 int BIO_dump_indent_fp(FILE *fp, const char *s, int len, int indent)
-	{
-	return BIO_dump_indent_cb(write_fp, fp, s, len, indent);
-	}
+{
+    return BIO_dump_indent_cb(write_fp, fp, s, len, indent);
+}
 #endif
 
 static int write_bio(const void *data, size_t len, void *bp)
-	{
-	return BIO_write((BIO *)bp, (const char *)data, len);
-	}
+{
+    return BIO_write((BIO *)bp, (const char *)data, len);
+}
+
 int BIO_dump(BIO *bp, const char *s, int len)
-	{
-	return BIO_dump_cb(write_bio, bp, s, len);
-	}
-int BIO_dump_indent(BIO *bp, const char *s, int len, int indent)
-	{
-	return BIO_dump_indent_cb(write_bio, bp, s, len, indent);
-	}
+{
+    return BIO_dump_cb(write_bio, bp, s, len);
+}
 
+int BIO_dump_indent(BIO *bp, const char *s, int len, int indent)
+{
+    return BIO_dump_indent_cb(write_bio, bp, s, len, indent);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_buff.c b/Cryptlib/OpenSSL/crypto/bio/bf_buff.c
index 4b5a132d..478fa16a 100644
--- a/Cryptlib/OpenSSL/crypto/bio/bf_buff.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bf_buff.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,7 +61,7 @@
 #include "cryptlib.h"
 #include <openssl/bio.h>
 
-static int buffer_write(BIO *h, const char *buf,int num);
+static int buffer_write(BIO *h, const char *buf, int num);
 static int buffer_read(BIO *h, char *buf, int size);
 static int buffer_puts(BIO *h, const char *str);
 static int buffer_gets(BIO *h, char *str, int size);
@@ -69,444 +69,449 @@ static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int buffer_new(BIO *h);
 static int buffer_free(BIO *data);
 static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-#define DEFAULT_BUFFER_SIZE	4096
-
-static BIO_METHOD methods_buffer=
-	{
-	BIO_TYPE_BUFFER,
-	"buffer",
-	buffer_write,
-	buffer_read,
-	buffer_puts,
-	buffer_gets,
-	buffer_ctrl,
-	buffer_new,
-	buffer_free,
-	buffer_callback_ctrl,
-	};
+#define DEFAULT_BUFFER_SIZE     4096
+
+static BIO_METHOD methods_buffer = {
+    BIO_TYPE_BUFFER,
+    "buffer",
+    buffer_write,
+    buffer_read,
+    buffer_puts,
+    buffer_gets,
+    buffer_ctrl,
+    buffer_new,
+    buffer_free,
+    buffer_callback_ctrl,
+};
 
 BIO_METHOD *BIO_f_buffer(void)
-	{
-	return(&methods_buffer);
-	}
+{
+    return (&methods_buffer);
+}
 
 static int buffer_new(BIO *bi)
-	{
-	BIO_F_BUFFER_CTX *ctx;
-
-	ctx=(BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX));
-	if (ctx == NULL) return(0);
-	ctx->ibuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
-	if (ctx->ibuf == NULL) { OPENSSL_free(ctx); return(0); }
-	ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
-	if (ctx->obuf == NULL) { OPENSSL_free(ctx->ibuf); OPENSSL_free(ctx); return(0); }
-	ctx->ibuf_size=DEFAULT_BUFFER_SIZE;
-	ctx->obuf_size=DEFAULT_BUFFER_SIZE;
-	ctx->ibuf_len=0;
-	ctx->ibuf_off=0;
-	ctx->obuf_len=0;
-	ctx->obuf_off=0;
-
-	bi->init=1;
-	bi->ptr=(char *)ctx;
-	bi->flags=0;
-	return(1);
-	}
+{
+    BIO_F_BUFFER_CTX *ctx;
+
+    ctx = (BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX));
+    if (ctx == NULL)
+        return (0);
+    ctx->ibuf = (char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+    if (ctx->ibuf == NULL) {
+        OPENSSL_free(ctx);
+        return (0);
+    }
+    ctx->obuf = (char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE);
+    if (ctx->obuf == NULL) {
+        OPENSSL_free(ctx->ibuf);
+        OPENSSL_free(ctx);
+        return (0);
+    }
+    ctx->ibuf_size = DEFAULT_BUFFER_SIZE;
+    ctx->obuf_size = DEFAULT_BUFFER_SIZE;
+    ctx->ibuf_len = 0;
+    ctx->ibuf_off = 0;
+    ctx->obuf_len = 0;
+    ctx->obuf_off = 0;
+
+    bi->init = 1;
+    bi->ptr = (char *)ctx;
+    bi->flags = 0;
+    return (1);
+}
 
 static int buffer_free(BIO *a)
-	{
-	BIO_F_BUFFER_CTX *b;
-
-	if (a == NULL) return(0);
-	b=(BIO_F_BUFFER_CTX *)a->ptr;
-	if (b->ibuf != NULL) OPENSSL_free(b->ibuf);
-	if (b->obuf != NULL) OPENSSL_free(b->obuf);
-	OPENSSL_free(a->ptr);
-	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;
-	return(1);
-	}
-	
+{
+    BIO_F_BUFFER_CTX *b;
+
+    if (a == NULL)
+        return (0);
+    b = (BIO_F_BUFFER_CTX *)a->ptr;
+    if (b->ibuf != NULL)
+        OPENSSL_free(b->ibuf);
+    if (b->obuf != NULL)
+        OPENSSL_free(b->obuf);
+    OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return (1);
+}
+
 static int buffer_read(BIO *b, char *out, int outl)
-	{
-	int i,num=0;
-	BIO_F_BUFFER_CTX *ctx;
-
-	if (out == NULL) return(0);
-	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
-
-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-	num=0;
-	BIO_clear_retry_flags(b);
-
-start:
-	i=ctx->ibuf_len;
-	/* If there is stuff left over, grab it */
-	if (i != 0)
-		{
-		if (i > outl) i=outl;
-		memcpy(out,&(ctx->ibuf[ctx->ibuf_off]),i);
-		ctx->ibuf_off+=i;
-		ctx->ibuf_len-=i;
-		num+=i;
-		if (outl == i)  return(num);
-		outl-=i;
-		out+=i;
-		}
-
-	/* We may have done a partial read. try to do more.
-	 * We have nothing in the buffer.
-	 * If we get an error and have read some data, just return it
-	 * and let them retry to get the error again.
-	 * copy direct to parent address space */
-	if (outl > ctx->ibuf_size)
-		{
-		for (;;)
-			{
-			i=BIO_read(b->next_bio,out,outl);
-			if (i <= 0)
-				{
-				BIO_copy_next_retry(b);
-				if (i < 0) return((num > 0)?num:i);
-				if (i == 0) return(num);
-				}
-			num+=i;
-			if (outl == i) return(num);
-			out+=i;
-			outl-=i;
-			}
-		}
-	/* else */
-
-	/* we are going to be doing some buffering */
-	i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
-	if (i <= 0)
-		{
-		BIO_copy_next_retry(b);
-		if (i < 0) return((num > 0)?num:i);
-		if (i == 0) return(num);
-		}
-	ctx->ibuf_off=0;
-	ctx->ibuf_len=i;
-
-	/* Lets re-read using ourselves :-) */
-	goto start;
-	}
+{
+    int i, num = 0;
+    BIO_F_BUFFER_CTX *ctx;
+
+    if (out == NULL)
+        return (0);
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+    if ((ctx == NULL) || (b->next_bio == NULL))
+        return (0);
+    num = 0;
+    BIO_clear_retry_flags(b);
+
+ start:
+    i = ctx->ibuf_len;
+    /* If there is stuff left over, grab it */
+    if (i != 0) {
+        if (i > outl)
+            i = outl;
+        memcpy(out, &(ctx->ibuf[ctx->ibuf_off]), i);
+        ctx->ibuf_off += i;
+        ctx->ibuf_len -= i;
+        num += i;
+        if (outl == i)
+            return (num);
+        outl -= i;
+        out += i;
+    }
+
+    /*
+     * We may have done a partial read. try to do more. We have nothing in
+     * the buffer. If we get an error and have read some data, just return it
+     * and let them retry to get the error again. copy direct to parent
+     * address space
+     */
+    if (outl > ctx->ibuf_size) {
+        for (;;) {
+            i = BIO_read(b->next_bio, out, outl);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return (num);
+            }
+            num += i;
+            if (outl == i)
+                return (num);
+            out += i;
+            outl -= i;
+        }
+    }
+    /* else */
+
+    /* we are going to be doing some buffering */
+    i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size);
+    if (i <= 0) {
+        BIO_copy_next_retry(b);
+        if (i < 0)
+            return ((num > 0) ? num : i);
+        if (i == 0)
+            return (num);
+    }
+    ctx->ibuf_off = 0;
+    ctx->ibuf_len = i;
+
+    /* Lets re-read using ourselves :-) */
+    goto start;
+}
 
 static int buffer_write(BIO *b, const char *in, int inl)
-	{
-	int i,num=0;
-	BIO_F_BUFFER_CTX *ctx;
-
-	if ((in == NULL) || (inl <= 0)) return(0);
-	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
-	BIO_clear_retry_flags(b);
-start:
-	i=ctx->obuf_size-(ctx->obuf_len+ctx->obuf_off);
-	/* add to buffer and return */
-	if (i >= inl)
-		{
-		memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,inl);
-		ctx->obuf_len+=inl;
-		return(num+inl);
-		}
-	/* else */
-	/* stuff already in buffer, so add to it first, then flush */
-	if (ctx->obuf_len != 0)
-		{
-		if (i > 0) /* lets fill it up if we can */
-			{
-			memcpy(&(ctx->obuf[ctx->obuf_off+ctx->obuf_len]),in,i);
-			in+=i;
-			inl-=i;
-			num+=i;
-			ctx->obuf_len+=i;
-			}
-		/* we now have a full buffer needing flushing */
-		for (;;)
-			{
-			i=BIO_write(b->next_bio,&(ctx->obuf[ctx->obuf_off]),
-				ctx->obuf_len);
-			if (i <= 0)
-				{
-				BIO_copy_next_retry(b);
-
-				if (i < 0) return((num > 0)?num:i);
-				if (i == 0) return(num);
-				}
-			ctx->obuf_off+=i;
-			ctx->obuf_len-=i;
-			if (ctx->obuf_len == 0) break;
-			}
-		}
-	/* we only get here if the buffer has been flushed and we
-	 * still have stuff to write */
-	ctx->obuf_off=0;
-
-	/* we now have inl bytes to write */
-	while (inl >= ctx->obuf_size)
-		{
-		i=BIO_write(b->next_bio,in,inl);
-		if (i <= 0)
-			{
-			BIO_copy_next_retry(b);
-			if (i < 0) return((num > 0)?num:i);
-			if (i == 0) return(num);
-			}
-		num+=i;
-		in+=i;
-		inl-=i;
-		if (inl == 0) return(num);
-		}
-
-	/* copy the rest into the buffer since we have only a small 
-	 * amount left */
-	goto start;
-	}
+{
+    int i, num = 0;
+    BIO_F_BUFFER_CTX *ctx;
+
+    if ((in == NULL) || (inl <= 0))
+        return (0);
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+    if ((ctx == NULL) || (b->next_bio == NULL))
+        return (0);
+
+    BIO_clear_retry_flags(b);
+ start:
+    i = ctx->obuf_size - (ctx->obuf_len + ctx->obuf_off);
+    /* add to buffer and return */
+    if (i >= inl) {
+        memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, inl);
+        ctx->obuf_len += inl;
+        return (num + inl);
+    }
+    /* else */
+    /* stuff already in buffer, so add to it first, then flush */
+    if (ctx->obuf_len != 0) {
+        if (i > 0) {            /* lets fill it up if we can */
+            memcpy(&(ctx->obuf[ctx->obuf_off + ctx->obuf_len]), in, i);
+            in += i;
+            inl -= i;
+            num += i;
+            ctx->obuf_len += i;
+        }
+        /* we now have a full buffer needing flushing */
+        for (;;) {
+            i = BIO_write(b->next_bio, &(ctx->obuf[ctx->obuf_off]),
+                          ctx->obuf_len);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return (num);
+            }
+            ctx->obuf_off += i;
+            ctx->obuf_len -= i;
+            if (ctx->obuf_len == 0)
+                break;
+        }
+    }
+    /*
+     * we only get here if the buffer has been flushed and we still have
+     * stuff to write
+     */
+    ctx->obuf_off = 0;
+
+    /* we now have inl bytes to write */
+    while (inl >= ctx->obuf_size) {
+        i = BIO_write(b->next_bio, in, inl);
+        if (i <= 0) {
+            BIO_copy_next_retry(b);
+            if (i < 0)
+                return ((num > 0) ? num : i);
+            if (i == 0)
+                return (num);
+        }
+        num += i;
+        in += i;
+        inl -= i;
+        if (inl == 0)
+            return (num);
+    }
+
+    /*
+     * copy the rest into the buffer since we have only a small amount left
+     */
+    goto start;
+}
 
 static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	BIO *dbio;
-	BIO_F_BUFFER_CTX *ctx;
-	long ret=1;
-	char *p1,*p2;
-	int r,i,*ip;
-	int ibs,obs;
-
-	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ctx->ibuf_off=0;
-		ctx->ibuf_len=0;
-		ctx->obuf_off=0;
-		ctx->obuf_len=0;
-		if (b->next_bio == NULL) return(0);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_INFO:
-		ret=(long)ctx->obuf_len;
-		break;
-	case BIO_C_GET_BUFF_NUM_LINES:
-		ret=0;
-		p1=ctx->ibuf;
-		for (i=0; i<ctx->ibuf_len; i++)
-			{
-			if (p1[ctx->ibuf_off + i] == '\n') ret++;
-			}
-		break;
-	case BIO_CTRL_WPENDING:
-		ret=(long)ctx->obuf_len;
-		if (ret == 0)
-			{
-			if (b->next_bio == NULL) return(0);
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-			}
-		break;
-	case BIO_CTRL_PENDING:
-		ret=(long)ctx->ibuf_len;
-		if (ret == 0)
-			{
-			if (b->next_bio == NULL) return(0);
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-			}
-		break;
-	case BIO_C_SET_BUFF_READ_DATA:
-		if (num > ctx->ibuf_size)
-			{
-			p1=OPENSSL_malloc((int)num);
-			if (p1 == NULL) goto malloc_error;
-			if (ctx->ibuf != NULL) OPENSSL_free(ctx->ibuf);
-			ctx->ibuf=p1;
-			}
-		ctx->ibuf_off=0;
-		ctx->ibuf_len=(int)num;
-		memcpy(ctx->ibuf,ptr,(int)num);
-		ret=1;
-		break;
-	case BIO_C_SET_BUFF_SIZE:
-		if (ptr != NULL)
-			{
-			ip=(int *)ptr;
-			if (*ip == 0)
-				{
-				ibs=(int)num;
-				obs=ctx->obuf_size;
-				}
-			else /* if (*ip == 1) */
-				{
-				ibs=ctx->ibuf_size;
-				obs=(int)num;
-				}
-			}
-		else
-			{
-			ibs=(int)num;
-			obs=(int)num;
-			}
-		p1=ctx->ibuf;
-		p2=ctx->obuf;
-		if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size))
-			{
-			p1=(char *)OPENSSL_malloc((int)num);
-			if (p1 == NULL) goto malloc_error;
-			}
-		if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size))
-			{
-			p2=(char *)OPENSSL_malloc((int)num);
-			if (p2 == NULL)
-				{
-				if (p1 != ctx->ibuf) OPENSSL_free(p1);
-				goto malloc_error;
-				}
-			}
-		if (ctx->ibuf != p1)
-			{
-			OPENSSL_free(ctx->ibuf);
-			ctx->ibuf=p1;
-			ctx->ibuf_off=0;
-			ctx->ibuf_len=0;
-			ctx->ibuf_size=ibs;
-			}
-		if (ctx->obuf != p2)
-			{
-			OPENSSL_free(ctx->obuf);
-			ctx->obuf=p2;
-			ctx->obuf_off=0;
-			ctx->obuf_len=0;
-			ctx->obuf_size=obs;
-			}
-		break;
-	case BIO_C_DO_STATE_MACHINE:
-		if (b->next_bio == NULL) return(0);
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-
-	case BIO_CTRL_FLUSH:
-		if (b->next_bio == NULL) return(0);
-		if (ctx->obuf_len <= 0)
-			{
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-			break;
-			}
-
-		for (;;)
-			{
-			BIO_clear_retry_flags(b);
-			if (ctx->obuf_len > 0)
-				{
-				r=BIO_write(b->next_bio,
-					&(ctx->obuf[ctx->obuf_off]),
-					ctx->obuf_len);
+{
+    BIO *dbio;
+    BIO_F_BUFFER_CTX *ctx;
+    long ret = 1;
+    char *p1, *p2;
+    int r, i, *ip;
+    int ibs, obs;
+
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->ibuf_off = 0;
+        ctx->ibuf_len = 0;
+        ctx->obuf_off = 0;
+        ctx->obuf_len = 0;
+        if (b->next_bio == NULL)
+            return (0);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_INFO:
+        ret = (long)ctx->obuf_len;
+        break;
+    case BIO_C_GET_BUFF_NUM_LINES:
+        ret = 0;
+        p1 = ctx->ibuf;
+        for (i = 0; i < ctx->ibuf_len; i++) {
+            if (p1[ctx->ibuf_off + i] == '\n')
+                ret++;
+        }
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = (long)ctx->obuf_len;
+        if (ret == 0) {
+            if (b->next_bio == NULL)
+                return (0);
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        }
+        break;
+    case BIO_CTRL_PENDING:
+        ret = (long)ctx->ibuf_len;
+        if (ret == 0) {
+            if (b->next_bio == NULL)
+                return (0);
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        }
+        break;
+    case BIO_C_SET_BUFF_READ_DATA:
+        if (num > ctx->ibuf_size) {
+            p1 = OPENSSL_malloc((int)num);
+            if (p1 == NULL)
+                goto malloc_error;
+            if (ctx->ibuf != NULL)
+                OPENSSL_free(ctx->ibuf);
+            ctx->ibuf = p1;
+        }
+        ctx->ibuf_off = 0;
+        ctx->ibuf_len = (int)num;
+        memcpy(ctx->ibuf, ptr, (int)num);
+        ret = 1;
+        break;
+    case BIO_C_SET_BUFF_SIZE:
+        if (ptr != NULL) {
+            ip = (int *)ptr;
+            if (*ip == 0) {
+                ibs = (int)num;
+                obs = ctx->obuf_size;
+            } else {            /* if (*ip == 1) */
+
+                ibs = ctx->ibuf_size;
+                obs = (int)num;
+            }
+        } else {
+            ibs = (int)num;
+            obs = (int)num;
+        }
+        p1 = ctx->ibuf;
+        p2 = ctx->obuf;
+        if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) {
+            p1 = (char *)OPENSSL_malloc((int)num);
+            if (p1 == NULL)
+                goto malloc_error;
+        }
+        if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) {
+            p2 = (char *)OPENSSL_malloc((int)num);
+            if (p2 == NULL) {
+                if (p1 != ctx->ibuf)
+                    OPENSSL_free(p1);
+                goto malloc_error;
+            }
+        }
+        if (ctx->ibuf != p1) {
+            OPENSSL_free(ctx->ibuf);
+            ctx->ibuf = p1;
+            ctx->ibuf_off = 0;
+            ctx->ibuf_len = 0;
+            ctx->ibuf_size = ibs;
+        }
+        if (ctx->obuf != p2) {
+            OPENSSL_free(ctx->obuf);
+            ctx->obuf = p2;
+            ctx->obuf_off = 0;
+            ctx->obuf_len = 0;
+            ctx->obuf_size = obs;
+        }
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        if (b->next_bio == NULL)
+            return (0);
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    case BIO_CTRL_FLUSH:
+        if (b->next_bio == NULL)
+            return (0);
+        if (ctx->obuf_len <= 0) {
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+            break;
+        }
+
+        for (;;) {
+            BIO_clear_retry_flags(b);
+            if (ctx->obuf_len > 0) {
+                r = BIO_write(b->next_bio,
+                              &(ctx->obuf[ctx->obuf_off]), ctx->obuf_len);
 #if 0
-fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len,r);
+                fprintf(stderr, "FLUSH [%3d] %3d -> %3d\n", ctx->obuf_off,
+                        ctx->obuf_len, r);
 #endif
-				BIO_copy_next_retry(b);
-				if (r <= 0) return((long)r);
-				ctx->obuf_off+=r;
-				ctx->obuf_len-=r;
-				}
-			else
-				{
-				ctx->obuf_len=0;
-				ctx->obuf_off=0;
-				ret=1;
-				break;
-				}
-			}
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_DUP:
-		dbio=(BIO *)ptr;
-		if (	!BIO_set_read_buffer_size(dbio,ctx->ibuf_size) ||
-			!BIO_set_write_buffer_size(dbio,ctx->obuf_size))
-			ret=0;
-		break;
-	default:
-		if (b->next_bio == NULL) return(0);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-		}
-	return(ret);
-malloc_error:
-	BIOerr(BIO_F_BUFFER_CTRL,ERR_R_MALLOC_FAILURE);
-	return(0);
-	}
+                BIO_copy_next_retry(b);
+                if (r <= 0)
+                    return ((long)r);
+                ctx->obuf_off += r;
+                ctx->obuf_len -= r;
+            } else {
+                ctx->obuf_len = 0;
+                ctx->obuf_off = 0;
+                ret = 1;
+                break;
+            }
+        }
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_DUP:
+        dbio = (BIO *)ptr;
+        if (!BIO_set_read_buffer_size(dbio, ctx->ibuf_size) ||
+            !BIO_set_write_buffer_size(dbio, ctx->obuf_size))
+            ret = 0;
+        break;
+    default:
+        if (b->next_bio == NULL)
+            return (0);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+ malloc_error:
+    BIOerr(BIO_F_BUFFER_CTRL, ERR_R_MALLOC_FAILURE);
+    return (0);
+}
 
 static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return (ret);
+}
 
 static int buffer_gets(BIO *b, char *buf, int size)
-	{
-	BIO_F_BUFFER_CTX *ctx;
-	int num=0,i,flag;
-	char *p;
-
-	ctx=(BIO_F_BUFFER_CTX *)b->ptr;
-	size--; /* reserve space for a '\0' */
-	BIO_clear_retry_flags(b);
-
-	for (;;)
-		{
-		if (ctx->ibuf_len > 0)
-			{
-			p= &(ctx->ibuf[ctx->ibuf_off]);
-			flag=0;
-			for (i=0; (i<ctx->ibuf_len) && (i<size); i++)
-				{
-				*(buf++)=p[i];
-				if (p[i] == '\n')
-					{
-					flag=1;
-					i++;
-					break;
-					}
-				}
-			num+=i;
-			size-=i;
-			ctx->ibuf_len-=i;
-			ctx->ibuf_off+=i;
-			if (flag || size == 0)
-				{
-				*buf='\0';
-				return(num);
-				}
-			}
-		else	/* read another chunk */
-			{
-			i=BIO_read(b->next_bio,ctx->ibuf,ctx->ibuf_size);
-			if (i <= 0)
-				{
-				BIO_copy_next_retry(b);
-				*buf='\0';
-				if (i < 0) return((num > 0)?num:i);
-				if (i == 0) return(num);
-				}
-			ctx->ibuf_len=i;
-			ctx->ibuf_off=0;
-			}
-		}
-	}
+{
+    BIO_F_BUFFER_CTX *ctx;
+    int num = 0, i, flag;
+    char *p;
+
+    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+    size--;                     /* reserve space for a '\0' */
+    BIO_clear_retry_flags(b);
+
+    for (;;) {
+        if (ctx->ibuf_len > 0) {
+            p = &(ctx->ibuf[ctx->ibuf_off]);
+            flag = 0;
+            for (i = 0; (i < ctx->ibuf_len) && (i < size); i++) {
+                *(buf++) = p[i];
+                if (p[i] == '\n') {
+                    flag = 1;
+                    i++;
+                    break;
+                }
+            }
+            num += i;
+            size -= i;
+            ctx->ibuf_len -= i;
+            ctx->ibuf_off += i;
+            if (flag || size == 0) {
+                *buf = '\0';
+                return (num);
+            }
+        } else {                /* read another chunk */
+
+            i = BIO_read(b->next_bio, ctx->ibuf, ctx->ibuf_size);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                *buf = '\0';
+                if (i < 0)
+                    return ((num > 0) ? num : i);
+                if (i == 0)
+                    return (num);
+            }
+            ctx->ibuf_len = i;
+            ctx->ibuf_off = 0;
+        }
+    }
+}
 
 static int buffer_puts(BIO *b, const char *str)
-	{
-	return(buffer_write(b,str,strlen(str)));
-	}
-
+{
+    return (buffer_write(b, str, strlen(str)));
+}
diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c
index 028616c0..da88a8a1 100644
--- a/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bf_nbio.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,192 +62,190 @@
 #include <openssl/rand.h>
 #include <openssl/bio.h>
 
-/* BIO_put and BIO_get both add to the digest,
- * BIO_gets returns the digest */
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
 
-static int nbiof_write(BIO *h,const char *buf,int num);
-static int nbiof_read(BIO *h,char *buf,int size);
-static int nbiof_puts(BIO *h,const char *str);
-static int nbiof_gets(BIO *h,char *str,int size);
-static long nbiof_ctrl(BIO *h,int cmd,long arg1,void *arg2);
+static int nbiof_write(BIO *h, const char *buf, int num);
+static int nbiof_read(BIO *h, char *buf, int size);
+static int nbiof_puts(BIO *h, const char *str);
+static int nbiof_gets(BIO *h, char *str, int size);
+static long nbiof_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int nbiof_new(BIO *h);
 static int nbiof_free(BIO *data);
-static long nbiof_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
-typedef struct nbio_test_st
-	{
-	/* only set if we sent a 'should retry' error */
-	int lrn;
-	int lwn;
-	} NBIO_TEST;
-
-static BIO_METHOD methods_nbiof=
-	{
-	BIO_TYPE_NBIO_TEST,
-	"non-blocking IO test filter",
-	nbiof_write,
-	nbiof_read,
-	nbiof_puts,
-	nbiof_gets,
-	nbiof_ctrl,
-	nbiof_new,
-	nbiof_free,
-	nbiof_callback_ctrl,
-	};
+static long nbiof_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+typedef struct nbio_test_st {
+    /* only set if we sent a 'should retry' error */
+    int lrn;
+    int lwn;
+} NBIO_TEST;
+
+static BIO_METHOD methods_nbiof = {
+    BIO_TYPE_NBIO_TEST,
+    "non-blocking IO test filter",
+    nbiof_write,
+    nbiof_read,
+    nbiof_puts,
+    nbiof_gets,
+    nbiof_ctrl,
+    nbiof_new,
+    nbiof_free,
+    nbiof_callback_ctrl,
+};
 
 BIO_METHOD *BIO_f_nbio_test(void)
-	{
-	return(&methods_nbiof);
-	}
+{
+    return (&methods_nbiof);
+}
 
 static int nbiof_new(BIO *bi)
-	{
-	NBIO_TEST *nt;
-
-	if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
-	nt->lrn= -1;
-	nt->lwn= -1;
-	bi->ptr=(char *)nt;
-	bi->init=1;
-	bi->flags=0;
-	return(1);
-	}
+{
+    NBIO_TEST *nt;
+
+    if (!(nt = (NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST))))
+        return (0);
+    nt->lrn = -1;
+    nt->lwn = -1;
+    bi->ptr = (char *)nt;
+    bi->init = 1;
+    bi->flags = 0;
+    return (1);
+}
 
 static int nbiof_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	if (a->ptr != NULL)
-		OPENSSL_free(a->ptr);
-	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;
-	return(1);
-	}
-	
+{
+    if (a == NULL)
+        return (0);
+    if (a->ptr != NULL)
+        OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return (1);
+}
+
 static int nbiof_read(BIO *b, char *out, int outl)
-	{
-	int ret=0;
+{
+    int ret = 0;
 #if 1
-	int num;
-	unsigned char n;
+    int num;
+    unsigned char n;
 #endif
 
-	if (out == NULL) return(0);
-	if (b->next_bio == NULL) return(0);
+    if (out == NULL)
+        return (0);
+    if (b->next_bio == NULL)
+        return (0);
 
-	BIO_clear_retry_flags(b);
+    BIO_clear_retry_flags(b);
 #if 1
-	RAND_pseudo_bytes(&n,1);
-	num=(n&0x07);
+    RAND_pseudo_bytes(&n, 1);
+    num = (n & 0x07);
 
-	if (outl > num) outl=num;
+    if (outl > num)
+        outl = num;
 
-	if (num == 0)
-		{
-		ret= -1;
-		BIO_set_retry_read(b);
-		}
-	else
+    if (num == 0) {
+        ret = -1;
+        BIO_set_retry_read(b);
+    } else
 #endif
-		{
-		ret=BIO_read(b->next_bio,out,outl);
-		if (ret < 0)
-			BIO_copy_next_retry(b);
-		}
-	return(ret);
-	}
+    {
+        ret = BIO_read(b->next_bio, out, outl);
+        if (ret < 0)
+            BIO_copy_next_retry(b);
+    }
+    return (ret);
+}
 
 static int nbiof_write(BIO *b, const char *in, int inl)
-	{
-	NBIO_TEST *nt;
-	int ret=0;
-	int num;
-	unsigned char n;
+{
+    NBIO_TEST *nt;
+    int ret = 0;
+    int num;
+    unsigned char n;
 
-	if ((in == NULL) || (inl <= 0)) return(0);
-	if (b->next_bio == NULL) return(0);
-	nt=(NBIO_TEST *)b->ptr;
+    if ((in == NULL) || (inl <= 0))
+        return (0);
+    if (b->next_bio == NULL)
+        return (0);
+    nt = (NBIO_TEST *)b->ptr;
 
-	BIO_clear_retry_flags(b);
+    BIO_clear_retry_flags(b);
 
 #if 1
-	if (nt->lwn > 0)
-		{
-		num=nt->lwn;
-		nt->lwn=0;
-		}
-	else
-		{
-		RAND_pseudo_bytes(&n,1);
-		num=(n&7);
-		}
-
-	if (inl > num) inl=num;
-
-	if (num == 0)
-		{
-		ret= -1;
-		BIO_set_retry_write(b);
-		}
-	else
+    if (nt->lwn > 0) {
+        num = nt->lwn;
+        nt->lwn = 0;
+    } else {
+        RAND_pseudo_bytes(&n, 1);
+        num = (n & 7);
+    }
+
+    if (inl > num)
+        inl = num;
+
+    if (num == 0) {
+        ret = -1;
+        BIO_set_retry_write(b);
+    } else
 #endif
-		{
-		ret=BIO_write(b->next_bio,in,inl);
-		if (ret < 0)
-			{
-			BIO_copy_next_retry(b);
-			nt->lwn=inl;
-			}
-		}
-	return(ret);
-	}
+    {
+        ret = BIO_write(b->next_bio, in, inl);
+        if (ret < 0) {
+            BIO_copy_next_retry(b);
+            nt->lwn = inl;
+        }
+    }
+    return (ret);
+}
 
 static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-        case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-	case BIO_CTRL_DUP:
-		ret=0L;
-		break;
-	default:
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-		}
-	return(ret);
-	}
+{
+    long ret;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+}
 
 static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return (ret);
+}
 
 static int nbiof_gets(BIO *bp, char *buf, int size)
-	{
-	if (bp->next_bio == NULL) return(0);
-	return(BIO_gets(bp->next_bio,buf,size));
-	}
-
+{
+    if (bp->next_bio == NULL)
+        return (0);
+    return (BIO_gets(bp->next_bio, buf, size));
+}
 
 static int nbiof_puts(BIO *bp, const char *str)
-	{
-	if (bp->next_bio == NULL) return(0);
-	return(BIO_puts(bp->next_bio,str));
-	}
-
-
+{
+    if (bp->next_bio == NULL)
+        return (0);
+    return (BIO_puts(bp->next_bio, str));
+}
diff --git a/Cryptlib/OpenSSL/crypto/bio/bf_null.c b/Cryptlib/OpenSSL/crypto/bio/bf_null.c
index c1bf39a9..e0c79e82 100644
--- a/Cryptlib/OpenSSL/crypto/bio/bf_null.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bf_null.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,8 +61,9 @@
 #include "cryptlib.h"
 #include <openssl/bio.h>
 
-/* BIO_put and BIO_get both add to the digest,
- * BIO_gets returns the digest */
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
 
 static int nullf_write(BIO *h, const char *buf, int num);
 static int nullf_read(BIO *h, char *buf, int size);
@@ -72,112 +73,117 @@ static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int nullf_new(BIO *h);
 static int nullf_free(BIO *data);
 static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
-static BIO_METHOD methods_nullf=
-	{
-	BIO_TYPE_NULL_FILTER,
-	"NULL filter",
-	nullf_write,
-	nullf_read,
-	nullf_puts,
-	nullf_gets,
-	nullf_ctrl,
-	nullf_new,
-	nullf_free,
-	nullf_callback_ctrl,
-	};
+static BIO_METHOD methods_nullf = {
+    BIO_TYPE_NULL_FILTER,
+    "NULL filter",
+    nullf_write,
+    nullf_read,
+    nullf_puts,
+    nullf_gets,
+    nullf_ctrl,
+    nullf_new,
+    nullf_free,
+    nullf_callback_ctrl,
+};
 
 BIO_METHOD *BIO_f_null(void)
-	{
-	return(&methods_nullf);
-	}
+{
+    return (&methods_nullf);
+}
 
 static int nullf_new(BIO *bi)
-	{
-	bi->init=1;
-	bi->ptr=NULL;
-	bi->flags=0;
-	return(1);
-	}
+{
+    bi->init = 1;
+    bi->ptr = NULL;
+    bi->flags = 0;
+    return (1);
+}
 
 static int nullf_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-/*	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;*/
-	return(1);
-	}
-	
+{
+    if (a == NULL)
+        return (0);
+    /*-
+    a->ptr=NULL;
+    a->init=0;
+    a->flags=0;
+    */
+    return (1);
+}
+
 static int nullf_read(BIO *b, char *out, int outl)
-	{
-	int ret=0;
- 
-	if (out == NULL) return(0);
-	if (b->next_bio == NULL) return(0);
-	ret=BIO_read(b->next_bio,out,outl);
-	BIO_clear_retry_flags(b);
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
+{
+    int ret = 0;
+
+    if (out == NULL)
+        return (0);
+    if (b->next_bio == NULL)
+        return (0);
+    ret = BIO_read(b->next_bio, out, outl);
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return (ret);
+}
 
 static int nullf_write(BIO *b, const char *in, int inl)
-	{
-	int ret=0;
-
-	if ((in == NULL) || (inl <= 0)) return(0);
-	if (b->next_bio == NULL) return(0);
-	ret=BIO_write(b->next_bio,in,inl);
-	BIO_clear_retry_flags(b);
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
+{
+    int ret = 0;
+
+    if ((in == NULL) || (inl <= 0))
+        return (0);
+    if (b->next_bio == NULL)
+        return (0);
+    ret = BIO_write(b->next_bio, in, inl);
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return (ret);
+}
 
 static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret;
-
-	if (b->next_bio == NULL) return(0);
-	switch(cmd)
-		{
-        case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-	case BIO_CTRL_DUP:
-		ret=0L;
-		break;
-	default:
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		}
-	return(ret);
-	}
+{
+    long ret;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_DUP:
+        ret = 0L;
+        break;
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+    }
+    return (ret);
+}
 
 static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return (ret);
+}
 
 static int nullf_gets(BIO *bp, char *buf, int size)
-	{
-	if (bp->next_bio == NULL) return(0);
-	return(BIO_gets(bp->next_bio,buf,size));
-	}
-
+{
+    if (bp->next_bio == NULL)
+        return (0);
+    return (BIO_gets(bp->next_bio, buf, size));
+}
 
 static int nullf_puts(BIO *bp, const char *str)
-	{
-	if (bp->next_bio == NULL) return(0);
-	return(BIO_puts(bp->next_bio,str));
-	}
-
-
+{
+    if (bp->next_bio == NULL)
+        return (0);
+    return (BIO_puts(bp->next_bio, str));
+}
diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c
index 6f4254a1..b24daf7b 100644
--- a/Cryptlib/OpenSSL/crypto/bio/bio_cb.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bio_cb.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,76 +64,75 @@
 #include <openssl/err.h>
 
 long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp,
-	     int argi, long argl, long ret)
-	{
-	BIO *b;
-	MS_STATIC char buf[256];
-	char *p;
-	long r=1;
-	size_t p_maxlen;
+                                    int argi, long argl, long ret)
+{
+    BIO *b;
+    MS_STATIC char buf[256];
+    char *p;
+    long r = 1;
+    size_t p_maxlen;
 
-	if (BIO_CB_RETURN & cmd)
-		r=ret;
+    if (BIO_CB_RETURN & cmd)
+        r = ret;
 
-	BIO_snprintf(buf,sizeof buf,"BIO[%08lX]:",(unsigned long)bio);
-	p= &(buf[14]);
-	p_maxlen = sizeof buf - 14;
-	switch (cmd)
-		{
-	case BIO_CB_FREE:
-		BIO_snprintf(p,p_maxlen,"Free - %s\n",bio->method->name);
-		break;
-	case BIO_CB_READ:
-		if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-			BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s fd=%d\n",
-				 bio->num,argi,bio->method->name,bio->num);
-		else
-			BIO_snprintf(p,p_maxlen,"read(%d,%d) - %s\n",
-				 bio->num,argi,bio->method->name);
-		break;
-	case BIO_CB_WRITE:
-		if (bio->method->type & BIO_TYPE_DESCRIPTOR)
-			BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s fd=%d\n",
-				 bio->num,argi,bio->method->name,bio->num);
-		else
-			BIO_snprintf(p,p_maxlen,"write(%d,%d) - %s\n",
-				 bio->num,argi,bio->method->name);
-		break;
-	case BIO_CB_PUTS:
-		BIO_snprintf(p,p_maxlen,"puts() - %s\n",bio->method->name);
-		break;
-	case BIO_CB_GETS:
-		BIO_snprintf(p,p_maxlen,"gets(%d) - %s\n",argi,bio->method->name);
-		break;
-	case BIO_CB_CTRL:
-		BIO_snprintf(p,p_maxlen,"ctrl(%d) - %s\n",argi,bio->method->name);
-		break;
-	case BIO_CB_RETURN|BIO_CB_READ:
-		BIO_snprintf(p,p_maxlen,"read return %ld\n",ret);
-		break;
-	case BIO_CB_RETURN|BIO_CB_WRITE:
-		BIO_snprintf(p,p_maxlen,"write return %ld\n",ret);
-		break;
-	case BIO_CB_RETURN|BIO_CB_GETS:
-		BIO_snprintf(p,p_maxlen,"gets return %ld\n",ret);
-		break;
-	case BIO_CB_RETURN|BIO_CB_PUTS:
-		BIO_snprintf(p,p_maxlen,"puts return %ld\n",ret);
-		break;
-	case BIO_CB_RETURN|BIO_CB_CTRL:
-		BIO_snprintf(p,p_maxlen,"ctrl return %ld\n",ret);
-		break;
-	default:
-		BIO_snprintf(p,p_maxlen,"bio callback - unknown type (%d)\n",cmd);
-		break;
-		}
+    BIO_snprintf(buf, sizeof buf, "BIO[%08lX]:", (unsigned long)bio);
+    p = &(buf[14]);
+    p_maxlen = sizeof buf - 14;
+    switch (cmd) {
+    case BIO_CB_FREE:
+        BIO_snprintf(p, p_maxlen, "Free - %s\n", bio->method->name);
+        break;
+    case BIO_CB_READ:
+        if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+            BIO_snprintf(p, p_maxlen, "read(%d,%d) - %s fd=%d\n",
+                         bio->num, argi, bio->method->name, bio->num);
+        else
+            BIO_snprintf(p, p_maxlen, "read(%d,%d) - %s\n",
+                         bio->num, argi, bio->method->name);
+        break;
+    case BIO_CB_WRITE:
+        if (bio->method->type & BIO_TYPE_DESCRIPTOR)
+            BIO_snprintf(p, p_maxlen, "write(%d,%d) - %s fd=%d\n",
+                         bio->num, argi, bio->method->name, bio->num);
+        else
+            BIO_snprintf(p, p_maxlen, "write(%d,%d) - %s\n",
+                         bio->num, argi, bio->method->name);
+        break;
+    case BIO_CB_PUTS:
+        BIO_snprintf(p, p_maxlen, "puts() - %s\n", bio->method->name);
+        break;
+    case BIO_CB_GETS:
+        BIO_snprintf(p, p_maxlen, "gets(%d) - %s\n", argi, bio->method->name);
+        break;
+    case BIO_CB_CTRL:
+        BIO_snprintf(p, p_maxlen, "ctrl(%d) - %s\n", argi, bio->method->name);
+        break;
+    case BIO_CB_RETURN | BIO_CB_READ:
+        BIO_snprintf(p, p_maxlen, "read return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_WRITE:
+        BIO_snprintf(p, p_maxlen, "write return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_GETS:
+        BIO_snprintf(p, p_maxlen, "gets return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_PUTS:
+        BIO_snprintf(p, p_maxlen, "puts return %ld\n", ret);
+        break;
+    case BIO_CB_RETURN | BIO_CB_CTRL:
+        BIO_snprintf(p, p_maxlen, "ctrl return %ld\n", ret);
+        break;
+    default:
+        BIO_snprintf(p, p_maxlen, "bio callback - unknown type (%d)\n", cmd);
+        break;
+    }
 
-	b=(BIO *)bio->cb_arg;
-	if (b != NULL)
-		BIO_write(b,buf,strlen(buf));
+    b = (BIO *)bio->cb_arg;
+    if (b != NULL)
+        BIO_write(b, buf, strlen(buf));
 #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
-	else
-		fputs(buf,stderr);
+    else
+        fputs(buf, stderr);
 #endif
-	return(r);
-	}
+    return (r);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_err.c b/Cryptlib/OpenSSL/crypto/bio/bio_err.c
index 6603f1c7..3a838ff6 100644
--- a/Cryptlib/OpenSSL/crypto/bio/bio_err.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bio_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,90 +66,90 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BIO,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BIO,0,reason)
 
-static ERR_STRING_DATA BIO_str_functs[]=
-	{
-{ERR_FUNC(BIO_F_ACPT_STATE),	"ACPT_STATE"},
-{ERR_FUNC(BIO_F_BIO_ACCEPT),	"BIO_accept"},
-{ERR_FUNC(BIO_F_BIO_BER_GET_HEADER),	"BIO_BER_GET_HEADER"},
-{ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL),	"BIO_callback_ctrl"},
-{ERR_FUNC(BIO_F_BIO_CTRL),	"BIO_ctrl"},
-{ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME),	"BIO_gethostbyname"},
-{ERR_FUNC(BIO_F_BIO_GETS),	"BIO_gets"},
-{ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET),	"BIO_get_accept_socket"},
-{ERR_FUNC(BIO_F_BIO_GET_HOST_IP),	"BIO_get_host_ip"},
-{ERR_FUNC(BIO_F_BIO_GET_PORT),	"BIO_get_port"},
-{ERR_FUNC(BIO_F_BIO_MAKE_PAIR),	"BIO_MAKE_PAIR"},
-{ERR_FUNC(BIO_F_BIO_NEW),	"BIO_new"},
-{ERR_FUNC(BIO_F_BIO_NEW_FILE),	"BIO_new_file"},
-{ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF),	"BIO_new_mem_buf"},
-{ERR_FUNC(BIO_F_BIO_NREAD),	"BIO_nread"},
-{ERR_FUNC(BIO_F_BIO_NREAD0),	"BIO_nread0"},
-{ERR_FUNC(BIO_F_BIO_NWRITE),	"BIO_nwrite"},
-{ERR_FUNC(BIO_F_BIO_NWRITE0),	"BIO_nwrite0"},
-{ERR_FUNC(BIO_F_BIO_PUTS),	"BIO_puts"},
-{ERR_FUNC(BIO_F_BIO_READ),	"BIO_read"},
-{ERR_FUNC(BIO_F_BIO_SOCK_INIT),	"BIO_sock_init"},
-{ERR_FUNC(BIO_F_BIO_WRITE),	"BIO_write"},
-{ERR_FUNC(BIO_F_BUFFER_CTRL),	"BUFFER_CTRL"},
-{ERR_FUNC(BIO_F_CONN_CTRL),	"CONN_CTRL"},
-{ERR_FUNC(BIO_F_CONN_STATE),	"CONN_STATE"},
-{ERR_FUNC(BIO_F_FILE_CTRL),	"FILE_CTRL"},
-{ERR_FUNC(BIO_F_FILE_READ),	"FILE_READ"},
-{ERR_FUNC(BIO_F_LINEBUFFER_CTRL),	"LINEBUFFER_CTRL"},
-{ERR_FUNC(BIO_F_MEM_READ),	"MEM_READ"},
-{ERR_FUNC(BIO_F_MEM_WRITE),	"MEM_WRITE"},
-{ERR_FUNC(BIO_F_SSL_NEW),	"SSL_new"},
-{ERR_FUNC(BIO_F_WSASTARTUP),	"WSASTARTUP"},
-{0,NULL}
-	};
+static ERR_STRING_DATA BIO_str_functs[] = {
+    {ERR_FUNC(BIO_F_ACPT_STATE), "ACPT_STATE"},
+    {ERR_FUNC(BIO_F_BIO_ACCEPT), "BIO_accept"},
+    {ERR_FUNC(BIO_F_BIO_BER_GET_HEADER), "BIO_BER_GET_HEADER"},
+    {ERR_FUNC(BIO_F_BIO_CALLBACK_CTRL), "BIO_callback_ctrl"},
+    {ERR_FUNC(BIO_F_BIO_CTRL), "BIO_ctrl"},
+    {ERR_FUNC(BIO_F_BIO_GETHOSTBYNAME), "BIO_gethostbyname"},
+    {ERR_FUNC(BIO_F_BIO_GETS), "BIO_gets"},
+    {ERR_FUNC(BIO_F_BIO_GET_ACCEPT_SOCKET), "BIO_get_accept_socket"},
+    {ERR_FUNC(BIO_F_BIO_GET_HOST_IP), "BIO_get_host_ip"},
+    {ERR_FUNC(BIO_F_BIO_GET_PORT), "BIO_get_port"},
+    {ERR_FUNC(BIO_F_BIO_MAKE_PAIR), "BIO_MAKE_PAIR"},
+    {ERR_FUNC(BIO_F_BIO_NEW), "BIO_new"},
+    {ERR_FUNC(BIO_F_BIO_NEW_FILE), "BIO_new_file"},
+    {ERR_FUNC(BIO_F_BIO_NEW_MEM_BUF), "BIO_new_mem_buf"},
+    {ERR_FUNC(BIO_F_BIO_NREAD), "BIO_nread"},
+    {ERR_FUNC(BIO_F_BIO_NREAD0), "BIO_nread0"},
+    {ERR_FUNC(BIO_F_BIO_NWRITE), "BIO_nwrite"},
+    {ERR_FUNC(BIO_F_BIO_NWRITE0), "BIO_nwrite0"},
+    {ERR_FUNC(BIO_F_BIO_PUTS), "BIO_puts"},
+    {ERR_FUNC(BIO_F_BIO_READ), "BIO_read"},
+    {ERR_FUNC(BIO_F_BIO_SOCK_INIT), "BIO_sock_init"},
+    {ERR_FUNC(BIO_F_BIO_WRITE), "BIO_write"},
+    {ERR_FUNC(BIO_F_BUFFER_CTRL), "BUFFER_CTRL"},
+    {ERR_FUNC(BIO_F_CONN_CTRL), "CONN_CTRL"},
+    {ERR_FUNC(BIO_F_CONN_STATE), "CONN_STATE"},
+    {ERR_FUNC(BIO_F_FILE_CTRL), "FILE_CTRL"},
+    {ERR_FUNC(BIO_F_FILE_READ), "FILE_READ"},
+    {ERR_FUNC(BIO_F_LINEBUFFER_CTRL), "LINEBUFFER_CTRL"},
+    {ERR_FUNC(BIO_F_MEM_READ), "MEM_READ"},
+    {ERR_FUNC(BIO_F_MEM_WRITE), "MEM_WRITE"},
+    {ERR_FUNC(BIO_F_SSL_NEW), "SSL_new"},
+    {ERR_FUNC(BIO_F_WSASTARTUP), "WSASTARTUP"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA BIO_str_reasons[]=
-	{
-{ERR_REASON(BIO_R_ACCEPT_ERROR)          ,"accept error"},
-{ERR_REASON(BIO_R_BAD_FOPEN_MODE)        ,"bad fopen mode"},
-{ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP)   ,"bad hostname lookup"},
-{ERR_REASON(BIO_R_BROKEN_PIPE)           ,"broken pipe"},
-{ERR_REASON(BIO_R_CONNECT_ERROR)         ,"connect error"},
-{ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO)     ,"EOF on memory BIO"},
-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO)    ,"error setting nbio"},
-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),"error setting nbio on accepted socket"},
-{ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),"error setting nbio on accept socket"},
-{ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),"gethostbyname addr is not af inet"},
-{ERR_REASON(BIO_R_INVALID_ARGUMENT)      ,"invalid argument"},
-{ERR_REASON(BIO_R_INVALID_IP_ADDRESS)    ,"invalid ip address"},
-{ERR_REASON(BIO_R_IN_USE)                ,"in use"},
-{ERR_REASON(BIO_R_KEEPALIVE)             ,"keepalive"},
-{ERR_REASON(BIO_R_NBIO_CONNECT_ERROR)    ,"nbio connect error"},
-{ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED),"no accept port specified"},
-{ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED) ,"no hostname specified"},
-{ERR_REASON(BIO_R_NO_PORT_DEFINED)       ,"no port defined"},
-{ERR_REASON(BIO_R_NO_PORT_SPECIFIED)     ,"no port specified"},
-{ERR_REASON(BIO_R_NO_SUCH_FILE)          ,"no such file"},
-{ERR_REASON(BIO_R_NULL_PARAMETER)        ,"null parameter"},
-{ERR_REASON(BIO_R_TAG_MISMATCH)          ,"tag mismatch"},
-{ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET) ,"unable to bind socket"},
-{ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET),"unable to create socket"},
-{ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET),"unable to listen socket"},
-{ERR_REASON(BIO_R_UNINITIALIZED)         ,"uninitialized"},
-{ERR_REASON(BIO_R_UNSUPPORTED_METHOD)    ,"unsupported method"},
-{ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO),"write to read only BIO"},
-{ERR_REASON(BIO_R_WSASTARTUP)            ,"WSAStartup"},
-{0,NULL}
-	};
+static ERR_STRING_DATA BIO_str_reasons[] = {
+    {ERR_REASON(BIO_R_ACCEPT_ERROR), "accept error"},
+    {ERR_REASON(BIO_R_BAD_FOPEN_MODE), "bad fopen mode"},
+    {ERR_REASON(BIO_R_BAD_HOSTNAME_LOOKUP), "bad hostname lookup"},
+    {ERR_REASON(BIO_R_BROKEN_PIPE), "broken pipe"},
+    {ERR_REASON(BIO_R_CONNECT_ERROR), "connect error"},
+    {ERR_REASON(BIO_R_EOF_ON_MEMORY_BIO), "EOF on memory BIO"},
+    {ERR_REASON(BIO_R_ERROR_SETTING_NBIO), "error setting nbio"},
+    {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET),
+     "error setting nbio on accepted socket"},
+    {ERR_REASON(BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET),
+     "error setting nbio on accept socket"},
+    {ERR_REASON(BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET),
+     "gethostbyname addr is not af inet"},
+    {ERR_REASON(BIO_R_INVALID_ARGUMENT), "invalid argument"},
+    {ERR_REASON(BIO_R_INVALID_IP_ADDRESS), "invalid ip address"},
+    {ERR_REASON(BIO_R_IN_USE), "in use"},
+    {ERR_REASON(BIO_R_KEEPALIVE), "keepalive"},
+    {ERR_REASON(BIO_R_NBIO_CONNECT_ERROR), "nbio connect error"},
+    {ERR_REASON(BIO_R_NO_ACCEPT_PORT_SPECIFIED), "no accept port specified"},
+    {ERR_REASON(BIO_R_NO_HOSTNAME_SPECIFIED), "no hostname specified"},
+    {ERR_REASON(BIO_R_NO_PORT_DEFINED), "no port defined"},
+    {ERR_REASON(BIO_R_NO_PORT_SPECIFIED), "no port specified"},
+    {ERR_REASON(BIO_R_NO_SUCH_FILE), "no such file"},
+    {ERR_REASON(BIO_R_NULL_PARAMETER), "null parameter"},
+    {ERR_REASON(BIO_R_TAG_MISMATCH), "tag mismatch"},
+    {ERR_REASON(BIO_R_UNABLE_TO_BIND_SOCKET), "unable to bind socket"},
+    {ERR_REASON(BIO_R_UNABLE_TO_CREATE_SOCKET), "unable to create socket"},
+    {ERR_REASON(BIO_R_UNABLE_TO_LISTEN_SOCKET), "unable to listen socket"},
+    {ERR_REASON(BIO_R_UNINITIALIZED), "uninitialized"},
+    {ERR_REASON(BIO_R_UNSUPPORTED_METHOD), "unsupported method"},
+    {ERR_REASON(BIO_R_WRITE_TO_READ_ONLY_BIO), "write to read only BIO"},
+    {ERR_REASON(BIO_R_WSASTARTUP), "WSAStartup"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_BIO_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(BIO_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,BIO_str_functs);
-		ERR_load_strings(0,BIO_str_reasons);
-		}
+    if (ERR_func_error_string(BIO_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, BIO_str_functs);
+        ERR_load_strings(0, BIO_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c
index 6346c199..bb284be3 100644
--- a/Cryptlib/OpenSSL/crypto/bio/bio_lib.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bio_lib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,539 +64,531 @@
 #include <openssl/stack.h>
 
 BIO *BIO_new(BIO_METHOD *method)
-	{
-	BIO *ret=NULL;
-
-	ret=(BIO *)OPENSSL_malloc(sizeof(BIO));
-	if (ret == NULL)
-		{
-		BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	if (!BIO_set(ret,method))
-		{
-		OPENSSL_free(ret);
-		ret=NULL;
-		}
-	return(ret);
-	}
+{
+    BIO *ret = NULL;
+
+    ret = (BIO *)OPENSSL_malloc(sizeof(BIO));
+    if (ret == NULL) {
+        BIOerr(BIO_F_BIO_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    if (!BIO_set(ret, method)) {
+        OPENSSL_free(ret);
+        ret = NULL;
+    }
+    return (ret);
+}
 
 int BIO_set(BIO *bio, BIO_METHOD *method)
-	{
-	bio->method=method;
-	bio->callback=NULL;
-	bio->cb_arg=NULL;
-	bio->init=0;
-	bio->shutdown=1;
-	bio->flags=0;
-	bio->retry_reason=0;
-	bio->num=0;
-	bio->ptr=NULL;
-	bio->prev_bio=NULL;
-	bio->next_bio=NULL;
-	bio->references=1;
-	bio->num_read=0L;
-	bio->num_write=0L;
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
-	if (method->create != NULL)
-		if (!method->create(bio))
-			{
-			CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio,
-					&bio->ex_data);
-			return(0);
-			}
-	return(1);
-	}
+{
+    bio->method = method;
+    bio->callback = NULL;
+    bio->cb_arg = NULL;
+    bio->init = 0;
+    bio->shutdown = 1;
+    bio->flags = 0;
+    bio->retry_reason = 0;
+    bio->num = 0;
+    bio->ptr = NULL;
+    bio->prev_bio = NULL;
+    bio->next_bio = NULL;
+    bio->references = 1;
+    bio->num_read = 0L;
+    bio->num_write = 0L;
+    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+    if (method->create != NULL)
+        if (!method->create(bio)) {
+            CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data);
+            return (0);
+        }
+    return (1);
+}
 
 int BIO_free(BIO *a)
-	{
-	int i;
+{
+    int i;
 
-	if (a == NULL) return(0);
+    if (a == NULL)
+        return (0);
 
-	i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_BIO);
+    i = CRYPTO_add(&a->references, -1, CRYPTO_LOCK_BIO);
 #ifdef REF_PRINT
-	REF_PRINT("BIO",a);
+    REF_PRINT("BIO", a);
 #endif
-	if (i > 0) return(1);
+    if (i > 0)
+        return (1);
 #ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"BIO_free, bad reference count\n");
-		abort();
-		}
+    if (i < 0) {
+        fprintf(stderr, "BIO_free, bad reference count\n");
+        abort();
+    }
 #endif
-	if ((a->callback != NULL) &&
-		((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0))
-			return(i);
+    if ((a->callback != NULL) &&
+        ((i = (int)a->callback(a, BIO_CB_FREE, NULL, 0, 0L, 1L)) <= 0))
+        return (i);
 
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data);
 
-	if ((a->method != NULL) && (a->method->destroy != NULL))
-		a->method->destroy(a);
-	OPENSSL_free(a);
-	return(1);
-	}
+    if ((a->method != NULL) && (a->method->destroy != NULL))
+        a->method->destroy(a);
+    OPENSSL_free(a);
+    return (1);
+}
 
 void BIO_vfree(BIO *a)
-    { BIO_free(a); }
+{
+    BIO_free(a);
+}
 
 void BIO_clear_flags(BIO *b, int flags)
-	{
-	b->flags &= ~flags;
-	}
-
-int	BIO_test_flags(const BIO *b, int flags)
-	{
-	return (b->flags & flags);
-	}
-
-void	BIO_set_flags(BIO *b, int flags)
-	{
-	b->flags |= flags;
-	}
-
-long (*BIO_get_callback(const BIO *b))(struct bio_st *,int,const char *,int, long,long)
-	{
-	return b->callback;
-	}
-
-void BIO_set_callback(BIO *b, long (*cb)(struct bio_st *,int,const char *,int, long,long))
-	{
-	b->callback = cb;
-	}
+{
+    b->flags &= ~flags;
+}
+
+int BIO_test_flags(const BIO *b, int flags)
+{
+    return (b->flags & flags);
+}
+
+void BIO_set_flags(BIO *b, int flags)
+{
+    b->flags |= flags;
+}
+
+long (*BIO_get_callback(const BIO *b)) (struct bio_st *, int, const char *,
+                                        int, long, long) {
+    return b->callback;
+}
+
+void BIO_set_callback(BIO *b,
+                      long (*cb) (struct bio_st *, int, const char *, int,
+                                  long, long))
+{
+    b->callback = cb;
+}
 
 void BIO_set_callback_arg(BIO *b, char *arg)
-	{
-	b->cb_arg = arg;
-	}
+{
+    b->cb_arg = arg;
+}
 
-char * BIO_get_callback_arg(const BIO *b)
-	{
-	return b->cb_arg;
-	}
+char *BIO_get_callback_arg(const BIO *b)
+{
+    return b->cb_arg;
+}
 
-const char * BIO_method_name(const BIO *b)
-	{
-	return b->method->name;
-	}
+const char *BIO_method_name(const BIO *b)
+{
+    return b->method->name;
+}
 
 int BIO_method_type(const BIO *b)
-	{
-	return b->method->type;
-	}
-
+{
+    return b->method->type;
+}
 
 int BIO_read(BIO *b, void *out, int outl)
-	{
-	int i;
-	long (*cb)(BIO *,int,const char *,int,long,long);
+{
+    int i;
+    long (*cb) (BIO *, int, const char *, int, long, long);
 
-	if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL))
-		{
-		BIOerr(BIO_F_BIO_READ,BIO_R_UNSUPPORTED_METHOD);
-		return(-2);
-		}
+    if ((b == NULL) || (b->method == NULL) || (b->method->bread == NULL)) {
+        BIOerr(BIO_F_BIO_READ, BIO_R_UNSUPPORTED_METHOD);
+        return (-2);
+    }
 
-	cb=b->callback;
-	if ((cb != NULL) &&
-		((i=(int)cb(b,BIO_CB_READ,out,outl,0L,1L)) <= 0))
-			return(i);
+    cb = b->callback;
+    if ((cb != NULL) &&
+        ((i = (int)cb(b, BIO_CB_READ, out, outl, 0L, 1L)) <= 0))
+        return (i);
 
-	if (!b->init)
-		{
-		BIOerr(BIO_F_BIO_READ,BIO_R_UNINITIALIZED);
-		return(-2);
-		}
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_READ, BIO_R_UNINITIALIZED);
+        return (-2);
+    }
 
-	i=b->method->bread(b,out,outl);
+    i = b->method->bread(b, out, outl);
 
-	if (i > 0) b->num_read+=(unsigned long)i;
+    if (i > 0)
+        b->num_read += (unsigned long)i;
 
-	if (cb != NULL)
-		i=(int)cb(b,BIO_CB_READ|BIO_CB_RETURN,out,outl,
-			0L,(long)i);
-	return(i);
-	}
+    if (cb != NULL)
+        i = (int)cb(b, BIO_CB_READ | BIO_CB_RETURN, out, outl, 0L, (long)i);
+    return (i);
+}
 
 int BIO_write(BIO *b, const void *in, int inl)
-	{
-	int i;
-	long (*cb)(BIO *,int,const char *,int,long,long);
+{
+    int i;
+    long (*cb) (BIO *, int, const char *, int, long, long);
 
-	if (b == NULL)
-		return(0);
+    if (b == NULL)
+        return (0);
 
-	cb=b->callback;
-	if ((b->method == NULL) || (b->method->bwrite == NULL))
-		{
-		BIOerr(BIO_F_BIO_WRITE,BIO_R_UNSUPPORTED_METHOD);
-		return(-2);
-		}
+    cb = b->callback;
+    if ((b->method == NULL) || (b->method->bwrite == NULL)) {
+        BIOerr(BIO_F_BIO_WRITE, BIO_R_UNSUPPORTED_METHOD);
+        return (-2);
+    }
 
-	if ((cb != NULL) &&
-		((i=(int)cb(b,BIO_CB_WRITE,in,inl,0L,1L)) <= 0))
-			return(i);
+    if ((cb != NULL) &&
+        ((i = (int)cb(b, BIO_CB_WRITE, in, inl, 0L, 1L)) <= 0))
+        return (i);
 
-	if (!b->init)
-		{
-		BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITIALIZED);
-		return(-2);
-		}
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_WRITE, BIO_R_UNINITIALIZED);
+        return (-2);
+    }
 
-	i=b->method->bwrite(b,in,inl);
+    i = b->method->bwrite(b, in, inl);
 
-	if (i > 0) b->num_write+=(unsigned long)i;
+    if (i > 0)
+        b->num_write += (unsigned long)i;
 
-	if (cb != NULL)
-		i=(int)cb(b,BIO_CB_WRITE|BIO_CB_RETURN,in,inl,
-			0L,(long)i);
-	return(i);
-	}
+    if (cb != NULL)
+        i = (int)cb(b, BIO_CB_WRITE | BIO_CB_RETURN, in, inl, 0L, (long)i);
+    return (i);
+}
 
 int BIO_puts(BIO *b, const char *in)
-	{
-	int i;
-	long (*cb)(BIO *,int,const char *,int,long,long);
+{
+    int i;
+    long (*cb) (BIO *, int, const char *, int, long, long);
 
-	if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL))
-		{
-		BIOerr(BIO_F_BIO_PUTS,BIO_R_UNSUPPORTED_METHOD);
-		return(-2);
-		}
+    if ((b == NULL) || (b->method == NULL) || (b->method->bputs == NULL)) {
+        BIOerr(BIO_F_BIO_PUTS, BIO_R_UNSUPPORTED_METHOD);
+        return (-2);
+    }
 
-	cb=b->callback;
+    cb = b->callback;
 
-	if ((cb != NULL) &&
-		((i=(int)cb(b,BIO_CB_PUTS,in,0,0L,1L)) <= 0))
-			return(i);
+    if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_PUTS, in, 0, 0L, 1L)) <= 0))
+        return (i);
 
-	if (!b->init)
-		{
-		BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITIALIZED);
-		return(-2);
-		}
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_PUTS, BIO_R_UNINITIALIZED);
+        return (-2);
+    }
 
-	i=b->method->bputs(b,in);
+    i = b->method->bputs(b, in);
 
-	if (i > 0) b->num_write+=(unsigned long)i;
+    if (i > 0)
+        b->num_write += (unsigned long)i;
 
-	if (cb != NULL)
-		i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0,
-			0L,(long)i);
-	return(i);
-	}
+    if (cb != NULL)
+        i = (int)cb(b, BIO_CB_PUTS | BIO_CB_RETURN, in, 0, 0L, (long)i);
+    return (i);
+}
 
 int BIO_gets(BIO *b, char *in, int inl)
-	{
-	int i;
-	long (*cb)(BIO *,int,const char *,int,long,long);
-
-	if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL))
-		{
-		BIOerr(BIO_F_BIO_GETS,BIO_R_UNSUPPORTED_METHOD);
-		return(-2);
-		}
-
-	cb=b->callback;
-
-	if ((cb != NULL) &&
-		((i=(int)cb(b,BIO_CB_GETS,in,inl,0L,1L)) <= 0))
-			return(i);
-
-	if (!b->init)
-		{
-		BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITIALIZED);
-		return(-2);
-		}
-
-	i=b->method->bgets(b,in,inl);
-
-	if (cb != NULL)
-		i=(int)cb(b,BIO_CB_GETS|BIO_CB_RETURN,in,inl,
-			0L,(long)i);
-	return(i);
-	}
-
-int BIO_indent(BIO *b,int indent,int max)
-	{
-	if(indent < 0)
-		indent=0;
-	if(indent > max)
-		indent=max;
-	while(indent--)
-		if(BIO_puts(b," ") != 1)
-			return 0;
-	return 1;
-	}
+{
+    int i;
+    long (*cb) (BIO *, int, const char *, int, long, long);
+
+    if ((b == NULL) || (b->method == NULL) || (b->method->bgets == NULL)) {
+        BIOerr(BIO_F_BIO_GETS, BIO_R_UNSUPPORTED_METHOD);
+        return (-2);
+    }
+
+    cb = b->callback;
+
+    if ((cb != NULL) && ((i = (int)cb(b, BIO_CB_GETS, in, inl, 0L, 1L)) <= 0))
+        return (i);
+
+    if (!b->init) {
+        BIOerr(BIO_F_BIO_GETS, BIO_R_UNINITIALIZED);
+        return (-2);
+    }
+
+    i = b->method->bgets(b, in, inl);
+
+    if (cb != NULL)
+        i = (int)cb(b, BIO_CB_GETS | BIO_CB_RETURN, in, inl, 0L, (long)i);
+    return (i);
+}
+
+int BIO_indent(BIO *b, int indent, int max)
+{
+    if (indent < 0)
+        indent = 0;
+    if (indent > max)
+        indent = max;
+    while (indent--)
+        if (BIO_puts(b, " ") != 1)
+            return 0;
+    return 1;
+}
 
 long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg)
-	{
-	int i;
+{
+    int i;
 
-	i=iarg;
-	return(BIO_ctrl(b,cmd,larg,(char *)&i));
-	}
+    i = iarg;
+    return (BIO_ctrl(b, cmd, larg, (char *)&i));
+}
 
 char *BIO_ptr_ctrl(BIO *b, int cmd, long larg)
-	{
-	char *p=NULL;
+{
+    char *p = NULL;
 
-	if (BIO_ctrl(b,cmd,larg,(char *)&p) <= 0)
-		return(NULL);
-	else
-		return(p);
-	}
+    if (BIO_ctrl(b, cmd, larg, (char *)&p) <= 0)
+        return (NULL);
+    else
+        return (p);
+}
 
 long BIO_ctrl(BIO *b, int cmd, long larg, void *parg)
-	{
-	long ret;
-	long (*cb)(BIO *,int,const char *,int,long,long);
+{
+    long ret;
+    long (*cb) (BIO *, int, const char *, int, long, long);
 
-	if (b == NULL) return(0);
+    if (b == NULL)
+        return (0);
 
-	if ((b->method == NULL) || (b->method->ctrl == NULL))
-		{
-		BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD);
-		return(-2);
-		}
+    if ((b->method == NULL) || (b->method->ctrl == NULL)) {
+        BIOerr(BIO_F_BIO_CTRL, BIO_R_UNSUPPORTED_METHOD);
+        return (-2);
+    }
 
-	cb=b->callback;
+    cb = b->callback;
 
-	if ((cb != NULL) &&
-		((ret=cb(b,BIO_CB_CTRL,parg,cmd,larg,1L)) <= 0))
-		return(ret);
+    if ((cb != NULL) &&
+        ((ret = cb(b, BIO_CB_CTRL, parg, cmd, larg, 1L)) <= 0))
+        return (ret);
 
-	ret=b->method->ctrl(b,cmd,larg,parg);
+    ret = b->method->ctrl(b, cmd, larg, parg);
 
-	if (cb != NULL)
-		ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,parg,cmd,
-			larg,ret);
-	return(ret);
-	}
+    if (cb != NULL)
+        ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, parg, cmd, larg, ret);
+    return (ret);
+}
 
-long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long))
-	{
-	long ret;
-	long (*cb)(BIO *,int,const char *,int,long,long);
+long BIO_callback_ctrl(BIO *b, int cmd,
+                       void (*fp) (struct bio_st *, int, const char *, int,
+                                   long, long))
+{
+    long ret;
+    long (*cb) (BIO *, int, const char *, int, long, long);
 
-	if (b == NULL) return(0);
+    if (b == NULL)
+        return (0);
 
-	if ((b->method == NULL) || (b->method->callback_ctrl == NULL))
-		{
-		BIOerr(BIO_F_BIO_CALLBACK_CTRL,BIO_R_UNSUPPORTED_METHOD);
-		return(-2);
-		}
+    if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) {
+        BIOerr(BIO_F_BIO_CALLBACK_CTRL, BIO_R_UNSUPPORTED_METHOD);
+        return (-2);
+    }
 
-	cb=b->callback;
+    cb = b->callback;
 
-	if ((cb != NULL) &&
-		((ret=cb(b,BIO_CB_CTRL,(void *)&fp,cmd,0,1L)) <= 0))
-		return(ret);
+    if ((cb != NULL) &&
+        ((ret = cb(b, BIO_CB_CTRL, (void *)&fp, cmd, 0, 1L)) <= 0))
+        return (ret);
 
-	ret=b->method->callback_ctrl(b,cmd,fp);
+    ret = b->method->callback_ctrl(b, cmd, fp);
 
-	if (cb != NULL)
-		ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,(void *)&fp,cmd,
-			0,ret);
-	return(ret);
-	}
+    if (cb != NULL)
+        ret = cb(b, BIO_CB_CTRL | BIO_CB_RETURN, (void *)&fp, cmd, 0, ret);
+    return (ret);
+}
 
-/* It is unfortunate to duplicate in functions what the BIO_(w)pending macros
+/*
+ * It is unfortunate to duplicate in functions what the BIO_(w)pending macros
  * do; but those macros have inappropriate return type, and for interfacing
- * from other programming languages, C macros aren't much of a help anyway. */
+ * from other programming languages, C macros aren't much of a help anyway.
+ */
 size_t BIO_ctrl_pending(BIO *bio)
-	{
-	return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
-	}
+{
+    return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL);
+}
 
 size_t BIO_ctrl_wpending(BIO *bio)
-	{
-	return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
-	}
-
+{
+    return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL);
+}
 
 /* put the 'bio' on the end of b's list of operators */
 BIO *BIO_push(BIO *b, BIO *bio)
-	{
-	BIO *lb;
-
-	if (b == NULL) return(bio);
-	lb=b;
-	while (lb->next_bio != NULL)
-		lb=lb->next_bio;
-	lb->next_bio=bio;
-	if (bio != NULL)
-		bio->prev_bio=lb;
-	/* called to do internal processing */
-	BIO_ctrl(b,BIO_CTRL_PUSH,0,NULL);
-	return(b);
-	}
+{
+    BIO *lb;
+
+    if (b == NULL)
+        return (bio);
+    lb = b;
+    while (lb->next_bio != NULL)
+        lb = lb->next_bio;
+    lb->next_bio = bio;
+    if (bio != NULL)
+        bio->prev_bio = lb;
+    /* called to do internal processing */
+    BIO_ctrl(b, BIO_CTRL_PUSH, 0, NULL);
+    return (b);
+}
 
 /* Remove the first and return the rest */
 BIO *BIO_pop(BIO *b)
-	{
-	BIO *ret;
+{
+    BIO *ret;
 
-	if (b == NULL) return(NULL);
-	ret=b->next_bio;
+    if (b == NULL)
+        return (NULL);
+    ret = b->next_bio;
 
-	BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
+    BIO_ctrl(b, BIO_CTRL_POP, 0, NULL);
 
-	if (b->prev_bio != NULL)
-		b->prev_bio->next_bio=b->next_bio;
-	if (b->next_bio != NULL)
-		b->next_bio->prev_bio=b->prev_bio;
+    if (b->prev_bio != NULL)
+        b->prev_bio->next_bio = b->next_bio;
+    if (b->next_bio != NULL)
+        b->next_bio->prev_bio = b->prev_bio;
 
-	b->next_bio=NULL;
-	b->prev_bio=NULL;
-	return(ret);
-	}
+    b->next_bio = NULL;
+    b->prev_bio = NULL;
+    return (ret);
+}
 
 BIO *BIO_get_retry_BIO(BIO *bio, int *reason)
-	{
-	BIO *b,*last;
-
-	b=last=bio;
-	for (;;)
-		{
-		if (!BIO_should_retry(b)) break;
-		last=b;
-		b=b->next_bio;
-		if (b == NULL) break;
-		}
-	if (reason != NULL) *reason=last->retry_reason;
-	return(last);
-	}
+{
+    BIO *b, *last;
+
+    b = last = bio;
+    for (;;) {
+        if (!BIO_should_retry(b))
+            break;
+        last = b;
+        b = b->next_bio;
+        if (b == NULL)
+            break;
+    }
+    if (reason != NULL)
+        *reason = last->retry_reason;
+    return (last);
+}
 
 int BIO_get_retry_reason(BIO *bio)
-	{
-	return(bio->retry_reason);
-	}
+{
+    return (bio->retry_reason);
+}
 
 BIO *BIO_find_type(BIO *bio, int type)
-	{
-	int mt,mask;
-
-	if(!bio) return NULL;
-	mask=type&0xff;
-	do	{
-		if (bio->method != NULL)
-			{
-			mt=bio->method->type;
-
-			if (!mask)
-				{
-				if (mt & type) return(bio);
-				}
-			else if (mt == type)
-				return(bio);
-			}
-		bio=bio->next_bio;
-		} while (bio != NULL);
-	return(NULL);
-	}
+{
+    int mt, mask;
+
+    if (!bio)
+        return NULL;
+    mask = type & 0xff;
+    do {
+        if (bio->method != NULL) {
+            mt = bio->method->type;
+
+            if (!mask) {
+                if (mt & type)
+                    return (bio);
+            } else if (mt == type)
+                return (bio);
+        }
+        bio = bio->next_bio;
+    } while (bio != NULL);
+    return (NULL);
+}
 
 BIO *BIO_next(BIO *b)
-	{
-	if(!b) return NULL;
-	return b->next_bio;
-	}
+{
+    if (!b)
+        return NULL;
+    return b->next_bio;
+}
 
 void BIO_free_all(BIO *bio)
-	{
-	BIO *b;
-	int ref;
-
-	while (bio != NULL)
-		{
-		b=bio;
-		ref=b->references;
-		bio=bio->next_bio;
-		BIO_free(b);
-		/* Since ref count > 1, don't free anyone else. */
-		if (ref > 1) break;
-		}
-	}
+{
+    BIO *b;
+    int ref;
+
+    while (bio != NULL) {
+        b = bio;
+        ref = b->references;
+        bio = bio->next_bio;
+        BIO_free(b);
+        /* Since ref count > 1, don't free anyone else. */
+        if (ref > 1)
+            break;
+    }
+}
 
 BIO *BIO_dup_chain(BIO *in)
-	{
-	BIO *ret=NULL,*eoc=NULL,*bio,*new;
-
-	for (bio=in; bio != NULL; bio=bio->next_bio)
-		{
-		if ((new=BIO_new(bio->method)) == NULL) goto err;
-		new->callback=bio->callback;
-		new->cb_arg=bio->cb_arg;
-		new->init=bio->init;
-		new->shutdown=bio->shutdown;
-		new->flags=bio->flags;
-
-		/* This will let SSL_s_sock() work with stdin/stdout */
-		new->num=bio->num;
-
-		if (!BIO_dup_state(bio,(char *)new))
-			{
-			BIO_free(new);
-			goto err;
-			}
-
-		/* copy app data */
-		if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,
-					&bio->ex_data))
-			goto err;
-
-		if (ret == NULL)
-			{
-			eoc=new;
-			ret=eoc;
-			}
-		else
-			{
-			BIO_push(eoc,new);
-			eoc=new;
-			}
-		}
-	return(ret);
-err:
-	if (ret != NULL)
-		BIO_free(ret);
-	return(NULL);	
-	}
+{
+    BIO *ret = NULL, *eoc = NULL, *bio, *new;
+
+    for (bio = in; bio != NULL; bio = bio->next_bio) {
+        if ((new = BIO_new(bio->method)) == NULL)
+            goto err;
+        new->callback = bio->callback;
+        new->cb_arg = bio->cb_arg;
+        new->init = bio->init;
+        new->shutdown = bio->shutdown;
+        new->flags = bio->flags;
+
+        /* This will let SSL_s_sock() work with stdin/stdout */
+        new->num = bio->num;
+
+        if (!BIO_dup_state(bio, (char *)new)) {
+            BIO_free(new);
+            goto err;
+        }
+
+        /* copy app data */
+        if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data,
+                                &bio->ex_data))
+            goto err;
+
+        if (ret == NULL) {
+            eoc = new;
+            ret = eoc;
+        } else {
+            BIO_push(eoc, new);
+            eoc = new;
+        }
+    }
+    return (ret);
+ err:
+    if (ret != NULL)
+        BIO_free(ret);
+    return (NULL);
+}
 
 void BIO_copy_next_retry(BIO *b)
-	{
-	BIO_set_flags(b,BIO_get_retry_flags(b->next_bio));
-	b->retry_reason=b->next_bio->retry_reason;
-	}
+{
+    BIO_set_flags(b, BIO_get_retry_flags(b->next_bio));
+    b->retry_reason = b->next_bio->retry_reason;
+}
 
 int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-	{
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,
-				new_func, dup_func, free_func);
-	}
+                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp,
+                                   new_func, dup_func, free_func);
+}
 
 int BIO_set_ex_data(BIO *bio, int idx, void *data)
-	{
-	return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data));
-	}
+{
+    return (CRYPTO_set_ex_data(&(bio->ex_data), idx, data));
+}
 
 void *BIO_get_ex_data(BIO *bio, int idx)
-	{
-	return(CRYPTO_get_ex_data(&(bio->ex_data),idx));
-	}
+{
+    return (CRYPTO_get_ex_data(&(bio->ex_data), idx));
+}
 
 unsigned long BIO_number_read(BIO *bio)
 {
-	if(bio) return bio->num_read;
-	return 0;
+    if (bio)
+        return bio->num_read;
+    return 0;
 }
 
 unsigned long BIO_number_written(BIO *bio)
 {
-	if(bio) return bio->num_write;
-	return 0;
+    if (bio)
+        return bio->num_write;
+    return 0;
 }
 
 IMPLEMENT_STACK_OF(BIO)
diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c
index 76bd48e7..87955f08 100644
--- a/Cryptlib/OpenSSL/crypto/bio/bss_bio.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bss_bio.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,12 +53,13 @@
  *
  */
 
-/* Special method for a BIO where the other endpoint is also a BIO
- * of this kind, handled by the same thread (i.e. the "peer" is actually
- * ourselves, wearing a different hat).
- * Such "BIO pairs" are mainly for using the SSL library with I/O interfaces
- * for which no specific BIO method is available.
- * See ssl/ssltest.c for some hints on how this can be used. */
+/*
+ * Special method for a BIO where the other endpoint is also a BIO of this
+ * kind, handled by the same thread (i.e. the "peer" is actually ourselves,
+ * wearing a different hat). Such "BIO pairs" are mainly for using the SSL
+ * library with I/O interfaces for which no specific BIO method is available.
+ * See ssl/ssltest.c for some hints on how this can be used.
+ */
 
 /* BIO_DEBUG implies BIO_PAIR_DEBUG */
 #ifdef BIO_DEBUG
@@ -103,822 +104,783 @@ static int bio_puts(BIO *bio, const char *str);
 static int bio_make_pair(BIO *bio1, BIO *bio2);
 static void bio_destroy_pair(BIO *bio);
 
-static BIO_METHOD methods_biop =
-{
-	BIO_TYPE_BIO,
-	"BIO pair",
-	bio_write,
-	bio_read,
-	bio_puts,
-	NULL /* no bio_gets */,
-	bio_ctrl,
-	bio_new,
-	bio_free,
-	NULL /* no bio_callback_ctrl */
+static BIO_METHOD methods_biop = {
+    BIO_TYPE_BIO,
+    "BIO pair",
+    bio_write,
+    bio_read,
+    bio_puts,
+    NULL /* no bio_gets */ ,
+    bio_ctrl,
+    bio_new,
+    bio_free,
+    NULL                        /* no bio_callback_ctrl */
 };
 
 BIO_METHOD *BIO_s_bio(void)
-	{
-	return &methods_biop;
-	}
-
-struct bio_bio_st
 {
-	BIO *peer;     /* NULL if buf == NULL.
-	                * If peer != NULL, then peer->ptr is also a bio_bio_st,
-	                * and its "peer" member points back to us.
-	                * peer != NULL iff init != 0 in the BIO. */
-	
-	/* This is for what we write (i.e. reading uses peer's struct): */
-	int closed;     /* valid iff peer != NULL */
-	size_t len;     /* valid iff buf != NULL; 0 if peer == NULL */
-	size_t offset;  /* valid iff buf != NULL; 0 if len == 0 */
-	size_t size;
-	char *buf;      /* "size" elements (if != NULL) */
-
-	size_t request; /* valid iff peer != NULL; 0 if len != 0,
-	                 * otherwise set by peer to number of bytes
-	                 * it (unsuccessfully) tried to read,
-	                 * never more than buffer space (size-len) warrants. */
+    return &methods_biop;
+}
+
+struct bio_bio_st {
+    BIO *peer;                  /* NULL if buf == NULL. If peer != NULL, then
+                                 * peer->ptr is also a bio_bio_st, and its
+                                 * "peer" member points back to us. peer !=
+                                 * NULL iff init != 0 in the BIO. */
+    /* This is for what we write (i.e. reading uses peer's struct): */
+    int closed;                 /* valid iff peer != NULL */
+    size_t len;                 /* valid iff buf != NULL; 0 if peer == NULL */
+    size_t offset;              /* valid iff buf != NULL; 0 if len == 0 */
+    size_t size;
+    char *buf;                  /* "size" elements (if != NULL) */
+    size_t request;             /* valid iff peer != NULL; 0 if len != 0,
+                                 * otherwise set by peer to number of bytes
+                                 * it (unsuccessfully) tried to read, never
+                                 * more than buffer space (size-len)
+                                 * warrants. */
 };
 
 static int bio_new(BIO *bio)
-	{
-	struct bio_bio_st *b;
-	
-	b = OPENSSL_malloc(sizeof *b);
-	if (b == NULL)
-		return 0;
+{
+    struct bio_bio_st *b;
 
-	b->peer = NULL;
-	b->size = 17*1024; /* enough for one TLS record (just a default) */
-	b->buf = NULL;
+    b = OPENSSL_malloc(sizeof *b);
+    if (b == NULL)
+        return 0;
 
-	bio->ptr = b;
-	return 1;
-	}
+    b->peer = NULL;
+    /* enough for one TLS record (just a default) */
+    b->size = 17 * 1024;
+    b->buf = NULL;
 
+    bio->ptr = b;
+    return 1;
+}
 
 static int bio_free(BIO *bio)
-	{
-	struct bio_bio_st *b;
-
-	if (bio == NULL)
-		return 0;
-	b = bio->ptr;
+{
+    struct bio_bio_st *b;
 
-	assert(b != NULL);
+    if (bio == NULL)
+        return 0;
+    b = bio->ptr;
 
-	if (b->peer)
-		bio_destroy_pair(bio);
-	
-	if (b->buf != NULL)
-		{
-		OPENSSL_free(b->buf);
-		}
+    assert(b != NULL);
 
-	OPENSSL_free(b);
+    if (b->peer)
+        bio_destroy_pair(bio);
 
-	return 1;
-	}
+    if (b->buf != NULL) {
+        OPENSSL_free(b->buf);
+    }
 
+    OPENSSL_free(b);
 
+    return 1;
+}
 
 static int bio_read(BIO *bio, char *buf, int size_)
-	{
-	size_t size = size_;
-	size_t rest;
-	struct bio_bio_st *b, *peer_b;
-
-	BIO_clear_retry_flags(bio);
-
-	if (!bio->init)
-		return 0;
-
-	b = bio->ptr;
-	assert(b != NULL);
-	assert(b->peer != NULL);
-	peer_b = b->peer->ptr;
-	assert(peer_b != NULL);
-	assert(peer_b->buf != NULL);
-
-	peer_b->request = 0; /* will be set in "retry_read" situation */
-
-	if (buf == NULL || size == 0)
-		return 0;
-
-	if (peer_b->len == 0)
-		{
-		if (peer_b->closed)
-			return 0; /* writer has closed, and no data is left */
-		else
-			{
-			BIO_set_retry_read(bio); /* buffer is empty */
-			if (size <= peer_b->size)
-				peer_b->request = size;
-			else
-				/* don't ask for more than the peer can
-				 * deliver in one write */
-				peer_b->request = peer_b->size;
-			return -1;
-			}
-		}
-
-	/* we can read */
-	if (peer_b->len < size)
-		size = peer_b->len;
-
-	/* now read "size" bytes */
-	
-	rest = size;
-	
-	assert(rest > 0);
-	do /* one or two iterations */
-		{
-		size_t chunk;
-		
-		assert(rest <= peer_b->len);
-		if (peer_b->offset + rest <= peer_b->size)
-			chunk = rest;
-		else
-			/* wrap around ring buffer */
-			chunk = peer_b->size - peer_b->offset;
-		assert(peer_b->offset + chunk <= peer_b->size);
-		
-		memcpy(buf, peer_b->buf + peer_b->offset, chunk);
-		
-		peer_b->len -= chunk;
-		if (peer_b->len)
-			{
-			peer_b->offset += chunk;
-			assert(peer_b->offset <= peer_b->size);
-			if (peer_b->offset == peer_b->size)
-				peer_b->offset = 0;
-			buf += chunk;
-			}
-		else
-			{
-			/* buffer now empty, no need to advance "buf" */
-			assert(chunk == rest);
-			peer_b->offset = 0;
-			}
-		rest -= chunk;
-		}
-	while (rest);
-	
-	return size;
-	}
-
-/* non-copying interface: provide pointer to available data in buffer
+{
+    size_t size = size_;
+    size_t rest;
+    struct bio_bio_st *b, *peer_b;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    peer_b = b->peer->ptr;
+    assert(peer_b != NULL);
+    assert(peer_b->buf != NULL);
+
+    peer_b->request = 0;        /* will be set in "retry_read" situation */
+
+    if (buf == NULL || size == 0)
+        return 0;
+
+    if (peer_b->len == 0) {
+        if (peer_b->closed)
+            return 0;           /* writer has closed, and no data is left */
+        else {
+            BIO_set_retry_read(bio); /* buffer is empty */
+            if (size <= peer_b->size)
+                peer_b->request = size;
+            else
+                /*
+                 * don't ask for more than the peer can deliver in one write
+                 */
+                peer_b->request = peer_b->size;
+            return -1;
+        }
+    }
+
+    /* we can read */
+    if (peer_b->len < size)
+        size = peer_b->len;
+
+    /* now read "size" bytes */
+
+    rest = size;
+
+    assert(rest > 0);
+    do {                        /* one or two iterations */
+        size_t chunk;
+
+        assert(rest <= peer_b->len);
+        if (peer_b->offset + rest <= peer_b->size)
+            chunk = rest;
+        else
+            /* wrap around ring buffer */
+            chunk = peer_b->size - peer_b->offset;
+        assert(peer_b->offset + chunk <= peer_b->size);
+
+        memcpy(buf, peer_b->buf + peer_b->offset, chunk);
+
+        peer_b->len -= chunk;
+        if (peer_b->len) {
+            peer_b->offset += chunk;
+            assert(peer_b->offset <= peer_b->size);
+            if (peer_b->offset == peer_b->size)
+                peer_b->offset = 0;
+            buf += chunk;
+        } else {
+            /* buffer now empty, no need to advance "buf" */
+            assert(chunk == rest);
+            peer_b->offset = 0;
+        }
+        rest -= chunk;
+    }
+    while (rest);
+
+    return size;
+}
+
+/*-
+ * non-copying interface: provide pointer to available data in buffer
  *    bio_nread0:  return number of available bytes
  *    bio_nread:   also advance index
  * (example usage:  bio_nread0(), read from buffer, bio_nread()
  *  or just         bio_nread(), read from buffer)
  */
-/* WARNING: The non-copying interface is largely untested as of yet
- * and may contain bugs. */
+/*
+ * WARNING: The non-copying interface is largely untested as of yet and may
+ * contain bugs.
+ */
 static ssize_t bio_nread0(BIO *bio, char **buf)
-	{
-	struct bio_bio_st *b, *peer_b;
-	ssize_t num;
-	
-	BIO_clear_retry_flags(bio);
-
-	if (!bio->init)
-		return 0;
-	
-	b = bio->ptr;
-	assert(b != NULL);
-	assert(b->peer != NULL);
-	peer_b = b->peer->ptr;
-	assert(peer_b != NULL);
-	assert(peer_b->buf != NULL);
-	
-	peer_b->request = 0;
-	
-	if (peer_b->len == 0)
-		{
-		char dummy;
-		
-		/* avoid code duplication -- nothing available for reading */
-		return bio_read(bio, &dummy, 1); /* returns 0 or -1 */
-		}
-
-	num = peer_b->len;
-	if (peer_b->size < peer_b->offset + num)
-		/* no ring buffer wrap-around for non-copying interface */
-		num = peer_b->size - peer_b->offset;
-	assert(num > 0);
-
-	if (buf != NULL)
-		*buf = peer_b->buf + peer_b->offset;
-	return num;
-	}
+{
+    struct bio_bio_st *b, *peer_b;
+    ssize_t num;
 
-static ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
-	{
-	struct bio_bio_st *b, *peer_b;
-	ssize_t num, available;
-
-	if (num_ > SSIZE_MAX)
-		num = SSIZE_MAX;
-	else
-		num = (ssize_t)num_;
-
-	available = bio_nread0(bio, buf);
-	if (num > available)
-		num = available;
-	if (num <= 0)
-		return num;
-
-	b = bio->ptr;
-	peer_b = b->peer->ptr;
-
-	peer_b->len -= num;
-	if (peer_b->len) 
-		{
-		peer_b->offset += num;
-		assert(peer_b->offset <= peer_b->size);
-		if (peer_b->offset == peer_b->size)
-			peer_b->offset = 0;
-		}
-	else
-		peer_b->offset = 0;
-
-	return num;
-	}
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    peer_b = b->peer->ptr;
+    assert(peer_b != NULL);
+    assert(peer_b->buf != NULL);
+
+    peer_b->request = 0;
 
+    if (peer_b->len == 0) {
+        char dummy;
+
+        /* avoid code duplication -- nothing available for reading */
+        return bio_read(bio, &dummy, 1); /* returns 0 or -1 */
+    }
+
+    num = peer_b->len;
+    if (peer_b->size < peer_b->offset + num)
+        /* no ring buffer wrap-around for non-copying interface */
+        num = peer_b->size - peer_b->offset;
+    assert(num > 0);
+
+    if (buf != NULL)
+        *buf = peer_b->buf + peer_b->offset;
+    return num;
+}
+
+static ssize_t bio_nread(BIO *bio, char **buf, size_t num_)
+{
+    struct bio_bio_st *b, *peer_b;
+    ssize_t num, available;
+
+    if (num_ > SSIZE_MAX)
+        num = SSIZE_MAX;
+    else
+        num = (ssize_t) num_;
+
+    available = bio_nread0(bio, buf);
+    if (num > available)
+        num = available;
+    if (num <= 0)
+        return num;
+
+    b = bio->ptr;
+    peer_b = b->peer->ptr;
+
+    peer_b->len -= num;
+    if (peer_b->len) {
+        peer_b->offset += num;
+        assert(peer_b->offset <= peer_b->size);
+        if (peer_b->offset == peer_b->size)
+            peer_b->offset = 0;
+    } else
+        peer_b->offset = 0;
+
+    return num;
+}
 
 static int bio_write(BIO *bio, const char *buf, int num_)
-	{
-	size_t num = num_;
-	size_t rest;
-	struct bio_bio_st *b;
-
-	BIO_clear_retry_flags(bio);
-
-	if (!bio->init || buf == NULL || num == 0)
-		return 0;
-
-	b = bio->ptr;		
-	assert(b != NULL);
-	assert(b->peer != NULL);
-	assert(b->buf != NULL);
-
-	b->request = 0;
-	if (b->closed)
-		{
-		/* we already closed */
-		BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
-		return -1;
-		}
-
-	assert(b->len <= b->size);
-
-	if (b->len == b->size)
-		{
-		BIO_set_retry_write(bio); /* buffer is full */
-		return -1;
-		}
-
-	/* we can write */
-	if (num > b->size - b->len)
-		num = b->size - b->len;
-	
-	/* now write "num" bytes */
-
-	rest = num;
-	
-	assert(rest > 0);
-	do /* one or two iterations */
-		{
-		size_t write_offset;
-		size_t chunk;
-
-		assert(b->len + rest <= b->size);
-
-		write_offset = b->offset + b->len;
-		if (write_offset >= b->size)
-			write_offset -= b->size;
-		/* b->buf[write_offset] is the first byte we can write to. */
-
-		if (write_offset + rest <= b->size)
-			chunk = rest;
-		else
-			/* wrap around ring buffer */
-			chunk = b->size - write_offset;
-		
-		memcpy(b->buf + write_offset, buf, chunk);
-		
-		b->len += chunk;
-
-		assert(b->len <= b->size);
-		
-		rest -= chunk;
-		buf += chunk;
-		}
-	while (rest);
-
-	return num;
-	}
-
-/* non-copying interface: provide pointer to region to write to
+{
+    size_t num = num_;
+    size_t rest;
+    struct bio_bio_st *b;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init || buf == NULL || num == 0)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    assert(b->buf != NULL);
+
+    b->request = 0;
+    if (b->closed) {
+        /* we already closed */
+        BIOerr(BIO_F_BIO_WRITE, BIO_R_BROKEN_PIPE);
+        return -1;
+    }
+
+    assert(b->len <= b->size);
+
+    if (b->len == b->size) {
+        BIO_set_retry_write(bio); /* buffer is full */
+        return -1;
+    }
+
+    /* we can write */
+    if (num > b->size - b->len)
+        num = b->size - b->len;
+
+    /* now write "num" bytes */
+
+    rest = num;
+
+    assert(rest > 0);
+    do {                        /* one or two iterations */
+        size_t write_offset;
+        size_t chunk;
+
+        assert(b->len + rest <= b->size);
+
+        write_offset = b->offset + b->len;
+        if (write_offset >= b->size)
+            write_offset -= b->size;
+        /* b->buf[write_offset] is the first byte we can write to. */
+
+        if (write_offset + rest <= b->size)
+            chunk = rest;
+        else
+            /* wrap around ring buffer */
+            chunk = b->size - write_offset;
+
+        memcpy(b->buf + write_offset, buf, chunk);
+
+        b->len += chunk;
+
+        assert(b->len <= b->size);
+
+        rest -= chunk;
+        buf += chunk;
+    }
+    while (rest);
+
+    return num;
+}
+
+/*-
+ * non-copying interface: provide pointer to region to write to
  *   bio_nwrite0:  check how much space is available
  *   bio_nwrite:   also increase length
  * (example usage:  bio_nwrite0(), write to buffer, bio_nwrite()
  *  or just         bio_nwrite(), write to buffer)
  */
 static ssize_t bio_nwrite0(BIO *bio, char **buf)
-	{
-	struct bio_bio_st *b;
-	size_t num;
-	size_t write_offset;
-
-	BIO_clear_retry_flags(bio);
-
-	if (!bio->init)
-		return 0;
-
-	b = bio->ptr;		
-	assert(b != NULL);
-	assert(b->peer != NULL);
-	assert(b->buf != NULL);
-
-	b->request = 0;
-	if (b->closed)
-		{
-		BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
-		return -1;
-		}
-
-	assert(b->len <= b->size);
-
-	if (b->len == b->size)
-		{
-		BIO_set_retry_write(bio);
-		return -1;
-		}
-
-	num = b->size - b->len;
-	write_offset = b->offset + b->len;
-	if (write_offset >= b->size)
-		write_offset -= b->size;
-	if (write_offset + num > b->size)
-		/* no ring buffer wrap-around for non-copying interface
-		 * (to fulfil the promise by BIO_ctrl_get_write_guarantee,
-		 * BIO_nwrite may have to be called twice) */
-		num = b->size - write_offset;
-
-	if (buf != NULL)
-		*buf = b->buf + write_offset;
-	assert(write_offset + num <= b->size);
-
-	return num;
-	}
+{
+    struct bio_bio_st *b;
+    size_t num;
+    size_t write_offset;
+
+    BIO_clear_retry_flags(bio);
+
+    if (!bio->init)
+        return 0;
+
+    b = bio->ptr;
+    assert(b != NULL);
+    assert(b->peer != NULL);
+    assert(b->buf != NULL);
+
+    b->request = 0;
+    if (b->closed) {
+        BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE);
+        return -1;
+    }
+
+    assert(b->len <= b->size);
+
+    if (b->len == b->size) {
+        BIO_set_retry_write(bio);
+        return -1;
+    }
+
+    num = b->size - b->len;
+    write_offset = b->offset + b->len;
+    if (write_offset >= b->size)
+        write_offset -= b->size;
+    if (write_offset + num > b->size)
+        /*
+         * no ring buffer wrap-around for non-copying interface (to fulfil
+         * the promise by BIO_ctrl_get_write_guarantee, BIO_nwrite may have
+         * to be called twice)
+         */
+        num = b->size - write_offset;
+
+    if (buf != NULL)
+        *buf = b->buf + write_offset;
+    assert(write_offset + num <= b->size);
+
+    return num;
+}
 
 static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_)
-	{
-	struct bio_bio_st *b;
-	ssize_t num, space;
+{
+    struct bio_bio_st *b;
+    ssize_t num, space;
+
+    if (num_ > SSIZE_MAX)
+        num = SSIZE_MAX;
+    else
+        num = (ssize_t) num_;
+
+    space = bio_nwrite0(bio, buf);
+    if (num > space)
+        num = space;
+    if (num <= 0)
+        return num;
+    b = bio->ptr;
+    assert(b != NULL);
+    b->len += num;
+    assert(b->len <= b->size);
+
+    return num;
+}
 
-	if (num_ > SSIZE_MAX)
-		num = SSIZE_MAX;
-	else
-		num = (ssize_t)num_;
+static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
+{
+    long ret;
+    struct bio_bio_st *b = bio->ptr;
+
+    assert(b != NULL);
+
+    switch (cmd) {
+        /* specific CTRL codes */
+
+    case BIO_C_SET_WRITE_BUF_SIZE:
+        if (b->peer) {
+            BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
+            ret = 0;
+        } else if (num == 0) {
+            BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
+            ret = 0;
+        } else {
+            size_t new_size = num;
+
+            if (b->size != new_size) {
+                if (b->buf) {
+                    OPENSSL_free(b->buf);
+                    b->buf = NULL;
+                }
+                b->size = new_size;
+            }
+            ret = 1;
+        }
+        break;
+
+    case BIO_C_GET_WRITE_BUF_SIZE:
+        ret = (long)b->size;
+        break;
+
+    case BIO_C_MAKE_BIO_PAIR:
+        {
+            BIO *other_bio = ptr;
+
+            if (bio_make_pair(bio, other_bio))
+                ret = 1;
+            else
+                ret = 0;
+        }
+        break;
+
+    case BIO_C_DESTROY_BIO_PAIR:
+        /*
+         * Affects both BIOs in the pair -- call just once! Or let
+         * BIO_free(bio1); BIO_free(bio2); do the job.
+         */
+        bio_destroy_pair(bio);
+        ret = 1;
+        break;
+
+    case BIO_C_GET_WRITE_GUARANTEE:
+        /*
+         * How many bytes can the caller feed to the next write without
+         * having to keep any?
+         */
+        if (b->peer == NULL || b->closed)
+            ret = 0;
+        else
+            ret = (long)b->size - b->len;
+        break;
+
+    case BIO_C_GET_READ_REQUEST:
+        /*
+         * If the peer unsuccessfully tried to read, how many bytes were
+         * requested? (As with BIO_CTRL_PENDING, that number can usually be
+         * treated as boolean.)
+         */
+        ret = (long)b->request;
+        break;
+
+    case BIO_C_RESET_READ_REQUEST:
+        /*
+         * Reset request.  (Can be useful after read attempts at the other
+         * side that are meant to be non-blocking, e.g. when probing SSL_read
+         * to see if any data is available.)
+         */
+        b->request = 0;
+        ret = 1;
+        break;
+
+    case BIO_C_SHUTDOWN_WR:
+        /* similar to shutdown(..., SHUT_WR) */
+        b->closed = 1;
+        ret = 1;
+        break;
+
+    case BIO_C_NREAD0:
+        /* prepare for non-copying read */
+        ret = (long)bio_nread0(bio, ptr);
+        break;
+
+    case BIO_C_NREAD:
+        /* non-copying read */
+        ret = (long)bio_nread(bio, ptr, (size_t)num);
+        break;
+
+    case BIO_C_NWRITE0:
+        /* prepare for non-copying write */
+        ret = (long)bio_nwrite0(bio, ptr);
+        break;
+
+    case BIO_C_NWRITE:
+        /* non-copying write */
+        ret = (long)bio_nwrite(bio, ptr, (size_t)num);
+        break;
+
+        /* standard CTRL codes follow */
+
+    case BIO_CTRL_RESET:
+        if (b->buf != NULL) {
+            b->len = 0;
+            b->offset = 0;
+        }
+        ret = 0;
+        break;
+
+    case BIO_CTRL_GET_CLOSE:
+        ret = bio->shutdown;
+        break;
+
+    case BIO_CTRL_SET_CLOSE:
+        bio->shutdown = (int)num;
+        ret = 1;
+        break;
+
+    case BIO_CTRL_PENDING:
+        if (b->peer != NULL) {
+            struct bio_bio_st *peer_b = b->peer->ptr;
+
+            ret = (long)peer_b->len;
+        } else
+            ret = 0;
+        break;
+
+    case BIO_CTRL_WPENDING:
+        if (b->buf != NULL)
+            ret = (long)b->len;
+        else
+            ret = 0;
+        break;
+
+    case BIO_CTRL_DUP:
+        /* See BIO_dup_chain for circumstances we have to expect. */
+        {
+            BIO *other_bio = ptr;
+            struct bio_bio_st *other_b;
+
+            assert(other_bio != NULL);
+            other_b = other_bio->ptr;
+            assert(other_b != NULL);
+
+            assert(other_b->buf == NULL); /* other_bio is always fresh */
+
+            other_b->size = b->size;
+        }
+
+        ret = 1;
+        break;
+
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+
+    case BIO_CTRL_EOF:
+        {
+            BIO *other_bio = ptr;
+
+            if (other_bio) {
+                struct bio_bio_st *other_b = other_bio->ptr;
+
+                assert(other_b != NULL);
+                ret = other_b->len == 0 && other_b->closed;
+            } else
+                ret = 1;
+        }
+        break;
+
+    default:
+        ret = 0;
+    }
+    return ret;
+}
 
-	space = bio_nwrite0(bio, buf);
-	if (num > space)
-		num = space;
-	if (num <= 0)
-		return num;
-	b = bio->ptr;
-	assert(b != NULL);
-	b->len += num;
-	assert(b->len <= b->size);
+static int bio_puts(BIO *bio, const char *str)
+{
+    return bio_write(bio, str, strlen(str));
+}
 
-	return num;
-	}
+static int bio_make_pair(BIO *bio1, BIO *bio2)
+{
+    struct bio_bio_st *b1, *b2;
+
+    assert(bio1 != NULL);
+    assert(bio2 != NULL);
+
+    b1 = bio1->ptr;
+    b2 = bio2->ptr;
+
+    if (b1->peer != NULL || b2->peer != NULL) {
+        BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
+        return 0;
+    }
+
+    if (b1->buf == NULL) {
+        b1->buf = OPENSSL_malloc(b1->size);
+        if (b1->buf == NULL) {
+            BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        b1->len = 0;
+        b1->offset = 0;
+    }
+
+    if (b2->buf == NULL) {
+        b2->buf = OPENSSL_malloc(b2->size);
+        if (b2->buf == NULL) {
+            BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        b2->len = 0;
+        b2->offset = 0;
+    }
+
+    b1->peer = bio2;
+    b1->closed = 0;
+    b1->request = 0;
+    b2->peer = bio1;
+    b2->closed = 0;
+    b2->request = 0;
+
+    bio1->init = 1;
+    bio2->init = 1;
+
+    return 1;
+}
 
+static void bio_destroy_pair(BIO *bio)
+{
+    struct bio_bio_st *b = bio->ptr;
 
-static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr)
-	{
-	long ret;
-	struct bio_bio_st *b = bio->ptr;
-	
-	assert(b != NULL);
-
-	switch (cmd)
-		{
-	/* specific CTRL codes */
-
-	case BIO_C_SET_WRITE_BUF_SIZE:
-		if (b->peer)
-			{
-			BIOerr(BIO_F_BIO_CTRL, BIO_R_IN_USE);
-			ret = 0;
-			}
-		else if (num == 0)
-			{
-			BIOerr(BIO_F_BIO_CTRL, BIO_R_INVALID_ARGUMENT);
-			ret = 0;
-			}
-		else
-			{
-			size_t new_size = num;
-
-			if (b->size != new_size)
-				{
-				if (b->buf) 
-					{
-					OPENSSL_free(b->buf);
-					b->buf = NULL;
-					}
-				b->size = new_size;
-				}
-			ret = 1;
-			}
-		break;
-
-	case BIO_C_GET_WRITE_BUF_SIZE:
-		ret = (long) b->size;
-		break;
-
-	case BIO_C_MAKE_BIO_PAIR:
-		{
-		BIO *other_bio = ptr;
-		
-		if (bio_make_pair(bio, other_bio))
-			ret = 1;
-		else
-			ret = 0;
-		}
-		break;
-		
-	case BIO_C_DESTROY_BIO_PAIR:
-		/* Affects both BIOs in the pair -- call just once!
-		 * Or let BIO_free(bio1); BIO_free(bio2); do the job. */
-		bio_destroy_pair(bio);
-		ret = 1;
-		break;
-
-	case BIO_C_GET_WRITE_GUARANTEE:
-		/* How many bytes can the caller feed to the next write
-		 * without having to keep any? */
-		if (b->peer == NULL || b->closed)
-			ret = 0;
-		else
-			ret = (long) b->size - b->len;
-		break;
-
-	case BIO_C_GET_READ_REQUEST:
-		/* If the peer unsuccessfully tried to read, how many bytes
-		 * were requested?  (As with BIO_CTRL_PENDING, that number
-		 * can usually be treated as boolean.) */
-		ret = (long) b->request;
-		break;
-
-	case BIO_C_RESET_READ_REQUEST:
-		/* Reset request.  (Can be useful after read attempts
-		 * at the other side that are meant to be non-blocking,
-		 * e.g. when probing SSL_read to see if any data is
-		 * available.) */
-		b->request = 0;
-		ret = 1;
-		break;
-
-	case BIO_C_SHUTDOWN_WR:
-		/* similar to shutdown(..., SHUT_WR) */
-		b->closed = 1;
-		ret = 1;
-		break;
-
-	case BIO_C_NREAD0:
-		/* prepare for non-copying read */
-		ret = (long) bio_nread0(bio, ptr);
-		break;
-		
-	case BIO_C_NREAD:
-		/* non-copying read */
-		ret = (long) bio_nread(bio, ptr, (size_t) num);
-		break;
-		
-	case BIO_C_NWRITE0:
-		/* prepare for non-copying write */
-		ret = (long) bio_nwrite0(bio, ptr);
-		break;
-
-	case BIO_C_NWRITE:
-		/* non-copying write */
-		ret = (long) bio_nwrite(bio, ptr, (size_t) num);
-		break;
-		
-
-	/* standard CTRL codes follow */
-
-	case BIO_CTRL_RESET:
-		if (b->buf != NULL)
-			{
-			b->len = 0;
-			b->offset = 0;
-			}
-		ret = 0;
-		break;		
-
-	case BIO_CTRL_GET_CLOSE:
-		ret = bio->shutdown;
-		break;
-
-	case BIO_CTRL_SET_CLOSE:
-		bio->shutdown = (int) num;
-		ret = 1;
-		break;
-
-	case BIO_CTRL_PENDING:
-		if (b->peer != NULL)
-			{
-			struct bio_bio_st *peer_b = b->peer->ptr;
-			
-			ret = (long) peer_b->len;
-			}
-		else
-			ret = 0;
-		break;
-
-	case BIO_CTRL_WPENDING:
-		if (b->buf != NULL)
-			ret = (long) b->len;
-		else
-			ret = 0;
-		break;
-
-	case BIO_CTRL_DUP:
-		/* See BIO_dup_chain for circumstances we have to expect. */
-		{
-		BIO *other_bio = ptr;
-		struct bio_bio_st *other_b;
-		
-		assert(other_bio != NULL);
-		other_b = other_bio->ptr;
-		assert(other_b != NULL);
-		
-		assert(other_b->buf == NULL); /* other_bio is always fresh */
-
-		other_b->size = b->size;
-		}
-
-		ret = 1;
-		break;
-
-	case BIO_CTRL_FLUSH:
-		ret = 1;
-		break;
-
-	case BIO_CTRL_EOF:
-		{
-		BIO *other_bio = ptr;
-		
-		if (other_bio)
-			{
-			struct bio_bio_st *other_b = other_bio->ptr;
-			
-			assert(other_b != NULL);
-			ret = other_b->len == 0 && other_b->closed;
-			}
-		else
-			ret = 1;
-		}
-		break;
-
-	default:
-		ret = 0;
-		}
-	return ret;
-	}
+    if (b != NULL) {
+        BIO *peer_bio = b->peer;
 
-static int bio_puts(BIO *bio, const char *str)
-	{
-	return bio_write(bio, str, strlen(str));
-	}
+        if (peer_bio != NULL) {
+            struct bio_bio_st *peer_b = peer_bio->ptr;
 
+            assert(peer_b != NULL);
+            assert(peer_b->peer == bio);
 
-static int bio_make_pair(BIO *bio1, BIO *bio2)
-	{
-	struct bio_bio_st *b1, *b2;
-
-	assert(bio1 != NULL);
-	assert(bio2 != NULL);
-
-	b1 = bio1->ptr;
-	b2 = bio2->ptr;
-	
-	if (b1->peer != NULL || b2->peer != NULL)
-		{
-		BIOerr(BIO_F_BIO_MAKE_PAIR, BIO_R_IN_USE);
-		return 0;
-		}
-	
-	if (b1->buf == NULL)
-		{
-		b1->buf = OPENSSL_malloc(b1->size);
-		if (b1->buf == NULL)
-			{
-			BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		b1->len = 0;
-		b1->offset = 0;
-		}
-	
-	if (b2->buf == NULL)
-		{
-		b2->buf = OPENSSL_malloc(b2->size);
-		if (b2->buf == NULL)
-			{
-			BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		b2->len = 0;
-		b2->offset = 0;
-		}
-	
-	b1->peer = bio2;
-	b1->closed = 0;
-	b1->request = 0;
-	b2->peer = bio1;
-	b2->closed = 0;
-	b2->request = 0;
-
-	bio1->init = 1;
-	bio2->init = 1;
-
-	return 1;
-	}
+            peer_b->peer = NULL;
+            peer_bio->init = 0;
+            assert(peer_b->buf != NULL);
+            peer_b->len = 0;
+            peer_b->offset = 0;
 
-static void bio_destroy_pair(BIO *bio)
-	{
-	struct bio_bio_st *b = bio->ptr;
-
-	if (b != NULL)
-		{
-		BIO *peer_bio = b->peer;
-
-		if (peer_bio != NULL)
-			{
-			struct bio_bio_st *peer_b = peer_bio->ptr;
-
-			assert(peer_b != NULL);
-			assert(peer_b->peer == bio);
-
-			peer_b->peer = NULL;
-			peer_bio->init = 0;
-			assert(peer_b->buf != NULL);
-			peer_b->len = 0;
-			peer_b->offset = 0;
-			
-			b->peer = NULL;
-			bio->init = 0;
-			assert(b->buf != NULL);
-			b->len = 0;
-			b->offset = 0;
-			}
-		}
-	}
- 
+            b->peer = NULL;
+            bio->init = 0;
+            assert(b->buf != NULL);
+            b->len = 0;
+            b->offset = 0;
+        }
+    }
+}
 
 /* Exported convenience functions */
 int BIO_new_bio_pair(BIO **bio1_p, size_t writebuf1,
-	BIO **bio2_p, size_t writebuf2)
-	 {
-	 BIO *bio1 = NULL, *bio2 = NULL;
-	 long r;
-	 int ret = 0;
-
-	 bio1 = BIO_new(BIO_s_bio());
-	 if (bio1 == NULL)
-		 goto err;
-	 bio2 = BIO_new(BIO_s_bio());
-	 if (bio2 == NULL)
-		 goto err;
-
-	 if (writebuf1)
-		 {
-		 r = BIO_set_write_buf_size(bio1, writebuf1);
-		 if (!r)
-			 goto err;
-		 }
-	 if (writebuf2)
-		 {
-		 r = BIO_set_write_buf_size(bio2, writebuf2);
-		 if (!r)
-			 goto err;
-		 }
-
-	 r = BIO_make_bio_pair(bio1, bio2);
-	 if (!r)
-		 goto err;
-	 ret = 1;
+                     BIO **bio2_p, size_t writebuf2)
+{
+    BIO *bio1 = NULL, *bio2 = NULL;
+    long r;
+    int ret = 0;
+
+    bio1 = BIO_new(BIO_s_bio());
+    if (bio1 == NULL)
+        goto err;
+    bio2 = BIO_new(BIO_s_bio());
+    if (bio2 == NULL)
+        goto err;
+
+    if (writebuf1) {
+        r = BIO_set_write_buf_size(bio1, writebuf1);
+        if (!r)
+            goto err;
+    }
+    if (writebuf2) {
+        r = BIO_set_write_buf_size(bio2, writebuf2);
+        if (!r)
+            goto err;
+    }
+
+    r = BIO_make_bio_pair(bio1, bio2);
+    if (!r)
+        goto err;
+    ret = 1;
 
  err:
-	 if (ret == 0)
-		 {
-		 if (bio1)
-			 {
-			 BIO_free(bio1);
-			 bio1 = NULL;
-			 }
-		 if (bio2)
-			 {
-			 BIO_free(bio2);
-			 bio2 = NULL;
-			 }
-		 }
-
-	 *bio1_p = bio1;
-	 *bio2_p = bio2;
-	 return ret;
-	 }
+    if (ret == 0) {
+        if (bio1) {
+            BIO_free(bio1);
+            bio1 = NULL;
+        }
+        if (bio2) {
+            BIO_free(bio2);
+            bio2 = NULL;
+        }
+    }
+
+    *bio1_p = bio1;
+    *bio2_p = bio2;
+    return ret;
+}
 
 size_t BIO_ctrl_get_write_guarantee(BIO *bio)
-	{
-	return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
-	}
+{
+    return BIO_ctrl(bio, BIO_C_GET_WRITE_GUARANTEE, 0, NULL);
+}
 
 size_t BIO_ctrl_get_read_request(BIO *bio)
-	{
-	return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
-	}
+{
+    return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL);
+}
 
 int BIO_ctrl_reset_read_request(BIO *bio)
-	{
-	return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
-	}
-
+{
+    return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0);
+}
 
-/* BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
- * (conceivably some other BIOs could allow non-copying reads and writes too.)
+/*
+ * BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now
+ * (conceivably some other BIOs could allow non-copying reads and writes
+ * too.)
  */
 int BIO_nread0(BIO *bio, char **buf)
-	{
-	long ret;
-
-	if (!bio->init)
-		{
-		BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
-		return -2;
-		}
-
-	ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
-	if (ret > INT_MAX)
-		return INT_MAX;
-	else
-		return (int) ret;
-	}
+{
+    long ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf);
+    if (ret > INT_MAX)
+        return INT_MAX;
+    else
+        return (int)ret;
+}
 
 int BIO_nread(BIO *bio, char **buf, int num)
-	{
-	int ret;
+{
+    int ret;
 
-	if (!bio->init)
-		{
-		BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
-		return -2;
-		}
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED);
+        return -2;
+    }
 
-	ret = (int) BIO_ctrl(bio, BIO_C_NREAD, num, buf);
-	if (ret > 0)
-		bio->num_read += ret;
-	return ret;
-	}
+    ret = (int)BIO_ctrl(bio, BIO_C_NREAD, num, buf);
+    if (ret > 0)
+        bio->num_read += ret;
+    return ret;
+}
 
 int BIO_nwrite0(BIO *bio, char **buf)
-	{
-	long ret;
-
-	if (!bio->init)
-		{
-		BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
-		return -2;
-		}
-
-	ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
-	if (ret > INT_MAX)
-		return INT_MAX;
-	else
-		return (int) ret;
-	}
+{
+    long ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf);
+    if (ret > INT_MAX)
+        return INT_MAX;
+    else
+        return (int)ret;
+}
 
 int BIO_nwrite(BIO *bio, char **buf, int num)
-	{
-	int ret;
-
-	if (!bio->init)
-		{
-		BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
-		return -2;
-		}
-
-	ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
-	if (ret > 0)
-		bio->num_write += ret;
-	return ret;
-	}
+{
+    int ret;
+
+    if (!bio->init) {
+        BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED);
+        return -2;
+    }
+
+    ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf);
+    if (ret > 0)
+        bio->num_write += ret;
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c
index e0327bde..405190f0 100644
--- a/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bss_dgram.c
@@ -1,7 +1,7 @@
 /* crypto/bio/bio_dgram.c */
-/* 
+/*
  * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
  */
 /* ====================================================================
  * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
@@ -11,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -57,7 +57,6 @@
  *
  */
 
-
 #include <stdio.h>
 #include <errno.h>
 #define USE_SOCKETS
@@ -66,19 +65,19 @@
 #include <openssl/bio.h>
 #ifndef OPENSSL_NO_DGRAM
 
-#if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
-#include <sys/timeb.h>
-#endif
+# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS)
+#  include <sys/timeb.h>
+# endif
 
-#ifdef OPENSSL_SYS_LINUX
-#define IP_MTU      14 /* linux is lame */
-#endif
+# ifdef OPENSSL_SYS_LINUX
+#  define IP_MTU      14        /* linux is lame */
+# endif
 
-#ifdef WATT32
-#define sock_write SockWrite  /* Watt-32 uses same names */
-#define sock_read  SockRead
-#define sock_puts  SockPuts
-#endif
+# ifdef WATT32
+#  define sock_write SockWrite  /* Watt-32 uses same names */
+#  define sock_read  SockRead
+#  define sock_puts  SockPuts
+# endif
 
 static int dgram_write(BIO *h, const char *buf, int num);
 static int dgram_read(BIO *h, char *buf, int size);
@@ -92,657 +91,653 @@ static int BIO_dgram_should_retry(int s);
 
 static void get_current_time(struct timeval *t);
 
-static BIO_METHOD methods_dgramp=
-	{
-	BIO_TYPE_DGRAM,
-	"datagram socket",
-	dgram_write,
-	dgram_read,
-	dgram_puts,
-	NULL, /* dgram_gets, */
-	dgram_ctrl,
-	dgram_new,
-	dgram_free,
-	NULL,
-	};
-
-typedef struct bio_dgram_data_st
-	{
-	struct sockaddr peer;
-	unsigned int connected;
-	unsigned int _errno;
-	unsigned int mtu;
-	struct timeval next_timeout;
-	struct timeval socket_timeout;
-	} bio_dgram_data;
+static BIO_METHOD methods_dgramp = {
+    BIO_TYPE_DGRAM,
+    "datagram socket",
+    dgram_write,
+    dgram_read,
+    dgram_puts,
+    NULL,                       /* dgram_gets, */
+    dgram_ctrl,
+    dgram_new,
+    dgram_free,
+    NULL,
+};
+
+typedef struct bio_dgram_data_st {
+    struct sockaddr peer;
+    unsigned int connected;
+    unsigned int _errno;
+    unsigned int mtu;
+    struct timeval next_timeout;
+    struct timeval socket_timeout;
+} bio_dgram_data;
 
 BIO_METHOD *BIO_s_datagram(void)
-	{
-	return(&methods_dgramp);
-	}
+{
+    return (&methods_dgramp);
+}
 
 BIO *BIO_new_dgram(int fd, int close_flag)
-	{
-	BIO *ret;
+{
+    BIO *ret;
 
-	ret=BIO_new(BIO_s_datagram());
-	if (ret == NULL) return(NULL);
-	BIO_set_fd(ret,fd,close_flag);
-	return(ret);
-	}
+    ret = BIO_new(BIO_s_datagram());
+    if (ret == NULL)
+        return (NULL);
+    BIO_set_fd(ret, fd, close_flag);
+    return (ret);
+}
 
 static int dgram_new(BIO *bi)
-	{
-	bio_dgram_data *data = NULL;
-
-	bi->init=0;
-	bi->num=0;
-	data = OPENSSL_malloc(sizeof(bio_dgram_data));
-	if (data == NULL)
-		return 0;
-	memset(data, 0x00, sizeof(bio_dgram_data));
+{
+    bio_dgram_data *data = NULL;
+
+    bi->init = 0;
+    bi->num = 0;
+    data = OPENSSL_malloc(sizeof(bio_dgram_data));
+    if (data == NULL)
+        return 0;
+    memset(data, 0x00, sizeof(bio_dgram_data));
     bi->ptr = data;
 
-	bi->flags=0;
-	return(1);
-	}
+    bi->flags = 0;
+    return (1);
+}
 
 static int dgram_free(BIO *a)
-	{
-	bio_dgram_data *data;
+{
+    bio_dgram_data *data;
 
-	if (a == NULL) return(0);
-	if ( ! dgram_clear(a))
-		return 0;
+    if (a == NULL)
+        return (0);
+    if (!dgram_clear(a))
+        return 0;
 
-	data = (bio_dgram_data *)a->ptr;
-	if(data != NULL) OPENSSL_free(data);
+    data = (bio_dgram_data *)a->ptr;
+    if (data != NULL)
+        OPENSSL_free(data);
 
-	return(1);
-	}
+    return (1);
+}
 
 static int dgram_clear(BIO *a)
-	{
-	if (a == NULL) return(0);
-	if (a->shutdown)
-		{
-		if (a->init)
-			{
-			SHUTDOWN2(a->num);
-			}
-		a->init=0;
-		a->flags=0;
-		}
-	return(1);
-	}
+{
+    if (a == NULL)
+        return (0);
+    if (a->shutdown) {
+        if (a->init) {
+            SHUTDOWN2(a->num);
+        }
+        a->init = 0;
+        a->flags = 0;
+    }
+    return (1);
+}
 
 static void dgram_adjust_rcv_timeout(BIO *b)
-	{
-#if defined(SO_RCVTIMEO)
-	bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-	int sz = sizeof(int);
-
-	/* Is a timer active? */
-	if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
-		{
-		struct timeval timenow, timeleft;
-
-		/* Read current socket timeout */
-#ifdef OPENSSL_SYS_WINDOWS
-		int timeout;
-		if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-					   (void*)&timeout, &sz) < 0)
-			{ perror("getsockopt"); }
-		else
-			{
-			data->socket_timeout.tv_sec = timeout / 1000;
-			data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
-			}
-#else
-		if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
-						&(data->socket_timeout), (void *)&sz) < 0)
-			{ perror("getsockopt"); }
-#endif
+{
+# if defined(SO_RCVTIMEO)
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    int sz = sizeof(int);
+
+    /* Is a timer active? */
+    if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
+        struct timeval timenow, timeleft;
+
+        /* Read current socket timeout */
+#  ifdef OPENSSL_SYS_WINDOWS
+        int timeout;
+        if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       (void *)&timeout, &sz) < 0) {
+            perror("getsockopt");
+        } else {
+            data->socket_timeout.tv_sec = timeout / 1000;
+            data->socket_timeout.tv_usec = (timeout % 1000) * 1000;
+        }
+#  else
+        if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       &(data->socket_timeout), (void *)&sz) < 0) {
+            perror("getsockopt");
+        }
+#  endif
 
-		/* Get current time */
-		get_current_time(&timenow);
-
-		/* Calculate time left until timer expires */
-		memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
-		timeleft.tv_sec -= timenow.tv_sec;
-		timeleft.tv_usec -= timenow.tv_usec;
-		if (timeleft.tv_usec < 0)
-			{
-			timeleft.tv_sec--;
-			timeleft.tv_usec += 1000000;
-			}
-
-		if (timeleft.tv_sec < 0)
-			{
-			timeleft.tv_sec = 0;
-			timeleft.tv_usec = 1;
-			}
-
-		/* Adjust socket timeout if next handhake message timer
-		 * will expire earlier.
-		 */
-		if ((data->socket_timeout.tv_sec == 0 && data->socket_timeout.tv_usec == 0) ||
-			(data->socket_timeout.tv_sec > timeleft.tv_sec) ||
-			(data->socket_timeout.tv_sec == timeleft.tv_sec &&
-			 data->socket_timeout.tv_usec >= timeleft.tv_usec))
-			{
-#ifdef OPENSSL_SYS_WINDOWS
-			timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
-			if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-						   (void*)&timeout, sizeof(timeout)) < 0)
-				{ perror("setsockopt"); }
-#else
-			if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
-							sizeof(struct timeval)) < 0)
-				{ perror("setsockopt"); }
-#endif
-			}
-		}
-#endif
-	}
+        /* Get current time */
+        get_current_time(&timenow);
+
+        /* Calculate time left until timer expires */
+        memcpy(&timeleft, &(data->next_timeout), sizeof(struct timeval));
+        timeleft.tv_sec -= timenow.tv_sec;
+        timeleft.tv_usec -= timenow.tv_usec;
+        if (timeleft.tv_usec < 0) {
+            timeleft.tv_sec--;
+            timeleft.tv_usec += 1000000;
+        }
+
+        if (timeleft.tv_sec < 0) {
+            timeleft.tv_sec = 0;
+            timeleft.tv_usec = 1;
+        }
+
+        /*
+         * Adjust socket timeout if next handhake message timer will expire
+         * earlier.
+         */
+        if ((data->socket_timeout.tv_sec == 0
+             && data->socket_timeout.tv_usec == 0)
+            || (data->socket_timeout.tv_sec > timeleft.tv_sec)
+            || (data->socket_timeout.tv_sec == timeleft.tv_sec
+                && data->socket_timeout.tv_usec >= timeleft.tv_usec)) {
+#  ifdef OPENSSL_SYS_WINDOWS
+            timeout = timeleft.tv_sec * 1000 + timeleft.tv_usec / 1000;
+            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           (void *)&timeout, sizeof(timeout)) < 0) {
+                perror("setsockopt");
+            }
+#  else
+            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &timeleft,
+                           sizeof(struct timeval)) < 0) {
+                perror("setsockopt");
+            }
+#  endif
+        }
+    }
+# endif
+}
 
 static void dgram_reset_rcv_timeout(BIO *b)
-	{
-#if defined(SO_RCVTIMEO)
-	bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-
-	/* Is a timer active? */
-	if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0)
-		{
-#ifdef OPENSSL_SYS_WINDOWS
-		int timeout = data->socket_timeout.tv_sec * 1000 +
-					  data->socket_timeout.tv_usec / 1000;
-		if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-					   (void*)&timeout, sizeof(timeout)) < 0)
-			{ perror("setsockopt"); }
-#else
-		if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
-						sizeof(struct timeval)) < 0)
-			{ perror("setsockopt"); }
-#endif
-		}
-#endif
-	}
+{
+# if defined(SO_RCVTIMEO)
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+
+    /* Is a timer active? */
+    if (data->next_timeout.tv_sec > 0 || data->next_timeout.tv_usec > 0) {
+#  ifdef OPENSSL_SYS_WINDOWS
+        int timeout = data->socket_timeout.tv_sec * 1000 +
+            data->socket_timeout.tv_usec / 1000;
+        if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       (void *)&timeout, sizeof(timeout)) < 0) {
+            perror("setsockopt");
+        }
+#  else
+        if (setsockopt
+            (b->num, SOL_SOCKET, SO_RCVTIMEO, &(data->socket_timeout),
+             sizeof(struct timeval)) < 0) {
+            perror("setsockopt");
+        }
+#  endif
+    }
+# endif
+}
 
 static int dgram_read(BIO *b, char *out, int outl)
-	{
-	int ret=0;
-	bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-
-	struct sockaddr peer;
-	int peerlen = sizeof(peer);
-
-	if (out != NULL)
-		{
-		clear_socket_error();
-		memset(&peer, 0x00, peerlen);
-		/* Last arg in recvfrom is signed on some platforms and
-		 * unsigned on others. It is of type socklen_t on some
-		 * but this is not universal. Cast to (void *) to avoid
-		 * compiler warnings.
-		 */
-		dgram_adjust_rcv_timeout(b);
-		ret=recvfrom(b->num,out,outl,0,&peer,(void *)&peerlen);
-
-		if ( ! data->connected  && ret >= 0)
-			BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
-
-		BIO_clear_retry_flags(b);
-		if (ret < 0)
-			{
-			if (BIO_dgram_should_retry(ret))
-				{
-				BIO_set_retry_read(b);
-				data->_errno = get_last_socket_error();
-				}
-			}
-
-		dgram_reset_rcv_timeout(b);
-		}
-	return(ret);
-	}
+{
+    int ret = 0;
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+
+    struct sockaddr peer;
+    int peerlen = sizeof(peer);
+
+    if (out != NULL) {
+        clear_socket_error();
+        memset(&peer, 0x00, peerlen);
+        /*
+         * Last arg in recvfrom is signed on some platforms and unsigned on
+         * others. It is of type socklen_t on some but this is not universal.
+         * Cast to (void *) to avoid compiler warnings.
+         */
+        dgram_adjust_rcv_timeout(b);
+        ret = recvfrom(b->num, out, outl, 0, &peer, (void *)&peerlen);
+
+        if (!data->connected && ret >= 0)
+            BIO_ctrl(b, BIO_CTRL_DGRAM_SET_PEER, 0, &peer);
+
+        BIO_clear_retry_flags(b);
+        if (ret < 0) {
+            if (BIO_dgram_should_retry(ret)) {
+                BIO_set_retry_read(b);
+                data->_errno = get_last_socket_error();
+            }
+        }
+
+        dgram_reset_rcv_timeout(b);
+    }
+    return (ret);
+}
 
 static int dgram_write(BIO *b, const char *in, int inl)
-	{
-	int ret;
-	bio_dgram_data *data = (bio_dgram_data *)b->ptr;
-	clear_socket_error();
+{
+    int ret;
+    bio_dgram_data *data = (bio_dgram_data *)b->ptr;
+    clear_socket_error();
 
-    if ( data->connected )
-        ret=writesocket(b->num,in,inl);
+    if (data->connected)
+        ret = writesocket(b->num, in, inl);
     else
-#if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
-        ret=sendto(b->num, (char *)in, inl, 0, &data->peer, sizeof(data->peer));
-#else
-        ret=sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer));
-#endif
+# if defined(NETWARE_CLIB) && defined(NETWARE_BSDSOCK)
+        ret =
+            sendto(b->num, (char *)in, inl, 0, &data->peer,
+                   sizeof(data->peer));
+# else
+        ret = sendto(b->num, in, inl, 0, &data->peer, sizeof(data->peer));
+# endif
 
-	BIO_clear_retry_flags(b);
-	if (ret <= 0)
-		{
-		if (BIO_dgram_should_retry(ret))
-			{
-			BIO_set_retry_write(b);  
-			data->_errno = get_last_socket_error();
-
-#if 0 /* higher layers are responsible for querying MTU, if necessary */
-			if ( data->_errno == EMSGSIZE)
-				/* retrieve the new MTU */
-				BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-#endif
-			}
-		}
-	return(ret);
-	}
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_dgram_should_retry(ret)) {
+            BIO_set_retry_write(b);
+            data->_errno = get_last_socket_error();
+
+# if 0                          /* higher layers are responsible for querying
+                                 * MTU, if necessary */
+            if (data->_errno == EMSGSIZE)
+                /* retrieve the new MTU */
+                BIO_ctrl(b, BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
+# endif
+        }
+    }
+    return (ret);
+}
 
 static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret=1;
-	int *ip;
-	struct sockaddr *to = NULL;
-	bio_dgram_data *data = NULL;
-#if defined(IP_MTU_DISCOVER) || defined(IP_MTU)
-	long sockopt_val = 0;
-	unsigned int sockopt_len = 0;
-#endif
-#ifdef OPENSSL_SYS_LINUX
-	socklen_t addr_len;
-	struct sockaddr_storage addr;
-#endif
+{
+    long ret = 1;
+    int *ip;
+    struct sockaddr *to = NULL;
+    bio_dgram_data *data = NULL;
+# if defined(IP_MTU_DISCOVER) || defined(IP_MTU)
+    long sockopt_val = 0;
+    unsigned int sockopt_len = 0;
+# endif
+# ifdef OPENSSL_SYS_LINUX
+    socklen_t addr_len;
+    struct sockaddr_storage addr;
+# endif
 
-	data = (bio_dgram_data *)b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		num=0;
-	case BIO_C_FILE_SEEK:
-		ret=0;
-		break;
-	case BIO_C_FILE_TELL:
-	case BIO_CTRL_INFO:
-		ret=0;
-		break;
-	case BIO_C_SET_FD:
-		dgram_clear(b);
-		b->num= *((int *)ptr);
-		b->shutdown=(int)num;
-		b->init=1;
-		break;
-	case BIO_C_GET_FD:
-		if (b->init)
-			{
-			ip=(int *)ptr;
-			if (ip != NULL) *ip=b->num;
-			ret=b->num;
-			}
-		else
-			ret= -1;
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-	case BIO_CTRL_PENDING:
-	case BIO_CTRL_WPENDING:
-		ret=0;
-		break;
-	case BIO_CTRL_DUP:
-	case BIO_CTRL_FLUSH:
-		ret=1;
-		break;
-	case BIO_CTRL_DGRAM_CONNECT:
-		to = (struct sockaddr *)ptr;
-#if 0
-		if (connect(b->num, to, sizeof(struct sockaddr)) < 0)
-			{ perror("connect"); ret = 0; }
-		else
-			{
-#endif
-			memcpy(&(data->peer),to, sizeof(struct sockaddr));
-#if 0
-			}
-#endif
-		break;
-		/* (Linux)kernel sets DF bit on outgoing IP packets */
-	case BIO_CTRL_DGRAM_MTU_DISCOVER:
-#ifdef OPENSSL_SYS_LINUX
-		addr_len = (socklen_t)sizeof(struct sockaddr_storage);
-		memset((void *)&addr, 0, sizeof(struct sockaddr_storage));
-		if (getsockname(b->num, (void *)&addr, &addr_len) < 0)
-			{
-			ret = 0;
-			break;
-			}
-		sockopt_len = sizeof(sockopt_val);
-		switch (addr.ss_family)
-			{
-		case AF_INET:
-			sockopt_val = IP_PMTUDISC_DO;
-			if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
-				&sockopt_val, sizeof(sockopt_val))) < 0)
-				perror("setsockopt");
-			break;
-		case AF_INET6:
-			sockopt_val = IPV6_PMTUDISC_DO;
-			if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
-				&sockopt_val, sizeof(sockopt_val))) < 0)
-				perror("setsockopt");
-			break;
-		default:
-			ret = -1;
-			break;
-			}
-		ret = -1;
-#else
-		break;
-#endif
-	case BIO_CTRL_DGRAM_QUERY_MTU:
-#ifdef OPENSSL_SYS_LINUX
-		addr_len = (socklen_t)sizeof(struct sockaddr_storage);
-		memset((void *)&addr, 0, sizeof(struct sockaddr_storage));
-		if (getsockname(b->num, (void *)&addr, &addr_len) < 0)
-			{
-			ret = 0;
-			break;
-			}
-		sockopt_len = sizeof(sockopt_val);
-		switch (addr.ss_family)
-			{
-		case AF_INET:
-			if ((ret = getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
-				&sockopt_len)) < 0 || sockopt_val < 0)
-				{
-				ret = 0;
-				}
-			else
-				{
-				/* we assume that the transport protocol is UDP and no
-				 * IP options are used.
-				 */
-				data->mtu = sockopt_val - 8 - 20;
-				ret = data->mtu;
-				}
-			break;
-		case AF_INET6:
-			if ((ret = getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU, (void *)&sockopt_val,
-				&sockopt_len)) < 0 || sockopt_val < 0)
-				{
-				ret = 0;
-				}
-			else
-				{
-				/* we assume that the transport protocol is UDP and no
-				 * IPV6 options are used.
-				 */
-				data->mtu = sockopt_val - 8 - 40;
-				ret = data->mtu;
-				}
-			break;
-		default:
-			ret = 0;
-			break;
-			}
-#else
-		ret = 0;
-#endif
-		break;
-	case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
-		ret = 576 - 20 - 8;
-		break;
-	case BIO_CTRL_DGRAM_GET_MTU:
-		return data->mtu;
-		break;
-	case BIO_CTRL_DGRAM_SET_MTU:
-		data->mtu = num;
-		ret = num;
-		break;
-	case BIO_CTRL_DGRAM_SET_CONNECTED:
-		to = (struct sockaddr *)ptr;
-
-		if ( to != NULL)
-			{
-			data->connected = 1;
-			memcpy(&(data->peer),to, sizeof(struct sockaddr));
-			}
-		else
-			{
-			data->connected = 0;
-			memset(&(data->peer), 0x00, sizeof(struct sockaddr));
-			}
-		break;
+    data = (bio_dgram_data *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        num = 0;
+    case BIO_C_FILE_SEEK:
+        ret = 0;
+        break;
+    case BIO_C_FILE_TELL:
+    case BIO_CTRL_INFO:
+        ret = 0;
+        break;
+    case BIO_C_SET_FD:
+        dgram_clear(b);
+        b->num = *((int *)ptr);
+        b->shutdown = (int)num;
+        b->init = 1;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    case BIO_CTRL_DGRAM_CONNECT:
+        to = (struct sockaddr *)ptr;
+# if 0
+        if (connect(b->num, to, sizeof(struct sockaddr)) < 0) {
+            perror("connect");
+            ret = 0;
+        } else {
+# endif
+            memcpy(&(data->peer), to, sizeof(struct sockaddr));
+# if 0
+        }
+# endif
+        break;
+        /* (Linux)kernel sets DF bit on outgoing IP packets */
+    case BIO_CTRL_DGRAM_MTU_DISCOVER:
+# ifdef OPENSSL_SYS_LINUX
+        addr_len = (socklen_t) sizeof(struct sockaddr_storage);
+        memset((void *)&addr, 0, sizeof(struct sockaddr_storage));
+        if (getsockname(b->num, (void *)&addr, &addr_len) < 0) {
+            ret = 0;
+            break;
+        }
+        sockopt_len = sizeof(sockopt_val);
+        switch (addr.ss_family) {
+        case AF_INET:
+            sockopt_val = IP_PMTUDISC_DO;
+            if ((ret = setsockopt(b->num, IPPROTO_IP, IP_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0)
+                perror("setsockopt");
+            break;
+        case AF_INET6:
+            sockopt_val = IPV6_PMTUDISC_DO;
+            if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
+                                  &sockopt_val, sizeof(sockopt_val))) < 0)
+                perror("setsockopt");
+            break;
+        default:
+            ret = -1;
+            break;
+        }
+        ret = -1;
+# else
+        break;
+# endif
+    case BIO_CTRL_DGRAM_QUERY_MTU:
+# ifdef OPENSSL_SYS_LINUX
+        addr_len = (socklen_t) sizeof(struct sockaddr_storage);
+        memset((void *)&addr, 0, sizeof(struct sockaddr_storage));
+        if (getsockname(b->num, (void *)&addr, &addr_len) < 0) {
+            ret = 0;
+            break;
+        }
+        sockopt_len = sizeof(sockopt_val);
+        switch (addr.ss_family) {
+        case AF_INET:
+            if ((ret =
+                 getsockopt(b->num, IPPROTO_IP, IP_MTU, (void *)&sockopt_val,
+                            &sockopt_len)) < 0 || sockopt_val < 0) {
+                ret = 0;
+            } else {
+                /*
+                 * we assume that the transport protocol is UDP and no IP
+                 * options are used.
+                 */
+                data->mtu = sockopt_val - 8 - 20;
+                ret = data->mtu;
+            }
+            break;
+        case AF_INET6:
+            if ((ret =
+                 getsockopt(b->num, IPPROTO_IPV6, IPV6_MTU,
+                            (void *)&sockopt_val, &sockopt_len)) < 0
+                || sockopt_val < 0) {
+                ret = 0;
+            } else {
+                /*
+                 * we assume that the transport protocol is UDP and no IPV6
+                 * options are used.
+                 */
+                data->mtu = sockopt_val - 8 - 40;
+                ret = data->mtu;
+            }
+            break;
+        default:
+            ret = 0;
+            break;
+        }
+# else
+        ret = 0;
+# endif
+        break;
+    case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
+        ret = 576 - 20 - 8;
+        break;
+    case BIO_CTRL_DGRAM_GET_MTU:
+        return data->mtu;
+        break;
+    case BIO_CTRL_DGRAM_SET_MTU:
+        data->mtu = num;
+        ret = num;
+        break;
+    case BIO_CTRL_DGRAM_SET_CONNECTED:
+        to = (struct sockaddr *)ptr;
+
+        if (to != NULL) {
+            data->connected = 1;
+            memcpy(&(data->peer), to, sizeof(struct sockaddr));
+        } else {
+            data->connected = 0;
+            memset(&(data->peer), 0x00, sizeof(struct sockaddr));
+        }
+        break;
     case BIO_CTRL_DGRAM_GET_PEER:
-        to = (struct sockaddr *) ptr;
+        to = (struct sockaddr *)ptr;
 
         memcpy(to, &(data->peer), sizeof(struct sockaddr));
-		ret = sizeof(struct sockaddr);
+        ret = sizeof(struct sockaddr);
         break;
     case BIO_CTRL_DGRAM_SET_PEER:
-        to = (struct sockaddr *) ptr;
+        to = (struct sockaddr *)ptr;
 
         memcpy(&(data->peer), to, sizeof(struct sockaddr));
         break;
-	case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
-		memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));		
-		break;
-#if defined(SO_RCVTIMEO)
-	case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
-		{
-		struct timeval *tv = (struct timeval *)ptr;
-		int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000;
-		if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-			(void*)&timeout, sizeof(timeout)) < 0)
-			{ perror("setsockopt"); ret = -1; }
-		}
-#else
-		if ( setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
-			sizeof(struct timeval)) < 0)
-			{ perror("setsockopt");	ret = -1; }
-#endif
-		break;
-	case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
-		{
-		int timeout, sz = sizeof(timeout);
-		struct timeval *tv = (struct timeval *)ptr;
-		if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
-			(void*)&timeout, &sz) < 0)
-			{ perror("getsockopt"); ret = -1; }
-		else
-			{
-			tv->tv_sec = timeout / 1000;
-			tv->tv_usec = (timeout % 1000) * 1000;
-			ret = sizeof(*tv);
-			}
-		}
-#else
-		if ( getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, 
-			ptr, (void *)&ret) < 0)
-			{ perror("getsockopt"); ret = -1; }
-#endif
-		break;
-#endif
-#if defined(SO_SNDTIMEO)
-	case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
-		{
-		struct timeval *tv = (struct timeval *)ptr;
-		int timeout = tv->tv_sec * 1000 + tv->tv_usec/1000;
-		if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
-			(void*)&timeout, sizeof(timeout)) < 0)
-			{ perror("setsockopt"); ret = -1; }
-		}
-#else
-		if ( setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
-			sizeof(struct timeval)) < 0)
-			{ perror("setsockopt");	ret = -1; }
-#endif
-		break;
-	case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
-#ifdef OPENSSL_SYS_WINDOWS
-		{
-		int timeout, sz = sizeof(timeout);
-		struct timeval *tv = (struct timeval *)ptr;
-		if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
-			(void*)&timeout, &sz) < 0)
-			{ perror("getsockopt"); ret = -1; }
-		else
-			{
-			tv->tv_sec = timeout / 1000;
-			tv->tv_usec = (timeout % 1000) * 1000;
-			ret = sizeof(*tv);
-			}
-		}
-#else
-		if ( getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, 
-			ptr, (void *)&ret) < 0)
-			{ perror("getsockopt"); ret = -1; }
-#endif
-		break;
-#endif
-	case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
-		/* fall-through */
-	case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
-#ifdef OPENSSL_SYS_WINDOWS
-		if ( data->_errno == WSAETIMEDOUT)
-#else
-		if ( data->_errno == EAGAIN)
-#endif
-			{
-			ret = 1;
-			data->_errno = 0;
-			}
-		else
-			ret = 0;
-		break;
-#ifdef EMSGSIZE
-	case BIO_CTRL_DGRAM_MTU_EXCEEDED:
-		if ( data->_errno == EMSGSIZE)
-			{
-			ret = 1;
-			data->_errno = 0;
-			}
-		else
-			ret = 0;
-		break;
-#endif
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
+    case BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT:
+        memcpy(&(data->next_timeout), ptr, sizeof(struct timeval));
+        break;
+# if defined(SO_RCVTIMEO)
+    case BIO_CTRL_DGRAM_SET_RECV_TIMEOUT:
+#  ifdef OPENSSL_SYS_WINDOWS
+        {
+            struct timeval *tv = (struct timeval *)ptr;
+            int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
+            if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           (void *)&timeout, sizeof(timeout)) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+        }
+#  else
+        if (setsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO, ptr,
+                       sizeof(struct timeval)) < 0) {
+            perror("setsockopt");
+            ret = -1;
+        }
+#  endif
+        break;
+    case BIO_CTRL_DGRAM_GET_RECV_TIMEOUT:
+#  ifdef OPENSSL_SYS_WINDOWS
+        {
+            int timeout, sz = sizeof(timeout);
+            struct timeval *tv = (struct timeval *)ptr;
+            if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                           (void *)&timeout, &sz) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else {
+                tv->tv_sec = timeout / 1000;
+                tv->tv_usec = (timeout % 1000) * 1000;
+                ret = sizeof(*tv);
+            }
+        }
+#  else
+        if (getsockopt(b->num, SOL_SOCKET, SO_RCVTIMEO,
+                       ptr, (void *)&ret) < 0) {
+            perror("getsockopt");
+            ret = -1;
+        }
+#  endif
+        break;
+# endif
+# if defined(SO_SNDTIMEO)
+    case BIO_CTRL_DGRAM_SET_SEND_TIMEOUT:
+#  ifdef OPENSSL_SYS_WINDOWS
+        {
+            struct timeval *tv = (struct timeval *)ptr;
+            int timeout = tv->tv_sec * 1000 + tv->tv_usec / 1000;
+            if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                           (void *)&timeout, sizeof(timeout)) < 0) {
+                perror("setsockopt");
+                ret = -1;
+            }
+        }
+#  else
+        if (setsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO, ptr,
+                       sizeof(struct timeval)) < 0) {
+            perror("setsockopt");
+            ret = -1;
+        }
+#  endif
+        break;
+    case BIO_CTRL_DGRAM_GET_SEND_TIMEOUT:
+#  ifdef OPENSSL_SYS_WINDOWS
+        {
+            int timeout, sz = sizeof(timeout);
+            struct timeval *tv = (struct timeval *)ptr;
+            if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                           (void *)&timeout, &sz) < 0) {
+                perror("getsockopt");
+                ret = -1;
+            } else {
+                tv->tv_sec = timeout / 1000;
+                tv->tv_usec = (timeout % 1000) * 1000;
+                ret = sizeof(*tv);
+            }
+        }
+#  else
+        if (getsockopt(b->num, SOL_SOCKET, SO_SNDTIMEO,
+                       ptr, (void *)&ret) < 0) {
+            perror("getsockopt");
+            ret = -1;
+        }
+#  endif
+        break;
+# endif
+    case BIO_CTRL_DGRAM_GET_SEND_TIMER_EXP:
+        /* fall-through */
+    case BIO_CTRL_DGRAM_GET_RECV_TIMER_EXP:
+# ifdef OPENSSL_SYS_WINDOWS
+        if (data->_errno == WSAETIMEDOUT)
+# else
+        if (data->_errno == EAGAIN)
+# endif
+        {
+            ret = 1;
+            data->_errno = 0;
+        } else
+            ret = 0;
+        break;
+# ifdef EMSGSIZE
+    case BIO_CTRL_DGRAM_MTU_EXCEEDED:
+        if (data->_errno == EMSGSIZE) {
+            ret = 1;
+            data->_errno = 0;
+        } else
+            ret = 0;
+        break;
+# endif
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
 
 static int dgram_puts(BIO *bp, const char *str)
-	{
-	int n,ret;
+{
+    int n, ret;
 
-	n=strlen(str);
-	ret=dgram_write(bp,str,n);
-	return(ret);
-	}
+    n = strlen(str);
+    ret = dgram_write(bp, str, n);
+    return (ret);
+}
 
 static int BIO_dgram_should_retry(int i)
-	{
-	int err;
-
-	if ((i == 0) || (i == -1))
-		{
-		err=get_last_socket_error();
-
-#if defined(OPENSSL_SYS_WINDOWS)
-	/* If the socket return value (i) is -1
-	 * and err is unexpectedly 0 at this point,
-	 * the error code was overwritten by
-	 * another system call before this error
-	 * handling is called.
-	 */
-#endif
+{
+    int err;
+
+    if ((i == 0) || (i == -1)) {
+        err = get_last_socket_error();
+
+# if defined(OPENSSL_SYS_WINDOWS)
+        /*
+         * If the socket return value (i) is -1 and err is unexpectedly 0 at
+         * this point, the error code was overwritten by another system call
+         * before this error handling is called.
+         */
+# endif
 
-		return(BIO_dgram_non_fatal_error(err));
-		}
-	return(0);
-	}
+        return (BIO_dgram_non_fatal_error(err));
+    }
+    return (0);
+}
 
 int BIO_dgram_non_fatal_error(int err)
-	{
-	switch (err)
-		{
-#if defined(OPENSSL_SYS_WINDOWS)
-# if defined(WSAEWOULDBLOCK)
-	case WSAEWOULDBLOCK:
-# endif
+{
+    switch (err) {
+# if defined(OPENSSL_SYS_WINDOWS)
+#  if defined(WSAEWOULDBLOCK)
+    case WSAEWOULDBLOCK:
+#  endif
 
-# if 0 /* This appears to always be an error */
-#  if defined(WSAENOTCONN)
-	case WSAENOTCONN:
+#  if 0                         /* This appears to always be an error */
+#   if defined(WSAENOTCONN)
+    case WSAENOTCONN:
+#   endif
 #  endif
 # endif
-#endif
 
-#ifdef EWOULDBLOCK
-# ifdef WSAEWOULDBLOCK
-#  if WSAEWOULDBLOCK != EWOULDBLOCK
-	case EWOULDBLOCK:
+# ifdef EWOULDBLOCK
+#  ifdef WSAEWOULDBLOCK
+#   if WSAEWOULDBLOCK != EWOULDBLOCK
+    case EWOULDBLOCK:
+#   endif
+#  else
+    case EWOULDBLOCK:
 #  endif
-# else
-	case EWOULDBLOCK:
 # endif
-#endif
 
-#ifdef EINTR
-	case EINTR:
-#endif
+# ifdef EINTR
+    case EINTR:
+# endif
 
-#ifdef EAGAIN
-#if EWOULDBLOCK != EAGAIN
-	case EAGAIN:
+# ifdef EAGAIN
+#  if EWOULDBLOCK != EAGAIN
+    case EAGAIN:
+#  endif
 # endif
-#endif
 
-#ifdef EPROTO
-	case EPROTO:
-#endif
+# ifdef EPROTO
+    case EPROTO:
+# endif
 
-#ifdef EINPROGRESS
-	case EINPROGRESS:
-#endif
+# ifdef EINPROGRESS
+    case EINPROGRESS:
+# endif
 
-#ifdef EALREADY
-	case EALREADY:
-#endif
+# ifdef EALREADY
+    case EALREADY:
+# endif
 
-		return(1);
-		/* break; */
-	default:
-		break;
-		}
-	return(0);
-	}
+        return (1);
+        /* break; */
+    default:
+        break;
+    }
+    return (0);
+}
 
 static void get_current_time(struct timeval *t)
-	{
-#ifdef OPENSSL_SYS_WIN32
-	struct _timeb tb;
-	_ftime(&tb);
-	t->tv_sec = (long)tb.time;
-	t->tv_usec = (long)tb.millitm * 1000;
-#elif defined(OPENSSL_SYS_VMS)
-	struct timeb tb;
-	ftime(&tb);
-	t->tv_sec = (long)tb.time;
-	t->tv_usec = (long)tb.millitm * 1000;
-#else
-	gettimeofday(t, NULL);
-#endif
-	}
+{
+# ifdef OPENSSL_SYS_WIN32
+    struct _timeb tb;
+    _ftime(&tb);
+    t->tv_sec = (long)tb.time;
+    t->tv_usec = (long)tb.millitm * 1000;
+# elif defined(OPENSSL_SYS_VMS)
+    struct timeb tb;
+    ftime(&tb);
+    t->tv_sec = (long)tb.time;
+    t->tv_usec = (long)tb.millitm * 1000;
+# else
+    gettimeofday(t, NULL);
+# endif
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c
index 4c229bf6..ad554dfc 100644
--- a/Cryptlib/OpenSSL/crypto/bio/bss_fd.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bss_fd.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -82,213 +82,206 @@ static int fd_new(BIO *h);
 static int fd_free(BIO *data);
 int BIO_fd_should_retry(int s);
 
-static BIO_METHOD methods_fdp=
-	{
-	BIO_TYPE_FD,"file descriptor",
-	fd_write,
-	fd_read,
-	fd_puts,
-	NULL, /* fd_gets, */
-	fd_ctrl,
-	fd_new,
-	fd_free,
-	NULL,
-	};
+static BIO_METHOD methods_fdp = {
+    BIO_TYPE_FD, "file descriptor",
+    fd_write,
+    fd_read,
+    fd_puts,
+    NULL,                       /* fd_gets, */
+    fd_ctrl,
+    fd_new,
+    fd_free,
+    NULL,
+};
 
 BIO_METHOD *BIO_s_fd(void)
-	{
-	return(&methods_fdp);
-	}
+{
+    return (&methods_fdp);
+}
 
-BIO *BIO_new_fd(int fd,int close_flag)
-	{
-	BIO *ret;
-	ret=BIO_new(BIO_s_fd());
-	if (ret == NULL) return(NULL);
-	BIO_set_fd(ret,fd,close_flag);
-	return(ret);
-	}
+BIO *BIO_new_fd(int fd, int close_flag)
+{
+    BIO *ret;
+    ret = BIO_new(BIO_s_fd());
+    if (ret == NULL)
+        return (NULL);
+    BIO_set_fd(ret, fd, close_flag);
+    return (ret);
+}
 
 static int fd_new(BIO *bi)
-	{
-	bi->init=0;
-	bi->num=-1;
-	bi->ptr=NULL;
-	bi->flags=BIO_FLAGS_UPLINK; /* essentially redundant */
-	return(1);
-	}
+{
+    bi->init = 0;
+    bi->num = -1;
+    bi->ptr = NULL;
+    bi->flags = BIO_FLAGS_UPLINK; /* essentially redundant */
+    return (1);
+}
 
 static int fd_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	if (a->shutdown)
-		{
-		if (a->init)
-			{
-			UP_close(a->num);
-			}
-		a->init=0;
-		a->flags=BIO_FLAGS_UPLINK;
-		}
-	return(1);
-	}
-	
-static int fd_read(BIO *b, char *out,int outl)
-	{
-	int ret=0;
+{
+    if (a == NULL)
+        return (0);
+    if (a->shutdown) {
+        if (a->init) {
+            UP_close(a->num);
+        }
+        a->init = 0;
+        a->flags = BIO_FLAGS_UPLINK;
+    }
+    return (1);
+}
+
+static int fd_read(BIO *b, char *out, int outl)
+{
+    int ret = 0;
 
-	if (out != NULL)
-		{
-		clear_sys_error();
-		ret=UP_read(b->num,out,outl);
-		BIO_clear_retry_flags(b);
-		if (ret <= 0)
-			{
-			if (BIO_fd_should_retry(ret))
-				BIO_set_retry_read(b);
-			}
-		}
-	return(ret);
-	}
+    if (out != NULL) {
+        clear_sys_error();
+        ret = UP_read(b->num, out, outl);
+        BIO_clear_retry_flags(b);
+        if (ret <= 0) {
+            if (BIO_fd_should_retry(ret))
+                BIO_set_retry_read(b);
+        }
+    }
+    return (ret);
+}
 
 static int fd_write(BIO *b, const char *in, int inl)
-	{
-	int ret;
-	clear_sys_error();
-	ret=UP_write(b->num,in,inl);
-	BIO_clear_retry_flags(b);
-	if (ret <= 0)
-		{
-		if (BIO_fd_should_retry(ret))
-			BIO_set_retry_write(b);
-		}
-	return(ret);
-	}
+{
+    int ret;
+    clear_sys_error();
+    ret = UP_write(b->num, in, inl);
+    BIO_clear_retry_flags(b);
+    if (ret <= 0) {
+        if (BIO_fd_should_retry(ret))
+            BIO_set_retry_write(b);
+    }
+    return (ret);
+}
 
 static long fd_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret=1;
-	int *ip;
+{
+    long ret = 1;
+    int *ip;
 
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		num=0;
-	case BIO_C_FILE_SEEK:
-		ret=(long)UP_lseek(b->num,num,0);
-		break;
-	case BIO_C_FILE_TELL:
-	case BIO_CTRL_INFO:
-		ret=(long)UP_lseek(b->num,0,1);
-		break;
-	case BIO_C_SET_FD:
-		fd_free(b);
-		b->num= *((int *)ptr);
-		b->shutdown=(int)num;
-		b->init=1;
-		break;
-	case BIO_C_GET_FD:
-		if (b->init)
-			{
-			ip=(int *)ptr;
-			if (ip != NULL) *ip=b->num;
-			ret=b->num;
-			}
-		else
-			ret= -1;
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-	case BIO_CTRL_PENDING:
-	case BIO_CTRL_WPENDING:
-		ret=0;
-		break;
-	case BIO_CTRL_DUP:
-	case BIO_CTRL_FLUSH:
-		ret=1;
-		break;
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        num = 0;
+    case BIO_C_FILE_SEEK:
+        ret = (long)UP_lseek(b->num, num, 0);
+        break;
+    case BIO_C_FILE_TELL:
+    case BIO_CTRL_INFO:
+        ret = (long)UP_lseek(b->num, 0, 1);
+        break;
+    case BIO_C_SET_FD:
+        fd_free(b);
+        b->num = *((int *)ptr);
+        b->shutdown = (int)num;
+        b->init = 1;
+        break;
+    case BIO_C_GET_FD:
+        if (b->init) {
+            ip = (int *)ptr;
+            if (ip != NULL)
+                *ip = b->num;
+            ret = b->num;
+        } else
+            ret = -1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+        ret = 0;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
 
 static int fd_puts(BIO *bp, const char *str)
-	{
-	int n,ret;
+{
+    int n, ret;
 
-	n=strlen(str);
-	ret=fd_write(bp,str,n);
-	return(ret);
-	}
+    n = strlen(str);
+    ret = fd_write(bp, str, n);
+    return (ret);
+}
 
 int BIO_fd_should_retry(int i)
-	{
-	int err;
+{
+    int err;
 
-	if ((i == 0) || (i == -1))
-		{
-		err=get_last_sys_error();
+    if ((i == 0) || (i == -1)) {
+        err = get_last_sys_error();
 
-#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */
-		if ((i == -1) && (err == 0))
-			return(1);
+#if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps
+                                       * not? Ben 4/1/99 */
+        if ((i == -1) && (err == 0))
+            return (1);
 #endif
 
-		return(BIO_fd_non_fatal_error(err));
-		}
-	return(0);
-	}
+        return (BIO_fd_non_fatal_error(err));
+    }
+    return (0);
+}
 
 int BIO_fd_non_fatal_error(int err)
-	{
-	switch (err)
-		{
+{
+    switch (err) {
 
 #ifdef EWOULDBLOCK
 # ifdef WSAEWOULDBLOCK
 #  if WSAEWOULDBLOCK != EWOULDBLOCK
-	case EWOULDBLOCK:
+    case EWOULDBLOCK:
 #  endif
 # else
-	case EWOULDBLOCK:
+    case EWOULDBLOCK:
 # endif
 #endif
 
 #if defined(ENOTCONN)
-	case ENOTCONN:
+    case ENOTCONN:
 #endif
 
 #ifdef EINTR
-	case EINTR:
+    case EINTR:
 #endif
 
 #ifdef EAGAIN
-#if EWOULDBLOCK != EAGAIN
-	case EAGAIN:
+# if EWOULDBLOCK != EAGAIN
+    case EAGAIN:
 # endif
 #endif
 
 #ifdef EPROTO
-	case EPROTO:
+    case EPROTO:
 #endif
 
 #ifdef EINPROGRESS
-	case EINPROGRESS:
+    case EINPROGRESS:
 #endif
 
 #ifdef EALREADY
-	case EALREADY:
+    case EALREADY:
 #endif
-		return(1);
-		/* break; */
-	default:
-		break;
-		}
-	return(0);
-	}
+        return (1);
+        /* break; */
+    default:
+        break;
+    }
+    return (0);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_file.c b/Cryptlib/OpenSSL/crypto/bio/bss_file.c
index 3f553a64..81e5b940 100644
--- a/Cryptlib/OpenSSL/crypto/bio/bss_file.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bss_file.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,51 +49,51 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-/*
- * 03-Dec-1997	rdenny@dc3.com  Fix bug preventing use of stdin/stdout
- *		with binary data (e.g. asn1parse -inform DER < xxx) under
- *		Windows
+/*-
+ * 03-Dec-1997  rdenny@dc3.com  Fix bug preventing use of stdin/stdout
+ *              with binary data (e.g. asn1parse -inform DER < xxx) under
+ *              Windows
  */
 
 #ifndef HEADER_BSS_FILE_C
-#define HEADER_BSS_FILE_C
-
-#if defined(__linux) || defined(__sun) || defined(__hpux)
-/* Following definition aliases fopen to fopen64 on above mentioned
- * platforms. This makes it possible to open and sequentially access
- * files larger than 2GB from 32-bit application. It does not allow to
- * traverse them beyond 2GB with fseek/ftell, but on the other hand *no*
- * 32-bit platform permits that, not with fseek/ftell. Not to mention
- * that breaking 2GB limit for seeking would require surgery to *our*
- * API. But sequential access suffices for practical cases when you
- * can run into large files, such as fingerprinting, so we can let API
- * alone. For reference, the list of 32-bit platforms which allow for
- * sequential access of large files without extra "magic" comprise *BSD,
- * Darwin, IRIX...
+# define HEADER_BSS_FILE_C
+
+# if defined(__linux) || defined(__sun) || defined(__hpux)
+/*
+ * Following definition aliases fopen to fopen64 on above mentioned
+ * platforms. This makes it possible to open and sequentially access files
+ * larger than 2GB from 32-bit application. It does not allow to traverse
+ * them beyond 2GB with fseek/ftell, but on the other hand *no* 32-bit
+ * platform permits that, not with fseek/ftell. Not to mention that breaking
+ * 2GB limit for seeking would require surgery to *our* API. But sequential
+ * access suffices for practical cases when you can run into large files,
+ * such as fingerprinting, so we can let API alone. For reference, the list
+ * of 32-bit platforms which allow for sequential access of large files
+ * without extra "magic" comprise *BSD, Darwin, IRIX...
  */
-#ifndef _FILE_OFFSET_BITS
-#define _FILE_OFFSET_BITS 64
-#endif
-#endif
+#  ifndef _FILE_OFFSET_BITS
+#   define _FILE_OFFSET_BITS 64
+#  endif
+# endif
 
-#include <stdio.h>
-#include <errno.h>
-#include "cryptlib.h"
-#include "bio_lcl.h"
-#include <openssl/err.h>
+# include <stdio.h>
+# include <errno.h>
+# include "cryptlib.h"
+# include "bio_lcl.h"
+# include <openssl/err.h>
 
-#if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
-#include <nwfileio.h>
-#endif
+# if defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
+#  include <nwfileio.h>
+# endif
 
-#if !defined(OPENSSL_NO_STDIO)
+# if !defined(OPENSSL_NO_STDIO)
 
 static int MS_CALLBACK file_write(BIO *h, const char *buf, int num);
 static int MS_CALLBACK file_read(BIO *h, char *buf, int size);
@@ -102,351 +102,339 @@ static int MS_CALLBACK file_gets(BIO *h, char *str, int size);
 static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int MS_CALLBACK file_new(BIO *h);
 static int MS_CALLBACK file_free(BIO *data);
-static BIO_METHOD methods_filep=
-	{
-	BIO_TYPE_FILE,
-	"FILE pointer",
-	file_write,
-	file_read,
-	file_puts,
-	file_gets,
-	file_ctrl,
-	file_new,
-	file_free,
-	NULL,
-	};
+static BIO_METHOD methods_filep = {
+    BIO_TYPE_FILE,
+    "FILE pointer",
+    file_write,
+    file_read,
+    file_puts,
+    file_gets,
+    file_ctrl,
+    file_new,
+    file_free,
+    NULL,
+};
 
 BIO *BIO_new_file(const char *filename, const char *mode)
-	{
-	BIO *ret;
-	FILE *file;
-
-	if ((file=fopen(filename,mode)) == NULL)
-		{
-		SYSerr(SYS_F_FOPEN,get_last_sys_error());
-		ERR_add_error_data(5,"fopen('",filename,"','",mode,"')");
-		if (errno == ENOENT)
-			BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE);
-		else
-			BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB);
-		return(NULL);
-		}
-	if ((ret=BIO_new(BIO_s_file_internal())) == NULL)
-		{
-		fclose(file);
-		return(NULL);
-		}
-
-	BIO_clear_flags(ret,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */
-	BIO_set_fp(ret,file,BIO_CLOSE);
-	return(ret);
-	}
+{
+    BIO *ret;
+    FILE *file;
+
+    if ((file = fopen(filename, mode)) == NULL) {
+        SYSerr(SYS_F_FOPEN, get_last_sys_error());
+        ERR_add_error_data(5, "fopen('", filename, "','", mode, "')");
+        if (errno == ENOENT)
+            BIOerr(BIO_F_BIO_NEW_FILE, BIO_R_NO_SUCH_FILE);
+        else
+            BIOerr(BIO_F_BIO_NEW_FILE, ERR_R_SYS_LIB);
+        return (NULL);
+    }
+    if ((ret = BIO_new(BIO_s_file_internal())) == NULL) {
+        fclose(file);
+        return (NULL);
+    }
+
+    BIO_clear_flags(ret, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage
+                                             * UPLINK */
+    BIO_set_fp(ret, file, BIO_CLOSE);
+    return (ret);
+}
 
 BIO *BIO_new_fp(FILE *stream, int close_flag)
-	{
-	BIO *ret;
+{
+    BIO *ret;
 
-	if ((ret=BIO_new(BIO_s_file())) == NULL)
-		return(NULL);
+    if ((ret = BIO_new(BIO_s_file())) == NULL)
+        return (NULL);
 
-	BIO_set_flags(ret,BIO_FLAGS_UPLINK); /* redundant, left for documentation puposes */
-	BIO_set_fp(ret,stream,close_flag);
-	return(ret);
-	}
+    BIO_set_flags(ret, BIO_FLAGS_UPLINK); /* redundant, left for
+                                           * documentation puposes */
+    BIO_set_fp(ret, stream, close_flag);
+    return (ret);
+}
 
 BIO_METHOD *BIO_s_file(void)
-	{
-	return(&methods_filep);
-	}
+{
+    return (&methods_filep);
+}
 
 static int MS_CALLBACK file_new(BIO *bi)
-	{
-	bi->init=0;
-	bi->num=0;
-	bi->ptr=NULL;
-	bi->flags=BIO_FLAGS_UPLINK; /* default to UPLINK */
-	return(1);
-	}
+{
+    bi->init = 0;
+    bi->num = 0;
+    bi->ptr = NULL;
+    bi->flags = BIO_FLAGS_UPLINK; /* default to UPLINK */
+    return (1);
+}
 
 static int MS_CALLBACK file_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	if (a->shutdown)
-		{
-		if ((a->init) && (a->ptr != NULL))
-			{
-			if (a->flags&BIO_FLAGS_UPLINK)
-				UP_fclose (a->ptr);
-			else
-				fclose (a->ptr);
-			a->ptr=NULL;
-			a->flags=BIO_FLAGS_UPLINK;
-			}
-		a->init=0;
-		}
-	return(1);
-	}
-	
+{
+    if (a == NULL)
+        return (0);
+    if (a->shutdown) {
+        if ((a->init) && (a->ptr != NULL)) {
+            if (a->flags & BIO_FLAGS_UPLINK)
+                UP_fclose(a->ptr);
+            else
+                fclose(a->ptr);
+            a->ptr = NULL;
+            a->flags = BIO_FLAGS_UPLINK;
+        }
+        a->init = 0;
+    }
+    return (1);
+}
+
 static int MS_CALLBACK file_read(BIO *b, char *out, int outl)
-	{
-	int ret=0;
-
-	if (b->init && (out != NULL))
-		{
-		if (b->flags&BIO_FLAGS_UPLINK)
-			ret=UP_fread(out,1,(int)outl,b->ptr);
-		else
-			ret=fread(out,1,(int)outl,(FILE *)b->ptr);
-		if(ret == 0 && (b->flags&BIO_FLAGS_UPLINK)?UP_ferror((FILE *)b->ptr):ferror((FILE *)b->ptr))
-			{
-			SYSerr(SYS_F_FREAD,get_last_sys_error());
-			BIOerr(BIO_F_FILE_READ,ERR_R_SYS_LIB);
-			ret=-1;
-			}
-		}
-	return(ret);
-	}
+{
+    int ret = 0;
+
+    if (b->init && (out != NULL)) {
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = UP_fread(out, 1, (int)outl, b->ptr);
+        else
+            ret = fread(out, 1, (int)outl, (FILE *)b->ptr);
+        if (ret == 0
+            && (b->flags & BIO_FLAGS_UPLINK) ? UP_ferror((FILE *)b->ptr) :
+            ferror((FILE *)b->ptr)) {
+            SYSerr(SYS_F_FREAD, get_last_sys_error());
+            BIOerr(BIO_F_FILE_READ, ERR_R_SYS_LIB);
+            ret = -1;
+        }
+    }
+    return (ret);
+}
 
 static int MS_CALLBACK file_write(BIO *b, const char *in, int inl)
-	{
-	int ret=0;
-
-	if (b->init && (in != NULL))
-		{
-		if (b->flags&BIO_FLAGS_UPLINK)
-			ret=UP_fwrite(in,(int)inl,1,b->ptr);
-		else
-			ret=fwrite(in,(int)inl,1,(FILE *)b->ptr);
-		if (ret)
-			ret=inl;
-		/* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
-		/* according to Tim Hudson <tjh@cryptsoft.com>, the commented
-		 * out version above can cause 'inl' write calls under
-		 * some stupid stdio implementations (VMS) */
-		}
-	return(ret);
-	}
+{
+    int ret = 0;
+
+    if (b->init && (in != NULL)) {
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = UP_fwrite(in, (int)inl, 1, b->ptr);
+        else
+            ret = fwrite(in, (int)inl, 1, (FILE *)b->ptr);
+        if (ret)
+            ret = inl;
+        /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */
+        /*
+         * according to Tim Hudson <tjh@cryptsoft.com>, the commented out
+         * version above can cause 'inl' write calls under some stupid stdio
+         * implementations (VMS)
+         */
+    }
+    return (ret);
+}
 
 static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret=1;
-	FILE *fp=(FILE *)b->ptr;
-	FILE **fpp;
-	char p[4];
-
-	switch (cmd)
-		{
-	case BIO_C_FILE_SEEK:
-	case BIO_CTRL_RESET:
-		if (b->flags&BIO_FLAGS_UPLINK)
-			ret=(long)UP_fseek(b->ptr,num,0);
-		else
-			ret=(long)fseek(fp,num,0);
-		break;
-	case BIO_CTRL_EOF:
-		if (b->flags&BIO_FLAGS_UPLINK)
-			ret=(long)UP_feof(fp);
-		else
-			ret=(long)feof(fp);
-		break;
-	case BIO_C_FILE_TELL:
-	case BIO_CTRL_INFO:
-		if (b->flags&BIO_FLAGS_UPLINK)
-			ret=UP_ftell(b->ptr);
-		else
-			ret=ftell(fp);
-		break;
-	case BIO_C_SET_FILE_PTR:
-		file_free(b);
-		b->shutdown=(int)num&BIO_CLOSE;
-		b->ptr=ptr;
-		b->init=1;
-#if BIO_FLAGS_UPLINK!=0
-#if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
-#define _IOB_ENTRIES 20
-#endif
-#if defined(_IOB_ENTRIES)
-		/* Safety net to catch purely internal BIO_set_fp calls */
-		if ((size_t)ptr >= (size_t)stdin &&
-		    (size_t)ptr <  (size_t)(stdin+_IOB_ENTRIES))
-			BIO_clear_flags(b,BIO_FLAGS_UPLINK);
-#endif
-#endif
-#ifdef UP_fsetmod
-		if (b->flags&BIO_FLAGS_UPLINK)
-			UP_fsetmod(b->ptr,(char)((num&BIO_FP_TEXT)?'t':'b'));
-		else
-#endif
-		{
-#if defined(OPENSSL_SYS_WINDOWS)
-		int fd = _fileno((FILE*)ptr);
-		if (num & BIO_FP_TEXT)
-			_setmode(fd,_O_TEXT);
-		else
-			_setmode(fd,_O_BINARY);
-#elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
-		int fd = fileno((FILE*)ptr);
-         /* Under CLib there are differences in file modes
-         */
-		if (num & BIO_FP_TEXT)
-			setmode(fd,O_TEXT);
-		else
-			setmode(fd,O_BINARY);
-#elif defined(OPENSSL_SYS_MSDOS)
-		int fd = fileno((FILE*)ptr);
-		/* Set correct text/binary mode */
-		if (num & BIO_FP_TEXT)
-			_setmode(fd,_O_TEXT);
-		/* Dangerous to set stdin/stdout to raw (unless redirected) */
-		else
-			{
-			if (fd == STDIN_FILENO || fd == STDOUT_FILENO)
-				{
-				if (isatty(fd) <= 0)
-					_setmode(fd,_O_BINARY);
-				}
-			else
-				_setmode(fd,_O_BINARY);
-			}
-#elif defined(OPENSSL_SYS_OS2)
-		int fd = fileno((FILE*)ptr);
-		if (num & BIO_FP_TEXT)
-			setmode(fd, O_TEXT);
-		else
-			setmode(fd, O_BINARY);
-#endif
-		}
-		break;
-	case BIO_C_SET_FILENAME:
-		file_free(b);
-		b->shutdown=(int)num&BIO_CLOSE;
-		if (num & BIO_FP_APPEND)
-			{
-			if (num & BIO_FP_READ)
-				BUF_strlcpy(p,"a+",sizeof p);
-			else	BUF_strlcpy(p,"a",sizeof p);
-			}
-		else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
-			BUF_strlcpy(p,"r+",sizeof p);
-		else if (num & BIO_FP_WRITE)
-			BUF_strlcpy(p,"w",sizeof p);
-		else if (num & BIO_FP_READ)
-			BUF_strlcpy(p,"r",sizeof p);
-		else
-			{
-			BIOerr(BIO_F_FILE_CTRL,BIO_R_BAD_FOPEN_MODE);
-			ret=0;
-			break;
-			}
-#if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
-		if (!(num & BIO_FP_TEXT))
-			strcat(p,"b");
-		else
-			strcat(p,"t");
-#endif
-#if defined(OPENSSL_SYS_NETWARE)
-		if (!(num & BIO_FP_TEXT))
-			strcat(p,"b");
-		else
-			strcat(p,"t");
-#endif
-		fp=fopen(ptr,p);
-		if (fp == NULL)
-			{
-			SYSerr(SYS_F_FOPEN,get_last_sys_error());
-			ERR_add_error_data(5,"fopen('",ptr,"','",p,"')");
-			BIOerr(BIO_F_FILE_CTRL,ERR_R_SYS_LIB);
-			ret=0;
-			break;
-			}
-		b->ptr=fp;
-		b->init=1;
-		BIO_clear_flags(b,BIO_FLAGS_UPLINK); /* we did fopen -> we disengage UPLINK */
-		break;
-	case BIO_C_GET_FILE_PTR:
-		/* the ptr parameter is actually a FILE ** in this case. */
-		if (ptr != NULL)
-			{
-			fpp=(FILE **)ptr;
-			*fpp=(FILE *)b->ptr;
-			}
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=(long)b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
-	case BIO_CTRL_FLUSH:
-		if (b->flags&BIO_FLAGS_UPLINK)
-			UP_fflush(b->ptr);
-		else
-			fflush((FILE *)b->ptr);
-		break;
-	case BIO_CTRL_DUP:
-		ret=1;
-		break;
-
-	case BIO_CTRL_WPENDING:
-	case BIO_CTRL_PENDING:
-	case BIO_CTRL_PUSH:
-	case BIO_CTRL_POP:
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
+{
+    long ret = 1;
+    FILE *fp = (FILE *)b->ptr;
+    FILE **fpp;
+    char p[4];
+
+    switch (cmd) {
+    case BIO_C_FILE_SEEK:
+    case BIO_CTRL_RESET:
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = (long)UP_fseek(b->ptr, num, 0);
+        else
+            ret = (long)fseek(fp, num, 0);
+        break;
+    case BIO_CTRL_EOF:
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = (long)UP_feof(fp);
+        else
+            ret = (long)feof(fp);
+        break;
+    case BIO_C_FILE_TELL:
+    case BIO_CTRL_INFO:
+        if (b->flags & BIO_FLAGS_UPLINK)
+            ret = UP_ftell(b->ptr);
+        else
+            ret = ftell(fp);
+        break;
+    case BIO_C_SET_FILE_PTR:
+        file_free(b);
+        b->shutdown = (int)num & BIO_CLOSE;
+        b->ptr = ptr;
+        b->init = 1;
+#  if BIO_FLAGS_UPLINK!=0
+#   if defined(__MINGW32__) && defined(__MSVCRT__) && !defined(_IOB_ENTRIES)
+#    define _IOB_ENTRIES 20
+#   endif
+#   if defined(_IOB_ENTRIES)
+        /* Safety net to catch purely internal BIO_set_fp calls */
+        if ((size_t)ptr >= (size_t)stdin &&
+            (size_t)ptr < (size_t)(stdin + _IOB_ENTRIES))
+            BIO_clear_flags(b, BIO_FLAGS_UPLINK);
+#   endif
+#  endif
+#  ifdef UP_fsetmod
+        if (b->flags & BIO_FLAGS_UPLINK)
+            UP_fsetmod(b->ptr, (char)((num & BIO_FP_TEXT) ? 't' : 'b'));
+        else
+#  endif
+        {
+#  if defined(OPENSSL_SYS_WINDOWS)
+            int fd = _fileno((FILE *)ptr);
+            if (num & BIO_FP_TEXT)
+                _setmode(fd, _O_TEXT);
+            else
+                _setmode(fd, _O_BINARY);
+#  elif defined(OPENSSL_SYS_NETWARE) && defined(NETWARE_CLIB)
+            int fd = fileno((FILE *)ptr);
+            /*
+             * Under CLib there are differences in file modes
+             */
+            if (num & BIO_FP_TEXT)
+                setmode(fd, O_TEXT);
+            else
+                setmode(fd, O_BINARY);
+#  elif defined(OPENSSL_SYS_MSDOS)
+            int fd = fileno((FILE *)ptr);
+            /* Set correct text/binary mode */
+            if (num & BIO_FP_TEXT)
+                _setmode(fd, _O_TEXT);
+            /* Dangerous to set stdin/stdout to raw (unless redirected) */
+            else {
+                if (fd == STDIN_FILENO || fd == STDOUT_FILENO) {
+                    if (isatty(fd) <= 0)
+                        _setmode(fd, _O_BINARY);
+                } else
+                    _setmode(fd, _O_BINARY);
+            }
+#  elif defined(OPENSSL_SYS_OS2)
+            int fd = fileno((FILE *)ptr);
+            if (num & BIO_FP_TEXT)
+                setmode(fd, O_TEXT);
+            else
+                setmode(fd, O_BINARY);
+#  endif
+        }
+        break;
+    case BIO_C_SET_FILENAME:
+        file_free(b);
+        b->shutdown = (int)num & BIO_CLOSE;
+        if (num & BIO_FP_APPEND) {
+            if (num & BIO_FP_READ)
+                BUF_strlcpy(p, "a+", sizeof p);
+            else
+                BUF_strlcpy(p, "a", sizeof p);
+        } else if ((num & BIO_FP_READ) && (num & BIO_FP_WRITE))
+            BUF_strlcpy(p, "r+", sizeof p);
+        else if (num & BIO_FP_WRITE)
+            BUF_strlcpy(p, "w", sizeof p);
+        else if (num & BIO_FP_READ)
+            BUF_strlcpy(p, "r", sizeof p);
+        else {
+            BIOerr(BIO_F_FILE_CTRL, BIO_R_BAD_FOPEN_MODE);
+            ret = 0;
+            break;
+        }
+#  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_WIN32_CYGWIN)
+        if (!(num & BIO_FP_TEXT))
+            strcat(p, "b");
+        else
+            strcat(p, "t");
+#  endif
+#  if defined(OPENSSL_SYS_NETWARE)
+        if (!(num & BIO_FP_TEXT))
+            strcat(p, "b");
+        else
+            strcat(p, "t");
+#  endif
+        fp = fopen(ptr, p);
+        if (fp == NULL) {
+            SYSerr(SYS_F_FOPEN, get_last_sys_error());
+            ERR_add_error_data(5, "fopen('", ptr, "','", p, "')");
+            BIOerr(BIO_F_FILE_CTRL, ERR_R_SYS_LIB);
+            ret = 0;
+            break;
+        }
+        b->ptr = fp;
+        b->init = 1;
+        BIO_clear_flags(b, BIO_FLAGS_UPLINK); /* we did fopen -> we disengage
+                                               * UPLINK */
+        break;
+    case BIO_C_GET_FILE_PTR:
+        /* the ptr parameter is actually a FILE ** in this case. */
+        if (ptr != NULL) {
+            fpp = (FILE **)ptr;
+            *fpp = (FILE *)b->ptr;
+        }
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = (long)b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
+    case BIO_CTRL_FLUSH:
+        if (b->flags & BIO_FLAGS_UPLINK)
+            UP_fflush(b->ptr);
+        else
+            fflush((FILE *)b->ptr);
+        break;
+    case BIO_CTRL_DUP:
+        ret = 1;
+        break;
+
+    case BIO_CTRL_WPENDING:
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_PUSH:
+    case BIO_CTRL_POP:
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
 
 static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size)
-	{
-	int ret=0;
-
-	buf[0]='\0';
-	if (bp->flags&BIO_FLAGS_UPLINK)
-		{
-		if (!UP_fgets(buf,size,bp->ptr))
-			goto err;
-		}
-	else
-		{
-		if (!fgets(buf,size,(FILE *)bp->ptr))
-			goto err;
-		}
-	if (buf[0] != '\0')
-		ret=strlen(buf);
-	err:
-	return(ret);
-	}
+{
+    int ret = 0;
+
+    buf[0] = '\0';
+    if (bp->flags & BIO_FLAGS_UPLINK) {
+        if (!UP_fgets(buf, size, bp->ptr))
+            goto err;
+    } else {
+        if (!fgets(buf, size, (FILE *)bp->ptr))
+            goto err;
+    }
+    if (buf[0] != '\0')
+        ret = strlen(buf);
+ err:
+    return (ret);
+}
 
 static int MS_CALLBACK file_puts(BIO *bp, const char *str)
-	{
-	int n,ret;
+{
+    int n, ret;
 
-	n=strlen(str);
-	ret=file_write(bp,str,n);
-	return(ret);
-	}
+    n = strlen(str);
+    ret = file_write(bp, str, n);
+    return (ret);
+}
 
 #else
 
 BIO_METHOD *BIO_s_file(void)
-	{
-	return NULL;
-	}
+{
+    return NULL;
+}
 
 BIO *BIO_new_file(const char *filename, const char *mode)
-	{
-	return NULL;
-	}
+{
+    return NULL;
+}
 
 BIO *BIO_new_fp(FILE *stream, int close_flag)
-	{
-	return NULL;
-	}
-
-#endif /* OPENSSL_NO_STDIO */
-
-#endif /* HEADER_BSS_FILE_C */
+{
+    return NULL;
+}
 
+# endif                         /* OPENSSL_NO_STDIO */
 
+#endif                          /* HEADER_BSS_FILE_C */
diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_log.c b/Cryptlib/OpenSSL/crypto/bio/bss_log.c
index 6360dbc8..679d205f 100644
--- a/Cryptlib/OpenSSL/crypto/bio/bss_log.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bss_log.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -54,14 +54,13 @@
  */
 
 /*
-	Why BIO_s_log?
-
-	BIO_s_log is useful for system daemons (or services under NT).
-	It is one-way BIO, it sends all stuff to syslogd (on system that
-	commonly use that), or event log (on NT), or OPCOM (on OpenVMS).
-
-*/
-
+ * Why BIO_s_log?
+ *
+ * BIO_s_log is useful for system daemons (or services under NT). It is
+ * one-way BIO, it sends all stuff to syslogd (on system that commonly use
+ * that), or event log (on NT), or OPCOM (on OpenVMS).
+ *
+ */
 
 #include <stdio.h>
 #include <errno.h>
@@ -70,18 +69,18 @@
 
 #if defined(OPENSSL_SYS_WINCE)
 #elif defined(OPENSSL_SYS_WIN32)
-#  include <process.h>
+# include <process.h>
 #elif defined(OPENSSL_SYS_VMS)
-#  include <opcdef.h>
-#  include <descrip.h>
-#  include <lib$routines.h>
-#  include <starlet.h>
+# include <opcdef.h>
+# include <descrip.h>
+# include <lib$routines.h>
+# include <starlet.h>
 #elif defined(__ultrix)
-#  include <sys/syslog.h>
+# include <sys/syslog.h>
 #elif defined(OPENSSL_SYS_NETWARE)
-#  define NO_SYSLOG
+# define NO_SYSLOG
 #elif (!defined(MSDOS) || defined(WATT32)) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG)
-#  include <syslog.h>
+# include <syslog.h>
 #endif
 
 #include <openssl/buffer.h>
@@ -89,314 +88,365 @@
 
 #ifndef NO_SYSLOG
 
-#if defined(OPENSSL_SYS_WIN32)
-#define LOG_EMERG	0
-#define LOG_ALERT	1
-#define LOG_CRIT	2
-#define LOG_ERR		3
-#define LOG_WARNING	4
-#define LOG_NOTICE	5
-#define LOG_INFO	6
-#define LOG_DEBUG	7
-
-#define LOG_DAEMON	(3<<3)
-#elif defined(OPENSSL_SYS_VMS)
+# if defined(OPENSSL_SYS_WIN32)
+#  define LOG_EMERG       0
+#  define LOG_ALERT       1
+#  define LOG_CRIT        2
+#  define LOG_ERR         3
+#  define LOG_WARNING     4
+#  define LOG_NOTICE      5
+#  define LOG_INFO        6
+#  define LOG_DEBUG       7
+
+#  define LOG_DAEMON      (3<<3)
+# elif defined(OPENSSL_SYS_VMS)
 /* On VMS, we don't really care about these, but we need them to compile */
-#define LOG_EMERG	0
-#define LOG_ALERT	1
-#define LOG_CRIT	2
-#define LOG_ERR		3
-#define LOG_WARNING	4
-#define LOG_NOTICE	5
-#define LOG_INFO	6
-#define LOG_DEBUG	7
-
-#define LOG_DAEMON	OPC$M_NM_NTWORK
-#endif
+#  define LOG_EMERG       0
+#  define LOG_ALERT       1
+#  define LOG_CRIT        2
+#  define LOG_ERR         3
+#  define LOG_WARNING     4
+#  define LOG_NOTICE      5
+#  define LOG_INFO        6
+#  define LOG_DEBUG       7
+
+#  define LOG_DAEMON      OPC$M_NM_NTWORK
+# endif
 
 static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num);
 static int MS_CALLBACK slg_puts(BIO *h, const char *str);
 static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int MS_CALLBACK slg_new(BIO *h);
 static int MS_CALLBACK slg_free(BIO *data);
-static void xopenlog(BIO* bp, char* name, int level);
-static void xsyslog(BIO* bp, int priority, const char* string);
-static void xcloselog(BIO* bp);
-#ifdef OPENSSL_SYS_WIN32
-LONG	(WINAPI *go_for_advapi)()	= RegOpenKeyEx;
-HANDLE	(WINAPI *register_event_source)()	= NULL;
-BOOL	(WINAPI *deregister_event_source)()	= NULL;
-BOOL	(WINAPI *report_event)()	= NULL;
-#define DL_PROC(m,f)	(GetProcAddress( m, f ))
-#ifdef UNICODE
-#define DL_PROC_X(m,f) DL_PROC( m, f "W" )
-#else
-#define DL_PROC_X(m,f) DL_PROC( m, f "A" )
-#endif
-#endif
-
-static BIO_METHOD methods_slg=
-	{
-	BIO_TYPE_MEM,"syslog",
-	slg_write,
-	NULL,
-	slg_puts,
-	NULL,
-	slg_ctrl,
-	slg_new,
-	slg_free,
-	NULL,
-	};
+static void xopenlog(BIO *bp, char *name, int level);
+static void xsyslog(BIO *bp, int priority, const char *string);
+static void xcloselog(BIO *bp);
+# ifdef OPENSSL_SYS_WIN32
+LONG(WINAPI *go_for_advapi) () = RegOpenKeyEx;
+HANDLE(WINAPI *register_event_source) () = NULL;
+BOOL(WINAPI *deregister_event_source) () = NULL;
+BOOL(WINAPI *report_event) () = NULL;
+#  define DL_PROC(m,f)    (GetProcAddress( m, f ))
+#  ifdef UNICODE
+#   define DL_PROC_X(m,f) DL_PROC( m, f "W" )
+#  else
+#   define DL_PROC_X(m,f) DL_PROC( m, f "A" )
+#  endif
+# endif
+
+static BIO_METHOD methods_slg = {
+    BIO_TYPE_MEM, "syslog",
+    slg_write,
+    NULL,
+    slg_puts,
+    NULL,
+    slg_ctrl,
+    slg_new,
+    slg_free,
+    NULL,
+};
 
 BIO_METHOD *BIO_s_log(void)
-	{
-	return(&methods_slg);
-	}
+{
+    return (&methods_slg);
+}
 
 static int MS_CALLBACK slg_new(BIO *bi)
-	{
-	bi->init=1;
-	bi->num=0;
-	bi->ptr=NULL;
-	xopenlog(bi, "application", LOG_DAEMON);
-	return(1);
-	}
+{
+    bi->init = 1;
+    bi->num = 0;
+    bi->ptr = NULL;
+    xopenlog(bi, "application", LOG_DAEMON);
+    return (1);
+}
 
 static int MS_CALLBACK slg_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	xcloselog(a);
-	return(1);
-	}
-	
+{
+    if (a == NULL)
+        return (0);
+    xcloselog(a);
+    return (1);
+}
+
 static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl)
-	{
-	int ret= inl;
-	char* buf;
-	char* pp;
-	int priority, i;
-	static struct
-		{
-		int strl;
-		char str[10];
-		int log_level;
-		}
-	mapping[] =
-		{
-		{ 6, "PANIC ", LOG_EMERG },
-		{ 6, "EMERG ", LOG_EMERG },
-		{ 4, "EMR ", LOG_EMERG },
-		{ 6, "ALERT ", LOG_ALERT },
-		{ 4, "ALR ", LOG_ALERT },
-		{ 5, "CRIT ", LOG_CRIT },
-		{ 4, "CRI ", LOG_CRIT },
-		{ 6, "ERROR ", LOG_ERR },
-		{ 4, "ERR ", LOG_ERR },
-		{ 8, "WARNING ", LOG_WARNING },
-		{ 5, "WARN ", LOG_WARNING },
-		{ 4, "WAR ", LOG_WARNING },
-		{ 7, "NOTICE ", LOG_NOTICE },
-		{ 5, "NOTE ", LOG_NOTICE },
-		{ 4, "NOT ", LOG_NOTICE },
-		{ 5, "INFO ", LOG_INFO },
-		{ 4, "INF ", LOG_INFO },
-		{ 6, "DEBUG ", LOG_DEBUG },
-		{ 4, "DBG ", LOG_DEBUG },
-		{ 0, "", LOG_ERR } /* The default */
-		};
-
-	if((buf= (char *)OPENSSL_malloc(inl+ 1)) == NULL){
-		return(0);
-	}
-	strncpy(buf, in, inl);
-	buf[inl]= '\0';
-
-	i = 0;
-	while(strncmp(buf, mapping[i].str, mapping[i].strl) != 0) i++;
-	priority = mapping[i].log_level;
-	pp = buf + mapping[i].strl;
-
-	xsyslog(b, priority, pp);
-
-	OPENSSL_free(buf);
-	return(ret);
-	}
+{
+    int ret = inl;
+    char *buf;
+    char *pp;
+    int priority, i;
+    static struct {
+        int strl;
+        char str[10];
+        int log_level;
+    } mapping[] = {
+        {
+            6, "PANIC ", LOG_EMERG
+        },
+        {
+            6, "EMERG ", LOG_EMERG
+        },
+        {
+            4, "EMR ", LOG_EMERG
+        },
+        {
+            6, "ALERT ", LOG_ALERT
+        },
+        {
+            4, "ALR ", LOG_ALERT
+        },
+        {
+            5, "CRIT ", LOG_CRIT
+        },
+        {
+            4, "CRI ", LOG_CRIT
+        },
+        {
+            6, "ERROR ", LOG_ERR
+        },
+        {
+            4, "ERR ", LOG_ERR
+        },
+        {
+            8, "WARNING ", LOG_WARNING
+        },
+        {
+            5, "WARN ", LOG_WARNING
+        },
+        {
+            4, "WAR ", LOG_WARNING
+        },
+        {
+            7, "NOTICE ", LOG_NOTICE
+        },
+        {
+            5, "NOTE ", LOG_NOTICE
+        },
+        {
+            4, "NOT ", LOG_NOTICE
+        },
+        {
+            5, "INFO ", LOG_INFO
+        },
+        {
+            4, "INF ", LOG_INFO
+        },
+        {
+            6, "DEBUG ", LOG_DEBUG
+        },
+        {
+            4, "DBG ", LOG_DEBUG
+        },
+        {
+            0, "", LOG_ERR
+        }
+        /* The default */
+    };
+
+    if ((buf = (char *)OPENSSL_malloc(inl + 1)) == NULL) {
+        return (0);
+    }
+    strncpy(buf, in, inl);
+    buf[inl] = '\0';
+
+    i = 0;
+    while (strncmp(buf, mapping[i].str, mapping[i].strl) != 0)
+        i++;
+    priority = mapping[i].log_level;
+    pp = buf + mapping[i].strl;
+
+    xsyslog(b, priority, pp);
+
+    OPENSSL_free(buf);
+    return (ret);
+}
 
 static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	switch (cmd)
-		{
-	case BIO_CTRL_SET:
-		xcloselog(b);
-		xopenlog(b, ptr, num);
-		break;
-	default:
-		break;
-		}
-	return(0);
-	}
+{
+    switch (cmd) {
+    case BIO_CTRL_SET:
+        xcloselog(b);
+        xopenlog(b, ptr, num);
+        break;
+    default:
+        break;
+    }
+    return (0);
+}
 
 static int MS_CALLBACK slg_puts(BIO *bp, const char *str)
-	{
-	int n,ret;
+{
+    int n, ret;
 
-	n=strlen(str);
-	ret=slg_write(bp,str,n);
-	return(ret);
-	}
+    n = strlen(str);
+    ret = slg_write(bp, str, n);
+    return (ret);
+}
 
-#if defined(OPENSSL_SYS_WIN32)
+# if defined(OPENSSL_SYS_WIN32)
 
-static void xopenlog(BIO* bp, char* name, int level)
+static void xopenlog(BIO *bp, char *name, int level)
 {
-	if ( !register_event_source )
-		{
-		HANDLE	advapi;
-		if ( !(advapi = GetModuleHandle("advapi32")) )
-			return;
-		register_event_source = (HANDLE (WINAPI *)())DL_PROC_X(advapi,
-			"RegisterEventSource" );
-		deregister_event_source = (BOOL (WINAPI *)())DL_PROC(advapi,
-			"DeregisterEventSource");
-		report_event = (BOOL (WINAPI *)())DL_PROC_X(advapi,
-			"ReportEvent" );
-		if ( !(register_event_source && deregister_event_source &&
-				report_event) )
-			{
-			register_event_source = NULL;
-			deregister_event_source = NULL;
-			report_event = NULL;
-			return;
-			}
-		}
-	bp->ptr= (char *)register_event_source(NULL, name);
+    if (!register_event_source) {
+        HANDLE advapi;
+        if (!(advapi = GetModuleHandle("advapi32")))
+            return;
+        register_event_source = (HANDLE(WINAPI *)())DL_PROC_X(advapi,
+                                                              "RegisterEventSource");
+        deregister_event_source = (BOOL(WINAPI *)()) DL_PROC(advapi,
+                                                             "DeregisterEventSource");
+        report_event = (BOOL(WINAPI *)()) DL_PROC_X(advapi, "ReportEvent");
+        if (!(register_event_source && deregister_event_source &&
+              report_event)) {
+            register_event_source = NULL;
+            deregister_event_source = NULL;
+            report_event = NULL;
+            return;
+        }
+    }
+    bp->ptr = (char *)register_event_source(NULL, name);
 }
 
 static void xsyslog(BIO *bp, int priority, const char *string)
 {
-	LPCSTR lpszStrings[2];
-	WORD evtype= EVENTLOG_ERROR_TYPE;
-	int pid = _getpid();
-	char pidbuf[DECIMAL_SIZE(pid)+4];
-
-	switch (priority)
-		{
-	case LOG_EMERG:
-	case LOG_ALERT:
-	case LOG_CRIT:
-	case LOG_ERR:
-		evtype = EVENTLOG_ERROR_TYPE;
-		break;
-	case LOG_WARNING:
-		evtype = EVENTLOG_WARNING_TYPE;
-		break;
-	case LOG_NOTICE:
-	case LOG_INFO:
-	case LOG_DEBUG:
-		evtype = EVENTLOG_INFORMATION_TYPE;
-		break;
-	default:		/* Should never happen, but set it
-				   as error anyway. */
-		evtype = EVENTLOG_ERROR_TYPE;
-		break;
-		}
-
-	sprintf(pidbuf, "[%d] ", pid);
-	lpszStrings[0] = pidbuf;
-	lpszStrings[1] = string;
-
-	if(report_event && bp->ptr)
-		report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0,
-				lpszStrings, NULL);
+    LPCSTR lpszStrings[2];
+    WORD evtype = EVENTLOG_ERROR_TYPE;
+    int pid = _getpid();
+    char pidbuf[DECIMAL_SIZE(pid) + 4];
+
+    switch (priority) {
+    case LOG_EMERG:
+    case LOG_ALERT:
+    case LOG_CRIT:
+    case LOG_ERR:
+        evtype = EVENTLOG_ERROR_TYPE;
+        break;
+    case LOG_WARNING:
+        evtype = EVENTLOG_WARNING_TYPE;
+        break;
+    case LOG_NOTICE:
+    case LOG_INFO:
+    case LOG_DEBUG:
+        evtype = EVENTLOG_INFORMATION_TYPE;
+        break;
+    default:
+        /*
+         * Should never happen, but set it
+         * as error anyway.
+         */
+        evtype = EVENTLOG_ERROR_TYPE;
+        break;
+    }
+
+    sprintf(pidbuf, "[%d] ", pid);
+    lpszStrings[0] = pidbuf;
+    lpszStrings[1] = string;
+
+    if (report_event && bp->ptr)
+        report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0, lpszStrings, NULL);
 }
-	
-static void xcloselog(BIO* bp)
+
+static void xcloselog(BIO *bp)
 {
-	if(deregister_event_source && bp->ptr)
-		deregister_event_source((HANDLE)(bp->ptr));
-	bp->ptr= NULL;
+    if (deregister_event_source && bp->ptr)
+        deregister_event_source((HANDLE) (bp->ptr));
+    bp->ptr = NULL;
 }
 
-#elif defined(OPENSSL_SYS_VMS)
+# elif defined(OPENSSL_SYS_VMS)
 
 static int VMS_OPC_target = LOG_DAEMON;
 
-static void xopenlog(BIO* bp, char* name, int level)
+static void xopenlog(BIO *bp, char *name, int level)
 {
-	VMS_OPC_target = level; 
+    VMS_OPC_target = level;
 }
 
 static void xsyslog(BIO *bp, int priority, const char *string)
 {
-	struct dsc$descriptor_s opc_dsc;
-	struct opcdef *opcdef_p;
-	char buf[10240];
-	unsigned int len;
-        struct dsc$descriptor_s buf_dsc;
-	$DESCRIPTOR(fao_cmd, "!AZ: !AZ");
-	char *priority_tag;
-
-	switch (priority)
-	  {
-	  case LOG_EMERG: priority_tag = "Emergency"; break;
-	  case LOG_ALERT: priority_tag = "Alert"; break;
-	  case LOG_CRIT: priority_tag = "Critical"; break;
-	  case LOG_ERR: priority_tag = "Error"; break;
-	  case LOG_WARNING: priority_tag = "Warning"; break;
-	  case LOG_NOTICE: priority_tag = "Notice"; break;
-	  case LOG_INFO: priority_tag = "Info"; break;
-	  case LOG_DEBUG: priority_tag = "DEBUG"; break;
-	  }
-
-	buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-	buf_dsc.dsc$b_class = DSC$K_CLASS_S;
-	buf_dsc.dsc$a_pointer = buf;
-	buf_dsc.dsc$w_length = sizeof(buf) - 1;
-
-	lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
-
-	/* we know there's an 8 byte header.  That's documented */
-	opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len);
-	opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
-	memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
-	opcdef_p->opc$l_ms_rqstid = 0;
-	memcpy(&opcdef_p->opc$l_ms_text, buf, len);
-
-	opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-	opc_dsc.dsc$b_class = DSC$K_CLASS_S;
-	opc_dsc.dsc$a_pointer = (char *)opcdef_p;
-	opc_dsc.dsc$w_length = len + 8;
-
-	sys$sndopr(opc_dsc, 0);
-
-	OPENSSL_free(opcdef_p);
+    struct dsc$descriptor_s opc_dsc;
+    struct opcdef *opcdef_p;
+    char buf[10240];
+    unsigned int len;
+    struct dsc$descriptor_s buf_dsc;
+    $DESCRIPTOR(fao_cmd, "!AZ: !AZ");
+    char *priority_tag;
+
+    switch (priority) {
+    case LOG_EMERG:
+        priority_tag = "Emergency";
+        break;
+    case LOG_ALERT:
+        priority_tag = "Alert";
+        break;
+    case LOG_CRIT:
+        priority_tag = "Critical";
+        break;
+    case LOG_ERR:
+        priority_tag = "Error";
+        break;
+    case LOG_WARNING:
+        priority_tag = "Warning";
+        break;
+    case LOG_NOTICE:
+        priority_tag = "Notice";
+        break;
+    case LOG_INFO:
+        priority_tag = "Info";
+        break;
+    case LOG_DEBUG:
+        priority_tag = "DEBUG";
+        break;
+    }
+
+    buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    buf_dsc.dsc$b_class = DSC$K_CLASS_S;
+    buf_dsc.dsc$a_pointer = buf;
+    buf_dsc.dsc$w_length = sizeof(buf) - 1;
+
+    lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string);
+
+    /* we know there's an 8 byte header.  That's documented */
+    opcdef_p = (struct opcdef *)OPENSSL_malloc(8 + len);
+    opcdef_p->opc$b_ms_type = OPC$_RQ_RQST;
+    memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3);
+    opcdef_p->opc$l_ms_rqstid = 0;
+    memcpy(&opcdef_p->opc$l_ms_text, buf, len);
+
+    opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    opc_dsc.dsc$b_class = DSC$K_CLASS_S;
+    opc_dsc.dsc$a_pointer = (char *)opcdef_p;
+    opc_dsc.dsc$w_length = len + 8;
+
+    sys$sndopr(opc_dsc, 0);
+
+    OPENSSL_free(opcdef_p);
 }
 
-static void xcloselog(BIO* bp)
+static void xcloselog(BIO *bp)
 {
 }
 
-#else /* Unix/Watt32 */
+# else                          /* Unix/Watt32 */
 
-static void xopenlog(BIO* bp, char* name, int level)
+static void xopenlog(BIO *bp, char *name, int level)
 {
-#ifdef WATT32   /* djgpp/DOS */
-	openlog(name, LOG_PID|LOG_CONS|LOG_NDELAY, level);
-#else
-	openlog(name, LOG_PID|LOG_CONS, level);
-#endif
+#  ifdef WATT32                 /* djgpp/DOS */
+    openlog(name, LOG_PID | LOG_CONS | LOG_NDELAY, level);
+#  else
+    openlog(name, LOG_PID | LOG_CONS, level);
+#  endif
 }
 
 static void xsyslog(BIO *bp, int priority, const char *string)
 {
-	syslog(priority, "%s", string);
+    syslog(priority, "%s", string);
 }
 
-static void xcloselog(BIO* bp)
+static void xcloselog(BIO *bp)
 {
-	closelog();
+    closelog();
 }
 
-#endif /* Unix */
+# endif                         /* Unix */
 
-#endif /* NO_SYSLOG */
+#endif                          /* NO_SYSLOG */
diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c
index e7ab9cb3..9e6f097a 100644
--- a/Cryptlib/OpenSSL/crypto/bio/bss_mem.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bss_mem.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -68,256 +68,249 @@ static int mem_gets(BIO *h, char *str, int size);
 static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int mem_new(BIO *h);
 static int mem_free(BIO *data);
-static BIO_METHOD mem_method=
-	{
-	BIO_TYPE_MEM,
-	"memory buffer",
-	mem_write,
-	mem_read,
-	mem_puts,
-	mem_gets,
-	mem_ctrl,
-	mem_new,
-	mem_free,
-	NULL,
-	};
+static BIO_METHOD mem_method = {
+    BIO_TYPE_MEM,
+    "memory buffer",
+    mem_write,
+    mem_read,
+    mem_puts,
+    mem_gets,
+    mem_ctrl,
+    mem_new,
+    mem_free,
+    NULL,
+};
 
-/* bio->num is used to hold the value to return on 'empty', if it is
- * 0, should_retry is not set */
+/*
+ * bio->num is used to hold the value to return on 'empty', if it is 0,
+ * should_retry is not set
+ */
 
 BIO_METHOD *BIO_s_mem(void)
-	{
-	return(&mem_method);
-	}
+{
+    return (&mem_method);
+}
 
 BIO *BIO_new_mem_buf(void *buf, int len)
 {
-	BIO *ret;
-	BUF_MEM *b;
-	if (!buf) {
-		BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER);
-		return NULL;
-	}
-	if(len == -1) len = strlen(buf);
-	if(!(ret = BIO_new(BIO_s_mem())) ) return NULL;
-	b = (BUF_MEM *)ret->ptr;
-	b->data = buf;
-	b->length = len;
-	b->max = len;
-	ret->flags |= BIO_FLAGS_MEM_RDONLY;
-	/* Since this is static data retrying wont help */
-	ret->num = 0;
-	return ret;
+    BIO *ret;
+    BUF_MEM *b;
+    if (!buf) {
+        BIOerr(BIO_F_BIO_NEW_MEM_BUF, BIO_R_NULL_PARAMETER);
+        return NULL;
+    }
+    if (len == -1)
+        len = strlen(buf);
+    if (!(ret = BIO_new(BIO_s_mem())))
+        return NULL;
+    b = (BUF_MEM *)ret->ptr;
+    b->data = buf;
+    b->length = len;
+    b->max = len;
+    ret->flags |= BIO_FLAGS_MEM_RDONLY;
+    /* Since this is static data retrying wont help */
+    ret->num = 0;
+    return ret;
 }
 
 static int mem_new(BIO *bi)
-	{
-	BUF_MEM *b;
+{
+    BUF_MEM *b;
 
-	if ((b=BUF_MEM_new()) == NULL)
-		return(0);
-	bi->shutdown=1;
-	bi->init=1;
-	bi->num= -1;
-	bi->ptr=(char *)b;
-	return(1);
-	}
+    if ((b = BUF_MEM_new()) == NULL)
+        return (0);
+    bi->shutdown = 1;
+    bi->init = 1;
+    bi->num = -1;
+    bi->ptr = (char *)b;
+    return (1);
+}
 
 static int mem_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	if (a->shutdown)
-		{
-		if ((a->init) && (a->ptr != NULL))
-			{
-			BUF_MEM *b;
-			b = (BUF_MEM *)a->ptr;
-			if(a->flags & BIO_FLAGS_MEM_RDONLY) b->data = NULL;
-			BUF_MEM_free(b);
-			a->ptr=NULL;
-			}
-		}
-	return(1);
-	}
-	
+{
+    if (a == NULL)
+        return (0);
+    if (a->shutdown) {
+        if ((a->init) && (a->ptr != NULL)) {
+            BUF_MEM *b;
+            b = (BUF_MEM *)a->ptr;
+            if (a->flags & BIO_FLAGS_MEM_RDONLY)
+                b->data = NULL;
+            BUF_MEM_free(b);
+            a->ptr = NULL;
+        }
+    }
+    return (1);
+}
+
 static int mem_read(BIO *b, char *out, int outl)
-	{
-	int ret= -1;
-	BUF_MEM *bm;
-	int i;
-	char *from,*to;
+{
+    int ret = -1;
+    BUF_MEM *bm;
+    int i;
+    char *from, *to;
 
-	bm=(BUF_MEM *)b->ptr;
-	BIO_clear_retry_flags(b);
-	ret=(outl > bm->length)?bm->length:outl;
-	if ((out != NULL) && (ret > 0)) {
-		memcpy(out,bm->data,ret);
-		bm->length-=ret;
-		/* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */
-		if(b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret;
-		else {
-			from=(char *)&(bm->data[ret]);
-			to=(char *)&(bm->data[0]);
-			for (i=0; i<bm->length; i++)
-				to[i]=from[i];
-		}
-	} else if (bm->length == 0)
-		{
-		ret = b->num;
-		if (ret != 0)
-			BIO_set_retry_read(b);
-		}
-	return(ret);
-	}
+    bm = (BUF_MEM *)b->ptr;
+    BIO_clear_retry_flags(b);
+    ret = (outl > bm->length) ? bm->length : outl;
+    if ((out != NULL) && (ret > 0)) {
+        memcpy(out, bm->data, ret);
+        bm->length -= ret;
+        /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */
+        if (b->flags & BIO_FLAGS_MEM_RDONLY)
+            bm->data += ret;
+        else {
+            from = (char *)&(bm->data[ret]);
+            to = (char *)&(bm->data[0]);
+            for (i = 0; i < bm->length; i++)
+                to[i] = from[i];
+        }
+    } else if (bm->length == 0) {
+        ret = b->num;
+        if (ret != 0)
+            BIO_set_retry_read(b);
+    }
+    return (ret);
+}
 
 static int mem_write(BIO *b, const char *in, int inl)
-	{
-	int ret= -1;
-	int blen;
-	BUF_MEM *bm;
+{
+    int ret = -1;
+    int blen;
+    BUF_MEM *bm;
 
-	bm=(BUF_MEM *)b->ptr;
-	if (in == NULL)
-		{
-		BIOerr(BIO_F_MEM_WRITE,BIO_R_NULL_PARAMETER);
-		goto end;
-		}
+    bm = (BUF_MEM *)b->ptr;
+    if (in == NULL) {
+        BIOerr(BIO_F_MEM_WRITE, BIO_R_NULL_PARAMETER);
+        goto end;
+    }
 
-	if(b->flags & BIO_FLAGS_MEM_RDONLY) {
-		BIOerr(BIO_F_MEM_WRITE,BIO_R_WRITE_TO_READ_ONLY_BIO);
-		goto end;
-	}
+    if (b->flags & BIO_FLAGS_MEM_RDONLY) {
+        BIOerr(BIO_F_MEM_WRITE, BIO_R_WRITE_TO_READ_ONLY_BIO);
+        goto end;
+    }
 
-	BIO_clear_retry_flags(b);
-	blen=bm->length;
-	if (BUF_MEM_grow_clean(bm,blen+inl) != (blen+inl))
-		goto end;
-	memcpy(&(bm->data[blen]),in,inl);
-	ret=inl;
-end:
-	return(ret);
-	}
+    BIO_clear_retry_flags(b);
+    blen = bm->length;
+    if (BUF_MEM_grow_clean(bm, blen + inl) != (blen + inl))
+        goto end;
+    memcpy(&(bm->data[blen]), in, inl);
+    ret = inl;
+ end:
+    return (ret);
+}
 
 static long mem_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret=1;
-	char **pptr;
+{
+    long ret = 1;
+    char **pptr;
 
-	BUF_MEM *bm=(BUF_MEM *)b->ptr;
+    BUF_MEM *bm = (BUF_MEM *)b->ptr;
 
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		if (bm->data != NULL)
-			{
-			/* For read only case reset to the start again */
-			if(b->flags & BIO_FLAGS_MEM_RDONLY) 
-				{
-				bm->data -= bm->max - bm->length;
-				bm->length = bm->max;
-				}
-			else
-				{
-				memset(bm->data,0,bm->max);
-				bm->length=0;
-				}
-			}
-		break;
-	case BIO_CTRL_EOF:
-		ret=(long)(bm->length == 0);
-		break;
-	case BIO_C_SET_BUF_MEM_EOF_RETURN:
-		b->num=(int)num;
-		break;
-	case BIO_CTRL_INFO:
-		ret=(long)bm->length;
-		if (ptr != NULL)
-			{
-			pptr=(char **)ptr;
-			*pptr=(char *)&(bm->data[0]);
-			}
-		break;
-	case BIO_C_SET_BUF_MEM:
-		mem_free(b);
-		b->shutdown=(int)num;
-		b->ptr=ptr;
-		break;
-	case BIO_C_GET_BUF_MEM_PTR:
-		if (ptr != NULL)
-			{
-			pptr=(char **)ptr;
-			*pptr=(char *)bm;
-			}
-		break;
-	case BIO_CTRL_GET_CLOSE:
-		ret=(long)b->shutdown;
-		break;
-	case BIO_CTRL_SET_CLOSE:
-		b->shutdown=(int)num;
-		break;
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        if (bm->data != NULL) {
+            /* For read only case reset to the start again */
+            if (b->flags & BIO_FLAGS_MEM_RDONLY) {
+                bm->data -= bm->max - bm->length;
+                bm->length = bm->max;
+            } else {
+                memset(bm->data, 0, bm->max);
+                bm->length = 0;
+            }
+        }
+        break;
+    case BIO_CTRL_EOF:
+        ret = (long)(bm->length == 0);
+        break;
+    case BIO_C_SET_BUF_MEM_EOF_RETURN:
+        b->num = (int)num;
+        break;
+    case BIO_CTRL_INFO:
+        ret = (long)bm->length;
+        if (ptr != NULL) {
+            pptr = (char **)ptr;
+            *pptr = (char *)&(bm->data[0]);
+        }
+        break;
+    case BIO_C_SET_BUF_MEM:
+        mem_free(b);
+        b->shutdown = (int)num;
+        b->ptr = ptr;
+        break;
+    case BIO_C_GET_BUF_MEM_PTR:
+        if (ptr != NULL) {
+            pptr = (char **)ptr;
+            *pptr = (char *)bm;
+        }
+        break;
+    case BIO_CTRL_GET_CLOSE:
+        ret = (long)b->shutdown;
+        break;
+    case BIO_CTRL_SET_CLOSE:
+        b->shutdown = (int)num;
+        break;
 
-	case BIO_CTRL_WPENDING:
-		ret=0L;
-		break;
-	case BIO_CTRL_PENDING:
-		ret=(long)bm->length;
-		break;
-	case BIO_CTRL_DUP:
-	case BIO_CTRL_FLUSH:
-		ret=1;
-		break;
-	case BIO_CTRL_PUSH:
-	case BIO_CTRL_POP:
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
+    case BIO_CTRL_WPENDING:
+        ret = 0L;
+        break;
+    case BIO_CTRL_PENDING:
+        ret = (long)bm->length;
+        break;
+    case BIO_CTRL_DUP:
+    case BIO_CTRL_FLUSH:
+        ret = 1;
+        break;
+    case BIO_CTRL_PUSH:
+    case BIO_CTRL_POP:
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
 
 static int mem_gets(BIO *bp, char *buf, int size)
-	{
-	int i,j;
-	int ret= -1;
-	char *p;
-	BUF_MEM *bm=(BUF_MEM *)bp->ptr;
+{
+    int i, j;
+    int ret = -1;
+    char *p;
+    BUF_MEM *bm = (BUF_MEM *)bp->ptr;
 
-	BIO_clear_retry_flags(bp);
-	j=bm->length;
-	if ((size-1) < j) j=size-1;
-	if (j <= 0)
-		{
-		*buf='\0';
-		return 0;
-		}
-	p=bm->data;
-	for (i=0; i<j; i++)
-		{
-		if (p[i] == '\n')
-			{
-			i++;
-			break;
-			}
-		}
+    BIO_clear_retry_flags(bp);
+    j = bm->length;
+    if ((size - 1) < j)
+        j = size - 1;
+    if (j <= 0) {
+        *buf = '\0';
+        return 0;
+    }
+    p = bm->data;
+    for (i = 0; i < j; i++) {
+        if (p[i] == '\n') {
+            i++;
+            break;
+        }
+    }
 
-	/*
-	 * i is now the max num of bytes to copy, either j or up to
-	 * and including the first newline
-	 */ 
+    /*
+     * i is now the max num of bytes to copy, either j or up to
+     * and including the first newline
+     */
 
-	i=mem_read(bp,buf,i);
-	if (i > 0) buf[i]='\0';
-	ret=i;
-	return(ret);
-	}
+    i = mem_read(bp, buf, i);
+    if (i > 0)
+        buf[i] = '\0';
+    ret = i;
+    return (ret);
+}
 
 static int mem_puts(BIO *bp, const char *str)
-	{
-	int n,ret;
-
-	n=strlen(str);
-	ret=mem_write(bp,str,n);
-	/* memory semantics is that it will always work */
-	return(ret);
-	}
+{
+    int n, ret;
 
+    n = strlen(str);
+    ret = mem_write(bp, str, n);
+    /* memory semantics is that it will always work */
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bio/bss_null.c b/Cryptlib/OpenSSL/crypto/bio/bss_null.c
index 46b73339..6a03fa24 100644
--- a/Cryptlib/OpenSSL/crypto/bio/bss_null.c
+++ b/Cryptlib/OpenSSL/crypto/bio/bss_null.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -68,83 +68,82 @@ static int null_gets(BIO *h, char *str, int size);
 static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int null_new(BIO *h);
 static int null_free(BIO *data);
-static BIO_METHOD null_method=
-	{
-	BIO_TYPE_NULL,
-	"NULL",
-	null_write,
-	null_read,
-	null_puts,
-	null_gets,
-	null_ctrl,
-	null_new,
-	null_free,
-	NULL,
-	};
+static BIO_METHOD null_method = {
+    BIO_TYPE_NULL,
+    "NULL",
+    null_write,
+    null_read,
+    null_puts,
+    null_gets,
+    null_ctrl,
+    null_new,
+    null_free,
+    NULL,
+};
 
 BIO_METHOD *BIO_s_null(void)
-	{
-	return(&null_method);
-	}
+{
+    return (&null_method);
+}
 
 static int null_new(BIO *bi)
-	{
-	bi->init=1;
-	bi->num=0;
-	bi->ptr=(NULL);
-	return(1);
-	}
+{
+    bi->init = 1;
+    bi->num = 0;
+    bi->ptr = (NULL);
+    return (1);
+}
 
 static int null_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	return(1);
-	}
-	
+{
+    if (a == NULL)
+        return (0);
+    return (1);
+}
+
 static int null_read(BIO *b, char *out, int outl)
-	{
-	return(0);
-	}
+{
+    return (0);
+}
 
 static int null_write(BIO *b, const char *in, int inl)
-	{
-	return(inl);
-	}
+{
+    return (inl);
+}
 
 static long null_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	long ret=1;
+{
+    long ret = 1;
 
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-	case BIO_CTRL_EOF:
-	case BIO_CTRL_SET:
-	case BIO_CTRL_SET_CLOSE:
-	case BIO_CTRL_FLUSH:
-	case BIO_CTRL_DUP:
-		ret=1;
-		break;
-	case BIO_CTRL_GET_CLOSE:
-	case BIO_CTRL_INFO:
-	case BIO_CTRL_GET:
-	case BIO_CTRL_PENDING:
-	case BIO_CTRL_WPENDING:
-	default:
-		ret=0;
-		break;
-		}
-	return(ret);
-	}
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+    case BIO_CTRL_EOF:
+    case BIO_CTRL_SET:
+    case BIO_CTRL_SET_CLOSE:
+    case BIO_CTRL_FLUSH:
+    case BIO_CTRL_DUP:
+        ret = 1;
+        break;
+    case BIO_CTRL_GET_CLOSE:
+    case BIO_CTRL_INFO:
+    case BIO_CTRL_GET:
+    case BIO_CTRL_PENDING:
+    case BIO_CTRL_WPENDING:
+    default:
+        ret = 0;
+        break;
+    }
+    return (ret);
+}
 
 static int null_gets(BIO *bp, char *buf, int size)
-	{
-	return(0);
-	}
+{
+    return (0);
+}
 
 static int null_puts(BIO *bp, const char *str)
-	{
-	if (str == NULL) return(0);
-	return(strlen(str));
-	}
-
+{
+    if (str == NULL)
+        return (0);
+    return (strlen(str));
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_add.c b/Cryptlib/OpenSSL/crypto/bn/bn_add.c
index 94051637..2f3d1104 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_add.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_add.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,252 +62,252 @@
 
 /* r can == a or b */
 int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-	{
-	const BIGNUM *tmp;
-	int a_neg = a->neg, ret;
+{
+    const BIGNUM *tmp;
+    int a_neg = a->neg, ret;
 
-	bn_check_top(a);
-	bn_check_top(b);
+    bn_check_top(a);
+    bn_check_top(b);
 
-	/*  a +  b	a+b
-	 *  a + -b	a-b
-	 * -a +  b	b-a
-	 * -a + -b	-(a+b)
-	 */
-	if (a_neg ^ b->neg)
-		{
-		/* only one is negative */
-		if (a_neg)
-			{ tmp=a; a=b; b=tmp; }
+    /*-
+     *  a +  b      a+b
+     *  a + -b      a-b
+     * -a +  b      b-a
+     * -a + -b      -(a+b)
+     */
+    if (a_neg ^ b->neg) {
+        /* only one is negative */
+        if (a_neg) {
+            tmp = a;
+            a = b;
+            b = tmp;
+        }
 
-		/* we are now a - b */
+        /* we are now a - b */
 
-		if (BN_ucmp(a,b) < 0)
-			{
-			if (!BN_usub(r,b,a)) return(0);
-			r->neg=1;
-			}
-		else
-			{
-			if (!BN_usub(r,a,b)) return(0);
-			r->neg=0;
-			}
-		return(1);
-		}
+        if (BN_ucmp(a, b) < 0) {
+            if (!BN_usub(r, b, a))
+                return (0);
+            r->neg = 1;
+        } else {
+            if (!BN_usub(r, a, b))
+                return (0);
+            r->neg = 0;
+        }
+        return (1);
+    }
 
-	ret = BN_uadd(r,a,b);
-	r->neg = a_neg;
-	bn_check_top(r);
-	return ret;
-	}
+    ret = BN_uadd(r, a, b);
+    r->neg = a_neg;
+    bn_check_top(r);
+    return ret;
+}
 
 /* unsigned add of b to a */
 int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-	{
-	int max,min,dif;
-	BN_ULONG *ap,*bp,*rp,carry,t1,t2;
-	const BIGNUM *tmp;
+{
+    int max, min, dif;
+    BN_ULONG *ap, *bp, *rp, carry, t1, t2;
+    const BIGNUM *tmp;
 
-	bn_check_top(a);
-	bn_check_top(b);
+    bn_check_top(a);
+    bn_check_top(b);
 
-	if (a->top < b->top)
-		{ tmp=a; a=b; b=tmp; }
-	max = a->top;
-	min = b->top;
-	dif = max - min;
+    if (a->top < b->top) {
+        tmp = a;
+        a = b;
+        b = tmp;
+    }
+    max = a->top;
+    min = b->top;
+    dif = max - min;
 
-	if (bn_wexpand(r,max+1) == NULL)
-		return 0;
+    if (bn_wexpand(r, max + 1) == NULL)
+        return 0;
 
-	r->top=max;
+    r->top = max;
 
+    ap = a->d;
+    bp = b->d;
+    rp = r->d;
 
-	ap=a->d;
-	bp=b->d;
-	rp=r->d;
+    carry = bn_add_words(rp, ap, bp, min);
+    rp += min;
+    ap += min;
+    bp += min;
 
-	carry=bn_add_words(rp,ap,bp,min);
-	rp+=min;
-	ap+=min;
-	bp+=min;
-
-	if (carry)
-		{
-		while (dif)
-			{
-			dif--;
-			t1 = *(ap++);
-			t2 = (t1+1) & BN_MASK2;
-			*(rp++) = t2;
-			if (t2)
-				{
-				carry=0;
-				break;
-				}
-			}
-		if (carry)
-			{
-			/* carry != 0 => dif == 0 */
-			*rp = 1;
-			r->top++;
-			}
-		}
-	if (dif && rp != ap)
-		while (dif--)
-			/* copy remaining words if ap != rp */
-			*(rp++) = *(ap++);
-	r->neg = 0;
-	bn_check_top(r);
-	return 1;
-	}
+    if (carry) {
+        while (dif) {
+            dif--;
+            t1 = *(ap++);
+            t2 = (t1 + 1) & BN_MASK2;
+            *(rp++) = t2;
+            if (t2) {
+                carry = 0;
+                break;
+            }
+        }
+        if (carry) {
+            /* carry != 0 => dif == 0 */
+            *rp = 1;
+            r->top++;
+        }
+    }
+    if (dif && rp != ap)
+        while (dif--)
+            /* copy remaining words if ap != rp */
+            *(rp++) = *(ap++);
+    r->neg = 0;
+    bn_check_top(r);
+    return 1;
+}
 
 /* unsigned subtraction of b from a, a must be larger than b. */
 int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-	{
-	int max,min,dif;
-	register BN_ULONG t1,t2,*ap,*bp,*rp;
-	int i,carry;
+{
+    int max, min, dif;
+    register BN_ULONG t1, t2, *ap, *bp, *rp;
+    int i, carry;
 #if defined(IRIX_CC_BUG) && !defined(LINT)
-	int dummy;
+    int dummy;
 #endif
 
-	bn_check_top(a);
-	bn_check_top(b);
+    bn_check_top(a);
+    bn_check_top(b);
 
-	max = a->top;
-	min = b->top;
-	dif = max - min;
+    max = a->top;
+    min = b->top;
+    dif = max - min;
 
-	if (dif < 0)	/* hmm... should not be happening */
-		{
-		BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3);
-		return(0);
-		}
+    if (dif < 0) {              /* hmm... should not be happening */
+        BNerr(BN_F_BN_USUB, BN_R_ARG2_LT_ARG3);
+        return (0);
+    }
 
-	if (bn_wexpand(r,max) == NULL) return(0);
+    if (bn_wexpand(r, max) == NULL)
+        return (0);
 
-	ap=a->d;
-	bp=b->d;
-	rp=r->d;
+    ap = a->d;
+    bp = b->d;
+    rp = r->d;
 
 #if 1
-	carry=0;
-	for (i = min; i != 0; i--)
-		{
-		t1= *(ap++);
-		t2= *(bp++);
-		if (carry)
-			{
-			carry=(t1 <= t2);
-			t1=(t1-t2-1)&BN_MASK2;
-			}
-		else
-			{
-			carry=(t1 < t2);
-			t1=(t1-t2)&BN_MASK2;
-			}
-#if defined(IRIX_CC_BUG) && !defined(LINT)
-		dummy=t1;
-#endif
-		*(rp++)=t1&BN_MASK2;
-		}
+    carry = 0;
+    for (i = min; i != 0; i--) {
+        t1 = *(ap++);
+        t2 = *(bp++);
+        if (carry) {
+            carry = (t1 <= t2);
+            t1 = (t1 - t2 - 1) & BN_MASK2;
+        } else {
+            carry = (t1 < t2);
+            t1 = (t1 - t2) & BN_MASK2;
+        }
+# if defined(IRIX_CC_BUG) && !defined(LINT)
+        dummy = t1;
+# endif
+        *(rp++) = t1 & BN_MASK2;
+    }
 #else
-	carry=bn_sub_words(rp,ap,bp,min);
-	ap+=min;
-	bp+=min;
-	rp+=min;
+    carry = bn_sub_words(rp, ap, bp, min);
+    ap += min;
+    bp += min;
+    rp += min;
 #endif
-	if (carry) /* subtracted */
-		{
-		if (!dif)
-			/* error: a < b */
-			return 0;
-		while (dif)
-			{
-			dif--;
-			t1 = *(ap++);
-			t2 = (t1-1)&BN_MASK2;
-			*(rp++) = t2;
-			if (t1)
-				break;
-			}
-		}
+    if (carry) {                /* subtracted */
+        if (!dif)
+            /* error: a < b */
+            return 0;
+        while (dif) {
+            dif--;
+            t1 = *(ap++);
+            t2 = (t1 - 1) & BN_MASK2;
+            *(rp++) = t2;
+            if (t1)
+                break;
+        }
+    }
 #if 0
-	memcpy(rp,ap,sizeof(*rp)*(max-i));
+    memcpy(rp, ap, sizeof(*rp) * (max - i));
 #else
-	if (rp != ap)
-		{
-		for (;;)
-			{
-			if (!dif--) break;
-			rp[0]=ap[0];
-			if (!dif--) break;
-			rp[1]=ap[1];
-			if (!dif--) break;
-			rp[2]=ap[2];
-			if (!dif--) break;
-			rp[3]=ap[3];
-			rp+=4;
-			ap+=4;
-			}
-		}
+    if (rp != ap) {
+        for (;;) {
+            if (!dif--)
+                break;
+            rp[0] = ap[0];
+            if (!dif--)
+                break;
+            rp[1] = ap[1];
+            if (!dif--)
+                break;
+            rp[2] = ap[2];
+            if (!dif--)
+                break;
+            rp[3] = ap[3];
+            rp += 4;
+            ap += 4;
+        }
+    }
 #endif
 
-	r->top=max;
-	r->neg=0;
-	bn_correct_top(r);
-	return(1);
-	}
+    r->top = max;
+    r->neg = 0;
+    bn_correct_top(r);
+    return (1);
+}
 
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-	{
-	int max;
-	int add=0,neg=0;
-	const BIGNUM *tmp;
-
-	bn_check_top(a);
-	bn_check_top(b);
+{
+    int max;
+    int add = 0, neg = 0;
+    const BIGNUM *tmp;
 
-	/*  a -  b	a-b
-	 *  a - -b	a+b
-	 * -a -  b	-(a+b)
-	 * -a - -b	b-a
-	 */
-	if (a->neg)
-		{
-		if (b->neg)
-			{ tmp=a; a=b; b=tmp; }
-		else
-			{ add=1; neg=1; }
-		}
-	else
-		{
-		if (b->neg) { add=1; neg=0; }
-		}
+    bn_check_top(a);
+    bn_check_top(b);
 
-	if (add)
-		{
-		if (!BN_uadd(r,a,b)) return(0);
-		r->neg=neg;
-		return(1);
-		}
+    /*-
+     *  a -  b      a-b
+     *  a - -b      a+b
+     * -a -  b      -(a+b)
+     * -a - -b      b-a
+     */
+    if (a->neg) {
+        if (b->neg) {
+            tmp = a;
+            a = b;
+            b = tmp;
+        } else {
+            add = 1;
+            neg = 1;
+        }
+    } else {
+        if (b->neg) {
+            add = 1;
+            neg = 0;
+        }
+    }
 
-	/* We are actually doing a - b :-) */
+    if (add) {
+        if (!BN_uadd(r, a, b))
+            return (0);
+        r->neg = neg;
+        return (1);
+    }
 
-	max=(a->top > b->top)?a->top:b->top;
-	if (bn_wexpand(r,max) == NULL) return(0);
-	if (BN_ucmp(a,b) < 0)
-		{
-		if (!BN_usub(r,b,a)) return(0);
-		r->neg=1;
-		}
-	else
-		{
-		if (!BN_usub(r,a,b)) return(0);
-		r->neg=0;
-		}
-	bn_check_top(r);
-	return(1);
-	}
+    /* We are actually doing a - b :-) */
 
+    max = (a->top > b->top) ? a->top : b->top;
+    if (bn_wexpand(r, max) == NULL)
+        return (0);
+    if (BN_ucmp(a, b) < 0) {
+        if (!BN_usub(r, b, a))
+            return (0);
+        r->neg = 1;
+    } else {
+        if (!BN_usub(r, a, b))
+            return (0);
+        r->neg = 0;
+    }
+    bn_check_top(r);
+    return (1);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c
index 99bc2de4..92e9539c 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -57,7 +57,7 @@
  */
 
 #ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
+# undef NDEBUG                  /* avoid conflicting definitions */
 # define NDEBUG
 #endif
 
@@ -68,793 +68,853 @@
 
 #if defined(BN_LLONG) || defined(BN_UMULT_HIGH)
 
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-	{
-	BN_ULONG c1=0;
-
-	assert(num >= 0);
-	if (num <= 0) return(c1);
-
-	while (num&~3)
-		{
-		mul_add(rp[0],ap[0],w,c1);
-		mul_add(rp[1],ap[1],w,c1);
-		mul_add(rp[2],ap[2],w,c1);
-		mul_add(rp[3],ap[3],w,c1);
-		ap+=4; rp+=4; num-=4;
-		}
-	if (num)
-		{
-		mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1;
-		mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1;
-		mul_add(rp[2],ap[2],w,c1); return c1;
-		}
-	
-	return(c1);
-	} 
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w)
+{
+    BN_ULONG c1 = 0;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return (c1);
+
+    while (num & ~3) {
+        mul_add(rp[0], ap[0], w, c1);
+        mul_add(rp[1], ap[1], w, c1);
+        mul_add(rp[2], ap[2], w, c1);
+        mul_add(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+    if (num) {
+        mul_add(rp[0], ap[0], w, c1);
+        if (--num == 0)
+            return c1;
+        mul_add(rp[1], ap[1], w, c1);
+        if (--num == 0)
+            return c1;
+        mul_add(rp[2], ap[2], w, c1);
+        return c1;
+    }
+
+    return (c1);
+}
 
 BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-	{
-	BN_ULONG c1=0;
-
-	assert(num >= 0);
-	if (num <= 0) return(c1);
-
-	while (num&~3)
-		{
-		mul(rp[0],ap[0],w,c1);
-		mul(rp[1],ap[1],w,c1);
-		mul(rp[2],ap[2],w,c1);
-		mul(rp[3],ap[3],w,c1);
-		ap+=4; rp+=4; num-=4;
-		}
-	if (num)
-		{
-		mul(rp[0],ap[0],w,c1); if (--num == 0) return c1;
-		mul(rp[1],ap[1],w,c1); if (--num == 0) return c1;
-		mul(rp[2],ap[2],w,c1);
-		}
-	return(c1);
-	} 
+{
+    BN_ULONG c1 = 0;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return (c1);
+
+    while (num & ~3) {
+        mul(rp[0], ap[0], w, c1);
+        mul(rp[1], ap[1], w, c1);
+        mul(rp[2], ap[2], w, c1);
+        mul(rp[3], ap[3], w, c1);
+        ap += 4;
+        rp += 4;
+        num -= 4;
+    }
+    if (num) {
+        mul(rp[0], ap[0], w, c1);
+        if (--num == 0)
+            return c1;
+        mul(rp[1], ap[1], w, c1);
+        if (--num == 0)
+            return c1;
+        mul(rp[2], ap[2], w, c1);
+    }
+    return (c1);
+}
 
 void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
-        {
-	assert(n >= 0);
-	if (n <= 0) return;
-	while (n&~3)
-		{
-		sqr(r[0],r[1],a[0]);
-		sqr(r[2],r[3],a[1]);
-		sqr(r[4],r[5],a[2]);
-		sqr(r[6],r[7],a[3]);
-		a+=4; r+=8; n-=4;
-		}
-	if (n)
-		{
-		sqr(r[0],r[1],a[0]); if (--n == 0) return;
-		sqr(r[2],r[3],a[1]); if (--n == 0) return;
-		sqr(r[4],r[5],a[2]);
-		}
-	}
-
-#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
-
-BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-	{
-	BN_ULONG c=0;
-	BN_ULONG bl,bh;
-
-	assert(num >= 0);
-	if (num <= 0) return((BN_ULONG)0);
-
-	bl=LBITS(w);
-	bh=HBITS(w);
-
-	for (;;)
-		{
-		mul_add(rp[0],ap[0],bl,bh,c);
-		if (--num == 0) break;
-		mul_add(rp[1],ap[1],bl,bh,c);
-		if (--num == 0) break;
-		mul_add(rp[2],ap[2],bl,bh,c);
-		if (--num == 0) break;
-		mul_add(rp[3],ap[3],bl,bh,c);
-		if (--num == 0) break;
-		ap+=4;
-		rp+=4;
-		}
-	return(c);
-	} 
+{
+    assert(n >= 0);
+    if (n <= 0)
+        return;
+    while (n & ~3) {
+        sqr(r[0], r[1], a[0]);
+        sqr(r[2], r[3], a[1]);
+        sqr(r[4], r[5], a[2]);
+        sqr(r[6], r[7], a[3]);
+        a += 4;
+        r += 8;
+        n -= 4;
+    }
+    if (n) {
+        sqr(r[0], r[1], a[0]);
+        if (--n == 0)
+            return;
+        sqr(r[2], r[3], a[1]);
+        if (--n == 0)
+            return;
+        sqr(r[4], r[5], a[2]);
+    }
+}
+
+#else                           /* !(defined(BN_LLONG) ||
+                                 * defined(BN_UMULT_HIGH)) */
+
+BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num,
+                          BN_ULONG w)
+{
+    BN_ULONG c = 0;
+    BN_ULONG bl, bh;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return ((BN_ULONG)0);
+
+    bl = LBITS(w);
+    bh = HBITS(w);
+
+    for (;;) {
+        mul_add(rp[0], ap[0], bl, bh, c);
+        if (--num == 0)
+            break;
+        mul_add(rp[1], ap[1], bl, bh, c);
+        if (--num == 0)
+            break;
+        mul_add(rp[2], ap[2], bl, bh, c);
+        if (--num == 0)
+            break;
+        mul_add(rp[3], ap[3], bl, bh, c);
+        if (--num == 0)
+            break;
+        ap += 4;
+        rp += 4;
+    }
+    return (c);
+}
 
 BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w)
-	{
-	BN_ULONG carry=0;
-	BN_ULONG bl,bh;
-
-	assert(num >= 0);
-	if (num <= 0) return((BN_ULONG)0);
-
-	bl=LBITS(w);
-	bh=HBITS(w);
-
-	for (;;)
-		{
-		mul(rp[0],ap[0],bl,bh,carry);
-		if (--num == 0) break;
-		mul(rp[1],ap[1],bl,bh,carry);
-		if (--num == 0) break;
-		mul(rp[2],ap[2],bl,bh,carry);
-		if (--num == 0) break;
-		mul(rp[3],ap[3],bl,bh,carry);
-		if (--num == 0) break;
-		ap+=4;
-		rp+=4;
-		}
-	return(carry);
-	} 
+{
+    BN_ULONG carry = 0;
+    BN_ULONG bl, bh;
+
+    assert(num >= 0);
+    if (num <= 0)
+        return ((BN_ULONG)0);
+
+    bl = LBITS(w);
+    bh = HBITS(w);
+
+    for (;;) {
+        mul(rp[0], ap[0], bl, bh, carry);
+        if (--num == 0)
+            break;
+        mul(rp[1], ap[1], bl, bh, carry);
+        if (--num == 0)
+            break;
+        mul(rp[2], ap[2], bl, bh, carry);
+        if (--num == 0)
+            break;
+        mul(rp[3], ap[3], bl, bh, carry);
+        if (--num == 0)
+            break;
+        ap += 4;
+        rp += 4;
+    }
+    return (carry);
+}
 
 void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n)
-        {
-	assert(n >= 0);
-	if (n <= 0) return;
-	for (;;)
-		{
-		sqr64(r[0],r[1],a[0]);
-		if (--n == 0) break;
-
-		sqr64(r[2],r[3],a[1]);
-		if (--n == 0) break;
-
-		sqr64(r[4],r[5],a[2]);
-		if (--n == 0) break;
-
-		sqr64(r[6],r[7],a[3]);
-		if (--n == 0) break;
-
-		a+=4;
-		r+=8;
-		}
-	}
-
-#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */
+{
+    assert(n >= 0);
+    if (n <= 0)
+        return;
+    for (;;) {
+        sqr64(r[0], r[1], a[0]);
+        if (--n == 0)
+            break;
+
+        sqr64(r[2], r[3], a[1]);
+        if (--n == 0)
+            break;
+
+        sqr64(r[4], r[5], a[2]);
+        if (--n == 0)
+            break;
+
+        sqr64(r[6], r[7], a[3]);
+        if (--n == 0)
+            break;
+
+        a += 4;
+        r += 8;
+    }
+}
+
+#endif                          /* !(defined(BN_LLONG) ||
+                                 * defined(BN_UMULT_HIGH)) */
 
 #if defined(BN_LLONG) && defined(BN_DIV2W)
 
 BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-	{
-	return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d));
-	}
+{
+    return ((BN_ULONG)(((((BN_ULLONG) h) << BN_BITS2) | l) / (BN_ULLONG) d));
+}
 
 #else
 
 /* Divide h,l by d and return the result. */
 /* I need to test this some more :-( */
 BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d)
-	{
-	BN_ULONG dh,dl,q,ret=0,th,tl,t;
-	int i,count=2;
-
-	if (d == 0) return(BN_MASK2);
-
-	i=BN_num_bits_word(d);
-	assert((i == BN_BITS2) || (h <= (BN_ULONG)1<<i));
-
-	i=BN_BITS2-i;
-	if (h >= d) h-=d;
-
-	if (i)
-		{
-		d<<=i;
-		h=(h<<i)|(l>>(BN_BITS2-i));
-		l<<=i;
-		}
-	dh=(d&BN_MASK2h)>>BN_BITS4;
-	dl=(d&BN_MASK2l);
-	for (;;)
-		{
-		if ((h>>BN_BITS4) == dh)
-			q=BN_MASK2l;
-		else
-			q=h/dh;
-
-		th=q*dh;
-		tl=dl*q;
-		for (;;)
-			{
-			t=h-th;
-			if ((t&BN_MASK2h) ||
-				((tl) <= (
-					(t<<BN_BITS4)|
-					((l&BN_MASK2h)>>BN_BITS4))))
-				break;
-			q--;
-			th-=dh;
-			tl-=dl;
-			}
-		t=(tl>>BN_BITS4);
-		tl=(tl<<BN_BITS4)&BN_MASK2h;
-		th+=t;
-
-		if (l < tl) th++;
-		l-=tl;
-		if (h < th)
-			{
-			h+=d;
-			q--;
-			}
-		h-=th;
-
-		if (--count == 0) break;
-
-		ret=q<<BN_BITS4;
-		h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2;
-		l=(l&BN_MASK2l)<<BN_BITS4;
-		}
-	ret|=q;
-	return(ret);
-	}
-#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */
+{
+    BN_ULONG dh, dl, q, ret = 0, th, tl, t;
+    int i, count = 2;
+
+    if (d == 0)
+        return (BN_MASK2);
+
+    i = BN_num_bits_word(d);
+    assert((i == BN_BITS2) || (h <= (BN_ULONG)1 << i));
+
+    i = BN_BITS2 - i;
+    if (h >= d)
+        h -= d;
+
+    if (i) {
+        d <<= i;
+        h = (h << i) | (l >> (BN_BITS2 - i));
+        l <<= i;
+    }
+    dh = (d & BN_MASK2h) >> BN_BITS4;
+    dl = (d & BN_MASK2l);
+    for (;;) {
+        if ((h >> BN_BITS4) == dh)
+            q = BN_MASK2l;
+        else
+            q = h / dh;
+
+        th = q * dh;
+        tl = dl * q;
+        for (;;) {
+            t = h - th;
+            if ((t & BN_MASK2h) ||
+                ((tl) <= ((t << BN_BITS4) | ((l & BN_MASK2h) >> BN_BITS4))))
+                break;
+            q--;
+            th -= dh;
+            tl -= dl;
+        }
+        t = (tl >> BN_BITS4);
+        tl = (tl << BN_BITS4) & BN_MASK2h;
+        th += t;
+
+        if (l < tl)
+            th++;
+        l -= tl;
+        if (h < th) {
+            h += d;
+            q--;
+        }
+        h -= th;
+
+        if (--count == 0)
+            break;
+
+        ret = q << BN_BITS4;
+        h = ((h << BN_BITS4) | (l >> BN_BITS4)) & BN_MASK2;
+        l = (l & BN_MASK2l) << BN_BITS4;
+    }
+    ret |= q;
+    return (ret);
+}
+#endif                          /* !defined(BN_LLONG) && defined(BN_DIV2W) */
 
 #ifdef BN_LLONG
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
-        {
-	BN_ULLONG ll=0;
-
-	assert(n >= 0);
-	if (n <= 0) return((BN_ULONG)0);
-
-	for (;;)
-		{
-		ll+=(BN_ULLONG)a[0]+b[0];
-		r[0]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		if (--n <= 0) break;
-
-		ll+=(BN_ULLONG)a[1]+b[1];
-		r[1]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		if (--n <= 0) break;
-
-		ll+=(BN_ULLONG)a[2]+b[2];
-		r[2]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		if (--n <= 0) break;
-
-		ll+=(BN_ULLONG)a[3]+b[3];
-		r[3]=(BN_ULONG)ll&BN_MASK2;
-		ll>>=BN_BITS2;
-		if (--n <= 0) break;
-
-		a+=4;
-		b+=4;
-		r+=4;
-		}
-	return((BN_ULONG)ll);
-	}
-#else /* !BN_LLONG */
-BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
-        {
-	BN_ULONG c,l,t;
-
-	assert(n >= 0);
-	if (n <= 0) return((BN_ULONG)0);
-
-	c=0;
-	for (;;)
-		{
-		t=a[0];
-		t=(t+c)&BN_MASK2;
-		c=(t < c);
-		l=(t+b[0])&BN_MASK2;
-		c+=(l < t);
-		r[0]=l;
-		if (--n <= 0) break;
-
-		t=a[1];
-		t=(t+c)&BN_MASK2;
-		c=(t < c);
-		l=(t+b[1])&BN_MASK2;
-		c+=(l < t);
-		r[1]=l;
-		if (--n <= 0) break;
-
-		t=a[2];
-		t=(t+c)&BN_MASK2;
-		c=(t < c);
-		l=(t+b[2])&BN_MASK2;
-		c+=(l < t);
-		r[2]=l;
-		if (--n <= 0) break;
-
-		t=a[3];
-		t=(t+c)&BN_MASK2;
-		c=(t < c);
-		l=(t+b[3])&BN_MASK2;
-		c+=(l < t);
-		r[3]=l;
-		if (--n <= 0) break;
-
-		a+=4;
-		b+=4;
-		r+=4;
-		}
-	return((BN_ULONG)c);
-	}
-#endif /* !BN_LLONG */
-
-BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n)
-        {
-	BN_ULONG t1,t2;
-	int c=0;
-
-	assert(n >= 0);
-	if (n <= 0) return((BN_ULONG)0);
-
-	for (;;)
-		{
-		t1=a[0]; t2=b[0];
-		r[0]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		if (--n <= 0) break;
-
-		t1=a[1]; t2=b[1];
-		r[1]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		if (--n <= 0) break;
-
-		t1=a[2]; t2=b[2];
-		r[2]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		if (--n <= 0) break;
-
-		t1=a[3]; t2=b[3];
-		r[3]=(t1-t2-c)&BN_MASK2;
-		if (t1 != t2) c=(t1 < t2);
-		if (--n <= 0) break;
-
-		a+=4;
-		b+=4;
-		r+=4;
-		}
-	return(c);
-	}
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                      int n)
+{
+    BN_ULLONG ll = 0;
+
+    assert(n >= 0);
+    if (n <= 0)
+        return ((BN_ULONG)0);
+
+    for (;;) {
+        ll += (BN_ULLONG) a[0] + b[0];
+        r[0] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        if (--n <= 0)
+            break;
+
+        ll += (BN_ULLONG) a[1] + b[1];
+        r[1] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        if (--n <= 0)
+            break;
+
+        ll += (BN_ULLONG) a[2] + b[2];
+        r[2] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        if (--n <= 0)
+            break;
+
+        ll += (BN_ULLONG) a[3] + b[3];
+        r[3] = (BN_ULONG)ll & BN_MASK2;
+        ll >>= BN_BITS2;
+        if (--n <= 0)
+            break;
+
+        a += 4;
+        b += 4;
+        r += 4;
+    }
+    return ((BN_ULONG)ll);
+}
+#else                           /* !BN_LLONG */
+BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                      int n)
+{
+    BN_ULONG c, l, t;
+
+    assert(n >= 0);
+    if (n <= 0)
+        return ((BN_ULONG)0);
+
+    c = 0;
+    for (;;) {
+        t = a[0];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[0]) & BN_MASK2;
+        c += (l < t);
+        r[0] = l;
+        if (--n <= 0)
+            break;
+
+        t = a[1];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[1]) & BN_MASK2;
+        c += (l < t);
+        r[1] = l;
+        if (--n <= 0)
+            break;
+
+        t = a[2];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[2]) & BN_MASK2;
+        c += (l < t);
+        r[2] = l;
+        if (--n <= 0)
+            break;
+
+        t = a[3];
+        t = (t + c) & BN_MASK2;
+        c = (t < c);
+        l = (t + b[3]) & BN_MASK2;
+        c += (l < t);
+        r[3] = l;
+        if (--n <= 0)
+            break;
+
+        a += 4;
+        b += 4;
+        r += 4;
+    }
+    return ((BN_ULONG)c);
+}
+#endif                          /* !BN_LLONG */
+
+BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+                      int n)
+{
+    BN_ULONG t1, t2;
+    int c = 0;
+
+    assert(n >= 0);
+    if (n <= 0)
+        return ((BN_ULONG)0);
+
+    for (;;) {
+        t1 = a[0];
+        t2 = b[0];
+        r[0] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        t1 = a[1];
+        t2 = b[1];
+        r[1] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        t1 = a[2];
+        t2 = b[2];
+        r[2] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        t1 = a[3];
+        t2 = b[3];
+        r[3] = (t1 - t2 - c) & BN_MASK2;
+        if (t1 != t2)
+            c = (t1 < t2);
+        if (--n <= 0)
+            break;
+
+        a += 4;
+        b += 4;
+        r += 4;
+    }
+    return (c);
+}
 
 #ifdef BN_MUL_COMBA
 
-#undef bn_mul_comba8
-#undef bn_mul_comba4
-#undef bn_sqr_comba8
-#undef bn_sqr_comba4
+# undef bn_mul_comba8
+# undef bn_mul_comba4
+# undef bn_sqr_comba8
+# undef bn_sqr_comba4
 
 /* mul_add_c(a,b,c0,c1,c2)  -- c+=a*b for three word number c=(c2,c1,c0) */
 /* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */
 /* sqr_add_c(a,i,c0,c1,c2)  -- c+=a[i]^2 for three word number c=(c2,c1,c0) */
-/* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */
+/*
+ * sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number
+ * c=(c2,c1,c0)
+ */
 
-#ifdef BN_LLONG
-#define mul_add_c(a,b,c0,c1,c2) \
-	t=(BN_ULLONG)a*b; \
-	t1=(BN_ULONG)Lw(t); \
-	t2=(BN_ULONG)Hw(t); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \
-	t=(BN_ULLONG)a*b; \
-	tt=(t+t)&BN_MASK; \
-	if (tt < t) c2++; \
-	t1=(BN_ULONG)Lw(tt); \
-	t2=(BN_ULONG)Hw(tt); \
-	c0=(c0+t1)&BN_MASK2;  \
-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \
-	t=(BN_ULLONG)a[i]*a[i]; \
-	t1=(BN_ULONG)Lw(t); \
-	t2=(BN_ULONG)Hw(t); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-#elif defined(BN_UMULT_LOHI)
-
-#define mul_add_c(a,b,c0,c1,c2)	{	\
-	BN_ULONG ta=(a),tb=(b);		\
-	BN_UMULT_LOHI(t1,t2,ta,tb);	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	}
-
-#define mul_add_c2(a,b,c0,c1,c2) {	\
-	BN_ULONG ta=(a),tb=(b),t0;	\
-	BN_UMULT_LOHI(t0,t1,ta,tb);	\
-	t2 = t1+t1; c2 += (t2<t1)?1:0;	\
-	t1 = t0+t0; t2 += (t1<t0)?1:0;	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	}
-
-#define sqr_add_c(a,i,c0,c1,c2)	{	\
-	BN_ULONG ta=(a)[i];		\
-	BN_UMULT_LOHI(t1,t2,ta,ta);	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	}
-
-#define sqr_add_c2(a,i,j,c0,c1,c2)	\
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-#elif defined(BN_UMULT_HIGH)
-
-#define mul_add_c(a,b,c0,c1,c2)	{	\
-	BN_ULONG ta=(a),tb=(b);		\
-	t1 = ta * tb;			\
-	t2 = BN_UMULT_HIGH(ta,tb);	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	}
-
-#define mul_add_c2(a,b,c0,c1,c2) {	\
-	BN_ULONG ta=(a),tb=(b),t0;	\
-	t1 = BN_UMULT_HIGH(ta,tb);	\
-	t0 = ta * tb;			\
-	t2 = t1+t1; c2 += (t2<t1)?1:0;	\
-	t1 = t0+t0; t2 += (t1<t0)?1:0;	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	}
-
-#define sqr_add_c(a,i,c0,c1,c2)	{	\
-	BN_ULONG ta=(a)[i];		\
-	t1 = ta * ta;			\
-	t2 = BN_UMULT_HIGH(ta,ta);	\
-	c0 += t1; t2 += (c0<t1)?1:0;	\
-	c1 += t2; c2 += (c1<t2)?1:0;	\
-	}
-
-#define sqr_add_c2(a,i,j,c0,c1,c2)	\
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-
-#else /* !BN_LLONG */
-#define mul_add_c(a,b,c0,c1,c2) \
-	t1=LBITS(a); t2=HBITS(a); \
-	bl=LBITS(b); bh=HBITS(b); \
-	mul64(t1,t2,bl,bh); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define mul_add_c2(a,b,c0,c1,c2) \
-	t1=LBITS(a); t2=HBITS(a); \
-	bl=LBITS(b); bh=HBITS(b); \
-	mul64(t1,t2,bl,bh); \
-	if (t2 & BN_TBIT) c2++; \
-	t2=(t2+t2)&BN_MASK2; \
-	if (t1 & BN_TBIT) t2++; \
-	t1=(t1+t1)&BN_MASK2; \
-	c0=(c0+t1)&BN_MASK2;  \
-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c(a,i,c0,c1,c2) \
-	sqr64(t1,t2,(a)[i]); \
-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
-
-#define sqr_add_c2(a,i,j,c0,c1,c2) \
-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
-#endif /* !BN_LLONG */
+/*
+ * Keep in mind that carrying into high part of multiplication result
+ * can not overflow, because it cannot be all-ones.
+ */
+# ifdef BN_LLONG
+#  define mul_add_c(a,b,c0,c1,c2) \
+        t=(BN_ULLONG)a*b; \
+        t1=(BN_ULONG)Lw(t); \
+        t2=(BN_ULONG)Hw(t); \
+        c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#  define mul_add_c2(a,b,c0,c1,c2) \
+        t=(BN_ULLONG)a*b; \
+        tt=(t+t)&BN_MASK; \
+        if (tt < t) c2++; \
+        t1=(BN_ULONG)Lw(tt); \
+        t2=(BN_ULONG)Hw(tt); \
+        c0=(c0+t1)&BN_MASK2;  \
+        if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#  define sqr_add_c(a,i,c0,c1,c2) \
+        t=(BN_ULLONG)a[i]*a[i]; \
+        t1=(BN_ULONG)Lw(t); \
+        t2=(BN_ULONG)Hw(t); \
+        c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2) \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+# elif defined(BN_UMULT_LOHI)
+
+#  define mul_add_c(a,b,c0,c1,c2) {       \
+        BN_ULONG ta=(a),tb=(b);         \
+        BN_UMULT_LOHI(t1,t2,ta,tb);     \
+        c0 += t1; t2 += (c0<t1)?1:0;    \
+        c1 += t2; c2 += (c1<t2)?1:0;    \
+        }
+
+#  define mul_add_c2(a,b,c0,c1,c2) {      \
+        BN_ULONG ta=(a),tb=(b),t0;      \
+        BN_UMULT_LOHI(t0,t1,ta,tb);     \
+        c0 += t0; t2 = t1+((c0<t0)?1:0);\
+        c1 += t2; c2 += (c1<t2)?1:0;    \
+        c0 += t0; t1 += (c0<t0)?1:0;    \
+        c1 += t1; c2 += (c1<t1)?1:0;    \
+        }
+
+#  define sqr_add_c(a,i,c0,c1,c2) {       \
+        BN_ULONG ta=(a)[i];             \
+        BN_UMULT_LOHI(t1,t2,ta,ta);     \
+        c0 += t1; t2 += (c0<t1)?1:0;    \
+        c1 += t2; c2 += (c1<t2)?1:0;    \
+        }
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2)    \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+# elif defined(BN_UMULT_HIGH)
+
+#  define mul_add_c(a,b,c0,c1,c2) {       \
+        BN_ULONG ta=(a),tb=(b);         \
+        t1 = ta * tb;                   \
+        t2 = BN_UMULT_HIGH(ta,tb);      \
+        c0 += t1; t2 += (c0<t1)?1:0;    \
+        c1 += t2; c2 += (c1<t2)?1:0;    \
+        }
+
+#  define mul_add_c2(a,b,c0,c1,c2) {      \
+        BN_ULONG ta=(a),tb=(b),t0;      \
+        t1 = BN_UMULT_HIGH(ta,tb);      \
+        t0 = ta * tb;                   \
+        c0 += t0; t2 = t1+((c0<t0)?1:0);\
+        c1 += t2; c2 += (c1<t2)?1:0;    \
+        c0 += t0; t1 += (c0<t0)?1:0;    \
+        c1 += t1; c2 += (c1<t1)?1:0;    \
+        }
+
+#  define sqr_add_c(a,i,c0,c1,c2) {       \
+        BN_ULONG ta=(a)[i];             \
+        t1 = ta * ta;                   \
+        t2 = BN_UMULT_HIGH(ta,ta);      \
+        c0 += t1; t2 += (c0<t1)?1:0;    \
+        c1 += t2; c2 += (c1<t2)?1:0;    \
+        }
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2)      \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+
+# else                          /* !BN_LLONG */
+#  define mul_add_c(a,b,c0,c1,c2) \
+        t1=LBITS(a); t2=HBITS(a); \
+        bl=LBITS(b); bh=HBITS(b); \
+        mul64(t1,t2,bl,bh); \
+        c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#  define mul_add_c2(a,b,c0,c1,c2) \
+        t1=LBITS(a); t2=HBITS(a); \
+        bl=LBITS(b); bh=HBITS(b); \
+        mul64(t1,t2,bl,bh); \
+        if (t2 & BN_TBIT) c2++; \
+        t2=(t2+t2)&BN_MASK2; \
+        if (t1 & BN_TBIT) t2++; \
+        t1=(t1+t1)&BN_MASK2; \
+        c0=(c0+t1)&BN_MASK2;  \
+        if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#  define sqr_add_c(a,i,c0,c1,c2) \
+        sqr64(t1,t2,(a)[i]); \
+        c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+        c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+
+#  define sqr_add_c2(a,i,j,c0,c1,c2) \
+        mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+# endif                         /* !BN_LLONG */
 
 void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	mul_add_c(a[0],b[0],c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	mul_add_c(a[0],b[1],c2,c3,c1);
-	mul_add_c(a[1],b[0],c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	mul_add_c(a[2],b[0],c3,c1,c2);
-	mul_add_c(a[1],b[1],c3,c1,c2);
-	mul_add_c(a[0],b[2],c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	mul_add_c(a[0],b[3],c1,c2,c3);
-	mul_add_c(a[1],b[2],c1,c2,c3);
-	mul_add_c(a[2],b[1],c1,c2,c3);
-	mul_add_c(a[3],b[0],c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	mul_add_c(a[4],b[0],c2,c3,c1);
-	mul_add_c(a[3],b[1],c2,c3,c1);
-	mul_add_c(a[2],b[2],c2,c3,c1);
-	mul_add_c(a[1],b[3],c2,c3,c1);
-	mul_add_c(a[0],b[4],c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	mul_add_c(a[0],b[5],c3,c1,c2);
-	mul_add_c(a[1],b[4],c3,c1,c2);
-	mul_add_c(a[2],b[3],c3,c1,c2);
-	mul_add_c(a[3],b[2],c3,c1,c2);
-	mul_add_c(a[4],b[1],c3,c1,c2);
-	mul_add_c(a[5],b[0],c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	mul_add_c(a[6],b[0],c1,c2,c3);
-	mul_add_c(a[5],b[1],c1,c2,c3);
-	mul_add_c(a[4],b[2],c1,c2,c3);
-	mul_add_c(a[3],b[3],c1,c2,c3);
-	mul_add_c(a[2],b[4],c1,c2,c3);
-	mul_add_c(a[1],b[5],c1,c2,c3);
-	mul_add_c(a[0],b[6],c1,c2,c3);
-	r[6]=c1;
-	c1=0;
-	mul_add_c(a[0],b[7],c2,c3,c1);
-	mul_add_c(a[1],b[6],c2,c3,c1);
-	mul_add_c(a[2],b[5],c2,c3,c1);
-	mul_add_c(a[3],b[4],c2,c3,c1);
-	mul_add_c(a[4],b[3],c2,c3,c1);
-	mul_add_c(a[5],b[2],c2,c3,c1);
-	mul_add_c(a[6],b[1],c2,c3,c1);
-	mul_add_c(a[7],b[0],c2,c3,c1);
-	r[7]=c2;
-	c2=0;
-	mul_add_c(a[7],b[1],c3,c1,c2);
-	mul_add_c(a[6],b[2],c3,c1,c2);
-	mul_add_c(a[5],b[3],c3,c1,c2);
-	mul_add_c(a[4],b[4],c3,c1,c2);
-	mul_add_c(a[3],b[5],c3,c1,c2);
-	mul_add_c(a[2],b[6],c3,c1,c2);
-	mul_add_c(a[1],b[7],c3,c1,c2);
-	r[8]=c3;
-	c3=0;
-	mul_add_c(a[2],b[7],c1,c2,c3);
-	mul_add_c(a[3],b[6],c1,c2,c3);
-	mul_add_c(a[4],b[5],c1,c2,c3);
-	mul_add_c(a[5],b[4],c1,c2,c3);
-	mul_add_c(a[6],b[3],c1,c2,c3);
-	mul_add_c(a[7],b[2],c1,c2,c3);
-	r[9]=c1;
-	c1=0;
-	mul_add_c(a[7],b[3],c2,c3,c1);
-	mul_add_c(a[6],b[4],c2,c3,c1);
-	mul_add_c(a[5],b[5],c2,c3,c1);
-	mul_add_c(a[4],b[6],c2,c3,c1);
-	mul_add_c(a[3],b[7],c2,c3,c1);
-	r[10]=c2;
-	c2=0;
-	mul_add_c(a[4],b[7],c3,c1,c2);
-	mul_add_c(a[5],b[6],c3,c1,c2);
-	mul_add_c(a[6],b[5],c3,c1,c2);
-	mul_add_c(a[7],b[4],c3,c1,c2);
-	r[11]=c3;
-	c3=0;
-	mul_add_c(a[7],b[5],c1,c2,c3);
-	mul_add_c(a[6],b[6],c1,c2,c3);
-	mul_add_c(a[5],b[7],c1,c2,c3);
-	r[12]=c1;
-	c1=0;
-	mul_add_c(a[6],b[7],c2,c3,c1);
-	mul_add_c(a[7],b[6],c2,c3,c1);
-	r[13]=c2;
-	c2=0;
-	mul_add_c(a[7],b[7],c3,c1,c2);
-	r[14]=c3;
-	r[15]=c1;
-	}
+{
+# ifdef BN_LLONG
+    BN_ULLONG t;
+# else
+    BN_ULONG bl, bh;
+# endif
+    BN_ULONG t1, t2;
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[4], b[0], c2, c3, c1);
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    mul_add_c(a[0], b[4], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[0], b[5], c3, c1, c2);
+    mul_add_c(a[1], b[4], c3, c1, c2);
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    mul_add_c(a[4], b[1], c3, c1, c2);
+    mul_add_c(a[5], b[0], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[6], b[0], c1, c2, c3);
+    mul_add_c(a[5], b[1], c1, c2, c3);
+    mul_add_c(a[4], b[2], c1, c2, c3);
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    mul_add_c(a[2], b[4], c1, c2, c3);
+    mul_add_c(a[1], b[5], c1, c2, c3);
+    mul_add_c(a[0], b[6], c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[7], c2, c3, c1);
+    mul_add_c(a[1], b[6], c2, c3, c1);
+    mul_add_c(a[2], b[5], c2, c3, c1);
+    mul_add_c(a[3], b[4], c2, c3, c1);
+    mul_add_c(a[4], b[3], c2, c3, c1);
+    mul_add_c(a[5], b[2], c2, c3, c1);
+    mul_add_c(a[6], b[1], c2, c3, c1);
+    mul_add_c(a[7], b[0], c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[1], c3, c1, c2);
+    mul_add_c(a[6], b[2], c3, c1, c2);
+    mul_add_c(a[5], b[3], c3, c1, c2);
+    mul_add_c(a[4], b[4], c3, c1, c2);
+    mul_add_c(a[3], b[5], c3, c1, c2);
+    mul_add_c(a[2], b[6], c3, c1, c2);
+    mul_add_c(a[1], b[7], c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    mul_add_c(a[2], b[7], c1, c2, c3);
+    mul_add_c(a[3], b[6], c1, c2, c3);
+    mul_add_c(a[4], b[5], c1, c2, c3);
+    mul_add_c(a[5], b[4], c1, c2, c3);
+    mul_add_c(a[6], b[3], c1, c2, c3);
+    mul_add_c(a[7], b[2], c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    mul_add_c(a[7], b[3], c2, c3, c1);
+    mul_add_c(a[6], b[4], c2, c3, c1);
+    mul_add_c(a[5], b[5], c2, c3, c1);
+    mul_add_c(a[4], b[6], c2, c3, c1);
+    mul_add_c(a[3], b[7], c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    mul_add_c(a[4], b[7], c3, c1, c2);
+    mul_add_c(a[5], b[6], c3, c1, c2);
+    mul_add_c(a[6], b[5], c3, c1, c2);
+    mul_add_c(a[7], b[4], c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    mul_add_c(a[7], b[5], c1, c2, c3);
+    mul_add_c(a[6], b[6], c1, c2, c3);
+    mul_add_c(a[5], b[7], c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    mul_add_c(a[6], b[7], c2, c3, c1);
+    mul_add_c(a[7], b[6], c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    mul_add_c(a[7], b[7], c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
 
 void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	mul_add_c(a[0],b[0],c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	mul_add_c(a[0],b[1],c2,c3,c1);
-	mul_add_c(a[1],b[0],c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	mul_add_c(a[2],b[0],c3,c1,c2);
-	mul_add_c(a[1],b[1],c3,c1,c2);
-	mul_add_c(a[0],b[2],c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	mul_add_c(a[0],b[3],c1,c2,c3);
-	mul_add_c(a[1],b[2],c1,c2,c3);
-	mul_add_c(a[2],b[1],c1,c2,c3);
-	mul_add_c(a[3],b[0],c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	mul_add_c(a[3],b[1],c2,c3,c1);
-	mul_add_c(a[2],b[2],c2,c3,c1);
-	mul_add_c(a[1],b[3],c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	mul_add_c(a[2],b[3],c3,c1,c2);
-	mul_add_c(a[3],b[2],c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	mul_add_c(a[3],b[3],c1,c2,c3);
-	r[6]=c1;
-	r[7]=c2;
-	}
+{
+# ifdef BN_LLONG
+    BN_ULLONG t;
+# else
+    BN_ULONG bl, bh;
+# endif
+    BN_ULONG t1, t2;
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    mul_add_c(a[0], b[0], c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    mul_add_c(a[0], b[1], c2, c3, c1);
+    mul_add_c(a[1], b[0], c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[0], c3, c1, c2);
+    mul_add_c(a[1], b[1], c3, c1, c2);
+    mul_add_c(a[0], b[2], c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    mul_add_c(a[0], b[3], c1, c2, c3);
+    mul_add_c(a[1], b[2], c1, c2, c3);
+    mul_add_c(a[2], b[1], c1, c2, c3);
+    mul_add_c(a[3], b[0], c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    mul_add_c(a[3], b[1], c2, c3, c1);
+    mul_add_c(a[2], b[2], c2, c3, c1);
+    mul_add_c(a[1], b[3], c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    mul_add_c(a[2], b[3], c3, c1, c2);
+    mul_add_c(a[3], b[2], c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    mul_add_c(a[3], b[3], c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
 
 void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a)
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t,tt;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	sqr_add_c(a,0,c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	sqr_add_c2(a,1,0,c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	sqr_add_c(a,1,c3,c1,c2);
-	sqr_add_c2(a,2,0,c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	sqr_add_c2(a,3,0,c1,c2,c3);
-	sqr_add_c2(a,2,1,c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	sqr_add_c(a,2,c2,c3,c1);
-	sqr_add_c2(a,3,1,c2,c3,c1);
-	sqr_add_c2(a,4,0,c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	sqr_add_c2(a,5,0,c3,c1,c2);
-	sqr_add_c2(a,4,1,c3,c1,c2);
-	sqr_add_c2(a,3,2,c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	sqr_add_c(a,3,c1,c2,c3);
-	sqr_add_c2(a,4,2,c1,c2,c3);
-	sqr_add_c2(a,5,1,c1,c2,c3);
-	sqr_add_c2(a,6,0,c1,c2,c3);
-	r[6]=c1;
-	c1=0;
-	sqr_add_c2(a,7,0,c2,c3,c1);
-	sqr_add_c2(a,6,1,c2,c3,c1);
-	sqr_add_c2(a,5,2,c2,c3,c1);
-	sqr_add_c2(a,4,3,c2,c3,c1);
-	r[7]=c2;
-	c2=0;
-	sqr_add_c(a,4,c3,c1,c2);
-	sqr_add_c2(a,5,3,c3,c1,c2);
-	sqr_add_c2(a,6,2,c3,c1,c2);
-	sqr_add_c2(a,7,1,c3,c1,c2);
-	r[8]=c3;
-	c3=0;
-	sqr_add_c2(a,7,2,c1,c2,c3);
-	sqr_add_c2(a,6,3,c1,c2,c3);
-	sqr_add_c2(a,5,4,c1,c2,c3);
-	r[9]=c1;
-	c1=0;
-	sqr_add_c(a,5,c2,c3,c1);
-	sqr_add_c2(a,6,4,c2,c3,c1);
-	sqr_add_c2(a,7,3,c2,c3,c1);
-	r[10]=c2;
-	c2=0;
-	sqr_add_c2(a,7,4,c3,c1,c2);
-	sqr_add_c2(a,6,5,c3,c1,c2);
-	r[11]=c3;
-	c3=0;
-	sqr_add_c(a,6,c1,c2,c3);
-	sqr_add_c2(a,7,5,c1,c2,c3);
-	r[12]=c1;
-	c1=0;
-	sqr_add_c2(a,7,6,c2,c3,c1);
-	r[13]=c2;
-	c2=0;
-	sqr_add_c(a,7,c3,c1,c2);
-	r[14]=c3;
-	r[15]=c1;
-	}
+{
+# ifdef BN_LLONG
+    BN_ULLONG t, tt;
+# else
+    BN_ULONG bl, bh;
+# endif
+    BN_ULONG t1, t2;
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    sqr_add_c2(a, 4, 0, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 5, 0, c3, c1, c2);
+    sqr_add_c2(a, 4, 1, c3, c1, c2);
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    sqr_add_c2(a, 4, 2, c1, c2, c3);
+    sqr_add_c2(a, 5, 1, c1, c2, c3);
+    sqr_add_c2(a, 6, 0, c1, c2, c3);
+    r[6] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 0, c2, c3, c1);
+    sqr_add_c2(a, 6, 1, c2, c3, c1);
+    sqr_add_c2(a, 5, 2, c2, c3, c1);
+    sqr_add_c2(a, 4, 3, c2, c3, c1);
+    r[7] = c2;
+    c2 = 0;
+    sqr_add_c(a, 4, c3, c1, c2);
+    sqr_add_c2(a, 5, 3, c3, c1, c2);
+    sqr_add_c2(a, 6, 2, c3, c1, c2);
+    sqr_add_c2(a, 7, 1, c3, c1, c2);
+    r[8] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 7, 2, c1, c2, c3);
+    sqr_add_c2(a, 6, 3, c1, c2, c3);
+    sqr_add_c2(a, 5, 4, c1, c2, c3);
+    r[9] = c1;
+    c1 = 0;
+    sqr_add_c(a, 5, c2, c3, c1);
+    sqr_add_c2(a, 6, 4, c2, c3, c1);
+    sqr_add_c2(a, 7, 3, c2, c3, c1);
+    r[10] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 7, 4, c3, c1, c2);
+    sqr_add_c2(a, 6, 5, c3, c1, c2);
+    r[11] = c3;
+    c3 = 0;
+    sqr_add_c(a, 6, c1, c2, c3);
+    sqr_add_c2(a, 7, 5, c1, c2, c3);
+    r[12] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 7, 6, c2, c3, c1);
+    r[13] = c2;
+    c2 = 0;
+    sqr_add_c(a, 7, c3, c1, c2);
+    r[14] = c3;
+    r[15] = c1;
+}
 
 void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
-	{
-#ifdef BN_LLONG
-	BN_ULLONG t,tt;
-#else
-	BN_ULONG bl,bh;
-#endif
-	BN_ULONG t1,t2;
-	BN_ULONG c1,c2,c3;
-
-	c1=0;
-	c2=0;
-	c3=0;
-	sqr_add_c(a,0,c1,c2,c3);
-	r[0]=c1;
-	c1=0;
-	sqr_add_c2(a,1,0,c2,c3,c1);
-	r[1]=c2;
-	c2=0;
-	sqr_add_c(a,1,c3,c1,c2);
-	sqr_add_c2(a,2,0,c3,c1,c2);
-	r[2]=c3;
-	c3=0;
-	sqr_add_c2(a,3,0,c1,c2,c3);
-	sqr_add_c2(a,2,1,c1,c2,c3);
-	r[3]=c1;
-	c1=0;
-	sqr_add_c(a,2,c2,c3,c1);
-	sqr_add_c2(a,3,1,c2,c3,c1);
-	r[4]=c2;
-	c2=0;
-	sqr_add_c2(a,3,2,c3,c1,c2);
-	r[5]=c3;
-	c3=0;
-	sqr_add_c(a,3,c1,c2,c3);
-	r[6]=c1;
-	r[7]=c2;
-	}
-#else /* !BN_MUL_COMBA */
+{
+# ifdef BN_LLONG
+    BN_ULLONG t, tt;
+# else
+    BN_ULONG bl, bh;
+# endif
+    BN_ULONG t1, t2;
+    BN_ULONG c1, c2, c3;
+
+    c1 = 0;
+    c2 = 0;
+    c3 = 0;
+    sqr_add_c(a, 0, c1, c2, c3);
+    r[0] = c1;
+    c1 = 0;
+    sqr_add_c2(a, 1, 0, c2, c3, c1);
+    r[1] = c2;
+    c2 = 0;
+    sqr_add_c(a, 1, c3, c1, c2);
+    sqr_add_c2(a, 2, 0, c3, c1, c2);
+    r[2] = c3;
+    c3 = 0;
+    sqr_add_c2(a, 3, 0, c1, c2, c3);
+    sqr_add_c2(a, 2, 1, c1, c2, c3);
+    r[3] = c1;
+    c1 = 0;
+    sqr_add_c(a, 2, c2, c3, c1);
+    sqr_add_c2(a, 3, 1, c2, c3, c1);
+    r[4] = c2;
+    c2 = 0;
+    sqr_add_c2(a, 3, 2, c3, c1, c2);
+    r[5] = c3;
+    c3 = 0;
+    sqr_add_c(a, 3, c1, c2, c3);
+    r[6] = c1;
+    r[7] = c2;
+}
+#else                           /* !BN_MUL_COMBA */
 
 /* hmm... is it faster just to do a multiply? */
-#undef bn_sqr_comba4
+# undef bn_sqr_comba4
 void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a)
-	{
-	BN_ULONG t[8];
-	bn_sqr_normal(r,a,4,t);
-	}
+{
+    BN_ULONG t[8];
+    bn_sqr_normal(r, a, 4, t);
+}
 
-#undef bn_sqr_comba8
+# undef bn_sqr_comba8
 void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a)
-	{
-	BN_ULONG t[16];
-	bn_sqr_normal(r,a,8,t);
-	}
+{
+    BN_ULONG t[16];
+    bn_sqr_normal(r, a, 8, t);
+}
 
 void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-	{
-	r[4]=bn_mul_words(    &(r[0]),a,4,b[0]);
-	r[5]=bn_mul_add_words(&(r[1]),a,4,b[1]);
-	r[6]=bn_mul_add_words(&(r[2]),a,4,b[2]);
-	r[7]=bn_mul_add_words(&(r[3]),a,4,b[3]);
-	}
+{
+    r[4] = bn_mul_words(&(r[0]), a, 4, b[0]);
+    r[5] = bn_mul_add_words(&(r[1]), a, 4, b[1]);
+    r[6] = bn_mul_add_words(&(r[2]), a, 4, b[2]);
+    r[7] = bn_mul_add_words(&(r[3]), a, 4, b[3]);
+}
 
 void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
-	{
-	r[ 8]=bn_mul_words(    &(r[0]),a,8,b[0]);
-	r[ 9]=bn_mul_add_words(&(r[1]),a,8,b[1]);
-	r[10]=bn_mul_add_words(&(r[2]),a,8,b[2]);
-	r[11]=bn_mul_add_words(&(r[3]),a,8,b[3]);
-	r[12]=bn_mul_add_words(&(r[4]),a,8,b[4]);
-	r[13]=bn_mul_add_words(&(r[5]),a,8,b[5]);
-	r[14]=bn_mul_add_words(&(r[6]),a,8,b[6]);
-	r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]);
-	}
-
-#endif /* !BN_MUL_COMBA */
+{
+    r[8] = bn_mul_words(&(r[0]), a, 8, b[0]);
+    r[9] = bn_mul_add_words(&(r[1]), a, 8, b[1]);
+    r[10] = bn_mul_add_words(&(r[2]), a, 8, b[2]);
+    r[11] = bn_mul_add_words(&(r[3]), a, 8, b[3]);
+    r[12] = bn_mul_add_words(&(r[4]), a, 8, b[4]);
+    r[13] = bn_mul_add_words(&(r[5]), a, 8, b[5]);
+    r[14] = bn_mul_add_words(&(r[6]), a, 8, b[6]);
+    r[15] = bn_mul_add_words(&(r[7]), a, 8, b[7]);
+}
+
+#endif                          /* !BN_MUL_COMBA */
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c
index ca7f996b..d74ad2ce 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,21 +58,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -87,10 +87,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -102,7 +102,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -113,262 +113,262 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-#define BN_BLINDING_COUNTER	32
-
-struct bn_blinding_st
-	{
-	BIGNUM *A;
-	BIGNUM *Ai;
-	BIGNUM *e;
-	BIGNUM *mod; /* just a reference */
-	unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
-				  * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
-	int counter;
-	unsigned long flags;
-	BN_MONT_CTX *m_ctx;
-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-			  const BIGNUM *m, BN_CTX *ctx,
-			  BN_MONT_CTX *m_ctx);
-	};
-
-BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGNUM *mod)
-	{
-	BN_BLINDING *ret=NULL;
-
-	bn_check_top(mod);
-
-	if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL)
-		{
-		BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	memset(ret,0,sizeof(BN_BLINDING));
-	if (A != NULL)
-		{
-		if ((ret->A  = BN_dup(A))  == NULL) goto err;
-		}
-	if (Ai != NULL)
-		{
-		if ((ret->Ai = BN_dup(Ai)) == NULL) goto err;
-		}
-
-	/* save a copy of mod in the BN_BLINDING structure */
-	if ((ret->mod = BN_dup(mod)) == NULL) goto err;
-	if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
-		BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
-
-	/* Set the counter to the special value -1
-	 * to indicate that this is never-used fresh blinding
-	 * that does not need updating before first use. */
-	ret->counter = -1;
-	return(ret);
-err:
-	if (ret != NULL) BN_BLINDING_free(ret);
-	return(NULL);
-	}
+#define BN_BLINDING_COUNTER     32
+
+struct bn_blinding_st {
+    BIGNUM *A;
+    BIGNUM *Ai;
+    BIGNUM *e;
+    BIGNUM *mod;                /* just a reference */
+    unsigned long thread_id;    /* added in OpenSSL 0.9.6j and 0.9.7b; used
+                                 * only by crypto/rsa/rsa_eay.c, rsa_lib.c */
+    int counter;
+    unsigned long flags;
+    BN_MONT_CTX *m_ctx;
+    int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                       const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+};
+
+BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
+{
+    BN_BLINDING *ret = NULL;
+
+    bn_check_top(mod);
+
+    if ((ret = (BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) {
+        BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    memset(ret, 0, sizeof(BN_BLINDING));
+    if (A != NULL) {
+        if ((ret->A = BN_dup(A)) == NULL)
+            goto err;
+    }
+    if (Ai != NULL) {
+        if ((ret->Ai = BN_dup(Ai)) == NULL)
+            goto err;
+    }
+
+    /* save a copy of mod in the BN_BLINDING structure */
+    if ((ret->mod = BN_dup(mod)) == NULL)
+        goto err;
+    if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
+        BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
+
+    /*
+     * Set the counter to the special value -1 to indicate that this is
+     * never-used fresh blinding that does not need updating before first
+     * use.
+     */
+    ret->counter = -1;
+    return (ret);
+ err:
+    if (ret != NULL)
+        BN_BLINDING_free(ret);
+    return (NULL);
+}
 
 void BN_BLINDING_free(BN_BLINDING *r)
-	{
-	if(r == NULL)
-	    return;
-
-	if (r->A  != NULL) BN_free(r->A );
-	if (r->Ai != NULL) BN_free(r->Ai);
-	if (r->e  != NULL) BN_free(r->e );
-	if (r->mod != NULL) BN_free(r->mod); 
-	OPENSSL_free(r);
-	}
+{
+    if (r == NULL)
+        return;
+
+    if (r->A != NULL)
+        BN_free(r->A);
+    if (r->Ai != NULL)
+        BN_free(r->Ai);
+    if (r->e != NULL)
+        BN_free(r->e);
+    if (r->mod != NULL)
+        BN_free(r->mod);
+    OPENSSL_free(r);
+}
 
 int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
-	{
-	int ret=0;
-
-	if ((b->A == NULL) || (b->Ai == NULL))
-		{
-		BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED);
-		goto err;
-		}
-
-	if (b->counter == -1)
-		b->counter = 0;
-
-	if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
-		!(b->flags & BN_BLINDING_NO_RECREATE))
-		{
-		/* re-create blinding parameters */
-		if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
-			goto err;
-		}
-	else if (!(b->flags & BN_BLINDING_NO_UPDATE))
-		{
-		if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err;
-		if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err;
-		}
-
-	ret=1;
-err:
-	if (b->counter == BN_BLINDING_COUNTER)
-		b->counter = 0;
-	return(ret);
-	}
+{
+    int ret = 0;
+
+    if ((b->A == NULL) || (b->Ai == NULL)) {
+        BNerr(BN_F_BN_BLINDING_UPDATE, BN_R_NOT_INITIALIZED);
+        goto err;
+    }
+
+    if (b->counter == -1)
+        b->counter = 0;
+
+    if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
+        !(b->flags & BN_BLINDING_NO_RECREATE)) {
+        /* re-create blinding parameters */
+        if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
+            goto err;
+    } else if (!(b->flags & BN_BLINDING_NO_UPDATE)) {
+        if (!BN_mod_mul(b->A, b->A, b->A, b->mod, ctx))
+            goto err;
+        if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx))
+            goto err;
+    }
+
+    ret = 1;
+ err:
+    if (b->counter == BN_BLINDING_COUNTER)
+        b->counter = 0;
+    return (ret);
+}
 
 int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
-	{
-	return BN_BLINDING_convert_ex(n, NULL, b, ctx);
-	}
+{
+    return BN_BLINDING_convert_ex(n, NULL, b, ctx);
+}
 
 int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
-	{
-	int ret = 1;
+{
+    int ret = 1;
 
-	bn_check_top(n);
+    bn_check_top(n);
 
-	if ((b->A == NULL) || (b->Ai == NULL))
-		{
-		BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED);
-		return(0);
-		}
+    if ((b->A == NULL) || (b->Ai == NULL)) {
+        BNerr(BN_F_BN_BLINDING_CONVERT_EX, BN_R_NOT_INITIALIZED);
+        return (0);
+    }
 
-	if (b->counter == -1)
-		/* Fresh blinding, doesn't need updating. */
-		b->counter = 0;
-	else if (!BN_BLINDING_update(b,ctx))
-		return(0);
+    if (b->counter == -1)
+        /* Fresh blinding, doesn't need updating. */
+        b->counter = 0;
+    else if (!BN_BLINDING_update(b, ctx))
+        return (0);
 
-	if (r != NULL)
-		{
-		if (!BN_copy(r, b->Ai)) ret=0;
-		}
+    if (r != NULL) {
+        if (!BN_copy(r, b->Ai))
+            ret = 0;
+    }
 
-	if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0;
-	
-	return ret;
-	}
+    if (!BN_mod_mul(n, n, b->A, b->mod, ctx))
+        ret = 0;
+
+    return ret;
+}
 
 int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
-	{
-	return BN_BLINDING_invert_ex(n, NULL, b, ctx);
-	}
-
-int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
-	{
-	int ret;
-
-	bn_check_top(n);
-
-	if (r != NULL)
-		ret = BN_mod_mul(n, n, r, b->mod, ctx);
-	else
-		{
-		if (b->Ai == NULL)
-			{
-			BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
-			return(0);
-			}
-		ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
-		}
-
-	bn_check_top(n);
-	return(ret);
-	}
+{
+    return BN_BLINDING_invert_ex(n, NULL, b, ctx);
+}
+
+int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b,
+                          BN_CTX *ctx)
+{
+    int ret;
+
+    bn_check_top(n);
+
+    if (r != NULL)
+        ret = BN_mod_mul(n, n, r, b->mod, ctx);
+    else {
+        if (b->Ai == NULL) {
+            BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
+            return (0);
+        }
+        ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
+    }
+
+    bn_check_top(n);
+    return (ret);
+}
 
 unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b)
-	{
-	return b->thread_id;
-	}
+{
+    return b->thread_id;
+}
 
 void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n)
-	{
-	b->thread_id = n;
-	}
+{
+    b->thread_id = n;
+}
 
 unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
-	{
-	return b->flags;
-	}
+{
+    return b->flags;
+}
 
 void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
-	{
-	b->flags = flags;
-	}
+{
+    b->flags = flags;
+}
 
 BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
-	const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx,
-	int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-			  const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
-	BN_MONT_CTX *m_ctx)
+                                      const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
+                                      int (*bn_mod_exp) (BIGNUM *r,
+                                                         const BIGNUM *a,
+                                                         const BIGNUM *p,
+                                                         const BIGNUM *m,
+                                                         BN_CTX *ctx,
+                                                         BN_MONT_CTX *m_ctx),
+                                      BN_MONT_CTX *m_ctx)
 {
-	int    retry_counter = 32;
-	BN_BLINDING *ret = NULL;
-
-	if (b == NULL)
-		ret = BN_BLINDING_new(NULL, NULL, m);
-	else
-		ret = b;
-
-	if (ret == NULL)
-		goto err;
-
-	if (ret->A  == NULL && (ret->A  = BN_new()) == NULL)
-		goto err;
-	if (ret->Ai == NULL && (ret->Ai	= BN_new()) == NULL)
-		goto err;
-
-	if (e != NULL)
-		{
-		if (ret->e != NULL)
-			BN_free(ret->e);
-		ret->e = BN_dup(e);
-		}
-	if (ret->e == NULL)
-		goto err;
-
-	if (bn_mod_exp != NULL)
-		ret->bn_mod_exp = bn_mod_exp;
-	if (m_ctx != NULL)
-		ret->m_ctx = m_ctx;
-
-	do {
-		if (!BN_rand_range(ret->A, ret->mod)) goto err;
-		if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL)
-			{
-			/* this should almost never happen for good RSA keys */
-			unsigned long error = ERR_peek_last_error();
-			if (ERR_GET_REASON(error) == BN_R_NO_INVERSE)
-				{
-				if (retry_counter-- == 0)
-				{
-					BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
-						BN_R_TOO_MANY_ITERATIONS);
-					goto err;
-				}
-				ERR_clear_error();
-				}
-			else
-				goto err;
-			}
-		else
-			break;
-	} while (1);
-
-	if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL)
-		{
-		if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
-			goto err;
-		}
-	else
-		{
-		if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
-			goto err;
-		}
-
-	return ret;
-err:
-	if (b == NULL && ret != NULL)
-		{
-		BN_BLINDING_free(ret);
-		ret = NULL;
-		}
-
-	return ret;
+    int retry_counter = 32;
+    BN_BLINDING *ret = NULL;
+
+    if (b == NULL)
+        ret = BN_BLINDING_new(NULL, NULL, m);
+    else
+        ret = b;
+
+    if (ret == NULL)
+        goto err;
+
+    if (ret->A == NULL && (ret->A = BN_new()) == NULL)
+        goto err;
+    if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL)
+        goto err;
+
+    if (e != NULL) {
+        if (ret->e != NULL)
+            BN_free(ret->e);
+        ret->e = BN_dup(e);
+    }
+    if (ret->e == NULL)
+        goto err;
+
+    if (bn_mod_exp != NULL)
+        ret->bn_mod_exp = bn_mod_exp;
+    if (m_ctx != NULL)
+        ret->m_ctx = m_ctx;
+
+    do {
+        if (!BN_rand_range(ret->A, ret->mod))
+            goto err;
+        if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) {
+            /*
+             * this should almost never happen for good RSA keys
+             */
+            unsigned long error = ERR_peek_last_error();
+            if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
+                if (retry_counter-- == 0) {
+                    BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
+                          BN_R_TOO_MANY_ITERATIONS);
+                    goto err;
+                }
+                ERR_clear_error();
+            } else
+                goto err;
+        } else
+            break;
+    } while (1);
+
+    if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
+        if (!ret->bn_mod_exp
+            (ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
+            goto err;
+    } else {
+        if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
+            goto err;
+    }
+
+    return ret;
+ err:
+    if (b == NULL && ret != NULL) {
+        BN_BLINDING_free(ret);
+        ret = NULL;
+    }
+
+    return ret;
 }
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_const.c b/Cryptlib/OpenSSL/crypto/bn/bn_const.c
index eb60a25b..12c3208c 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_const.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_const.c
@@ -3,7 +3,8 @@
 
 #include "bn.h"
 
-/* "First Oakley Default Group" from RFC2409, section 6.1.
+/*-
+ * "First Oakley Default Group" from RFC2409, section 6.1.
  *
  * The prime is: 2^768 - 2 ^704 - 1 + 2^64 * { [2^638 pi] + 149686 }
  *
@@ -12,21 +13,26 @@
  */
 
 BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
-	{
-	static const unsigned char RFC2409_PRIME_768[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x3A,0x36,0x20,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC2409_PRIME_768,sizeof(RFC2409_PRIME_768),bn);
-	}
+{
+    static const unsigned char RFC2409_PRIME_768[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x3A, 0x36, 0x20,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC2409_PRIME_768, sizeof(RFC2409_PRIME_768), bn);
+}
 
-/* "Second Oakley Default Group" from RFC2409, section 6.2.
+/*-
+ * "Second Oakley Default Group" from RFC2409, section 6.2.
  *
  * The prime is: 2^1024 - 2^960 - 1 + 2^64 * { [2^894 pi] + 129093 }.
  *
@@ -35,24 +41,30 @@ BIGNUM *get_rfc2409_prime_768(BIGNUM *bn)
  */
 
 BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
-	{
-	static const unsigned char RFC2409_PRIME_1024[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE6,0x53,0x81,
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC2409_PRIME_1024,sizeof(RFC2409_PRIME_1024),bn);
-	}
+{
+    static const unsigned char RFC2409_PRIME_1024[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC2409_PRIME_1024, sizeof(RFC2409_PRIME_1024), bn);
+}
 
-/* "1536-bit MODP Group" from RFC3526, Section 2.
+/*-
+ * "1536-bit MODP Group" from RFC3526, Section 2.
  *
  * The prime is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 }
  *
@@ -61,29 +73,38 @@ BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn)
  */
 
 BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
-	{
-	static const unsigned char RFC3526_PRIME_1536[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x23,0x73,0x27,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC3526_PRIME_1536,sizeof(RFC3526_PRIME_1536),bn);
-	}
+{
+    static const unsigned char RFC3526_PRIME_1536[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x23, 0x73, 0x27,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_1536, sizeof(RFC3526_PRIME_1536), bn);
+}
 
-/* "2048-bit MODP Group" from RFC3526, Section 3.
+/*-
+ * "2048-bit MODP Group" from RFC3526, Section 3.
  *
  * The prime is: 2^2048 - 2^1984 - 1 + 2^64 * { [2^1918 pi] + 124476 }
  *
@@ -91,35 +112,46 @@ BIGNUM *get_rfc3526_prime_1536(BIGNUM *bn)
  */
 
 BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
-	{
-	static const unsigned char RFC3526_PRIME_2048[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-		0x15,0x72,0x8E,0x5A,0x8A,0xAC,0xAA,0x68,0xFF,0xFF,0xFF,0xFF,
-		0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC3526_PRIME_2048,sizeof(RFC3526_PRIME_2048),bn);
-	}
+{
+    static const unsigned char RFC3526_PRIME_2048[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_2048, sizeof(RFC3526_PRIME_2048), bn);
+}
 
-/* "3072-bit MODP Group" from RFC3526, Section 4.
+/*-
+ * "3072-bit MODP Group" from RFC3526, Section 4.
  *
  * The prime is: 2^3072 - 2^3008 - 1 + 2^64 * { [2^2942 pi] + 1690314 }
  *
@@ -127,45 +159,62 @@ BIGNUM *get_rfc3526_prime_2048(BIGNUM *bn)
  */
 
 BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
-	{
-	static const unsigned char RFC3526_PRIME_3072[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
-		0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC3526_PRIME_3072,sizeof(RFC3526_PRIME_3072),bn);
-	}
+{
+    static const unsigned char RFC3526_PRIME_3072[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_3072, sizeof(RFC3526_PRIME_3072), bn);
+}
 
-/* "4096-bit MODP Group" from RFC3526, Section 5.
+/*-
+ * "4096-bit MODP Group" from RFC3526, Section 5.
  *
  * The prime is: 2^4096 - 2^4032 - 1 + 2^64 * { [2^3966 pi] + 240904 }
  *
@@ -173,56 +222,78 @@ BIGNUM *get_rfc3526_prime_3072(BIGNUM *bn)
  */
 
 BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
-	{
-	static const unsigned char RFC3526_PRIME_4096[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
-		0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
-		0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
-		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
-		0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
-		0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
-		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
-		0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
-		0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x06,0x31,0x99,
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC3526_PRIME_4096,sizeof(RFC3526_PRIME_4096),bn);
-	}
+{
+    static const unsigned char RFC3526_PRIME_4096[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+        0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+        0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+        0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+        0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+        0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+        0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+        0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+        0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+        0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+        0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+        0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+        0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+        0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+        0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+        0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+        0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_4096, sizeof(RFC3526_PRIME_4096), bn);
+}
 
-/* "6144-bit MODP Group" from RFC3526, Section 6.
+/*-
+ * "6144-bit MODP Group" from RFC3526, Section 6.
  *
  * The prime is: 2^6144 - 2^6080 - 1 + 2^64 * { [2^6014 pi] + 929484 }
  *
@@ -230,77 +301,110 @@ BIGNUM *get_rfc3526_prime_4096(BIGNUM *bn)
  */
 
 BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
-	{
-	static const unsigned char RFC3526_PRIME_6144[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
-		0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
-		0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
-		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
-		0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
-		0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
-		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
-		0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
-		0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
-		0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
-		0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
-		0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
-		0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
-		0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
-		0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
-		0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
-		0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
-		0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
-		0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
-		0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
-		0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
-		0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
-		0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
-		0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
-		0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
-		0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
-		0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
-		0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
-		0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
-		0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
-		0x6D,0xCC,0x40,0x24,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC3526_PRIME_6144,sizeof(RFC3526_PRIME_6144),bn);
-	}
+{
+    static const unsigned char RFC3526_PRIME_6144[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+        0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+        0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+        0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+        0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+        0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+        0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+        0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+        0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+        0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+        0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+        0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+        0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+        0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+        0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+        0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+        0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+        0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
+        0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE,
+        0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+        0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E,
+        0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
+        0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+        0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
+        0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED,
+        0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+        0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B,
+        0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
+        0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+        0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
+        0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03,
+        0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+        0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82,
+        0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
+        0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+        0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
+        0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5,
+        0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+        0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8,
+        0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
+        0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+        0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
+        0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0,
+        0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+        0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32,
+        0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
+        0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+        0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
+        0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xCC, 0x40, 0x24,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_6144, sizeof(RFC3526_PRIME_6144), bn);
+}
 
-/* "8192-bit MODP Group" from RFC3526, Section 7.
+/*-
+ * "8192-bit MODP Group" from RFC3526, Section 7.
  *
  * The prime is: 2^8192 - 2^8128 - 1 + 2^64 * { [2^8062 pi] + 4743158 }
  *
@@ -308,95 +412,136 @@ BIGNUM *get_rfc3526_prime_6144(BIGNUM *bn)
  */
 
 BIGNUM *get_rfc3526_prime_8192(BIGNUM *bn)
-	{
-	static const unsigned char RFC3526_PRIME_8192[]={
-		0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
-		0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
-		0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
-		0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
-		0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
-		0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
-		0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
-		0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
-		0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
-		0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
-		0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
-		0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
-		0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
-		0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
-		0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
-		0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
-		0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
-		0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
-		0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
-		0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
-		0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
-		0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
-		0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
-		0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
-		0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
-		0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
-		0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
-		0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
-		0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
-		0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
-		0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
-		0xA9,0x21,0x08,0x01,0x1A,0x72,0x3C,0x12,0xA7,0x87,0xE6,0xD7,
-		0x88,0x71,0x9A,0x10,0xBD,0xBA,0x5B,0x26,0x99,0xC3,0x27,0x18,
-		0x6A,0xF4,0xE2,0x3C,0x1A,0x94,0x68,0x34,0xB6,0x15,0x0B,0xDA,
-		0x25,0x83,0xE9,0xCA,0x2A,0xD4,0x4C,0xE8,0xDB,0xBB,0xC2,0xDB,
-		0x04,0xDE,0x8E,0xF9,0x2E,0x8E,0xFC,0x14,0x1F,0xBE,0xCA,0xA6,
-		0x28,0x7C,0x59,0x47,0x4E,0x6B,0xC0,0x5D,0x99,0xB2,0x96,0x4F,
-		0xA0,0x90,0xC3,0xA2,0x23,0x3B,0xA1,0x86,0x51,0x5B,0xE7,0xED,
-		0x1F,0x61,0x29,0x70,0xCE,0xE2,0xD7,0xAF,0xB8,0x1B,0xDD,0x76,
-		0x21,0x70,0x48,0x1C,0xD0,0x06,0x91,0x27,0xD5,0xB0,0x5A,0xA9,
-		0x93,0xB4,0xEA,0x98,0x8D,0x8F,0xDD,0xC1,0x86,0xFF,0xB7,0xDC,
-		0x90,0xA6,0xC0,0x8F,0x4D,0xF4,0x35,0xC9,0x34,0x02,0x84,0x92,
-		0x36,0xC3,0xFA,0xB4,0xD2,0x7C,0x70,0x26,0xC1,0xD4,0xDC,0xB2,
-		0x60,0x26,0x46,0xDE,0xC9,0x75,0x1E,0x76,0x3D,0xBA,0x37,0xBD,
-		0xF8,0xFF,0x94,0x06,0xAD,0x9E,0x53,0x0E,0xE5,0xDB,0x38,0x2F,
-		0x41,0x30,0x01,0xAE,0xB0,0x6A,0x53,0xED,0x90,0x27,0xD8,0x31,
-		0x17,0x97,0x27,0xB0,0x86,0x5A,0x89,0x18,0xDA,0x3E,0xDB,0xEB,
-		0xCF,0x9B,0x14,0xED,0x44,0xCE,0x6C,0xBA,0xCE,0xD4,0xBB,0x1B,
-		0xDB,0x7F,0x14,0x47,0xE6,0xCC,0x25,0x4B,0x33,0x20,0x51,0x51,
-		0x2B,0xD7,0xAF,0x42,0x6F,0xB8,0xF4,0x01,0x37,0x8C,0xD2,0xBF,
-		0x59,0x83,0xCA,0x01,0xC6,0x4B,0x92,0xEC,0xF0,0x32,0xEA,0x15,
-		0xD1,0x72,0x1D,0x03,0xF4,0x82,0xD7,0xCE,0x6E,0x74,0xFE,0xF6,
-		0xD5,0x5E,0x70,0x2F,0x46,0x98,0x0C,0x82,0xB5,0xA8,0x40,0x31,
-		0x90,0x0B,0x1C,0x9E,0x59,0xE7,0xC9,0x7F,0xBE,0xC7,0xE8,0xF3,
-		0x23,0xA9,0x7A,0x7E,0x36,0xCC,0x88,0xBE,0x0F,0x1D,0x45,0xB7,
-		0xFF,0x58,0x5A,0xC5,0x4B,0xD4,0x07,0xB2,0x2B,0x41,0x54,0xAA,
-		0xCC,0x8F,0x6D,0x7E,0xBF,0x48,0xE1,0xD8,0x14,0xCC,0x5E,0xD2,
-		0x0F,0x80,0x37,0xE0,0xA7,0x97,0x15,0xEE,0xF2,0x9B,0xE3,0x28,
-		0x06,0xA1,0xD5,0x8B,0xB7,0xC5,0xDA,0x76,0xF5,0x50,0xAA,0x3D,
-		0x8A,0x1F,0xBF,0xF0,0xEB,0x19,0xCC,0xB1,0xA3,0x13,0xD5,0x5C,
-		0xDA,0x56,0xC9,0xEC,0x2E,0xF2,0x96,0x32,0x38,0x7F,0xE8,0xD7,
-		0x6E,0x3C,0x04,0x68,0x04,0x3E,0x8F,0x66,0x3F,0x48,0x60,0xEE,
-		0x12,0xBF,0x2D,0x5B,0x0B,0x74,0x74,0xD6,0xE6,0x94,0xF9,0x1E,
-		0x6D,0xBE,0x11,0x59,0x74,0xA3,0x92,0x6F,0x12,0xFE,0xE5,0xE4,
-		0x38,0x77,0x7C,0xB6,0xA9,0x32,0xDF,0x8C,0xD8,0xBE,0xC4,0xD0,
-		0x73,0xB9,0x31,0xBA,0x3B,0xC8,0x32,0xB6,0x8D,0x9D,0xD3,0x00,
-		0x74,0x1F,0xA7,0xBF,0x8A,0xFC,0x47,0xED,0x25,0x76,0xF6,0x93,
-		0x6B,0xA4,0x24,0x66,0x3A,0xAB,0x63,0x9C,0x5A,0xE4,0xF5,0x68,
-		0x34,0x23,0xB4,0x74,0x2B,0xF1,0xC9,0x78,0x23,0x8F,0x16,0xCB,
-		0xE3,0x9D,0x65,0x2D,0xE3,0xFD,0xB8,0xBE,0xFC,0x84,0x8A,0xD9,
-		0x22,0x22,0x2E,0x04,0xA4,0x03,0x7C,0x07,0x13,0xEB,0x57,0xA8,
-		0x1A,0x23,0xF0,0xC7,0x34,0x73,0xFC,0x64,0x6C,0xEA,0x30,0x6B,
-		0x4B,0xCB,0xC8,0x86,0x2F,0x83,0x85,0xDD,0xFA,0x9D,0x4B,0x7F,
-		0xA2,0xC0,0x87,0xE8,0x79,0x68,0x33,0x03,0xED,0x5B,0xDD,0x3A,
-		0x06,0x2B,0x3C,0xF5,0xB3,0xA2,0x78,0xA6,0x6D,0x2A,0x13,0xF8,
-		0x3F,0x44,0xF8,0x2D,0xDF,0x31,0x0E,0xE0,0x74,0xAB,0x6A,0x36,
-		0x45,0x97,0xE8,0x99,0xA0,0x25,0x5D,0xC1,0x64,0xF3,0x1C,0xC5,
-		0x08,0x46,0x85,0x1D,0xF9,0xAB,0x48,0x19,0x5D,0xED,0x7E,0xA1,
-		0xB1,0xD5,0x10,0xBD,0x7E,0xE7,0x4D,0x73,0xFA,0xF3,0x6B,0xC3,
-		0x1E,0xCF,0xA2,0x68,0x35,0x90,0x46,0xF4,0xEB,0x87,0x9F,0x92,
-		0x40,0x09,0x43,0x8B,0x48,0x1C,0x6C,0xD7,0x88,0x9A,0x00,0x2E,
-		0xD5,0xEE,0x38,0x2B,0xC9,0x19,0x0D,0xA6,0xFC,0x02,0x6E,0x47,
-		0x95,0x58,0xE4,0x47,0x56,0x77,0xE9,0xAA,0x9E,0x30,0x50,0xE2,
-		0x76,0x56,0x94,0xDF,0xC8,0x1F,0x56,0xE8,0x80,0xB9,0x6E,0x71,
-		0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,
-		0xFF,0xFF,0xFF,0xFF,
-		};
-	return BN_bin2bn(RFC3526_PRIME_8192,sizeof(RFC3526_PRIME_8192),bn);
-	}
-
+{
+    static const unsigned char RFC3526_PRIME_8192[] = {
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+        0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+        0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+        0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+        0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+        0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+        0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+        0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+        0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+        0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+        0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+        0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+        0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+        0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+        0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+        0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+        0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+        0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+        0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+        0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+        0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+        0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+        0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,
+        0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,
+        0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,
+        0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,
+        0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,
+        0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,
+        0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,
+        0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,
+        0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,
+        0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,
+        0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,
+        0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,
+        0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,
+        0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,
+        0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,
+        0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,
+        0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,
+        0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,
+        0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,
+        0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,
+        0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,
+        0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,
+        0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,
+        0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,
+        0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,
+        0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,
+        0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,
+        0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,
+        0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,
+        0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,
+        0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,
+        0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,
+        0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,
+        0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,
+        0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,
+        0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,
+        0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,
+        0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,
+        0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,
+        0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,
+        0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x02, 0x84, 0x92,
+        0x36, 0xC3, 0xFA, 0xB4, 0xD2, 0x7C, 0x70, 0x26,
+        0xC1, 0xD4, 0xDC, 0xB2, 0x60, 0x26, 0x46, 0xDE,
+        0xC9, 0x75, 0x1E, 0x76, 0x3D, 0xBA, 0x37, 0xBD,
+        0xF8, 0xFF, 0x94, 0x06, 0xAD, 0x9E, 0x53, 0x0E,
+        0xE5, 0xDB, 0x38, 0x2F, 0x41, 0x30, 0x01, 0xAE,
+        0xB0, 0x6A, 0x53, 0xED, 0x90, 0x27, 0xD8, 0x31,
+        0x17, 0x97, 0x27, 0xB0, 0x86, 0x5A, 0x89, 0x18,
+        0xDA, 0x3E, 0xDB, 0xEB, 0xCF, 0x9B, 0x14, 0xED,
+        0x44, 0xCE, 0x6C, 0xBA, 0xCE, 0xD4, 0xBB, 0x1B,
+        0xDB, 0x7F, 0x14, 0x47, 0xE6, 0xCC, 0x25, 0x4B,
+        0x33, 0x20, 0x51, 0x51, 0x2B, 0xD7, 0xAF, 0x42,
+        0x6F, 0xB8, 0xF4, 0x01, 0x37, 0x8C, 0xD2, 0xBF,
+        0x59, 0x83, 0xCA, 0x01, 0xC6, 0x4B, 0x92, 0xEC,
+        0xF0, 0x32, 0xEA, 0x15, 0xD1, 0x72, 0x1D, 0x03,
+        0xF4, 0x82, 0xD7, 0xCE, 0x6E, 0x74, 0xFE, 0xF6,
+        0xD5, 0x5E, 0x70, 0x2F, 0x46, 0x98, 0x0C, 0x82,
+        0xB5, 0xA8, 0x40, 0x31, 0x90, 0x0B, 0x1C, 0x9E,
+        0x59, 0xE7, 0xC9, 0x7F, 0xBE, 0xC7, 0xE8, 0xF3,
+        0x23, 0xA9, 0x7A, 0x7E, 0x36, 0xCC, 0x88, 0xBE,
+        0x0F, 0x1D, 0x45, 0xB7, 0xFF, 0x58, 0x5A, 0xC5,
+        0x4B, 0xD4, 0x07, 0xB2, 0x2B, 0x41, 0x54, 0xAA,
+        0xCC, 0x8F, 0x6D, 0x7E, 0xBF, 0x48, 0xE1, 0xD8,
+        0x14, 0xCC, 0x5E, 0xD2, 0x0F, 0x80, 0x37, 0xE0,
+        0xA7, 0x97, 0x15, 0xEE, 0xF2, 0x9B, 0xE3, 0x28,
+        0x06, 0xA1, 0xD5, 0x8B, 0xB7, 0xC5, 0xDA, 0x76,
+        0xF5, 0x50, 0xAA, 0x3D, 0x8A, 0x1F, 0xBF, 0xF0,
+        0xEB, 0x19, 0xCC, 0xB1, 0xA3, 0x13, 0xD5, 0x5C,
+        0xDA, 0x56, 0xC9, 0xEC, 0x2E, 0xF2, 0x96, 0x32,
+        0x38, 0x7F, 0xE8, 0xD7, 0x6E, 0x3C, 0x04, 0x68,
+        0x04, 0x3E, 0x8F, 0x66, 0x3F, 0x48, 0x60, 0xEE,
+        0x12, 0xBF, 0x2D, 0x5B, 0x0B, 0x74, 0x74, 0xD6,
+        0xE6, 0x94, 0xF9, 0x1E, 0x6D, 0xBE, 0x11, 0x59,
+        0x74, 0xA3, 0x92, 0x6F, 0x12, 0xFE, 0xE5, 0xE4,
+        0x38, 0x77, 0x7C, 0xB6, 0xA9, 0x32, 0xDF, 0x8C,
+        0xD8, 0xBE, 0xC4, 0xD0, 0x73, 0xB9, 0x31, 0xBA,
+        0x3B, 0xC8, 0x32, 0xB6, 0x8D, 0x9D, 0xD3, 0x00,
+        0x74, 0x1F, 0xA7, 0xBF, 0x8A, 0xFC, 0x47, 0xED,
+        0x25, 0x76, 0xF6, 0x93, 0x6B, 0xA4, 0x24, 0x66,
+        0x3A, 0xAB, 0x63, 0x9C, 0x5A, 0xE4, 0xF5, 0x68,
+        0x34, 0x23, 0xB4, 0x74, 0x2B, 0xF1, 0xC9, 0x78,
+        0x23, 0x8F, 0x16, 0xCB, 0xE3, 0x9D, 0x65, 0x2D,
+        0xE3, 0xFD, 0xB8, 0xBE, 0xFC, 0x84, 0x8A, 0xD9,
+        0x22, 0x22, 0x2E, 0x04, 0xA4, 0x03, 0x7C, 0x07,
+        0x13, 0xEB, 0x57, 0xA8, 0x1A, 0x23, 0xF0, 0xC7,
+        0x34, 0x73, 0xFC, 0x64, 0x6C, 0xEA, 0x30, 0x6B,
+        0x4B, 0xCB, 0xC8, 0x86, 0x2F, 0x83, 0x85, 0xDD,
+        0xFA, 0x9D, 0x4B, 0x7F, 0xA2, 0xC0, 0x87, 0xE8,
+        0x79, 0x68, 0x33, 0x03, 0xED, 0x5B, 0xDD, 0x3A,
+        0x06, 0x2B, 0x3C, 0xF5, 0xB3, 0xA2, 0x78, 0xA6,
+        0x6D, 0x2A, 0x13, 0xF8, 0x3F, 0x44, 0xF8, 0x2D,
+        0xDF, 0x31, 0x0E, 0xE0, 0x74, 0xAB, 0x6A, 0x36,
+        0x45, 0x97, 0xE8, 0x99, 0xA0, 0x25, 0x5D, 0xC1,
+        0x64, 0xF3, 0x1C, 0xC5, 0x08, 0x46, 0x85, 0x1D,
+        0xF9, 0xAB, 0x48, 0x19, 0x5D, 0xED, 0x7E, 0xA1,
+        0xB1, 0xD5, 0x10, 0xBD, 0x7E, 0xE7, 0x4D, 0x73,
+        0xFA, 0xF3, 0x6B, 0xC3, 0x1E, 0xCF, 0xA2, 0x68,
+        0x35, 0x90, 0x46, 0xF4, 0xEB, 0x87, 0x9F, 0x92,
+        0x40, 0x09, 0x43, 0x8B, 0x48, 0x1C, 0x6C, 0xD7,
+        0x88, 0x9A, 0x00, 0x2E, 0xD5, 0xEE, 0x38, 0x2B,
+        0xC9, 0x19, 0x0D, 0xA6, 0xFC, 0x02, 0x6E, 0x47,
+        0x95, 0x58, 0xE4, 0x47, 0x56, 0x77, 0xE9, 0xAA,
+        0x9E, 0x30, 0x50, 0xE2, 0x76, 0x56, 0x94, 0xDF,
+        0xC8, 0x1F, 0x56, 0xE8, 0x80, 0xB9, 0x6E, 0x71,
+        0x60, 0xC9, 0x80, 0xDD, 0x98, 0xED, 0xD3, 0xDF,
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    };
+    return BN_bin2bn(RFC3526_PRIME_8192, sizeof(RFC3526_PRIME_8192), bn);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c
index b3452f1a..1d756a0b 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c
@@ -8,7 +8,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -55,9 +55,9 @@
  */
 
 #if !defined(BN_CTX_DEBUG) && !defined(BN_DEBUG)
-#ifndef NDEBUG
-#define NDEBUG
-#endif
+# ifndef NDEBUG
+#  define NDEBUG
+# endif
 #endif
 
 #include <stdio.h>
@@ -66,7 +66,8 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-/* TODO list
+/*-
+ * TODO list
  *
  * 1. Check a bunch of "(words+1)" type hacks in various bignum functions and
  * check they can be safely removed.
@@ -79,376 +80,369 @@
  */
 
 /* How many bignums are in each "pool item"; */
-#define BN_CTX_POOL_SIZE	16
+#define BN_CTX_POOL_SIZE        16
 /* The stack frame info is resizing, set a first-time expansion size; */
-#define BN_CTX_START_FRAMES	32
+#define BN_CTX_START_FRAMES     32
 
 /***********/
 /* BN_POOL */
 /***********/
 
 /* A bundle of bignums that can be linked with other bundles */
-typedef struct bignum_pool_item
-	{
-	/* The bignum values */
-	BIGNUM vals[BN_CTX_POOL_SIZE];
-	/* Linked-list admin */
-	struct bignum_pool_item *prev, *next;
-	} BN_POOL_ITEM;
+typedef struct bignum_pool_item {
+    /* The bignum values */
+    BIGNUM vals[BN_CTX_POOL_SIZE];
+    /* Linked-list admin */
+    struct bignum_pool_item *prev, *next;
+} BN_POOL_ITEM;
 /* A linked-list of bignums grouped in bundles */
-typedef struct bignum_pool
-	{
-	/* Linked-list admin */
-	BN_POOL_ITEM *head, *current, *tail;
-	/* Stack depth and allocation size */
-	unsigned used, size;
-	} BN_POOL;
-static void		BN_POOL_init(BN_POOL *);
-static void		BN_POOL_finish(BN_POOL *);
+typedef struct bignum_pool {
+    /* Linked-list admin */
+    BN_POOL_ITEM *head, *current, *tail;
+    /* Stack depth and allocation size */
+    unsigned used, size;
+} BN_POOL;
+static void BN_POOL_init(BN_POOL *);
+static void BN_POOL_finish(BN_POOL *);
 #ifndef OPENSSL_NO_DEPRECATED
-static void		BN_POOL_reset(BN_POOL *);
+static void BN_POOL_reset(BN_POOL *);
 #endif
-static BIGNUM *		BN_POOL_get(BN_POOL *);
-static void		BN_POOL_release(BN_POOL *, unsigned int);
+static BIGNUM *BN_POOL_get(BN_POOL *);
+static void BN_POOL_release(BN_POOL *, unsigned int);
 
 /************/
 /* BN_STACK */
 /************/
 
 /* A wrapper to manage the "stack frames" */
-typedef struct bignum_ctx_stack
-	{
-	/* Array of indexes into the bignum stack */
-	unsigned int *indexes;
-	/* Number of stack frames, and the size of the allocated array */
-	unsigned int depth, size;
-	} BN_STACK;
-static void		BN_STACK_init(BN_STACK *);
-static void		BN_STACK_finish(BN_STACK *);
+typedef struct bignum_ctx_stack {
+    /* Array of indexes into the bignum stack */
+    unsigned int *indexes;
+    /* Number of stack frames, and the size of the allocated array */
+    unsigned int depth, size;
+} BN_STACK;
+static void BN_STACK_init(BN_STACK *);
+static void BN_STACK_finish(BN_STACK *);
 #ifndef OPENSSL_NO_DEPRECATED
-static void		BN_STACK_reset(BN_STACK *);
+static void BN_STACK_reset(BN_STACK *);
 #endif
-static int		BN_STACK_push(BN_STACK *, unsigned int);
-static unsigned int	BN_STACK_pop(BN_STACK *);
+static int BN_STACK_push(BN_STACK *, unsigned int);
+static unsigned int BN_STACK_pop(BN_STACK *);
 
 /**********/
 /* BN_CTX */
 /**********/
 
 /* The opaque BN_CTX type */
-struct bignum_ctx
-	{
-	/* The bignum bundles */
-	BN_POOL pool;
-	/* The "stack frames", if you will */
-	BN_STACK stack;
-	/* The number of bignums currently assigned */
-	unsigned int used;
-	/* Depth of stack overflow */
-	int err_stack;
-	/* Block "gets" until an "end" (compatibility behaviour) */
-	int too_many;
-	};
+struct bignum_ctx {
+    /* The bignum bundles */
+    BN_POOL pool;
+    /* The "stack frames", if you will */
+    BN_STACK stack;
+    /* The number of bignums currently assigned */
+    unsigned int used;
+    /* Depth of stack overflow */
+    int err_stack;
+    /* Block "gets" until an "end" (compatibility behaviour) */
+    int too_many;
+};
 
 /* Enable this to find BN_CTX bugs */
 #ifdef BN_CTX_DEBUG
 static const char *ctxdbg_cur = NULL;
 static void ctxdbg(BN_CTX *ctx)
-	{
-	unsigned int bnidx = 0, fpidx = 0;
-	BN_POOL_ITEM *item = ctx->pool.head;
-	BN_STACK *stack = &ctx->stack;
-	fprintf(stderr,"(%08x): ", (unsigned int)ctx);
-	while(bnidx < ctx->used)
-		{
-		fprintf(stderr,"%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
-		if(!(bnidx % BN_CTX_POOL_SIZE))
-			item = item->next;
-		}
-	fprintf(stderr,"\n");
-	bnidx = 0;
-	fprintf(stderr,"          : ");
-	while(fpidx < stack->depth)
-		{
-		while(bnidx++ < stack->indexes[fpidx])
-			fprintf(stderr,"   ");
-		fprintf(stderr,"^^ ");
-		bnidx++;
-		fpidx++;
-		}
-	fprintf(stderr,"\n");
-	}
-#define CTXDBG_ENTRY(str, ctx)	do { \
-				ctxdbg_cur = (str); \
-				fprintf(stderr,"Starting %s\n", ctxdbg_cur); \
-				ctxdbg(ctx); \
-				} while(0)
-#define CTXDBG_EXIT(ctx)	do { \
-				fprintf(stderr,"Ending %s\n", ctxdbg_cur); \
-				ctxdbg(ctx); \
-				} while(0)
-#define CTXDBG_RET(ctx,ret)
+{
+    unsigned int bnidx = 0, fpidx = 0;
+    BN_POOL_ITEM *item = ctx->pool.head;
+    BN_STACK *stack = &ctx->stack;
+    fprintf(stderr, "(%08x): ", (unsigned int)ctx);
+    while (bnidx < ctx->used) {
+        fprintf(stderr, "%02x ", item->vals[bnidx++ % BN_CTX_POOL_SIZE].dmax);
+        if (!(bnidx % BN_CTX_POOL_SIZE))
+            item = item->next;
+    }
+    fprintf(stderr, "\n");
+    bnidx = 0;
+    fprintf(stderr, "          : ");
+    while (fpidx < stack->depth) {
+        while (bnidx++ < stack->indexes[fpidx])
+            fprintf(stderr, "   ");
+        fprintf(stderr, "^^ ");
+        bnidx++;
+        fpidx++;
+    }
+    fprintf(stderr, "\n");
+}
+
+# define CTXDBG_ENTRY(str, ctx)  do { \
+                                ctxdbg_cur = (str); \
+                                fprintf(stderr,"Starting %s\n", ctxdbg_cur); \
+                                ctxdbg(ctx); \
+                                } while(0)
+# define CTXDBG_EXIT(ctx)        do { \
+                                fprintf(stderr,"Ending %s\n", ctxdbg_cur); \
+                                ctxdbg(ctx); \
+                                } while(0)
+# define CTXDBG_RET(ctx,ret)
 #else
-#define CTXDBG_ENTRY(str, ctx)
-#define CTXDBG_EXIT(ctx)
-#define CTXDBG_RET(ctx,ret)
+# define CTXDBG_ENTRY(str, ctx)
+# define CTXDBG_EXIT(ctx)
+# define CTXDBG_RET(ctx,ret)
 #endif
 
-/* This function is an evil legacy and should not be used. This implementation
- * is WYSIWYG, though I've done my best. */
+/*
+ * This function is an evil legacy and should not be used. This
+ * implementation is WYSIWYG, though I've done my best.
+ */
 #ifndef OPENSSL_NO_DEPRECATED
 void BN_CTX_init(BN_CTX *ctx)
-	{
-	/* Assume the caller obtained the context via BN_CTX_new() and so is
-	 * trying to reset it for use. Nothing else makes sense, least of all
-	 * binary compatibility from a time when they could declare a static
-	 * variable. */
-	BN_POOL_reset(&ctx->pool);
-	BN_STACK_reset(&ctx->stack);
-	ctx->used = 0;
-	ctx->err_stack = 0;
-	ctx->too_many = 0;
-	}
+{
+    /*
+     * Assume the caller obtained the context via BN_CTX_new() and so is
+     * trying to reset it for use. Nothing else makes sense, least of all
+     * binary compatibility from a time when they could declare a static
+     * variable.
+     */
+    BN_POOL_reset(&ctx->pool);
+    BN_STACK_reset(&ctx->stack);
+    ctx->used = 0;
+    ctx->err_stack = 0;
+    ctx->too_many = 0;
+}
 #endif
 
 BN_CTX *BN_CTX_new(void)
-	{
-	BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX));
-	if(!ret)
-		{
-		BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-	/* Initialise the structure */
-	BN_POOL_init(&ret->pool);
-	BN_STACK_init(&ret->stack);
-	ret->used = 0;
-	ret->err_stack = 0;
-	ret->too_many = 0;
-	return ret;
-	}
+{
+    BN_CTX *ret = OPENSSL_malloc(sizeof(BN_CTX));
+    if (!ret) {
+        BNerr(BN_F_BN_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    /* Initialise the structure */
+    BN_POOL_init(&ret->pool);
+    BN_STACK_init(&ret->stack);
+    ret->used = 0;
+    ret->err_stack = 0;
+    ret->too_many = 0;
+    return ret;
+}
 
 void BN_CTX_free(BN_CTX *ctx)
-	{
-	if (ctx == NULL)
-		return;
+{
+    if (ctx == NULL)
+        return;
 #ifdef BN_CTX_DEBUG
-	{
-	BN_POOL_ITEM *pool = ctx->pool.head;
-	fprintf(stderr,"BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
-		ctx->stack.size, ctx->pool.size);
-	fprintf(stderr,"dmaxs: ");
-	while(pool) {
-		unsigned loop = 0;
-		while(loop < BN_CTX_POOL_SIZE)
-			fprintf(stderr,"%02x ", pool->vals[loop++].dmax);
-		pool = pool->next;
-	}
-	fprintf(stderr,"\n");
-	}
+    {
+        BN_POOL_ITEM *pool = ctx->pool.head;
+        fprintf(stderr, "BN_CTX_free, stack-size=%d, pool-bignums=%d\n",
+                ctx->stack.size, ctx->pool.size);
+        fprintf(stderr, "dmaxs: ");
+        while (pool) {
+            unsigned loop = 0;
+            while (loop < BN_CTX_POOL_SIZE)
+                fprintf(stderr, "%02x ", pool->vals[loop++].dmax);
+            pool = pool->next;
+        }
+        fprintf(stderr, "\n");
+    }
 #endif
-	BN_STACK_finish(&ctx->stack);
-	BN_POOL_finish(&ctx->pool);
-	OPENSSL_free(ctx);
-	}
+    BN_STACK_finish(&ctx->stack);
+    BN_POOL_finish(&ctx->pool);
+    OPENSSL_free(ctx);
+}
 
 void BN_CTX_start(BN_CTX *ctx)
-	{
-	CTXDBG_ENTRY("BN_CTX_start", ctx);
-	/* If we're already overflowing ... */
-	if(ctx->err_stack || ctx->too_many)
-		ctx->err_stack++;
-	/* (Try to) get a new frame pointer */
-	else if(!BN_STACK_push(&ctx->stack, ctx->used))
-		{
-		BNerr(BN_F_BN_CTX_START,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
-		ctx->err_stack++;
-		}
-	CTXDBG_EXIT(ctx);
-	}
+{
+    CTXDBG_ENTRY("BN_CTX_start", ctx);
+    /* If we're already overflowing ... */
+    if (ctx->err_stack || ctx->too_many)
+        ctx->err_stack++;
+    /* (Try to) get a new frame pointer */
+    else if (!BN_STACK_push(&ctx->stack, ctx->used)) {
+        BNerr(BN_F_BN_CTX_START, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+        ctx->err_stack++;
+    }
+    CTXDBG_EXIT(ctx);
+}
 
 void BN_CTX_end(BN_CTX *ctx)
-	{
-	CTXDBG_ENTRY("BN_CTX_end", ctx);
-	if(ctx->err_stack)
-		ctx->err_stack--;
-	else
-		{
-		unsigned int fp = BN_STACK_pop(&ctx->stack);
-		/* Does this stack frame have anything to release? */
-		if(fp < ctx->used)
-			BN_POOL_release(&ctx->pool, ctx->used - fp);
-		ctx->used = fp;
-		/* Unjam "too_many" in case "get" had failed */
-		ctx->too_many = 0;
-		}
-	CTXDBG_EXIT(ctx);
-	}
+{
+    CTXDBG_ENTRY("BN_CTX_end", ctx);
+    if (ctx->err_stack)
+        ctx->err_stack--;
+    else {
+        unsigned int fp = BN_STACK_pop(&ctx->stack);
+        /* Does this stack frame have anything to release? */
+        if (fp < ctx->used)
+            BN_POOL_release(&ctx->pool, ctx->used - fp);
+        ctx->used = fp;
+        /* Unjam "too_many" in case "get" had failed */
+        ctx->too_many = 0;
+    }
+    CTXDBG_EXIT(ctx);
+}
 
 BIGNUM *BN_CTX_get(BN_CTX *ctx)
-	{
-	BIGNUM *ret;
-	CTXDBG_ENTRY("BN_CTX_get", ctx);
-	if(ctx->err_stack || ctx->too_many) return NULL;
-	if((ret = BN_POOL_get(&ctx->pool)) == NULL)
-		{
-		/* Setting too_many prevents repeated "get" attempts from
-		 * cluttering the error stack. */
-		ctx->too_many = 1;
-		BNerr(BN_F_BN_CTX_GET,BN_R_TOO_MANY_TEMPORARY_VARIABLES);
-		return NULL;
-		}
-	/* OK, make sure the returned bignum is "zero" */
-	BN_zero(ret);
-	ctx->used++;
-	CTXDBG_RET(ctx, ret);
-	return ret;
-	}
+{
+    BIGNUM *ret;
+    CTXDBG_ENTRY("BN_CTX_get", ctx);
+    if (ctx->err_stack || ctx->too_many)
+        return NULL;
+    if ((ret = BN_POOL_get(&ctx->pool)) == NULL) {
+        /*
+         * Setting too_many prevents repeated "get" attempts from cluttering
+         * the error stack.
+         */
+        ctx->too_many = 1;
+        BNerr(BN_F_BN_CTX_GET, BN_R_TOO_MANY_TEMPORARY_VARIABLES);
+        return NULL;
+    }
+    /* OK, make sure the returned bignum is "zero" */
+    BN_zero(ret);
+    ctx->used++;
+    CTXDBG_RET(ctx, ret);
+    return ret;
+}
 
 /************/
 /* BN_STACK */
 /************/
 
 static void BN_STACK_init(BN_STACK *st)
-	{
-	st->indexes = NULL;
-	st->depth = st->size = 0;
-	}
+{
+    st->indexes = NULL;
+    st->depth = st->size = 0;
+}
 
 static void BN_STACK_finish(BN_STACK *st)
-	{
-	if(st->size) OPENSSL_free(st->indexes);
-	}
+{
+    if (st->size)
+        OPENSSL_free(st->indexes);
+}
 
 #ifndef OPENSSL_NO_DEPRECATED
 static void BN_STACK_reset(BN_STACK *st)
-	{
-	st->depth = 0;
-	}
+{
+    st->depth = 0;
+}
 #endif
 
 static int BN_STACK_push(BN_STACK *st, unsigned int idx)
-	{
-	if(st->depth == st->size)
-		/* Need to expand */
-		{
-		unsigned int newsize = (st->size ?
-				(st->size * 3 / 2) : BN_CTX_START_FRAMES);
-		unsigned int *newitems = OPENSSL_malloc(newsize *
-						sizeof(unsigned int));
-		if(!newitems) return 0;
-		if(st->depth)
-			memcpy(newitems, st->indexes, st->depth *
-						sizeof(unsigned int));
-		if(st->size) OPENSSL_free(st->indexes);
-		st->indexes = newitems;
-		st->size = newsize;
-		}
-	st->indexes[(st->depth)++] = idx;
-	return 1;
-	}
+{
+    if (st->depth == st->size)
+        /* Need to expand */
+    {
+        unsigned int newsize = (st->size ?
+                                (st->size * 3 / 2) : BN_CTX_START_FRAMES);
+        unsigned int *newitems = OPENSSL_malloc(newsize *
+                                                sizeof(unsigned int));
+        if (!newitems)
+            return 0;
+        if (st->depth)
+            memcpy(newitems, st->indexes, st->depth * sizeof(unsigned int));
+        if (st->size)
+            OPENSSL_free(st->indexes);
+        st->indexes = newitems;
+        st->size = newsize;
+    }
+    st->indexes[(st->depth)++] = idx;
+    return 1;
+}
 
 static unsigned int BN_STACK_pop(BN_STACK *st)
-	{
-	return st->indexes[--(st->depth)];
-	}
+{
+    return st->indexes[--(st->depth)];
+}
 
 /***********/
 /* BN_POOL */
 /***********/
 
 static void BN_POOL_init(BN_POOL *p)
-	{
-	p->head = p->current = p->tail = NULL;
-	p->used = p->size = 0;
-	}
+{
+    p->head = p->current = p->tail = NULL;
+    p->used = p->size = 0;
+}
 
 static void BN_POOL_finish(BN_POOL *p)
-	{
-	while(p->head)
-		{
-		unsigned int loop = 0;
-		BIGNUM *bn = p->head->vals;
-		while(loop++ < BN_CTX_POOL_SIZE)
-			{
-			if(bn->d) BN_clear_free(bn);
-			bn++;
-			}
-		p->current = p->head->next;
-		OPENSSL_free(p->head);
-		p->head = p->current;
-		}
-	}
+{
+    while (p->head) {
+        unsigned int loop = 0;
+        BIGNUM *bn = p->head->vals;
+        while (loop++ < BN_CTX_POOL_SIZE) {
+            if (bn->d)
+                BN_clear_free(bn);
+            bn++;
+        }
+        p->current = p->head->next;
+        OPENSSL_free(p->head);
+        p->head = p->current;
+    }
+}
 
 #ifndef OPENSSL_NO_DEPRECATED
 static void BN_POOL_reset(BN_POOL *p)
-	{
-	BN_POOL_ITEM *item = p->head;
-	while(item)
-		{
-		unsigned int loop = 0;
-		BIGNUM *bn = item->vals;
-		while(loop++ < BN_CTX_POOL_SIZE)
-			{
-			if(bn->d) BN_clear(bn);
-			bn++;
-			}
-		item = item->next;
-		}
-	p->current = p->head;
-	p->used = 0;
-	}
+{
+    BN_POOL_ITEM *item = p->head;
+    while (item) {
+        unsigned int loop = 0;
+        BIGNUM *bn = item->vals;
+        while (loop++ < BN_CTX_POOL_SIZE) {
+            if (bn->d)
+                BN_clear(bn);
+            bn++;
+        }
+        item = item->next;
+    }
+    p->current = p->head;
+    p->used = 0;
+}
 #endif
 
 static BIGNUM *BN_POOL_get(BN_POOL *p)
-	{
-	if(p->used == p->size)
-		{
-		BIGNUM *bn;
-		unsigned int loop = 0;
-		BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM));
-		if(!item) return NULL;
-		/* Initialise the structure */
-		bn = item->vals;
-		while(loop++ < BN_CTX_POOL_SIZE)
-			BN_init(bn++);
-		item->prev = p->tail;
-		item->next = NULL;
-		/* Link it in */
-		if(!p->head)
-			p->head = p->current = p->tail = item;
-		else
-			{
-			p->tail->next = item;
-			p->tail = item;
-			p->current = item;
-			}
-		p->size += BN_CTX_POOL_SIZE;
-		p->used++;
-		/* Return the first bignum from the new pool */
-		return item->vals;
-		}
-	if(!p->used)
-		p->current = p->head;
-	else if((p->used % BN_CTX_POOL_SIZE) == 0)
-		p->current = p->current->next;
-	return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
-	}
+{
+    if (p->used == p->size) {
+        BIGNUM *bn;
+        unsigned int loop = 0;
+        BN_POOL_ITEM *item = OPENSSL_malloc(sizeof(BN_POOL_ITEM));
+        if (!item)
+            return NULL;
+        /* Initialise the structure */
+        bn = item->vals;
+        while (loop++ < BN_CTX_POOL_SIZE)
+            BN_init(bn++);
+        item->prev = p->tail;
+        item->next = NULL;
+        /* Link it in */
+        if (!p->head)
+            p->head = p->current = p->tail = item;
+        else {
+            p->tail->next = item;
+            p->tail = item;
+            p->current = item;
+        }
+        p->size += BN_CTX_POOL_SIZE;
+        p->used++;
+        /* Return the first bignum from the new pool */
+        return item->vals;
+    }
+    if (!p->used)
+        p->current = p->head;
+    else if ((p->used % BN_CTX_POOL_SIZE) == 0)
+        p->current = p->current->next;
+    return p->current->vals + ((p->used++) % BN_CTX_POOL_SIZE);
+}
 
 static void BN_POOL_release(BN_POOL *p, unsigned int num)
-	{
-	unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
-	p->used -= num;
-	while(num--)
-		{
-		bn_check_top(p->current->vals + offset);
-		if(!offset)
-			{
-			offset = BN_CTX_POOL_SIZE - 1;
-			p->current = p->current->prev;
-			}
-		else
-			offset--;
-		}
-	}
-
+{
+    unsigned int offset = (p->used - 1) % BN_CTX_POOL_SIZE;
+    p->used -= num;
+    while (num--) {
+        bn_check_top(p->current->vals + offset);
+        if (!offset) {
+            offset = BN_CTX_POOL_SIZE - 1;
+            p->current = p->current->prev;
+        } else
+            offset--;
+    }
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c
index 27535e4f..34895f59 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,8 +53,10 @@
  *
  */
 
-/* Support for deprecated functions goes here - static linkage will only slurp
- * this code if applications are using them directly. */
+/*
+ * Support for deprecated functions goes here - static linkage will only
+ * slurp this code if applications are using them directly.
+ */
 
 #include <stdio.h>
 #include <time.h>
@@ -62,51 +64,52 @@
 #include "bn_lcl.h"
 #include <openssl/rand.h>
 
-static void *dummy=&dummy;
+static void *dummy = &dummy;
 
 #ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe,
-	const BIGNUM *add, const BIGNUM *rem,
-	void (*callback)(int,int,void *), void *cb_arg)
-	{
-	BN_GENCB cb;
-	BIGNUM *rnd=NULL;
-	int found = 0;
+                          const BIGNUM *add, const BIGNUM *rem,
+                          void (*callback) (int, int, void *), void *cb_arg)
+{
+    BN_GENCB cb;
+    BIGNUM *rnd = NULL;
+    int found = 0;
 
-	BN_GENCB_set_old(&cb, callback, cb_arg);
+    BN_GENCB_set_old(&cb, callback, cb_arg);
 
-	if (ret == NULL)
-		{
-		if ((rnd=BN_new()) == NULL) goto err;
-		}
-	else
-		rnd=ret;
-	if(!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
-		goto err;
+    if (ret == NULL) {
+        if ((rnd = BN_new()) == NULL)
+            goto err;
+    } else
+        rnd = ret;
+    if (!BN_generate_prime_ex(rnd, bits, safe, add, rem, &cb))
+        goto err;
 
-	/* we have a prime :-) */
-	found = 1;
-err:
-	if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd);
-	return(found ? rnd : NULL);
-	}
+    /* we have a prime :-) */
+    found = 1;
+ err:
+    if (!found && (ret == NULL) && (rnd != NULL))
+        BN_free(rnd);
+    return (found ? rnd : NULL);
+}
 
-int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *),
-	BN_CTX *ctx_passed, void *cb_arg)
-	{
-	BN_GENCB cb;
-	BN_GENCB_set_old(&cb, callback, cb_arg);
-	return BN_is_prime_ex(a, checks, ctx_passed, &cb);
-	}
+int BN_is_prime(const BIGNUM *a, int checks,
+                void (*callback) (int, int, void *), BN_CTX *ctx_passed,
+                void *cb_arg)
+{
+    BN_GENCB cb;
+    BN_GENCB_set_old(&cb, callback, cb_arg);
+    return BN_is_prime_ex(a, checks, ctx_passed, &cb);
+}
 
 int BN_is_prime_fasttest(const BIGNUM *a, int checks,
-		void (*callback)(int,int,void *),
-		BN_CTX *ctx_passed, void *cb_arg,
-		int do_trial_division)
-	{
-	BN_GENCB cb;
-	BN_GENCB_set_old(&cb, callback, cb_arg);
-	return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
-				do_trial_division, &cb);
-	}
+                         void (*callback) (int, int, void *),
+                         BN_CTX *ctx_passed, void *cb_arg,
+                         int do_trial_division)
+{
+    BN_GENCB cb;
+    BN_GENCB_set_old(&cb, callback, cb_arg);
+    return BN_is_prime_fasttest_ex(a, checks, ctx_passed,
+                                   do_trial_division, &cb);
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_div.c b/Cryptlib/OpenSSL/crypto/bn/bn_div.c
index 78c65071..836e046a 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_div.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_div.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,77 +61,86 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-
 /* The old slow way */
 #if 0
 int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
-	   BN_CTX *ctx)
-	{
-	int i,nm,nd;
-	int ret = 0;
-	BIGNUM *D;
-
-	bn_check_top(m);
-	bn_check_top(d);
-	if (BN_is_zero(d))
-		{
-		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
-		return(0);
-		}
-
-	if (BN_ucmp(m,d) < 0)
-		{
-		if (rem != NULL)
-			{ if (BN_copy(rem,m) == NULL) return(0); }
-		if (dv != NULL) BN_zero(dv);
-		return(1);
-		}
-
-	BN_CTX_start(ctx);
-	D = BN_CTX_get(ctx);
-	if (dv == NULL) dv = BN_CTX_get(ctx);
-	if (rem == NULL) rem = BN_CTX_get(ctx);
-	if (D == NULL || dv == NULL || rem == NULL)
-		goto end;
-
-	nd=BN_num_bits(d);
-	nm=BN_num_bits(m);
-	if (BN_copy(D,d) == NULL) goto end;
-	if (BN_copy(rem,m) == NULL) goto end;
-
-	/* The next 2 are needed so we can do a dv->d[0]|=1 later
-	 * since BN_lshift1 will only work once there is a value :-) */
-	BN_zero(dv);
-	if(bn_wexpand(dv,1) == NULL) goto end;
-	dv->top=1;
-
-	if (!BN_lshift(D,D,nm-nd)) goto end;
-	for (i=nm-nd; i>=0; i--)
-		{
-		if (!BN_lshift1(dv,dv)) goto end;
-		if (BN_ucmp(rem,D) >= 0)
-			{
-			dv->d[0]|=1;
-			if (!BN_usub(rem,rem,D)) goto end;
-			}
+           BN_CTX *ctx)
+{
+    int i, nm, nd;
+    int ret = 0;
+    BIGNUM *D;
+
+    bn_check_top(m);
+    bn_check_top(d);
+    if (BN_is_zero(d)) {
+        BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
+        return (0);
+    }
+
+    if (BN_ucmp(m, d) < 0) {
+        if (rem != NULL) {
+            if (BN_copy(rem, m) == NULL)
+                return (0);
+        }
+        if (dv != NULL)
+            BN_zero(dv);
+        return (1);
+    }
+
+    BN_CTX_start(ctx);
+    D = BN_CTX_get(ctx);
+    if (dv == NULL)
+        dv = BN_CTX_get(ctx);
+    if (rem == NULL)
+        rem = BN_CTX_get(ctx);
+    if (D == NULL || dv == NULL || rem == NULL)
+        goto end;
+
+    nd = BN_num_bits(d);
+    nm = BN_num_bits(m);
+    if (BN_copy(D, d) == NULL)
+        goto end;
+    if (BN_copy(rem, m) == NULL)
+        goto end;
+
+    /*
+     * The next 2 are needed so we can do a dv->d[0]|=1 later since
+     * BN_lshift1 will only work once there is a value :-)
+     */
+    BN_zero(dv);
+    if (bn_wexpand(dv, 1) == NULL)
+        goto end;
+    dv->top = 1;
+
+    if (!BN_lshift(D, D, nm - nd))
+        goto end;
+    for (i = nm - nd; i >= 0; i--) {
+        if (!BN_lshift1(dv, dv))
+            goto end;
+        if (BN_ucmp(rem, D) >= 0) {
+            dv->d[0] |= 1;
+            if (!BN_usub(rem, rem, D))
+                goto end;
+        }
 /* CAN IMPROVE (and have now :=) */
-		if (!BN_rshift1(D,D)) goto end;
-		}
-	rem->neg=BN_is_zero(rem)?0:m->neg;
-	dv->neg=m->neg^d->neg;
-	ret = 1;
+        if (!BN_rshift1(D, D))
+            goto end;
+    }
+    rem->neg = BN_is_zero(rem) ? 0 : m->neg;
+    dv->neg = m->neg ^ d->neg;
+    ret = 1;
  end:
-	BN_CTX_end(ctx);
-	return(ret);
-	}
+    BN_CTX_end(ctx);
+    return (ret);
+}
 
 #else
 
-#if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
+# if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \
     && !defined(PEDANTIC) && !defined(BN_DIV3W)
-# if defined(__GNUC__) && __GNUC__>=2
-#  if defined(__i386) || defined (__i386__)
-   /*
+#  if defined(__GNUC__) && __GNUC__>=2
+#   if defined(__i386) || defined (__i386__)
+   /*-
     * There were two reasons for implementing this template:
     * - GNU C generates a call to a function (__udivdi3 to be exact)
     *   in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to
@@ -139,37 +148,37 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
     * - divl doesn't only calculate quotient, but also leaves
     *   remainder in %edx which we can definitely use here:-)
     *
-    *					<appro@fy.chalmers.se>
+    *                                   <appro@fy.chalmers.se>
     */
-#  define bn_div_words(n0,n1,d0)		\
-	({  asm volatile (			\
-		"divl	%4"			\
-		: "=a"(q), "=d"(rem)		\
-		: "a"(n1), "d"(n0), "g"(d0)	\
-		: "cc");			\
-	    q;					\
-	})
-#  define REMAINDER_IS_ALREADY_CALCULATED
-#  elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
+#    define bn_div_words(n0,n1,d0)                \
+        ({  asm volatile (                      \
+                "divl   %4"                     \
+                : "=a"(q), "=d"(rem)            \
+                : "a"(n1), "d"(n0), "g"(d0)     \
+                : "cc");                        \
+            q;                                  \
+        })
+#    define REMAINDER_IS_ALREADY_CALCULATED
+#   elif defined(__x86_64) && defined(SIXTY_FOUR_BIT_LONG)
    /*
     * Same story here, but it's 128-bit by 64-bit division. Wow!
-    *					<appro@fy.chalmers.se>
+    *                                   <appro@fy.chalmers.se>
     */
-#  define bn_div_words(n0,n1,d0)		\
-	({  asm volatile (			\
-		"divq	%4"			\
-		: "=a"(q), "=d"(rem)		\
-		: "a"(n1), "d"(n0), "g"(d0)	\
-		: "cc");			\
-	    q;					\
-	})
-#  define REMAINDER_IS_ALREADY_CALCULATED
-#  endif /* __<cpu> */
-# endif /* __GNUC__ */
-#endif /* OPENSSL_NO_ASM */
-
-
-/* BN_div[_no_branch] computes  dv := num / divisor,  rounding towards
+#    define bn_div_words(n0,n1,d0)                \
+        ({  asm volatile (                      \
+                "divq   %4"                     \
+                : "=a"(q), "=d"(rem)            \
+                : "a"(n1), "d"(n0), "g"(d0)     \
+                : "cc");                        \
+            q;                                  \
+        })
+#    define REMAINDER_IS_ALREADY_CALCULATED
+#   endif                       /* __<cpu> */
+#  endif                        /* __GNUC__ */
+# endif                         /* OPENSSL_NO_ASM */
+
+/*-
+ * BN_div[_no_branch] computes  dv := num / divisor,  rounding towards
  * zero, and sets up rm  such that  dv*divisor + rm = num  holds.
  * Thus:
  *     dv->neg == num->neg ^ divisor->neg  (unless the result is zero)
@@ -177,474 +186,506 @@ int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
  * If 'dv' or 'rm' is NULL, the respective value is not returned.
  */
 static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
-        const BIGNUM *divisor, BN_CTX *ctx);
+                            const BIGNUM *divisor, BN_CTX *ctx);
 int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
-	   BN_CTX *ctx)
-	{
-	int norm_shift,i,loop;
-	BIGNUM *tmp,wnum,*snum,*sdiv,*res;
-	BN_ULONG *resp,*wnump;
-	BN_ULONG d0,d1;
-	int num_n,div_n;
-
-	/* Invalid zero-padding would have particularly bad consequences
-	 * in the case of 'num', so don't just rely on bn_check_top() for this one
-	 * (bn_check_top() works only for BN_DEBUG builds) */
-	if (num->top > 0 && num->d[num->top - 1] == 0)
-		{
-		BNerr(BN_F_BN_DIV,BN_R_NOT_INITIALIZED);
-		return 0;
-		}
-
-	bn_check_top(num);
-
-	if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0))
-		{
-		return BN_div_no_branch(dv, rm, num, divisor, ctx);
-		}
-
-	bn_check_top(dv);
-	bn_check_top(rm);
-	/* bn_check_top(num); */ /* 'num' has been checked already */
-	bn_check_top(divisor);
-
-	if (BN_is_zero(divisor))
-		{
-		BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO);
-		return(0);
-		}
-
-	if (BN_ucmp(num,divisor) < 0)
-		{
-		if (rm != NULL)
-			{ if (BN_copy(rm,num) == NULL) return(0); }
-		if (dv != NULL) BN_zero(dv);
-		return(1);
-		}
-
-	BN_CTX_start(ctx);
-	tmp=BN_CTX_get(ctx);
-	snum=BN_CTX_get(ctx);
-	sdiv=BN_CTX_get(ctx);
-	if (dv == NULL)
-		res=BN_CTX_get(ctx);
-	else	res=dv;
-	if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
-		goto err;
-
-	/* First we normalise the numbers */
-	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
-	if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
-	sdiv->neg=0;
-	norm_shift+=BN_BITS2;
-	if (!(BN_lshift(snum,num,norm_shift))) goto err;
-	snum->neg=0;
-	div_n=sdiv->top;
-	num_n=snum->top;
-	loop=num_n-div_n;
-	/* Lets setup a 'window' into snum
-	 * This is the part that corresponds to the current
-	 * 'area' being divided */
-	wnum.neg   = 0;
-	wnum.d     = &(snum->d[loop]);
-	wnum.top   = div_n;
-	/* only needed when BN_ucmp messes up the values between top and max */
-	wnum.dmax  = snum->dmax - loop; /* so we don't step out of bounds */
-
-	/* Get the top 2 words of sdiv */
-	/* div_n=sdiv->top; */
-	d0=sdiv->d[div_n-1];
-	d1=(div_n == 1)?0:sdiv->d[div_n-2];
-
-	/* pointer to the 'top' of snum */
-	wnump= &(snum->d[num_n-1]);
-
-	/* Setup to 'res' */
-	res->neg= (num->neg^divisor->neg);
-	if (!bn_wexpand(res,(loop+1))) goto err;
-	res->top=loop;
-	resp= &(res->d[loop-1]);
-
-	/* space for temp */
-	if (!bn_wexpand(tmp,(div_n+1))) goto err;
-
-	if (BN_ucmp(&wnum,sdiv) >= 0)
-		{
-		/* If BN_DEBUG_RAND is defined BN_ucmp changes (via
-		 * bn_pollute) the const bignum arguments =>
-		 * clean the values between top and max again */
-		bn_clear_top2max(&wnum);
-		bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
-		*resp=1;
-		}
-	else
-		res->top--;
-	/* if res->top == 0 then clear the neg value otherwise decrease
-	 * the resp pointer */
-	if (res->top == 0)
-		res->neg = 0;
-	else
-		resp--;
-
-	for (i=0; i<loop-1; i++, wnump--, resp--)
-		{
-		BN_ULONG q,l0;
-		/* the first part of the loop uses the top two words of
-		 * snum and sdiv to calculate a BN_ULONG q such that
-		 * | wnum - sdiv * q | < sdiv */
-#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
-		BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
-		q=bn_div_3_words(wnump,d1,d0);
-#else
-		BN_ULONG n0,n1,rem=0;
-
-		n0=wnump[0];
-		n1=wnump[-1];
-		if (n0 == d0)
-			q=BN_MASK2;
-		else 			/* n0 < d0 */
-			{
-#ifdef BN_LLONG
-			BN_ULLONG t2;
-
-#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
-			q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
-#else
-			q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
-			fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
-				n0, n1, d0, q);
-#endif
-#endif
-
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
-			/*
-			 * rem doesn't have to be BN_ULLONG. The least we
-			 * know it's less that d0, isn't it?
-			 */
-			rem=(n1-q*d0)&BN_MASK2;
-#endif
-			t2=(BN_ULLONG)d1*q;
-
-			for (;;)
-				{
-				if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
-					break;
-				q--;
-				rem += d0;
-				if (rem < d0) break; /* don't let rem overflow */
-				t2 -= d1;
-				}
-#else /* !BN_LLONG */
-			BN_ULONG t2l,t2h;
-#if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
-			BN_ULONG ql,qh;
-#endif
-
-			q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
-			fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
-				n0, n1, d0, q);
-#endif
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
-			rem=(n1-q*d0)&BN_MASK2;
-#endif
-
-#if defined(BN_UMULT_LOHI)
-			BN_UMULT_LOHI(t2l,t2h,d1,q);
-#elif defined(BN_UMULT_HIGH)
-			t2l = d1 * q;
-			t2h = BN_UMULT_HIGH(d1,q);
-#else
-			t2l=LBITS(d1); t2h=HBITS(d1);
-			ql =LBITS(q);  qh =HBITS(q);
-			mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
-#endif
-
-			for (;;)
-				{
-				if ((t2h < rem) ||
-					((t2h == rem) && (t2l <= wnump[-2])))
-					break;
-				q--;
-				rem += d0;
-				if (rem < d0) break; /* don't let rem overflow */
-				if (t2l < d1) t2h--; t2l -= d1;
-				}
-#endif /* !BN_LLONG */
-			}
-#endif /* !BN_DIV3W */
-
-		l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
-		tmp->d[div_n]=l0;
-		wnum.d--;
-		/* ingore top values of the bignums just sub the two 
-		 * BN_ULONG arrays with bn_sub_words */
-		if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))
-			{
-			/* Note: As we have considered only the leading
-			 * two BN_ULONGs in the calculation of q, sdiv * q
-			 * might be greater than wnum (but then (q-1) * sdiv
-			 * is less or equal than wnum)
-			 */
-			q--;
-			if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
-				/* we can't have an overflow here (assuming
-				 * that q != 0, but if q == 0 then tmp is
-				 * zero anyway) */
-				(*wnump)++;
-			}
-		/* store part of the result */
-		*resp = q;
-		}
-	bn_correct_top(snum);
-	if (rm != NULL)
-		{
-		/* Keep a copy of the neg flag in num because if rm==num
-		 * BN_rshift() will overwrite it.
-		 */
-		int neg = num->neg;
-		BN_rshift(rm,snum,norm_shift);
-		if (!BN_is_zero(rm))
-			rm->neg = neg;
-		bn_check_top(rm);
-		}
-	BN_CTX_end(ctx);
-	return(1);
-err:
-	bn_check_top(rm);
-	BN_CTX_end(ctx);
-	return(0);
-	}
-
-
-/* BN_div_no_branch is a special version of BN_div. It does not contain
+           BN_CTX *ctx)
+{
+    int norm_shift, i, loop;
+    BIGNUM *tmp, wnum, *snum, *sdiv, *res;
+    BN_ULONG *resp, *wnump;
+    BN_ULONG d0, d1;
+    int num_n, div_n;
+
+    /*
+     * Invalid zero-padding would have particularly bad consequences in the
+     * case of 'num', so don't just rely on bn_check_top() for this one
+     * (bn_check_top() works only for BN_DEBUG builds)
+     */
+    if (num->top > 0 && num->d[num->top - 1] == 0) {
+        BNerr(BN_F_BN_DIV, BN_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    bn_check_top(num);
+
+    if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0)
+        || (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) {
+        return BN_div_no_branch(dv, rm, num, divisor, ctx);
+    }
+
+    bn_check_top(dv);
+    bn_check_top(rm);
+    /*- bn_check_top(num); *//*
+     * 'num' has been checked already
+     */
+    bn_check_top(divisor);
+
+    if (BN_is_zero(divisor)) {
+        BNerr(BN_F_BN_DIV, BN_R_DIV_BY_ZERO);
+        return (0);
+    }
+
+    if (BN_ucmp(num, divisor) < 0) {
+        if (rm != NULL) {
+            if (BN_copy(rm, num) == NULL)
+                return (0);
+        }
+        if (dv != NULL)
+            BN_zero(dv);
+        return (1);
+    }
+
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    snum = BN_CTX_get(ctx);
+    sdiv = BN_CTX_get(ctx);
+    if (dv == NULL)
+        res = BN_CTX_get(ctx);
+    else
+        res = dv;
+    if (sdiv == NULL || res == NULL || tmp == NULL || snum == NULL)
+        goto err;
+
+    /* First we normalise the numbers */
+    norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2);
+    if (!(BN_lshift(sdiv, divisor, norm_shift)))
+        goto err;
+    sdiv->neg = 0;
+    norm_shift += BN_BITS2;
+    if (!(BN_lshift(snum, num, norm_shift)))
+        goto err;
+    snum->neg = 0;
+    div_n = sdiv->top;
+    num_n = snum->top;
+    loop = num_n - div_n;
+    /*
+     * Lets setup a 'window' into snum This is the part that corresponds to
+     * the current 'area' being divided
+     */
+    wnum.neg = 0;
+    wnum.d = &(snum->d[loop]);
+    wnum.top = div_n;
+    /*
+     * only needed when BN_ucmp messes up the values between top and max
+     */
+    wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
+
+    /* Get the top 2 words of sdiv */
+    /* div_n=sdiv->top; */
+    d0 = sdiv->d[div_n - 1];
+    d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
+
+    /* pointer to the 'top' of snum */
+    wnump = &(snum->d[num_n - 1]);
+
+    /* Setup to 'res' */
+    res->neg = (num->neg ^ divisor->neg);
+    if (!bn_wexpand(res, (loop + 1)))
+        goto err;
+    res->top = loop;
+    resp = &(res->d[loop - 1]);
+
+    /* space for temp */
+    if (!bn_wexpand(tmp, (div_n + 1)))
+        goto err;
+
+    if (BN_ucmp(&wnum, sdiv) >= 0) {
+        /*
+         * If BN_DEBUG_RAND is defined BN_ucmp changes (via bn_pollute) the
+         * const bignum arguments => clean the values between top and max
+         * again
+         */
+        bn_clear_top2max(&wnum);
+        bn_sub_words(wnum.d, wnum.d, sdiv->d, div_n);
+        *resp = 1;
+    } else
+        res->top--;
+    /*
+     * if res->top == 0 then clear the neg value otherwise decrease the resp
+     * pointer
+     */
+    if (res->top == 0)
+        res->neg = 0;
+    else
+        resp--;
+
+    for (i = 0; i < loop - 1; i++, wnump--, resp--) {
+        BN_ULONG q, l0;
+        /*
+         * the first part of the loop uses the top two words of snum and sdiv
+         * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv
+         */
+# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
+        BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG);
+        q = bn_div_3_words(wnump, d1, d0);
+# else
+        BN_ULONG n0, n1, rem = 0;
+
+        n0 = wnump[0];
+        n1 = wnump[-1];
+        if (n0 == d0)
+            q = BN_MASK2;
+        else {                  /* n0 < d0 */
+
+#  ifdef BN_LLONG
+            BN_ULLONG t2;
+
+#   if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
+            q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0);
+#   else
+            q = bn_div_words(n0, n1, d0);
+#    ifdef BN_DEBUG_LEVITTE
+            fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n", n0, n1, d0, q);
+#    endif
+#   endif
+
+#   ifndef REMAINDER_IS_ALREADY_CALCULATED
+            /*
+             * rem doesn't have to be BN_ULLONG. The least we
+             * know it's less that d0, isn't it?
+             */
+            rem = (n1 - q * d0) & BN_MASK2;
+#   endif
+            t2 = (BN_ULLONG) d1 *q;
+
+            for (;;) {
+                if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2]))
+                    break;
+                q--;
+                rem += d0;
+                if (rem < d0)
+                    break;      /* don't let rem overflow */
+                t2 -= d1;
+            }
+#  else                         /* !BN_LLONG */
+            BN_ULONG t2l, t2h;
+#   if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
+            BN_ULONG ql, qh;
+#   endif
+
+            q = bn_div_words(n0, n1, d0);
+#   ifdef BN_DEBUG_LEVITTE
+            fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n", n0, n1, d0, q);
+#   endif
+#   ifndef REMAINDER_IS_ALREADY_CALCULATED
+            rem = (n1 - q * d0) & BN_MASK2;
+#   endif
+
+#   if defined(BN_UMULT_LOHI)
+            BN_UMULT_LOHI(t2l, t2h, d1, q);
+#   elif defined(BN_UMULT_HIGH)
+            t2l = d1 * q;
+            t2h = BN_UMULT_HIGH(d1, q);
+#   else
+            t2l = LBITS(d1);
+            t2h = HBITS(d1);
+            ql = LBITS(q);
+            qh = HBITS(q);
+            mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */
+#   endif
+
+            for (;;) {
+                if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2])))
+                    break;
+                q--;
+                rem += d0;
+                if (rem < d0)
+                    break;      /* don't let rem overflow */
+                if (t2l < d1)
+                    t2h--;
+                t2l -= d1;
+            }
+#  endif                        /* !BN_LLONG */
+        }
+# endif                         /* !BN_DIV3W */
+
+        l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q);
+        tmp->d[div_n] = l0;
+        wnum.d--;
+        /*
+         * ingore top values of the bignums just sub the two BN_ULONG arrays
+         * with bn_sub_words
+         */
+        if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) {
+            /*
+             * Note: As we have considered only the leading two BN_ULONGs in
+             * the calculation of q, sdiv * q might be greater than wnum (but
+             * then (q-1) * sdiv is less or equal than wnum)
+             */
+            q--;
+            if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
+                /*
+                 * we can't have an overflow here (assuming that q != 0, but
+                 * if q == 0 then tmp is zero anyway)
+                 */
+                (*wnump)++;
+        }
+        /* store part of the result */
+        *resp = q;
+    }
+    bn_correct_top(snum);
+    if (rm != NULL) {
+        /*
+         * Keep a copy of the neg flag in num because if rm==num BN_rshift()
+         * will overwrite it.
+         */
+        int neg = num->neg;
+        BN_rshift(rm, snum, norm_shift);
+        if (!BN_is_zero(rm))
+            rm->neg = neg;
+        bn_check_top(rm);
+    }
+    BN_CTX_end(ctx);
+    return (1);
+ err:
+    bn_check_top(rm);
+    BN_CTX_end(ctx);
+    return (0);
+}
+
+/*
+ * BN_div_no_branch is a special version of BN_div. It does not contain
  * branches that may leak sensitive information.
  */
-static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, 
-	const BIGNUM *divisor, BN_CTX *ctx)
-	{
-	int norm_shift,i,loop;
-	BIGNUM *tmp,wnum,*snum,*sdiv,*res;
-	BN_ULONG *resp,*wnump;
-	BN_ULONG d0,d1;
-	int num_n,div_n;
-
-	bn_check_top(dv);
-	bn_check_top(rm);
-	/* bn_check_top(num); */ /* 'num' has been checked in BN_div() */
-	bn_check_top(divisor);
-
-	if (BN_is_zero(divisor))
-		{
-		BNerr(BN_F_BN_DIV_NO_BRANCH,BN_R_DIV_BY_ZERO);
-		return(0);
-		}
-
-	BN_CTX_start(ctx);
-	tmp=BN_CTX_get(ctx);
-	snum=BN_CTX_get(ctx);
-	sdiv=BN_CTX_get(ctx);
-	if (dv == NULL)
-		res=BN_CTX_get(ctx);
-	else	res=dv;
-	if (sdiv == NULL || res == NULL) goto err;
-
-	/* First we normalise the numbers */
-	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
-	if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
-	sdiv->neg=0;
-	norm_shift+=BN_BITS2;
-	if (!(BN_lshift(snum,num,norm_shift))) goto err;
-	snum->neg=0;
-
-	/* Since we don't know whether snum is larger than sdiv,
-	 * we pad snum with enough zeroes without changing its
-	 * value. 
-	 */
-	if (snum->top <= sdiv->top+1) 
-		{
-		if (bn_wexpand(snum, sdiv->top + 2) == NULL) goto err;
-		for (i = snum->top; i < sdiv->top + 2; i++) snum->d[i] = 0;
-		snum->top = sdiv->top + 2;
-		}
-	else
-		{
-		if (bn_wexpand(snum, snum->top + 1) == NULL) goto err;
-		snum->d[snum->top] = 0;
-		snum->top ++;
-		}
-
-	div_n=sdiv->top;
-	num_n=snum->top;
-	loop=num_n-div_n;
-	/* Lets setup a 'window' into snum
-	 * This is the part that corresponds to the current
-	 * 'area' being divided */
-	wnum.neg   = 0;
-	wnum.d     = &(snum->d[loop]);
-	wnum.top   = div_n;
-	/* only needed when BN_ucmp messes up the values between top and max */
-	wnum.dmax  = snum->dmax - loop; /* so we don't step out of bounds */
-
-	/* Get the top 2 words of sdiv */
-	/* div_n=sdiv->top; */
-	d0=sdiv->d[div_n-1];
-	d1=(div_n == 1)?0:sdiv->d[div_n-2];
-
-	/* pointer to the 'top' of snum */
-	wnump= &(snum->d[num_n-1]);
-
-	/* Setup to 'res' */
-	res->neg= (num->neg^divisor->neg);
-	if (!bn_wexpand(res,(loop+1))) goto err;
-	res->top=loop-1;
-	resp= &(res->d[loop-1]);
-
-	/* space for temp */
-	if (!bn_wexpand(tmp,(div_n+1))) goto err;
-
-	/* if res->top == 0 then clear the neg value otherwise decrease
-	 * the resp pointer */
-	if (res->top == 0)
-		res->neg = 0;
-	else
-		resp--;
-
-	for (i=0; i<loop-1; i++, wnump--, resp--)
-		{
-		BN_ULONG q,l0;
-		/* the first part of the loop uses the top two words of
-		 * snum and sdiv to calculate a BN_ULONG q such that
-		 * | wnum - sdiv * q | < sdiv */
-#if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
-		BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG);
-		q=bn_div_3_words(wnump,d1,d0);
-#else
-		BN_ULONG n0,n1,rem=0;
-
-		n0=wnump[0];
-		n1=wnump[-1];
-		if (n0 == d0)
-			q=BN_MASK2;
-		else 			/* n0 < d0 */
-			{
-#ifdef BN_LLONG
-			BN_ULLONG t2;
-
-#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
-			q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0);
-#else
-			q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
-			fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
-				n0, n1, d0, q);
-#endif
-#endif
-
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
-			/*
-			 * rem doesn't have to be BN_ULLONG. The least we
-			 * know it's less that d0, isn't it?
-			 */
-			rem=(n1-q*d0)&BN_MASK2;
-#endif
-			t2=(BN_ULLONG)d1*q;
-
-			for (;;)
-				{
-				if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2]))
-					break;
-				q--;
-				rem += d0;
-				if (rem < d0) break; /* don't let rem overflow */
-				t2 -= d1;
-				}
-#else /* !BN_LLONG */
-			BN_ULONG t2l,t2h;
-#if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
-			BN_ULONG ql,qh;
-#endif
-
-			q=bn_div_words(n0,n1,d0);
-#ifdef BN_DEBUG_LEVITTE
-			fprintf(stderr,"DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
-X) -> 0x%08X\n",
-				n0, n1, d0, q);
-#endif
-#ifndef REMAINDER_IS_ALREADY_CALCULATED
-			rem=(n1-q*d0)&BN_MASK2;
-#endif
-
-#if defined(BN_UMULT_LOHI)
-			BN_UMULT_LOHI(t2l,t2h,d1,q);
-#elif defined(BN_UMULT_HIGH)
-			t2l = d1 * q;
-			t2h = BN_UMULT_HIGH(d1,q);
-#else
-			t2l=LBITS(d1); t2h=HBITS(d1);
-			ql =LBITS(q);  qh =HBITS(q);
-			mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */
-#endif
-
-			for (;;)
-				{
-				if ((t2h < rem) ||
-					((t2h == rem) && (t2l <= wnump[-2])))
-					break;
-				q--;
-				rem += d0;
-				if (rem < d0) break; /* don't let rem overflow */
-				if (t2l < d1) t2h--; t2l -= d1;
-				}
-#endif /* !BN_LLONG */
-			}
-#endif /* !BN_DIV3W */
-
-		l0=bn_mul_words(tmp->d,sdiv->d,div_n,q);
-		tmp->d[div_n]=l0;
-		wnum.d--;
-		/* ingore top values of the bignums just sub the two 
-		 * BN_ULONG arrays with bn_sub_words */
-		if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n+1))
-			{
-			/* Note: As we have considered only the leading
-			 * two BN_ULONGs in the calculation of q, sdiv * q
-			 * might be greater than wnum (but then (q-1) * sdiv
-			 * is less or equal than wnum)
-			 */
-			q--;
-			if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
-				/* we can't have an overflow here (assuming
-				 * that q != 0, but if q == 0 then tmp is
-				 * zero anyway) */
-				(*wnump)++;
-			}
-		/* store part of the result */
-		*resp = q;
-		}
-	bn_correct_top(snum);
-	if (rm != NULL)
-		{
-		/* Keep a copy of the neg flag in num because if rm==num
-		 * BN_rshift() will overwrite it.
-		 */
-		int neg = num->neg;
-		BN_rshift(rm,snum,norm_shift);
-		if (!BN_is_zero(rm))
-			rm->neg = neg;
-		bn_check_top(rm);
-		}
-	bn_correct_top(res);
-	BN_CTX_end(ctx);
-	return(1);
-err:
-	bn_check_top(rm);
-	BN_CTX_end(ctx);
-	return(0);
-	}
+static int BN_div_no_branch(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num,
+                            const BIGNUM *divisor, BN_CTX *ctx)
+{
+    int norm_shift, i, loop;
+    BIGNUM *tmp, wnum, *snum, *sdiv, *res;
+    BN_ULONG *resp, *wnump;
+    BN_ULONG d0, d1;
+    int num_n, div_n;
+
+    bn_check_top(dv);
+    bn_check_top(rm);
+    /*- bn_check_top(num); *//*
+     * 'num' has been checked in BN_div()
+     */
+    bn_check_top(divisor);
+
+    if (BN_is_zero(divisor)) {
+        BNerr(BN_F_BN_DIV_NO_BRANCH, BN_R_DIV_BY_ZERO);
+        return (0);
+    }
+
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    snum = BN_CTX_get(ctx);
+    sdiv = BN_CTX_get(ctx);
+    if (dv == NULL)
+        res = BN_CTX_get(ctx);
+    else
+        res = dv;
+    if (sdiv == NULL || res == NULL)
+        goto err;
+
+    /* First we normalise the numbers */
+    norm_shift = BN_BITS2 - ((BN_num_bits(divisor)) % BN_BITS2);
+    if (!(BN_lshift(sdiv, divisor, norm_shift)))
+        goto err;
+    sdiv->neg = 0;
+    norm_shift += BN_BITS2;
+    if (!(BN_lshift(snum, num, norm_shift)))
+        goto err;
+    snum->neg = 0;
+
+    /*
+     * Since we don't know whether snum is larger than sdiv, we pad snum with
+     * enough zeroes without changing its value.
+     */
+    if (snum->top <= sdiv->top + 1) {
+        if (bn_wexpand(snum, sdiv->top + 2) == NULL)
+            goto err;
+        for (i = snum->top; i < sdiv->top + 2; i++)
+            snum->d[i] = 0;
+        snum->top = sdiv->top + 2;
+    } else {
+        if (bn_wexpand(snum, snum->top + 1) == NULL)
+            goto err;
+        snum->d[snum->top] = 0;
+        snum->top++;
+    }
+
+    div_n = sdiv->top;
+    num_n = snum->top;
+    loop = num_n - div_n;
+    /*
+     * Lets setup a 'window' into snum This is the part that corresponds to
+     * the current 'area' being divided
+     */
+    wnum.neg = 0;
+    wnum.d = &(snum->d[loop]);
+    wnum.top = div_n;
+    /*
+     * only needed when BN_ucmp messes up the values between top and max
+     */
+    wnum.dmax = snum->dmax - loop; /* so we don't step out of bounds */
+
+    /* Get the top 2 words of sdiv */
+    /* div_n=sdiv->top; */
+    d0 = sdiv->d[div_n - 1];
+    d1 = (div_n == 1) ? 0 : sdiv->d[div_n - 2];
+
+    /* pointer to the 'top' of snum */
+    wnump = &(snum->d[num_n - 1]);
+
+    /* Setup to 'res' */
+    res->neg = (num->neg ^ divisor->neg);
+    if (!bn_wexpand(res, (loop + 1)))
+        goto err;
+    res->top = loop - 1;
+    resp = &(res->d[loop - 1]);
+
+    /* space for temp */
+    if (!bn_wexpand(tmp, (div_n + 1)))
+        goto err;
+
+    /*
+     * if res->top == 0 then clear the neg value otherwise decrease the resp
+     * pointer
+     */
+    if (res->top == 0)
+        res->neg = 0;
+    else
+        resp--;
+
+    for (i = 0; i < loop - 1; i++, wnump--, resp--) {
+        BN_ULONG q, l0;
+        /*
+         * the first part of the loop uses the top two words of snum and sdiv
+         * to calculate a BN_ULONG q such that | wnum - sdiv * q | < sdiv
+         */
+# if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM)
+        BN_ULONG bn_div_3_words(BN_ULONG *, BN_ULONG, BN_ULONG);
+        q = bn_div_3_words(wnump, d1, d0);
+# else
+        BN_ULONG n0, n1, rem = 0;
+
+        n0 = wnump[0];
+        n1 = wnump[-1];
+        if (n0 == d0)
+            q = BN_MASK2;
+        else {                  /* n0 < d0 */
+
+#  ifdef BN_LLONG
+            BN_ULLONG t2;
+
+#   if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words)
+            q = (BN_ULONG)(((((BN_ULLONG) n0) << BN_BITS2) | n1) / d0);
+#   else
+            q = bn_div_words(n0, n1, d0);
+#    ifdef BN_DEBUG_LEVITTE
+            fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n", n0, n1, d0, q);
+#    endif
+#   endif
+
+#   ifndef REMAINDER_IS_ALREADY_CALCULATED
+            /*
+             * rem doesn't have to be BN_ULLONG. The least we
+             * know it's less that d0, isn't it?
+             */
+            rem = (n1 - q * d0) & BN_MASK2;
+#   endif
+            t2 = (BN_ULLONG) d1 *q;
+
+            for (;;) {
+                if (t2 <= ((((BN_ULLONG) rem) << BN_BITS2) | wnump[-2]))
+                    break;
+                q--;
+                rem += d0;
+                if (rem < d0)
+                    break;      /* don't let rem overflow */
+                t2 -= d1;
+            }
+#  else                         /* !BN_LLONG */
+            BN_ULONG t2l, t2h;
+#   if !defined(BN_UMULT_LOHI) && !defined(BN_UMULT_HIGH)
+            BN_ULONG ql, qh;
+#   endif
+
+            q = bn_div_words(n0, n1, d0);
+#   ifdef BN_DEBUG_LEVITTE
+            fprintf(stderr, "DEBUG: bn_div_words(0x%08X,0x%08X,0x%08\
+X) -> 0x%08X\n", n0, n1, d0, q);
+#   endif
+#   ifndef REMAINDER_IS_ALREADY_CALCULATED
+            rem = (n1 - q * d0) & BN_MASK2;
+#   endif
+
+#   if defined(BN_UMULT_LOHI)
+            BN_UMULT_LOHI(t2l, t2h, d1, q);
+#   elif defined(BN_UMULT_HIGH)
+            t2l = d1 * q;
+            t2h = BN_UMULT_HIGH(d1, q);
+#   else
+            t2l = LBITS(d1);
+            t2h = HBITS(d1);
+            ql = LBITS(q);
+            qh = HBITS(q);
+            mul64(t2l, t2h, ql, qh); /* t2=(BN_ULLONG)d1*q; */
+#   endif
+
+            for (;;) {
+                if ((t2h < rem) || ((t2h == rem) && (t2l <= wnump[-2])))
+                    break;
+                q--;
+                rem += d0;
+                if (rem < d0)
+                    break;      /* don't let rem overflow */
+                if (t2l < d1)
+                    t2h--;
+                t2l -= d1;
+            }
+#  endif                        /* !BN_LLONG */
+        }
+# endif                         /* !BN_DIV3W */
+
+        l0 = bn_mul_words(tmp->d, sdiv->d, div_n, q);
+        tmp->d[div_n] = l0;
+        wnum.d--;
+        /*
+         * ingore top values of the bignums just sub the two BN_ULONG arrays
+         * with bn_sub_words
+         */
+        if (bn_sub_words(wnum.d, wnum.d, tmp->d, div_n + 1)) {
+            /*
+             * Note: As we have considered only the leading two BN_ULONGs in
+             * the calculation of q, sdiv * q might be greater than wnum (but
+             * then (q-1) * sdiv is less or equal than wnum)
+             */
+            q--;
+            if (bn_add_words(wnum.d, wnum.d, sdiv->d, div_n))
+                /*
+                 * we can't have an overflow here (assuming that q != 0, but
+                 * if q == 0 then tmp is zero anyway)
+                 */
+                (*wnump)++;
+        }
+        /* store part of the result */
+        *resp = q;
+    }
+    bn_correct_top(snum);
+    if (rm != NULL) {
+        /*
+         * Keep a copy of the neg flag in num because if rm==num BN_rshift()
+         * will overwrite it.
+         */
+        int neg = num->neg;
+        BN_rshift(rm, snum, norm_shift);
+        if (!BN_is_zero(rm))
+            rm->neg = neg;
+        bn_check_top(rm);
+    }
+    bn_correct_top(res);
+    BN_CTX_end(ctx);
+    return (1);
+ err:
+    bn_check_top(rm);
+    BN_CTX_end(ctx);
+    return (0);
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_err.c b/Cryptlib/OpenSSL/crypto/bn/bn_err.c
index cfe2eb94..faa7e226 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_err.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,86 +66,85 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BN,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BN,0,reason)
 
-static ERR_STRING_DATA BN_str_functs[]=
-	{
-{ERR_FUNC(BN_F_BNRAND),	"BNRAND"},
-{ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX),	"BN_BLINDING_convert_ex"},
-{ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM),	"BN_BLINDING_create_param"},
-{ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX),	"BN_BLINDING_invert_ex"},
-{ERR_FUNC(BN_F_BN_BLINDING_NEW),	"BN_BLINDING_new"},
-{ERR_FUNC(BN_F_BN_BLINDING_UPDATE),	"BN_BLINDING_update"},
-{ERR_FUNC(BN_F_BN_BN2DEC),	"BN_bn2dec"},
-{ERR_FUNC(BN_F_BN_BN2HEX),	"BN_bn2hex"},
-{ERR_FUNC(BN_F_BN_CTX_GET),	"BN_CTX_get"},
-{ERR_FUNC(BN_F_BN_CTX_NEW),	"BN_CTX_new"},
-{ERR_FUNC(BN_F_BN_CTX_START),	"BN_CTX_start"},
-{ERR_FUNC(BN_F_BN_DIV),	"BN_div"},
-{ERR_FUNC(BN_F_BN_DIV_NO_BRANCH),	"BN_div_no_branch"},
-{ERR_FUNC(BN_F_BN_DIV_RECP),	"BN_div_recp"},
-{ERR_FUNC(BN_F_BN_EXP),	"BN_exp"},
-{ERR_FUNC(BN_F_BN_EXPAND2),	"bn_expand2"},
-{ERR_FUNC(BN_F_BN_EXPAND_INTERNAL),	"BN_EXPAND_INTERNAL"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD),	"BN_GF2m_mod"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_EXP),	"BN_GF2m_mod_exp"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_MUL),	"BN_GF2m_mod_mul"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD),	"BN_GF2m_mod_solve_quad"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR),	"BN_GF2m_mod_solve_quad_arr"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQR),	"BN_GF2m_mod_sqr"},
-{ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT),	"BN_GF2m_mod_sqrt"},
-{ERR_FUNC(BN_F_BN_MOD_EXP2_MONT),	"BN_mod_exp2_mont"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT),	"BN_mod_exp_mont"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME),	"BN_mod_exp_mont_consttime"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD),	"BN_mod_exp_mont_word"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_RECP),	"BN_mod_exp_recp"},
-{ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE),	"BN_mod_exp_simple"},
-{ERR_FUNC(BN_F_BN_MOD_INVERSE),	"BN_mod_inverse"},
-{ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH),	"BN_mod_inverse_no_branch"},
-{ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK),	"BN_mod_lshift_quick"},
-{ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL),	"BN_mod_mul_reciprocal"},
-{ERR_FUNC(BN_F_BN_MOD_SQRT),	"BN_mod_sqrt"},
-{ERR_FUNC(BN_F_BN_MPI2BN),	"BN_mpi2bn"},
-{ERR_FUNC(BN_F_BN_NEW),	"BN_new"},
-{ERR_FUNC(BN_F_BN_RAND),	"BN_rand"},
-{ERR_FUNC(BN_F_BN_RAND_RANGE),	"BN_rand_range"},
-{ERR_FUNC(BN_F_BN_USUB),	"BN_usub"},
-{0,NULL}
-	};
+static ERR_STRING_DATA BN_str_functs[] = {
+    {ERR_FUNC(BN_F_BNRAND), "BNRAND"},
+    {ERR_FUNC(BN_F_BN_BLINDING_CONVERT_EX), "BN_BLINDING_convert_ex"},
+    {ERR_FUNC(BN_F_BN_BLINDING_CREATE_PARAM), "BN_BLINDING_create_param"},
+    {ERR_FUNC(BN_F_BN_BLINDING_INVERT_EX), "BN_BLINDING_invert_ex"},
+    {ERR_FUNC(BN_F_BN_BLINDING_NEW), "BN_BLINDING_new"},
+    {ERR_FUNC(BN_F_BN_BLINDING_UPDATE), "BN_BLINDING_update"},
+    {ERR_FUNC(BN_F_BN_BN2DEC), "BN_bn2dec"},
+    {ERR_FUNC(BN_F_BN_BN2HEX), "BN_bn2hex"},
+    {ERR_FUNC(BN_F_BN_CTX_GET), "BN_CTX_get"},
+    {ERR_FUNC(BN_F_BN_CTX_NEW), "BN_CTX_new"},
+    {ERR_FUNC(BN_F_BN_CTX_START), "BN_CTX_start"},
+    {ERR_FUNC(BN_F_BN_DIV), "BN_div"},
+    {ERR_FUNC(BN_F_BN_DIV_NO_BRANCH), "BN_div_no_branch"},
+    {ERR_FUNC(BN_F_BN_DIV_RECP), "BN_div_recp"},
+    {ERR_FUNC(BN_F_BN_EXP), "BN_exp"},
+    {ERR_FUNC(BN_F_BN_EXPAND2), "bn_expand2"},
+    {ERR_FUNC(BN_F_BN_EXPAND_INTERNAL), "BN_EXPAND_INTERNAL"},
+    {ERR_FUNC(BN_F_BN_GF2M_MOD), "BN_GF2m_mod"},
+    {ERR_FUNC(BN_F_BN_GF2M_MOD_EXP), "BN_GF2m_mod_exp"},
+    {ERR_FUNC(BN_F_BN_GF2M_MOD_MUL), "BN_GF2m_mod_mul"},
+    {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD), "BN_GF2m_mod_solve_quad"},
+    {ERR_FUNC(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR), "BN_GF2m_mod_solve_quad_arr"},
+    {ERR_FUNC(BN_F_BN_GF2M_MOD_SQR), "BN_GF2m_mod_sqr"},
+    {ERR_FUNC(BN_F_BN_GF2M_MOD_SQRT), "BN_GF2m_mod_sqrt"},
+    {ERR_FUNC(BN_F_BN_MOD_EXP2_MONT), "BN_mod_exp2_mont"},
+    {ERR_FUNC(BN_F_BN_MOD_EXP_MONT), "BN_mod_exp_mont"},
+    {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_CONSTTIME), "BN_mod_exp_mont_consttime"},
+    {ERR_FUNC(BN_F_BN_MOD_EXP_MONT_WORD), "BN_mod_exp_mont_word"},
+    {ERR_FUNC(BN_F_BN_MOD_EXP_RECP), "BN_mod_exp_recp"},
+    {ERR_FUNC(BN_F_BN_MOD_EXP_SIMPLE), "BN_mod_exp_simple"},
+    {ERR_FUNC(BN_F_BN_MOD_INVERSE), "BN_mod_inverse"},
+    {ERR_FUNC(BN_F_BN_MOD_INVERSE_NO_BRANCH), "BN_mod_inverse_no_branch"},
+    {ERR_FUNC(BN_F_BN_MOD_LSHIFT_QUICK), "BN_mod_lshift_quick"},
+    {ERR_FUNC(BN_F_BN_MOD_MUL_RECIPROCAL), "BN_mod_mul_reciprocal"},
+    {ERR_FUNC(BN_F_BN_MOD_SQRT), "BN_mod_sqrt"},
+    {ERR_FUNC(BN_F_BN_MPI2BN), "BN_mpi2bn"},
+    {ERR_FUNC(BN_F_BN_NEW), "BN_new"},
+    {ERR_FUNC(BN_F_BN_RAND), "BN_rand"},
+    {ERR_FUNC(BN_F_BN_RAND_RANGE), "BN_rand_range"},
+    {ERR_FUNC(BN_F_BN_USUB), "BN_usub"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA BN_str_reasons[]=
-	{
-{ERR_REASON(BN_R_ARG2_LT_ARG3)           ,"arg2 lt arg3"},
-{ERR_REASON(BN_R_BAD_RECIPROCAL)         ,"bad reciprocal"},
-{ERR_REASON(BN_R_BIGNUM_TOO_LONG)        ,"bignum too long"},
-{ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS),"called with even modulus"},
-{ERR_REASON(BN_R_DIV_BY_ZERO)            ,"div by zero"},
-{ERR_REASON(BN_R_ENCODING_ERROR)         ,"encoding error"},
-{ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),"expand on static bignum data"},
-{ERR_REASON(BN_R_INPUT_NOT_REDUCED)      ,"input not reduced"},
-{ERR_REASON(BN_R_INVALID_LENGTH)         ,"invalid length"},
-{ERR_REASON(BN_R_INVALID_RANGE)          ,"invalid range"},
-{ERR_REASON(BN_R_NOT_A_SQUARE)           ,"not a square"},
-{ERR_REASON(BN_R_NOT_INITIALIZED)        ,"not initialized"},
-{ERR_REASON(BN_R_NO_INVERSE)             ,"no inverse"},
-{ERR_REASON(BN_R_NO_SOLUTION)            ,"no solution"},
-{ERR_REASON(BN_R_P_IS_NOT_PRIME)         ,"p is not prime"},
-{ERR_REASON(BN_R_TOO_MANY_ITERATIONS)    ,"too many iterations"},
-{ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),"too many temporary variables"},
-{0,NULL}
-	};
+static ERR_STRING_DATA BN_str_reasons[] = {
+    {ERR_REASON(BN_R_ARG2_LT_ARG3), "arg2 lt arg3"},
+    {ERR_REASON(BN_R_BAD_RECIPROCAL), "bad reciprocal"},
+    {ERR_REASON(BN_R_BIGNUM_TOO_LONG), "bignum too long"},
+    {ERR_REASON(BN_R_CALLED_WITH_EVEN_MODULUS), "called with even modulus"},
+    {ERR_REASON(BN_R_DIV_BY_ZERO), "div by zero"},
+    {ERR_REASON(BN_R_ENCODING_ERROR), "encoding error"},
+    {ERR_REASON(BN_R_EXPAND_ON_STATIC_BIGNUM_DATA),
+     "expand on static bignum data"},
+    {ERR_REASON(BN_R_INPUT_NOT_REDUCED), "input not reduced"},
+    {ERR_REASON(BN_R_INVALID_LENGTH), "invalid length"},
+    {ERR_REASON(BN_R_INVALID_RANGE), "invalid range"},
+    {ERR_REASON(BN_R_NOT_A_SQUARE), "not a square"},
+    {ERR_REASON(BN_R_NOT_INITIALIZED), "not initialized"},
+    {ERR_REASON(BN_R_NO_INVERSE), "no inverse"},
+    {ERR_REASON(BN_R_NO_SOLUTION), "no solution"},
+    {ERR_REASON(BN_R_P_IS_NOT_PRIME), "p is not prime"},
+    {ERR_REASON(BN_R_TOO_MANY_ITERATIONS), "too many iterations"},
+    {ERR_REASON(BN_R_TOO_MANY_TEMPORARY_VARIABLES),
+     "too many temporary variables"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_BN_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(BN_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,BN_str_functs);
-		ERR_load_strings(0,BN_str_reasons);
-		}
+    if (ERR_func_error_string(BN_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, BN_str_functs);
+        ERR_load_strings(0, BN_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c
index d9b6c737..ef67843f 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -109,883 +109,899 @@
  *
  */
 
-
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
 /* maximum precomputation table size for *variable* sliding windows */
-#define TABLE_SIZE	32
+#define TABLE_SIZE      32
 
 /* this one works - simple but works */
 int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-	{
-	int i,bits,ret=0;
-	BIGNUM *v,*rr;
-
-	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
-		{
-		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-		BNerr(BN_F_BN_EXP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return -1;
-		}
-
-	BN_CTX_start(ctx);
-	if ((r == a) || (r == p))
-		rr = BN_CTX_get(ctx);
-	else
-		rr = r;
-	v = BN_CTX_get(ctx);
-	if (rr == NULL || v == NULL) goto err;
-
-	if (BN_copy(v,a) == NULL) goto err;
-	bits=BN_num_bits(p);
-
-	if (BN_is_odd(p))
-		{ if (BN_copy(rr,a) == NULL) goto err; }
-	else	{ if (!BN_one(rr)) goto err; }
-
-	for (i=1; i<bits; i++)
-		{
-		if (!BN_sqr(v,v,ctx)) goto err;
-		if (BN_is_bit_set(p,i))
-			{
-			if (!BN_mul(rr,rr,v,ctx)) goto err;
-			}
-		}
-	ret=1;
-err:
-	if (r != rr) BN_copy(r,rr);
-	BN_CTX_end(ctx);
-	bn_check_top(r);
-	return(ret);
-	}
-
+{
+    int i, bits, ret = 0;
+    BIGNUM *v, *rr;
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_EXP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return -1;
+    }
+
+    BN_CTX_start(ctx);
+    if ((r == a) || (r == p))
+        rr = BN_CTX_get(ctx);
+    else
+        rr = r;
+    v = BN_CTX_get(ctx);
+    if (rr == NULL || v == NULL)
+        goto err;
+
+    if (BN_copy(v, a) == NULL)
+        goto err;
+    bits = BN_num_bits(p);
+
+    if (BN_is_odd(p)) {
+        if (BN_copy(rr, a) == NULL)
+            goto err;
+    } else {
+        if (!BN_one(rr))
+            goto err;
+    }
+
+    for (i = 1; i < bits; i++) {
+        if (!BN_sqr(v, v, ctx))
+            goto err;
+        if (BN_is_bit_set(p, i)) {
+            if (!BN_mul(rr, rr, v, ctx))
+                goto err;
+        }
+    }
+    ret = 1;
+ err:
+    if (r != rr)
+        BN_copy(r, rr);
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return (ret);
+}
 
 int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
-	       BN_CTX *ctx)
-	{
-	int ret;
-
-	bn_check_top(a);
-	bn_check_top(p);
-	bn_check_top(m);
-
-	/* For even modulus  m = 2^k*m_odd,  it might make sense to compute
-	 * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery
-	 * exponentiation for the odd part), using appropriate exponent
-	 * reductions, and combine the results using the CRT.
-	 *
-	 * For now, we use Montgomery only if the modulus is odd; otherwise,
-	 * exponentiation using the reciprocal-based quick remaindering
-	 * algorithm is used.
-	 *
-	 * (Timing obtained with expspeed.c [computations  a^p mod m
-	 * where  a, p, m  are of the same length: 256, 512, 1024, 2048,
-	 * 4096, 8192 bits], compared to the running time of the
-	 * standard algorithm:
-	 *
-	 *   BN_mod_exp_mont   33 .. 40 %  [AMD K6-2, Linux, debug configuration]
-         *                     55 .. 77 %  [UltraSparc processor, but
-	 *                                  debug-solaris-sparcv8-gcc conf.]
-	 * 
-	 *   BN_mod_exp_recp   50 .. 70 %  [AMD K6-2, Linux, debug configuration]
-	 *                     62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
-	 *
-	 * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
-	 * at 2048 and more bits, but at 512 and 1024 bits, it was
-	 * slower even than the standard algorithm!
-	 *
-	 * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
-	 * should be obtained when the new Montgomery reduction code
-	 * has been integrated into OpenSSL.)
-	 */
+               BN_CTX *ctx)
+{
+    int ret;
+
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+
+    /*-
+     * For even modulus  m = 2^k*m_odd,  it might make sense to compute
+     * a^p mod m_odd  and  a^p mod 2^k  separately (with Montgomery
+     * exponentiation for the odd part), using appropriate exponent
+     * reductions, and combine the results using the CRT.
+     *
+     * For now, we use Montgomery only if the modulus is odd; otherwise,
+     * exponentiation using the reciprocal-based quick remaindering
+     * algorithm is used.
+     *
+     * (Timing obtained with expspeed.c [computations  a^p mod m
+     * where  a, p, m  are of the same length: 256, 512, 1024, 2048,
+     * 4096, 8192 bits], compared to the running time of the
+     * standard algorithm:
+     *
+     *   BN_mod_exp_mont   33 .. 40 %  [AMD K6-2, Linux, debug configuration]
+     *                     55 .. 77 %  [UltraSparc processor, but
+     *                                  debug-solaris-sparcv8-gcc conf.]
+     *
+     *   BN_mod_exp_recp   50 .. 70 %  [AMD K6-2, Linux, debug configuration]
+     *                     62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc]
+     *
+     * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont
+     * at 2048 and more bits, but at 512 and 1024 bits, it was
+     * slower even than the standard algorithm!
+     *
+     * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations]
+     * should be obtained when the new Montgomery reduction code
+     * has been integrated into OpenSSL.)
+     */
 
 #define MONT_MUL_MOD
 #define MONT_EXP_WORD
 #define RECP_MUL_MOD
 
 #ifdef MONT_MUL_MOD
-	/* I have finally been able to take out this pre-condition of
-	 * the top bit being set.  It was caused by an error in BN_div
-	 * with negatives.  There was also another problem when for a^b%m
-	 * a >= m.  eay 07-May-97 */
-/*	if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
-
-	if (BN_is_odd(m))
-		{
-#  ifdef MONT_EXP_WORD
-		if (a->top == 1 && !a->neg && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0))
-			{
-			BN_ULONG A = a->d[0];
-			ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL);
-			}
-		else
-#  endif
-			ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL);
-		}
-	else
+    /*
+     * I have finally been able to take out this pre-condition of the top bit
+     * being set.  It was caused by an error in BN_div with negatives.  There
+     * was also another problem when for a^b%m a >= m.  eay 07-May-97
+     */
+    /* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */
+
+    if (BN_is_odd(m)) {
+# ifdef MONT_EXP_WORD
+        if (a->top == 1 && !a->neg
+            && (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) {
+            BN_ULONG A = a->d[0];
+            ret = BN_mod_exp_mont_word(r, A, p, m, ctx, NULL);
+        } else
+# endif
+            ret = BN_mod_exp_mont(r, a, p, m, ctx, NULL);
+    } else
 #endif
 #ifdef RECP_MUL_MOD
-		{ ret=BN_mod_exp_recp(r,a,p,m,ctx); }
+    {
+        ret = BN_mod_exp_recp(r, a, p, m, ctx);
+    }
 #else
-		{ ret=BN_mod_exp_simple(r,a,p,m,ctx); }
+    {
+        ret = BN_mod_exp_simple(r, a, p, m, ctx);
+    }
 #endif
 
-	bn_check_top(r);
-	return(ret);
-	}
-
+    bn_check_top(r);
+    return (ret);
+}
 
 int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-		    const BIGNUM *m, BN_CTX *ctx)
-	{
-	int i,j,bits,ret=0,wstart,wend,window,wvalue;
-	int start=1;
-	BIGNUM *aa;
-	/* Table of variables obtained from 'ctx' */
-	BIGNUM *val[TABLE_SIZE];
-	BN_RECP_CTX recp;
-
-	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
-		{
-		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-		BNerr(BN_F_BN_MOD_EXP_RECP,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return -1;
-		}
-
-	bits=BN_num_bits(p);
-
-	if (bits == 0)
-		{
-		ret = BN_one(r);
-		return ret;
-		}
-
-	BN_CTX_start(ctx);
-	aa = BN_CTX_get(ctx);
-	val[0] = BN_CTX_get(ctx);
-	if(!aa || !val[0]) goto err;
-
-	BN_RECP_CTX_init(&recp);
-	if (m->neg)
-		{
-		/* ignore sign of 'm' */
-		if (!BN_copy(aa, m)) goto err;
-		aa->neg = 0;
-		if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err;
-		}
-	else
-		{
-		if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
-		}
-
-	if (!BN_nnmod(val[0],a,m,ctx)) goto err;		/* 1 */
-	if (BN_is_zero(val[0]))
-		{
-		BN_zero(r);
-		ret = 1;
-		goto err;
-		}
-
-	window = BN_window_bits_for_exponent_size(bits);
-	if (window > 1)
-		{
-		if (!BN_mod_mul_reciprocal(aa,val[0],val[0],&recp,ctx))
-			goto err;				/* 2 */
-		j=1<<(window-1);
-		for (i=1; i<j; i++)
-			{
-			if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
-					!BN_mod_mul_reciprocal(val[i],val[i-1],
-						aa,&recp,ctx))
-				goto err;
-			}
-		}
-		
-	start=1;	/* This is used to avoid multiplication etc
-			 * when there is only the value '1' in the
-			 * buffer. */
-	wvalue=0;	/* The 'value' of the window */
-	wstart=bits-1;	/* The top bit of the window */
-	wend=0;		/* The bottom bit of the window */
-
-	if (!BN_one(r)) goto err;
-
-	for (;;)
-		{
-		if (BN_is_bit_set(p,wstart) == 0)
-			{
-			if (!start)
-				if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
-				goto err;
-			if (wstart == 0) break;
-			wstart--;
-			continue;
-			}
-		/* We now have wstart on a 'set' bit, we now need to work out
-		 * how bit a window to do.  To do this we need to scan
-		 * forward until the last set bit before the end of the
-		 * window */
-		j=wstart;
-		wvalue=1;
-		wend=0;
-		for (i=1; i<window; i++)
-			{
-			if (wstart-i < 0) break;
-			if (BN_is_bit_set(p,wstart-i))
-				{
-				wvalue<<=(i-wend);
-				wvalue|=1;
-				wend=i;
-				}
-			}
-
-		/* wend is the size of the current window */
-		j=wend+1;
-		/* add the 'bytes above' */
-		if (!start)
-			for (i=0; i<j; i++)
-				{
-				if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx))
-					goto err;
-				}
-		
-		/* wvalue will be an odd number < 2^window */
-		if (!BN_mod_mul_reciprocal(r,r,val[wvalue>>1],&recp,ctx))
-			goto err;
-
-		/* move the 'window' down further */
-		wstart-=wend+1;
-		wvalue=0;
-		start=0;
-		if (wstart < 0) break;
-		}
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	BN_RECP_CTX_free(&recp);
-	bn_check_top(r);
-	return(ret);
-	}
-
+                    const BIGNUM *m, BN_CTX *ctx)
+{
+    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+    int start = 1;
+    BIGNUM *aa;
+    /* Table of variables obtained from 'ctx' */
+    BIGNUM *val[TABLE_SIZE];
+    BN_RECP_CTX recp;
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_MOD_EXP_RECP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return -1;
+    }
+
+    bits = BN_num_bits(p);
+
+    if (bits == 0) {
+        ret = BN_one(r);
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    aa = BN_CTX_get(ctx);
+    val[0] = BN_CTX_get(ctx);
+    if (!aa || !val[0])
+        goto err;
+
+    BN_RECP_CTX_init(&recp);
+    if (m->neg) {
+        /* ignore sign of 'm' */
+        if (!BN_copy(aa, m))
+            goto err;
+        aa->neg = 0;
+        if (BN_RECP_CTX_set(&recp, aa, ctx) <= 0)
+            goto err;
+    } else {
+        if (BN_RECP_CTX_set(&recp, m, ctx) <= 0)
+            goto err;
+    }
+
+    if (!BN_nnmod(val[0], a, m, ctx))
+        goto err;               /* 1 */
+    if (BN_is_zero(val[0])) {
+        BN_zero(r);
+        ret = 1;
+        goto err;
+    }
+
+    window = BN_window_bits_for_exponent_size(bits);
+    if (window > 1) {
+        if (!BN_mod_mul_reciprocal(aa, val[0], val[0], &recp, ctx))
+            goto err;           /* 2 */
+        j = 1 << (window - 1);
+        for (i = 1; i < j; i++) {
+            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_reciprocal(val[i], val[i - 1], aa, &recp, ctx))
+                goto err;
+        }
+    }
+
+    start = 1;                  /* This is used to avoid multiplication etc
+                                 * when there is only the value '1' in the
+                                 * buffer. */
+    wvalue = 0;                 /* The 'value' of the window */
+    wstart = bits - 1;          /* The top bit of the window */
+    wend = 0;                   /* The bottom bit of the window */
+
+    if (!BN_one(r))
+        goto err;
+
+    for (;;) {
+        if (BN_is_bit_set(p, wstart) == 0) {
+            if (!start)
+                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+                    goto err;
+            if (wstart == 0)
+                break;
+            wstart--;
+            continue;
+        }
+        /*
+         * We now have wstart on a 'set' bit, we now need to work out how bit
+         * a window to do.  To do this we need to scan forward until the last
+         * set bit before the end of the window
+         */
+        j = wstart;
+        wvalue = 1;
+        wend = 0;
+        for (i = 1; i < window; i++) {
+            if (wstart - i < 0)
+                break;
+            if (BN_is_bit_set(p, wstart - i)) {
+                wvalue <<= (i - wend);
+                wvalue |= 1;
+                wend = i;
+            }
+        }
+
+        /* wend is the size of the current window */
+        j = wend + 1;
+        /* add the 'bytes above' */
+        if (!start)
+            for (i = 0; i < j; i++) {
+                if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx))
+                    goto err;
+            }
+
+        /* wvalue will be an odd number < 2^window */
+        if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx))
+            goto err;
+
+        /* move the 'window' down further */
+        wstart -= wend + 1;
+        wvalue = 0;
+        start = 0;
+        if (wstart < 0)
+            break;
+    }
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    BN_RECP_CTX_free(&recp);
+    bn_check_top(r);
+    return (ret);
+}
 
 int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
-		    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-	{
-	int i,j,bits,ret=0,wstart,wend,window,wvalue;
-	int start=1;
-	BIGNUM *d,*r;
-	const BIGNUM *aa;
-	/* Table of variables obtained from 'ctx' */
-	BIGNUM *val[TABLE_SIZE];
-	BN_MONT_CTX *mont=NULL;
-
-	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
-		{
-		return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
-		}
-
-	bn_check_top(a);
-	bn_check_top(p);
-	bn_check_top(m);
-
-	if (!BN_is_odd(m))
-		{
-		BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
-		return(0);
-		}
-	bits=BN_num_bits(p);
-	if (bits == 0)
-		{
-		ret = BN_one(rr);
-		return ret;
-		}
-
-	BN_CTX_start(ctx);
-	d = BN_CTX_get(ctx);
-	r = BN_CTX_get(ctx);
-	val[0] = BN_CTX_get(ctx);
-	if (!d || !r || !val[0]) goto err;
-
-	/* If this is not done, things will break in the montgomery
-	 * part */
-
-	if (in_mont != NULL)
-		mont=in_mont;
-	else
-		{
-		if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
-		}
-
-	if (a->neg || BN_ucmp(a,m) >= 0)
-		{
-		if (!BN_nnmod(val[0],a,m,ctx))
-			goto err;
-		aa= val[0];
-		}
-	else
-		aa=a;
-	if (BN_is_zero(aa))
-		{
-		BN_zero(rr);
-		ret = 1;
-		goto err;
-		}
-	if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */
-
-	window = BN_window_bits_for_exponent_size(bits);
-	if (window > 1)
-		{
-		if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */
-		j=1<<(window-1);
-		for (i=1; i<j; i++)
-			{
-			if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
-					!BN_mod_mul_montgomery(val[i],val[i-1],
-						d,mont,ctx))
-				goto err;
-			}
-		}
-
-	start=1;	/* This is used to avoid multiplication etc
-			 * when there is only the value '1' in the
-			 * buffer. */
-	wvalue=0;	/* The 'value' of the window */
-	wstart=bits-1;	/* The top bit of the window */
-	wend=0;		/* The bottom bit of the window */
-
-	if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
-	for (;;)
-		{
-		if (BN_is_bit_set(p,wstart) == 0)
-			{
-			if (!start)
-				{
-				if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
-				goto err;
-				}
-			if (wstart == 0) break;
-			wstart--;
-			continue;
-			}
-		/* We now have wstart on a 'set' bit, we now need to work out
-		 * how bit a window to do.  To do this we need to scan
-		 * forward until the last set bit before the end of the
-		 * window */
-		j=wstart;
-		wvalue=1;
-		wend=0;
-		for (i=1; i<window; i++)
-			{
-			if (wstart-i < 0) break;
-			if (BN_is_bit_set(p,wstart-i))
-				{
-				wvalue<<=(i-wend);
-				wvalue|=1;
-				wend=i;
-				}
-			}
-
-		/* wend is the size of the current window */
-		j=wend+1;
-		/* add the 'bytes above' */
-		if (!start)
-			for (i=0; i<j; i++)
-				{
-				if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
-					goto err;
-				}
-		
-		/* wvalue will be an odd number < 2^window */
-		if (!BN_mod_mul_montgomery(r,r,val[wvalue>>1],mont,ctx))
-			goto err;
-
-		/* move the 'window' down further */
-		wstart-=wend+1;
-		wvalue=0;
-		start=0;
-		if (wstart < 0) break;
-		}
-	if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
-	ret=1;
-err:
-	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
-	BN_CTX_end(ctx);
-	bn_check_top(rr);
-	return(ret);
-	}
-
-
-/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
- * so that accessing any of these table values shows the same access pattern as far
- * as cache lines are concerned.  The following functions are used to transfer a BIGNUM
- * from/to that table. */
-
-static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
-	{
-	size_t i, j;
-
-	if (bn_wexpand(b, top) == NULL)
-		return 0;
-	while (b->top < top)
-		{
-		b->d[b->top++] = 0;
-		}
-	
-	for (i = 0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
-		{
-		buf[j] = ((unsigned char*)b->d)[i];
-		}
-
-	bn_correct_top(b);
-	return 1;
-	}
-
-static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top, unsigned char *buf, int idx, int width)
-	{
-	size_t i, j;
-
-	if (bn_wexpand(b, top) == NULL)
-		return 0;
-
-	for (i=0, j=idx; i < top * sizeof b->d[0]; i++, j+=width)
-		{
-		((unsigned char*)b->d)[i] = buf[j];
-		}
-
-	b->top = top;
-	bn_correct_top(b);
-	return 1;
-	}	
-
-/* Given a pointer value, compute the next address that is a cache line multiple. */
-#define MOD_EXP_CTIME_ALIGN(x_) \
-	((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+                    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+    int start = 1;
+    BIGNUM *d, *r;
+    const BIGNUM *aa;
+    /* Table of variables obtained from 'ctx' */
+    BIGNUM *val[TABLE_SIZE];
+    BN_MONT_CTX *mont = NULL;
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
+        return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
+    }
+
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+
+    if (!BN_is_odd(m)) {
+        BNerr(BN_F_BN_MOD_EXP_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return (0);
+    }
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        ret = BN_one(rr);
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    r = BN_CTX_get(ctx);
+    val[0] = BN_CTX_get(ctx);
+    if (!d || !r || !val[0])
+        goto err;
+
+    /*
+     * If this is not done, things will break in the montgomery part
+     */
+
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    if (a->neg || BN_ucmp(a, m) >= 0) {
+        if (!BN_nnmod(val[0], a, m, ctx))
+            goto err;
+        aa = val[0];
+    } else
+        aa = a;
+    if (BN_is_zero(aa)) {
+        BN_zero(rr);
+        ret = 1;
+        goto err;
+    }
+    if (!BN_to_montgomery(val[0], aa, mont, ctx))
+        goto err;               /* 1 */
+
+    window = BN_window_bits_for_exponent_size(bits);
+    if (window > 1) {
+        if (!BN_mod_mul_montgomery(d, val[0], val[0], mont, ctx))
+            goto err;           /* 2 */
+        j = 1 << (window - 1);
+        for (i = 1; i < j; i++) {
+            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_montgomery(val[i], val[i - 1], d, mont, ctx))
+                goto err;
+        }
+    }
+
+    start = 1;                  /* This is used to avoid multiplication etc
+                                 * when there is only the value '1' in the
+                                 * buffer. */
+    wvalue = 0;                 /* The 'value' of the window */
+    wstart = bits - 1;          /* The top bit of the window */
+    wend = 0;                   /* The bottom bit of the window */
+
+    if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+        goto err;
+    for (;;) {
+        if (BN_is_bit_set(p, wstart) == 0) {
+            if (!start) {
+                if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                    goto err;
+            }
+            if (wstart == 0)
+                break;
+            wstart--;
+            continue;
+        }
+        /*
+         * We now have wstart on a 'set' bit, we now need to work out how bit
+         * a window to do.  To do this we need to scan forward until the last
+         * set bit before the end of the window
+         */
+        j = wstart;
+        wvalue = 1;
+        wend = 0;
+        for (i = 1; i < window; i++) {
+            if (wstart - i < 0)
+                break;
+            if (BN_is_bit_set(p, wstart - i)) {
+                wvalue <<= (i - wend);
+                wvalue |= 1;
+                wend = i;
+            }
+        }
+
+        /* wend is the size of the current window */
+        j = wend + 1;
+        /* add the 'bytes above' */
+        if (!start)
+            for (i = 0; i < j; i++) {
+                if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                    goto err;
+            }
+
+        /* wvalue will be an odd number < 2^window */
+        if (!BN_mod_mul_montgomery(r, r, val[wvalue >> 1], mont, ctx))
+            goto err;
+
+        /* move the 'window' down further */
+        wstart -= wend + 1;
+        wvalue = 0;
+        start = 0;
+        if (wstart < 0)
+            break;
+    }
+    if (!BN_from_montgomery(rr, r, mont, ctx))
+        goto err;
+    ret = 1;
+ err:
+    if ((in_mont == NULL) && (mont != NULL))
+        BN_MONT_CTX_free(mont);
+    BN_CTX_end(ctx);
+    bn_check_top(rr);
+    return (ret);
+}
+
+/*
+ * BN_mod_exp_mont_consttime() stores the precomputed powers in a specific
+ * layout so that accessing any of these table values shows the same access
+ * pattern as far as cache lines are concerned.  The following functions are
+ * used to transfer a BIGNUM from/to that table.
+ */
 
-/* This variant of BN_mod_exp_mont() uses fixed windows and the special
- * precomputation memory layout to limit data-dependency to a minimum
- * to protect secret exponents (cf. the hyper-threading timing attacks
- * pointed out by Colin Percival,
- * http://www.daemonology.net/hyperthreading-considered-harmful/)
+static int MOD_EXP_CTIME_COPY_TO_PREBUF(BIGNUM *b, int top,
+                                        unsigned char *buf, int idx,
+                                        int width)
+{
+    size_t i, j;
+
+    if (bn_wexpand(b, top) == NULL)
+        return 0;
+    while (b->top < top) {
+        b->d[b->top++] = 0;
+    }
+
+    for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
+        buf[j] = ((unsigned char *)b->d)[i];
+    }
+
+    bn_correct_top(b);
+    return 1;
+}
+
+static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
+                                          unsigned char *buf, int idx,
+                                          int width)
+{
+    size_t i, j;
+
+    if (bn_wexpand(b, top) == NULL)
+        return 0;
+
+    for (i = 0, j = idx; i < top * sizeof b->d[0]; i++, j += width) {
+        ((unsigned char *)b->d)[i] = buf[j];
+    }
+
+    b->top = top;
+    bn_correct_top(b);
+    return 1;
+}
+
+/*
+ * Given a pointer value, compute the next address that is a cache line
+ * multiple.
+ */
+#define MOD_EXP_CTIME_ALIGN(x_) \
+        ((unsigned char*)(x_) + (MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH - (((BN_ULONG)(x_)) & (MOD_EXP_CTIME_MIN_CACHE_LINE_MASK))))
+
+/*
+ * This variant of BN_mod_exp_mont() uses fixed windows and the special
+ * precomputation memory layout to limit data-dependency to a minimum to
+ * protect secret exponents (cf. the hyper-threading timing attacks pointed
+ * out by Colin Percival,
+ * http://www.daemong-consideredperthreading-considered-harmful/)
  */
 int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
-		    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-	{
-	int i,bits,ret=0,idx,window,wvalue;
-	int top;
- 	BIGNUM *r;
-	const BIGNUM *aa;
-	BN_MONT_CTX *mont=NULL;
-
-	int numPowers;
-	unsigned char *powerbufFree=NULL;
-	int powerbufLen = 0;
-	unsigned char *powerbuf=NULL;
-	BIGNUM *computeTemp=NULL, *am=NULL;
-
-	bn_check_top(a);
-	bn_check_top(p);
-	bn_check_top(m);
-
-	top = m->top;
-
-	if (!(m->d[0] & 1))
-		{
-		BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME,BN_R_CALLED_WITH_EVEN_MODULUS);
-		return(0);
-		}
-	bits=BN_num_bits(p);
-	if (bits == 0)
-		{
-		ret = BN_one(rr);
-		return ret;
-		}
-
- 	/* Initialize BIGNUM context and allocate intermediate result */
-	BN_CTX_start(ctx);
-	r = BN_CTX_get(ctx);
-	if (r == NULL) goto err;
-
-	/* Allocate a montgomery context if it was not supplied by the caller.
-	 * If this is not done, things will break in the montgomery part.
- 	 */
-	if (in_mont != NULL)
-		mont=in_mont;
-	else
-		{
-		if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
-		}
-
-	/* Get the window size to use with size of p. */
-	window = BN_window_bits_for_ctime_exponent_size(bits);
-
-	/* Allocate a buffer large enough to hold all of the pre-computed
-	 * powers of a.
-	 */
-	numPowers = 1 << window;
-	powerbufLen = sizeof(m->d[0])*top*numPowers;
-	if ((powerbufFree=(unsigned char*)OPENSSL_malloc(powerbufLen+MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
-		goto err;
-		
-	powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
-	memset(powerbuf, 0, powerbufLen);
-
- 	/* Initialize the intermediate result. Do this early to save double conversion,
-	 * once each for a^0 and intermediate result.
-	 */
- 	if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
-	if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers)) goto err;
-
-	/* Initialize computeTemp as a^1 with montgomery precalcs */
-	computeTemp = BN_CTX_get(ctx);
-	am = BN_CTX_get(ctx);
-	if (computeTemp==NULL || am==NULL) goto err;
-
-	if (a->neg || BN_ucmp(a,m) >= 0)
-		{
-		if (!BN_mod(am,a,m,ctx))
-			goto err;
-		aa= am;
-		}
-	else
-		aa=a;
-	if (!BN_to_montgomery(am,aa,mont,ctx)) goto err;
-	if (!BN_copy(computeTemp, am)) goto err;
-	if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers)) goto err;
-
-	/* If the window size is greater than 1, then calculate
-	 * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1)
-	 * (even powers could instead be computed as (a^(i/2))^2
-	 * to use the slight performance advantage of sqr over mul).
-	 */
-	if (window > 1)
-		{
-		for (i=2; i<numPowers; i++)
-			{
-			/* Calculate a^i = a^(i-1) * a */
-			if (!BN_mod_mul_montgomery(computeTemp,am,computeTemp,mont,ctx))
-				goto err;
-			if (!MOD_EXP_CTIME_COPY_TO_PREBUF(computeTemp, top, powerbuf, i, numPowers)) goto err;
-			}
-		}
-
- 	/* Adjust the number of bits up to a multiple of the window size.
- 	 * If the exponent length is not a multiple of the window size, then
- 	 * this pads the most significant bits with zeros to normalize the
- 	 * scanning loop to there's no special cases.
- 	 *
- 	 * * NOTE: Making the window size a power of two less than the native
-	 * * word size ensures that the padded bits won't go past the last
- 	 * * word in the internal BIGNUM structure. Going past the end will
- 	 * * still produce the correct result, but causes a different branch
- 	 * * to be taken in the BN_is_bit_set function.
- 	 */
- 	bits = ((bits+window-1)/window)*window;
- 	idx=bits-1;	/* The top bit of the window */
-
- 	/* Scan the exponent one window at a time starting from the most
- 	 * significant bits.
- 	 */
- 	while (idx >= 0)
-  		{
- 		wvalue=0; /* The 'value' of the window */
- 		
- 		/* Scan the window, squaring the result as we go */
- 		for (i=0; i<window; i++,idx--)
- 			{
-			if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))	goto err;
-			wvalue = (wvalue<<1)+BN_is_bit_set(p,idx);
-  			}
- 		
-		/* Fetch the appropriate pre-computed value from the pre-buf */
-		if (!MOD_EXP_CTIME_COPY_FROM_PREBUF(computeTemp, top, powerbuf, wvalue, numPowers)) goto err;
-
- 		/* Multiply the result into the intermediate result */
- 		if (!BN_mod_mul_montgomery(r,r,computeTemp,mont,ctx)) goto err;
-  		}
-
- 	/* Convert the final result from montgomery to standard format */
-	if (!BN_from_montgomery(rr,r,mont,ctx)) goto err;
-	ret=1;
-err:
-	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
-	if (powerbuf!=NULL)
-		{
-		OPENSSL_cleanse(powerbuf,powerbufLen);
-		OPENSSL_free(powerbufFree);
-		}
- 	if (am!=NULL) BN_clear(am);
- 	if (computeTemp!=NULL) BN_clear(computeTemp);
-	BN_CTX_end(ctx);
-	return(ret);
-	}
+                              const BIGNUM *m, BN_CTX *ctx,
+                              BN_MONT_CTX *in_mont)
+{
+    int i, bits, ret = 0, idx, window, wvalue;
+    int top;
+    BIGNUM *r;
+    const BIGNUM *aa;
+    BN_MONT_CTX *mont = NULL;
+
+    int numPowers;
+    unsigned char *powerbufFree = NULL;
+    int powerbufLen = 0;
+    unsigned char *powerbuf = NULL;
+    BIGNUM *computeTemp = NULL, *am = NULL;
+
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+
+    top = m->top;
+
+    if (!(m->d[0] & 1)) {
+        BNerr(BN_F_BN_MOD_EXP_MONT_CONSTTIME, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return (0);
+    }
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        ret = BN_one(rr);
+        return ret;
+    }
+
+    /* Initialize BIGNUM context and allocate intermediate result */
+    BN_CTX_start(ctx);
+    r = BN_CTX_get(ctx);
+    if (r == NULL)
+        goto err;
+
+    /*
+     * Allocate a montgomery context if it was not supplied by the caller. If
+     * this is not done, things will break in the montgomery part.
+     */
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    /* Get the window size to use with size of p. */
+    window = BN_window_bits_for_ctime_exponent_size(bits);
+
+    /*
+     * Allocate a buffer large enough to hold all of the pre-computed powers
+     * of a.
+     */
+    numPowers = 1 << window;
+    powerbufLen = sizeof(m->d[0]) * top * numPowers;
+    if ((powerbufFree =
+         (unsigned char *)OPENSSL_malloc(powerbufLen +
+                                         MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH))
+        == NULL)
+        goto err;
+
+    powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
+    memset(powerbuf, 0, powerbufLen);
+
+    /*
+     * Initialize the intermediate result. Do this early to save double
+     * conversion, once each for a^0 and intermediate result.
+     */
+    if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+        goto err;
+    if (!MOD_EXP_CTIME_COPY_TO_PREBUF(r, top, powerbuf, 0, numPowers))
+        goto err;
+
+    /* Initialize computeTemp as a^1 with montgomery precalcs */
+    computeTemp = BN_CTX_get(ctx);
+    am = BN_CTX_get(ctx);
+    if (computeTemp == NULL || am == NULL)
+        goto err;
+
+    if (a->neg || BN_ucmp(a, m) >= 0) {
+        if (!BN_mod(am, a, m, ctx))
+            goto err;
+        aa = am;
+    } else
+        aa = a;
+    if (!BN_to_montgomery(am, aa, mont, ctx))
+        goto err;
+    if (!BN_copy(computeTemp, am))
+        goto err;
+    if (!MOD_EXP_CTIME_COPY_TO_PREBUF(am, top, powerbuf, 1, numPowers))
+        goto err;
+
+    /*
+     * If the window size is greater than 1, then calculate
+     * val[i=2..2^winsize-1]. Powers are computed as a*a^(i-1) (even powers
+     * could instead be computed as (a^(i/2))^2 to use the slight performance
+     * advantage of sqr over mul).
+     */
+    if (window > 1) {
+        for (i = 2; i < numPowers; i++) {
+            /* Calculate a^i = a^(i-1) * a */
+            if (!BN_mod_mul_montgomery
+                (computeTemp, am, computeTemp, mont, ctx))
+                goto err;
+            if (!MOD_EXP_CTIME_COPY_TO_PREBUF
+                (computeTemp, top, powerbuf, i, numPowers))
+                goto err;
+        }
+    }
+
+    /*
+     * Adjust the number of bits up to a multiple of the window size. If the
+     * exponent length is not a multiple of the window size, then this pads
+     * the most significant bits with zeros to normalize the scanning loop to
+     * there's no special cases. * NOTE: Making the window size a power of
+     * two less than the native * word size ensures that the padded bits
+     * won't go past the last * word in the internal BIGNUM structure. Going
+     * past the end will * still produce the correct result, but causes a
+     * different branch * to be taken in the BN_is_bit_set function.
+     */
+    bits = ((bits + window - 1) / window) * window;
+    idx = bits - 1;             /* The top bit of the window */
+
+    /*
+     * Scan the exponent one window at a time starting from the most
+     * significant bits.
+     */
+    while (idx >= 0) {
+        wvalue = 0;             /* The 'value' of the window */
+
+        /* Scan the window, squaring the result as we go */
+        for (i = 0; i < window; i++, idx--) {
+            if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                goto err;
+            wvalue = (wvalue << 1) + BN_is_bit_set(p, idx);
+        }
+
+        /*
+         * Fetch the appropriate pre-computed value from the pre-buf
+         */
+        if (!MOD_EXP_CTIME_COPY_FROM_PREBUF
+            (computeTemp, top, powerbuf, wvalue, numPowers))
+            goto err;
+
+        /* Multiply the result into the intermediate result */
+        if (!BN_mod_mul_montgomery(r, r, computeTemp, mont, ctx))
+            goto err;
+    }
+
+    /* Convert the final result from montgomery to standard format */
+    if (!BN_from_montgomery(rr, r, mont, ctx))
+        goto err;
+    ret = 1;
+ err:
+    if ((in_mont == NULL) && (mont != NULL))
+        BN_MONT_CTX_free(mont);
+    if (powerbuf != NULL) {
+        OPENSSL_cleanse(powerbuf, powerbufLen);
+        OPENSSL_free(powerbufFree);
+    }
+    if (am != NULL)
+        BN_clear(am);
+    if (computeTemp != NULL)
+        BN_clear(computeTemp);
+    BN_CTX_end(ctx);
+    return (ret);
+}
 
 int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
-	{
-	BN_MONT_CTX *mont = NULL;
-	int b, bits, ret=0;
-	int r_is_one;
-	BN_ULONG w, next_w;
-	BIGNUM *d, *r, *t;
-	BIGNUM *swap_tmp;
+{
+    BN_MONT_CTX *mont = NULL;
+    int b, bits, ret = 0;
+    int r_is_one;
+    BN_ULONG w, next_w;
+    BIGNUM *d, *r, *t;
+    BIGNUM *swap_tmp;
 #define BN_MOD_MUL_WORD(r, w, m) \
-		(BN_mul_word(r, (w)) && \
-		(/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \
-			(BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
-		/* BN_MOD_MUL_WORD is only used with 'w' large,
-		 * so the BN_ucmp test is probably more overhead
-		 * than always using BN_mod (which uses BN_copy if
-		 * a similar test returns true). */
-		/* We can use BN_mod and do not need BN_nnmod because our
-		 * accumulator is never negative (the result of BN_mod does
-		 * not depend on the sign of the modulus).
-		 */
+                (BN_mul_word(r, (w)) && \
+                (/* BN_ucmp(r, (m)) < 0 ? 1 :*/  \
+                        (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
+    /*
+     * BN_MOD_MUL_WORD is only used with 'w' large, so the BN_ucmp test is
+     * probably more overhead than always using BN_mod (which uses BN_copy if
+     * a similar test returns true).
+     */
+    /*
+     * We can use BN_mod and do not need BN_nnmod because our accumulator is
+     * never negative (the result of BN_mod does not depend on the sign of
+     * the modulus).
+     */
 #define BN_TO_MONTGOMERY_WORD(r, w, mont) \
-		(BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
-
-	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
-		{
-		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-		BNerr(BN_F_BN_MOD_EXP_MONT_WORD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return -1;
-		}
-
-	bn_check_top(p);
-	bn_check_top(m);
-
-	if (!BN_is_odd(m))
-		{
-		BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS);
-		return(0);
-		}
-	if (m->top == 1)
-		a %= m->d[0]; /* make sure that 'a' is reduced */
-
-	bits = BN_num_bits(p);
-	if (bits == 0)
-		{
-		ret = BN_one(rr);
-		return ret;
-		}
-	if (a == 0)
-		{
-		BN_zero(rr);
-		ret = 1;
-		return ret;
-		}
-
-	BN_CTX_start(ctx);
-	d = BN_CTX_get(ctx);
-	r = BN_CTX_get(ctx);
-	t = BN_CTX_get(ctx);
-	if (d == NULL || r == NULL || t == NULL) goto err;
-
-	if (in_mont != NULL)
-		mont=in_mont;
-	else
-		{
-		if ((mont = BN_MONT_CTX_new()) == NULL) goto err;
-		if (!BN_MONT_CTX_set(mont, m, ctx)) goto err;
-		}
-
-	r_is_one = 1; /* except for Montgomery factor */
-
-	/* bits-1 >= 0 */
-
-	/* The result is accumulated in the product r*w. */
-	w = a; /* bit 'bits-1' of 'p' is always set */
-	for (b = bits-2; b >= 0; b--)
-		{
-		/* First, square r*w. */
-		next_w = w*w;
-		if ((next_w/w) != w) /* overflow */
-			{
-			if (r_is_one)
-				{
-				if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
-				r_is_one = 0;
-				}
-			else
-				{
-				if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
-				}
-			next_w = 1;
-			}
-		w = next_w;
-		if (!r_is_one)
-			{
-			if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err;
-			}
-
-		/* Second, multiply r*w by 'a' if exponent bit is set. */
-		if (BN_is_bit_set(p, b))
-			{
-			next_w = w*a;
-			if ((next_w/a) != w) /* overflow */
-				{
-				if (r_is_one)
-					{
-					if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
-					r_is_one = 0;
-					}
-				else
-					{
-					if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
-					}
-				next_w = a;
-				}
-			w = next_w;
-			}
-		}
-
-	/* Finally, set r:=r*w. */
-	if (w != 1)
-		{
-		if (r_is_one)
-			{
-			if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err;
-			r_is_one = 0;
-			}
-		else
-			{
-			if (!BN_MOD_MUL_WORD(r, w, m)) goto err;
-			}
-		}
-
-	if (r_is_one) /* can happen only if a == 1*/
-		{
-		if (!BN_one(rr)) goto err;
-		}
-	else
-		{
-		if (!BN_from_montgomery(rr, r, mont, ctx)) goto err;
-		}
-	ret = 1;
-err:
-	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
-	BN_CTX_end(ctx);
-	bn_check_top(rr);
-	return(ret);
-	}
-
+                (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx))
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_MOD_EXP_MONT_WORD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return -1;
+    }
+
+    bn_check_top(p);
+    bn_check_top(m);
+
+    if (!BN_is_odd(m)) {
+        BNerr(BN_F_BN_MOD_EXP_MONT_WORD, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return (0);
+    }
+    if (m->top == 1)
+        a %= m->d[0];           /* make sure that 'a' is reduced */
+
+    bits = BN_num_bits(p);
+    if (bits == 0) {
+        /* x**0 mod 1 is still zero. */
+        if (BN_is_one(m)) {
+            ret = 1;
+            BN_zero(rr);
+        } else
+            ret = BN_one(rr);
+        return ret;
+    }
+    if (a == 0) {
+        BN_zero(rr);
+        ret = 1;
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    r = BN_CTX_get(ctx);
+    t = BN_CTX_get(ctx);
+    if (d == NULL || r == NULL || t == NULL)
+        goto err;
+
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
+
+    r_is_one = 1;               /* except for Montgomery factor */
+
+    /* bits-1 >= 0 */
+
+    /* The result is accumulated in the product r*w. */
+    w = a;                      /* bit 'bits-1' of 'p' is always set */
+    for (b = bits - 2; b >= 0; b--) {
+        /* First, square r*w. */
+        next_w = w * w;
+        if ((next_w / w) != w) { /* overflow */
+            if (r_is_one) {
+                if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+                    goto err;
+                r_is_one = 0;
+            } else {
+                if (!BN_MOD_MUL_WORD(r, w, m))
+                    goto err;
+            }
+            next_w = 1;
+        }
+        w = next_w;
+        if (!r_is_one) {
+            if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                goto err;
+        }
+
+        /* Second, multiply r*w by 'a' if exponent bit is set. */
+        if (BN_is_bit_set(p, b)) {
+            next_w = w * a;
+            if ((next_w / a) != w) { /* overflow */
+                if (r_is_one) {
+                    if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+                        goto err;
+                    r_is_one = 0;
+                } else {
+                    if (!BN_MOD_MUL_WORD(r, w, m))
+                        goto err;
+                }
+                next_w = a;
+            }
+            w = next_w;
+        }
+    }
+
+    /* Finally, set r:=r*w. */
+    if (w != 1) {
+        if (r_is_one) {
+            if (!BN_TO_MONTGOMERY_WORD(r, w, mont))
+                goto err;
+            r_is_one = 0;
+        } else {
+            if (!BN_MOD_MUL_WORD(r, w, m))
+                goto err;
+        }
+    }
+
+    if (r_is_one) {             /* can happen only if a == 1 */
+        if (!BN_one(rr))
+            goto err;
+    } else {
+        if (!BN_from_montgomery(rr, r, mont, ctx))
+            goto err;
+    }
+    ret = 1;
+ err:
+    if ((in_mont == NULL) && (mont != NULL))
+        BN_MONT_CTX_free(mont);
+    BN_CTX_end(ctx);
+    bn_check_top(rr);
+    return (ret);
+}
 
 /* The old fallback, simple version :-) */
 int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-		const BIGNUM *m, BN_CTX *ctx)
-	{
-	int i,j,bits,ret=0,wstart,wend,window,wvalue;
-	int start=1;
-	BIGNUM *d;
-	/* Table of variables obtained from 'ctx' */
-	BIGNUM *val[TABLE_SIZE];
-
-	if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0)
-		{
-		/* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
-		BNerr(BN_F_BN_MOD_EXP_SIMPLE,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return -1;
-		}
-
-	bits=BN_num_bits(p);
-
-	if (bits == 0)
-		{
-		ret = BN_one(r);
-		return ret;
-		}
-
-	BN_CTX_start(ctx);
-	d = BN_CTX_get(ctx);
-	val[0] = BN_CTX_get(ctx);
-	if(!d || !val[0]) goto err;
-
-	if (!BN_nnmod(val[0],a,m,ctx)) goto err;		/* 1 */
-	if (BN_is_zero(val[0]))
-		{
-		BN_zero(r);
-		ret = 1;
-		goto err;
-		}
-
-	window = BN_window_bits_for_exponent_size(bits);
-	if (window > 1)
-		{
-		if (!BN_mod_mul(d,val[0],val[0],m,ctx))
-			goto err;				/* 2 */
-		j=1<<(window-1);
-		for (i=1; i<j; i++)
-			{
-			if(((val[i] = BN_CTX_get(ctx)) == NULL) ||
-					!BN_mod_mul(val[i],val[i-1],d,m,ctx))
-				goto err;
-			}
-		}
-
-	start=1;	/* This is used to avoid multiplication etc
-			 * when there is only the value '1' in the
-			 * buffer. */
-	wvalue=0;	/* The 'value' of the window */
-	wstart=bits-1;	/* The top bit of the window */
-	wend=0;		/* The bottom bit of the window */
-
-	if (!BN_one(r)) goto err;
-
-	for (;;)
-		{
-		if (BN_is_bit_set(p,wstart) == 0)
-			{
-			if (!start)
-				if (!BN_mod_mul(r,r,r,m,ctx))
-				goto err;
-			if (wstart == 0) break;
-			wstart--;
-			continue;
-			}
-		/* We now have wstart on a 'set' bit, we now need to work out
-		 * how bit a window to do.  To do this we need to scan
-		 * forward until the last set bit before the end of the
-		 * window */
-		j=wstart;
-		wvalue=1;
-		wend=0;
-		for (i=1; i<window; i++)
-			{
-			if (wstart-i < 0) break;
-			if (BN_is_bit_set(p,wstart-i))
-				{
-				wvalue<<=(i-wend);
-				wvalue|=1;
-				wend=i;
-				}
-			}
-
-		/* wend is the size of the current window */
-		j=wend+1;
-		/* add the 'bytes above' */
-		if (!start)
-			for (i=0; i<j; i++)
-				{
-				if (!BN_mod_mul(r,r,r,m,ctx))
-					goto err;
-				}
-		
-		/* wvalue will be an odd number < 2^window */
-		if (!BN_mod_mul(r,r,val[wvalue>>1],m,ctx))
-			goto err;
-
-		/* move the 'window' down further */
-		wstart-=wend+1;
-		wvalue=0;
-		start=0;
-		if (wstart < 0) break;
-		}
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	bn_check_top(r);
-	return(ret);
-	}
-
+                      const BIGNUM *m, BN_CTX *ctx)
+{
+    int i, j, bits, ret = 0, wstart, wend, window, wvalue;
+    int start = 1;
+    BIGNUM *d;
+    /* Table of variables obtained from 'ctx' */
+    BIGNUM *val[TABLE_SIZE];
+
+    if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) {
+        /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */
+        BNerr(BN_F_BN_MOD_EXP_SIMPLE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return -1;
+    }
+
+    bits = BN_num_bits(p);
+
+    if (bits == 0) {
+        ret = BN_one(r);
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    val[0] = BN_CTX_get(ctx);
+    if (!d || !val[0])
+        goto err;
+
+    if (!BN_nnmod(val[0], a, m, ctx))
+        goto err;               /* 1 */
+    if (BN_is_zero(val[0])) {
+        BN_zero(r);
+        ret = 1;
+        goto err;
+    }
+
+    window = BN_window_bits_for_exponent_size(bits);
+    if (window > 1) {
+        if (!BN_mod_mul(d, val[0], val[0], m, ctx))
+            goto err;           /* 2 */
+        j = 1 << (window - 1);
+        for (i = 1; i < j; i++) {
+            if (((val[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul(val[i], val[i - 1], d, m, ctx))
+                goto err;
+        }
+    }
+
+    start = 1;                  /* This is used to avoid multiplication etc
+                                 * when there is only the value '1' in the
+                                 * buffer. */
+    wvalue = 0;                 /* The 'value' of the window */
+    wstart = bits - 1;          /* The top bit of the window */
+    wend = 0;                   /* The bottom bit of the window */
+
+    if (!BN_one(r))
+        goto err;
+
+    for (;;) {
+        if (BN_is_bit_set(p, wstart) == 0) {
+            if (!start)
+                if (!BN_mod_mul(r, r, r, m, ctx))
+                    goto err;
+            if (wstart == 0)
+                break;
+            wstart--;
+            continue;
+        }
+        /*
+         * We now have wstart on a 'set' bit, we now need to work out how bit
+         * a window to do.  To do this we need to scan forward until the last
+         * set bit before the end of the window
+         */
+        j = wstart;
+        wvalue = 1;
+        wend = 0;
+        for (i = 1; i < window; i++) {
+            if (wstart - i < 0)
+                break;
+            if (BN_is_bit_set(p, wstart - i)) {
+                wvalue <<= (i - wend);
+                wvalue |= 1;
+                wend = i;
+            }
+        }
+
+        /* wend is the size of the current window */
+        j = wend + 1;
+        /* add the 'bytes above' */
+        if (!start)
+            for (i = 0; i < j; i++) {
+                if (!BN_mod_mul(r, r, r, m, ctx))
+                    goto err;
+            }
+
+        /* wvalue will be an odd number < 2^window */
+        if (!BN_mod_mul(r, r, val[wvalue >> 1], m, ctx))
+            goto err;
+
+        /* move the 'window' down further */
+        wstart -= wend + 1;
+        wvalue = 0;
+        start = 0;
+        if (wstart < 0)
+            break;
+    }
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c
index bd0c34b9..43fd2044 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -113,200 +113,191 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-#define TABLE_SIZE	32
+#define TABLE_SIZE      32
 
 int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
-	const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
-	BN_CTX *ctx, BN_MONT_CTX *in_mont)
-	{
-	int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
-	int r_is_one=1;
-	BIGNUM *d,*r;
-	const BIGNUM *a_mod_m;
-	/* Tables of variables obtained from 'ctx' */
-	BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
-	BN_MONT_CTX *mont=NULL;
+                     const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m,
+                     BN_CTX *ctx, BN_MONT_CTX *in_mont)
+{
+    int i, j, bits, b, bits1, bits2, ret =
+        0, wpos1, wpos2, window1, window2, wvalue1, wvalue2;
+    int r_is_one = 1;
+    BIGNUM *d, *r;
+    const BIGNUM *a_mod_m;
+    /* Tables of variables obtained from 'ctx' */
+    BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE];
+    BN_MONT_CTX *mont = NULL;
+
+    bn_check_top(a1);
+    bn_check_top(p1);
+    bn_check_top(a2);
+    bn_check_top(p2);
+    bn_check_top(m);
+
+    if (!(m->d[0] & 1)) {
+        BNerr(BN_F_BN_MOD_EXP2_MONT, BN_R_CALLED_WITH_EVEN_MODULUS);
+        return (0);
+    }
+    bits1 = BN_num_bits(p1);
+    bits2 = BN_num_bits(p2);
+    if ((bits1 == 0) && (bits2 == 0)) {
+        ret = BN_one(rr);
+        return ret;
+    }
 
-	bn_check_top(a1);
-	bn_check_top(p1);
-	bn_check_top(a2);
-	bn_check_top(p2);
-	bn_check_top(m);
+    bits = (bits1 > bits2) ? bits1 : bits2;
 
-	if (!(m->d[0] & 1))
-		{
-		BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS);
-		return(0);
-		}
-	bits1=BN_num_bits(p1);
-	bits2=BN_num_bits(p2);
-	if ((bits1 == 0) && (bits2 == 0))
-		{
-		ret = BN_one(rr);
-		return ret;
-		}
-	
-	bits=(bits1 > bits2)?bits1:bits2;
+    BN_CTX_start(ctx);
+    d = BN_CTX_get(ctx);
+    r = BN_CTX_get(ctx);
+    val1[0] = BN_CTX_get(ctx);
+    val2[0] = BN_CTX_get(ctx);
+    if (!d || !r || !val1[0] || !val2[0])
+        goto err;
 
-	BN_CTX_start(ctx);
-	d = BN_CTX_get(ctx);
-	r = BN_CTX_get(ctx);
-	val1[0] = BN_CTX_get(ctx);
-	val2[0] = BN_CTX_get(ctx);
-	if(!d || !r || !val1[0] || !val2[0]) goto err;
+    if (in_mont != NULL)
+        mont = in_mont;
+    else {
+        if ((mont = BN_MONT_CTX_new()) == NULL)
+            goto err;
+        if (!BN_MONT_CTX_set(mont, m, ctx))
+            goto err;
+    }
 
-	if (in_mont != NULL)
-		mont=in_mont;
-	else
-		{
-		if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
-		}
+    window1 = BN_window_bits_for_exponent_size(bits1);
+    window2 = BN_window_bits_for_exponent_size(bits2);
 
-	window1 = BN_window_bits_for_exponent_size(bits1);
-	window2 = BN_window_bits_for_exponent_size(bits2);
+    /*
+     * Build table for a1:   val1[i] := a1^(2*i + 1) mod m  for i = 0 .. 2^(window1-1)
+     */
+    if (a1->neg || BN_ucmp(a1, m) >= 0) {
+        if (!BN_mod(val1[0], a1, m, ctx))
+            goto err;
+        a_mod_m = val1[0];
+    } else
+        a_mod_m = a1;
+    if (BN_is_zero(a_mod_m)) {
+        BN_zero(rr);
+        ret = 1;
+        goto err;
+    }
 
-	/*
-	 * Build table for a1:   val1[i] := a1^(2*i + 1) mod m  for i = 0 .. 2^(window1-1)
-	 */
-	if (a1->neg || BN_ucmp(a1,m) >= 0)
-		{
-		if (!BN_mod(val1[0],a1,m,ctx))
-			goto err;
-		a_mod_m = val1[0];
-		}
-	else
-		a_mod_m = a1;
-	if (BN_is_zero(a_mod_m))
-		{
-		BN_zero(rr);
-		ret = 1;
-		goto err;
-		}
+    if (!BN_to_montgomery(val1[0], a_mod_m, mont, ctx))
+        goto err;
+    if (window1 > 1) {
+        if (!BN_mod_mul_montgomery(d, val1[0], val1[0], mont, ctx))
+            goto err;
 
-	if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err;
-	if (window1 > 1)
-		{
-		if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err;
+        j = 1 << (window1 - 1);
+        for (i = 1; i < j; i++) {
+            if (((val1[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_montgomery(val1[i], val1[i - 1], d, mont, ctx))
+                goto err;
+        }
+    }
 
-		j=1<<(window1-1);
-		for (i=1; i<j; i++)
-			{
-			if(((val1[i] = BN_CTX_get(ctx)) == NULL) ||
-					!BN_mod_mul_montgomery(val1[i],val1[i-1],
-						d,mont,ctx))
-				goto err;
-			}
-		}
+    /*
+     * Build table for a2:   val2[i] := a2^(2*i + 1) mod m  for i = 0 .. 2^(window2-1)
+     */
+    if (a2->neg || BN_ucmp(a2, m) >= 0) {
+        if (!BN_mod(val2[0], a2, m, ctx))
+            goto err;
+        a_mod_m = val2[0];
+    } else
+        a_mod_m = a2;
+    if (BN_is_zero(a_mod_m)) {
+        BN_zero(rr);
+        ret = 1;
+        goto err;
+    }
+    if (!BN_to_montgomery(val2[0], a_mod_m, mont, ctx))
+        goto err;
+    if (window2 > 1) {
+        if (!BN_mod_mul_montgomery(d, val2[0], val2[0], mont, ctx))
+            goto err;
 
+        j = 1 << (window2 - 1);
+        for (i = 1; i < j; i++) {
+            if (((val2[i] = BN_CTX_get(ctx)) == NULL) ||
+                !BN_mod_mul_montgomery(val2[i], val2[i - 1], d, mont, ctx))
+                goto err;
+        }
+    }
 
-	/*
-	 * Build table for a2:   val2[i] := a2^(2*i + 1) mod m  for i = 0 .. 2^(window2-1)
-	 */
-	if (a2->neg || BN_ucmp(a2,m) >= 0)
-		{
-		if (!BN_mod(val2[0],a2,m,ctx))
-			goto err;
-		a_mod_m = val2[0];
-		}
-	else
-		a_mod_m = a2;
-	if (BN_is_zero(a_mod_m))
-		{
-		BN_zero(rr);
-		ret = 1;
-		goto err;
-		}
-	if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err;
-	if (window2 > 1)
-		{
-		if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err;
+    /* Now compute the power product, using independent windows. */
+    r_is_one = 1;
+    wvalue1 = 0;                /* The 'value' of the first window */
+    wvalue2 = 0;                /* The 'value' of the second window */
+    wpos1 = 0;                  /* If wvalue1 > 0, the bottom bit of the
+                                 * first window */
+    wpos2 = 0;                  /* If wvalue2 > 0, the bottom bit of the
+                                 * second window */
 
-		j=1<<(window2-1);
-		for (i=1; i<j; i++)
-			{
-			if(((val2[i] = BN_CTX_get(ctx)) == NULL) ||
-					!BN_mod_mul_montgomery(val2[i],val2[i-1],
-						d,mont,ctx))
-				goto err;
-			}
-		}
+    if (!BN_to_montgomery(r, BN_value_one(), mont, ctx))
+        goto err;
+    for (b = bits - 1; b >= 0; b--) {
+        if (!r_is_one) {
+            if (!BN_mod_mul_montgomery(r, r, r, mont, ctx))
+                goto err;
+        }
 
+        if (!wvalue1)
+            if (BN_is_bit_set(p1, b)) {
+                /*
+                 * consider bits b-window1+1 .. b for this window
+                 */
+                i = b - window1 + 1;
+                while (!BN_is_bit_set(p1, i)) /* works for i<0 */
+                    i++;
+                wpos1 = i;
+                wvalue1 = 1;
+                for (i = b - 1; i >= wpos1; i--) {
+                    wvalue1 <<= 1;
+                    if (BN_is_bit_set(p1, i))
+                        wvalue1++;
+                }
+            }
 
-	/* Now compute the power product, using independent windows. */
-	r_is_one=1;
-	wvalue1=0;  /* The 'value' of the first window */
-	wvalue2=0;  /* The 'value' of the second window */
-	wpos1=0;    /* If wvalue1 > 0, the bottom bit of the first window */
-	wpos2=0;    /* If wvalue2 > 0, the bottom bit of the second window */
+        if (!wvalue2)
+            if (BN_is_bit_set(p2, b)) {
+                /*
+                 * consider bits b-window2+1 .. b for this window
+                 */
+                i = b - window2 + 1;
+                while (!BN_is_bit_set(p2, i))
+                    i++;
+                wpos2 = i;
+                wvalue2 = 1;
+                for (i = b - 1; i >= wpos2; i--) {
+                    wvalue2 <<= 1;
+                    if (BN_is_bit_set(p2, i))
+                        wvalue2++;
+                }
+            }
 
-	if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err;
-	for (b=bits-1; b>=0; b--)
-		{
-		if (!r_is_one)
-			{
-			if (!BN_mod_mul_montgomery(r,r,r,mont,ctx))
-				goto err;
-			}
-		
-		if (!wvalue1)
-			if (BN_is_bit_set(p1, b))
-				{
-				/* consider bits b-window1+1 .. b for this window */
-				i = b-window1+1;
-				while (!BN_is_bit_set(p1, i)) /* works for i<0 */
-					i++;
-				wpos1 = i;
-				wvalue1 = 1;
-				for (i = b-1; i >= wpos1; i--)
-					{
-					wvalue1 <<= 1;
-					if (BN_is_bit_set(p1, i))
-						wvalue1++;
-					}
-				}
-		
-		if (!wvalue2)
-			if (BN_is_bit_set(p2, b))
-				{
-				/* consider bits b-window2+1 .. b for this window */
-				i = b-window2+1;
-				while (!BN_is_bit_set(p2, i))
-					i++;
-				wpos2 = i;
-				wvalue2 = 1;
-				for (i = b-1; i >= wpos2; i--)
-					{
-					wvalue2 <<= 1;
-					if (BN_is_bit_set(p2, i))
-						wvalue2++;
-					}
-				}
+        if (wvalue1 && b == wpos1) {
+            /* wvalue1 is odd and < 2^window1 */
+            if (!BN_mod_mul_montgomery(r, r, val1[wvalue1 >> 1], mont, ctx))
+                goto err;
+            wvalue1 = 0;
+            r_is_one = 0;
+        }
 
-		if (wvalue1 && b == wpos1)
-			{
-			/* wvalue1 is odd and < 2^window1 */
-			if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx))
-				goto err;
-			wvalue1 = 0;
-			r_is_one = 0;
-			}
-		
-		if (wvalue2 && b == wpos2)
-			{
-			/* wvalue2 is odd and < 2^window2 */
-			if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx))
-				goto err;
-			wvalue2 = 0;
-			r_is_one = 0;
-			}
-		}
-	if (!BN_from_montgomery(rr,r,mont,ctx))
-		goto err;
-	ret=1;
-err:
-	if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
-	BN_CTX_end(ctx);
-	bn_check_top(rr);
-	return(ret);
-	}
+        if (wvalue2 && b == wpos2) {
+            /* wvalue2 is odd and < 2^window2 */
+            if (!BN_mod_mul_montgomery(r, r, val2[wvalue2 >> 1], mont, ctx))
+                goto err;
+            wvalue2 = 0;
+            r_is_one = 0;
+        }
+    }
+    if (!BN_from_montgomery(rr, r, mont, ctx))
+        goto err;
+    ret = 1;
+ err:
+    if ((in_mont == NULL) && (mont != NULL))
+        BN_MONT_CTX_free(mont);
+    BN_CTX_end(ctx);
+    bn_check_top(rr);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c
index 4a352119..cd5f86b0 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -115,540 +115,585 @@
 static BIGNUM *euclid(BIGNUM *a, BIGNUM *b);
 
 int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
-	{
-	BIGNUM *a,*b,*t;
-	int ret=0;
-
-	bn_check_top(in_a);
-	bn_check_top(in_b);
-
-	BN_CTX_start(ctx);
-	a = BN_CTX_get(ctx);
-	b = BN_CTX_get(ctx);
-	if (a == NULL || b == NULL) goto err;
-
-	if (BN_copy(a,in_a) == NULL) goto err;
-	if (BN_copy(b,in_b) == NULL) goto err;
-	a->neg = 0;
-	b->neg = 0;
-
-	if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; }
-	t=euclid(a,b);
-	if (t == NULL) goto err;
-
-	if (BN_copy(r,t) == NULL) goto err;
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	bn_check_top(r);
-	return(ret);
-	}
+{
+    BIGNUM *a, *b, *t;
+    int ret = 0;
+
+    bn_check_top(in_a);
+    bn_check_top(in_b);
+
+    BN_CTX_start(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    if (a == NULL || b == NULL)
+        goto err;
+
+    if (BN_copy(a, in_a) == NULL)
+        goto err;
+    if (BN_copy(b, in_b) == NULL)
+        goto err;
+    a->neg = 0;
+    b->neg = 0;
+
+    if (BN_cmp(a, b) < 0) {
+        t = a;
+        a = b;
+        b = t;
+    }
+    t = euclid(a, b);
+    if (t == NULL)
+        goto err;
+
+    if (BN_copy(r, t) == NULL)
+        goto err;
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return (ret);
+}
 
 static BIGNUM *euclid(BIGNUM *a, BIGNUM *b)
-	{
-	BIGNUM *t;
-	int shifts=0;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	/* 0 <= b <= a */
-	while (!BN_is_zero(b))
-		{
-		/* 0 < b <= a */
-
-		if (BN_is_odd(a))
-			{
-			if (BN_is_odd(b))
-				{
-				if (!BN_sub(a,a,b)) goto err;
-				if (!BN_rshift1(a,a)) goto err;
-				if (BN_cmp(a,b) < 0)
-					{ t=a; a=b; b=t; }
-				}
-			else		/* a odd - b even */
-				{
-				if (!BN_rshift1(b,b)) goto err;
-				if (BN_cmp(a,b) < 0)
-					{ t=a; a=b; b=t; }
-				}
-			}
-		else			/* a is even */
-			{
-			if (BN_is_odd(b))
-				{
-				if (!BN_rshift1(a,a)) goto err;
-				if (BN_cmp(a,b) < 0)
-					{ t=a; a=b; b=t; }
-				}
-			else		/* a even - b even */
-				{
-				if (!BN_rshift1(a,a)) goto err;
-				if (!BN_rshift1(b,b)) goto err;
-				shifts++;
-				}
-			}
-		/* 0 <= b <= a */
-		}
-
-	if (shifts)
-		{
-		if (!BN_lshift(a,a,shifts)) goto err;
-		}
-	bn_check_top(a);
-	return(a);
-err:
-	return(NULL);
-	}
-
+{
+    BIGNUM *t;
+    int shifts = 0;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    /* 0 <= b <= a */
+    while (!BN_is_zero(b)) {
+        /* 0 < b <= a */
+
+        if (BN_is_odd(a)) {
+            if (BN_is_odd(b)) {
+                if (!BN_sub(a, a, b))
+                    goto err;
+                if (!BN_rshift1(a, a))
+                    goto err;
+                if (BN_cmp(a, b) < 0) {
+                    t = a;
+                    a = b;
+                    b = t;
+                }
+            } else {            /* a odd - b even */
+
+                if (!BN_rshift1(b, b))
+                    goto err;
+                if (BN_cmp(a, b) < 0) {
+                    t = a;
+                    a = b;
+                    b = t;
+                }
+            }
+        } else {                /* a is even */
+
+            if (BN_is_odd(b)) {
+                if (!BN_rshift1(a, a))
+                    goto err;
+                if (BN_cmp(a, b) < 0) {
+                    t = a;
+                    a = b;
+                    b = t;
+                }
+            } else {            /* a even - b even */
+
+                if (!BN_rshift1(a, a))
+                    goto err;
+                if (!BN_rshift1(b, b))
+                    goto err;
+                shifts++;
+            }
+        }
+        /* 0 <= b <= a */
+    }
+
+    if (shifts) {
+        if (!BN_lshift(a, a, shifts))
+            goto err;
+    }
+    bn_check_top(a);
+    return (a);
+ err:
+    return (NULL);
+}
 
 /* solves ax == 1 (mod n) */
 static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
-        const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
-BIGNUM *BN_mod_inverse(BIGNUM *in,
-	const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
-	{
-	BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
-	BIGNUM *ret=NULL;
-	int sign;
-
-	if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0))
-		{
-		return BN_mod_inverse_no_branch(in, a, n, ctx);
-		}
-
-	bn_check_top(a);
-	bn_check_top(n);
-
-	BN_CTX_start(ctx);
-	A = BN_CTX_get(ctx);
-	B = BN_CTX_get(ctx);
-	X = BN_CTX_get(ctx);
-	D = BN_CTX_get(ctx);
-	M = BN_CTX_get(ctx);
-	Y = BN_CTX_get(ctx);
-	T = BN_CTX_get(ctx);
-	if (T == NULL) goto err;
-
-	if (in == NULL)
-		R=BN_new();
-	else
-		R=in;
-	if (R == NULL) goto err;
-
-	BN_one(X);
-	BN_zero(Y);
-	if (BN_copy(B,a) == NULL) goto err;
-	if (BN_copy(A,n) == NULL) goto err;
-	A->neg = 0;
-	if (B->neg || (BN_ucmp(B, A) >= 0))
-		{
-		if (!BN_nnmod(B, B, A, ctx)) goto err;
-		}
-	sign = -1;
-	/* From  B = a mod |n|,  A = |n|  it follows that
-	 *
-	 *      0 <= B < A,
-	 *     -sign*X*a  ==  B   (mod |n|),
-	 *      sign*Y*a  ==  A   (mod |n|).
-	 */
-
-	if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048)))
-		{
-		/* Binary inversion algorithm; requires odd modulus.
-		 * This is faster than the general algorithm if the modulus
-		 * is sufficiently small (about 400 .. 500 bits on 32-bit
-		 * sytems, but much more on 64-bit systems) */
-		int shift;
-		
-		while (!BN_is_zero(B))
-			{
-			/*
-			 *      0 < B < |n|,
-			 *      0 < A <= |n|,
-			 * (1) -sign*X*a  ==  B   (mod |n|),
-			 * (2)  sign*Y*a  ==  A   (mod |n|)
-			 */
-
-			/* Now divide  B  by the maximum possible power of two in the integers,
-			 * and divide  X  by the same value mod |n|.
-			 * When we're done, (1) still holds. */
-			shift = 0;
-			while (!BN_is_bit_set(B, shift)) /* note that 0 < B */
-				{
-				shift++;
-				
-				if (BN_is_odd(X))
-					{
-					if (!BN_uadd(X, X, n)) goto err;
-					}
-				/* now X is even, so we can easily divide it by two */
-				if (!BN_rshift1(X, X)) goto err;
-				}
-			if (shift > 0)
-				{
-				if (!BN_rshift(B, B, shift)) goto err;
-				}
-
-
-			/* Same for  A  and  Y.  Afterwards, (2) still holds. */
-			shift = 0;
-			while (!BN_is_bit_set(A, shift)) /* note that 0 < A */
-				{
-				shift++;
-				
-				if (BN_is_odd(Y))
-					{
-					if (!BN_uadd(Y, Y, n)) goto err;
-					}
-				/* now Y is even */
-				if (!BN_rshift1(Y, Y)) goto err;
-				}
-			if (shift > 0)
-				{
-				if (!BN_rshift(A, A, shift)) goto err;
-				}
-
-			
-			/* We still have (1) and (2).
-			 * Both  A  and  B  are odd.
-			 * The following computations ensure that
-			 *
-			 *     0 <= B < |n|,
-			 *      0 < A < |n|,
-			 * (1) -sign*X*a  ==  B   (mod |n|),
-			 * (2)  sign*Y*a  ==  A   (mod |n|),
-			 *
-			 * and that either  A  or  B  is even in the next iteration.
-			 */
-			if (BN_ucmp(B, A) >= 0)
-				{
-				/* -sign*(X + Y)*a == B - A  (mod |n|) */
-				if (!BN_uadd(X, X, Y)) goto err;
-				/* NB: we could use BN_mod_add_quick(X, X, Y, n), but that
-				 * actually makes the algorithm slower */
-				if (!BN_usub(B, B, A)) goto err;
-				}
-			else
-				{
-				/*  sign*(X + Y)*a == A - B  (mod |n|) */
-				if (!BN_uadd(Y, Y, X)) goto err;
-				/* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */
-				if (!BN_usub(A, A, B)) goto err;
-				}
-			}
-		}
-	else
-		{
-		/* general inversion algorithm */
-
-		while (!BN_is_zero(B))
-			{
-			BIGNUM *tmp;
-			
-			/*
-			 *      0 < B < A,
-			 * (*) -sign*X*a  ==  B   (mod |n|),
-			 *      sign*Y*a  ==  A   (mod |n|)
-			 */
-			
-			/* (D, M) := (A/B, A%B) ... */
-			if (BN_num_bits(A) == BN_num_bits(B))
-				{
-				if (!BN_one(D)) goto err;
-				if (!BN_sub(M,A,B)) goto err;
-				}
-			else if (BN_num_bits(A) == BN_num_bits(B) + 1)
-				{
-				/* A/B is 1, 2, or 3 */
-				if (!BN_lshift1(T,B)) goto err;
-				if (BN_ucmp(A,T) < 0)
-					{
-					/* A < 2*B, so D=1 */
-					if (!BN_one(D)) goto err;
-					if (!BN_sub(M,A,B)) goto err;
-					}
-				else
-					{
-					/* A >= 2*B, so D=2 or D=3 */
-					if (!BN_sub(M,A,T)) goto err;
-					if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */
-					if (BN_ucmp(A,D) < 0)
-						{
-						/* A < 3*B, so D=2 */
-						if (!BN_set_word(D,2)) goto err;
-						/* M (= A - 2*B) already has the correct value */
-						}
-					else
-						{
-						/* only D=3 remains */
-						if (!BN_set_word(D,3)) goto err;
-						/* currently  M = A - 2*B,  but we need  M = A - 3*B */
-						if (!BN_sub(M,M,B)) goto err;
-						}
-					}
-				}
-			else
-				{
-				if (!BN_div(D,M,A,B,ctx)) goto err;
-				}
-			
-			/* Now
-			 *      A = D*B + M;
-			 * thus we have
-			 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
-			 */
-			
-			tmp=A; /* keep the BIGNUM object, the value does not matter */
-			
-			/* (A, B) := (B, A mod B) ... */
-			A=B;
-			B=M;
-			/* ... so we have  0 <= B < A  again */
-			
-			/* Since the former  M  is now  B  and the former  B  is now  A,
-			 * (**) translates into
-			 *       sign*Y*a  ==  D*A + B    (mod |n|),
-			 * i.e.
-			 *       sign*Y*a - D*A  ==  B    (mod |n|).
-			 * Similarly, (*) translates into
-			 *      -sign*X*a  ==  A          (mod |n|).
-			 *
-			 * Thus,
-			 *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
-			 * i.e.
-			 *        sign*(Y + D*X)*a  ==  B  (mod |n|).
-			 *
-			 * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at
-			 *      -sign*X*a  ==  B   (mod |n|),
-			 *       sign*Y*a  ==  A   (mod |n|).
-			 * Note that  X  and  Y  stay non-negative all the time.
-			 */
-			
-			/* most of the time D is very small, so we can optimize tmp := D*X+Y */
-			if (BN_is_one(D))
-				{
-				if (!BN_add(tmp,X,Y)) goto err;
-				}
-			else
-				{
-				if (BN_is_word(D,2))
-					{
-					if (!BN_lshift1(tmp,X)) goto err;
-					}
-				else if (BN_is_word(D,4))
-					{
-					if (!BN_lshift(tmp,X,2)) goto err;
-					}
-				else if (D->top == 1)
-					{
-					if (!BN_copy(tmp,X)) goto err;
-					if (!BN_mul_word(tmp,D->d[0])) goto err;
-					}
-				else
-					{
-					if (!BN_mul(tmp,D,X,ctx)) goto err;
-					}
-				if (!BN_add(tmp,tmp,Y)) goto err;
-				}
-			
-			M=Y; /* keep the BIGNUM object, the value does not matter */
-			Y=X;
-			X=tmp;
-			sign = -sign;
-			}
-		}
-		
-	/*
-	 * The while loop (Euclid's algorithm) ends when
-	 *      A == gcd(a,n);
-	 * we have
-	 *       sign*Y*a  ==  A  (mod |n|),
-	 * where  Y  is non-negative.
-	 */
-
-	if (sign < 0)
-		{
-		if (!BN_sub(Y,n,Y)) goto err;
-		}
-	/* Now  Y*a  ==  A  (mod |n|).  */
-	
-
-	if (BN_is_one(A))
-		{
-		/* Y*a == 1  (mod |n|) */
-		if (!Y->neg && BN_ucmp(Y,n) < 0)
-			{
-			if (!BN_copy(R,Y)) goto err;
-			}
-		else
-			{
-			if (!BN_nnmod(R,Y,n,ctx)) goto err;
-			}
-		}
-	else
-		{
-		BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
-		goto err;
-		}
-	ret=R;
-err:
-	if ((ret == NULL) && (in == NULL)) BN_free(R);
-	BN_CTX_end(ctx);
-	bn_check_top(ret);
-	return(ret);
-	}
-
-
-/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse. 
- * It does not contain branches that may leak sensitive information.
+                                        const BIGNUM *a, const BIGNUM *n,
+                                        BN_CTX *ctx);
+BIGNUM *BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n,
+                       BN_CTX *ctx)
+{
+    BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
+    BIGNUM *ret = NULL;
+    int sign;
+
+    if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0)
+        || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)) {
+        return BN_mod_inverse_no_branch(in, a, n, ctx);
+    }
+
+    bn_check_top(a);
+    bn_check_top(n);
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    B = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    D = BN_CTX_get(ctx);
+    M = BN_CTX_get(ctx);
+    Y = BN_CTX_get(ctx);
+    T = BN_CTX_get(ctx);
+    if (T == NULL)
+        goto err;
+
+    if (in == NULL)
+        R = BN_new();
+    else
+        R = in;
+    if (R == NULL)
+        goto err;
+
+    BN_one(X);
+    BN_zero(Y);
+    if (BN_copy(B, a) == NULL)
+        goto err;
+    if (BN_copy(A, n) == NULL)
+        goto err;
+    A->neg = 0;
+    if (B->neg || (BN_ucmp(B, A) >= 0)) {
+        if (!BN_nnmod(B, B, A, ctx))
+            goto err;
+    }
+    sign = -1;
+    /*-
+     * From  B = a mod |n|,  A = |n|  it follows that
+     *
+     *      0 <= B < A,
+     *     -sign*X*a  ==  B   (mod |n|),
+     *      sign*Y*a  ==  A   (mod |n|).
+     */
+
+    if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) {
+        /*
+         * Binary inversion algorithm; requires odd modulus. This is faster
+         * than the general algorithm if the modulus is sufficiently small
+         * (about 400 .. 500 bits on 32-bit sytems, but much more on 64-bit
+         * systems)
+         */
+        int shift;
+
+        while (!BN_is_zero(B)) {
+            /*-
+             *      0 < B < |n|,
+             *      0 < A <= |n|,
+             * (1) -sign*X*a  ==  B   (mod |n|),
+             * (2)  sign*Y*a  ==  A   (mod |n|)
+             */
+
+            /*
+             * Now divide B by the maximum possible power of two in the
+             * integers, and divide X by the same value mod |n|. When we're
+             * done, (1) still holds.
+             */
+            shift = 0;
+            while (!BN_is_bit_set(B, shift)) { /* note that 0 < B */
+                shift++;
+
+                if (BN_is_odd(X)) {
+                    if (!BN_uadd(X, X, n))
+                        goto err;
+                }
+                /*
+                 * now X is even, so we can easily divide it by two
+                 */
+                if (!BN_rshift1(X, X))
+                    goto err;
+            }
+            if (shift > 0) {
+                if (!BN_rshift(B, B, shift))
+                    goto err;
+            }
+
+            /*
+             * Same for A and Y.  Afterwards, (2) still holds.
+             */
+            shift = 0;
+            while (!BN_is_bit_set(A, shift)) { /* note that 0 < A */
+                shift++;
+
+                if (BN_is_odd(Y)) {
+                    if (!BN_uadd(Y, Y, n))
+                        goto err;
+                }
+                /* now Y is even */
+                if (!BN_rshift1(Y, Y))
+                    goto err;
+            }
+            if (shift > 0) {
+                if (!BN_rshift(A, A, shift))
+                    goto err;
+            }
+
+            /*-
+             * We still have (1) and (2).
+             * Both  A  and  B  are odd.
+             * The following computations ensure that
+             *
+             *     0 <= B < |n|,
+             *      0 < A < |n|,
+             * (1) -sign*X*a  ==  B   (mod |n|),
+             * (2)  sign*Y*a  ==  A   (mod |n|),
+             *
+             * and that either  A  or  B  is even in the next iteration.
+             */
+            if (BN_ucmp(B, A) >= 0) {
+                /* -sign*(X + Y)*a == B - A  (mod |n|) */
+                if (!BN_uadd(X, X, Y))
+                    goto err;
+                /*
+                 * NB: we could use BN_mod_add_quick(X, X, Y, n), but that
+                 * actually makes the algorithm slower
+                 */
+                if (!BN_usub(B, B, A))
+                    goto err;
+            } else {
+                /*  sign*(X + Y)*a == A - B  (mod |n|) */
+                if (!BN_uadd(Y, Y, X))
+                    goto err;
+                /*
+                 * as above, BN_mod_add_quick(Y, Y, X, n) would slow things
+                 * down
+                 */
+                if (!BN_usub(A, A, B))
+                    goto err;
+            }
+        }
+    } else {
+        /* general inversion algorithm */
+
+        while (!BN_is_zero(B)) {
+            BIGNUM *tmp;
+
+            /*-
+             *      0 < B < A,
+             * (*) -sign*X*a  ==  B   (mod |n|),
+             *      sign*Y*a  ==  A   (mod |n|)
+             */
+
+            /* (D, M) := (A/B, A%B) ... */
+            if (BN_num_bits(A) == BN_num_bits(B)) {
+                if (!BN_one(D))
+                    goto err;
+                if (!BN_sub(M, A, B))
+                    goto err;
+            } else if (BN_num_bits(A) == BN_num_bits(B) + 1) {
+                /* A/B is 1, 2, or 3 */
+                if (!BN_lshift1(T, B))
+                    goto err;
+                if (BN_ucmp(A, T) < 0) {
+                    /* A < 2*B, so D=1 */
+                    if (!BN_one(D))
+                        goto err;
+                    if (!BN_sub(M, A, B))
+                        goto err;
+                } else {
+                    /* A >= 2*B, so D=2 or D=3 */
+                    if (!BN_sub(M, A, T))
+                        goto err;
+                    if (!BN_add(D, T, B))
+                        goto err; /* use D (:= 3*B) as temp */
+                    if (BN_ucmp(A, D) < 0) {
+                        /* A < 3*B, so D=2 */
+                        if (!BN_set_word(D, 2))
+                            goto err;
+                        /*
+                         * M (= A - 2*B) already has the correct value
+                         */
+                    } else {
+                        /* only D=3 remains */
+                        if (!BN_set_word(D, 3))
+                            goto err;
+                        /*
+                         * currently M = A - 2*B, but we need M = A - 3*B
+                         */
+                        if (!BN_sub(M, M, B))
+                            goto err;
+                    }
+                }
+            } else {
+                if (!BN_div(D, M, A, B, ctx))
+                    goto err;
+            }
+
+            /*-
+             * Now
+             *      A = D*B + M;
+             * thus we have
+             * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
+             */
+
+            tmp = A;            /* keep the BIGNUM object, the value does not
+                                 * matter */
+
+            /* (A, B) := (B, A mod B) ... */
+            A = B;
+            B = M;
+            /* ... so we have  0 <= B < A  again */
+
+            /*-
+             * Since the former  M  is now  B  and the former  B  is now  A,
+             * (**) translates into
+             *       sign*Y*a  ==  D*A + B    (mod |n|),
+             * i.e.
+             *       sign*Y*a - D*A  ==  B    (mod |n|).
+             * Similarly, (*) translates into
+             *      -sign*X*a  ==  A          (mod |n|).
+             *
+             * Thus,
+             *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
+             * i.e.
+             *        sign*(Y + D*X)*a  ==  B  (mod |n|).
+             *
+             * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at
+             *      -sign*X*a  ==  B   (mod |n|),
+             *       sign*Y*a  ==  A   (mod |n|).
+             * Note that  X  and  Y  stay non-negative all the time.
+             */
+
+            /*
+             * most of the time D is very small, so we can optimize tmp :=
+             * D*X+Y
+             */
+            if (BN_is_one(D)) {
+                if (!BN_add(tmp, X, Y))
+                    goto err;
+            } else {
+                if (BN_is_word(D, 2)) {
+                    if (!BN_lshift1(tmp, X))
+                        goto err;
+                } else if (BN_is_word(D, 4)) {
+                    if (!BN_lshift(tmp, X, 2))
+                        goto err;
+                } else if (D->top == 1) {
+                    if (!BN_copy(tmp, X))
+                        goto err;
+                    if (!BN_mul_word(tmp, D->d[0]))
+                        goto err;
+                } else {
+                    if (!BN_mul(tmp, D, X, ctx))
+                        goto err;
+                }
+                if (!BN_add(tmp, tmp, Y))
+                    goto err;
+            }
+
+            M = Y;              /* keep the BIGNUM object, the value does not
+                                 * matter */
+            Y = X;
+            X = tmp;
+            sign = -sign;
+        }
+    }
+
+    /*-
+     * The while loop (Euclid's algorithm) ends when
+     *      A == gcd(a,n);
+     * we have
+     *       sign*Y*a  ==  A  (mod |n|),
+     * where  Y  is non-negative.
+     */
+
+    if (sign < 0) {
+        if (!BN_sub(Y, n, Y))
+            goto err;
+    }
+    /* Now  Y*a  ==  A  (mod |n|).  */
+
+    if (BN_is_one(A)) {
+        /* Y*a == 1  (mod |n|) */
+        if (!Y->neg && BN_ucmp(Y, n) < 0) {
+            if (!BN_copy(R, Y))
+                goto err;
+        } else {
+            if (!BN_nnmod(R, Y, n, ctx))
+                goto err;
+        }
+    } else {
+        BNerr(BN_F_BN_MOD_INVERSE, BN_R_NO_INVERSE);
+        goto err;
+    }
+    ret = R;
+ err:
+    if ((ret == NULL) && (in == NULL))
+        BN_free(R);
+    BN_CTX_end(ctx);
+    bn_check_top(ret);
+    return (ret);
+}
+
+/*
+ * BN_mod_inverse_no_branch is a special version of BN_mod_inverse. It does
+ * not contain branches that may leak sensitive information.
  */
 static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
-	const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
-	{
-	BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
-	BIGNUM local_A, local_B;
-	BIGNUM *pA, *pB;
-	BIGNUM *ret=NULL;
-	int sign;
-
-	bn_check_top(a);
-	bn_check_top(n);
-
-	BN_CTX_start(ctx);
-	A = BN_CTX_get(ctx);
-	B = BN_CTX_get(ctx);
-	X = BN_CTX_get(ctx);
-	D = BN_CTX_get(ctx);
-	M = BN_CTX_get(ctx);
-	Y = BN_CTX_get(ctx);
-	T = BN_CTX_get(ctx);
-	if (T == NULL) goto err;
-
-	if (in == NULL)
-		R=BN_new();
-	else
-		R=in;
-	if (R == NULL) goto err;
-
-	BN_one(X);
-	BN_zero(Y);
-	if (BN_copy(B,a) == NULL) goto err;
-	if (BN_copy(A,n) == NULL) goto err;
-	A->neg = 0;
-
-	if (B->neg || (BN_ucmp(B, A) >= 0))
-		{
-		/* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
-	 	 * BN_div_no_branch will be called eventually.
-	 	 */
-		pB = &local_B;
-		BN_with_flags(pB, B, BN_FLG_CONSTTIME);	
-		if (!BN_nnmod(B, pB, A, ctx)) goto err;
-		}
-	sign = -1;
-	/* From  B = a mod |n|,  A = |n|  it follows that
-	 *
-	 *      0 <= B < A,
-	 *     -sign*X*a  ==  B   (mod |n|),
-	 *      sign*Y*a  ==  A   (mod |n|).
-	 */
-
-	while (!BN_is_zero(B))
-		{
-		BIGNUM *tmp;
-		
-		/*
-		 *      0 < B < A,
-		 * (*) -sign*X*a  ==  B   (mod |n|),
-		 *      sign*Y*a  ==  A   (mod |n|)
-		 */
-
-		/* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
-	 	 * BN_div_no_branch will be called eventually.
-	 	 */
-		pA = &local_A;
-		BN_with_flags(pA, A, BN_FLG_CONSTTIME);	
-		
-		/* (D, M) := (A/B, A%B) ... */		
-		if (!BN_div(D,M,pA,B,ctx)) goto err;
-		
-		/* Now
-		 *      A = D*B + M;
-		 * thus we have
-		 * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
-		 */
-		
-		tmp=A; /* keep the BIGNUM object, the value does not matter */
-		
-		/* (A, B) := (B, A mod B) ... */
-		A=B;
-		B=M;
-		/* ... so we have  0 <= B < A  again */
-		
-		/* Since the former  M  is now  B  and the former  B  is now  A,
-		 * (**) translates into
-		 *       sign*Y*a  ==  D*A + B    (mod |n|),
-		 * i.e.
-		 *       sign*Y*a - D*A  ==  B    (mod |n|).
-		 * Similarly, (*) translates into
-		 *      -sign*X*a  ==  A          (mod |n|).
-		 *
-		 * Thus,
-		 *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
-		 * i.e.
-		 *        sign*(Y + D*X)*a  ==  B  (mod |n|).
-		 *
-		 * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at
-		 *      -sign*X*a  ==  B   (mod |n|),
-		 *       sign*Y*a  ==  A   (mod |n|).
-		 * Note that  X  and  Y  stay non-negative all the time.
-		 */
-			
-		if (!BN_mul(tmp,D,X,ctx)) goto err;
-		if (!BN_add(tmp,tmp,Y)) goto err;
-
-		M=Y; /* keep the BIGNUM object, the value does not matter */
-		Y=X;
-		X=tmp;
-		sign = -sign;
-		}
-		
-	/*
-	 * The while loop (Euclid's algorithm) ends when
-	 *      A == gcd(a,n);
-	 * we have
-	 *       sign*Y*a  ==  A  (mod |n|),
-	 * where  Y  is non-negative.
-	 */
-
-	if (sign < 0)
-		{
-		if (!BN_sub(Y,n,Y)) goto err;
-		}
-	/* Now  Y*a  ==  A  (mod |n|).  */
-
-	if (BN_is_one(A))
-		{
-		/* Y*a == 1  (mod |n|) */
-		if (!Y->neg && BN_ucmp(Y,n) < 0)
-			{
-			if (!BN_copy(R,Y)) goto err;
-			}
-		else
-			{
-			if (!BN_nnmod(R,Y,n,ctx)) goto err;
-			}
-		}
-	else
-		{
-		BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH,BN_R_NO_INVERSE);
-		goto err;
-		}
-	ret=R;
-err:
-	if ((ret == NULL) && (in == NULL)) BN_free(R);
-	BN_CTX_end(ctx);
-	bn_check_top(ret);
-	return(ret);
-	}
+                                        const BIGNUM *a, const BIGNUM *n,
+                                        BN_CTX *ctx)
+{
+    BIGNUM *A, *B, *X, *Y, *M, *D, *T, *R = NULL;
+    BIGNUM local_A, local_B;
+    BIGNUM *pA, *pB;
+    BIGNUM *ret = NULL;
+    int sign;
+
+    bn_check_top(a);
+    bn_check_top(n);
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    B = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    D = BN_CTX_get(ctx);
+    M = BN_CTX_get(ctx);
+    Y = BN_CTX_get(ctx);
+    T = BN_CTX_get(ctx);
+    if (T == NULL)
+        goto err;
+
+    if (in == NULL)
+        R = BN_new();
+    else
+        R = in;
+    if (R == NULL)
+        goto err;
+
+    BN_one(X);
+    BN_zero(Y);
+    if (BN_copy(B, a) == NULL)
+        goto err;
+    if (BN_copy(A, n) == NULL)
+        goto err;
+    A->neg = 0;
+
+    if (B->neg || (BN_ucmp(B, A) >= 0)) {
+        /*
+         * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
+         * BN_div_no_branch will be called eventually.
+         */
+        pB = &local_B;
+        BN_with_flags(pB, B, BN_FLG_CONSTTIME);
+        if (!BN_nnmod(B, pB, A, ctx))
+            goto err;
+    }
+    sign = -1;
+    /*-
+     * From  B = a mod |n|,  A = |n|  it follows that
+     *
+     *      0 <= B < A,
+     *     -sign*X*a  ==  B   (mod |n|),
+     *      sign*Y*a  ==  A   (mod |n|).
+     */
+
+    while (!BN_is_zero(B)) {
+        BIGNUM *tmp;
+
+        /*-
+         *      0 < B < A,
+         * (*) -sign*X*a  ==  B   (mod |n|),
+         *      sign*Y*a  ==  A   (mod |n|)
+         */
+
+        /*
+         * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked,
+         * BN_div_no_branch will be called eventually.
+         */
+        pA = &local_A;
+        BN_with_flags(pA, A, BN_FLG_CONSTTIME);
+
+        /* (D, M) := (A/B, A%B) ... */
+        if (!BN_div(D, M, pA, B, ctx))
+            goto err;
+
+        /*-
+         * Now
+         *      A = D*B + M;
+         * thus we have
+         * (**)  sign*Y*a  ==  D*B + M   (mod |n|).
+         */
+
+        tmp = A;                /* keep the BIGNUM object, the value does not
+                                 * matter */
+
+        /* (A, B) := (B, A mod B) ... */
+        A = B;
+        B = M;
+        /* ... so we have  0 <= B < A  again */
+
+        /*-
+         * Since the former  M  is now  B  and the former  B  is now  A,
+         * (**) translates into
+         *       sign*Y*a  ==  D*A + B    (mod |n|),
+         * i.e.
+         *       sign*Y*a - D*A  ==  B    (mod |n|).
+         * Similarly, (*) translates into
+         *      -sign*X*a  ==  A          (mod |n|).
+         *
+         * Thus,
+         *   sign*Y*a + D*sign*X*a  ==  B  (mod |n|),
+         * i.e.
+         *        sign*(Y + D*X)*a  ==  B  (mod |n|).
+         *
+         * So if we set  (X, Y, sign) := (Y + D*X, X, -sign),  we arrive back at
+         *      -sign*X*a  ==  B   (mod |n|),
+         *       sign*Y*a  ==  A   (mod |n|).
+         * Note that  X  and  Y  stay non-negative all the time.
+         */
+
+        if (!BN_mul(tmp, D, X, ctx))
+            goto err;
+        if (!BN_add(tmp, tmp, Y))
+            goto err;
+
+        M = Y;                  /* keep the BIGNUM object, the value does not
+                                 * matter */
+        Y = X;
+        X = tmp;
+        sign = -sign;
+    }
+
+    /*-
+     * The while loop (Euclid's algorithm) ends when
+     *      A == gcd(a,n);
+     * we have
+     *       sign*Y*a  ==  A  (mod |n|),
+     * where  Y  is non-negative.
+     */
+
+    if (sign < 0) {
+        if (!BN_sub(Y, n, Y))
+            goto err;
+    }
+    /* Now  Y*a  ==  A  (mod |n|).  */
+
+    if (BN_is_one(A)) {
+        /* Y*a == 1  (mod |n|) */
+        if (!Y->neg && BN_ucmp(Y, n) < 0) {
+            if (!BN_copy(R, Y))
+                goto err;
+        } else {
+            if (!BN_nnmod(R, Y, n, ctx))
+                goto err;
+        }
+    } else {
+        BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH, BN_R_NO_INVERSE);
+        goto err;
+    }
+    ret = R;
+ err:
+    if ((ret == NULL) && (in == NULL))
+        BN_free(R);
+    BN_CTX_end(ctx);
+    bn_check_top(ret);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c
index 28f1fa8f..3386f726 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c
@@ -27,12 +27,13 @@
  *
  */
 
-/* NOTE: This file is licensed pursuant to the OpenSSL license below
- * and may be modified; but after modifications, the above covenant
- * may no longer apply!  In such cases, the corresponding paragraph
- * ["In addition, Sun covenants ... causes the infringement."] and
- * this note can be edited out; but please keep the Sun copyright
- * notice and attribution. */
+/*
+ * NOTE: This file is licensed pursuant to the OpenSSL license below and may
+ * be modified; but after modifications, the above covenant may no longer
+ * apply! In such cases, the corresponding paragraph ["In addition, Sun
+ * covenants ... causes the infringement."] and this note can be edited out;
+ * but please keep the Sun copyright notice and attribution.
+ */
 
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
@@ -42,7 +43,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -94,1055 +95,1275 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-/* Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should fail. */
+/*
+ * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should
+ * fail.
+ */
 #define MAX_ITERATIONS 50
 
-static const BN_ULONG SQR_tb[16] =
-  {     0,     1,     4,     5,    16,    17,    20,    21,
-       64,    65,    68,    69,    80,    81,    84,    85 };
+static const BN_ULONG SQR_tb[16] = { 0, 1, 4, 5, 16, 17, 20, 21,
+    64, 65, 68, 69, 80, 81, 84, 85
+};
+
 /* Platform-specific macros to accelerate squaring. */
 #if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-#define SQR1(w) \
+# define SQR1(w) \
     SQR_tb[(w) >> 60 & 0xF] << 56 | SQR_tb[(w) >> 56 & 0xF] << 48 | \
     SQR_tb[(w) >> 52 & 0xF] << 40 | SQR_tb[(w) >> 48 & 0xF] << 32 | \
     SQR_tb[(w) >> 44 & 0xF] << 24 | SQR_tb[(w) >> 40 & 0xF] << 16 | \
     SQR_tb[(w) >> 36 & 0xF] <<  8 | SQR_tb[(w) >> 32 & 0xF]
-#define SQR0(w) \
+# define SQR0(w) \
     SQR_tb[(w) >> 28 & 0xF] << 56 | SQR_tb[(w) >> 24 & 0xF] << 48 | \
     SQR_tb[(w) >> 20 & 0xF] << 40 | SQR_tb[(w) >> 16 & 0xF] << 32 | \
     SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >>  8 & 0xF] << 16 | \
     SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
 #endif
 #ifdef THIRTY_TWO_BIT
-#define SQR1(w) \
+# define SQR1(w) \
     SQR_tb[(w) >> 28 & 0xF] << 24 | SQR_tb[(w) >> 24 & 0xF] << 16 | \
     SQR_tb[(w) >> 20 & 0xF] <<  8 | SQR_tb[(w) >> 16 & 0xF]
-#define SQR0(w) \
+# define SQR0(w) \
     SQR_tb[(w) >> 12 & 0xF] << 24 | SQR_tb[(w) >>  8 & 0xF] << 16 | \
     SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
 #endif
 #ifdef SIXTEEN_BIT
-#define SQR1(w) \
+# define SQR1(w) \
     SQR_tb[(w) >> 12 & 0xF] <<  8 | SQR_tb[(w) >>  8 & 0xF]
-#define SQR0(w) \
+# define SQR0(w) \
     SQR_tb[(w) >>  4 & 0xF] <<  8 | SQR_tb[(w)       & 0xF]
 #endif
 #ifdef EIGHT_BIT
-#define SQR1(w) \
+# define SQR1(w) \
     SQR_tb[(w) >>  4 & 0xF]
-#define SQR0(w) \
+# define SQR0(w) \
     SQR_tb[(w)       & 15]
 #endif
 
-/* Product of two polynomials a, b each with degree < BN_BITS2 - 1,
- * result is a polynomial r with degree < 2 * BN_BITS - 1
- * The caller MUST ensure that the variables have the right amount
- * of space allocated.
+/*
+ * Product of two polynomials a, b each with degree < BN_BITS2 - 1, result is
+ * a polynomial r with degree < 2 * BN_BITS - 1 The caller MUST ensure that
+ * the variables have the right amount of space allocated.
  */
 #ifdef EIGHT_BIT
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
-	{
-	register BN_ULONG h, l, s;
-	BN_ULONG tab[4], top1b = a >> 7;
-	register BN_ULONG a1, a2;
-
-	a1 = a & (0x7F); a2 = a1 << 1;
-
-	tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;
-
-	s = tab[b      & 0x3]; l  = s;
-	s = tab[b >> 2 & 0x3]; l ^= s << 2; h  = s >> 6;
-	s = tab[b >> 4 & 0x3]; l ^= s << 4; h ^= s >> 4;
-	s = tab[b >> 6      ]; l ^= s << 6; h ^= s >> 2;
-	
-	/* compensate for the top bit of a */
-
-	if (top1b & 01) { l ^= b << 7; h ^= b >> 1; } 
-
-	*r1 = h; *r0 = l;
-	} 
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
+                            const BN_ULONG b)
+{
+    register BN_ULONG h, l, s;
+    BN_ULONG tab[4], top1b = a >> 7;
+    register BN_ULONG a1, a2;
+
+    a1 = a & (0x7F);
+    a2 = a1 << 1;
+
+    tab[0] = 0;
+    tab[1] = a1;
+    tab[2] = a2;
+    tab[3] = a1 ^ a2;
+
+    s = tab[b & 0x3];
+    l = s;
+    s = tab[b >> 2 & 0x3];
+    l ^= s << 2;
+    h = s >> 6;
+    s = tab[b >> 4 & 0x3];
+    l ^= s << 4;
+    h ^= s >> 4;
+    s = tab[b >> 6];
+    l ^= s << 6;
+    h ^= s >> 2;
+
+    /* compensate for the top bit of a */
+
+    if (top1b & 01) {
+        l ^= b << 7;
+        h ^= b >> 1;
+    }
+
+    *r1 = h;
+    *r0 = l;
+}
 #endif
 #ifdef SIXTEEN_BIT
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
-	{
-	register BN_ULONG h, l, s;
-	BN_ULONG tab[4], top1b = a >> 15; 
-	register BN_ULONG a1, a2;
-
-	a1 = a & (0x7FFF); a2 = a1 << 1;
-
-	tab[0] = 0; tab[1] = a1; tab[2] = a2; tab[3] = a1^a2;
-
-	s = tab[b      & 0x3]; l  = s;
-	s = tab[b >> 2 & 0x3]; l ^= s <<  2; h  = s >> 14;
-	s = tab[b >> 4 & 0x3]; l ^= s <<  4; h ^= s >> 12;
-	s = tab[b >> 6 & 0x3]; l ^= s <<  6; h ^= s >> 10;
-	s = tab[b >> 8 & 0x3]; l ^= s <<  8; h ^= s >>  8;
-	s = tab[b >>10 & 0x3]; l ^= s << 10; h ^= s >>  6;
-	s = tab[b >>12 & 0x3]; l ^= s << 12; h ^= s >>  4;
-	s = tab[b >>14      ]; l ^= s << 14; h ^= s >>  2;
-
-	/* compensate for the top bit of a */
-
-	if (top1b & 01) { l ^= b << 15; h ^= b >> 1; } 
-
-	*r1 = h; *r0 = l;
-	} 
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
+                            const BN_ULONG b)
+{
+    register BN_ULONG h, l, s;
+    BN_ULONG tab[4], top1b = a >> 15;
+    register BN_ULONG a1, a2;
+
+    a1 = a & (0x7FFF);
+    a2 = a1 << 1;
+
+    tab[0] = 0;
+    tab[1] = a1;
+    tab[2] = a2;
+    tab[3] = a1 ^ a2;
+
+    s = tab[b & 0x3];
+    l = s;
+    s = tab[b >> 2 & 0x3];
+    l ^= s << 2;
+    h = s >> 14;
+    s = tab[b >> 4 & 0x3];
+    l ^= s << 4;
+    h ^= s >> 12;
+    s = tab[b >> 6 & 0x3];
+    l ^= s << 6;
+    h ^= s >> 10;
+    s = tab[b >> 8 & 0x3];
+    l ^= s << 8;
+    h ^= s >> 8;
+    s = tab[b >> 10 & 0x3];
+    l ^= s << 10;
+    h ^= s >> 6;
+    s = tab[b >> 12 & 0x3];
+    l ^= s << 12;
+    h ^= s >> 4;
+    s = tab[b >> 14];
+    l ^= s << 14;
+    h ^= s >> 2;
+
+    /* compensate for the top bit of a */
+
+    if (top1b & 01) {
+        l ^= b << 15;
+        h ^= b >> 1;
+    }
+
+    *r1 = h;
+    *r0 = l;
+}
 #endif
 #ifdef THIRTY_TWO_BIT
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
-	{
-	register BN_ULONG h, l, s;
-	BN_ULONG tab[8], top2b = a >> 30; 
-	register BN_ULONG a1, a2, a4;
-
-	a1 = a & (0x3FFFFFFF); a2 = a1 << 1; a4 = a2 << 1;
-
-	tab[0] =  0; tab[1] = a1;    tab[2] = a2;    tab[3] = a1^a2;
-	tab[4] = a4; tab[5] = a1^a4; tab[6] = a2^a4; tab[7] = a1^a2^a4;
-
-	s = tab[b       & 0x7]; l  = s;
-	s = tab[b >>  3 & 0x7]; l ^= s <<  3; h  = s >> 29;
-	s = tab[b >>  6 & 0x7]; l ^= s <<  6; h ^= s >> 26;
-	s = tab[b >>  9 & 0x7]; l ^= s <<  9; h ^= s >> 23;
-	s = tab[b >> 12 & 0x7]; l ^= s << 12; h ^= s >> 20;
-	s = tab[b >> 15 & 0x7]; l ^= s << 15; h ^= s >> 17;
-	s = tab[b >> 18 & 0x7]; l ^= s << 18; h ^= s >> 14;
-	s = tab[b >> 21 & 0x7]; l ^= s << 21; h ^= s >> 11;
-	s = tab[b >> 24 & 0x7]; l ^= s << 24; h ^= s >>  8;
-	s = tab[b >> 27 & 0x7]; l ^= s << 27; h ^= s >>  5;
-	s = tab[b >> 30      ]; l ^= s << 30; h ^= s >>  2;
-
-	/* compensate for the top two bits of a */
-
-	if (top2b & 01) { l ^= b << 30; h ^= b >> 2; } 
-	if (top2b & 02) { l ^= b << 31; h ^= b >> 1; } 
-
-	*r1 = h; *r0 = l;
-	} 
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
+                            const BN_ULONG b)
+{
+    register BN_ULONG h, l, s;
+    BN_ULONG tab[8], top2b = a >> 30;
+    register BN_ULONG a1, a2, a4;
+
+    a1 = a & (0x3FFFFFFF);
+    a2 = a1 << 1;
+    a4 = a2 << 1;
+
+    tab[0] = 0;
+    tab[1] = a1;
+    tab[2] = a2;
+    tab[3] = a1 ^ a2;
+    tab[4] = a4;
+    tab[5] = a1 ^ a4;
+    tab[6] = a2 ^ a4;
+    tab[7] = a1 ^ a2 ^ a4;
+
+    s = tab[b & 0x7];
+    l = s;
+    s = tab[b >> 3 & 0x7];
+    l ^= s << 3;
+    h = s >> 29;
+    s = tab[b >> 6 & 0x7];
+    l ^= s << 6;
+    h ^= s >> 26;
+    s = tab[b >> 9 & 0x7];
+    l ^= s << 9;
+    h ^= s >> 23;
+    s = tab[b >> 12 & 0x7];
+    l ^= s << 12;
+    h ^= s >> 20;
+    s = tab[b >> 15 & 0x7];
+    l ^= s << 15;
+    h ^= s >> 17;
+    s = tab[b >> 18 & 0x7];
+    l ^= s << 18;
+    h ^= s >> 14;
+    s = tab[b >> 21 & 0x7];
+    l ^= s << 21;
+    h ^= s >> 11;
+    s = tab[b >> 24 & 0x7];
+    l ^= s << 24;
+    h ^= s >> 8;
+    s = tab[b >> 27 & 0x7];
+    l ^= s << 27;
+    h ^= s >> 5;
+    s = tab[b >> 30];
+    l ^= s << 30;
+    h ^= s >> 2;
+
+    /* compensate for the top two bits of a */
+
+    if (top2b & 01) {
+        l ^= b << 30;
+        h ^= b >> 2;
+    }
+    if (top2b & 02) {
+        l ^= b << 31;
+        h ^= b >> 1;
+    }
+
+    *r1 = h;
+    *r0 = l;
+}
 #endif
 #if defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a, const BN_ULONG b)
-	{
-	register BN_ULONG h, l, s;
-	BN_ULONG tab[16], top3b = a >> 61;
-	register BN_ULONG a1, a2, a4, a8;
-
-	a1 = a & (0x1FFFFFFFFFFFFFFFULL); a2 = a1 << 1; a4 = a2 << 1; a8 = a4 << 1;
-
-	tab[ 0] = 0;     tab[ 1] = a1;       tab[ 2] = a2;       tab[ 3] = a1^a2;
-	tab[ 4] = a4;    tab[ 5] = a1^a4;    tab[ 6] = a2^a4;    tab[ 7] = a1^a2^a4;
-	tab[ 8] = a8;    tab[ 9] = a1^a8;    tab[10] = a2^a8;    tab[11] = a1^a2^a8;
-	tab[12] = a4^a8; tab[13] = a1^a4^a8; tab[14] = a2^a4^a8; tab[15] = a1^a2^a4^a8;
-
-	s = tab[b       & 0xF]; l  = s;
-	s = tab[b >>  4 & 0xF]; l ^= s <<  4; h  = s >> 60;
-	s = tab[b >>  8 & 0xF]; l ^= s <<  8; h ^= s >> 56;
-	s = tab[b >> 12 & 0xF]; l ^= s << 12; h ^= s >> 52;
-	s = tab[b >> 16 & 0xF]; l ^= s << 16; h ^= s >> 48;
-	s = tab[b >> 20 & 0xF]; l ^= s << 20; h ^= s >> 44;
-	s = tab[b >> 24 & 0xF]; l ^= s << 24; h ^= s >> 40;
-	s = tab[b >> 28 & 0xF]; l ^= s << 28; h ^= s >> 36;
-	s = tab[b >> 32 & 0xF]; l ^= s << 32; h ^= s >> 32;
-	s = tab[b >> 36 & 0xF]; l ^= s << 36; h ^= s >> 28;
-	s = tab[b >> 40 & 0xF]; l ^= s << 40; h ^= s >> 24;
-	s = tab[b >> 44 & 0xF]; l ^= s << 44; h ^= s >> 20;
-	s = tab[b >> 48 & 0xF]; l ^= s << 48; h ^= s >> 16;
-	s = tab[b >> 52 & 0xF]; l ^= s << 52; h ^= s >> 12;
-	s = tab[b >> 56 & 0xF]; l ^= s << 56; h ^= s >>  8;
-	s = tab[b >> 60      ]; l ^= s << 60; h ^= s >>  4;
-
-	/* compensate for the top three bits of a */
-
-	if (top3b & 01) { l ^= b << 61; h ^= b >> 3; } 
-	if (top3b & 02) { l ^= b << 62; h ^= b >> 2; } 
-	if (top3b & 04) { l ^= b << 63; h ^= b >> 1; } 
-
-	*r1 = h; *r0 = l;
-	} 
+static void bn_GF2m_mul_1x1(BN_ULONG *r1, BN_ULONG *r0, const BN_ULONG a,
+                            const BN_ULONG b)
+{
+    register BN_ULONG h, l, s;
+    BN_ULONG tab[16], top3b = a >> 61;
+    register BN_ULONG a1, a2, a4, a8;
+
+    a1 = a & (0x1FFFFFFFFFFFFFFFULL);
+    a2 = a1 << 1;
+    a4 = a2 << 1;
+    a8 = a4 << 1;
+
+    tab[0] = 0;
+    tab[1] = a1;
+    tab[2] = a2;
+    tab[3] = a1 ^ a2;
+    tab[4] = a4;
+    tab[5] = a1 ^ a4;
+    tab[6] = a2 ^ a4;
+    tab[7] = a1 ^ a2 ^ a4;
+    tab[8] = a8;
+    tab[9] = a1 ^ a8;
+    tab[10] = a2 ^ a8;
+    tab[11] = a1 ^ a2 ^ a8;
+    tab[12] = a4 ^ a8;
+    tab[13] = a1 ^ a4 ^ a8;
+    tab[14] = a2 ^ a4 ^ a8;
+    tab[15] = a1 ^ a2 ^ a4 ^ a8;
+
+    s = tab[b & 0xF];
+    l = s;
+    s = tab[b >> 4 & 0xF];
+    l ^= s << 4;
+    h = s >> 60;
+    s = tab[b >> 8 & 0xF];
+    l ^= s << 8;
+    h ^= s >> 56;
+    s = tab[b >> 12 & 0xF];
+    l ^= s << 12;
+    h ^= s >> 52;
+    s = tab[b >> 16 & 0xF];
+    l ^= s << 16;
+    h ^= s >> 48;
+    s = tab[b >> 20 & 0xF];
+    l ^= s << 20;
+    h ^= s >> 44;
+    s = tab[b >> 24 & 0xF];
+    l ^= s << 24;
+    h ^= s >> 40;
+    s = tab[b >> 28 & 0xF];
+    l ^= s << 28;
+    h ^= s >> 36;
+    s = tab[b >> 32 & 0xF];
+    l ^= s << 32;
+    h ^= s >> 32;
+    s = tab[b >> 36 & 0xF];
+    l ^= s << 36;
+    h ^= s >> 28;
+    s = tab[b >> 40 & 0xF];
+    l ^= s << 40;
+    h ^= s >> 24;
+    s = tab[b >> 44 & 0xF];
+    l ^= s << 44;
+    h ^= s >> 20;
+    s = tab[b >> 48 & 0xF];
+    l ^= s << 48;
+    h ^= s >> 16;
+    s = tab[b >> 52 & 0xF];
+    l ^= s << 52;
+    h ^= s >> 12;
+    s = tab[b >> 56 & 0xF];
+    l ^= s << 56;
+    h ^= s >> 8;
+    s = tab[b >> 60];
+    l ^= s << 60;
+    h ^= s >> 4;
+
+    /* compensate for the top three bits of a */
+
+    if (top3b & 01) {
+        l ^= b << 61;
+        h ^= b >> 3;
+    }
+    if (top3b & 02) {
+        l ^= b << 62;
+        h ^= b >> 2;
+    }
+    if (top3b & 04) {
+        l ^= b << 63;
+        h ^= b >> 1;
+    }
+
+    *r1 = h;
+    *r0 = l;
+}
 #endif
 
-/* Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,
- * result is a polynomial r with degree < 4 * BN_BITS2 - 1
- * The caller MUST ensure that the variables have the right amount
- * of space allocated.
+/*
+ * Product of two polynomials a, b each with degree < 2 * BN_BITS2 - 1,
+ * result is a polynomial r with degree < 4 * BN_BITS2 - 1 The caller MUST
+ * ensure that the variables have the right amount of space allocated.
  */
-static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0, const BN_ULONG b1, const BN_ULONG b0)
-	{
-	BN_ULONG m1, m0;
-	/* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
-	bn_GF2m_mul_1x1(r+3, r+2, a1, b1);
-	bn_GF2m_mul_1x1(r+1, r, a0, b0);
-	bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
-	/* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
-	r[2] ^= m1 ^ r[1] ^ r[3];  /* h0 ^= m1 ^ l1 ^ h1; */
-	r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0;  /* l1 ^= l0 ^ h0 ^ m0; */
-	}
-
-
-/* Add polynomials a and b and store result in r; r could be a or b, a and b 
+static void bn_GF2m_mul_2x2(BN_ULONG *r, const BN_ULONG a1, const BN_ULONG a0,
+                            const BN_ULONG b1, const BN_ULONG b0)
+{
+    BN_ULONG m1, m0;
+    /* r[3] = h1, r[2] = h0; r[1] = l1; r[0] = l0 */
+    bn_GF2m_mul_1x1(r + 3, r + 2, a1, b1);
+    bn_GF2m_mul_1x1(r + 1, r, a0, b0);
+    bn_GF2m_mul_1x1(&m1, &m0, a0 ^ a1, b0 ^ b1);
+    /* Correction on m1 ^= l1 ^ h1; m0 ^= l0 ^ h0; */
+    r[2] ^= m1 ^ r[1] ^ r[3];   /* h0 ^= m1 ^ l1 ^ h1; */
+    r[1] = r[3] ^ r[2] ^ r[0] ^ m1 ^ m0; /* l1 ^= l0 ^ h0 ^ m0; */
+}
+
+/*
+ * Add polynomials a and b and store result in r; r could be a or b, a and b
  * could be equal; r is the bitwise XOR of a and b.
  */
-int	BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
-	{
-	int i;
-	const BIGNUM *at, *bt;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	if (a->top < b->top) { at = b; bt = a; }
-	else { at = a; bt = b; }
-
-	if(bn_wexpand(r, at->top) == NULL)
-		return 0;
-
-	for (i = 0; i < bt->top; i++)
-		{
-		r->d[i] = at->d[i] ^ bt->d[i];
-		}
-	for (; i < at->top; i++)
-		{
-		r->d[i] = at->d[i];
-		}
-	
-	r->top = at->top;
-	bn_correct_top(r);
-	
-	return 1;
-	}
-
-
-/* Some functions allow for representation of the irreducible polynomials
+int BN_GF2m_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b)
+{
+    int i;
+    const BIGNUM *at, *bt;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->top < b->top) {
+        at = b;
+        bt = a;
+    } else {
+        at = a;
+        bt = b;
+    }
+
+    if (bn_wexpand(r, at->top) == NULL)
+        return 0;
+
+    for (i = 0; i < bt->top; i++) {
+        r->d[i] = at->d[i] ^ bt->d[i];
+    }
+    for (; i < at->top; i++) {
+        r->d[i] = at->d[i];
+    }
+
+    r->top = at->top;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+/*-
+ * Some functions allow for representation of the irreducible polynomials
  * as an int[], say p.  The irreducible f(t) is then of the form:
  *     t^p[0] + t^p[1] + ... + t^p[k]
  * where m = p[0] > p[1] > ... > p[k] = 0.
  */
 
-
 /* Performs modular reduction of a and store result in r.  r could be a. */
 int BN_GF2m_mod_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[])
-	{
-	int j, k;
-	int n, dN, d0, d1;
-	BN_ULONG zz, *z;
-
-	bn_check_top(a);
-
-	if (!p[0])
-		{
-		/* reduction mod 1 => return 0 */
-		BN_zero(r);
-		return 1;
-		}
-
-	/* Since the algorithm does reduction in the r value, if a != r, copy
-	 * the contents of a into r so we can do reduction in r. 
-	 */
-	if (a != r)
-		{
-		if (!bn_wexpand(r, a->top)) return 0;
-		for (j = 0; j < a->top; j++)
-			{
-			r->d[j] = a->d[j];
-			}
-		r->top = a->top;
-		}
-	z = r->d;
-
-	/* start reduction */
-	dN = p[0] / BN_BITS2;  
-	for (j = r->top - 1; j > dN;)
-		{
-		zz = z[j];
-		if (z[j] == 0) { j--; continue; }
-		z[j] = 0;
-
-		for (k = 1; p[k] != 0; k++)
-			{
-			/* reducing component t^p[k] */
-			n = p[0] - p[k];
-			d0 = n % BN_BITS2;  d1 = BN_BITS2 - d0;
-			n /= BN_BITS2; 
-			z[j-n] ^= (zz>>d0);
-			if (d0) z[j-n-1] ^= (zz<<d1);
-			}
-
-		/* reducing component t^0 */
-		n = dN;  
-		d0 = p[0] % BN_BITS2;
-		d1 = BN_BITS2 - d0;
-		z[j-n] ^= (zz >> d0);
-		if (d0) z[j-n-1] ^= (zz << d1);
-		}
-
-	/* final round of reduction */
-	while (j == dN)
-		{
-
-		d0 = p[0] % BN_BITS2;
-		zz = z[dN] >> d0;
-		if (zz == 0) break;
-		d1 = BN_BITS2 - d0;
-		
-		/* clear up the top d1 bits */
-		if (d0)
-			z[dN] = (z[dN] << d1) >> d1;
-		else
-			z[dN] = 0;
-		z[0] ^= zz; /* reduction t^0 component */
-
-		for (k = 1; p[k] != 0; k++)
-			{
-			BN_ULONG tmp_ulong;
-
-			/* reducing component t^p[k]*/
-			n = p[k] / BN_BITS2;   
-			d0 = p[k] % BN_BITS2;
-			d1 = BN_BITS2 - d0;
-			z[n] ^= (zz << d0);
-			tmp_ulong = zz >> d1;
-                        if (d0 && tmp_ulong)
-                                z[n+1] ^= tmp_ulong;
-			}
-
-		
-		}
-
-	bn_correct_top(r);
-	return 1;
-	}
-
-/* Performs modular reduction of a by p and store result in r.  r could be a.
- *
+{
+    int j, k;
+    int n, dN, d0, d1;
+    BN_ULONG zz, *z;
+
+    bn_check_top(a);
+
+    if (!p[0]) {
+        /* reduction mod 1 => return 0 */
+        BN_zero(r);
+        return 1;
+    }
+
+    /*
+     * Since the algorithm does reduction in the r value, if a != r, copy the
+     * contents of a into r so we can do reduction in r.
+     */
+    if (a != r) {
+        if (!bn_wexpand(r, a->top))
+            return 0;
+        for (j = 0; j < a->top; j++) {
+            r->d[j] = a->d[j];
+        }
+        r->top = a->top;
+    }
+    z = r->d;
+
+    /* start reduction */
+    dN = p[0] / BN_BITS2;
+    for (j = r->top - 1; j > dN;) {
+        zz = z[j];
+        if (z[j] == 0) {
+            j--;
+            continue;
+        }
+        z[j] = 0;
+
+        for (k = 1; p[k] != 0; k++) {
+            /* reducing component t^p[k] */
+            n = p[0] - p[k];
+            d0 = n % BN_BITS2;
+            d1 = BN_BITS2 - d0;
+            n /= BN_BITS2;
+            z[j - n] ^= (zz >> d0);
+            if (d0)
+                z[j - n - 1] ^= (zz << d1);
+        }
+
+        /* reducing component t^0 */
+        n = dN;
+        d0 = p[0] % BN_BITS2;
+        d1 = BN_BITS2 - d0;
+        z[j - n] ^= (zz >> d0);
+        if (d0)
+            z[j - n - 1] ^= (zz << d1);
+    }
+
+    /* final round of reduction */
+    while (j == dN) {
+
+        d0 = p[0] % BN_BITS2;
+        zz = z[dN] >> d0;
+        if (zz == 0)
+            break;
+        d1 = BN_BITS2 - d0;
+
+        /* clear up the top d1 bits */
+        if (d0)
+            z[dN] = (z[dN] << d1) >> d1;
+        else
+            z[dN] = 0;
+        z[0] ^= zz;             /* reduction t^0 component */
+
+        for (k = 1; p[k] != 0; k++) {
+            BN_ULONG tmp_ulong;
+
+            /* reducing component t^p[k] */
+            n = p[k] / BN_BITS2;
+            d0 = p[k] % BN_BITS2;
+            d1 = BN_BITS2 - d0;
+            z[n] ^= (zz << d0);
+            tmp_ulong = zz >> d1;
+            if (d0 && tmp_ulong)
+                z[n + 1] ^= tmp_ulong;
+        }
+
+    }
+
+    bn_correct_top(r);
+    return 1;
+}
+
+/*
+ * Performs modular reduction of a by p and store result in r.  r could be a.
  * This function calls down to the BN_GF2m_mod_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
+ * function is only provided for convenience; for best performance, use the
  * BN_GF2m_mod_arr function.
  */
-int	BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
-	{
-	int ret = 0;
-	const int max = BN_num_bits(p);
-	unsigned int *arr=NULL;
-	bn_check_top(a);
-	bn_check_top(p);
-	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
-	ret = BN_GF2m_poly2arr(p, arr, max);
-	if (!ret || ret > max)
-		{
-		BNerr(BN_F_BN_GF2M_MOD,BN_R_INVALID_LENGTH);
-		goto err;
-		}
-	ret = BN_GF2m_mod_arr(r, a, arr);
-	bn_check_top(r);
-err:
-	if (arr) OPENSSL_free(arr);
-	return ret;
-	}
-
-
-/* Compute the product of two polynomials a and b, reduce modulo p, and store
+int BN_GF2m_mod(BIGNUM *r, const BIGNUM *a, const BIGNUM *p)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p);
+    unsigned int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(p);
+    if ((arr =
+         (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_arr(r, a, arr);
+    bn_check_top(r);
+ err:
+    if (arr)
+        OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Compute the product of two polynomials a and b, reduce modulo p, and store
  * the result in r.  r could be a or b; a could be b.
  */
-int	BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx)
-	{
-	int zlen, i, j, k, ret = 0;
-	BIGNUM *s;
-	BN_ULONG x1, x0, y1, y0, zz[4];
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	if (a == b)
-		{
-		return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
-		}
-
-	BN_CTX_start(ctx);
-	if ((s = BN_CTX_get(ctx)) == NULL) goto err;
-	
-	zlen = a->top + b->top + 4;
-	if (!bn_wexpand(s, zlen)) goto err;
-	s->top = zlen;
-
-	for (i = 0; i < zlen; i++) s->d[i] = 0;
-
-	for (j = 0; j < b->top; j += 2)
-		{
-		y0 = b->d[j];
-		y1 = ((j+1) == b->top) ? 0 : b->d[j+1];
-		for (i = 0; i < a->top; i += 2)
-			{
-			x0 = a->d[i];
-			x1 = ((i+1) == a->top) ? 0 : a->d[i+1];
-			bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);
-			for (k = 0; k < 4; k++) s->d[i+j+k] ^= zz[k];
-			}
-		}
-
-	bn_correct_top(s);
-	if (BN_GF2m_mod_arr(r, s, p))
-		ret = 1;
-	bn_check_top(r);
-
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-/* Compute the product of two polynomials a and b, reduce modulo p, and store
- * the result in r.  r could be a or b; a could equal b.
- *
- * This function calls down to the BN_GF2m_mod_mul_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
+int BN_GF2m_mod_mul_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const unsigned int p[], BN_CTX *ctx)
+{
+    int zlen, i, j, k, ret = 0;
+    BIGNUM *s;
+    BN_ULONG x1, x0, y1, y0, zz[4];
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a == b) {
+        return BN_GF2m_mod_sqr_arr(r, a, p, ctx);
+    }
+
+    BN_CTX_start(ctx);
+    if ((s = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    zlen = a->top + b->top + 4;
+    if (!bn_wexpand(s, zlen))
+        goto err;
+    s->top = zlen;
+
+    for (i = 0; i < zlen; i++)
+        s->d[i] = 0;
+
+    for (j = 0; j < b->top; j += 2) {
+        y0 = b->d[j];
+        y1 = ((j + 1) == b->top) ? 0 : b->d[j + 1];
+        for (i = 0; i < a->top; i += 2) {
+            x0 = a->d[i];
+            x1 = ((i + 1) == a->top) ? 0 : a->d[i + 1];
+            bn_GF2m_mul_2x2(zz, x1, x0, y1, y0);
+            for (k = 0; k < 4; k++)
+                s->d[i + j + k] ^= zz[k];
+        }
+    }
+
+    bn_correct_top(s);
+    if (BN_GF2m_mod_arr(r, s, p))
+        ret = 1;
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the product of two polynomials a and b, reduce modulo p, and store
+ * the result in r.  r could be a or b; a could equal b. This function calls
+ * down to the BN_GF2m_mod_mul_arr implementation; this wrapper function is
+ * only provided for convenience; for best performance, use the
  * BN_GF2m_mod_mul_arr function.
  */
-int	BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
-	{
-	int ret = 0;
-	const int max = BN_num_bits(p);
-	unsigned int *arr=NULL;
-	bn_check_top(a);
-	bn_check_top(b);
-	bn_check_top(p);
-	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
-	ret = BN_GF2m_poly2arr(p, arr, max);
-	if (!ret || ret > max)
-		{
-		BNerr(BN_F_BN_GF2M_MOD_MUL,BN_R_INVALID_LENGTH);
-		goto err;
-		}
-	ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
-	bn_check_top(r);
-err:
-	if (arr) OPENSSL_free(arr);
-	return ret;
-	}
-
+int BN_GF2m_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p);
+    unsigned int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(p);
+    if ((arr =
+         (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_MUL, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_mul_arr(r, a, b, arr, ctx);
+    bn_check_top(r);
+ err:
+    if (arr)
+        OPENSSL_free(arr);
+    return ret;
+}
 
 /* Square a, reduce the result mod p, and store it in a.  r could be a. */
-int	BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx)
-	{
-	int i, ret = 0;
-	BIGNUM *s;
-
-	bn_check_top(a);
-	BN_CTX_start(ctx);
-	if ((s = BN_CTX_get(ctx)) == NULL) return 0;
-	if (!bn_wexpand(s, 2 * a->top)) goto err;
-
-	for (i = a->top - 1; i >= 0; i--)
-		{
-		s->d[2*i+1] = SQR1(a->d[i]);
-		s->d[2*i  ] = SQR0(a->d[i]);
-		}
-
-	s->top = 2 * a->top;
-	bn_correct_top(s);
-	if (!BN_GF2m_mod_arr(r, s, p)) goto err;
-	bn_check_top(r);
-	ret = 1;
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-/* Square a, reduce the result mod p, and store it in a.  r could be a.
- *
- * This function calls down to the BN_GF2m_mod_sqr_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
- * BN_GF2m_mod_sqr_arr function.
+int BN_GF2m_mod_sqr_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[],
+                        BN_CTX *ctx)
+{
+    int i, ret = 0;
+    BIGNUM *s;
+
+    bn_check_top(a);
+    BN_CTX_start(ctx);
+    if ((s = BN_CTX_get(ctx)) == NULL)
+        return 0;
+    if (!bn_wexpand(s, 2 * a->top))
+        goto err;
+
+    for (i = a->top - 1; i >= 0; i--) {
+        s->d[2 * i + 1] = SQR1(a->d[i]);
+        s->d[2 * i] = SQR0(a->d[i]);
+    }
+
+    s->top = 2 * a->top;
+    bn_correct_top(s);
+    if (!BN_GF2m_mod_arr(r, s, p))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Square a, reduce the result mod p, and store it in a.  r could be a. This
+ * function calls down to the BN_GF2m_mod_sqr_arr implementation; this
+ * wrapper function is only provided for convenience; for best performance,
+ * use the BN_GF2m_mod_sqr_arr function.
  */
-int	BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-	{
-	int ret = 0;
-	const int max = BN_num_bits(p);
-	unsigned int *arr=NULL;
-
-	bn_check_top(a);
-	bn_check_top(p);
-	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
-	ret = BN_GF2m_poly2arr(p, arr, max);
-	if (!ret || ret > max)
-		{
-		BNerr(BN_F_BN_GF2M_MOD_SQR,BN_R_INVALID_LENGTH);
-		goto err;
-		}
-	ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
-	bn_check_top(r);
-err:
-	if (arr) OPENSSL_free(arr);
-	return ret;
-	}
-
-
-/* Invert a, reduce modulo p, and store the result in r. r could be a. 
- * Uses Modified Almost Inverse Algorithm (Algorithm 10) from
- *     Hankerson, D., Hernandez, J.L., and Menezes, A.  "Software Implementation
- *     of Elliptic Curve Cryptography Over Binary Fields".
+int BN_GF2m_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p);
+    unsigned int *arr = NULL;
+
+    bn_check_top(a);
+    bn_check_top(p);
+    if ((arr =
+         (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_SQR, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_sqr_arr(r, a, arr, ctx);
+    bn_check_top(r);
+ err:
+    if (arr)
+        OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Invert a, reduce modulo p, and store the result in r. r could be a. Uses
+ * Modified Almost Inverse Algorithm (Algorithm 10) from Hankerson, D.,
+ * Hernandez, J.L., and Menezes, A.  "Software Implementation of Elliptic
+ * Curve Cryptography Over Binary Fields".
  */
 int BN_GF2m_mod_inv(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-	{
-	BIGNUM *b, *c, *u, *v, *tmp;
-	int ret = 0;
-
-	bn_check_top(a);
-	bn_check_top(p);
-
-	BN_CTX_start(ctx);
-	
-	b = BN_CTX_get(ctx);
-	c = BN_CTX_get(ctx);
-	u = BN_CTX_get(ctx);
-	v = BN_CTX_get(ctx);
-	if (v == NULL) goto err;
-
-	if (!BN_one(b)) goto err;
-	if (!BN_GF2m_mod(u, a, p)) goto err;
-	if (!BN_copy(v, p)) goto err;
-
-	if (BN_is_zero(u)) goto err;
-
-	while (1)
-		{
-		while (!BN_is_odd(u))
-			{
-			if (BN_is_zero(u)) goto err;
-			if (!BN_rshift1(u, u)) goto err;
-			if (BN_is_odd(b))
-				{
-				if (!BN_GF2m_add(b, b, p)) goto err;
-				}
-			if (!BN_rshift1(b, b)) goto err;
-			}
-
-		if (BN_abs_is_word(u, 1)) break;
-
-		if (BN_num_bits(u) < BN_num_bits(v))
-			{
-			tmp = u; u = v; v = tmp;
-			tmp = b; b = c; c = tmp;
-			}
-		
-		if (!BN_GF2m_add(u, u, v)) goto err;
-		if (!BN_GF2m_add(b, b, c)) goto err;
-		}
-
-
-	if (!BN_copy(r, b)) goto err;
-	bn_check_top(r);
-	ret = 1;
-
-err:
-  	BN_CTX_end(ctx);
-	return ret;
-	}
-
-/* Invert xx, reduce modulo p, and store the result in r. r could be xx. 
- *
- * This function calls down to the BN_GF2m_mod_inv implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
- * BN_GF2m_mod_inv function.
- */
-int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx)
-	{
-	BIGNUM *field;
-	int ret = 0;
-
-	bn_check_top(xx);
-	BN_CTX_start(ctx);
-	if ((field = BN_CTX_get(ctx)) == NULL) goto err;
-	if (!BN_GF2m_arr2poly(p, field)) goto err;
-	
-	ret = BN_GF2m_mod_inv(r, xx, field, ctx);
-	bn_check_top(r);
-
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
+{
+    BIGNUM *b, *c, *u, *v, *tmp;
+    int ret = 0;
+
+    bn_check_top(a);
+    bn_check_top(p);
+
+    BN_CTX_start(ctx);
+
+    b = BN_CTX_get(ctx);
+    c = BN_CTX_get(ctx);
+    u = BN_CTX_get(ctx);
+    v = BN_CTX_get(ctx);
+    if (v == NULL)
+        goto err;
+
+    if (!BN_one(b))
+        goto err;
+    if (!BN_GF2m_mod(u, a, p))
+        goto err;
+    if (!BN_copy(v, p))
+        goto err;
+
+    if (BN_is_zero(u))
+        goto err;
+
+    while (1) {
+        while (!BN_is_odd(u)) {
+            if (BN_is_zero(u))
+                goto err;
+            if (!BN_rshift1(u, u))
+                goto err;
+            if (BN_is_odd(b)) {
+                if (!BN_GF2m_add(b, b, p))
+                    goto err;
+            }
+            if (!BN_rshift1(b, b))
+                goto err;
+        }
+
+        if (BN_abs_is_word(u, 1))
+            break;
+
+        if (BN_num_bits(u) < BN_num_bits(v)) {
+            tmp = u;
+            u = v;
+            v = tmp;
+            tmp = b;
+            b = c;
+            c = tmp;
+        }
+
+        if (!BN_GF2m_add(u, u, v))
+            goto err;
+        if (!BN_GF2m_add(b, b, c))
+            goto err;
+    }
+
+    if (!BN_copy(r, b))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
 
+/*
+ * Invert xx, reduce modulo p, and store the result in r. r could be xx.
+ * This function calls down to the BN_GF2m_mod_inv implementation; this
+ * wrapper function is only provided for convenience; for best performance,
+ * use the BN_GF2m_mod_inv function.
+ */
+int BN_GF2m_mod_inv_arr(BIGNUM *r, const BIGNUM *xx, const unsigned int p[],
+                        BN_CTX *ctx)
+{
+    BIGNUM *field;
+    int ret = 0;
+
+    bn_check_top(xx);
+    BN_CTX_start(ctx);
+    if ((field = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (!BN_GF2m_arr2poly(p, field))
+        goto err;
+
+    ret = BN_GF2m_mod_inv(r, xx, field, ctx);
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
 
 #ifndef OPENSSL_SUN_GF2M_DIV
-/* Divide y by x, reduce modulo p, and store the result in r. r could be x 
+/*
+ * Divide y by x, reduce modulo p, and store the result in r. r could be x
  * or y, x could equal y.
  */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)
-	{
-	BIGNUM *xinv = NULL;
-	int ret = 0;
-
-	bn_check_top(y);
-	bn_check_top(x);
-	bn_check_top(p);
-
-	BN_CTX_start(ctx);
-	xinv = BN_CTX_get(ctx);
-	if (xinv == NULL) goto err;
-	
-	if (!BN_GF2m_mod_inv(xinv, x, p, ctx)) goto err;
-	if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx)) goto err;
-	bn_check_top(r);
-	ret = 1;
-
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x,
+                    const BIGNUM *p, BN_CTX *ctx)
+{
+    BIGNUM *xinv = NULL;
+    int ret = 0;
+
+    bn_check_top(y);
+    bn_check_top(x);
+    bn_check_top(p);
+
+    BN_CTX_start(ctx);
+    xinv = BN_CTX_get(ctx);
+    if (xinv == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_inv(xinv, x, p, ctx))
+        goto err;
+    if (!BN_GF2m_mod_mul(r, y, xinv, p, ctx))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
 #else
-/* Divide y by x, reduce modulo p, and store the result in r. r could be x 
- * or y, x could equal y.
- * Uses algorithm Modular_Division_GF(2^m) from 
- *     Chang-Shantz, S.  "From Euclid's GCD to Montgomery Multiplication to 
- *     the Great Divide".
+/*
+ * Divide y by x, reduce modulo p, and store the result in r. r could be x
+ * or y, x could equal y. Uses algorithm Modular_Division_GF(2^m) from
+ * Chang-Shantz, S.  "From Euclid's GCD to Montgomery Multiplication to the
+ * Great Divide".
  */
-int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x, const BIGNUM *p, BN_CTX *ctx)
-	{
-	BIGNUM *a, *b, *u, *v;
-	int ret = 0;
-
-	bn_check_top(y);
-	bn_check_top(x);
-	bn_check_top(p);
-
-	BN_CTX_start(ctx);
-	
-	a = BN_CTX_get(ctx);
-	b = BN_CTX_get(ctx);
-	u = BN_CTX_get(ctx);
-	v = BN_CTX_get(ctx);
-	if (v == NULL) goto err;
-
-	/* reduce x and y mod p */
-	if (!BN_GF2m_mod(u, y, p)) goto err;
-	if (!BN_GF2m_mod(a, x, p)) goto err;
-	if (!BN_copy(b, p)) goto err;
-	
-	while (!BN_is_odd(a))
-		{
-		if (!BN_rshift1(a, a)) goto err;
-		if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;
-		if (!BN_rshift1(u, u)) goto err;
-		}
-
-	do
-		{
-		if (BN_GF2m_cmp(b, a) > 0)
-			{
-			if (!BN_GF2m_add(b, b, a)) goto err;
-			if (!BN_GF2m_add(v, v, u)) goto err;
-			do
-				{
-				if (!BN_rshift1(b, b)) goto err;
-				if (BN_is_odd(v)) if (!BN_GF2m_add(v, v, p)) goto err;
-				if (!BN_rshift1(v, v)) goto err;
-				} while (!BN_is_odd(b));
-			}
-		else if (BN_abs_is_word(a, 1))
-			break;
-		else
-			{
-			if (!BN_GF2m_add(a, a, b)) goto err;
-			if (!BN_GF2m_add(u, u, v)) goto err;
-			do
-				{
-				if (!BN_rshift1(a, a)) goto err;
-				if (BN_is_odd(u)) if (!BN_GF2m_add(u, u, p)) goto err;
-				if (!BN_rshift1(u, u)) goto err;
-				} while (!BN_is_odd(a));
-			}
-		} while (1);
-
-	if (!BN_copy(r, u)) goto err;
-	bn_check_top(r);
-	ret = 1;
-
-err:
-  	BN_CTX_end(ctx);
-	return ret;
-	}
+int BN_GF2m_mod_div(BIGNUM *r, const BIGNUM *y, const BIGNUM *x,
+                    const BIGNUM *p, BN_CTX *ctx)
+{
+    BIGNUM *a, *b, *u, *v;
+    int ret = 0;
+
+    bn_check_top(y);
+    bn_check_top(x);
+    bn_check_top(p);
+
+    BN_CTX_start(ctx);
+
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    u = BN_CTX_get(ctx);
+    v = BN_CTX_get(ctx);
+    if (v == NULL)
+        goto err;
+
+    /* reduce x and y mod p */
+    if (!BN_GF2m_mod(u, y, p))
+        goto err;
+    if (!BN_GF2m_mod(a, x, p))
+        goto err;
+    if (!BN_copy(b, p))
+        goto err;
+
+    while (!BN_is_odd(a)) {
+        if (!BN_rshift1(a, a))
+            goto err;
+        if (BN_is_odd(u))
+            if (!BN_GF2m_add(u, u, p))
+                goto err;
+        if (!BN_rshift1(u, u))
+            goto err;
+    }
+
+    do {
+        if (BN_GF2m_cmp(b, a) > 0) {
+            if (!BN_GF2m_add(b, b, a))
+                goto err;
+            if (!BN_GF2m_add(v, v, u))
+                goto err;
+            do {
+                if (!BN_rshift1(b, b))
+                    goto err;
+                if (BN_is_odd(v))
+                    if (!BN_GF2m_add(v, v, p))
+                        goto err;
+                if (!BN_rshift1(v, v))
+                    goto err;
+            } while (!BN_is_odd(b));
+        } else if (BN_abs_is_word(a, 1))
+            break;
+        else {
+            if (!BN_GF2m_add(a, a, b))
+                goto err;
+            if (!BN_GF2m_add(u, u, v))
+                goto err;
+            do {
+                if (!BN_rshift1(a, a))
+                    goto err;
+                if (BN_is_odd(u))
+                    if (!BN_GF2m_add(u, u, p))
+                        goto err;
+                if (!BN_rshift1(u, u))
+                    goto err;
+            } while (!BN_is_odd(a));
+        }
+    } while (1);
+
+    if (!BN_copy(r, u))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
 #endif
 
-/* Divide yy by xx, reduce modulo p, and store the result in r. r could be xx 
- * or yy, xx could equal yy.
- *
- * This function calls down to the BN_GF2m_mod_div implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
- * BN_GF2m_mod_div function.
+/*
+ * Divide yy by xx, reduce modulo p, and store the result in r. r could be xx
+ * * or yy, xx could equal yy. This function calls down to the
+ * BN_GF2m_mod_div implementation; this wrapper function is only provided for
+ * convenience; for best performance, use the BN_GF2m_mod_div function.
  */
-int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx, const unsigned int p[], BN_CTX *ctx)
-	{
-	BIGNUM *field;
-	int ret = 0;
-
-	bn_check_top(yy);
-	bn_check_top(xx);
-
-	BN_CTX_start(ctx);
-	if ((field = BN_CTX_get(ctx)) == NULL) goto err;
-	if (!BN_GF2m_arr2poly(p, field)) goto err;
-	
-	ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
-	bn_check_top(r);
-
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-
-/* Compute the bth power of a, reduce modulo p, and store
- * the result in r.  r could be a.
- * Uses simple square-and-multiply algorithm A.5.1 from IEEE P1363.
+int BN_GF2m_mod_div_arr(BIGNUM *r, const BIGNUM *yy, const BIGNUM *xx,
+                        const unsigned int p[], BN_CTX *ctx)
+{
+    BIGNUM *field;
+    int ret = 0;
+
+    bn_check_top(yy);
+    bn_check_top(xx);
+
+    BN_CTX_start(ctx);
+    if ((field = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (!BN_GF2m_arr2poly(p, field))
+        goto err;
+
+    ret = BN_GF2m_mod_div(r, yy, xx, field, ctx);
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the bth power of a, reduce modulo p, and store the result in r.  r
+ * could be a. Uses simple square-and-multiply algorithm A.5.1 from IEEE
+ * P1363.
  */
-int	BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const unsigned int p[], BN_CTX *ctx)
-	{
-	int ret = 0, i, n;
-	BIGNUM *u;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	if (BN_is_zero(b))
-		return(BN_one(r));
-
-	if (BN_abs_is_word(b, 1))
-		return (BN_copy(r, a) != NULL);
-
-	BN_CTX_start(ctx);
-	if ((u = BN_CTX_get(ctx)) == NULL) goto err;
-	
-	if (!BN_GF2m_mod_arr(u, a, p)) goto err;
-	
-	n = BN_num_bits(b) - 1;
-	for (i = n - 1; i >= 0; i--)
-		{
-		if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx)) goto err;
-		if (BN_is_bit_set(b, i))
-			{
-			if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx)) goto err;
-			}
-		}
-	if (!BN_copy(r, u)) goto err;
-	bn_check_top(r);
-	ret = 1;
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-/* Compute the bth power of a, reduce modulo p, and store
- * the result in r.  r could be a.
- *
- * This function calls down to the BN_GF2m_mod_exp_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
- * BN_GF2m_mod_exp_arr function.
+int BN_GF2m_mod_exp_arr(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                        const unsigned int p[], BN_CTX *ctx)
+{
+    int ret = 0, i, n;
+    BIGNUM *u;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (BN_is_zero(b))
+        return (BN_one(r));
+
+    if (BN_abs_is_word(b, 1))
+        return (BN_copy(r, a) != NULL);
+
+    BN_CTX_start(ctx);
+    if ((u = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(u, a, p))
+        goto err;
+
+    n = BN_num_bits(b) - 1;
+    for (i = n - 1; i >= 0; i--) {
+        if (!BN_GF2m_mod_sqr_arr(u, u, p, ctx))
+            goto err;
+        if (BN_is_bit_set(b, i)) {
+            if (!BN_GF2m_mod_mul_arr(u, u, a, p, ctx))
+                goto err;
+        }
+    }
+    if (!BN_copy(r, u))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the bth power of a, reduce modulo p, and store the result in r.  r
+ * could be a. This function calls down to the BN_GF2m_mod_exp_arr
+ * implementation; this wrapper function is only provided for convenience;
+ * for best performance, use the BN_GF2m_mod_exp_arr function.
  */
-int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *p, BN_CTX *ctx)
-	{
-	int ret = 0;
-	const int max = BN_num_bits(p);
-	unsigned int *arr=NULL;
-	bn_check_top(a);
-	bn_check_top(b);
-	bn_check_top(p);
-	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
-	ret = BN_GF2m_poly2arr(p, arr, max);
-	if (!ret || ret > max)
-		{
-		BNerr(BN_F_BN_GF2M_MOD_EXP,BN_R_INVALID_LENGTH);
-		goto err;
-		}
-	ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
-	bn_check_top(r);
-err:
-	if (arr) OPENSSL_free(arr);
-	return ret;
-	}
-
-/* Compute the square root of a, reduce modulo p, and store
- * the result in r.  r could be a.
- * Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
+int BN_GF2m_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                    const BIGNUM *p, BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p);
+    unsigned int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(p);
+    if ((arr =
+         (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_EXP, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_exp_arr(r, a, b, arr, ctx);
+    bn_check_top(r);
+ err:
+    if (arr)
+        OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Compute the square root of a, reduce modulo p, and store the result in r.
+ * r could be a. Uses exponentiation as in algorithm A.4.1 from IEEE P1363.
  */
-int	BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[], BN_CTX *ctx)
-	{
-	int ret = 0;
-	BIGNUM *u;
-
-	bn_check_top(a);
-
-	if (!p[0])
-		{
-		/* reduction mod 1 => return 0 */
-		BN_zero(r);
-		return 1;
-		}
-
-	BN_CTX_start(ctx);
-	if ((u = BN_CTX_get(ctx)) == NULL) goto err;
-	
-	if (!BN_set_bit(u, p[0] - 1)) goto err;
-	ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
-	bn_check_top(r);
-
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-/* Compute the square root of a, reduce modulo p, and store
- * the result in r.  r could be a.
- *
- * This function calls down to the BN_GF2m_mod_sqrt_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
- * BN_GF2m_mod_sqrt_arr function.
+int BN_GF2m_mod_sqrt_arr(BIGNUM *r, const BIGNUM *a, const unsigned int p[],
+                         BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *u;
+
+    bn_check_top(a);
+
+    if (!p[0]) {
+        /* reduction mod 1 => return 0 */
+        BN_zero(r);
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    if ((u = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_set_bit(u, p[0] - 1))
+        goto err;
+    ret = BN_GF2m_mod_exp_arr(r, a, u, p, ctx);
+    bn_check_top(r);
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Compute the square root of a, reduce modulo p, and store the result in r.
+ * r could be a. This function calls down to the BN_GF2m_mod_sqrt_arr
+ * implementation; this wrapper function is only provided for convenience;
+ * for best performance, use the BN_GF2m_mod_sqrt_arr function.
  */
 int BN_GF2m_mod_sqrt(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-	{
-	int ret = 0;
-	const int max = BN_num_bits(p);
-	unsigned int *arr=NULL;
-	bn_check_top(a);
-	bn_check_top(p);
-	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL) goto err;
-	ret = BN_GF2m_poly2arr(p, arr, max);
-	if (!ret || ret > max)
-		{
-		BNerr(BN_F_BN_GF2M_MOD_SQRT,BN_R_INVALID_LENGTH);
-		goto err;
-		}
-	ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
-	bn_check_top(r);
-err:
-	if (arr) OPENSSL_free(arr);
-	return ret;
-	}
-
-/* Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns 0.
- * Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
+{
+    int ret = 0;
+    const int max = BN_num_bits(p);
+    unsigned int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(p);
+    if ((arr =
+         (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) * max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_SQRT, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_sqrt_arr(r, a, arr, ctx);
+    bn_check_top(r);
+ err:
+    if (arr)
+        OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns
+ * 0. Uses algorithms A.4.7 and A.4.6 from IEEE P1363.
  */
-int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_, const unsigned int p[], BN_CTX *ctx)
-	{
-	int ret = 0, count = 0;
-	unsigned int j;
-	BIGNUM *a, *z, *rho, *w, *w2, *tmp;
-
-	bn_check_top(a_);
-
-	if (!p[0])
-		{
-		/* reduction mod 1 => return 0 */
-		BN_zero(r);
-		return 1;
-		}
-
-	BN_CTX_start(ctx);
-	a = BN_CTX_get(ctx);
-	z = BN_CTX_get(ctx);
-	w = BN_CTX_get(ctx);
-	if (w == NULL) goto err;
-
-	if (!BN_GF2m_mod_arr(a, a_, p)) goto err;
-	
-	if (BN_is_zero(a))
-		{
-		BN_zero(r);
-		ret = 1;
-		goto err;
-		}
-
-	if (p[0] & 0x1) /* m is odd */
-		{
-		/* compute half-trace of a */
-		if (!BN_copy(z, a)) goto err;
-		for (j = 1; j <= (p[0] - 1) / 2; j++)
-			{
-			if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
-			if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
-			if (!BN_GF2m_add(z, z, a)) goto err;
-			}
-		
-		}
-	else /* m is even */
-		{
-		rho = BN_CTX_get(ctx);
-		w2 = BN_CTX_get(ctx);
-		tmp = BN_CTX_get(ctx);
-		if (tmp == NULL) goto err;
-		do
-			{
-			if (!BN_rand(rho, p[0], 0, 0)) goto err;
-			if (!BN_GF2m_mod_arr(rho, rho, p)) goto err;
-			BN_zero(z);
-			if (!BN_copy(w, rho)) goto err;
-			for (j = 1; j <= p[0] - 1; j++)
-				{
-				if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx)) goto err;
-				if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx)) goto err;
-				if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx)) goto err;
-				if (!BN_GF2m_add(z, z, tmp)) goto err;
-				if (!BN_GF2m_add(w, w2, rho)) goto err;
-				}
-			count++;
-			} while (BN_is_zero(w) && (count < MAX_ITERATIONS));
-		if (BN_is_zero(w))
-			{
-			BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR,BN_R_TOO_MANY_ITERATIONS);
-			goto err;
-			}
-		}
-	
-	if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx)) goto err;
-	if (!BN_GF2m_add(w, z, w)) goto err;
-	if (BN_GF2m_cmp(w, a))
-		{
-		BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
-		goto err;
-		}
-
-	if (!BN_copy(r, z)) goto err;
-	bn_check_top(r);
-
-	ret = 1;
-
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-/* Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns 0.
- *
- * This function calls down to the BN_GF2m_mod_solve_quad_arr implementation; this wrapper
- * function is only provided for convenience; for best performance, use the 
- * BN_GF2m_mod_solve_quad_arr function.
+int BN_GF2m_mod_solve_quad_arr(BIGNUM *r, const BIGNUM *a_,
+                               const unsigned int p[], BN_CTX *ctx)
+{
+    int ret = 0, count = 0;
+    unsigned int j;
+    BIGNUM *a, *z, *rho, *w, *w2, *tmp;
+
+    bn_check_top(a_);
+
+    if (!p[0]) {
+        /* reduction mod 1 => return 0 */
+        BN_zero(r);
+        return 1;
+    }
+
+    BN_CTX_start(ctx);
+    a = BN_CTX_get(ctx);
+    z = BN_CTX_get(ctx);
+    w = BN_CTX_get(ctx);
+    if (w == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(a, a_, p))
+        goto err;
+
+    if (BN_is_zero(a)) {
+        BN_zero(r);
+        ret = 1;
+        goto err;
+    }
+
+    if (p[0] & 0x1) {           /* m is odd */
+        /* compute half-trace of a */
+        if (!BN_copy(z, a))
+            goto err;
+        for (j = 1; j <= (p[0] - 1) / 2; j++) {
+            if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+                goto err;
+            if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+                goto err;
+            if (!BN_GF2m_add(z, z, a))
+                goto err;
+        }
+
+    } else {                    /* m is even */
+
+        rho = BN_CTX_get(ctx);
+        w2 = BN_CTX_get(ctx);
+        tmp = BN_CTX_get(ctx);
+        if (tmp == NULL)
+            goto err;
+        do {
+            if (!BN_rand(rho, p[0], 0, 0))
+                goto err;
+            if (!BN_GF2m_mod_arr(rho, rho, p))
+                goto err;
+            BN_zero(z);
+            if (!BN_copy(w, rho))
+                goto err;
+            for (j = 1; j <= p[0] - 1; j++) {
+                if (!BN_GF2m_mod_sqr_arr(z, z, p, ctx))
+                    goto err;
+                if (!BN_GF2m_mod_sqr_arr(w2, w, p, ctx))
+                    goto err;
+                if (!BN_GF2m_mod_mul_arr(tmp, w2, a, p, ctx))
+                    goto err;
+                if (!BN_GF2m_add(z, z, tmp))
+                    goto err;
+                if (!BN_GF2m_add(w, w2, rho))
+                    goto err;
+            }
+            count++;
+        } while (BN_is_zero(w) && (count < MAX_ITERATIONS));
+        if (BN_is_zero(w)) {
+            BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_TOO_MANY_ITERATIONS);
+            goto err;
+        }
+    }
+
+    if (!BN_GF2m_mod_sqr_arr(w, z, p, ctx))
+        goto err;
+    if (!BN_GF2m_add(w, z, w))
+        goto err;
+    if (BN_GF2m_cmp(w, a)) {
+        BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD_ARR, BN_R_NO_SOLUTION);
+        goto err;
+    }
+
+    if (!BN_copy(r, z))
+        goto err;
+    bn_check_top(r);
+
+    ret = 1;
+
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*
+ * Find r such that r^2 + r = a mod p.  r could be a. If no r exists returns
+ * 0. This function calls down to the BN_GF2m_mod_solve_quad_arr
+ * implementation; this wrapper function is only provided for convenience;
+ * for best performance, use the BN_GF2m_mod_solve_quad_arr function.
  */
-int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
-	{
-	int ret = 0;
-	const int max = BN_num_bits(p);
-	unsigned int *arr=NULL;
-	bn_check_top(a);
-	bn_check_top(p);
-	if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) *
-						max)) == NULL) goto err;
-	ret = BN_GF2m_poly2arr(p, arr, max);
-	if (!ret || ret > max)
-		{
-		BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD,BN_R_INVALID_LENGTH);
-		goto err;
-		}
-	ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
-	bn_check_top(r);
-err:
-	if (arr) OPENSSL_free(arr);
-	return ret;
-	}
-
-/* Convert the bit-string representation of a polynomial
- * ( \sum_{i=0}^n a_i * x^i , where a_0 is *not* zero) into an array
- * of integers corresponding to the bits with non-zero coefficient.
- * Up to max elements of the array will be filled.  Return value is total
- * number of coefficients that would be extracted if array was large enough.
+int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
+                           BN_CTX *ctx)
+{
+    int ret = 0;
+    const int max = BN_num_bits(p);
+    unsigned int *arr = NULL;
+    bn_check_top(a);
+    bn_check_top(p);
+    if ((arr = (unsigned int *)OPENSSL_malloc(sizeof(unsigned int) *
+                                              max)) == NULL)
+        goto err;
+    ret = BN_GF2m_poly2arr(p, arr, max);
+    if (!ret || ret > max) {
+        BNerr(BN_F_BN_GF2M_MOD_SOLVE_QUAD, BN_R_INVALID_LENGTH);
+        goto err;
+    }
+    ret = BN_GF2m_mod_solve_quad_arr(r, a, arr, ctx);
+    bn_check_top(r);
+ err:
+    if (arr)
+        OPENSSL_free(arr);
+    return ret;
+}
+
+/*
+ * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i *
+ * x^i , where a_0 is *not* zero) into an array of integers corresponding to
+ * the bits with non-zero coefficient. Up to max elements of the array will
+ * be filled.  Return value is total number of coefficients that would be
+ * extracted if array was large enough.
  */
 int BN_GF2m_poly2arr(const BIGNUM *a, unsigned int p[], int max)
-	{
-	int i, j, k = 0;
-	BN_ULONG mask;
-
-	if (BN_is_zero(a) || !BN_is_bit_set(a, 0))
-		/* a_0 == 0 => return error (the unsigned int array
-		 * must be terminated by 0)
-		 */
-		return 0;
-
-	for (i = a->top - 1; i >= 0; i--)
-		{
-		if (!a->d[i])
-			/* skip word if a->d[i] == 0 */
-			continue;
-		mask = BN_TBIT;
-		for (j = BN_BITS2 - 1; j >= 0; j--)
-			{
-			if (a->d[i] & mask) 
-				{
-				if (k < max) p[k] = BN_BITS2 * i + j;
-				k++;
-				}
-			mask >>= 1;
-			}
-		}
-
-	return k;
-	}
-
-/* Convert the coefficient array representation of a polynomial to a 
+{
+    int i, j, k = 0;
+    BN_ULONG mask;
+
+    if (BN_is_zero(a) || !BN_is_bit_set(a, 0))
+        /*
+         * a_0 == 0 => return error (the unsigned int array must be
+         * terminated by 0)
+         */
+        return 0;
+
+    for (i = a->top - 1; i >= 0; i--) {
+        if (!a->d[i])
+            /* skip word if a->d[i] == 0 */
+            continue;
+        mask = BN_TBIT;
+        for (j = BN_BITS2 - 1; j >= 0; j--) {
+            if (a->d[i] & mask) {
+                if (k < max)
+                    p[k] = BN_BITS2 * i + j;
+                k++;
+            }
+            mask >>= 1;
+        }
+    }
+
+    return k;
+}
+
+/*
+ * Convert the coefficient array representation of a polynomial to a
  * bit-string.  The array must be terminated by 0.
  */
 int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a)
-	{
-	int i;
-
-	bn_check_top(a);
-	BN_zero(a);
-	for (i = 0; p[i] != 0; i++)
-		{
-		if (BN_set_bit(a, p[i]) == 0)
-			return 0;
-		}
-	BN_set_bit(a, 0);
-	bn_check_top(a);
-
-	return 1;
-	}
-
-/* 
- * Constant-time conditional swap of a and b.  
+{
+    int i;
+
+    bn_check_top(a);
+    BN_zero(a);
+    for (i = 0; p[i] != 0; i++) {
+        if (BN_set_bit(a, p[i]) == 0)
+            return 0;
+    }
+    BN_set_bit(a, 0);
+    bn_check_top(a);
+
+    return 1;
+}
+
+/*
+ * Constant-time conditional swap of a and b.
  * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.
  * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,
  * and that no more than nwords are used by either a or b.
  * a and b cannot be the same number
  */
 void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)
-	{
-	BN_ULONG t;
-	int i;
+{
+    BN_ULONG t;
+    int i;
 
-	bn_wcheck_size(a, nwords);
-	bn_wcheck_size(b, nwords);
+    bn_wcheck_size(a, nwords);
+    bn_wcheck_size(b, nwords);
 
-	assert(a != b);
-	assert((condition & (condition - 1)) == 0);
-	assert(sizeof(BN_ULONG) >= sizeof(int));
+    assert(a != b);
+    assert((condition & (condition - 1)) == 0);
+    assert(sizeof(BN_ULONG) >= sizeof(int));
 
-	condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
+    condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;
 
-	t = (a->top^b->top) & condition;
-	a->top ^= t;
-	b->top ^= t;
+    t = (a->top ^ b->top) & condition;
+    a->top ^= t;
+    b->top ^= t;
 
 #define BN_CONSTTIME_SWAP(ind) \
-	do { \
-		t = (a->d[ind] ^ b->d[ind]) & condition; \
-		a->d[ind] ^= t; \
-		b->d[ind] ^= t; \
-	} while (0)
-
-
-	switch (nwords) {
-	default:
-		for (i = 10; i < nwords; i++) 
-			BN_CONSTTIME_SWAP(i);
-		/* Fallthrough */
-	case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */
-	case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */
-	case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */
-	case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */
-	case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */
-	case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */
-	case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */
-	case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */
-	case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */
-	case 1: BN_CONSTTIME_SWAP(0);
-	}
+        do { \
+                t = (a->d[ind] ^ b->d[ind]) & condition; \
+                a->d[ind] ^= t; \
+                b->d[ind] ^= t; \
+        } while (0)
+
+    switch (nwords) {
+    default:
+        for (i = 10; i < nwords; i++)
+            BN_CONSTTIME_SWAP(i);
+        /* Fallthrough */
+    case 10:
+        BN_CONSTTIME_SWAP(9);   /* Fallthrough */
+    case 9:
+        BN_CONSTTIME_SWAP(8);   /* Fallthrough */
+    case 8:
+        BN_CONSTTIME_SWAP(7);   /* Fallthrough */
+    case 7:
+        BN_CONSTTIME_SWAP(6);   /* Fallthrough */
+    case 6:
+        BN_CONSTTIME_SWAP(5);   /* Fallthrough */
+    case 5:
+        BN_CONSTTIME_SWAP(4);   /* Fallthrough */
+    case 4:
+        BN_CONSTTIME_SWAP(3);   /* Fallthrough */
+    case 3:
+        BN_CONSTTIME_SWAP(2);   /* Fallthrough */
+    case 2:
+        BN_CONSTTIME_SWAP(1);   /* Fallthrough */
+    case 1:
+        BN_CONSTTIME_SWAP(0);
+    }
 #undef BN_CONSTTIME_SWAP
 }
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c
index 740359b7..88d731ac 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,124 +61,126 @@
 
 /* Returns -2 for errors because both -1 and 0 are valid results. */
 int BN_kronecker(const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	int i;
-	int ret = -2; /* avoid 'uninitialized' warning */
-	int err = 0;
-	BIGNUM *A, *B, *tmp;
-	/* In 'tab', only odd-indexed entries are relevant:
-	 * For any odd BIGNUM n,
-	 *     tab[BN_lsw(n) & 7]
-	 * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
-	 * Note that the sign of n does not matter.
-	 */
-	static const int tab[8] = {0, 1, 0, -1, 0, -1, 0, 1};
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	BN_CTX_start(ctx);
-	A = BN_CTX_get(ctx);
-	B = BN_CTX_get(ctx);
-	if (B == NULL) goto end;
-	
-	err = !BN_copy(A, a);
-	if (err) goto end;
-	err = !BN_copy(B, b);
-	if (err) goto end;
-
-	/*
-	 * Kronecker symbol, imlemented according to Henri Cohen,
-	 * "A Course in Computational Algebraic Number Theory"
-	 * (algorithm 1.4.10).
-	 */
-
-	/* Cohen's step 1: */
-
-	if (BN_is_zero(B))
-		{
-		ret = BN_abs_is_word(A, 1);
-		goto end;
- 		}
-	
-	/* Cohen's step 2: */
-
-	if (!BN_is_odd(A) && !BN_is_odd(B))
-		{
-		ret = 0;
-		goto end;
-		}
-
-	/* now  B  is non-zero */
-	i = 0;
-	while (!BN_is_bit_set(B, i))
-		i++;
-	err = !BN_rshift(B, B, i);
-	if (err) goto end;
-	if (i & 1)
-		{
-		/* i is odd */
-		/* (thus  B  was even, thus  A  must be odd!)  */
-
-		/* set 'ret' to $(-1)^{(A^2-1)/8}$ */
-		ret = tab[BN_lsw(A) & 7];
-		}
-	else
-		{
-		/* i is even */
-		ret = 1;
-		}
-	
-	if (B->neg)
-		{
-		B->neg = 0;
-		if (A->neg)
-			ret = -ret;
-		}
-
-	/* now  B  is positive and odd, so what remains to be done is
-	 * to compute the Jacobi symbol  (A/B)  and multiply it by 'ret' */
-
-	while (1)
-		{
-		/* Cohen's step 3: */
-
-		/*  B  is positive and odd */
-
-		if (BN_is_zero(A))
-			{
-			ret = BN_is_one(B) ? ret : 0;
-			goto end;
-			}
-
-		/* now  A  is non-zero */
-		i = 0;
-		while (!BN_is_bit_set(A, i))
-			i++;
-		err = !BN_rshift(A, A, i);
-		if (err) goto end;
-		if (i & 1)
-			{
-			/* i is odd */
-			/* multiply 'ret' by  $(-1)^{(B^2-1)/8}$ */
-			ret = ret * tab[BN_lsw(B) & 7];
-			}
-	
-		/* Cohen's step 4: */
-		/* multiply 'ret' by  $(-1)^{(A-1)(B-1)/4}$ */
-		if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
-			ret = -ret;
-		
-		/* (A, B) := (B mod |A|, |A|) */
-		err = !BN_nnmod(B, B, A, ctx);
-		if (err) goto end;
-		tmp = A; A = B; B = tmp;
-		tmp->neg = 0;
-		}
-end:
-	BN_CTX_end(ctx);
-	if (err)
-		return -2;
-	else
-		return ret;
-	}
+{
+    int i;
+    int ret = -2;               /* avoid 'uninitialized' warning */
+    int err = 0;
+    BIGNUM *A, *B, *tmp;
+    /*-
+     * In 'tab', only odd-indexed entries are relevant:
+     * For any odd BIGNUM n,
+     *     tab[BN_lsw(n) & 7]
+     * is $(-1)^{(n^2-1)/8}$ (using TeX notation).
+     * Note that the sign of n does not matter.
+     */
+    static const int tab[8] = { 0, 1, 0, -1, 0, -1, 0, 1 };
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    B = BN_CTX_get(ctx);
+    if (B == NULL)
+        goto end;
+
+    err = !BN_copy(A, a);
+    if (err)
+        goto end;
+    err = !BN_copy(B, b);
+    if (err)
+        goto end;
+
+    /*
+     * Kronecker symbol, imlemented according to Henri Cohen,
+     * "A Course in Computational Algebraic Number Theory"
+     * (algorithm 1.4.10).
+     */
+
+    /* Cohen's step 1: */
+
+    if (BN_is_zero(B)) {
+        ret = BN_abs_is_word(A, 1);
+        goto end;
+    }
+
+    /* Cohen's step 2: */
+
+    if (!BN_is_odd(A) && !BN_is_odd(B)) {
+        ret = 0;
+        goto end;
+    }
+
+    /* now  B  is non-zero */
+    i = 0;
+    while (!BN_is_bit_set(B, i))
+        i++;
+    err = !BN_rshift(B, B, i);
+    if (err)
+        goto end;
+    if (i & 1) {
+        /* i is odd */
+        /* (thus  B  was even, thus  A  must be odd!)  */
+
+        /* set 'ret' to $(-1)^{(A^2-1)/8}$ */
+        ret = tab[BN_lsw(A) & 7];
+    } else {
+        /* i is even */
+        ret = 1;
+    }
+
+    if (B->neg) {
+        B->neg = 0;
+        if (A->neg)
+            ret = -ret;
+    }
+
+    /*
+     * now B is positive and odd, so what remains to be done is to compute
+     * the Jacobi symbol (A/B) and multiply it by 'ret'
+     */
+
+    while (1) {
+        /* Cohen's step 3: */
+
+        /*  B  is positive and odd */
+
+        if (BN_is_zero(A)) {
+            ret = BN_is_one(B) ? ret : 0;
+            goto end;
+        }
+
+        /* now  A  is non-zero */
+        i = 0;
+        while (!BN_is_bit_set(A, i))
+            i++;
+        err = !BN_rshift(A, A, i);
+        if (err)
+            goto end;
+        if (i & 1) {
+            /* i is odd */
+            /* multiply 'ret' by  $(-1)^{(B^2-1)/8}$ */
+            ret = ret * tab[BN_lsw(B) & 7];
+        }
+
+        /* Cohen's step 4: */
+        /* multiply 'ret' by  $(-1)^{(A-1)(B-1)/4}$ */
+        if ((A->neg ? ~BN_lsw(A) : BN_lsw(A)) & BN_lsw(B) & 2)
+            ret = -ret;
+
+        /* (A, B) := (B mod |A|, |A|) */
+        err = !BN_nnmod(B, B, A, ctx);
+        if (err)
+            goto end;
+        tmp = A;
+        A = B;
+        B = tmp;
+        tmp->neg = 0;
+    }
+ end:
+    BN_CTX_end(ctx);
+    if (err)
+        return -2;
+    else
+        return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c
index c288844a..becb9571 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -57,7 +57,7 @@
  */
 
 #ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
+# undef NDEBUG                  /* avoid conflicting definitions */
 # define NDEBUG
 #endif
 
@@ -67,11 +67,12 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
+const char BN_version[] = "Big Number" OPENSSL_VERSION_PTEXT;
 
 /* This stuff appears to be completely unused, so is deprecated */
 #ifndef OPENSSL_NO_DEPRECATED
-/* For a 32 bit machine
+/*-
+ * For a 32 bit machine
  * 2 -   4 ==  128
  * 3 -   8 ==  256
  * 4 -  16 ==  512
@@ -80,756 +81,774 @@ const char BN_version[]="Big Number" OPENSSL_VERSION_PTEXT;
  * 7 - 128 == 4096
  * 8 - 256 == 8192
  */
-static int bn_limit_bits=0;
-static int bn_limit_num=8;        /* (1<<bn_limit_bits) */
-static int bn_limit_bits_low=0;
-static int bn_limit_num_low=8;    /* (1<<bn_limit_bits_low) */
-static int bn_limit_bits_high=0;
-static int bn_limit_num_high=8;   /* (1<<bn_limit_bits_high) */
-static int bn_limit_bits_mont=0;
-static int bn_limit_num_mont=8;   /* (1<<bn_limit_bits_mont) */
+static int bn_limit_bits = 0;
+static int bn_limit_num = 8;    /* (1<<bn_limit_bits) */
+static int bn_limit_bits_low = 0;
+static int bn_limit_num_low = 8; /* (1<<bn_limit_bits_low) */
+static int bn_limit_bits_high = 0;
+static int bn_limit_num_high = 8; /* (1<<bn_limit_bits_high) */
+static int bn_limit_bits_mont = 0;
+static int bn_limit_num_mont = 8; /* (1<<bn_limit_bits_mont) */
 
 void BN_set_params(int mult, int high, int low, int mont)
-	{
-	if (mult >= 0)
-		{
-		if (mult > (int)(sizeof(int)*8)-1)
-			mult=sizeof(int)*8-1;
-		bn_limit_bits=mult;
-		bn_limit_num=1<<mult;
-		}
-	if (high >= 0)
-		{
-		if (high > (int)(sizeof(int)*8)-1)
-			high=sizeof(int)*8-1;
-		bn_limit_bits_high=high;
-		bn_limit_num_high=1<<high;
-		}
-	if (low >= 0)
-		{
-		if (low > (int)(sizeof(int)*8)-1)
-			low=sizeof(int)*8-1;
-		bn_limit_bits_low=low;
-		bn_limit_num_low=1<<low;
-		}
-	if (mont >= 0)
-		{
-		if (mont > (int)(sizeof(int)*8)-1)
-			mont=sizeof(int)*8-1;
-		bn_limit_bits_mont=mont;
-		bn_limit_num_mont=1<<mont;
-		}
-	}
+{
+    if (mult >= 0) {
+        if (mult > (int)(sizeof(int) * 8) - 1)
+            mult = sizeof(int) * 8 - 1;
+        bn_limit_bits = mult;
+        bn_limit_num = 1 << mult;
+    }
+    if (high >= 0) {
+        if (high > (int)(sizeof(int) * 8) - 1)
+            high = sizeof(int) * 8 - 1;
+        bn_limit_bits_high = high;
+        bn_limit_num_high = 1 << high;
+    }
+    if (low >= 0) {
+        if (low > (int)(sizeof(int) * 8) - 1)
+            low = sizeof(int) * 8 - 1;
+        bn_limit_bits_low = low;
+        bn_limit_num_low = 1 << low;
+    }
+    if (mont >= 0) {
+        if (mont > (int)(sizeof(int) * 8) - 1)
+            mont = sizeof(int) * 8 - 1;
+        bn_limit_bits_mont = mont;
+        bn_limit_num_mont = 1 << mont;
+    }
+}
 
 int BN_get_params(int which)
-	{
-	if      (which == 0) return(bn_limit_bits);
-	else if (which == 1) return(bn_limit_bits_high);
-	else if (which == 2) return(bn_limit_bits_low);
-	else if (which == 3) return(bn_limit_bits_mont);
-	else return(0);
-	}
+{
+    if (which == 0)
+        return (bn_limit_bits);
+    else if (which == 1)
+        return (bn_limit_bits_high);
+    else if (which == 2)
+        return (bn_limit_bits_low);
+    else if (which == 3)
+        return (bn_limit_bits_mont);
+    else
+        return (0);
+}
 #endif
 
 const BIGNUM *BN_value_one(void)
-	{
-	static BN_ULONG data_one=1L;
-	static BIGNUM const_one={&data_one,1,1,0,BN_FLG_STATIC_DATA};
+{
+    static BN_ULONG data_one = 1L;
+    static BIGNUM const_one = { &data_one, 1, 1, 0, BN_FLG_STATIC_DATA };
 
-	return(&const_one);
-	}
+    return (&const_one);
+}
 
 int BN_num_bits_word(BN_ULONG l)
-	{
-	static const char bits[256]={
-		0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4,
-		5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,
-		6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
-		6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,
-		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
-		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
-		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
-		7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,
-		};
+{
+    static const char bits[256] = {
+        0, 1, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 4, 4, 4, 4,
+        5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5, 5,
+        6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
+        6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6, 6,
+        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+        7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7, 7,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+        8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
+    };
 
 #if defined(SIXTY_FOUR_BIT_LONG)
-	if (l & 0xffffffff00000000L)
-		{
-		if (l & 0xffff000000000000L)
-			{
-			if (l & 0xff00000000000000L)
-				{
-				return(bits[(int)(l>>56)]+56);
-				}
-			else	return(bits[(int)(l>>48)]+48);
-			}
-		else
-			{
-			if (l & 0x0000ff0000000000L)
-				{
-				return(bits[(int)(l>>40)]+40);
-				}
-			else	return(bits[(int)(l>>32)]+32);
-			}
-		}
-	else
+    if (l & 0xffffffff00000000L) {
+        if (l & 0xffff000000000000L) {
+            if (l & 0xff00000000000000L) {
+                return (bits[(int)(l >> 56)] + 56);
+            } else
+                return (bits[(int)(l >> 48)] + 48);
+        } else {
+            if (l & 0x0000ff0000000000L) {
+                return (bits[(int)(l >> 40)] + 40);
+            } else
+                return (bits[(int)(l >> 32)] + 32);
+        }
+    } else
 #else
-#ifdef SIXTY_FOUR_BIT
-	if (l & 0xffffffff00000000LL)
-		{
-		if (l & 0xffff000000000000LL)
-			{
-			if (l & 0xff00000000000000LL)
-				{
-				return(bits[(int)(l>>56)]+56);
-				}
-			else	return(bits[(int)(l>>48)]+48);
-			}
-		else
-			{
-			if (l & 0x0000ff0000000000LL)
-				{
-				return(bits[(int)(l>>40)]+40);
-				}
-			else	return(bits[(int)(l>>32)]+32);
-			}
-		}
-	else
-#endif
+# ifdef SIXTY_FOUR_BIT
+    if (l & 0xffffffff00000000LL) {
+        if (l & 0xffff000000000000LL) {
+            if (l & 0xff00000000000000LL) {
+                return (bits[(int)(l >> 56)] + 56);
+            } else
+                return (bits[(int)(l >> 48)] + 48);
+        } else {
+            if (l & 0x0000ff0000000000LL) {
+                return (bits[(int)(l >> 40)] + 40);
+            } else
+                return (bits[(int)(l >> 32)] + 32);
+        }
+    } else
+# endif
 #endif
-		{
+    {
 #if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-		if (l & 0xffff0000L)
-			{
-			if (l & 0xff000000L)
-				return(bits[(int)(l>>24L)]+24);
-			else	return(bits[(int)(l>>16L)]+16);
-			}
-		else
+        if (l & 0xffff0000L) {
+            if (l & 0xff000000L)
+                return (bits[(int)(l >> 24L)] + 24);
+            else
+                return (bits[(int)(l >> 16L)] + 16);
+        } else
 #endif
-			{
+        {
 #if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG)
-			if (l & 0xff00L)
-				return(bits[(int)(l>>8)]+8);
-			else	
+            if (l & 0xff00L)
+                return (bits[(int)(l >> 8)] + 8);
+            else
 #endif
-				return(bits[(int)(l   )]  );
-			}
-		}
-	}
+                return (bits[(int)(l)]);
+        }
+    }
+}
 
 int BN_num_bits(const BIGNUM *a)
-	{
-	int i = a->top - 1;
-	bn_check_top(a);
+{
+    int i = a->top - 1;
+    bn_check_top(a);
 
-	if (BN_is_zero(a)) return 0;
-	return ((i*BN_BITS2) + BN_num_bits_word(a->d[i]));
-	}
+    if (BN_is_zero(a))
+        return 0;
+    return ((i * BN_BITS2) + BN_num_bits_word(a->d[i]));
+}
 
 void BN_clear_free(BIGNUM *a)
-	{
-	int i;
-
-	if (a == NULL) return;
-	bn_check_top(a);
-	if (a->d != NULL)
-		{
-		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
-		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
-			OPENSSL_free(a->d);
-		}
-	i=BN_get_flags(a,BN_FLG_MALLOCED);
-	OPENSSL_cleanse(a,sizeof(BIGNUM));
-	if (i)
-		OPENSSL_free(a);
-	}
+{
+    int i;
+
+    if (a == NULL)
+        return;
+    bn_check_top(a);
+    if (a->d != NULL) {
+        OPENSSL_cleanse(a->d, a->dmax * sizeof(a->d[0]));
+        if (!(BN_get_flags(a, BN_FLG_STATIC_DATA)))
+            OPENSSL_free(a->d);
+    }
+    i = BN_get_flags(a, BN_FLG_MALLOCED);
+    OPENSSL_cleanse(a, sizeof(BIGNUM));
+    if (i)
+        OPENSSL_free(a);
+}
 
 void BN_free(BIGNUM *a)
-	{
-	if (a == NULL) return;
-	bn_check_top(a);
-	if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA)))
-		OPENSSL_free(a->d);
-	if (a->flags & BN_FLG_MALLOCED)
-		OPENSSL_free(a);
-	else
-		{
+{
+    if (a == NULL)
+        return;
+    bn_check_top(a);
+    if ((a->d != NULL) && !(BN_get_flags(a, BN_FLG_STATIC_DATA)))
+        OPENSSL_free(a->d);
+    if (a->flags & BN_FLG_MALLOCED)
+        OPENSSL_free(a);
+    else {
 #ifndef OPENSSL_NO_DEPRECATED
-		a->flags|=BN_FLG_FREE;
+        a->flags |= BN_FLG_FREE;
 #endif
-		a->d = NULL;
-		}
-	}
+        a->d = NULL;
+    }
+}
 
 void BN_init(BIGNUM *a)
-	{
-	memset(a,0,sizeof(BIGNUM));
-	bn_check_top(a);
-	}
+{
+    memset(a, 0, sizeof(BIGNUM));
+    bn_check_top(a);
+}
 
 BIGNUM *BN_new(void)
-	{
-	BIGNUM *ret;
-
-	if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL)
-		{
-		BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	ret->flags=BN_FLG_MALLOCED;
-	ret->top=0;
-	ret->neg=0;
-	ret->dmax=0;
-	ret->d=NULL;
-	bn_check_top(ret);
-	return(ret);
-	}
+{
+    BIGNUM *ret;
+
+    if ((ret = (BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) {
+        BNerr(BN_F_BN_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    ret->flags = BN_FLG_MALLOCED;
+    ret->top = 0;
+    ret->neg = 0;
+    ret->dmax = 0;
+    ret->d = NULL;
+    bn_check_top(ret);
+    return (ret);
+}
 
 /* This is used both by bn_expand2() and bn_dup_expand() */
 /* The caller MUST check that words > b->dmax before calling this */
 static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
-	{
-	BN_ULONG *A,*a = NULL;
-	const BN_ULONG *B;
-	int i;
-
-	bn_check_top(b);
-
-	if (words > (INT_MAX/(4*BN_BITS2)))
-		{
-		BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG);
-		return NULL;
-		}
-	if (BN_get_flags(b,BN_FLG_STATIC_DATA))
-		{
-		BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
-		return(NULL);
-		}
-	a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*words);
-	if (A == NULL)
-		{
-		BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
+{
+    BN_ULONG *A, *a = NULL;
+    const BN_ULONG *B;
+    int i;
+
+    bn_check_top(b);
+
+    if (words > (INT_MAX / (4 * BN_BITS2))) {
+        BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_BIGNUM_TOO_LONG);
+        return NULL;
+    }
+    if (BN_get_flags(b, BN_FLG_STATIC_DATA)) {
+        BNerr(BN_F_BN_EXPAND_INTERNAL, BN_R_EXPAND_ON_STATIC_BIGNUM_DATA);
+        return (NULL);
+    }
+    a = A = (BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG) * words);
+    if (A == NULL) {
+        BNerr(BN_F_BN_EXPAND_INTERNAL, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
 #ifdef PURIFY
-	/* Valgrind complains in BN_consttime_swap because we process the whole
-	 * array even if it's not initialised yet. This doesn't matter in that
-	 * function - what's important is constant time operation (we're not
-	 * actually going to use the data)
-	*/
-	memset(a, 0, sizeof(BN_ULONG)*words);
+    /*
+     * Valgrind complains in BN_consttime_swap because we process the whole
+     * array even if it's not initialised yet. This doesn't matter in that
+     * function - what's important is constant time operation (we're not
+     * actually going to use the data)
+     */
+    memset(a, 0, sizeof(BN_ULONG) * words);
 #endif
 
 #if 1
-	B=b->d;
-	/* Check if the previous number needs to be copied */
-	if (B != NULL)
-		{
-		for (i=b->top>>2; i>0; i--,A+=4,B+=4)
-			{
-			/*
-			 * The fact that the loop is unrolled
-			 * 4-wise is a tribute to Intel. It's
-			 * the one that doesn't have enough
-			 * registers to accomodate more data.
-			 * I'd unroll it 8-wise otherwise:-)
-			 *
-			 *		<appro@fy.chalmers.se>
-			 */
-			BN_ULONG a0,a1,a2,a3;
-			a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
-			A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
-			}
-		switch (b->top&3)
-			{
-		case 3:	A[2]=B[2];
-		case 2:	A[1]=B[1];
-		case 1:	A[0]=B[0];
-		case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does
-		         * the switch table by doing a=top&3; a--; goto jump_table[a];
-		         * which fails for top== 0 */
-			;
-			}
-		}
-
+    B = b->d;
+    /* Check if the previous number needs to be copied */
+    if (B != NULL) {
+        for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
+            /*
+             * The fact that the loop is unrolled
+             * 4-wise is a tribute to Intel. It's
+             * the one that doesn't have enough
+             * registers to accomodate more data.
+             * I'd unroll it 8-wise otherwise:-)
+             *
+             *              <appro@fy.chalmers.se>
+             */
+            BN_ULONG a0, a1, a2, a3;
+            a0 = B[0];
+            a1 = B[1];
+            a2 = B[2];
+            a3 = B[3];
+            A[0] = a0;
+            A[1] = a1;
+            A[2] = a2;
+            A[3] = a3;
+        }
+        /*
+         * workaround for ultrix cc: without 'case 0', the optimizer does
+         * the switch table by doing a=top&3; a--; goto jump_table[a];
+         * which fails for top== 0
+         */
+        switch (b->top & 3) {
+        case 3:
+            A[2] = B[2];
+        case 2:
+            A[1] = B[1];
+        case 1:
+            A[0] = B[0];
+        case 0:
+            ;
+        }
+    }
 #else
-	memset(A,0,sizeof(BN_ULONG)*words);
-	memcpy(A,b->d,sizeof(b->d[0])*b->top);
+    memset(A, 0, sizeof(BN_ULONG) * words);
+    memcpy(A, b->d, sizeof(b->d[0]) * b->top);
 #endif
-		
-	return(a);
-	}
-
-/* This is an internal function that can be used instead of bn_expand2()
- * when there is a need to copy BIGNUMs instead of only expanding the
- * data part, while still expanding them.
- * Especially useful when needing to expand BIGNUMs that are declared
- * 'const' and should therefore not be changed.
- * The reason to use this instead of a BN_dup() followed by a bn_expand2()
- * is memory allocation overhead.  A BN_dup() followed by a bn_expand2()
- * will allocate new memory for the BIGNUM data twice, and free it once,
- * while bn_dup_expand() makes sure allocation is made only once.
+
+    return (a);
+}
+
+/*
+ * This is an internal function that can be used instead of bn_expand2() when
+ * there is a need to copy BIGNUMs instead of only expanding the data part,
+ * while still expanding them. Especially useful when needing to expand
+ * BIGNUMs that are declared 'const' and should therefore not be changed. The
+ * reason to use this instead of a BN_dup() followed by a bn_expand2() is
+ * memory allocation overhead.  A BN_dup() followed by a bn_expand2() will
+ * allocate new memory for the BIGNUM data twice, and free it once, while
+ * bn_dup_expand() makes sure allocation is made only once.
  */
 
 #ifndef OPENSSL_NO_DEPRECATED
 BIGNUM *bn_dup_expand(const BIGNUM *b, int words)
-	{
-	BIGNUM *r = NULL;
-
-	bn_check_top(b);
-
-	/* This function does not work if
-	 *      words <= b->dmax && top < words
-	 * because BN_dup() does not preserve 'dmax'!
-	 * (But bn_dup_expand() is not used anywhere yet.)
-	 */
-
-	if (words > b->dmax)
-		{
-		BN_ULONG *a = bn_expand_internal(b, words);
-
-		if (a)
-			{
-			r = BN_new();
-			if (r)
-				{
-				r->top = b->top;
-				r->dmax = words;
-				r->neg = b->neg;
-				r->d = a;
-				}
-			else
-				{
-				/* r == NULL, BN_new failure */
-				OPENSSL_free(a);
-				}
-			}
-		/* If a == NULL, there was an error in allocation in
-		   bn_expand_internal(), and NULL should be returned */
-		}
-	else
-		{
-		r = BN_dup(b);
-		}
-
-	bn_check_top(r);
-	return r;
-	}
+{
+    BIGNUM *r = NULL;
+
+    bn_check_top(b);
+
+    /*
+     * This function does not work if words <= b->dmax && top < words because
+     * BN_dup() does not preserve 'dmax'! (But bn_dup_expand() is not used
+     * anywhere yet.)
+     */
+
+    if (words > b->dmax) {
+        BN_ULONG *a = bn_expand_internal(b, words);
+
+        if (a) {
+            r = BN_new();
+            if (r) {
+                r->top = b->top;
+                r->dmax = words;
+                r->neg = b->neg;
+                r->d = a;
+            } else {
+                /* r == NULL, BN_new failure */
+                OPENSSL_free(a);
+            }
+        }
+        /*
+         * If a == NULL, there was an error in allocation in
+         * bn_expand_internal(), and NULL should be returned
+         */
+    } else {
+        r = BN_dup(b);
+    }
+
+    bn_check_top(r);
+    return r;
+}
 #endif
 
-/* This is an internal function that should not be used in applications.
- * It ensures that 'b' has enough room for a 'words' word number
- * and initialises any unused part of b->d with leading zeros.
- * It is mostly used by the various BIGNUM routines. If there is an error,
- * NULL is returned. If not, 'b' is returned. */
+/*
+ * This is an internal function that should not be used in applications. It
+ * ensures that 'b' has enough room for a 'words' word number and initialises
+ * any unused part of b->d with leading zeros. It is mostly used by the
+ * various BIGNUM routines. If there is an error, NULL is returned. If not,
+ * 'b' is returned.
+ */
 
 BIGNUM *bn_expand2(BIGNUM *b, int words)
-	{
-	bn_check_top(b);
-
-	if (words > b->dmax)
-		{
-		BN_ULONG *a = bn_expand_internal(b, words);
-		if(!a) return NULL;
-		if(b->d) OPENSSL_free(b->d);
-		b->d=a;
-		b->dmax=words;
-		}
+{
+    bn_check_top(b);
+
+    if (words > b->dmax) {
+        BN_ULONG *a = bn_expand_internal(b, words);
+        if (!a)
+            return NULL;
+        if (b->d)
+            OPENSSL_free(b->d);
+        b->d = a;
+        b->dmax = words;
+    }
 
 /* None of this should be necessary because of what b->top means! */
 #if 0
-	/* NB: bn_wexpand() calls this only if the BIGNUM really has to grow */
-	if (b->top < b->dmax)
-		{
-		int i;
-		BN_ULONG *A = &(b->d[b->top]);
-		for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8)
-			{
-			A[0]=0; A[1]=0; A[2]=0; A[3]=0;
-			A[4]=0; A[5]=0; A[6]=0; A[7]=0;
-			}
-		for (i=(b->dmax - b->top)&7; i>0; i--,A++)
-			A[0]=0;
-		assert(A == &(b->d[b->dmax]));
-		}
+    /*
+     * NB: bn_wexpand() calls this only if the BIGNUM really has to grow
+     */
+    if (b->top < b->dmax) {
+        int i;
+        BN_ULONG *A = &(b->d[b->top]);
+        for (i = (b->dmax - b->top) >> 3; i > 0; i--, A += 8) {
+            A[0] = 0;
+            A[1] = 0;
+            A[2] = 0;
+            A[3] = 0;
+            A[4] = 0;
+            A[5] = 0;
+            A[6] = 0;
+            A[7] = 0;
+        }
+        for (i = (b->dmax - b->top) & 7; i > 0; i--, A++)
+            A[0] = 0;
+        assert(A == &(b->d[b->dmax]));
+    }
 #endif
-	bn_check_top(b);
-	return b;
-	}
+    bn_check_top(b);
+    return b;
+}
 
 BIGNUM *BN_dup(const BIGNUM *a)
-	{
-	BIGNUM *t;
-
-	if (a == NULL) return NULL;
-	bn_check_top(a);
-
-	t = BN_new();
-	if (t == NULL) return NULL;
-	if(!BN_copy(t, a))
-		{
-		BN_free(t);
-		return NULL;
-		}
-	bn_check_top(t);
-	return t;
-	}
+{
+    BIGNUM *t;
+
+    if (a == NULL)
+        return NULL;
+    bn_check_top(a);
+
+    t = BN_new();
+    if (t == NULL)
+        return NULL;
+    if (!BN_copy(t, a)) {
+        BN_free(t);
+        return NULL;
+    }
+    bn_check_top(t);
+    return t;
+}
 
 BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b)
-	{
-	int i;
-	BN_ULONG *A;
-	const BN_ULONG *B;
+{
+    int i;
+    BN_ULONG *A;
+    const BN_ULONG *B;
 
-	bn_check_top(b);
+    bn_check_top(b);
 
-	if (a == b) return(a);
-	if (bn_wexpand(a,b->top) == NULL) return(NULL);
+    if (a == b)
+        return (a);
+    if (bn_wexpand(a, b->top) == NULL)
+        return (NULL);
 
 #if 1
-	A=a->d;
-	B=b->d;
-	for (i=b->top>>2; i>0; i--,A+=4,B+=4)
-		{
-		BN_ULONG a0,a1,a2,a3;
-		a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3];
-		A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3;
-		}
-	switch (b->top&3)
-		{
-		case 3: A[2]=B[2];
-		case 2: A[1]=B[1];
-		case 1: A[0]=B[0];
-		case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */
-		}
+    A = a->d;
+    B = b->d;
+    for (i = b->top >> 2; i > 0; i--, A += 4, B += 4) {
+        BN_ULONG a0, a1, a2, a3;
+        a0 = B[0];
+        a1 = B[1];
+        a2 = B[2];
+        a3 = B[3];
+        A[0] = a0;
+        A[1] = a1;
+        A[2] = a2;
+        A[3] = a3;
+    }
+    /* ultrix cc workaround, see comments in bn_expand_internal */
+    switch (b->top & 3) {
+    case 3:
+        A[2] = B[2];
+    case 2:
+        A[1] = B[1];
+    case 1:
+        A[0] = B[0];
+    case 0:;
+    }
 #else
-	memcpy(a->d,b->d,sizeof(b->d[0])*b->top);
+    memcpy(a->d, b->d, sizeof(b->d[0]) * b->top);
 #endif
 
-	a->top=b->top;
-	a->neg=b->neg;
-	bn_check_top(a);
-	return(a);
-	}
+    a->top = b->top;
+    a->neg = b->neg;
+    bn_check_top(a);
+    return (a);
+}
 
 void BN_swap(BIGNUM *a, BIGNUM *b)
-	{
-	int flags_old_a, flags_old_b;
-	BN_ULONG *tmp_d;
-	int tmp_top, tmp_dmax, tmp_neg;
-	
-	bn_check_top(a);
-	bn_check_top(b);
-
-	flags_old_a = a->flags;
-	flags_old_b = b->flags;
-
-	tmp_d = a->d;
-	tmp_top = a->top;
-	tmp_dmax = a->dmax;
-	tmp_neg = a->neg;
-	
-	a->d = b->d;
-	a->top = b->top;
-	a->dmax = b->dmax;
-	a->neg = b->neg;
-	
-	b->d = tmp_d;
-	b->top = tmp_top;
-	b->dmax = tmp_dmax;
-	b->neg = tmp_neg;
-	
-	a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
-	b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
-	bn_check_top(a);
-	bn_check_top(b);
-	}
+{
+    int flags_old_a, flags_old_b;
+    BN_ULONG *tmp_d;
+    int tmp_top, tmp_dmax, tmp_neg;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    flags_old_a = a->flags;
+    flags_old_b = b->flags;
+
+    tmp_d = a->d;
+    tmp_top = a->top;
+    tmp_dmax = a->dmax;
+    tmp_neg = a->neg;
+
+    a->d = b->d;
+    a->top = b->top;
+    a->dmax = b->dmax;
+    a->neg = b->neg;
+
+    b->d = tmp_d;
+    b->top = tmp_top;
+    b->dmax = tmp_dmax;
+    b->neg = tmp_neg;
+
+    a->flags =
+        (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA);
+    b->flags =
+        (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA);
+    bn_check_top(a);
+    bn_check_top(b);
+}
 
 void BN_clear(BIGNUM *a)
-	{
-	bn_check_top(a);
-	if (a->d != NULL)
-		memset(a->d,0,a->dmax*sizeof(a->d[0]));
-	a->top=0;
-	a->neg=0;
-	}
+{
+    bn_check_top(a);
+    if (a->d != NULL)
+        memset(a->d, 0, a->dmax * sizeof(a->d[0]));
+    a->top = 0;
+    a->neg = 0;
+}
 
 BN_ULONG BN_get_word(const BIGNUM *a)
-	{
-	if (a->top > 1)
-		return BN_MASK2;
-	else if (a->top == 1)
-		return a->d[0];
-	/* a->top == 0 */
-	return 0;
-	}
+{
+    if (a->top > 1)
+        return BN_MASK2;
+    else if (a->top == 1)
+        return a->d[0];
+    /* a->top == 0 */
+    return 0;
+}
 
 int BN_set_word(BIGNUM *a, BN_ULONG w)
-	{
-	bn_check_top(a);
-	if (bn_expand(a,(int)sizeof(BN_ULONG)*8) == NULL) return(0);
-	a->neg = 0;
-	a->d[0] = w;
-	a->top = (w ? 1 : 0);
-	bn_check_top(a);
-	return(1);
-	}
+{
+    bn_check_top(a);
+    if (bn_expand(a, (int)sizeof(BN_ULONG) * 8) == NULL)
+        return (0);
+    a->neg = 0;
+    a->d[0] = w;
+    a->top = (w ? 1 : 0);
+    bn_check_top(a);
+    return (1);
+}
 
 BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret)
-	{
-	unsigned int i,m;
-	unsigned int n;
-	BN_ULONG l;
-	BIGNUM  *bn = NULL;
-
-	if (ret == NULL)
-		ret = bn = BN_new();
-	if (ret == NULL) return(NULL);
-	bn_check_top(ret);
-	l=0;
-	n=len;
-	if (n == 0)
-		{
-		ret->top=0;
-		return(ret);
-		}
-	i=((n-1)/BN_BYTES)+1;
-	m=((n-1)%(BN_BYTES));
-	if (bn_wexpand(ret, (int)i) == NULL)
-		{
-		if (bn) BN_free(bn);
-		return NULL;
-		}
-	ret->top=i;
-	ret->neg=0;
-	while (n--)
-		{
-		l=(l<<8L)| *(s++);
-		if (m-- == 0)
-			{
-			ret->d[--i]=l;
-			l=0;
-			m=BN_BYTES-1;
-			}
-		}
-	/* need to call this due to clear byte at top if avoiding
-	 * having the top bit set (-ve number) */
-	bn_correct_top(ret);
-	return(ret);
-	}
+{
+    unsigned int i, m;
+    unsigned int n;
+    BN_ULONG l;
+    BIGNUM *bn = NULL;
+
+    if (ret == NULL)
+        ret = bn = BN_new();
+    if (ret == NULL)
+        return (NULL);
+    bn_check_top(ret);
+    l = 0;
+    n = len;
+    if (n == 0) {
+        ret->top = 0;
+        return (ret);
+    }
+    i = ((n - 1) / BN_BYTES) + 1;
+    m = ((n - 1) % (BN_BYTES));
+    if (bn_wexpand(ret, (int)i) == NULL) {
+        if (bn)
+            BN_free(bn);
+        return NULL;
+    }
+    ret->top = i;
+    ret->neg = 0;
+    while (n--) {
+        l = (l << 8L) | *(s++);
+        if (m-- == 0) {
+            ret->d[--i] = l;
+            l = 0;
+            m = BN_BYTES - 1;
+        }
+    }
+    /*
+     * need to call this due to clear byte at top if avoiding having the top
+     * bit set (-ve number)
+     */
+    bn_correct_top(ret);
+    return (ret);
+}
 
 /* ignore negative */
 int BN_bn2bin(const BIGNUM *a, unsigned char *to)
-	{
-	int n,i;
-	BN_ULONG l;
-
-	bn_check_top(a);
-	n=i=BN_num_bytes(a);
-	while (i--)
-		{
-		l=a->d[i/BN_BYTES];
-		*(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff;
-		}
-	return(n);
-	}
+{
+    int n, i;
+    BN_ULONG l;
+
+    bn_check_top(a);
+    n = i = BN_num_bytes(a);
+    while (i--) {
+        l = a->d[i / BN_BYTES];
+        *(to++) = (unsigned char)(l >> (8 * (i % BN_BYTES))) & 0xff;
+    }
+    return (n);
+}
 
 int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
-	{
-	int i;
-	BN_ULONG t1,t2,*ap,*bp;
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	i=a->top-b->top;
-	if (i != 0) return(i);
-	ap=a->d;
-	bp=b->d;
-	for (i=a->top-1; i>=0; i--)
-		{
-		t1= ap[i];
-		t2= bp[i];
-		if (t1 != t2)
-			return((t1 > t2) ? 1 : -1);
-		}
-	return(0);
-	}
+{
+    int i;
+    BN_ULONG t1, t2, *ap, *bp;
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    i = a->top - b->top;
+    if (i != 0)
+        return (i);
+    ap = a->d;
+    bp = b->d;
+    for (i = a->top - 1; i >= 0; i--) {
+        t1 = ap[i];
+        t2 = bp[i];
+        if (t1 != t2)
+            return ((t1 > t2) ? 1 : -1);
+    }
+    return (0);
+}
 
 int BN_cmp(const BIGNUM *a, const BIGNUM *b)
-	{
-	int i;
-	int gt,lt;
-	BN_ULONG t1,t2;
-
-	if ((a == NULL) || (b == NULL))
-		{
-		if (a != NULL)
-			return(-1);
-		else if (b != NULL)
-			return(1);
-		else
-			return(0);
-		}
-
-	bn_check_top(a);
-	bn_check_top(b);
-
-	if (a->neg != b->neg)
-		{
-		if (a->neg)
-			return(-1);
-		else	return(1);
-		}
-	if (a->neg == 0)
-		{ gt=1; lt= -1; }
-	else	{ gt= -1; lt=1; }
-
-	if (a->top > b->top) return(gt);
-	if (a->top < b->top) return(lt);
-	for (i=a->top-1; i>=0; i--)
-		{
-		t1=a->d[i];
-		t2=b->d[i];
-		if (t1 > t2) return(gt);
-		if (t1 < t2) return(lt);
-		}
-	return(0);
-	}
+{
+    int i;
+    int gt, lt;
+    BN_ULONG t1, t2;
+
+    if ((a == NULL) || (b == NULL)) {
+        if (a != NULL)
+            return (-1);
+        else if (b != NULL)
+            return (1);
+        else
+            return (0);
+    }
+
+    bn_check_top(a);
+    bn_check_top(b);
+
+    if (a->neg != b->neg) {
+        if (a->neg)
+            return (-1);
+        else
+            return (1);
+    }
+    if (a->neg == 0) {
+        gt = 1;
+        lt = -1;
+    } else {
+        gt = -1;
+        lt = 1;
+    }
+
+    if (a->top > b->top)
+        return (gt);
+    if (a->top < b->top)
+        return (lt);
+    for (i = a->top - 1; i >= 0; i--) {
+        t1 = a->d[i];
+        t2 = b->d[i];
+        if (t1 > t2)
+            return (gt);
+        if (t1 < t2)
+            return (lt);
+    }
+    return (0);
+}
 
 int BN_set_bit(BIGNUM *a, int n)
-	{
-	int i,j,k;
-
-	if (n < 0)
-		return 0;
-
-	i=n/BN_BITS2;
-	j=n%BN_BITS2;
-	if (a->top <= i)
-		{
-		if (bn_wexpand(a,i+1) == NULL) return(0);
-		for(k=a->top; k<i+1; k++)
-			a->d[k]=0;
-		a->top=i+1;
-		}
-
-	a->d[i]|=(((BN_ULONG)1)<<j);
-	bn_check_top(a);
-	return(1);
-	}
+{
+    int i, j, k;
+
+    if (n < 0)
+        return 0;
+
+    i = n / BN_BITS2;
+    j = n % BN_BITS2;
+    if (a->top <= i) {
+        if (bn_wexpand(a, i + 1) == NULL)
+            return (0);
+        for (k = a->top; k < i + 1; k++)
+            a->d[k] = 0;
+        a->top = i + 1;
+    }
+
+    a->d[i] |= (((BN_ULONG)1) << j);
+    bn_check_top(a);
+    return (1);
+}
 
 int BN_clear_bit(BIGNUM *a, int n)
-	{
-	int i,j;
+{
+    int i, j;
 
-	bn_check_top(a);
-	if (n < 0) return 0;
+    bn_check_top(a);
+    if (n < 0)
+        return 0;
 
-	i=n/BN_BITS2;
-	j=n%BN_BITS2;
-	if (a->top <= i) return(0);
+    i = n / BN_BITS2;
+    j = n % BN_BITS2;
+    if (a->top <= i)
+        return (0);
 
-	a->d[i]&=(~(((BN_ULONG)1)<<j));
-	bn_correct_top(a);
-	return(1);
-	}
+    a->d[i] &= (~(((BN_ULONG)1) << j));
+    bn_correct_top(a);
+    return (1);
+}
 
 int BN_is_bit_set(const BIGNUM *a, int n)
-	{
-	int i,j;
-
-	bn_check_top(a);
-	if (n < 0) return 0;
-	i=n/BN_BITS2;
-	j=n%BN_BITS2;
-	if (a->top <= i) return 0;
-	return(((a->d[i])>>j)&((BN_ULONG)1));
-	}
+{
+    int i, j;
+
+    bn_check_top(a);
+    if (n < 0)
+        return 0;
+    i = n / BN_BITS2;
+    j = n % BN_BITS2;
+    if (a->top <= i)
+        return 0;
+    return (((a->d[i]) >> j) & ((BN_ULONG)1));
+}
 
 int BN_mask_bits(BIGNUM *a, int n)
-	{
-	int b,w;
-
-	bn_check_top(a);
-	if (n < 0) return 0;
-
-	w=n/BN_BITS2;
-	b=n%BN_BITS2;
-	if (w >= a->top) return 0;
-	if (b == 0)
-		a->top=w;
-	else
-		{
-		a->top=w+1;
-		a->d[w]&= ~(BN_MASK2<<b);
-		}
-	bn_correct_top(a);
-	return(1);
-	}
+{
+    int b, w;
+
+    bn_check_top(a);
+    if (n < 0)
+        return 0;
+
+    w = n / BN_BITS2;
+    b = n % BN_BITS2;
+    if (w >= a->top)
+        return 0;
+    if (b == 0)
+        a->top = w;
+    else {
+        a->top = w + 1;
+        a->d[w] &= ~(BN_MASK2 << b);
+    }
+    bn_correct_top(a);
+    return (1);
+}
 
 void BN_set_negative(BIGNUM *a, int b)
-	{
-	if (b && !BN_is_zero(a))
-		a->neg = 1;
-	else
-		a->neg = 0;
-	}
+{
+    if (b && !BN_is_zero(a))
+        a->neg = 1;
+    else
+        a->neg = 0;
+}
 
 int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n)
-	{
-	int i;
-	BN_ULONG aa,bb;
-
-	aa=a[n-1];
-	bb=b[n-1];
-	if (aa != bb) return((aa > bb)?1:-1);
-	for (i=n-2; i>=0; i--)
-		{
-		aa=a[i];
-		bb=b[i];
-		if (aa != bb) return((aa > bb)?1:-1);
-		}
-	return(0);
-	}
-
-/* Here follows a specialised variants of bn_cmp_words().  It has the
-   property of performing the operation on arrays of different sizes.
-   The sizes of those arrays is expressed through cl, which is the
-   common length ( basicall, min(len(a),len(b)) ), and dl, which is the
-   delta between the two lengths, calculated as len(a)-len(b).
-   All lengths are the number of BN_ULONGs...  */
-
-int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b,
-	int cl, int dl)
-	{
-	int n,i;
-	n = cl-1;
-
-	if (dl < 0)
-		{
-		for (i=dl; i<0; i++)
-			{
-			if (b[n-i] != 0)
-				return -1; /* a < b */
-			}
-		}
-	if (dl > 0)
-		{
-		for (i=dl; i>0; i--)
-			{
-			if (a[n+i] != 0)
-				return 1; /* a > b */
-			}
-		}
-	return bn_cmp_words(a,b,cl);
-	}
+{
+    int i;
+    BN_ULONG aa, bb;
+
+    aa = a[n - 1];
+    bb = b[n - 1];
+    if (aa != bb)
+        return ((aa > bb) ? 1 : -1);
+    for (i = n - 2; i >= 0; i--) {
+        aa = a[i];
+        bb = b[i];
+        if (aa != bb)
+            return ((aa > bb) ? 1 : -1);
+    }
+    return (0);
+}
+
+/*
+ * Here follows a specialised variants of bn_cmp_words().  It has the
+ * property of performing the operation on arrays of different sizes. The
+ * sizes of those arrays is expressed through cl, which is the common length
+ * ( basicall, min(len(a),len(b)) ), and dl, which is the delta between the
+ * two lengths, calculated as len(a)-len(b). All lengths are the number of
+ * BN_ULONGs...
+ */
+
+int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, int cl, int dl)
+{
+    int n, i;
+    n = cl - 1;
+
+    if (dl < 0) {
+        for (i = dl; i < 0; i++) {
+            if (b[n - i] != 0)
+                return -1;      /* a < b */
+        }
+    }
+    if (dl > 0) {
+        for (i = dl; i > 0; i--) {
+            if (a[n + i] != 0)
+                return 1;       /* a > b */
+        }
+    }
+    return bn_cmp_words(a, b, cl);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c
index 77d6ddb9..ffbce890 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c
@@ -1,6 +1,8 @@
 /* crypto/bn/bn_mod.c */
-/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * for the OpenSSL project. */
+/*
+ * Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
+ * for the OpenSSL project.
+ */
 /* ====================================================================
  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
  *
@@ -9,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,21 +62,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -89,10 +91,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -104,7 +106,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -114,188 +116,201 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-
-#if 0 /* now just a #define */
+#if 0                           /* now just a #define */
 int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
-	{
-	return(BN_div(NULL,rem,m,d,ctx));
-	/* note that  rem->neg == m->neg  (unless the remainder is zero) */
-	}
+{
+    return (BN_div(NULL, rem, m, d, ctx));
+    /* note that  rem->neg == m->neg  (unless the remainder is zero) */
+}
 #endif
 
-
 int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
-	{
-	/* like BN_mod, but returns non-negative remainder
-	 * (i.e.,  0 <= r < |d|  always holds) */
-
-	if (!(BN_mod(r,m,d,ctx)))
-		return 0;
-	if (!r->neg)
-		return 1;
-	/* now   -|d| < r < 0,  so we have to set  r := r + |d| */
-	return (d->neg ? BN_sub : BN_add)(r, r, d);
+{
+    /*
+     * like BN_mod, but returns non-negative remainder (i.e., 0 <= r < |d|
+     * always holds)
+     */
+
+    if (!(BN_mod(r, m, d, ctx)))
+        return 0;
+    if (!r->neg)
+        return 1;
+    /* now   -|d| < r < 0,  so we have to set  r := r + |d| */
+    return (d->neg ? BN_sub : BN_add) (r, r, d);
 }
 
+int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx)
+{
+    if (!BN_add(r, a, b))
+        return 0;
+    return BN_nnmod(r, r, m, ctx);
+}
 
-int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
-	{
-	if (!BN_add(r, a, b)) return 0;
-	return BN_nnmod(r, r, m, ctx);
-	}
-
-
-/* BN_mod_add variant that may be used if both  a  and  b  are non-negative
- * and less than  m */
-int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
-	{
-	if (!BN_uadd(r, a, b)) return 0;
-	if (BN_ucmp(r, m) >= 0)
-		return BN_usub(r, r, m);
-	return 1;
-	}
-
-
-int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx)
-	{
-	if (!BN_sub(r, a, b)) return 0;
-	return BN_nnmod(r, r, m, ctx);
-	}
-
+/*
+ * BN_mod_add variant that may be used if both a and b are non-negative and
+ * less than m
+ */
+int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m)
+{
+    if (!BN_uadd(r, a, b))
+        return 0;
+    if (BN_ucmp(r, m) >= 0)
+        return BN_usub(r, r, m);
+    return 1;
+}
 
-/* BN_mod_sub variant that may be used if both  a  and  b  are non-negative
- * and less than  m */
-int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m)
-	{
-	if (!BN_sub(r, a, b)) return 0;
-	if (r->neg)
-		return BN_add(r, r, m);
-	return 1;
-	}
+int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
+               BN_CTX *ctx)
+{
+    if (!BN_sub(r, a, b))
+        return 0;
+    return BN_nnmod(r, r, m, ctx);
+}
 
+/*
+ * BN_mod_sub variant that may be used if both a and b are non-negative and
+ * less than m
+ */
+int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+                     const BIGNUM *m)
+{
+    if (!BN_sub(r, a, b))
+        return 0;
+    if (r->neg)
+        return BN_add(r, r, m);
+    return 1;
+}
 
 /* slow but works */
 int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
-	BN_CTX *ctx)
-	{
-	BIGNUM *t;
-	int ret=0;
-
-	bn_check_top(a);
-	bn_check_top(b);
-	bn_check_top(m);
-
-	BN_CTX_start(ctx);
-	if ((t = BN_CTX_get(ctx)) == NULL) goto err;
-	if (a == b)
-		{ if (!BN_sqr(t,a,ctx)) goto err; }
-	else
-		{ if (!BN_mul(t,a,b,ctx)) goto err; }
-	if (!BN_nnmod(r,t,m,ctx)) goto err;
-	bn_check_top(r);
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	return(ret);
-	}
-
+               BN_CTX *ctx)
+{
+    BIGNUM *t;
+    int ret = 0;
+
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(m);
+
+    BN_CTX_start(ctx);
+    if ((t = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (a == b) {
+        if (!BN_sqr(t, a, ctx))
+            goto err;
+    } else {
+        if (!BN_mul(t, a, b, ctx))
+            goto err;
+    }
+    if (!BN_nnmod(r, t, m, ctx))
+        goto err;
+    bn_check_top(r);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return (ret);
+}
 
 int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
-	{
-	if (!BN_sqr(r, a, ctx)) return 0;
-	/* r->neg == 0,  thus we don't need BN_nnmod */
-	return BN_mod(r, r, m, ctx);
-	}
-
+{
+    if (!BN_sqr(r, a, ctx))
+        return 0;
+    /* r->neg == 0,  thus we don't need BN_nnmod */
+    return BN_mod(r, r, m, ctx);
+}
 
 int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
-	{
-	if (!BN_lshift1(r, a)) return 0;
-	bn_check_top(r);
-	return BN_nnmod(r, r, m, ctx);
-	}
-
+{
+    if (!BN_lshift1(r, a))
+        return 0;
+    bn_check_top(r);
+    return BN_nnmod(r, r, m, ctx);
+}
 
-/* BN_mod_lshift1 variant that may be used if  a  is non-negative
- * and less than  m */
+/*
+ * BN_mod_lshift1 variant that may be used if a is non-negative and less than
+ * m
+ */
 int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m)
-	{
-	if (!BN_lshift1(r, a)) return 0;
-	bn_check_top(r);
-	if (BN_cmp(r, m) >= 0)
-		return BN_sub(r, r, m);
-	return 1;
-	}
-
+{
+    if (!BN_lshift1(r, a))
+        return 0;
+    bn_check_top(r);
+    if (BN_cmp(r, m) >= 0)
+        return BN_sub(r, r, m);
+    return 1;
+}
 
-int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx)
-	{
-	BIGNUM *abs_m = NULL;
-	int ret;
+int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m,
+                  BN_CTX *ctx)
+{
+    BIGNUM *abs_m = NULL;
+    int ret;
 
-	if (!BN_nnmod(r, a, m, ctx)) return 0;
+    if (!BN_nnmod(r, a, m, ctx))
+        return 0;
 
-	if (m->neg)
-		{
-		abs_m = BN_dup(m);
-		if (abs_m == NULL) return 0;
-		abs_m->neg = 0;
-		}
-	
-	ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
-	bn_check_top(r);
+    if (m->neg) {
+        abs_m = BN_dup(m);
+        if (abs_m == NULL)
+            return 0;
+        abs_m->neg = 0;
+    }
 
-	if (abs_m)
-		BN_free(abs_m);
-	return ret;
-	}
+    ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m));
+    bn_check_top(r);
 
+    if (abs_m)
+        BN_free(abs_m);
+    return ret;
+}
 
-/* BN_mod_lshift variant that may be used if  a  is non-negative
- * and less than  m */
+/*
+ * BN_mod_lshift variant that may be used if a is non-negative and less than
+ * m
+ */
 int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m)
-	{
-	if (r != a)
-		{
-		if (BN_copy(r, a) == NULL) return 0;
-		}
-
-	while (n > 0)
-		{
-		int max_shift;
-		
-		/* 0 < r < m */
-		max_shift = BN_num_bits(m) - BN_num_bits(r);
-		/* max_shift >= 0 */
-
-		if (max_shift < 0)
-			{
-			BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
-			return 0;
-			}
-
-		if (max_shift > n)
-			max_shift = n;
-
-		if (max_shift)
-			{
-			if (!BN_lshift(r, r, max_shift)) return 0;
-			n -= max_shift;
-			}
-		else
-			{
-			if (!BN_lshift1(r, r)) return 0;
-			--n;
-			}
-
-		/* BN_num_bits(r) <= BN_num_bits(m) */
-
-		if (BN_cmp(r, m) >= 0) 
-			{
-			if (!BN_sub(r, r, m)) return 0;
-			}
-		}
-	bn_check_top(r);
-	
-	return 1;
-	}
+{
+    if (r != a) {
+        if (BN_copy(r, a) == NULL)
+            return 0;
+    }
+
+    while (n > 0) {
+        int max_shift;
+
+        /* 0 < r < m */
+        max_shift = BN_num_bits(m) - BN_num_bits(r);
+        /* max_shift >= 0 */
+
+        if (max_shift < 0) {
+            BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED);
+            return 0;
+        }
+
+        if (max_shift > n)
+            max_shift = n;
+
+        if (max_shift) {
+            if (!BN_lshift(r, r, max_shift))
+                return 0;
+            n -= max_shift;
+        } else {
+            if (!BN_lshift1(r, r))
+                return 0;
+            --n;
+        }
+
+        /* BN_num_bits(r) <= BN_num_bits(m) */
+
+        if (BN_cmp(r, m) >= 0) {
+            if (!BN_sub(r, r, m))
+                return 0;
+        }
+    }
+    bn_check_top(r);
+
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c
index 27cafb1f..bf40e823 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -120,619 +120,682 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-#define MONT_WORD /* use the faster word-based algorithm */
+#define MONT_WORD               /* use the faster word-based algorithm */
 
 #if defined(MONT_WORD) && defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)
-/* This condition means we have a specific non-default build:
- * In the 0.9.8 branch, OPENSSL_BN_ASM_MONT is normally not set for any
- * BN_BITS2<=32 platform; an explicit "enable-montasm" is required.
- * I.e., if we are here, the user intentionally deviates from the
- * normal stable build to get better Montgomery performance from
- * the 0.9.9-dev backport.
- *
- * In this case only, we also enable BN_from_montgomery_word()
- * (another non-stable feature from 0.9.9-dev).
+/*
+ * This condition means we have a specific non-default build: In the 0.9.8
+ * branch, OPENSSL_BN_ASM_MONT is normally not set for any BN_BITS2<=32
+ * platform; an explicit "enable-montasm" is required. I.e., if we are here,
+ * the user intentionally deviates from the normal stable build to get better
+ * Montgomery performance from the 0.9.9-dev backport. In this case only, we
+ * also enable BN_from_montgomery_word() (another non-stable feature from
+ * 0.9.9-dev).
  */
-#define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
+# define MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
 #endif
 
 #ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
 static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont);
 #endif
 
-
-
 int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-			  BN_MONT_CTX *mont, BN_CTX *ctx)
-	{
-	BIGNUM *tmp;
-	int ret=0;
+                          BN_MONT_CTX *mont, BN_CTX *ctx)
+{
+    BIGNUM *tmp;
+    int ret = 0;
 #if defined(OPENSSL_BN_ASM_MONT) && defined(MONT_WORD)
-	int num = mont->N.top;
+    int num = mont->N.top;
 
-	if (num>1 && a->top==num && b->top==num)
-		{
-		if (bn_wexpand(r,num) == NULL) return(0);
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
-		if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,mont->n0,num))
-#else
-		if (bn_mul_mont(r->d,a->d,b->d,mont->N.d,&mont->n0,num))
-#endif
-			{
-			r->neg = a->neg^b->neg;
-			r->top = num;
-			bn_correct_top(r);
-			return(1);
-			}
-		}
+    if (num > 1 && a->top == num && b->top == num) {
+        if (bn_wexpand(r, num) == NULL)
+            return (0);
+# if 0                          /* for OpenSSL 0.9.9 mont->n0 */
+        if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, mont->n0, num))
+# else
+        if (bn_mul_mont(r->d, a->d, b->d, mont->N.d, &mont->n0, num))
+# endif
+        {
+            r->neg = a->neg ^ b->neg;
+            r->top = num;
+            bn_correct_top(r);
+            return (1);
+        }
+    }
 #endif
 
-	BN_CTX_start(ctx);
-	tmp = BN_CTX_get(ctx);
-	if (tmp == NULL) goto err;
-
-	bn_check_top(tmp);
-	if (a == b)
-		{
-		if (!BN_sqr(tmp,a,ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_mul(tmp,a,b,ctx)) goto err;
-		}
-	/* reduce from aRR to aR */
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (tmp == NULL)
+        goto err;
+
+    bn_check_top(tmp);
+    if (a == b) {
+        if (!BN_sqr(tmp, a, ctx))
+            goto err;
+    } else {
+        if (!BN_mul(tmp, a, b, ctx))
+            goto err;
+    }
+    /* reduce from aRR to aR */
 #ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
-	if (!BN_from_montgomery_word(r,tmp,mont)) goto err;
+    if (!BN_from_montgomery_word(r, tmp, mont))
+        goto err;
 #else
-	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
+    if (!BN_from_montgomery(r, tmp, mont, ctx))
+        goto err;
 #endif
-	bn_check_top(r);
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	return(ret);
-	}
+    bn_check_top(r);
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return (ret);
+}
 
 #ifdef MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD
 static int BN_from_montgomery_word(BIGNUM *ret, BIGNUM *r, BN_MONT_CTX *mont)
-	{
-	BIGNUM *n;
-	BN_ULONG *ap,*np,*rp,n0,v,*nrp;
-	int al,nl,max,i,x,ri;
-
-	n= &(mont->N);
-	/* mont->ri is the size of mont->N in bits (rounded up
-	   to the word size) */
-	al=ri=mont->ri/BN_BITS2;
-
-	nl=n->top;
-	if ((al == 0) || (nl == 0)) { ret->top=0; return(1); }
-
-	max=(nl+al+1); /* allow for overflow (no?) XXX */
-	if (bn_wexpand(r,max) == NULL) return(0);
-
-	r->neg^=n->neg;
-	np=n->d;
-	rp=r->d;
-	nrp= &(r->d[nl]);
-
-	/* clear the top words of T */
-	for (i=r->top; i<max; i++) /* memset? XXX */
-		r->d[i]=0;
-
-	r->top=max;
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
-	n0=mont->n0[0];
-#else
-	n0=mont->n0;
-#endif
+{
+    BIGNUM *n;
+    BN_ULONG *ap, *np, *rp, n0, v, *nrp;
+    int al, nl, max, i, x, ri;
+
+    n = &(mont->N);
+    /*
+     * mont->ri is the size of mont->N in bits (rounded up to the word size)
+     */
+    al = ri = mont->ri / BN_BITS2;
+
+    nl = n->top;
+    if ((al == 0) || (nl == 0)) {
+        ret->top = 0;
+        return (1);
+    }
+
+    max = (nl + al + 1);        /* allow for overflow (no?) XXX */
+    if (bn_wexpand(r, max) == NULL)
+        return (0);
+
+    r->neg ^= n->neg;
+    np = n->d;
+    rp = r->d;
+    nrp = &(r->d[nl]);
+
+    /* clear the top words of T */
+    for (i = r->top; i < max; i++) /* memset? XXX */
+        r->d[i] = 0;
+
+    r->top = max;
+# if 0                          /* for OpenSSL 0.9.9 mont->n0 */
+    n0 = mont->n0[0];
+# else
+    n0 = mont->n0;
+# endif
 
-#ifdef BN_COUNT
-	fprintf(stderr,"word BN_from_montgomery_word %d * %d\n",nl,nl);
-#endif
-	for (i=0; i<nl; i++)
-		{
-#ifdef __TANDEM
-                {
-                   long long t1;
-                   long long t2;
-                   long long t3;
-                   t1 = rp[0] * (n0 & 0177777);
-                   t2 = 037777600000l;
-                   t2 = n0 & t2;
-                   t3 = rp[0] & 0177777;
-                   t2 = (t3 * t2) & BN_MASK2;
-                   t1 = t1 + t2;
-                   v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
-                }
-#else
-		v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
-#endif
-		nrp++;
-		rp++;
-		if (((nrp[-1]+=v)&BN_MASK2) >= v)
-			continue;
-		else
-			{
-			if (((++nrp[0])&BN_MASK2) != 0) continue;
-			if (((++nrp[1])&BN_MASK2) != 0) continue;
-			for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
-			}
-		}
-	bn_correct_top(r);
-
-	/* mont->ri will be a multiple of the word size and below code
-	 * is kind of BN_rshift(ret,r,mont->ri) equivalent */
-	if (r->top <= ri)
-		{
-		ret->top=0;
-		return(1);
-		}
-	al=r->top-ri;
-
-	if (bn_wexpand(ret,ri) == NULL) return(0);
-	x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
-	ret->top=x=(ri&~x)|(al&x);	/* min(ri,al) */
-	ret->neg=r->neg;
-
-	rp=ret->d;
-	ap=&(r->d[ri]);
-
-	{
-	size_t m1,m2;
-
-	v=bn_sub_words(rp,ap,np,ri);
-	/* this ----------------^^ works even in al<ri case
-	 * thanks to zealous zeroing of top of the vector in the
-	 * beginning. */
-
-	/* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
-	/* in other words if subtraction result is real, then
-	 * trick unconditional memcpy below to perform in-place
-	 * "refresh" instead of actual copy. */
-	m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1);	/* al<ri */
-	m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1);	/* al>ri */
-	m1|=m2;			/* (al!=ri) */
-	m1|=(0-(size_t)v);	/* (al!=ri || v) */
-	m1&=~m2;		/* (al!=ri || v) && !al>ri */
-	nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
-	}
-
-	/* 'i<ri' is chosen to eliminate dependency on input data, even
-	 * though it results in redundant copy in al<ri case. */
-	for (i=0,ri-=4; i<ri; i+=4)
-		{
-		BN_ULONG t1,t2,t3,t4;
-		
-		t1=nrp[i+0];
-		t2=nrp[i+1];
-		t3=nrp[i+2];	ap[i+0]=0;
-		t4=nrp[i+3];	ap[i+1]=0;
-		rp[i+0]=t1;	ap[i+2]=0;
-		rp[i+1]=t2;	ap[i+3]=0;
-		rp[i+2]=t3;
-		rp[i+3]=t4;
-		}
-	for (ri+=4; i<ri; i++)
-		rp[i]=nrp[i], ap[i]=0;
-	bn_correct_top(r);
-	bn_correct_top(ret);
-	bn_check_top(ret);
-
-	return(1);
-	}
+# ifdef BN_COUNT
+    fprintf(stderr, "word BN_from_montgomery_word %d * %d\n", nl, nl);
+# endif
+    for (i = 0; i < nl; i++) {
+# ifdef __TANDEM
+        {
+            long long t1;
+            long long t2;
+            long long t3;
+            t1 = rp[0] * (n0 & 0177777);
+            t2 = 037777600000l;
+            t2 = n0 & t2;
+            t3 = rp[0] & 0177777;
+            t2 = (t3 * t2) & BN_MASK2;
+            t1 = t1 + t2;
+            v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1);
+        }
+# else
+        v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2);
+# endif
+        nrp++;
+        rp++;
+        if (((nrp[-1] += v) & BN_MASK2) >= v)
+            continue;
+        else {
+            if (((++nrp[0]) & BN_MASK2) != 0)
+                continue;
+            if (((++nrp[1]) & BN_MASK2) != 0)
+                continue;
+            for (x = 2; (((++nrp[x]) & BN_MASK2) == 0); x++) ;
+        }
+    }
+    bn_correct_top(r);
+
+    /*
+     * mont->ri will be a multiple of the word size and below code is kind of
+     * BN_rshift(ret,r,mont->ri) equivalent
+     */
+    if (r->top <= ri) {
+        ret->top = 0;
+        return (1);
+    }
+    al = r->top - ri;
+
+    if (bn_wexpand(ret, ri) == NULL)
+        return (0);
+    x = 0 - (((al - ri) >> (sizeof(al) * 8 - 1)) & 1);
+    ret->top = x = (ri & ~x) | (al & x); /* min(ri,al) */
+    ret->neg = r->neg;
+
+    rp = ret->d;
+    ap = &(r->d[ri]);
+
+    {
+        size_t m1, m2;
+
+        v = bn_sub_words(rp, ap, np, ri);
+        /*
+         * this ----------------^^ works even in al<ri case thanks to zealous
+         * zeroing of top of the vector in the beginning.
+         */
+
+        /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
+        /*
+         * in other words if subtraction result is real, then trick
+         * unconditional memcpy below to perform in-place "refresh" instead
+         * of actual copy.
+         */
+        m1 = 0 - (size_t)(((al - ri) >> (sizeof(al) * 8 - 1)) & 1); /* al<ri */
+        m2 = 0 - (size_t)(((ri - al) >> (sizeof(al) * 8 - 1)) & 1); /* al>ri */
+        m1 |= m2;               /* (al!=ri) */
+        m1 |= (0 - (size_t)v);  /* (al!=ri || v) */
+        m1 &= ~m2;              /* (al!=ri || v) && !al>ri */
+        nrp = (BN_ULONG *)(((size_t)rp & ~m1) | ((size_t)ap & m1));
+    }
+
+    /*
+     * 'i<ri' is chosen to eliminate dependency on input data, even though it
+     * results in redundant copy in al<ri case.
+     */
+    for (i = 0, ri -= 4; i < ri; i += 4) {
+        BN_ULONG t1, t2, t3, t4;
+
+        t1 = nrp[i + 0];
+        t2 = nrp[i + 1];
+        t3 = nrp[i + 2];
+        ap[i + 0] = 0;
+        t4 = nrp[i + 3];
+        ap[i + 1] = 0;
+        rp[i + 0] = t1;
+        ap[i + 2] = 0;
+        rp[i + 1] = t2;
+        ap[i + 3] = 0;
+        rp[i + 2] = t3;
+        rp[i + 3] = t4;
+    }
+    for (ri += 4; i < ri; i++)
+        rp[i] = nrp[i], ap[i] = 0;
+    bn_correct_top(r);
+    bn_correct_top(ret);
+    bn_check_top(ret);
+
+    return (1);
+}
 
 int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
-	     BN_CTX *ctx)
-	{
-	int retn=0;
-	BIGNUM *t;
+                       BN_CTX *ctx)
+{
+    int retn = 0;
+    BIGNUM *t;
 
-	BN_CTX_start(ctx);
-	if ((t = BN_CTX_get(ctx)) && BN_copy(t,a))
-		retn = BN_from_montgomery_word(ret,t,mont);
-	BN_CTX_end(ctx);
-	return retn;
-	}
+    BN_CTX_start(ctx);
+    if ((t = BN_CTX_get(ctx)) && BN_copy(t, a))
+        retn = BN_from_montgomery_word(ret, t, mont);
+    BN_CTX_end(ctx);
+    return retn;
+}
 
-#else /* !MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
+#else                           /* !MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
 
 int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont,
-	     BN_CTX *ctx)
-	{
-	int retn=0;
-
-#ifdef MONT_WORD
-	BIGNUM *n,*r;
-	BN_ULONG *ap,*np,*rp,n0,v,*nrp;
-	int al,nl,max,i,x,ri;
-
-	BN_CTX_start(ctx);
-	if ((r = BN_CTX_get(ctx)) == NULL) goto err;
-
-	if (!BN_copy(r,a)) goto err;
-	n= &(mont->N);
-
-	ap=a->d;
-	/* mont->ri is the size of mont->N in bits (rounded up
-	   to the word size) */
-	al=ri=mont->ri/BN_BITS2;
-	
-	nl=n->top;
-	if ((al == 0) || (nl == 0)) { r->top=0; return(1); }
-
-	max=(nl+al+1); /* allow for overflow (no?) XXX */
-	if (bn_wexpand(r,max) == NULL) goto err;
-
-	r->neg=a->neg^n->neg;
-	np=n->d;
-	rp=r->d;
-	nrp= &(r->d[nl]);
-
-	/* clear the top words of T */
-#if 1
-	for (i=r->top; i<max; i++) /* memset? XXX */
-		r->d[i]=0;
-#else
-	memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); 
-#endif
-
-	r->top=max;
-	n0=mont->n0;
-
-#ifdef BN_COUNT
-	fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl);
-#endif
-	for (i=0; i<nl; i++)
-		{
-#ifdef __TANDEM
-                {
-                   long long t1;
-                   long long t2;
-                   long long t3;
-                   t1 = rp[0] * (n0 & 0177777);
-                   t2 = 037777600000l;
-                   t2 = n0 & t2;
-                   t3 = rp[0] & 0177777;
-                   t2 = (t3 * t2) & BN_MASK2;
-                   t1 = t1 + t2;
-                   v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1);
-                }
-#else
-		v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2);
-#endif
-		nrp++;
-		rp++;
-		if (((nrp[-1]+=v)&BN_MASK2) >= v)
-			continue;
-		else
-			{
-			if (((++nrp[0])&BN_MASK2) != 0) continue;
-			if (((++nrp[1])&BN_MASK2) != 0) continue;
-			for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ;
-			}
-		}
-	bn_correct_top(r);
-	
-	/* mont->ri will be a multiple of the word size and below code
-	 * is kind of BN_rshift(ret,r,mont->ri) equivalent */
-	if (r->top <= ri)
-		{
-		ret->top=0;
-		retn=1;
-		goto err;
-		}
-	al=r->top-ri;
-
-# define BRANCH_FREE 1
-# if BRANCH_FREE
-	if (bn_wexpand(ret,ri) == NULL) goto err;
-	x=0-(((al-ri)>>(sizeof(al)*8-1))&1);
-	ret->top=x=(ri&~x)|(al&x);	/* min(ri,al) */
-	ret->neg=r->neg;
-
-	rp=ret->d;
-	ap=&(r->d[ri]);
-
-	{
-	size_t m1,m2;
-
-	v=bn_sub_words(rp,ap,np,ri);
-	/* this ----------------^^ works even in al<ri case
-	 * thanks to zealous zeroing of top of the vector in the
-	 * beginning. */
-
-	/* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
-	/* in other words if subtraction result is real, then
-	 * trick unconditional memcpy below to perform in-place
-	 * "refresh" instead of actual copy. */
-	m1=0-(size_t)(((al-ri)>>(sizeof(al)*8-1))&1);	/* al<ri */
-	m2=0-(size_t)(((ri-al)>>(sizeof(al)*8-1))&1);	/* al>ri */
-	m1|=m2;			/* (al!=ri) */
-	m1|=(0-(size_t)v);	/* (al!=ri || v) */
-	m1&=~m2;		/* (al!=ri || v) && !al>ri */
-	nrp=(BN_ULONG *)(((size_t)rp&~m1)|((size_t)ap&m1));
-	}
-
-	/* 'i<ri' is chosen to eliminate dependency on input data, even
-	 * though it results in redundant copy in al<ri case. */
-	for (i=0,ri-=4; i<ri; i+=4)
-		{
-		BN_ULONG t1,t2,t3,t4;
-		
-		t1=nrp[i+0];
-		t2=nrp[i+1];
-		t3=nrp[i+2];	ap[i+0]=0;
-		t4=nrp[i+3];	ap[i+1]=0;
-		rp[i+0]=t1;	ap[i+2]=0;
-		rp[i+1]=t2;	ap[i+3]=0;
-		rp[i+2]=t3;
-		rp[i+3]=t4;
-		}
-	for (ri+=4; i<ri; i++)
-		rp[i]=nrp[i], ap[i]=0;
-	bn_correct_top(r);
-	bn_correct_top(ret);
-# else
-	if (bn_wexpand(ret,al) == NULL) goto err;
-	ret->top=al;
-	ret->neg=r->neg;
-
-	rp=ret->d;
-	ap=&(r->d[ri]);
-	al-=4;
-	for (i=0; i<al; i+=4)
-		{
-		BN_ULONG t1,t2,t3,t4;
-		
-		t1=ap[i+0];
-		t2=ap[i+1];
-		t3=ap[i+2];
-		t4=ap[i+3];
-		rp[i+0]=t1;
-		rp[i+1]=t2;
-		rp[i+2]=t3;
-		rp[i+3]=t4;
-		}
-	al+=4;
-	for (; i<al; i++)
-		rp[i]=ap[i];
+                       BN_CTX *ctx)
+{
+    int retn = 0;
+
+# ifdef MONT_WORD
+    BIGNUM *n, *r;
+    BN_ULONG *ap, *np, *rp, n0, v, *nrp;
+    int al, nl, max, i, x, ri;
+
+    BN_CTX_start(ctx);
+    if ((r = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_copy(r, a))
+        goto err;
+    n = &(mont->N);
+
+    ap = a->d;
+    /*
+     * mont->ri is the size of mont->N in bits (rounded up to the word size)
+     */
+    al = ri = mont->ri / BN_BITS2;
+
+    nl = n->top;
+    if ((al == 0) || (nl == 0)) {
+        r->top = 0;
+        return (1);
+    }
+
+    max = (nl + al + 1);        /* allow for overflow (no?) XXX */
+    if (bn_wexpand(r, max) == NULL)
+        goto err;
+
+    r->neg = a->neg ^ n->neg;
+    np = n->d;
+    rp = r->d;
+    nrp = &(r->d[nl]);
+
+    /* clear the top words of T */
+#  if 1
+    for (i = r->top; i < max; i++) /* memset? XXX */
+        r->d[i] = 0;
+#  else
+    memset(&(r->d[r->top]), 0, (max - r->top) * sizeof(BN_ULONG));
+#  endif
+
+    r->top = max;
+    n0 = mont->n0;
+
+#  ifdef BN_COUNT
+    fprintf(stderr, "word BN_from_montgomery %d * %d\n", nl, nl);
+#  endif
+    for (i = 0; i < nl; i++) {
+#  ifdef __TANDEM
+        {
+            long long t1;
+            long long t2;
+            long long t3;
+            t1 = rp[0] * (n0 & 0177777);
+            t2 = 037777600000l;
+            t2 = n0 & t2;
+            t3 = rp[0] & 0177777;
+            t2 = (t3 * t2) & BN_MASK2;
+            t1 = t1 + t2;
+            v = bn_mul_add_words(rp, np, nl, (BN_ULONG)t1);
+        }
+#  else
+        v = bn_mul_add_words(rp, np, nl, (rp[0] * n0) & BN_MASK2);
+#  endif
+        nrp++;
+        rp++;
+        if (((nrp[-1] += v) & BN_MASK2) >= v)
+            continue;
+        else {
+            if (((++nrp[0]) & BN_MASK2) != 0)
+                continue;
+            if (((++nrp[1]) & BN_MASK2) != 0)
+                continue;
+            for (x = 2; (((++nrp[x]) & BN_MASK2) == 0); x++) ;
+        }
+    }
+    bn_correct_top(r);
+
+    /*
+     * mont->ri will be a multiple of the word size and below code is kind of
+     * BN_rshift(ret,r,mont->ri) equivalent
+     */
+    if (r->top <= ri) {
+        ret->top = 0;
+        retn = 1;
+        goto err;
+    }
+    al = r->top - ri;
+
+#  define BRANCH_FREE 1
+#  if BRANCH_FREE
+    if (bn_wexpand(ret, ri) == NULL)
+        goto err;
+    x = 0 - (((al - ri) >> (sizeof(al) * 8 - 1)) & 1);
+    ret->top = x = (ri & ~x) | (al & x); /* min(ri,al) */
+    ret->neg = r->neg;
+
+    rp = ret->d;
+    ap = &(r->d[ri]);
+
+    {
+        size_t m1, m2;
+
+        v = bn_sub_words(rp, ap, np, ri);
+        /*
+         * this ----------------^^ works even in al<ri case thanks to zealous
+         * zeroing of top of the vector in the beginning.
+         */
+
+        /* if (al==ri && !v) || al>ri) nrp=rp; else nrp=ap; */
+        /*
+         * in other words if subtraction result is real, then trick
+         * unconditional memcpy below to perform in-place "refresh" instead
+         * of actual copy.
+         */
+        m1 = 0 - (size_t)(((al - ri) >> (sizeof(al) * 8 - 1)) & 1); /* al<ri */
+        m2 = 0 - (size_t)(((ri - al) >> (sizeof(al) * 8 - 1)) & 1); /* al>ri */
+        m1 |= m2;               /* (al!=ri) */
+        m1 |= (0 - (size_t)v);  /* (al!=ri || v) */
+        m1 &= ~m2;              /* (al!=ri || v) && !al>ri */
+        nrp = (BN_ULONG *)(((size_t)rp & ~m1) | ((size_t)ap & m1));
+    }
+
+    /*
+     * 'i<ri' is chosen to eliminate dependency on input data, even though it
+     * results in redundant copy in al<ri case.
+     */
+    for (i = 0, ri -= 4; i < ri; i += 4) {
+        BN_ULONG t1, t2, t3, t4;
+
+        t1 = nrp[i + 0];
+        t2 = nrp[i + 1];
+        t3 = nrp[i + 2];
+        ap[i + 0] = 0;
+        t4 = nrp[i + 3];
+        ap[i + 1] = 0;
+        rp[i + 0] = t1;
+        ap[i + 2] = 0;
+        rp[i + 1] = t2;
+        ap[i + 3] = 0;
+        rp[i + 2] = t3;
+        rp[i + 3] = t4;
+    }
+    for (ri += 4; i < ri; i++)
+        rp[i] = nrp[i], ap[i] = 0;
+    bn_correct_top(r);
+    bn_correct_top(ret);
+#  else
+    if (bn_wexpand(ret, al) == NULL)
+        goto err;
+    ret->top = al;
+    ret->neg = r->neg;
+
+    rp = ret->d;
+    ap = &(r->d[ri]);
+    al -= 4;
+    for (i = 0; i < al; i += 4) {
+        BN_ULONG t1, t2, t3, t4;
+
+        t1 = ap[i + 0];
+        t2 = ap[i + 1];
+        t3 = ap[i + 2];
+        t4 = ap[i + 3];
+        rp[i + 0] = t1;
+        rp[i + 1] = t2;
+        rp[i + 2] = t3;
+        rp[i + 3] = t4;
+    }
+    al += 4;
+    for (; i < al; i++)
+        rp[i] = ap[i];
+#  endif
+# else                          /* !MONT_WORD */
+    BIGNUM *t1, *t2;
+
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t1 == NULL || t2 == NULL)
+        goto err;
+
+    if (!BN_copy(t1, a))
+        goto err;
+    BN_mask_bits(t1, mont->ri);
+
+    if (!BN_mul(t2, t1, &mont->Ni, ctx))
+        goto err;
+    BN_mask_bits(t2, mont->ri);
+
+    if (!BN_mul(t1, t2, &mont->N, ctx))
+        goto err;
+    if (!BN_add(t2, a, t1))
+        goto err;
+    if (!BN_rshift(ret, t2, mont->ri))
+        goto err;
+# endif                         /* MONT_WORD */
+
+# if !defined(BRANCH_FREE) || BRANCH_FREE==0
+    if (BN_ucmp(ret, &(mont->N)) >= 0) {
+        if (!BN_usub(ret, ret, &(mont->N)))
+            goto err;
+    }
 # endif
-#else /* !MONT_WORD */ 
-	BIGNUM *t1,*t2;
-
-	BN_CTX_start(ctx);
-	t1 = BN_CTX_get(ctx);
-	t2 = BN_CTX_get(ctx);
-	if (t1 == NULL || t2 == NULL) goto err;
-	
-	if (!BN_copy(t1,a)) goto err;
-	BN_mask_bits(t1,mont->ri);
-
-	if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err;
-	BN_mask_bits(t2,mont->ri);
-
-	if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
-	if (!BN_add(t2,a,t1)) goto err;
-	if (!BN_rshift(ret,t2,mont->ri)) goto err;
-#endif /* MONT_WORD */
-
-#if !defined(BRANCH_FREE) || BRANCH_FREE==0
-	if (BN_ucmp(ret, &(mont->N)) >= 0)
-		{
-		if (!BN_usub(ret,ret,&(mont->N))) goto err;
-		}
-#endif
-	retn=1;
-	bn_check_top(ret);
+    retn = 1;
+    bn_check_top(ret);
  err:
-	BN_CTX_end(ctx);
-	return(retn);
-	}
-#endif /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
+    BN_CTX_end(ctx);
+    return (retn);
+}
+#endif                          /* MONT_FROM_WORD___NON_DEFAULT_0_9_8_BUILD */
 
 BN_MONT_CTX *BN_MONT_CTX_new(void)
-	{
-	BN_MONT_CTX *ret;
+{
+    BN_MONT_CTX *ret;
 
-	if ((ret=(BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL)
-		return(NULL);
+    if ((ret = (BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL)
+        return (NULL);
 
-	BN_MONT_CTX_init(ret);
-	ret->flags=BN_FLG_MALLOCED;
-	return(ret);
-	}
+    BN_MONT_CTX_init(ret);
+    ret->flags = BN_FLG_MALLOCED;
+    return (ret);
+}
 
 void BN_MONT_CTX_init(BN_MONT_CTX *ctx)
-	{
-	ctx->ri=0;
-	BN_init(&(ctx->RR));
-	BN_init(&(ctx->N));
-	BN_init(&(ctx->Ni));
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
-	ctx->n0[0] = ctx->n0[1] = 0;
+{
+    ctx->ri = 0;
+    BN_init(&(ctx->RR));
+    BN_init(&(ctx->N));
+    BN_init(&(ctx->Ni));
+#if 0                           /* for OpenSSL 0.9.9 mont->n0 */
+    ctx->n0[0] = ctx->n0[1] = 0;
 #else
-	ctx->n0 = 0;
+    ctx->n0 = 0;
 #endif
-	ctx->flags=0;
-	}
+    ctx->flags = 0;
+}
 
 void BN_MONT_CTX_free(BN_MONT_CTX *mont)
-	{
-	if(mont == NULL)
-	    return;
+{
+    if (mont == NULL)
+        return;
 
-	BN_free(&(mont->RR));
-	BN_free(&(mont->N));
-	BN_free(&(mont->Ni));
-	if (mont->flags & BN_FLG_MALLOCED)
-		OPENSSL_free(mont);
-	}
+    BN_free(&(mont->RR));
+    BN_free(&(mont->N));
+    BN_free(&(mont->Ni));
+    if (mont->flags & BN_FLG_MALLOCED)
+        OPENSSL_free(mont);
+}
 
 int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BIGNUM *Ri,*R;
-
-	BN_CTX_start(ctx);
-	if((Ri = BN_CTX_get(ctx)) == NULL) goto err;
-	R= &(mont->RR);					/* grab RR as a temp */
-	if (!BN_copy(&(mont->N),mod)) goto err;		/* Set N */
-	mont->N.neg = 0;
+{
+    int ret = 0;
+    BIGNUM *Ri, *R;
+
+    BN_CTX_start(ctx);
+    if ((Ri = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    R = &(mont->RR);            /* grab RR as a temp */
+    if (!BN_copy(&(mont->N), mod))
+        goto err;               /* Set N */
+    mont->N.neg = 0;
 
 #ifdef MONT_WORD
-		{
-		BIGNUM tmod;
-		BN_ULONG buf[2];
-
-		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
-		BN_zero(R);
-#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)",
-         only certain BN_BITS2<=32 platforms actually need this */
-		if (!(BN_set_bit(R,2*BN_BITS2))) goto err;	/* R */
-#else
-		if (!(BN_set_bit(R,BN_BITS2))) goto err;	/* R */
-#endif
+    {
+        BIGNUM tmod;
+        BN_ULONG buf[2];
+
+        mont->ri = (BN_num_bits(mod) + (BN_BITS2 - 1)) / BN_BITS2 * BN_BITS2;
+        BN_zero(R);
+# if 0                          /* for OpenSSL 0.9.9 mont->n0, would be "#if
+                                 * defined(OPENSSL_BN_ASM_MONT) &&
+                                 * (BN_BITS2<=32)", only certain BN_BITS2<=32
+                                 * platforms actually need this */
+        if (!(BN_set_bit(R, 2 * BN_BITS2)))
+            goto err;           /* R */
+# else
+        if (!(BN_set_bit(R, BN_BITS2)))
+            goto err;           /* R */
+# endif
 
-		buf[0]=mod->d[0]; /* tmod = N mod word size */
-		buf[1]=0;
-
-		BN_init(&tmod);
-		tmod.d=buf;
-		tmod.top = buf[0] != 0 ? 1 : 0;
-		tmod.dmax=2;
-		tmod.neg=0;
-
-#if 0 /* for OpenSSL 0.9.9 mont->n0, would be "#if defined(OPENSSL_BN_ASM_MONT) && (BN_BITS2<=32)";
-         only certain BN_BITS2<=32 platforms actually need this */
-								tmod.top=0;
-		if ((buf[0] = mod->d[0]))			tmod.top=1;
-		if ((buf[1] = mod->top>1 ? mod->d[1] : 0))	tmod.top=2;
-
-		if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
-			goto err;
-		if (!BN_lshift(Ri,Ri,2*BN_BITS2)) goto err; /* R*Ri */
-		if (!BN_is_zero(Ri))
-			{
-			if (!BN_sub_word(Ri,1)) goto err;
-			}
-		else /* if N mod word size == 1 */
-			{
-			if (bn_expand(Ri,(int)sizeof(BN_ULONG)*2) == NULL)
-				goto err;
-			/* Ri-- (mod double word size) */
-			Ri->neg=0;
-			Ri->d[0]=BN_MASK2;
-			Ri->d[1]=BN_MASK2;
-			Ri->top=2;
-			}
-		if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
-		/* Ni = (R*Ri-1)/N,
-		 * keep only couple of least significant words: */
-		mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
-		mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
-#else
-							/* Ri = R^-1 mod N*/
-		if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
-			goto err;
-		if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* R*Ri */
-		if (!BN_is_zero(Ri))
-			{
-			if (!BN_sub_word(Ri,1)) goto err;
-			}
-		else /* if N mod word size == 1 */
-			{
-			if (!BN_set_word(Ri,BN_MASK2)) goto err;  /* Ri-- (mod word size) */
-			}
-		if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
-		/* Ni = (R*Ri-1)/N,
-		 * keep only least significant word: */
-# if 0 /* for OpenSSL 0.9.9 mont->n0 */
-		mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
-		mont->n0[1] = 0;
+        buf[0] = mod->d[0];     /* tmod = N mod word size */
+        buf[1] = 0;
+
+        BN_init(&tmod);
+        tmod.d = buf;
+        tmod.top = buf[0] != 0 ? 1 : 0;
+        tmod.dmax = 2;
+        tmod.neg = 0;
+
+# if 0                          /* for OpenSSL 0.9.9 mont->n0, would be "#if
+                                 * defined(OPENSSL_BN_ASM_MONT) &&
+                                 * (BN_BITS2<=32)"; only certain BN_BITS2<=32
+                                 * platforms actually need this */
+        tmod.top = 0;
+        if ((buf[0] = mod->d[0]))
+            tmod.top = 1;
+        if ((buf[1] = mod->top > 1 ? mod->d[1] : 0))
+            tmod.top = 2;
+
+        if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
+            goto err;
+        if (!BN_lshift(Ri, Ri, 2 * BN_BITS2))
+            goto err;           /* R*Ri */
+        if (!BN_is_zero(Ri)) {
+            if (!BN_sub_word(Ri, 1))
+                goto err;
+        } else {                /* if N mod word size == 1 */
+
+            if (bn_expand(Ri, (int)sizeof(BN_ULONG) * 2) == NULL)
+                goto err;
+            /* Ri-- (mod double word size) */
+            Ri->neg = 0;
+            Ri->d[0] = BN_MASK2;
+            Ri->d[1] = BN_MASK2;
+            Ri->top = 2;
+        }
+        if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+            goto err;
+        /*
+         * Ni = (R*Ri-1)/N, keep only couple of least significant words:
+         */
+        mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
+        mont->n0[1] = (Ri->top > 1) ? Ri->d[1] : 0;
 # else
-		mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0;
+        /* Ri = R^-1 mod N */
+        if ((BN_mod_inverse(Ri, R, &tmod, ctx)) == NULL)
+            goto err;
+        if (!BN_lshift(Ri, Ri, BN_BITS2))
+            goto err;           /* R*Ri */
+        if (!BN_is_zero(Ri)) {
+            if (!BN_sub_word(Ri, 1))
+                goto err;
+        } else {                /* if N mod word size == 1 */
+
+            if (!BN_set_word(Ri, BN_MASK2))
+                goto err;       /* Ri-- (mod word size) */
+        }
+        if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+            goto err;
+        /*
+         * Ni = (R*Ri-1)/N, keep only least significant word:
+         */
+#  if 0                         /* for OpenSSL 0.9.9 mont->n0 */
+        mont->n0[0] = (Ri->top > 0) ? Ri->d[0] : 0;
+        mont->n0[1] = 0;
+#  else
+        mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0;
+#  endif
 # endif
-#endif
-		}
-#else /* !MONT_WORD */
-		{ /* bignum version */
-		mont->ri=BN_num_bits(&mont->N);
-		BN_zero(R);
-		if (!BN_set_bit(R,mont->ri)) goto err;  /* R = 2^ri */
-		                                        /* Ri = R^-1 mod N*/
-		if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL)
-			goto err;
-		if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* R*Ri */
-		if (!BN_sub_word(Ri,1)) goto err;
-							/* Ni = (R*Ri-1) / N */
-		if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err;
-		}
+    }
+#else                           /* !MONT_WORD */
+    {                           /* bignum version */
+        mont->ri = BN_num_bits(&mont->N);
+        BN_zero(R);
+        if (!BN_set_bit(R, mont->ri))
+            goto err;           /* R = 2^ri */
+        /* Ri = R^-1 mod N */
+        if ((BN_mod_inverse(Ri, R, &mont->N, ctx)) == NULL)
+            goto err;
+        if (!BN_lshift(Ri, Ri, mont->ri))
+            goto err;           /* R*Ri */
+        if (!BN_sub_word(Ri, 1))
+            goto err;
+        /*
+         * Ni = (R*Ri-1) / N
+         */
+        if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx))
+            goto err;
+    }
 #endif
 
-	/* setup RR for conversions */
-	BN_zero(&(mont->RR));
-	if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err;
-	if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err;
+    /* setup RR for conversions */
+    BN_zero(&(mont->RR));
+    if (!BN_set_bit(&(mont->RR), mont->ri * 2))
+        goto err;
+    if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
+        goto err;
 
-	ret = 1;
-err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return ret;
+}
 
 BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from)
-	{
-	if (to == from) return(to);
-
-	if (!BN_copy(&(to->RR),&(from->RR))) return NULL;
-	if (!BN_copy(&(to->N),&(from->N))) return NULL;
-	if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL;
-	to->ri=from->ri;
-#if 0 /* for OpenSSL 0.9.9 mont->n0 */
-	to->n0[0]=from->n0[0];
-	to->n0[1]=from->n0[1];
+{
+    if (to == from)
+        return (to);
+
+    if (!BN_copy(&(to->RR), &(from->RR)))
+        return NULL;
+    if (!BN_copy(&(to->N), &(from->N)))
+        return NULL;
+    if (!BN_copy(&(to->Ni), &(from->Ni)))
+        return NULL;
+    to->ri = from->ri;
+#if 0                           /* for OpenSSL 0.9.9 mont->n0 */
+    to->n0[0] = from->n0[0];
+    to->n0[1] = from->n0[1];
 #else
-	to->n0=from->n0;
+    to->n0 = from->n0;
 #endif
-	return(to);
-	}
+    return (to);
+}
 
 BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
-					const BIGNUM *mod, BN_CTX *ctx)
-	{
-	BN_MONT_CTX *ret;
-
-	CRYPTO_r_lock(lock);
-	ret = *pmont;
-	CRYPTO_r_unlock(lock);
-	if (ret)
-		return ret;
-
-	/* We don't want to serialise globally while doing our lazy-init math in
-	 * BN_MONT_CTX_set. That punishes threads that are doing independent
-	 * things. Instead, punish the case where more than one thread tries to
-	 * lazy-init the same 'pmont', by having each do the lazy-init math work
-	 * independently and only use the one from the thread that wins the race
-	 * (the losers throw away the work they've done). */
-	ret = BN_MONT_CTX_new();
-	if (!ret)
-		return NULL;
-	if (!BN_MONT_CTX_set(ret, mod, ctx))
-		{
-		BN_MONT_CTX_free(ret);
-		return NULL;
-		}
-
-	/* The locked compare-and-set, after the local work is done. */
-	CRYPTO_w_lock(lock);
-	if (*pmont)
-		{
-		BN_MONT_CTX_free(ret);
-		ret = *pmont;
-		}
-	else
-		*pmont = ret;
-	CRYPTO_w_unlock(lock);
-	return ret;
-	}
+                                    const BIGNUM *mod, BN_CTX *ctx)
+{
+    BN_MONT_CTX *ret;
+
+    CRYPTO_r_lock(lock);
+    ret = *pmont;
+    CRYPTO_r_unlock(lock);
+    if (ret)
+        return ret;
+
+    /*
+     * We don't want to serialise globally while doing our lazy-init math in
+     * BN_MONT_CTX_set. That punishes threads that are doing independent
+     * things. Instead, punish the case where more than one thread tries to
+     * lazy-init the same 'pmont', by having each do the lazy-init math work
+     * independently and only use the one from the thread that wins the race
+     * (the losers throw away the work they've done).
+     */
+    ret = BN_MONT_CTX_new();
+    if (!ret)
+        return NULL;
+    if (!BN_MONT_CTX_set(ret, mod, ctx)) {
+        BN_MONT_CTX_free(ret);
+        return NULL;
+    }
+
+    /* The locked compare-and-set, after the local work is done. */
+    CRYPTO_w_lock(lock);
+    if (*pmont) {
+        BN_MONT_CTX_free(ret);
+        ret = *pmont;
+    } else
+        *pmont = ret;
+    CRYPTO_w_unlock(lock);
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c
index a054d21a..3bd40bbd 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,70 +61,68 @@
 #include "bn_lcl.h"
 
 int BN_bn2mpi(const BIGNUM *a, unsigned char *d)
-	{
-	int bits;
-	int num=0;
-	int ext=0;
-	long l;
+{
+    int bits;
+    int num = 0;
+    int ext = 0;
+    long l;
 
-	bits=BN_num_bits(a);
-	num=(bits+7)/8;
-	if (bits > 0)
-		{
-		ext=((bits & 0x07) == 0);
-		}
-	if (d == NULL)
-		return(num+4+ext);
+    bits = BN_num_bits(a);
+    num = (bits + 7) / 8;
+    if (bits > 0) {
+        ext = ((bits & 0x07) == 0);
+    }
+    if (d == NULL)
+        return (num + 4 + ext);
 
-	l=num+ext;
-	d[0]=(unsigned char)(l>>24)&0xff;
-	d[1]=(unsigned char)(l>>16)&0xff;
-	d[2]=(unsigned char)(l>> 8)&0xff;
-	d[3]=(unsigned char)(l    )&0xff;
-	if (ext) d[4]=0;
-	num=BN_bn2bin(a,&(d[4+ext]));
-	if (a->neg)
-		d[4]|=0x80;
-	return(num+4+ext);
-	}
+    l = num + ext;
+    d[0] = (unsigned char)(l >> 24) & 0xff;
+    d[1] = (unsigned char)(l >> 16) & 0xff;
+    d[2] = (unsigned char)(l >> 8) & 0xff;
+    d[3] = (unsigned char)(l) & 0xff;
+    if (ext)
+        d[4] = 0;
+    num = BN_bn2bin(a, &(d[4 + ext]));
+    if (a->neg)
+        d[4] |= 0x80;
+    return (num + 4 + ext);
+}
 
 BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a)
-	{
-	long len;
-	int neg=0;
-
-	if (n < 4)
-		{
-		BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH);
-		return(NULL);
-		}
-	len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3];
-	if ((len+4) != n)
-		{
-		BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR);
-		return(NULL);
-		}
+{
+    long len;
+    int neg = 0;
 
-	if (a == NULL) a=BN_new();
-	if (a == NULL) return(NULL);
+    if (n < 4) {
+        BNerr(BN_F_BN_MPI2BN, BN_R_INVALID_LENGTH);
+        return (NULL);
+    }
+    len = ((long)d[0] << 24) | ((long)d[1] << 16) | ((int)d[2] << 8) | (int)
+        d[3];
+    if ((len + 4) != n) {
+        BNerr(BN_F_BN_MPI2BN, BN_R_ENCODING_ERROR);
+        return (NULL);
+    }
 
-	if (len == 0)
-		{
-		a->neg=0;
-		a->top=0;
-		return(a);
-		}
-	d+=4;
-	if ((*d) & 0x80)
-		neg=1;
-	if (BN_bin2bn(d,(int)len,a) == NULL)
-		return(NULL);
-	a->neg=neg;
-	if (neg)
-		{
-		BN_clear_bit(a,BN_num_bits(a)-1);
-		}
-	bn_check_top(a);
-	return(a);
-	}
+    if (a == NULL)
+        a = BN_new();
+    if (a == NULL)
+        return (NULL);
 
+    if (len == 0) {
+        a->neg = 0;
+        a->top = 0;
+        return (a);
+    }
+    d += 4;
+    if ((*d) & 0x80)
+        neg = 1;
+    if (BN_bin2bn(d, (int)len, a) == NULL)
+        return (NULL);
+    a->neg = neg;
+    if (neg) {
+        BN_clear_bit(a, BN_num_bits(a) - 1);
+    }
+    bn_check_top(a);
+    return (a);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c
index 12e5be80..b174850b 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -57,7 +57,7 @@
  */
 
 #ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
+# undef NDEBUG                  /* avoid conflicting definitions */
 # define NDEBUG
 #endif
 
@@ -67,319 +67,353 @@
 #include "bn_lcl.h"
 
 #if defined(OPENSSL_NO_ASM) || !defined(OPENSSL_BN_ASM_PART_WORDS)
-/* Here follows specialised variants of bn_add_words() and
-   bn_sub_words().  They have the property performing operations on
-   arrays of different sizes.  The sizes of those arrays is expressed through
-   cl, which is the common length ( basicall, min(len(a),len(b)) ), and dl,
-   which is the delta between the two lengths, calculated as len(a)-len(b).
-   All lengths are the number of BN_ULONGs...  For the operations that require
-   a result array as parameter, it must have the length cl+abs(dl).
-   These functions should probably end up in bn_asm.c as soon as there are
-   assembler counterparts for the systems that use assembler files.  */
+/*
+ * Here follows specialised variants of bn_add_words() and bn_sub_words().
+ * They have the property performing operations on arrays of different sizes.
+ * The sizes of those arrays is expressed through cl, which is the common
+ * length ( basicall, min(len(a),len(b)) ), and dl, which is the delta
+ * between the two lengths, calculated as len(a)-len(b). All lengths are the
+ * number of BN_ULONGs...  For the operations that require a result array as
+ * parameter, it must have the length cl+abs(dl). These functions should
+ * probably end up in bn_asm.c as soon as there are assembler counterparts
+ * for the systems that use assembler files.
+ */
 
 BN_ULONG bn_sub_part_words(BN_ULONG *r,
-	const BN_ULONG *a, const BN_ULONG *b,
-	int cl, int dl)
-	{
-	BN_ULONG c, t;
+                           const BN_ULONG *a, const BN_ULONG *b,
+                           int cl, int dl)
+{
+    BN_ULONG c, t;
 
-	assert(cl >= 0);
-	c = bn_sub_words(r, a, b, cl);
+    assert(cl >= 0);
+    c = bn_sub_words(r, a, b, cl);
 
-	if (dl == 0)
-		return c;
+    if (dl == 0)
+        return c;
 
-	r += cl;
-	a += cl;
-	b += cl;
+    r += cl;
+    a += cl;
+    b += cl;
 
-	if (dl < 0)
-		{
-#ifdef BN_COUNT
-		fprintf(stderr, "  bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
-#endif
-		for (;;)
-			{
-			t = b[0];
-			r[0] = (0-t-c)&BN_MASK2;
-			if (t != 0) c=1;
-			if (++dl >= 0) break;
-
-			t = b[1];
-			r[1] = (0-t-c)&BN_MASK2;
-			if (t != 0) c=1;
-			if (++dl >= 0) break;
-
-			t = b[2];
-			r[2] = (0-t-c)&BN_MASK2;
-			if (t != 0) c=1;
-			if (++dl >= 0) break;
-
-			t = b[3];
-			r[3] = (0-t-c)&BN_MASK2;
-			if (t != 0) c=1;
-			if (++dl >= 0) break;
-
-			b += 4;
-			r += 4;
-			}
-		}
-	else
-		{
-		int save_dl = dl;
-#ifdef BN_COUNT
-		fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c);
-#endif
-		while(c)
-			{
-			t = a[0];
-			r[0] = (t-c)&BN_MASK2;
-			if (t != 0) c=0;
-			if (--dl <= 0) break;
-
-			t = a[1];
-			r[1] = (t-c)&BN_MASK2;
-			if (t != 0) c=0;
-			if (--dl <= 0) break;
-
-			t = a[2];
-			r[2] = (t-c)&BN_MASK2;
-			if (t != 0) c=0;
-			if (--dl <= 0) break;
-
-			t = a[3];
-			r[3] = (t-c)&BN_MASK2;
-			if (t != 0) c=0;
-			if (--dl <= 0) break;
-
-			save_dl = dl;
-			a += 4;
-			r += 4;
-			}
-		if (dl > 0)
-			{
-#ifdef BN_COUNT
-			fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
-#endif
-			if (save_dl > dl)
-				{
-				switch (save_dl - dl)
-					{
-				case 1:
-					r[1] = a[1];
-					if (--dl <= 0) break;
-				case 2:
-					r[2] = a[2];
-					if (--dl <= 0) break;
-				case 3:
-					r[3] = a[3];
-					if (--dl <= 0) break;
-					}
-				a += 4;
-				r += 4;
-				}
-			}
-		if (dl > 0)
-			{
-#ifdef BN_COUNT
-			fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl);
-#endif
-			for(;;)
-				{
-				r[0] = a[0];
-				if (--dl <= 0) break;
-				r[1] = a[1];
-				if (--dl <= 0) break;
-				r[2] = a[2];
-				if (--dl <= 0) break;
-				r[3] = a[3];
-				if (--dl <= 0) break;
-
-				a += 4;
-				r += 4;
-				}
-			}
-		}
-	return c;
-	}
+    if (dl < 0) {
+# ifdef BN_COUNT
+        fprintf(stderr, "  bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl,
+                dl, c);
+# endif
+        for (;;) {
+            t = b[0];
+            r[0] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            t = b[1];
+            r[1] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            t = b[2];
+            r[2] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            t = b[3];
+            r[3] = (0 - t - c) & BN_MASK2;
+            if (t != 0)
+                c = 1;
+            if (++dl >= 0)
+                break;
+
+            b += 4;
+            r += 4;
+        }
+    } else {
+        int save_dl = dl;
+# ifdef BN_COUNT
+        fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl,
+                dl, c);
+# endif
+        while (c) {
+            t = a[0];
+            r[0] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            t = a[1];
+            r[1] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            t = a[2];
+            r[2] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            t = a[3];
+            r[3] = (t - c) & BN_MASK2;
+            if (t != 0)
+                c = 0;
+            if (--dl <= 0)
+                break;
+
+            save_dl = dl;
+            a += 4;
+            r += 4;
+        }
+        if (dl > 0) {
+# ifdef BN_COUNT
+            fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, c == 0)\n",
+                    cl, dl);
+# endif
+            if (save_dl > dl) {
+                switch (save_dl - dl) {
+                case 1:
+                    r[1] = a[1];
+                    if (--dl <= 0)
+                        break;
+                case 2:
+                    r[2] = a[2];
+                    if (--dl <= 0)
+                        break;
+                case 3:
+                    r[3] = a[3];
+                    if (--dl <= 0)
+                        break;
+                }
+                a += 4;
+                r += 4;
+            }
+        }
+        if (dl > 0) {
+# ifdef BN_COUNT
+            fprintf(stderr, "  bn_sub_part_words %d + %d (dl > 0, copy)\n",
+                    cl, dl);
+# endif
+            for (;;) {
+                r[0] = a[0];
+                if (--dl <= 0)
+                    break;
+                r[1] = a[1];
+                if (--dl <= 0)
+                    break;
+                r[2] = a[2];
+                if (--dl <= 0)
+                    break;
+                r[3] = a[3];
+                if (--dl <= 0)
+                    break;
+
+                a += 4;
+                r += 4;
+            }
+        }
+    }
+    return c;
+}
 #endif
 
 BN_ULONG bn_add_part_words(BN_ULONG *r,
-	const BN_ULONG *a, const BN_ULONG *b,
-	int cl, int dl)
-	{
-	BN_ULONG c, l, t;
+                           const BN_ULONG *a, const BN_ULONG *b,
+                           int cl, int dl)
+{
+    BN_ULONG c, l, t;
 
-	assert(cl >= 0);
-	c = bn_add_words(r, a, b, cl);
+    assert(cl >= 0);
+    c = bn_add_words(r, a, b, cl);
 
-	if (dl == 0)
-		return c;
+    if (dl == 0)
+        return c;
 
-	r += cl;
-	a += cl;
-	b += cl;
+    r += cl;
+    a += cl;
+    b += cl;
 
-	if (dl < 0)
-		{
-		int save_dl = dl;
+    if (dl < 0) {
+        int save_dl = dl;
 #ifdef BN_COUNT
-		fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c);
+        fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl,
+                dl, c);
 #endif
-		while (c)
-			{
-			l=(c+b[0])&BN_MASK2;
-			c=(l < c);
-			r[0]=l;
-			if (++dl >= 0) break;
-
-			l=(c+b[1])&BN_MASK2;
-			c=(l < c);
-			r[1]=l;
-			if (++dl >= 0) break;
-
-			l=(c+b[2])&BN_MASK2;
-			c=(l < c);
-			r[2]=l;
-			if (++dl >= 0) break;
-
-			l=(c+b[3])&BN_MASK2;
-			c=(l < c);
-			r[3]=l;
-			if (++dl >= 0) break;
-
-			save_dl = dl;
-			b+=4;
-			r+=4;
-			}
-		if (dl < 0)
-			{
+        while (c) {
+            l = (c + b[0]) & BN_MASK2;
+            c = (l < c);
+            r[0] = l;
+            if (++dl >= 0)
+                break;
+
+            l = (c + b[1]) & BN_MASK2;
+            c = (l < c);
+            r[1] = l;
+            if (++dl >= 0)
+                break;
+
+            l = (c + b[2]) & BN_MASK2;
+            c = (l < c);
+            r[2] = l;
+            if (++dl >= 0)
+                break;
+
+            l = (c + b[3]) & BN_MASK2;
+            c = (l < c);
+            r[3] = l;
+            if (++dl >= 0)
+                break;
+
+            save_dl = dl;
+            b += 4;
+            r += 4;
+        }
+        if (dl < 0) {
 #ifdef BN_COUNT
-			fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl);
+            fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, c == 0)\n",
+                    cl, dl);
 #endif
-			if (save_dl < dl)
-				{
-				switch (dl - save_dl)
-					{
-				case 1:
-					r[1] = b[1];
-					if (++dl >= 0) break;
-				case 2:
-					r[2] = b[2];
-					if (++dl >= 0) break;
-				case 3:
-					r[3] = b[3];
-					if (++dl >= 0) break;
-					}
-				b += 4;
-				r += 4;
-				}
-			}
-		if (dl < 0)
-			{
+            if (save_dl < dl) {
+                switch (dl - save_dl) {
+                case 1:
+                    r[1] = b[1];
+                    if (++dl >= 0)
+                        break;
+                case 2:
+                    r[2] = b[2];
+                    if (++dl >= 0)
+                        break;
+                case 3:
+                    r[3] = b[3];
+                    if (++dl >= 0)
+                        break;
+                }
+                b += 4;
+                r += 4;
+            }
+        }
+        if (dl < 0) {
 #ifdef BN_COUNT
-			fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl);
+            fprintf(stderr, "  bn_add_part_words %d + %d (dl < 0, copy)\n",
+                    cl, dl);
 #endif
-			for(;;)
-				{
-				r[0] = b[0];
-				if (++dl >= 0) break;
-				r[1] = b[1];
-				if (++dl >= 0) break;
-				r[2] = b[2];
-				if (++dl >= 0) break;
-				r[3] = b[3];
-				if (++dl >= 0) break;
-
-				b += 4;
-				r += 4;
-				}
-			}
-		}
-	else
-		{
-		int save_dl = dl;
+            for (;;) {
+                r[0] = b[0];
+                if (++dl >= 0)
+                    break;
+                r[1] = b[1];
+                if (++dl >= 0)
+                    break;
+                r[2] = b[2];
+                if (++dl >= 0)
+                    break;
+                r[3] = b[3];
+                if (++dl >= 0)
+                    break;
+
+                b += 4;
+                r += 4;
+            }
+        }
+    } else {
+        int save_dl = dl;
 #ifdef BN_COUNT
-		fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0)\n", cl, dl);
+        fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0)\n", cl, dl);
 #endif
-		while (c)
-			{
-			t=(a[0]+c)&BN_MASK2;
-			c=(t < c);
-			r[0]=t;
-			if (--dl <= 0) break;
-
-			t=(a[1]+c)&BN_MASK2;
-			c=(t < c);
-			r[1]=t;
-			if (--dl <= 0) break;
-
-			t=(a[2]+c)&BN_MASK2;
-			c=(t < c);
-			r[2]=t;
-			if (--dl <= 0) break;
-
-			t=(a[3]+c)&BN_MASK2;
-			c=(t < c);
-			r[3]=t;
-			if (--dl <= 0) break;
-
-			save_dl = dl;
-			a+=4;
-			r+=4;
-			}
+        while (c) {
+            t = (a[0] + c) & BN_MASK2;
+            c = (t < c);
+            r[0] = t;
+            if (--dl <= 0)
+                break;
+
+            t = (a[1] + c) & BN_MASK2;
+            c = (t < c);
+            r[1] = t;
+            if (--dl <= 0)
+                break;
+
+            t = (a[2] + c) & BN_MASK2;
+            c = (t < c);
+            r[2] = t;
+            if (--dl <= 0)
+                break;
+
+            t = (a[3] + c) & BN_MASK2;
+            c = (t < c);
+            r[3] = t;
+            if (--dl <= 0)
+                break;
+
+            save_dl = dl;
+            a += 4;
+            r += 4;
+        }
 #ifdef BN_COUNT
-		fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl);
+        fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl,
+                dl);
 #endif
-		if (dl > 0)
-			{
-			if (save_dl > dl)
-				{
-				switch (save_dl - dl)
-					{
-				case 1:
-					r[1] = a[1];
-					if (--dl <= 0) break;
-				case 2:
-					r[2] = a[2];
-					if (--dl <= 0) break;
-				case 3:
-					r[3] = a[3];
-					if (--dl <= 0) break;
-					}
-				a += 4;
-				r += 4;
-				}
-			}
-		if (dl > 0)
-			{
+        if (dl > 0) {
+            if (save_dl > dl) {
+                switch (save_dl - dl) {
+                case 1:
+                    r[1] = a[1];
+                    if (--dl <= 0)
+                        break;
+                case 2:
+                    r[2] = a[2];
+                    if (--dl <= 0)
+                        break;
+                case 3:
+                    r[3] = a[3];
+                    if (--dl <= 0)
+                        break;
+                }
+                a += 4;
+                r += 4;
+            }
+        }
+        if (dl > 0) {
 #ifdef BN_COUNT
-			fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl);
+            fprintf(stderr, "  bn_add_part_words %d + %d (dl > 0, copy)\n",
+                    cl, dl);
 #endif
-			for(;;)
-				{
-				r[0] = a[0];
-				if (--dl <= 0) break;
-				r[1] = a[1];
-				if (--dl <= 0) break;
-				r[2] = a[2];
-				if (--dl <= 0) break;
-				r[3] = a[3];
-				if (--dl <= 0) break;
-
-				a += 4;
-				r += 4;
-				}
-			}
-		}
-	return c;
-	}
+            for (;;) {
+                r[0] = a[0];
+                if (--dl <= 0)
+                    break;
+                r[1] = a[1];
+                if (--dl <= 0)
+                    break;
+                r[2] = a[2];
+                if (--dl <= 0)
+                    break;
+                r[3] = a[3];
+                if (--dl <= 0)
+                    break;
+
+                a += 4;
+                r += 4;
+            }
+        }
+    }
+    return c;
+}
 
 #ifdef BN_RECURSION
-/* Karatsuba recursive multiplication algorithm
- * (cf. Knuth, The Art of Computer Programming, Vol. 2) */
+/*
+ * Karatsuba recursive multiplication algorithm (cf. Knuth, The Art of
+ * Computer Programming, Vol. 2)
+ */
 
-/* r is 2*n2 words in size,
+/*-
+ * r is 2*n2 words in size,
  * a and b are both n2 words in size.
  * n2 must be a power of 2.
  * We multiply and return the result.
@@ -391,776 +425,740 @@ BN_ULONG bn_add_part_words(BN_ULONG *r,
  */
 /* dnX may not be positive, but n2/2+dnX has to be */
 void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-	int dna, int dnb, BN_ULONG *t)
-	{
-	int n=n2/2,c1,c2;
-	int tna=n+dna, tnb=n+dnb;
-	unsigned int neg,zero;
-	BN_ULONG ln,lo,*p;
+                      int dna, int dnb, BN_ULONG *t)
+{
+    int n = n2 / 2, c1, c2;
+    int tna = n + dna, tnb = n + dnb;
+    unsigned int neg, zero;
+    BN_ULONG ln, lo, *p;
 
 # ifdef BN_COUNT
-	fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
+    fprintf(stderr, " bn_mul_recursive %d%+d * %d%+d\n", n2, dna, n2, dnb);
 # endif
 # ifdef BN_MUL_COMBA
 #  if 0
-	if (n2 == 4)
-		{
-		bn_mul_comba4(r,a,b);
-		return;
-		}
+    if (n2 == 4) {
+        bn_mul_comba4(r, a, b);
+        return;
+    }
 #  endif
-	/* Only call bn_mul_comba 8 if n2 == 8 and the
-	 * two arrays are complete [steve]
-	 */
-	if (n2 == 8 && dna == 0 && dnb == 0)
-		{
-		bn_mul_comba8(r,a,b);
-		return; 
-		}
-# endif /* BN_MUL_COMBA */
-	/* Else do normal multiply */
-	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
-		{
-		bn_mul_normal(r,a,n2+dna,b,n2+dnb);
-		if ((dna + dnb) < 0)
-			memset(&r[2*n2 + dna + dnb], 0,
-				sizeof(BN_ULONG) * -(dna + dnb));
-		return;
-		}
-	/* r=(a[0]-a[1])*(b[1]-b[0]) */
-	c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
-	c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
-	zero=neg=0;
-	switch (c1*3+c2)
-		{
-	case -4:
-		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
-		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
-		break;
-	case -3:
-		zero=1;
-		break;
-	case -2:
-		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
-		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n); /* + */
-		neg=1;
-		break;
-	case -1:
-	case 0:
-	case 1:
-		zero=1;
-		break;
-	case 2:
-		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna); /* + */
-		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
-		neg=1;
-		break;
-	case 3:
-		zero=1;
-		break;
-	case 4:
-		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna);
-		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n);
-		break;
-		}
+    /*
+     * Only call bn_mul_comba 8 if n2 == 8 and the two arrays are complete
+     * [steve]
+     */
+    if (n2 == 8 && dna == 0 && dnb == 0) {
+        bn_mul_comba8(r, a, b);
+        return;
+    }
+# endif                         /* BN_MUL_COMBA */
+    /* Else do normal multiply */
+    if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) {
+        bn_mul_normal(r, a, n2 + dna, b, n2 + dnb);
+        if ((dna + dnb) < 0)
+            memset(&r[2 * n2 + dna + dnb], 0,
+                   sizeof(BN_ULONG) * -(dna + dnb));
+        return;
+    }
+    /* r=(a[0]-a[1])*(b[1]-b[0]) */
+    c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
+    c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n);
+    zero = neg = 0;
+    switch (c1 * 3 + c2) {
+    case -4:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        break;
+    case -3:
+        zero = 1;
+        break;
+    case -2:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
+        neg = 1;
+        break;
+    case -1:
+    case 0:
+    case 1:
+        zero = 1;
+        break;
+    case 2:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        neg = 1;
+        break;
+    case 3:
+        zero = 1;
+        break;
+    case 4:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
+        break;
+    }
 
 # ifdef BN_MUL_COMBA
-	if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take
-					       extra args to do this well */
-		{
-		if (!zero)
-			bn_mul_comba4(&(t[n2]),t,&(t[n]));
-		else
-			memset(&(t[n2]),0,8*sizeof(BN_ULONG));
-		
-		bn_mul_comba4(r,a,b);
-		bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n]));
-		}
-	else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could
-						    take extra args to do this
-						    well */
-		{
-		if (!zero)
-			bn_mul_comba8(&(t[n2]),t,&(t[n]));
-		else
-			memset(&(t[n2]),0,16*sizeof(BN_ULONG));
-		
-		bn_mul_comba8(r,a,b);
-		bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
-		}
-	else
-# endif /* BN_MUL_COMBA */
-		{
-		p= &(t[n2*2]);
-		if (!zero)
-			bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
-		else
-			memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
-		bn_mul_recursive(r,a,b,n,0,0,p);
-		bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p);
-		}
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 */
-
-	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
-
-	if (neg) /* if t[32] is negative */
-		{
-		c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
-		}
-	else
-		{
-		/* Might have a carry */
-		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
-		}
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 * c1 holds the carry bits
-	 */
-	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
-	if (c1)
-		{
-		p= &(r[n+n2]);
-		lo= *p;
-		ln=(lo+c1)&BN_MASK2;
-		*p=ln;
-
-		/* The overflow will stop before we over write
-		 * words we should not overwrite */
-		if (ln < (BN_ULONG)c1)
-			{
-			do	{
-				p++;
-				lo= *p;
-				ln=(lo+1)&BN_MASK2;
-				*p=ln;
-				} while (ln == 0);
-			}
-		}
-	}
-
-/* n+tn is the word length
- * t needs to be n*4 is size, as does r */
+    if (n == 4 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba4 could take
+                                           * extra args to do this well */
+        if (!zero)
+            bn_mul_comba4(&(t[n2]), t, &(t[n]));
+        else
+            memset(&(t[n2]), 0, 8 * sizeof(BN_ULONG));
+
+        bn_mul_comba4(r, a, b);
+        bn_mul_comba4(&(r[n2]), &(a[n]), &(b[n]));
+    } else if (n == 8 && dna == 0 && dnb == 0) { /* XXX: bn_mul_comba8 could
+                                                  * take extra args to do
+                                                  * this well */
+        if (!zero)
+            bn_mul_comba8(&(t[n2]), t, &(t[n]));
+        else
+            memset(&(t[n2]), 0, 16 * sizeof(BN_ULONG));
+
+        bn_mul_comba8(r, a, b);
+        bn_mul_comba8(&(r[n2]), &(a[n]), &(b[n]));
+    } else
+# endif                         /* BN_MUL_COMBA */
+    {
+        p = &(t[n2 * 2]);
+        if (!zero)
+            bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
+        else
+            memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
+        bn_mul_recursive(r, a, b, n, 0, 0, p);
+        bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]), n, dna, dnb, p);
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     */
+
+    c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
+
+    if (neg) {                  /* if t[32] is negative */
+        c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+    } else {
+        /* Might have a carry */
+        c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     * c1 holds the carry bits
+     */
+    c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+    if (c1) {
+        p = &(r[n + n2]);
+        lo = *p;
+        ln = (lo + c1) & BN_MASK2;
+        *p = ln;
+
+        /*
+         * The overflow will stop before we over write words we should not
+         * overwrite
+         */
+        if (ln < (BN_ULONG)c1) {
+            do {
+                p++;
+                lo = *p;
+                ln = (lo + 1) & BN_MASK2;
+                *p = ln;
+            } while (ln == 0);
+        }
+    }
+}
+
+/*
+ * n+tn is the word length t needs to be n*4 is size, as does r
+ */
 /* tnX may not be negative but less than n */
 void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
-	     int tna, int tnb, BN_ULONG *t)
-	{
-	int i,j,n2=n*2;
-	int c1,c2,neg;
-	BN_ULONG ln,lo,*p;
+                           int tna, int tnb, BN_ULONG *t)
+{
+    int i, j, n2 = n * 2;
+    int c1, c2, neg;
+    BN_ULONG ln, lo, *p;
 
 # ifdef BN_COUNT
-	fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
-		n, tna, n, tnb);
+    fprintf(stderr, " bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
+            n, tna, n, tnb);
 # endif
-	if (n < 8)
-		{
-		bn_mul_normal(r,a,n+tna,b,n+tnb);
-		return;
-		}
-
-	/* r=(a[0]-a[1])*(b[1]-b[0]) */
-	c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna);
-	c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n);
-	neg=0;
-	switch (c1*3+c2)
-		{
-	case -4:
-		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
-		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
-		break;
-	case -3:
-		/* break; */
-	case -2:
-		bn_sub_part_words(t,      &(a[n]),a,      tna,tna-n); /* - */
-		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n); /* + */
-		neg=1;
-		break;
-	case -1:
-	case 0:
-	case 1:
-		/* break; */
-	case 2:
-		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna); /* + */
-		bn_sub_part_words(&(t[n]),b,      &(b[n]),tnb,n-tnb); /* - */
-		neg=1;
-		break;
-	case 3:
-		/* break; */
-	case 4:
-		bn_sub_part_words(t,      a,      &(a[n]),tna,n-tna);
-		bn_sub_part_words(&(t[n]),&(b[n]),b,      tnb,tnb-n);
-		break;
-		}
-		/* The zero case isn't yet implemented here. The speedup
-		   would probably be negligible. */
+    if (n < 8) {
+        bn_mul_normal(r, a, n + tna, b, n + tnb);
+        return;
+    }
+
+    /* r=(a[0]-a[1])*(b[1]-b[0]) */
+    c1 = bn_cmp_part_words(a, &(a[n]), tna, n - tna);
+    c2 = bn_cmp_part_words(&(b[n]), b, tnb, tnb - n);
+    neg = 0;
+    switch (c1 * 3 + c2) {
+    case -4:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        break;
+    case -3:
+        /* break; */
+    case -2:
+        bn_sub_part_words(t, &(a[n]), a, tna, tna - n); /* - */
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n); /* + */
+        neg = 1;
+        break;
+    case -1:
+    case 0:
+    case 1:
+        /* break; */
+    case 2:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna); /* + */
+        bn_sub_part_words(&(t[n]), b, &(b[n]), tnb, n - tnb); /* - */
+        neg = 1;
+        break;
+    case 3:
+        /* break; */
+    case 4:
+        bn_sub_part_words(t, a, &(a[n]), tna, n - tna);
+        bn_sub_part_words(&(t[n]), &(b[n]), b, tnb, tnb - n);
+        break;
+    }
+    /*
+     * The zero case isn't yet implemented here. The speedup would probably
+     * be negligible.
+     */
 # if 0
-	if (n == 4)
-		{
-		bn_mul_comba4(&(t[n2]),t,&(t[n]));
-		bn_mul_comba4(r,a,b);
-		bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
-		memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
-		}
-	else
+    if (n == 4) {
+        bn_mul_comba4(&(t[n2]), t, &(t[n]));
+        bn_mul_comba4(r, a, b);
+        bn_mul_normal(&(r[n2]), &(a[n]), tn, &(b[n]), tn);
+        memset(&(r[n2 + tn * 2]), 0, sizeof(BN_ULONG) * (n2 - tn * 2));
+    } else
 # endif
-	if (n == 8)
-		{
-		bn_mul_comba8(&(t[n2]),t,&(t[n]));
-		bn_mul_comba8(r,a,b);
-		bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
-		memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb));
-		}
-	else
-		{
-		p= &(t[n2*2]);
-		bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p);
-		bn_mul_recursive(r,a,b,n,0,0,p);
-		i=n/2;
-		/* If there is only a bottom half to the number,
-		 * just do it */
-		if (tna > tnb)
-			j = tna - i;
-		else
-			j = tnb - i;
-		if (j == 0)
-			{
-			bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),
-				i,tna-i,tnb-i,p);
-			memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
-			}
-		else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
-				{
-				bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
-					i,tna-i,tnb-i,p);
-				memset(&(r[n2+tna+tnb]),0,
-					sizeof(BN_ULONG)*(n2-tna-tnb));
-				}
-		else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
-			{
-			memset(&(r[n2]),0,sizeof(BN_ULONG)*n2);
-			if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL
-				&& tnb < BN_MUL_RECURSIVE_SIZE_NORMAL)
-				{
-				bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb);
-				}
-			else
-				{
-				for (;;)
-					{
-					i/=2;
-					/* these simplified conditions work
-					 * exclusively because difference
-					 * between tna and tnb is 1 or 0 */
-					if (i < tna || i < tnb)
-						{
-						bn_mul_part_recursive(&(r[n2]),
-							&(a[n]),&(b[n]),
-							i,tna-i,tnb-i,p);
-						break;
-						}
-					else if (i == tna || i == tnb)
-						{
-						bn_mul_recursive(&(r[n2]),
-							&(a[n]),&(b[n]),
-							i,tna-i,tnb-i,p);
-						break;
-						}
-					}
-				}
-			}
-		}
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 */
-
-	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
-
-	if (neg) /* if t[32] is negative */
-		{
-		c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
-		}
-	else
-		{
-		/* Might have a carry */
-		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2));
-		}
-
-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 * c1 holds the carry bits
-	 */
-	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
-	if (c1)
-		{
-		p= &(r[n+n2]);
-		lo= *p;
-		ln=(lo+c1)&BN_MASK2;
-		*p=ln;
-
-		/* The overflow will stop before we over write
-		 * words we should not overwrite */
-		if (ln < (BN_ULONG)c1)
-			{
-			do	{
-				p++;
-				lo= *p;
-				ln=(lo+1)&BN_MASK2;
-				*p=ln;
-				} while (ln == 0);
-			}
-		}
-	}
-
-/* a and b must be the same size, which is n2.
+    if (n == 8) {
+        bn_mul_comba8(&(t[n2]), t, &(t[n]));
+        bn_mul_comba8(r, a, b);
+        bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
+        memset(&(r[n2 + tna + tnb]), 0, sizeof(BN_ULONG) * (n2 - tna - tnb));
+    } else {
+        p = &(t[n2 * 2]);
+        bn_mul_recursive(&(t[n2]), t, &(t[n]), n, 0, 0, p);
+        bn_mul_recursive(r, a, b, n, 0, 0, p);
+        i = n / 2;
+        /*
+         * If there is only a bottom half to the number, just do it
+         */
+        if (tna > tnb)
+            j = tna - i;
+        else
+            j = tnb - i;
+        if (j == 0) {
+            bn_mul_recursive(&(r[n2]), &(a[n]), &(b[n]),
+                             i, tna - i, tnb - i, p);
+            memset(&(r[n2 + i * 2]), 0, sizeof(BN_ULONG) * (n2 - i * 2));
+        } else if (j > 0) {     /* eg, n == 16, i == 8 and tn == 11 */
+            bn_mul_part_recursive(&(r[n2]), &(a[n]), &(b[n]),
+                                  i, tna - i, tnb - i, p);
+            memset(&(r[n2 + tna + tnb]), 0,
+                   sizeof(BN_ULONG) * (n2 - tna - tnb));
+        } else {                /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
+
+            memset(&(r[n2]), 0, sizeof(BN_ULONG) * n2);
+            if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL
+                && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) {
+                bn_mul_normal(&(r[n2]), &(a[n]), tna, &(b[n]), tnb);
+            } else {
+                for (;;) {
+                    i /= 2;
+                    /*
+                     * these simplified conditions work exclusively because
+                     * difference between tna and tnb is 1 or 0
+                     */
+                    if (i < tna || i < tnb) {
+                        bn_mul_part_recursive(&(r[n2]),
+                                              &(a[n]), &(b[n]),
+                                              i, tna - i, tnb - i, p);
+                        break;
+                    } else if (i == tna || i == tnb) {
+                        bn_mul_recursive(&(r[n2]),
+                                         &(a[n]), &(b[n]),
+                                         i, tna - i, tnb - i, p);
+                        break;
+                    }
+                }
+            }
+        }
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     */
+
+    c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
+
+    if (neg) {                  /* if t[32] is negative */
+        c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
+    } else {
+        /* Might have a carry */
+        c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), t, n2));
+    }
+
+    /*-
+     * t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     * c1 holds the carry bits
+     */
+    c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+    if (c1) {
+        p = &(r[n + n2]);
+        lo = *p;
+        ln = (lo + c1) & BN_MASK2;
+        *p = ln;
+
+        /*
+         * The overflow will stop before we over write words we should not
+         * overwrite
+         */
+        if (ln < (BN_ULONG)c1) {
+            do {
+                p++;
+                lo = *p;
+                ln = (lo + 1) & BN_MASK2;
+                *p = ln;
+            } while (ln == 0);
+        }
+    }
+}
+
+/*-
+ * a and b must be the same size, which is n2.
  * r needs to be n2 words and t needs to be n2*2
  */
 void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
-	     BN_ULONG *t)
-	{
-	int n=n2/2;
+                          BN_ULONG *t)
+{
+    int n = n2 / 2;
 
 # ifdef BN_COUNT
-	fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2);
+    fprintf(stderr, " bn_mul_low_recursive %d * %d\n", n2, n2);
 # endif
 
-	bn_mul_recursive(r,a,b,n,0,0,&(t[0]));
-	if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
-		{
-		bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-		bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-		}
-	else
-		{
-		bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
-		bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
-		bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
-		}
-	}
-
-/* a and b must be the same size, which is n2.
+    bn_mul_recursive(r, a, b, n, 0, 0, &(t[0]));
+    if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) {
+        bn_mul_low_recursive(&(t[0]), &(a[0]), &(b[n]), n, &(t[n2]));
+        bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+        bn_mul_low_recursive(&(t[0]), &(a[n]), &(b[0]), n, &(t[n2]));
+        bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+    } else {
+        bn_mul_low_normal(&(t[0]), &(a[0]), &(b[n]), n);
+        bn_mul_low_normal(&(t[n]), &(a[n]), &(b[0]), n);
+        bn_add_words(&(r[n]), &(r[n]), &(t[0]), n);
+        bn_add_words(&(r[n]), &(r[n]), &(t[n]), n);
+    }
+}
+
+/*-
+ * a and b must be the same size, which is n2.
  * r needs to be n2 words and t needs to be n2*2
  * l is the low words of the output.
  * t needs to be n2*3
  */
 void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
-	     BN_ULONG *t)
-	{
-	int i,n;
-	int c1,c2;
-	int neg,oneg,zero;
-	BN_ULONG ll,lc,*lp,*mp;
+                 BN_ULONG *t)
+{
+    int i, n;
+    int c1, c2;
+    int neg, oneg, zero;
+    BN_ULONG ll, lc, *lp, *mp;
 
 # ifdef BN_COUNT
-	fprintf(stderr," bn_mul_high %d * %d\n",n2,n2);
+    fprintf(stderr, " bn_mul_high %d * %d\n", n2, n2);
 # endif
-	n=n2/2;
-
-	/* Calculate (al-ah)*(bh-bl) */
-	neg=zero=0;
-	c1=bn_cmp_words(&(a[0]),&(a[n]),n);
-	c2=bn_cmp_words(&(b[n]),&(b[0]),n);
-	switch (c1*3+c2)
-		{
-	case -4:
-		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
-		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
-		break;
-	case -3:
-		zero=1;
-		break;
-	case -2:
-		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
-		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
-		neg=1;
-		break;
-	case -1:
-	case 0:
-	case 1:
-		zero=1;
-		break;
-	case 2:
-		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
-		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
-		neg=1;
-		break;
-	case 3:
-		zero=1;
-		break;
-	case 4:
-		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
-		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
-		break;
-		}
-		
-	oneg=neg;
-	/* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
-	/* r[10] = (a[1]*b[1]) */
+    n = n2 / 2;
+
+    /* Calculate (al-ah)*(bh-bl) */
+    neg = zero = 0;
+    c1 = bn_cmp_words(&(a[0]), &(a[n]), n);
+    c2 = bn_cmp_words(&(b[n]), &(b[0]), n);
+    switch (c1 * 3 + c2) {
+    case -4:
+        bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
+        bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
+        break;
+    case -3:
+        zero = 1;
+        break;
+    case -2:
+        bn_sub_words(&(r[0]), &(a[n]), &(a[0]), n);
+        bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
+        neg = 1;
+        break;
+    case -1:
+    case 0:
+    case 1:
+        zero = 1;
+        break;
+    case 2:
+        bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
+        bn_sub_words(&(r[n]), &(b[0]), &(b[n]), n);
+        neg = 1;
+        break;
+    case 3:
+        zero = 1;
+        break;
+    case 4:
+        bn_sub_words(&(r[0]), &(a[0]), &(a[n]), n);
+        bn_sub_words(&(r[n]), &(b[n]), &(b[0]), n);
+        break;
+    }
+
+    oneg = neg;
+    /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
+    /* r[10] = (a[1]*b[1]) */
 # ifdef BN_MUL_COMBA
-	if (n == 8)
-		{
-		bn_mul_comba8(&(t[0]),&(r[0]),&(r[n]));
-		bn_mul_comba8(r,&(a[n]),&(b[n]));
-		}
-	else
+    if (n == 8) {
+        bn_mul_comba8(&(t[0]), &(r[0]), &(r[n]));
+        bn_mul_comba8(r, &(a[n]), &(b[n]));
+    } else
 # endif
-		{
-		bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2]));
-		bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2]));
-		}
-
-	/* s0 == low(al*bl)
-	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
-	 * We know s0 and s1 so the only unknown is high(al*bl)
-	 * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
-	 * high(al*bl) == s1 - (r[0]+l[0]+t[0])
-	 */
-	if (l != NULL)
-		{
-		lp= &(t[n2+n]);
-		c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n));
-		}
-	else
-		{
-		c1=0;
-		lp= &(r[0]);
-		}
-
-	if (neg)
-		neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n));
-	else
-		{
-		bn_add_words(&(t[n2]),lp,&(t[0]),n);
-		neg=0;
-		}
-
-	if (l != NULL)
-		{
-		bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
-		}
-	else
-		{
-		lp= &(t[n2+n]);
-		mp= &(t[n2]);
-		for (i=0; i<n; i++)
-			lp[i]=((~mp[i])+1)&BN_MASK2;
-		}
-
-	/* s[0] = low(al*bl)
-	 * t[3] = high(al*bl)
-	 * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
-	 * r[10] = (a[1]*b[1])
-	 */
-	/* R[10] = al*bl
-	 * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
-	 * R[32] = ah*bh
-	 */
-	/* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
-	 * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
-	 * R[3]=r[1]+(carry/borrow)
-	 */
-	if (l != NULL)
-		{
-		lp= &(t[n2]);
-		c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n));
-		}
-	else
-		{
-		lp= &(t[n2+n]);
-		c1=0;
-		}
-	c1+=(int)(bn_add_words(&(t[n2]),lp,  &(r[0]),n));
-	if (oneg)
-		c1-=(int)(bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n));
-	else
-		c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n));
-
-	c2 =(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n));
-	c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(r[n]),n));
-	if (oneg)
-		c2-=(int)(bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n));
-	else
-		c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n]),n));
-	
-	if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
-		{
-		i=0;
-		if (c1 > 0)
-			{
-			lc=c1;
-			do	{
-				ll=(r[i]+lc)&BN_MASK2;
-				r[i++]=ll;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		else
-			{
-			lc= -c1;
-			do	{
-				ll=r[i];
-				r[i++]=(ll-lc)&BN_MASK2;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		}
-	if (c2 != 0) /* Add starting at r[1] */
-		{
-		i=n;
-		if (c2 > 0)
-			{
-			lc=c2;
-			do	{
-				ll=(r[i]+lc)&BN_MASK2;
-				r[i++]=ll;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		else
-			{
-			lc= -c2;
-			do	{
-				ll=r[i];
-				r[i++]=(ll-lc)&BN_MASK2;
-				lc=(lc > ll);
-				} while (lc);
-			}
-		}
-	}
-#endif /* BN_RECURSION */
+    {
+        bn_mul_recursive(&(t[0]), &(r[0]), &(r[n]), n, 0, 0, &(t[n2]));
+        bn_mul_recursive(r, &(a[n]), &(b[n]), n, 0, 0, &(t[n2]));
+    }
+
+    /*-
+     * s0 == low(al*bl)
+     * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
+     * We know s0 and s1 so the only unknown is high(al*bl)
+     * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
+     * high(al*bl) == s1 - (r[0]+l[0]+t[0])
+     */
+    if (l != NULL) {
+        lp = &(t[n2 + n]);
+        c1 = (int)(bn_add_words(lp, &(r[0]), &(l[0]), n));
+    } else {
+        c1 = 0;
+        lp = &(r[0]);
+    }
+
+    if (neg)
+        neg = (int)(bn_sub_words(&(t[n2]), lp, &(t[0]), n));
+    else {
+        bn_add_words(&(t[n2]), lp, &(t[0]), n);
+        neg = 0;
+    }
+
+    if (l != NULL) {
+        bn_sub_words(&(t[n2 + n]), &(l[n]), &(t[n2]), n);
+    } else {
+        lp = &(t[n2 + n]);
+        mp = &(t[n2]);
+        for (i = 0; i < n; i++)
+            lp[i] = ((~mp[i]) + 1) & BN_MASK2;
+    }
+
+    /*-
+     * s[0] = low(al*bl)
+     * t[3] = high(al*bl)
+     * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
+     * r[10] = (a[1]*b[1])
+     */
+    /*-
+     * R[10] = al*bl
+     * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
+     * R[32] = ah*bh
+     */
+    /*-
+     * R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
+     * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
+     * R[3]=r[1]+(carry/borrow)
+     */
+    if (l != NULL) {
+        lp = &(t[n2]);
+        c1 = (int)(bn_add_words(lp, &(t[n2 + n]), &(l[0]), n));
+    } else {
+        lp = &(t[n2 + n]);
+        c1 = 0;
+    }
+    c1 += (int)(bn_add_words(&(t[n2]), lp, &(r[0]), n));
+    if (oneg)
+        c1 -= (int)(bn_sub_words(&(t[n2]), &(t[n2]), &(t[0]), n));
+    else
+        c1 += (int)(bn_add_words(&(t[n2]), &(t[n2]), &(t[0]), n));
+
+    c2 = (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n2 + n]), n));
+    c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(r[n]), n));
+    if (oneg)
+        c2 -= (int)(bn_sub_words(&(r[0]), &(r[0]), &(t[n]), n));
+    else
+        c2 += (int)(bn_add_words(&(r[0]), &(r[0]), &(t[n]), n));
+
+    if (c1 != 0) {              /* Add starting at r[0], could be +ve or -ve */
+        i = 0;
+        if (c1 > 0) {
+            lc = c1;
+            do {
+                ll = (r[i] + lc) & BN_MASK2;
+                r[i++] = ll;
+                lc = (lc > ll);
+            } while (lc);
+        } else {
+            lc = -c1;
+            do {
+                ll = r[i];
+                r[i++] = (ll - lc) & BN_MASK2;
+                lc = (lc > ll);
+            } while (lc);
+        }
+    }
+    if (c2 != 0) {              /* Add starting at r[1] */
+        i = n;
+        if (c2 > 0) {
+            lc = c2;
+            do {
+                ll = (r[i] + lc) & BN_MASK2;
+                r[i++] = ll;
+                lc = (lc > ll);
+            } while (lc);
+        } else {
+            lc = -c2;
+            do {
+                ll = r[i];
+                r[i++] = (ll - lc) & BN_MASK2;
+                lc = (lc > ll);
+            } while (lc);
+        }
+    }
+}
+#endif                          /* BN_RECURSION */
 
 int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	int ret=0;
-	int top,al,bl;
-	BIGNUM *rr;
+{
+    int ret = 0;
+    int top, al, bl;
+    BIGNUM *rr;
 #if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
-	int i;
+    int i;
 #endif
 #ifdef BN_RECURSION
-	BIGNUM *t=NULL;
-	int j=0,k;
+    BIGNUM *t = NULL;
+    int j = 0, k;
 #endif
 
 #ifdef BN_COUNT
-	fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top);
+    fprintf(stderr, "BN_mul %d * %d\n", a->top, b->top);
 #endif
 
-	bn_check_top(a);
-	bn_check_top(b);
-	bn_check_top(r);
-
-	al=a->top;
-	bl=b->top;
-
-	if ((al == 0) || (bl == 0))
-		{
-		BN_zero(r);
-		return(1);
-		}
-	top=al+bl;
-
-	BN_CTX_start(ctx);
-	if ((r == a) || (r == b))
-		{
-		if ((rr = BN_CTX_get(ctx)) == NULL) goto err;
-		}
-	else
-		rr = r;
-	rr->neg=a->neg^b->neg;
+    bn_check_top(a);
+    bn_check_top(b);
+    bn_check_top(r);
+
+    al = a->top;
+    bl = b->top;
+
+    if ((al == 0) || (bl == 0)) {
+        BN_zero(r);
+        return (1);
+    }
+    top = al + bl;
+
+    BN_CTX_start(ctx);
+    if ((r == a) || (r == b)) {
+        if ((rr = BN_CTX_get(ctx)) == NULL)
+            goto err;
+    } else
+        rr = r;
+    rr->neg = a->neg ^ b->neg;
 
 #if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
-	i = al-bl;
+    i = al - bl;
 #endif
 #ifdef BN_MUL_COMBA
-	if (i == 0)
-		{
+    if (i == 0) {
 # if 0
-		if (al == 4)
-			{
-			if (bn_wexpand(rr,8) == NULL) goto err;
-			rr->top=8;
-			bn_mul_comba4(rr->d,a->d,b->d);
-			goto end;
-			}
+        if (al == 4) {
+            if (bn_wexpand(rr, 8) == NULL)
+                goto err;
+            rr->top = 8;
+            bn_mul_comba4(rr->d, a->d, b->d);
+            goto end;
+        }
 # endif
-		if (al == 8)
-			{
-			if (bn_wexpand(rr,16) == NULL) goto err;
-			rr->top=16;
-			bn_mul_comba8(rr->d,a->d,b->d);
-			goto end;
-			}
-		}
-#endif /* BN_MUL_COMBA */
+        if (al == 8) {
+            if (bn_wexpand(rr, 16) == NULL)
+                goto err;
+            rr->top = 16;
+            bn_mul_comba8(rr->d, a->d, b->d);
+            goto end;
+        }
+    }
+#endif                          /* BN_MUL_COMBA */
 #ifdef BN_RECURSION
-	if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL))
-		{
-		if (i >= -1 && i <= 1)
-			{
-			/* Find out the power of two lower or equal
-			   to the longest of the two numbers */
-			if (i >= 0)
-				{
-				j = BN_num_bits_word((BN_ULONG)al);
-				}
-			if (i == -1)
-				{
-				j = BN_num_bits_word((BN_ULONG)bl);
-				}
-			j = 1<<(j-1);
-			assert(j <= al || j <= bl);
-			k = j+j;
-			t = BN_CTX_get(ctx);
-			if (t == NULL)
-				goto err;
-			if (al > j || bl > j)
-				{
-				if (bn_wexpand(t,k*4) == NULL) goto err;
-				if (bn_wexpand(rr,k*4) == NULL) goto err;
-				bn_mul_part_recursive(rr->d,a->d,b->d,
-					j,al-j,bl-j,t->d);
-				}
-			else	/* al <= j || bl <= j */
-				{
-				if (bn_wexpand(t,k*2) == NULL) goto err;
-				if (bn_wexpand(rr,k*2) == NULL) goto err;
-				bn_mul_recursive(rr->d,a->d,b->d,
-					j,al-j,bl-j,t->d);
-				}
-			rr->top=top;
-			goto end;
-			}
-#if 0
-		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
-			{
-			BIGNUM *tmp_bn = (BIGNUM *)b;
-			if (bn_wexpand(tmp_bn,al) == NULL) goto err;
-			tmp_bn->d[bl]=0;
-			bl++;
-			i--;
-			}
-		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
-			{
-			BIGNUM *tmp_bn = (BIGNUM *)a;
-			if (bn_wexpand(tmp_bn,bl) == NULL) goto err;
-			tmp_bn->d[al]=0;
-			al++;
-			i++;
-			}
-		if (i == 0)
-			{
-			/* symmetric and > 4 */
-			/* 16 or larger */
-			j=BN_num_bits_word((BN_ULONG)al);
-			j=1<<(j-1);
-			k=j+j;
-			t = BN_CTX_get(ctx);
-			if (al == j) /* exact multiple */
-				{
-				if (bn_wexpand(t,k*2) == NULL) goto err;
-				if (bn_wexpand(rr,k*2) == NULL) goto err;
-				bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
-				}
-			else
-				{
-				if (bn_wexpand(t,k*4) == NULL) goto err;
-				if (bn_wexpand(rr,k*4) == NULL) goto err;
-				bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d);
-				}
-			rr->top=top;
-			goto end;
-			}
-#endif
-		}
-#endif /* BN_RECURSION */
-	if (bn_wexpand(rr,top) == NULL) goto err;
-	rr->top=top;
-	bn_mul_normal(rr->d,a->d,al,b->d,bl);
+    if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) {
+        if (i >= -1 && i <= 1) {
+            /*
+             * Find out the power of two lower or equal to the longest of the
+             * two numbers
+             */
+            if (i >= 0) {
+                j = BN_num_bits_word((BN_ULONG)al);
+            }
+            if (i == -1) {
+                j = BN_num_bits_word((BN_ULONG)bl);
+            }
+            j = 1 << (j - 1);
+            assert(j <= al || j <= bl);
+            k = j + j;
+            t = BN_CTX_get(ctx);
+            if (t == NULL)
+                goto err;
+            if (al > j || bl > j) {
+                if (bn_wexpand(t, k * 4) == NULL)
+                    goto err;
+                if (bn_wexpand(rr, k * 4) == NULL)
+                    goto err;
+                bn_mul_part_recursive(rr->d, a->d, b->d,
+                                      j, al - j, bl - j, t->d);
+            } else {            /* al <= j || bl <= j */
+
+                if (bn_wexpand(t, k * 2) == NULL)
+                    goto err;
+                if (bn_wexpand(rr, k * 2) == NULL)
+                    goto err;
+                bn_mul_recursive(rr->d, a->d, b->d, j, al - j, bl - j, t->d);
+            }
+            rr->top = top;
+            goto end;
+        }
+# if 0
+        if (i == 1 && !BN_get_flags(b, BN_FLG_STATIC_DATA)) {
+            BIGNUM *tmp_bn = (BIGNUM *)b;
+            if (bn_wexpand(tmp_bn, al) == NULL)
+                goto err;
+            tmp_bn->d[bl] = 0;
+            bl++;
+            i--;
+        } else if (i == -1 && !BN_get_flags(a, BN_FLG_STATIC_DATA)) {
+            BIGNUM *tmp_bn = (BIGNUM *)a;
+            if (bn_wexpand(tmp_bn, bl) == NULL)
+                goto err;
+            tmp_bn->d[al] = 0;
+            al++;
+            i++;
+        }
+        if (i == 0) {
+            /* symmetric and > 4 */
+            /* 16 or larger */
+            j = BN_num_bits_word((BN_ULONG)al);
+            j = 1 << (j - 1);
+            k = j + j;
+            t = BN_CTX_get(ctx);
+            if (al == j) {      /* exact multiple */
+                if (bn_wexpand(t, k * 2) == NULL)
+                    goto err;
+                if (bn_wexpand(rr, k * 2) == NULL)
+                    goto err;
+                bn_mul_recursive(rr->d, a->d, b->d, al, t->d);
+            } else {
+                if (bn_wexpand(t, k * 4) == NULL)
+                    goto err;
+                if (bn_wexpand(rr, k * 4) == NULL)
+                    goto err;
+                bn_mul_part_recursive(rr->d, a->d, b->d, al - j, j, t->d);
+            }
+            rr->top = top;
+            goto end;
+        }
+# endif
+    }
+#endif                          /* BN_RECURSION */
+    if (bn_wexpand(rr, top) == NULL)
+        goto err;
+    rr->top = top;
+    bn_mul_normal(rr->d, a->d, al, b->d, bl);
 
 #if defined(BN_MUL_COMBA) || defined(BN_RECURSION)
-end:
+ end:
 #endif
-	bn_correct_top(rr);
-	if (r != rr) BN_copy(r,rr);
-	ret=1;
-err:
-	bn_check_top(r);
-	BN_CTX_end(ctx);
-	return(ret);
-	}
+    bn_correct_top(rr);
+    if (r != rr)
+        BN_copy(r, rr);
+    ret = 1;
+ err:
+    bn_check_top(r);
+    BN_CTX_end(ctx);
+    return (ret);
+}
 
 void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
-	{
-	BN_ULONG *rr;
+{
+    BN_ULONG *rr;
 
 #ifdef BN_COUNT
-	fprintf(stderr," bn_mul_normal %d * %d\n",na,nb);
+    fprintf(stderr, " bn_mul_normal %d * %d\n", na, nb);
 #endif
 
-	if (na < nb)
-		{
-		int itmp;
-		BN_ULONG *ltmp;
-
-		itmp=na; na=nb; nb=itmp;
-		ltmp=a;   a=b;   b=ltmp;
-
-		}
-	rr= &(r[na]);
-	if (nb <= 0)
-		{
-		(void)bn_mul_words(r,a,na,0);
-		return;
-		}
-	else
-		rr[0]=bn_mul_words(r,a,na,b[0]);
-
-	for (;;)
-		{
-		if (--nb <= 0) return;
-		rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
-		if (--nb <= 0) return;
-		rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
-		if (--nb <= 0) return;
-		rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
-		if (--nb <= 0) return;
-		rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
-		rr+=4;
-		r+=4;
-		b+=4;
-		}
-	}
+    if (na < nb) {
+        int itmp;
+        BN_ULONG *ltmp;
+
+        itmp = na;
+        na = nb;
+        nb = itmp;
+        ltmp = a;
+        a = b;
+        b = ltmp;
+
+    }
+    rr = &(r[na]);
+    if (nb <= 0) {
+        (void)bn_mul_words(r, a, na, 0);
+        return;
+    } else
+        rr[0] = bn_mul_words(r, a, na, b[0]);
+
+    for (;;) {
+        if (--nb <= 0)
+            return;
+        rr[1] = bn_mul_add_words(&(r[1]), a, na, b[1]);
+        if (--nb <= 0)
+            return;
+        rr[2] = bn_mul_add_words(&(r[2]), a, na, b[2]);
+        if (--nb <= 0)
+            return;
+        rr[3] = bn_mul_add_words(&(r[3]), a, na, b[3]);
+        if (--nb <= 0)
+            return;
+        rr[4] = bn_mul_add_words(&(r[4]), a, na, b[4]);
+        rr += 4;
+        r += 4;
+        b += 4;
+    }
+}
 
 void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
-	{
+{
 #ifdef BN_COUNT
-	fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n);
+    fprintf(stderr, " bn_mul_low_normal %d * %d\n", n, n);
 #endif
-	bn_mul_words(r,a,n,b[0]);
-
-	for (;;)
-		{
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[1]),a,n,b[1]);
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[2]),a,n,b[2]);
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[3]),a,n,b[3]);
-		if (--n <= 0) return;
-		bn_mul_add_words(&(r[4]),a,n,b[4]);
-		r+=4;
-		b+=4;
-		}
-	}
+    bn_mul_words(r, a, n, b[0]);
+
+    for (;;) {
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[1]), a, n, b[1]);
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[2]), a, n, b[2]);
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[3]), a, n, b[3]);
+        if (--n <= 0)
+            return;
+        bn_mul_add_words(&(r[4]), a, n, b[4]);
+        r += 4;
+        b += 4;
+    }
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c
index 2ca5b013..66b2eb6f 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -59,778 +59,817 @@
 #include "bn_lcl.h"
 #include "cryptlib.h"
 
-
-#define BN_NIST_192_TOP	(192+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_224_TOP	(224+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_256_TOP	(256+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_384_TOP	(384+BN_BITS2-1)/BN_BITS2
-#define BN_NIST_521_TOP	(521+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_192_TOP (192+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_224_TOP (224+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_256_TOP (256+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_384_TOP (384+BN_BITS2-1)/BN_BITS2
+#define BN_NIST_521_TOP (521+BN_BITS2-1)/BN_BITS2
 
 /* pre-computed tables are "carry-less" values of modulus*(i+1) */
 #if BN_BITS2 == 64
 static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
-	{0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFFULL},
-	{0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL},
-	{0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFCULL,0xFFFFFFFFFFFFFFFFULL}
-	};
+    {0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFCULL, 0xFFFFFFFFFFFFFFFFULL}
+};
+
 static const BN_ULONG _nist_p_192_sqr[] = {
-	0x0000000000000001ULL,0x0000000000000002ULL,0x0000000000000001ULL,
-	0xFFFFFFFFFFFFFFFEULL,0xFFFFFFFFFFFFFFFDULL,0xFFFFFFFFFFFFFFFFULL
-	};
+    0x0000000000000001ULL, 0x0000000000000002ULL, 0x0000000000000001ULL,
+    0xFFFFFFFFFFFFFFFEULL, 0xFFFFFFFFFFFFFFFDULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
 static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
-	{0x0000000000000001ULL,0xFFFFFFFF00000000ULL,
-	 0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL},
-	{0x0000000000000002ULL,0xFFFFFFFE00000000ULL,
-	 0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFFULL} /* this one is "carry-full" */
-	};
+    {0x0000000000000001ULL, 0xFFFFFFFF00000000ULL,
+     0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL},
+    {0x0000000000000002ULL, 0xFFFFFFFE00000000ULL,
+     0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFFULL} /* this one is
+                                                    * "carry-full" */
+};
+
 static const BN_ULONG _nist_p_224_sqr[] = {
-	0x0000000000000001ULL,0xFFFFFFFE00000000ULL,
-	0xFFFFFFFFFFFFFFFFULL,0x0000000200000000ULL,
-	0x0000000000000000ULL,0xFFFFFFFFFFFFFFFEULL,
-	0xFFFFFFFFFFFFFFFFULL
-	};
+    0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,
+    0xFFFFFFFFFFFFFFFFULL, 0x0000000200000000ULL,
+    0x0000000000000000ULL, 0xFFFFFFFFFFFFFFFEULL,
+    0xFFFFFFFFFFFFFFFFULL
+};
+
 static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
-	{0xFFFFFFFFFFFFFFFFULL,0x00000000FFFFFFFFULL,
-	 0x0000000000000000ULL,0xFFFFFFFF00000001ULL},
-	{0xFFFFFFFFFFFFFFFEULL,0x00000001FFFFFFFFULL,
-	 0x0000000000000000ULL,0xFFFFFFFE00000002ULL},
-	{0xFFFFFFFFFFFFFFFDULL,0x00000002FFFFFFFFULL,
-	 0x0000000000000000ULL,0xFFFFFFFD00000003ULL},
-	{0xFFFFFFFFFFFFFFFCULL,0x00000003FFFFFFFFULL,
-	 0x0000000000000000ULL,0xFFFFFFFC00000004ULL},
-	{0xFFFFFFFFFFFFFFFBULL,0x00000004FFFFFFFFULL,
-	 0x0000000000000000ULL,0xFFFFFFFB00000005ULL},
-	};
+    {0xFFFFFFFFFFFFFFFFULL, 0x00000000FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFF00000001ULL},
+    {0xFFFFFFFFFFFFFFFEULL, 0x00000001FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFE00000002ULL},
+    {0xFFFFFFFFFFFFFFFDULL, 0x00000002FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFD00000003ULL},
+    {0xFFFFFFFFFFFFFFFCULL, 0x00000003FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFC00000004ULL},
+    {0xFFFFFFFFFFFFFFFBULL, 0x00000004FFFFFFFFULL,
+     0x0000000000000000ULL, 0xFFFFFFFB00000005ULL},
+};
+
 static const BN_ULONG _nist_p_256_sqr[] = {
-	0x0000000000000001ULL,0xFFFFFFFE00000000ULL,
-	0xFFFFFFFFFFFFFFFFULL,0x00000001FFFFFFFEULL,
-	0x00000001FFFFFFFEULL,0x00000001FFFFFFFEULL,
-	0xFFFFFFFE00000001ULL,0xFFFFFFFE00000002ULL
-	};
+    0x0000000000000001ULL, 0xFFFFFFFE00000000ULL,
+    0xFFFFFFFFFFFFFFFFULL, 0x00000001FFFFFFFEULL,
+    0x00000001FFFFFFFEULL, 0x00000001FFFFFFFEULL,
+    0xFFFFFFFE00000001ULL, 0xFFFFFFFE00000002ULL
+};
+
 static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
-	{0x00000000FFFFFFFFULL,0xFFFFFFFF00000000ULL,0xFFFFFFFFFFFFFFFEULL,
-	 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
-	{0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL,
-	 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
-	{0x00000002FFFFFFFDULL,0xFFFFFFFD00000000ULL,0xFFFFFFFFFFFFFFFCULL,
-	 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
-	{0x00000003FFFFFFFCULL,0xFFFFFFFC00000000ULL,0xFFFFFFFFFFFFFFFBULL,
-	 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
-	{0x00000004FFFFFFFBULL,0xFFFFFFFB00000000ULL,0xFFFFFFFFFFFFFFFAULL,
-	 0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL},
-	};
+    {0x00000000FFFFFFFFULL, 0xFFFFFFFF00000000ULL, 0xFFFFFFFFFFFFFFFEULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000002FFFFFFFDULL, 0xFFFFFFFD00000000ULL, 0xFFFFFFFFFFFFFFFCULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000003FFFFFFFCULL, 0xFFFFFFFC00000000ULL, 0xFFFFFFFFFFFFFFFBULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+    {0x00000004FFFFFFFBULL, 0xFFFFFFFB00000000ULL, 0xFFFFFFFFFFFFFFFAULL,
+     0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL},
+};
+
 static const BN_ULONG _nist_p_384_sqr[] = {
-	0xFFFFFFFE00000001ULL,0x0000000200000000ULL,0xFFFFFFFE00000000ULL,
-	0x0000000200000000ULL,0x0000000000000001ULL,0x0000000000000000ULL,
-	0x00000001FFFFFFFEULL,0xFFFFFFFE00000000ULL,0xFFFFFFFFFFFFFFFDULL,
-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL
-	};
+    0xFFFFFFFE00000001ULL, 0x0000000200000000ULL, 0xFFFFFFFE00000000ULL,
+    0x0000000200000000ULL, 0x0000000000000001ULL, 0x0000000000000000ULL,
+    0x00000001FFFFFFFEULL, 0xFFFFFFFE00000000ULL, 0xFFFFFFFFFFFFFFFDULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL
+};
+
 static const BN_ULONG _nist_p_521[] =
-	{0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
-	0x00000000000001FFULL};
+    { 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0x00000000000001FFULL
+};
+
 static const BN_ULONG _nist_p_521_sqr[] = {
-	0x0000000000000001ULL,0x0000000000000000ULL,0x0000000000000000ULL,
-	0x0000000000000000ULL,0x0000000000000000ULL,0x0000000000000000ULL,
-	0x0000000000000000ULL,0x0000000000000000ULL,0xFFFFFFFFFFFFFC00ULL,
-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
-	0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,0xFFFFFFFFFFFFFFFFULL,
-	0xFFFFFFFFFFFFFFFFULL,0x000000000003FFFFULL
-	};
+    0x0000000000000001ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,
+    0x0000000000000000ULL, 0x0000000000000000ULL, 0x0000000000000000ULL,
+    0x0000000000000000ULL, 0x0000000000000000ULL, 0xFFFFFFFFFFFFFC00ULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL, 0xFFFFFFFFFFFFFFFFULL,
+    0xFFFFFFFFFFFFFFFFULL, 0x000000000003FFFFULL
+};
 #elif BN_BITS2 == 32
 static const BN_ULONG _nist_p_192[][BN_NIST_192_TOP] = {
-	{0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	{0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	{0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}
-	};
+    {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}
+};
+
 static const BN_ULONG _nist_p_192_sqr[] = {
-	0x00000001,0x00000000,0x00000002,0x00000000,0x00000001,0x00000000,
-	0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF
-	};
+    0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001, 0x00000000,
+    0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
 static const BN_ULONG _nist_p_224[][BN_NIST_224_TOP] = {
-	{0x00000001,0x00000000,0x00000000,0xFFFFFFFF,
-	 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	{0x00000002,0x00000000,0x00000000,0xFFFFFFFE,
-	 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF}
-	};
+    {0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF}
+};
+
 static const BN_ULONG _nist_p_224_sqr[] = {
-	0x00000001,0x00000000,0x00000000,0xFFFFFFFE,
-	0xFFFFFFFF,0xFFFFFFFF,0x00000000,0x00000002,
-	0x00000000,0x00000000,0xFFFFFFFE,0xFFFFFFFF,
-	0xFFFFFFFF,0xFFFFFFFF
-	};
+    0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,
+    0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000002,
+    0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF
+};
+
 static const BN_ULONG _nist_p_256[][BN_NIST_256_TOP] = {
-	{0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0x00000000,
-	 0x00000000,0x00000000,0x00000001,0xFFFFFFFF},
-	{0xFFFFFFFE,0xFFFFFFFF,0xFFFFFFFF,0x00000001,
-	 0x00000000,0x00000000,0x00000002,0xFFFFFFFE},
-	{0xFFFFFFFD,0xFFFFFFFF,0xFFFFFFFF,0x00000002,
-	 0x00000000,0x00000000,0x00000003,0xFFFFFFFD},
-	{0xFFFFFFFC,0xFFFFFFFF,0xFFFFFFFF,0x00000003,
-	 0x00000000,0x00000000,0x00000004,0xFFFFFFFC},
-	{0xFFFFFFFB,0xFFFFFFFF,0xFFFFFFFF,0x00000004,
-	 0x00000000,0x00000000,0x00000005,0xFFFFFFFB},
-	};
+    {0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000,
+     0x00000000, 0x00000000, 0x00000001, 0xFFFFFFFF},
+    {0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001,
+     0x00000000, 0x00000000, 0x00000002, 0xFFFFFFFE},
+    {0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000002,
+     0x00000000, 0x00000000, 0x00000003, 0xFFFFFFFD},
+    {0xFFFFFFFC, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000003,
+     0x00000000, 0x00000000, 0x00000004, 0xFFFFFFFC},
+    {0xFFFFFFFB, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000004,
+     0x00000000, 0x00000000, 0x00000005, 0xFFFFFFFB},
+};
+
 static const BN_ULONG _nist_p_256_sqr[] = {
-	0x00000001,0x00000000,0x00000000,0xFFFFFFFE,
-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFE,0x00000001,
-	0xFFFFFFFE,0x00000001,0xFFFFFFFE,0x00000001,
-	0x00000001,0xFFFFFFFE,0x00000002,0xFFFFFFFE
-	};
+    0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0x00000001,
+    0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001,
+    0x00000001, 0xFFFFFFFE, 0x00000002, 0xFFFFFFFE
+};
+
 static const BN_ULONG _nist_p_384[][BN_NIST_384_TOP] = {
-	{0xFFFFFFFF,0x00000000,0x00000000,0xFFFFFFFF,0xFFFFFFFE,0xFFFFFFFF,
-	 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	{0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF,
-	 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	{0xFFFFFFFD,0x00000002,0x00000000,0xFFFFFFFD,0xFFFFFFFC,0xFFFFFFFF,
-	 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	{0xFFFFFFFC,0x00000003,0x00000000,0xFFFFFFFC,0xFFFFFFFB,0xFFFFFFFF,
-	 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	{0xFFFFFFFB,0x00000004,0x00000000,0xFFFFFFFB,0xFFFFFFFA,0xFFFFFFFF,
-	 0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF},
-	};
+    {0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFD, 0x00000002, 0x00000000, 0xFFFFFFFD, 0xFFFFFFFC, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFC, 0x00000003, 0x00000000, 0xFFFFFFFC, 0xFFFFFFFB, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+    {0xFFFFFFFB, 0x00000004, 0x00000000, 0xFFFFFFFB, 0xFFFFFFFA, 0xFFFFFFFF,
+     0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF},
+};
+
 static const BN_ULONG _nist_p_384_sqr[] = {
-	0x00000001,0xFFFFFFFE,0x00000000,0x00000002,0x00000000,0xFFFFFFFE,
-	0x00000000,0x00000002,0x00000001,0x00000000,0x00000000,0x00000000,
-	0xFFFFFFFE,0x00000001,0x00000000,0xFFFFFFFE,0xFFFFFFFD,0xFFFFFFFF,
-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF
-	};
-static const BN_ULONG _nist_p_521[] = {0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
-	0xFFFFFFFF,0x000001FF};
+    0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE,
+    0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000,
+    0xFFFFFFFE, 0x00000001, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
+};
+
+static const BN_ULONG _nist_p_521[] = { 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0x000001FF
+};
+
 static const BN_ULONG _nist_p_521_sqr[] = {
-	0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
-	0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,
-	0x00000000,0x00000000,0x00000000,0x00000000,0xFFFFFC00,0xFFFFFFFF,
-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
-	0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,
-	0xFFFFFFFF,0xFFFFFFFF,0x0003FFFF
-	};
+    0x00000001, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000, 0x00000000,
+    0x00000000, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFC00, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
+    0xFFFFFFFF, 0xFFFFFFFF, 0x0003FFFF
+};
 #else
-#error "unsupported BN_BITS2"
+# error "unsupported BN_BITS2"
 #endif
 
-
-static const BIGNUM _bignum_nist_p_192 =
-	{
-	(BN_ULONG *)_nist_p_192[0],
-	BN_NIST_192_TOP,
-	BN_NIST_192_TOP,
-	0,
-	BN_FLG_STATIC_DATA
-	};
-
-static const BIGNUM _bignum_nist_p_224 =
-	{
-	(BN_ULONG *)_nist_p_224[0],
-	BN_NIST_224_TOP,
-	BN_NIST_224_TOP,
-	0,
-	BN_FLG_STATIC_DATA
-	};
-
-static const BIGNUM _bignum_nist_p_256 =
-	{
-	(BN_ULONG *)_nist_p_256[0],
-	BN_NIST_256_TOP,
-	BN_NIST_256_TOP,
-	0,
-	BN_FLG_STATIC_DATA
-	};
-
-static const BIGNUM _bignum_nist_p_384 =
-	{
-	(BN_ULONG *)_nist_p_384[0],
-	BN_NIST_384_TOP,
-	BN_NIST_384_TOP,
-	0,
-	BN_FLG_STATIC_DATA
-	};
-
-static const BIGNUM _bignum_nist_p_521 =
-	{
-	(BN_ULONG *)_nist_p_521,
-	BN_NIST_521_TOP,
-	BN_NIST_521_TOP,
-	0,
-	BN_FLG_STATIC_DATA
-	};
-
+static const BIGNUM _bignum_nist_p_192 = {
+    (BN_ULONG *)_nist_p_192[0],
+    BN_NIST_192_TOP,
+    BN_NIST_192_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_224 = {
+    (BN_ULONG *)_nist_p_224[0],
+    BN_NIST_224_TOP,
+    BN_NIST_224_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_256 = {
+    (BN_ULONG *)_nist_p_256[0],
+    BN_NIST_256_TOP,
+    BN_NIST_256_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_384 = {
+    (BN_ULONG *)_nist_p_384[0],
+    BN_NIST_384_TOP,
+    BN_NIST_384_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
+
+static const BIGNUM _bignum_nist_p_521 = {
+    (BN_ULONG *)_nist_p_521,
+    BN_NIST_521_TOP,
+    BN_NIST_521_TOP,
+    0,
+    BN_FLG_STATIC_DATA
+};
 
 const BIGNUM *BN_get0_nist_prime_192(void)
-	{
-	return &_bignum_nist_p_192;
-	}
+{
+    return &_bignum_nist_p_192;
+}
 
 const BIGNUM *BN_get0_nist_prime_224(void)
-	{
-	return &_bignum_nist_p_224;
-	}
+{
+    return &_bignum_nist_p_224;
+}
 
 const BIGNUM *BN_get0_nist_prime_256(void)
-	{
-	return &_bignum_nist_p_256;
-	}
+{
+    return &_bignum_nist_p_256;
+}
 
 const BIGNUM *BN_get0_nist_prime_384(void)
-	{
-	return &_bignum_nist_p_384;
-	}
+{
+    return &_bignum_nist_p_384;
+}
 
 const BIGNUM *BN_get0_nist_prime_521(void)
-	{
-	return &_bignum_nist_p_521;
-	}
-
+{
+    return &_bignum_nist_p_521;
+}
 
 static void nist_cp_bn_0(BN_ULONG *buf, BN_ULONG *a, int top, int max)
-	{
-	int i;
-	BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
+{
+    int i;
+    BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
 
 #ifdef BN_DEBUG
-	OPENSSL_assert(top <= max);
+    OPENSSL_assert(top <= max);
 #endif
-	for (i = (top); i != 0; i--)
-		*_tmp1++ = *_tmp2++;
-	for (i = (max) - (top); i != 0; i--)
-		*_tmp1++ = (BN_ULONG) 0;
-	}
+    for (i = (top); i != 0; i--)
+        *_tmp1++ = *_tmp2++;
+    for (i = (max) - (top); i != 0; i--)
+        *_tmp1++ = (BN_ULONG)0;
+}
 
 static void nist_cp_bn(BN_ULONG *buf, BN_ULONG *a, int top)
-	{ 
-	int i;
-	BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
-	for (i = (top); i != 0; i--)
-		*_tmp1++ = *_tmp2++;
-	}
+{
+    int i;
+    BN_ULONG *_tmp1 = (buf), *_tmp2 = (a);
+    for (i = (top); i != 0; i--)
+        *_tmp1++ = *_tmp2++;
+}
 
 #if BN_BITS2 == 64
-#define bn_cp_64(to, n, from, m)	(to)[n] = (m>=0)?((from)[m]):0;
-#define bn_64_set_0(to, n)		(to)[n] = (BN_ULONG)0;
+# define bn_cp_64(to, n, from, m)        (to)[n] = (m>=0)?((from)[m]):0;
+# define bn_64_set_0(to, n)              (to)[n] = (BN_ULONG)0;
 /*
  * two following macros are implemented under assumption that they
  * are called in a sequence with *ascending* n, i.e. as they are...
  */
-#define bn_cp_32_naked(to, n, from, m)	(((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\
-						:(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l)))
-#define bn_32_set_0(to, n)		(((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0));
-#define bn_cp_32(to,n,from,m)		((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n)
+# define bn_cp_32_naked(to, n, from, m)  (((n)&1)?(to[(n)/2]|=((m)&1)?(from[(m)/2]&BN_MASK2h):(from[(m)/2]<<32))\
+                                                :(to[(n)/2] =((m)&1)?(from[(m)/2]>>32):(from[(m)/2]&BN_MASK2l)))
+# define bn_32_set_0(to, n)              (((n)&1)?(to[(n)/2]&=BN_MASK2l):(to[(n)/2]=0));
+# define bn_cp_32(to,n,from,m)           ((m)>=0)?bn_cp_32_naked(to,n,from,m):bn_32_set_0(to,n)
 #else
-#define bn_cp_64(to, n, from, m) \
-	{ \
-	bn_cp_32(to, (n)*2, from, (m)*2); \
-	bn_cp_32(to, (n)*2+1, from, (m)*2+1); \
-	}
-#define bn_64_set_0(to, n) \
-	{ \
-	bn_32_set_0(to, (n)*2); \
-	bn_32_set_0(to, (n)*2+1); \
-	}
-#if BN_BITS2 == 32
-#define bn_cp_32(to, n, from, m)	(to)[n] = (m>=0)?((from)[m]):0;
-#define bn_32_set_0(to, n)		(to)[n] = (BN_ULONG)0;
-#endif
-#endif /* BN_BITS2 != 64 */
-
+# define bn_cp_64(to, n, from, m) \
+        { \
+        bn_cp_32(to, (n)*2, from, (m)*2); \
+        bn_cp_32(to, (n)*2+1, from, (m)*2+1); \
+        }
+# define bn_64_set_0(to, n) \
+        { \
+        bn_32_set_0(to, (n)*2); \
+        bn_32_set_0(to, (n)*2+1); \
+        }
+# if BN_BITS2 == 32
+#  define bn_cp_32(to, n, from, m)        (to)[n] = (m>=0)?((from)[m]):0;
+#  define bn_32_set_0(to, n)              (to)[n] = (BN_ULONG)0;
+# endif
+#endif                          /* BN_BITS2 != 64 */
 
 #define nist_set_192(to, from, a1, a2, a3) \
-	{ \
-	bn_cp_64(to, 0, from, (a3) - 3) \
-	bn_cp_64(to, 1, from, (a2) - 3) \
-	bn_cp_64(to, 2, from, (a1) - 3) \
-	}
+        { \
+        bn_cp_64(to, 0, from, (a3) - 3) \
+        bn_cp_64(to, 1, from, (a2) - 3) \
+        bn_cp_64(to, 2, from, (a1) - 3) \
+        }
 
 int BN_nist_mod_192(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
-	BN_CTX *ctx)
-	{
-	int      top = a->top, i;
-	int      carry;
-	register BN_ULONG *r_d, *a_d = a->d;
-	BN_ULONG t_d[BN_NIST_192_TOP],
-	         buf[BN_NIST_192_TOP],
-		 c_d[BN_NIST_192_TOP],
-		*res;
-	size_t   mask;
-	static const BIGNUM _bignum_nist_p_192_sqr = {
-		(BN_ULONG *)_nist_p_192_sqr,
-		sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
-		sizeof(_nist_p_192_sqr)/sizeof(_nist_p_192_sqr[0]),
-		0,BN_FLG_STATIC_DATA };
-
-	field = &_bignum_nist_p_192; /* just to make sure */
-
- 	if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_192_sqr)>=0)
-		return BN_nnmod(r, a, field, ctx);
-
-	i = BN_ucmp(field, a);
-	if (i == 0)
-		{
-		BN_zero(r);
-		return 1;
-		}
-	else if (i > 0)
-		return (r == a) ? 1 : (BN_copy(r ,a) != NULL);
-
-	if (r != a)
-		{
-		if (!bn_wexpand(r, BN_NIST_192_TOP))
-			return 0;
-		r_d = r->d;
-		nist_cp_bn(r_d, a_d, BN_NIST_192_TOP);
-		}
-	else
-		r_d = a_d;
-
-	nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP, BN_NIST_192_TOP);
-
-	nist_set_192(t_d, buf, 0, 3, 3);
-	carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
-	nist_set_192(t_d, buf, 4, 4, 0);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
-	nist_set_192(t_d, buf, 5, 5, 5)
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
-
-	if (carry > 0)
-		carry = (int)bn_sub_words(r_d,r_d,_nist_p_192[carry-1],BN_NIST_192_TOP);
-	else
-		carry = 1;
-
-	/*
-	 * we need 'if (carry==0 || result>=modulus) result-=modulus;'
-	 * as comparison implies subtraction, we can write
-	 * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
-	 * this is what happens below, but without explicit if:-) a.
-	 */
-	mask  = 0-(size_t)bn_sub_words(c_d,r_d,_nist_p_192[0],BN_NIST_192_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
-	nist_cp_bn(r_d, res, BN_NIST_192_TOP);
-	r->top = BN_NIST_192_TOP;
-	bn_correct_top(r);
-
-	return 1;
-	}
-
-typedef BN_ULONG (*bn_addsub_f)(BN_ULONG *,const BN_ULONG *,const BN_ULONG *,int);
+                    BN_CTX *ctx)
+{
+    int top = a->top, i;
+    int carry;
+    register BN_ULONG *r_d, *a_d = a->d;
+    BN_ULONG t_d[BN_NIST_192_TOP],
+        buf[BN_NIST_192_TOP], c_d[BN_NIST_192_TOP], *res;
+    size_t mask;
+    static const BIGNUM _bignum_nist_p_192_sqr = {
+        (BN_ULONG *)_nist_p_192_sqr,
+        sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]),
+        sizeof(_nist_p_192_sqr) / sizeof(_nist_p_192_sqr[0]),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_192; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_192_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_192_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_192_TOP);
+    } else
+        r_d = a_d;
+
+    nist_cp_bn_0(buf, a_d + BN_NIST_192_TOP, top - BN_NIST_192_TOP,
+                 BN_NIST_192_TOP);
+
+    nist_set_192(t_d, buf, 0, 3, 3);
+    carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+    nist_set_192(t_d, buf, 4, 4, 0);
+    carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+    nist_set_192(t_d, buf, 5, 5, 5)
+        carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_192_TOP);
+
+    if (carry > 0)
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_192[carry - 1],
+                              BN_NIST_192_TOP);
+    else
+        carry = 1;
+
+    /*
+     * we need 'if (carry==0 || result>=modulus) result-=modulus;'
+     * as comparison implies subtraction, we can write
+     * 'tmp=result-modulus; if (!carry || !borrow) result=tmp;'
+     * this is what happens below, but without explicit if:-) a.
+     */
+    mask =
+        0 - (size_t)bn_sub_words(c_d, r_d, _nist_p_192[0], BN_NIST_192_TOP);
+    mask &= 0 - (size_t)carry;
+    res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_192_TOP);
+    r->top = BN_NIST_192_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+typedef BN_ULONG (*bn_addsub_f) (BN_ULONG *, const BN_ULONG *,
+                                 const BN_ULONG *, int);
 
 #define nist_set_224(to, from, a1, a2, a3, a4, a5, a6, a7) \
-	{ \
-	bn_cp_32(to, 0, from, (a7) - 7) \
-	bn_cp_32(to, 1, from, (a6) - 7) \
-	bn_cp_32(to, 2, from, (a5) - 7) \
-	bn_cp_32(to, 3, from, (a4) - 7) \
-	bn_cp_32(to, 4, from, (a3) - 7) \
-	bn_cp_32(to, 5, from, (a2) - 7) \
-	bn_cp_32(to, 6, from, (a1) - 7) \
-	}
+        { \
+        bn_cp_32(to, 0, from, (a7) - 7) \
+        bn_cp_32(to, 1, from, (a6) - 7) \
+        bn_cp_32(to, 2, from, (a5) - 7) \
+        bn_cp_32(to, 3, from, (a4) - 7) \
+        bn_cp_32(to, 4, from, (a3) - 7) \
+        bn_cp_32(to, 5, from, (a2) - 7) \
+        bn_cp_32(to, 6, from, (a1) - 7) \
+        }
 
 int BN_nist_mod_224(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
-	BN_CTX *ctx)
-	{
-	int	top = a->top, i;
-	int	carry;
-	BN_ULONG *r_d, *a_d = a->d;
-	BN_ULONG t_d[BN_NIST_224_TOP],
-	         buf[BN_NIST_224_TOP],
-		 c_d[BN_NIST_224_TOP],
-		*res;
-	size_t   mask;
-	union { bn_addsub_f f; size_t p; } u;
-	static const BIGNUM _bignum_nist_p_224_sqr = {
-		(BN_ULONG *)_nist_p_224_sqr,
-		sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
-		sizeof(_nist_p_224_sqr)/sizeof(_nist_p_224_sqr[0]),
-		0,BN_FLG_STATIC_DATA };
-
-
-	field = &_bignum_nist_p_224; /* just to make sure */
-
- 	if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_224_sqr)>=0)
-		return BN_nnmod(r, a, field, ctx);
-
-	i = BN_ucmp(field, a);
-	if (i == 0)
-		{
-		BN_zero(r);
-		return 1;
-		}
-	else if (i > 0)
-		return (r == a)? 1 : (BN_copy(r ,a) != NULL);
-
-	if (r != a)
-		{
-		if (!bn_wexpand(r, BN_NIST_224_TOP))
-			return 0;
-		r_d = r->d;
-		nist_cp_bn(r_d, a_d, BN_NIST_224_TOP);
-		}
-	else
-		r_d = a_d;
+                    BN_CTX *ctx)
+{
+    int top = a->top, i;
+    int carry;
+    BN_ULONG *r_d, *a_d = a->d;
+    BN_ULONG t_d[BN_NIST_224_TOP],
+        buf[BN_NIST_224_TOP], c_d[BN_NIST_224_TOP], *res;
+    size_t mask;
+    union {
+        bn_addsub_f f;
+        size_t p;
+    } u;
+    static const BIGNUM _bignum_nist_p_224_sqr = {
+        (BN_ULONG *)_nist_p_224_sqr,
+        sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]),
+        sizeof(_nist_p_224_sqr) / sizeof(_nist_p_224_sqr[0]),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_224; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_224_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_224_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_224_TOP);
+    } else
+        r_d = a_d;
 
 #if BN_BITS2==64
-	/* copy upper 256 bits of 448 bit number ... */
-	nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP-1), top - (BN_NIST_224_TOP-1), BN_NIST_224_TOP);
-	/* ... and right shift by 32 to obtain upper 224 bits */
-	nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8);
-	/* truncate lower part to 224 bits too */
-	r_d[BN_NIST_224_TOP-1] &= BN_MASK2l;
+    /* copy upper 256 bits of 448 bit number ... */
+    nist_cp_bn_0(t_d, a_d + (BN_NIST_224_TOP - 1),
+                 top - (BN_NIST_224_TOP - 1), BN_NIST_224_TOP);
+    /* ... and right shift by 32 to obtain upper 224 bits */
+    nist_set_224(buf, t_d, 14, 13, 12, 11, 10, 9, 8);
+    /* truncate lower part to 224 bits too */
+    r_d[BN_NIST_224_TOP - 1] &= BN_MASK2l;
 #else
-	nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP, BN_NIST_224_TOP);
+    nist_cp_bn_0(buf, a_d + BN_NIST_224_TOP, top - BN_NIST_224_TOP,
+                 BN_NIST_224_TOP);
 #endif
-	nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
-	carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-	nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-	nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
-	nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+    nist_set_224(t_d, buf, 10, 9, 8, 7, 0, 0, 0);
+    carry = (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+    nist_set_224(t_d, buf, 0, 13, 12, 11, 0, 0, 0);
+    carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+    nist_set_224(t_d, buf, 13, 12, 11, 10, 9, 8, 7);
+    carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
+    nist_set_224(t_d, buf, 0, 0, 0, 0, 13, 12, 11);
+    carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_224_TOP);
 
 #if BN_BITS2==64
-	carry = (int)(r_d[BN_NIST_224_TOP-1]>>32);
+    carry = (int)(r_d[BN_NIST_224_TOP - 1] >> 32);
 #endif
-	u.f = bn_sub_words;
-	if (carry > 0)
-		{
-		carry = (int)bn_sub_words(r_d,r_d,_nist_p_224[carry-1],BN_NIST_224_TOP);
+    u.f = bn_sub_words;
+    if (carry > 0) {
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_224[carry - 1],
+                              BN_NIST_224_TOP);
 #if BN_BITS2==64
-		carry=(int)(~(r_d[BN_NIST_224_TOP-1]>>32))&1;
+        carry = (int)(~(r_d[BN_NIST_224_TOP - 1] >> 32)) & 1;
 #endif
-		}
-	else if (carry < 0)
-		{
-		/* it's a bit more comlicated logic in this case.
-		 * if bn_add_words yields no carry, then result
-		 * has to be adjusted by unconditionally *adding*
-		 * the modulus. but if it does, then result has
-		 * to be compared to the modulus and conditionally
-		 * adjusted by *subtracting* the latter. */
-		carry = (int)bn_add_words(r_d,r_d,_nist_p_224[-carry-1],BN_NIST_224_TOP);
-		mask = 0-(size_t)carry;
-		u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
-		}
-	else
-		carry = 1;
-
-	/* otherwise it's effectively same as in BN_nist_mod_192... */
-	mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_224[0],BN_NIST_224_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
-	nist_cp_bn(r_d, res, BN_NIST_224_TOP);
-	r->top = BN_NIST_224_TOP;
-	bn_correct_top(r);
-
-	return 1;
-	}
+    } else if (carry < 0) {
+        /*
+         * it's a bit more comlicated logic in this case. if bn_add_words
+         * yields no carry, then result has to be adjusted by unconditionally
+         * *adding* the modulus. but if it does, then result has to be
+         * compared to the modulus and conditionally adjusted by
+         * *subtracting* the latter.
+         */
+        carry =
+            (int)bn_add_words(r_d, r_d, _nist_p_224[-carry - 1],
+                              BN_NIST_224_TOP);
+        mask = 0 - (size_t)carry;
+        u.p = ((size_t)bn_sub_words & mask) | ((size_t)bn_add_words & ~mask);
+    } else
+        carry = 1;
+
+    /* otherwise it's effectively same as in BN_nist_mod_192... */
+    mask = 0 - (size_t)(*u.f) (c_d, r_d, _nist_p_224[0], BN_NIST_224_TOP);
+    mask &= 0 - (size_t)carry;
+    res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_224_TOP);
+    r->top = BN_NIST_224_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
 
 #define nist_set_256(to, from, a1, a2, a3, a4, a5, a6, a7, a8) \
-	{ \
-	bn_cp_32(to, 0, from, (a8) - 8) \
-	bn_cp_32(to, 1, from, (a7) - 8) \
-	bn_cp_32(to, 2, from, (a6) - 8) \
-	bn_cp_32(to, 3, from, (a5) - 8) \
-	bn_cp_32(to, 4, from, (a4) - 8) \
-	bn_cp_32(to, 5, from, (a3) - 8) \
-	bn_cp_32(to, 6, from, (a2) - 8) \
-	bn_cp_32(to, 7, from, (a1) - 8) \
-	}
+        { \
+        bn_cp_32(to, 0, from, (a8) - 8) \
+        bn_cp_32(to, 1, from, (a7) - 8) \
+        bn_cp_32(to, 2, from, (a6) - 8) \
+        bn_cp_32(to, 3, from, (a5) - 8) \
+        bn_cp_32(to, 4, from, (a4) - 8) \
+        bn_cp_32(to, 5, from, (a3) - 8) \
+        bn_cp_32(to, 6, from, (a2) - 8) \
+        bn_cp_32(to, 7, from, (a1) - 8) \
+        }
 
 int BN_nist_mod_256(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
-	BN_CTX *ctx)
-	{
-	int	i, top = a->top;
-	int	carry = 0;
-	register BN_ULONG *a_d = a->d, *r_d;
-	BN_ULONG t_d[BN_NIST_256_TOP],
-	         buf[BN_NIST_256_TOP],
-		 c_d[BN_NIST_256_TOP],
-		*res;
-	size_t   mask;
-	union { bn_addsub_f f; size_t p; } u;
-	static const BIGNUM _bignum_nist_p_256_sqr = {
-		(BN_ULONG *)_nist_p_256_sqr,
-		sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
-		sizeof(_nist_p_256_sqr)/sizeof(_nist_p_256_sqr[0]),
-		0,BN_FLG_STATIC_DATA };
-
-	field = &_bignum_nist_p_256; /* just to make sure */
-
- 	if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_256_sqr)>=0)
-		return BN_nnmod(r, a, field, ctx);
-
-	i = BN_ucmp(field, a);
-	if (i == 0)
-		{
-		BN_zero(r);
-		return 1;
-		}
-	else if (i > 0)
-		return (r == a)? 1 : (BN_copy(r ,a) != NULL);
-
-	if (r != a)
-		{
-		if (!bn_wexpand(r, BN_NIST_256_TOP))
-			return 0;
-		r_d = r->d;
-		nist_cp_bn(r_d, a_d, BN_NIST_256_TOP);
-		}
-	else
-		r_d = a_d;
-
-	nist_cp_bn_0(buf, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP, BN_NIST_256_TOP);
-
-	/*S1*/
-	nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0);
-	/*S2*/
-	nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0);
-	carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
-	/* left shift */
-		{
-		register BN_ULONG *ap,t,c;
-		ap = t_d;
-		c=0;
-		for (i = BN_NIST_256_TOP; i != 0; --i)
-			{
-			t= *ap;
-			*(ap++)=((t<<1)|c)&BN_MASK2;
-			c=(t & BN_TBIT)?1:0;
-			}
-		carry <<= 1;
-		carry  |= c;
-		}
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-	/*S3*/
-	nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-	/*S4*/
-	nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-	/*D1*/
-	nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-	/*D2*/
-	nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-	/*D3*/
-	nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-	/*D4*/
-	nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
-
-	/* see BN_nist_mod_224 for explanation */
-	u.f = bn_sub_words;
-	if (carry > 0)
-		carry = (int)bn_sub_words(r_d,r_d,_nist_p_256[carry-1],BN_NIST_256_TOP);
-	else if (carry < 0)
-		{
-		carry = (int)bn_add_words(r_d,r_d,_nist_p_256[-carry-1],BN_NIST_256_TOP);
-		mask = 0-(size_t)carry;
-		u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
-		}
-	else
-		carry = 1;
-
-	mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_256[0],BN_NIST_256_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
-	nist_cp_bn(r_d, res, BN_NIST_256_TOP);
-	r->top = BN_NIST_256_TOP;
-	bn_correct_top(r);
-
-	return 1;
-	}
+                    BN_CTX *ctx)
+{
+    int i, top = a->top;
+    int carry = 0;
+    register BN_ULONG *a_d = a->d, *r_d;
+    BN_ULONG t_d[BN_NIST_256_TOP],
+        buf[BN_NIST_256_TOP], c_d[BN_NIST_256_TOP], *res;
+    size_t mask;
+    union {
+        bn_addsub_f f;
+        size_t p;
+    } u;
+    static const BIGNUM _bignum_nist_p_256_sqr = {
+        (BN_ULONG *)_nist_p_256_sqr,
+        sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]),
+        sizeof(_nist_p_256_sqr) / sizeof(_nist_p_256_sqr[0]),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_256; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_256_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_256_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_256_TOP);
+    } else
+        r_d = a_d;
+
+    nist_cp_bn_0(buf, a_d + BN_NIST_256_TOP, top - BN_NIST_256_TOP,
+                 BN_NIST_256_TOP);
+
+    /*
+     * S1
+     */
+    nist_set_256(t_d, buf, 15, 14, 13, 12, 11, 0, 0, 0);
+    /*
+     * S2
+     */
+    nist_set_256(c_d, buf, 0, 15, 14, 13, 12, 0, 0, 0);
+    carry = (int)bn_add_words(t_d, t_d, c_d, BN_NIST_256_TOP);
+    /* left shift */
+    {
+        register BN_ULONG *ap, t, c;
+        ap = t_d;
+        c = 0;
+        for (i = BN_NIST_256_TOP; i != 0; --i) {
+            t = *ap;
+            *(ap++) = ((t << 1) | c) & BN_MASK2;
+            c = (t & BN_TBIT) ? 1 : 0;
+        }
+        carry <<= 1;
+        carry |= c;
+    }
+    carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+    /*
+     * S3
+     */
+    nist_set_256(t_d, buf, 15, 14, 0, 0, 0, 10, 9, 8);
+    carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+    /*
+     * S4
+     */
+    nist_set_256(t_d, buf, 8, 13, 15, 14, 13, 11, 10, 9);
+    carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+    /*
+     * D1
+     */
+    nist_set_256(t_d, buf, 10, 8, 0, 0, 0, 13, 12, 11);
+    carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+    /*
+     * D2
+     */
+    nist_set_256(t_d, buf, 11, 9, 0, 0, 15, 14, 13, 12);
+    carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+    /*
+     * D3
+     */
+    nist_set_256(t_d, buf, 12, 0, 10, 9, 8, 15, 14, 13);
+    carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+    /*
+     * D4
+     */
+    nist_set_256(t_d, buf, 13, 0, 11, 10, 9, 0, 15, 14);
+    carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_256_TOP);
+
+    /* see BN_nist_mod_224 for explanation */
+    u.f = bn_sub_words;
+    if (carry > 0)
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_256[carry - 1],
+                              BN_NIST_256_TOP);
+    else if (carry < 0) {
+        carry =
+            (int)bn_add_words(r_d, r_d, _nist_p_256[-carry - 1],
+                              BN_NIST_256_TOP);
+        mask = 0 - (size_t)carry;
+        u.p = ((size_t)bn_sub_words & mask) | ((size_t)bn_add_words & ~mask);
+    } else
+        carry = 1;
+
+    mask = 0 - (size_t)(*u.f) (c_d, r_d, _nist_p_256[0], BN_NIST_256_TOP);
+    mask &= 0 - (size_t)carry;
+    res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_256_TOP);
+    r->top = BN_NIST_256_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
 
 #define nist_set_384(to,from,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12) \
-	{ \
-	bn_cp_32(to, 0, from,  (a12) - 12) \
-	bn_cp_32(to, 1, from,  (a11) - 12) \
-	bn_cp_32(to, 2, from,  (a10) - 12) \
-	bn_cp_32(to, 3, from,  (a9) - 12)  \
-	bn_cp_32(to, 4, from,  (a8) - 12)  \
-	bn_cp_32(to, 5, from,  (a7) - 12)  \
-	bn_cp_32(to, 6, from,  (a6) - 12)  \
-	bn_cp_32(to, 7, from,  (a5) - 12)  \
-	bn_cp_32(to, 8, from,  (a4) - 12)  \
-	bn_cp_32(to, 9, from,  (a3) - 12)  \
-	bn_cp_32(to, 10, from, (a2) - 12)  \
-	bn_cp_32(to, 11, from, (a1) - 12)  \
-	}
+        { \
+        bn_cp_32(to, 0, from,  (a12) - 12) \
+        bn_cp_32(to, 1, from,  (a11) - 12) \
+        bn_cp_32(to, 2, from,  (a10) - 12) \
+        bn_cp_32(to, 3, from,  (a9) - 12)  \
+        bn_cp_32(to, 4, from,  (a8) - 12)  \
+        bn_cp_32(to, 5, from,  (a7) - 12)  \
+        bn_cp_32(to, 6, from,  (a6) - 12)  \
+        bn_cp_32(to, 7, from,  (a5) - 12)  \
+        bn_cp_32(to, 8, from,  (a4) - 12)  \
+        bn_cp_32(to, 9, from,  (a3) - 12)  \
+        bn_cp_32(to, 10, from, (a2) - 12)  \
+        bn_cp_32(to, 11, from, (a1) - 12)  \
+        }
 
 int BN_nist_mod_384(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
-	BN_CTX *ctx)
-	{
-	int	i, top = a->top;
-	int	carry = 0;
-	register BN_ULONG *r_d, *a_d = a->d;
-	BN_ULONG t_d[BN_NIST_384_TOP],
-	         buf[BN_NIST_384_TOP],
-		 c_d[BN_NIST_384_TOP],
-		*res;
-	size_t	 mask;
-	union { bn_addsub_f f; size_t p; } u;
-	static const BIGNUM _bignum_nist_p_384_sqr = {
-		(BN_ULONG *)_nist_p_384_sqr,
-		sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
-		sizeof(_nist_p_384_sqr)/sizeof(_nist_p_384_sqr[0]),
-		0,BN_FLG_STATIC_DATA };
-
-
-	field = &_bignum_nist_p_384; /* just to make sure */
-
- 	if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_384_sqr)>=0)
-		return BN_nnmod(r, a, field, ctx);
-
-	i = BN_ucmp(field, a);
-	if (i == 0)
-		{
-		BN_zero(r);
-		return 1;
-		}
-	else if (i > 0)
-		return (r == a)? 1 : (BN_copy(r ,a) != NULL);
-
-	if (r != a)
-		{
-		if (!bn_wexpand(r, BN_NIST_384_TOP))
-			return 0;
-		r_d = r->d;
-		nist_cp_bn(r_d, a_d, BN_NIST_384_TOP);
-		}
-	else
-		r_d = a_d;
-
-	nist_cp_bn_0(buf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP, BN_NIST_384_TOP);
-
-	/*S1*/
-	nist_set_256(t_d, buf, 0, 0, 0, 0, 0, 23-4, 22-4, 21-4);
-		/* left shift */
-		{
-		register BN_ULONG *ap,t,c;
-		ap = t_d;
-		c=0;
-		for (i = 3; i != 0; --i)
-			{
-			t= *ap;
-			*(ap++)=((t<<1)|c)&BN_MASK2;
-			c=(t & BN_TBIT)?1:0;
-			}
-		*ap=c;
-		}
-	carry = (int)bn_add_words(r_d+(128/BN_BITS2), r_d+(128/BN_BITS2), 
-		t_d, BN_NIST_256_TOP);
-	/*S2 */
-	carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP);
-	/*S3*/
-	nist_set_384(t_d,buf,20,19,18,17,16,15,14,13,12,23,22,21);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-	/*S4*/
-	nist_set_384(t_d,buf,19,18,17,16,15,14,13,12,20,0,23,0);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-	/*S5*/
-	nist_set_384(t_d, buf,0,0,0,0,23,22,21,20,0,0,0,0);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-	/*S6*/
-	nist_set_384(t_d,buf,0,0,0,0,0,0,23,22,21,0,0,20);
-	carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-	/*D1*/
-	nist_set_384(t_d,buf,22,21,20,19,18,17,16,15,14,13,12,23);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-	/*D2*/
-	nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,22,21,20,0);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-	/*D3*/
-	nist_set_384(t_d,buf,0,0,0,0,0,0,0,23,23,0,0,0);
-	carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
-
-	/* see BN_nist_mod_224 for explanation */
-	u.f = bn_sub_words;
-	if (carry > 0)
-		carry = (int)bn_sub_words(r_d,r_d,_nist_p_384[carry-1],BN_NIST_384_TOP);
-	else if (carry < 0)
-		{
-		carry = (int)bn_add_words(r_d,r_d,_nist_p_384[-carry-1],BN_NIST_384_TOP);
-		mask = 0-(size_t)carry;
-		u.p = ((size_t)bn_sub_words&mask) | ((size_t)bn_add_words&~mask);
-		}
-	else
-		carry = 1;
-
-	mask  = 0-(size_t)(*u.f)(c_d,r_d,_nist_p_384[0],BN_NIST_384_TOP);
-	mask &= 0-(size_t)carry;
-	res   = (BN_ULONG *)(((size_t)c_d&~mask) | ((size_t)r_d&mask));
-	nist_cp_bn(r_d, res, BN_NIST_384_TOP);
-	r->top = BN_NIST_384_TOP;
-	bn_correct_top(r);
-
-	return 1;
-	}
-
-#define BN_NIST_521_RSHIFT	(521%BN_BITS2)
-#define BN_NIST_521_LSHIFT	(BN_BITS2-BN_NIST_521_RSHIFT)
-#define BN_NIST_521_TOP_MASK	((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT)
+                    BN_CTX *ctx)
+{
+    int i, top = a->top;
+    int carry = 0;
+    register BN_ULONG *r_d, *a_d = a->d;
+    BN_ULONG t_d[BN_NIST_384_TOP],
+        buf[BN_NIST_384_TOP], c_d[BN_NIST_384_TOP], *res;
+    size_t mask;
+    union {
+        bn_addsub_f f;
+        size_t p;
+    } u;
+    static const BIGNUM _bignum_nist_p_384_sqr = {
+        (BN_ULONG *)_nist_p_384_sqr,
+        sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]),
+        sizeof(_nist_p_384_sqr) / sizeof(_nist_p_384_sqr[0]),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_384; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_384_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_384_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_384_TOP);
+    } else
+        r_d = a_d;
+
+    nist_cp_bn_0(buf, a_d + BN_NIST_384_TOP, top - BN_NIST_384_TOP,
+                 BN_NIST_384_TOP);
+
+    /*
+     * S1
+     */
+    nist_set_256(t_d, buf, 0, 0, 0, 0, 0, 23 - 4, 22 - 4, 21 - 4);
+    /* left shift */
+    {
+        register BN_ULONG *ap, t, c;
+        ap = t_d;
+        c = 0;
+        for (i = 3; i != 0; --i) {
+            t = *ap;
+            *(ap++) = ((t << 1) | c) & BN_MASK2;
+            c = (t & BN_TBIT) ? 1 : 0;
+        }
+        *ap = c;
+    }
+    carry = (int)bn_add_words(r_d + (128 / BN_BITS2), r_d + (128 / BN_BITS2),
+                              t_d, BN_NIST_256_TOP);
+    /*
+     * S2
+     */
+    carry += (int)bn_add_words(r_d, r_d, buf, BN_NIST_384_TOP);
+    /*
+     * S3
+     */
+    nist_set_384(t_d, buf, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23, 22, 21);
+    carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+    /*
+     * S4
+     */
+    nist_set_384(t_d, buf, 19, 18, 17, 16, 15, 14, 13, 12, 20, 0, 23, 0);
+    carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+    /*
+     * S5
+     */
+    nist_set_384(t_d, buf, 0, 0, 0, 0, 23, 22, 21, 20, 0, 0, 0, 0);
+    carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+    /*
+     * S6
+     */
+    nist_set_384(t_d, buf, 0, 0, 0, 0, 0, 0, 23, 22, 21, 0, 0, 20);
+    carry += (int)bn_add_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+    /*
+     * D1
+     */
+    nist_set_384(t_d, buf, 22, 21, 20, 19, 18, 17, 16, 15, 14, 13, 12, 23);
+    carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+    /*
+     * D2
+     */
+    nist_set_384(t_d, buf, 0, 0, 0, 0, 0, 0, 0, 23, 22, 21, 20, 0);
+    carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+    /*
+     * D3
+     */
+    nist_set_384(t_d, buf, 0, 0, 0, 0, 0, 0, 0, 23, 23, 0, 0, 0);
+    carry -= (int)bn_sub_words(r_d, r_d, t_d, BN_NIST_384_TOP);
+
+    /* see BN_nist_mod_224 for explanation */
+    u.f = bn_sub_words;
+    if (carry > 0)
+        carry =
+            (int)bn_sub_words(r_d, r_d, _nist_p_384[carry - 1],
+                              BN_NIST_384_TOP);
+    else if (carry < 0) {
+        carry =
+            (int)bn_add_words(r_d, r_d, _nist_p_384[-carry - 1],
+                              BN_NIST_384_TOP);
+        mask = 0 - (size_t)carry;
+        u.p = ((size_t)bn_sub_words & mask) | ((size_t)bn_add_words & ~mask);
+    } else
+        carry = 1;
+
+    mask = 0 - (size_t)(*u.f) (c_d, r_d, _nist_p_384[0], BN_NIST_384_TOP);
+    mask &= 0 - (size_t)carry;
+    res = (BN_ULONG *)(((size_t)c_d & ~mask) | ((size_t)r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_384_TOP);
+    r->top = BN_NIST_384_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
+
+#define BN_NIST_521_RSHIFT      (521%BN_BITS2)
+#define BN_NIST_521_LSHIFT      (BN_BITS2-BN_NIST_521_RSHIFT)
+#define BN_NIST_521_TOP_MASK    ((BN_ULONG)BN_MASK2>>BN_NIST_521_LSHIFT)
 
 int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
-	BN_CTX *ctx)
-	{
-	int	top = a->top, i;
-	BN_ULONG *r_d, *a_d = a->d,
-		 t_d[BN_NIST_521_TOP],
-		 val,tmp,*res;
-	size_t	mask;
-	static const BIGNUM _bignum_nist_p_521_sqr = {
-		(BN_ULONG *)_nist_p_521_sqr,
-		sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
-		sizeof(_nist_p_521_sqr)/sizeof(_nist_p_521_sqr[0]),
-		0,BN_FLG_STATIC_DATA };
-
-	field = &_bignum_nist_p_521; /* just to make sure */
-
- 	if (BN_is_negative(a) || BN_ucmp(a,&_bignum_nist_p_521_sqr)>=0)
-		return BN_nnmod(r, a, field, ctx);
-
-	i = BN_ucmp(field, a);
-	if (i == 0)
-		{
-		BN_zero(r);
-		return 1;
-		}
-	else if (i > 0)
-		return (r == a)? 1 : (BN_copy(r ,a) != NULL);
-
-	if (r != a)
-		{
-		if (!bn_wexpand(r,BN_NIST_521_TOP))
-			return 0;
-		r_d = r->d;
-		nist_cp_bn(r_d,a_d, BN_NIST_521_TOP);
-		}
-	else
-		r_d = a_d;
-
-	/* upper 521 bits, copy ... */
-	nist_cp_bn_0(t_d,a_d + (BN_NIST_521_TOP-1), top - (BN_NIST_521_TOP-1),BN_NIST_521_TOP);
-	/* ... and right shift */
-	for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++)
-		{
-		tmp = val>>BN_NIST_521_RSHIFT;
-		val = t_d[i+1];
-		t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2;
-		}
-	t_d[i] = val>>BN_NIST_521_RSHIFT;
-	/* lower 521 bits */
-	r_d[i] &= BN_NIST_521_TOP_MASK;
-
-	bn_add_words(r_d,r_d,t_d,BN_NIST_521_TOP);
-	mask = 0-(size_t)bn_sub_words(t_d,r_d,_nist_p_521,BN_NIST_521_TOP);
-	res  = (BN_ULONG *)(((size_t)t_d&~mask) | ((size_t)r_d&mask));
-	nist_cp_bn(r_d,res,BN_NIST_521_TOP);
-	r->top = BN_NIST_521_TOP;
-	bn_correct_top(r);
-
-	return 1;
-	}
+                    BN_CTX *ctx)
+{
+    int top = a->top, i;
+    BN_ULONG *r_d, *a_d = a->d, t_d[BN_NIST_521_TOP], val, tmp, *res;
+    size_t mask;
+    static const BIGNUM _bignum_nist_p_521_sqr = {
+        (BN_ULONG *)_nist_p_521_sqr,
+        sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]),
+        sizeof(_nist_p_521_sqr) / sizeof(_nist_p_521_sqr[0]),
+        0, BN_FLG_STATIC_DATA
+    };
+
+    field = &_bignum_nist_p_521; /* just to make sure */
+
+    if (BN_is_negative(a) || BN_ucmp(a, &_bignum_nist_p_521_sqr) >= 0)
+        return BN_nnmod(r, a, field, ctx);
+
+    i = BN_ucmp(field, a);
+    if (i == 0) {
+        BN_zero(r);
+        return 1;
+    } else if (i > 0)
+        return (r == a) ? 1 : (BN_copy(r, a) != NULL);
+
+    if (r != a) {
+        if (!bn_wexpand(r, BN_NIST_521_TOP))
+            return 0;
+        r_d = r->d;
+        nist_cp_bn(r_d, a_d, BN_NIST_521_TOP);
+    } else
+        r_d = a_d;
+
+    /* upper 521 bits, copy ... */
+    nist_cp_bn_0(t_d, a_d + (BN_NIST_521_TOP - 1),
+                 top - (BN_NIST_521_TOP - 1), BN_NIST_521_TOP);
+    /* ... and right shift */
+    for (val = t_d[0], i = 0; i < BN_NIST_521_TOP - 1; i++) {
+        tmp = val >> BN_NIST_521_RSHIFT;
+        val = t_d[i + 1];
+        t_d[i] = (tmp | val << BN_NIST_521_LSHIFT) & BN_MASK2;
+    }
+    t_d[i] = val >> BN_NIST_521_RSHIFT;
+    /* lower 521 bits */
+    r_d[i] &= BN_NIST_521_TOP_MASK;
+
+    bn_add_words(r_d, r_d, t_d, BN_NIST_521_TOP);
+    mask = 0 - (size_t)bn_sub_words(t_d, r_d, _nist_p_521, BN_NIST_521_TOP);
+    res = (BN_ULONG *)(((size_t)t_d & ~mask) | ((size_t)r_d & mask));
+    nist_cp_bn(r_d, res, BN_NIST_521_TOP);
+    r->top = BN_NIST_521_TOP;
+    bn_correct_top(r);
+
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_opt.c b/Cryptlib/OpenSSL/crypto/bn/bn_opt.c
index 21cbb38f..efdebdd6 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_opt.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_opt.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -57,7 +57,7 @@
  */
 
 #ifndef BN_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
+# undef NDEBUG                  /* avoid conflicting definitions */
 # define NDEBUG
 #endif
 
@@ -68,20 +68,19 @@
 #include "bn_lcl.h"
 
 char *BN_options(void)
-	{
-	static int init=0;
-	static char data[16];
+{
+    static int init = 0;
+    static char data[16];
 
-	if (!init)
-		{
-		init++;
+    if (!init) {
+        init++;
 #ifdef BN_LLONG
-		BIO_snprintf(data,sizeof data,"bn(%d,%d)",
-			     (int)sizeof(BN_ULLONG)*8,(int)sizeof(BN_ULONG)*8);
+        BIO_snprintf(data, sizeof data, "bn(%d,%d)",
+                     (int)sizeof(BN_ULLONG) * 8, (int)sizeof(BN_ULONG) * 8);
 #else
-		BIO_snprintf(data,sizeof data,"bn(%d,%d)",
-			     (int)sizeof(BN_ULONG)*8,(int)sizeof(BN_ULONG)*8);
+        BIO_snprintf(data, sizeof data, "bn(%d,%d)",
+                     (int)sizeof(BN_ULONG) * 8, (int)sizeof(BN_ULONG) * 8);
 #endif
-		}
-	return(data);
-	}
+    }
+    return (data);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c
index 7b25979d..1d256874 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -115,380 +115,401 @@
 #include "bn_lcl.h"
 #include <openssl/rand.h>
 
-/* NB: these functions have been "upgraded", the deprecated versions (which are
- * compatibility wrappers using these functions) are in bn_depr.c.
- * - Geoff
+/*
+ * NB: these functions have been "upgraded", the deprecated versions (which
+ * are compatibility wrappers using these functions) are in bn_depr.c. -
+ * Geoff
  */
 
-/* The quick sieve algorithm approach to weeding out primes is
- * Philip Zimmermann's, as implemented in PGP.  I have had a read of
- * his comments and implemented my own version.
+/*
+ * The quick sieve algorithm approach to weeding out primes is Philip
+ * Zimmermann's, as implemented in PGP.  I have had a read of his comments
+ * and implemented my own version.
  */
 #include "bn_prime.h"
 
 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
-	const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont);
+                   const BIGNUM *a1_odd, int k, BN_CTX *ctx,
+                   BN_MONT_CTX *mont);
 static int probable_prime(BIGNUM *rnd, int bits);
 static int probable_prime_dh(BIGNUM *rnd, int bits,
-	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
-static int probable_prime_dh_safe(BIGNUM *rnd, int bits,
-	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx);
+                             const BIGNUM *add, const BIGNUM *rem,
+                             BN_CTX *ctx);
+static int probable_prime_dh_safe(BIGNUM *rnd, int bits, const BIGNUM *add,
+                                  const BIGNUM *rem, BN_CTX *ctx);
 
 int BN_GENCB_call(BN_GENCB *cb, int a, int b)
-	{
-	/* No callback means continue */
-	if(!cb) return 1;
-	switch(cb->ver)
-		{
-	case 1:
-		/* Deprecated-style callbacks */
-		if(!cb->cb.cb_1)
-			return 1;
-		cb->cb.cb_1(a, b, cb->arg);
-		return 1;
-	case 2:
-		/* New-style callbacks */
-		return cb->cb.cb_2(a, b, cb);
-	default:
-		break;
-		}
-	/* Unrecognised callback type */
-	return 0;
-	}
+{
+    /* No callback means continue */
+    if (!cb)
+        return 1;
+    switch (cb->ver) {
+    case 1:
+        /* Deprecated-style callbacks */
+        if (!cb->cb.cb_1)
+            return 1;
+        cb->cb.cb_1(a, b, cb->arg);
+        return 1;
+    case 2:
+        /* New-style callbacks */
+        return cb->cb.cb_2(a, b, cb);
+    default:
+        break;
+    }
+    /* Unrecognised callback type */
+    return 0;
+}
 
 int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
-	const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
-	{
-	BIGNUM *t;
-	int found=0;
-	int i,j,c1=0;
-	BN_CTX *ctx;
-	int checks = BN_prime_checks_for_size(bits);
-
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-	BN_CTX_start(ctx);
-	t = BN_CTX_get(ctx);
-	if(!t) goto err;
-loop: 
-	/* make a random number and set the top and bottom bits */
-	if (add == NULL)
-		{
-		if (!probable_prime(ret,bits)) goto err;
-		}
-	else
-		{
-		if (safe)
-			{
-			if (!probable_prime_dh_safe(ret,bits,add,rem,ctx))
-				 goto err;
-			}
-		else
-			{
-			if (!probable_prime_dh(ret,bits,add,rem,ctx))
-				goto err;
-			}
-		}
-	/* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
-	if(!BN_GENCB_call(cb, 0, c1++))
-		/* aborted */
-		goto err;
-
-	if (!safe)
-		{
-		i=BN_is_prime_fasttest_ex(ret,checks,ctx,0,cb);
-		if (i == -1) goto err;
-		if (i == 0) goto loop;
-		}
-	else
-		{
-		/* for "safe prime" generation,
-		 * check that (p-1)/2 is prime.
-		 * Since a prime is odd, We just
-		 * need to divide by 2 */
-		if (!BN_rshift1(t,ret)) goto err;
-
-		for (i=0; i<checks; i++)
-			{
-			j=BN_is_prime_fasttest_ex(ret,1,ctx,0,cb);
-			if (j == -1) goto err;
-			if (j == 0) goto loop;
-
-			j=BN_is_prime_fasttest_ex(t,1,ctx,0,cb);
-			if (j == -1) goto err;
-			if (j == 0) goto loop;
-
-			if(!BN_GENCB_call(cb, 2, c1-1))
-				goto err;
-			/* We have a safe prime test pass */
-			}
-		}
-	/* we have a prime :-) */
-	found = 1;
-err:
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	bn_check_top(ret);
-	return found;
-	}
-
-int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed, BN_GENCB *cb)
-	{
-	return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
-	}
+                         const BIGNUM *add, const BIGNUM *rem, BN_GENCB *cb)
+{
+    BIGNUM *t;
+    int found = 0;
+    int i, j, c1 = 0;
+    BN_CTX *ctx;
+    int checks = BN_prime_checks_for_size(bits);
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    t = BN_CTX_get(ctx);
+    if (!t)
+        goto err;
+ loop:
+    /* make a random number and set the top and bottom bits */
+    if (add == NULL) {
+        if (!probable_prime(ret, bits))
+            goto err;
+    } else {
+        if (safe) {
+            if (!probable_prime_dh_safe(ret, bits, add, rem, ctx))
+                goto err;
+        } else {
+            if (!probable_prime_dh(ret, bits, add, rem, ctx))
+                goto err;
+        }
+    }
+    /* if (BN_mod_word(ret,(BN_ULONG)3) == 1) goto loop; */
+    if (!BN_GENCB_call(cb, 0, c1++))
+        /* aborted */
+        goto err;
+
+    if (!safe) {
+        i = BN_is_prime_fasttest_ex(ret, checks, ctx, 0, cb);
+        if (i == -1)
+            goto err;
+        if (i == 0)
+            goto loop;
+    } else {
+        /*
+         * for "safe prime" generation, check that (p-1)/2 is prime. Since a
+         * prime is odd, We just need to divide by 2
+         */
+        if (!BN_rshift1(t, ret))
+            goto err;
+
+        for (i = 0; i < checks; i++) {
+            j = BN_is_prime_fasttest_ex(ret, 1, ctx, 0, cb);
+            if (j == -1)
+                goto err;
+            if (j == 0)
+                goto loop;
+
+            j = BN_is_prime_fasttest_ex(t, 1, ctx, 0, cb);
+            if (j == -1)
+                goto err;
+            if (j == 0)
+                goto loop;
+
+            if (!BN_GENCB_call(cb, 2, c1 - 1))
+                goto err;
+            /* We have a safe prime test pass */
+        }
+    }
+    /* we have a prime :-) */
+    found = 1;
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    bn_check_top(ret);
+    return found;
+}
+
+int BN_is_prime_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
+                   BN_GENCB *cb)
+{
+    return BN_is_prime_fasttest_ex(a, checks, ctx_passed, 0, cb);
+}
 
 int BN_is_prime_fasttest_ex(const BIGNUM *a, int checks, BN_CTX *ctx_passed,
-		int do_trial_division, BN_GENCB *cb)
-	{
-	int i, j, ret = -1;
-	int k;
-	BN_CTX *ctx = NULL;
-	BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
-	BN_MONT_CTX *mont = NULL;
-	const BIGNUM *A = NULL;
-
-	if (BN_cmp(a, BN_value_one()) <= 0)
-		return 0;
-	
-	if (checks == BN_prime_checks)
-		checks = BN_prime_checks_for_size(BN_num_bits(a));
-
-	/* first look for small factors */
-	if (!BN_is_odd(a))
-		/* a is even => a is prime if and only if a == 2 */
-		return BN_is_word(a, 2);
-	if (do_trial_division)
-		{
-		for (i = 1; i < NUMPRIMES; i++)
-			if (BN_mod_word(a, primes[i]) == 0) 
-				return 0;
-		if(!BN_GENCB_call(cb, 1, -1))
-			goto err;
-		}
-
-	if (ctx_passed != NULL)
-		ctx = ctx_passed;
-	else
-		if ((ctx=BN_CTX_new()) == NULL)
-			goto err;
-	BN_CTX_start(ctx);
-
-	/* A := abs(a) */
-	if (a->neg)
-		{
-		BIGNUM *t;
-		if ((t = BN_CTX_get(ctx)) == NULL) goto err;
-		BN_copy(t, a);
-		t->neg = 0;
-		A = t;
-		}
-	else
-		A = a;
-	A1 = BN_CTX_get(ctx);
-	A1_odd = BN_CTX_get(ctx);
-	check = BN_CTX_get(ctx);
-	if (check == NULL) goto err;
-
-	/* compute A1 := A - 1 */
-	if (!BN_copy(A1, A))
-		goto err;
-	if (!BN_sub_word(A1, 1))
-		goto err;
-	if (BN_is_zero(A1))
-		{
-		ret = 0;
-		goto err;
-		}
-
-	/* write  A1  as  A1_odd * 2^k */
-	k = 1;
-	while (!BN_is_bit_set(A1, k))
-		k++;
-	if (!BN_rshift(A1_odd, A1, k))
-		goto err;
-
-	/* Montgomery setup for computations mod A */
-	mont = BN_MONT_CTX_new();
-	if (mont == NULL)
-		goto err;
-	if (!BN_MONT_CTX_set(mont, A, ctx))
-		goto err;
-	
-	for (i = 0; i < checks; i++)
-		{
-		if (!BN_pseudo_rand_range(check, A1))
-			goto err;
-		if (!BN_add_word(check, 1))
-			goto err;
-		/* now 1 <= check < A */
-
-		j = witness(check, A, A1, A1_odd, k, ctx, mont);
-		if (j == -1) goto err;
-		if (j)
-			{
-			ret=0;
-			goto err;
-			}
-		if(!BN_GENCB_call(cb, 1, i))
-			goto err;
-		}
-	ret=1;
-err:
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		if (ctx_passed == NULL)
-			BN_CTX_free(ctx);
-		}
-	if (mont != NULL)
-		BN_MONT_CTX_free(mont);
-
-	return(ret);
-	}
+                            int do_trial_division, BN_GENCB *cb)
+{
+    int i, j, ret = -1;
+    int k;
+    BN_CTX *ctx = NULL;
+    BIGNUM *A1, *A1_odd, *check; /* taken from ctx */
+    BN_MONT_CTX *mont = NULL;
+    const BIGNUM *A = NULL;
+
+    if (BN_cmp(a, BN_value_one()) <= 0)
+        return 0;
+
+    if (checks == BN_prime_checks)
+        checks = BN_prime_checks_for_size(BN_num_bits(a));
+
+    /* first look for small factors */
+    if (!BN_is_odd(a))
+        /* a is even => a is prime if and only if a == 2 */
+        return BN_is_word(a, 2);
+    if (do_trial_division) {
+        for (i = 1; i < NUMPRIMES; i++)
+            if (BN_mod_word(a, primes[i]) == 0)
+                return 0;
+        if (!BN_GENCB_call(cb, 1, -1))
+            goto err;
+    }
+
+    if (ctx_passed != NULL)
+        ctx = ctx_passed;
+    else if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+
+    /* A := abs(a) */
+    if (a->neg) {
+        BIGNUM *t;
+        if ((t = BN_CTX_get(ctx)) == NULL)
+            goto err;
+        BN_copy(t, a);
+        t->neg = 0;
+        A = t;
+    } else
+        A = a;
+    A1 = BN_CTX_get(ctx);
+    A1_odd = BN_CTX_get(ctx);
+    check = BN_CTX_get(ctx);
+    if (check == NULL)
+        goto err;
+
+    /* compute A1 := A - 1 */
+    if (!BN_copy(A1, A))
+        goto err;
+    if (!BN_sub_word(A1, 1))
+        goto err;
+    if (BN_is_zero(A1)) {
+        ret = 0;
+        goto err;
+    }
+
+    /* write  A1  as  A1_odd * 2^k */
+    k = 1;
+    while (!BN_is_bit_set(A1, k))
+        k++;
+    if (!BN_rshift(A1_odd, A1, k))
+        goto err;
+
+    /* Montgomery setup for computations mod A */
+    mont = BN_MONT_CTX_new();
+    if (mont == NULL)
+        goto err;
+    if (!BN_MONT_CTX_set(mont, A, ctx))
+        goto err;
+
+    for (i = 0; i < checks; i++) {
+        if (!BN_pseudo_rand_range(check, A1))
+            goto err;
+        if (!BN_add_word(check, 1))
+            goto err;
+        /* now 1 <= check < A */
+
+        j = witness(check, A, A1, A1_odd, k, ctx, mont);
+        if (j == -1)
+            goto err;
+        if (j) {
+            ret = 0;
+            goto err;
+        }
+        if (!BN_GENCB_call(cb, 1, i))
+            goto err;
+    }
+    ret = 1;
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        if (ctx_passed == NULL)
+            BN_CTX_free(ctx);
+    }
+    if (mont != NULL)
+        BN_MONT_CTX_free(mont);
+
+    return (ret);
+}
 
 static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1,
-	const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont)
-	{
-	if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
-		return -1;
-	if (BN_is_one(w))
-		return 0; /* probably prime */
-	if (BN_cmp(w, a1) == 0)
-		return 0; /* w == -1 (mod a),  'a' is probably prime */
-	while (--k)
-		{
-		if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
-			return -1;
-		if (BN_is_one(w))
-			return 1; /* 'a' is composite, otherwise a previous 'w' would
-			           * have been == -1 (mod 'a') */
-		if (BN_cmp(w, a1) == 0)
-			return 0; /* w == -1 (mod a), 'a' is probably prime */
-		}
-	/* If we get here, 'w' is the (a-1)/2-th power of the original 'w',
-	 * and it is neither -1 nor +1 -- so 'a' cannot be prime */
-	bn_check_top(w);
-	return 1;
-	}
+                   const BIGNUM *a1_odd, int k, BN_CTX *ctx,
+                   BN_MONT_CTX *mont)
+{
+    if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */
+        return -1;
+    if (BN_is_one(w))
+        return 0;               /* probably prime */
+    if (BN_cmp(w, a1) == 0)
+        return 0;               /* w == -1 (mod a), 'a' is probably prime */
+    while (--k) {
+        if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */
+            return -1;
+        if (BN_is_one(w))
+            return 1;           /* 'a' is composite, otherwise a previous 'w'
+                                 * would have been == -1 (mod 'a') */
+        if (BN_cmp(w, a1) == 0)
+            return 0;           /* w == -1 (mod a), 'a' is probably prime */
+    }
+    /*
+     * If we get here, 'w' is the (a-1)/2-th power of the original 'w', and
+     * it is neither -1 nor +1 -- so 'a' cannot be prime
+     */
+    bn_check_top(w);
+    return 1;
+}
 
 static int probable_prime(BIGNUM *rnd, int bits)
-	{
-	int i;
-	prime_t mods[NUMPRIMES];
-	BN_ULONG delta,maxdelta;
-
-again:
-	if (!BN_rand(rnd,bits,1,1)) return(0);
-	/* we now have a random number 'rand' to test. */
-	for (i=1; i<NUMPRIMES; i++)
-		mods[i]=(prime_t)BN_mod_word(rnd,(BN_ULONG)primes[i]);
-	maxdelta=BN_MASK2 - primes[NUMPRIMES-1];
-	delta=0;
-	loop: for (i=1; i<NUMPRIMES; i++)
-		{
-		/* check that rnd is not a prime and also
-		 * that gcd(rnd-1,primes) == 1 (except for 2) */
-		if (((mods[i]+delta)%primes[i]) <= 1)
-			{
-			delta+=2;
-			if (delta > maxdelta) goto again;
-			goto loop;
-			}
-		}
-	if (!BN_add_word(rnd,delta)) return(0);
-	bn_check_top(rnd);
-	return(1);
-	}
+{
+    int i;
+    prime_t mods[NUMPRIMES];
+    BN_ULONG delta, maxdelta;
+
+ again:
+    if (!BN_rand(rnd, bits, 1, 1))
+        return (0);
+    /* we now have a random number 'rand' to test. */
+    for (i = 1; i < NUMPRIMES; i++)
+        mods[i] = (prime_t) BN_mod_word(rnd, (BN_ULONG)primes[i]);
+    maxdelta = BN_MASK2 - primes[NUMPRIMES - 1];
+    delta = 0;
+ loop:for (i = 1; i < NUMPRIMES; i++) {
+        /*
+         * check that rnd is not a prime and also that gcd(rnd-1,primes) == 1
+         * (except for 2)
+         */
+        if (((mods[i] + delta) % primes[i]) <= 1) {
+            delta += 2;
+            if (delta > maxdelta)
+                goto again;
+            goto loop;
+        }
+    }
+    if (!BN_add_word(rnd, delta))
+        return (0);
+    bn_check_top(rnd);
+    return (1);
+}
 
 static int probable_prime_dh(BIGNUM *rnd, int bits,
-	const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx)
-	{
-	int i,ret=0;
-	BIGNUM *t1;
-
-	BN_CTX_start(ctx);
-	if ((t1 = BN_CTX_get(ctx)) == NULL) goto err;
-
-	if (!BN_rand(rnd,bits,0,1)) goto err;
-
-	/* we need ((rnd-rem) % add) == 0 */
-
-	if (!BN_mod(t1,rnd,add,ctx)) goto err;
-	if (!BN_sub(rnd,rnd,t1)) goto err;
-	if (rem == NULL)
-		{ if (!BN_add_word(rnd,1)) goto err; }
-	else
-		{ if (!BN_add(rnd,rnd,rem)) goto err; }
-
-	/* we now have a random number 'rand' to test. */
-
-	loop: for (i=1; i<NUMPRIMES; i++)
-		{
-		/* check that rnd is a prime */
-		if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1)
-			{
-			if (!BN_add(rnd,rnd,add)) goto err;
-			goto loop;
-			}
-		}
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	bn_check_top(rnd);
-	return(ret);
-	}
+                             const BIGNUM *add, const BIGNUM *rem,
+                             BN_CTX *ctx)
+{
+    int i, ret = 0;
+    BIGNUM *t1;
+
+    BN_CTX_start(ctx);
+    if ((t1 = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_rand(rnd, bits, 0, 1))
+        goto err;
+
+    /* we need ((rnd-rem) % add) == 0 */
+
+    if (!BN_mod(t1, rnd, add, ctx))
+        goto err;
+    if (!BN_sub(rnd, rnd, t1))
+        goto err;
+    if (rem == NULL) {
+        if (!BN_add_word(rnd, 1))
+            goto err;
+    } else {
+        if (!BN_add(rnd, rnd, rem))
+            goto err;
+    }
+
+    /* we now have a random number 'rand' to test. */
+
+ loop:for (i = 1; i < NUMPRIMES; i++) {
+        /* check that rnd is a prime */
+        if (BN_mod_word(rnd, (BN_ULONG)primes[i]) <= 1) {
+            if (!BN_add(rnd, rnd, add))
+                goto err;
+            goto loop;
+        }
+    }
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(rnd);
+    return (ret);
+}
 
 static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
-	const BIGNUM *rem, BN_CTX *ctx)
-	{
-	int i,ret=0;
-	BIGNUM *t1,*qadd,*q;
-
-	bits--;
-	BN_CTX_start(ctx);
-	t1 = BN_CTX_get(ctx);
-	q = BN_CTX_get(ctx);
-	qadd = BN_CTX_get(ctx);
-	if (qadd == NULL) goto err;
-
-	if (!BN_rshift1(qadd,padd)) goto err;
-		
-	if (!BN_rand(q,bits,0,1)) goto err;
-
-	/* we need ((rnd-rem) % add) == 0 */
-	if (!BN_mod(t1,q,qadd,ctx)) goto err;
-	if (!BN_sub(q,q,t1)) goto err;
-	if (rem == NULL)
-		{ if (!BN_add_word(q,1)) goto err; }
-	else
-		{
-		if (!BN_rshift1(t1,rem)) goto err;
-		if (!BN_add(q,q,t1)) goto err;
-		}
-
-	/* we now have a random number 'rand' to test. */
-	if (!BN_lshift1(p,q)) goto err;
-	if (!BN_add_word(p,1)) goto err;
-
-	loop: for (i=1; i<NUMPRIMES; i++)
-		{
-		/* check that p and q are prime */
-		/* check that for p and q
-		 * gcd(p-1,primes) == 1 (except for 2) */
-		if (	(BN_mod_word(p,(BN_ULONG)primes[i]) == 0) ||
-			(BN_mod_word(q,(BN_ULONG)primes[i]) == 0))
-			{
-			if (!BN_add(p,p,padd)) goto err;
-			if (!BN_add(q,q,qadd)) goto err;
-			goto loop;
-			}
-		}
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	bn_check_top(p);
-	return(ret);
-	}
+                                  const BIGNUM *rem, BN_CTX *ctx)
+{
+    int i, ret = 0;
+    BIGNUM *t1, *qadd, *q;
+
+    bits--;
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    q = BN_CTX_get(ctx);
+    qadd = BN_CTX_get(ctx);
+    if (qadd == NULL)
+        goto err;
+
+    if (!BN_rshift1(qadd, padd))
+        goto err;
+
+    if (!BN_rand(q, bits, 0, 1))
+        goto err;
+
+    /* we need ((rnd-rem) % add) == 0 */
+    if (!BN_mod(t1, q, qadd, ctx))
+        goto err;
+    if (!BN_sub(q, q, t1))
+        goto err;
+    if (rem == NULL) {
+        if (!BN_add_word(q, 1))
+            goto err;
+    } else {
+        if (!BN_rshift1(t1, rem))
+            goto err;
+        if (!BN_add(q, q, t1))
+            goto err;
+    }
+
+    /* we now have a random number 'rand' to test. */
+    if (!BN_lshift1(p, q))
+        goto err;
+    if (!BN_add_word(p, 1))
+        goto err;
+
+ loop:for (i = 1; i < NUMPRIMES; i++) {
+        /* check that p and q are prime */
+        /*
+         * check that for p and q gcd(p-1,primes) == 1 (except for 2)
+         */
+        if ((BN_mod_word(p, (BN_ULONG)primes[i]) == 0) ||
+            (BN_mod_word(q, (BN_ULONG)primes[i]) == 0)) {
+            if (!BN_add(p, p, padd))
+                goto err;
+            if (!BN_add(q, q, qadd))
+                goto err;
+            goto loop;
+        }
+    }
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(p);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_print.c b/Cryptlib/OpenSSL/crypto/bn/bn_print.c
index 810dde34..15bc51af 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_print.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_print.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,277 +62,286 @@
 #include <openssl/buffer.h>
 #include "bn_lcl.h"
 
-static const char Hex[]="0123456789ABCDEF";
+static const char Hex[] = "0123456789ABCDEF";
 
 /* Must 'OPENSSL_free' the returned data */
 char *BN_bn2hex(const BIGNUM *a)
-	{
-	int i,j,v,z=0;
-	char *buf;
-	char *p;
+{
+    int i, j, v, z = 0;
+    char *buf;
+    char *p;
 
-	buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2);
-	if (buf == NULL)
-		{
-		BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	p=buf;
-	if (a->neg) *(p++)='-';
-	if (BN_is_zero(a)) *(p++)='0';
-	for (i=a->top-1; i >=0; i--)
-		{
-		for (j=BN_BITS2-8; j >= 0; j-=8)
-			{
-			/* strip leading zeros */
-			v=((int)(a->d[i]>>(long)j))&0xff;
-			if (z || (v != 0))
-				{
-				*(p++)=Hex[v>>4];
-				*(p++)=Hex[v&0x0f];
-				z=1;
-				}
-			}
-		}
-	*p='\0';
-err:
-	return(buf);
-	}
+    buf = (char *)OPENSSL_malloc(a->top * BN_BYTES * 2 + 2);
+    if (buf == NULL) {
+        BNerr(BN_F_BN_BN2HEX, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = buf;
+    if (a->neg)
+        *(p++) = '-';
+    if (BN_is_zero(a))
+        *(p++) = '0';
+    for (i = a->top - 1; i >= 0; i--) {
+        for (j = BN_BITS2 - 8; j >= 0; j -= 8) {
+            /* strip leading zeros */
+            v = ((int)(a->d[i] >> (long)j)) & 0xff;
+            if (z || (v != 0)) {
+                *(p++) = Hex[v >> 4];
+                *(p++) = Hex[v & 0x0f];
+                z = 1;
+            }
+        }
+    }
+    *p = '\0';
+ err:
+    return (buf);
+}
 
 /* Must 'OPENSSL_free' the returned data */
 char *BN_bn2dec(const BIGNUM *a)
-	{
-	int i=0,num, ok = 0;
-	char *buf=NULL;
-	char *p;
-	BIGNUM *t=NULL;
-	BN_ULONG *bn_data=NULL,*lp;
+{
+    int i = 0, num, ok = 0;
+    char *buf = NULL;
+    char *p;
+    BIGNUM *t = NULL;
+    BN_ULONG *bn_data = NULL, *lp;
 
-	/* get an upper bound for the length of the decimal integer
-	 * num <= (BN_num_bits(a) + 1) * log(2)
-	 *     <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1     (rounding error)
-	 *     <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1 
-	 */
-	i=BN_num_bits(a)*3;
-	num=(i/10+i/1000+1)+1;
-	bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG));
-	buf=(char *)OPENSSL_malloc(num+3);
-	if ((buf == NULL) || (bn_data == NULL))
-		{
-		BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	if ((t=BN_dup(a)) == NULL) goto err;
+    /*-
+     * get an upper bound for the length of the decimal integer
+     * num <= (BN_num_bits(a) + 1) * log(2)
+     *     <= 3 * BN_num_bits(a) * 0.1001 + log(2) + 1     (rounding error)
+     *     <= BN_num_bits(a)/10 + BN_num_bits/1000 + 1 + 1
+     */
+    i = BN_num_bits(a) * 3;
+    num = (i / 10 + i / 1000 + 1) + 1;
+    bn_data =
+        (BN_ULONG *)OPENSSL_malloc((num / BN_DEC_NUM + 1) * sizeof(BN_ULONG));
+    buf = (char *)OPENSSL_malloc(num + 3);
+    if ((buf == NULL) || (bn_data == NULL)) {
+        BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if ((t = BN_dup(a)) == NULL)
+        goto err;
 
 #define BUF_REMAIN (num+3 - (size_t)(p - buf))
-	p=buf;
-	lp=bn_data;
-	if (BN_is_zero(t))
-		{
-		*(p++)='0';
-		*(p++)='\0';
-		}
-	else
-		{
-		if (BN_is_negative(t))
-			*p++ = '-';
+    p = buf;
+    lp = bn_data;
+    if (BN_is_zero(t)) {
+        *(p++) = '0';
+        *(p++) = '\0';
+    } else {
+        if (BN_is_negative(t))
+            *p++ = '-';
 
-		i=0;
-		while (!BN_is_zero(t))
-			{
-			*lp=BN_div_word(t,BN_DEC_CONV);
-			lp++;
-			}
-		lp--;
-		/* We now have a series of blocks, BN_DEC_NUM chars
-		 * in length, where the last one needs truncation.
-		 * The blocks need to be reversed in order. */
-		BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT1,*lp);
-		while (*p) p++;
-		while (lp != bn_data)
-			{
-			lp--;
-			BIO_snprintf(p,BUF_REMAIN,BN_DEC_FMT2,*lp);
-			while (*p) p++;
-			}
-		}
-	ok = 1;
-err:
-	if (bn_data != NULL) OPENSSL_free(bn_data);
-	if (t != NULL) BN_free(t);
-	if (!ok && buf)
-		{
-		OPENSSL_free(buf);
-		buf = NULL;
-		}
+        i = 0;
+        while (!BN_is_zero(t)) {
+            *lp = BN_div_word(t, BN_DEC_CONV);
+            lp++;
+        }
+        lp--;
+        /*
+         * We now have a series of blocks, BN_DEC_NUM chars in length, where
+         * the last one needs truncation. The blocks need to be reversed in
+         * order.
+         */
+        BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT1, *lp);
+        while (*p)
+            p++;
+        while (lp != bn_data) {
+            lp--;
+            BIO_snprintf(p, BUF_REMAIN, BN_DEC_FMT2, *lp);
+            while (*p)
+                p++;
+        }
+    }
+    ok = 1;
+ err:
+    if (bn_data != NULL)
+        OPENSSL_free(bn_data);
+    if (t != NULL)
+        BN_free(t);
+    if (!ok && buf) {
+        OPENSSL_free(buf);
+        buf = NULL;
+    }
 
-	return(buf);
-	}
+    return (buf);
+}
 
 int BN_hex2bn(BIGNUM **bn, const char *a)
-	{
-	BIGNUM *ret=NULL;
-	BN_ULONG l=0;
-	int neg=0,h,m,i,j,k,c;
-	int num;
+{
+    BIGNUM *ret = NULL;
+    BN_ULONG l = 0;
+    int neg = 0, h, m, i, j, k, c;
+    int num;
 
-	if ((a == NULL) || (*a == '\0')) return(0);
+    if ((a == NULL) || (*a == '\0'))
+        return (0);
 
-	if (*a == '-') { neg=1; a++; }
+    if (*a == '-') {
+        neg = 1;
+        a++;
+    }
 
-	for (i=0; isxdigit((unsigned char) a[i]); i++)
-		;
+    for (i = 0; isxdigit((unsigned char)a[i]); i++) ;
 
-	num=i+neg;
-	if (bn == NULL) return(num);
+    num = i + neg;
+    if (bn == NULL)
+        return (num);
 
-	/* a is the start of the hex digits, and it is 'i' long */
-	if (*bn == NULL)
-		{
-		if ((ret=BN_new()) == NULL) return(0);
-		}
-	else
-		{
-		ret= *bn;
-		BN_zero(ret);
-		}
+    /* a is the start of the hex digits, and it is 'i' long */
+    if (*bn == NULL) {
+        if ((ret = BN_new()) == NULL)
+            return (0);
+    } else {
+        ret = *bn;
+        BN_zero(ret);
+    }
 
-	/* i is the number of hex digests; */
-	if (bn_expand(ret,i*4) == NULL) goto err;
+    /* i is the number of hex digests; */
+    if (bn_expand(ret, i * 4) == NULL)
+        goto err;
 
-	j=i; /* least significant 'hex' */
-	m=0;
-	h=0;
-	while (j > 0)
-		{
-		m=((BN_BYTES*2) <= j)?(BN_BYTES*2):j;
-		l=0;
-		for (;;)
-			{
-			c=a[j-m];
-			if ((c >= '0') && (c <= '9')) k=c-'0';
-			else if ((c >= 'a') && (c <= 'f')) k=c-'a'+10;
-			else if ((c >= 'A') && (c <= 'F')) k=c-'A'+10;
-			else k=0; /* paranoia */
-			l=(l<<4)|k;
+    j = i;                      /* least significant 'hex' */
+    m = 0;
+    h = 0;
+    while (j > 0) {
+        m = ((BN_BYTES * 2) <= j) ? (BN_BYTES * 2) : j;
+        l = 0;
+        for (;;) {
+            c = a[j - m];
+            if ((c >= '0') && (c <= '9'))
+                k = c - '0';
+            else if ((c >= 'a') && (c <= 'f'))
+                k = c - 'a' + 10;
+            else if ((c >= 'A') && (c <= 'F'))
+                k = c - 'A' + 10;
+            else
+                k = 0;          /* paranoia */
+            l = (l << 4) | k;
 
-			if (--m <= 0)
-				{
-				ret->d[h++]=l;
-				break;
-				}
-			}
-		j-=(BN_BYTES*2);
-		}
-	ret->top=h;
-	bn_correct_top(ret);
-	ret->neg=neg;
+            if (--m <= 0) {
+                ret->d[h++] = l;
+                break;
+            }
+        }
+        j -= (BN_BYTES * 2);
+    }
+    ret->top = h;
+    bn_correct_top(ret);
+    ret->neg = neg;
 
-	*bn=ret;
-	bn_check_top(ret);
-	return(num);
-err:
-	if (*bn == NULL) BN_free(ret);
-	return(0);
-	}
+    *bn = ret;
+    bn_check_top(ret);
+    return (num);
+ err:
+    if (*bn == NULL)
+        BN_free(ret);
+    return (0);
+}
 
 int BN_dec2bn(BIGNUM **bn, const char *a)
-	{
-	BIGNUM *ret=NULL;
-	BN_ULONG l=0;
-	int neg=0,i,j;
-	int num;
+{
+    BIGNUM *ret = NULL;
+    BN_ULONG l = 0;
+    int neg = 0, i, j;
+    int num;
 
-	if ((a == NULL) || (*a == '\0')) return(0);
-	if (*a == '-') { neg=1; a++; }
+    if ((a == NULL) || (*a == '\0'))
+        return (0);
+    if (*a == '-') {
+        neg = 1;
+        a++;
+    }
 
-	for (i=0; isdigit((unsigned char) a[i]); i++)
-		;
+    for (i = 0; isdigit((unsigned char)a[i]); i++) ;
 
-	num=i+neg;
-	if (bn == NULL) return(num);
+    num = i + neg;
+    if (bn == NULL)
+        return (num);
 
-	/* a is the start of the digits, and it is 'i' long.
-	 * We chop it into BN_DEC_NUM digits at a time */
-	if (*bn == NULL)
-		{
-		if ((ret=BN_new()) == NULL) return(0);
-		}
-	else
-		{
-		ret= *bn;
-		BN_zero(ret);
-		}
+    /*
+     * a is the start of the digits, and it is 'i' long. We chop it into
+     * BN_DEC_NUM digits at a time
+     */
+    if (*bn == NULL) {
+        if ((ret = BN_new()) == NULL)
+            return (0);
+    } else {
+        ret = *bn;
+        BN_zero(ret);
+    }
 
-	/* i is the number of digests, a bit of an over expand; */
-	if (bn_expand(ret,i*4) == NULL) goto err;
+    /* i is the number of digests, a bit of an over expand; */
+    if (bn_expand(ret, i * 4) == NULL)
+        goto err;
 
-	j=BN_DEC_NUM-(i%BN_DEC_NUM);
-	if (j == BN_DEC_NUM) j=0;
-	l=0;
-	while (*a)
-		{
-		l*=10;
-		l+= *a-'0';
-		a++;
-		if (++j == BN_DEC_NUM)
-			{
-			BN_mul_word(ret,BN_DEC_CONV);
-			BN_add_word(ret,l);
-			l=0;
-			j=0;
-			}
-		}
-	ret->neg=neg;
+    j = BN_DEC_NUM - (i % BN_DEC_NUM);
+    if (j == BN_DEC_NUM)
+        j = 0;
+    l = 0;
+    while (*a) {
+        l *= 10;
+        l += *a - '0';
+        a++;
+        if (++j == BN_DEC_NUM) {
+            BN_mul_word(ret, BN_DEC_CONV);
+            BN_add_word(ret, l);
+            l = 0;
+            j = 0;
+        }
+    }
+    ret->neg = neg;
 
-	bn_correct_top(ret);
-	*bn=ret;
-	bn_check_top(ret);
-	return(num);
-err:
-	if (*bn == NULL) BN_free(ret);
-	return(0);
-	}
+    bn_correct_top(ret);
+    *bn = ret;
+    bn_check_top(ret);
+    return (num);
+ err:
+    if (*bn == NULL)
+        BN_free(ret);
+    return (0);
+}
 
 #ifndef OPENSSL_NO_BIO
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 int BN_print_fp(FILE *fp, const BIGNUM *a)
-	{
-	BIO *b;
-	int ret;
+{
+    BIO *b;
+    int ret;
 
-	if ((b=BIO_new(BIO_s_file())) == NULL)
-		return(0);
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	ret=BN_print(b,a);
-	BIO_free(b);
-	return(ret);
-	}
-#endif
+    if ((b = BIO_new(BIO_s_file())) == NULL)
+        return (0);
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = BN_print(b, a);
+    BIO_free(b);
+    return (ret);
+}
+# endif
 
 int BN_print(BIO *bp, const BIGNUM *a)
-	{
-	int i,j,v,z=0;
-	int ret=0;
+{
+    int i, j, v, z = 0;
+    int ret = 0;
 
-	if ((a->neg) && (BIO_write(bp,"-",1) != 1)) goto end;
-	if (BN_is_zero(a) && (BIO_write(bp,"0",1) != 1)) goto end;
-	for (i=a->top-1; i >=0; i--)
-		{
-		for (j=BN_BITS2-4; j >= 0; j-=4)
-			{
-			/* strip leading zeros */
-			v=((int)(a->d[i]>>(long)j))&0x0f;
-			if (z || (v != 0))
-				{
-				if (BIO_write(bp,&(Hex[v]),1) != 1)
-					goto end;
-				z=1;
-				}
-			}
-		}
-	ret=1;
-end:
-	return(ret);
-	}
+    if ((a->neg) && (BIO_write(bp, "-", 1) != 1))
+        goto end;
+    if (BN_is_zero(a) && (BIO_write(bp, "0", 1) != 1))
+        goto end;
+    for (i = a->top - 1; i >= 0; i--) {
+        for (j = BN_BITS2 - 4; j >= 0; j -= 4) {
+            /* strip leading zeros */
+            v = ((int)(a->d[i] >> (long)j)) & 0x0f;
+            if (z || (v != 0)) {
+                if (BIO_write(bp, &(Hex[v]), 1) != 1)
+                    goto end;
+                z = 1;
+            }
+        }
+    }
+    ret = 1;
+ end:
+    return (ret);
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c
index b376c28f..7ac71ec8 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -116,190 +116,174 @@
 #include <openssl/rand.h>
 
 static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom)
-	{
-	unsigned char *buf=NULL;
-	int ret=0,bit,bytes,mask;
-	time_t tim;
+{
+    unsigned char *buf = NULL;
+    int ret = 0, bit, bytes, mask;
+    time_t tim;
 
-	if (bits == 0)
-		{
-		BN_zero(rnd);
-		return 1;
-		}
+    if (bits == 0) {
+        BN_zero(rnd);
+        return 1;
+    }
 
-	bytes=(bits+7)/8;
-	bit=(bits-1)%8;
-	mask=0xff<<(bit+1);
+    bytes = (bits + 7) / 8;
+    bit = (bits - 1) % 8;
+    mask = 0xff << (bit + 1);
 
-	buf=(unsigned char *)OPENSSL_malloc(bytes);
-	if (buf == NULL)
-		{
-		BNerr(BN_F_BNRAND,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
+    buf = (unsigned char *)OPENSSL_malloc(bytes);
+    if (buf == NULL) {
+        BNerr(BN_F_BNRAND, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
-	/* make a random number and set the top and bottom bits */
-	time(&tim);
-	RAND_add(&tim,sizeof(tim),0.0);
+    /* make a random number and set the top and bottom bits */
+    time(&tim);
+    RAND_add(&tim, sizeof(tim), 0.0);
 
-	if (pseudorand)
-		{
-		if (RAND_pseudo_bytes(buf, bytes) == -1)
-			goto err;
-		}
-	else
-		{
-		if (RAND_bytes(buf, bytes) <= 0)
-			goto err;
-		}
+    if (pseudorand) {
+        if (RAND_pseudo_bytes(buf, bytes) == -1)
+            goto err;
+    } else {
+        if (RAND_bytes(buf, bytes) <= 0)
+            goto err;
+    }
 
 #if 1
-	if (pseudorand == 2)
-		{
-		/* generate patterns that are more likely to trigger BN
-		   library bugs */
-		int i;
-		unsigned char c;
+    if (pseudorand == 2) {
+        /*
+         * generate patterns that are more likely to trigger BN library bugs
+         */
+        int i;
+        unsigned char c;
 
-		for (i = 0; i < bytes; i++)
-			{
-			RAND_pseudo_bytes(&c, 1);
-			if (c >= 128 && i > 0)
-				buf[i] = buf[i-1];
-			else if (c < 42)
-				buf[i] = 0;
-			else if (c < 84)
-				buf[i] = 255;
-			}
-		}
+        for (i = 0; i < bytes; i++) {
+            RAND_pseudo_bytes(&c, 1);
+            if (c >= 128 && i > 0)
+                buf[i] = buf[i - 1];
+            else if (c < 42)
+                buf[i] = 0;
+            else if (c < 84)
+                buf[i] = 255;
+        }
+    }
 #endif
 
-	if (top != -1)
-		{
-		if (top)
-			{
-			if (bit == 0)
-				{
-				buf[0]=1;
-				buf[1]|=0x80;
-				}
-			else
-				{
-				buf[0]|=(3<<(bit-1));
-				}
-			}
-		else
-			{
-			buf[0]|=(1<<bit);
-			}
-		}
-	buf[0] &= ~mask;
-	if (bottom) /* set bottom bit if requested */
-		buf[bytes-1]|=1;
-	if (!BN_bin2bn(buf,bytes,rnd)) goto err;
-	ret=1;
-err:
-	if (buf != NULL)
-		{
-		OPENSSL_cleanse(buf,bytes);
-		OPENSSL_free(buf);
-		}
-	bn_check_top(rnd);
-	return(ret);
-	}
+    if (top != -1) {
+        if (top) {
+            if (bit == 0) {
+                buf[0] = 1;
+                buf[1] |= 0x80;
+            } else {
+                buf[0] |= (3 << (bit - 1));
+            }
+        } else {
+            buf[0] |= (1 << bit);
+        }
+    }
+    buf[0] &= ~mask;
+    if (bottom)                 /* set bottom bit if requested */
+        buf[bytes - 1] |= 1;
+    if (!BN_bin2bn(buf, bytes, rnd))
+        goto err;
+    ret = 1;
+ err:
+    if (buf != NULL) {
+        OPENSSL_cleanse(buf, bytes);
+        OPENSSL_free(buf);
+    }
+    bn_check_top(rnd);
+    return (ret);
+}
 
-int     BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
-	{
-	return bnrand(0, rnd, bits, top, bottom);
-	}
+int BN_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(0, rnd, bits, top, bottom);
+}
 
-int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
-	{
-	return bnrand(1, rnd, bits, top, bottom);
-	}
+int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(1, rnd, bits, top, bottom);
+}
 
 #if 1
-int     BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
-	{
-	return bnrand(2, rnd, bits, top, bottom);
-	}
+int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom)
+{
+    return bnrand(2, rnd, bits, top, bottom);
+}
 #endif
 
-
 /* random number r:  0 <= r < range */
 static int bn_rand_range(int pseudo, BIGNUM *r, const BIGNUM *range)
-	{
-	int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
-	int n;
-	int count = 100;
+{
+    int (*bn_rand) (BIGNUM *, int, int, int) =
+        pseudo ? BN_pseudo_rand : BN_rand;
+    int n;
+    int count = 100;
 
-	if (range->neg || BN_is_zero(range))
-		{
-		BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
-		return 0;
-		}
+    if (range->neg || BN_is_zero(range)) {
+        BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE);
+        return 0;
+    }
 
-	n = BN_num_bits(range); /* n > 0 */
+    n = BN_num_bits(range);     /* n > 0 */
 
-	/* BN_is_bit_set(range, n - 1) always holds */
+    /* BN_is_bit_set(range, n - 1) always holds */
 
-	if (n == 1)
-		BN_zero(r);
-	else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
-		{
-		/* range = 100..._2,
-		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
-		do
-			{
-			if (!bn_rand(r, n + 1, -1, 0)) return 0;
-			/* If  r < 3*range,  use  r := r MOD range
-			 * (which is either  r, r - range,  or  r - 2*range).
-			 * Otherwise, iterate once more.
-			 * Since  3*range = 11..._2, each iteration succeeds with
-			 * probability >= .75. */
-			if (BN_cmp(r ,range) >= 0)
-				{
-				if (!BN_sub(r, r, range)) return 0;
-				if (BN_cmp(r, range) >= 0)
-					if (!BN_sub(r, r, range)) return 0;
-				}
+    if (n == 1)
+        BN_zero(r);
+    else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) {
+        /*
+         * range = 100..._2, so 3*range (= 11..._2) is exactly one bit longer
+         * than range
+         */
+        do {
+            if (!bn_rand(r, n + 1, -1, 0))
+                return 0;
+            /*
+             * If r < 3*range, use r := r MOD range (which is either r, r -
+             * range, or r - 2*range). Otherwise, iterate once more. Since
+             * 3*range = 11..._2, each iteration succeeds with probability >=
+             * .75.
+             */
+            if (BN_cmp(r, range) >= 0) {
+                if (!BN_sub(r, r, range))
+                    return 0;
+                if (BN_cmp(r, range) >= 0)
+                    if (!BN_sub(r, r, range))
+                        return 0;
+            }
 
-			if (!--count)
-				{
-				BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
-				return 0;
-				}
-			
-			}
-		while (BN_cmp(r, range) >= 0);
-		}
-	else
-		{
-		do
-			{
-			/* range = 11..._2  or  range = 101..._2 */
-			if (!bn_rand(r, n, -1, 0)) return 0;
+            if (!--count) {
+                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                return 0;
+            }
 
-			if (!--count)
-				{
-				BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
-				return 0;
-				}
-			}
-		while (BN_cmp(r, range) >= 0);
-		}
+        }
+        while (BN_cmp(r, range) >= 0);
+    } else {
+        do {
+            /* range = 11..._2  or  range = 101..._2 */
+            if (!bn_rand(r, n, -1, 0))
+                return 0;
 
-	bn_check_top(r);
-	return 1;
-	}
+            if (!--count) {
+                BNerr(BN_F_BN_RAND_RANGE, BN_R_TOO_MANY_ITERATIONS);
+                return 0;
+            }
+        }
+        while (BN_cmp(r, range) >= 0);
+    }
 
+    bn_check_top(r);
+    return 1;
+}
 
-int	BN_rand_range(BIGNUM *r, const BIGNUM *range)
-	{
-	return bn_rand_range(0, r, range);
-	}
+int BN_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return bn_rand_range(0, r, range);
+}
 
-int	BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
-	{
-	return bn_rand_range(1, r, range);
-	}
+int BN_pseudo_rand_range(BIGNUM *r, const BIGNUM *range)
+{
+    return bn_rand_range(1, r, range);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c
index 2e8efb8d..6826f93b 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,174 +61,189 @@
 #include "bn_lcl.h"
 
 void BN_RECP_CTX_init(BN_RECP_CTX *recp)
-	{
-	BN_init(&(recp->N));
-	BN_init(&(recp->Nr));
-	recp->num_bits=0;
-	recp->flags=0;
-	}
+{
+    BN_init(&(recp->N));
+    BN_init(&(recp->Nr));
+    recp->num_bits = 0;
+    recp->flags = 0;
+}
 
 BN_RECP_CTX *BN_RECP_CTX_new(void)
-	{
-	BN_RECP_CTX *ret;
+{
+    BN_RECP_CTX *ret;
 
-	if ((ret=(BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)
-		return(NULL);
+    if ((ret = (BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL)
+        return (NULL);
 
-	BN_RECP_CTX_init(ret);
-	ret->flags=BN_FLG_MALLOCED;
-	return(ret);
-	}
+    BN_RECP_CTX_init(ret);
+    ret->flags = BN_FLG_MALLOCED;
+    return (ret);
+}
 
 void BN_RECP_CTX_free(BN_RECP_CTX *recp)
-	{
-	if(recp == NULL)
-	    return;
+{
+    if (recp == NULL)
+        return;
 
-	BN_free(&(recp->N));
-	BN_free(&(recp->Nr));
-	if (recp->flags & BN_FLG_MALLOCED)
-		OPENSSL_free(recp);
-	}
+    BN_free(&(recp->N));
+    BN_free(&(recp->Nr));
+    if (recp->flags & BN_FLG_MALLOCED)
+        OPENSSL_free(recp);
+}
 
 int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx)
-	{
-	if (!BN_copy(&(recp->N),d)) return 0;
-	BN_zero(&(recp->Nr));
-	recp->num_bits=BN_num_bits(d);
-	recp->shift=0;
-	return(1);
-	}
+{
+    if (!BN_copy(&(recp->N), d))
+        return 0;
+    BN_zero(&(recp->Nr));
+    recp->num_bits = BN_num_bits(d);
+    recp->shift = 0;
+    return (1);
+}
 
 int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y,
-	BN_RECP_CTX *recp, BN_CTX *ctx)
-	{
-	int ret=0;
-	BIGNUM *a;
-	const BIGNUM *ca;
-
-	BN_CTX_start(ctx);
-	if ((a = BN_CTX_get(ctx)) == NULL) goto err;
-	if (y != NULL)
-		{
-		if (x == y)
-			{ if (!BN_sqr(a,x,ctx)) goto err; }
-		else
-			{ if (!BN_mul(a,x,y,ctx)) goto err; }
-		ca = a;
-		}
-	else
-		ca=x; /* Just do the mod */
-
-	ret = BN_div_recp(NULL,r,ca,recp,ctx);
-err:
-	BN_CTX_end(ctx);
-	bn_check_top(r);
-	return(ret);
-	}
+                          BN_RECP_CTX *recp, BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *a;
+    const BIGNUM *ca;
+
+    BN_CTX_start(ctx);
+    if ((a = BN_CTX_get(ctx)) == NULL)
+        goto err;
+    if (y != NULL) {
+        if (x == y) {
+            if (!BN_sqr(a, x, ctx))
+                goto err;
+        } else {
+            if (!BN_mul(a, x, y, ctx))
+                goto err;
+        }
+        ca = a;
+    } else
+        ca = x;                 /* Just do the mod */
+
+    ret = BN_div_recp(NULL, r, ca, recp, ctx);
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(r);
+    return (ret);
+}
 
 int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
-	BN_RECP_CTX *recp, BN_CTX *ctx)
-	{
-	int i,j,ret=0;
-	BIGNUM *a,*b,*d,*r;
-
-	BN_CTX_start(ctx);
-	a=BN_CTX_get(ctx);
-	b=BN_CTX_get(ctx);
-	if (dv != NULL)
-		d=dv;
-	else
-		d=BN_CTX_get(ctx);
-	if (rem != NULL)
-		r=rem;
-	else
-		r=BN_CTX_get(ctx);
-	if (a == NULL || b == NULL || d == NULL || r == NULL) goto err;
-
-	if (BN_ucmp(m,&(recp->N)) < 0)
-		{
-		BN_zero(d);
-		if (!BN_copy(r,m)) return 0;
-		BN_CTX_end(ctx);
-		return(1);
-		}
-
-	/* We want the remainder
-	 * Given input of ABCDEF / ab
-	 * we need multiply ABCDEF by 3 digests of the reciprocal of ab
-	 *
-	 */
-
-	/* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
-	i=BN_num_bits(m);
-	j=recp->num_bits<<1;
-	if (j>i) i=j;
-
-	/* Nr := round(2^i / N) */
-	if (i != recp->shift)
-		recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N),
-			i,ctx); /* BN_reciprocal returns i, or -1 for an error */
-	if (recp->shift == -1) goto err;
-
-	/* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
-	 *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
-	 *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
-	 *    = |m/N|
-	 */
-	if (!BN_rshift(a,m,recp->num_bits)) goto err;
-	if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err;
-	if (!BN_rshift(d,b,i-recp->num_bits)) goto err;
-	d->neg=0;
-
-	if (!BN_mul(b,&(recp->N),d,ctx)) goto err;
-	if (!BN_usub(r,m,b)) goto err;
-	r->neg=0;
+                BN_RECP_CTX *recp, BN_CTX *ctx)
+{
+    int i, j, ret = 0;
+    BIGNUM *a, *b, *d, *r;
+
+    BN_CTX_start(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    if (dv != NULL)
+        d = dv;
+    else
+        d = BN_CTX_get(ctx);
+    if (rem != NULL)
+        r = rem;
+    else
+        r = BN_CTX_get(ctx);
+    if (a == NULL || b == NULL || d == NULL || r == NULL)
+        goto err;
+
+    if (BN_ucmp(m, &(recp->N)) < 0) {
+        BN_zero(d);
+        if (!BN_copy(r, m))
+            return 0;
+        BN_CTX_end(ctx);
+        return (1);
+    }
+
+    /*
+     * We want the remainder Given input of ABCDEF / ab we need multiply
+     * ABCDEF by 3 digests of the reciprocal of ab
+     */
+
+    /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */
+    i = BN_num_bits(m);
+    j = recp->num_bits << 1;
+    if (j > i)
+        i = j;
+
+    /* Nr := round(2^i / N) */
+    if (i != recp->shift)
+        recp->shift = BN_reciprocal(&(recp->Nr), &(recp->N), i, ctx);
+    /* BN_reciprocal could have returned -1 for an error */
+    if (recp->shift == -1)
+        goto err;
+
+    /*-
+     * d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))|
+     *    = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))|
+     *   <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)|
+     *    = |m/N|
+     */
+    if (!BN_rshift(a, m, recp->num_bits))
+        goto err;
+    if (!BN_mul(b, a, &(recp->Nr), ctx))
+        goto err;
+    if (!BN_rshift(d, b, i - recp->num_bits))
+        goto err;
+    d->neg = 0;
+
+    if (!BN_mul(b, &(recp->N), d, ctx))
+        goto err;
+    if (!BN_usub(r, m, b))
+        goto err;
+    r->neg = 0;
 
 #if 1
-	j=0;
-	while (BN_ucmp(r,&(recp->N)) >= 0)
-		{
-		if (j++ > 2)
-			{
-			BNerr(BN_F_BN_DIV_RECP,BN_R_BAD_RECIPROCAL);
-			goto err;
-			}
-		if (!BN_usub(r,r,&(recp->N))) goto err;
-		if (!BN_add_word(d,1)) goto err;
-		}
+    j = 0;
+    while (BN_ucmp(r, &(recp->N)) >= 0) {
+        if (j++ > 2) {
+            BNerr(BN_F_BN_DIV_RECP, BN_R_BAD_RECIPROCAL);
+            goto err;
+        }
+        if (!BN_usub(r, r, &(recp->N)))
+            goto err;
+        if (!BN_add_word(d, 1))
+            goto err;
+    }
 #endif
 
-	r->neg=BN_is_zero(r)?0:m->neg;
-	d->neg=m->neg^recp->N.neg;
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	bn_check_top(dv);
-	bn_check_top(rem);
-	return(ret);
-	} 
-
-/* len is the expected size of the result
- * We actually calculate with an extra word of precision, so
- * we can do faster division if the remainder is not required.
+    r->neg = BN_is_zero(r) ? 0 : m->neg;
+    d->neg = m->neg ^ recp->N.neg;
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    bn_check_top(dv);
+    bn_check_top(rem);
+    return (ret);
+}
+
+/*
+ * len is the expected size of the result We actually calculate with an extra
+ * word of precision, so we can do faster division if the remainder is not
+ * required.
  */
 /* r := 2^len / m */
 int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
-	{
-	int ret= -1;
-	BIGNUM *t;
-
-	BN_CTX_start(ctx);
-	if((t = BN_CTX_get(ctx)) == NULL) goto err;
-
-	if (!BN_set_bit(t,len)) goto err;
-
-	if (!BN_div(r,NULL,t,m,ctx)) goto err;
-
-	ret=len;
-err:
-	bn_check_top(r);
-	BN_CTX_end(ctx);
-	return(ret);
-	}
+{
+    int ret = -1;
+    BIGNUM *t;
+
+    BN_CTX_start(ctx);
+    if ((t = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (!BN_set_bit(t, len))
+        goto err;
+
+    if (!BN_div(r, NULL, t, m, ctx))
+        goto err;
+
+    ret = len;
+ err:
+    bn_check_top(r);
+    BN_CTX_end(ctx);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c
index c4d301af..67904c99 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,160 +61,149 @@
 #include "bn_lcl.h"
 
 int BN_lshift1(BIGNUM *r, const BIGNUM *a)
-	{
-	register BN_ULONG *ap,*rp,t,c;
-	int i;
+{
+    register BN_ULONG *ap, *rp, t, c;
+    int i;
 
-	bn_check_top(r);
-	bn_check_top(a);
+    bn_check_top(r);
+    bn_check_top(a);
 
-	if (r != a)
-		{
-		r->neg=a->neg;
-		if (bn_wexpand(r,a->top+1) == NULL) return(0);
-		r->top=a->top;
-		}
-	else
-		{
-		if (bn_wexpand(r,a->top+1) == NULL) return(0);
-		}
-	ap=a->d;
-	rp=r->d;
-	c=0;
-	for (i=0; i<a->top; i++)
-		{
-		t= *(ap++);
-		*(rp++)=((t<<1)|c)&BN_MASK2;
-		c=(t & BN_TBIT)?1:0;
-		}
-	if (c)
-		{
-		*rp=1;
-		r->top++;
-		}
-	bn_check_top(r);
-	return(1);
-	}
+    if (r != a) {
+        r->neg = a->neg;
+        if (bn_wexpand(r, a->top + 1) == NULL)
+            return (0);
+        r->top = a->top;
+    } else {
+        if (bn_wexpand(r, a->top + 1) == NULL)
+            return (0);
+    }
+    ap = a->d;
+    rp = r->d;
+    c = 0;
+    for (i = 0; i < a->top; i++) {
+        t = *(ap++);
+        *(rp++) = ((t << 1) | c) & BN_MASK2;
+        c = (t & BN_TBIT) ? 1 : 0;
+    }
+    if (c) {
+        *rp = 1;
+        r->top++;
+    }
+    bn_check_top(r);
+    return (1);
+}
 
 int BN_rshift1(BIGNUM *r, const BIGNUM *a)
-	{
-	BN_ULONG *ap,*rp,t,c;
-	int i;
+{
+    BN_ULONG *ap, *rp, t, c;
+    int i;
 
-	bn_check_top(r);
-	bn_check_top(a);
+    bn_check_top(r);
+    bn_check_top(a);
 
-	if (BN_is_zero(a))
-		{
-		BN_zero(r);
-		return(1);
-		}
-	if (a != r)
-		{
-		if (bn_wexpand(r,a->top) == NULL) return(0);
-		r->top=a->top;
-		r->neg=a->neg;
-		}
-	ap=a->d;
-	rp=r->d;
-	c=0;
-	for (i=a->top-1; i>=0; i--)
-		{
-		t=ap[i];
-		rp[i]=((t>>1)&BN_MASK2)|c;
-		c=(t&1)?BN_TBIT:0;
-		}
-	bn_correct_top(r);
-	bn_check_top(r);
-	return(1);
-	}
+    if (BN_is_zero(a)) {
+        BN_zero(r);
+        return (1);
+    }
+    if (a != r) {
+        if (bn_wexpand(r, a->top) == NULL)
+            return (0);
+        r->top = a->top;
+        r->neg = a->neg;
+    }
+    ap = a->d;
+    rp = r->d;
+    c = 0;
+    for (i = a->top - 1; i >= 0; i--) {
+        t = ap[i];
+        rp[i] = ((t >> 1) & BN_MASK2) | c;
+        c = (t & 1) ? BN_TBIT : 0;
+    }
+    bn_correct_top(r);
+    bn_check_top(r);
+    return (1);
+}
 
 int BN_lshift(BIGNUM *r, const BIGNUM *a, int n)
-	{
-	int i,nw,lb,rb;
-	BN_ULONG *t,*f;
-	BN_ULONG l;
+{
+    int i, nw, lb, rb;
+    BN_ULONG *t, *f;
+    BN_ULONG l;
 
-	bn_check_top(r);
-	bn_check_top(a);
+    bn_check_top(r);
+    bn_check_top(a);
 
-	r->neg=a->neg;
-	nw=n/BN_BITS2;
-	if (bn_wexpand(r,a->top+nw+1) == NULL) return(0);
-	lb=n%BN_BITS2;
-	rb=BN_BITS2-lb;
-	f=a->d;
-	t=r->d;
-	t[a->top+nw]=0;
-	if (lb == 0)
-		for (i=a->top-1; i>=0; i--)
-			t[nw+i]=f[i];
-	else
-		for (i=a->top-1; i>=0; i--)
-			{
-			l=f[i];
-			t[nw+i+1]|=(l>>rb)&BN_MASK2;
-			t[nw+i]=(l<<lb)&BN_MASK2;
-			}
-	memset(t,0,nw*sizeof(t[0]));
-/*	for (i=0; i<nw; i++)
-		t[i]=0;*/
-	r->top=a->top+nw+1;
-	bn_correct_top(r);
-	bn_check_top(r);
-	return(1);
-	}
+    r->neg = a->neg;
+    nw = n / BN_BITS2;
+    if (bn_wexpand(r, a->top + nw + 1) == NULL)
+        return (0);
+    lb = n % BN_BITS2;
+    rb = BN_BITS2 - lb;
+    f = a->d;
+    t = r->d;
+    t[a->top + nw] = 0;
+    if (lb == 0)
+        for (i = a->top - 1; i >= 0; i--)
+            t[nw + i] = f[i];
+    else
+        for (i = a->top - 1; i >= 0; i--) {
+            l = f[i];
+            t[nw + i + 1] |= (l >> rb) & BN_MASK2;
+            t[nw + i] = (l << lb) & BN_MASK2;
+        }
+    memset(t, 0, nw * sizeof(t[0]));
+    /*
+     * for (i=0; i<nw; i++) t[i]=0;
+     */
+    r->top = a->top + nw + 1;
+    bn_correct_top(r);
+    bn_check_top(r);
+    return (1);
+}
 
 int BN_rshift(BIGNUM *r, const BIGNUM *a, int n)
-	{
-	int i,j,nw,lb,rb;
-	BN_ULONG *t,*f;
-	BN_ULONG l,tmp;
+{
+    int i, j, nw, lb, rb;
+    BN_ULONG *t, *f;
+    BN_ULONG l, tmp;
 
-	bn_check_top(r);
-	bn_check_top(a);
+    bn_check_top(r);
+    bn_check_top(a);
 
-	nw=n/BN_BITS2;
-	rb=n%BN_BITS2;
-	lb=BN_BITS2-rb;
-	if (nw >= a->top || a->top == 0)
-		{
-		BN_zero(r);
-		return(1);
-		}
-	if (r != a)
-		{
-		r->neg=a->neg;
-		if (bn_wexpand(r,a->top-nw+1) == NULL) return(0);
-		}
-	else
-		{
-		if (n == 0)
-			return 1; /* or the copying loop will go berserk */
-		}
+    nw = n / BN_BITS2;
+    rb = n % BN_BITS2;
+    lb = BN_BITS2 - rb;
+    if (nw >= a->top || a->top == 0) {
+        BN_zero(r);
+        return (1);
+    }
+    if (r != a) {
+        r->neg = a->neg;
+        if (bn_wexpand(r, a->top - nw + 1) == NULL)
+            return (0);
+    } else {
+        if (n == 0)
+            return 1;           /* or the copying loop will go berserk */
+    }
 
-	f= &(a->d[nw]);
-	t=r->d;
-	j=a->top-nw;
-	r->top=j;
+    f = &(a->d[nw]);
+    t = r->d;
+    j = a->top - nw;
+    r->top = j;
 
-	if (rb == 0)
-		{
-		for (i=j; i != 0; i--)
-			*(t++)= *(f++);
-		}
-	else
-		{
-		l= *(f++);
-		for (i=j-1; i != 0; i--)
-			{
-			tmp =(l>>rb)&BN_MASK2;
-			l= *(f++);
-			*(t++) =(tmp|(l<<lb))&BN_MASK2;
-			}
-		*(t++) =(l>>rb)&BN_MASK2;
-		}
-	bn_correct_top(r);
-	bn_check_top(r);
-	return(1);
-	}
+    if (rb == 0) {
+        for (i = j; i != 0; i--)
+            *(t++) = *(f++);
+    } else {
+        l = *(f++);
+        for (i = j - 1; i != 0; i--) {
+            tmp = (l >> rb) & BN_MASK2;
+            l = *(f++);
+            *(t++) = (tmp | (l << lb)) & BN_MASK2;
+        }
+        *(t++) = (l >> rb) & BN_MASK2;
+    }
+    bn_correct_top(r);
+    bn_check_top(r);
+    return (1);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c
index 65bbf165..3ca69879 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,140 +61,137 @@
 #include "bn_lcl.h"
 
 /* r must not be a */
-/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */
+/*
+ * I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96
+ */
 int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-	{
-	int max,al;
-	int ret = 0;
-	BIGNUM *tmp,*rr;
+{
+    int max, al;
+    int ret = 0;
+    BIGNUM *tmp, *rr;
 
 #ifdef BN_COUNT
-	fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top);
+    fprintf(stderr, "BN_sqr %d * %d\n", a->top, a->top);
 #endif
-	bn_check_top(a);
+    bn_check_top(a);
 
-	al=a->top;
-	if (al <= 0)
-		{
-		r->top=0;
-		r->neg = 0;
-		return 1;
-		}
+    al = a->top;
+    if (al <= 0) {
+        r->top = 0;
+        r->neg = 0;
+        return 1;
+    }
 
-	BN_CTX_start(ctx);
-	rr=(a != r) ? r : BN_CTX_get(ctx);
-	tmp=BN_CTX_get(ctx);
-	if (!rr || !tmp) goto err;
+    BN_CTX_start(ctx);
+    rr = (a != r) ? r : BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+    if (!rr || !tmp)
+        goto err;
 
-	max = 2 * al; /* Non-zero (from above) */
-	if (bn_wexpand(rr,max) == NULL) goto err;
+    max = 2 * al;               /* Non-zero (from above) */
+    if (bn_wexpand(rr, max) == NULL)
+        goto err;
 
-	if (al == 4)
-		{
+    if (al == 4) {
 #ifndef BN_SQR_COMBA
-		BN_ULONG t[8];
-		bn_sqr_normal(rr->d,a->d,4,t);
+        BN_ULONG t[8];
+        bn_sqr_normal(rr->d, a->d, 4, t);
 #else
-		bn_sqr_comba4(rr->d,a->d);
+        bn_sqr_comba4(rr->d, a->d);
 #endif
-		}
-	else if (al == 8)
-		{
+    } else if (al == 8) {
 #ifndef BN_SQR_COMBA
-		BN_ULONG t[16];
-		bn_sqr_normal(rr->d,a->d,8,t);
+        BN_ULONG t[16];
+        bn_sqr_normal(rr->d, a->d, 8, t);
 #else
-		bn_sqr_comba8(rr->d,a->d);
+        bn_sqr_comba8(rr->d, a->d);
 #endif
-		}
-	else 
-		{
+    } else {
 #if defined(BN_RECURSION)
-		if (al < BN_SQR_RECURSIVE_SIZE_NORMAL)
-			{
-			BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2];
-			bn_sqr_normal(rr->d,a->d,al,t);
-			}
-		else
-			{
-			int j,k;
+        if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) {
+            BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL * 2];
+            bn_sqr_normal(rr->d, a->d, al, t);
+        } else {
+            int j, k;
 
-			j=BN_num_bits_word((BN_ULONG)al);
-			j=1<<(j-1);
-			k=j+j;
-			if (al == j)
-				{
-				if (bn_wexpand(tmp,k*2) == NULL) goto err;
-				bn_sqr_recursive(rr->d,a->d,al,tmp->d);
-				}
-			else
-				{
-				if (bn_wexpand(tmp,max) == NULL) goto err;
-				bn_sqr_normal(rr->d,a->d,al,tmp->d);
-				}
-			}
+            j = BN_num_bits_word((BN_ULONG)al);
+            j = 1 << (j - 1);
+            k = j + j;
+            if (al == j) {
+                if (bn_wexpand(tmp, k * 2) == NULL)
+                    goto err;
+                bn_sqr_recursive(rr->d, a->d, al, tmp->d);
+            } else {
+                if (bn_wexpand(tmp, max) == NULL)
+                    goto err;
+                bn_sqr_normal(rr->d, a->d, al, tmp->d);
+            }
+        }
 #else
-		if (bn_wexpand(tmp,max) == NULL) goto err;
-		bn_sqr_normal(rr->d,a->d,al,tmp->d);
+        if (bn_wexpand(tmp, max) == NULL)
+            goto err;
+        bn_sqr_normal(rr->d, a->d, al, tmp->d);
 #endif
-		}
+    }
 
-	rr->neg=0;
-	/* If the most-significant half of the top word of 'a' is zero, then
-	 * the square of 'a' will max-1 words. */
-	if(a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
-		rr->top = max - 1;
-	else
-		rr->top = max;
-	if (rr != r) BN_copy(r,rr);
-	ret = 1;
+    rr->neg = 0;
+    /*
+     * If the most-significant half of the top word of 'a' is zero, then the
+     * square of 'a' will max-1 words.
+     */
+    if (a->d[al - 1] == (a->d[al - 1] & BN_MASK2l))
+        rr->top = max - 1;
+    else
+        rr->top = max;
+    if (rr != r)
+        BN_copy(r, rr);
+    ret = 1;
  err:
-	bn_check_top(rr);
-	bn_check_top(tmp);
-	BN_CTX_end(ctx);
-	return(ret);
-	}
+    bn_check_top(rr);
+    bn_check_top(tmp);
+    BN_CTX_end(ctx);
+    return (ret);
+}
 
 /* tmp must have 2*n words */
 void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
-	{
-	int i,j,max;
-	const BN_ULONG *ap;
-	BN_ULONG *rp;
+{
+    int i, j, max;
+    const BN_ULONG *ap;
+    BN_ULONG *rp;
 
-	max=n*2;
-	ap=a;
-	rp=r;
-	rp[0]=rp[max-1]=0;
-	rp++;
-	j=n;
+    max = n * 2;
+    ap = a;
+    rp = r;
+    rp[0] = rp[max - 1] = 0;
+    rp++;
+    j = n;
 
-	if (--j > 0)
-		{
-		ap++;
-		rp[j]=bn_mul_words(rp,ap,j,ap[-1]);
-		rp+=2;
-		}
+    if (--j > 0) {
+        ap++;
+        rp[j] = bn_mul_words(rp, ap, j, ap[-1]);
+        rp += 2;
+    }
 
-	for (i=n-2; i>0; i--)
-		{
-		j--;
-		ap++;
-		rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]);
-		rp+=2;
-		}
+    for (i = n - 2; i > 0; i--) {
+        j--;
+        ap++;
+        rp[j] = bn_mul_add_words(rp, ap, j, ap[-1]);
+        rp += 2;
+    }
 
-	bn_add_words(r,r,r,max);
+    bn_add_words(r, r, r, max);
 
-	/* There will not be a carry */
+    /* There will not be a carry */
 
-	bn_sqr_words(tmp,a,n);
+    bn_sqr_words(tmp, a, n);
 
-	bn_add_words(r,r,tmp,max);
-	}
+    bn_add_words(r, r, tmp, max);
+}
 
 #ifdef BN_RECURSION
-/* r is 2*n words in size,
+/*-
+ * r is 2*n words in size,
  * a and b are both n words in size.    (There's not actually a 'b' here ...)
  * n must be a power of 2.
  * We multiply and return the result.
@@ -205,91 +202,89 @@ void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp)
  * a[1]*b[1]
  */
 void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t)
-	{
-	int n=n2/2;
-	int zero,c1;
-	BN_ULONG ln,lo,*p;
+{
+    int n = n2 / 2;
+    int zero, c1;
+    BN_ULONG ln, lo, *p;
 
-#ifdef BN_COUNT
-	fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2);
-#endif
-	if (n2 == 4)
-		{
-#ifndef BN_SQR_COMBA
-		bn_sqr_normal(r,a,4,t);
-#else
-		bn_sqr_comba4(r,a);
-#endif
-		return;
-		}
-	else if (n2 == 8)
-		{
-#ifndef BN_SQR_COMBA
-		bn_sqr_normal(r,a,8,t);
-#else
-		bn_sqr_comba8(r,a);
-#endif
-		return;
-		}
-	if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
-		{
-		bn_sqr_normal(r,a,n2,t);
-		return;
-		}
-	/* r=(a[0]-a[1])*(a[1]-a[0]) */
-	c1=bn_cmp_words(a,&(a[n]),n);
-	zero=0;
-	if (c1 > 0)
-		bn_sub_words(t,a,&(a[n]),n);
-	else if (c1 < 0)
-		bn_sub_words(t,&(a[n]),a,n);
-	else
-		zero=1;
+# ifdef BN_COUNT
+    fprintf(stderr, " bn_sqr_recursive %d * %d\n", n2, n2);
+# endif
+    if (n2 == 4) {
+# ifndef BN_SQR_COMBA
+        bn_sqr_normal(r, a, 4, t);
+# else
+        bn_sqr_comba4(r, a);
+# endif
+        return;
+    } else if (n2 == 8) {
+# ifndef BN_SQR_COMBA
+        bn_sqr_normal(r, a, 8, t);
+# else
+        bn_sqr_comba8(r, a);
+# endif
+        return;
+    }
+    if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) {
+        bn_sqr_normal(r, a, n2, t);
+        return;
+    }
+    /* r=(a[0]-a[1])*(a[1]-a[0]) */
+    c1 = bn_cmp_words(a, &(a[n]), n);
+    zero = 0;
+    if (c1 > 0)
+        bn_sub_words(t, a, &(a[n]), n);
+    else if (c1 < 0)
+        bn_sub_words(t, &(a[n]), a, n);
+    else
+        zero = 1;
 
-	/* The result will always be negative unless it is zero */
-	p= &(t[n2*2]);
+    /* The result will always be negative unless it is zero */
+    p = &(t[n2 * 2]);
 
-	if (!zero)
-		bn_sqr_recursive(&(t[n2]),t,n,p);
-	else
-		memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
-	bn_sqr_recursive(r,a,n,p);
-	bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
+    if (!zero)
+        bn_sqr_recursive(&(t[n2]), t, n, p);
+    else
+        memset(&(t[n2]), 0, n2 * sizeof(BN_ULONG));
+    bn_sqr_recursive(r, a, n, p);
+    bn_sqr_recursive(&(r[n2]), &(a[n]), n, p);
 
-	/* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
-	 * r[10] holds (a[0]*b[0])
-	 * r[32] holds (b[1]*b[1])
-	 */
+    /*-
+     * t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
+     * r[10] holds (a[0]*b[0])
+     * r[32] holds (b[1]*b[1])
+     */
 
-	c1=(int)(bn_add_words(t,r,&(r[n2]),n2));
+    c1 = (int)(bn_add_words(t, r, &(r[n2]), n2));
 
-	/* t[32] is negative */
-	c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2));
+    /* t[32] is negative */
+    c1 -= (int)(bn_sub_words(&(t[n2]), t, &(t[n2]), n2));
 
-	/* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
-	 * r[10] holds (a[0]*a[0])
-	 * r[32] holds (a[1]*a[1])
-	 * c1 holds the carry bits
-	 */
-	c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2));
-	if (c1)
-		{
-		p= &(r[n+n2]);
-		lo= *p;
-		ln=(lo+c1)&BN_MASK2;
-		*p=ln;
+    /*-
+     * t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
+     * r[10] holds (a[0]*a[0])
+     * r[32] holds (a[1]*a[1])
+     * c1 holds the carry bits
+     */
+    c1 += (int)(bn_add_words(&(r[n]), &(r[n]), &(t[n2]), n2));
+    if (c1) {
+        p = &(r[n + n2]);
+        lo = *p;
+        ln = (lo + c1) & BN_MASK2;
+        *p = ln;
 
-		/* The overflow will stop before we over write
-		 * words we should not overwrite */
-		if (ln < (BN_ULONG)c1)
-			{
-			do	{
-				p++;
-				lo= *p;
-				ln=(lo+1)&BN_MASK2;
-				*p=ln;
-				} while (ln == 0);
-			}
-		}
-	}
+        /*
+         * The overflow will stop before we over write words we should not
+         * overwrite
+         */
+        if (ln < (BN_ULONG)c1) {
+            do {
+                p++;
+                lo = *p;
+                ln = (lo + 1) & BN_MASK2;
+                *p = ln;
+            } while (ln == 0);
+        }
+    }
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c
index 6beaf9e5..232af99a 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c
@@ -1,6 +1,8 @@
 /* crypto/bn/bn_sqrt.c */
-/* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * and Bodo Moeller for the OpenSSL project. */
+/*
+ * Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> and Bodo
+ * Moeller for the OpenSSL project.
+ */
 /* ====================================================================
  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
  *
@@ -9,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,336 +60,350 @@
 #include "cryptlib.h"
 #include "bn_lcl.h"
 
-
-BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) 
-/* Returns 'ret' such that
- *      ret^2 == a (mod p),
- * using the Tonelli/Shanks algorithm (cf. Henri Cohen, "A Course
- * in Algebraic Computational Number Theory", algorithm 1.5.1).
- * 'p' must be prime!
+BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
+/*
+ * Returns 'ret' such that ret^2 == a (mod p), using the Tonelli/Shanks
+ * algorithm (cf. Henri Cohen, "A Course in Algebraic Computational Number
+ * Theory", algorithm 1.5.1). 'p' must be prime!
  */
-	{
-	BIGNUM *ret = in;
-	int err = 1;
-	int r;
-	BIGNUM *A, *b, *q, *t, *x, *y;
-	int e, i, j;
-	
-	if (!BN_is_odd(p) || BN_abs_is_word(p, 1))
-		{
-		if (BN_abs_is_word(p, 2))
-			{
-			if (ret == NULL)
-				ret = BN_new();
-			if (ret == NULL)
-				goto end;
-			if (!BN_set_word(ret, BN_is_bit_set(a, 0)))
-				{
-				if (ret != in)
-					BN_free(ret);
-				return NULL;
-				}
-			bn_check_top(ret);
-			return ret;
-			}
-
-		BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
-		return(NULL);
-		}
-
-	if (BN_is_zero(a) || BN_is_one(a))
-		{
-		if (ret == NULL)
-			ret = BN_new();
-		if (ret == NULL)
-			goto end;
-		if (!BN_set_word(ret, BN_is_one(a)))
-			{
-			if (ret != in)
-				BN_free(ret);
-			return NULL;
-			}
-		bn_check_top(ret);
-		return ret;
-		}
-
-	BN_CTX_start(ctx);
-	A = BN_CTX_get(ctx);
-	b = BN_CTX_get(ctx);
-	q = BN_CTX_get(ctx);
-	t = BN_CTX_get(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	if (y == NULL) goto end;
-	
-	if (ret == NULL)
-		ret = BN_new();
-	if (ret == NULL) goto end;
-
-	/* A = a mod p */
-	if (!BN_nnmod(A, a, p, ctx)) goto end;
-
-	/* now write  |p| - 1  as  2^e*q  where  q  is odd */
-	e = 1;
-	while (!BN_is_bit_set(p, e))
-		e++;
-	/* we'll set  q  later (if needed) */
-
-	if (e == 1)
-		{
-		/* The easy case:  (|p|-1)/2  is odd, so 2 has an inverse
-		 * modulo  (|p|-1)/2,  and square roots can be computed
-		 * directly by modular exponentiation.
-		 * We have
-		 *     2 * (|p|+1)/4 == 1   (mod (|p|-1)/2),
-		 * so we can use exponent  (|p|+1)/4,  i.e.  (|p|-3)/4 + 1.
-		 */
-		if (!BN_rshift(q, p, 2)) goto end;
-		q->neg = 0;
-		if (!BN_add_word(q, 1)) goto end;
-		if (!BN_mod_exp(ret, A, q, p, ctx)) goto end;
-		err = 0;
-		goto vrfy;
-		}
-	
-	if (e == 2)
-		{
-		/* |p| == 5  (mod 8)
-		 *
-		 * In this case  2  is always a non-square since
-		 * Legendre(2,p) = (-1)^((p^2-1)/8)  for any odd prime.
-		 * So if  a  really is a square, then  2*a  is a non-square.
-		 * Thus for
-		 *      b := (2*a)^((|p|-5)/8),
-		 *      i := (2*a)*b^2
-		 * we have
-		 *     i^2 = (2*a)^((1 + (|p|-5)/4)*2)
-		 *         = (2*a)^((p-1)/2)
-		 *         = -1;
-		 * so if we set
-		 *      x := a*b*(i-1),
-		 * then
-		 *     x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
-		 *         = a^2 * b^2 * (-2*i)
-		 *         = a*(-i)*(2*a*b^2)
-		 *         = a*(-i)*i
-		 *         = a.
-		 *
-		 * (This is due to A.O.L. Atkin, 
-		 * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
-		 * November 1992.)
-		 */
-
-		/* t := 2*a */
-		if (!BN_mod_lshift1_quick(t, A, p)) goto end;
-
-		/* b := (2*a)^((|p|-5)/8) */
-		if (!BN_rshift(q, p, 3)) goto end;
-		q->neg = 0;
-		if (!BN_mod_exp(b, t, q, p, ctx)) goto end;
-
-		/* y := b^2 */
-		if (!BN_mod_sqr(y, b, p, ctx)) goto end;
-
-		/* t := (2*a)*b^2 - 1*/
-		if (!BN_mod_mul(t, t, y, p, ctx)) goto end;
-		if (!BN_sub_word(t, 1)) goto end;
-
-		/* x = a*b*t */
-		if (!BN_mod_mul(x, A, b, p, ctx)) goto end;
-		if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
-
-		if (!BN_copy(ret, x)) goto end;
-		err = 0;
-		goto vrfy;
-		}
-	
-	/* e > 2, so we really have to use the Tonelli/Shanks algorithm.
-	 * First, find some  y  that is not a square. */
-	if (!BN_copy(q, p)) goto end; /* use 'q' as temp */
-	q->neg = 0;
-	i = 2;
-	do
-		{
-		/* For efficiency, try small numbers first;
-		 * if this fails, try random numbers.
-		 */
-		if (i < 22)
-			{
-			if (!BN_set_word(y, i)) goto end;
-			}
-		else
-			{
-			if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0)) goto end;
-			if (BN_ucmp(y, p) >= 0)
-				{
-				if (!(p->neg ? BN_add : BN_sub)(y, y, p)) goto end;
-				}
-			/* now 0 <= y < |p| */
-			if (BN_is_zero(y))
-				if (!BN_set_word(y, i)) goto end;
-			}
-		
-		r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
-		if (r < -1) goto end;
-		if (r == 0)
-			{
-			/* m divides p */
-			BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
-			goto end;
-			}
-		}
-	while (r == 1 && ++i < 82);
-	
-	if (r != -1)
-		{
-		/* Many rounds and still no non-square -- this is more likely
-		 * a bug than just bad luck.
-		 * Even if  p  is not prime, we should have found some  y
-		 * such that r == -1.
-		 */
-		BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
-		goto end;
-		}
-
-	/* Here's our actual 'q': */
-	if (!BN_rshift(q, q, e)) goto end;
-
-	/* Now that we have some non-square, we can find an element
-	 * of order  2^e  by computing its q'th power. */
-	if (!BN_mod_exp(y, y, q, p, ctx)) goto end;
-	if (BN_is_one(y))
-		{
-		BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
-		goto end;
-		}
-
-	/* Now we know that (if  p  is indeed prime) there is an integer
-	 * k,  0 <= k < 2^e,  such that
-	 *
-	 *      a^q * y^k == 1   (mod p).
-	 *
-	 * As  a^q  is a square and  y  is not,  k  must be even.
-	 * q+1  is even, too, so there is an element
-	 *
-	 *     X := a^((q+1)/2) * y^(k/2),
-	 *
-	 * and it satisfies
-	 *
-	 *     X^2 = a^q * a     * y^k
-	 *         = a,
-	 *
-	 * so it is the square root that we are looking for.
-	 */
-	
-	/* t := (q-1)/2  (note that  q  is odd) */
-	if (!BN_rshift1(t, q)) goto end;
-	
-	/* x := a^((q-1)/2) */
-	if (BN_is_zero(t)) /* special case: p = 2^e + 1 */
-		{
-		if (!BN_nnmod(t, A, p, ctx)) goto end;
-		if (BN_is_zero(t))
-			{
-			/* special case: a == 0  (mod p) */
-			BN_zero(ret);
-			err = 0;
-			goto end;
-			}
-		else
-			if (!BN_one(x)) goto end;
-		}
-	else
-		{
-		if (!BN_mod_exp(x, A, t, p, ctx)) goto end;
-		if (BN_is_zero(x))
-			{
-			/* special case: a == 0  (mod p) */
-			BN_zero(ret);
-			err = 0;
-			goto end;
-			}
-		}
-
-	/* b := a*x^2  (= a^q) */
-	if (!BN_mod_sqr(b, x, p, ctx)) goto end;
-	if (!BN_mod_mul(b, b, A, p, ctx)) goto end;
-	
-	/* x := a*x    (= a^((q+1)/2)) */
-	if (!BN_mod_mul(x, x, A, p, ctx)) goto end;
-
-	while (1)
-		{
-		/* Now  b  is  a^q * y^k  for some even  k  (0 <= k < 2^E
-		 * where  E  refers to the original value of  e,  which we
-		 * don't keep in a variable),  and  x  is  a^((q+1)/2) * y^(k/2).
-		 *
-		 * We have  a*b = x^2,
-		 *    y^2^(e-1) = -1,
-		 *    b^2^(e-1) = 1.
-		 */
-
-		if (BN_is_one(b))
-			{
-			if (!BN_copy(ret, x)) goto end;
-			err = 0;
-			goto vrfy;
-			}
-
-
-		/* find smallest  i  such that  b^(2^i) = 1 */
-		i = 1;
-		if (!BN_mod_sqr(t, b, p, ctx)) goto end;
-		while (!BN_is_one(t))
-			{
-			i++;
-			if (i == e)
-				{
-				BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
-				goto end;
-				}
-			if (!BN_mod_mul(t, t, t, p, ctx)) goto end;
-			}
-		
-
-		/* t := y^2^(e - i - 1) */
-		if (!BN_copy(t, y)) goto end;
-		for (j = e - i - 1; j > 0; j--)
-			{
-			if (!BN_mod_sqr(t, t, p, ctx)) goto end;
-			}
-		if (!BN_mod_mul(y, t, t, p, ctx)) goto end;
-		if (!BN_mod_mul(x, x, t, p, ctx)) goto end;
-		if (!BN_mod_mul(b, b, y, p, ctx)) goto end;
-		e = i;
-		}
+{
+    BIGNUM *ret = in;
+    int err = 1;
+    int r;
+    BIGNUM *A, *b, *q, *t, *x, *y;
+    int e, i, j;
+
+    if (!BN_is_odd(p) || BN_abs_is_word(p, 1)) {
+        if (BN_abs_is_word(p, 2)) {
+            if (ret == NULL)
+                ret = BN_new();
+            if (ret == NULL)
+                goto end;
+            if (!BN_set_word(ret, BN_is_bit_set(a, 0))) {
+                if (ret != in)
+                    BN_free(ret);
+                return NULL;
+            }
+            bn_check_top(ret);
+            return ret;
+        }
+
+        BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+        return (NULL);
+    }
+
+    if (BN_is_zero(a) || BN_is_one(a)) {
+        if (ret == NULL)
+            ret = BN_new();
+        if (ret == NULL)
+            goto end;
+        if (!BN_set_word(ret, BN_is_one(a))) {
+            if (ret != in)
+                BN_free(ret);
+            return NULL;
+        }
+        bn_check_top(ret);
+        return ret;
+    }
+
+    BN_CTX_start(ctx);
+    A = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    q = BN_CTX_get(ctx);
+    t = BN_CTX_get(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto end;
+
+    if (ret == NULL)
+        ret = BN_new();
+    if (ret == NULL)
+        goto end;
+
+    /* A = a mod p */
+    if (!BN_nnmod(A, a, p, ctx))
+        goto end;
+
+    /* now write  |p| - 1  as  2^e*q  where  q  is odd */
+    e = 1;
+    while (!BN_is_bit_set(p, e))
+        e++;
+    /* we'll set  q  later (if needed) */
+
+    if (e == 1) {
+        /*-
+         * The easy case:  (|p|-1)/2  is odd, so 2 has an inverse
+         * modulo  (|p|-1)/2,  and square roots can be computed
+         * directly by modular exponentiation.
+         * We have
+         *     2 * (|p|+1)/4 == 1   (mod (|p|-1)/2),
+         * so we can use exponent  (|p|+1)/4,  i.e.  (|p|-3)/4 + 1.
+         */
+        if (!BN_rshift(q, p, 2))
+            goto end;
+        q->neg = 0;
+        if (!BN_add_word(q, 1))
+            goto end;
+        if (!BN_mod_exp(ret, A, q, p, ctx))
+            goto end;
+        err = 0;
+        goto vrfy;
+    }
+
+    if (e == 2) {
+        /*-
+         * |p| == 5  (mod 8)
+         *
+         * In this case  2  is always a non-square since
+         * Legendre(2,p) = (-1)^((p^2-1)/8)  for any odd prime.
+         * So if  a  really is a square, then  2*a  is a non-square.
+         * Thus for
+         *      b := (2*a)^((|p|-5)/8),
+         *      i := (2*a)*b^2
+         * we have
+         *     i^2 = (2*a)^((1 + (|p|-5)/4)*2)
+         *         = (2*a)^((p-1)/2)
+         *         = -1;
+         * so if we set
+         *      x := a*b*(i-1),
+         * then
+         *     x^2 = a^2 * b^2 * (i^2 - 2*i + 1)
+         *         = a^2 * b^2 * (-2*i)
+         *         = a*(-i)*(2*a*b^2)
+         *         = a*(-i)*i
+         *         = a.
+         *
+         * (This is due to A.O.L. Atkin,
+         * <URL: http://listserv.nodak.edu/scripts/wa.exe?A2=ind9211&L=nmbrthry&O=T&P=562>,
+         * November 1992.)
+         */
+
+        /* t := 2*a */
+        if (!BN_mod_lshift1_quick(t, A, p))
+            goto end;
+
+        /* b := (2*a)^((|p|-5)/8) */
+        if (!BN_rshift(q, p, 3))
+            goto end;
+        q->neg = 0;
+        if (!BN_mod_exp(b, t, q, p, ctx))
+            goto end;
+
+        /* y := b^2 */
+        if (!BN_mod_sqr(y, b, p, ctx))
+            goto end;
+
+        /* t := (2*a)*b^2 - 1 */
+        if (!BN_mod_mul(t, t, y, p, ctx))
+            goto end;
+        if (!BN_sub_word(t, 1))
+            goto end;
+
+        /* x = a*b*t */
+        if (!BN_mod_mul(x, A, b, p, ctx))
+            goto end;
+        if (!BN_mod_mul(x, x, t, p, ctx))
+            goto end;
+
+        if (!BN_copy(ret, x))
+            goto end;
+        err = 0;
+        goto vrfy;
+    }
+
+    /*
+     * e > 2, so we really have to use the Tonelli/Shanks algorithm. First,
+     * find some y that is not a square.
+     */
+    if (!BN_copy(q, p))
+        goto end;               /* use 'q' as temp */
+    q->neg = 0;
+    i = 2;
+    do {
+        /*
+         * For efficiency, try small numbers first; if this fails, try random
+         * numbers.
+         */
+        if (i < 22) {
+            if (!BN_set_word(y, i))
+                goto end;
+        } else {
+            if (!BN_pseudo_rand(y, BN_num_bits(p), 0, 0))
+                goto end;
+            if (BN_ucmp(y, p) >= 0) {
+                if (!(p->neg ? BN_add : BN_sub) (y, y, p))
+                    goto end;
+            }
+            /* now 0 <= y < |p| */
+            if (BN_is_zero(y))
+                if (!BN_set_word(y, i))
+                    goto end;
+        }
+
+        r = BN_kronecker(y, q, ctx); /* here 'q' is |p| */
+        if (r < -1)
+            goto end;
+        if (r == 0) {
+            /* m divides p */
+            BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+            goto end;
+        }
+    }
+    while (r == 1 && ++i < 82);
+
+    if (r != -1) {
+        /*
+         * Many rounds and still no non-square -- this is more likely a bug
+         * than just bad luck. Even if p is not prime, we should have found
+         * some y such that r == -1.
+         */
+        BNerr(BN_F_BN_MOD_SQRT, BN_R_TOO_MANY_ITERATIONS);
+        goto end;
+    }
+
+    /* Here's our actual 'q': */
+    if (!BN_rshift(q, q, e))
+        goto end;
+
+    /*
+     * Now that we have some non-square, we can find an element of order 2^e
+     * by computing its q'th power.
+     */
+    if (!BN_mod_exp(y, y, q, p, ctx))
+        goto end;
+    if (BN_is_one(y)) {
+        BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
+        goto end;
+    }
+
+    /*-
+     * Now we know that (if  p  is indeed prime) there is an integer
+     * k,  0 <= k < 2^e,  such that
+     *
+     *      a^q * y^k == 1   (mod p).
+     *
+     * As  a^q  is a square and  y  is not,  k  must be even.
+     * q+1  is even, too, so there is an element
+     *
+     *     X := a^((q+1)/2) * y^(k/2),
+     *
+     * and it satisfies
+     *
+     *     X^2 = a^q * a     * y^k
+     *         = a,
+     *
+     * so it is the square root that we are looking for.
+     */
+
+    /* t := (q-1)/2  (note that  q  is odd) */
+    if (!BN_rshift1(t, q))
+        goto end;
+
+    /* x := a^((q-1)/2) */
+    if (BN_is_zero(t)) {        /* special case: p = 2^e + 1 */
+        if (!BN_nnmod(t, A, p, ctx))
+            goto end;
+        if (BN_is_zero(t)) {
+            /* special case: a == 0  (mod p) */
+            BN_zero(ret);
+            err = 0;
+            goto end;
+        } else if (!BN_one(x))
+            goto end;
+    } else {
+        if (!BN_mod_exp(x, A, t, p, ctx))
+            goto end;
+        if (BN_is_zero(x)) {
+            /* special case: a == 0  (mod p) */
+            BN_zero(ret);
+            err = 0;
+            goto end;
+        }
+    }
+
+    /* b := a*x^2  (= a^q) */
+    if (!BN_mod_sqr(b, x, p, ctx))
+        goto end;
+    if (!BN_mod_mul(b, b, A, p, ctx))
+        goto end;
+
+    /* x := a*x    (= a^((q+1)/2)) */
+    if (!BN_mod_mul(x, x, A, p, ctx))
+        goto end;
+
+    while (1) {
+        /*-
+         * Now  b  is  a^q * y^k  for some even  k  (0 <= k < 2^E
+         * where  E  refers to the original value of  e,  which we
+         * don't keep in a variable),  and  x  is  a^((q+1)/2) * y^(k/2).
+         *
+         * We have  a*b = x^2,
+         *    y^2^(e-1) = -1,
+         *    b^2^(e-1) = 1.
+         */
+
+        if (BN_is_one(b)) {
+            if (!BN_copy(ret, x))
+                goto end;
+            err = 0;
+            goto vrfy;
+        }
+
+        /* find smallest  i  such that  b^(2^i) = 1 */
+        i = 1;
+        if (!BN_mod_sqr(t, b, p, ctx))
+            goto end;
+        while (!BN_is_one(t)) {
+            i++;
+            if (i == e) {
+                BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+                goto end;
+            }
+            if (!BN_mod_mul(t, t, t, p, ctx))
+                goto end;
+        }
+
+        /* t := y^2^(e - i - 1) */
+        if (!BN_copy(t, y))
+            goto end;
+        for (j = e - i - 1; j > 0; j--) {
+            if (!BN_mod_sqr(t, t, p, ctx))
+                goto end;
+        }
+        if (!BN_mod_mul(y, t, t, p, ctx))
+            goto end;
+        if (!BN_mod_mul(x, x, t, p, ctx))
+            goto end;
+        if (!BN_mod_mul(b, b, y, p, ctx))
+            goto end;
+        e = i;
+    }
 
  vrfy:
-	if (!err)
-		{
-		/* verify the result -- the input might have been not a square
-		 * (test added in 0.9.8) */
-		
-		if (!BN_mod_sqr(x, ret, p, ctx))
-			err = 1;
-		
-		if (!err && 0 != BN_cmp(x, A))
-			{
-			BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
-			err = 1;
-			}
-		}
+    if (!err) {
+        /*
+         * verify the result -- the input might have been not a square (test
+         * added in 0.9.8)
+         */
+
+        if (!BN_mod_sqr(x, ret, p, ctx))
+            err = 1;
+
+        if (!err && 0 != BN_cmp(x, A)) {
+            BNerr(BN_F_BN_MOD_SQRT, BN_R_NOT_A_SQUARE);
+            err = 1;
+        }
+    }
 
  end:
-	if (err)
-		{
-		if (ret != NULL && ret != in)
-			{
-			BN_clear_free(ret);
-			}
-		ret = NULL;
-		}
-	BN_CTX_end(ctx);
-	bn_check_top(ret);
-	return ret;
-	}
+    if (err) {
+        if (ret != NULL && ret != in) {
+            BN_clear_free(ret);
+        }
+        ret = NULL;
+    }
+    BN_CTX_end(ctx);
+    bn_check_top(ret);
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c
index de83a15b..b031a60b 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_word.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_word.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,178 +61,167 @@
 #include "bn_lcl.h"
 
 BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w)
-	{
+{
 #ifndef BN_LLONG
-	BN_ULONG ret=0;
+    BN_ULONG ret = 0;
 #else
-	BN_ULLONG ret=0;
+    BN_ULLONG ret = 0;
 #endif
-	int i;
+    int i;
 
-	if (w == 0)
-		return (BN_ULONG)-1;
+    if (w == 0)
+        return (BN_ULONG)-1;
 
-	bn_check_top(a);
-	w&=BN_MASK2;
-	for (i=a->top-1; i>=0; i--)
-		{
+    bn_check_top(a);
+    w &= BN_MASK2;
+    for (i = a->top - 1; i >= 0; i--) {
 #ifndef BN_LLONG
-		ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%w;
-		ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%w;
+        ret = ((ret << BN_BITS4) | ((a->d[i] >> BN_BITS4) & BN_MASK2l)) % w;
+        ret = ((ret << BN_BITS4) | (a->d[i] & BN_MASK2l)) % w;
 #else
-		ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])%
-			(BN_ULLONG)w);
+        ret = (BN_ULLONG) (((ret << (BN_ULLONG) BN_BITS2) | a->d[i]) %
+                           (BN_ULLONG) w);
 #endif
-		}
-	return((BN_ULONG)ret);
-	}
+    }
+    return ((BN_ULONG)ret);
+}
 
 BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w)
-	{
-	BN_ULONG ret = 0;
-	int i, j;
-
-	bn_check_top(a);
-	w &= BN_MASK2;
-
-	if (!w)
-		/* actually this an error (division by zero) */
-		return (BN_ULONG)-1;
-	if (a->top == 0)
-		return 0;
-
-	/* normalize input (so bn_div_words doesn't complain) */
-	j = BN_BITS2 - BN_num_bits_word(w);
-	w <<= j;
-	if (!BN_lshift(a, a, j))
-		return (BN_ULONG)-1;
-
-	for (i=a->top-1; i>=0; i--)
-		{
-		BN_ULONG l,d;
-		
-		l=a->d[i];
-		d=bn_div_words(ret,l,w);
-		ret=(l-((d*w)&BN_MASK2))&BN_MASK2;
-		a->d[i]=d;
-		}
-	if ((a->top > 0) && (a->d[a->top-1] == 0))
-		a->top--;
-	ret >>= j;
-	bn_check_top(a);
-	return(ret);
-	}
+{
+    BN_ULONG ret = 0;
+    int i, j;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+
+    if (!w)
+        /* actually this an error (division by zero) */
+        return (BN_ULONG)-1;
+    if (a->top == 0)
+        return 0;
+
+    /* normalize input (so bn_div_words doesn't complain) */
+    j = BN_BITS2 - BN_num_bits_word(w);
+    w <<= j;
+    if (!BN_lshift(a, a, j))
+        return (BN_ULONG)-1;
+
+    for (i = a->top - 1; i >= 0; i--) {
+        BN_ULONG l, d;
+
+        l = a->d[i];
+        d = bn_div_words(ret, l, w);
+        ret = (l - ((d * w) & BN_MASK2)) & BN_MASK2;
+        a->d[i] = d;
+    }
+    if ((a->top > 0) && (a->d[a->top - 1] == 0))
+        a->top--;
+    ret >>= j;
+    bn_check_top(a);
+    return (ret);
+}
 
 int BN_add_word(BIGNUM *a, BN_ULONG w)
-	{
-	BN_ULONG l;
-	int i;
-
-	bn_check_top(a);
-	w &= BN_MASK2;
-
-	/* degenerate case: w is zero */
-	if (!w) return 1;
-	/* degenerate case: a is zero */
-	if(BN_is_zero(a)) return BN_set_word(a, w);
-	/* handle 'a' when negative */
-	if (a->neg)
-		{
-		a->neg=0;
-		i=BN_sub_word(a,w);
-		if (!BN_is_zero(a))
-			a->neg=!(a->neg);
-		return(i);
-		}
-	for (i=0;w!=0 && i<a->top;i++)
-		{
-		a->d[i] = l = (a->d[i]+w)&BN_MASK2;
-		w = (w>l)?1:0;
-		}
-	if (w && i==a->top)
-		{
-		if (bn_wexpand(a,a->top+1) == NULL) return 0;
-		a->top++;
-		a->d[i]=w;
-		}
-	bn_check_top(a);
-	return(1);
-	}
+{
+    BN_ULONG l;
+    int i;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+
+    /* degenerate case: w is zero */
+    if (!w)
+        return 1;
+    /* degenerate case: a is zero */
+    if (BN_is_zero(a))
+        return BN_set_word(a, w);
+    /* handle 'a' when negative */
+    if (a->neg) {
+        a->neg = 0;
+        i = BN_sub_word(a, w);
+        if (!BN_is_zero(a))
+            a->neg = !(a->neg);
+        return (i);
+    }
+    for (i = 0; w != 0 && i < a->top; i++) {
+        a->d[i] = l = (a->d[i] + w) & BN_MASK2;
+        w = (w > l) ? 1 : 0;
+    }
+    if (w && i == a->top) {
+        if (bn_wexpand(a, a->top + 1) == NULL)
+            return 0;
+        a->top++;
+        a->d[i] = w;
+    }
+    bn_check_top(a);
+    return (1);
+}
 
 int BN_sub_word(BIGNUM *a, BN_ULONG w)
-	{
-	int i;
-
-	bn_check_top(a);
-	w &= BN_MASK2;
-
-	/* degenerate case: w is zero */
-	if (!w) return 1;
-	/* degenerate case: a is zero */
-	if(BN_is_zero(a))
-		{
-		i = BN_set_word(a,w);
-		if (i != 0)
-			BN_set_negative(a, 1);
-		return i;
-		}
-	/* handle 'a' when negative */
-	if (a->neg)
-		{
-		a->neg=0;
-		i=BN_add_word(a,w);
-		a->neg=1;
-		return(i);
-		}
-
-	if ((a->top == 1) && (a->d[0] < w))
-		{
-		a->d[0]=w-a->d[0];
-		a->neg=1;
-		return(1);
-		}
-	i=0;
-	for (;;)
-		{
-		if (a->d[i] >= w)
-			{
-			a->d[i]-=w;
-			break;
-			}
-		else
-			{
-			a->d[i]=(a->d[i]-w)&BN_MASK2;
-			i++;
-			w=1;
-			}
-		}
-	if ((a->d[i] == 0) && (i == (a->top-1)))
-		a->top--;
-	bn_check_top(a);
-	return(1);
-	}
+{
+    int i;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+
+    /* degenerate case: w is zero */
+    if (!w)
+        return 1;
+    /* degenerate case: a is zero */
+    if (BN_is_zero(a)) {
+        i = BN_set_word(a, w);
+        if (i != 0)
+            BN_set_negative(a, 1);
+        return i;
+    }
+    /* handle 'a' when negative */
+    if (a->neg) {
+        a->neg = 0;
+        i = BN_add_word(a, w);
+        a->neg = 1;
+        return (i);
+    }
+
+    if ((a->top == 1) && (a->d[0] < w)) {
+        a->d[0] = w - a->d[0];
+        a->neg = 1;
+        return (1);
+    }
+    i = 0;
+    for (;;) {
+        if (a->d[i] >= w) {
+            a->d[i] -= w;
+            break;
+        } else {
+            a->d[i] = (a->d[i] - w) & BN_MASK2;
+            i++;
+            w = 1;
+        }
+    }
+    if ((a->d[i] == 0) && (i == (a->top - 1)))
+        a->top--;
+    bn_check_top(a);
+    return (1);
+}
 
 int BN_mul_word(BIGNUM *a, BN_ULONG w)
-	{
-	BN_ULONG ll;
-
-	bn_check_top(a);
-	w&=BN_MASK2;
-	if (a->top)
-		{
-		if (w == 0)
-			BN_zero(a);
-		else
-			{
-			ll=bn_mul_words(a->d,a->d,a->top,w);
-			if (ll)
-				{
-				if (bn_wexpand(a,a->top+1) == NULL) return(0);
-				a->d[a->top++]=ll;
-				}
-			}
-		}
-	bn_check_top(a);
-	return(1);
-	}
-
+{
+    BN_ULONG ll;
+
+    bn_check_top(a);
+    w &= BN_MASK2;
+    if (a->top) {
+        if (w == 0)
+            BN_zero(a);
+        else {
+            ll = bn_mul_words(a->d, a->d, a->top, w);
+            if (ll) {
+                if (bn_wexpand(a, a->top + 1) == NULL)
+                    return (0);
+                a->d[a->top++] = ll;
+            }
+        }
+    }
+    bn_check_top(a);
+    return (1);
+}
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c
index 04c5c874..6d76b128 100644
--- a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c
+++ b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c
@@ -1,6 +1,7 @@
 /* bn_x931p.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2005.
  */
 /* ====================================================================
  * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,212 +62,213 @@
 
 /* X9.31 routines for prime derivation */
 
-/* X9.31 prime derivation. This is used to generate the primes pi
- * (p1, p2, q1, q2) from a parameter Xpi by checking successive odd
- * integers.
+/*
+ * X9.31 prime derivation. This is used to generate the primes pi (p1, p2,
+ * q1, q2) from a parameter Xpi by checking successive odd integers.
  */
 
 static int bn_x931_derive_pi(BIGNUM *pi, const BIGNUM *Xpi, BN_CTX *ctx,
-			BN_GENCB *cb)
-	{
-	int i = 0;
-	if (!BN_copy(pi, Xpi))
-		return 0;
-	if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
-		return 0;
-	for(;;)
-		{
-		i++;
-		BN_GENCB_call(cb, 0, i);
-		/* NB 27 MR is specificed in X9.31 */
-		if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
-			break;
-		if (!BN_add_word(pi, 2))
-			return 0;
-		}
-	BN_GENCB_call(cb, 2, i);
-	return 1;
-	}
-
-/* This is the main X9.31 prime derivation function. From parameters
- * Xp1, Xp2 and Xp derive the prime p. If the parameters p1 or p2 are
- * not NULL they will be returned too: this is needed for testing.
+                             BN_GENCB *cb)
+{
+    int i = 0;
+    if (!BN_copy(pi, Xpi))
+        return 0;
+    if (!BN_is_odd(pi) && !BN_add_word(pi, 1))
+        return 0;
+    for (;;) {
+        i++;
+        BN_GENCB_call(cb, 0, i);
+        /* NB 27 MR is specificed in X9.31 */
+        if (BN_is_prime_fasttest_ex(pi, 27, ctx, 1, cb))
+            break;
+        if (!BN_add_word(pi, 2))
+            return 0;
+    }
+    BN_GENCB_call(cb, 2, i);
+    return 1;
+}
+
+/*
+ * This is the main X9.31 prime derivation function. From parameters Xp1, Xp2
+ * and Xp derive the prime p. If the parameters p1 or p2 are not NULL they
+ * will be returned too: this is needed for testing.
  */
 
 int BN_X931_derive_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-			const BIGNUM *Xp, const BIGNUM *Xp1, const BIGNUM *Xp2,
-			const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
-	{
-	int ret = 0;
+                            const BIGNUM *Xp, const BIGNUM *Xp1,
+                            const BIGNUM *Xp2, const BIGNUM *e, BN_CTX *ctx,
+                            BN_GENCB *cb)
+{
+    int ret = 0;
 
-	BIGNUM *t, *p1p2, *pm1;
+    BIGNUM *t, *p1p2, *pm1;
 
-	/* Only even e supported */
-	if (!BN_is_odd(e))
-		return 0;
+    /* Only even e supported */
+    if (!BN_is_odd(e))
+        return 0;
 
-	BN_CTX_start(ctx);
-	if (!p1)
-		p1 = BN_CTX_get(ctx);
+    BN_CTX_start(ctx);
+    if (!p1)
+        p1 = BN_CTX_get(ctx);
 
-	if (!p2)
-		p2 = BN_CTX_get(ctx);
+    if (!p2)
+        p2 = BN_CTX_get(ctx);
 
-	t = BN_CTX_get(ctx);
+    t = BN_CTX_get(ctx);
 
-	p1p2 = BN_CTX_get(ctx);
+    p1p2 = BN_CTX_get(ctx);
 
-	pm1 = BN_CTX_get(ctx);
+    pm1 = BN_CTX_get(ctx);
 
-	if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
-		goto err;
+    if (!bn_x931_derive_pi(p1, Xp1, ctx, cb))
+        goto err;
 
-	if (!bn_x931_derive_pi(p2, Xp2, ctx, cb))
-		goto err;
+    if (!bn_x931_derive_pi(p2, Xp2, ctx, cb))
+        goto err;
 
-	if (!BN_mul(p1p2, p1, p2, ctx))
-		goto err;
+    if (!BN_mul(p1p2, p1, p2, ctx))
+        goto err;
 
-	/* First set p to value of Rp */
+    /* First set p to value of Rp */
 
-	if (!BN_mod_inverse(p, p2, p1, ctx))
-		goto err;
+    if (!BN_mod_inverse(p, p2, p1, ctx))
+        goto err;
 
-	if (!BN_mul(p, p, p2, ctx))
-		goto err;
+    if (!BN_mul(p, p, p2, ctx))
+        goto err;
 
-	if (!BN_mod_inverse(t, p1, p2, ctx))
-		goto err;
+    if (!BN_mod_inverse(t, p1, p2, ctx))
+        goto err;
 
-	if (!BN_mul(t, t, p1, ctx))
-		goto err;
+    if (!BN_mul(t, t, p1, ctx))
+        goto err;
 
-	if (!BN_sub(p, p, t))
-		goto err;
+    if (!BN_sub(p, p, t))
+        goto err;
 
-	if (p->neg && !BN_add(p, p, p1p2))
-		goto err;
+    if (p->neg && !BN_add(p, p, p1p2))
+        goto err;
 
-	/* p now equals Rp */
+    /* p now equals Rp */
 
-	if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
-		goto err;
+    if (!BN_mod_sub(p, p, Xp, p1p2, ctx))
+        goto err;
 
-	if (!BN_add(p, p, Xp))
-		goto err;
+    if (!BN_add(p, p, Xp))
+        goto err;
 
-	/* p now equals Yp0 */
+    /* p now equals Yp0 */
 
-	for (;;)
-		{
-		int i = 1;
-		BN_GENCB_call(cb, 0, i++);
-		if (!BN_copy(pm1, p))
-			goto err;
-		if (!BN_sub_word(pm1, 1))
-			goto err;
-		if (!BN_gcd(t, pm1, e, ctx))
-			goto err;
-		if (BN_is_one(t)
-		/* X9.31 specifies 8 MR and 1 Lucas test or any prime test
-		 * offering similar or better guarantees 50 MR is considerably 
-		 * better.
-		 */
-			&& BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
-			break;
-		if (!BN_add(p, p, p1p2))
-			goto err;
-		}
+    for (;;) {
+        int i = 1;
+        BN_GENCB_call(cb, 0, i++);
+        if (!BN_copy(pm1, p))
+            goto err;
+        if (!BN_sub_word(pm1, 1))
+            goto err;
+        if (!BN_gcd(t, pm1, e, ctx))
+            goto err;
+        if (BN_is_one(t)
+            /*
+             * X9.31 specifies 8 MR and 1 Lucas test or any prime test
+             * offering similar or better guarantees 50 MR is considerably
+             * better.
+             */
+            && BN_is_prime_fasttest_ex(p, 50, ctx, 1, cb))
+            break;
+        if (!BN_add(p, p, p1p2))
+            goto err;
+    }
 
-	BN_GENCB_call(cb, 3, 0);
+    BN_GENCB_call(cb, 3, 0);
 
-	ret = 1;
+    ret = 1;
 
-	err:
+ err:
 
-	BN_CTX_end(ctx);
+    BN_CTX_end(ctx);
 
-	return ret;
-	}
+    return ret;
+}
 
-/* Generate pair of paramters Xp, Xq for X9.31 prime generation.
- * Note: nbits paramter is sum of number of bits in both.
+/*
+ * Generate pair of paramters Xp, Xq for X9.31 prime generation. Note: nbits
+ * paramter is sum of number of bits in both.
  */
 
 int BN_X931_generate_Xpq(BIGNUM *Xp, BIGNUM *Xq, int nbits, BN_CTX *ctx)
-	{
-	BIGNUM *t;
-	int i;
-	/* Number of bits for each prime is of the form
-	 * 512+128s for s = 0, 1, ...
-	 */
-	if ((nbits < 1024) || (nbits & 0xff))
-		return 0;
-	nbits >>= 1;
-	/* The random value Xp must be between sqrt(2) * 2^(nbits-1) and
-	 * 2^nbits - 1. By setting the top two bits we ensure that the lower
-	 * bound is exceeded.
-	 */
-	if (!BN_rand(Xp, nbits, 1, 0))
-		return 0;
-
-	BN_CTX_start(ctx);
-	t = BN_CTX_get(ctx);
-
-	for (i = 0; i < 1000; i++)
-		{
-		if (!BN_rand(Xq, nbits, 1, 0))
-			return 0;
-		/* Check that |Xp - Xq| > 2^(nbits - 100) */
-		BN_sub(t, Xp, Xq);
-		if (BN_num_bits(t) > (nbits - 100))
-			break;
-		}
-
-	BN_CTX_end(ctx);
-
-	if (i < 1000)
-		return 1;
-
-	return 0;
-
-	}
-
-/* Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1
- * and Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL
- * the relevant parameter will be stored in it.
- *
- * Due to the fact that |Xp - Xq| > 2^(nbits - 100) must be satisfied Xp and Xq
- * are generated using the previous function and supplied as input.
+{
+    BIGNUM *t;
+    int i;
+    /*
+     * Number of bits for each prime is of the form 512+128s for s = 0, 1,
+     * ...
+     */
+    if ((nbits < 1024) || (nbits & 0xff))
+        return 0;
+    nbits >>= 1;
+    /*
+     * The random value Xp must be between sqrt(2) * 2^(nbits-1) and 2^nbits
+     * - 1. By setting the top two bits we ensure that the lower bound is
+     * exceeded.
+     */
+    if (!BN_rand(Xp, nbits, 1, 0))
+        return 0;
+
+    BN_CTX_start(ctx);
+    t = BN_CTX_get(ctx);
+
+    for (i = 0; i < 1000; i++) {
+        if (!BN_rand(Xq, nbits, 1, 0))
+            return 0;
+        /* Check that |Xp - Xq| > 2^(nbits - 100) */
+        BN_sub(t, Xp, Xq);
+        if (BN_num_bits(t) > (nbits - 100))
+            break;
+    }
+
+    BN_CTX_end(ctx);
+
+    if (i < 1000)
+        return 1;
+
+    return 0;
+
+}
+
+/*
+ * Generate primes using X9.31 algorithm. Of the values p, p1, p2, Xp1 and
+ * Xp2 only 'p' needs to be non-NULL. If any of the others are not NULL the
+ * relevant parameter will be stored in it. Due to the fact that |Xp - Xq| >
+ * 2^(nbits - 100) must be satisfied Xp and Xq are generated using the
+ * previous function and supplied as input.
  */
 
 int BN_X931_generate_prime_ex(BIGNUM *p, BIGNUM *p1, BIGNUM *p2,
-			BIGNUM *Xp1, BIGNUM *Xp2,
-			const BIGNUM *Xp,
-			const BIGNUM *e, BN_CTX *ctx,
-			BN_GENCB *cb)
-	{
-	int ret = 0;
-
-	BN_CTX_start(ctx);
-	if (!Xp1)
-		Xp1 = BN_CTX_get(ctx);
-	if (!Xp2)
-		Xp2 = BN_CTX_get(ctx);
+                              BIGNUM *Xp1, BIGNUM *Xp2,
+                              const BIGNUM *Xp,
+                              const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
+{
+    int ret = 0;
 
-	if (!BN_rand(Xp1, 101, 0, 0))
-		goto error;
-	if (!BN_rand(Xp2, 101, 0, 0))
-		goto error;
-	if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
-		goto error;
+    BN_CTX_start(ctx);
+    if (!Xp1)
+        Xp1 = BN_CTX_get(ctx);
+    if (!Xp2)
+        Xp2 = BN_CTX_get(ctx);
 
-	ret = 1;
+    if (!BN_rand(Xp1, 101, 0, 0))
+        goto error;
+    if (!BN_rand(Xp2, 101, 0, 0))
+        goto error;
+    if (!BN_X931_derive_prime_ex(p, p1, p2, Xp, Xp1, Xp2, e, ctx, cb))
+        goto error;
 
-	error:
-	BN_CTX_end(ctx);
+    ret = 1;
 
-	return ret;
+ error:
+    BN_CTX_end(ctx);
 
-	}
+    return ret;
 
+}
diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c
index 3e25bbe8..dfb8e850 100644
--- a/Cryptlib/OpenSSL/crypto/buffer/buf_err.c
+++ b/Cryptlib/OpenSSL/crypto/buffer/buf_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,35 +66,32 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_BUF,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_BUF,0,reason)
 
-static ERR_STRING_DATA BUF_str_functs[]=
-	{
-{ERR_FUNC(BUF_F_BUF_MEMDUP),	"BUF_memdup"},
-{ERR_FUNC(BUF_F_BUF_MEM_GROW),	"BUF_MEM_grow"},
-{ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN),	"BUF_MEM_grow_clean"},
-{ERR_FUNC(BUF_F_BUF_MEM_NEW),	"BUF_MEM_new"},
-{ERR_FUNC(BUF_F_BUF_STRDUP),	"BUF_strdup"},
-{ERR_FUNC(BUF_F_BUF_STRNDUP),	"BUF_strndup"},
-{0,NULL}
-	};
+static ERR_STRING_DATA BUF_str_functs[] = {
+    {ERR_FUNC(BUF_F_BUF_MEMDUP), "BUF_memdup"},
+    {ERR_FUNC(BUF_F_BUF_MEM_GROW), "BUF_MEM_grow"},
+    {ERR_FUNC(BUF_F_BUF_MEM_GROW_CLEAN), "BUF_MEM_grow_clean"},
+    {ERR_FUNC(BUF_F_BUF_MEM_NEW), "BUF_MEM_new"},
+    {ERR_FUNC(BUF_F_BUF_STRDUP), "BUF_strdup"},
+    {ERR_FUNC(BUF_F_BUF_STRNDUP), "BUF_strndup"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA BUF_str_reasons[]=
-	{
-{0,NULL}
-	};
+static ERR_STRING_DATA BUF_str_reasons[] = {
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_BUF_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(BUF_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,BUF_str_functs);
-		ERR_load_strings(0,BUF_str_reasons);
-		}
+    if (ERR_func_error_string(BUF_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, BUF_str_functs);
+        ERR_load_strings(0, BUF_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/buffer/buf_str.c b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c
index 28dd1e40..88be76fc 100644
--- a/Cryptlib/OpenSSL/crypto/buffer/buf_str.c
+++ b/Cryptlib/OpenSSL/crypto/buffer/buf_str.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,59 +58,59 @@
 #include <openssl/buffer.h>
 
 char *BUF_strdup(const char *str)
-	{
-	if (str == NULL) return(NULL);
-	return BUF_strndup(str, strlen(str));
-	}
+{
+    if (str == NULL)
+        return (NULL);
+    return BUF_strndup(str, strlen(str));
+}
 
 char *BUF_strndup(const char *str, size_t siz)
-	{
-	char *ret;
+{
+    char *ret;
 
-	if (str == NULL) return(NULL);
+    if (str == NULL)
+        return (NULL);
 
-	ret=OPENSSL_malloc(siz+1);
-	if (ret == NULL) 
-		{
-		BUFerr(BUF_F_BUF_STRNDUP,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	BUF_strlcpy(ret,str,siz+1);
-	return(ret);
-	}
+    ret = OPENSSL_malloc(siz + 1);
+    if (ret == NULL) {
+        BUFerr(BUF_F_BUF_STRNDUP, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    BUF_strlcpy(ret, str, siz + 1);
+    return (ret);
+}
 
 void *BUF_memdup(const void *data, size_t siz)
-	{
-	void *ret;
+{
+    void *ret;
 
-	if (data == NULL) return(NULL);
+    if (data == NULL)
+        return (NULL);
 
-	ret=OPENSSL_malloc(siz);
-	if (ret == NULL) 
-		{
-		BUFerr(BUF_F_BUF_MEMDUP,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	return memcpy(ret, data, siz);
-	}	
+    ret = OPENSSL_malloc(siz);
+    if (ret == NULL) {
+        BUFerr(BUF_F_BUF_MEMDUP, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    return memcpy(ret, data, siz);
+}
 
 size_t BUF_strlcpy(char *dst, const char *src, size_t size)
-	{
-	size_t l = 0;
-	for(; size > 1 && *src; size--)
-		{
-		*dst++ = *src++;
-		l++;
-		}
-	if (size)
-		*dst = '\0';
-	return l + strlen(src);
-	}
+{
+    size_t l = 0;
+    for (; size > 1 && *src; size--) {
+        *dst++ = *src++;
+        l++;
+    }
+    if (size)
+        *dst = '\0';
+    return l + strlen(src);
+}
 
 size_t BUF_strlcat(char *dst, const char *src, size_t size)
-	{
-	size_t l = 0;
-	for(; size > 0 && *dst; size--, dst++)
-		l++;
-	return l + BUF_strlcpy(dst, src, size);
-	}
+{
+    size_t l = 0;
+    for (; size > 0 && *dst; size--, dst++)
+        l++;
+    return l + BUF_strlcpy(dst, src, size);
+}
diff --git a/Cryptlib/OpenSSL/crypto/buffer/buffer.c b/Cryptlib/OpenSSL/crypto/buffer/buffer.c
index 3b4c79f7..f59849f3 100644
--- a/Cryptlib/OpenSSL/crypto/buffer/buffer.c
+++ b/Cryptlib/OpenSSL/crypto/buffer/buffer.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,131 +60,117 @@
 #include "cryptlib.h"
 #include <openssl/buffer.h>
 
-/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
- * function is applied in several functions in this file and this limit ensures
- * that the result fits in an int. */
+/*
+ * LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
+ * function is applied in several functions in this file and this limit
+ * ensures that the result fits in an int.
+ */
 #define LIMIT_BEFORE_EXPANSION 0x5ffffffc
 
 BUF_MEM *BUF_MEM_new(void)
-	{
-	BUF_MEM *ret;
+{
+    BUF_MEM *ret;
 
-	ret=OPENSSL_malloc(sizeof(BUF_MEM));
-	if (ret == NULL)
-		{
-		BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	ret->length=0;
-	ret->max=0;
-	ret->data=NULL;
-	return(ret);
-	}
+    ret = OPENSSL_malloc(sizeof(BUF_MEM));
+    if (ret == NULL) {
+        BUFerr(BUF_F_BUF_MEM_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    ret->length = 0;
+    ret->max = 0;
+    ret->data = NULL;
+    return (ret);
+}
 
 void BUF_MEM_free(BUF_MEM *a)
-	{
-	if(a == NULL)
-	    return;
+{
+    if (a == NULL)
+        return;
 
-	if (a->data != NULL)
-		{
-		memset(a->data,0,(unsigned int)a->max);
-		OPENSSL_free(a->data);
-		}
-	OPENSSL_free(a);
-	}
+    if (a->data != NULL) {
+        memset(a->data, 0, (unsigned int)a->max);
+        OPENSSL_free(a->data);
+    }
+    OPENSSL_free(a);
+}
 
 int BUF_MEM_grow(BUF_MEM *str, int len)
-	{
-	char *ret;
-	unsigned int n;
+{
+    char *ret;
+    unsigned int n;
 
-	if (len < 0)
-		{
-		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	if (str->length >= len)
-		{
-		str->length=len;
-		return(len);
-		}
-	if (str->max >= len)
-		{
-		memset(&str->data[str->length],0,len-str->length);
-		str->length=len;
-		return(len);
-		}
-	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
-	if (len > LIMIT_BEFORE_EXPANSION)
-		{
-		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	n=(len+3)/3*4;
-	if (str->data == NULL)
-		ret=OPENSSL_malloc(n);
-	else
-		ret=OPENSSL_realloc(str->data,n);
-	if (ret == NULL)
-		{
-		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
-		len=0;
-		}
-	else
-		{
-		str->data=ret;
-		str->max=n;
-		memset(&str->data[str->length],0,len-str->length);
-		str->length=len;
-		}
-	return(len);
-	}
+    if (len < 0) {
+        BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (str->length >= len) {
+        str->length = len;
+        return (len);
+    }
+    if (str->max >= len) {
+        memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+        return (len);
+    }
+    /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+    if (len > LIMIT_BEFORE_EXPANSION) {
+        BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    n = (len + 3) / 3 * 4;
+    if (str->data == NULL)
+        ret = OPENSSL_malloc(n);
+    else
+        ret = OPENSSL_realloc(str->data, n);
+    if (ret == NULL) {
+        BUFerr(BUF_F_BUF_MEM_GROW, ERR_R_MALLOC_FAILURE);
+        len = 0;
+    } else {
+        str->data = ret;
+        str->max = n;
+        memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+    }
+    return (len);
+}
 
 int BUF_MEM_grow_clean(BUF_MEM *str, int len)
-	{
-	char *ret;
-	unsigned int n;
+{
+    char *ret;
+    unsigned int n;
 
-	if (len < 0)
-		{
-		BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	if (str->length >= len)
-		{
-		memset(&str->data[len],0,str->length-len);
-		str->length=len;
-		return(len);
-		}
-	if (str->max >= len)
-		{
-		memset(&str->data[str->length],0,len-str->length);
-		str->length=len;
-		return(len);
-		}
-	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
-	if (len > LIMIT_BEFORE_EXPANSION)
-		{
-		BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	n=(len+3)/3*4;
-	if (str->data == NULL)
-		ret=OPENSSL_malloc(n);
-	else
-		ret=OPENSSL_realloc_clean(str->data,str->max,n);
-	if (ret == NULL)
-		{
-		BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
-		len=0;
-		}
-	else
-		{
-		str->data=ret;
-		str->max=n;
-		memset(&str->data[str->length],0,len-str->length);
-		str->length=len;
-		}
-	return(len);
-	}
+    if (len < 0) {
+        BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (str->length >= len) {
+        memset(&str->data[len], 0, str->length - len);
+        str->length = len;
+        return (len);
+    }
+    if (str->max >= len) {
+        memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+        return (len);
+    }
+    /* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+    if (len > LIMIT_BEFORE_EXPANSION) {
+        BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    n = (len + 3) / 3 * 4;
+    if (str->data == NULL)
+        ret = OPENSSL_malloc(n);
+    else
+        ret = OPENSSL_realloc_clean(str->data, str->max, n);
+    if (ret == NULL) {
+        BUFerr(BUF_F_BUF_MEM_GROW_CLEAN, ERR_R_MALLOC_FAILURE);
+        len = 0;
+    } else {
+        str->data = ret;
+        str->max = n;
+        memset(&str->data[str->length], 0, len - str->length);
+        str->length = len;
+    }
+    return (len);
+}
diff --git a/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c b/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c
index dcec13a2..f2f16e5d 100644
--- a/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c
+++ b/Cryptlib/OpenSSL/crypto/cast/c_cfb64.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,63 +59,65 @@
 #include <openssl/cast.h>
 #include "cast_lcl.h"
 
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
  */
 
 void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-			long length, const CAST_KEY *schedule, unsigned char *ivec,
-			int *num, int enc)
-	{
-	register CAST_LONG v0,v1,t;
-	register int n= *num;
-	register long l=length;
-	CAST_LONG ti[2];
-	unsigned char *iv,c,cc;
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num, int enc)
+{
+    register CAST_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    CAST_LONG ti[2];
+    unsigned char *iv, c, cc;
 
-	iv=ivec;
-	if (enc)
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				n2l(iv,v0); ti[0]=v0;
-				n2l(iv,v1); ti[1]=v1;
-				CAST_encrypt((CAST_LONG *)ti,schedule);
-				iv=ivec;
-				t=ti[0]; l2n(t,iv);
-				t=ti[1]; l2n(t,iv);
-				iv=ivec;
-				}
-			c= *(in++)^iv[n];
-			*(out++)=c;
-			iv[n]=c;
-			n=(n+1)&0x07;
-			}
-		}
-	else
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				n2l(iv,v0); ti[0]=v0;
-				n2l(iv,v1); ti[1]=v1;
-				CAST_encrypt((CAST_LONG *)ti,schedule);
-				iv=ivec;
-				t=ti[0]; l2n(t,iv);
-				t=ti[1]; l2n(t,iv);
-				iv=ivec;
-				}
-			cc= *(in++);
-			c=iv[n];
-			iv[n]=cc;
-			*(out++)=c^cc;
-			n=(n+1)&0x07;
-			}
-		}
-	v0=v1=ti[0]=ti[1]=t=c=cc=0;
-	*num=n;
-	}
+    iv = ivec;
+    if (enc) {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                CAST_encrypt((CAST_LONG *)ti, schedule);
+                iv = ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                CAST_encrypt((CAST_LONG *)ti, schedule);
+                iv = ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ecb.c b/Cryptlib/OpenSSL/crypto/cast/c_ecb.c
index b6a3b1ff..4793f28e 100644
--- a/Cryptlib/OpenSSL/crypto/cast/c_ecb.c
+++ b/Cryptlib/OpenSSL/crypto/cast/c_ecb.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,20 +60,24 @@
 #include "cast_lcl.h"
 #include <openssl/opensslv.h>
 
-const char CAST_version[]="CAST" OPENSSL_VERSION_PTEXT;
+const char CAST_version[] = "CAST" OPENSSL_VERSION_PTEXT;
 
 void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out,
-		      const CAST_KEY *ks, int enc)
-	{
-	CAST_LONG l,d[2];
+                      const CAST_KEY *ks, int enc)
+{
+    CAST_LONG l, d[2];
 
-	n2l(in,l); d[0]=l;
-	n2l(in,l); d[1]=l;
-	if (enc)
-		CAST_encrypt(d,ks);
-	else
-		CAST_decrypt(d,ks);
-	l=d[0]; l2n(l,out);
-	l=d[1]; l2n(l,out);
-	l=d[0]=d[1]=0;
-	}
+    n2l(in, l);
+    d[0] = l;
+    n2l(in, l);
+    d[1] = l;
+    if (enc)
+        CAST_encrypt(d, ks);
+    else
+        CAST_decrypt(d, ks);
+    l = d[0];
+    l2n(l, out);
+    l = d[1];
+    l2n(l, out);
+    l = d[0] = d[1] = 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/cast/c_enc.c b/Cryptlib/OpenSSL/crypto/cast/c_enc.c
index 357c41eb..6e1d50f1 100644
--- a/Cryptlib/OpenSSL/crypto/cast/c_enc.c
+++ b/Cryptlib/OpenSSL/crypto/cast/c_enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,149 +60,141 @@
 #include "cast_lcl.h"
 
 void CAST_encrypt(CAST_LONG *data, const CAST_KEY *key)
-	{
-	register CAST_LONG l,r,t;
-	const register CAST_LONG *k;
+{
+    register CAST_LONG l, r, t;
+    const register CAST_LONG *k;
 
-	k= &(key->data[0]);
-	l=data[0];
-	r=data[1];
+    k = &(key->data[0]);
+    l = data[0];
+    r = data[1];
 
-	E_CAST( 0,k,l,r,+,^,-);
-	E_CAST( 1,k,r,l,^,-,+);
-	E_CAST( 2,k,l,r,-,+,^);
-	E_CAST( 3,k,r,l,+,^,-);
-	E_CAST( 4,k,l,r,^,-,+);
-	E_CAST( 5,k,r,l,-,+,^);
-	E_CAST( 6,k,l,r,+,^,-);
-	E_CAST( 7,k,r,l,^,-,+);
-	E_CAST( 8,k,l,r,-,+,^);
-	E_CAST( 9,k,r,l,+,^,-);
-	E_CAST(10,k,l,r,^,-,+);
-	E_CAST(11,k,r,l,-,+,^);
-	if(!key->short_key)
-	    {
-	    E_CAST(12,k,l,r,+,^,-);
-	    E_CAST(13,k,r,l,^,-,+);
-	    E_CAST(14,k,l,r,-,+,^);
-	    E_CAST(15,k,r,l,+,^,-);
-	    }
+    E_CAST(0, k, l, r, +, ^, -);
+    E_CAST(1, k, r, l, ^, -, +);
+    E_CAST(2, k, l, r, -, +, ^);
+    E_CAST(3, k, r, l, +, ^, -);
+    E_CAST(4, k, l, r, ^, -, +);
+    E_CAST(5, k, r, l, -, +, ^);
+    E_CAST(6, k, l, r, +, ^, -);
+    E_CAST(7, k, r, l, ^, -, +);
+    E_CAST(8, k, l, r, -, +, ^);
+    E_CAST(9, k, r, l, +, ^, -);
+    E_CAST(10, k, l, r, ^, -, +);
+    E_CAST(11, k, r, l, -, +, ^);
+    if (!key->short_key) {
+        E_CAST(12, k, l, r, +, ^, -);
+        E_CAST(13, k, r, l, ^, -, +);
+        E_CAST(14, k, l, r, -, +, ^);
+        E_CAST(15, k, r, l, +, ^, -);
+    }
 
-	data[1]=l&0xffffffffL;
-	data[0]=r&0xffffffffL;
-	}
+    data[1] = l & 0xffffffffL;
+    data[0] = r & 0xffffffffL;
+}
 
 void CAST_decrypt(CAST_LONG *data, const CAST_KEY *key)
-	{
-	register CAST_LONG l,r,t;
-	const register CAST_LONG *k;
+{
+    register CAST_LONG l, r, t;
+    const register CAST_LONG *k;
 
-	k= &(key->data[0]);
-	l=data[0];
-	r=data[1];
+    k = &(key->data[0]);
+    l = data[0];
+    r = data[1];
 
-	if(!key->short_key)
-	    {
-	    E_CAST(15,k,l,r,+,^,-);
-	    E_CAST(14,k,r,l,-,+,^);
-	    E_CAST(13,k,l,r,^,-,+);
-	    E_CAST(12,k,r,l,+,^,-);
-	    }
-	E_CAST(11,k,l,r,-,+,^);
-	E_CAST(10,k,r,l,^,-,+);
-	E_CAST( 9,k,l,r,+,^,-);
-	E_CAST( 8,k,r,l,-,+,^);
-	E_CAST( 7,k,l,r,^,-,+);
-	E_CAST( 6,k,r,l,+,^,-);
-	E_CAST( 5,k,l,r,-,+,^);
-	E_CAST( 4,k,r,l,^,-,+);
-	E_CAST( 3,k,l,r,+,^,-);
-	E_CAST( 2,k,r,l,-,+,^);
-	E_CAST( 1,k,l,r,^,-,+);
-	E_CAST( 0,k,r,l,+,^,-);
+    if (!key->short_key) {
+        E_CAST(15, k, l, r, +, ^, -);
+        E_CAST(14, k, r, l, -, +, ^);
+        E_CAST(13, k, l, r, ^, -, +);
+        E_CAST(12, k, r, l, +, ^, -);
+    }
+    E_CAST(11, k, l, r, -, +, ^);
+    E_CAST(10, k, r, l, ^, -, +);
+    E_CAST(9, k, l, r, +, ^, -);
+    E_CAST(8, k, r, l, -, +, ^);
+    E_CAST(7, k, l, r, ^, -, +);
+    E_CAST(6, k, r, l, +, ^, -);
+    E_CAST(5, k, l, r, -, +, ^);
+    E_CAST(4, k, r, l, ^, -, +);
+    E_CAST(3, k, l, r, +, ^, -);
+    E_CAST(2, k, r, l, -, +, ^);
+    E_CAST(1, k, l, r, ^, -, +);
+    E_CAST(0, k, r, l, +, ^, -);
 
-	data[1]=l&0xffffffffL;
-	data[0]=r&0xffffffffL;
-	}
+    data[1] = l & 0xffffffffL;
+    data[0] = r & 0xffffffffL;
+}
 
-void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	     const CAST_KEY *ks, unsigned char *iv, int enc)
-	{
-	register CAST_LONG tin0,tin1;
-	register CAST_LONG tout0,tout1,xor0,xor1;
-	register long l=length;
-	CAST_LONG tin[2];
+void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, const CAST_KEY *ks, unsigned char *iv,
+                      int enc)
+{
+    register CAST_LONG tin0, tin1;
+    register CAST_LONG tout0, tout1, xor0, xor1;
+    register long l = length;
+    CAST_LONG tin[2];
 
-	if (enc)
-		{
-		n2l(iv,tout0);
-		n2l(iv,tout1);
-		iv-=8;
-		for (l-=8; l>=0; l-=8)
-			{
-			n2l(in,tin0);
-			n2l(in,tin1);
-			tin0^=tout0;
-			tin1^=tout1;
-			tin[0]=tin0;
-			tin[1]=tin1;
-			CAST_encrypt(tin,ks);
-			tout0=tin[0];
-			tout1=tin[1];
-			l2n(tout0,out);
-			l2n(tout1,out);
-			}
-		if (l != -8)
-			{
-			n2ln(in,tin0,tin1,l+8);
-			tin0^=tout0;
-			tin1^=tout1;
-			tin[0]=tin0;
-			tin[1]=tin1;
-			CAST_encrypt(tin,ks);
-			tout0=tin[0];
-			tout1=tin[1];
-			l2n(tout0,out);
-			l2n(tout1,out);
-			}
-		l2n(tout0,iv);
-		l2n(tout1,iv);
-		}
-	else
-		{
-		n2l(iv,xor0);
-		n2l(iv,xor1);
-		iv-=8;
-		for (l-=8; l>=0; l-=8)
-			{
-			n2l(in,tin0);
-			n2l(in,tin1);
-			tin[0]=tin0;
-			tin[1]=tin1;
-			CAST_decrypt(tin,ks);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2n(tout0,out);
-			l2n(tout1,out);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		if (l != -8)
-			{
-			n2l(in,tin0);
-			n2l(in,tin1);
-			tin[0]=tin0;
-			tin[1]=tin1;
-			CAST_decrypt(tin,ks);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2nn(tout0,tout1,out,l+8);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		l2n(xor0,iv);
-		l2n(xor1,iv);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
+    if (enc) {
+        n2l(iv, tout0);
+        n2l(iv, tout1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_encrypt(tin, ks);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        if (l != -8) {
+            n2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_encrypt(tin, ks);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            l2n(tout0, out);
+            l2n(tout1, out);
+        }
+        l2n(tout0, iv);
+        l2n(tout1, iv);
+    } else {
+        n2l(iv, xor0);
+        n2l(iv, xor1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2n(tout0, out);
+            l2n(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin[0] = tin0;
+            tin[1] = tin1;
+            CAST_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2nn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2n(xor0, iv);
+        l2n(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c b/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c
index cb322245..4e0a7c2e 100644
--- a/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c
+++ b/Cryptlib/OpenSSL/crypto/cast/c_ofb64.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,52 +59,52 @@
 #include <openssl/cast.h>
 #include "cast_lcl.h"
 
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
  */
 void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-			long length, const CAST_KEY *schedule, unsigned char *ivec,
-			int *num)
-	{
-	register CAST_LONG v0,v1,t;
-	register int n= *num;
-	register long l=length;
-	unsigned char d[8];
-	register char *dp;
-	CAST_LONG ti[2];
-	unsigned char *iv;
-	int save=0;
+                        long length, const CAST_KEY *schedule,
+                        unsigned char *ivec, int *num)
+{
+    register CAST_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    CAST_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
 
-	iv=ivec;
-	n2l(iv,v0);
-	n2l(iv,v1);
-	ti[0]=v0;
-	ti[1]=v1;
-	dp=(char *)d;
-	l2n(v0,dp);
-	l2n(v1,dp);
-	while (l--)
-		{
-		if (n == 0)
-			{
-			CAST_encrypt((CAST_LONG *)ti,schedule);
-			dp=(char *)d;
-			t=ti[0]; l2n(t,dp);
-			t=ti[1]; l2n(t,dp);
-			save++;
-			}
-		*(out++)= *(in++)^d[n];
-		n=(n+1)&0x07;
-		}
-	if (save)
-		{
-		v0=ti[0];
-		v1=ti[1];
-		iv=ivec;
-		l2n(v0,iv);
-		l2n(v1,iv);
-		}
-	t=v0=v1=ti[0]=ti[1]=0;
-	*num=n;
-	}
+    iv = ivec;
+    n2l(iv, v0);
+    n2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2n(v0, dp);
+    l2n(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            CAST_encrypt((CAST_LONG *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2n(t, dp);
+            t = ti[1];
+            l2n(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = ivec;
+        l2n(v0, iv);
+        l2n(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/Cryptlib/OpenSSL/crypto/cast/c_skey.c b/Cryptlib/OpenSSL/crypto/cast/c_skey.c
index 68e690a6..a04f86a3 100644
--- a/Cryptlib/OpenSSL/crypto/cast/c_skey.c
+++ b/Cryptlib/OpenSSL/crypto/cast/c_skey.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,18 +59,18 @@
 #include <openssl/cast.h>
 #include <openssl/crypto.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
 #include "cast_lcl.h"
 #include "cast_s.h"
 
 #define CAST_exp(l,A,a,n) \
-	A[n/4]=l; \
-	a[n+3]=(l    )&0xff; \
-	a[n+2]=(l>> 8)&0xff; \
-	a[n+1]=(l>>16)&0xff; \
-	a[n+0]=(l>>24)&0xff;
+        A[n/4]=l; \
+        a[n+3]=(l    )&0xff; \
+        a[n+2]=(l>> 8)&0xff; \
+        a[n+1]=(l>>16)&0xff; \
+        a[n+0]=(l>>24)&0xff;
 
 #define S4 CAST_S_table4
 #define S5 CAST_S_table5
@@ -78,94 +78,95 @@
 #define S7 CAST_S_table7
 
 FIPS_NON_FIPS_VCIPHER_Init(CAST)
-	{
-	CAST_LONG x[16];
-	CAST_LONG z[16];
-	CAST_LONG k[32];
-	CAST_LONG X[4],Z[4];
-	CAST_LONG l,*K;
-	int i;
-
-	for (i=0; i<16; i++) x[i]=0;
-	if (len > 16) len=16;
-	for (i=0; i<len; i++)
-		x[i]=data[i];
-	if(len <= 10)
-	    key->short_key=1;
-	else
-	    key->short_key=0;
-
-	K= &k[0];
-	X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL;
-	X[1]=((x[ 4]<<24)|(x[ 5]<<16)|(x[ 6]<<8)|x[ 7])&0xffffffffL;
-	X[2]=((x[ 8]<<24)|(x[ 9]<<16)|(x[10]<<8)|x[11])&0xffffffffL;
-	X[3]=((x[12]<<24)|(x[13]<<16)|(x[14]<<8)|x[15])&0xffffffffL;
-
-	for (;;)
-		{
-	l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
-	CAST_exp(l,Z,z, 0);
-	l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
-	CAST_exp(l,Z,z, 4);
-	l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
-	CAST_exp(l,Z,z, 8);
-	l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
-	CAST_exp(l,Z,z,12);
-
-	K[ 0]= S4[z[ 8]]^S5[z[ 9]]^S6[z[ 7]]^S7[z[ 6]]^S4[z[ 2]];
-	K[ 1]= S4[z[10]]^S5[z[11]]^S6[z[ 5]]^S7[z[ 4]]^S5[z[ 6]];
-	K[ 2]= S4[z[12]]^S5[z[13]]^S6[z[ 3]]^S7[z[ 2]]^S6[z[ 9]];
-	K[ 3]= S4[z[14]]^S5[z[15]]^S6[z[ 1]]^S7[z[ 0]]^S7[z[12]];
-
-	l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
-	CAST_exp(l,X,x, 0);
-	l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
-	CAST_exp(l,X,x, 4);
-	l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
-	CAST_exp(l,X,x, 8);
-	l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
-	CAST_exp(l,X,x,12);
-
-	K[ 4]= S4[x[ 3]]^S5[x[ 2]]^S6[x[12]]^S7[x[13]]^S4[x[ 8]];
-	K[ 5]= S4[x[ 1]]^S5[x[ 0]]^S6[x[14]]^S7[x[15]]^S5[x[13]];
-	K[ 6]= S4[x[ 7]]^S5[x[ 6]]^S6[x[ 8]]^S7[x[ 9]]^S6[x[ 3]];
-	K[ 7]= S4[x[ 5]]^S5[x[ 4]]^S6[x[10]]^S7[x[11]]^S7[x[ 7]];
-
-	l=X[0]^S4[x[13]]^S5[x[15]]^S6[x[12]]^S7[x[14]]^S6[x[ 8]];
-	CAST_exp(l,Z,z, 0);
-	l=X[2]^S4[z[ 0]]^S5[z[ 2]]^S6[z[ 1]]^S7[z[ 3]]^S7[x[10]];
-	CAST_exp(l,Z,z, 4);
-	l=X[3]^S4[z[ 7]]^S5[z[ 6]]^S6[z[ 5]]^S7[z[ 4]]^S4[x[ 9]];
-	CAST_exp(l,Z,z, 8);
-	l=X[1]^S4[z[10]]^S5[z[ 9]]^S6[z[11]]^S7[z[ 8]]^S5[x[11]];
-	CAST_exp(l,Z,z,12);
-
-	K[ 8]= S4[z[ 3]]^S5[z[ 2]]^S6[z[12]]^S7[z[13]]^S4[z[ 9]];
-	K[ 9]= S4[z[ 1]]^S5[z[ 0]]^S6[z[14]]^S7[z[15]]^S5[z[12]];
-	K[10]= S4[z[ 7]]^S5[z[ 6]]^S6[z[ 8]]^S7[z[ 9]]^S6[z[ 2]];
-	K[11]= S4[z[ 5]]^S5[z[ 4]]^S6[z[10]]^S7[z[11]]^S7[z[ 6]];
-
-	l=Z[2]^S4[z[ 5]]^S5[z[ 7]]^S6[z[ 4]]^S7[z[ 6]]^S6[z[ 0]];
-	CAST_exp(l,X,x, 0);
-	l=Z[0]^S4[x[ 0]]^S5[x[ 2]]^S6[x[ 1]]^S7[x[ 3]]^S7[z[ 2]];
-	CAST_exp(l,X,x, 4);
-	l=Z[1]^S4[x[ 7]]^S5[x[ 6]]^S6[x[ 5]]^S7[x[ 4]]^S4[z[ 1]];
-	CAST_exp(l,X,x, 8);
-	l=Z[3]^S4[x[10]]^S5[x[ 9]]^S6[x[11]]^S7[x[ 8]]^S5[z[ 3]];
-	CAST_exp(l,X,x,12);
-
-	K[12]= S4[x[ 8]]^S5[x[ 9]]^S6[x[ 7]]^S7[x[ 6]]^S4[x[ 3]];
-	K[13]= S4[x[10]]^S5[x[11]]^S6[x[ 5]]^S7[x[ 4]]^S5[x[ 7]];
-	K[14]= S4[x[12]]^S5[x[13]]^S6[x[ 3]]^S7[x[ 2]]^S6[x[ 8]];
-	K[15]= S4[x[14]]^S5[x[15]]^S6[x[ 1]]^S7[x[ 0]]^S7[x[13]];
-	if (K != k)  break;
-	K+=16;
-		}
-
-	for (i=0; i<16; i++)
-		{
-		key->data[i*2]=k[i];
-		key->data[i*2+1]=((k[i+16])+16)&0x1f;
-		}
-	}
-
+{
+    CAST_LONG x[16];
+    CAST_LONG z[16];
+    CAST_LONG k[32];
+    CAST_LONG X[4], Z[4];
+    CAST_LONG l, *K;
+    int i;
+
+    for (i = 0; i < 16; i++)
+        x[i] = 0;
+    if (len > 16)
+        len = 16;
+    for (i = 0; i < len; i++)
+        x[i] = data[i];
+    if (len <= 10)
+        key->short_key = 1;
+    else
+        key->short_key = 0;
+
+    K = &k[0];
+    X[0] = ((x[0] << 24) | (x[1] << 16) | (x[2] << 8) | x[3]) & 0xffffffffL;
+    X[1] = ((x[4] << 24) | (x[5] << 16) | (x[6] << 8) | x[7]) & 0xffffffffL;
+    X[2] = ((x[8] << 24) | (x[9] << 16) | (x[10] << 8) | x[11]) & 0xffffffffL;
+    X[3] =
+        ((x[12] << 24) | (x[13] << 16) | (x[14] << 8) | x[15]) & 0xffffffffL;
+
+    for (;;) {
+        l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]];
+        CAST_exp(l, Z, z, 0);
+        l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]];
+        CAST_exp(l, Z, z, 4);
+        l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]];
+        CAST_exp(l, Z, z, 8);
+        l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]];
+        CAST_exp(l, Z, z, 12);
+
+        K[0] = S4[z[8]] ^ S5[z[9]] ^ S6[z[7]] ^ S7[z[6]] ^ S4[z[2]];
+        K[1] = S4[z[10]] ^ S5[z[11]] ^ S6[z[5]] ^ S7[z[4]] ^ S5[z[6]];
+        K[2] = S4[z[12]] ^ S5[z[13]] ^ S6[z[3]] ^ S7[z[2]] ^ S6[z[9]];
+        K[3] = S4[z[14]] ^ S5[z[15]] ^ S6[z[1]] ^ S7[z[0]] ^ S7[z[12]];
+
+        l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]];
+        CAST_exp(l, X, x, 0);
+        l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]];
+        CAST_exp(l, X, x, 4);
+        l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]];
+        CAST_exp(l, X, x, 8);
+        l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]];
+        CAST_exp(l, X, x, 12);
+
+        K[4] = S4[x[3]] ^ S5[x[2]] ^ S6[x[12]] ^ S7[x[13]] ^ S4[x[8]];
+        K[5] = S4[x[1]] ^ S5[x[0]] ^ S6[x[14]] ^ S7[x[15]] ^ S5[x[13]];
+        K[6] = S4[x[7]] ^ S5[x[6]] ^ S6[x[8]] ^ S7[x[9]] ^ S6[x[3]];
+        K[7] = S4[x[5]] ^ S5[x[4]] ^ S6[x[10]] ^ S7[x[11]] ^ S7[x[7]];
+
+        l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]];
+        CAST_exp(l, Z, z, 0);
+        l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]];
+        CAST_exp(l, Z, z, 4);
+        l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]];
+        CAST_exp(l, Z, z, 8);
+        l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]];
+        CAST_exp(l, Z, z, 12);
+
+        K[8] = S4[z[3]] ^ S5[z[2]] ^ S6[z[12]] ^ S7[z[13]] ^ S4[z[9]];
+        K[9] = S4[z[1]] ^ S5[z[0]] ^ S6[z[14]] ^ S7[z[15]] ^ S5[z[12]];
+        K[10] = S4[z[7]] ^ S5[z[6]] ^ S6[z[8]] ^ S7[z[9]] ^ S6[z[2]];
+        K[11] = S4[z[5]] ^ S5[z[4]] ^ S6[z[10]] ^ S7[z[11]] ^ S7[z[6]];
+
+        l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]];
+        CAST_exp(l, X, x, 0);
+        l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]];
+        CAST_exp(l, X, x, 4);
+        l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]];
+        CAST_exp(l, X, x, 8);
+        l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]];
+        CAST_exp(l, X, x, 12);
+
+        K[12] = S4[x[8]] ^ S5[x[9]] ^ S6[x[7]] ^ S7[x[6]] ^ S4[x[3]];
+        K[13] = S4[x[10]] ^ S5[x[11]] ^ S6[x[5]] ^ S7[x[4]] ^ S5[x[7]];
+        K[14] = S4[x[12]] ^ S5[x[13]] ^ S6[x[3]] ^ S7[x[2]] ^ S6[x[8]];
+        K[15] = S4[x[14]] ^ S5[x[15]] ^ S6[x[1]] ^ S7[x[0]] ^ S7[x[13]];
+        if (K != k)
+            break;
+        K += 16;
+    }
+
+    for (i = 0; i < 16; i++) {
+        key->data[i * 2] = k[i];
+        key->data[i * 2 + 1] = ((k[i + 16]) + 16) & 0x1f;
+    }
+}
diff --git a/Cryptlib/OpenSSL/crypto/comp/c_rle.c b/Cryptlib/OpenSSL/crypto/comp/c_rle.c
index 18bceae5..adf16631 100644
--- a/Cryptlib/OpenSSL/crypto/comp/c_rle.c
+++ b/Cryptlib/OpenSSL/crypto/comp/c_rle.c
@@ -5,57 +5,58 @@
 #include <openssl/comp.h>
 
 static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen);
+                              unsigned int olen, unsigned char *in,
+                              unsigned int ilen);
 static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen);
-
-static COMP_METHOD rle_method={
-	NID_rle_compression,
-	LN_rle_compression,
-	NULL,
-	NULL,
-	rle_compress_block,
-	rle_expand_block,
-	NULL,
-	NULL,
-	};
+                            unsigned int olen, unsigned char *in,
+                            unsigned int ilen);
+
+static COMP_METHOD rle_method = {
+    NID_rle_compression,
+    LN_rle_compression,
+    NULL,
+    NULL,
+    rle_compress_block,
+    rle_expand_block,
+    NULL,
+    NULL,
+};
 
 COMP_METHOD *COMP_rle(void)
-	{
-	return(&rle_method);
-	}
+{
+    return (&rle_method);
+}
 
 static int rle_compress_block(COMP_CTX *ctx, unsigned char *out,
-	     unsigned int olen, unsigned char *in, unsigned int ilen)
-	{
-	/* int i; */
+                              unsigned int olen, unsigned char *in,
+                              unsigned int ilen)
+{
+    /* int i; */
 
-	if (olen < (ilen+1))
-		{
-		/* ZZZZZZZZZZZZZZZZZZZZZZ */
-		return(-1);
-		}
+    if (olen < (ilen + 1)) {
+        /* ZZZZZZZZZZZZZZZZZZZZZZ */
+        return (-1);
+    }
 
-	*(out++)=0;
-	memcpy(out,in,ilen);
-	return(ilen+1);
-	}
+    *(out++) = 0;
+    memcpy(out, in, ilen);
+    return (ilen + 1);
+}
 
 static int rle_expand_block(COMP_CTX *ctx, unsigned char *out,
-	     unsigned int olen, unsigned char *in, unsigned int ilen)
-	{
-	int i;
-
-	if (ilen == 0 || olen < (ilen-1))
-		{
-		/* ZZZZZZZZZZZZZZZZZZZZZZ */
-		return(-1);
-		}
-
-	i= *(in++);
-	if (i == 0)
-		{
-		memcpy(out,in,ilen-1);
-		}
-	return(ilen-1);
-	}
+                            unsigned int olen, unsigned char *in,
+                            unsigned int ilen)
+{
+    int i;
+
+    if (ilen == 0 || olen < (ilen - 1)) {
+        /* ZZZZZZZZZZZZZZZZZZZZZZ */
+        return (-1);
+    }
+
+    i = *(in++);
+    if (i == 0) {
+        memcpy(out, in, ilen - 1);
+    }
+    return (ilen - 1);
+}
diff --git a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c
index 8df7792c..07ef7394 100644
--- a/Cryptlib/OpenSSL/crypto/comp/c_zlib.c
+++ b/Cryptlib/OpenSSL/crypto/comp/c_zlib.c
@@ -5,324 +5,326 @@
 #include <openssl/comp.h>
 #include <openssl/err.h>
 
-COMP_METHOD *COMP_zlib(void );
-
-static COMP_METHOD zlib_method_nozlib={
-	NID_undef,
-	"(undef)",
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	};
+COMP_METHOD *COMP_zlib(void);
+
+static COMP_METHOD zlib_method_nozlib = {
+    NID_undef,
+    "(undef)",
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+};
 
 #ifndef ZLIB
-#undef ZLIB_SHARED
+# undef ZLIB_SHARED
 #else
 
-#include <zlib.h>
+# include <zlib.h>
 
 static int zlib_stateful_init(COMP_CTX *ctx);
 static void zlib_stateful_finish(COMP_CTX *ctx);
 static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen);
+                                        unsigned int olen, unsigned char *in,
+                                        unsigned int ilen);
 static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen);
-
+                                      unsigned int olen, unsigned char *in,
+                                      unsigned int ilen);
 
 /* memory allocations functions for zlib intialization */
-static void* zlib_zalloc(void* opaque, unsigned int no, unsigned int size)
+static void *zlib_zalloc(void *opaque, unsigned int no, unsigned int size)
 {
-	void *p;
-	
-	p=OPENSSL_malloc(no*size);
-	if (p)
-		memset(p, 0, no*size);
-	return p;
-}
+    void *p;
 
+    p = OPENSSL_malloc(no * size);
+    if (p)
+        memset(p, 0, no * size);
+    return p;
+}
 
-static void zlib_zfree(void* opaque, void* address)
+static void zlib_zfree(void *opaque, void *address)
 {
-	OPENSSL_free(address);
+    OPENSSL_free(address);
 }
 
-#if 0
+# if 0
 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen);
+                               unsigned int olen, unsigned char *in,
+                               unsigned int ilen);
 static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen);
-
-static int zz_uncompress(Bytef *dest, uLongf *destLen, const Bytef *source,
-	uLong sourceLen);
-
-static COMP_METHOD zlib_stateless_method={
-	NID_zlib_compression,
-	LN_zlib_compression,
-	NULL,
-	NULL,
-	zlib_compress_block,
-	zlib_expand_block,
-	NULL,
-	NULL,
-	};
-#endif
-
-static COMP_METHOD zlib_stateful_method={
-	NID_zlib_compression,
-	LN_zlib_compression,
-	zlib_stateful_init,
-	zlib_stateful_finish,
-	zlib_stateful_compress_block,
-	zlib_stateful_expand_block,
-	NULL,
-	NULL,
-	};
-
-/* 
+                             unsigned int olen, unsigned char *in,
+                             unsigned int ilen);
+
+static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source,
+                         uLong sourceLen);
+
+static COMP_METHOD zlib_stateless_method = {
+    NID_zlib_compression,
+    LN_zlib_compression,
+    NULL,
+    NULL,
+    zlib_compress_block,
+    zlib_expand_block,
+    NULL,
+    NULL,
+};
+# endif
+
+static COMP_METHOD zlib_stateful_method = {
+    NID_zlib_compression,
+    LN_zlib_compression,
+    zlib_stateful_init,
+    zlib_stateful_finish,
+    zlib_stateful_compress_block,
+    zlib_stateful_expand_block,
+    NULL,
+    NULL,
+};
+
+/*
  * When OpenSSL is built on Windows, we do not want to require that
  * the ZLIB.DLL be available in order for the OpenSSL DLLs to
  * work.  Therefore, all ZLIB routines are loaded at run time
  * and we do not link to a .LIB file when ZLIB_SHARED is set.
  */
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-# include <windows.h>
-#endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+#  include <windows.h>
+# endif                         /* !(OPENSSL_SYS_WINDOWS ||
+                                 * OPENSSL_SYS_WIN32) */
 
-#ifdef ZLIB_SHARED
-#include <openssl/dso.h>
+# ifdef ZLIB_SHARED
+#  include <openssl/dso.h>
 
 /* Function pointers */
-typedef int (*compress_ft)(Bytef *dest,uLongf *destLen,
-	const Bytef *source, uLong sourceLen);
-typedef int (*inflateEnd_ft)(z_streamp strm);
-typedef int (*inflate_ft)(z_streamp strm, int flush);
-typedef int (*inflateInit__ft)(z_streamp strm,
-	const char * version, int stream_size);
-typedef int (*deflateEnd_ft)(z_streamp strm);
-typedef int (*deflate_ft)(z_streamp strm, int flush);
-typedef int (*deflateInit__ft)(z_streamp strm, int level,
-	const char * version, int stream_size);
-typedef const char * (*zError__ft)(int err);
-static compress_ft	p_compress=NULL;
-static inflateEnd_ft	p_inflateEnd=NULL;
-static inflate_ft	p_inflate=NULL;
-static inflateInit__ft	p_inflateInit_=NULL;
-static deflateEnd_ft	p_deflateEnd=NULL;
-static deflate_ft	p_deflate=NULL;
-static deflateInit__ft	p_deflateInit_=NULL;
-static zError__ft	p_zError=NULL;
+typedef int (*compress_ft) (Bytef *dest, uLongf * destLen,
+                            const Bytef *source, uLong sourceLen);
+typedef int (*inflateEnd_ft) (z_streamp strm);
+typedef int (*inflate_ft) (z_streamp strm, int flush);
+typedef int (*inflateInit__ft) (z_streamp strm,
+                                const char *version, int stream_size);
+typedef int (*deflateEnd_ft) (z_streamp strm);
+typedef int (*deflate_ft) (z_streamp strm, int flush);
+typedef int (*deflateInit__ft) (z_streamp strm, int level,
+                                const char *version, int stream_size);
+typedef const char *(*zError__ft) (int err);
+static compress_ft p_compress = NULL;
+static inflateEnd_ft p_inflateEnd = NULL;
+static inflate_ft p_inflate = NULL;
+static inflateInit__ft p_inflateInit_ = NULL;
+static deflateEnd_ft p_deflateEnd = NULL;
+static deflate_ft p_deflate = NULL;
+static deflateInit__ft p_deflateInit_ = NULL;
+static zError__ft p_zError = NULL;
 
 static int zlib_loaded = 0;     /* only attempt to init func pts once */
 static DSO *zlib_dso = NULL;
 
-#define compress                p_compress
-#define inflateEnd              p_inflateEnd
-#define inflate                 p_inflate
-#define inflateInit_            p_inflateInit_
-#define deflateEnd              p_deflateEnd
-#define deflate                 p_deflate
-#define deflateInit_            p_deflateInit_
-#define zError			p_zError
-#endif /* ZLIB_SHARED */
-
-struct zlib_state
-	{
-	z_stream istream;
-	z_stream ostream;
-	};
+#  define compress                p_compress
+#  define inflateEnd              p_inflateEnd
+#  define inflate                 p_inflate
+#  define inflateInit_            p_inflateInit_
+#  define deflateEnd              p_deflateEnd
+#  define deflate                 p_deflate
+#  define deflateInit_            p_deflateInit_
+#  define zError                  p_zError
+# endif                         /* ZLIB_SHARED */
+
+struct zlib_state {
+    z_stream istream;
+    z_stream ostream;
+};
 
 static int zlib_stateful_ex_idx = -1;
 
 static int zlib_stateful_init(COMP_CTX *ctx)
-	{
-	int err;
-	struct zlib_state *state =
-		(struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state));
-
-	if (state == NULL)
-		goto err;
-
-	state->istream.zalloc = zlib_zalloc;
-	state->istream.zfree = zlib_zfree;
-	state->istream.opaque = Z_NULL;
-	state->istream.next_in = Z_NULL;
-	state->istream.next_out = Z_NULL;
-	state->istream.avail_in = 0;
-	state->istream.avail_out = 0;
-	err = inflateInit_(&state->istream,
-		ZLIB_VERSION, sizeof(z_stream));
-	if (err != Z_OK)
-		goto err;
-
-	state->ostream.zalloc = zlib_zalloc;
-	state->ostream.zfree = zlib_zfree;
-	state->ostream.opaque = Z_NULL;
-	state->ostream.next_in = Z_NULL;
-	state->ostream.next_out = Z_NULL;
-	state->ostream.avail_in = 0;
-	state->ostream.avail_out = 0;
-	err = deflateInit_(&state->ostream,Z_DEFAULT_COMPRESSION,
-		ZLIB_VERSION, sizeof(z_stream));
-	if (err != Z_OK)
-		goto err;
-
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
-	CRYPTO_set_ex_data(&ctx->ex_data,zlib_stateful_ex_idx,state);
-	return 1;
+{
+    int err;
+    struct zlib_state *state =
+        (struct zlib_state *)OPENSSL_malloc(sizeof(struct zlib_state));
+
+    if (state == NULL)
+        goto err;
+
+    state->istream.zalloc = zlib_zalloc;
+    state->istream.zfree = zlib_zfree;
+    state->istream.opaque = Z_NULL;
+    state->istream.next_in = Z_NULL;
+    state->istream.next_out = Z_NULL;
+    state->istream.avail_in = 0;
+    state->istream.avail_out = 0;
+    err = inflateInit_(&state->istream, ZLIB_VERSION, sizeof(z_stream));
+    if (err != Z_OK)
+        goto err;
+
+    state->ostream.zalloc = zlib_zalloc;
+    state->ostream.zfree = zlib_zfree;
+    state->ostream.opaque = Z_NULL;
+    state->ostream.next_in = Z_NULL;
+    state->ostream.next_out = Z_NULL;
+    state->ostream.avail_in = 0;
+    state->ostream.avail_out = 0;
+    err = deflateInit_(&state->ostream, Z_DEFAULT_COMPRESSION,
+                       ZLIB_VERSION, sizeof(z_stream));
+    if (err != Z_OK)
+        goto err;
+
+    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data);
+    CRYPTO_set_ex_data(&ctx->ex_data, zlib_stateful_ex_idx, state);
+    return 1;
  err:
-	if (state) OPENSSL_free(state);
-	return 0;
-	}
+    if (state)
+        OPENSSL_free(state);
+    return 0;
+}
 
 static void zlib_stateful_finish(COMP_CTX *ctx)
-	{
-	struct zlib_state *state =
-		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
-			zlib_stateful_ex_idx);
-	inflateEnd(&state->istream);
-	deflateEnd(&state->ostream);
-	OPENSSL_free(state);
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP,ctx,&ctx->ex_data);
-	}
+{
+    struct zlib_state *state =
+        (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
+                                                zlib_stateful_ex_idx);
+    inflateEnd(&state->istream);
+    deflateEnd(&state->ostream);
+    OPENSSL_free(state);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_COMP, ctx, &ctx->ex_data);
+}
 
 static int zlib_stateful_compress_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen)
-	{
-	int err = Z_OK;
-	struct zlib_state *state =
-		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
-			zlib_stateful_ex_idx);
-
-	if (state == NULL)
-		return -1;
-
-	state->ostream.next_in = in;
-	state->ostream.avail_in = ilen;
-	state->ostream.next_out = out;
-	state->ostream.avail_out = olen;
-	if (ilen > 0)
-		err = deflate(&state->ostream, Z_SYNC_FLUSH);
-	if (err != Z_OK)
-		return -1;
-#ifdef DEBUG_ZLIB
-	fprintf(stderr,"compress(%4d)->%4d %s\n",
-		ilen,olen - state->ostream.avail_out,
-		(ilen != olen - state->ostream.avail_out)?"zlib":"clear");
-#endif
-	return olen - state->ostream.avail_out;
-	}
+                                        unsigned int olen, unsigned char *in,
+                                        unsigned int ilen)
+{
+    int err = Z_OK;
+    struct zlib_state *state =
+        (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
+                                                zlib_stateful_ex_idx);
+
+    if (state == NULL)
+        return -1;
+
+    state->ostream.next_in = in;
+    state->ostream.avail_in = ilen;
+    state->ostream.next_out = out;
+    state->ostream.avail_out = olen;
+    if (ilen > 0)
+        err = deflate(&state->ostream, Z_SYNC_FLUSH);
+    if (err != Z_OK)
+        return -1;
+# ifdef DEBUG_ZLIB
+    fprintf(stderr, "compress(%4d)->%4d %s\n",
+            ilen, olen - state->ostream.avail_out,
+            (ilen != olen - state->ostream.avail_out) ? "zlib" : "clear");
+# endif
+    return olen - state->ostream.avail_out;
+}
 
 static int zlib_stateful_expand_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen)
-	{
-	int err = Z_OK;
-
-	struct zlib_state *state =
-		(struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
-			zlib_stateful_ex_idx);
-
-	if (state == NULL)
-		return 0;
-
-	state->istream.next_in = in;
-	state->istream.avail_in = ilen;
-	state->istream.next_out = out;
-	state->istream.avail_out = olen;
-	if (ilen > 0)
-		err = inflate(&state->istream, Z_SYNC_FLUSH);
-	if (err != Z_OK)
-		return -1;
-#ifdef DEBUG_ZLIB
-	fprintf(stderr,"expand(%4d)->%4d %s\n",
-		ilen,olen - state->istream.avail_out,
-		(ilen != olen - state->istream.avail_out)?"zlib":"clear");
-#endif
-	return olen - state->istream.avail_out;
-	}
+                                      unsigned int olen, unsigned char *in,
+                                      unsigned int ilen)
+{
+    int err = Z_OK;
+
+    struct zlib_state *state =
+        (struct zlib_state *)CRYPTO_get_ex_data(&ctx->ex_data,
+                                                zlib_stateful_ex_idx);
+
+    if (state == NULL)
+        return 0;
+
+    state->istream.next_in = in;
+    state->istream.avail_in = ilen;
+    state->istream.next_out = out;
+    state->istream.avail_out = olen;
+    if (ilen > 0)
+        err = inflate(&state->istream, Z_SYNC_FLUSH);
+    if (err != Z_OK)
+        return -1;
+# ifdef DEBUG_ZLIB
+    fprintf(stderr, "expand(%4d)->%4d %s\n",
+            ilen, olen - state->istream.avail_out,
+            (ilen != olen - state->istream.avail_out) ? "zlib" : "clear");
+# endif
+    return olen - state->istream.avail_out;
+}
 
-#if 0
+# if 0
 static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen)
-	{
-	unsigned long l;
-	int i;
-	int clear=1;
-
-	if (ilen > 128)
-		{
-		out[0]=1;
-		l=olen-1;
-		i=compress(&(out[1]),&l,in,(unsigned long)ilen);
-		if (i != Z_OK)
-			return(-1);
-		if (ilen > l)
-			{
-			clear=0;
-			l++;
-			}
-		}
-	if (clear)
-		{
-		out[0]=0;
-		memcpy(&(out[1]),in,ilen);
-		l=ilen+1;
-		}
-#ifdef DEBUG_ZLIB
-	fprintf(stderr,"compress(%4d)->%4d %s\n",
-		ilen,(int)l,(clear)?"clear":"zlib");
-#endif
-	return((int)l);
-	}
+                               unsigned int olen, unsigned char *in,
+                               unsigned int ilen)
+{
+    unsigned long l;
+    int i;
+    int clear = 1;
+
+    if (ilen > 128) {
+        out[0] = 1;
+        l = olen - 1;
+        i = compress(&(out[1]), &l, in, (unsigned long)ilen);
+        if (i != Z_OK)
+            return (-1);
+        if (ilen > l) {
+            clear = 0;
+            l++;
+        }
+    }
+    if (clear) {
+        out[0] = 0;
+        memcpy(&(out[1]), in, ilen);
+        l = ilen + 1;
+    }
+#  ifdef DEBUG_ZLIB
+    fprintf(stderr, "compress(%4d)->%4d %s\n",
+            ilen, (int)l, (clear) ? "clear" : "zlib");
+#  endif
+    return ((int)l);
+}
 
 static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out,
-	unsigned int olen, unsigned char *in, unsigned int ilen)
-	{
-	unsigned long l;
-	int i;
-
-	if (in[0])
-		{
-		l=olen;
-		i=zz_uncompress(out,&l,&(in[1]),(unsigned long)ilen-1);
-		if (i != Z_OK)
-			return(-1);
-		}
-	else
-		{
-		memcpy(out,&(in[1]),ilen-1);
-		l=ilen-1;
-		}
-#ifdef DEBUG_ZLIB
-        fprintf(stderr,"expand  (%4d)->%4d %s\n",
-		ilen,(int)l,in[0]?"zlib":"clear");
-#endif
-	return((int)l);
-	}
+                             unsigned int olen, unsigned char *in,
+                             unsigned int ilen)
+{
+    unsigned long l;
+    int i;
+
+    if (in[0]) {
+        l = olen;
+        i = zz_uncompress(out, &l, &(in[1]), (unsigned long)ilen - 1);
+        if (i != Z_OK)
+            return (-1);
+    } else {
+        memcpy(out, &(in[1]), ilen - 1);
+        l = ilen - 1;
+    }
+#  ifdef DEBUG_ZLIB
+    fprintf(stderr, "expand  (%4d)->%4d %s\n",
+            ilen, (int)l, in[0] ? "zlib" : "clear");
+#  endif
+    return ((int)l);
+}
 
-static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source,
-	     uLong sourceLen)
+static int zz_uncompress(Bytef *dest, uLongf * destLen, const Bytef *source,
+                         uLong sourceLen)
 {
     z_stream stream;
     int err;
 
-    stream.next_in = (Bytef*)source;
-    stream.avail_in = (uInt)sourceLen;
+    stream.next_in = (Bytef *)source;
+    stream.avail_in = (uInt) sourceLen;
     /* Check for source > 64K on 16-bit machine: */
-    if ((uLong)stream.avail_in != sourceLen) return Z_BUF_ERROR;
+    if ((uLong) stream.avail_in != sourceLen)
+        return Z_BUF_ERROR;
 
     stream.next_out = dest;
-    stream.avail_out = (uInt)*destLen;
-    if ((uLong)stream.avail_out != *destLen) return Z_BUF_ERROR;
+    stream.avail_out = (uInt) * destLen;
+    if ((uLong) stream.avail_out != *destLen)
+        return Z_BUF_ERROR;
 
-    stream.zalloc = (alloc_func)0;
-    stream.zfree = (free_func)0;
+    stream.zalloc = (alloc_func) 0;
+    stream.zfree = (free_func) 0;
 
-    err = inflateInit_(&stream,
-	    ZLIB_VERSION, sizeof(z_stream));
-    if (err != Z_OK) return err;
+    err = inflateInit_(&stream, ZLIB_VERSION, sizeof(z_stream));
+    if (err != Z_OK)
+        return err;
 
     err = inflate(&stream, Z_FINISH);
     if (err != Z_STREAM_END) {
@@ -334,112 +336,97 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source,
     err = inflateEnd(&stream);
     return err;
 }
-#endif
+# endif
 
 #endif
 
 COMP_METHOD *COMP_zlib(void)
-	{
-	COMP_METHOD *meth = &zlib_method_nozlib;
+{
+    COMP_METHOD *meth = &zlib_method_nozlib;
 
 #ifdef ZLIB_SHARED
-	if (!zlib_loaded)
-		{
-#if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-		zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
-#else
-		zlib_dso = DSO_load(NULL, "z", NULL, 0);
-#endif
-		if (zlib_dso != NULL)
-			{
-			p_compress
-				= (compress_ft) DSO_bind_func(zlib_dso,
-					"compress");
-			p_inflateEnd
-				= (inflateEnd_ft) DSO_bind_func(zlib_dso,
-					"inflateEnd");
-			p_inflate
-				= (inflate_ft) DSO_bind_func(zlib_dso,
-					"inflate");
-			p_inflateInit_
-				= (inflateInit__ft) DSO_bind_func(zlib_dso,
-					"inflateInit_");
-			p_deflateEnd
-				= (deflateEnd_ft) DSO_bind_func(zlib_dso,
-					"deflateEnd");
-			p_deflate
-				= (deflate_ft) DSO_bind_func(zlib_dso,
-					"deflate");
-			p_deflateInit_
-				= (deflateInit__ft) DSO_bind_func(zlib_dso,
-					"deflateInit_");
-			p_zError
-				= (zError__ft) DSO_bind_func(zlib_dso,
-					"zError");
-
-			if (p_compress && p_inflateEnd && p_inflate
-				&& p_inflateInit_ && p_deflateEnd
-				&& p_deflate && p_deflateInit_ && p_zError)
-				zlib_loaded++;
-			}
-		}
-
+    if (!zlib_loaded) {
+# if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
+        zlib_dso = DSO_load(NULL, "ZLIB1", NULL, 0);
+# else
+        zlib_dso = DSO_load(NULL, "z", NULL, 0);
+# endif
+        if (zlib_dso != NULL) {
+            p_compress = (compress_ft) DSO_bind_func(zlib_dso, "compress");
+            p_inflateEnd
+                = (inflateEnd_ft) DSO_bind_func(zlib_dso, "inflateEnd");
+            p_inflate = (inflate_ft) DSO_bind_func(zlib_dso, "inflate");
+            p_inflateInit_
+                = (inflateInit__ft) DSO_bind_func(zlib_dso, "inflateInit_");
+            p_deflateEnd
+                = (deflateEnd_ft) DSO_bind_func(zlib_dso, "deflateEnd");
+            p_deflate = (deflate_ft) DSO_bind_func(zlib_dso, "deflate");
+            p_deflateInit_
+                = (deflateInit__ft) DSO_bind_func(zlib_dso, "deflateInit_");
+            p_zError = (zError__ft) DSO_bind_func(zlib_dso, "zError");
+
+            if (p_compress && p_inflateEnd && p_inflate
+                && p_inflateInit_ && p_deflateEnd
+                && p_deflate && p_deflateInit_ && p_zError)
+                zlib_loaded++;
+        }
+    }
 #endif
 #ifdef ZLIB_SHARED
-	if (zlib_loaded)
+    if (zlib_loaded)
 #endif
 #if defined(ZLIB) || defined(ZLIB_SHARED)
-		{
-		/* init zlib_stateful_ex_idx here so that in a multi-process
-		 * application it's enough to intialize openssl before forking
-		 * (idx will be inherited in all the children) */
-		if (zlib_stateful_ex_idx == -1)
-			{
-			CRYPTO_w_lock(CRYPTO_LOCK_COMP);
-			if (zlib_stateful_ex_idx == -1)
-				zlib_stateful_ex_idx =
-					CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
-						0,NULL,NULL,NULL,NULL);
-			CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
-			if (zlib_stateful_ex_idx == -1)
-				goto err;
-			}
-		
-		meth = &zlib_stateful_method;
-		}
-err:	
+    {
+        /*
+         * init zlib_stateful_ex_idx here so that in a multi-process
+         * application it's enough to intialize openssl before forking (idx
+         * will be inherited in all the children)
+         */
+        if (zlib_stateful_ex_idx == -1) {
+            CRYPTO_w_lock(CRYPTO_LOCK_COMP);
+            if (zlib_stateful_ex_idx == -1)
+                zlib_stateful_ex_idx =
+                    CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_COMP,
+                                            0, NULL, NULL, NULL, NULL);
+            CRYPTO_w_unlock(CRYPTO_LOCK_COMP);
+            if (zlib_stateful_ex_idx == -1)
+                goto err;
+        }
+
+        meth = &zlib_stateful_method;
+    }
+ err:
 #endif
 
-	return(meth);
-	}
+    return (meth);
+}
 
 void COMP_zlib_cleanup(void)
-	{
+{
 #ifdef ZLIB_SHARED
-	if (zlib_dso)
-		DSO_free(zlib_dso);
+    if (zlib_dso)
+        DSO_free(zlib_dso);
 #endif
-	}
+}
 
 #ifdef ZLIB
 
 /* Zlib based compression/decompression filter BIO */
 
-typedef struct
-	{
-	unsigned char *ibuf;	/* Input buffer */
-	int ibufsize;		/* Buffer size */
-	z_stream zin;		/* Input decompress context */
-	unsigned char *obuf;	/* Output buffer */
-	int obufsize;		/* Output buffer size */
-	unsigned char *optr;	/* Position in output buffer */
-	int ocount;		/* Amount of data in output buffer */
-	int odone;		/* deflate EOF */
-	int comp_level;		/* Compression level to use */
-	z_stream zout;		/* Output compression context */
-	} BIO_ZLIB_CTX;
-
-#define ZLIB_DEFAULT_BUFSIZE 1024
+typedef struct {
+    unsigned char *ibuf;        /* Input buffer */
+    int ibufsize;               /* Buffer size */
+    z_stream zin;               /* Input decompress context */
+    unsigned char *obuf;        /* Output buffer */
+    int obufsize;               /* Output buffer size */
+    unsigned char *optr;        /* Position in output buffer */
+    int ocount;                 /* Amount of data in output buffer */
+    int odone;                  /* deflate EOF */
+    int comp_level;             /* Compression level to use */
+    z_stream zout;              /* Output compression context */
+} BIO_ZLIB_CTX;
+
+# define ZLIB_DEFAULT_BUFSIZE 1024
 
 static int bio_zlib_new(BIO *bi);
 static int bio_zlib_free(BIO *bi);
@@ -448,351 +435,327 @@ static int bio_zlib_write(BIO *b, const char *in, int inl);
 static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr);
 static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp);
 
-static BIO_METHOD bio_meth_zlib = 
-	{
-	BIO_TYPE_COMP,
-	"zlib",
-	bio_zlib_write,
-	bio_zlib_read,
-	NULL,
-	NULL,
-	bio_zlib_ctrl,
-	bio_zlib_new,
-	bio_zlib_free,
-	bio_zlib_callback_ctrl
-	};
+static BIO_METHOD bio_meth_zlib = {
+    BIO_TYPE_COMP,
+    "zlib",
+    bio_zlib_write,
+    bio_zlib_read,
+    NULL,
+    NULL,
+    bio_zlib_ctrl,
+    bio_zlib_new,
+    bio_zlib_free,
+    bio_zlib_callback_ctrl
+};
 
 BIO_METHOD *BIO_f_zlib(void)
-	{
-	return &bio_meth_zlib;
-	}
-
+{
+    return &bio_meth_zlib;
+}
 
 static int bio_zlib_new(BIO *bi)
-	{
-	BIO_ZLIB_CTX *ctx;
-#ifdef ZLIB_SHARED
-	(void)COMP_zlib();
-	if (!zlib_loaded)
-		{
-		COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED);
-		return 0;
-		}
-#endif
-	ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX));
-	if(!ctx)
-		{
-		COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	ctx->ibuf = NULL;
-	ctx->obuf = NULL;
-	ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE;
-	ctx->obufsize = ZLIB_DEFAULT_BUFSIZE;
-	ctx->zin.zalloc = Z_NULL;
-	ctx->zin.zfree = Z_NULL;
-	ctx->zin.next_in = NULL;
-	ctx->zin.avail_in = 0;
-	ctx->zin.next_out = NULL;
-	ctx->zin.avail_out = 0;
-	ctx->zout.zalloc = Z_NULL;
-	ctx->zout.zfree = Z_NULL;
-	ctx->zout.next_in = NULL;
-	ctx->zout.avail_in = 0;
-	ctx->zout.next_out = NULL;
-	ctx->zout.avail_out = 0;
-	ctx->odone = 0;
-	ctx->comp_level = Z_DEFAULT_COMPRESSION;
-	bi->init = 1;
-	bi->ptr = (char *)ctx;
-	bi->flags = 0;
-	return 1;
-	}
+{
+    BIO_ZLIB_CTX *ctx;
+# ifdef ZLIB_SHARED
+    (void)COMP_zlib();
+    if (!zlib_loaded) {
+        COMPerr(COMP_F_BIO_ZLIB_NEW, COMP_R_ZLIB_NOT_SUPPORTED);
+        return 0;
+    }
+# endif
+    ctx = OPENSSL_malloc(sizeof(BIO_ZLIB_CTX));
+    if (!ctx) {
+        COMPerr(COMP_F_BIO_ZLIB_NEW, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ctx->ibuf = NULL;
+    ctx->obuf = NULL;
+    ctx->ibufsize = ZLIB_DEFAULT_BUFSIZE;
+    ctx->obufsize = ZLIB_DEFAULT_BUFSIZE;
+    ctx->zin.zalloc = Z_NULL;
+    ctx->zin.zfree = Z_NULL;
+    ctx->zin.next_in = NULL;
+    ctx->zin.avail_in = 0;
+    ctx->zin.next_out = NULL;
+    ctx->zin.avail_out = 0;
+    ctx->zout.zalloc = Z_NULL;
+    ctx->zout.zfree = Z_NULL;
+    ctx->zout.next_in = NULL;
+    ctx->zout.avail_in = 0;
+    ctx->zout.next_out = NULL;
+    ctx->zout.avail_out = 0;
+    ctx->odone = 0;
+    ctx->comp_level = Z_DEFAULT_COMPRESSION;
+    bi->init = 1;
+    bi->ptr = (char *)ctx;
+    bi->flags = 0;
+    return 1;
+}
 
 static int bio_zlib_free(BIO *bi)
-	{
-	BIO_ZLIB_CTX *ctx;
-	if(!bi) return 0;
-	ctx = (BIO_ZLIB_CTX *)bi->ptr;
-	if(ctx->ibuf)
-		{
-		/* Destroy decompress context */
-		inflateEnd(&ctx->zin);
-		OPENSSL_free(ctx->ibuf);
-		}
-	if(ctx->obuf)
-		{
-		/* Destroy compress context */
-		deflateEnd(&ctx->zout);
-		OPENSSL_free(ctx->obuf);
-		}
-	OPENSSL_free(ctx);
-	bi->ptr = NULL;
-	bi->init = 0;
-	bi->flags = 0;
-	return 1;
-	}
+{
+    BIO_ZLIB_CTX *ctx;
+    if (!bi)
+        return 0;
+    ctx = (BIO_ZLIB_CTX *) bi->ptr;
+    if (ctx->ibuf) {
+        /* Destroy decompress context */
+        inflateEnd(&ctx->zin);
+        OPENSSL_free(ctx->ibuf);
+    }
+    if (ctx->obuf) {
+        /* Destroy compress context */
+        deflateEnd(&ctx->zout);
+        OPENSSL_free(ctx->obuf);
+    }
+    OPENSSL_free(ctx);
+    bi->ptr = NULL;
+    bi->init = 0;
+    bi->flags = 0;
+    return 1;
+}
 
 static int bio_zlib_read(BIO *b, char *out, int outl)
-	{
-	BIO_ZLIB_CTX *ctx;
-	int ret;
-	z_stream *zin;
-	if(!out || !outl) return 0;
-	ctx = (BIO_ZLIB_CTX *)b->ptr;
-	zin = &ctx->zin;
-	BIO_clear_retry_flags(b);
-	if(!ctx->ibuf)
-		{
-		ctx->ibuf = OPENSSL_malloc(ctx->ibufsize);
-		if(!ctx->ibuf)
-			{
-			COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		inflateInit(zin);
-		zin->next_in = ctx->ibuf;
-		zin->avail_in = 0;
-		}
-
-	/* Copy output data directly to supplied buffer */
-	zin->next_out = (unsigned char *)out;
-	zin->avail_out = (unsigned int)outl;
-	for(;;)
-		{
-		/* Decompress while data available */
-		while(zin->avail_in)
-			{
-			ret = inflate(zin, 0);
-			if((ret != Z_OK) && (ret != Z_STREAM_END))
-				{
-				COMPerr(COMP_F_BIO_ZLIB_READ,
-						COMP_R_ZLIB_INFLATE_ERROR);
-				ERR_add_error_data(2, "zlib error:",
-							zError(ret));
-				return 0;
-				}
-			/* If EOF or we've read everything then return */
-			if((ret == Z_STREAM_END) || !zin->avail_out)
-				return outl - zin->avail_out;
-			}
-
-		/* No data in input buffer try to read some in,
-		 * if an error then return the total data read.
-		 */
-		ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize);
-		if(ret <= 0)
-			{
-			/* Total data read */
-			int tot = outl - zin->avail_out;
-			BIO_copy_next_retry(b);
-			if(ret < 0) return (tot > 0) ? tot : ret;
-			return tot;
-			}
-		zin->avail_in = ret;
-		zin->next_in = ctx->ibuf;
-		}
-	}
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret;
+    z_stream *zin;
+    if (!out || !outl)
+        return 0;
+    ctx = (BIO_ZLIB_CTX *) b->ptr;
+    zin = &ctx->zin;
+    BIO_clear_retry_flags(b);
+    if (!ctx->ibuf) {
+        ctx->ibuf = OPENSSL_malloc(ctx->ibufsize);
+        if (!ctx->ibuf) {
+            COMPerr(COMP_F_BIO_ZLIB_READ, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        inflateInit(zin);
+        zin->next_in = ctx->ibuf;
+        zin->avail_in = 0;
+    }
+
+    /* Copy output data directly to supplied buffer */
+    zin->next_out = (unsigned char *)out;
+    zin->avail_out = (unsigned int)outl;
+    for (;;) {
+        /* Decompress while data available */
+        while (zin->avail_in) {
+            ret = inflate(zin, 0);
+            if ((ret != Z_OK) && (ret != Z_STREAM_END)) {
+                COMPerr(COMP_F_BIO_ZLIB_READ, COMP_R_ZLIB_INFLATE_ERROR);
+                ERR_add_error_data(2, "zlib error:", zError(ret));
+                return 0;
+            }
+            /* If EOF or we've read everything then return */
+            if ((ret == Z_STREAM_END) || !zin->avail_out)
+                return outl - zin->avail_out;
+        }
+
+        /*
+         * No data in input buffer try to read some in, if an error then
+         * return the total data read.
+         */
+        ret = BIO_read(b->next_bio, ctx->ibuf, ctx->ibufsize);
+        if (ret <= 0) {
+            /* Total data read */
+            int tot = outl - zin->avail_out;
+            BIO_copy_next_retry(b);
+            if (ret < 0)
+                return (tot > 0) ? tot : ret;
+            return tot;
+        }
+        zin->avail_in = ret;
+        zin->next_in = ctx->ibuf;
+    }
+}
 
 static int bio_zlib_write(BIO *b, const char *in, int inl)
-	{
-	BIO_ZLIB_CTX *ctx;
-	int ret;
-	z_stream *zout;
-	if(!in || !inl) return 0;
-	ctx = (BIO_ZLIB_CTX *)b->ptr;
-	if(ctx->odone) return 0;
-	zout = &ctx->zout;
-	BIO_clear_retry_flags(b);
-	if(!ctx->obuf)
-		{
-		ctx->obuf = OPENSSL_malloc(ctx->obufsize);
-		/* Need error here */
-		if(!ctx->obuf)
-			{
-			COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		ctx->optr = ctx->obuf;
-		ctx->ocount = 0;
-		deflateInit(zout, ctx->comp_level);
-		zout->next_out = ctx->obuf;
-		zout->avail_out = ctx->obufsize;
-		}
-	/* Obtain input data directly from supplied buffer */
-	zout->next_in = (void *)in;
-	zout->avail_in = inl;
-	for(;;)
-		{
-		/* If data in output buffer write it first */
-		while(ctx->ocount) {
-			ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
-			if(ret <= 0)
-				{
-				/* Total data written */
-				int tot = inl - zout->avail_in;
-				BIO_copy_next_retry(b);
-				if(ret < 0) return (tot > 0) ? tot : ret;
-				return tot;
-				}
-			ctx->optr += ret;
-			ctx->ocount -= ret;
-		}
-
-		/* Have we consumed all supplied data? */
-		if(!zout->avail_in)
-			return inl;
-
-		/* Compress some more */
-
-		/* Reset buffer */
-		ctx->optr = ctx->obuf;
-		zout->next_out = ctx->obuf;
-		zout->avail_out = ctx->obufsize;
-		/* Compress some more */
-		ret = deflate(zout, 0);
-		if(ret != Z_OK)
-			{
-			COMPerr(COMP_F_BIO_ZLIB_WRITE,
-						COMP_R_ZLIB_DEFLATE_ERROR);
-			ERR_add_error_data(2, "zlib error:", zError(ret));
-			return 0;
-			}
-		ctx->ocount = ctx->obufsize - zout->avail_out;
-		}
-	}
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret;
+    z_stream *zout;
+    if (!in || !inl)
+        return 0;
+    ctx = (BIO_ZLIB_CTX *) b->ptr;
+    if (ctx->odone)
+        return 0;
+    zout = &ctx->zout;
+    BIO_clear_retry_flags(b);
+    if (!ctx->obuf) {
+        ctx->obuf = OPENSSL_malloc(ctx->obufsize);
+        /* Need error here */
+        if (!ctx->obuf) {
+            COMPerr(COMP_F_BIO_ZLIB_WRITE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        ctx->optr = ctx->obuf;
+        ctx->ocount = 0;
+        deflateInit(zout, ctx->comp_level);
+        zout->next_out = ctx->obuf;
+        zout->avail_out = ctx->obufsize;
+    }
+    /* Obtain input data directly from supplied buffer */
+    zout->next_in = (void *)in;
+    zout->avail_in = inl;
+    for (;;) {
+        /* If data in output buffer write it first */
+        while (ctx->ocount) {
+            ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
+            if (ret <= 0) {
+                /* Total data written */
+                int tot = inl - zout->avail_in;
+                BIO_copy_next_retry(b);
+                if (ret < 0)
+                    return (tot > 0) ? tot : ret;
+                return tot;
+            }
+            ctx->optr += ret;
+            ctx->ocount -= ret;
+        }
+
+        /* Have we consumed all supplied data? */
+        if (!zout->avail_in)
+            return inl;
+
+        /* Compress some more */
+
+        /* Reset buffer */
+        ctx->optr = ctx->obuf;
+        zout->next_out = ctx->obuf;
+        zout->avail_out = ctx->obufsize;
+        /* Compress some more */
+        ret = deflate(zout, 0);
+        if (ret != Z_OK) {
+            COMPerr(COMP_F_BIO_ZLIB_WRITE, COMP_R_ZLIB_DEFLATE_ERROR);
+            ERR_add_error_data(2, "zlib error:", zError(ret));
+            return 0;
+        }
+        ctx->ocount = ctx->obufsize - zout->avail_out;
+    }
+}
 
 static int bio_zlib_flush(BIO *b)
-	{
-	BIO_ZLIB_CTX *ctx;
-	int ret;
-	z_stream *zout;
-	ctx = (BIO_ZLIB_CTX *)b->ptr;
-	/* If no data written or already flush show success */
-	if(!ctx->obuf || (ctx->odone && !ctx->ocount)) return 1;
-	zout = &ctx->zout;
-	BIO_clear_retry_flags(b);
-	/* No more input data */
-	zout->next_in = NULL;
-	zout->avail_in = 0;
-	for(;;)
-		{
-		/* If data in output buffer write it first */
-		while(ctx->ocount)
-			{
-			ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
-			if(ret <= 0)
-				{
-				BIO_copy_next_retry(b);
-				return ret;
-				}
-			ctx->optr += ret;
-			ctx->ocount -= ret;
-			}
-		if(ctx->odone) return 1;
-
-		/* Compress some more */
-
-		/* Reset buffer */
-		ctx->optr = ctx->obuf;
-		zout->next_out = ctx->obuf;
-		zout->avail_out = ctx->obufsize;
-		/* Compress some more */
-		ret = deflate(zout, Z_FINISH);
-		if(ret == Z_STREAM_END) ctx->odone = 1;
-		else if(ret != Z_OK)
-			{
-			COMPerr(COMP_F_BIO_ZLIB_FLUSH,
-						COMP_R_ZLIB_DEFLATE_ERROR);
-			ERR_add_error_data(2, "zlib error:", zError(ret));
-			return 0;
-			}
-		ctx->ocount = ctx->obufsize - zout->avail_out;
-		}
-	}
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret;
+    z_stream *zout;
+    ctx = (BIO_ZLIB_CTX *) b->ptr;
+    /* If no data written or already flush show success */
+    if (!ctx->obuf || (ctx->odone && !ctx->ocount))
+        return 1;
+    zout = &ctx->zout;
+    BIO_clear_retry_flags(b);
+    /* No more input data */
+    zout->next_in = NULL;
+    zout->avail_in = 0;
+    for (;;) {
+        /* If data in output buffer write it first */
+        while (ctx->ocount) {
+            ret = BIO_write(b->next_bio, ctx->optr, ctx->ocount);
+            if (ret <= 0) {
+                BIO_copy_next_retry(b);
+                return ret;
+            }
+            ctx->optr += ret;
+            ctx->ocount -= ret;
+        }
+        if (ctx->odone)
+            return 1;
+
+        /* Compress some more */
+
+        /* Reset buffer */
+        ctx->optr = ctx->obuf;
+        zout->next_out = ctx->obuf;
+        zout->avail_out = ctx->obufsize;
+        /* Compress some more */
+        ret = deflate(zout, Z_FINISH);
+        if (ret == Z_STREAM_END)
+            ctx->odone = 1;
+        else if (ret != Z_OK) {
+            COMPerr(COMP_F_BIO_ZLIB_FLUSH, COMP_R_ZLIB_DEFLATE_ERROR);
+            ERR_add_error_data(2, "zlib error:", zError(ret));
+            return 0;
+        }
+        ctx->ocount = ctx->obufsize - zout->avail_out;
+    }
+}
 
 static long bio_zlib_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	BIO_ZLIB_CTX *ctx;
-	int ret, *ip;
-	int ibs, obs;
-	if(!b->next_bio) return 0;
-	ctx = (BIO_ZLIB_CTX *)b->ptr;
-	switch (cmd)
-		{
-
-	case BIO_CTRL_RESET:
-		ctx->ocount = 0;
-		ctx->odone = 0;
-		ret = 1;
-		break;
-
-	case BIO_CTRL_FLUSH:
-		ret = bio_zlib_flush(b);
-		if (ret > 0)
-			ret = BIO_flush(b->next_bio);
-		break;
-
-	case BIO_C_SET_BUFF_SIZE:
-		ibs = -1;
-		obs = -1;
-		if (ptr != NULL)
-			{
-			ip = ptr;
-			if (*ip == 0)
-				ibs = (int) num;
-			else 
-				obs = (int) num;
-			}
-		else
-			{
-			ibs = (int)num;
-			obs = ibs;
-			}
-
-		if (ibs != -1)
-			{
-			if (ctx->ibuf)
-				{
-				OPENSSL_free(ctx->ibuf);
-				ctx->ibuf = NULL;
-				}
-			ctx->ibufsize = ibs;
-			}
-
-		if (obs != -1)
-			{
-			if (ctx->obuf)
-				{
-				OPENSSL_free(ctx->obuf);
-				ctx->obuf = NULL;
-				}
-			ctx->obufsize = obs;
-			}
-		ret = 1;
-		break;
-
-	case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-		ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-		BIO_copy_next_retry(b);
-		break;
-
-	default:
-		ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-		break;
-		}
-
-	return ret;
-	}
+{
+    BIO_ZLIB_CTX *ctx;
+    int ret, *ip;
+    int ibs, obs;
+    if (!b->next_bio)
+        return 0;
+    ctx = (BIO_ZLIB_CTX *) b->ptr;
+    switch (cmd) {
+
+    case BIO_CTRL_RESET:
+        ctx->ocount = 0;
+        ctx->odone = 0;
+        ret = 1;
+        break;
+
+    case BIO_CTRL_FLUSH:
+        ret = bio_zlib_flush(b);
+        if (ret > 0)
+            ret = BIO_flush(b->next_bio);
+        break;
+
+    case BIO_C_SET_BUFF_SIZE:
+        ibs = -1;
+        obs = -1;
+        if (ptr != NULL) {
+            ip = ptr;
+            if (*ip == 0)
+                ibs = (int)num;
+            else
+                obs = (int)num;
+        } else {
+            ibs = (int)num;
+            obs = ibs;
+        }
+
+        if (ibs != -1) {
+            if (ctx->ibuf) {
+                OPENSSL_free(ctx->ibuf);
+                ctx->ibuf = NULL;
+            }
+            ctx->ibufsize = ibs;
+        }
+
+        if (obs != -1) {
+            if (ctx->obuf) {
+                OPENSSL_free(ctx->obuf);
+                ctx->obuf = NULL;
+            }
+            ctx->obufsize = obs;
+        }
+        ret = 1;
+        break;
+
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
 
+    return ret;
+}
 
 static long bio_zlib_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	if(!b->next_bio)
-		return 0;
-	return
-		BIO_callback_ctrl(b->next_bio, cmd, fp);
-	}
+{
+    if (!b->next_bio)
+        return 0;
+    return BIO_callback_ctrl(b->next_bio, cmd, fp);
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_err.c b/Cryptlib/OpenSSL/crypto/comp/comp_err.c
index 187d68b7..edc88192 100644
--- a/Cryptlib/OpenSSL/crypto/comp/comp_err.c
+++ b/Cryptlib/OpenSSL/crypto/comp/comp_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,36 +66,33 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_COMP,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_COMP,0,reason)
 
-static ERR_STRING_DATA COMP_str_functs[]=
-	{
-{ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH),	"BIO_ZLIB_FLUSH"},
-{ERR_FUNC(COMP_F_BIO_ZLIB_NEW),	"BIO_ZLIB_NEW"},
-{ERR_FUNC(COMP_F_BIO_ZLIB_READ),	"BIO_ZLIB_READ"},
-{ERR_FUNC(COMP_F_BIO_ZLIB_WRITE),	"BIO_ZLIB_WRITE"},
-{0,NULL}
-	};
+static ERR_STRING_DATA COMP_str_functs[] = {
+    {ERR_FUNC(COMP_F_BIO_ZLIB_FLUSH), "BIO_ZLIB_FLUSH"},
+    {ERR_FUNC(COMP_F_BIO_ZLIB_NEW), "BIO_ZLIB_NEW"},
+    {ERR_FUNC(COMP_F_BIO_ZLIB_READ), "BIO_ZLIB_READ"},
+    {ERR_FUNC(COMP_F_BIO_ZLIB_WRITE), "BIO_ZLIB_WRITE"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA COMP_str_reasons[]=
-	{
-{ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR)   ,"zlib deflate error"},
-{ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR)   ,"zlib inflate error"},
-{ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED)   ,"zlib not supported"},
-{0,NULL}
-	};
+static ERR_STRING_DATA COMP_str_reasons[] = {
+    {ERR_REASON(COMP_R_ZLIB_DEFLATE_ERROR), "zlib deflate error"},
+    {ERR_REASON(COMP_R_ZLIB_INFLATE_ERROR), "zlib inflate error"},
+    {ERR_REASON(COMP_R_ZLIB_NOT_SUPPORTED), "zlib not supported"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_COMP_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(COMP_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,COMP_str_functs);
-		ERR_load_strings(0,COMP_str_reasons);
-		}
+    if (ERR_func_error_string(COMP_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, COMP_str_functs);
+        ERR_load_strings(0, COMP_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/comp/comp_lib.c b/Cryptlib/OpenSSL/crypto/comp/comp_lib.c
index b60ae371..bd4eb7a1 100644
--- a/Cryptlib/OpenSSL/crypto/comp/comp_lib.c
+++ b/Cryptlib/OpenSSL/crypto/comp/comp_lib.c
@@ -5,68 +5,62 @@
 #include <openssl/comp.h>
 
 COMP_CTX *COMP_CTX_new(COMP_METHOD *meth)
-	{
-	COMP_CTX *ret;
+{
+    COMP_CTX *ret;
 
-	if ((ret=(COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL)
-		{
-		/* ZZZZZZZZZZZZZZZZ */
-		return(NULL);
-		}
-	memset(ret,0,sizeof(COMP_CTX));
-	ret->meth=meth;
-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-		{
-		OPENSSL_free(ret);
-		ret=NULL;
-		}
-	return(ret);
-	}
+    if ((ret = (COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL) {
+        /* ZZZZZZZZZZZZZZZZ */
+        return (NULL);
+    }
+    memset(ret, 0, sizeof(COMP_CTX));
+    ret->meth = meth;
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        OPENSSL_free(ret);
+        ret = NULL;
+    }
+    return (ret);
+}
 
 void COMP_CTX_free(COMP_CTX *ctx)
-	{
-	if(ctx == NULL)
-	    return;
+{
+    if (ctx == NULL)
+        return;
 
-	if (ctx->meth->finish != NULL)
-		ctx->meth->finish(ctx);
+    if (ctx->meth->finish != NULL)
+        ctx->meth->finish(ctx);
 
-	OPENSSL_free(ctx);
-	}
+    OPENSSL_free(ctx);
+}
 
 int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen,
-	     unsigned char *in, int ilen)
-	{
-	int ret;
-	if (ctx->meth->compress == NULL)
-		{
-		/* ZZZZZZZZZZZZZZZZZ */
-		return(-1);
-		}
-	ret=ctx->meth->compress(ctx,out,olen,in,ilen);
-	if (ret > 0)
-		{
-		ctx->compress_in+=ilen;
-		ctx->compress_out+=ret;
-		}
-	return(ret);
-	}
+                        unsigned char *in, int ilen)
+{
+    int ret;
+    if (ctx->meth->compress == NULL) {
+        /* ZZZZZZZZZZZZZZZZZ */
+        return (-1);
+    }
+    ret = ctx->meth->compress(ctx, out, olen, in, ilen);
+    if (ret > 0) {
+        ctx->compress_in += ilen;
+        ctx->compress_out += ret;
+    }
+    return (ret);
+}
 
 int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen,
-	     unsigned char *in, int ilen)
-	{
-	int ret;
+                      unsigned char *in, int ilen)
+{
+    int ret;
 
-	if (ctx->meth->expand == NULL)
-		{
-		/* ZZZZZZZZZZZZZZZZZ */
-		return(-1);
-		}
-	ret=ctx->meth->expand(ctx,out,olen,in,ilen);
-	if (ret > 0)
-		{
-		ctx->expand_in+=ilen;
-		ctx->expand_out+=ret;
-		}
-	return(ret);
-	}
+    if (ctx->meth->expand == NULL) {
+        /* ZZZZZZZZZZZZZZZZZ */
+        return (-1);
+    }
+    ret = ctx->meth->expand(ctx, out, olen, in, ilen);
+    if (ret > 0) {
+        ctx->expand_in += ilen;
+        ctx->expand_out += ret;
+    }
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_api.c b/Cryptlib/OpenSSL/crypto/conf/conf_api.c
index 55d1d506..d994ef8f 100644
--- a/Cryptlib/OpenSSL/crypto/conf/conf_api.c
+++ b/Cryptlib/OpenSSL/crypto/conf/conf_api.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,7 +59,7 @@
 /* Part of the code in here was originally in conf.c, which is now removed */
 
 #ifndef CONF_DEBUG
-# undef NDEBUG /* avoid conflicting definitions */
+# undef NDEBUG                  /* avoid conflicting definitions */
 # define NDEBUG
 #endif
 
@@ -71,239 +71,240 @@
 #include "e_os.h"
 
 static void value_free_hash(CONF_VALUE *a, LHASH *conf);
-static void value_free_stack(CONF_VALUE *a,LHASH *conf);
+static void value_free_stack(CONF_VALUE *a, LHASH *conf);
 static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *)
 static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *)
-/* We don't use function pointer casting or wrapper functions - but cast each
- * callback parameter inside the callback functions. */
+/*
+ * We don't use function pointer casting or wrapper functions - but cast each
+ * callback parameter inside the callback functions.
+ */
 /* static unsigned long hash(CONF_VALUE *v); */
 static unsigned long hash(const void *v_void);
 /* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */
-static int cmp_conf(const void *a_void,const void *b_void);
+static int cmp_conf(const void *a_void, const void *b_void);
 
 /* Up until OpenSSL 0.9.5a, this was get_section */
 CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
-	{
-	CONF_VALUE *v,vv;
+{
+    CONF_VALUE *v, vv;
 
-	if ((conf == NULL) || (section == NULL)) return(NULL);
-	vv.name=NULL;
-	vv.section=(char *)section;
-	v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
-	return(v);
-	}
+    if ((conf == NULL) || (section == NULL))
+        return (NULL);
+    vv.name = NULL;
+    vv.section = (char *)section;
+    v = (CONF_VALUE *)lh_retrieve(conf->data, &vv);
+    return (v);
+}
 
 /* Up until OpenSSL 0.9.5a, this was CONF_get_section */
 STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
-					       const char *section)
-	{
-	CONF_VALUE *v;
+                                               const char *section)
+{
+    CONF_VALUE *v;
 
-	v=_CONF_get_section(conf,section);
-	if (v != NULL)
-		return((STACK_OF(CONF_VALUE) *)v->value);
-	else
-		return(NULL);
-	}
+    v = _CONF_get_section(conf, section);
+    if (v != NULL)
+        return ((STACK_OF(CONF_VALUE) *)v->value);
+    else
+        return (NULL);
+}
 
 int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value)
-	{
-	CONF_VALUE *v = NULL;
-	STACK_OF(CONF_VALUE) *ts;
-
-	ts = (STACK_OF(CONF_VALUE) *)section->value;
-
-	value->section=section->section;	
-	if (!sk_CONF_VALUE_push(ts,value))
-		{
-		return 0;
-		}
-
-	v = (CONF_VALUE *)lh_insert(conf->data, value);
-	if (v != NULL)
-		{
-		(void)sk_CONF_VALUE_delete_ptr(ts,v);
-		OPENSSL_free(v->name);
-		OPENSSL_free(v->value);
-		OPENSSL_free(v);
-		}
-	return 1;
-	}
-
-char *_CONF_get_string(const CONF *conf, const char *section, const char *name)
-	{
-	CONF_VALUE *v,vv;
-	char *p;
-
-	if (name == NULL) return(NULL);
-	if (conf != NULL)
-		{
-		if (section != NULL)
-			{
-			vv.name=(char *)name;
-			vv.section=(char *)section;
-			v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
-			if (v != NULL) return(v->value);
-			if (strcmp(section,"ENV") == 0)
-				{
-				p=Getenv(name);
-				if (p != NULL) return(p);
-				}
-			}
-		vv.section="default";
-		vv.name=(char *)name;
-		v=(CONF_VALUE *)lh_retrieve(conf->data,&vv);
-		if (v != NULL)
-			return(v->value);
-		else
-			return(NULL);
-		}
-	else
-		return(Getenv(name));
-	}
-
-#if 0 /* There's no way to provide error checking with this function, so
-	 force implementors of the higher levels to get a string and read
-	 the number themselves. */
+{
+    CONF_VALUE *v = NULL;
+    STACK_OF(CONF_VALUE) *ts;
+
+    ts = (STACK_OF(CONF_VALUE) *)section->value;
+
+    value->section = section->section;
+    if (!sk_CONF_VALUE_push(ts, value)) {
+        return 0;
+    }
+
+    v = (CONF_VALUE *)lh_insert(conf->data, value);
+    if (v != NULL) {
+        (void)sk_CONF_VALUE_delete_ptr(ts, v);
+        OPENSSL_free(v->name);
+        OPENSSL_free(v->value);
+        OPENSSL_free(v);
+    }
+    return 1;
+}
+
+char *_CONF_get_string(const CONF *conf, const char *section,
+                       const char *name)
+{
+    CONF_VALUE *v, vv;
+    char *p;
+
+    if (name == NULL)
+        return (NULL);
+    if (conf != NULL) {
+        if (section != NULL) {
+            vv.name = (char *)name;
+            vv.section = (char *)section;
+            v = (CONF_VALUE *)lh_retrieve(conf->data, &vv);
+            if (v != NULL)
+                return (v->value);
+            if (strcmp(section, "ENV") == 0) {
+                p = Getenv(name);
+                if (p != NULL)
+                    return (p);
+            }
+        }
+        vv.section = "default";
+        vv.name = (char *)name;
+        v = (CONF_VALUE *)lh_retrieve(conf->data, &vv);
+        if (v != NULL)
+            return (v->value);
+        else
+            return (NULL);
+    } else
+        return (Getenv(name));
+}
+
+#if 0                           /* There's no way to provide error checking
+                                 * with this function, so force implementors
+                                 * of the higher levels to get a string and
+                                 * read the number themselves. */
 long _CONF_get_number(CONF *conf, char *section, char *name)
-	{
-	char *str;
-	long ret=0;
-
-	str=_CONF_get_string(conf,section,name);
-	if (str == NULL) return(0);
-	for (;;)
-		{
-		if (conf->meth->is_number(conf, *str))
-			ret=ret*10+conf->meth->to_int(conf, *str);
-		else
-			return(ret);
-		str++;
-		}
-	}
+{
+    char *str;
+    long ret = 0;
+
+    str = _CONF_get_string(conf, section, name);
+    if (str == NULL)
+        return (0);
+    for (;;) {
+        if (conf->meth->is_number(conf, *str))
+            ret = ret * 10 + conf->meth->to_int(conf, *str);
+        else
+            return (ret);
+        str++;
+    }
+}
 #endif
 
 int _CONF_new_data(CONF *conf)
-	{
-	if (conf == NULL)
-		{
-		return 0;
-		}
-	if (conf->data == NULL)
-		if ((conf->data = lh_new(hash, cmp_conf)) == NULL)
-			{
-			return 0;
-			}
-	return 1;
-	}
+{
+    if (conf == NULL) {
+        return 0;
+    }
+    if (conf->data == NULL)
+        if ((conf->data = lh_new(hash, cmp_conf)) == NULL) {
+            return 0;
+        }
+    return 1;
+}
 
 void _CONF_free_data(CONF *conf)
-	{
-	if (conf == NULL || conf->data == NULL) return;
+{
+    if (conf == NULL || conf->data == NULL)
+        return;
 
-	conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()'
-				  * works as expected */
-	lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash),
-			conf->data);
+    conf->data->down_load = 0;  /* evil thing to make sure the
+                                 * 'OPENSSL_free()' works as expected */
+    lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash), conf->data);
 
-	/* We now have only 'section' entries in the hash table.
-	 * Due to problems with */
+    /*
+     * We now have only 'section' entries in the hash table. Due to problems
+     * with
+     */
 
-	lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack),
-			conf->data);
-	lh_free(conf->data);
-	}
+    lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack),
+                 conf->data);
+    lh_free(conf->data);
+}
 
 static void value_free_hash(CONF_VALUE *a, LHASH *conf)
-	{
-	if (a->name != NULL)
-		{
-		a=(CONF_VALUE *)lh_delete(conf,a);
-		}
-	}
+{
+    if (a->name != NULL) {
+        a = (CONF_VALUE *)lh_delete(conf, a);
+    }
+}
 
 static void value_free_stack(CONF_VALUE *a, LHASH *conf)
-	{
-	CONF_VALUE *vv;
-	STACK *sk;
-	int i;
-
-	if (a->name != NULL) return;
-
-	sk=(STACK *)a->value;
-	for (i=sk_num(sk)-1; i>=0; i--)
-		{
-		vv=(CONF_VALUE *)sk_value(sk,i);
-		OPENSSL_free(vv->value);
-		OPENSSL_free(vv->name);
-		OPENSSL_free(vv);
-		}
-	if (sk != NULL) sk_free(sk);
-	OPENSSL_free(a->section);
-	OPENSSL_free(a);
-	}
+{
+    CONF_VALUE *vv;
+    STACK *sk;
+    int i;
+
+    if (a->name != NULL)
+        return;
+
+    sk = (STACK *) a->value;
+    for (i = sk_num(sk) - 1; i >= 0; i--) {
+        vv = (CONF_VALUE *)sk_value(sk, i);
+        OPENSSL_free(vv->value);
+        OPENSSL_free(vv->name);
+        OPENSSL_free(vv);
+    }
+    if (sk != NULL)
+        sk_free(sk);
+    OPENSSL_free(a->section);
+    OPENSSL_free(a);
+}
 
 /* static unsigned long hash(CONF_VALUE *v) */
 static unsigned long hash(const void *v_void)
-	{
-	CONF_VALUE *v = (CONF_VALUE *)v_void;
-	return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
-	}
+{
+    CONF_VALUE *v = (CONF_VALUE *)v_void;
+    return ((lh_strhash(v->section) << 2) ^ lh_strhash(v->name));
+}
 
 /* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */
-static int cmp_conf(const void *a_void,const  void *b_void)
-	{
-	int i;
-	CONF_VALUE *a = (CONF_VALUE *)a_void;
-	CONF_VALUE *b = (CONF_VALUE *)b_void;
-
-	if (a->section != b->section)
-		{
-		i=strcmp(a->section,b->section);
-		if (i) return(i);
-		}
-
-	if ((a->name != NULL) && (b->name != NULL))
-		{
-		i=strcmp(a->name,b->name);
-		return(i);
-		}
-	else if (a->name == b->name)
-		return(0);
-	else
-		return((a->name == NULL)?-1:1);
-	}
+static int cmp_conf(const void *a_void, const void *b_void)
+{
+    int i;
+    CONF_VALUE *a = (CONF_VALUE *)a_void;
+    CONF_VALUE *b = (CONF_VALUE *)b_void;
+
+    if (a->section != b->section) {
+        i = strcmp(a->section, b->section);
+        if (i)
+            return (i);
+    }
+
+    if ((a->name != NULL) && (b->name != NULL)) {
+        i = strcmp(a->name, b->name);
+        return (i);
+    } else if (a->name == b->name)
+        return (0);
+    else
+        return ((a->name == NULL) ? -1 : 1);
+}
 
 /* Up until OpenSSL 0.9.5a, this was new_section */
 CONF_VALUE *_CONF_new_section(CONF *conf, const char *section)
-	{
-	STACK *sk=NULL;
-	int ok=0,i;
-	CONF_VALUE *v=NULL,*vv;
-
-	if ((sk=sk_new_null()) == NULL)
-		goto err;
-	if ((v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
-		goto err;
-	i=strlen(section)+1;
-	if ((v->section=(char *)OPENSSL_malloc(i)) == NULL)
-		goto err;
-
-	memcpy(v->section,section,i);
-	v->name=NULL;
-	v->value=(char *)sk;
-	
-	vv=(CONF_VALUE *)lh_insert(conf->data,v);
-	OPENSSL_assert(vv == NULL);
-	ok=1;
-err:
-	if (!ok)
-		{
-		if (sk != NULL) sk_free(sk);
-		if (v != NULL) OPENSSL_free(v);
-		v=NULL;
-		}
-	return(v);
-	}
+{
+    STACK *sk = NULL;
+    int ok = 0, i;
+    CONF_VALUE *v = NULL, *vv;
+
+    if ((sk = sk_new_null()) == NULL)
+        goto err;
+    if ((v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))) == NULL)
+        goto err;
+    i = strlen(section) + 1;
+    if ((v->section = (char *)OPENSSL_malloc(i)) == NULL)
+        goto err;
+
+    memcpy(v->section, section, i);
+    v->name = NULL;
+    v->value = (char *)sk;
+
+    vv = (CONF_VALUE *)lh_insert(conf->data, v);
+    OPENSSL_assert(vv == NULL);
+    ok = 1;
+ err:
+    if (!ok) {
+        if (sk != NULL)
+            sk_free(sk);
+        if (v != NULL)
+            OPENSSL_free(v);
+        v = NULL;
+    }
+    return (v);
+}
 
 IMPLEMENT_STACK_OF(CONF_VALUE)
diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_def.c b/Cryptlib/OpenSSL/crypto/conf/conf_def.c
index a168339b..8ca68e1d 100644
--- a/Cryptlib/OpenSSL/crypto/conf/conf_def.c
+++ b/Cryptlib/OpenSSL/crypto/conf/conf_def.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -72,10 +72,10 @@
 static char *eat_ws(CONF *conf, char *p);
 static char *eat_alpha_numeric(CONF *conf, char *p);
 static void clear_comments(CONF *conf, char *p);
-static int str_copy(CONF *conf,char *section,char **to, char *from);
+static int str_copy(CONF *conf, char *section, char **to, char *from);
 static char *scan_quote(CONF *conf, char *p);
 static char *scan_dquote(CONF *conf, char *p);
-#define scan_esc(conf,p)	(((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
+#define scan_esc(conf,p)        (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
 
 static CONF *def_create(CONF_METHOD *meth);
 static int def_init_default(CONF *conf);
@@ -88,660 +88,622 @@ static int def_dump(const CONF *conf, BIO *bp);
 static int def_is_number(const CONF *conf, char c);
 static int def_to_int(const CONF *conf, char c);
 
-const char CONF_def_version[]="CONF_def" OPENSSL_VERSION_PTEXT;
+const char CONF_def_version[] = "CONF_def" OPENSSL_VERSION_PTEXT;
 
 static CONF_METHOD default_method = {
-	"OpenSSL default",
-	def_create,
-	def_init_default,
-	def_destroy,
-	def_destroy_data,
-	def_load_bio,
-	def_dump,
-	def_is_number,
-	def_to_int,
-	def_load
-	};
+    "OpenSSL default",
+    def_create,
+    def_init_default,
+    def_destroy,
+    def_destroy_data,
+    def_load_bio,
+    def_dump,
+    def_is_number,
+    def_to_int,
+    def_load
+};
 
 static CONF_METHOD WIN32_method = {
-	"WIN32",
-	def_create,
-	def_init_WIN32,
-	def_destroy,
-	def_destroy_data,
-	def_load_bio,
-	def_dump,
-	def_is_number,
-	def_to_int,
-	def_load
-	};
+    "WIN32",
+    def_create,
+    def_init_WIN32,
+    def_destroy,
+    def_destroy_data,
+    def_load_bio,
+    def_dump,
+    def_is_number,
+    def_to_int,
+    def_load
+};
 
 CONF_METHOD *NCONF_default()
-	{
-	return &default_method;
-	}
+{
+    return &default_method;
+}
+
 CONF_METHOD *NCONF_WIN32()
-	{
-	return &WIN32_method;
-	}
+{
+    return &WIN32_method;
+}
 
 static CONF *def_create(CONF_METHOD *meth)
-	{
-	CONF *ret;
-
-	ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));
-	if (ret)
-		if (meth->init(ret) == 0)
-			{
-			OPENSSL_free(ret);
-			ret = NULL;
-			}
-	return ret;
-	}
-	
+{
+    CONF *ret;
+
+    ret = (CONF *)OPENSSL_malloc(sizeof(CONF) + sizeof(unsigned short *));
+    if (ret)
+        if (meth->init(ret) == 0) {
+            OPENSSL_free(ret);
+            ret = NULL;
+        }
+    return ret;
+}
+
 static int def_init_default(CONF *conf)
-	{
-	if (conf == NULL)
-		return 0;
+{
+    if (conf == NULL)
+        return 0;
 
-	conf->meth = &default_method;
-	conf->meth_data = (void *)CONF_type_default;
-	conf->data = NULL;
+    conf->meth = &default_method;
+    conf->meth_data = (void *)CONF_type_default;
+    conf->data = NULL;
 
-	return 1;
-	}
+    return 1;
+}
 
 static int def_init_WIN32(CONF *conf)
-	{
-	if (conf == NULL)
-		return 0;
+{
+    if (conf == NULL)
+        return 0;
 
-	conf->meth = &WIN32_method;
-	conf->meth_data = (void *)CONF_type_win32;
-	conf->data = NULL;
+    conf->meth = &WIN32_method;
+    conf->meth_data = (void *)CONF_type_win32;
+    conf->data = NULL;
 
-	return 1;
-	}
+    return 1;
+}
 
 static int def_destroy(CONF *conf)
-	{
-	if (def_destroy_data(conf))
-		{
-		OPENSSL_free(conf);
-		return 1;
-		}
-	return 0;
-	}
+{
+    if (def_destroy_data(conf)) {
+        OPENSSL_free(conf);
+        return 1;
+    }
+    return 0;
+}
 
 static int def_destroy_data(CONF *conf)
-	{
-	if (conf == NULL)
-		return 0;
-	_CONF_free_data(conf);
-	return 1;
-	}
+{
+    if (conf == NULL)
+        return 0;
+    _CONF_free_data(conf);
+    return 1;
+}
 
 static int def_load(CONF *conf, const char *name, long *line)
-	{
-	int ret;
-	BIO *in=NULL;
+{
+    int ret;
+    BIO *in = NULL;
 
 #ifdef OPENSSL_SYS_VMS
-	in=BIO_new_file(name, "r");
+    in = BIO_new_file(name, "r");
 #else
-	in=BIO_new_file(name, "rb");
+    in = BIO_new_file(name, "rb");
 #endif
-	if (in == NULL)
-		{
-		if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
-			CONFerr(CONF_F_DEF_LOAD,CONF_R_NO_SUCH_FILE);
-		else
-			CONFerr(CONF_F_DEF_LOAD,ERR_R_SYS_LIB);
-		return 0;
-		}
+    if (in == NULL) {
+        if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
+            CONFerr(CONF_F_DEF_LOAD, CONF_R_NO_SUCH_FILE);
+        else
+            CONFerr(CONF_F_DEF_LOAD, ERR_R_SYS_LIB);
+        return 0;
+    }
 
-	ret = def_load_bio(conf, in, line);
-	BIO_free(in);
+    ret = def_load_bio(conf, in, line);
+    BIO_free(in);
 
-	return ret;
-	}
+    return ret;
+}
 
 static int def_load_bio(CONF *conf, BIO *in, long *line)
-	{
+{
 /* The macro BUFSIZE conflicts with a system macro in VxWorks */
-#define CONFBUFSIZE	512
-	int bufnum=0,i,ii;
-	BUF_MEM *buff=NULL;
-	char *s,*p,*end;
-	int again;
-	long eline=0;
-	char btmp[DECIMAL_SIZE(eline)+1];
-	CONF_VALUE *v=NULL,*tv;
-	CONF_VALUE *sv=NULL;
-	char *section=NULL,*buf;
-/*	STACK_OF(CONF_VALUE) *section_sk=NULL;*/
-/*	STACK_OF(CONF_VALUE) *ts=NULL;*/
-	char *start,*psection,*pname;
-	void *h = (void *)(conf->data);
-
-	if ((buff=BUF_MEM_new()) == NULL)
-		{
-		CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);
-		goto err;
-		}
-
-	section=(char *)OPENSSL_malloc(10);
-	if (section == NULL)
-		{
-		CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	BUF_strlcpy(section,"default",10);
-
-	if (_CONF_new_data(conf) == 0)
-		{
-		CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	sv=_CONF_new_section(conf,section);
-	if (sv == NULL)
-		{
-		CONFerr(CONF_F_DEF_LOAD_BIO,
-					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
-		goto err;
-		}
-/*	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
-
-	bufnum=0;
-	again=0;
-	for (;;)
-		{
-		if (!BUF_MEM_grow(buff,bufnum+CONFBUFSIZE))
-			{
-			CONFerr(CONF_F_DEF_LOAD_BIO,ERR_R_BUF_LIB);
-			goto err;
-			}
-		p= &(buff->data[bufnum]);
-		*p='\0';
-		BIO_gets(in, p, CONFBUFSIZE-1);
-		p[CONFBUFSIZE-1]='\0';
-		ii=i=strlen(p);
-		if (i == 0 && !again) break;
-		again=0;
-		while (i > 0)
-			{
-			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
-				break;
-			else
-				i--;
-			}
-		/* we removed some trailing stuff so there is a new
-		 * line on the end. */
-		if (ii && i == ii)
-			again=1; /* long line */
-		else
-			{
-			p[i]='\0';
-			eline++; /* another input line */
-			}
-
-		/* we now have a line with trailing \r\n removed */
-
-		/* i is the number of bytes */
-		bufnum+=i;
-
-		v=NULL;
-		/* check for line continuation */
-		if (bufnum >= 1)
-			{
-			/* If we have bytes and the last char '\\' and
-			 * second last char is not '\\' */
-			p= &(buff->data[bufnum-1]);
-			if (IS_ESC(conf,p[0]) &&
-				((bufnum <= 1) || !IS_ESC(conf,p[-1])))
-				{
-				bufnum--;
-				again=1;
-				}
-			}
-		if (again) continue;
-		bufnum=0;
-		buf=buff->data;
-
-		clear_comments(conf, buf);
-		s=eat_ws(conf, buf);
-		if (IS_EOF(conf,*s)) continue; /* blank line */
-		if (*s == '[')
-			{
-			char *ss;
-
-			s++;
-			start=eat_ws(conf, s);
-			ss=start;
-again:
-			end=eat_alpha_numeric(conf, ss);
-			p=eat_ws(conf, end);
-			if (*p != ']')
-				{
-				if (*p != '\0' && ss != p)
-					{
-					ss=p;
-					goto again;
-					}
-				CONFerr(CONF_F_DEF_LOAD_BIO,
-					CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
-				goto err;
-				}
-			*end='\0';
-			if (!str_copy(conf,NULL,&section,start)) goto err;
-			if ((sv=_CONF_get_section(conf,section)) == NULL)
-				sv=_CONF_new_section(conf,section);
-			if (sv == NULL)
-				{
-				CONFerr(CONF_F_DEF_LOAD_BIO,
-					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
-				goto err;
-				}
-/*			section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
-			continue;
-			}
-		else
-			{
-			pname=s;
-			psection=NULL;
-			end=eat_alpha_numeric(conf, s);
-			if ((end[0] == ':') && (end[1] == ':'))
-				{
-				*end='\0';
-				end+=2;
-				psection=pname;
-				pname=end;
-				end=eat_alpha_numeric(conf, end);
-				}
-			p=eat_ws(conf, end);
-			if (*p != '=')
-				{
-				CONFerr(CONF_F_DEF_LOAD_BIO,
-						CONF_R_MISSING_EQUAL_SIGN);
-				goto err;
-				}
-			*end='\0';
-			p++;
-			start=eat_ws(conf, p);
-			while (!IS_EOF(conf,*p))
-				p++;
-			p--;
-			while ((p != start) && (IS_WS(conf,*p)))
-				p--;
-			p++;
-			*p='\0';
-
-			if (!(v=(CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))))
-				{
-				CONFerr(CONF_F_DEF_LOAD_BIO,
-							ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			if (psection == NULL) psection=section;
-			v->name=(char *)OPENSSL_malloc(strlen(pname)+1);
-			v->value=NULL;
-			if (v->name == NULL)
-				{
-				CONFerr(CONF_F_DEF_LOAD_BIO,
-							ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			BUF_strlcpy(v->name,pname,strlen(pname)+1);
-			if (!str_copy(conf,psection,&(v->value),start)) goto err;
-
-			if (strcmp(psection,section) != 0)
-				{
-				if ((tv=_CONF_get_section(conf,psection))
-					== NULL)
-					tv=_CONF_new_section(conf,psection);
-				if (tv == NULL)
-					{
-					CONFerr(CONF_F_DEF_LOAD_BIO,
-					   CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
-					goto err;
-					}
-/*				ts=(STACK_OF(CONF_VALUE) *)tv->value;*/
-				}
-			else
-				{
-				tv=sv;
-/*				ts=section_sk;*/
-				}
+#define CONFBUFSIZE     512
+    int bufnum = 0, i, ii;
+    BUF_MEM *buff = NULL;
+    char *s, *p, *end;
+    int again;
+    long eline = 0;
+    char btmp[DECIMAL_SIZE(eline) + 1];
+    CONF_VALUE *v = NULL, *tv;
+    CONF_VALUE *sv = NULL;
+    char *section = NULL, *buf;
+/*      STACK_OF(CONF_VALUE) *section_sk=NULL;*/
+/*      STACK_OF(CONF_VALUE) *ts=NULL;*/
+    char *start, *psection, *pname;
+    void *h = (void *)(conf->data);
+
+    if ((buff = BUF_MEM_new()) == NULL) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
+        goto err;
+    }
+
+    section = (char *)OPENSSL_malloc(10);
+    if (section == NULL) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    BUF_strlcpy(section, "default", 10);
+
+    if (_CONF_new_data(conf) == 0) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    sv = _CONF_new_section(conf, section);
+    if (sv == NULL) {
+        CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+        goto err;
+    }
+/*      section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
+
+    bufnum = 0;
+    again = 0;
+    for (;;) {
+        if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) {
+            CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_BUF_LIB);
+            goto err;
+        }
+        p = &(buff->data[bufnum]);
+        *p = '\0';
+        BIO_gets(in, p, CONFBUFSIZE - 1);
+        p[CONFBUFSIZE - 1] = '\0';
+        ii = i = strlen(p);
+        if (i == 0 && !again)
+            break;
+        again = 0;
+        while (i > 0) {
+            if ((p[i - 1] != '\r') && (p[i - 1] != '\n'))
+                break;
+            else
+                i--;
+        }
+        /*
+         * we removed some trailing stuff so there is a new line on the end.
+         */
+        if (ii && i == ii)
+            again = 1;          /* long line */
+        else {
+            p[i] = '\0';
+            eline++;            /* another input line */
+        }
+
+        /* we now have a line with trailing \r\n removed */
+
+        /* i is the number of bytes */
+        bufnum += i;
+
+        v = NULL;
+        /* check for line continuation */
+        if (bufnum >= 1) {
+            /*
+             * If we have bytes and the last char '\\' and second last char
+             * is not '\\'
+             */
+            p = &(buff->data[bufnum - 1]);
+            if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) {
+                bufnum--;
+                again = 1;
+            }
+        }
+        if (again)
+            continue;
+        bufnum = 0;
+        buf = buff->data;
+
+        clear_comments(conf, buf);
+        s = eat_ws(conf, buf);
+        if (IS_EOF(conf, *s))
+            continue;           /* blank line */
+        if (*s == '[') {
+            char *ss;
+
+            s++;
+            start = eat_ws(conf, s);
+            ss = start;
+ again:
+            end = eat_alpha_numeric(conf, ss);
+            p = eat_ws(conf, end);
+            if (*p != ']') {
+                if (*p != '\0' && ss != p) {
+                    ss = p;
+                    goto again;
+                }
+                CONFerr(CONF_F_DEF_LOAD_BIO,
+                        CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
+                goto err;
+            }
+            *end = '\0';
+            if (!str_copy(conf, NULL, &section, start))
+                goto err;
+            if ((sv = _CONF_get_section(conf, section)) == NULL)
+                sv = _CONF_new_section(conf, section);
+            if (sv == NULL) {
+                CONFerr(CONF_F_DEF_LOAD_BIO,
+                        CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                goto err;
+            }
+/*                      section_sk=(STACK_OF(CONF_VALUE) *)sv->value;*/
+            continue;
+        } else {
+            pname = s;
+            psection = NULL;
+            end = eat_alpha_numeric(conf, s);
+            if ((end[0] == ':') && (end[1] == ':')) {
+                *end = '\0';
+                end += 2;
+                psection = pname;
+                pname = end;
+                end = eat_alpha_numeric(conf, end);
+            }
+            p = eat_ws(conf, end);
+            if (*p != '=') {
+                CONFerr(CONF_F_DEF_LOAD_BIO, CONF_R_MISSING_EQUAL_SIGN);
+                goto err;
+            }
+            *end = '\0';
+            p++;
+            start = eat_ws(conf, p);
+            while (!IS_EOF(conf, *p))
+                p++;
+            p--;
+            while ((p != start) && (IS_WS(conf, *p)))
+                p--;
+            p++;
+            *p = '\0';
+
+            if (!(v = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) {
+                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (psection == NULL)
+                psection = section;
+            v->name = (char *)OPENSSL_malloc(strlen(pname) + 1);
+            v->value = NULL;
+            if (v->name == NULL) {
+                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            BUF_strlcpy(v->name, pname, strlen(pname) + 1);
+            if (!str_copy(conf, psection, &(v->value), start))
+                goto err;
+
+            if (strcmp(psection, section) != 0) {
+                if ((tv = _CONF_get_section(conf, psection))
+                    == NULL)
+                    tv = _CONF_new_section(conf, psection);
+                if (tv == NULL) {
+                    CONFerr(CONF_F_DEF_LOAD_BIO,
+                            CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+                    goto err;
+                }
+/*                              ts=(STACK_OF(CONF_VALUE) *)tv->value;*/
+            } else {
+                tv = sv;
+/*                              ts=section_sk;*/
+            }
 #if 1
-			if (_CONF_add_string(conf, tv, v) == 0)
-				{
-				CONFerr(CONF_F_DEF_LOAD_BIO,
-							ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
+            if (_CONF_add_string(conf, tv, v) == 0) {
+                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
 #else
-			v->section=tv->section;	
-			if (!sk_CONF_VALUE_push(ts,v))
-				{
-				CONFerr(CONF_F_DEF_LOAD_BIO,
-							ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			vv=(CONF_VALUE *)lh_insert(conf->data,v);
-			if (vv != NULL)
-				{
-				sk_CONF_VALUE_delete_ptr(ts,vv);
-				OPENSSL_free(vv->name);
-				OPENSSL_free(vv->value);
-				OPENSSL_free(vv);
-				}
+            v->section = tv->section;
+            if (!sk_CONF_VALUE_push(ts, v)) {
+                CONFerr(CONF_F_DEF_LOAD_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            vv = (CONF_VALUE *)lh_insert(conf->data, v);
+            if (vv != NULL) {
+                sk_CONF_VALUE_delete_ptr(ts, vv);
+                OPENSSL_free(vv->name);
+                OPENSSL_free(vv->value);
+                OPENSSL_free(vv);
+            }
 #endif
-			v=NULL;
-			}
-		}
-	if (buff != NULL) BUF_MEM_free(buff);
-	if (section != NULL) OPENSSL_free(section);
-	return(1);
-err:
-	if (buff != NULL) BUF_MEM_free(buff);
-	if (section != NULL) OPENSSL_free(section);
-	if (line != NULL) *line=eline;
-	BIO_snprintf(btmp,sizeof btmp,"%ld",eline);
-	ERR_add_error_data(2,"line ",btmp);
-	if ((h != conf->data) && (conf->data != NULL))
-		{
-		CONF_free(conf->data);
-		conf->data=NULL;
-		}
-	if (v != NULL)
-		{
-		if (v->name != NULL) OPENSSL_free(v->name);
-		if (v->value != NULL) OPENSSL_free(v->value);
-		if (v != NULL) OPENSSL_free(v);
-		}
-	return(0);
-	}
+            v = NULL;
+        }
+    }
+    if (buff != NULL)
+        BUF_MEM_free(buff);
+    if (section != NULL)
+        OPENSSL_free(section);
+    return (1);
+ err:
+    if (buff != NULL)
+        BUF_MEM_free(buff);
+    if (section != NULL)
+        OPENSSL_free(section);
+    if (line != NULL)
+        *line = eline;
+    BIO_snprintf(btmp, sizeof btmp, "%ld", eline);
+    ERR_add_error_data(2, "line ", btmp);
+    if ((h != conf->data) && (conf->data != NULL)) {
+        CONF_free(conf->data);
+        conf->data = NULL;
+    }
+    if (v != NULL) {
+        if (v->name != NULL)
+            OPENSSL_free(v->name);
+        if (v->value != NULL)
+            OPENSSL_free(v->value);
+        if (v != NULL)
+            OPENSSL_free(v);
+    }
+    return (0);
+}
 
 static void clear_comments(CONF *conf, char *p)
-	{
-	for (;;)
-		{
-		if (IS_FCOMMENT(conf,*p))
-			{
-			*p='\0';
-			return;
-			}
-		if (!IS_WS(conf,*p))
-			{
-			break;
-			}
-		p++;
-		}
-
-	for (;;)
-		{
-		if (IS_COMMENT(conf,*p))
-			{
-			*p='\0';
-			return;
-			}
-		if (IS_DQUOTE(conf,*p))
-			{
-			p=scan_dquote(conf, p);
-			continue;
-			}
-		if (IS_QUOTE(conf,*p))
-			{
-			p=scan_quote(conf, p);
-			continue;
-			}
-		if (IS_ESC(conf,*p))
-			{
-			p=scan_esc(conf,p);
-			continue;
-			}
-		if (IS_EOF(conf,*p))
-			return;
-		else
-			p++;
-		}
-	}
+{
+    for (;;) {
+        if (IS_FCOMMENT(conf, *p)) {
+            *p = '\0';
+            return;
+        }
+        if (!IS_WS(conf, *p)) {
+            break;
+        }
+        p++;
+    }
+
+    for (;;) {
+        if (IS_COMMENT(conf, *p)) {
+            *p = '\0';
+            return;
+        }
+        if (IS_DQUOTE(conf, *p)) {
+            p = scan_dquote(conf, p);
+            continue;
+        }
+        if (IS_QUOTE(conf, *p)) {
+            p = scan_quote(conf, p);
+            continue;
+        }
+        if (IS_ESC(conf, *p)) {
+            p = scan_esc(conf, p);
+            continue;
+        }
+        if (IS_EOF(conf, *p))
+            return;
+        else
+            p++;
+    }
+}
 
 static int str_copy(CONF *conf, char *section, char **pto, char *from)
-	{
-	int q,r,rr=0,to=0,len=0;
-	char *s,*e,*rp,*p,*rrp,*np,*cp,v;
-	BUF_MEM *buf;
-
-	if ((buf=BUF_MEM_new()) == NULL) return(0);
-
-	len=strlen(from)+1;
-	if (!BUF_MEM_grow(buf,len)) goto err;
-
-	for (;;)
-		{
-		if (IS_QUOTE(conf,*from))
-			{
-			q= *from;
-			from++;
-			while (!IS_EOF(conf,*from) && (*from != q))
-				{
-				if (IS_ESC(conf,*from))
-					{
-					from++;
-					if (IS_EOF(conf,*from)) break;
-					}
-				buf->data[to++]= *(from++);
-				}
-			if (*from == q) from++;
-			}
-		else if (IS_DQUOTE(conf,*from))
-			{
-			q= *from;
-			from++;
-			while (!IS_EOF(conf,*from))
-				{
-				if (*from == q)
-					{
-					if (*(from+1) == q)
-						{
-						from++;
-						}
-					else
-						{
-						break;
-						}
-					}
-				buf->data[to++]= *(from++);
-				}
-			if (*from == q) from++;
-			}
-		else if (IS_ESC(conf,*from))
-			{
-			from++;
-			v= *(from++);
-			if (IS_EOF(conf,v)) break;
-			else if (v == 'r') v='\r';
-			else if (v == 'n') v='\n';
-			else if (v == 'b') v='\b';
-			else if (v == 't') v='\t';
-			buf->data[to++]= v;
-			}
-		else if (IS_EOF(conf,*from))
-			break;
-		else if (*from == '$')
-			{
-			/* try to expand it */
-			rrp=NULL;
-			s= &(from[1]);
-			if (*s == '{')
-				q='}';
-			else if (*s == '(')
-				q=')';
-			else q=0;
-
-			if (q) s++;
-			cp=section;
-			e=np=s;
-			while (IS_ALPHA_NUMERIC(conf,*e))
-				e++;
-			if ((e[0] == ':') && (e[1] == ':'))
-				{
-				cp=np;
-				rrp=e;
-				rr= *e;
-				*rrp='\0';
-				e+=2;
-				np=e;
-				while (IS_ALPHA_NUMERIC(conf,*e))
-					e++;
-				}
-			r= *e;
-			*e='\0';
-			rp=e;
-			if (q)
-				{
-				if (r != q)
-					{
-					CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE);
-					goto err;
-					}
-				e++;
-				}
-			/* So at this point we have
-			 * np which is the start of the name string which is
-			 *   '\0' terminated. 
-			 * cp which is the start of the section string which is
-			 *   '\0' terminated.
-			 * e is the 'next point after'.
-			 * r and rr are the chars replaced by the '\0'
-			 * rp and rrp is where 'r' and 'rr' came from.
-			 */
-			p=_CONF_get_string(conf,cp,np);
-			if (rrp != NULL) *rrp=rr;
-			*rp=r;
-			if (p == NULL)
-				{
-				CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
-				goto err;
-				}
-			BUF_MEM_grow_clean(buf,(strlen(p)+buf->length-(e-from)));
-			while (*p)
-				buf->data[to++]= *(p++);
-
-			/* Since we change the pointer 'from', we also have
-			   to change the perceived length of the string it
-			   points at.  /RL */
-			len -= e-from;
-			from=e;
-
-			/* In case there were no braces or parenthesis around
-			   the variable reference, we have to put back the
-			   character that was replaced with a '\0'.  /RL */
-			*rp = r;
-			}
-		else
-			buf->data[to++]= *(from++);
-		}
-	buf->data[to]='\0';
-	if (*pto != NULL) OPENSSL_free(*pto);
-	*pto=buf->data;
-	OPENSSL_free(buf);
-	return(1);
-err:
-	if (buf != NULL) BUF_MEM_free(buf);
-	return(0);
-	}
+{
+    int q, r, rr = 0, to = 0, len = 0;
+    char *s, *e, *rp, *p, *rrp, *np, *cp, v;
+    BUF_MEM *buf;
+
+    if ((buf = BUF_MEM_new()) == NULL)
+        return (0);
+
+    len = strlen(from) + 1;
+    if (!BUF_MEM_grow(buf, len))
+        goto err;
+
+    for (;;) {
+        if (IS_QUOTE(conf, *from)) {
+            q = *from;
+            from++;
+            while (!IS_EOF(conf, *from) && (*from != q)) {
+                if (IS_ESC(conf, *from)) {
+                    from++;
+                    if (IS_EOF(conf, *from))
+                        break;
+                }
+                buf->data[to++] = *(from++);
+            }
+            if (*from == q)
+                from++;
+        } else if (IS_DQUOTE(conf, *from)) {
+            q = *from;
+            from++;
+            while (!IS_EOF(conf, *from)) {
+                if (*from == q) {
+                    if (*(from + 1) == q) {
+                        from++;
+                    } else {
+                        break;
+                    }
+                }
+                buf->data[to++] = *(from++);
+            }
+            if (*from == q)
+                from++;
+        } else if (IS_ESC(conf, *from)) {
+            from++;
+            v = *(from++);
+            if (IS_EOF(conf, v))
+                break;
+            else if (v == 'r')
+                v = '\r';
+            else if (v == 'n')
+                v = '\n';
+            else if (v == 'b')
+                v = '\b';
+            else if (v == 't')
+                v = '\t';
+            buf->data[to++] = v;
+        } else if (IS_EOF(conf, *from))
+            break;
+        else if (*from == '$') {
+            /* try to expand it */
+            rrp = NULL;
+            s = &(from[1]);
+            if (*s == '{')
+                q = '}';
+            else if (*s == '(')
+                q = ')';
+            else
+                q = 0;
+
+            if (q)
+                s++;
+            cp = section;
+            e = np = s;
+            while (IS_ALPHA_NUMERIC(conf, *e))
+                e++;
+            if ((e[0] == ':') && (e[1] == ':')) {
+                cp = np;
+                rrp = e;
+                rr = *e;
+                *rrp = '\0';
+                e += 2;
+                np = e;
+                while (IS_ALPHA_NUMERIC(conf, *e))
+                    e++;
+            }
+            r = *e;
+            *e = '\0';
+            rp = e;
+            if (q) {
+                if (r != q) {
+                    CONFerr(CONF_F_STR_COPY, CONF_R_NO_CLOSE_BRACE);
+                    goto err;
+                }
+                e++;
+            }
+            /*-
+             * So at this point we have
+             * np which is the start of the name string which is
+             *   '\0' terminated.
+             * cp which is the start of the section string which is
+             *   '\0' terminated.
+             * e is the 'next point after'.
+             * r and rr are the chars replaced by the '\0'
+             * rp and rrp is where 'r' and 'rr' came from.
+             */
+            p = _CONF_get_string(conf, cp, np);
+            if (rrp != NULL)
+                *rrp = rr;
+            *rp = r;
+            if (p == NULL) {
+                CONFerr(CONF_F_STR_COPY, CONF_R_VARIABLE_HAS_NO_VALUE);
+                goto err;
+            }
+            BUF_MEM_grow_clean(buf, (strlen(p) + buf->length - (e - from)));
+            while (*p)
+                buf->data[to++] = *(p++);
+
+            /*
+             * Since we change the pointer 'from', we also have to change the
+             * perceived length of the string it points at.  /RL
+             */
+            len -= e - from;
+            from = e;
+
+            /*
+             * In case there were no braces or parenthesis around the
+             * variable reference, we have to put back the character that was
+             * replaced with a '\0'.  /RL
+             */
+            *rp = r;
+        } else
+            buf->data[to++] = *(from++);
+    }
+    buf->data[to] = '\0';
+    if (*pto != NULL)
+        OPENSSL_free(*pto);
+    *pto = buf->data;
+    OPENSSL_free(buf);
+    return (1);
+ err:
+    if (buf != NULL)
+        BUF_MEM_free(buf);
+    return (0);
+}
 
 static char *eat_ws(CONF *conf, char *p)
-	{
-	while (IS_WS(conf,*p) && (!IS_EOF(conf,*p)))
-		p++;
-	return(p);
-	}
+{
+    while (IS_WS(conf, *p) && (!IS_EOF(conf, *p)))
+        p++;
+    return (p);
+}
 
 static char *eat_alpha_numeric(CONF *conf, char *p)
-	{
-	for (;;)
-		{
-		if (IS_ESC(conf,*p))
-			{
-			p=scan_esc(conf,p);
-			continue;
-			}
-		if (!IS_ALPHA_NUMERIC_PUNCT(conf,*p))
-			return(p);
-		p++;
-		}
-	}
+{
+    for (;;) {
+        if (IS_ESC(conf, *p)) {
+            p = scan_esc(conf, p);
+            continue;
+        }
+        if (!IS_ALPHA_NUMERIC_PUNCT(conf, *p))
+            return (p);
+        p++;
+    }
+}
 
 static char *scan_quote(CONF *conf, char *p)
-	{
-	int q= *p;
-
-	p++;
-	while (!(IS_EOF(conf,*p)) && (*p != q))
-		{
-		if (IS_ESC(conf,*p))
-			{
-			p++;
-			if (IS_EOF(conf,*p)) return(p);
-			}
-		p++;
-		}
-	if (*p == q) p++;
-	return(p);
-	}
-
+{
+    int q = *p;
+
+    p++;
+    while (!(IS_EOF(conf, *p)) && (*p != q)) {
+        if (IS_ESC(conf, *p)) {
+            p++;
+            if (IS_EOF(conf, *p))
+                return (p);
+        }
+        p++;
+    }
+    if (*p == q)
+        p++;
+    return (p);
+}
 
 static char *scan_dquote(CONF *conf, char *p)
-	{
-	int q= *p;
-
-	p++;
-	while (!(IS_EOF(conf,*p)))
-		{
-		if (*p == q)
-			{
-			if (*(p+1) == q)
-				{
-				p++;
-				}
-			else
-				{
-				break;
-				}
-			}
-		p++;
-		}
-	if (*p == q) p++;
-	return(p);
-	}
+{
+    int q = *p;
+
+    p++;
+    while (!(IS_EOF(conf, *p))) {
+        if (*p == q) {
+            if (*(p + 1) == q) {
+                p++;
+            } else {
+                break;
+            }
+        }
+        p++;
+    }
+    if (*p == q)
+        p++;
+    return (p);
+}
 
 static void dump_value(CONF_VALUE *a, BIO *out)
-	{
-	if (a->name)
-		BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
-	else
-		BIO_printf(out, "[[%s]]\n", a->section);
-	}
+{
+    if (a->name)
+        BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
+    else
+        BIO_printf(out, "[[%s]]\n", a->section);
+}
 
 static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *)
 
 static int def_dump(const CONF *conf, BIO *out)
-	{
-	lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out);
-	return 1;
-	}
+{
+    lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out);
+    return 1;
+}
 
 static int def_is_number(const CONF *conf, char c)
-	{
-	return IS_NUMBER(conf,c);
-	}
+{
+    return IS_NUMBER(conf, c);
+}
 
 static int def_to_int(const CONF *conf, char c)
-	{
-	return c - '0';
-	}
-
+{
+    return c - '0';
+}
diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_err.c b/Cryptlib/OpenSSL/crypto/conf/conf_err.c
index a16a5e0b..20fb12cb 100644
--- a/Cryptlib/OpenSSL/crypto/conf/conf_err.c
+++ b/Cryptlib/OpenSSL/crypto/conf/conf_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,65 +66,66 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CONF,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CONF,0,reason)
 
-static ERR_STRING_DATA CONF_str_functs[]=
-	{
-{ERR_FUNC(CONF_F_CONF_DUMP_FP),	"CONF_dump_fp"},
-{ERR_FUNC(CONF_F_CONF_LOAD),	"CONF_load"},
-{ERR_FUNC(CONF_F_CONF_LOAD_BIO),	"CONF_load_bio"},
-{ERR_FUNC(CONF_F_CONF_LOAD_FP),	"CONF_load_fp"},
-{ERR_FUNC(CONF_F_CONF_MODULES_LOAD),	"CONF_modules_load"},
-{ERR_FUNC(CONF_F_DEF_LOAD),	"DEF_LOAD"},
-{ERR_FUNC(CONF_F_DEF_LOAD_BIO),	"DEF_LOAD_BIO"},
-{ERR_FUNC(CONF_F_MODULE_INIT),	"MODULE_INIT"},
-{ERR_FUNC(CONF_F_MODULE_LOAD_DSO),	"MODULE_LOAD_DSO"},
-{ERR_FUNC(CONF_F_MODULE_RUN),	"MODULE_RUN"},
-{ERR_FUNC(CONF_F_NCONF_DUMP_BIO),	"NCONF_dump_bio"},
-{ERR_FUNC(CONF_F_NCONF_DUMP_FP),	"NCONF_dump_fp"},
-{ERR_FUNC(CONF_F_NCONF_GET_NUMBER),	"NCONF_get_number"},
-{ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E),	"NCONF_get_number_e"},
-{ERR_FUNC(CONF_F_NCONF_GET_SECTION),	"NCONF_get_section"},
-{ERR_FUNC(CONF_F_NCONF_GET_STRING),	"NCONF_get_string"},
-{ERR_FUNC(CONF_F_NCONF_LOAD),	"NCONF_load"},
-{ERR_FUNC(CONF_F_NCONF_LOAD_BIO),	"NCONF_load_bio"},
-{ERR_FUNC(CONF_F_NCONF_LOAD_FP),	"NCONF_load_fp"},
-{ERR_FUNC(CONF_F_NCONF_NEW),	"NCONF_new"},
-{ERR_FUNC(CONF_F_STR_COPY),	"STR_COPY"},
-{0,NULL}
-	};
+static ERR_STRING_DATA CONF_str_functs[] = {
+    {ERR_FUNC(CONF_F_CONF_DUMP_FP), "CONF_dump_fp"},
+    {ERR_FUNC(CONF_F_CONF_LOAD), "CONF_load"},
+    {ERR_FUNC(CONF_F_CONF_LOAD_BIO), "CONF_load_bio"},
+    {ERR_FUNC(CONF_F_CONF_LOAD_FP), "CONF_load_fp"},
+    {ERR_FUNC(CONF_F_CONF_MODULES_LOAD), "CONF_modules_load"},
+    {ERR_FUNC(CONF_F_DEF_LOAD), "DEF_LOAD"},
+    {ERR_FUNC(CONF_F_DEF_LOAD_BIO), "DEF_LOAD_BIO"},
+    {ERR_FUNC(CONF_F_MODULE_INIT), "MODULE_INIT"},
+    {ERR_FUNC(CONF_F_MODULE_LOAD_DSO), "MODULE_LOAD_DSO"},
+    {ERR_FUNC(CONF_F_MODULE_RUN), "MODULE_RUN"},
+    {ERR_FUNC(CONF_F_NCONF_DUMP_BIO), "NCONF_dump_bio"},
+    {ERR_FUNC(CONF_F_NCONF_DUMP_FP), "NCONF_dump_fp"},
+    {ERR_FUNC(CONF_F_NCONF_GET_NUMBER), "NCONF_get_number"},
+    {ERR_FUNC(CONF_F_NCONF_GET_NUMBER_E), "NCONF_get_number_e"},
+    {ERR_FUNC(CONF_F_NCONF_GET_SECTION), "NCONF_get_section"},
+    {ERR_FUNC(CONF_F_NCONF_GET_STRING), "NCONF_get_string"},
+    {ERR_FUNC(CONF_F_NCONF_LOAD), "NCONF_load"},
+    {ERR_FUNC(CONF_F_NCONF_LOAD_BIO), "NCONF_load_bio"},
+    {ERR_FUNC(CONF_F_NCONF_LOAD_FP), "NCONF_load_fp"},
+    {ERR_FUNC(CONF_F_NCONF_NEW), "NCONF_new"},
+    {ERR_FUNC(CONF_F_STR_COPY), "STR_COPY"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA CONF_str_reasons[]=
-	{
-{ERR_REASON(CONF_R_ERROR_LOADING_DSO)    ,"error loading dso"},
-{ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),"missing close square bracket"},
-{ERR_REASON(CONF_R_MISSING_EQUAL_SIGN)   ,"missing equal sign"},
-{ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION),"missing finish function"},
-{ERR_REASON(CONF_R_MISSING_INIT_FUNCTION),"missing init function"},
-{ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),"module initialization error"},
-{ERR_REASON(CONF_R_NO_CLOSE_BRACE)       ,"no close brace"},
-{ERR_REASON(CONF_R_NO_CONF)              ,"no conf"},
-{ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),"no conf or environment variable"},
-{ERR_REASON(CONF_R_NO_SECTION)           ,"no section"},
-{ERR_REASON(CONF_R_NO_SUCH_FILE)         ,"no such file"},
-{ERR_REASON(CONF_R_NO_VALUE)             ,"no value"},
-{ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),"unable to create new section"},
-{ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME)  ,"unknown module name"},
-{ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE),"variable has no value"},
-{0,NULL}
-	};
+static ERR_STRING_DATA CONF_str_reasons[] = {
+    {ERR_REASON(CONF_R_ERROR_LOADING_DSO), "error loading dso"},
+    {ERR_REASON(CONF_R_MISSING_CLOSE_SQUARE_BRACKET),
+     "missing close square bracket"},
+    {ERR_REASON(CONF_R_MISSING_EQUAL_SIGN), "missing equal sign"},
+    {ERR_REASON(CONF_R_MISSING_FINISH_FUNCTION), "missing finish function"},
+    {ERR_REASON(CONF_R_MISSING_INIT_FUNCTION), "missing init function"},
+    {ERR_REASON(CONF_R_MODULE_INITIALIZATION_ERROR),
+     "module initialization error"},
+    {ERR_REASON(CONF_R_NO_CLOSE_BRACE), "no close brace"},
+    {ERR_REASON(CONF_R_NO_CONF), "no conf"},
+    {ERR_REASON(CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE),
+     "no conf or environment variable"},
+    {ERR_REASON(CONF_R_NO_SECTION), "no section"},
+    {ERR_REASON(CONF_R_NO_SUCH_FILE), "no such file"},
+    {ERR_REASON(CONF_R_NO_VALUE), "no value"},
+    {ERR_REASON(CONF_R_UNABLE_TO_CREATE_NEW_SECTION),
+     "unable to create new section"},
+    {ERR_REASON(CONF_R_UNKNOWN_MODULE_NAME), "unknown module name"},
+    {ERR_REASON(CONF_R_VARIABLE_HAS_NO_VALUE), "variable has no value"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_CONF_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(CONF_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,CONF_str_functs);
-		ERR_load_strings(0,CONF_str_reasons);
-		}
+    if (ERR_func_error_string(CONF_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, CONF_str_functs);
+        ERR_load_strings(0, CONF_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c
index 2a3399d2..5d5aef8c 100644
--- a/Cryptlib/OpenSSL/crypto/conf/conf_lib.c
+++ b/Cryptlib/OpenSSL/crypto/conf/conf_lib.c
@@ -1,6 +1,7 @@
 /* conf_lib.c */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -63,339 +64,322 @@
 #include <openssl/conf_api.h>
 #include <openssl/lhash.h>
 
-const char CONF_version[]="CONF" OPENSSL_VERSION_PTEXT;
+const char CONF_version[] = "CONF" OPENSSL_VERSION_PTEXT;
 
-static CONF_METHOD *default_CONF_method=NULL;
+static CONF_METHOD *default_CONF_method = NULL;
 
 /* Init a 'CONF' structure from an old LHASH */
 
 void CONF_set_nconf(CONF *conf, LHASH *hash)
-	{
-	if (default_CONF_method == NULL)
-		default_CONF_method = NCONF_default();
+{
+    if (default_CONF_method == NULL)
+        default_CONF_method = NCONF_default();
 
-	default_CONF_method->init(conf);
-	conf->data = hash;
-	}
+    default_CONF_method->init(conf);
+    conf->data = hash;
+}
 
-/* The following section contains the "CONF classic" functions,
-   rewritten in terms of the new CONF interface. */
+/*
+ * The following section contains the "CONF classic" functions, rewritten in
+ * terms of the new CONF interface.
+ */
 
 int CONF_set_default_method(CONF_METHOD *meth)
-	{
-	default_CONF_method = meth;
-	return 1;
-	}
+{
+    default_CONF_method = meth;
+    return 1;
+}
 
 LHASH *CONF_load(LHASH *conf, const char *file, long *eline)
-	{
-	LHASH *ltmp;
-	BIO *in=NULL;
+{
+    LHASH *ltmp;
+    BIO *in = NULL;
 
 #ifdef OPENSSL_SYS_VMS
-	in=BIO_new_file(file, "r");
+    in = BIO_new_file(file, "r");
 #else
-	in=BIO_new_file(file, "rb");
+    in = BIO_new_file(file, "rb");
 #endif
-	if (in == NULL)
-		{
-		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
-		return NULL;
-		}
+    if (in == NULL) {
+        CONFerr(CONF_F_CONF_LOAD, ERR_R_SYS_LIB);
+        return NULL;
+    }
 
-	ltmp = CONF_load_bio(conf, in, eline);
-	BIO_free(in);
+    ltmp = CONF_load_bio(conf, in, eline);
+    BIO_free(in);
 
-	return ltmp;
-	}
+    return ltmp;
+}
 
 #ifndef OPENSSL_NO_FP_API
-LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline)
-	{
-	BIO *btmp;
-	LHASH *ltmp;
-	if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-		CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
-		return NULL;
-	}
-	ltmp = CONF_load_bio(conf, btmp, eline);
-	BIO_free(btmp);
-	return ltmp;
-	}
+LHASH *CONF_load_fp(LHASH *conf, FILE *fp, long *eline)
+{
+    BIO *btmp;
+    LHASH *ltmp;
+    if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+        CONFerr(CONF_F_CONF_LOAD_FP, ERR_R_BUF_LIB);
+        return NULL;
+    }
+    ltmp = CONF_load_bio(conf, btmp, eline);
+    BIO_free(btmp);
+    return ltmp;
+}
 #endif
 
-LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline)
-	{
-	CONF ctmp;
-	int ret;
-
-	CONF_set_nconf(&ctmp, conf);
-
-	ret = NCONF_load_bio(&ctmp, bp, eline);
-	if (ret)
-		return ctmp.data;
-	return NULL;
-	}
-
-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section)
-	{
-	if (conf == NULL)
-		{
-		return NULL;
-		}
-	else
-		{
-		CONF ctmp;
-		CONF_set_nconf(&ctmp, conf);
-		return NCONF_get_section(&ctmp, section);
-		}
-	}
-
-char *CONF_get_string(LHASH *conf,const char *group,const char *name)
-	{
-	if (conf == NULL)
-		{
-		return NCONF_get_string(NULL, group, name);
-		}
-	else
-		{
-		CONF ctmp;
-		CONF_set_nconf(&ctmp, conf);
-		return NCONF_get_string(&ctmp, group, name);
-		}
-	}
-
-long CONF_get_number(LHASH *conf,const char *group,const char *name)
-	{
-	int status;
-	long result = 0;
-
-	if (conf == NULL)
-		{
-		status = NCONF_get_number_e(NULL, group, name, &result);
-		}
-	else
-		{
-		CONF ctmp;
-		CONF_set_nconf(&ctmp, conf);
-		status = NCONF_get_number_e(&ctmp, group, name, &result);
-		}
-
-	if (status == 0)
-		{
-		/* This function does not believe in errors... */
-		ERR_clear_error();
-		}
-	return result;
-	}
+LHASH *CONF_load_bio(LHASH *conf, BIO *bp, long *eline)
+{
+    CONF ctmp;
+    int ret;
+
+    CONF_set_nconf(&ctmp, conf);
+
+    ret = NCONF_load_bio(&ctmp, bp, eline);
+    if (ret)
+        return ctmp.data;
+    return NULL;
+}
+
+STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, const char *section)
+{
+    if (conf == NULL) {
+        return NULL;
+    } else {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return NCONF_get_section(&ctmp, section);
+    }
+}
+
+char *CONF_get_string(LHASH *conf, const char *group, const char *name)
+{
+    if (conf == NULL) {
+        return NCONF_get_string(NULL, group, name);
+    } else {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        return NCONF_get_string(&ctmp, group, name);
+    }
+}
+
+long CONF_get_number(LHASH *conf, const char *group, const char *name)
+{
+    int status;
+    long result = 0;
+
+    if (conf == NULL) {
+        status = NCONF_get_number_e(NULL, group, name, &result);
+    } else {
+        CONF ctmp;
+        CONF_set_nconf(&ctmp, conf);
+        status = NCONF_get_number_e(&ctmp, group, name, &result);
+    }
+
+    if (status == 0) {
+        /* This function does not believe in errors... */
+        ERR_clear_error();
+    }
+    return result;
+}
 
 void CONF_free(LHASH *conf)
-	{
-	CONF ctmp;
-	CONF_set_nconf(&ctmp, conf);
-	NCONF_free_data(&ctmp);
-	}
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    NCONF_free_data(&ctmp);
+}
 
 #ifndef OPENSSL_NO_FP_API
 int CONF_dump_fp(LHASH *conf, FILE *out)
-	{
-	BIO *btmp;
-	int ret;
-
-	if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
-		CONFerr(CONF_F_CONF_DUMP_FP,ERR_R_BUF_LIB);
-		return 0;
-	}
-	ret = CONF_dump_bio(conf, btmp);
-	BIO_free(btmp);
-	return ret;
-	}
+{
+    BIO *btmp;
+    int ret;
+
+    if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
+        CONFerr(CONF_F_CONF_DUMP_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = CONF_dump_bio(conf, btmp);
+    BIO_free(btmp);
+    return ret;
+}
 #endif
 
 int CONF_dump_bio(LHASH *conf, BIO *out)
-	{
-	CONF ctmp;
-	CONF_set_nconf(&ctmp, conf);
-	return NCONF_dump_bio(&ctmp, out);
-	}
-
-/* The following section contains the "New CONF" functions.  They are
-   completely centralised around a new CONF structure that may contain
-   basically anything, but at least a method pointer and a table of data.
-   These functions are also written in terms of the bridge functions used
-   by the "CONF classic" functions, for consistency.  */
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return NCONF_dump_bio(&ctmp, out);
+}
+
+/*
+ * The following section contains the "New CONF" functions.  They are
+ * completely centralised around a new CONF structure that may contain
+ * basically anything, but at least a method pointer and a table of data.
+ * These functions are also written in terms of the bridge functions used by
+ * the "CONF classic" functions, for consistency.
+ */
 
 CONF *NCONF_new(CONF_METHOD *meth)
-	{
-	CONF *ret;
+{
+    CONF *ret;
 
-	if (meth == NULL)
-		meth = NCONF_default();
+    if (meth == NULL)
+        meth = NCONF_default();
 
-	ret = meth->create(meth);
-	if (ret == NULL)
-		{
-		CONFerr(CONF_F_NCONF_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
+    ret = meth->create(meth);
+    if (ret == NULL) {
+        CONFerr(CONF_F_NCONF_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
 
-	return ret;
-	}
+    return ret;
+}
 
 void NCONF_free(CONF *conf)
-	{
-	if (conf == NULL)
-		return;
-	conf->meth->destroy(conf);
-	}
+{
+    if (conf == NULL)
+        return;
+    conf->meth->destroy(conf);
+}
 
 void NCONF_free_data(CONF *conf)
-	{
-	if (conf == NULL)
-		return;
-	conf->meth->destroy_data(conf);
-	}
+{
+    if (conf == NULL)
+        return;
+    conf->meth->destroy_data(conf);
+}
 
 int NCONF_load(CONF *conf, const char *file, long *eline)
-	{
-	if (conf == NULL)
-		{
-		CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF);
-		return 0;
-		}
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_LOAD, CONF_R_NO_CONF);
+        return 0;
+    }
 
-	return conf->meth->load(conf, file, eline);
-	}
+    return conf->meth->load(conf, file, eline);
+}
 
 #ifndef OPENSSL_NO_FP_API
-int NCONF_load_fp(CONF *conf, FILE *fp,long *eline)
-	{
-	BIO *btmp;
-	int ret;
-	if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE)))
-		{
-		CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB);
-		return 0;
-		}
-	ret = NCONF_load_bio(conf, btmp, eline);
-	BIO_free(btmp);
-	return ret;
-	}
+int NCONF_load_fp(CONF *conf, FILE *fp, long *eline)
+{
+    BIO *btmp;
+    int ret;
+    if (!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+        CONFerr(CONF_F_NCONF_LOAD_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = NCONF_load_bio(conf, btmp, eline);
+    BIO_free(btmp);
+    return ret;
+}
 #endif
 
-int NCONF_load_bio(CONF *conf, BIO *bp,long *eline)
-	{
-	if (conf == NULL)
-		{
-		CONFerr(CONF_F_NCONF_LOAD_BIO,CONF_R_NO_CONF);
-		return 0;
-		}
-
-	return conf->meth->load_bio(conf, bp, eline);
-	}
-
-STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section)
-	{
-	if (conf == NULL)
-		{
-		CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_CONF);
-		return NULL;
-		}
-
-	if (section == NULL)
-		{
-		CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION);
-		return NULL;
-		}
-
-	return _CONF_get_section_values(conf, section);
-	}
-
-char *NCONF_get_string(const CONF *conf,const char *group,const char *name)
-	{
-	char *s = _CONF_get_string(conf, group, name);
-
-        /* Since we may get a value from an environment variable even
-           if conf is NULL, let's check the value first */
-        if (s) return s;
-
-	if (conf == NULL)
-		{
-		CONFerr(CONF_F_NCONF_GET_STRING,
-                        CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
-		return NULL;
-		}
-	CONFerr(CONF_F_NCONF_GET_STRING,
-		CONF_R_NO_VALUE);
-	ERR_add_error_data(4,"group=",group," name=",name);
-	return NULL;
-	}
-
-int NCONF_get_number_e(const CONF *conf,const char *group,const char *name,
-		       long *result)
-	{
-	char *str;
-
-	if (result == NULL)
-		{
-		CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-
-	str = NCONF_get_string(conf,group,name);
-
-	if (str == NULL)
-		return 0;
-
-	for (*result = 0;conf->meth->is_number(conf, *str);)
-		{
-		*result = (*result)*10 + conf->meth->to_int(conf, *str);
-		str++;
-		}
-
-	return 1;
-	}
+int NCONF_load_bio(CONF *conf, BIO *bp, long *eline)
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_LOAD_BIO, CONF_R_NO_CONF);
+        return 0;
+    }
+
+    return conf->meth->load_bio(conf, bp, eline);
+}
+
+STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf, const char *section)
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_CONF);
+        return NULL;
+    }
+
+    if (section == NULL) {
+        CONFerr(CONF_F_NCONF_GET_SECTION, CONF_R_NO_SECTION);
+        return NULL;
+    }
+
+    return _CONF_get_section_values(conf, section);
+}
+
+char *NCONF_get_string(const CONF *conf, const char *group, const char *name)
+{
+    char *s = _CONF_get_string(conf, group, name);
+
+    /*
+     * Since we may get a value from an environment variable even if conf is
+     * NULL, let's check the value first
+     */
+    if (s)
+        return s;
+
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_GET_STRING,
+                CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE);
+        return NULL;
+    }
+    CONFerr(CONF_F_NCONF_GET_STRING, CONF_R_NO_VALUE);
+    ERR_add_error_data(4, "group=", group, " name=", name);
+    return NULL;
+}
+
+int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
+                       long *result)
+{
+    char *str;
+
+    if (result == NULL) {
+        CONFerr(CONF_F_NCONF_GET_NUMBER_E, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    str = NCONF_get_string(conf, group, name);
+
+    if (str == NULL)
+        return 0;
+
+    for (*result = 0; conf->meth->is_number(conf, *str);) {
+        *result = (*result) * 10 + conf->meth->to_int(conf, *str);
+        str++;
+    }
+
+    return 1;
+}
 
 #ifndef OPENSSL_NO_FP_API
 int NCONF_dump_fp(const CONF *conf, FILE *out)
-	{
-	BIO *btmp;
-	int ret;
-	if(!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
-		CONFerr(CONF_F_NCONF_DUMP_FP,ERR_R_BUF_LIB);
-		return 0;
-	}
-	ret = NCONF_dump_bio(conf, btmp);
-	BIO_free(btmp);
-	return ret;
-	}
+{
+    BIO *btmp;
+    int ret;
+    if (!(btmp = BIO_new_fp(out, BIO_NOCLOSE))) {
+        CONFerr(CONF_F_NCONF_DUMP_FP, ERR_R_BUF_LIB);
+        return 0;
+    }
+    ret = NCONF_dump_bio(conf, btmp);
+    BIO_free(btmp);
+    return ret;
+}
 #endif
 
 int NCONF_dump_bio(const CONF *conf, BIO *out)
-	{
-	if (conf == NULL)
-		{
-		CONFerr(CONF_F_NCONF_DUMP_BIO,CONF_R_NO_CONF);
-		return 0;
-		}
-
-	return conf->meth->dump(conf, out);
-	}
+{
+    if (conf == NULL) {
+        CONFerr(CONF_F_NCONF_DUMP_BIO, CONF_R_NO_CONF);
+        return 0;
+    }
 
+    return conf->meth->dump(conf, out);
+}
 
 /* This function should be avoided */
 #if 0
-long NCONF_get_number(CONF *conf,char *group,char *name)
-	{
-	int status;
-	long ret=0;
-
-	status = NCONF_get_number_e(conf, group, name, &ret);
-	if (status == 0)
-		{
-		/* This function does not believe in errors... */
-		ERR_get_error();
-		}
-	return ret;
-	}
+long NCONF_get_number(CONF *conf, char *group, char *name)
+{
+    int status;
+    long ret = 0;
+
+    status = NCONF_get_number_e(conf, group, name, &ret);
+    if (status == 0) {
+        /* This function does not believe in errors... */
+        ERR_get_error();
+    }
+    return ret;
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c
index 1cc1fd55..4123ebae 100644
--- a/Cryptlib/OpenSSL/crypto/conf/conf_mall.c
+++ b/Cryptlib/OpenSSL/crypto/conf/conf_mall.c
@@ -1,6 +1,7 @@
 /* conf_mall.c */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -65,18 +66,17 @@
 #include <openssl/asn1.h>
 #include <openssl/evp.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 
 /* Load all OpenSSL builtin modules */
 
 void OPENSSL_load_builtin_modules(void)
-	{
-	/* Add builtin modules here */
-	ASN1_add_oid_module();
+{
+    /* Add builtin modules here */
+    ASN1_add_oid_module();
 #ifndef OPENSSL_NO_ENGINE
-	ENGINE_add_conf_module();
+    ENGINE_add_conf_module();
 #endif
-	EVP_add_alg_module();
-	}
-
+    EVP_add_alg_module();
+}
diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c
index ee9c677d..ffc477c7 100644
--- a/Cryptlib/OpenSSL/crypto/conf/conf_mod.c
+++ b/Cryptlib/OpenSSL/crypto/conf/conf_mod.c
@@ -1,6 +1,7 @@
 /* conf_mod.c */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,45 +65,41 @@
 #include <openssl/dso.h>
 #include <openssl/x509.h>
 
-
 #define DSO_mod_init_name "OPENSSL_init"
 #define DSO_mod_finish_name "OPENSSL_finish"
 
-
-/* This structure contains a data about supported modules.
- * entries in this table correspond to either dynamic or
- * static modules.
+/*
+ * This structure contains a data about supported modules. entries in this
+ * table correspond to either dynamic or static modules.
  */
 
-struct conf_module_st
-	{
-	/* DSO of this module or NULL if static */
-	DSO *dso;
-	/* Name of the module */
-	char *name;
-	/* Init function */
-	conf_init_func *init; 
-	/* Finish function */
-	conf_finish_func *finish;
-	/* Number of successfully initialized modules */
-	int links;
-	void *usr_data;
-	};
-
-
-/* This structure contains information about modules that have been
- * successfully initialized. There may be more than one entry for a
- * given module.
+struct conf_module_st {
+    /* DSO of this module or NULL if static */
+    DSO *dso;
+    /* Name of the module */
+    char *name;
+    /* Init function */
+    conf_init_func *init;
+    /* Finish function */
+    conf_finish_func *finish;
+    /* Number of successfully initialized modules */
+    int links;
+    void *usr_data;
+};
+
+/*
+ * This structure contains information about modules that have been
+ * successfully initialized. There may be more than one entry for a given
+ * module.
  */
 
-struct conf_imodule_st
-	{
-	CONF_MODULE *pmod;
-	char *name;
-	char *value;
-	unsigned long flags;
-	void *usr_data;
-	};
+struct conf_imodule_st {
+    CONF_MODULE *pmod;
+    char *name;
+    char *value;
+    unsigned long flags;
+    void *usr_data;
+};
 
 static STACK_OF(CONF_MODULE) *supported_modules = NULL;
 static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
@@ -110,508 +107,486 @@ static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
 static void module_free(CONF_MODULE *md);
 static void module_finish(CONF_IMODULE *imod);
 static int module_run(const CONF *cnf, char *name, char *value,
-					  unsigned long flags);
+                      unsigned long flags);
 static CONF_MODULE *module_add(DSO *dso, const char *name,
-			conf_init_func *ifunc, conf_finish_func *ffunc);
+                               conf_init_func *ifunc,
+                               conf_finish_func *ffunc);
 static CONF_MODULE *module_find(char *name);
 static int module_init(CONF_MODULE *pmod, char *name, char *value,
-					   const CONF *cnf);
+                       const CONF *cnf);
 static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
-									unsigned long flags);
+                                    unsigned long flags);
 
 /* Main function: load modules from a CONF structure */
 
 int CONF_modules_load(const CONF *cnf, const char *appname,
-		      unsigned long flags)
-	{
-	STACK_OF(CONF_VALUE) *values;
-	CONF_VALUE *vl;
-	char *vsection = NULL;
+                      unsigned long flags)
+{
+    STACK_OF(CONF_VALUE) *values;
+    CONF_VALUE *vl;
+    char *vsection = NULL;
 
-	int ret, i;
+    int ret, i;
 
-	if (!cnf)
-		return 1;
+    if (!cnf)
+        return 1;
 
-	if (appname)
-		vsection = NCONF_get_string(cnf, NULL, appname);
+    if (appname)
+        vsection = NCONF_get_string(cnf, NULL, appname);
 
-	if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
-		vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
+    if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
+        vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
 
-	if (!vsection)
-		{
-		ERR_clear_error();
-		return 1;
-		}
+    if (!vsection) {
+        ERR_clear_error();
+        return 1;
+    }
 
-	values = NCONF_get_section(cnf, vsection);
+    values = NCONF_get_section(cnf, vsection);
 
-	if (!values)
-		return 0;
+    if (!values)
+        return 0;
 
-	for (i = 0; i < sk_CONF_VALUE_num(values); i++)
-		{
-		vl = sk_CONF_VALUE_value(values, i);
-		ret = module_run(cnf, vl->name, vl->value, flags);
-		if (ret <= 0)
-			if(!(flags & CONF_MFLAGS_IGNORE_ERRORS))
-				return ret;
-		}
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        vl = sk_CONF_VALUE_value(values, i);
+        ret = module_run(cnf, vl->name, vl->value, flags);
+        if (ret <= 0)
+            if (!(flags & CONF_MFLAGS_IGNORE_ERRORS))
+                return ret;
+    }
 
-	return 1;
+    return 1;
 
-	}
+}
 
 int CONF_modules_load_file(const char *filename, const char *appname,
-			   unsigned long flags)
-	{
-	char *file = NULL;
-	CONF *conf = NULL;
-	int ret = 0;
-	conf = NCONF_new(NULL);
-	if (!conf)
-		goto err;
-
-	if (filename == NULL)
-		{
-		file = CONF_get1_default_config_file();
-		if (!file)
-			goto err;
-		}
-	else
-		file = (char *)filename;
-
-	if (NCONF_load(conf, file, NULL) <= 0)
-		{
-		if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
-		  (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE))
-			{
-			ERR_clear_error();
-			ret = 1;
-			}
-		goto err;
-		}
-
-	ret = CONF_modules_load(conf, appname, flags);
-
-	err:
-	if (filename == NULL)
-		OPENSSL_free(file);
-	NCONF_free(conf);
-
-	return ret;
-	}
+                           unsigned long flags)
+{
+    char *file = NULL;
+    CONF *conf = NULL;
+    int ret = 0;
+    conf = NCONF_new(NULL);
+    if (!conf)
+        goto err;
+
+    if (filename == NULL) {
+        file = CONF_get1_default_config_file();
+        if (!file)
+            goto err;
+    } else
+        file = (char *)filename;
+
+    if (NCONF_load(conf, file, NULL) <= 0) {
+        if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
+            (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) {
+            ERR_clear_error();
+            ret = 1;
+        }
+        goto err;
+    }
+
+    ret = CONF_modules_load(conf, appname, flags);
+
+ err:
+    if (filename == NULL)
+        OPENSSL_free(file);
+    NCONF_free(conf);
+
+    return ret;
+}
 
 static int module_run(const CONF *cnf, char *name, char *value,
-		      unsigned long flags)
-	{
-	CONF_MODULE *md;
-	int ret;
-
-	md = module_find(name);
-
-	/* Module not found: try to load DSO */
-	if (!md && !(flags & CONF_MFLAGS_NO_DSO))
-		md = module_load_dso(cnf, name, value, flags);
-
-	if (!md)
-		{
-		if (!(flags & CONF_MFLAGS_SILENT))
-			{
-			CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
-			ERR_add_error_data(2, "module=", name);
-			}
-		return -1;
-		}
-
-	ret = module_init(md, name, value, cnf);
-
-	if (ret <= 0)
-		{
-		if (!(flags & CONF_MFLAGS_SILENT))
-			{
-			char rcode[DECIMAL_SIZE(ret)+1];
-			CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
-			BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
-			ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
-			}
-		}
-
-	return ret;
-	}
+                      unsigned long flags)
+{
+    CONF_MODULE *md;
+    int ret;
+
+    md = module_find(name);
+
+    /* Module not found: try to load DSO */
+    if (!md && !(flags & CONF_MFLAGS_NO_DSO))
+        md = module_load_dso(cnf, name, value, flags);
+
+    if (!md) {
+        if (!(flags & CONF_MFLAGS_SILENT)) {
+            CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
+            ERR_add_error_data(2, "module=", name);
+        }
+        return -1;
+    }
+
+    ret = module_init(md, name, value, cnf);
+
+    if (ret <= 0) {
+        if (!(flags & CONF_MFLAGS_SILENT)) {
+            char rcode[DECIMAL_SIZE(ret) + 1];
+            CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
+            BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
+            ERR_add_error_data(6, "module=", name, ", value=", value,
+                               ", retcode=", rcode);
+        }
+    }
+
+    return ret;
+}
 
 /* Load a module from a DSO */
 static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
-				    unsigned long flags)
-	{
-	DSO *dso = NULL;
-	conf_init_func *ifunc;
-	conf_finish_func *ffunc;
-	char *path = NULL;
-	int errcode = 0;
-	CONF_MODULE *md;
-	/* Look for alternative path in module section */
-	path = NCONF_get_string(cnf, value, "path");
-	if (!path)
-		{
-		ERR_clear_error();
-		path = name;
-		}
-	dso = DSO_load(NULL, path, NULL, 0);
-	if (!dso)
-		{
-		errcode = CONF_R_ERROR_LOADING_DSO;
-		goto err;
-		}
-        ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
-	if (!ifunc)
-		{
-		errcode = CONF_R_MISSING_INIT_FUNCTION;
-		goto err;
-		}
-        ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
-	/* All OK, add module */
-	md = module_add(dso, name, ifunc, ffunc);
-
-	if (!md)
-		goto err;
-
-	return md;
-
-	err:
-	if (dso)
-		DSO_free(dso);
-	CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
-	ERR_add_error_data(4, "module=", name, ", path=", path);
-	return NULL;
-	}
+                                    unsigned long flags)
+{
+    DSO *dso = NULL;
+    conf_init_func *ifunc;
+    conf_finish_func *ffunc;
+    char *path = NULL;
+    int errcode = 0;
+    CONF_MODULE *md;
+    /* Look for alternative path in module section */
+    path = NCONF_get_string(cnf, value, "path");
+    if (!path) {
+        ERR_clear_error();
+        path = name;
+    }
+    dso = DSO_load(NULL, path, NULL, 0);
+    if (!dso) {
+        errcode = CONF_R_ERROR_LOADING_DSO;
+        goto err;
+    }
+    ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
+    if (!ifunc) {
+        errcode = CONF_R_MISSING_INIT_FUNCTION;
+        goto err;
+    }
+    ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
+    /* All OK, add module */
+    md = module_add(dso, name, ifunc, ffunc);
+
+    if (!md)
+        goto err;
+
+    return md;
+
+ err:
+    if (dso)
+        DSO_free(dso);
+    CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
+    ERR_add_error_data(4, "module=", name, ", path=", path);
+    return NULL;
+}
 
 /* add module to list */
 static CONF_MODULE *module_add(DSO *dso, const char *name,
-			       conf_init_func *ifunc, conf_finish_func *ffunc)
-	{
-	CONF_MODULE *tmod = NULL;
-	if (supported_modules == NULL)
-		supported_modules = sk_CONF_MODULE_new_null();
-	if (supported_modules == NULL)
-		return NULL;
-	tmod = OPENSSL_malloc(sizeof(CONF_MODULE));
-	if (tmod == NULL)
-		return NULL;
-
-	tmod->dso = dso;
-	tmod->name = BUF_strdup(name);
-	tmod->init = ifunc;
-	tmod->finish = ffunc;
-	tmod->links = 0;
-
-	if (!sk_CONF_MODULE_push(supported_modules, tmod))
-		{
-		OPENSSL_free(tmod);
-		return NULL;
-		}
-
-	return tmod;
-	}
-
-/* Find a module from the list. We allow module names of the
- * form modname.XXXX to just search for modname to allow the
- * same module to be initialized more than once.
+                               conf_init_func *ifunc, conf_finish_func *ffunc)
+{
+    CONF_MODULE *tmod = NULL;
+    if (supported_modules == NULL)
+        supported_modules = sk_CONF_MODULE_new_null();
+    if (supported_modules == NULL)
+        return NULL;
+    tmod = OPENSSL_malloc(sizeof(CONF_MODULE));
+    if (tmod == NULL)
+        return NULL;
+
+    tmod->dso = dso;
+    tmod->name = BUF_strdup(name);
+    tmod->init = ifunc;
+    tmod->finish = ffunc;
+    tmod->links = 0;
+
+    if (!sk_CONF_MODULE_push(supported_modules, tmod)) {
+        OPENSSL_free(tmod);
+        return NULL;
+    }
+
+    return tmod;
+}
+
+/*
+ * Find a module from the list. We allow module names of the form
+ * modname.XXXX to just search for modname to allow the same module to be
+ * initialized more than once.
  */
 
 static CONF_MODULE *module_find(char *name)
-	{
-	CONF_MODULE *tmod;
-	int i, nchar;
-	char *p;
-	p = strrchr(name, '.');
+{
+    CONF_MODULE *tmod;
+    int i, nchar;
+    char *p;
+    p = strrchr(name, '.');
 
-	if (p)
-		nchar = p - name;
-	else 
-		nchar = strlen(name);
+    if (p)
+        nchar = p - name;
+    else
+        nchar = strlen(name);
 
-	for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++)
-		{
-		tmod = sk_CONF_MODULE_value(supported_modules, i);
-		if (!strncmp(tmod->name, name, nchar))
-			return tmod;
-		}
+    for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) {
+        tmod = sk_CONF_MODULE_value(supported_modules, i);
+        if (!strncmp(tmod->name, name, nchar))
+            return tmod;
+    }
 
-	return NULL;
+    return NULL;
 
-	}
+}
 
 /* initialize a module */
 static int module_init(CONF_MODULE *pmod, char *name, char *value,
-		       const CONF *cnf)
-	{
-	int ret = 1;
-	int init_called = 0;
-	CONF_IMODULE *imod = NULL;
-
-	/* Otherwise add initialized module to list */
-	imod = OPENSSL_malloc(sizeof(CONF_IMODULE));
-	if (!imod)
-		goto err;
-
-	imod->pmod = pmod;
-	imod->name = BUF_strdup(name);
-	imod->value = BUF_strdup(value);
-	imod->usr_data = NULL;
-
-	if (!imod->name || !imod->value)
-		goto memerr;
-
-	/* Try to initialize module */
-	if(pmod->init)
-		{
-		ret = pmod->init(imod, cnf);
-		init_called = 1;
-		/* Error occurred, exit */
-		if (ret <= 0)
-			goto err;
-		}
-
-	if (initialized_modules == NULL)
-		{
-		initialized_modules = sk_CONF_IMODULE_new_null();
-		if (!initialized_modules)
-			{
-			CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-
-	if (!sk_CONF_IMODULE_push(initialized_modules, imod))
-		{
-		CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	pmod->links++;
-
-	return ret;
-
-	err:
-
-	/* We've started the module so we'd better finish it */
-	if (pmod->finish && init_called)
-		pmod->finish(imod);
-
-	memerr:
-	if (imod)
-		{
-		if (imod->name)
-			OPENSSL_free(imod->name);
-		if (imod->value)
-			OPENSSL_free(imod->value);
-		OPENSSL_free(imod);
-		}
-
-	return -1;
-
-	}
-
-/* Unload any dynamic modules that have a link count of zero:
- * i.e. have no active initialized modules. If 'all' is set
- * then all modules are unloaded including static ones.
+                       const CONF *cnf)
+{
+    int ret = 1;
+    int init_called = 0;
+    CONF_IMODULE *imod = NULL;
+
+    /* Otherwise add initialized module to list */
+    imod = OPENSSL_malloc(sizeof(CONF_IMODULE));
+    if (!imod)
+        goto err;
+
+    imod->pmod = pmod;
+    imod->name = BUF_strdup(name);
+    imod->value = BUF_strdup(value);
+    imod->usr_data = NULL;
+
+    if (!imod->name || !imod->value)
+        goto memerr;
+
+    /* Try to initialize module */
+    if (pmod->init) {
+        ret = pmod->init(imod, cnf);
+        init_called = 1;
+        /* Error occurred, exit */
+        if (ret <= 0)
+            goto err;
+    }
+
+    if (initialized_modules == NULL) {
+        initialized_modules = sk_CONF_IMODULE_new_null();
+        if (!initialized_modules) {
+            CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (!sk_CONF_IMODULE_push(initialized_modules, imod)) {
+        CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    pmod->links++;
+
+    return ret;
+
+ err:
+
+    /* We've started the module so we'd better finish it */
+    if (pmod->finish && init_called)
+        pmod->finish(imod);
+
+ memerr:
+    if (imod) {
+        if (imod->name)
+            OPENSSL_free(imod->name);
+        if (imod->value)
+            OPENSSL_free(imod->value);
+        OPENSSL_free(imod);
+    }
+
+    return -1;
+
+}
+
+/*
+ * Unload any dynamic modules that have a link count of zero: i.e. have no
+ * active initialized modules. If 'all' is set then all modules are unloaded
+ * including static ones.
  */
 
 void CONF_modules_unload(int all)
-	{
-	int i;
-	CONF_MODULE *md;
-	CONF_modules_finish();
-	/* unload modules in reverse order */
-	for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--)
-		{
-		md = sk_CONF_MODULE_value(supported_modules, i);
-		/* If static or in use and 'all' not set ignore it */
-		if (((md->links > 0) || !md->dso) && !all)
-			continue;
-		/* Since we're working in reverse this is OK */
-		(void)sk_CONF_MODULE_delete(supported_modules, i);
-		module_free(md);
-		}
-	if (sk_CONF_MODULE_num(supported_modules) == 0)
-		{
-		sk_CONF_MODULE_free(supported_modules);
-		supported_modules = NULL;
-		}
-	}
+{
+    int i;
+    CONF_MODULE *md;
+    CONF_modules_finish();
+    /* unload modules in reverse order */
+    for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) {
+        md = sk_CONF_MODULE_value(supported_modules, i);
+        /* If static or in use and 'all' not set ignore it */
+        if (((md->links > 0) || !md->dso) && !all)
+            continue;
+        /* Since we're working in reverse this is OK */
+        (void)sk_CONF_MODULE_delete(supported_modules, i);
+        module_free(md);
+    }
+    if (sk_CONF_MODULE_num(supported_modules) == 0) {
+        sk_CONF_MODULE_free(supported_modules);
+        supported_modules = NULL;
+    }
+}
 
 /* unload a single module */
 static void module_free(CONF_MODULE *md)
-	{
-	if (md->dso)
-		DSO_free(md->dso);
-	OPENSSL_free(md->name);
-	OPENSSL_free(md);
-	}
+{
+    if (md->dso)
+        DSO_free(md->dso);
+    OPENSSL_free(md->name);
+    OPENSSL_free(md);
+}
 
 /* finish and free up all modules instances */
 
 void CONF_modules_finish(void)
-	{
-	CONF_IMODULE *imod;
-	while (sk_CONF_IMODULE_num(initialized_modules) > 0)
-		{
-		imod = sk_CONF_IMODULE_pop(initialized_modules);
-		module_finish(imod);
-		}
-	sk_CONF_IMODULE_free(initialized_modules);
-	initialized_modules = NULL;
-	}
+{
+    CONF_IMODULE *imod;
+    while (sk_CONF_IMODULE_num(initialized_modules) > 0) {
+        imod = sk_CONF_IMODULE_pop(initialized_modules);
+        module_finish(imod);
+    }
+    sk_CONF_IMODULE_free(initialized_modules);
+    initialized_modules = NULL;
+}
 
 /* finish a module instance */
 
 static void module_finish(CONF_IMODULE *imod)
-	{
-	if (imod->pmod->finish)
-		imod->pmod->finish(imod);
-	imod->pmod->links--;
-	OPENSSL_free(imod->name);
-	OPENSSL_free(imod->value);
-	OPENSSL_free(imod);
-	}
+{
+    if (imod->pmod->finish)
+        imod->pmod->finish(imod);
+    imod->pmod->links--;
+    OPENSSL_free(imod->name);
+    OPENSSL_free(imod->value);
+    OPENSSL_free(imod);
+}
 
 /* Add a static module to OpenSSL */
 
-int CONF_module_add(const char *name, conf_init_func *ifunc, 
-		    conf_finish_func *ffunc)
-	{
-	if (module_add(NULL, name, ifunc, ffunc))
-		return 1;
-	else
-		return 0;
-	}
+int CONF_module_add(const char *name, conf_init_func *ifunc,
+                    conf_finish_func *ffunc)
+{
+    if (module_add(NULL, name, ifunc, ffunc))
+        return 1;
+    else
+        return 0;
+}
 
 void CONF_modules_free(void)
-	{
-	CONF_modules_finish();
-	CONF_modules_unload(1);
-	}
+{
+    CONF_modules_finish();
+    CONF_modules_unload(1);
+}
 
 /* Utility functions */
 
 const char *CONF_imodule_get_name(const CONF_IMODULE *md)
-	{
-	return md->name;
-	}
+{
+    return md->name;
+}
 
 const char *CONF_imodule_get_value(const CONF_IMODULE *md)
-	{
-	return md->value;
-	}
+{
+    return md->value;
+}
 
 void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
-	{
-	return md->usr_data;
-	}
+{
+    return md->usr_data;
+}
 
 void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
-	{
-	md->usr_data = usr_data;
-	}
+{
+    md->usr_data = usr_data;
+}
 
 CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
-	{
-	return md->pmod;
-	}
+{
+    return md->pmod;
+}
 
 unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
-	{
-	return md->flags;
-	}
+{
+    return md->flags;
+}
 
 void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
-	{
-	md->flags = flags;
-	}
+{
+    md->flags = flags;
+}
 
 void *CONF_module_get_usr_data(CONF_MODULE *pmod)
-	{
-	return pmod->usr_data;
-	}
+{
+    return pmod->usr_data;
+}
 
 void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
-	{
-	pmod->usr_data = usr_data;
-	}
+{
+    pmod->usr_data = usr_data;
+}
 
 /* Return default config file name */
 
 char *CONF_get1_default_config_file(void)
-	{
-	char *file;
-	int len;
+{
+    char *file;
+    int len;
 
-	file = getenv("OPENSSL_CONF");
-	if (file) 
-		return BUF_strdup(file);
+    file = getenv("OPENSSL_CONF");
+    if (file)
+        return BUF_strdup(file);
 
-	len = strlen(X509_get_default_cert_area());
+    len = strlen(X509_get_default_cert_area());
 #ifndef OPENSSL_SYS_VMS
-	len++;
+    len++;
 #endif
-	len += strlen(OPENSSL_CONF);
+    len += strlen(OPENSSL_CONF);
 
-	file = OPENSSL_malloc(len + 1);
+    file = OPENSSL_malloc(len + 1);
 
-	if (!file)
-		return NULL;
-	BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
+    if (!file)
+        return NULL;
+    BUF_strlcpy(file, X509_get_default_cert_area(), len + 1);
 #ifndef OPENSSL_SYS_VMS
-	BUF_strlcat(file,"/",len + 1);
+    BUF_strlcat(file, "/", len + 1);
 #endif
-	BUF_strlcat(file,OPENSSL_CONF,len + 1);
+    BUF_strlcat(file, OPENSSL_CONF, len + 1);
 
-	return file;
-	}
+    return file;
+}
 
-/* This function takes a list separated by 'sep' and calls the
- * callback function giving the start and length of each member
- * optionally stripping leading and trailing whitespace. This can
- * be used to parse comma separated lists for example.
+/*
+ * This function takes a list separated by 'sep' and calls the callback
+ * function giving the start and length of each member optionally stripping
+ * leading and trailing whitespace. This can be used to parse comma separated
+ * lists for example.
  */
 
 int CONF_parse_list(const char *list_, int sep, int nospc,
-	int (*list_cb)(const char *elem, int len, void *usr), void *arg)
-	{
-	int ret;
-	const char *lstart, *tmpend, *p;
-	lstart = list_;
-
-	for(;;)
-		{
-		if (nospc)
-			{
-			while(*lstart && isspace((unsigned char)*lstart))
-				lstart++;
-			}
-		p = strchr(lstart, sep);
-		if (p == lstart || !*lstart)
-			ret = list_cb(NULL, 0, arg);
-		else
-			{
-			if (p)
-				tmpend = p - 1;
-			else 
-				tmpend = lstart + strlen(lstart) - 1;
-			if (nospc)
-				{
-				while(isspace((unsigned char)*tmpend))
-					tmpend--;
-				}
-			ret = list_cb(lstart, tmpend - lstart + 1, arg);
-			}
-		if (ret <= 0)
-			return ret;
-		if (p == NULL)
-			return 1;
-		lstart = p + 1;
-		}
-	}
-
+                    int (*list_cb) (const char *elem, int len, void *usr),
+                    void *arg)
+{
+    int ret;
+    const char *lstart, *tmpend, *p;
+    lstart = list_;
+
+    for (;;) {
+        if (nospc) {
+            while (*lstart && isspace((unsigned char)*lstart))
+                lstart++;
+        }
+        p = strchr(lstart, sep);
+        if (p == lstart || !*lstart)
+            ret = list_cb(NULL, 0, arg);
+        else {
+            if (p)
+                tmpend = p - 1;
+            else
+                tmpend = lstart + strlen(lstart) - 1;
+            if (nospc) {
+                while (isspace((unsigned char)*tmpend))
+                    tmpend--;
+            }
+            ret = list_cb(lstart, tmpend - lstart + 1, arg);
+        }
+        if (ret <= 0)
+            return ret;
+        if (p == NULL)
+            return 1;
+        lstart = p + 1;
+    }
+}
diff --git a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c
index 760dc263..d03de246 100644
--- a/Cryptlib/OpenSSL/crypto/conf/conf_sap.c
+++ b/Cryptlib/OpenSSL/crypto/conf/conf_sap.c
@@ -1,6 +1,7 @@
 /* conf_sap.c */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,48 +65,47 @@
 #include <openssl/x509.h>
 #include <openssl/asn1.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 
-/* This is the automatic configuration loader: it is called automatically by
- * OpenSSL when any of a number of standard initialisation functions are called,
- * unless this is overridden by calling OPENSSL_no_config()
+/*
+ * This is the automatic configuration loader: it is called automatically by
+ * OpenSSL when any of a number of standard initialisation functions are
+ * called, unless this is overridden by calling OPENSSL_no_config()
  */
 
 static int openssl_configured = 0;
 
 void OPENSSL_config(const char *config_name)
-	{
-	if (openssl_configured)
-		return;
+{
+    if (openssl_configured)
+        return;
 
-	OPENSSL_load_builtin_modules();
+    OPENSSL_load_builtin_modules();
 #ifndef OPENSSL_NO_ENGINE
-	/* Need to load ENGINEs */
-	ENGINE_load_builtin_engines();
+    /* Need to load ENGINEs */
+    ENGINE_load_builtin_engines();
 #endif
-	/* Add others here? */
+    /* Add others here? */
 
+    ERR_clear_error();
+    if (CONF_modules_load_file(NULL, config_name,
+                               CONF_MFLAGS_DEFAULT_SECTION |
+                               CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) {
+        BIO *bio_err;
+        ERR_load_crypto_strings();
+        if ((bio_err = BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) {
+            BIO_printf(bio_err, "Auto configuration failed\n");
+            ERR_print_errors(bio_err);
+            BIO_free(bio_err);
+        }
+        exit(1);
+    }
 
-	ERR_clear_error();
-	if (CONF_modules_load_file(NULL, config_name,
-	CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0)
-		{
-		BIO *bio_err;
-		ERR_load_crypto_strings();
-		if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL)
-			{
-			BIO_printf(bio_err,"Auto configuration failed\n");
-			ERR_print_errors(bio_err);
-			BIO_free(bio_err);
-			}
-		exit(1);
-		}
-
-	return;
-	}
+    return;
+}
 
 void OPENSSL_no_config()
-	{
-	openssl_configured = 1;
-	}
+{
+    openssl_configured = 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/constant_time_locl.h b/Cryptlib/OpenSSL/crypto/constant_time_locl.h
new file mode 100644
index 00000000..c786aea9
--- /dev/null
+++ b/Cryptlib/OpenSSL/crypto/constant_time_locl.h
@@ -0,0 +1,211 @@
+/* crypto/constant_time_locl.h */
+/*-
+ * Utilities for constant-time cryptography.
+ *
+ * Author: Emilia Kasper (emilia@openssl.org)
+ * Based on previous work by Bodo Moeller, Emilia Kasper, Adam Langley
+ * (Google).
+ * ====================================================================
+ * Copyright (c) 2014 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#ifndef HEADER_CONSTANT_TIME_LOCL_H
+# define HEADER_CONSTANT_TIME_LOCL_H
+
+# include "e_os.h"              /* For 'inline' */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*-
+ * The boolean methods return a bitmask of all ones (0xff...f) for true
+ * and 0 for false. This is useful for choosing a value based on the result
+ * of a conditional in constant time. For example,
+ *
+ * if (a < b) {
+ *   c = a;
+ * } else {
+ *   c = b;
+ * }
+ *
+ * can be written as
+ *
+ * unsigned int lt = constant_time_lt(a, b);
+ * c = constant_time_select(lt, a, b);
+ */
+
+/*
+ * Returns the given value with the MSB copied to all the other
+ * bits. Uses the fact that arithmetic shift shifts-in the sign bit.
+ * However, this is not ensured by the C standard so you may need to
+ * replace this with something else on odd CPUs.
+ */
+static inline unsigned int constant_time_msb(unsigned int a);
+
+/*
+ * Returns 0xff..f if a < b and 0 otherwise.
+ */
+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_lt_8(unsigned int a,
+                                               unsigned int b);
+
+/*
+ * Returns 0xff..f if a >= b and 0 otherwise.
+ */
+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_ge_8(unsigned int a,
+                                               unsigned int b);
+
+/*
+ * Returns 0xff..f if a == 0 and 0 otherwise.
+ */
+static inline unsigned int constant_time_is_zero(unsigned int a);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_is_zero_8(unsigned int a);
+
+/*
+ * Returns 0xff..f if a == b and 0 otherwise.
+ */
+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_eq_8(unsigned int a,
+                                               unsigned int b);
+/* Signed integers. */
+static inline unsigned int constant_time_eq_int(int a, int b);
+/* Convenience method for getting an 8-bit mask. */
+static inline unsigned char constant_time_eq_int_8(int a, int b);
+
+/*-
+ * Returns (mask & a) | (~mask & b).
+ *
+ * When |mask| is all 1s or all 0s (as returned by the methods above),
+ * the select methods return either |a| (if |mask| is nonzero) or |b|
+ * (if |mask| is zero).
+ */
+static inline unsigned int constant_time_select(unsigned int mask,
+                                                unsigned int a,
+                                                unsigned int b);
+/* Convenience method for unsigned chars. */
+static inline unsigned char constant_time_select_8(unsigned char mask,
+                                                   unsigned char a,
+                                                   unsigned char b);
+/* Convenience method for signed integers. */
+static inline int constant_time_select_int(unsigned int mask, int a, int b);
+
+static inline unsigned int constant_time_msb(unsigned int a)
+{
+    return 0 - (a >> (sizeof(a) * 8 - 1));
+}
+
+static inline unsigned int constant_time_lt(unsigned int a, unsigned int b)
+{
+    return constant_time_msb(a ^ ((a ^ b) | ((a - b) ^ b)));
+}
+
+static inline unsigned char constant_time_lt_8(unsigned int a, unsigned int b)
+{
+    return (unsigned char)(constant_time_lt(a, b));
+}
+
+static inline unsigned int constant_time_ge(unsigned int a, unsigned int b)
+{
+    return ~constant_time_lt(a, b);
+}
+
+static inline unsigned char constant_time_ge_8(unsigned int a, unsigned int b)
+{
+    return (unsigned char)(constant_time_ge(a, b));
+}
+
+static inline unsigned int constant_time_is_zero(unsigned int a)
+{
+    return constant_time_msb(~a & (a - 1));
+}
+
+static inline unsigned char constant_time_is_zero_8(unsigned int a)
+{
+    return (unsigned char)(constant_time_is_zero(a));
+}
+
+static inline unsigned int constant_time_eq(unsigned int a, unsigned int b)
+{
+    return constant_time_is_zero(a ^ b);
+}
+
+static inline unsigned char constant_time_eq_8(unsigned int a, unsigned int b)
+{
+    return (unsigned char)(constant_time_eq(a, b));
+}
+
+static inline unsigned int constant_time_eq_int(int a, int b)
+{
+    return constant_time_eq((unsigned)(a), (unsigned)(b));
+}
+
+static inline unsigned char constant_time_eq_int_8(int a, int b)
+{
+    return constant_time_eq_8((unsigned)(a), (unsigned)(b));
+}
+
+static inline unsigned int constant_time_select(unsigned int mask,
+                                                unsigned int a,
+                                                unsigned int b)
+{
+    return (mask & a) | (~mask & b);
+}
+
+static inline unsigned char constant_time_select_8(unsigned char mask,
+                                                   unsigned char a,
+                                                   unsigned char b)
+{
+    return (unsigned char)(constant_time_select(mask, a, b));
+}
+
+static inline int constant_time_select_int(unsigned int mask, int a, int b)
+{
+    return (int)(constant_time_select(mask, (unsigned)(a), (unsigned)(b)));
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif                          /* HEADER_CONSTANT_TIME_LOCL_H */
diff --git a/Cryptlib/OpenSSL/crypto/cpt_err.c b/Cryptlib/OpenSSL/crypto/cpt_err.c
index 9fd41fff..a3a72010 100644
--- a/Cryptlib/OpenSSL/crypto/cpt_err.c
+++ b/Cryptlib/OpenSSL/crypto/cpt_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,39 +66,37 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_CRYPTO,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_CRYPTO,0,reason)
 
-static ERR_STRING_DATA CRYPTO_str_functs[]=
-	{
-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX),	"CRYPTO_get_ex_new_index"},
-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID),	"CRYPTO_get_new_dynlockid"},
-{ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID),	"CRYPTO_get_new_lockid"},
-{ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA),	"CRYPTO_set_ex_data"},
-{ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX),	"DEF_ADD_INDEX"},
-{ERR_FUNC(CRYPTO_F_DEF_GET_CLASS),	"DEF_GET_CLASS"},
-{ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA),	"INT_DUP_EX_DATA"},
-{ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA),	"INT_FREE_EX_DATA"},
-{ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA),	"INT_NEW_EX_DATA"},
-{0,NULL}
-	};
+static ERR_STRING_DATA CRYPTO_str_functs[] = {
+    {ERR_FUNC(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX), "CRYPTO_get_ex_new_index"},
+    {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID), "CRYPTO_get_new_dynlockid"},
+    {ERR_FUNC(CRYPTO_F_CRYPTO_GET_NEW_LOCKID), "CRYPTO_get_new_lockid"},
+    {ERR_FUNC(CRYPTO_F_CRYPTO_SET_EX_DATA), "CRYPTO_set_ex_data"},
+    {ERR_FUNC(CRYPTO_F_DEF_ADD_INDEX), "DEF_ADD_INDEX"},
+    {ERR_FUNC(CRYPTO_F_DEF_GET_CLASS), "DEF_GET_CLASS"},
+    {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"},
+    {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"},
+    {ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA CRYPTO_str_reasons[]=
-	{
-{ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),"no dynlock create callback"},
-{0,NULL}
-	};
+static ERR_STRING_DATA CRYPTO_str_reasons[] = {
+    {ERR_REASON(CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK),
+     "no dynlock create callback"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_CRYPTO_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,CRYPTO_str_functs);
-		ERR_load_strings(0,CRYPTO_str_reasons);
-		}
+    if (ERR_func_error_string(CRYPTO_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, CRYPTO_str_functs);
+        ERR_load_strings(0, CRYPTO_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/cryptlib.c b/Cryptlib/OpenSSL/crypto/cryptlib.c
index dec3286f..0864a9be 100644
--- a/Cryptlib/OpenSSL/crypto/cryptlib.c
+++ b/Cryptlib/OpenSSL/crypto/cryptlib.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,21 +58,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -87,10 +87,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -102,7 +102,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -110,7 +110,7 @@
  */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
+ * ECDH support in OpenSSL originally developed by
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 
@@ -118,443 +118,490 @@
 #include <openssl/safestack.h>
 
 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
-static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
+static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */
 #endif
 
-static void (MS_FAR *locking_callback)(int mode,int type,
-	const char *file,int line)=NULL;
-static int (MS_FAR *add_lock_callback)(int *pointer,int amount,
-	int type,const char *file,int line)=NULL;
-static unsigned long (MS_FAR *id_callback)(void)=NULL;
+static void (MS_FAR *locking_callback) (int mode, int type,
+                                        const char *file, int line) = NULL;
+static int (MS_FAR *add_lock_callback) (int *pointer, int amount,
+                                        int type, const char *file,
+                                        int line) = NULL;
+static unsigned long (MS_FAR *id_callback) (void) = NULL;
 
 int CRYPTO_num_locks(void)
-	{
-	return CRYPTO_NUM_LOCKS;
-	}
-
-void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file,
-		int line)
-	{
-	return(locking_callback);
-	}
-
-int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type,
-					  const char *file,int line)
-	{
-	return(add_lock_callback);
-	}
-
-void CRYPTO_set_locking_callback(void (*func)(int mode,int type,
-					      const char *file,int line))
-	{
-	locking_callback=func;
-	}
-
-void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type,
-					      const char *file,int line))
-	{
-	add_lock_callback=func;
-	}
-
-unsigned long (*CRYPTO_get_id_callback(void))(void)
-	{
-	return(id_callback);
-	}
-
-void CRYPTO_set_id_callback(unsigned long (*func)(void))
-	{
-	id_callback=func;
-	}
+{
+    return CRYPTO_NUM_LOCKS;
+}
+
+void (*CRYPTO_get_locking_callback(void)) (int mode, int type,
+                                           const char *file, int line) {
+    return (locking_callback);
+}
+
+int (*CRYPTO_get_add_lock_callback(void)) (int *num, int mount, int type,
+                                           const char *file, int line) {
+    return (add_lock_callback);
+}
+
+void CRYPTO_set_locking_callback(void (*func) (int mode, int type,
+                                               const char *file, int line))
+{
+    locking_callback = func;
+}
+
+void CRYPTO_set_add_lock_callback(int (*func) (int *num, int mount, int type,
+                                               const char *file, int line))
+{
+    add_lock_callback = func;
+}
+
+unsigned long (*CRYPTO_get_id_callback(void)) (void) {
+    return (id_callback);
+}
+
+void CRYPTO_set_id_callback(unsigned long (*func) (void))
+{
+    id_callback = func;
+}
 
 unsigned long CRYPTO_thread_id(void)
-	{
-	unsigned long ret=0;
+{
+    unsigned long ret = 0;
 
-	if (id_callback == NULL)
-		{
+    if (id_callback == NULL) {
 #ifdef OPENSSL_SYS_WIN16
-		ret=(unsigned long)GetCurrentTask();
+        ret = (unsigned long)GetCurrentTask();
 #elif defined(OPENSSL_SYS_WIN32)
-		ret=(unsigned long)GetCurrentThreadId();
+        ret = (unsigned long)GetCurrentThreadId();
 #elif defined(GETPID_IS_MEANINGLESS)
-		ret=1L;
+        ret = 1L;
 #else
-		ret=(unsigned long)getpid();
+        ret = (unsigned long)getpid();
 #endif
-		}
-	else
-		ret=id_callback();
-	return(ret);
-	}
+    } else
+        ret = id_callback();
+    return (ret);
+}
 
-static void (*do_dynlock_cb)(int mode, int type, const char *file, int line);
+static void (*do_dynlock_cb) (int mode, int type, const char *file, int line);
 
-void int_CRYPTO_set_do_dynlock_callback(
-	void (*dyn_cb)(int mode, int type, const char *file, int line))
-	{
-	do_dynlock_cb = dyn_cb;
-	}
+void int_CRYPTO_set_do_dynlock_callback(void (*dyn_cb)
+                                         (int mode, int type,
+                                          const char *file, int line))
+{
+    do_dynlock_cb = dyn_cb;
+}
 
 void CRYPTO_lock(int mode, int type, const char *file, int line)
-	{
+{
 #ifdef LOCK_DEBUG
-		{
-		char *rw_text,*operation_text;
-
-		if (mode & CRYPTO_LOCK)
-			operation_text="lock  ";
-		else if (mode & CRYPTO_UNLOCK)
-			operation_text="unlock";
-		else
-			operation_text="ERROR ";
-
-		if (mode & CRYPTO_READ)
-			rw_text="r";
-		else if (mode & CRYPTO_WRITE)
-			rw_text="w";
-		else
-			rw_text="ERROR";
-
-		fprintf(stderr,"lock:%08lx:(%s)%s %-18s %s:%d\n",
-			CRYPTO_thread_id(), rw_text, operation_text,
-			CRYPTO_get_lock_name(type), file, line);
-		}
+    {
+        char *rw_text, *operation_text;
+
+        if (mode & CRYPTO_LOCK)
+            operation_text = "lock  ";
+        else if (mode & CRYPTO_UNLOCK)
+            operation_text = "unlock";
+        else
+            operation_text = "ERROR ";
+
+        if (mode & CRYPTO_READ)
+            rw_text = "r";
+        else if (mode & CRYPTO_WRITE)
+            rw_text = "w";
+        else
+            rw_text = "ERROR";
+
+        fprintf(stderr, "lock:%08lx:(%s)%s %-18s %s:%d\n",
+                CRYPTO_thread_id(), rw_text, operation_text,
+                CRYPTO_get_lock_name(type), file, line);
+    }
 #endif
-	if (type < 0)
-		{
-		if (do_dynlock_cb)
-			do_dynlock_cb(mode, type, file, line);
-		}
-	else
-		if (locking_callback != NULL)
-			locking_callback(mode,type,file,line);
-	}
+    if (type < 0) {
+        if (do_dynlock_cb)
+            do_dynlock_cb(mode, type, file, line);
+    } else if (locking_callback != NULL)
+        locking_callback(mode, type, file, line);
+}
 
 int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file,
-	     int line)
-	{
-	int ret = 0;
+                    int line)
+{
+    int ret = 0;
 
-	if (add_lock_callback != NULL)
-		{
+    if (add_lock_callback != NULL) {
 #ifdef LOCK_DEBUG
-		int before= *pointer;
+        int before = *pointer;
 #endif
 
-		ret=add_lock_callback(pointer,amount,type,file,line);
+        ret = add_lock_callback(pointer, amount, type, file, line);
 #ifdef LOCK_DEBUG
-		fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
-			CRYPTO_thread_id(),
-			before,amount,ret,
-			CRYPTO_get_lock_name(type),
-			file,line);
+        fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
+                CRYPTO_thread_id(),
+                before, amount, ret, CRYPTO_get_lock_name(type), file, line);
 #endif
-		}
-	else
-		{
-		CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,file,line);
+    } else {
+        CRYPTO_lock(CRYPTO_LOCK | CRYPTO_WRITE, type, file, line);
 
-		ret= *pointer+amount;
+        ret = *pointer + amount;
 #ifdef LOCK_DEBUG
-		fprintf(stderr,"ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
-			CRYPTO_thread_id(),
-			*pointer,amount,ret,
-			CRYPTO_get_lock_name(type),
-			file,line);
+        fprintf(stderr, "ladd:%08lx:%2d+%2d->%2d %-18s %s:%d\n",
+                CRYPTO_thread_id(),
+                *pointer, amount, ret,
+                CRYPTO_get_lock_name(type), file, line);
 #endif
-		*pointer=ret;
-		CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_WRITE,type,file,line);
-		}
-	return(ret);
-	}
+        *pointer = ret;
+        CRYPTO_lock(CRYPTO_UNLOCK | CRYPTO_WRITE, type, file, line);
+    }
+    return (ret);
+}
 
-#if	defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
-	defined(__INTEL__) || \
-	defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64) || defined(_M_X64)
+#if     defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
+        defined(__INTEL__) || \
+        defined(__x86_64) || defined(__x86_64__) || \
+        defined(_M_AMD64) || defined(_M_X64)
 
-unsigned long  OPENSSL_ia32cap_P=0;
-unsigned long *OPENSSL_ia32cap_loc(void) { return &OPENSSL_ia32cap_P; }
+unsigned long OPENSSL_ia32cap_P = 0;
+unsigned long *OPENSSL_ia32cap_loc(void)
+{
+    return &OPENSSL_ia32cap_P;
+}
 
-#if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
-#define OPENSSL_CPUID_SETUP
+# if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
+#  define OPENSSL_CPUID_SETUP
 void OPENSSL_cpuid_setup(void)
-{ static int trigger=0;
-  unsigned long OPENSSL_ia32_cpuid(void);
-  char *env;
+{
+    static int trigger = 0;
+    unsigned long OPENSSL_ia32_cpuid(void);
+    char *env;
 
-    if (trigger)	return;
+    if (trigger)
+        return;
 
-    trigger=1;
-    if ((env=getenv("OPENSSL_ia32cap")))
-	OPENSSL_ia32cap_P = strtoul(env,NULL,0)|(1<<10);
+    trigger = 1;
+    if ((env = getenv("OPENSSL_ia32cap")))
+        OPENSSL_ia32cap_P = strtoul(env, NULL, 0) | (1 << 10);
     else
-	OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid()|(1<<10);
+        OPENSSL_ia32cap_P = OPENSSL_ia32_cpuid() | (1 << 10);
     /*
      * |(1<<10) sets a reserved bit to signal that variable
      * was initialized already... This is to avoid interference
      * with cpuid snippets in ELF .init segment.
      */
 }
-#endif
+# endif
 
 #else
-unsigned long *OPENSSL_ia32cap_loc(void) { return NULL; }
+unsigned long *OPENSSL_ia32cap_loc(void)
+{
+    return NULL;
+}
 #endif
 int OPENSSL_NONPIC_relocated = 0;
 #if !defined(OPENSSL_CPUID_SETUP)
-void OPENSSL_cpuid_setup(void) {}
+void OPENSSL_cpuid_setup(void)
+{
+}
 #endif
 
 #if (defined(_WIN32) || defined(__CYGWIN__)) && defined(_WINDLL)
 
-#ifdef OPENSSL_FIPS
+# ifdef OPENSSL_FIPS
 
-#include <tlhelp32.h>
-#if defined(__GNUC__) && __GNUC__>=2
-static int DllInit(void) __attribute__((constructor));
-#elif defined(_MSC_VER)
+#  include <tlhelp32.h>
+#  if defined(__GNUC__) && __GNUC__>=2
+static int DllInit(void) __attribute__ ((constructor));
+#  elif defined(_MSC_VER)
 static int DllInit(void);
-# ifdef _WIN64
-# pragma section(".CRT$XCU",read)
-  __declspec(allocate(".CRT$XCU"))
-# else
-# pragma data_seg(".CRT$XCU")
-# endif
-  static int (*p)(void) = DllInit;
-# pragma data_seg()
-#endif
+#   ifdef _WIN64
+#    pragma section(".CRT$XCU",read)
+__declspec(allocate(".CRT$XCU"))
+#   else
+#    pragma data_seg(".CRT$XCU")
+#   endif
+static int (*p) (void) = DllInit;
+#   pragma data_seg()
+#  endif
 
 static int DllInit(void)
 {
-#if defined(_WIN32_WINNT)
-	union	{ int(*f)(void); BYTE *p; } t = { DllInit };
-        HANDLE	hModuleSnap = INVALID_HANDLE_VALUE;
-	IMAGE_DOS_HEADER *dos_header;
-	IMAGE_NT_HEADERS *nt_headers;
-	MODULEENTRY32 me32 = {sizeof(me32)};
-
-	hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0);
-	if (hModuleSnap != INVALID_HANDLE_VALUE &&
-	    Module32First(hModuleSnap,&me32)) do
-		{
-		if (t.p >= me32.modBaseAddr &&
-		    t.p <  me32.modBaseAddr+me32.modBaseSize)
-			{
-			dos_header=(IMAGE_DOS_HEADER *)me32.modBaseAddr;
-			if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)
-				{
-				nt_headers=(IMAGE_NT_HEADERS *)
-					((BYTE *)dos_header+dos_header->e_lfanew);
-				if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&
-				    me32.modBaseAddr!=(BYTE*)nt_headers->OptionalHeader.ImageBase)
-					OPENSSL_NONPIC_relocated=1;
-				}
-			break;
-			}
-		} while (Module32Next(hModuleSnap,&me32));
-
-	if (hModuleSnap != INVALID_HANDLE_VALUE)
-		CloseHandle(hModuleSnap);
-#endif
-	OPENSSL_cpuid_setup();
-	return 0;
+#  if defined(_WIN32_WINNT)
+    union {
+        int (*f) (void);
+        BYTE *p;
+    } t = {
+        DllInit
+    };
+    HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
+    IMAGE_DOS_HEADER *dos_header;
+    IMAGE_NT_HEADERS *nt_headers;
+    MODULEENTRY32 me32 = { sizeof(me32) };
+
+    hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, 0);
+    if (hModuleSnap != INVALID_HANDLE_VALUE &&
+        Module32First(hModuleSnap, &me32))
+        do {
+            if (t.p >= me32.modBaseAddr &&
+                t.p < me32.modBaseAddr + me32.modBaseSize) {
+                dos_header = (IMAGE_DOS_HEADER *) me32.modBaseAddr;
+                if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) {
+                    nt_headers = (IMAGE_NT_HEADERS *)
+                        ((BYTE *) dos_header + dos_header->e_lfanew);
+                    if (nt_headers->Signature == IMAGE_NT_SIGNATURE &&
+                        me32.modBaseAddr !=
+                        (BYTE *) nt_headers->OptionalHeader.ImageBase)
+                        OPENSSL_NONPIC_relocated = 1;
+                }
+                break;
+            }
+        } while (Module32Next(hModuleSnap, &me32));
+
+    if (hModuleSnap != INVALID_HANDLE_VALUE)
+        CloseHandle(hModuleSnap);
+#  endif
+    OPENSSL_cpuid_setup();
+    return 0;
 }
 
-#else
+# else
 
-#ifdef __CYGWIN__
+#  ifdef __CYGWIN__
 /* pick DLL_[PROCESS|THREAD]_[ATTACH|DETACH] definitions */
-#include <windows.h>
-#endif
+#   include <windows.h>
+#  endif
 
-/* All we really need to do is remove the 'error' state when a thread
- * detaches */
-
-BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
-	     LPVOID lpvReserved)
-	{
-	switch(fdwReason)
-		{
-	case DLL_PROCESS_ATTACH:
-		OPENSSL_cpuid_setup();
-#if defined(_WIN32_WINNT)
-		{
-		IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *)hinstDLL;
-		IMAGE_NT_HEADERS *nt_headers;
-
-		if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)
-			{
-			nt_headers = (IMAGE_NT_HEADERS *)((char *)dos_header
-						+ dos_header->e_lfanew);
-			if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&
-			    hinstDLL!=(HINSTANCE)(nt_headers->OptionalHeader.ImageBase))
-				OPENSSL_NONPIC_relocated=1;
-			}
-		}
-#endif
-		break;
-	case DLL_THREAD_ATTACH:
-		break;
-	case DLL_THREAD_DETACH:
-		break;
-	case DLL_PROCESS_DETACH:
-		break;
-		}
-	return(TRUE);
-	}
-#endif
+/*
+ * All we really need to do is remove the 'error' state when a thread
+ * detaches
+ */
+
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
+{
+    switch (fdwReason) {
+    case DLL_PROCESS_ATTACH:
+        OPENSSL_cpuid_setup();
+#  if defined(_WIN32_WINNT)
+        {
+            IMAGE_DOS_HEADER *dos_header = (IMAGE_DOS_HEADER *) hinstDLL;
+            IMAGE_NT_HEADERS *nt_headers;
+
+            if (dos_header->e_magic == IMAGE_DOS_SIGNATURE) {
+                nt_headers = (IMAGE_NT_HEADERS *) ((char *)dos_header
+                                                   + dos_header->e_lfanew);
+                if (nt_headers->Signature == IMAGE_NT_SIGNATURE &&
+                    hinstDLL !=
+                    (HINSTANCE) (nt_headers->OptionalHeader.ImageBase))
+                    OPENSSL_NONPIC_relocated = 1;
+            }
+        }
+#  endif
+        break;
+    case DLL_THREAD_ATTACH:
+        break;
+    case DLL_THREAD_DETACH:
+        break;
+    case DLL_PROCESS_DETACH:
+        break;
+    }
+    return (TRUE);
+}
+# endif
 
 #endif
 
 #if defined(_WIN32) && !defined(__CYGWIN__)
-#include <tchar.h>
+# include <tchar.h>
 
-#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
 int OPENSSL_isservice(void)
-{ HWINSTA h;
-  DWORD len;
-  WCHAR *name;
+{
+    HWINSTA h;
+    DWORD len;
+    WCHAR *name;
 
-    (void)GetDesktopWindow(); /* return value is ignored */
+    (void)GetDesktopWindow();   /* return value is ignored */
 
     h = GetProcessWindowStation();
-    if (h==NULL) return -1;
-
-    if (GetUserObjectInformationW (h,UOI_NAME,NULL,0,&len) ||
-	GetLastError() != ERROR_INSUFFICIENT_BUFFER)
-	return -1;
-
-    if (len>512) return -1;		/* paranoia */
-    len++,len&=~1;			/* paranoia */
-#ifdef _MSC_VER
-    name=(WCHAR *)_alloca(len+sizeof(WCHAR));
-#else
-    name=(WCHAR *)alloca(len+sizeof(WCHAR));
-#endif
-    if (!GetUserObjectInformationW (h,UOI_NAME,name,len,&len))
-	return -1;
-
-    len++,len&=~1;			/* paranoia */
-    name[len/sizeof(WCHAR)]=L'\0';	/* paranoia */
-#if 1
-    /* This doesn't cover "interactive" services [working with real
-     * WinSta0's] nor programs started non-interactively by Task
-     * Scheduler [those are working with SAWinSta]. */
-    if (wcsstr(name,L"Service-0x"))	return 1;
-#else
+    if (h == NULL)
+        return -1;
+
+    if (GetUserObjectInformationW(h, UOI_NAME, NULL, 0, &len) ||
+        GetLastError() != ERROR_INSUFFICIENT_BUFFER)
+        return -1;
+
+    if (len > 512)
+        return -1;              /* paranoia */
+    len++, len &= ~1;           /* paranoia */
+#  ifdef _MSC_VER
+    name = (WCHAR *)_alloca(len + sizeof(WCHAR));
+#  else
+    name = (WCHAR *)alloca(len + sizeof(WCHAR));
+#  endif
+    if (!GetUserObjectInformationW(h, UOI_NAME, name, len, &len))
+        return -1;
+
+    len++, len &= ~1;           /* paranoia */
+    name[len / sizeof(WCHAR)] = L'\0'; /* paranoia */
+#  if 1
+    /*
+     * This doesn't cover "interactive" services [working with real
+     * WinSta0's] nor programs started non-interactively by Task Scheduler
+     * [those are working with SAWinSta].
+     */
+    if (wcsstr(name, L"Service-0x"))
+        return 1;
+#  else
     /* This covers all non-interactive programs such as services. */
-    if (!wcsstr(name,L"WinSta0"))	return 1;
-#endif
-    else				return 0;
+    if (!wcsstr(name, L"WinSta0"))
+        return 1;
+#  endif
+    else
+        return 0;
 }
-#else
-int OPENSSL_isservice(void) { return 0; }
-#endif
+# else
+int OPENSSL_isservice(void)
+{
+    return 0;
+}
+# endif
 
-void OPENSSL_showfatal (const char *fmta,...)
-{ va_list ap;
-  TCHAR buf[256];
-  const TCHAR *fmt;
-#ifdef STD_ERROR_HANDLE	/* what a dirty trick! */
-  HANDLE h;
-
-    if ((h=GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
-	GetFileType(h)!=FILE_TYPE_UNKNOWN)
-    {	/* must be console application */
-	va_start (ap,fmta);
-	vfprintf (stderr,fmta,ap);
-	va_end (ap);
-	return;
+void OPENSSL_showfatal(const char *fmta, ...)
+{
+    va_list ap;
+    TCHAR buf[256];
+    const TCHAR *fmt;
+# ifdef STD_ERROR_HANDLE        /* what a dirty trick! */
+    HANDLE h;
+
+    if ((h = GetStdHandle(STD_ERROR_HANDLE)) != NULL &&
+        GetFileType(h) != FILE_TYPE_UNKNOWN) {
+        /* must be console application */
+        va_start(ap, fmta);
+        vfprintf(stderr, fmta, ap);
+        va_end(ap);
+        return;
     }
-#endif
-
-    if (sizeof(TCHAR)==sizeof(char))
-	fmt=(const TCHAR *)fmta;
-    else do
-    { int    keepgoing;
-      size_t len_0=strlen(fmta)+1,i;
-      WCHAR *fmtw;
+# endif
 
-#ifdef _MSC_VER
-	fmtw = (WCHAR *)_alloca (len_0*sizeof(WCHAR));
-#else
-	fmtw = (WCHAR *)alloca (len_0*sizeof(WCHAR));
-#endif
-	if (fmtw == NULL) { fmt=(const TCHAR *)L"no stack?"; break; }
+    if (sizeof(TCHAR) == sizeof(char))
+        fmt = (const TCHAR *)fmta;
+    else
+        do {
+            int keepgoing;
+            size_t len_0 = strlen(fmta) + 1, i;
+            WCHAR *fmtw;
 
-#ifndef OPENSSL_NO_MULTIBYTE
-	if (!MultiByteToWideChar(CP_ACP,0,fmta,len_0,fmtw,len_0))
-#endif
-	    for (i=0;i<len_0;i++) fmtw[i]=(WCHAR)fmta[i];
-
-	for (i=0;i<len_0;i++)
-	{   if (fmtw[i]==L'%') do
-	    {	keepgoing=0;
-		switch (fmtw[i+1])
-		{   case L'0': case L'1': case L'2': case L'3': case L'4':
-		    case L'5': case L'6': case L'7': case L'8': case L'9':
-		    case L'.': case L'*':
-		    case L'-':	i++; keepgoing=1; break;
-		    case L's':	fmtw[i+1]=L'S';   break;
-		    case L'S':	fmtw[i+1]=L's';   break;
-		    case L'c':	fmtw[i+1]=L'C';   break;
-		    case L'C':	fmtw[i+1]=L'c';   break;
-		}
-	    } while (keepgoing);
-	}
-	fmt = (const TCHAR *)fmtw;
-    } while (0);
-
-    va_start (ap,fmta);
-    _vsntprintf (buf,sizeof(buf)/sizeof(TCHAR)-1,fmt,ap);
-    buf [sizeof(buf)/sizeof(TCHAR)-1] = _T('\0');
-    va_end (ap);
-
-#if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
+# ifdef _MSC_VER
+            fmtw = (WCHAR *)_alloca(len_0 * sizeof(WCHAR));
+# else
+            fmtw = (WCHAR *)alloca(len_0 * sizeof(WCHAR));
+# endif
+            if (fmtw == NULL) {
+                fmt = (const TCHAR *)L"no stack?";
+                break;
+            }
+# ifndef OPENSSL_NO_MULTIBYTE
+            if (!MultiByteToWideChar(CP_ACP, 0, fmta, len_0, fmtw, len_0))
+# endif
+                for (i = 0; i < len_0; i++)
+                    fmtw[i] = (WCHAR)fmta[i];
+
+            for (i = 0; i < len_0; i++) {
+                if (fmtw[i] == L'%')
+                    do {
+                        keepgoing = 0;
+                        switch (fmtw[i + 1]) {
+                        case L'0':
+                        case L'1':
+                        case L'2':
+                        case L'3':
+                        case L'4':
+                        case L'5':
+                        case L'6':
+                        case L'7':
+                        case L'8':
+                        case L'9':
+                        case L'.':
+                        case L'*':
+                        case L'-':
+                            i++;
+                            keepgoing = 1;
+                            break;
+                        case L's':
+                            fmtw[i + 1] = L'S';
+                            break;
+                        case L'S':
+                            fmtw[i + 1] = L's';
+                            break;
+                        case L'c':
+                            fmtw[i + 1] = L'C';
+                            break;
+                        case L'C':
+                            fmtw[i + 1] = L'c';
+                            break;
+                        }
+                    } while (keepgoing);
+            }
+            fmt = (const TCHAR *)fmtw;
+        } while (0);
+
+    va_start(ap, fmta);
+    _vsntprintf(buf, sizeof(buf) / sizeof(TCHAR) - 1, fmt, ap);
+    buf[sizeof(buf) / sizeof(TCHAR) - 1] = _T('\0');
+    va_end(ap);
+
+# if defined(_WIN32_WINNT) && _WIN32_WINNT>=0x0333
     /* this -------------v--- guards NT-specific calls */
-    if (GetVersion() < 0x80000000 && OPENSSL_isservice() > 0)
-    {	HANDLE h = RegisterEventSource(0,_T("OPENSSL"));
-	const TCHAR *pmsg=buf;
-	ReportEvent(h,EVENTLOG_ERROR_TYPE,0,0,0,1,0,&pmsg,0);
-	DeregisterEventSource(h);
-    }
-    else
-#endif
-	MessageBox (NULL,buf,_T("OpenSSL: FATAL"),MB_OK|MB_ICONSTOP);
+    if (check_winnt() && OPENSSL_isservice() > 0) {
+        HANDLE h = RegisterEventSource(0, _T("OPENSSL"));
+        const TCHAR *pmsg = buf;
+        ReportEvent(h, EVENTLOG_ERROR_TYPE, 0, 0, 0, 1, 0, &pmsg, 0);
+        DeregisterEventSource(h);
+    } else
+# endif
+        MessageBox(NULL, buf, _T("OpenSSL: FATAL"), MB_OK | MB_ICONSTOP);
 }
 #else
-void OPENSSL_showfatal (const char *fmta,...)
-{ va_list ap;
+void OPENSSL_showfatal(const char *fmta, ...)
+{
+    va_list ap;
+
+    va_start(ap, fmta);
+    vfprintf(stderr, fmta, ap);
+    va_end(ap);
+}
 
-    va_start (ap,fmta);
-    vfprintf (stderr,fmta,ap);
-    va_end (ap);
+int OPENSSL_isservice(void)
+{
+    return 0;
 }
-int OPENSSL_isservice (void) { return 0; }
 #endif
 
-void OpenSSLDie(const char *file,int line,const char *assertion)
-	{
-	OPENSSL_showfatal(
-		"%s(%d): OpenSSL internal error, assertion failed: %s\n",
-		file,line,assertion);
-	abort();
-	}
+void OpenSSLDie(const char *file, int line, const char *assertion)
+{
+    OPENSSL_showfatal
+        ("%s(%d): OpenSSL internal error, assertion failed: %s\n", file, line,
+         assertion);
+    abort();
+}
 
-void *OPENSSL_stderr(void)	{ return stderr; }
+void *OPENSSL_stderr(void)
+{
+    return stderr;
+}
 
 #ifndef OPENSSL_FIPS
 
 int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
-	{
-	size_t i;
-	const unsigned char *a = in_a;
-	const unsigned char *b = in_b;
-	unsigned char x = 0;
+{
+    size_t i;
+    const unsigned char *a = in_a;
+    const unsigned char *b = in_b;
+    unsigned char x = 0;
 
-	for (i = 0; i < len; i++)
-		x |= a[i] ^ b[i];
+    for (i = 0; i < len; i++)
+        x |= a[i] ^ b[i];
 
-	return x;
-	}
+    return x;
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/cversion.c b/Cryptlib/OpenSSL/crypto/cversion.c
index ea9f25fd..0280225b 100644
--- a/Cryptlib/OpenSSL/crypto/cversion.c
+++ b/Cryptlib/OpenSSL/crypto/cversion.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,59 +59,54 @@
 #include "cryptlib.h"
 
 #ifndef NO_WINDOWS_BRAINDEATH
-#include "buildinf.h"
+# include "buildinf.h"
 #endif
 
 const char *SSLeay_version(int t)
-	{
-	if (t == SSLEAY_VERSION)
-		return OPENSSL_VERSION_TEXT;
-	if (t == SSLEAY_BUILT_ON)
-		{
+{
+    if (t == SSLEAY_VERSION)
+        return OPENSSL_VERSION_TEXT;
+    if (t == SSLEAY_BUILT_ON) {
 #ifdef DATE
-		static char buf[sizeof(DATE)+11];
+        static char buf[sizeof(DATE) + 11];
 
-		BIO_snprintf(buf,sizeof buf,"built on: %s",DATE);
-		return(buf);
+        BIO_snprintf(buf, sizeof buf, "built on: %s", DATE);
+        return (buf);
 #else
-		return("built on: date not available");
+        return ("built on: date not available");
 #endif
-		}
-	if (t == SSLEAY_CFLAGS)
-		{
+    }
+    if (t == SSLEAY_CFLAGS) {
 #ifdef CFLAGS
-		static char buf[sizeof(CFLAGS)+11];
+        static char buf[sizeof(CFLAGS) + 11];
 
-		BIO_snprintf(buf,sizeof buf,"compiler: %s",CFLAGS);
-		return(buf);
+        BIO_snprintf(buf, sizeof buf, "compiler: %s", CFLAGS);
+        return (buf);
 #else
-		return("compiler: information not available");
+        return ("compiler: information not available");
 #endif
-		}
-	if (t == SSLEAY_PLATFORM)
-		{
+    }
+    if (t == SSLEAY_PLATFORM) {
 #ifdef PLATFORM
-		static char buf[sizeof(PLATFORM)+11];
+        static char buf[sizeof(PLATFORM) + 11];
 
-		BIO_snprintf(buf,sizeof buf,"platform: %s", PLATFORM);
-		return(buf);
+        BIO_snprintf(buf, sizeof buf, "platform: %s", PLATFORM);
+        return (buf);
 #else
-		return("platform: information not available");
+        return ("platform: information not available");
 #endif
-		}
-	if (t == SSLEAY_DIR)
-		{
+    }
+    if (t == SSLEAY_DIR) {
 #ifdef OPENSSLDIR
-		return "OPENSSLDIR: \"" OPENSSLDIR "\"";
+        return "OPENSSLDIR: \"" OPENSSLDIR "\"";
 #else
-		return "OPENSSLDIR: N/A";
+        return "OPENSSLDIR: N/A";
 #endif
-		}
-	return("not available");
-	}
+    }
+    return ("not available");
+}
 
 unsigned long SSLeay(void)
-	{
-	return(SSLEAY_VERSION_NUMBER);
-	}
-
+{
+    return (SSLEAY_VERSION_NUMBER);
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c b/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c
index 09a7ba56..f89b5b98 100644
--- a/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c
+++ b/Cryptlib/OpenSSL/crypto/des/cbc_cksm.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,48 +59,45 @@
 #include "des_locl.h"
 
 DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output,
-		       long length, DES_key_schedule *schedule,
-		       const_DES_cblock *ivec)
-	{
-	register DES_LONG tout0,tout1,tin0,tin1;
-	register long l=length;
-	DES_LONG tin[2];
-	unsigned char *out = &(*output)[0];
-	const unsigned char *iv = &(*ivec)[0];
+                       long length, DES_key_schedule *schedule,
+                       const_DES_cblock *ivec)
+{
+    register DES_LONG tout0, tout1, tin0, tin1;
+    register long l = length;
+    DES_LONG tin[2];
+    unsigned char *out = &(*output)[0];
+    const unsigned char *iv = &(*ivec)[0];
+
+    c2l(iv, tout0);
+    c2l(iv, tout1);
+    for (; l > 0; l -= 8) {
+        if (l >= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+        } else
+            c2ln(in, tin0, tin1, l);
 
-	c2l(iv,tout0);
-	c2l(iv,tout1);
-	for (; l>0; l-=8)
-		{
-		if (l >= 8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			}
-		else
-			c2ln(in,tin0,tin1,l);
-			
-		tin0^=tout0; tin[0]=tin0;
-		tin1^=tout1; tin[1]=tin1;
-		DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
-		/* fix 15/10/91 eay - thanks to keithr@sco.COM */
-		tout0=tin[0];
-		tout1=tin[1];
-		}
-	if (out != NULL)
-		{
-		l2c(tout0,out);
-		l2c(tout1,out);
-		}
-	tout0=tin0=tin1=tin[0]=tin[1]=0;
-	/*
-	  Transform the data in tout1 so that it will
-	  match the return value that the MIT Kerberos
-	  mit_des_cbc_cksum API returns.
-	*/
-	tout1 = ((tout1 >> 24L) & 0x000000FF)
-	      | ((tout1 >> 8L)  & 0x0000FF00)
-	      | ((tout1 << 8L)  & 0x00FF0000)
-	      | ((tout1 << 24L) & 0xFF000000);
-	return(tout1);
-	}
+        tin0 ^= tout0;
+        tin[0] = tin0;
+        tin1 ^= tout1;
+        tin[1] = tin1;
+        DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT);
+        /* fix 15/10/91 eay - thanks to keithr@sco.COM */
+        tout0 = tin[0];
+        tout1 = tin[1];
+    }
+    if (out != NULL) {
+        l2c(tout0, out);
+        l2c(tout1, out);
+    }
+    tout0 = tin0 = tin1 = tin[0] = tin[1] = 0;
+    /*
+     * Transform the data in tout1 so that it will match the return value
+     * that the MIT Kerberos mit_des_cbc_cksum API returns.
+     */
+    tout1 = ((tout1 >> 24L) & 0x000000FF)
+        | ((tout1 >> 8L) & 0x0000FF00)
+        | ((tout1 << 8L) & 0x00FF0000)
+        | ((tout1 << 24L) & 0xFF000000);
+    return (tout1);
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/cbc_enc.c b/Cryptlib/OpenSSL/crypto/des/cbc_enc.c
index 677903ae..7ee35992 100644
--- a/Cryptlib/OpenSSL/crypto/des/cbc_enc.c
+++ b/Cryptlib/OpenSSL/crypto/des/cbc_enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -58,4 +58,4 @@
 
 #define CBC_ENC_C__DONT_UPDATE_IV
 
-#include "ncbc_enc.c" /* des_cbc_encrypt */
+#include "ncbc_enc.c"           /* des_cbc_encrypt */
diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64ede.c b/Cryptlib/OpenSSL/crypto/des/cfb64ede.c
index de34ecce..5d709c12 100644
--- a/Cryptlib/OpenSSL/crypto/des/cfb64ede.c
+++ b/Cryptlib/OpenSSL/crypto/des/cfb64ede.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,196 +59,191 @@
 #include "des_locl.h"
 #include "e_os.h"
 
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
  */
 
 void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-			    long length, DES_key_schedule *ks1,
-			    DES_key_schedule *ks2, DES_key_schedule *ks3,
-			    DES_cblock *ivec, int *num, int enc)
-	{
-	register DES_LONG v0,v1;
-	register long l=length;
-	register int n= *num;
-	DES_LONG ti[2];
-	unsigned char *iv,c,cc;
+                            long length, DES_key_schedule *ks1,
+                            DES_key_schedule *ks2, DES_key_schedule *ks3,
+                            DES_cblock *ivec, int *num, int enc)
+{
+    register DES_LONG v0, v1;
+    register long l = length;
+    register int n = *num;
+    DES_LONG ti[2];
+    unsigned char *iv, c, cc;
 
-	iv=&(*ivec)[0];
-	if (enc)
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0);
-				c2l(iv,v1);
+    iv = &(*ivec)[0];
+    if (enc) {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                c2l(iv, v1);
 
-				ti[0]=v0;
-				ti[1]=v1;
-				DES_encrypt3(ti,ks1,ks2,ks3);
-				v0=ti[0];
-				v1=ti[1];
+                ti[0] = v0;
+                ti[1] = v1;
+                DES_encrypt3(ti, ks1, ks2, ks3);
+                v0 = ti[0];
+                v1 = ti[1];
 
-				iv = &(*ivec)[0];
-				l2c(v0,iv);
-				l2c(v1,iv);
-				iv = &(*ivec)[0];
-				}
-			c= *(in++)^iv[n];
-			*(out++)=c;
-			iv[n]=c;
-			n=(n+1)&0x07;
-			}
-		}
-	else
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0);
-				c2l(iv,v1);
+                iv = &(*ivec)[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                iv = &(*ivec)[0];
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                c2l(iv, v1);
 
-				ti[0]=v0;
-				ti[1]=v1;
-				DES_encrypt3(ti,ks1,ks2,ks3);
-				v0=ti[0];
-				v1=ti[1];
+                ti[0] = v0;
+                ti[1] = v1;
+                DES_encrypt3(ti, ks1, ks2, ks3);
+                v0 = ti[0];
+                v1 = ti[1];
 
-				iv = &(*ivec)[0];
-				l2c(v0,iv);
-				l2c(v1,iv);
-				iv = &(*ivec)[0];
-				}
-			cc= *(in++);
-			c=iv[n];
-			iv[n]=cc;
-			*(out++)=c^cc;
-			n=(n+1)&0x07;
-			}
-		}
-	v0=v1=ti[0]=ti[1]=c=cc=0;
-	*num=n;
-	}
+                iv = &(*ivec)[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                iv = &(*ivec)[0];
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = c = cc = 0;
+    *num = n;
+}
 
-#ifdef undef /* MACRO */
-void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	     DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock (*ivec),
-	     int *num, int enc)
-	{
-	DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc);
-	}
+#ifdef undef                    /* MACRO */
+void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out,
+                            long length, DES_key_schedule ks1,
+                            DES_key_schedule ks2, DES_cblock (*ivec),
+                            int *num, int enc)
+{
+    DES_ede3_cfb64_encrypt(in, out, length, ks1, ks2, ks1, ivec, num, enc);
+}
 #endif
 
-/* This is compatible with the single key CFB-r for DES, even thought that's
+/*
+ * This is compatible with the single key CFB-r for DES, even thought that's
  * not what EVP needs.
  */
 
-void DES_ede3_cfb_encrypt(const unsigned char *in,unsigned char *out,
-			  int numbits,long length,DES_key_schedule *ks1,
-			  DES_key_schedule *ks2,DES_key_schedule *ks3,
-			  DES_cblock *ivec,int enc)
-	{
-	register DES_LONG d0,d1,v0,v1;
-	register unsigned long l=length,n=((unsigned int)numbits+7)/8;
-	register int num=numbits,i;
-	DES_LONG ti[2];
-	unsigned char *iv;
-	unsigned char ovec[16];
-
-	if (num > 64) return;
-	iv = &(*ivec)[0];
-	c2l(iv,v0);
-	c2l(iv,v1);
-	if (enc)
-		{
-		while (l >= n)
-			{
-			l-=n;
-			ti[0]=v0;
-			ti[1]=v1;
-			DES_encrypt3(ti,ks1,ks2,ks3);
-			c2ln(in,d0,d1,n);
-			in+=n;
-			d0^=ti[0];
-			d1^=ti[1];
-			l2cn(d0,d1,out,n);
-			out+=n;
-			/* 30-08-94 - eay - changed because l>>32 and
-			 * l<<32 are bad under gcc :-( */
-			if (num == 32)
-				{ v0=v1; v1=d0; }
-			else if (num == 64)
-				{ v0=d0; v1=d1; }
-			else
-				{
-				iv=&ovec[0];
-				l2c(v0,iv);
-				l2c(v1,iv);
-				l2c(d0,iv);
-				l2c(d1,iv);
-				/* shift ovec left most of the bits... */
-				memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
-				/* now the remaining bits */
-				if(num%8 != 0)
-					for(i=0 ; i < 8 ; ++i)
-						{
-						ovec[i]<<=num%8;
-						ovec[i]|=ovec[i+1]>>(8-num%8);
-						}
-				iv=&ovec[0];
-				c2l(iv,v0);
-				c2l(iv,v1);
-				}
-			}
-		}
-	else
-		{
-		while (l >= n)
-			{
-			l-=n;
-			ti[0]=v0;
-			ti[1]=v1;
-			DES_encrypt3(ti,ks1,ks2,ks3);
-			c2ln(in,d0,d1,n);
-			in+=n;
-			/* 30-08-94 - eay - changed because l>>32 and
-			 * l<<32 are bad under gcc :-( */
-			if (num == 32)
-				{ v0=v1; v1=d0; }
-			else if (num == 64)
-				{ v0=d0; v1=d1; }
-			else
-				{
-				iv=&ovec[0];
-				l2c(v0,iv);
-				l2c(v1,iv);
-				l2c(d0,iv);
-				l2c(d1,iv);
-				/* shift ovec left most of the bits... */
-				memmove(ovec,ovec+num/8,8+(num%8 ? 1 : 0));
-				/* now the remaining bits */
-				if(num%8 != 0)
-					for(i=0 ; i < 8 ; ++i)
-						{
-						ovec[i]<<=num%8;
-						ovec[i]|=ovec[i+1]>>(8-num%8);
-						}
-				iv=&ovec[0];
-				c2l(iv,v0);
-				c2l(iv,v1);
-				}
-			d0^=ti[0];
-			d1^=ti[1];
-			l2cn(d0,d1,out,n);
-			out+=n;
-			}
-		}
-	iv = &(*ivec)[0];
-	l2c(v0,iv);
-	l2c(v1,iv);
-	v0=v1=d0=d1=ti[0]=ti[1]=0;
-	}
+void DES_ede3_cfb_encrypt(const unsigned char *in, unsigned char *out,
+                          int numbits, long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_key_schedule *ks3,
+                          DES_cblock *ivec, int enc)
+{
+    register DES_LONG d0, d1, v0, v1;
+    register unsigned long l = length, n = ((unsigned int)numbits + 7) / 8;
+    register int num = numbits, i;
+    DES_LONG ti[2];
+    unsigned char *iv;
+    unsigned char ovec[16];
 
+    if (num > 64)
+        return;
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    if (enc) {
+        while (l >= n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt3(ti, ks1, ks2, ks3);
+            c2ln(in, d0, d1, n);
+            in += n;
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (num == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (num == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
+                /* shift ovec left most of the bits... */
+                memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
+                /* now the remaining bits */
+                if (num % 8 != 0)
+                    for (i = 0; i < 8; ++i) {
+                        ovec[i] <<= num % 8;
+                        ovec[i] |= ovec[i + 1] >> (8 - num % 8);
+                    }
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
+            }
+        }
+    } else {
+        while (l >= n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt3(ti, ks1, ks2, ks3);
+            c2ln(in, d0, d1, n);
+            in += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (num == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (num == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
+                /* shift ovec left most of the bits... */
+                memmove(ovec, ovec + num / 8, 8 + (num % 8 ? 1 : 0));
+                /* now the remaining bits */
+                if (num % 8 != 0)
+                    for (i = 0; i < 8; ++i) {
+                        ovec[i] <<= num % 8;
+                        ovec[i] |= ovec[i + 1] >> (8 - num % 8);
+                    }
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
+            }
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+        }
+    }
+    iv = &(*ivec)[0];
+    l2c(v0, iv);
+    l2c(v1, iv);
+    v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/cfb64enc.c b/Cryptlib/OpenSSL/crypto/des/cfb64enc.c
index 5ec8683e..7346774e 100644
--- a/Cryptlib/OpenSSL/crypto/des/cfb64enc.c
+++ b/Cryptlib/OpenSSL/crypto/des/cfb64enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -58,64 +58,65 @@
 
 #include "des_locl.h"
 
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
  */
 
 void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-		       long length, DES_key_schedule *schedule,
-		       DES_cblock *ivec, int *num, int enc)
-	{
-	register DES_LONG v0,v1;
-	register long l=length;
-	register int n= *num;
-	DES_LONG ti[2];
-	unsigned char *iv,c,cc;
-
-	iv = &(*ivec)[0];
-	if (enc)
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0); ti[0]=v0;
-				c2l(iv,v1); ti[1]=v1;
-				DES_encrypt1(ti,schedule,DES_ENCRYPT);
-				iv = &(*ivec)[0];
-				v0=ti[0]; l2c(v0,iv);
-				v0=ti[1]; l2c(v0,iv);
-				iv = &(*ivec)[0];
-				}
-			c= *(in++)^iv[n];
-			*(out++)=c;
-			iv[n]=c;
-			n=(n+1)&0x07;
-			}
-		}
-	else
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0); ti[0]=v0;
-				c2l(iv,v1); ti[1]=v1;
-				DES_encrypt1(ti,schedule,DES_ENCRYPT);
-				iv = &(*ivec)[0];
-				v0=ti[0]; l2c(v0,iv);
-				v0=ti[1]; l2c(v0,iv);
-				iv = &(*ivec)[0];
-				}
-			cc= *(in++);
-			c=iv[n];
-			iv[n]=cc;
-			*(out++)=c^cc;
-			n=(n+1)&0x07;
-			}
-		}
-	v0=v1=ti[0]=ti[1]=c=cc=0;
-	*num=n;
-	}
+                       long length, DES_key_schedule *schedule,
+                       DES_cblock *ivec, int *num, int enc)
+{
+    register DES_LONG v0, v1;
+    register long l = length;
+    register int n = *num;
+    DES_LONG ti[2];
+    unsigned char *iv, c, cc;
 
+    iv = &(*ivec)[0];
+    if (enc) {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                DES_encrypt1(ti, schedule, DES_ENCRYPT);
+                iv = &(*ivec)[0];
+                v0 = ti[0];
+                l2c(v0, iv);
+                v0 = ti[1];
+                l2c(v0, iv);
+                iv = &(*ivec)[0];
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                DES_encrypt1(ti, schedule, DES_ENCRYPT);
+                iv = &(*ivec)[0];
+                v0 = ti[0];
+                l2c(v0, iv);
+                v0 = ti[1];
+                l2c(v0, iv);
+                iv = &(*ivec)[0];
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = c = cc = 0;
+    *num = n;
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/cfb_enc.c b/Cryptlib/OpenSSL/crypto/des/cfb_enc.c
index 720f29a2..bd0e2997 100644
--- a/Cryptlib/OpenSSL/crypto/des/cfb_enc.c
+++ b/Cryptlib/OpenSSL/crypto/des/cfb_enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,136 +60,140 @@
 #include "des_locl.h"
 #include <assert.h>
 
-/* The input and output are loaded in multiples of 8 bits.
- * What this means is that if you hame numbits=12 and length=2
- * the first 12 bits will be retrieved from the first byte and half
- * the second.  The second 12 bits will come from the 3rd and half the 4th
- * byte.
+/*
+ * The input and output are loaded in multiples of 8 bits. What this means is
+ * that if you hame numbits=12 and length=2 the first 12 bits will be
+ * retrieved from the first byte and half the second.  The second 12 bits
+ * will come from the 3rd and half the 4th byte.
+ */
+/*
+ * Until Aug 1 2003 this function did not correctly implement CFB-r, so it
+ * will not be compatible with any encryption prior to that date. Ben.
  */
-/* Until Aug 1 2003 this function did not correctly implement CFB-r, so it
- * will not be compatible with any encryption prior to that date. Ben. */
 void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-		     long length, DES_key_schedule *schedule, DES_cblock *ivec,
-		     int enc)
-	{
-	register DES_LONG d0,d1,v0,v1;
-	register unsigned long l=length;
-	register int num=numbits/8,n=(numbits+7)/8,i,rem=numbits%8;
-	DES_LONG ti[2];
-	unsigned char *iv;
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec, int enc)
+{
+    register DES_LONG d0, d1, v0, v1;
+    register unsigned long l = length;
+    register int num = numbits / 8, n = (numbits + 7) / 8, i, rem =
+        numbits % 8;
+    DES_LONG ti[2];
+    unsigned char *iv;
 #ifndef L_ENDIAN
-	unsigned char ovec[16];
+    unsigned char ovec[16];
 #else
-	unsigned int  sh[4];
-	unsigned char *ovec=(unsigned char *)sh;
+    unsigned int sh[4];
+    unsigned char *ovec = (unsigned char *)sh;
+
+    /* I kind of count that compiler optimizes away this assertioni, */
+    assert(sizeof(sh[0]) == 4); /* as this holds true for all, */
+    /* but 16-bit platforms...      */
 
-	/* I kind of count that compiler optimizes away this assertioni,*/
-	assert (sizeof(sh[0])==4);	/* as this holds true for all,	*/
-					/* but 16-bit platforms...	*/
-					
 #endif
 
-	if (numbits<=0 || numbits > 64) return;
-	iv = &(*ivec)[0];
-	c2l(iv,v0);
-	c2l(iv,v1);
-	if (enc)
-		{
-		while (l >= (unsigned long)n)
-			{
-			l-=n;
-			ti[0]=v0;
-			ti[1]=v1;
-			DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
-			c2ln(in,d0,d1,n);
-			in+=n;
-			d0^=ti[0];
-			d1^=ti[1];
-			l2cn(d0,d1,out,n);
-			out+=n;
-			/* 30-08-94 - eay - changed because l>>32 and
-			 * l<<32 are bad under gcc :-( */
-			if (numbits == 32)
-				{ v0=v1; v1=d0; }
-			else if (numbits == 64)
-				{ v0=d0; v1=d1; }
-			else
-				{
+    if (numbits <= 0 || numbits > 64)
+        return;
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    if (enc) {
+        while (l >= (unsigned long)n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
+            c2ln(in, d0, d1, n);
+            in += n;
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (numbits == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (numbits == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
 #ifndef L_ENDIAN
-				iv=&ovec[0];
-				l2c(v0,iv);
-				l2c(v1,iv);
-				l2c(d0,iv);
-				l2c(d1,iv);
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
 #else
-				sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1;
+                sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1;
 #endif
-				if (rem==0)
-					memmove(ovec,ovec+num,8);
-				else
-					for(i=0 ; i < 8 ; ++i)
-						ovec[i]=ovec[i+num]<<rem |
-							ovec[i+num+1]>>(8-rem);
+                if (rem == 0)
+                    memmove(ovec, ovec + num, 8);
+                else
+                    for (i = 0; i < 8; ++i)
+                        ovec[i] = ovec[i + num] << rem |
+                            ovec[i + num + 1] >> (8 - rem);
 #ifdef L_ENDIAN
-				v0=sh[0], v1=sh[1];
+                v0 = sh[0], v1 = sh[1];
 #else
-				iv=&ovec[0];
-				c2l(iv,v0);
-				c2l(iv,v1);
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
 #endif
-				}
-			}
-		}
-	else
-		{
-		while (l >= (unsigned long)n)
-			{
-			l-=n;
-			ti[0]=v0;
-			ti[1]=v1;
-			DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
-			c2ln(in,d0,d1,n);
-			in+=n;
-			/* 30-08-94 - eay - changed because l>>32 and
-			 * l<<32 are bad under gcc :-( */
-			if (numbits == 32)
-				{ v0=v1; v1=d0; }
-			else if (numbits == 64)
-				{ v0=d0; v1=d1; }
-			else
-				{
+            }
+        }
+    } else {
+        while (l >= (unsigned long)n) {
+            l -= n;
+            ti[0] = v0;
+            ti[1] = v1;
+            DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
+            c2ln(in, d0, d1, n);
+            in += n;
+            /*
+             * 30-08-94 - eay - changed because l>>32 and l<<32 are bad under
+             * gcc :-(
+             */
+            if (numbits == 32) {
+                v0 = v1;
+                v1 = d0;
+            } else if (numbits == 64) {
+                v0 = d0;
+                v1 = d1;
+            } else {
 #ifndef L_ENDIAN
-				iv=&ovec[0];
-				l2c(v0,iv);
-				l2c(v1,iv);
-				l2c(d0,iv);
-				l2c(d1,iv);
+                iv = &ovec[0];
+                l2c(v0, iv);
+                l2c(v1, iv);
+                l2c(d0, iv);
+                l2c(d1, iv);
 #else
-				sh[0]=v0, sh[1]=v1, sh[2]=d0, sh[3]=d1;
+                sh[0] = v0, sh[1] = v1, sh[2] = d0, sh[3] = d1;
 #endif
-				if (rem==0)
-					memmove(ovec,ovec+num,8);
-				else
-					for(i=0 ; i < 8 ; ++i)
-						ovec[i]=ovec[i+num]<<rem |
-							ovec[i+num+1]>>(8-rem);
+                if (rem == 0)
+                    memmove(ovec, ovec + num, 8);
+                else
+                    for (i = 0; i < 8; ++i)
+                        ovec[i] = ovec[i + num] << rem |
+                            ovec[i + num + 1] >> (8 - rem);
 #ifdef L_ENDIAN
-				v0=sh[0], v1=sh[1];
+                v0 = sh[0], v1 = sh[1];
 #else
-				iv=&ovec[0];
-				c2l(iv,v0);
-				c2l(iv,v1);
+                iv = &ovec[0];
+                c2l(iv, v0);
+                c2l(iv, v1);
 #endif
-				}
-			d0^=ti[0];
-			d1^=ti[1];
-			l2cn(d0,d1,out,n);
-			out+=n;
-			}
-		}
-	iv = &(*ivec)[0];
-	l2c(v0,iv);
-	l2c(v1,iv);
-	v0=v1=d0=d1=ti[0]=ti[1]=0;
-	}
-
+            }
+            d0 ^= ti[0];
+            d1 ^= ti[1];
+            l2cn(d0, d1, out, n);
+            out += n;
+        }
+    }
+    iv = &(*ivec)[0];
+    l2c(v0, iv);
+    l2c(v1, iv);
+    v0 = v1 = d0 = d1 = ti[0] = ti[1] = 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/des_enc.c b/Cryptlib/OpenSSL/crypto/des/des_enc.c
index cf71965a..7be2a358 100644
--- a/Cryptlib/OpenSSL/crypto/des/des_enc.c
+++ b/Cryptlib/OpenSSL/crypto/des/des_enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,353 +59,342 @@
 #include "des_locl.h"
 
 void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
-	{
-	register DES_LONG l,r,t,u;
+{
+    register DES_LONG l, r, t, u;
 #ifdef DES_PTR
-	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
+    register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans;
 #endif
 #ifndef DES_UNROLL
-	register int i;
+    register int i;
 #endif
-	register DES_LONG *s;
-
-	r=data[0];
-	l=data[1];
-
-	IP(r,l);
-	/* Things have been modified so that the initial rotate is
-	 * done outside the loop.  This required the
-	 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
-	 * One perl script later and things have a 5% speed up on a sparc2.
-	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
-	 * for pointing this out. */
-	/* clear the top bits on machines with 8byte longs */
-	/* shift left by 2 */
-	r=ROTATE(r,29)&0xffffffffL;
-	l=ROTATE(l,29)&0xffffffffL;
-
-	s=ks->ks->deslong;
-	/* I don't know if it is worth the effort of loop unrolling the
-	 * inner loop */
-	if (enc)
-		{
+    register DES_LONG *s;
+
+    r = data[0];
+    l = data[1];
+
+    IP(r, l);
+    /*
+     * Things have been modified so that the initial rotate is done outside
+     * the loop.  This required the DES_SPtrans values in sp.h to be rotated
+     * 1 bit to the right. One perl script later and things have a 5% speed
+     * up on a sparc2. Thanks to Richard Outerbridge
+     * <71755.204@CompuServe.COM> for pointing this out.
+     */
+    /* clear the top bits on machines with 8byte longs */
+    /* shift left by 2 */
+    r = ROTATE(r, 29) & 0xffffffffL;
+    l = ROTATE(l, 29) & 0xffffffffL;
+
+    s = ks->ks->deslong;
+    /*
+     * I don't know if it is worth the effort of loop unrolling the inner
+     * loop
+     */
+    if (enc) {
 #ifdef DES_UNROLL
-		D_ENCRYPT(l,r, 0); /*  1 */
-		D_ENCRYPT(r,l, 2); /*  2 */
-		D_ENCRYPT(l,r, 4); /*  3 */
-		D_ENCRYPT(r,l, 6); /*  4 */
-		D_ENCRYPT(l,r, 8); /*  5 */
-		D_ENCRYPT(r,l,10); /*  6 */
-		D_ENCRYPT(l,r,12); /*  7 */
-		D_ENCRYPT(r,l,14); /*  8 */
-		D_ENCRYPT(l,r,16); /*  9 */
-		D_ENCRYPT(r,l,18); /*  10 */
-		D_ENCRYPT(l,r,20); /*  11 */
-		D_ENCRYPT(r,l,22); /*  12 */
-		D_ENCRYPT(l,r,24); /*  13 */
-		D_ENCRYPT(r,l,26); /*  14 */
-		D_ENCRYPT(l,r,28); /*  15 */
-		D_ENCRYPT(r,l,30); /*  16 */
+        D_ENCRYPT(l, r, 0);     /* 1 */
+        D_ENCRYPT(r, l, 2);     /* 2 */
+        D_ENCRYPT(l, r, 4);     /* 3 */
+        D_ENCRYPT(r, l, 6);     /* 4 */
+        D_ENCRYPT(l, r, 8);     /* 5 */
+        D_ENCRYPT(r, l, 10);    /* 6 */
+        D_ENCRYPT(l, r, 12);    /* 7 */
+        D_ENCRYPT(r, l, 14);    /* 8 */
+        D_ENCRYPT(l, r, 16);    /* 9 */
+        D_ENCRYPT(r, l, 18);    /* 10 */
+        D_ENCRYPT(l, r, 20);    /* 11 */
+        D_ENCRYPT(r, l, 22);    /* 12 */
+        D_ENCRYPT(l, r, 24);    /* 13 */
+        D_ENCRYPT(r, l, 26);    /* 14 */
+        D_ENCRYPT(l, r, 28);    /* 15 */
+        D_ENCRYPT(r, l, 30);    /* 16 */
 #else
-		for (i=0; i<32; i+=8)
-			{
-			D_ENCRYPT(l,r,i+0); /*  1 */
-			D_ENCRYPT(r,l,i+2); /*  2 */
-			D_ENCRYPT(l,r,i+4); /*  3 */
-			D_ENCRYPT(r,l,i+6); /*  4 */
-			}
+        for (i = 0; i < 32; i += 8) {
+            D_ENCRYPT(l, r, i + 0); /* 1 */
+            D_ENCRYPT(r, l, i + 2); /* 2 */
+            D_ENCRYPT(l, r, i + 4); /* 3 */
+            D_ENCRYPT(r, l, i + 6); /* 4 */
+        }
 #endif
-		}
-	else
-		{
+    } else {
 #ifdef DES_UNROLL
-		D_ENCRYPT(l,r,30); /* 16 */
-		D_ENCRYPT(r,l,28); /* 15 */
-		D_ENCRYPT(l,r,26); /* 14 */
-		D_ENCRYPT(r,l,24); /* 13 */
-		D_ENCRYPT(l,r,22); /* 12 */
-		D_ENCRYPT(r,l,20); /* 11 */
-		D_ENCRYPT(l,r,18); /* 10 */
-		D_ENCRYPT(r,l,16); /*  9 */
-		D_ENCRYPT(l,r,14); /*  8 */
-		D_ENCRYPT(r,l,12); /*  7 */
-		D_ENCRYPT(l,r,10); /*  6 */
-		D_ENCRYPT(r,l, 8); /*  5 */
-		D_ENCRYPT(l,r, 6); /*  4 */
-		D_ENCRYPT(r,l, 4); /*  3 */
-		D_ENCRYPT(l,r, 2); /*  2 */
-		D_ENCRYPT(r,l, 0); /*  1 */
+        D_ENCRYPT(l, r, 30);    /* 16 */
+        D_ENCRYPT(r, l, 28);    /* 15 */
+        D_ENCRYPT(l, r, 26);    /* 14 */
+        D_ENCRYPT(r, l, 24);    /* 13 */
+        D_ENCRYPT(l, r, 22);    /* 12 */
+        D_ENCRYPT(r, l, 20);    /* 11 */
+        D_ENCRYPT(l, r, 18);    /* 10 */
+        D_ENCRYPT(r, l, 16);    /* 9 */
+        D_ENCRYPT(l, r, 14);    /* 8 */
+        D_ENCRYPT(r, l, 12);    /* 7 */
+        D_ENCRYPT(l, r, 10);    /* 6 */
+        D_ENCRYPT(r, l, 8);     /* 5 */
+        D_ENCRYPT(l, r, 6);     /* 4 */
+        D_ENCRYPT(r, l, 4);     /* 3 */
+        D_ENCRYPT(l, r, 2);     /* 2 */
+        D_ENCRYPT(r, l, 0);     /* 1 */
 #else
-		for (i=30; i>0; i-=8)
-			{
-			D_ENCRYPT(l,r,i-0); /* 16 */
-			D_ENCRYPT(r,l,i-2); /* 15 */
-			D_ENCRYPT(l,r,i-4); /* 14 */
-			D_ENCRYPT(r,l,i-6); /* 13 */
-			}
+        for (i = 30; i > 0; i -= 8) {
+            D_ENCRYPT(l, r, i - 0); /* 16 */
+            D_ENCRYPT(r, l, i - 2); /* 15 */
+            D_ENCRYPT(l, r, i - 4); /* 14 */
+            D_ENCRYPT(r, l, i - 6); /* 13 */
+        }
 #endif
-		}
+    }
 
-	/* rotate and clear the top bits on machines with 8byte longs */
-	l=ROTATE(l,3)&0xffffffffL;
-	r=ROTATE(r,3)&0xffffffffL;
+    /* rotate and clear the top bits on machines with 8byte longs */
+    l = ROTATE(l, 3) & 0xffffffffL;
+    r = ROTATE(r, 3) & 0xffffffffL;
 
-	FP(r,l);
-	data[0]=l;
-	data[1]=r;
-	l=r=t=u=0;
-	}
+    FP(r, l);
+    data[0] = l;
+    data[1] = r;
+    l = r = t = u = 0;
+}
 
 void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc)
-	{
-	register DES_LONG l,r,t,u;
+{
+    register DES_LONG l, r, t, u;
 #ifdef DES_PTR
-	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
+    register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans;
 #endif
 #ifndef DES_UNROLL
-	register int i;
+    register int i;
 #endif
-	register DES_LONG *s;
-
-	r=data[0];
-	l=data[1];
-
-	/* Things have been modified so that the initial rotate is
-	 * done outside the loop.  This required the
-	 * DES_SPtrans values in sp.h to be rotated 1 bit to the right.
-	 * One perl script later and things have a 5% speed up on a sparc2.
-	 * Thanks to Richard Outerbridge <71755.204@CompuServe.COM>
-	 * for pointing this out. */
-	/* clear the top bits on machines with 8byte longs */
-	r=ROTATE(r,29)&0xffffffffL;
-	l=ROTATE(l,29)&0xffffffffL;
-
-	s=ks->ks->deslong;
-	/* I don't know if it is worth the effort of loop unrolling the
-	 * inner loop */
-	if (enc)
-		{
+    register DES_LONG *s;
+
+    r = data[0];
+    l = data[1];
+
+    /*
+     * Things have been modified so that the initial rotate is done outside
+     * the loop.  This required the DES_SPtrans values in sp.h to be rotated
+     * 1 bit to the right. One perl script later and things have a 5% speed
+     * up on a sparc2. Thanks to Richard Outerbridge
+     * <71755.204@CompuServe.COM> for pointing this out.
+     */
+    /* clear the top bits on machines with 8byte longs */
+    r = ROTATE(r, 29) & 0xffffffffL;
+    l = ROTATE(l, 29) & 0xffffffffL;
+
+    s = ks->ks->deslong;
+    /*
+     * I don't know if it is worth the effort of loop unrolling the inner
+     * loop
+     */
+    if (enc) {
 #ifdef DES_UNROLL
-		D_ENCRYPT(l,r, 0); /*  1 */
-		D_ENCRYPT(r,l, 2); /*  2 */
-		D_ENCRYPT(l,r, 4); /*  3 */
-		D_ENCRYPT(r,l, 6); /*  4 */
-		D_ENCRYPT(l,r, 8); /*  5 */
-		D_ENCRYPT(r,l,10); /*  6 */
-		D_ENCRYPT(l,r,12); /*  7 */
-		D_ENCRYPT(r,l,14); /*  8 */
-		D_ENCRYPT(l,r,16); /*  9 */
-		D_ENCRYPT(r,l,18); /*  10 */
-		D_ENCRYPT(l,r,20); /*  11 */
-		D_ENCRYPT(r,l,22); /*  12 */
-		D_ENCRYPT(l,r,24); /*  13 */
-		D_ENCRYPT(r,l,26); /*  14 */
-		D_ENCRYPT(l,r,28); /*  15 */
-		D_ENCRYPT(r,l,30); /*  16 */
+        D_ENCRYPT(l, r, 0);     /* 1 */
+        D_ENCRYPT(r, l, 2);     /* 2 */
+        D_ENCRYPT(l, r, 4);     /* 3 */
+        D_ENCRYPT(r, l, 6);     /* 4 */
+        D_ENCRYPT(l, r, 8);     /* 5 */
+        D_ENCRYPT(r, l, 10);    /* 6 */
+        D_ENCRYPT(l, r, 12);    /* 7 */
+        D_ENCRYPT(r, l, 14);    /* 8 */
+        D_ENCRYPT(l, r, 16);    /* 9 */
+        D_ENCRYPT(r, l, 18);    /* 10 */
+        D_ENCRYPT(l, r, 20);    /* 11 */
+        D_ENCRYPT(r, l, 22);    /* 12 */
+        D_ENCRYPT(l, r, 24);    /* 13 */
+        D_ENCRYPT(r, l, 26);    /* 14 */
+        D_ENCRYPT(l, r, 28);    /* 15 */
+        D_ENCRYPT(r, l, 30);    /* 16 */
 #else
-		for (i=0; i<32; i+=8)
-			{
-			D_ENCRYPT(l,r,i+0); /*  1 */
-			D_ENCRYPT(r,l,i+2); /*  2 */
-			D_ENCRYPT(l,r,i+4); /*  3 */
-			D_ENCRYPT(r,l,i+6); /*  4 */
-			}
+        for (i = 0; i < 32; i += 8) {
+            D_ENCRYPT(l, r, i + 0); /* 1 */
+            D_ENCRYPT(r, l, i + 2); /* 2 */
+            D_ENCRYPT(l, r, i + 4); /* 3 */
+            D_ENCRYPT(r, l, i + 6); /* 4 */
+        }
 #endif
-		}
-	else
-		{
+    } else {
 #ifdef DES_UNROLL
-		D_ENCRYPT(l,r,30); /* 16 */
-		D_ENCRYPT(r,l,28); /* 15 */
-		D_ENCRYPT(l,r,26); /* 14 */
-		D_ENCRYPT(r,l,24); /* 13 */
-		D_ENCRYPT(l,r,22); /* 12 */
-		D_ENCRYPT(r,l,20); /* 11 */
-		D_ENCRYPT(l,r,18); /* 10 */
-		D_ENCRYPT(r,l,16); /*  9 */
-		D_ENCRYPT(l,r,14); /*  8 */
-		D_ENCRYPT(r,l,12); /*  7 */
-		D_ENCRYPT(l,r,10); /*  6 */
-		D_ENCRYPT(r,l, 8); /*  5 */
-		D_ENCRYPT(l,r, 6); /*  4 */
-		D_ENCRYPT(r,l, 4); /*  3 */
-		D_ENCRYPT(l,r, 2); /*  2 */
-		D_ENCRYPT(r,l, 0); /*  1 */
+        D_ENCRYPT(l, r, 30);    /* 16 */
+        D_ENCRYPT(r, l, 28);    /* 15 */
+        D_ENCRYPT(l, r, 26);    /* 14 */
+        D_ENCRYPT(r, l, 24);    /* 13 */
+        D_ENCRYPT(l, r, 22);    /* 12 */
+        D_ENCRYPT(r, l, 20);    /* 11 */
+        D_ENCRYPT(l, r, 18);    /* 10 */
+        D_ENCRYPT(r, l, 16);    /* 9 */
+        D_ENCRYPT(l, r, 14);    /* 8 */
+        D_ENCRYPT(r, l, 12);    /* 7 */
+        D_ENCRYPT(l, r, 10);    /* 6 */
+        D_ENCRYPT(r, l, 8);     /* 5 */
+        D_ENCRYPT(l, r, 6);     /* 4 */
+        D_ENCRYPT(r, l, 4);     /* 3 */
+        D_ENCRYPT(l, r, 2);     /* 2 */
+        D_ENCRYPT(r, l, 0);     /* 1 */
 #else
-		for (i=30; i>0; i-=8)
-			{
-			D_ENCRYPT(l,r,i-0); /* 16 */
-			D_ENCRYPT(r,l,i-2); /* 15 */
-			D_ENCRYPT(l,r,i-4); /* 14 */
-			D_ENCRYPT(r,l,i-6); /* 13 */
-			}
+        for (i = 30; i > 0; i -= 8) {
+            D_ENCRYPT(l, r, i - 0); /* 16 */
+            D_ENCRYPT(r, l, i - 2); /* 15 */
+            D_ENCRYPT(l, r, i - 4); /* 14 */
+            D_ENCRYPT(r, l, i - 6); /* 13 */
+        }
 #endif
-		}
-	/* rotate and clear the top bits on machines with 8byte longs */
-	data[0]=ROTATE(l,3)&0xffffffffL;
-	data[1]=ROTATE(r,3)&0xffffffffL;
-	l=r=t=u=0;
-	}
+    }
+    /* rotate and clear the top bits on machines with 8byte longs */
+    data[0] = ROTATE(l, 3) & 0xffffffffL;
+    data[1] = ROTATE(r, 3) & 0xffffffffL;
+    l = r = t = u = 0;
+}
 
 void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1,
-		  DES_key_schedule *ks2, DES_key_schedule *ks3)
-	{
-	register DES_LONG l,r;
-
-	l=data[0];
-	r=data[1];
-	IP(l,r);
-	data[0]=l;
-	data[1]=r;
-	DES_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT);
-	DES_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT);
-	DES_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT);
-	l=data[0];
-	r=data[1];
-	FP(r,l);
-	data[0]=l;
-	data[1]=r;
-	}
+                  DES_key_schedule *ks2, DES_key_schedule *ks3)
+{
+    register DES_LONG l, r;
+
+    l = data[0];
+    r = data[1];
+    IP(l, r);
+    data[0] = l;
+    data[1] = r;
+    DES_encrypt2((DES_LONG *)data, ks1, DES_ENCRYPT);
+    DES_encrypt2((DES_LONG *)data, ks2, DES_DECRYPT);
+    DES_encrypt2((DES_LONG *)data, ks3, DES_ENCRYPT);
+    l = data[0];
+    r = data[1];
+    FP(r, l);
+    data[0] = l;
+    data[1] = r;
+}
 
 void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1,
-		  DES_key_schedule *ks2, DES_key_schedule *ks3)
-	{
-	register DES_LONG l,r;
-
-	l=data[0];
-	r=data[1];
-	IP(l,r);
-	data[0]=l;
-	data[1]=r;
-	DES_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT);
-	DES_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT);
-	DES_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT);
-	l=data[0];
-	r=data[1];
-	FP(r,l);
-	data[0]=l;
-	data[1]=r;
-	}
+                  DES_key_schedule *ks2, DES_key_schedule *ks3)
+{
+    register DES_LONG l, r;
+
+    l = data[0];
+    r = data[1];
+    IP(l, r);
+    data[0] = l;
+    data[1] = r;
+    DES_encrypt2((DES_LONG *)data, ks3, DES_DECRYPT);
+    DES_encrypt2((DES_LONG *)data, ks2, DES_ENCRYPT);
+    DES_encrypt2((DES_LONG *)data, ks1, DES_DECRYPT);
+    l = data[0];
+    r = data[1];
+    FP(r, l);
+    data[0] = l;
+    data[1] = r;
+}
 
 #ifndef DES_DEFAULT_OPTIONS
 
-#if !defined(OPENSSL_FIPS_DES_ASM)
+# if !defined(OPENSSL_FIPS_DES_ASM)
 
-#undef CBC_ENC_C__DONT_UPDATE_IV
-#include "ncbc_enc.c" /* DES_ncbc_encrypt */
+#  undef CBC_ENC_C__DONT_UPDATE_IV
+#  include "ncbc_enc.c"         /* DES_ncbc_encrypt */
 
 void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output,
-			  long length, DES_key_schedule *ks1,
-			  DES_key_schedule *ks2, DES_key_schedule *ks3,
-			  DES_cblock *ivec, int enc)
-	{
-	register DES_LONG tin0,tin1;
-	register DES_LONG tout0,tout1,xor0,xor1;
-	register const unsigned char *in;
-	unsigned char *out;
-	register long l=length;
-	DES_LONG tin[2];
-	unsigned char *iv;
-
-	in=input;
-	out=output;
-	iv = &(*ivec)[0];
-
-	if (enc)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			tin0^=tout0;
-			tin1^=tout1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-
-			l2c(tout0,out);
-			l2c(tout1,out);
-			}
-		if (l != -8)
-			{
-			c2ln(in,tin0,tin1,l+8);
-			tin0^=tout0;
-			tin1^=tout1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-
-			l2c(tout0,out);
-			l2c(tout1,out);
-			}
-		iv = &(*ivec)[0];
-		l2c(tout0,iv);
-		l2c(tout1,iv);
-		}
-	else
-		{
-		register DES_LONG t0,t1;
-
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-
-			t0=tin0;
-			t1=tin1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-
-			tout0^=xor0;
-			tout1^=xor1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			xor0=t0;
-			xor1=t1;
-			}
-		if (l != -8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			
-			t0=tin0;
-			t1=tin1;
-
-			tin[0]=tin0;
-			tin[1]=tin1;
-			DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3);
-			tout0=tin[0];
-			tout1=tin[1];
-		
-			tout0^=xor0;
-			tout1^=xor1;
-			l2cn(tout0,tout1,out,l+8);
-			xor0=t0;
-			xor1=t1;
-			}
-
-		iv = &(*ivec)[0];
-		l2c(xor0,iv);
-		l2c(xor1,iv);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
-
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
+                          long length, DES_key_schedule *ks1,
+                          DES_key_schedule *ks2, DES_key_schedule *ks3,
+                          DES_cblock *ivec, int enc)
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG tout0, tout1, xor0, xor1;
+    register const unsigned char *in;
+    unsigned char *out;
+    register long l = length;
+    DES_LONG tin[2];
+    unsigned char *iv;
+
+    in = input;
+    out = output;
+    iv = &(*ivec)[0];
+
+    if (enc) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            l2c(tout0, out);
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_encrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            l2c(tout0, out);
+            l2c(tout1, out);
+        }
+        iv = &(*ivec)[0];
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+    } else {
+        register DES_LONG t0, t1;
+
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+
+            t0 = tin0;
+            t1 = tin1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            tout0 ^= xor0;
+            tout1 ^= xor1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = t0;
+            xor1 = t1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+
+            t0 = tin0;
+            t1 = tin1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_decrypt3((DES_LONG *)tin, ks1, ks2, ks3);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            tout0 ^= xor0;
+            tout1 ^= xor1;
+            l2cn(tout0, tout1, out, l + 8);
+            xor0 = t0;
+            xor1 = t1;
+        }
+
+        iv = &(*ivec)[0];
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
+
+# endif
+
+#endif                          /* DES_DEFAULT_OPTIONS */
diff --git a/Cryptlib/OpenSSL/crypto/des/des_lib.c b/Cryptlib/OpenSSL/crypto/des/des_lib.c
index d4b30479..391fe4cf 100644
--- a/Cryptlib/OpenSSL/crypto/des/des_lib.c
+++ b/Cryptlib/OpenSSL/crypto/des/des_lib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,46 +61,44 @@
 #include <openssl/opensslv.h>
 #include <openssl/bio.h>
 
-OPENSSL_GLOBAL const char libdes_version[]="libdes" OPENSSL_VERSION_PTEXT;
-OPENSSL_GLOBAL const char DES_version[]="DES" OPENSSL_VERSION_PTEXT;
+OPENSSL_GLOBAL const char libdes_version[] = "libdes" OPENSSL_VERSION_PTEXT;
+OPENSSL_GLOBAL const char DES_version[] = "DES" OPENSSL_VERSION_PTEXT;
 
 const char *DES_options(void)
-	{
-	static int init=1;
-	static char buf[32];
+{
+    static int init = 1;
+    static char buf[32];
 
-	if (init)
-		{
-		const char *ptr,*unroll,*risc,*size;
+    if (init) {
+        const char *ptr, *unroll, *risc, *size;
 
 #ifdef DES_PTR
-		ptr="ptr";
+        ptr = "ptr";
 #else
-		ptr="idx";
+        ptr = "idx";
 #endif
 #if defined(DES_RISC1) || defined(DES_RISC2)
-#ifdef DES_RISC1
-		risc="risc1";
-#endif
-#ifdef DES_RISC2
-		risc="risc2";
-#endif
+# ifdef DES_RISC1
+        risc = "risc1";
+# endif
+# ifdef DES_RISC2
+        risc = "risc2";
+# endif
 #else
-		risc="cisc";
+        risc = "cisc";
 #endif
 #ifdef DES_UNROLL
-		unroll="16";
+        unroll = "16";
 #else
-		unroll="4";
+        unroll = "4";
 #endif
-		if (sizeof(DES_LONG) != sizeof(long))
-			size="int";
-		else
-			size="long";
-		BIO_snprintf(buf,sizeof buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,
-			     size);
-		init=0;
-		}
-	return(buf);
-	}
-
+        if (sizeof(DES_LONG) != sizeof(long))
+            size = "int";
+        else
+            size = "long";
+        BIO_snprintf(buf, sizeof buf, "des(%s,%s,%s,%s)", ptr, risc, unroll,
+                     size);
+        init = 0;
+    }
+    return (buf);
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/des_old.c b/Cryptlib/OpenSSL/crypto/des/des_old.c
index 7c33ed7a..54b0968e 100644
--- a/Cryptlib/OpenSSL/crypto/des/des_old.c
+++ b/Cryptlib/OpenSSL/crypto/des/des_old.c
@@ -1,6 +1,7 @@
 /* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+/*-
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
  *
  * The function names in here are deprecated and are only present to
  * provide an interface compatible with libdes.  OpenSSL now provides
@@ -15,8 +16,9 @@
  * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
  */
 
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
@@ -26,7 +28,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -77,197 +79,267 @@
 #include <openssl/rand.h>
 
 const char *_ossl_old_des_options(void)
-	{
-	return DES_options();
-	}
-void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	des_key_schedule ks1,des_key_schedule ks2,
-	des_key_schedule ks3, int enc)
-	{
-	DES_ecb3_encrypt((const_DES_cblock *)input, output,
-		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-		(DES_key_schedule *)ks3, enc);
-	}
-DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)
-	{
-	return DES_cbc_cksum((unsigned char *)input, output, length,
-		(DES_key_schedule *)schedule, ivec);
-	}
-void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
-	{
-	DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
-		length, (DES_key_schedule *)schedule, ivec, enc);
-	}
-void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
-	{
-	DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output,
-		length, (DES_key_schedule *)schedule, ivec, enc);
-	}
-void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	des_key_schedule schedule,_ossl_old_des_cblock *ivec,
-	_ossl_old_des_cblock *inw,_ossl_old_des_cblock *outw,int enc)
-	{
-	DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output,
-		length, (DES_key_schedule *)schedule, ivec, inw, outw, enc);
-	}
-void _ossl_old_des_cfb_encrypt(unsigned char *in,unsigned char *out,int numbits,
-	long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
-	{
-	DES_cfb_encrypt(in, out, numbits, length,
-		(DES_key_schedule *)schedule, ivec, enc);
-	}
-void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	des_key_schedule ks,int enc)
-	{
-	DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc);
-	}
-void _ossl_old_des_encrypt(DES_LONG *data,des_key_schedule ks, int enc)
-	{
-	DES_encrypt1(data, (DES_key_schedule *)ks, enc);
-	}
-void _ossl_old_des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc)
-	{
-	DES_encrypt2(data, (DES_key_schedule *)ks, enc);
-	}
+{
+    return DES_options();
+}
+
+void _ossl_old_des_ecb3_encrypt(_ossl_old_des_cblock *input,
+                                _ossl_old_des_cblock *output,
+                                des_key_schedule ks1, des_key_schedule ks2,
+                                des_key_schedule ks3, int enc)
+{
+    DES_ecb3_encrypt((const_DES_cblock *)input, output,
+                     (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                     (DES_key_schedule *)ks3, enc);
+}
+
+DES_LONG _ossl_old_des_cbc_cksum(_ossl_old_des_cblock *input,
+                                 _ossl_old_des_cblock *output, long length,
+                                 des_key_schedule schedule,
+                                 _ossl_old_des_cblock *ivec)
+{
+    return DES_cbc_cksum((unsigned char *)input, output, length,
+                         (DES_key_schedule *)schedule, ivec);
+}
+
+void _ossl_old_des_cbc_encrypt(_ossl_old_des_cblock *input,
+                               _ossl_old_des_cblock *output, long length,
+                               des_key_schedule schedule,
+                               _ossl_old_des_cblock *ivec, int enc)
+{
+    DES_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                    length, (DES_key_schedule *)schedule, ivec, enc);
+}
+
+void _ossl_old_des_ncbc_encrypt(_ossl_old_des_cblock *input,
+                                _ossl_old_des_cblock *output, long length,
+                                des_key_schedule schedule,
+                                _ossl_old_des_cblock *ivec, int enc)
+{
+    DES_ncbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                     length, (DES_key_schedule *)schedule, ivec, enc);
+}
+
+void _ossl_old_des_xcbc_encrypt(_ossl_old_des_cblock *input,
+                                _ossl_old_des_cblock *output, long length,
+                                des_key_schedule schedule,
+                                _ossl_old_des_cblock *ivec,
+                                _ossl_old_des_cblock *inw,
+                                _ossl_old_des_cblock *outw, int enc)
+{
+    DES_xcbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                     length, (DES_key_schedule *)schedule, ivec, inw, outw,
+                     enc);
+}
+
+void _ossl_old_des_cfb_encrypt(unsigned char *in, unsigned char *out,
+                               int numbits, long length,
+                               des_key_schedule schedule,
+                               _ossl_old_des_cblock *ivec, int enc)
+{
+    DES_cfb_encrypt(in, out, numbits, length,
+                    (DES_key_schedule *)schedule, ivec, enc);
+}
+
+void _ossl_old_des_ecb_encrypt(_ossl_old_des_cblock *input,
+                               _ossl_old_des_cblock *output,
+                               des_key_schedule ks, int enc)
+{
+    DES_ecb_encrypt(input, output, (DES_key_schedule *)ks, enc);
+}
+
+void _ossl_old_des_encrypt(DES_LONG *data, des_key_schedule ks, int enc)
+{
+    DES_encrypt1(data, (DES_key_schedule *)ks, enc);
+}
+
+void _ossl_old_des_encrypt2(DES_LONG *data, des_key_schedule ks, int enc)
+{
+    DES_encrypt2(data, (DES_key_schedule *)ks, enc);
+}
+
 void _ossl_old_des_encrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3)
-	{
-	DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-		(DES_key_schedule *)ks3);
-	}
+                            des_key_schedule ks2, des_key_schedule ks3)
+{
+    DES_encrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                 (DES_key_schedule *)ks3);
+}
+
 void _ossl_old_des_decrypt3(DES_LONG *data, des_key_schedule ks1,
-	des_key_schedule ks2, des_key_schedule ks3)
-	{
-	DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-		(DES_key_schedule *)ks3);
-	}
-void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input, _ossl_old_des_cblock *output, 
-	long length, des_key_schedule ks1, des_key_schedule ks2, 
-	des_key_schedule ks3, _ossl_old_des_cblock *ivec, int enc)
-	{
-	DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
-		length, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-		(DES_key_schedule *)ks3, ivec, enc);
-	}
+                            des_key_schedule ks2, des_key_schedule ks3)
+{
+    DES_decrypt3(data, (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                 (DES_key_schedule *)ks3);
+}
+
+void _ossl_old_des_ede3_cbc_encrypt(_ossl_old_des_cblock *input,
+                                    _ossl_old_des_cblock *output, long length,
+                                    des_key_schedule ks1,
+                                    des_key_schedule ks2,
+                                    des_key_schedule ks3,
+                                    _ossl_old_des_cblock *ivec, int enc)
+{
+    DES_ede3_cbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                         length, (DES_key_schedule *)ks1,
+                         (DES_key_schedule *)ks2, (DES_key_schedule *)ks3,
+                         ivec, enc);
+}
+
 void _ossl_old_des_ede3_cfb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num, int enc)
-	{
-	DES_ede3_cfb64_encrypt(in, out, length,
-		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-		(DES_key_schedule *)ks3, ivec, num, enc);
-	}
+                                      long length, des_key_schedule ks1,
+                                      des_key_schedule ks2,
+                                      des_key_schedule ks3,
+                                      _ossl_old_des_cblock *ivec, int *num,
+                                      int enc)
+{
+    DES_ede3_cfb64_encrypt(in, out, length,
+                           (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                           (DES_key_schedule *)ks3, ivec, num, enc);
+}
+
 void _ossl_old_des_ede3_ofb64_encrypt(unsigned char *in, unsigned char *out,
-	long length, des_key_schedule ks1, des_key_schedule ks2,
-	des_key_schedule ks3, _ossl_old_des_cblock *ivec, int *num)
-	{
-	DES_ede3_ofb64_encrypt(in, out, length,
-		(DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
-		(DES_key_schedule *)ks3, ivec, num);
-	}
-
-#if 0 /* broken code, preserved just in case anyone specifically looks for this */
-void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key), _ossl_old_des_cblock (*in_white),
-	_ossl_old_des_cblock (*out_white))
-	{
-	DES_xwhite_in2out(des_key, in_white, out_white);
-	}
+                                      long length, des_key_schedule ks1,
+                                      des_key_schedule ks2,
+                                      des_key_schedule ks3,
+                                      _ossl_old_des_cblock *ivec, int *num)
+{
+    DES_ede3_ofb64_encrypt(in, out, length,
+                           (DES_key_schedule *)ks1, (DES_key_schedule *)ks2,
+                           (DES_key_schedule *)ks3, ivec, num);
+}
+
+#if 0                           /* broken code, preserved just in case anyone
+                                 * specifically looks for this */
+void _ossl_old_des_xwhite_in2out(_ossl_old_des_cblock (*des_key),
+                                 _ossl_old_des_cblock (*in_white),
+                                 _ossl_old_des_cblock (*out_white))
+{
+    DES_xwhite_in2out(des_key, in_white, out_white);
+}
 #endif
 
-int _ossl_old_des_enc_read(int fd,char *buf,int len,des_key_schedule sched,
-	_ossl_old_des_cblock *iv)
-	{
-	return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv);
-	}
-int _ossl_old_des_enc_write(int fd,char *buf,int len,des_key_schedule sched,
-	_ossl_old_des_cblock *iv)
-	{
-	return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv);
-	}
-char *_ossl_old_des_fcrypt(const char *buf,const char *salt, char *ret)
-	{
-	return DES_fcrypt(buf, salt, ret);
-	}
-char *_ossl_old_des_crypt(const char *buf,const char *salt)
-	{
-	return DES_crypt(buf, salt);
-	}
-char *_ossl_old_crypt(const char *buf,const char *salt)
-	{
-	return DES_crypt(buf, salt);
-	}
-void _ossl_old_des_ofb_encrypt(unsigned char *in,unsigned char *out,
-	int numbits,long length,des_key_schedule schedule,_ossl_old_des_cblock *ivec)
-	{
-	DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule,
-		ivec);
-	}
-void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,long length,
-	des_key_schedule schedule,_ossl_old_des_cblock *ivec,int enc)
-	{
-	DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output,
-		length, (DES_key_schedule *)schedule, ivec, enc);
-	}
-DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,_ossl_old_des_cblock *output,
-	long length,int out_count,_ossl_old_des_cblock *seed)
-	{
-	return DES_quad_cksum((unsigned char *)input, output, length,
-		out_count, seed);
-	}
+int _ossl_old_des_enc_read(int fd, char *buf, int len, des_key_schedule sched,
+                           _ossl_old_des_cblock *iv)
+{
+    return DES_enc_read(fd, buf, len, (DES_key_schedule *)sched, iv);
+}
+
+int _ossl_old_des_enc_write(int fd, char *buf, int len,
+                            des_key_schedule sched, _ossl_old_des_cblock *iv)
+{
+    return DES_enc_write(fd, buf, len, (DES_key_schedule *)sched, iv);
+}
+
+char *_ossl_old_des_fcrypt(const char *buf, const char *salt, char *ret)
+{
+    return DES_fcrypt(buf, salt, ret);
+}
+
+char *_ossl_old_des_crypt(const char *buf, const char *salt)
+{
+    return DES_crypt(buf, salt);
+}
+
+char *_ossl_old_crypt(const char *buf, const char *salt)
+{
+    return DES_crypt(buf, salt);
+}
+
+void _ossl_old_des_ofb_encrypt(unsigned char *in, unsigned char *out,
+                               int numbits, long length,
+                               des_key_schedule schedule,
+                               _ossl_old_des_cblock *ivec)
+{
+    DES_ofb_encrypt(in, out, numbits, length, (DES_key_schedule *)schedule,
+                    ivec);
+}
+
+void _ossl_old_des_pcbc_encrypt(_ossl_old_des_cblock *input,
+                                _ossl_old_des_cblock *output, long length,
+                                des_key_schedule schedule,
+                                _ossl_old_des_cblock *ivec, int enc)
+{
+    DES_pcbc_encrypt((unsigned char *)input, (unsigned char *)output,
+                     length, (DES_key_schedule *)schedule, ivec, enc);
+}
+
+DES_LONG _ossl_old_des_quad_cksum(_ossl_old_des_cblock *input,
+                                  _ossl_old_des_cblock *output, long length,
+                                  int out_count, _ossl_old_des_cblock *seed)
+{
+    return DES_quad_cksum((unsigned char *)input, output, length,
+                          out_count, seed);
+}
+
 void _ossl_old_des_random_seed(_ossl_old_des_cblock key)
-	{
-	RAND_seed(key, sizeof(_ossl_old_des_cblock));
-	}
+{
+    RAND_seed(key, sizeof(_ossl_old_des_cblock));
+}
+
 void _ossl_old_des_random_key(_ossl_old_des_cblock ret)
-	{
-	DES_random_key((DES_cblock *)ret);
-	}
+{
+    DES_random_key((DES_cblock *)ret);
+}
+
 int _ossl_old_des_read_password(_ossl_old_des_cblock *key, const char *prompt,
-				int verify)
-	{
-	return DES_read_password(key, prompt, verify);
-	}
-int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1, _ossl_old_des_cblock *key2,
-	const char *prompt, int verify)
-	{
-	return DES_read_2passwords(key1, key2, prompt, verify);
-	}
+                                int verify)
+{
+    return DES_read_password(key, prompt, verify);
+}
+
+int _ossl_old_des_read_2passwords(_ossl_old_des_cblock *key1,
+                                  _ossl_old_des_cblock *key2,
+                                  const char *prompt, int verify)
+{
+    return DES_read_2passwords(key1, key2, prompt, verify);
+}
+
 void _ossl_old_des_set_odd_parity(_ossl_old_des_cblock *key)
-	{
-	DES_set_odd_parity(key);
-	}
+{
+    DES_set_odd_parity(key);
+}
+
 int _ossl_old_des_is_weak_key(_ossl_old_des_cblock *key)
-	{
-	return DES_is_weak_key(key);
-	}
-int _ossl_old_des_set_key(_ossl_old_des_cblock *key,des_key_schedule schedule)
-	{
-	return DES_set_key(key, (DES_key_schedule *)schedule);
-	}
-int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,des_key_schedule schedule)
-	{
-	return DES_key_sched(key, (DES_key_schedule *)schedule);
-	}
-void _ossl_old_des_string_to_key(char *str,_ossl_old_des_cblock *key)
-	{
-	DES_string_to_key(str, key);
-	}
-void _ossl_old_des_string_to_2keys(char *str,_ossl_old_des_cblock *key1,_ossl_old_des_cblock *key2)
-	{
-	DES_string_to_2keys(str, key1, key2);
-	}
-void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num, int enc)
-	{
-	DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
-		ivec, num, enc);
-	}
-void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out, long length,
-	des_key_schedule schedule, _ossl_old_des_cblock *ivec, int *num)
-	{
-	DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
-		ivec, num);
-	}
+{
+    return DES_is_weak_key(key);
+}
+
+int _ossl_old_des_set_key(_ossl_old_des_cblock *key,
+                          des_key_schedule schedule)
+{
+    return DES_set_key(key, (DES_key_schedule *)schedule);
+}
+
+int _ossl_old_des_key_sched(_ossl_old_des_cblock *key,
+                            des_key_schedule schedule)
+{
+    return DES_key_sched(key, (DES_key_schedule *)schedule);
+}
+
+void _ossl_old_des_string_to_key(char *str, _ossl_old_des_cblock *key)
+{
+    DES_string_to_key(str, key);
+}
+
+void _ossl_old_des_string_to_2keys(char *str, _ossl_old_des_cblock *key1,
+                                   _ossl_old_des_cblock *key2)
+{
+    DES_string_to_2keys(str, key1, key2);
+}
+
+void _ossl_old_des_cfb64_encrypt(unsigned char *in, unsigned char *out,
+                                 long length, des_key_schedule schedule,
+                                 _ossl_old_des_cblock *ivec, int *num,
+                                 int enc)
+{
+    DES_cfb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
+                      ivec, num, enc);
+}
+
+void _ossl_old_des_ofb64_encrypt(unsigned char *in, unsigned char *out,
+                                 long length, des_key_schedule schedule,
+                                 _ossl_old_des_cblock *ivec, int *num)
+{
+    DES_ofb64_encrypt(in, out, length, (DES_key_schedule *)schedule,
+                      ivec, num);
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/des_old2.c b/Cryptlib/OpenSSL/crypto/des/des_old2.c
index c8fa3ee1..f7d28a67 100644
--- a/Cryptlib/OpenSSL/crypto/des/des_old2.c
+++ b/Cryptlib/OpenSSL/crypto/des/des_old2.c
@@ -1,22 +1,20 @@
 /* crypto/des/des_old.c -*- mode:C; c-file-style: "eay" -*- */
 
-/* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
- *
- * The function names in here are deprecated and are only present to
- * provide an interface compatible with OpenSSL 0.9.6c.  OpenSSL now
- * provides functions where "des_" has been replaced with "DES_" in
- * the names, to make it possible to make incompatible changes that
- * are needed for C type security and other stuff.
- *
- * Please consider starting to use the DES_ functions rather than the
- * des_ ones.  The des_ functions will dissapear completely before
- * OpenSSL 1.0!
- *
- * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+/*
+ * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING The
+ * function names in here are deprecated and are only present to provide an
+ * interface compatible with OpenSSL 0.9.6c.  OpenSSL now provides functions
+ * where "des_" has been replaced with "DES_" in the names, to make it
+ * possible to make incompatible changes that are needed for C type security
+ * and other stuff. Please consider starting to use the DES_ functions
+ * rather than the des_ ones.  The des_ functions will dissapear completely
+ * before OpenSSL 1.0! WARNING WARNING WARNING WARNING WARNING WARNING
+ * WARNING WARNING
  */
 
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
@@ -26,7 +24,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -77,6 +75,6 @@
 #include <openssl/rand.h>
 
 void _ossl_096_des_random_seed(DES_cblock *key)
-	{
-	RAND_seed(key, sizeof(DES_cblock));
-	}
+{
+    RAND_seed(key, sizeof(DES_cblock));
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c
index c3437bc6..c49fbd41 100644
--- a/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c
+++ b/Cryptlib/OpenSSL/crypto/des/ecb3_enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,25 +59,24 @@
 #include "des_locl.h"
 
 void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output,
-		      DES_key_schedule *ks1, DES_key_schedule *ks2,
-		      DES_key_schedule *ks3,
-	     int enc)
-	{
-	register DES_LONG l0,l1;
-	DES_LONG ll[2];
-	const unsigned char *in = &(*input)[0];
-	unsigned char *out = &(*output)[0];
+                      DES_key_schedule *ks1, DES_key_schedule *ks2,
+                      DES_key_schedule *ks3, int enc)
+{
+    register DES_LONG l0, l1;
+    DES_LONG ll[2];
+    const unsigned char *in = &(*input)[0];
+    unsigned char *out = &(*output)[0];
 
-	c2l(in,l0);
-	c2l(in,l1);
-	ll[0]=l0;
-	ll[1]=l1;
-	if (enc)
-		DES_encrypt3(ll,ks1,ks2,ks3);
-	else
-		DES_decrypt3(ll,ks1,ks2,ks3);
-	l0=ll[0];
-	l1=ll[1];
-	l2c(l0,out);
-	l2c(l1,out);
-	}
+    c2l(in, l0);
+    c2l(in, l1);
+    ll[0] = l0;
+    ll[1] = l1;
+    if (enc)
+        DES_encrypt3(ll, ks1, ks2, ks3);
+    else
+        DES_decrypt3(ll, ks1, ks2, ks3);
+    l0 = ll[0];
+    l1 = ll[1];
+    l2c(l0, out);
+    l2c(l1, out);
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/ecb_enc.c b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c
index 75ae6cf8..63f44cfc 100644
--- a/Cryptlib/OpenSSL/crypto/des/ecb_enc.c
+++ b/Cryptlib/OpenSSL/crypto/des/ecb_enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,17 +60,21 @@
 #include "spr.h"
 
 void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output,
-		     DES_key_schedule *ks, int enc)
-	{
-	register DES_LONG l;
-	DES_LONG ll[2];
-	const unsigned char *in = &(*input)[0];
-	unsigned char *out = &(*output)[0];
+                     DES_key_schedule *ks, int enc)
+{
+    register DES_LONG l;
+    DES_LONG ll[2];
+    const unsigned char *in = &(*input)[0];
+    unsigned char *out = &(*output)[0];
 
-	c2l(in,l); ll[0]=l;
-	c2l(in,l); ll[1]=l;
-	DES_encrypt1(ll,ks,enc);
-	l=ll[0]; l2c(l,out);
-	l=ll[1]; l2c(l,out);
-	l=ll[0]=ll[1]=0;
-	}
+    c2l(in, l);
+    ll[0] = l;
+    c2l(in, l);
+    ll[1] = l;
+    DES_encrypt1(ll, ks, enc);
+    l = ll[0];
+    l2c(l, out);
+    l = ll[1];
+    l2c(l, out);
+    l = ll[0] = ll[1] = 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c b/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c
index adfcb75c..86f27d07 100644
--- a/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c
+++ b/Cryptlib/OpenSSL/crypto/des/ede_cbcm_enc.c
@@ -1,6 +1,7 @@
 /* ede_cbcm_enc.c */
-/* Written by Ben Laurie <ben@algroup.co.uk> for the OpenSSL
- * project 13 Feb 1999.
+/*
+ * Written by Ben Laurie <ben@algroup.co.uk> for the OpenSSL project 13 Feb
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -57,143 +58,132 @@
  */
 
 /*
-
-This is an implementation of Triple DES Cipher Block Chaining with Output
-Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
-
-Note that there is a known attack on this by Biham and Knudsen but it takes
-a lot of work:
-
-http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
-
-*/
+ *
+ * This is an implementation of Triple DES Cipher Block Chaining with Output
+ * Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
+ *
+ * Note that there is a known attack on this by Biham and Knudsen but it
+ * takes a lot of work:
+ *
+ * http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
+ *
+ */
 
 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_DESCBCM is defined */
 
 #ifndef OPENSSL_NO_DESCBCM
-#include "des_locl.h"
+# include "des_locl.h"
 
 void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out,
-	     long length, DES_key_schedule *ks1, DES_key_schedule *ks2,
-	     DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2,
-	     int enc)
-    {
-    register DES_LONG tin0,tin1;
-    register DES_LONG tout0,tout1,xor0,xor1,m0,m1;
-    register long l=length;
+                           long length, DES_key_schedule *ks1,
+                           DES_key_schedule *ks2, DES_key_schedule *ks3,
+                           DES_cblock *ivec1, DES_cblock *ivec2, int enc)
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG tout0, tout1, xor0, xor1, m0, m1;
+    register long l = length;
     DES_LONG tin[2];
-    unsigned char *iv1,*iv2;
+    unsigned char *iv1, *iv2;
 
     iv1 = &(*ivec1)[0];
     iv2 = &(*ivec2)[0];
 
-    if (enc)
-	{
-	c2l(iv1,m0);
-	c2l(iv1,m1);
-	c2l(iv2,tout0);
-	c2l(iv2,tout1);
-	for (l-=8; l>=-7; l-=8)
-	    {
-	    tin[0]=m0;
-	    tin[1]=m1;
-	    DES_encrypt1(tin,ks3,1);
-	    m0=tin[0];
-	    m1=tin[1];
-
-	    if(l < 0)
-		{
-		c2ln(in,tin0,tin1,l+8);
-		}
-	    else
-		{
-		c2l(in,tin0);
-		c2l(in,tin1);
-		}
-	    tin0^=tout0;
-	    tin1^=tout1;
-
-	    tin[0]=tin0;
-	    tin[1]=tin1;
-	    DES_encrypt1(tin,ks1,1);
-	    tin[0]^=m0;
-	    tin[1]^=m1;
-	    DES_encrypt1(tin,ks2,0);
-	    tin[0]^=m0;
-	    tin[1]^=m1;
-	    DES_encrypt1(tin,ks1,1);
-	    tout0=tin[0];
-	    tout1=tin[1];
-
-	    l2c(tout0,out);
-	    l2c(tout1,out);
-	    }
-	iv1=&(*ivec1)[0];
-	l2c(m0,iv1);
-	l2c(m1,iv1);
-
-	iv2=&(*ivec2)[0];
-	l2c(tout0,iv2);
-	l2c(tout1,iv2);
-	}
-    else
-	{
-	register DES_LONG t0,t1;
-
-	c2l(iv1,m0);
-	c2l(iv1,m1);
-	c2l(iv2,xor0);
-	c2l(iv2,xor1);
-	for (l-=8; l>=-7; l-=8)
-	    {
-	    tin[0]=m0;
-	    tin[1]=m1;
-	    DES_encrypt1(tin,ks3,1);
-	    m0=tin[0];
-	    m1=tin[1];
-
-	    c2l(in,tin0);
-	    c2l(in,tin1);
-
-	    t0=tin0;
-	    t1=tin1;
-
-	    tin[0]=tin0;
-	    tin[1]=tin1;
-	    DES_encrypt1(tin,ks1,0);
-	    tin[0]^=m0;
-	    tin[1]^=m1;
-	    DES_encrypt1(tin,ks2,1);
-	    tin[0]^=m0;
-	    tin[1]^=m1;
-	    DES_encrypt1(tin,ks1,0);
-	    tout0=tin[0];
-	    tout1=tin[1];
-
-	    tout0^=xor0;
-	    tout1^=xor1;
-	    if(l < 0)
-		{
-		l2cn(tout0,tout1,out,l+8);
-		}
-	    else
-		{
-		l2c(tout0,out);
-		l2c(tout1,out);
-		}
-	    xor0=t0;
-	    xor1=t1;
-	    }
-
-	iv1=&(*ivec1)[0];
-	l2c(m0,iv1);
-	l2c(m1,iv1);
-
-	iv2=&(*ivec2)[0];
-	l2c(xor0,iv2);
-	l2c(xor1,iv2);
-	}
-    tin0=tin1=tout0=tout1=xor0=xor1=0;
-    tin[0]=tin[1]=0;
+    if (enc) {
+        c2l(iv1, m0);
+        c2l(iv1, m1);
+        c2l(iv2, tout0);
+        c2l(iv2, tout1);
+        for (l -= 8; l >= -7; l -= 8) {
+            tin[0] = m0;
+            tin[1] = m1;
+            DES_encrypt1(tin, ks3, 1);
+            m0 = tin[0];
+            m1 = tin[1];
+
+            if (l < 0) {
+                c2ln(in, tin0, tin1, l + 8);
+            } else {
+                c2l(in, tin0);
+                c2l(in, tin1);
+            }
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_encrypt1(tin, ks1, 1);
+            tin[0] ^= m0;
+            tin[1] ^= m1;
+            DES_encrypt1(tin, ks2, 0);
+            tin[0] ^= m0;
+            tin[1] ^= m1;
+            DES_encrypt1(tin, ks1, 1);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            l2c(tout0, out);
+            l2c(tout1, out);
+        }
+        iv1 = &(*ivec1)[0];
+        l2c(m0, iv1);
+        l2c(m1, iv1);
+
+        iv2 = &(*ivec2)[0];
+        l2c(tout0, iv2);
+        l2c(tout1, iv2);
+    } else {
+        register DES_LONG t0, t1;
+
+        c2l(iv1, m0);
+        c2l(iv1, m1);
+        c2l(iv2, xor0);
+        c2l(iv2, xor1);
+        for (l -= 8; l >= -7; l -= 8) {
+            tin[0] = m0;
+            tin[1] = m1;
+            DES_encrypt1(tin, ks3, 1);
+            m0 = tin[0];
+            m1 = tin[1];
+
+            c2l(in, tin0);
+            c2l(in, tin1);
+
+            t0 = tin0;
+            t1 = tin1;
+
+            tin[0] = tin0;
+            tin[1] = tin1;
+            DES_encrypt1(tin, ks1, 0);
+            tin[0] ^= m0;
+            tin[1] ^= m1;
+            DES_encrypt1(tin, ks2, 1);
+            tin[0] ^= m0;
+            tin[1] ^= m1;
+            DES_encrypt1(tin, ks1, 0);
+            tout0 = tin[0];
+            tout1 = tin[1];
+
+            tout0 ^= xor0;
+            tout1 ^= xor1;
+            if (l < 0) {
+                l2cn(tout0, tout1, out, l + 8);
+            } else {
+                l2c(tout0, out);
+                l2c(tout1, out);
+            }
+            xor0 = t0;
+            xor1 = t1;
+        }
+
+        iv1 = &(*ivec1)[0];
+        l2c(m0, iv1);
+        l2c(m1, iv1);
+
+        iv2 = &(*ivec2)[0];
+        l2c(xor0, iv2);
+        l2c(xor1, iv2);
     }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/des/enc_read.c b/Cryptlib/OpenSSL/crypto/des/enc_read.c
index e7da2ec6..8746e8b2 100644
--- a/Cryptlib/OpenSSL/crypto/des/enc_read.c
+++ b/Cryptlib/OpenSSL/crypto/des/enc_read.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,11 +62,12 @@
 #include "des_locl.h"
 
 /* This has some uglies in it but it works - even over sockets. */
-/*extern int errno;*/
-OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE;
-
-
 /*
+ * extern int errno;
+ */
+OPENSSL_IMPLEMENT_GLOBAL(int, DES_rw_mode) = DES_PCBC_MODE;
+
+/*-
  * WARNINGS:
  *
  *  -  The data format used by DES_enc_write() and DES_enc_read()
@@ -83,150 +84,145 @@ OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE;
  *     used on multiple files.
  */
 
-
 int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched,
-		 DES_cblock *iv)
-	{
-	/* data to be unencrypted */
-	int net_num=0;
-	static unsigned char *net=NULL;
-	/* extra unencrypted data 
-	 * for when a block of 100 comes in but is des_read one byte at
-	 * a time. */
-	static unsigned char *unnet=NULL;
-	static int unnet_start=0;
-	static int unnet_left=0;
-	static unsigned char *tmpbuf=NULL;
-	int i;
-	long num=0,rnum;
-	unsigned char *p;
-
-	if (tmpbuf == NULL)
-		{
-		tmpbuf=OPENSSL_malloc(BSIZE);
-		if (tmpbuf == NULL) return(-1);
-		}
-	if (net == NULL)
-		{
-		net=OPENSSL_malloc(BSIZE);
-		if (net == NULL) return(-1);
-		}
-	if (unnet == NULL)
-		{
-		unnet=OPENSSL_malloc(BSIZE);
-		if (unnet == NULL) return(-1);
-		}
-	/* left over data from last decrypt */
-	if (unnet_left != 0)
-		{
-		if (unnet_left < len)
-			{
-			/* we still still need more data but will return
-			 * with the number of bytes we have - should always
-			 * check the return value */
-			memcpy(buf,&(unnet[unnet_start]),
-			       unnet_left);
-			/* eay 26/08/92 I had the next 2 lines
-			 * reversed :-( */
-			i=unnet_left;
-			unnet_start=unnet_left=0;
-			}
-		else
-			{
-			memcpy(buf,&(unnet[unnet_start]),len);
-			unnet_start+=len;
-			unnet_left-=len;
-			i=len;
-			}
-		return(i);
-		}
-
-	/* We need to get more data. */
-	if (len > MAXWRITE) len=MAXWRITE;
-
-	/* first - get the length */
-	while (net_num < HDRSIZE) 
-		{
+                 DES_cblock *iv)
+{
+    /* data to be unencrypted */
+    int net_num = 0;
+    static unsigned char *net = NULL;
+    /*
+     * extra unencrypted data for when a block of 100 comes in but is
+     * des_read one byte at a time.
+     */
+    static unsigned char *unnet = NULL;
+    static int unnet_start = 0;
+    static int unnet_left = 0;
+    static unsigned char *tmpbuf = NULL;
+    int i;
+    long num = 0, rnum;
+    unsigned char *p;
+
+    if (tmpbuf == NULL) {
+        tmpbuf = OPENSSL_malloc(BSIZE);
+        if (tmpbuf == NULL)
+            return (-1);
+    }
+    if (net == NULL) {
+        net = OPENSSL_malloc(BSIZE);
+        if (net == NULL)
+            return (-1);
+    }
+    if (unnet == NULL) {
+        unnet = OPENSSL_malloc(BSIZE);
+        if (unnet == NULL)
+            return (-1);
+    }
+    /* left over data from last decrypt */
+    if (unnet_left != 0) {
+        if (unnet_left < len) {
+            /*
+             * we still still need more data but will return with the number
+             * of bytes we have - should always check the return value
+             */
+            memcpy(buf, &(unnet[unnet_start]), unnet_left);
+            /*
+             * eay 26/08/92 I had the next 2 lines reversed :-(
+             */
+            i = unnet_left;
+            unnet_start = unnet_left = 0;
+        } else {
+            memcpy(buf, &(unnet[unnet_start]), len);
+            unnet_start += len;
+            unnet_left -= len;
+            i = len;
+        }
+        return (i);
+    }
+
+    /* We need to get more data. */
+    if (len > MAXWRITE)
+        len = MAXWRITE;
+
+    /* first - get the length */
+    while (net_num < HDRSIZE) {
 #ifndef _WIN32
-		i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
+        i = read(fd, (void *)&(net[net_num]), HDRSIZE - net_num);
 #else
-		i=_read(fd,(void *)&(net[net_num]),HDRSIZE-net_num);
+        i = _read(fd, (void *)&(net[net_num]), HDRSIZE - net_num);
 #endif
 #ifdef EINTR
-		if ((i == -1) && (errno == EINTR)) continue;
+        if ((i == -1) && (errno == EINTR))
+            continue;
 #endif
-		if (i <= 0) return(0);
-		net_num+=i;
-		}
-
-	/* we now have at net_num bytes in net */
-	p=net;
-	/* num=0;  */
-	n2l(p,num);
-	/* num should be rounded up to the next group of eight
-	 * we make sure that we have read a multiple of 8 bytes from the net.
-	 */
-	if ((num > MAXWRITE) || (num < 0)) /* error */
-		return(-1);
-	rnum=(num < 8)?8:((num+7)/8*8);
-
-	net_num=0;
-	while (net_num < rnum)
-		{
-		i=read(fd,(void *)&(net[net_num]),rnum-net_num);
+        if (i <= 0)
+            return (0);
+        net_num += i;
+    }
+
+    /* we now have at net_num bytes in net */
+    p = net;
+    /* num=0;  */
+    n2l(p, num);
+    /*
+     * num should be rounded up to the next group of eight we make sure that
+     * we have read a multiple of 8 bytes from the net.
+     */
+    if ((num > MAXWRITE) || (num < 0)) /* error */
+        return (-1);
+    rnum = (num < 8) ? 8 : ((num + 7) / 8 * 8);
+
+    net_num = 0;
+    while (net_num < rnum) {
+        i = read(fd, (void *)&(net[net_num]), rnum - net_num);
 #ifdef EINTR
-		if ((i == -1) && (errno == EINTR)) continue;
+        if ((i == -1) && (errno == EINTR))
+            continue;
 #endif
-		if (i <= 0) return(0);
-		net_num+=i;
-		}
-
-	/* Check if there will be data left over. */
-	if (len < num)
-		{
-		if (DES_rw_mode & DES_PCBC_MODE)
-			DES_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
-		else
-			DES_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT);
-		memcpy(buf,unnet,len);
-		unnet_start=len;
-		unnet_left=num-len;
-
-		/* The following line is done because we return num
-		 * as the number of bytes read. */
-		num=len;
-		}
-	else
-		{
-		/* >output is a multiple of 8 byes, if len < rnum
-		 * >we must be careful.  The user must be aware that this
-		 * >routine will write more bytes than he asked for.
-		 * >The length of the buffer must be correct.
-		 * FIXED - Should be ok now 18-9-90 - eay */
-		if (len < rnum)
-			{
-
-			if (DES_rw_mode & DES_PCBC_MODE)
-				DES_pcbc_encrypt(net,tmpbuf,num,sched,iv,
-						 DES_DECRYPT);
-			else
-				DES_cbc_encrypt(net,tmpbuf,num,sched,iv,
-						DES_DECRYPT);
-
-			/* eay 26/08/92 fix a bug that returned more
-			 * bytes than you asked for (returned len bytes :-( */
-			memcpy(buf,tmpbuf,num);
-			}
-		else
-			{
-			if (DES_rw_mode & DES_PCBC_MODE)
-				DES_pcbc_encrypt(net,buf,num,sched,iv,
-						 DES_DECRYPT);
-			else
-				DES_cbc_encrypt(net,buf,num,sched,iv,
-						DES_DECRYPT);
-			}
-		}
-	return num;
-	}
-
+        if (i <= 0)
+            return (0);
+        net_num += i;
+    }
+
+    /* Check if there will be data left over. */
+    if (len < num) {
+        if (DES_rw_mode & DES_PCBC_MODE)
+            DES_pcbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT);
+        else
+            DES_cbc_encrypt(net, unnet, num, sched, iv, DES_DECRYPT);
+        memcpy(buf, unnet, len);
+        unnet_start = len;
+        unnet_left = num - len;
+
+        /*
+         * The following line is done because we return num as the number of
+         * bytes read.
+         */
+        num = len;
+    } else {
+        /*-
+         * >output is a multiple of 8 byes, if len < rnum
+         * >we must be careful.  The user must be aware that this
+         * >routine will write more bytes than he asked for.
+         * >The length of the buffer must be correct.
+         * FIXED - Should be ok now 18-9-90 - eay */
+        if (len < rnum) {
+
+            if (DES_rw_mode & DES_PCBC_MODE)
+                DES_pcbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT);
+            else
+                DES_cbc_encrypt(net, tmpbuf, num, sched, iv, DES_DECRYPT);
+
+            /*
+             * eay 26/08/92 fix a bug that returned more bytes than you asked
+             * for (returned len bytes :-(
+             */
+            memcpy(buf, tmpbuf, num);
+        } else {
+            if (DES_rw_mode & DES_PCBC_MODE)
+                DES_pcbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT);
+            else
+                DES_cbc_encrypt(net, buf, num, sched, iv, DES_DECRYPT);
+        }
+    }
+    return num;
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/enc_writ.c b/Cryptlib/OpenSSL/crypto/des/enc_writ.c
index c2f032c9..f9437ebb 100644
--- a/Cryptlib/OpenSSL/crypto/des/enc_writ.c
+++ b/Cryptlib/OpenSSL/crypto/des/enc_writ.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
 #include "des_locl.h"
 #include <openssl/rand.h>
 
-/*
+/*-
  * WARNINGS:
  *
  *  -  The data format used by DES_enc_write() and DES_enc_read()
@@ -78,98 +78,96 @@
  */
 
 int DES_enc_write(int fd, const void *_buf, int len,
-		  DES_key_schedule *sched, DES_cblock *iv)
-	{
+                  DES_key_schedule *sched, DES_cblock *iv)
+{
 #ifdef _LIBC
-	extern unsigned long time();
-	extern int write();
+    extern unsigned long time();
+    extern int write();
 #endif
-	const unsigned char *buf=_buf;
-	long rnum;
-	int i,j,k,outnum;
-	static unsigned char *outbuf=NULL;
-	unsigned char shortbuf[8];
-	unsigned char *p;
-	const unsigned char *cp;
-	static int start=1;
+    const unsigned char *buf = _buf;
+    long rnum;
+    int i, j, k, outnum;
+    static unsigned char *outbuf = NULL;
+    unsigned char shortbuf[8];
+    unsigned char *p;
+    const unsigned char *cp;
+    static int start = 1;
 
-	if (outbuf == NULL)
-		{
-		outbuf=OPENSSL_malloc(BSIZE+HDRSIZE);
-		if (outbuf == NULL) return(-1);
-		}
-	/* If we are sending less than 8 bytes, the same char will look
-	 * the same if we don't pad it out with random bytes */
-	if (start)
-		{
-		start=0;
-		}
+    if (outbuf == NULL) {
+        outbuf = OPENSSL_malloc(BSIZE + HDRSIZE);
+        if (outbuf == NULL)
+            return (-1);
+    }
+    /*
+     * If we are sending less than 8 bytes, the same char will look the same
+     * if we don't pad it out with random bytes
+     */
+    if (start) {
+        start = 0;
+    }
 
-	/* lets recurse if we want to send the data in small chunks */
-	if (len > MAXWRITE)
-		{
-		j=0;
-		for (i=0; i<len; i+=k)
-			{
-			k=DES_enc_write(fd,&(buf[i]),
-				((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv);
-			if (k < 0)
-				return(k);
-			else
-				j+=k;
-			}
-		return(j);
-		}
+    /* lets recurse if we want to send the data in small chunks */
+    if (len > MAXWRITE) {
+        j = 0;
+        for (i = 0; i < len; i += k) {
+            k = DES_enc_write(fd, &(buf[i]),
+                              ((len - i) > MAXWRITE) ? MAXWRITE : (len - i),
+                              sched, iv);
+            if (k < 0)
+                return (k);
+            else
+                j += k;
+        }
+        return (j);
+    }
 
-	/* write length first */
-	p=outbuf;
-	l2n(len,p);
+    /* write length first */
+    p = outbuf;
+    l2n(len, p);
 
-	/* pad short strings */
-	if (len < 8)
-		{
-		cp=shortbuf;
-		memcpy(shortbuf,buf,len);
-		RAND_pseudo_bytes(shortbuf+len, 8-len);
-		rnum=8;
-		}
-	else
-		{
-		cp=buf;
-		rnum=((len+7)/8*8); /* round up to nearest eight */
-		}
+    /* pad short strings */
+    if (len < 8) {
+        cp = shortbuf;
+        memcpy(shortbuf, buf, len);
+        RAND_pseudo_bytes(shortbuf + len, 8 - len);
+        rnum = 8;
+    } else {
+        cp = buf;
+        rnum = ((len + 7) / 8 * 8); /* round up to nearest eight */
+    }
 
-	if (DES_rw_mode & DES_PCBC_MODE)
-		DES_pcbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
-				 DES_ENCRYPT); 
-	else
-		DES_cbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv,
-				DES_ENCRYPT); 
+    if (DES_rw_mode & DES_PCBC_MODE)
+        DES_pcbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched,
+                         iv, DES_ENCRYPT);
+    else
+        DES_cbc_encrypt(cp, &(outbuf[HDRSIZE]), (len < 8) ? 8 : len, sched,
+                        iv, DES_ENCRYPT);
 
-	/* output */
-	outnum=rnum+HDRSIZE;
+    /* output */
+    outnum = rnum + HDRSIZE;
 
-	for (j=0; j<outnum; j+=i)
-		{
-		/* eay 26/08/92 I was not doing writing from where we
-		 * got up to. */
+    for (j = 0; j < outnum; j += i) {
+        /*
+         * eay 26/08/92 I was not doing writing from where we got up to.
+         */
 #ifndef _WIN32
-		i=write(fd,(void *)&(outbuf[j]),outnum-j);
+        i = write(fd, (void *)&(outbuf[j]), outnum - j);
 #else
-		i=_write(fd,(void *)&(outbuf[j]),outnum-j);
+        i = _write(fd, (void *)&(outbuf[j]), outnum - j);
 #endif
-		if (i == -1)
-			{
+        if (i == -1) {
 #ifdef EINTR
-			if (errno == EINTR)
-				i=0;
-			else
+            if (errno == EINTR)
+                i = 0;
+            else
 #endif
-			        /* This is really a bad error - very bad
-				 * It will stuff-up both ends. */
-				return(-1);
-			}
-		}
+                /*
+                 * This is really a bad error - very bad It will stuff-up
+                 * both ends.
+                 */
+                return (-1);
+        }
+    }
 
-	return(len);
-	}
+    return (len);
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt.c b/Cryptlib/OpenSSL/crypto/des/fcrypt.c
index ccbdff25..111f1e46 100644
--- a/Cryptlib/OpenSSL/crypto/des/fcrypt.c
+++ b/Cryptlib/OpenSSL/crypto/des/fcrypt.c
@@ -1,170 +1,167 @@
 /* NOCW */
 #include <stdio.h>
 #ifdef _OSD_POSIX
-#ifndef CHARSET_EBCDIC
-#define CHARSET_EBCDIC 1
-#endif
+# ifndef CHARSET_EBCDIC
+#  define CHARSET_EBCDIC 1
+# endif
 #endif
 #ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
+# include <openssl/ebcdic.h>
 #endif
 
-/* This version of crypt has been developed from my MIT compatible
- * DES library.
- * Eric Young (eay@cryptsoft.com)
+/*
+ * This version of crypt has been developed from my MIT compatible DES
+ * library. Eric Young (eay@cryptsoft.com)
  */
 
-/* Modification by Jens Kupferschmidt (Cu)
- * I have included directive PARA for shared memory computers.
- * I have included a directive LONGCRYPT to using this routine to cipher
- * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN
- * definition is the maximum of length of password and can changed. I have
- * defined 24.
+/*
+ * Modification by Jens Kupferschmidt (Cu) I have included directive PARA for
+ * shared memory computers. I have included a directive LONGCRYPT to using
+ * this routine to cipher passwords with more then 8 bytes like HP-UX 10.x it
+ * used. The MAXPLEN definition is the maximum of length of password and can
+ * changed. I have defined 24.
  */
 
 #include "des_locl.h"
 
-/* Added more values to handle illegal salt values the way normal
- * crypt() implementations do.  The patch was sent by 
- * Bjorn Gronvall <bg@sics.se>
+/*
+ * Added more values to handle illegal salt values the way normal crypt()
+ * implementations do.  The patch was sent by Bjorn Gronvall <bg@sics.se>
  */
-static unsigned const char con_salt[128]={
-0xD2,0xD3,0xD4,0xD5,0xD6,0xD7,0xD8,0xD9,
-0xDA,0xDB,0xDC,0xDD,0xDE,0xDF,0xE0,0xE1,
-0xE2,0xE3,0xE4,0xE5,0xE6,0xE7,0xE8,0xE9,
-0xEA,0xEB,0xEC,0xED,0xEE,0xEF,0xF0,0xF1,
-0xF2,0xF3,0xF4,0xF5,0xF6,0xF7,0xF8,0xF9,
-0xFA,0xFB,0xFC,0xFD,0xFE,0xFF,0x00,0x01,
-0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,
-0x0A,0x0B,0x05,0x06,0x07,0x08,0x09,0x0A,
-0x0B,0x0C,0x0D,0x0E,0x0F,0x10,0x11,0x12,
-0x13,0x14,0x15,0x16,0x17,0x18,0x19,0x1A,
-0x1B,0x1C,0x1D,0x1E,0x1F,0x20,0x21,0x22,
-0x23,0x24,0x25,0x20,0x21,0x22,0x23,0x24,
-0x25,0x26,0x27,0x28,0x29,0x2A,0x2B,0x2C,
-0x2D,0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,
-0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,0x3C,
-0x3D,0x3E,0x3F,0x40,0x41,0x42,0x43,0x44,
+static unsigned const char con_salt[128] = {
+    0xD2, 0xD3, 0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9,
+    0xDA, 0xDB, 0xDC, 0xDD, 0xDE, 0xDF, 0xE0, 0xE1,
+    0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9,
+    0xEA, 0xEB, 0xEC, 0xED, 0xEE, 0xEF, 0xF0, 0xF1,
+    0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7, 0xF8, 0xF9,
+    0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0x00, 0x01,
+    0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
+    0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A,
+    0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12,
+    0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A,
+    0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20, 0x21, 0x22,
+    0x23, 0x24, 0x25, 0x20, 0x21, 0x22, 0x23, 0x24,
+    0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C,
+    0x2D, 0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34,
+    0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C,
+    0x3D, 0x3E, 0x3F, 0x40, 0x41, 0x42, 0x43, 0x44,
 };
 
-static unsigned const char cov_2char[64]={
-0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
-0x36,0x37,0x38,0x39,0x41,0x42,0x43,0x44,
-0x45,0x46,0x47,0x48,0x49,0x4A,0x4B,0x4C,
-0x4D,0x4E,0x4F,0x50,0x51,0x52,0x53,0x54,
-0x55,0x56,0x57,0x58,0x59,0x5A,0x61,0x62,
-0x63,0x64,0x65,0x66,0x67,0x68,0x69,0x6A,
-0x6B,0x6C,0x6D,0x6E,0x6F,0x70,0x71,0x72,
-0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A
+static unsigned const char cov_2char[64] = {
+    0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
+    0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43, 0x44,
+    0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C,
+    0x4D, 0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54,
+    0x55, 0x56, 0x57, 0x58, 0x59, 0x5A, 0x61, 0x62,
+    0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A,
+    0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x70, 0x71, 0x72,
+    0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A
 };
 
 char *DES_crypt(const char *buf, const char *salt)
-	{
-	static char buff[14];
+{
+    static char buff[14];
 
 #ifndef CHARSET_EBCDIC
-	return(DES_fcrypt(buf,salt,buff));
+    return (DES_fcrypt(buf, salt, buff));
 #else
-	char e_salt[2+1];
-	char e_buf[32+1];	/* replace 32 by 8 ? */
-	char *ret;
+    char e_salt[2 + 1];
+    char e_buf[32 + 1];         /* replace 32 by 8 ? */
+    char *ret;
 
-	/* Copy at most 2 chars of salt */
-	if ((e_salt[0] = salt[0]) != '\0')
-	    e_salt[1] = salt[1];
+    /* Copy at most 2 chars of salt */
+    if ((e_salt[0] = salt[0]) != '\0')
+        e_salt[1] = salt[1];
 
-	/* Copy at most 32 chars of password */
-	strncpy (e_buf, buf, sizeof(e_buf));
+    /* Copy at most 32 chars of password */
+    strncpy(e_buf, buf, sizeof(e_buf));
 
-	/* Make sure we have a delimiter */
-	e_salt[sizeof(e_salt)-1] = e_buf[sizeof(e_buf)-1] = '\0';
+    /* Make sure we have a delimiter */
+    e_salt[sizeof(e_salt) - 1] = e_buf[sizeof(e_buf) - 1] = '\0';
 
-	/* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
-	ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
+    /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */
+    ebcdic2ascii(e_salt, e_salt, sizeof e_salt);
 
-	/* Convert the cleartext password to ASCII */
-	ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
+    /* Convert the cleartext password to ASCII */
+    ebcdic2ascii(e_buf, e_buf, sizeof e_buf);
 
-	/* Encrypt it (from/to ASCII) */
-	ret = DES_fcrypt(e_buf,e_salt,buff);
+    /* Encrypt it (from/to ASCII) */
+    ret = DES_fcrypt(e_buf, e_salt, buff);
 
-	/* Convert the result back to EBCDIC */
-	ascii2ebcdic(ret, ret, strlen(ret));
-	
-	return ret;
-#endif
-	}
+    /* Convert the result back to EBCDIC */
+    ascii2ebcdic(ret, ret, strlen(ret));
 
+    return ret;
+#endif
+}
 
 char *DES_fcrypt(const char *buf, const char *salt, char *ret)
-	{
-	unsigned int i,j,x,y;
-	DES_LONG Eswap0,Eswap1;
-	DES_LONG out[2],ll;
-	DES_cblock key;
-	DES_key_schedule ks;
-	unsigned char bb[9];
-	unsigned char *b=bb;
-	unsigned char c,u;
-
-	/* eay 25/08/92
-	 * If you call crypt("pwd","*") as often happens when you
-	 * have * as the pwd field in /etc/passwd, the function
-	 * returns *\0XXXXXXXXX
-	 * The \0 makes the string look like * so the pwd "*" would
-	 * crypt to "*".  This was found when replacing the crypt in
-	 * our shared libraries.  People found that the disabled
-	 * accounts effectively had no passwd :-(. */
+{
+    unsigned int i, j, x, y;
+    DES_LONG Eswap0, Eswap1;
+    DES_LONG out[2], ll;
+    DES_cblock key;
+    DES_key_schedule ks;
+    unsigned char bb[9];
+    unsigned char *b = bb;
+    unsigned char c, u;
+
+    /*
+     * eay 25/08/92 If you call crypt("pwd","*") as often happens when you
+     * have * as the pwd field in /etc/passwd, the function returns
+     * *\0XXXXXXXXX The \0 makes the string look like * so the pwd "*" would
+     * crypt to "*".  This was found when replacing the crypt in our shared
+     * libraries.  People found that the disabled accounts effectively had no
+     * passwd :-(.
+     */
 #ifndef CHARSET_EBCDIC
-	x=ret[0]=((salt[0] == '\0')?'A':salt[0]);
-	Eswap0=con_salt[x]<<2;
-	x=ret[1]=((salt[1] == '\0')?'A':salt[1]);
-	Eswap1=con_salt[x]<<6;
+    x = ret[0] = ((salt[0] == '\0') ? 'A' : salt[0]);
+    Eswap0 = con_salt[x] << 2;
+    x = ret[1] = ((salt[1] == '\0') ? 'A' : salt[1]);
+    Eswap1 = con_salt[x] << 6;
 #else
-	x=ret[0]=((salt[0] == '\0')?os_toascii['A']:salt[0]);
-	Eswap0=con_salt[x]<<2;
-	x=ret[1]=((salt[1] == '\0')?os_toascii['A']:salt[1]);
-	Eswap1=con_salt[x]<<6;
+    x = ret[0] = ((salt[0] == '\0') ? os_toascii['A'] : salt[0]);
+    Eswap0 = con_salt[x] << 2;
+    x = ret[1] = ((salt[1] == '\0') ? os_toascii['A'] : salt[1]);
+    Eswap1 = con_salt[x] << 6;
 #endif
 
-/* EAY
-r=strlen(buf);
-r=(r+7)/8;
-*/
-	for (i=0; i<8; i++)
-		{
-		c= *(buf++);
-		if (!c) break;
-		key[i]=(c<<1);
-		}
-	for (; i<8; i++)
-		key[i]=0;
-
-	DES_set_key_unchecked(&key,&ks);
-	fcrypt_body(&(out[0]),&ks,Eswap0,Eswap1);
-
-	ll=out[0]; l2c(ll,b);
-	ll=out[1]; l2c(ll,b);
-	y=0;
-	u=0x80;
-	bb[8]=0;
-	for (i=2; i<13; i++)
-		{
-		c=0;
-		for (j=0; j<6; j++)
-			{
-			c<<=1;
-			if (bb[y] & u) c|=1;
-			u>>=1;
-			if (!u)
-				{
-				y++;
-				u=0x80;
-				}
-			}
-		ret[i]=cov_2char[c];
-		}
-	ret[13]='\0';
-	return(ret);
-	}
-
+    /*
+     * EAY r=strlen(buf); r=(r+7)/8;
+     */
+    for (i = 0; i < 8; i++) {
+        c = *(buf++);
+        if (!c)
+            break;
+        key[i] = (c << 1);
+    }
+    for (; i < 8; i++)
+        key[i] = 0;
+
+    DES_set_key_unchecked(&key, &ks);
+    fcrypt_body(&(out[0]), &ks, Eswap0, Eswap1);
+
+    ll = out[0];
+    l2c(ll, b);
+    ll = out[1];
+    l2c(ll, b);
+    y = 0;
+    u = 0x80;
+    bb[8] = 0;
+    for (i = 2; i < 13; i++) {
+        c = 0;
+        for (j = 0; j < 6; j++) {
+            c <<= 1;
+            if (bb[y] & u)
+                c |= 1;
+            u >>= 1;
+            if (!u) {
+                y++;
+                u = 0x80;
+            }
+        }
+        ret[i] = cov_2char[c];
+    }
+    ret[13] = '\0';
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c
index 13901387..f6c88e15 100644
--- a/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c
+++ b/Cryptlib/OpenSSL/crypto/des/fcrypt_b.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -58,9 +58,9 @@
 
 #include <stdio.h>
 
-/* This version of crypt has been developed from my MIT compatible
- * DES library.
- * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
+/*
+ * This version of crypt has been developed from my MIT compatible DES
+ * library. The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au
  * Eric Young (eay@cryptsoft.com)
  */
 
@@ -70,76 +70,73 @@
 
 #undef PERM_OP
 #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
-	(b)^=(t),\
-	(a)^=((t)<<(n)))
+        (b)^=(t),\
+        (a)^=((t)<<(n)))
 
 #undef HPERM_OP
 #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
-	(a)=(a)^(t)^(t>>(16-(n))))\
+        (a)=(a)^(t)^(t>>(16-(n))))\
 
 void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0,
-		 DES_LONG Eswap1)
-	{
-	register DES_LONG l,r,t,u;
+                 DES_LONG Eswap1)
+{
+    register DES_LONG l, r, t, u;
 #ifdef DES_PTR
-	register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans;
+    register const unsigned char *des_SP = (const unsigned char *)DES_SPtrans;
 #endif
-	register DES_LONG *s;
-	register int j;
-	register DES_LONG E0,E1;
+    register DES_LONG *s;
+    register int j;
+    register DES_LONG E0, E1;
 
-	l=0;
-	r=0;
+    l = 0;
+    r = 0;
 
-	s=(DES_LONG *)ks;
-	E0=Eswap0;
-	E1=Eswap1;
+    s = (DES_LONG *)ks;
+    E0 = Eswap0;
+    E1 = Eswap1;
 
-	for (j=0; j<25; j++)
-		{
+    for (j = 0; j < 25; j++) {
 #ifndef DES_UNROLL
-		register int i;
+        register int i;
 
-		for (i=0; i<32; i+=8)
-			{
-			D_ENCRYPT(l,r,i+0); /*  1 */
-			D_ENCRYPT(r,l,i+2); /*  2 */
-			D_ENCRYPT(l,r,i+4); /*  1 */
-			D_ENCRYPT(r,l,i+6); /*  2 */
-			}
+        for (i = 0; i < 32; i += 8) {
+            D_ENCRYPT(l, r, i + 0); /* 1 */
+            D_ENCRYPT(r, l, i + 2); /* 2 */
+            D_ENCRYPT(l, r, i + 4); /* 1 */
+            D_ENCRYPT(r, l, i + 6); /* 2 */
+        }
 #else
-		D_ENCRYPT(l,r, 0); /*  1 */
-		D_ENCRYPT(r,l, 2); /*  2 */
-		D_ENCRYPT(l,r, 4); /*  3 */
-		D_ENCRYPT(r,l, 6); /*  4 */
-		D_ENCRYPT(l,r, 8); /*  5 */
-		D_ENCRYPT(r,l,10); /*  6 */
-		D_ENCRYPT(l,r,12); /*  7 */
-		D_ENCRYPT(r,l,14); /*  8 */
-		D_ENCRYPT(l,r,16); /*  9 */
-		D_ENCRYPT(r,l,18); /*  10 */
-		D_ENCRYPT(l,r,20); /*  11 */
-		D_ENCRYPT(r,l,22); /*  12 */
-		D_ENCRYPT(l,r,24); /*  13 */
-		D_ENCRYPT(r,l,26); /*  14 */
-		D_ENCRYPT(l,r,28); /*  15 */
-		D_ENCRYPT(r,l,30); /*  16 */
+        D_ENCRYPT(l, r, 0);     /* 1 */
+        D_ENCRYPT(r, l, 2);     /* 2 */
+        D_ENCRYPT(l, r, 4);     /* 3 */
+        D_ENCRYPT(r, l, 6);     /* 4 */
+        D_ENCRYPT(l, r, 8);     /* 5 */
+        D_ENCRYPT(r, l, 10);    /* 6 */
+        D_ENCRYPT(l, r, 12);    /* 7 */
+        D_ENCRYPT(r, l, 14);    /* 8 */
+        D_ENCRYPT(l, r, 16);    /* 9 */
+        D_ENCRYPT(r, l, 18);    /* 10 */
+        D_ENCRYPT(l, r, 20);    /* 11 */
+        D_ENCRYPT(r, l, 22);    /* 12 */
+        D_ENCRYPT(l, r, 24);    /* 13 */
+        D_ENCRYPT(r, l, 26);    /* 14 */
+        D_ENCRYPT(l, r, 28);    /* 15 */
+        D_ENCRYPT(r, l, 30);    /* 16 */
 #endif
 
-		t=l;
-		l=r;
-		r=t;
-		}
-	l=ROTATE(l,3)&0xffffffffL;
-	r=ROTATE(r,3)&0xffffffffL;
-
-	PERM_OP(l,r,t, 1,0x55555555L);
-	PERM_OP(r,l,t, 8,0x00ff00ffL);
-	PERM_OP(l,r,t, 2,0x33333333L);
-	PERM_OP(r,l,t,16,0x0000ffffL);
-	PERM_OP(l,r,t, 4,0x0f0f0f0fL);
+        t = l;
+        l = r;
+        r = t;
+    }
+    l = ROTATE(l, 3) & 0xffffffffL;
+    r = ROTATE(r, 3) & 0xffffffffL;
 
-	out[0]=r;
-	out[1]=l;
-	}
+    PERM_OP(l, r, t, 1, 0x55555555L);
+    PERM_OP(r, l, t, 8, 0x00ff00ffL);
+    PERM_OP(l, r, t, 2, 0x33333333L);
+    PERM_OP(r, l, t, 16, 0x0000ffffL);
+    PERM_OP(l, r, t, 4, 0x0f0f0f0fL);
 
+    out[0] = r;
+    out[1] = l;
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64ede.c b/Cryptlib/OpenSSL/crypto/des/ofb64ede.c
index 26bbf9a6..45c67505 100644
--- a/Cryptlib/OpenSSL/crypto/des/ofb64ede.c
+++ b/Cryptlib/OpenSSL/crypto/des/ofb64ede.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -58,68 +58,66 @@
 
 #include "des_locl.h"
 
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
  */
 void DES_ede3_ofb64_encrypt(register const unsigned char *in,
-			    register unsigned char *out, long length,
-			    DES_key_schedule *k1, DES_key_schedule *k2,
-			    DES_key_schedule *k3, DES_cblock *ivec,
-			    int *num)
-	{
-	register DES_LONG v0,v1;
-	register int n= *num;
-	register long l=length;
-	DES_cblock d;
-	register char *dp;
-	DES_LONG ti[2];
-	unsigned char *iv;
-	int save=0;
+                            register unsigned char *out, long length,
+                            DES_key_schedule *k1, DES_key_schedule *k2,
+                            DES_key_schedule *k3, DES_cblock *ivec, int *num)
+{
+    register DES_LONG v0, v1;
+    register int n = *num;
+    register long l = length;
+    DES_cblock d;
+    register char *dp;
+    DES_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
 
-	iv = &(*ivec)[0];
-	c2l(iv,v0);
-	c2l(iv,v1);
-	ti[0]=v0;
-	ti[1]=v1;
-	dp=(char *)d;
-	l2c(v0,dp);
-	l2c(v1,dp);
-	while (l--)
-		{
-		if (n == 0)
-			{
-			/* ti[0]=v0; */
-			/* ti[1]=v1; */
-			DES_encrypt3(ti,k1,k2,k3);
-			v0=ti[0];
-			v1=ti[1];
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2c(v0, dp);
+    l2c(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            /* ti[0]=v0; */
+            /* ti[1]=v1; */
+            DES_encrypt3(ti, k1, k2, k3);
+            v0 = ti[0];
+            v1 = ti[1];
 
-			dp=(char *)d;
-			l2c(v0,dp);
-			l2c(v1,dp);
-			save++;
-			}
-		*(out++)= *(in++)^d[n];
-		n=(n+1)&0x07;
-		}
-	if (save)
-		{
-/*		v0=ti[0];
-		v1=ti[1];*/
-		iv = &(*ivec)[0];
-		l2c(v0,iv);
-		l2c(v1,iv);
-		}
-	v0=v1=ti[0]=ti[1]=0;
-	*num=n;
-	}
+            dp = (char *)d;
+            l2c(v0, dp);
+            l2c(v1, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+/*-     v0=ti[0];
+        v1=ti[1];*/
+        iv = &(*ivec)[0];
+        l2c(v0, iv);
+        l2c(v1, iv);
+    }
+    v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
 
-#ifdef undef /* MACRO */
+#ifdef undef                    /* MACRO */
 void DES_ede2_ofb64_encrypt(register unsigned char *in,
-	     register unsigned char *out, long length, DES_key_schedule k1,
-	     DES_key_schedule k2, DES_cblock (*ivec), int *num)
-	{
-	DES_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num);
-	}
+                            register unsigned char *out, long length,
+                            DES_key_schedule k1, DES_key_schedule k2,
+                            DES_cblock (*ivec), int *num)
+{
+    DES_ede3_ofb64_encrypt(in, out, length, k1, k2, k1, ivec, num);
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/des/ofb64enc.c b/Cryptlib/OpenSSL/crypto/des/ofb64enc.c
index 8ca3d49d..8e72dece 100644
--- a/Cryptlib/OpenSSL/crypto/des/ofb64enc.c
+++ b/Cryptlib/OpenSSL/crypto/des/ofb64enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -58,53 +58,52 @@
 
 #include "des_locl.h"
 
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
  */
 void DES_ofb64_encrypt(register const unsigned char *in,
-		       register unsigned char *out, long length,
-		       DES_key_schedule *schedule, DES_cblock *ivec, int *num)
-	{
-	register DES_LONG v0,v1,t;
-	register int n= *num;
-	register long l=length;
-	DES_cblock d;
-	register unsigned char *dp;
-	DES_LONG ti[2];
-	unsigned char *iv;
-	int save=0;
-
-	iv = &(*ivec)[0];
-	c2l(iv,v0);
-	c2l(iv,v1);
-	ti[0]=v0;
-	ti[1]=v1;
-	dp=d;
-	l2c(v0,dp);
-	l2c(v1,dp);
-	while (l--)
-		{
-		if (n == 0)
-			{
-			DES_encrypt1(ti,schedule,DES_ENCRYPT);
-			dp=d;
-			t=ti[0]; l2c(t,dp);
-			t=ti[1]; l2c(t,dp);
-			save++;
-			}
-		*(out++)= *(in++)^d[n];
-		n=(n+1)&0x07;
-		}
-	if (save)
-		{
-		v0=ti[0];
-		v1=ti[1];
-		iv = &(*ivec)[0];
-		l2c(v0,iv);
-		l2c(v1,iv);
-		}
-	t=v0=v1=ti[0]=ti[1]=0;
-	*num=n;
-	}
+                       register unsigned char *out, long length,
+                       DES_key_schedule *schedule, DES_cblock *ivec, int *num)
+{
+    register DES_LONG v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    DES_cblock d;
+    register unsigned char *dp;
+    DES_LONG ti[2];
+    unsigned char *iv;
+    int save = 0;
 
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = d;
+    l2c(v0, dp);
+    l2c(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            DES_encrypt1(ti, schedule, DES_ENCRYPT);
+            dp = d;
+            t = ti[0];
+            l2c(t, dp);
+            t = ti[1];
+            l2c(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = &(*ivec)[0];
+        l2c(v0, iv);
+        l2c(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/ofb_enc.c b/Cryptlib/OpenSSL/crypto/des/ofb_enc.c
index e887a3c6..02a78775 100644
--- a/Cryptlib/OpenSSL/crypto/des/ofb_enc.c
+++ b/Cryptlib/OpenSSL/crypto/des/ofb_enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -58,78 +58,74 @@
 
 #include "des_locl.h"
 
-/* The input and output are loaded in multiples of 8 bits.
- * What this means is that if you hame numbits=12 and length=2
- * the first 12 bits will be retrieved from the first byte and half
- * the second.  The second 12 bits will come from the 3rd and half the 4th
- * byte.
+/*
+ * The input and output are loaded in multiples of 8 bits. What this means is
+ * that if you hame numbits=12 and length=2 the first 12 bits will be
+ * retrieved from the first byte and half the second.  The second 12 bits
+ * will come from the 3rd and half the 4th byte.
  */
 void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits,
-		     long length, DES_key_schedule *schedule,
-		     DES_cblock *ivec)
-	{
-	register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8;
-	register DES_LONG mask0,mask1;
-	register long l=length;
-	register int num=numbits;
-	DES_LONG ti[2];
-	unsigned char *iv;
+                     long length, DES_key_schedule *schedule,
+                     DES_cblock *ivec)
+{
+    register DES_LONG d0, d1, vv0, vv1, v0, v1, n = (numbits + 7) / 8;
+    register DES_LONG mask0, mask1;
+    register long l = length;
+    register int num = numbits;
+    DES_LONG ti[2];
+    unsigned char *iv;
 
-	if (num > 64) return;
-	if (num > 32)
-		{
-		mask0=0xffffffffL;
-		if (num >= 64)
-			mask1=mask0;
-		else
-			mask1=(1L<<(num-32))-1;
-		}
-	else
-		{
-		if (num == 32)
-			mask0=0xffffffffL;
-		else
-			mask0=(1L<<num)-1;
-		mask1=0x00000000L;
-		}
+    if (num > 64)
+        return;
+    if (num > 32) {
+        mask0 = 0xffffffffL;
+        if (num >= 64)
+            mask1 = mask0;
+        else
+            mask1 = (1L << (num - 32)) - 1;
+    } else {
+        if (num == 32)
+            mask0 = 0xffffffffL;
+        else
+            mask0 = (1L << num) - 1;
+        mask1 = 0x00000000L;
+    }
 
-	iv = &(*ivec)[0];
-	c2l(iv,v0);
-	c2l(iv,v1);
-	ti[0]=v0;
-	ti[1]=v1;
-	while (l-- > 0)
-		{
-		ti[0]=v0;
-		ti[1]=v1;
-		DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT);
-		vv0=ti[0];
-		vv1=ti[1];
-		c2ln(in,d0,d1,n);
-		in+=n;
-		d0=(d0^vv0)&mask0;
-		d1=(d1^vv1)&mask1;
-		l2cn(d0,d1,out,n);
-		out+=n;
+    iv = &(*ivec)[0];
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    while (l-- > 0) {
+        ti[0] = v0;
+        ti[1] = v1;
+        DES_encrypt1((DES_LONG *)ti, schedule, DES_ENCRYPT);
+        vv0 = ti[0];
+        vv1 = ti[1];
+        c2ln(in, d0, d1, n);
+        in += n;
+        d0 = (d0 ^ vv0) & mask0;
+        d1 = (d1 ^ vv1) & mask1;
+        l2cn(d0, d1, out, n);
+        out += n;
 
-		if (num == 32)
-			{ v0=v1; v1=vv0; }
-		else if (num == 64)
-				{ v0=vv0; v1=vv1; }
-		else if (num > 32) /* && num != 64 */
-			{
-			v0=((v1>>(num-32))|(vv0<<(64-num)))&0xffffffffL;
-			v1=((vv0>>(num-32))|(vv1<<(64-num)))&0xffffffffL;
-			}
-		else /* num < 32 */
-			{
-			v0=((v0>>num)|(v1<<(32-num)))&0xffffffffL;
-			v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL;
-			}
-		}
-	iv = &(*ivec)[0];
-	l2c(v0,iv);
-	l2c(v1,iv);
-	v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0;
-	}
+        if (num == 32) {
+            v0 = v1;
+            v1 = vv0;
+        } else if (num == 64) {
+            v0 = vv0;
+            v1 = vv1;
+        } else if (num > 32) {  /* && num != 64 */
+            v0 = ((v1 >> (num - 32)) | (vv0 << (64 - num))) & 0xffffffffL;
+            v1 = ((vv0 >> (num - 32)) | (vv1 << (64 - num))) & 0xffffffffL;
+        } else {                /* num < 32 */
 
+            v0 = ((v0 >> num) | (v1 << (32 - num))) & 0xffffffffL;
+            v1 = ((v1 >> num) | (vv0 << (32 - num))) & 0xffffffffL;
+        }
+    }
+    iv = &(*ivec)[0];
+    l2c(v0, iv);
+    l2c(v1, iv);
+    v0 = v1 = d0 = d1 = ti[0] = ti[1] = vv0 = vv1 = 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c
index 17a40f95..144d5ed8 100644
--- a/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c
+++ b/Cryptlib/OpenSSL/crypto/des/pcbc_enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,65 +59,57 @@
 #include "des_locl.h"
 
 void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output,
-		      long length, DES_key_schedule *schedule,
-		      DES_cblock *ivec, int enc)
-	{
-	register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1;
-	DES_LONG tin[2];
-	const unsigned char *in;
-	unsigned char *out,*iv;
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, int enc)
+{
+    register DES_LONG sin0, sin1, xor0, xor1, tout0, tout1;
+    DES_LONG tin[2];
+    const unsigned char *in;
+    unsigned char *out, *iv;
 
-	in=input;
-	out=output;
-	iv = &(*ivec)[0];
+    in = input;
+    out = output;
+    iv = &(*ivec)[0];
 
-	if (enc)
-		{
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (; length>0; length-=8)
-			{
-			if (length >= 8)
-				{
-				c2l(in,sin0);
-				c2l(in,sin1);
-				}
-			else
-				c2ln(in,sin0,sin1,length);
-			tin[0]=sin0^xor0;
-			tin[1]=sin1^xor1;
-			DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT);
-			tout0=tin[0];
-			tout1=tin[1];
-			xor0=sin0^tout0;
-			xor1=sin1^tout1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			}
-		}
-	else
-		{
-		c2l(iv,xor0); c2l(iv,xor1);
-		for (; length>0; length-=8)
-			{
-			c2l(in,sin0);
-			c2l(in,sin1);
-			tin[0]=sin0;
-			tin[1]=sin1;
-			DES_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			if (length >= 8)
-				{
-				l2c(tout0,out);
-				l2c(tout1,out);
-				}
-			else
-				l2cn(tout0,tout1,out,length);
-			xor0=tout0^sin0;
-			xor1=tout1^sin1;
-			}
-		}
-	tin[0]=tin[1]=0;
-	sin0=sin1=xor0=xor1=tout0=tout1=0;
-	}
+    if (enc) {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (; length > 0; length -= 8) {
+            if (length >= 8) {
+                c2l(in, sin0);
+                c2l(in, sin1);
+            } else
+                c2ln(in, sin0, sin1, length);
+            tin[0] = sin0 ^ xor0;
+            tin[1] = sin1 ^ xor1;
+            DES_encrypt1((DES_LONG *)tin, schedule, DES_ENCRYPT);
+            tout0 = tin[0];
+            tout1 = tin[1];
+            xor0 = sin0 ^ tout0;
+            xor1 = sin1 ^ tout1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+        }
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (; length > 0; length -= 8) {
+            c2l(in, sin0);
+            c2l(in, sin1);
+            tin[0] = sin0;
+            tin[1] = sin1;
+            DES_encrypt1((DES_LONG *)tin, schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            if (length >= 8) {
+                l2c(tout0, out);
+                l2c(tout1, out);
+            } else
+                l2cn(tout0, tout1, out, length);
+            xor0 = tout0 ^ sin0;
+            xor1 = tout1 ^ sin1;
+        }
+    }
+    tin[0] = tin[1] = 0;
+    sin0 = sin1 = xor0 = xor1 = tout0 = tout1 = 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/qud_cksm.c b/Cryptlib/OpenSSL/crypto/des/qud_cksm.c
index dac20122..2a168a57 100644
--- a/Cryptlib/OpenSSL/crypto/des/qud_cksm.c
+++ b/Cryptlib/OpenSSL/crypto/des/qud_cksm.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,91 +49,95 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-/* From "Message Authentication"  R.R. Jueneman, S.M. Matyas, C.H. Meyer
- * IEEE Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40
- * This module in only based on the code in this paper and is
- * almost definitely not the same as the MIT implementation.
+/*
+ * From "Message Authentication" R.R. Jueneman, S.M. Matyas, C.H. Meyer IEEE
+ * Communications Magazine Sept 1985 Vol. 23 No. 9 p 29-40 This module in
+ * only based on the code in this paper and is almost definitely not the same
+ * as the MIT implementation.
  */
 #include "des_locl.h"
 
 /* bug fix for dos - 7/6/91 - Larry hughes@logos.ucs.indiana.edu */
-#define Q_B0(a)	(((DES_LONG)(a)))
-#define Q_B1(a)	(((DES_LONG)(a))<<8)
-#define Q_B2(a)	(((DES_LONG)(a))<<16)
-#define Q_B3(a)	(((DES_LONG)(a))<<24)
+#define Q_B0(a) (((DES_LONG)(a)))
+#define Q_B1(a) (((DES_LONG)(a))<<8)
+#define Q_B2(a) (((DES_LONG)(a))<<16)
+#define Q_B3(a) (((DES_LONG)(a))<<24)
 
 /* used to scramble things a bit */
 /* Got the value MIT uses via brute force :-) 2/10/90 eay */
-#define NOISE	((DES_LONG)83653421L)
+#define NOISE   ((DES_LONG)83653421L)
 
 DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[],
-	     long length, int out_count, DES_cblock *seed)
-	{
-	DES_LONG z0,z1,t0,t1;
-	int i;
-	long l;
-	const unsigned char *cp;
+                        long length, int out_count, DES_cblock *seed)
+{
+    DES_LONG z0, z1, t0, t1;
+    int i;
+    long l;
+    const unsigned char *cp;
 #ifdef _CRAY
-	struct lp_st { int a:32; int b:32; } *lp;
+    struct lp_st {
+        int a:32;
+        int b:32;
+    } *lp;
 #else
-	DES_LONG *lp;
+    DES_LONG *lp;
 #endif
 
-	if (out_count < 1) out_count=1;
+    if (out_count < 1)
+        out_count = 1;
 #ifdef _CRAY
-	lp = (struct lp_st *) &(output[0])[0];
+    lp = (struct lp_st *)&(output[0])[0];
 #else
-	lp = (DES_LONG *) &(output[0])[0];
+    lp = (DES_LONG *)&(output[0])[0];
 #endif
 
-	z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]);
-	z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]);
+    z0 = Q_B0((*seed)[0]) | Q_B1((*seed)[1]) | Q_B2((*seed)[2]) |
+        Q_B3((*seed)[3]);
+    z1 = Q_B0((*seed)[4]) | Q_B1((*seed)[5]) | Q_B2((*seed)[6]) |
+        Q_B3((*seed)[7]);
 
-	for (i=0; ((i<4)&&(i<out_count)); i++)
-		{
-		cp=input;
-		l=length;
-		while (l > 0)
-			{
-			if (l > 1)
-				{
-				t0= (DES_LONG)(*(cp++));
-				t0|=(DES_LONG)Q_B1(*(cp++));
-				l--;
-				}
-			else
-				t0= (DES_LONG)(*(cp++));
-			l--;
-			/* add */
-			t0+=z0;
-			t0&=0xffffffffL;
-			t1=z1;
-			/* square, well sort of square */
-			z0=((((t0*t0)&0xffffffffL)+((t1*t1)&0xffffffffL))
-				&0xffffffffL)%0x7fffffffL; 
-			z1=((t0*((t1+NOISE)&0xffffffffL))&0xffffffffL)%0x7fffffffL;
-			}
-		if (lp != NULL)
-			{
-			/* The MIT library assumes that the checksum is
-			 * composed of 2*out_count 32 bit ints */
+    for (i = 0; ((i < 4) && (i < out_count)); i++) {
+        cp = input;
+        l = length;
+        while (l > 0) {
+            if (l > 1) {
+                t0 = (DES_LONG)(*(cp++));
+                t0 |= (DES_LONG)Q_B1(*(cp++));
+                l--;
+            } else
+                t0 = (DES_LONG)(*(cp++));
+            l--;
+            /* add */
+            t0 += z0;
+            t0 &= 0xffffffffL;
+            t1 = z1;
+            /* square, well sort of square */
+            z0 = ((((t0 * t0) & 0xffffffffL) + ((t1 * t1) & 0xffffffffL))
+                  & 0xffffffffL) % 0x7fffffffL;
+            z1 = ((t0 * ((t1 + NOISE) & 0xffffffffL)) & 0xffffffffL) %
+                0x7fffffffL;
+        }
+        if (lp != NULL) {
+            /*
+             * The MIT library assumes that the checksum is composed of
+             * 2*out_count 32 bit ints
+             */
 #ifdef _CRAY
-			(*lp).a = z0;
-			(*lp).b = z1;
-			lp++;
+            (*lp).a = z0;
+            (*lp).b = z1;
+            lp++;
 #else
-			*lp++ = z0;
-			*lp++ = z1;
+            *lp++ = z0;
+            *lp++ = z1;
 #endif
-			}
-		}
-	return(z0);
-	}
-
+        }
+    }
+    return (z0);
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/rand_key.c b/Cryptlib/OpenSSL/crypto/des/rand_key.c
index 23981655..b75cc5f9 100644
--- a/Cryptlib/OpenSSL/crypto/des/rand_key.c
+++ b/Cryptlib/OpenSSL/crypto/des/rand_key.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -57,12 +57,11 @@
 #include <openssl/rand.h>
 
 int DES_random_key(DES_cblock *ret)
-	{
-	do
-		{
-		if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
-			return (0);
-		} while (DES_is_weak_key(ret));
-	DES_set_odd_parity(ret);
-	return (1);
-	}
+{
+    do {
+        if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1)
+            return (0);
+    } while (DES_is_weak_key(ret));
+    DES_set_odd_parity(ret);
+    return (1);
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/read2pwd.c b/Cryptlib/OpenSSL/crypto/des/read2pwd.c
index ee6969f7..01e275f3 100644
--- a/Cryptlib/OpenSSL/crypto/des/read2pwd.c
+++ b/Cryptlib/OpenSSL/crypto/des/read2pwd.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,21 +58,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -87,10 +87,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -102,7 +102,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -115,26 +115,26 @@
 #include <openssl/crypto.h>
 
 int DES_read_password(DES_cblock *key, const char *prompt, int verify)
-	{
-	int ok;
-	char buf[BUFSIZ],buff[BUFSIZ];
+{
+    int ok;
+    char buf[BUFSIZ], buff[BUFSIZ];
 
-	if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
-		DES_string_to_key(buf,key);
-	OPENSSL_cleanse(buf,BUFSIZ);
-	OPENSSL_cleanse(buff,BUFSIZ);
-	return(ok);
-	}
+    if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0)
+        DES_string_to_key(buf, key);
+    OPENSSL_cleanse(buf, BUFSIZ);
+    OPENSSL_cleanse(buff, BUFSIZ);
+    return (ok);
+}
 
-int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt,
-	     int verify)
-	{
-	int ok;
-	char buf[BUFSIZ],buff[BUFSIZ];
+int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2,
+                        const char *prompt, int verify)
+{
+    int ok;
+    char buf[BUFSIZ], buff[BUFSIZ];
 
-	if ((ok=UI_UTIL_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
-		DES_string_to_2keys(buf,key1,key2);
-	OPENSSL_cleanse(buf,BUFSIZ);
-	OPENSSL_cleanse(buff,BUFSIZ);
-	return(ok);
-	}
+    if ((ok = UI_UTIL_read_pw(buf, buff, BUFSIZ, prompt, verify)) == 0)
+        DES_string_to_2keys(buf, key1, key2);
+    OPENSSL_cleanse(buf, BUFSIZ);
+    OPENSSL_cleanse(buff, BUFSIZ);
+    return (ok);
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/rpc_enc.c b/Cryptlib/OpenSSL/crypto/des/rpc_enc.c
index d937d08d..f5a84c5b 100644
--- a/Cryptlib/OpenSSL/crypto/des/rpc_enc.c
+++ b/Cryptlib/OpenSSL/crypto/des/rpc_enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,39 +60,41 @@
 #include "des_locl.h"
 #include "des_ver.h"
 
-int _des_crypt(char *buf,int len,struct desparams *desp);
+int _des_crypt(char *buf, int len, struct desparams *desp);
 int _des_crypt(char *buf, int len, struct desparams *desp)
-	{
-	DES_key_schedule ks;
-	int enc;
+{
+    DES_key_schedule ks;
+    int enc;
 
-	DES_set_key_unchecked(&desp->des_key,&ks);
-	enc=(desp->des_dir == ENCRYPT)?DES_ENCRYPT:DES_DECRYPT;
+    DES_set_key_unchecked(&desp->des_key, &ks);
+    enc = (desp->des_dir == ENCRYPT) ? DES_ENCRYPT : DES_DECRYPT;
 
-	if (desp->des_mode == CBC)
-		DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf,
-				(DES_cblock *)desp->UDES.UDES_buf,&ks,
-				enc);
-	else
-		{
-		DES_ncbc_encrypt(desp->UDES.UDES_buf,desp->UDES.UDES_buf,
-				len,&ks,&desp->des_ivec,enc);
+    if (desp->des_mode == CBC)
+        DES_ecb_encrypt((const_DES_cblock *)desp->UDES.UDES_buf,
+                        (DES_cblock *)desp->UDES.UDES_buf, &ks, enc);
+    else {
+        DES_ncbc_encrypt(desp->UDES.UDES_buf, desp->UDES.UDES_buf,
+                         len, &ks, &desp->des_ivec, enc);
 #ifdef undef
-		/* len will always be %8 if called from common_crypt
-		 * in secure_rpc.
-		 * Libdes's cbc encrypt does not copy back the iv,
-		 * so we have to do it here. */
-		/* It does now :-) eay 20/09/95 */
+        /*
+         * len will always be %8 if called from common_crypt in secure_rpc.
+         * Libdes's cbc encrypt does not copy back the iv, so we have to do
+         * it here.
+         */
+        /* It does now :-) eay 20/09/95 */
 
-		a=(char *)&(desp->UDES.UDES_buf[len-8]);
-		b=(char *)&(desp->des_ivec[0]);
+        a = (char *)&(desp->UDES.UDES_buf[len - 8]);
+        b = (char *)&(desp->des_ivec[0]);
 
-		*(a++)= *(b++); *(a++)= *(b++);
-		*(a++)= *(b++); *(a++)= *(b++);
-		*(a++)= *(b++); *(a++)= *(b++);
-		*(a++)= *(b++); *(a++)= *(b++);
+        *(a++) = *(b++);
+        *(a++) = *(b++);
+        *(a++) = *(b++);
+        *(a++) = *(b++);
+        *(a++) = *(b++);
+        *(a++) = *(b++);
+        *(a++) = *(b++);
+        *(a++) = *(b++);
 #endif
-		}
-	return(1);	
-	}
-
+    }
+    return (1);
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/set_key.c b/Cryptlib/OpenSSL/crypto/des/set_key.c
index c0806d59..fdc8d504 100644
--- a/Cryptlib/OpenSSL/crypto/des/set_key.c
+++ b/Cryptlib/OpenSSL/crypto/des/set_key.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,14 +49,15 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-/* set_key.c v 1.4 eay 24/9/91
+/*-
+ * set_key.c v 1.4 eay 24/9/91
  * 1.4 Speed up by 400% :-)
  * 1.3 added register declarations.
  * 1.2 unrolled make_key_sched a bit more
@@ -65,51 +66,61 @@
  */
 #include "des_locl.h"
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
+OPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key); /* defaults to false */
 
-OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key);	/* defaults to false */
-
-static const unsigned char odd_parity[256]={
-  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
- 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
- 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
- 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
- 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
- 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
- 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
-112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
-128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
-145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
-161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
-176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
-193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
-208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
-224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
-241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
+static const unsigned char odd_parity[256] = {
+    1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
+    16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+    32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+    49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+    64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+    81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+    97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110,
+    110,
+    112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127,
+    127,
+    128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143,
+    143,
+    145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158,
+    158,
+    161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174,
+    174,
+    176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191,
+    191,
+    193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206,
+    206,
+    208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223,
+    223,
+    224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239,
+    239,
+    241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
+    254
+};
 
 void DES_set_odd_parity(DES_cblock *key)
-	{
-	unsigned int i;
+{
+    unsigned int i;
 
-	for (i=0; i<DES_KEY_SZ; i++)
-		(*key)[i]=odd_parity[(*key)[i]];
-	}
+    for (i = 0; i < DES_KEY_SZ; i++)
+        (*key)[i] = odd_parity[(*key)[i]];
+}
 
 int DES_check_key_parity(const_DES_cblock *key)
-	{
-	unsigned int i;
+{
+    unsigned int i;
 
-	for (i=0; i<DES_KEY_SZ; i++)
-		{
-		if ((*key)[i] != odd_parity[(*key)[i]])
-			return(0);
-		}
-	return(1);
-	}
+    for (i = 0; i < DES_KEY_SZ; i++) {
+        if ((*key)[i] != odd_parity[(*key)[i]])
+            return (0);
+    }
+    return (1);
+}
 
-/* Weak and semi week keys as take from
+/*-
+ * Weak and semi week keys as take from
  * %A D.W. Davies
  * %A W.L. Price
  * %T Security for Computer Networks
@@ -118,299 +129,314 @@ int DES_check_key_parity(const_DES_cblock *key)
  * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
  * (and actual cblock values).
  */
-#define NUM_WEAK_KEY	16
-static const DES_cblock weak_keys[NUM_WEAK_KEY]={
-	/* weak keys */
-	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
-	{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
-	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
-	{0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
-	/* semi-weak keys */
-	{0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
-	{0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
-	{0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
-	{0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
-	{0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
-	{0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
-	{0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
-	{0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
-	{0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
-	{0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
-	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
-	{0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
+#define NUM_WEAK_KEY    16
+static const DES_cblock weak_keys[NUM_WEAK_KEY] = {
+    /* weak keys */
+    {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
+    {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},
+    {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
+    {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1},
+    /* semi-weak keys */
+    {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE},
+    {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01},
+    {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1},
+    {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E},
+    {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1},
+    {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01},
+    {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE},
+    {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E},
+    {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
+    {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
+    {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
+    {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}
+};
 
 int DES_is_weak_key(const_DES_cblock *key)
-	{
-	int i;
+{
+    int i;
 
-	for (i=0; i<NUM_WEAK_KEY; i++)
-		/* Added == 0 to comparison, I obviously don't run
-		 * this section very often :-(, thanks to
-		 * engineering@MorningStar.Com for the fix
-		 * eay 93/06/29
-		 * Another problem, I was comparing only the first 4
-		 * bytes, 97/03/18 */
-		if (memcmp(weak_keys[i],key,sizeof(DES_cblock)) == 0) return(1);
-	return(0);
-	}
+    for (i = 0; i < NUM_WEAK_KEY; i++)
+        /*
+         * Added == 0 to comparison, I obviously don't run this section very
+         * often :-(, thanks to engineering@MorningStar.Com for the fix eay
+         * 93/06/29 Another problem, I was comparing only the first 4 bytes,
+         * 97/03/18
+         */
+        if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0)
+            return (1);
+    return (0);
+}
 
-/* NOW DEFINED IN des_local.h
- * See ecb_encrypt.c for a pseudo description of these macros. 
+/*-
+ * NOW DEFINED IN des_local.h
+ * See ecb_encrypt.c for a pseudo description of these macros.
  * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
- * 	(b)^=(t),\
- * 	(a)=((a)^((t)<<(n))))
+ *      (b)^=(t),\
+ *      (a)=((a)^((t)<<(n))))
  */
 
 #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
-	(a)=(a)^(t)^(t>>(16-(n))))
+        (a)=(a)^(t)^(t>>(16-(n))))
 
-static const DES_LONG des_skb[8][64]={
-	{
-	/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-	0x00000000L,0x00000010L,0x20000000L,0x20000010L,
-	0x00010000L,0x00010010L,0x20010000L,0x20010010L,
-	0x00000800L,0x00000810L,0x20000800L,0x20000810L,
-	0x00010800L,0x00010810L,0x20010800L,0x20010810L,
-	0x00000020L,0x00000030L,0x20000020L,0x20000030L,
-	0x00010020L,0x00010030L,0x20010020L,0x20010030L,
-	0x00000820L,0x00000830L,0x20000820L,0x20000830L,
-	0x00010820L,0x00010830L,0x20010820L,0x20010830L,
-	0x00080000L,0x00080010L,0x20080000L,0x20080010L,
-	0x00090000L,0x00090010L,0x20090000L,0x20090010L,
-	0x00080800L,0x00080810L,0x20080800L,0x20080810L,
-	0x00090800L,0x00090810L,0x20090800L,0x20090810L,
-	0x00080020L,0x00080030L,0x20080020L,0x20080030L,
-	0x00090020L,0x00090030L,0x20090020L,0x20090030L,
-	0x00080820L,0x00080830L,0x20080820L,0x20080830L,
-	0x00090820L,0x00090830L,0x20090820L,0x20090830L,
-	},{
-	/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
-	0x00000000L,0x02000000L,0x00002000L,0x02002000L,
-	0x00200000L,0x02200000L,0x00202000L,0x02202000L,
-	0x00000004L,0x02000004L,0x00002004L,0x02002004L,
-	0x00200004L,0x02200004L,0x00202004L,0x02202004L,
-	0x00000400L,0x02000400L,0x00002400L,0x02002400L,
-	0x00200400L,0x02200400L,0x00202400L,0x02202400L,
-	0x00000404L,0x02000404L,0x00002404L,0x02002404L,
-	0x00200404L,0x02200404L,0x00202404L,0x02202404L,
-	0x10000000L,0x12000000L,0x10002000L,0x12002000L,
-	0x10200000L,0x12200000L,0x10202000L,0x12202000L,
-	0x10000004L,0x12000004L,0x10002004L,0x12002004L,
-	0x10200004L,0x12200004L,0x10202004L,0x12202004L,
-	0x10000400L,0x12000400L,0x10002400L,0x12002400L,
-	0x10200400L,0x12200400L,0x10202400L,0x12202400L,
-	0x10000404L,0x12000404L,0x10002404L,0x12002404L,
-	0x10200404L,0x12200404L,0x10202404L,0x12202404L,
-	},{
-	/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
-	0x00000000L,0x00000001L,0x00040000L,0x00040001L,
-	0x01000000L,0x01000001L,0x01040000L,0x01040001L,
-	0x00000002L,0x00000003L,0x00040002L,0x00040003L,
-	0x01000002L,0x01000003L,0x01040002L,0x01040003L,
-	0x00000200L,0x00000201L,0x00040200L,0x00040201L,
-	0x01000200L,0x01000201L,0x01040200L,0x01040201L,
-	0x00000202L,0x00000203L,0x00040202L,0x00040203L,
-	0x01000202L,0x01000203L,0x01040202L,0x01040203L,
-	0x08000000L,0x08000001L,0x08040000L,0x08040001L,
-	0x09000000L,0x09000001L,0x09040000L,0x09040001L,
-	0x08000002L,0x08000003L,0x08040002L,0x08040003L,
-	0x09000002L,0x09000003L,0x09040002L,0x09040003L,
-	0x08000200L,0x08000201L,0x08040200L,0x08040201L,
-	0x09000200L,0x09000201L,0x09040200L,0x09040201L,
-	0x08000202L,0x08000203L,0x08040202L,0x08040203L,
-	0x09000202L,0x09000203L,0x09040202L,0x09040203L,
-	},{
-	/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
-	0x00000000L,0x00100000L,0x00000100L,0x00100100L,
-	0x00000008L,0x00100008L,0x00000108L,0x00100108L,
-	0x00001000L,0x00101000L,0x00001100L,0x00101100L,
-	0x00001008L,0x00101008L,0x00001108L,0x00101108L,
-	0x04000000L,0x04100000L,0x04000100L,0x04100100L,
-	0x04000008L,0x04100008L,0x04000108L,0x04100108L,
-	0x04001000L,0x04101000L,0x04001100L,0x04101100L,
-	0x04001008L,0x04101008L,0x04001108L,0x04101108L,
-	0x00020000L,0x00120000L,0x00020100L,0x00120100L,
-	0x00020008L,0x00120008L,0x00020108L,0x00120108L,
-	0x00021000L,0x00121000L,0x00021100L,0x00121100L,
-	0x00021008L,0x00121008L,0x00021108L,0x00121108L,
-	0x04020000L,0x04120000L,0x04020100L,0x04120100L,
-	0x04020008L,0x04120008L,0x04020108L,0x04120108L,
-	0x04021000L,0x04121000L,0x04021100L,0x04121100L,
-	0x04021008L,0x04121008L,0x04021108L,0x04121108L,
-	},{
-	/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
-	0x00000000L,0x10000000L,0x00010000L,0x10010000L,
-	0x00000004L,0x10000004L,0x00010004L,0x10010004L,
-	0x20000000L,0x30000000L,0x20010000L,0x30010000L,
-	0x20000004L,0x30000004L,0x20010004L,0x30010004L,
-	0x00100000L,0x10100000L,0x00110000L,0x10110000L,
-	0x00100004L,0x10100004L,0x00110004L,0x10110004L,
-	0x20100000L,0x30100000L,0x20110000L,0x30110000L,
-	0x20100004L,0x30100004L,0x20110004L,0x30110004L,
-	0x00001000L,0x10001000L,0x00011000L,0x10011000L,
-	0x00001004L,0x10001004L,0x00011004L,0x10011004L,
-	0x20001000L,0x30001000L,0x20011000L,0x30011000L,
-	0x20001004L,0x30001004L,0x20011004L,0x30011004L,
-	0x00101000L,0x10101000L,0x00111000L,0x10111000L,
-	0x00101004L,0x10101004L,0x00111004L,0x10111004L,
-	0x20101000L,0x30101000L,0x20111000L,0x30111000L,
-	0x20101004L,0x30101004L,0x20111004L,0x30111004L,
-	},{
-	/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
-	0x00000000L,0x08000000L,0x00000008L,0x08000008L,
-	0x00000400L,0x08000400L,0x00000408L,0x08000408L,
-	0x00020000L,0x08020000L,0x00020008L,0x08020008L,
-	0x00020400L,0x08020400L,0x00020408L,0x08020408L,
-	0x00000001L,0x08000001L,0x00000009L,0x08000009L,
-	0x00000401L,0x08000401L,0x00000409L,0x08000409L,
-	0x00020001L,0x08020001L,0x00020009L,0x08020009L,
-	0x00020401L,0x08020401L,0x00020409L,0x08020409L,
-	0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
-	0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
-	0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
-	0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
-	0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
-	0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
-	0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
-	0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
-	},{
-	/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
-	0x00000000L,0x00000100L,0x00080000L,0x00080100L,
-	0x01000000L,0x01000100L,0x01080000L,0x01080100L,
-	0x00000010L,0x00000110L,0x00080010L,0x00080110L,
-	0x01000010L,0x01000110L,0x01080010L,0x01080110L,
-	0x00200000L,0x00200100L,0x00280000L,0x00280100L,
-	0x01200000L,0x01200100L,0x01280000L,0x01280100L,
-	0x00200010L,0x00200110L,0x00280010L,0x00280110L,
-	0x01200010L,0x01200110L,0x01280010L,0x01280110L,
-	0x00000200L,0x00000300L,0x00080200L,0x00080300L,
-	0x01000200L,0x01000300L,0x01080200L,0x01080300L,
-	0x00000210L,0x00000310L,0x00080210L,0x00080310L,
-	0x01000210L,0x01000310L,0x01080210L,0x01080310L,
-	0x00200200L,0x00200300L,0x00280200L,0x00280300L,
-	0x01200200L,0x01200300L,0x01280200L,0x01280300L,
-	0x00200210L,0x00200310L,0x00280210L,0x00280310L,
-	0x01200210L,0x01200310L,0x01280210L,0x01280310L,
-	},{
-	/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
-	0x00000000L,0x04000000L,0x00040000L,0x04040000L,
-	0x00000002L,0x04000002L,0x00040002L,0x04040002L,
-	0x00002000L,0x04002000L,0x00042000L,0x04042000L,
-	0x00002002L,0x04002002L,0x00042002L,0x04042002L,
-	0x00000020L,0x04000020L,0x00040020L,0x04040020L,
-	0x00000022L,0x04000022L,0x00040022L,0x04040022L,
-	0x00002020L,0x04002020L,0x00042020L,0x04042020L,
-	0x00002022L,0x04002022L,0x00042022L,0x04042022L,
-	0x00000800L,0x04000800L,0x00040800L,0x04040800L,
-	0x00000802L,0x04000802L,0x00040802L,0x04040802L,
-	0x00002800L,0x04002800L,0x00042800L,0x04042800L,
-	0x00002802L,0x04002802L,0x00042802L,0x04042802L,
-	0x00000820L,0x04000820L,0x00040820L,0x04040820L,
-	0x00000822L,0x04000822L,0x00040822L,0x04040822L,
-	0x00002820L,0x04002820L,0x00042820L,0x04042820L,
-	0x00002822L,0x04002822L,0x00042822L,0x04042822L,
-	}};
+static const DES_LONG des_skb[8][64] = {
+    {
+     /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+     0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L,
+     0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L,
+     0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L,
+     0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L,
+     0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
+     0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L,
+     0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L,
+     0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L,
+     0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L,
+     0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
+     0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L,
+     0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L,
+     0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L,
+     0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L,
+     0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
+     0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L,
+     },
+    {
+     /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+     0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L,
+     0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L,
+     0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L,
+     0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L,
+     0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
+     0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L,
+     0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L,
+     0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L,
+     0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L,
+     0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
+     0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L,
+     0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L,
+     0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L,
+     0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L,
+     0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
+     0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L,
+     },
+    {
+     /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+     0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L,
+     0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L,
+     0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L,
+     0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L,
+     0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
+     0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L,
+     0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L,
+     0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L,
+     0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L,
+     0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
+     0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L,
+     0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L,
+     0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L,
+     0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L,
+     0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
+     0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L,
+     },
+    {
+     /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+     0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L,
+     0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L,
+     0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L,
+     0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L,
+     0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
+     0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L,
+     0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L,
+     0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L,
+     0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L,
+     0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
+     0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L,
+     0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L,
+     0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L,
+     0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L,
+     0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
+     0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+     0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L,
+     0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L,
+     0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L,
+     0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L,
+     0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
+     0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L,
+     0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L,
+     0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L,
+     0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L,
+     0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
+     0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L,
+     0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L,
+     0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L,
+     0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L,
+     0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
+     0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+     0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L,
+     0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L,
+     0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L,
+     0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L,
+     0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
+     0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L,
+     0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L,
+     0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L,
+     0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L,
+     0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
+     0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L,
+     0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L,
+     0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L,
+     0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L,
+     0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
+     0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+     0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L,
+     0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L,
+     0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L,
+     0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L,
+     0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
+     0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L,
+     0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L,
+     0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L,
+     0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L,
+     0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
+     0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L,
+     0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L,
+     0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L,
+     0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L,
+     0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
+     0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L,
+     },
+    {
+     /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+     0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L,
+     0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L,
+     0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L,
+     0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L,
+     0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
+     0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L,
+     0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L,
+     0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L,
+     0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L,
+     0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
+     0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L,
+     0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L,
+     0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L,
+     0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L,
+     0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
+     0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L,
+     }
+};
 
 int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
-	{
-	if (DES_check_key)
-		{
-		return DES_set_key_checked(key, schedule);
-		}
-	else
-		{
-		DES_set_key_unchecked(key, schedule);
-		return 0;
-		}
-	}
+{
+    if (DES_check_key) {
+        return DES_set_key_checked(key, schedule);
+    } else {
+        DES_set_key_unchecked(key, schedule);
+        return 0;
+    }
+}
 
-/* return 0 if key parity is odd (correct),
+/*-
+ * return 0 if key parity is odd (correct),
  * return -1 if key parity error,
  * return -2 if illegal weak key.
  */
 int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
-	{
-	if (!DES_check_key_parity(key))
-		return(-1);
-	if (DES_is_weak_key(key))
-		return(-2);
-	DES_set_key_unchecked(key, schedule);
-	return 0;
-	}
+{
+    if (!DES_check_key_parity(key))
+        return (-1);
+    if (DES_is_weak_key(key))
+        return (-2);
+    DES_set_key_unchecked(key, schedule);
+    return 0;
+}
 
 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
-	{
-	static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
-	register DES_LONG c,d,t,s,t2;
-	register const unsigned char *in;
-	register DES_LONG *k;
-	register int i;
+{
+    static int shifts2[16] =
+        { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 };
+    register DES_LONG c, d, t, s, t2;
+    register const unsigned char *in;
+    register DES_LONG *k;
+    register int i;
 
 #ifdef OPENBSD_DEV_CRYPTO
-	memcpy(schedule->key,key,sizeof schedule->key);
-	schedule->session=NULL;
+    memcpy(schedule->key, key, sizeof schedule->key);
+    schedule->session = NULL;
 #endif
-	k = &schedule->ks->deslong[0];
-	in = &(*key)[0];
+    k = &schedule->ks->deslong[0];
+    in = &(*key)[0];
 
 #ifdef OPENSSL_FIPS
-	FIPS_selftest_check();
+    FIPS_selftest_check();
 #endif
 
-	c2l(in,c);
-	c2l(in,d);
+    c2l(in, c);
+    c2l(in, d);
 
-	/* do PC1 in 47 simple operations :-)
-	 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
-	 * for the inspiration. :-) */
-	PERM_OP (d,c,t,4,0x0f0f0f0fL);
-	HPERM_OP(c,t,-2,0xcccc0000L);
-	HPERM_OP(d,t,-2,0xcccc0000L);
-	PERM_OP (d,c,t,1,0x55555555L);
-	PERM_OP (c,d,t,8,0x00ff00ffL);
-	PERM_OP (d,c,t,1,0x55555555L);
-	d=	(((d&0x000000ffL)<<16L)| (d&0x0000ff00L)     |
-		 ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
-	c&=0x0fffffffL;
+    /*
+     * do PC1 in 47 simple operations :-) Thanks to John Fletcher
+     * (john_fletcher@lccmail.ocf.llnl.gov) for the inspiration. :-)
+     */
+    PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
+    HPERM_OP(c, t, -2, 0xcccc0000L);
+    HPERM_OP(d, t, -2, 0xcccc0000L);
+    PERM_OP(d, c, t, 1, 0x55555555L);
+    PERM_OP(c, d, t, 8, 0x00ff00ffL);
+    PERM_OP(d, c, t, 1, 0x55555555L);
+    d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
+         ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
+    c &= 0x0fffffffL;
 
-	for (i=0; i<ITERATIONS; i++)
-		{
-		if (shifts2[i])
-			{ c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
-		else
-			{ c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
-		c&=0x0fffffffL;
-		d&=0x0fffffffL;
-		/* could be a few less shifts but I am to lazy at this
-		 * point in time to investigate */
-		s=	des_skb[0][ (c    )&0x3f                ]|
-			des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]|
-			des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]|
-			des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) |
-						  ((c>>22L)&0x38)];
-		t=	des_skb[4][ (d    )&0x3f                ]|
-			des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
-			des_skb[6][ (d>>15L)&0x3f                ]|
-			des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
+    for (i = 0; i < ITERATIONS; i++) {
+        if (shifts2[i]) {
+            c = ((c >> 2L) | (c << 26L));
+            d = ((d >> 2L) | (d << 26L));
+        } else {
+            c = ((c >> 1L) | (c << 27L));
+            d = ((d >> 1L) | (d << 27L));
+        }
+        c &= 0x0fffffffL;
+        d &= 0x0fffffffL;
+        /*
+         * could be a few less shifts but I am to lazy at this point in time
+         * to investigate
+         */
+        s = des_skb[0][(c) & 0x3f] |
+            des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] |
+            des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] |
+            des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) |
+                       ((c >> 22L) & 0x38)];
+        t = des_skb[4][(d) & 0x3f] |
+            des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] |
+            des_skb[6][(d >> 15L) & 0x3f] |
+            des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
 
-		/* table contained 0213 4657 */
-		t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
-		*(k++)=ROTATE(t2,30)&0xffffffffL;
+        /* table contained 0213 4657 */
+        t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
+        *(k++) = ROTATE(t2, 30) & 0xffffffffL;
 
-		t2=((s>>16L)|(t&0xffff0000L));
-		*(k++)=ROTATE(t2,26)&0xffffffffL;
-		}
-	}
+        t2 = ((s >> 16L) | (t & 0xffff0000L));
+        *(k++) = ROTATE(t2, 26) & 0xffffffffL;
+    }
+}
 
 int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
-	{
-	return(DES_set_key(key,schedule));
-	}
-/*
+{
+    return (DES_set_key(key, schedule));
+}
+
+/*-
 #undef des_fixup_key_parity
 void des_fixup_key_parity(des_cblock *key)
-	{
-	des_set_odd_parity(key);
-	}
+        {
+        des_set_odd_parity(key);
+        }
 */
-
diff --git a/Cryptlib/OpenSSL/crypto/des/str2key.c b/Cryptlib/OpenSSL/crypto/des/str2key.c
index 9c2054bd..d6468b38 100644
--- a/Cryptlib/OpenSSL/crypto/des/str2key.c
+++ b/Cryptlib/OpenSSL/crypto/des/str2key.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,115 +60,105 @@
 #include <openssl/crypto.h>
 
 void DES_string_to_key(const char *str, DES_cblock *key)
-	{
-	DES_key_schedule ks;
-	int i,length;
-	register unsigned char j;
+{
+    DES_key_schedule ks;
+    int i, length;
+    register unsigned char j;
 
-	memset(key,0,8);
-	length=strlen(str);
+    memset(key, 0, 8);
+    length = strlen(str);
 #ifdef OLD_STR_TO_KEY
-	for (i=0; i<length; i++)
-		(*key)[i%8]^=(str[i]<<1);
-#else /* MIT COMPATIBLE */
-	for (i=0; i<length; i++)
-		{
-		j=str[i];
-		if ((i%16) < 8)
-			(*key)[i%8]^=(j<<1);
-		else
-			{
-			/* Reverse the bit order 05/05/92 eay */
-			j=((j<<4)&0xf0)|((j>>4)&0x0f);
-			j=((j<<2)&0xcc)|((j>>2)&0x33);
-			j=((j<<1)&0xaa)|((j>>1)&0x55);
-			(*key)[7-(i%8)]^=j;
-			}
-		}
+    for (i = 0; i < length; i++)
+        (*key)[i % 8] ^= (str[i] << 1);
+#else                           /* MIT COMPATIBLE */
+    for (i = 0; i < length; i++) {
+        j = str[i];
+        if ((i % 16) < 8)
+            (*key)[i % 8] ^= (j << 1);
+        else {
+            /* Reverse the bit order 05/05/92 eay */
+            j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f);
+            j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33);
+            j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55);
+            (*key)[7 - (i % 8)] ^= j;
+        }
+    }
 #endif
-	DES_set_odd_parity(key);
+    DES_set_odd_parity(key);
 #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-	if(DES_is_weak_key(key))
-	    (*key)[7] ^= 0xF0;
-	DES_set_key(key,&ks);
+    if (DES_is_weak_key(key))
+        (*key)[7] ^= 0xF0;
+    DES_set_key(key, &ks);
 #else
-	DES_set_key_unchecked(key,&ks);
+    DES_set_key_unchecked(key, &ks);
 #endif
-	DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key);
-	OPENSSL_cleanse(&ks,sizeof(ks));
-	DES_set_odd_parity(key);
-	}
+    DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
+    OPENSSL_cleanse(&ks, sizeof(ks));
+    DES_set_odd_parity(key);
+}
 
 void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
-	{
-	DES_key_schedule ks;
-	int i,length;
-	register unsigned char j;
+{
+    DES_key_schedule ks;
+    int i, length;
+    register unsigned char j;
 
-	memset(key1,0,8);
-	memset(key2,0,8);
-	length=strlen(str);
+    memset(key1, 0, 8);
+    memset(key2, 0, 8);
+    length = strlen(str);
 #ifdef OLD_STR_TO_KEY
-	if (length <= 8)
-		{
-		for (i=0; i<length; i++)
-			{
-			(*key2)[i]=(*key1)[i]=(str[i]<<1);
-			}
-		}
-	else
-		{
-		for (i=0; i<length; i++)
-			{
-			if ((i/8)&1)
-				(*key2)[i%8]^=(str[i]<<1);
-			else
-				(*key1)[i%8]^=(str[i]<<1);
-			}
-		}
-#else /* MIT COMPATIBLE */
-	for (i=0; i<length; i++)
-		{
-		j=str[i];
-		if ((i%32) < 16)
-			{
-			if ((i%16) < 8)
-				(*key1)[i%8]^=(j<<1);
-			else
-				(*key2)[i%8]^=(j<<1);
-			}
-		else
-			{
-			j=((j<<4)&0xf0)|((j>>4)&0x0f);
-			j=((j<<2)&0xcc)|((j>>2)&0x33);
-			j=((j<<1)&0xaa)|((j>>1)&0x55);
-			if ((i%16) < 8)
-				(*key1)[7-(i%8)]^=j;
-			else
-				(*key2)[7-(i%8)]^=j;
-			}
-		}
-	if (length <= 8) memcpy(key2,key1,8);
+    if (length <= 8) {
+        for (i = 0; i < length; i++) {
+            (*key2)[i] = (*key1)[i] = (str[i] << 1);
+        }
+    } else {
+        for (i = 0; i < length; i++) {
+            if ((i / 8) & 1)
+                (*key2)[i % 8] ^= (str[i] << 1);
+            else
+                (*key1)[i % 8] ^= (str[i] << 1);
+        }
+    }
+#else                           /* MIT COMPATIBLE */
+    for (i = 0; i < length; i++) {
+        j = str[i];
+        if ((i % 32) < 16) {
+            if ((i % 16) < 8)
+                (*key1)[i % 8] ^= (j << 1);
+            else
+                (*key2)[i % 8] ^= (j << 1);
+        } else {
+            j = ((j << 4) & 0xf0) | ((j >> 4) & 0x0f);
+            j = ((j << 2) & 0xcc) | ((j >> 2) & 0x33);
+            j = ((j << 1) & 0xaa) | ((j >> 1) & 0x55);
+            if ((i % 16) < 8)
+                (*key1)[7 - (i % 8)] ^= j;
+            else
+                (*key2)[7 - (i % 8)] ^= j;
+        }
+    }
+    if (length <= 8)
+        memcpy(key2, key1, 8);
 #endif
-	DES_set_odd_parity(key1);
-	DES_set_odd_parity(key2);
+    DES_set_odd_parity(key1);
+    DES_set_odd_parity(key2);
 #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-	if(DES_is_weak_key(key1))
-	    (*key1)[7] ^= 0xF0;
-	DES_set_key(key1,&ks);
+    if (DES_is_weak_key(key1))
+        (*key1)[7] ^= 0xF0;
+    DES_set_key(key1, &ks);
 #else
-	DES_set_key_unchecked(key1,&ks);
+    DES_set_key_unchecked(key1, &ks);
 #endif
-	DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1);
+    DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
 #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
-	if(DES_is_weak_key(key2))
-	    (*key2)[7] ^= 0xF0;
-	DES_set_key(key2,&ks);
+    if (DES_is_weak_key(key2))
+        (*key2)[7] ^= 0xF0;
+    DES_set_key(key2, &ks);
 #else
-	DES_set_key_unchecked(key2,&ks);
+    DES_set_key_unchecked(key2, &ks);
 #endif
-	DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2);
-	OPENSSL_cleanse(&ks,sizeof(ks));
-	DES_set_odd_parity(key1);
-	DES_set_odd_parity(key2);
-	}
+    DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
+    OPENSSL_cleanse(&ks, sizeof(ks));
+    DES_set_odd_parity(key1);
+    DES_set_odd_parity(key2);
+}
diff --git a/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c
index dc0c761b..3b614f48 100644
--- a/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c
+++ b/Cryptlib/OpenSSL/crypto/des/xcbc_enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,138 +60,157 @@
 
 /* RSA's DESX */
 
-#if 0 /* broken code, preserved just in case anyone specifically looks for this */
-static unsigned char desx_white_in2out[256]={
-0xBD,0x56,0xEA,0xF2,0xA2,0xF1,0xAC,0x2A,0xB0,0x93,0xD1,0x9C,0x1B,0x33,0xFD,0xD0,
-0x30,0x04,0xB6,0xDC,0x7D,0xDF,0x32,0x4B,0xF7,0xCB,0x45,0x9B,0x31,0xBB,0x21,0x5A,
-0x41,0x9F,0xE1,0xD9,0x4A,0x4D,0x9E,0xDA,0xA0,0x68,0x2C,0xC3,0x27,0x5F,0x80,0x36,
-0x3E,0xEE,0xFB,0x95,0x1A,0xFE,0xCE,0xA8,0x34,0xA9,0x13,0xF0,0xA6,0x3F,0xD8,0x0C,
-0x78,0x24,0xAF,0x23,0x52,0xC1,0x67,0x17,0xF5,0x66,0x90,0xE7,0xE8,0x07,0xB8,0x60,
-0x48,0xE6,0x1E,0x53,0xF3,0x92,0xA4,0x72,0x8C,0x08,0x15,0x6E,0x86,0x00,0x84,0xFA,
-0xF4,0x7F,0x8A,0x42,0x19,0xF6,0xDB,0xCD,0x14,0x8D,0x50,0x12,0xBA,0x3C,0x06,0x4E,
-0xEC,0xB3,0x35,0x11,0xA1,0x88,0x8E,0x2B,0x94,0x99,0xB7,0x71,0x74,0xD3,0xE4,0xBF,
-0x3A,0xDE,0x96,0x0E,0xBC,0x0A,0xED,0x77,0xFC,0x37,0x6B,0x03,0x79,0x89,0x62,0xC6,
-0xD7,0xC0,0xD2,0x7C,0x6A,0x8B,0x22,0xA3,0x5B,0x05,0x5D,0x02,0x75,0xD5,0x61,0xE3,
-0x18,0x8F,0x55,0x51,0xAD,0x1F,0x0B,0x5E,0x85,0xE5,0xC2,0x57,0x63,0xCA,0x3D,0x6C,
-0xB4,0xC5,0xCC,0x70,0xB2,0x91,0x59,0x0D,0x47,0x20,0xC8,0x4F,0x58,0xE0,0x01,0xE2,
-0x16,0x38,0xC4,0x6F,0x3B,0x0F,0x65,0x46,0xBE,0x7E,0x2D,0x7B,0x82,0xF9,0x40,0xB5,
-0x1D,0x73,0xF8,0xEB,0x26,0xC7,0x87,0x97,0x25,0x54,0xB1,0x28,0xAA,0x98,0x9D,0xA5,
-0x64,0x6D,0x7A,0xD4,0x10,0x81,0x44,0xEF,0x49,0xD6,0xAE,0x2E,0xDD,0x76,0x5C,0x2F,
-0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB,
-	};
+#if 0                           /* broken code, preserved just in case anyone
+                                 * specifically looks for this */
+static unsigned char desx_white_in2out[256] = {
+    0xBD, 0x56, 0xEA, 0xF2, 0xA2, 0xF1, 0xAC, 0x2A, 0xB0, 0x93, 0xD1, 0x9C,
+    0x1B, 0x33, 0xFD, 0xD0,
+    0x30, 0x04, 0xB6, 0xDC, 0x7D, 0xDF, 0x32, 0x4B, 0xF7, 0xCB, 0x45, 0x9B,
+    0x31, 0xBB, 0x21, 0x5A,
+    0x41, 0x9F, 0xE1, 0xD9, 0x4A, 0x4D, 0x9E, 0xDA, 0xA0, 0x68, 0x2C, 0xC3,
+    0x27, 0x5F, 0x80, 0x36,
+    0x3E, 0xEE, 0xFB, 0x95, 0x1A, 0xFE, 0xCE, 0xA8, 0x34, 0xA9, 0x13, 0xF0,
+    0xA6, 0x3F, 0xD8, 0x0C,
+    0x78, 0x24, 0xAF, 0x23, 0x52, 0xC1, 0x67, 0x17, 0xF5, 0x66, 0x90, 0xE7,
+    0xE8, 0x07, 0xB8, 0x60,
+    0x48, 0xE6, 0x1E, 0x53, 0xF3, 0x92, 0xA4, 0x72, 0x8C, 0x08, 0x15, 0x6E,
+    0x86, 0x00, 0x84, 0xFA,
+    0xF4, 0x7F, 0x8A, 0x42, 0x19, 0xF6, 0xDB, 0xCD, 0x14, 0x8D, 0x50, 0x12,
+    0xBA, 0x3C, 0x06, 0x4E,
+    0xEC, 0xB3, 0x35, 0x11, 0xA1, 0x88, 0x8E, 0x2B, 0x94, 0x99, 0xB7, 0x71,
+    0x74, 0xD3, 0xE4, 0xBF,
+    0x3A, 0xDE, 0x96, 0x0E, 0xBC, 0x0A, 0xED, 0x77, 0xFC, 0x37, 0x6B, 0x03,
+    0x79, 0x89, 0x62, 0xC6,
+    0xD7, 0xC0, 0xD2, 0x7C, 0x6A, 0x8B, 0x22, 0xA3, 0x5B, 0x05, 0x5D, 0x02,
+    0x75, 0xD5, 0x61, 0xE3,
+    0x18, 0x8F, 0x55, 0x51, 0xAD, 0x1F, 0x0B, 0x5E, 0x85, 0xE5, 0xC2, 0x57,
+    0x63, 0xCA, 0x3D, 0x6C,
+    0xB4, 0xC5, 0xCC, 0x70, 0xB2, 0x91, 0x59, 0x0D, 0x47, 0x20, 0xC8, 0x4F,
+    0x58, 0xE0, 0x01, 0xE2,
+    0x16, 0x38, 0xC4, 0x6F, 0x3B, 0x0F, 0x65, 0x46, 0xBE, 0x7E, 0x2D, 0x7B,
+    0x82, 0xF9, 0x40, 0xB5,
+    0x1D, 0x73, 0xF8, 0xEB, 0x26, 0xC7, 0x87, 0x97, 0x25, 0x54, 0xB1, 0x28,
+    0xAA, 0x98, 0x9D, 0xA5,
+    0x64, 0x6D, 0x7A, 0xD4, 0x10, 0x81, 0x44, 0xEF, 0x49, 0xD6, 0xAE, 0x2E,
+    0xDD, 0x76, 0x5C, 0x2F,
+    0xA7, 0x1C, 0xC9, 0x09, 0x69, 0x9A, 0x83, 0xCF, 0x29, 0x39, 0xB9, 0xE9,
+    0x4C, 0xFF, 0x43, 0xAB,
+};
 
 void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white,
-	     DES_cblock *out_white)
-	{
-	int out0,out1;
-	int i;
-	const unsigned char *key = &(*des_key)[0];
-	const unsigned char *in = &(*in_white)[0];
-	unsigned char *out = &(*out_white)[0];
+                       DES_cblock *out_white)
+{
+    int out0, out1;
+    int i;
+    const unsigned char *key = &(*des_key)[0];
+    const unsigned char *in = &(*in_white)[0];
+    unsigned char *out = &(*out_white)[0];
 
-	out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0;
-	out0=out1=0;
-	for (i=0; i<8; i++)
-		{
-		out[i]=key[i]^desx_white_in2out[out0^out1];
-		out0=out1;
-		out1=(int)out[i&0x07];
-		}
+    out[0] = out[1] = out[2] = out[3] = out[4] = out[5] = out[6] = out[7] = 0;
+    out0 = out1 = 0;
+    for (i = 0; i < 8; i++) {
+        out[i] = key[i] ^ desx_white_in2out[out0 ^ out1];
+        out0 = out1;
+        out1 = (int)out[i & 0x07];
+    }
 
-	out0=out[0];
-	out1=out[i]; /* BUG: out-of-bounds read */
-	for (i=0; i<8; i++)
-		{
-		out[i]=in[i]^desx_white_in2out[out0^out1];
-		out0=out1;
-		out1=(int)out[i&0x07];
-		}
-	}
+    out0 = out[0];
+    out1 = out[i];              /* BUG: out-of-bounds read */
+    for (i = 0; i < 8; i++) {
+        out[i] = in[i] ^ desx_white_in2out[out0 ^ out1];
+        out0 = out1;
+        out1 = (int)out[i & 0x07];
+    }
+}
 #endif
 
 void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out,
-		      long length, DES_key_schedule *schedule,
-		      DES_cblock *ivec, const_DES_cblock *inw,
-		      const_DES_cblock *outw, int enc)
-	{
-	register DES_LONG tin0,tin1;
-	register DES_LONG tout0,tout1,xor0,xor1;
-	register DES_LONG inW0,inW1,outW0,outW1;
-	register const unsigned char *in2;
-	register long l=length;
-	DES_LONG tin[2];
-	unsigned char *iv;
-
-	in2 = &(*inw)[0];
-	c2l(in2,inW0);
-	c2l(in2,inW1);
-	in2 = &(*outw)[0];
-	c2l(in2,outW0);
-	c2l(in2,outW1);
+                      long length, DES_key_schedule *schedule,
+                      DES_cblock *ivec, const_DES_cblock *inw,
+                      const_DES_cblock *outw, int enc)
+{
+    register DES_LONG tin0, tin1;
+    register DES_LONG tout0, tout1, xor0, xor1;
+    register DES_LONG inW0, inW1, outW0, outW1;
+    register const unsigned char *in2;
+    register long l = length;
+    DES_LONG tin[2];
+    unsigned char *iv;
 
-	iv = &(*ivec)[0];
+    in2 = &(*inw)[0];
+    c2l(in2, inW0);
+    c2l(in2, inW1);
+    in2 = &(*outw)[0];
+    c2l(in2, outW0);
+    c2l(in2, outW1);
 
-	if (enc)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			tin0^=tout0^inW0; tin[0]=tin0;
-			tin1^=tout1^inW1; tin[1]=tin1;
-			DES_encrypt1(tin,schedule,DES_ENCRYPT);
-			tout0=tin[0]^outW0; l2c(tout0,out);
-			tout1=tin[1]^outW1; l2c(tout1,out);
-			}
-		if (l != -8)
-			{
-			c2ln(in,tin0,tin1,l+8);
-			tin0^=tout0^inW0; tin[0]=tin0;
-			tin1^=tout1^inW1; tin[1]=tin1;
-			DES_encrypt1(tin,schedule,DES_ENCRYPT);
-			tout0=tin[0]^outW0; l2c(tout0,out);
-			tout1=tin[1]^outW1; l2c(tout1,out);
-			}
-		iv = &(*ivec)[0];
-		l2c(tout0,iv);
-		l2c(tout1,iv);
-		}
-	else
-		{
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		for (l-=8; l>0; l-=8)
-			{
-			c2l(in,tin0); tin[0]=tin0^outW0;
-			c2l(in,tin1); tin[1]=tin1^outW1;
-			DES_encrypt1(tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0^inW0;
-			tout1=tin[1]^xor1^inW1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		if (l != -8)
-			{
-			c2l(in,tin0); tin[0]=tin0^outW0;
-			c2l(in,tin1); tin[1]=tin1^outW1;
-			DES_encrypt1(tin,schedule,DES_DECRYPT);
-			tout0=tin[0]^xor0^inW0;
-			tout1=tin[1]^xor1^inW1;
-			l2cn(tout0,tout1,out,l+8);
-			xor0=tin0;
-			xor1=tin1;
-			}
+    iv = &(*ivec)[0];
 
-		iv = &(*ivec)[0];
-		l2c(xor0,iv);
-		l2c(xor1,iv);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	inW0=inW1=outW0=outW1=0;
-	tin[0]=tin[1]=0;
-	}
+    if (enc) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0 ^ inW0;
+            tin[0] = tin0;
+            tin1 ^= tout1 ^ inW1;
+            tin[1] = tin1;
+            DES_encrypt1(tin, schedule, DES_ENCRYPT);
+            tout0 = tin[0] ^ outW0;
+            l2c(tout0, out);
+            tout1 = tin[1] ^ outW1;
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0 ^ inW0;
+            tin[0] = tin0;
+            tin1 ^= tout1 ^ inW1;
+            tin[1] = tin1;
+            DES_encrypt1(tin, schedule, DES_ENCRYPT);
+            tout0 = tin[0] ^ outW0;
+            l2c(tout0, out);
+            tout1 = tin[1] ^ outW1;
+            l2c(tout1, out);
+        }
+        iv = &(*ivec)[0];
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        for (l -= 8; l > 0; l -= 8) {
+            c2l(in, tin0);
+            tin[0] = tin0 ^ outW0;
+            c2l(in, tin1);
+            tin[1] = tin1 ^ outW1;
+            DES_encrypt1(tin, schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0 ^ inW0;
+            tout1 = tin[1] ^ xor1 ^ inW1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            tin[0] = tin0 ^ outW0;
+            c2l(in, tin1);
+            tin[1] = tin1 ^ outW1;
+            DES_encrypt1(tin, schedule, DES_DECRYPT);
+            tout0 = tin[0] ^ xor0 ^ inW0;
+            tout1 = tin[1] ^ xor1 ^ inW1;
+            l2cn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
 
+        iv = &(*ivec)[0];
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    inW0 = inW1 = outW0 = outW1 = 0;
+    tin[0] = tin[1] = 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c
index 76740af2..d534986a 100644
--- a/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c
+++ b/Cryptlib/OpenSSL/crypto/dh/dh_asn1.c
@@ -1,6 +1,7 @@
 /* dh_asn1.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -66,22 +67,23 @@
 /* Override the default free and new methods */
 static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	if(operation == ASN1_OP_NEW_PRE) {
-		*pval = (ASN1_VALUE *)DH_new();
-		if(*pval) return 2;
-		return 0;
-	} else if(operation == ASN1_OP_FREE_PRE) {
-		DH_free((DH *)*pval);
-		*pval = NULL;
-		return 2;
-	}
-	return 1;
+    if (operation == ASN1_OP_NEW_PRE) {
+        *pval = (ASN1_VALUE *)DH_new();
+        if (*pval)
+            return 2;
+        return 0;
+    } else if (operation == ASN1_OP_FREE_PRE) {
+        DH_free((DH *)*pval);
+        *pval = NULL;
+        return 2;
+    }
+    return 1;
 }
 
 ASN1_SEQUENCE_cb(DHparams, dh_cb) = {
-	ASN1_SIMPLE(DH, p, BIGNUM),
-	ASN1_SIMPLE(DH, g, BIGNUM),
-	ASN1_OPT(DH, length, ZLONG),
+        ASN1_SIMPLE(DH, p, BIGNUM),
+        ASN1_SIMPLE(DH, g, BIGNUM),
+        ASN1_OPT(DH, length, ZLONG),
 } ASN1_SEQUENCE_END_cb(DH, DHparams)
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DH, DHparams, DHparams)
diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_check.c b/Cryptlib/OpenSSL/crypto/dh/dh_check.c
index 316cb922..7909fd6c 100644
--- a/Cryptlib/OpenSSL/crypto/dh/dh_check.c
+++ b/Cryptlib/OpenSSL/crypto/dh/dh_check.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,7 +61,8 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
-/* Check that p is a safe prime and
+/*-
+ * Check that p is a safe prime and
  * if g is 2, 3 or 5, check that it is a suitable generator
  * where
  * for 2, p mod 24 == 11
@@ -73,74 +74,78 @@
 #ifndef OPENSSL_FIPS
 
 int DH_check(const DH *dh, int *ret)
-	{
-	int ok=0;
-	BN_CTX *ctx=NULL;
-	BN_ULONG l;
-	BIGNUM *q=NULL;
+{
+    int ok = 0;
+    BN_CTX *ctx = NULL;
+    BN_ULONG l;
+    BIGNUM *q = NULL;
 
-	*ret=0;
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-	q=BN_new();
-	if (q == NULL) goto err;
+    *ret = 0;
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    q = BN_new();
+    if (q == NULL)
+        goto err;
 
-	if (BN_is_word(dh->g,DH_GENERATOR_2))
-		{
-		l=BN_mod_word(dh->p,24);
-		if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR;
-		}
-#if 0
-	else if (BN_is_word(dh->g,DH_GENERATOR_3))
-		{
-		l=BN_mod_word(dh->p,12);
-		if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR;
-		}
-#endif
-	else if (BN_is_word(dh->g,DH_GENERATOR_5))
-		{
-		l=BN_mod_word(dh->p,10);
-		if ((l != 3) && (l != 7))
-			*ret|=DH_NOT_SUITABLE_GENERATOR;
-		}
-	else
-		*ret|=DH_UNABLE_TO_CHECK_GENERATOR;
+    if (BN_is_word(dh->g, DH_GENERATOR_2)) {
+        l = BN_mod_word(dh->p, 24);
+        if (l != 11)
+            *ret |= DH_NOT_SUITABLE_GENERATOR;
+    }
+# if 0
+    else if (BN_is_word(dh->g, DH_GENERATOR_3)) {
+        l = BN_mod_word(dh->p, 12);
+        if (l != 5)
+            *ret |= DH_NOT_SUITABLE_GENERATOR;
+    }
+# endif
+    else if (BN_is_word(dh->g, DH_GENERATOR_5)) {
+        l = BN_mod_word(dh->p, 10);
+        if ((l != 3) && (l != 7))
+            *ret |= DH_NOT_SUITABLE_GENERATOR;
+    } else
+        *ret |= DH_UNABLE_TO_CHECK_GENERATOR;
 
-	if (!BN_is_prime_ex(dh->p,BN_prime_checks,ctx,NULL))
-		*ret|=DH_CHECK_P_NOT_PRIME;
-	else
-		{
-		if (!BN_rshift1(q,dh->p)) goto err;
-		if (!BN_is_prime_ex(q,BN_prime_checks,ctx,NULL))
-			*ret|=DH_CHECK_P_NOT_SAFE_PRIME;
-		}
-	ok=1;
-err:
-	if (ctx != NULL) BN_CTX_free(ctx);
-	if (q != NULL) BN_free(q);
-	return(ok);
-	}
+    if (!BN_is_prime_ex(dh->p, BN_prime_checks, ctx, NULL))
+        *ret |= DH_CHECK_P_NOT_PRIME;
+    else {
+        if (!BN_rshift1(q, dh->p))
+            goto err;
+        if (!BN_is_prime_ex(q, BN_prime_checks, ctx, NULL))
+            *ret |= DH_CHECK_P_NOT_SAFE_PRIME;
+    }
+    ok = 1;
+ err:
+    if (ctx != NULL)
+        BN_CTX_free(ctx);
+    if (q != NULL)
+        BN_free(q);
+    return (ok);
+}
 
 int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
-	{
-	int ok=0;
-	BIGNUM *q=NULL;
+{
+    int ok = 0;
+    BIGNUM *q = NULL;
 
-	*ret=0;
-	q=BN_new();
-	if (q == NULL) goto err;
-	BN_set_word(q,1);
-	if (BN_cmp(pub_key,q) <= 0)
-		*ret|=DH_CHECK_PUBKEY_TOO_SMALL;
-	BN_copy(q,dh->p);
-	BN_sub_word(q,1);
-	if (BN_cmp(pub_key,q) >= 0)
-		*ret|=DH_CHECK_PUBKEY_TOO_LARGE;
+    *ret = 0;
+    q = BN_new();
+    if (q == NULL)
+        goto err;
+    BN_set_word(q, 1);
+    if (BN_cmp(pub_key, q) <= 0)
+        *ret |= DH_CHECK_PUBKEY_TOO_SMALL;
+    BN_copy(q, dh->p);
+    BN_sub_word(q, 1);
+    if (BN_cmp(pub_key, q) >= 0)
+        *ret |= DH_CHECK_PUBKEY_TOO_LARGE;
 
-	ok = 1;
-err:
-	if (q != NULL) BN_free(q);
-	return(ok);
-	}
+    ok = 1;
+ err:
+    if (q != NULL)
+        BN_free(q);
+    return (ok);
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_depr.c b/Cryptlib/OpenSSL/crypto/dh/dh_depr.c
index acc05f25..b6221199 100644
--- a/Cryptlib/OpenSSL/crypto/dh/dh_depr.c
+++ b/Cryptlib/OpenSSL/crypto/dh/dh_depr.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,6 @@
  *
  */
 
-
 /* This file contains deprecated functions as wrappers to the new ones */
 
 #include <stdio.h>
@@ -61,23 +60,23 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 
-static void *dummy=&dummy;
+static void *dummy = &dummy;
 
 #ifndef OPENSSL_NO_DEPRECATED
 DH *DH_generate_parameters(int prime_len, int generator,
-	     void (*callback)(int,int,void *), void *cb_arg)
-	{
-	BN_GENCB cb;
-	DH *ret=NULL;
+                           void (*callback) (int, int, void *), void *cb_arg)
+{
+    BN_GENCB cb;
+    DH *ret = NULL;
 
-	if((ret=DH_new()) == NULL)
-		return NULL;
+    if ((ret = DH_new()) == NULL)
+        return NULL;
 
-	BN_GENCB_set_old(&cb, callback, cb_arg);
+    BN_GENCB_set_old(&cb, callback, cb_arg);
 
-	if(DH_generate_parameters_ex(ret, prime_len, generator, &cb))
-		return ret;
-	DH_free(ret);
-	return NULL;
-	}
+    if (DH_generate_parameters_ex(ret, prime_len, generator, &cb))
+        return ret;
+    DH_free(ret);
+    return NULL;
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_err.c b/Cryptlib/OpenSSL/crypto/dh/dh_err.c
index 13263c81..7e8ce829 100644
--- a/Cryptlib/OpenSSL/crypto/dh/dh_err.c
+++ b/Cryptlib/OpenSSL/crypto/dh/dh_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,44 +66,41 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DH,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DH,0,reason)
 
-static ERR_STRING_DATA DH_str_functs[]=
-	{
-{ERR_FUNC(DH_F_COMPUTE_KEY),	"COMPUTE_KEY"},
-{ERR_FUNC(DH_F_DHPARAMS_PRINT),	"DHparams_print"},
-{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP),	"DHparams_print_fp"},
-{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS),	"DH_BUILTIN_GENPARAMS"},
-{ERR_FUNC(DH_F_DH_COMPUTE_KEY),	"DH_compute_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_KEY),	"DH_generate_key"},
-{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS),	"DH_generate_parameters"},
-{ERR_FUNC(DH_F_DH_NEW_METHOD),	"DH_new_method"},
-{ERR_FUNC(DH_F_GENERATE_KEY),	"GENERATE_KEY"},
-{ERR_FUNC(DH_F_GENERATE_PARAMETERS),	"GENERATE_PARAMETERS"},
-{0,NULL}
-	};
+static ERR_STRING_DATA DH_str_functs[] = {
+    {ERR_FUNC(DH_F_COMPUTE_KEY), "COMPUTE_KEY"},
+    {ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
+    {ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
+    {ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
+    {ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
+    {ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
+    {ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
+    {ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
+    {ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"},
+    {ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA DH_str_reasons[]=
-	{
-{ERR_REASON(DH_R_BAD_GENERATOR)          ,"bad generator"},
-{ERR_REASON(DH_R_INVALID_PUBKEY)         ,"invalid public key"},
-{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL)     ,"key size too small"},
-{ERR_REASON(DH_R_MODULUS_TOO_LARGE)      ,"modulus too large"},
-{ERR_REASON(DH_R_NO_PRIVATE_VALUE)       ,"no private value"},
-{0,NULL}
-	};
+static ERR_STRING_DATA DH_str_reasons[] = {
+    {ERR_REASON(DH_R_BAD_GENERATOR), "bad generator"},
+    {ERR_REASON(DH_R_INVALID_PUBKEY), "invalid public key"},
+    {ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL), "key size too small"},
+    {ERR_REASON(DH_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_REASON(DH_R_NO_PRIVATE_VALUE), "no private value"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_DH_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(DH_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,DH_str_functs);
-		ERR_load_strings(0,DH_str_reasons);
-		}
+    if (ERR_func_error_string(DH_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, DH_str_functs);
+        ERR_load_strings(0, DH_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c
index 999e1deb..560d4bbe 100644
--- a/Cryptlib/OpenSSL/crypto/dh/dh_gen.c
+++ b/Cryptlib/OpenSSL/crypto/dh/dh_gen.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,16 +49,16 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-/* NB: These functions have been upgraded - the previous prototypes are in
- * dh_depr.c as wrappers to these ones.
- *  - Geoff
+/*
+ * NB: These functions have been upgraded - the previous prototypes are in
+ * dh_depr.c as wrappers to these ones.  - Geoff
  */
 
 #include <stdio.h>
@@ -68,16 +68,19 @@
 
 #ifndef OPENSSL_FIPS
 
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+                                BN_GENCB *cb);
 
-int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
-	{
-	if(ret->meth->generate_params)
-		return ret->meth->generate_params(ret, prime_len, generator, cb);
-	return dh_builtin_genparams(ret, prime_len, generator, cb);
-	}
+int DH_generate_parameters_ex(DH *ret, int prime_len, int generator,
+                              BN_GENCB *cb)
+{
+    if (ret->meth->generate_params)
+        return ret->meth->generate_params(ret, prime_len, generator, cb);
+    return dh_builtin_genparams(ret, prime_len, generator, cb);
+}
 
-/* We generate DH parameters as follows
+/*-
+ * We generate DH parameters as follows
  * find a prime q which is prime_len/2 bits long.
  * p=(2*q)+1 or (p-1)/2 = q
  * For this case, g is a generator if
@@ -98,82 +101,93 @@ int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *c
  * Since DH should be using a safe prime (both p and q are prime),
  * this generator function can take a very very long time to run.
  */
-/* Actually there is no reason to insist that 'generator' be a generator.
+/*
+ * Actually there is no reason to insist that 'generator' be a generator.
  * It's just as OK (and in some sense better) to use a generator of the
  * order-q subgroup.
  */
-static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb)
-	{
-	BIGNUM *t1,*t2;
-	int g,ok= -1;
-	BN_CTX *ctx=NULL;
+static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+                                BN_GENCB *cb)
+{
+    BIGNUM *t1, *t2;
+    int g, ok = -1;
+    BN_CTX *ctx = NULL;
 
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-	BN_CTX_start(ctx);
-	t1 = BN_CTX_get(ctx);
-	t2 = BN_CTX_get(ctx);
-	if (t1 == NULL || t2 == NULL) goto err;
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t1 == NULL || t2 == NULL)
+        goto err;
 
-	/* Make sure 'ret' has the necessary elements */
-	if(!ret->p && ((ret->p = BN_new()) == NULL)) goto err;
-	if(!ret->g && ((ret->g = BN_new()) == NULL)) goto err;
-	
-	if (generator <= 1)
-		{
-		DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
-		goto err;
-		}
-	if (generator == DH_GENERATOR_2)
-		{
-		if (!BN_set_word(t1,24)) goto err;
-		if (!BN_set_word(t2,11)) goto err;
-		g=2;
-		}
-#if 0 /* does not work for safe primes */
-	else if (generator == DH_GENERATOR_3)
-		{
-		if (!BN_set_word(t1,12)) goto err;
-		if (!BN_set_word(t2,5)) goto err;
-		g=3;
-		}
-#endif
-	else if (generator == DH_GENERATOR_5)
-		{
-		if (!BN_set_word(t1,10)) goto err;
-		if (!BN_set_word(t2,3)) goto err;
-		/* BN_set_word(t3,7); just have to miss
-		 * out on these ones :-( */
-		g=5;
-		}
-	else
-		{
-		/* in the general case, don't worry if 'generator' is a
-		 * generator or not: since we are using safe primes,
-		 * it will generate either an order-q or an order-2q group,
-		 * which both is OK */
-		if (!BN_set_word(t1,2)) goto err;
-		if (!BN_set_word(t2,1)) goto err;
-		g=generator;
-		}
-	
-	if(!BN_generate_prime_ex(ret->p,prime_len,1,t1,t2,cb)) goto err;
-	if(!BN_GENCB_call(cb, 3, 0)) goto err;
-	if (!BN_set_word(ret->g,g)) goto err;
-	ok=1;
-err:
-	if (ok == -1)
-		{
-		DHerr(DH_F_DH_BUILTIN_GENPARAMS,ERR_R_BN_LIB);
-		ok=0;
-		}
+    /* Make sure 'ret' has the necessary elements */
+    if (!ret->p && ((ret->p = BN_new()) == NULL))
+        goto err;
+    if (!ret->g && ((ret->g = BN_new()) == NULL))
+        goto err;
+
+    if (generator <= 1) {
+        DHerr(DH_F_DH_BUILTIN_GENPARAMS, DH_R_BAD_GENERATOR);
+        goto err;
+    }
+    if (generator == DH_GENERATOR_2) {
+        if (!BN_set_word(t1, 24))
+            goto err;
+        if (!BN_set_word(t2, 11))
+            goto err;
+        g = 2;
+    }
+# if 0                          /* does not work for safe primes */
+    else if (generator == DH_GENERATOR_3) {
+        if (!BN_set_word(t1, 12))
+            goto err;
+        if (!BN_set_word(t2, 5))
+            goto err;
+        g = 3;
+    }
+# endif
+    else if (generator == DH_GENERATOR_5) {
+        if (!BN_set_word(t1, 10))
+            goto err;
+        if (!BN_set_word(t2, 3))
+            goto err;
+        /*
+         * BN_set_word(t3,7); just have to miss out on these ones :-(
+         */
+        g = 5;
+    } else {
+        /*
+         * in the general case, don't worry if 'generator' is a generator or
+         * not: since we are using safe primes, it will generate either an
+         * order-q or an order-2q group, which both is OK
+         */
+        if (!BN_set_word(t1, 2))
+            goto err;
+        if (!BN_set_word(t2, 1))
+            goto err;
+        g = generator;
+    }
+
+    if (!BN_generate_prime_ex(ret->p, prime_len, 1, t1, t2, cb))
+        goto err;
+    if (!BN_GENCB_call(cb, 3, 0))
+        goto err;
+    if (!BN_set_word(ret->g, g))
+        goto err;
+    ok = 1;
+ err:
+    if (ok == -1) {
+        DHerr(DH_F_DH_BUILTIN_GENPARAMS, ERR_R_BN_LIB);
+        ok = 0;
+    }
 
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	return ok;
-	}
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    return ok;
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_key.c b/Cryptlib/OpenSSL/crypto/dh/dh_key.c
index 79dd3318..4de8e277 100644
--- a/Cryptlib/OpenSSL/crypto/dh/dh_key.c
+++ b/Cryptlib/OpenSSL/crypto/dh/dh_key.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -67,201 +67,192 @@
 static int generate_key(DH *dh);
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
 static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
-			const BIGNUM *a, const BIGNUM *p,
-			const BIGNUM *m, BN_CTX *ctx,
-			BN_MONT_CTX *m_ctx);
+                         const BIGNUM *a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 static int dh_init(DH *dh);
 static int dh_finish(DH *dh);
 
 int DH_generate_key(DH *dh)
-	{
-	return dh->meth->generate_key(dh);
-	}
+{
+    return dh->meth->generate_key(dh);
+}
 
 int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
-	{
-	return dh->meth->compute_key(key, pub_key, dh);
-	}
+{
+    return dh->meth->compute_key(key, pub_key, dh);
+}
 
 static DH_METHOD dh_ossl = {
-"OpenSSL DH Method",
-generate_key,
-compute_key,
-dh_bn_mod_exp,
-dh_init,
-dh_finish,
-0,
-NULL,
-NULL
+    "OpenSSL DH Method",
+    generate_key,
+    compute_key,
+    dh_bn_mod_exp,
+    dh_init,
+    dh_finish,
+    0,
+    NULL,
+    NULL
 };
 
 const DH_METHOD *DH_OpenSSL(void)
 {
-	return &dh_ossl;
+    return &dh_ossl;
 }
 
 static int generate_key(DH *dh)
-	{
-	int ok=0;
-	int generate_new_key=0;
-	unsigned l;
-	BN_CTX *ctx;
-	BN_MONT_CTX *mont=NULL;
-	BIGNUM *pub_key=NULL,*priv_key=NULL;
+{
+    int ok = 0;
+    int generate_new_key = 0;
+    unsigned l;
+    BN_CTX *ctx;
+    BN_MONT_CTX *mont = NULL;
+    BIGNUM *pub_key = NULL, *priv_key = NULL;
 
-	ctx = BN_CTX_new();
-	if (ctx == NULL) goto err;
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
 
-	if (dh->priv_key == NULL)
-		{
-		priv_key=BN_new();
-		if (priv_key == NULL) goto err;
-		generate_new_key=1;
-		}
-	else
-		priv_key=dh->priv_key;
+    if (dh->priv_key == NULL) {
+        priv_key = BN_new();
+        if (priv_key == NULL)
+            goto err;
+        generate_new_key = 1;
+    } else
+        priv_key = dh->priv_key;
 
-	if (dh->pub_key == NULL)
-		{
-		pub_key=BN_new();
-		if (pub_key == NULL) goto err;
-		}
-	else
-		pub_key=dh->pub_key;
+    if (dh->pub_key == NULL) {
+        pub_key = BN_new();
+        if (pub_key == NULL)
+            goto err;
+    } else
+        pub_key = dh->pub_key;
 
+    if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+        mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+                                      CRYPTO_LOCK_DH, dh->p, ctx);
+        if (!mont)
+            goto err;
+    }
 
-	if (dh->flags & DH_FLAG_CACHE_MONT_P)
-		{
-		mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
-				CRYPTO_LOCK_DH, dh->p, ctx);
-		if (!mont)
-			goto err;
-		}
+    if (generate_new_key) {
+        l = dh->length ? dh->length : BN_num_bits(dh->p) - 1; /* secret
+                                                               * exponent
+                                                               * length */
+        if (!BN_rand(priv_key, l, 0, 0))
+            goto err;
+    }
 
-	if (generate_new_key)
-		{
-		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
-		if (!BN_rand(priv_key, l, 0, 0)) goto err;
-		}
+    {
+        BIGNUM local_prk;
+        BIGNUM *prk;
 
-	{
-		BIGNUM local_prk;
-		BIGNUM *prk;
+        if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
+            BN_init(&local_prk);
+            prk = &local_prk;
+            BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+        } else
+            prk = priv_key;
 
-		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
-			{
-			BN_init(&local_prk);
-			prk = &local_prk;
-			BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
-			}
-		else
-			prk = priv_key;
+        if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont))
+            goto err;
+    }
 
-		if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
-	}
-		
-	dh->pub_key=pub_key;
-	dh->priv_key=priv_key;
-	ok=1;
-err:
-	if (ok != 1)
-		DHerr(DH_F_GENERATE_KEY,ERR_R_BN_LIB);
+    dh->pub_key = pub_key;
+    dh->priv_key = priv_key;
+    ok = 1;
+ err:
+    if (ok != 1)
+        DHerr(DH_F_GENERATE_KEY, ERR_R_BN_LIB);
 
-	if ((pub_key != NULL)  && (dh->pub_key == NULL))  BN_free(pub_key);
-	if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key);
-	BN_CTX_free(ctx);
-	return(ok);
-	}
+    if ((pub_key != NULL) && (dh->pub_key == NULL))
+        BN_free(pub_key);
+    if ((priv_key != NULL) && (dh->priv_key == NULL))
+        BN_free(priv_key);
+    BN_CTX_free(ctx);
+    return (ok);
+}
 
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
-	{
-	BN_CTX *ctx=NULL;
-	BN_MONT_CTX *mont=NULL;
-	BIGNUM *tmp;
-	int ret= -1;
-        int check_result;
+{
+    BN_CTX *ctx = NULL;
+    BN_MONT_CTX *mont = NULL;
+    BIGNUM *tmp;
+    int ret = -1;
+    int check_result;
 
-	if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
-		{
-		DHerr(DH_F_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
-		goto err;
-		}
+    if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+        DHerr(DH_F_COMPUTE_KEY, DH_R_MODULUS_TOO_LARGE);
+        goto err;
+    }
 
-	ctx = BN_CTX_new();
-	if (ctx == NULL) goto err;
-	BN_CTX_start(ctx);
-	tmp = BN_CTX_get(ctx);
-	
-	if (dh->priv_key == NULL)
-		{
-		DHerr(DH_F_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
-		goto err;
-		}
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
 
-	if (dh->flags & DH_FLAG_CACHE_MONT_P)
-		{
-		mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
-				CRYPTO_LOCK_DH, dh->p, ctx);
-		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
-			{
-			/* XXX */
-			BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
-			}
-		if (!mont)
-			goto err;
-		}
+    if (dh->priv_key == NULL) {
+        DHerr(DH_F_COMPUTE_KEY, DH_R_NO_PRIVATE_VALUE);
+        goto err;
+    }
 
-        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
-		{
-		DHerr(DH_F_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
-		goto err;
-		}
+    if (dh->flags & DH_FLAG_CACHE_MONT_P) {
+        mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
+                                      CRYPTO_LOCK_DH, dh->p, ctx);
+        if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
+            /* XXX */
+            BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
+        }
+        if (!mont)
+            goto err;
+    }
 
-	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
-		{
-		DHerr(DH_F_COMPUTE_KEY,ERR_R_BN_LIB);
-		goto err;
-		}
+    if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result) {
+        DHerr(DH_F_COMPUTE_KEY, DH_R_INVALID_PUBKEY);
+        goto err;
+    }
 
-	ret=BN_bn2bin(tmp,key);
-err:
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	return(ret);
-	}
+    if (!dh->
+        meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key, dh->p, ctx, mont)) {
+        DHerr(DH_F_COMPUTE_KEY, ERR_R_BN_LIB);
+        goto err;
+    }
 
-static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
-			const BIGNUM *a, const BIGNUM *p,
-			const BIGNUM *m, BN_CTX *ctx,
-			BN_MONT_CTX *m_ctx)
-	{
-	/* If a is only one word long and constant time is false, use the faster
-	 * exponenentiation function.
-	 */
-	if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
-		{
-		BN_ULONG A = a->d[0];
-		return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);
-		}
-	else
-		return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx);
-	}
+    ret = BN_bn2bin(tmp, key);
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    return (ret);
+}
 
+static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
+                         const BIGNUM *a, const BIGNUM *p,
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+{
+    /*
+     * If a is only one word long and constant time is false, use the faster
+     * exponenentiation function.
+     */
+    if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) {
+        BN_ULONG A = a->d[0];
+        return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx);
+    } else
+        return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+}
 
 static int dh_init(DH *dh)
-	{
-	dh->flags |= DH_FLAG_CACHE_MONT_P;
-	return(1);
-	}
+{
+    dh->flags |= DH_FLAG_CACHE_MONT_P;
+    return (1);
+}
 
 static int dh_finish(DH *dh)
-	{
-	if(dh->method_mont_p)
-		BN_MONT_CTX_free(dh->method_mont_p);
-	return(1);
-	}
+{
+    if (dh->method_mont_p)
+        BN_MONT_CTX_free(dh->method_mont_p);
+    return (1);
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c
index 7aef080e..0b8a5a0a 100644
--- a/Cryptlib/OpenSSL/crypto/dh/dh_lib.c
+++ b/Cryptlib/OpenSSL/crypto/dh/dh_lib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,187 +61,191 @@
 #include <openssl/bn.h>
 #include <openssl/dh.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 
-const char DH_version[]="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
+const char DH_version[] = "Diffie-Hellman" OPENSSL_VERSION_PTEXT;
 
 static const DH_METHOD *default_DH_method = NULL;
 
 void DH_set_default_method(const DH_METHOD *meth)
-	{
-	default_DH_method = meth;
-	}
+{
+    default_DH_method = meth;
+}
 
 const DH_METHOD *DH_get_default_method(void)
-	{
-	if(!default_DH_method)
-		default_DH_method = DH_OpenSSL();
-	return default_DH_method;
-	}
+{
+    if (!default_DH_method)
+        default_DH_method = DH_OpenSSL();
+    return default_DH_method;
+}
 
 int DH_set_method(DH *dh, const DH_METHOD *meth)
-	{
-	/* NB: The caller is specifically setting a method, so it's not up to us
-	 * to deal with which ENGINE it comes from. */
-        const DH_METHOD *mtmp;
-        mtmp = dh->meth;
-        if (mtmp->finish) mtmp->finish(dh);
+{
+    /*
+     * NB: The caller is specifically setting a method, so it's not up to us
+     * to deal with which ENGINE it comes from.
+     */
+    const DH_METHOD *mtmp;
+    mtmp = dh->meth;
+    if (mtmp->finish)
+        mtmp->finish(dh);
 #ifndef OPENSSL_NO_ENGINE
-	if (dh->engine)
-		{
-		ENGINE_finish(dh->engine);
-		dh->engine = NULL;
-		}
+    if (dh->engine) {
+        ENGINE_finish(dh->engine);
+        dh->engine = NULL;
+    }
 #endif
-        dh->meth = meth;
-        if (meth->init) meth->init(dh);
-        return 1;
-	}
+    dh->meth = meth;
+    if (meth->init)
+        meth->init(dh);
+    return 1;
+}
 
 DH *DH_new(void)
-	{
-	return DH_new_method(NULL);
-	}
+{
+    return DH_new_method(NULL);
+}
 
 DH *DH_new_method(ENGINE *engine)
-	{
-	DH *ret;
+{
+    DH *ret;
 
-	ret=(DH *)OPENSSL_malloc(sizeof(DH));
-	if (ret == NULL)
-		{
-		DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
+    ret = (DH *)OPENSSL_malloc(sizeof(DH));
+    if (ret == NULL) {
+        DHerr(DH_F_DH_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
 
-	ret->meth = DH_get_default_method();
+    ret->meth = DH_get_default_method();
 #ifndef OPENSSL_NO_ENGINE
-	if (engine)
-		{
-		if (!ENGINE_init(engine))
-			{
-			DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		ret->engine = engine;
-		}
-	else
-		ret->engine = ENGINE_get_default_DH();
-	if(ret->engine)
-		{
-		ret->meth = ENGINE_get_DH(ret->engine);
-		if(!ret->meth)
-			{
-			DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB);
-			ENGINE_finish(ret->engine);
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		}
+    if (engine) {
+        if (!ENGINE_init(engine)) {
+            DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+            OPENSSL_free(ret);
+            return NULL;
+        }
+        ret->engine = engine;
+    } else
+        ret->engine = ENGINE_get_default_DH();
+    if (ret->engine) {
+        ret->meth = ENGINE_get_DH(ret->engine);
+        if (!ret->meth) {
+            DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB);
+            ENGINE_finish(ret->engine);
+            OPENSSL_free(ret);
+            return NULL;
+        }
+    }
 #endif
 
-	ret->pad=0;
-	ret->version=0;
-	ret->p=NULL;
-	ret->g=NULL;
-	ret->length=0;
-	ret->pub_key=NULL;
-	ret->priv_key=NULL;
-	ret->q=NULL;
-	ret->j=NULL;
-	ret->seed = NULL;
-	ret->seedlen = 0;
-	ret->counter = NULL;
-	ret->method_mont_p=NULL;
-	ret->references = 1;
-	ret->flags=ret->meth->flags;
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-		{
+    ret->pad = 0;
+    ret->version = 0;
+    ret->p = NULL;
+    ret->g = NULL;
+    ret->length = 0;
+    ret->pub_key = NULL;
+    ret->priv_key = NULL;
+    ret->q = NULL;
+    ret->j = NULL;
+    ret->seed = NULL;
+    ret->seedlen = 0;
+    ret->counter = NULL;
+    ret->method_mont_p = NULL;
+    ret->references = 1;
+    ret->flags = ret->meth->flags;
+    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
 #ifndef OPENSSL_NO_ENGINE
-		if (ret->engine)
-			ENGINE_finish(ret->engine);
+        if (ret->engine)
+            ENGINE_finish(ret->engine);
 #endif
-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
-		OPENSSL_free(ret);
-		ret=NULL;
-		}
-	return(ret);
-	}
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+        OPENSSL_free(ret);
+        ret = NULL;
+    }
+    return (ret);
+}
 
 void DH_free(DH *r)
-	{
-	int i;
-	if(r == NULL) return;
-	i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
+{
+    int i;
+    if (r == NULL)
+        return;
+    i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH);
 #ifdef REF_PRINT
-	REF_PRINT("DH",r);
+    REF_PRINT("DH", r);
 #endif
-	if (i > 0) return;
+    if (i > 0)
+        return;
 #ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"DH_free, bad reference count\n");
-		abort();
-	}
+    if (i < 0) {
+        fprintf(stderr, "DH_free, bad reference count\n");
+        abort();
+    }
 #endif
 
-	if (r->meth->finish)
-		r->meth->finish(r);
+    if (r->meth->finish)
+        r->meth->finish(r);
 #ifndef OPENSSL_NO_ENGINE
-	if (r->engine)
-		ENGINE_finish(r->engine);
+    if (r->engine)
+        ENGINE_finish(r->engine);
 #endif
 
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
-
-	if (r->p != NULL) BN_clear_free(r->p);
-	if (r->g != NULL) BN_clear_free(r->g);
-	if (r->q != NULL) BN_clear_free(r->q);
-	if (r->j != NULL) BN_clear_free(r->j);
-	if (r->seed) OPENSSL_free(r->seed);
-	if (r->counter != NULL) BN_clear_free(r->counter);
-	if (r->pub_key != NULL) BN_clear_free(r->pub_key);
-	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
-	OPENSSL_free(r);
-	}
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
+
+    if (r->p != NULL)
+        BN_clear_free(r->p);
+    if (r->g != NULL)
+        BN_clear_free(r->g);
+    if (r->q != NULL)
+        BN_clear_free(r->q);
+    if (r->j != NULL)
+        BN_clear_free(r->j);
+    if (r->seed)
+        OPENSSL_free(r->seed);
+    if (r->counter != NULL)
+        BN_clear_free(r->counter);
+    if (r->pub_key != NULL)
+        BN_clear_free(r->pub_key);
+    if (r->priv_key != NULL)
+        BN_clear_free(r->priv_key);
+    OPENSSL_free(r);
+}
 
 int DH_up_ref(DH *r)
-	{
-	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
+{
+    int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH);
 #ifdef REF_PRINT
-	REF_PRINT("DH",r);
+    REF_PRINT("DH", r);
 #endif
 #ifdef REF_CHECK
-	if (i < 2)
-		{
-		fprintf(stderr, "DH_up, bad reference count\n");
-		abort();
-		}
+    if (i < 2) {
+        fprintf(stderr, "DH_up, bad reference count\n");
+        abort();
+    }
 #endif
-	return ((i > 1) ? 1 : 0);
-	}
+    return ((i > 1) ? 1 : 0);
+}
 
 int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
-				new_func, dup_func, free_func);
-        }
+                        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp,
+                                   new_func, dup_func, free_func);
+}
 
 int DH_set_ex_data(DH *d, int idx, void *arg)
-	{
-	return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
-	}
+{
+    return (CRYPTO_set_ex_data(&d->ex_data, idx, arg));
+}
 
 void *DH_get_ex_data(DH *d, int idx)
-	{
-	return(CRYPTO_get_ex_data(&d->ex_data,idx));
-	}
+{
+    return (CRYPTO_get_ex_data(&d->ex_data, idx));
+}
 
 int DH_size(const DH *dh)
-	{
-	return(BN_num_bytes(dh->p));
-	}
+{
+    return (BN_num_bytes(dh->p));
+}
diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c
index bc7d7a02..88f92444 100644
--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c
+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_asn1.c
@@ -1,6 +1,7 @@
 /* dsa_asn1.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,29 +65,29 @@
 #include <openssl/bn.h>
 #include <openssl/rand.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
-
 /* Override the default new methods */
 static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	if(operation == ASN1_OP_NEW_PRE) {
-		DSA_SIG *sig;
-		sig = OPENSSL_malloc(sizeof(DSA_SIG));
-		sig->r = NULL;
-		sig->s = NULL;
-		*pval = (ASN1_VALUE *)sig;
-		if(sig) return 2;
-		DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	return 1;
+    if (operation == ASN1_OP_NEW_PRE) {
+        DSA_SIG *sig;
+        sig = OPENSSL_malloc(sizeof(DSA_SIG));
+        sig->r = NULL;
+        sig->s = NULL;
+        *pval = (ASN1_VALUE *)sig;
+        if (sig)
+            return 2;
+        DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
 }
 
 ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
-	ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
-	ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
+        ASN1_SIMPLE(DSA_SIG, r, CBIGNUM),
+        ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
 } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG)
@@ -94,127 +95,137 @@ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG)
 /* Override the default free and new methods */
 static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	if(operation == ASN1_OP_NEW_PRE) {
-		*pval = (ASN1_VALUE *)DSA_new();
-		if(*pval) return 2;
-		return 0;
-	} else if(operation == ASN1_OP_FREE_PRE) {
-		DSA_free((DSA *)*pval);
-		*pval = NULL;
-		return 2;
-	}
-	return 1;
+    if (operation == ASN1_OP_NEW_PRE) {
+        *pval = (ASN1_VALUE *)DSA_new();
+        if (*pval)
+            return 2;
+        return 0;
+    } else if (operation == ASN1_OP_FREE_PRE) {
+        DSA_free((DSA *)*pval);
+        *pval = NULL;
+        return 2;
+    }
+    return 1;
 }
 
 ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
-	ASN1_SIMPLE(DSA, version, LONG),
-	ASN1_SIMPLE(DSA, p, BIGNUM),
-	ASN1_SIMPLE(DSA, q, BIGNUM),
-	ASN1_SIMPLE(DSA, g, BIGNUM),
-	ASN1_SIMPLE(DSA, pub_key, BIGNUM),
-	ASN1_SIMPLE(DSA, priv_key, BIGNUM)
+        ASN1_SIMPLE(DSA, version, LONG),
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM),
+        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+        ASN1_SIMPLE(DSA, priv_key, BIGNUM)
 } ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey)
 
 ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
-	ASN1_SIMPLE(DSA, p, BIGNUM),
-	ASN1_SIMPLE(DSA, q, BIGNUM),
-	ASN1_SIMPLE(DSA, g, BIGNUM),
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM),
 } ASN1_SEQUENCE_END_cb(DSA, DSAparams)
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams)
 
-/* DSA public key is a bit trickier... its effectively a CHOICE type
- * decided by a field called write_params which can either write out
- * just the public key as an INTEGER or the parameters and public key
- * in a SEQUENCE
+/*
+ * DSA public key is a bit trickier... its effectively a CHOICE type decided
+ * by a field called write_params which can either write out just the public
+ * key as an INTEGER or the parameters and public key in a SEQUENCE
  */
 
 ASN1_SEQUENCE(dsa_pub_internal) = {
-	ASN1_SIMPLE(DSA, pub_key, BIGNUM),
-	ASN1_SIMPLE(DSA, p, BIGNUM),
-	ASN1_SIMPLE(DSA, q, BIGNUM),
-	ASN1_SIMPLE(DSA, g, BIGNUM)
+        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+        ASN1_SIMPLE(DSA, p, BIGNUM),
+        ASN1_SIMPLE(DSA, q, BIGNUM),
+        ASN1_SIMPLE(DSA, g, BIGNUM)
 } ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal)
 
 ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
-	ASN1_SIMPLE(DSA, pub_key, BIGNUM),
-	ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
+        ASN1_SIMPLE(DSA, pub_key, BIGNUM),
+        ASN1_EX_COMBINE(0, 0, dsa_pub_internal)
 } ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
 
-int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
-	     unsigned int *siglen, DSA *dsa)
-	{
-	DSA_SIG *s;
+int DSA_sign(int type, const unsigned char *dgst, int dlen,
+             unsigned char *sig, unsigned int *siglen, DSA *dsa)
+{
+    DSA_SIG *s;
 #ifdef OPENSSL_FIPS
-	if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-		{
-		DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-		return 0;
-		}
+    if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
+        DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+        return 0;
+    }
 #endif
-	RAND_seed(dgst, dlen);
-	s=DSA_do_sign(dgst,dlen,dsa);
-	if (s == NULL)
-		{
-		*siglen=0;
-		return(0);
-		}
-	*siglen=i2d_DSA_SIG(s,&sig);
-	DSA_SIG_free(s);
-	return(1);
-	}
+    RAND_seed(dgst, dlen);
+    s = DSA_do_sign(dgst, dlen, dsa);
+    if (s == NULL) {
+        *siglen = 0;
+        return (0);
+    }
+    *siglen = i2d_DSA_SIG(s, &sig);
+    DSA_SIG_free(s);
+    return (1);
+}
 
 int DSA_size(const DSA *r)
-	{
-	int ret,i;
-	ASN1_INTEGER bs;
-	unsigned char buf[4];	/* 4 bytes looks really small.
-				   However, i2d_ASN1_INTEGER() will not look
-				   beyond the first byte, as long as the second
-				   parameter is NULL. */
-
-	i=BN_num_bits(r->q);
-	bs.length=(i+7)/8;
-	bs.data=buf;
-	bs.type=V_ASN1_INTEGER;
-	/* If the top bit is set the asn1 encoding is 1 larger. */
-	buf[0]=0xff;	
-
-	i=i2d_ASN1_INTEGER(&bs,NULL);
-	i+=i; /* r and s */
-	ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-	return(ret);
-	}
-
-/* data has already been hashed (probably with SHA or SHA-1). */
-/* returns
- *      1: correct signature
- *      0: incorrect signature
- *     -1: error
+{
+    int ret, i;
+    ASN1_INTEGER bs;
+    unsigned char buf[4];       /* 4 bytes looks really small. However,
+                                 * i2d_ASN1_INTEGER() will not look beyond
+                                 * the first byte, as long as the second
+                                 * parameter is NULL. */
+
+    i = BN_num_bits(r->q);
+    bs.length = (i + 7) / 8;
+    bs.data = buf;
+    bs.type = V_ASN1_INTEGER;
+    /* If the top bit is set the asn1 encoding is 1 larger. */
+    buf[0] = 0xff;
+
+    i = i2d_ASN1_INTEGER(&bs, NULL);
+    i += i;                     /* r and s */
+    ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+    return (ret);
+}
+
+/*-
+ * data has already been hashed (probably with SHA or SHA-1). */
+/*
+ * returns 1: correct signature 0: incorrect signature -1: error
  */
 int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
-	     const unsigned char *sigbuf, int siglen, DSA *dsa)
-	{
-	DSA_SIG *s;
-	int ret=-1;
+               const unsigned char *sigbuf, int siglen, DSA *dsa)
+{
+    DSA_SIG *s;
+    const unsigned char *p = sigbuf;
+    unsigned char *der = NULL;
+    int derlen = -1;
+    int ret = -1;
+
 #ifdef OPENSSL_FIPS
-	if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-		{
-		DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-		return 0;
-		}
+    if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
+        DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+        return 0;
+    }
 #endif
 
-	s = DSA_SIG_new();
-	if (s == NULL) return(ret);
-	if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
-	ret=DSA_do_verify(dgst,dgst_len,s,dsa);
-err:
-	DSA_SIG_free(s);
-	return(ret);
-	}
-
+    s = DSA_SIG_new();
+    if (s == NULL)
+        return (ret);
+    if (d2i_DSA_SIG(&s, &p, siglen) == NULL)
+        goto err;
+    /* Ensure signature uses DER and doesn't have trailing garbage */
+    derlen = i2d_DSA_SIG(s, &der);
+    if (derlen != siglen || memcmp(sigbuf, der, derlen))
+        goto err;
+    ret = DSA_do_verify(dgst, dgst_len, s, dsa);
+ err:
+    if (derlen > 0) {
+        OPENSSL_cleanse(der, derlen);
+        OPENSSL_free(der);
+    }
+    DSA_SIG_free(s);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c
index f2da680e..54f88bc4 100644
--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c
+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_depr.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,54 +53,61 @@
  *
  */
 
-/* This file contains deprecated function(s) that are now wrappers to the new
- * version(s). */
+/*
+ * This file contains deprecated function(s) that are now wrappers to the new
+ * version(s).
+ */
 
 #undef GENUINE_DSA
 
 #ifdef GENUINE_DSA
-/* Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
-#define HASH    EVP_sha()
+/*
+ * Parameter generation follows the original release of FIPS PUB 186,
+ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
+ */
+# define HASH    EVP_sha()
 #else
-/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
- * FIPS PUB 180-1) */
-#define HASH    EVP_sha1()
-#endif 
+/*
+ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
+ * 180-1)
+ */
+# define HASH    EVP_sha1()
+#endif
 
-static void *dummy=&dummy;
+static void *dummy = &dummy;
 
 #ifndef OPENSSL_NO_SHA
 
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
+# include <stdio.h>
+# include <time.h>
+# include "cryptlib.h"
+# include <openssl/evp.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/rand.h>
+# include <openssl/sha.h>
 
-#ifndef OPENSSL_NO_DEPRECATED
+# ifndef OPENSSL_NO_DEPRECATED
 DSA *DSA_generate_parameters(int bits,
-		unsigned char *seed_in, int seed_len,
-		int *counter_ret, unsigned long *h_ret,
-		void (*callback)(int, int, void *),
-		void *cb_arg)
-	{
-	BN_GENCB cb;
-	DSA *ret;
+                             unsigned char *seed_in, int seed_len,
+                             int *counter_ret, unsigned long *h_ret,
+                             void (*callback) (int, int, void *),
+                             void *cb_arg)
+{
+    BN_GENCB cb;
+    DSA *ret;
 
-	if ((ret=DSA_new()) == NULL) return NULL;
+    if ((ret = DSA_new()) == NULL)
+        return NULL;
 
-	BN_GENCB_set_old(&cb, callback, cb_arg);
+    BN_GENCB_set_old(&cb, callback, cb_arg);
 
-	if(DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
-				counter_ret, h_ret, &cb))
-		return ret;
-	DSA_free(ret);
-	return NULL;
-	}
-#endif
+    if (DSA_generate_parameters_ex(ret, bits, seed_in, seed_len,
+                                   counter_ret, h_ret, &cb))
+        return ret;
+    DSA_free(ret);
+    return NULL;
+}
+# endif
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c
index 872839af..57f06fea 100644
--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c
+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,55 +66,54 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSA,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSA,0,reason)
 
-static ERR_STRING_DATA DSA_str_functs[]=
-	{
-{ERR_FUNC(DSA_F_D2I_DSA_SIG),	"d2i_DSA_SIG"},
-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT),	"DSAparams_print"},
-{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP),	"DSAparams_print_fp"},
-{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN),	"DSA_BUILTIN_KEYGEN"},
-{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN),	"DSA_BUILTIN_PARAMGEN"},
-{ERR_FUNC(DSA_F_DSA_DO_SIGN),	"DSA_do_sign"},
-{ERR_FUNC(DSA_F_DSA_DO_VERIFY),	"DSA_do_verify"},
-{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS),	"DSA_generate_parameters"},
-{ERR_FUNC(DSA_F_DSA_NEW_METHOD),	"DSA_new_method"},
-{ERR_FUNC(DSA_F_DSA_PRINT),	"DSA_print"},
-{ERR_FUNC(DSA_F_DSA_PRINT_FP),	"DSA_print_fp"},
-{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD),	"DSA_set_default_method"},
-{ERR_FUNC(DSA_F_DSA_SET_METHOD),	"DSA_set_method"},
-{ERR_FUNC(DSA_F_DSA_SIGN),	"DSA_sign"},
-{ERR_FUNC(DSA_F_DSA_SIGN_SETUP),	"DSA_sign_setup"},
-{ERR_FUNC(DSA_F_DSA_SIG_NEW),	"DSA_SIG_new"},
-{ERR_FUNC(DSA_F_DSA_VERIFY),	"DSA_verify"},
-{ERR_FUNC(DSA_F_I2D_DSA_SIG),	"i2d_DSA_SIG"},
-{ERR_FUNC(DSA_F_SIG_CB),	"SIG_CB"},
-{0,NULL}
-	};
+static ERR_STRING_DATA DSA_str_functs[] = {
+    {ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
+    {ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
+    {ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
+    {ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"},
+    {ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
+    {ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
+    {ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
+    {ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"},
+    {ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
+    {ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"},
+    {ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
+    {ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"},
+    {ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"},
+    {ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
+    {ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
+    {ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
+    {ERR_FUNC(DSA_F_DSA_VERIFY), "DSA_verify"},
+    {ERR_FUNC(DSA_F_I2D_DSA_SIG), "i2d_DSA_SIG"},
+    {ERR_FUNC(DSA_F_SIG_CB), "SIG_CB"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA DSA_str_reasons[]=
-	{
-{ERR_REASON(DSA_R_BAD_Q_VALUE)           ,"bad q value"},
-{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
-{ERR_REASON(DSA_R_MISSING_PARAMETERS)    ,"missing parameters"},
-{ERR_REASON(DSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
-{ERR_REASON(DSA_R_NON_FIPS_METHOD)       ,"non fips method"},
-{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
-{0,NULL}
-	};
+static ERR_STRING_DATA DSA_str_reasons[] = {
+    {ERR_REASON(DSA_R_BAD_Q_VALUE), "bad q value"},
+    {ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
+     "data too large for key size"},
+    {ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
+    {ERR_REASON(DSA_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_REASON(DSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_REASON(DSA_R_NON_FIPS_METHOD), "non fips method"},
+    {ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),
+     "operation not allowed in fips mode"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_DSA_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(DSA_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,DSA_str_functs);
-		ERR_load_strings(0,DSA_str_reasons);
-		}
+    if (ERR_func_error_string(DSA_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, DSA_str_functs);
+        ERR_load_strings(0, DSA_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c
index 7a9d1881..cb2e0bb2 100644
--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c
+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_gen.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,266 +59,294 @@
 #undef GENUINE_DSA
 
 #ifdef GENUINE_DSA
-/* Parameter generation follows the original release of FIPS PUB 186,
- * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */
-#define HASH    EVP_sha()
+/*
+ * Parameter generation follows the original release of FIPS PUB 186,
+ * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180)
+ */
+# define HASH    EVP_sha()
 #else
-/* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
- * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in
- * FIPS PUB 180-1) */
-#define HASH    EVP_sha1()
-#endif 
+/*
+ * Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186,
+ * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in FIPS PUB
+ * 180-1)
+ */
+# define HASH    EVP_sha1()
+#endif
 
 #include <openssl/opensslconf.h> /* To see if OPENSSL_NO_SHA is defined */
 
 #ifndef OPENSSL_NO_SHA
 
-#include <stdio.h>
-#include <time.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
+# include <stdio.h>
+# include <time.h>
+# include "cryptlib.h"
+# include <openssl/evp.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/rand.h>
+# include <openssl/sha.h>
 
-#ifndef OPENSSL_FIPS
+# ifndef OPENSSL_FIPS
 
 static int dsa_builtin_paramgen(DSA *ret, int bits,
-		unsigned char *seed_in, int seed_len,
-		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
+                                unsigned char *seed_in, int seed_len,
+                                int *counter_ret, unsigned long *h_ret,
+                                BN_GENCB *cb);
 
 int DSA_generate_parameters_ex(DSA *ret, int bits,
-		unsigned char *seed_in, int seed_len,
-		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
-	{
-	if(ret->meth->dsa_paramgen)
-		return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
-				counter_ret, h_ret, cb);
-	return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
-			counter_ret, h_ret, cb);
-	}
+                               unsigned char *seed_in, int seed_len,
+                               int *counter_ret, unsigned long *h_ret,
+                               BN_GENCB *cb)
+{
+    if (ret->meth->dsa_paramgen)
+        return ret->meth->dsa_paramgen(ret, bits, seed_in, seed_len,
+                                       counter_ret, h_ret, cb);
+    return dsa_builtin_paramgen(ret, bits, seed_in, seed_len,
+                                counter_ret, h_ret, cb);
+}
 
 static int dsa_builtin_paramgen(DSA *ret, int bits,
-		unsigned char *seed_in, int seed_len,
-		int *counter_ret, unsigned long *h_ret, BN_GENCB *cb)
-	{
-	int ok=0;
-	unsigned char seed[SHA_DIGEST_LENGTH];
-	unsigned char md[SHA_DIGEST_LENGTH];
-	unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH];
-	BIGNUM *r0,*W,*X,*c,*test;
-	BIGNUM *g=NULL,*q=NULL,*p=NULL;
-	BN_MONT_CTX *mont=NULL;
-	int k,n=0,i,m=0;
-	int counter=0;
-	int r=0;
-	BN_CTX *ctx=NULL;
-	unsigned int h=2;
-
-	if (bits < 512) bits=512;
-	bits=(bits+63)/64*64;
-
-	/* NB: seed_len == 0 is special case: copy generated seed to
- 	 * seed_in if it is not NULL.
- 	 */
-	if (seed_len && (seed_len < 20))
-		seed_in = NULL; /* seed buffer too small -- ignore */
-	if (seed_len > 20) 
-		seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED,
-		                * but our internal buffers are restricted to 160 bits*/
-	if ((seed_in != NULL) && (seed_len == 20))
-		{
-		memcpy(seed,seed_in,seed_len);
-		/* set seed_in to NULL to avoid it being copied back */
-		seed_in = NULL;
-		}
-
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
-
-	if ((mont=BN_MONT_CTX_new()) == NULL) goto err;
-
-	BN_CTX_start(ctx);
-	r0 = BN_CTX_get(ctx);
-	g = BN_CTX_get(ctx);
-	W = BN_CTX_get(ctx);
-	q = BN_CTX_get(ctx);
-	X = BN_CTX_get(ctx);
-	c = BN_CTX_get(ctx);
-	p = BN_CTX_get(ctx);
-	test = BN_CTX_get(ctx);
-
-	if (!BN_lshift(test,BN_value_one(),bits-1))
-		goto err;
-
-	for (;;)
-		{
-		for (;;) /* find q */
-			{
-			int seed_is_random;
-
-			/* step 1 */
-			if(!BN_GENCB_call(cb, 0, m++))
-				goto err;
-
-			if (!seed_len)
-				{
-				RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH);
-				seed_is_random = 1;
-				}
-			else
-				{
-				seed_is_random = 0;
-				seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/
-				}
-			memcpy(buf,seed,SHA_DIGEST_LENGTH);
-			memcpy(buf2,seed,SHA_DIGEST_LENGTH);
-			/* precompute "SEED + 1" for step 7: */
-			for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
-				{
-				buf[i]++;
-				if (buf[i] != 0) break;
-				}
-
-			/* step 2 */
-			EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
-			EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL);
-			for (i=0; i<SHA_DIGEST_LENGTH; i++)
-				md[i]^=buf2[i];
-
-			/* step 3 */
-			md[0]|=0x80;
-			md[SHA_DIGEST_LENGTH-1]|=0x01;
-			if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err;
-
-			/* step 4 */
-			r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
-					seed_is_random, cb);
-			if (r > 0)
-				break;
-			if (r != 0)
-				goto err;
-
-			/* do a callback call */
-			/* step 5 */
-			}
-
-		if(!BN_GENCB_call(cb, 2, 0)) goto err;
-		if(!BN_GENCB_call(cb, 3, 0)) goto err;
-
-		/* step 6 */
-		counter=0;
-		/* "offset = 2" */
-
-		n=(bits-1)/160;
-
-		for (;;)
-			{
-			if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
-				goto err;
-
-			/* step 7 */
-			BN_zero(W);
-			/* now 'buf' contains "SEED + offset - 1" */
-			for (k=0; k<=n; k++)
-				{
-				/* obtain "SEED + offset + k" by incrementing: */
-				for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--)
-					{
-					buf[i]++;
-					if (buf[i] != 0) break;
-					}
-
-				EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL);
-
-				/* step 8 */
-				if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0))
-					goto err;
-				if (!BN_lshift(r0,r0,160*k)) goto err;
-				if (!BN_add(W,W,r0)) goto err;
-				}
-
-			/* more of step 8 */
-			if (!BN_mask_bits(W,bits-1)) goto err;
-			if (!BN_copy(X,W)) goto err;
-			if (!BN_add(X,X,test)) goto err;
-
-			/* step 9 */
-			if (!BN_lshift1(r0,q)) goto err;
-			if (!BN_mod(c,X,r0,ctx)) goto err;
-			if (!BN_sub(r0,c,BN_value_one())) goto err;
-			if (!BN_sub(p,X,r0)) goto err;
-
-			/* step 10 */
-			if (BN_cmp(p,test) >= 0)
-				{
-				/* step 11 */
-				r = BN_is_prime_fasttest_ex(p, DSS_prime_checks,
-						ctx, 1, cb);
-				if (r > 0)
-						goto end; /* found it */
-				if (r != 0)
-					goto err;
-				}
-
-			/* step 13 */
-			counter++;
-			/* "offset = offset + n + 1" */
-
-			/* step 14 */
-			if (counter >= 4096) break;
-			}
-		}
-end:
-	if(!BN_GENCB_call(cb, 2, 1))
-		goto err;
-
-	/* We now need to generate g */
-	/* Set r0=(p-1)/q */
-	if (!BN_sub(test,p,BN_value_one())) goto err;
-	if (!BN_div(r0,NULL,test,q,ctx)) goto err;
-
-	if (!BN_set_word(test,h)) goto err;
-	if (!BN_MONT_CTX_set(mont,p,ctx)) goto err;
-
-	for (;;)
-		{
-		/* g=test^r0%p */
-		if (!BN_mod_exp_mont(g,test,r0,p,ctx,mont)) goto err;
-		if (!BN_is_one(g)) break;
-		if (!BN_add(test,test,BN_value_one())) goto err;
-		h++;
-		}
-
-	if(!BN_GENCB_call(cb, 3, 1))
-		goto err;
-
-	ok=1;
-err:
-	if (ok)
-		{
-		if(ret->p) BN_free(ret->p);
-		if(ret->q) BN_free(ret->q);
-		if(ret->g) BN_free(ret->g);
-		ret->p=BN_dup(p);
-		ret->q=BN_dup(q);
-		ret->g=BN_dup(g);
-		if (ret->p == NULL || ret->q == NULL || ret->g == NULL)
-			{
-			ok=0;
-			goto err;
-			}
-		if (seed_in != NULL) memcpy(seed_in,seed,20);
-		if (counter_ret != NULL) *counter_ret=counter;
-		if (h_ret != NULL) *h_ret=h;
-		}
-	if(ctx)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	if (mont != NULL) BN_MONT_CTX_free(mont);
-	return ok;
-	}
-#endif
+                                unsigned char *seed_in, int seed_len,
+                                int *counter_ret, unsigned long *h_ret,
+                                BN_GENCB *cb)
+{
+    int ok = 0;
+    unsigned char seed[SHA_DIGEST_LENGTH];
+    unsigned char md[SHA_DIGEST_LENGTH];
+    unsigned char buf[SHA_DIGEST_LENGTH], buf2[SHA_DIGEST_LENGTH];
+    BIGNUM *r0, *W, *X, *c, *test;
+    BIGNUM *g = NULL, *q = NULL, *p = NULL;
+    BN_MONT_CTX *mont = NULL;
+    int k, n = 0, i, m = 0;
+    int counter = 0;
+    int r = 0;
+    BN_CTX *ctx = NULL;
+    unsigned int h = 2;
+
+    if (bits < 512)
+        bits = 512;
+    bits = (bits + 63) / 64 * 64;
+
+    /*
+     * NB: seed_len == 0 is special case: copy generated seed to seed_in if
+     * it is not NULL.
+     */
+    if (seed_len && (seed_len < 20))
+        seed_in = NULL;         /* seed buffer too small -- ignore */
+    if (seed_len > 20)
+        seed_len = 20;          /* App. 2.2 of FIPS PUB 186 allows larger
+                                 * SEED, but our internal buffers are
+                                 * restricted to 160 bits */
+    if ((seed_in != NULL) && (seed_len == 20)) {
+        memcpy(seed, seed_in, seed_len);
+        /* set seed_in to NULL to avoid it being copied back */
+        seed_in = NULL;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    if ((mont = BN_MONT_CTX_new()) == NULL)
+        goto err;
+
+    BN_CTX_start(ctx);
+    r0 = BN_CTX_get(ctx);
+    g = BN_CTX_get(ctx);
+    W = BN_CTX_get(ctx);
+    q = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    c = BN_CTX_get(ctx);
+    p = BN_CTX_get(ctx);
+    test = BN_CTX_get(ctx);
+
+    if (!BN_lshift(test, BN_value_one(), bits - 1))
+        goto err;
+
+    for (;;) {
+        for (;;) {              /* find q */
+            int seed_is_random;
+
+            /* step 1 */
+            if (!BN_GENCB_call(cb, 0, m++))
+                goto err;
+
+            if (!seed_len) {
+                RAND_pseudo_bytes(seed, SHA_DIGEST_LENGTH);
+                seed_is_random = 1;
+            } else {
+                seed_is_random = 0;
+                seed_len = 0;   /* use random seed if 'seed_in' turns out to
+                                 * be bad */
+            }
+            memcpy(buf, seed, SHA_DIGEST_LENGTH);
+            memcpy(buf2, seed, SHA_DIGEST_LENGTH);
+            /* precompute "SEED + 1" for step 7: */
+            for (i = SHA_DIGEST_LENGTH - 1; i >= 0; i--) {
+                buf[i]++;
+                if (buf[i] != 0)
+                    break;
+            }
+
+            /* step 2 */
+            EVP_Digest(seed, SHA_DIGEST_LENGTH, md, NULL, HASH, NULL);
+            EVP_Digest(buf, SHA_DIGEST_LENGTH, buf2, NULL, HASH, NULL);
+            for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+                md[i] ^= buf2[i];
+
+            /* step 3 */
+            md[0] |= 0x80;
+            md[SHA_DIGEST_LENGTH - 1] |= 0x01;
+            if (!BN_bin2bn(md, SHA_DIGEST_LENGTH, q))
+                goto err;
+
+            /* step 4 */
+            r = BN_is_prime_fasttest_ex(q, DSS_prime_checks, ctx,
+                                        seed_is_random, cb);
+            if (r > 0)
+                break;
+            if (r != 0)
+                goto err;
+
+            /* do a callback call */
+            /* step 5 */
+        }
+
+        if (!BN_GENCB_call(cb, 2, 0))
+            goto err;
+        if (!BN_GENCB_call(cb, 3, 0))
+            goto err;
+
+        /* step 6 */
+        counter = 0;
+        /* "offset = 2" */
+
+        n = (bits - 1) / 160;
+
+        for (;;) {
+            if ((counter != 0) && !BN_GENCB_call(cb, 0, counter))
+                goto err;
+
+            /* step 7 */
+            BN_zero(W);
+            /* now 'buf' contains "SEED + offset - 1" */
+            for (k = 0; k <= n; k++) {
+                /*
+                 * obtain "SEED + offset + k" by incrementing:
+                 */
+                for (i = SHA_DIGEST_LENGTH - 1; i >= 0; i--) {
+                    buf[i]++;
+                    if (buf[i] != 0)
+                        break;
+                }
+
+                EVP_Digest(buf, SHA_DIGEST_LENGTH, md, NULL, HASH, NULL);
+
+                /* step 8 */
+                if (!BN_bin2bn(md, SHA_DIGEST_LENGTH, r0))
+                    goto err;
+                if (!BN_lshift(r0, r0, 160 * k))
+                    goto err;
+                if (!BN_add(W, W, r0))
+                    goto err;
+            }
+
+            /* more of step 8 */
+            if (!BN_mask_bits(W, bits - 1))
+                goto err;
+            if (!BN_copy(X, W))
+                goto err;
+            if (!BN_add(X, X, test))
+                goto err;
+
+            /* step 9 */
+            if (!BN_lshift1(r0, q))
+                goto err;
+            if (!BN_mod(c, X, r0, ctx))
+                goto err;
+            if (!BN_sub(r0, c, BN_value_one()))
+                goto err;
+            if (!BN_sub(p, X, r0))
+                goto err;
+
+            /* step 10 */
+            if (BN_cmp(p, test) >= 0) {
+                /* step 11 */
+                r = BN_is_prime_fasttest_ex(p, DSS_prime_checks, ctx, 1, cb);
+                if (r > 0)
+                    goto end;   /* found it */
+                if (r != 0)
+                    goto err;
+            }
+
+            /* step 13 */
+            counter++;
+            /* "offset = offset + n + 1" */
+
+            /* step 14 */
+            if (counter >= 4096)
+                break;
+        }
+    }
+ end:
+    if (!BN_GENCB_call(cb, 2, 1))
+        goto err;
+
+    /* We now need to generate g */
+    /* Set r0=(p-1)/q */
+    if (!BN_sub(test, p, BN_value_one()))
+        goto err;
+    if (!BN_div(r0, NULL, test, q, ctx))
+        goto err;
+
+    if (!BN_set_word(test, h))
+        goto err;
+    if (!BN_MONT_CTX_set(mont, p, ctx))
+        goto err;
+
+    for (;;) {
+        /* g=test^r0%p */
+        if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
+            goto err;
+        if (!BN_is_one(g))
+            break;
+        if (!BN_add(test, test, BN_value_one()))
+            goto err;
+        h++;
+    }
+
+    if (!BN_GENCB_call(cb, 3, 1))
+        goto err;
+
+    ok = 1;
+ err:
+    if (ok) {
+        if (ret->p)
+            BN_free(ret->p);
+        if (ret->q)
+            BN_free(ret->q);
+        if (ret->g)
+            BN_free(ret->g);
+        ret->p = BN_dup(p);
+        ret->q = BN_dup(q);
+        ret->g = BN_dup(g);
+        if (ret->p == NULL || ret->q == NULL || ret->g == NULL) {
+            ok = 0;
+            goto err;
+        }
+        if (seed_in != NULL)
+            memcpy(seed_in, seed, 20);
+        if (counter_ret != NULL)
+            *counter_ret = counter;
+        if (h_ret != NULL)
+            *h_ret = h;
+    }
+    if (ctx) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    if (mont != NULL)
+        BN_MONT_CTX_free(mont);
+    return ok;
+}
+# endif
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c
index 5e391242..8da60167 100644
--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c
+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_key.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,73 +60,75 @@
 #include <time.h>
 #include "cryptlib.h"
 #ifndef OPENSSL_NO_SHA
-#include <openssl/bn.h>
-#include <openssl/dsa.h>
-#include <openssl/rand.h>
+# include <openssl/bn.h>
+# include <openssl/dsa.h>
+# include <openssl/rand.h>
 
-#ifndef OPENSSL_FIPS
+# ifndef OPENSSL_FIPS
 
 static int dsa_builtin_keygen(DSA *dsa);
 
 int DSA_generate_key(DSA *dsa)
-	{
-	if(dsa->meth->dsa_keygen)
-		return dsa->meth->dsa_keygen(dsa);
-	return dsa_builtin_keygen(dsa);
-	}
+{
+    if (dsa->meth->dsa_keygen)
+        return dsa->meth->dsa_keygen(dsa);
+    return dsa_builtin_keygen(dsa);
+}
 
 static int dsa_builtin_keygen(DSA *dsa)
-	{
-	int ok=0;
-	BN_CTX *ctx=NULL;
-	BIGNUM *pub_key=NULL,*priv_key=NULL;
+{
+    int ok = 0;
+    BN_CTX *ctx = NULL;
+    BIGNUM *pub_key = NULL, *priv_key = NULL;
 
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
 
-	if (dsa->priv_key == NULL)
-		{
-		if ((priv_key=BN_new()) == NULL) goto err;
-		}
-	else
-		priv_key=dsa->priv_key;
+    if (dsa->priv_key == NULL) {
+        if ((priv_key = BN_new()) == NULL)
+            goto err;
+    } else
+        priv_key = dsa->priv_key;
 
-	do
-		if (!BN_rand_range(priv_key,dsa->q)) goto err;
-	while (BN_is_zero(priv_key));
+    do
+        if (!BN_rand_range(priv_key, dsa->q))
+            goto err;
+    while (BN_is_zero(priv_key)) ;
 
-	if (dsa->pub_key == NULL)
-		{
-		if ((pub_key=BN_new()) == NULL) goto err;
-		}
-	else
-		pub_key=dsa->pub_key;
-	
-	{
-		BIGNUM local_prk;
-		BIGNUM *prk;
+    if (dsa->pub_key == NULL) {
+        if ((pub_key = BN_new()) == NULL)
+            goto err;
+    } else
+        pub_key = dsa->pub_key;
 
-		if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
-			{
-			BN_init(&local_prk);
-			prk = &local_prk;
-			BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
-			}
-		else
-			prk = priv_key;
+    {
+        BIGNUM local_prk;
+        BIGNUM *prk;
 
-		if (!BN_mod_exp(pub_key,dsa->g,prk,dsa->p,ctx)) goto err;
-	}
+        if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+            BN_init(&local_prk);
+            prk = &local_prk;
+            BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
+        } else
+            prk = priv_key;
 
-	dsa->priv_key=priv_key;
-	dsa->pub_key=pub_key;
-	ok=1;
+        if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx))
+            goto err;
+    }
 
-err:
-	if ((pub_key != NULL) && (dsa->pub_key == NULL)) BN_free(pub_key);
-	if ((priv_key != NULL) && (dsa->priv_key == NULL)) BN_free(priv_key);
-	if (ctx != NULL) BN_CTX_free(ctx);
-	return(ok);
-	}
-#endif
+    dsa->priv_key = priv_key;
+    dsa->pub_key = pub_key;
+    ok = 1;
+
+ err:
+    if ((pub_key != NULL) && (dsa->pub_key == NULL))
+        BN_free(pub_key);
+    if ((priv_key != NULL) && (dsa->priv_key == NULL))
+        BN_free(priv_key);
+    if (ctx != NULL)
+        BN_CTX_free(ctx);
+    return (ok);
+}
+# endif
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c
index 85556d12..45116c5e 100644
--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c
+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_lib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,253 +64,253 @@
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 #ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
 #endif
 
-const char DSA_version[]="DSA" OPENSSL_VERSION_PTEXT;
+const char DSA_version[] = "DSA" OPENSSL_VERSION_PTEXT;
 
 static const DSA_METHOD *default_DSA_method = NULL;
 
 void DSA_set_default_method(const DSA_METHOD *meth)
-	{
+{
 #ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
-		{
-		DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD);
-		return;
-		}
+    if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) {
+        DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD);
+        return;
+    }
 #endif
-		
-	default_DSA_method = meth;
-	}
+
+    default_DSA_method = meth;
+}
 
 const DSA_METHOD *DSA_get_default_method(void)
-	{
-	if(!default_DSA_method)
-		default_DSA_method = DSA_OpenSSL();
-	return default_DSA_method;
-	}
+{
+    if (!default_DSA_method)
+        default_DSA_method = DSA_OpenSSL();
+    return default_DSA_method;
+}
 
 DSA *DSA_new(void)
-	{
-	return DSA_new_method(NULL);
-	}
+{
+    return DSA_new_method(NULL);
+}
 
 int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
-	{
-	/* NB: The caller is specifically setting a method, so it's not up to us
-	 * to deal with which ENGINE it comes from. */
-        const DSA_METHOD *mtmp;
+{
+    /*
+     * NB: The caller is specifically setting a method, so it's not up to us
+     * to deal with which ENGINE it comes from.
+     */
+    const DSA_METHOD *mtmp;
 #ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
-		{
-		DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD);
-		return 0;
-		}
+    if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD)) {
+        DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD);
+        return 0;
+    }
 #endif
-        mtmp = dsa->meth;
-        if (mtmp->finish) mtmp->finish(dsa);
+    mtmp = dsa->meth;
+    if (mtmp->finish)
+        mtmp->finish(dsa);
 #ifndef OPENSSL_NO_ENGINE
-	if (dsa->engine)
-		{
-		ENGINE_finish(dsa->engine);
-		dsa->engine = NULL;
-		}
+    if (dsa->engine) {
+        ENGINE_finish(dsa->engine);
+        dsa->engine = NULL;
+    }
 #endif
-        dsa->meth = meth;
-        if (meth->init) meth->init(dsa);
-        return 1;
-	}
+    dsa->meth = meth;
+    if (meth->init)
+        meth->init(dsa);
+    return 1;
+}
 
 DSA *DSA_new_method(ENGINE *engine)
-	{
-	DSA *ret;
+{
+    DSA *ret;
 
-	ret=(DSA *)OPENSSL_malloc(sizeof(DSA));
-	if (ret == NULL)
-		{
-		DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	ret->meth = DSA_get_default_method();
+    ret = (DSA *)OPENSSL_malloc(sizeof(DSA));
+    if (ret == NULL) {
+        DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    ret->meth = DSA_get_default_method();
 #ifndef OPENSSL_NO_ENGINE
-	if (engine)
-		{
-		if (!ENGINE_init(engine))
-			{
-			DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		ret->engine = engine;
-		}
-	else
-		ret->engine = ENGINE_get_default_DSA();
-	if(ret->engine)
-		{
-		ret->meth = ENGINE_get_DSA(ret->engine);
-		if(!ret->meth)
-			{
-			DSAerr(DSA_F_DSA_NEW_METHOD,
-				ERR_R_ENGINE_LIB);
-			ENGINE_finish(ret->engine);
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		}
+    if (engine) {
+        if (!ENGINE_init(engine)) {
+            DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            OPENSSL_free(ret);
+            return NULL;
+        }
+        ret->engine = engine;
+    } else
+        ret->engine = ENGINE_get_default_DSA();
+    if (ret->engine) {
+        ret->meth = ENGINE_get_DSA(ret->engine);
+        if (!ret->meth) {
+            DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            ENGINE_finish(ret->engine);
+            OPENSSL_free(ret);
+            return NULL;
+        }
+    }
 #endif
 #ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD))
-		{
-		DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD);
-#ifndef OPENSSL_NO_ENGINE
-		if (ret->engine)
-			ENGINE_finish(ret->engine);
-#endif
-		OPENSSL_free(ret);
-		return NULL;
-		}
+    if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD)) {
+        DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD);
+# ifndef OPENSSL_NO_ENGINE
+        if (ret->engine)
+            ENGINE_finish(ret->engine);
+# endif
+        OPENSSL_free(ret);
+        return NULL;
+    }
 #endif
 
-	ret->pad=0;
-	ret->version=0;
-	ret->write_params=1;
-	ret->p=NULL;
-	ret->q=NULL;
-	ret->g=NULL;
+    ret->pad = 0;
+    ret->version = 0;
+    ret->write_params = 1;
+    ret->p = NULL;
+    ret->q = NULL;
+    ret->g = NULL;
 
-	ret->pub_key=NULL;
-	ret->priv_key=NULL;
+    ret->pub_key = NULL;
+    ret->priv_key = NULL;
 
-	ret->kinv=NULL;
-	ret->r=NULL;
-	ret->method_mont_p=NULL;
+    ret->kinv = NULL;
+    ret->r = NULL;
+    ret->method_mont_p = NULL;
 
-	ret->references=1;
-	ret->flags=ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-		{
+    ret->references = 1;
+    ret->flags = ret->meth->flags & ~DSA_FLAG_NON_FIPS_ALLOW;
+    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
 #ifndef OPENSSL_NO_ENGINE
-		if (ret->engine)
-			ENGINE_finish(ret->engine);
+        if (ret->engine)
+            ENGINE_finish(ret->engine);
 #endif
-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
-		OPENSSL_free(ret);
-		ret=NULL;
-		}
-	
-	return(ret);
-	}
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+        OPENSSL_free(ret);
+        ret = NULL;
+    }
+
+    return (ret);
+}
 
 void DSA_free(DSA *r)
-	{
-	int i;
+{
+    int i;
 
-	if (r == NULL) return;
+    if (r == NULL)
+        return;
 
-	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_DSA);
+    i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DSA);
 #ifdef REF_PRINT
-	REF_PRINT("DSA",r);
+    REF_PRINT("DSA", r);
 #endif
-	if (i > 0) return;
+    if (i > 0)
+        return;
 #ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"DSA_free, bad reference count\n");
-		abort();
-		}
+    if (i < 0) {
+        fprintf(stderr, "DSA_free, bad reference count\n");
+        abort();
+    }
 #endif
 
-	if(r->meth->finish)
-		r->meth->finish(r);
+    if (r->meth->finish)
+        r->meth->finish(r);
 #ifndef OPENSSL_NO_ENGINE
-	if(r->engine)
-		ENGINE_finish(r->engine);
+    if (r->engine)
+        ENGINE_finish(r->engine);
 #endif
 
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
 
-	if (r->p != NULL) BN_clear_free(r->p);
-	if (r->q != NULL) BN_clear_free(r->q);
-	if (r->g != NULL) BN_clear_free(r->g);
-	if (r->pub_key != NULL) BN_clear_free(r->pub_key);
-	if (r->priv_key != NULL) BN_clear_free(r->priv_key);
-	if (r->kinv != NULL) BN_clear_free(r->kinv);
-	if (r->r != NULL) BN_clear_free(r->r);
-	OPENSSL_free(r);
-	}
+    if (r->p != NULL)
+        BN_clear_free(r->p);
+    if (r->q != NULL)
+        BN_clear_free(r->q);
+    if (r->g != NULL)
+        BN_clear_free(r->g);
+    if (r->pub_key != NULL)
+        BN_clear_free(r->pub_key);
+    if (r->priv_key != NULL)
+        BN_clear_free(r->priv_key);
+    if (r->kinv != NULL)
+        BN_clear_free(r->kinv);
+    if (r->r != NULL)
+        BN_clear_free(r->r);
+    OPENSSL_free(r);
+}
 
 int DSA_up_ref(DSA *r)
-	{
-	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
+{
+    int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA);
 #ifdef REF_PRINT
-	REF_PRINT("DSA",r);
+    REF_PRINT("DSA", r);
 #endif
 #ifdef REF_CHECK
-	if (i < 2)
-		{
-		fprintf(stderr, "DSA_up_ref, bad reference count\n");
-		abort();
-		}
+    if (i < 2) {
+        fprintf(stderr, "DSA_up_ref, bad reference count\n");
+        abort();
+    }
 #endif
-	return ((i > 1) ? 1 : 0);
-	}
+    return ((i > 1) ? 1 : 0);
+}
 
 int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
-				new_func, dup_func, free_func);
-        }
+                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp,
+                                   new_func, dup_func, free_func);
+}
 
 int DSA_set_ex_data(DSA *d, int idx, void *arg)
-	{
-	return(CRYPTO_set_ex_data(&d->ex_data,idx,arg));
-	}
+{
+    return (CRYPTO_set_ex_data(&d->ex_data, idx, arg));
+}
 
 void *DSA_get_ex_data(DSA *d, int idx)
-	{
-	return(CRYPTO_get_ex_data(&d->ex_data,idx));
-	}
+{
+    return (CRYPTO_get_ex_data(&d->ex_data, idx));
+}
 
 #ifndef OPENSSL_NO_DH
 DH *DSA_dup_DH(const DSA *r)
-	{
-	/* DSA has p, q, g, optional pub_key, optional priv_key.
-	 * DH has p, optional length, g, optional pub_key, optional priv_key.
-	 */ 
+{
+    /*
+     * DSA has p, q, g, optional pub_key, optional priv_key. DH has p,
+     * optional length, g, optional pub_key, optional priv_key.
+     */
 
-	DH *ret = NULL;
+    DH *ret = NULL;
 
-	if (r == NULL)
-		goto err;
-	ret = DH_new();
-	if (ret == NULL)
-		goto err;
-	if (r->p != NULL) 
-		if ((ret->p = BN_dup(r->p)) == NULL)
-			goto err;
-	if (r->q != NULL)
-		ret->length = BN_num_bits(r->q);
-	if (r->g != NULL)
-		if ((ret->g = BN_dup(r->g)) == NULL)
-			goto err;
-	if (r->pub_key != NULL)
-		if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
-			goto err;
-	if (r->priv_key != NULL)
-		if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
-			goto err;
+    if (r == NULL)
+        goto err;
+    ret = DH_new();
+    if (ret == NULL)
+        goto err;
+    if (r->p != NULL)
+        if ((ret->p = BN_dup(r->p)) == NULL)
+            goto err;
+    if (r->q != NULL)
+        ret->length = BN_num_bits(r->q);
+    if (r->g != NULL)
+        if ((ret->g = BN_dup(r->g)) == NULL)
+            goto err;
+    if (r->pub_key != NULL)
+        if ((ret->pub_key = BN_dup(r->pub_key)) == NULL)
+            goto err;
+    if (r->priv_key != NULL)
+        if ((ret->priv_key = BN_dup(r->priv_key)) == NULL)
+            goto err;
 
-	return ret;
+    return ret;
 
  err:
-	if (ret != NULL)
-		DH_free(ret);
-	return NULL;
-	}
+    if (ret != NULL)
+        DH_free(ret);
+    return NULL;
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c
index 17277608..f993844f 100644
--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c
+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_ossl.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -68,31 +68,33 @@
 #ifndef OPENSSL_FIPS
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-		  DSA *dsa);
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                          BIGNUM **rp);
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+                         DSA_SIG *sig, DSA *dsa);
 static int dsa_init(DSA *dsa);
 static int dsa_finish(DSA *dsa);
 
 static DSA_METHOD openssl_dsa_meth = {
-"OpenSSL DSA method",
-dsa_do_sign,
-dsa_sign_setup,
-dsa_do_verify,
-NULL, /* dsa_mod_exp, */
-NULL, /* dsa_bn_mod_exp, */
-dsa_init,
-dsa_finish,
-0,
-NULL,
-NULL,
-NULL
+    "OpenSSL DSA method",
+    dsa_do_sign,
+    dsa_sign_setup,
+    dsa_do_verify,
+    NULL,                       /* dsa_mod_exp, */
+    NULL,                       /* dsa_bn_mod_exp, */
+    dsa_init,
+    dsa_finish,
+    0,
+    NULL,
+    NULL,
+    NULL
 };
 
-/* These macro wrappers replace attempts to use the dsa_mod_exp() and
+/*-
+ * These macro wrappers replace attempts to use the dsa_mod_exp() and
  * bn_mod_exp() handlers in the DSA_METHOD structure. We avoid the problem of
  * having a the macro work as an expression by bundling an "err_instr". So;
- * 
+ *
  *     if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,&k,dsa->p,ctx,
  *                 dsa->method_mont_p)) goto err;
  *
@@ -102,296 +104,309 @@ NULL
  *                 dsa->method_mont_p);
  */
 
-#define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
-	do { \
-	int _tmp_res53; \
-	if((dsa)->meth->dsa_mod_exp) \
-		_tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
-				(a2), (p2), (m), (ctx), (in_mont)); \
-	else \
-		_tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
-				(m), (ctx), (in_mont)); \
-	if(!_tmp_res53) err_instr; \
-	} while(0)
-#define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
-	do { \
-	int _tmp_res53; \
-	if((dsa)->meth->bn_mod_exp) \
-		_tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
-				(m), (ctx), (m_ctx)); \
-	else \
-		_tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
-	if(!_tmp_res53) err_instr; \
-	} while(0)
+# define DSA_MOD_EXP(err_instr,dsa,rr,a1,p1,a2,p2,m,ctx,in_mont) \
+        do { \
+        int _tmp_res53; \
+        if((dsa)->meth->dsa_mod_exp) \
+                _tmp_res53 = (dsa)->meth->dsa_mod_exp((dsa), (rr), (a1), (p1), \
+                                (a2), (p2), (m), (ctx), (in_mont)); \
+        else \
+                _tmp_res53 = BN_mod_exp2_mont((rr), (a1), (p1), (a2), (p2), \
+                                (m), (ctx), (in_mont)); \
+        if(!_tmp_res53) err_instr; \
+        } while(0)
+# define DSA_BN_MOD_EXP(err_instr,dsa,r,a,p,m,ctx,m_ctx) \
+        do { \
+        int _tmp_res53; \
+        if((dsa)->meth->bn_mod_exp) \
+                _tmp_res53 = (dsa)->meth->bn_mod_exp((dsa), (r), (a), (p), \
+                                (m), (ctx), (m_ctx)); \
+        else \
+                _tmp_res53 = BN_mod_exp_mont((r), (a), (p), (m), (ctx), (m_ctx)); \
+        if(!_tmp_res53) err_instr; \
+        } while(0)
 
 const DSA_METHOD *DSA_OpenSSL(void)
 {
-	return &openssl_dsa_meth;
+    return &openssl_dsa_meth;
 }
 
 static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-	{
-	BIGNUM *kinv=NULL,*r=NULL,*s=NULL;
-	BIGNUM m;
-	BIGNUM xr;
-	BN_CTX *ctx=NULL;
-	int i,reason=ERR_R_BN_LIB;
-	DSA_SIG *ret=NULL;
-
-	BN_init(&m);
-	BN_init(&xr);
-
-	if (!dsa->p || !dsa->q || !dsa->g)
-		{
-		reason=DSA_R_MISSING_PARAMETERS;
-		goto err;
-		}
-
-	s=BN_new();
-	if (s == NULL) goto err;
-
-	i=BN_num_bytes(dsa->q); /* should be 20 */
-	if ((dlen > i) || (dlen > 50))
-		{
-		reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
-		goto err;
-		}
-
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-
-	if ((dsa->kinv == NULL) || (dsa->r == NULL))
-		{
-		if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err;
-		}
-	else
-		{
-		kinv=dsa->kinv;
-		dsa->kinv=NULL;
-		r=dsa->r;
-		dsa->r=NULL;
-		}
-
-	if (BN_bin2bn(dgst,dlen,&m) == NULL) goto err;
-
-	/* Compute  s = inv(k) (m + xr) mod q */
-	if (!BN_mod_mul(&xr,dsa->priv_key,r,dsa->q,ctx)) goto err;/* s = xr */
-	if (!BN_add(s, &xr, &m)) goto err;		/* s = m + xr */
-	if (BN_cmp(s,dsa->q) > 0)
-		if (!BN_sub(s,s,dsa->q))
-			goto err;
-	if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err;
-
-	ret=DSA_SIG_new();
-	if (ret == NULL) goto err;
-	ret->r = r;
-	ret->s = s;
-	
-err:
-	if (!ret)
-		{
-		DSAerr(DSA_F_DSA_DO_SIGN,reason);
-		BN_free(r);
-		BN_free(s);
-		}
-	if (ctx != NULL) BN_CTX_free(ctx);
-	BN_clear_free(&m);
-	BN_clear_free(&xr);
-	if (kinv != NULL) /* dsa->kinv is NULL now if we used it */
-	    BN_clear_free(kinv);
-	return(ret);
-	}
-
-static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
-	{
-	BN_CTX *ctx;
-	BIGNUM k,kq,*K,*kinv=NULL,*r=NULL;
-	int ret=0;
-
-	if (!dsa->p || !dsa->q || !dsa->g)
-		{
-		DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
-		return 0;
-		}
-
-	BN_init(&k);
-	BN_init(&kq);
-
-	if (ctx_in == NULL)
-		{
-		if ((ctx=BN_CTX_new()) == NULL) goto err;
-		}
-	else
-		ctx=ctx_in;
-
-	if ((r=BN_new()) == NULL) goto err;
-
-	/* Get random k */
-	do
-		if (!BN_rand_range(&k, dsa->q)) goto err;
-	while (BN_is_zero(&k));
-	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
-		{
-		BN_set_flags(&k, BN_FLG_CONSTTIME);
-		}
-
-	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
-		{
-		if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-						CRYPTO_LOCK_DSA,
-						dsa->p, ctx))
-			goto err;
-		}
-
-	/* Compute r = (g^k mod p) mod q */
-
-	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
-		{
-		if (!BN_copy(&kq, &k)) goto err;
-
-		/* We do not want timing information to leak the length of k,
-		 * so we compute g^k using an equivalent exponent of fixed length.
-		 *
-		 * (This is a kludge that we need because the BN_mod_exp_mont()
-		 * does not let us specify the desired timing behaviour.) */
-
-		if (!BN_add(&kq, &kq, dsa->q)) goto err;
-		if (BN_num_bits(&kq) <= BN_num_bits(dsa->q))
-			{
-			if (!BN_add(&kq, &kq, dsa->q)) goto err;
-			}
-
-		K = &kq;
-		}
-	else
-		{
-		K = &k;
-		}
-	DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
-			dsa->method_mont_p);
-	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
-
-	/* Compute  part of 's = inv(k) (m + xr) mod q' */
-	if ((kinv=BN_mod_inverse(NULL,&k,dsa->q,ctx)) == NULL) goto err;
-
-	if (*kinvp != NULL) BN_clear_free(*kinvp);
-	*kinvp=kinv;
-	kinv=NULL;
-	if (*rp != NULL) BN_clear_free(*rp);
-	*rp=r;
-	ret=1;
-err:
-	if (!ret)
-		{
-		DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB);
-		if (kinv != NULL) BN_clear_free(kinv);
-		if (r != NULL) BN_clear_free(r);
-		}
-	if (ctx_in == NULL) BN_CTX_free(ctx);
-	if (kinv != NULL) BN_clear_free(kinv);
-	BN_clear_free(&k);
-	BN_clear_free(&kq);
-	return(ret);
-	}
-
-static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-		  DSA *dsa)
-	{
-	BN_CTX *ctx;
-	BIGNUM u1,u2,t1;
-	BN_MONT_CTX *mont=NULL;
-	int ret = -1;
-	if (!dsa->p || !dsa->q || !dsa->g)
-		{
-		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS);
-		return -1;
-		}
-
-	if (BN_num_bits(dsa->q) != 160)
-		{
-		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
-		return -1;
-		}
-
-	if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
-		{
-		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
-		return -1;
-		}
-
-	BN_init(&u1);
-	BN_init(&u2);
-	BN_init(&t1);
-
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
-
-	if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
-	    BN_ucmp(sig->r, dsa->q) >= 0)
-		{
-		ret = 0;
-		goto err;
-		}
-	if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
-	    BN_ucmp(sig->s, dsa->q) >= 0)
-		{
-		ret = 0;
-		goto err;
-		}
-
-	/* Calculate W = inv(S) mod Q
-	 * save W in u2 */
-	if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err;
-
-	/* save M in u1 */
-	if (BN_bin2bn(dgst,dgst_len,&u1) == NULL) goto err;
-
-	/* u1 = M * w mod q */
-	if (!BN_mod_mul(&u1,&u1,&u2,dsa->q,ctx)) goto err;
-
-	/* u2 = r * w mod q */
-	if (!BN_mod_mul(&u2,sig->r,&u2,dsa->q,ctx)) goto err;
-
-
-	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
-		{
-		mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
-					CRYPTO_LOCK_DSA, dsa->p, ctx);
-		if (!mont)
-			goto err;
-		}
-
-
-	DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p, ctx, mont);
-	/* BN_copy(&u1,&t1); */
-	/* let u1 = u1 mod q */
-	if (!BN_mod(&u1,&t1,dsa->q,ctx)) goto err;
-
-	/* V is now in u1.  If the signature is correct, it will be
-	 * equal to R. */
-	ret=(BN_ucmp(&u1, sig->r) == 0);
-
-	err:
-	/* XXX: surely this is wrong - if ret is 0, it just didn't verify;
-	   there is no error in BN. Test should be ret == -1 (Ben) */
-	if (ret != 1) DSAerr(DSA_F_DSA_DO_VERIFY,ERR_R_BN_LIB);
-	if (ctx != NULL) BN_CTX_free(ctx);
-	BN_free(&u1);
-	BN_free(&u2);
-	BN_free(&t1);
-	return(ret);
-	}
+{
+    BIGNUM *kinv = NULL, *r = NULL, *s = NULL;
+    BIGNUM m;
+    BIGNUM xr;
+    BN_CTX *ctx = NULL;
+    int i, reason = ERR_R_BN_LIB;
+    DSA_SIG *ret = NULL;
+
+    BN_init(&m);
+    BN_init(&xr);
+
+    if (!dsa->p || !dsa->q || !dsa->g) {
+        reason = DSA_R_MISSING_PARAMETERS;
+        goto err;
+    }
+
+    s = BN_new();
+    if (s == NULL)
+        goto err;
+
+    i = BN_num_bytes(dsa->q);   /* should be 20 */
+    if ((dlen > i) || (dlen > 50)) {
+        reason = DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE;
+        goto err;
+    }
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+
+    if ((dsa->kinv == NULL) || (dsa->r == NULL)) {
+        if (!DSA_sign_setup(dsa, ctx, &kinv, &r))
+            goto err;
+    } else {
+        kinv = dsa->kinv;
+        dsa->kinv = NULL;
+        r = dsa->r;
+        dsa->r = NULL;
+    }
+
+    if (BN_bin2bn(dgst, dlen, &m) == NULL)
+        goto err;
+
+    /* Compute  s = inv(k) (m + xr) mod q */
+    if (!BN_mod_mul(&xr, dsa->priv_key, r, dsa->q, ctx))
+        goto err;               /* s = xr */
+    if (!BN_add(s, &xr, &m))
+        goto err;               /* s = m + xr */
+    if (BN_cmp(s, dsa->q) > 0)
+        if (!BN_sub(s, s, dsa->q))
+            goto err;
+    if (!BN_mod_mul(s, s, kinv, dsa->q, ctx))
+        goto err;
+
+    ret = DSA_SIG_new();
+    if (ret == NULL)
+        goto err;
+    ret->r = r;
+    ret->s = s;
+
+ err:
+    if (!ret) {
+        DSAerr(DSA_F_DSA_DO_SIGN, reason);
+        BN_free(r);
+        BN_free(s);
+    }
+    if (ctx != NULL)
+        BN_CTX_free(ctx);
+    BN_clear_free(&m);
+    BN_clear_free(&xr);
+    if (kinv != NULL)           /* dsa->kinv is NULL now if we used it */
+        BN_clear_free(kinv);
+    return (ret);
+}
+
+static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
+                          BIGNUM **rp)
+{
+    BN_CTX *ctx;
+    BIGNUM k, kq, *K, *kinv = NULL, *r = NULL;
+    int ret = 0;
+
+    if (!dsa->p || !dsa->q || !dsa->g) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
+        return 0;
+    }
+
+    BN_init(&k);
+    BN_init(&kq);
+
+    if (ctx_in == NULL) {
+        if ((ctx = BN_CTX_new()) == NULL)
+            goto err;
+    } else
+        ctx = ctx_in;
+
+    if ((r = BN_new()) == NULL)
+        goto err;
+
+    /* Get random k */
+    do
+        if (!BN_rand_range(&k, dsa->q))
+            goto err;
+    while (BN_is_zero(&k)) ;
+    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+        BN_set_flags(&k, BN_FLG_CONSTTIME);
+    }
+
+    if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+        if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                                    CRYPTO_LOCK_DSA, dsa->p, ctx))
+            goto err;
+    }
+
+    /* Compute r = (g^k mod p) mod q */
+
+    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {
+        if (!BN_copy(&kq, &k))
+            goto err;
+
+        /*
+         * We do not want timing information to leak the length of k, so we
+         * compute g^k using an equivalent exponent of fixed length. (This
+         * is a kludge that we need because the BN_mod_exp_mont() does not
+         * let us specify the desired timing behaviour.)
+         */
+
+        if (!BN_add(&kq, &kq, dsa->q))
+            goto err;
+        if (BN_num_bits(&kq) <= BN_num_bits(dsa->q)) {
+            if (!BN_add(&kq, &kq, dsa->q))
+                goto err;
+        }
+
+        K = &kq;
+    } else {
+        K = &k;
+    }
+    DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx,
+                   dsa->method_mont_p);
+    if (!BN_mod(r, r, dsa->q, ctx))
+        goto err;
+
+    /* Compute  part of 's = inv(k) (m + xr) mod q' */
+    if ((kinv = BN_mod_inverse(NULL, &k, dsa->q, ctx)) == NULL)
+        goto err;
+
+    if (*kinvp != NULL)
+        BN_clear_free(*kinvp);
+    *kinvp = kinv;
+    kinv = NULL;
+    if (*rp != NULL)
+        BN_clear_free(*rp);
+    *rp = r;
+    ret = 1;
+ err:
+    if (!ret) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP, ERR_R_BN_LIB);
+        if (kinv != NULL)
+            BN_clear_free(kinv);
+        if (r != NULL)
+            BN_clear_free(r);
+    }
+    if (ctx_in == NULL)
+        BN_CTX_free(ctx);
+    if (kinv != NULL)
+        BN_clear_free(kinv);
+    BN_clear_free(&k);
+    BN_clear_free(&kq);
+    return (ret);
+}
+
+static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
+                         DSA_SIG *sig, DSA *dsa)
+{
+    BN_CTX *ctx;
+    BIGNUM u1, u2, t1;
+    BN_MONT_CTX *mont = NULL;
+    int ret = -1;
+    if (!dsa->p || !dsa->q || !dsa->g) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MISSING_PARAMETERS);
+        return -1;
+    }
+
+    if (BN_num_bits(dsa->q) != 160) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_BAD_Q_VALUE);
+        return -1;
+    }
+
+    if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_MODULUS_TOO_LARGE);
+        return -1;
+    }
+
+    BN_init(&u1);
+    BN_init(&u2);
+    BN_init(&t1);
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
+        BN_ucmp(sig->r, dsa->q) >= 0) {
+        ret = 0;
+        goto err;
+    }
+    if (BN_is_zero(sig->s) || BN_is_negative(sig->s) ||
+        BN_ucmp(sig->s, dsa->q) >= 0) {
+        ret = 0;
+        goto err;
+    }
+
+    /*
+     * Calculate W = inv(S) mod Q save W in u2
+     */
+    if ((BN_mod_inverse(&u2, sig->s, dsa->q, ctx)) == NULL)
+        goto err;
+
+    /* save M in u1 */
+    if (BN_bin2bn(dgst, dgst_len, &u1) == NULL)
+        goto err;
+
+    /* u1 = M * w mod q */
+    if (!BN_mod_mul(&u1, &u1, &u2, dsa->q, ctx))
+        goto err;
+
+    /* u2 = r * w mod q */
+    if (!BN_mod_mul(&u2, sig->r, &u2, dsa->q, ctx))
+        goto err;
+
+    if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
+        mont = BN_MONT_CTX_set_locked(&dsa->method_mont_p,
+                                      CRYPTO_LOCK_DSA, dsa->p, ctx);
+        if (!mont)
+            goto err;
+    }
+
+    DSA_MOD_EXP(goto err, dsa, &t1, dsa->g, &u1, dsa->pub_key, &u2, dsa->p,
+                ctx, mont);
+    /* BN_copy(&u1,&t1); */
+    /* let u1 = u1 mod q */
+    if (!BN_mod(&u1, &t1, dsa->q, ctx))
+        goto err;
+
+    /*
+     * V is now in u1.  If the signature is correct, it will be equal to R.
+     */
+    ret = (BN_ucmp(&u1, sig->r) == 0);
+
+ err:
+    /*
+     * XXX: surely this is wrong - if ret is 0, it just didn't verify; there
+     * is no error in BN. Test should be ret == -1 (Ben)
+     */
+    if (ret != 1)
+        DSAerr(DSA_F_DSA_DO_VERIFY, ERR_R_BN_LIB);
+    if (ctx != NULL)
+        BN_CTX_free(ctx);
+    BN_free(&u1);
+    BN_free(&u2);
+    BN_free(&t1);
+    return (ret);
+}
 
 static int dsa_init(DSA *dsa)
 {
-	dsa->flags|=DSA_FLAG_CACHE_MONT_P;
-	return(1);
+    dsa->flags |= DSA_FLAG_CACHE_MONT_P;
+    return (1);
 }
 
 static int dsa_finish(DSA *dsa)
 {
-	if(dsa->method_mont_p)
-		BN_MONT_CTX_free(dsa->method_mont_p);
-	return(1);
+    if (dsa->method_mont_p)
+        BN_MONT_CTX_free(dsa->method_mont_p);
+    return (1);
 }
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c
index 4cfbbe57..0b322617 100644
--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c
+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_sign.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -65,31 +65,28 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
-
-DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
-	{
+DSA_SIG *DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+{
 #ifdef OPENSSL_FIPS
-	if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-		{
-		DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-		return NULL;
-		}
+    if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
+        DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+        return NULL;
+    }
 #endif
-	return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
-	}
+    return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
+}
 
 int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
-	{
+{
 #ifdef OPENSSL_FIPS
-	if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-		{
-		DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-		return 0;
-		}
+    if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
+        DSAerr(DSA_F_DSA_SIGN_SETUP,
+               DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+        return 0;
+    }
 #endif
-	return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
-	}
-
+    return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
+}
diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c
index 24c021d1..6cc4479e 100644
--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c
+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_utl.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,32 +64,30 @@
 #include <openssl/dsa.h>
 #include <openssl/asn1.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 #ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
 #endif
 
 DSA_SIG *DSA_SIG_new(void)
-	{
-	DSA_SIG *sig;
-	sig = OPENSSL_malloc(sizeof(DSA_SIG));
-	if (!sig)
-		return NULL;
-	sig->r = NULL;
-	sig->s = NULL;
-	return sig;
-	}
+{
+    DSA_SIG *sig;
+    sig = OPENSSL_malloc(sizeof(DSA_SIG));
+    if (!sig)
+        return NULL;
+    sig->r = NULL;
+    sig->s = NULL;
+    return sig;
+}
 
 void DSA_SIG_free(DSA_SIG *sig)
-	{
-	if (sig)
-		{
-		if (sig->r)
-			BN_free(sig->r);
-		if (sig->s)
-			BN_free(sig->s);
-		OPENSSL_free(sig);
-		}
-	}
-
+{
+    if (sig) {
+        if (sig->r)
+            BN_free(sig->r);
+        if (sig->s)
+            BN_free(sig->s);
+        OPENSSL_free(sig);
+    }
+}
diff --git a/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c b/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c
index c75e4230..5a5d9e13 100644
--- a/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c
+++ b/Cryptlib/OpenSSL/crypto/dsa/dsa_vrf.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -65,20 +65,19 @@
 #include <openssl/rand.h>
 #include <openssl/asn1.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
 #include <openssl/asn1_mac.h>
 
 int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
-		  DSA *dsa)
-	{
+                  DSA *dsa)
+{
 #ifdef OPENSSL_FIPS
-	if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
-		{
-		DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-		return 0;
-		}
+    if (FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW)) {
+        DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+        return 0;
+    }
 #endif
-	return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
-	}
+    return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
+}
diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c
index 417abb6e..25c9c133 100644
--- a/Cryptlib/OpenSSL/crypto/dso/dso_dl.c
+++ b/Cryptlib/OpenSSL/crypto/dso/dso_dl.c
@@ -1,6 +1,7 @@
 /* dso_dl.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,292 +63,275 @@
 
 #ifndef DSO_DL
 DSO_METHOD *DSO_METHOD_dl(void)
-       {
-       return NULL;
-       }
+{
+    return NULL;
+}
 #else
 
-#include <dl.h>
+# include <dl.h>
 
 /* Part of the hack in "dl_load" ... */
-#define DSO_MAX_TRANSLATED_SIZE 256
+# define DSO_MAX_TRANSLATED_SIZE 256
 
 static int dl_load(DSO *dso);
 static int dl_unload(DSO *dso);
 static void *dl_bind_var(DSO *dso, const char *symname);
 static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname);
-#if 0
+# if 0
 static int dl_unbind_var(DSO *dso, char *symname, void *symptr);
 static int dl_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
 static int dl_init(DSO *dso);
 static int dl_finish(DSO *dso);
 static int dl_ctrl(DSO *dso, int cmd, long larg, void *parg);
-#endif
+# endif
 static char *dl_name_converter(DSO *dso, const char *filename);
-static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2);
+static char *dl_merger(DSO *dso, const char *filespec1,
+                       const char *filespec2);
 
 static DSO_METHOD dso_meth_dl = {
-	"OpenSSL 'dl' shared library method",
-	dl_load,
-	dl_unload,
-	dl_bind_var,
-	dl_bind_func,
+    "OpenSSL 'dl' shared library method",
+    dl_load,
+    dl_unload,
+    dl_bind_var,
+    dl_bind_func,
 /* For now, "unbind" doesn't exist */
-#if 0
-	NULL, /* unbind_var */
-	NULL, /* unbind_func */
-#endif
-	NULL, /* ctrl */
-	dl_name_converter,
-	dl_merger,
-	NULL, /* init */
-	NULL  /* finish */
-	};
+# if 0
+    NULL,                       /* unbind_var */
+    NULL,                       /* unbind_func */
+# endif
+    NULL,                       /* ctrl */
+    dl_name_converter,
+    dl_merger,
+    NULL,                       /* init */
+    NULL                        /* finish */
+};
 
 DSO_METHOD *DSO_METHOD_dl(void)
-	{
-	return(&dso_meth_dl);
-	}
+{
+    return (&dso_meth_dl);
+}
 
-/* For this DSO_METHOD, our meth_data STACK will contain;
- * (i) the handle (shl_t) returned from shl_load().
- * NB: I checked on HPUX11 and shl_t is itself a pointer
- * type so the cast is safe.
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle
+ * (shl_t) returned from shl_load(). NB: I checked on HPUX11 and shl_t is
+ * itself a pointer type so the cast is safe.
  */
 
 static int dl_load(DSO *dso)
-	{
-	shl_t ptr = NULL;
-	/* We don't do any fancy retries or anything, just take the method's
-	 * (or DSO's if it has the callback set) best translation of the
-	 * platform-independant filename and try once with that. */
-	char *filename= DSO_convert_filename(dso, NULL);
+{
+    shl_t ptr = NULL;
+    /*
+     * We don't do any fancy retries or anything, just take the method's (or
+     * DSO's if it has the callback set) best translation of the
+     * platform-independant filename and try once with that.
+     */
+    char *filename = DSO_convert_filename(dso, NULL);
 
-	if(filename == NULL)
-		{
-		DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
-		goto err;
-		}
-	ptr = shl_load(filename, BIND_IMMEDIATE |
-		(dso->flags&DSO_FLAG_NO_NAME_TRANSLATION?0:DYNAMIC_PATH), 0L);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
-		ERR_add_error_data(4, "filename(", filename, "): ",
-			strerror(errno));
-		goto err;
-		}
-	if(!sk_push(dso->meth_data, (char *)ptr))
-		{
-		DSOerr(DSO_F_DL_LOAD,DSO_R_STACK_ERROR);
-		goto err;
-		}
-	/* Success, stick the converted filename we've loaded under into the DSO
-	 * (it also serves as the indicator that we are currently loaded). */
-	dso->loaded_filename = filename;
-	return(1);
-err:
-	/* Cleanup! */
-	if(filename != NULL)
-		OPENSSL_free(filename);
-	if(ptr != NULL)
-		shl_unload(ptr);
-	return(0);
-	}
+    if (filename == NULL) {
+        DSOerr(DSO_F_DL_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+    ptr = shl_load(filename, BIND_IMMEDIATE |
+                   (dso->flags & DSO_FLAG_NO_NAME_TRANSLATION ? 0 :
+                    DYNAMIC_PATH), 0L);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DL_LOAD, DSO_R_LOAD_FAILED);
+        ERR_add_error_data(4, "filename(", filename, "): ", strerror(errno));
+        goto err;
+    }
+    if (!sk_push(dso->meth_data, (char *)ptr)) {
+        DSOerr(DSO_F_DL_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+    /*
+     * Success, stick the converted filename we've loaded under into the DSO
+     * (it also serves as the indicator that we are currently loaded).
+     */
+    dso->loaded_filename = filename;
+    return (1);
+ err:
+    /* Cleanup! */
+    if (filename != NULL)
+        OPENSSL_free(filename);
+    if (ptr != NULL)
+        shl_unload(ptr);
+    return (0);
+}
 
 static int dl_unload(DSO *dso)
-	{
-	shl_t ptr;
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DL_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if(sk_num(dso->meth_data) < 1)
-		return(1);
-	/* Is this statement legal? */
-	ptr = (shl_t)sk_pop(dso->meth_data);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DL_UNLOAD,DSO_R_NULL_HANDLE);
-		/* Should push the value back onto the stack in
-		 * case of a retry. */
-		sk_push(dso->meth_data, (char *)ptr);
-		return(0);
-		}
-	shl_unload(ptr);
-	return(1);
-	}
+{
+    shl_t ptr;
+    if (dso == NULL) {
+        DSOerr(DSO_F_DL_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (sk_num(dso->meth_data) < 1)
+        return (1);
+    /* Is this statement legal? */
+    ptr = (shl_t) sk_pop(dso->meth_data);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DL_UNLOAD, DSO_R_NULL_HANDLE);
+        /*
+         * Should push the value back onto the stack in case of a retry.
+         */
+        sk_push(dso->meth_data, (char *)ptr);
+        return (0);
+    }
+    shl_unload(ptr);
+    return (1);
+}
 
 static void *dl_bind_var(DSO *dso, const char *symname)
-	{
-	shl_t ptr;
-	void *sym;
+{
+    shl_t ptr;
+    void *sym;
 
-	if((dso == NULL) || (symname == NULL))
-		{
-		DSOerr(DSO_F_DL_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(sk_num(dso->meth_data) < 1)
-		{
-		DSOerr(DSO_F_DL_BIND_VAR,DSO_R_STACK_ERROR);
-		return(NULL);
-		}
-	ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DL_BIND_VAR,DSO_R_NULL_HANDLE);
-		return(NULL);
-		}
-	if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
-		{
-		DSOerr(DSO_F_DL_BIND_VAR,DSO_R_SYM_FAILURE);
-		ERR_add_error_data(4, "symname(", symname, "): ",
-			strerror(errno));
-		return(NULL);
-		}
-	return(sym);
-	}
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DL_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (sk_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_DL_BIND_VAR, DSO_R_STACK_ERROR);
+        return (NULL);
+    }
+    ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DL_BIND_VAR, DSO_R_NULL_HANDLE);
+        return (NULL);
+    }
+    if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
+        DSOerr(DSO_F_DL_BIND_VAR, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno));
+        return (NULL);
+    }
+    return (sym);
+}
 
 static DSO_FUNC_TYPE dl_bind_func(DSO *dso, const char *symname)
-	{
-	shl_t ptr;
-	void *sym;
+{
+    shl_t ptr;
+    void *sym;
 
-	if((dso == NULL) || (symname == NULL))
-		{
-		DSOerr(DSO_F_DL_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(sk_num(dso->meth_data) < 1)
-		{
-		DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_STACK_ERROR);
-		return(NULL);
-		}
-	ptr = (shl_t)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_NULL_HANDLE);
-		return(NULL);
-		}
-	if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0)
-		{
-		DSOerr(DSO_F_DL_BIND_FUNC,DSO_R_SYM_FAILURE);
-		ERR_add_error_data(4, "symname(", symname, "): ",
-			strerror(errno));
-		return(NULL);
-		}
-	return((DSO_FUNC_TYPE)sym);
-	}
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DL_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (sk_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_STACK_ERROR);
+        return (NULL);
+    }
+    ptr = (shl_t) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_NULL_HANDLE);
+        return (NULL);
+    }
+    if (shl_findsym(&ptr, symname, TYPE_UNDEFINED, &sym) < 0) {
+        DSOerr(DSO_F_DL_BIND_FUNC, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(4, "symname(", symname, "): ", strerror(errno));
+        return (NULL);
+    }
+    return ((DSO_FUNC_TYPE)sym);
+}
 
 static char *dl_merger(DSO *dso, const char *filespec1, const char *filespec2)
-	{
-	char *merged;
+{
+    char *merged;
 
-	if(!filespec1 && !filespec2)
-		{
-		DSOerr(DSO_F_DL_MERGER,
-				ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	/* If the first file specification is a rooted path, it rules.
-	   same goes if the second file specification is missing. */
-	if (!filespec2 || filespec1[0] == '/')
-		{
-		merged = OPENSSL_malloc(strlen(filespec1) + 1);
-		if(!merged)
-			{
-			DSOerr(DSO_F_DL_MERGER,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		strcpy(merged, filespec1);
-		}
-	/* If the first file specification is missing, the second one rules. */
-	else if (!filespec1)
-		{
-		merged = OPENSSL_malloc(strlen(filespec2) + 1);
-		if(!merged)
-			{
-			DSOerr(DSO_F_DL_MERGER,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		strcpy(merged, filespec2);
-		}
-	else
-		/* This part isn't as trivial as it looks.  It assumes that
-		   the second file specification really is a directory, and
-		   makes no checks whatsoever.  Therefore, the result becomes
-		   the concatenation of filespec2 followed by a slash followed
-		   by filespec1. */
-		{
-		int spec2len, len;
+    if (!filespec1 && !filespec2) {
+        DSOerr(DSO_F_DL_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    /*
+     * If the first file specification is a rooted path, it rules. same goes
+     * if the second file specification is missing.
+     */
+    if (!filespec2 || filespec1[0] == '/') {
+        merged = OPENSSL_malloc(strlen(filespec1) + 1);
+        if (!merged) {
+            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec1);
+    }
+    /*
+     * If the first file specification is missing, the second one rules.
+     */
+    else if (!filespec1) {
+        merged = OPENSSL_malloc(strlen(filespec2) + 1);
+        if (!merged) {
+            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec2);
+    } else
+        /*
+         * This part isn't as trivial as it looks.  It assumes that the
+         * second file specification really is a directory, and makes no
+         * checks whatsoever.  Therefore, the result becomes the
+         * concatenation of filespec2 followed by a slash followed by
+         * filespec1.
+         */
+    {
+        int spec2len, len;
 
-		spec2len = (filespec2 ? strlen(filespec2) : 0);
-		len = spec2len + (filespec1 ? strlen(filespec1) : 0);
+        spec2len = (filespec2 ? strlen(filespec2) : 0);
+        len = spec2len + (filespec1 ? strlen(filespec1) : 0);
 
-		if(filespec2 && filespec2[spec2len - 1] == '/')
-			{
-			spec2len--;
-			len--;
-			}
-		merged = OPENSSL_malloc(len + 2);
-		if(!merged)
-			{
-			DSOerr(DSO_F_DL_MERGER,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		strcpy(merged, filespec2);
-		merged[spec2len] = '/';
-		strcpy(&merged[spec2len + 1], filespec1);
-		}
-	return(merged);
-	}
+        if (filespec2 && filespec2[spec2len - 1] == '/') {
+            spec2len--;
+            len--;
+        }
+        merged = OPENSSL_malloc(len + 2);
+        if (!merged) {
+            DSOerr(DSO_F_DL_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec2);
+        merged[spec2len] = '/';
+        strcpy(&merged[spec2len + 1], filespec1);
+    }
+    return (merged);
+}
 
-/* This function is identical to the one in dso_dlfcn.c, but as it is highly
- * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at the
- * same time, there's no great duplicating the code. Figuring out an elegant 
- * way to share one copy of the code would be more difficult and would not
- * leave the implementations independant. */
-#if defined(__hpux)
+/*
+ * This function is identical to the one in dso_dlfcn.c, but as it is highly
+ * unlikely that both the "dl" *and* "dlfcn" variants are being compiled at
+ * the same time, there's no great duplicating the code. Figuring out an
+ * elegant way to share one copy of the code would be more difficult and
+ * would not leave the implementations independant.
+ */
+# if defined(__hpux)
 static const char extension[] = ".sl";
-#else
+# else
 static const char extension[] = ".so";
-#endif
+# endif
 static char *dl_name_converter(DSO *dso, const char *filename)
-	{
-	char *translated;
-	int len, rsize, transform;
+{
+    char *translated;
+    int len, rsize, transform;
 
-	len = strlen(filename);
-	rsize = len + 1;
-	transform = (strstr(filename, "/") == NULL);
-		{
-		/* We will convert this to "%s.s?" or "lib%s.s?" */
-		rsize += strlen(extension);/* The length of ".s?" */
-		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-			rsize += 3; /* The length of "lib" */
-		}
-	translated = OPENSSL_malloc(rsize);
-	if(translated == NULL)
-		{
-		DSOerr(DSO_F_DL_NAME_CONVERTER,
-				DSO_R_NAME_TRANSLATION_FAILED); 
-		return(NULL);   
-		}
-	if(transform)
-		{
-		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-			sprintf(translated, "lib%s%s", filename, extension);
-		else
-			sprintf(translated, "%s%s", filename, extension);
-		}
-	else
-		sprintf(translated, "%s", filename);
-	return(translated);
-	}
+    len = strlen(filename);
+    rsize = len + 1;
+    transform = (strstr(filename, "/") == NULL);
+    {
+        /* We will convert this to "%s.s?" or "lib%s.s?" */
+        rsize += strlen(extension); /* The length of ".s?" */
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            rsize += 3;         /* The length of "lib" */
+    }
+    translated = OPENSSL_malloc(rsize);
+    if (translated == NULL) {
+        DSOerr(DSO_F_DL_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+        return (NULL);
+    }
+    if (transform) {
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            sprintf(translated, "lib%s%s", filename, extension);
+        else
+            sprintf(translated, "%s%s", filename, extension);
+    } else
+        sprintf(translated, "%s", filename);
+    return (translated);
+}
 
-#endif /* DSO_DL */
+#endif                          /* DSO_DL */
diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c
index d91e821a..f01255a7 100644
--- a/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c
+++ b/Cryptlib/OpenSSL/crypto/dso/dso_dlfcn.c
@@ -1,6 +1,7 @@
 /* dso_dlfcn.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,320 +63,298 @@
 
 #ifndef DSO_DLFCN
 DSO_METHOD *DSO_METHOD_dlfcn(void)
-	{
-	return NULL;
-	}
+{
+    return NULL;
+}
 #else
 
-#ifdef HAVE_DLFCN_H
-#include <dlfcn.h>
-#endif
+# ifdef HAVE_DLFCN_H
+#  include <dlfcn.h>
+# endif
 
 /* Part of the hack in "dlfcn_load" ... */
-#define DSO_MAX_TRANSLATED_SIZE 256
+# define DSO_MAX_TRANSLATED_SIZE 256
 
 static int dlfcn_load(DSO *dso);
 static int dlfcn_unload(DSO *dso);
 static void *dlfcn_bind_var(DSO *dso, const char *symname);
 static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname);
-#if 0
+# if 0
 static int dlfcn_unbind(DSO *dso, char *symname, void *symptr);
 static int dlfcn_init(DSO *dso);
 static int dlfcn_finish(DSO *dso);
 static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg);
-#endif
+# endif
 static char *dlfcn_name_converter(DSO *dso, const char *filename);
 static char *dlfcn_merger(DSO *dso, const char *filespec1,
-	const char *filespec2);
+                          const char *filespec2);
 
 static DSO_METHOD dso_meth_dlfcn = {
-	"OpenSSL 'dlfcn' shared library method",
-	dlfcn_load,
-	dlfcn_unload,
-	dlfcn_bind_var,
-	dlfcn_bind_func,
+    "OpenSSL 'dlfcn' shared library method",
+    dlfcn_load,
+    dlfcn_unload,
+    dlfcn_bind_var,
+    dlfcn_bind_func,
 /* For now, "unbind" doesn't exist */
-#if 0
-	NULL, /* unbind_var */
-	NULL, /* unbind_func */
-#endif
-	NULL, /* ctrl */
-	dlfcn_name_converter,
-	dlfcn_merger,
-	NULL, /* init */
-	NULL  /* finish */
-	};
+# if 0
+    NULL,                       /* unbind_var */
+    NULL,                       /* unbind_func */
+# endif
+    NULL,                       /* ctrl */
+    dlfcn_name_converter,
+    dlfcn_merger,
+    NULL,                       /* init */
+    NULL                        /* finish */
+};
 
 DSO_METHOD *DSO_METHOD_dlfcn(void)
-	{
-	return(&dso_meth_dlfcn);
-	}
+{
+    return (&dso_meth_dlfcn);
+}
 
-/* Prior to using the dlopen() function, we should decide on the flag
- * we send. There's a few different ways of doing this and it's a
- * messy venn-diagram to match up which platforms support what. So
- * as we don't have autoconf yet, I'm implementing a hack that could
- * be hacked further relatively easily to deal with cases as we find
- * them. Initially this is to cope with OpenBSD. */
-#if defined(__OpenBSD__) || defined(__NetBSD__)
-#	ifdef DL_LAZY
-#		define DLOPEN_FLAG DL_LAZY
-#	else
-#		ifdef RTLD_NOW
-#			define DLOPEN_FLAG RTLD_NOW
-#		else
-#			define DLOPEN_FLAG 0
-#		endif
-#	endif
-#else
-#	ifdef OPENSSL_SYS_SUNOS
-#		define DLOPEN_FLAG 1
-#	else
-#		define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
-#	endif
-#endif
+/*
+ * Prior to using the dlopen() function, we should decide on the flag we
+ * send. There's a few different ways of doing this and it's a messy
+ * venn-diagram to match up which platforms support what. So as we don't have
+ * autoconf yet, I'm implementing a hack that could be hacked further
+ * relatively easily to deal with cases as we find them. Initially this is to
+ * cope with OpenBSD.
+ */
+# if defined(__OpenBSD__) || defined(__NetBSD__)
+#  ifdef DL_LAZY
+#   define DLOPEN_FLAG DL_LAZY
+#  else
+#   ifdef RTLD_NOW
+#    define DLOPEN_FLAG RTLD_NOW
+#   else
+#    define DLOPEN_FLAG 0
+#   endif
+#  endif
+# else
+#  ifdef OPENSSL_SYS_SUNOS
+#   define DLOPEN_FLAG 1
+#  else
+#   define DLOPEN_FLAG RTLD_NOW /* Hope this works everywhere else */
+#  endif
+# endif
 
-/* For this DSO_METHOD, our meth_data STACK will contain;
- * (i) the handle (void*) returned from dlopen().
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) the handle
+ * (void*) returned from dlopen().
  */
 
 static int dlfcn_load(DSO *dso)
-	{
-	void *ptr = NULL;
-	/* See applicable comments in dso_dl.c */
-	char *filename = DSO_convert_filename(dso, NULL);
-	int flags = DLOPEN_FLAG;
-
-	if(filename == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME);
-		goto err;
-		}
+{
+    void *ptr = NULL;
+    /* See applicable comments in dso_dl.c */
+    char *filename = DSO_convert_filename(dso, NULL);
+    int flags = DLOPEN_FLAG;
 
-#ifdef RTLD_GLOBAL
-	if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)
-		flags |= RTLD_GLOBAL;
-#endif
-	ptr = dlopen(filename, flags);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED);
-		ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
-		goto err;
-		}
-	if(!sk_push(dso->meth_data, (char *)ptr))
-		{
-		DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR);
-		goto err;
-		}
-	/* Success */
-	dso->loaded_filename = filename;
-	return(1);
-err:
-	/* Cleanup! */
-	if(filename != NULL)
-		OPENSSL_free(filename);
-	if(ptr != NULL)
-		dlclose(ptr);
-	return(0);
+    if (filename == NULL) {
+        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+# ifdef RTLD_GLOBAL
+    if (dso->flags & DSO_FLAG_GLOBAL_SYMBOLS)
+        flags |= RTLD_GLOBAL;
+# endif
+    ptr = dlopen(filename, flags);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_LOAD_FAILED);
+        ERR_add_error_data(4, "filename(", filename, "): ", dlerror());
+        goto err;
+    }
+    if (!sk_push(dso->meth_data, (char *)ptr)) {
+        DSOerr(DSO_F_DLFCN_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+    /* Success */
+    dso->loaded_filename = filename;
+    return (1);
+ err:
+    /* Cleanup! */
+    if (filename != NULL)
+        OPENSSL_free(filename);
+    if (ptr != NULL)
+        dlclose(ptr);
+    return (0);
 }
 
 static int dlfcn_unload(DSO *dso)
-	{
-	void *ptr;
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if(sk_num(dso->meth_data) < 1)
-		return(1);
-	ptr = (void *)sk_pop(dso->meth_data);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_UNLOAD,DSO_R_NULL_HANDLE);
-		/* Should push the value back onto the stack in
-		 * case of a retry. */
-		sk_push(dso->meth_data, (char *)ptr);
-		return(0);
-		}
-	/* For now I'm not aware of any errors associated with dlclose() */
-	dlclose(ptr);
-	return(1);
-	}
+{
+    void *ptr;
+    if (dso == NULL) {
+        DSOerr(DSO_F_DLFCN_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (sk_num(dso->meth_data) < 1)
+        return (1);
+    ptr = (void *)sk_pop(dso->meth_data);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DLFCN_UNLOAD, DSO_R_NULL_HANDLE);
+        /*
+         * Should push the value back onto the stack in case of a retry.
+         */
+        sk_push(dso->meth_data, (char *)ptr);
+        return (0);
+    }
+    /* For now I'm not aware of any errors associated with dlclose() */
+    dlclose(ptr);
+    return (1);
+}
 
 static void *dlfcn_bind_var(DSO *dso, const char *symname)
-	{
-	void *ptr, *sym;
+{
+    void *ptr, *sym;
 
-	if((dso == NULL) || (symname == NULL))
-		{
-		DSOerr(DSO_F_DLFCN_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(sk_num(dso->meth_data) < 1)
-		{
-		DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_STACK_ERROR);
-		return(NULL);
-		}
-	ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_NULL_HANDLE);
-		return(NULL);
-		}
-	sym = dlsym(ptr, symname);
-	if(sym == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_SYM_FAILURE);
-		ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
-		return(NULL);
-		}
-	return(sym);
-	}
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DLFCN_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (sk_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_STACK_ERROR);
+        return (NULL);
+    }
+    ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_NULL_HANDLE);
+        return (NULL);
+    }
+    sym = dlsym(ptr, symname);
+    if (sym == NULL) {
+        DSOerr(DSO_F_DLFCN_BIND_VAR, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
+        return (NULL);
+    }
+    return (sym);
+}
 
 static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname)
-	{
-	void *ptr;
-	union {
-		DSO_FUNC_TYPE sym;
-		void *dlret;
-	} u;
+{
+    void *ptr;
+    union {
+        DSO_FUNC_TYPE sym;
+        void *dlret;
+    } u;
 
-	if((dso == NULL) || (symname == NULL))
-		{
-		DSOerr(DSO_F_DLFCN_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(sk_num(dso->meth_data) < 1)
-		{
-		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_STACK_ERROR);
-		return(NULL);
-		}
-	ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_NULL_HANDLE);
-		return(NULL);
-		}
-	u.dlret = dlsym(ptr, symname);
-	if(u.dlret == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE);
-		ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
-		return(NULL);
-		}
-	return u.sym;
-	}
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (sk_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_STACK_ERROR);
+        return (NULL);
+    }
+    ptr = (void *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_NULL_HANDLE);
+        return (NULL);
+    }
+    u.dlret = dlsym(ptr, symname);
+    if (u.dlret == NULL) {
+        DSOerr(DSO_F_DLFCN_BIND_FUNC, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(4, "symname(", symname, "): ", dlerror());
+        return (NULL);
+    }
+    return u.sym;
+}
 
 static char *dlfcn_merger(DSO *dso, const char *filespec1,
-	const char *filespec2)
-	{
-	char *merged;
-
-	if(!filespec1 && !filespec2)
-		{
-		DSOerr(DSO_F_DLFCN_MERGER,
-				ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	/* If the first file specification is a rooted path, it rules.
-	   same goes if the second file specification is missing. */
-	if (!filespec2 || filespec1[0] == '/')
-		{
-		merged = OPENSSL_malloc(strlen(filespec1) + 1);
-		if(!merged)
-			{
-			DSOerr(DSO_F_DLFCN_MERGER,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		strcpy(merged, filespec1);
-		}
-	/* If the first file specification is missing, the second one rules. */
-	else if (!filespec1)
-		{
-		merged = OPENSSL_malloc(strlen(filespec2) + 1);
-		if(!merged)
-			{
-			DSOerr(DSO_F_DLFCN_MERGER,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		strcpy(merged, filespec2);
-		}
-	else
-		/* This part isn't as trivial as it looks.  It assumes that
-		   the second file specification really is a directory, and
-		   makes no checks whatsoever.  Therefore, the result becomes
-		   the concatenation of filespec2 followed by a slash followed
-		   by filespec1. */
-		{
-		int spec2len, len;
+                          const char *filespec2)
+{
+    char *merged;
 
-		spec2len = (filespec2 ? strlen(filespec2) : 0);
-		len = spec2len + (filespec1 ? strlen(filespec1) : 0);
+    if (!filespec1 && !filespec2) {
+        DSOerr(DSO_F_DLFCN_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    /*
+     * If the first file specification is a rooted path, it rules. same goes
+     * if the second file specification is missing.
+     */
+    if (!filespec2 || filespec1[0] == '/') {
+        merged = OPENSSL_malloc(strlen(filespec1) + 1);
+        if (!merged) {
+            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec1);
+    }
+    /*
+     * If the first file specification is missing, the second one rules.
+     */
+    else if (!filespec1) {
+        merged = OPENSSL_malloc(strlen(filespec2) + 1);
+        if (!merged) {
+            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec2);
+    } else
+        /*
+         * This part isn't as trivial as it looks.  It assumes that the
+         * second file specification really is a directory, and makes no
+         * checks whatsoever.  Therefore, the result becomes the
+         * concatenation of filespec2 followed by a slash followed by
+         * filespec1.
+         */
+    {
+        int spec2len, len;
 
-		if(filespec2 && filespec2[spec2len - 1] == '/')
-			{
-			spec2len--;
-			len--;
-			}
-		merged = OPENSSL_malloc(len + 2);
-		if(!merged)
-			{
-			DSOerr(DSO_F_DLFCN_MERGER,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		strcpy(merged, filespec2);
-		merged[spec2len] = '/';
-		strcpy(&merged[spec2len + 1], filespec1);
-		}
-	return(merged);
-	}
+        spec2len = (filespec2 ? strlen(filespec2) : 0);
+        len = spec2len + (filespec1 ? strlen(filespec1) : 0);
 
-#ifdef OPENSSL_SYS_MACOSX
-#define DSO_ext	".dylib"
-#define DSO_extlen 6
-#else
-#define DSO_ext	".so"
-#define DSO_extlen 3
-#endif
+        if (filespec2 && filespec2[spec2len - 1] == '/') {
+            spec2len--;
+            len--;
+        }
+        merged = OPENSSL_malloc(len + 2);
+        if (!merged) {
+            DSOerr(DSO_F_DLFCN_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec2);
+        merged[spec2len] = '/';
+        strcpy(&merged[spec2len + 1], filespec1);
+    }
+    return (merged);
+}
 
+# ifdef OPENSSL_SYS_MACOSX
+#  define DSO_ext ".dylib"
+#  define DSO_extlen 6
+# else
+#  define DSO_ext ".so"
+#  define DSO_extlen 3
+# endif
 
 static char *dlfcn_name_converter(DSO *dso, const char *filename)
-	{
-	char *translated;
-	int len, rsize, transform;
+{
+    char *translated;
+    int len, rsize, transform;
 
-	len = strlen(filename);
-	rsize = len + 1;
-	transform = (strstr(filename, "/") == NULL);
-	if(transform)
-		{
-		/* We will convert this to "%s.so" or "lib%s.so" etc */
-		rsize += DSO_extlen;	/* The length of ".so" */
-		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-			rsize += 3; /* The length of "lib" */
-		}
-	translated = OPENSSL_malloc(rsize);
-	if(translated == NULL)
-		{
-		DSOerr(DSO_F_DLFCN_NAME_CONVERTER,
-				DSO_R_NAME_TRANSLATION_FAILED);
-		return(NULL);
-		}
-	if(transform)
-		{
-		if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
-			sprintf(translated, "lib%s" DSO_ext, filename);
-		else
-			sprintf(translated, "%s" DSO_ext, filename);
-		}
-	else
-		sprintf(translated, "%s", filename);
-	return(translated);
-	}
+    len = strlen(filename);
+    rsize = len + 1;
+    transform = (strstr(filename, "/") == NULL);
+    if (transform) {
+        /* We will convert this to "%s.so" or "lib%s.so" etc */
+        rsize += DSO_extlen;    /* The length of ".so" */
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            rsize += 3;         /* The length of "lib" */
+    }
+    translated = OPENSSL_malloc(rsize);
+    if (translated == NULL) {
+        DSOerr(DSO_F_DLFCN_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+        return (NULL);
+    }
+    if (transform) {
+        if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
+            sprintf(translated, "lib%s" DSO_ext, filename);
+        else
+            sprintf(translated, "%s" DSO_ext, filename);
+    } else
+        sprintf(translated, "%s", filename);
+    return (translated);
+}
 
-#endif /* DSO_DLFCN */
+#endif                          /* DSO_DLFCN */
diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_err.c b/Cryptlib/OpenSSL/crypto/dso/dso_err.c
index a8b0a210..7a1927e5 100644
--- a/Cryptlib/OpenSSL/crypto/dso/dso_err.c
+++ b/Cryptlib/OpenSSL/crypto/dso/dso_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,83 +66,81 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_DSO,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_DSO,0,reason)
 
-static ERR_STRING_DATA DSO_str_functs[]=
-	{
-{ERR_FUNC(DSO_F_DLFCN_BIND_FUNC),	"DLFCN_BIND_FUNC"},
-{ERR_FUNC(DSO_F_DLFCN_BIND_VAR),	"DLFCN_BIND_VAR"},
-{ERR_FUNC(DSO_F_DLFCN_LOAD),	"DLFCN_LOAD"},
-{ERR_FUNC(DSO_F_DLFCN_MERGER),	"DLFCN_MERGER"},
-{ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER),	"DLFCN_NAME_CONVERTER"},
-{ERR_FUNC(DSO_F_DLFCN_UNLOAD),	"DLFCN_UNLOAD"},
-{ERR_FUNC(DSO_F_DL_BIND_FUNC),	"DL_BIND_FUNC"},
-{ERR_FUNC(DSO_F_DL_BIND_VAR),	"DL_BIND_VAR"},
-{ERR_FUNC(DSO_F_DL_LOAD),	"DL_LOAD"},
-{ERR_FUNC(DSO_F_DL_MERGER),	"DL_MERGER"},
-{ERR_FUNC(DSO_F_DL_NAME_CONVERTER),	"DL_NAME_CONVERTER"},
-{ERR_FUNC(DSO_F_DL_UNLOAD),	"DL_UNLOAD"},
-{ERR_FUNC(DSO_F_DSO_BIND_FUNC),	"DSO_bind_func"},
-{ERR_FUNC(DSO_F_DSO_BIND_VAR),	"DSO_bind_var"},
-{ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME),	"DSO_convert_filename"},
-{ERR_FUNC(DSO_F_DSO_CTRL),	"DSO_ctrl"},
-{ERR_FUNC(DSO_F_DSO_FREE),	"DSO_free"},
-{ERR_FUNC(DSO_F_DSO_GET_FILENAME),	"DSO_get_filename"},
-{ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME),	"DSO_get_loaded_filename"},
-{ERR_FUNC(DSO_F_DSO_LOAD),	"DSO_load"},
-{ERR_FUNC(DSO_F_DSO_MERGE),	"DSO_merge"},
-{ERR_FUNC(DSO_F_DSO_NEW_METHOD),	"DSO_new_method"},
-{ERR_FUNC(DSO_F_DSO_SET_FILENAME),	"DSO_set_filename"},
-{ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER),	"DSO_set_name_converter"},
-{ERR_FUNC(DSO_F_DSO_UP_REF),	"DSO_up_ref"},
-{ERR_FUNC(DSO_F_VMS_BIND_SYM),	"VMS_BIND_SYM"},
-{ERR_FUNC(DSO_F_VMS_LOAD),	"VMS_LOAD"},
-{ERR_FUNC(DSO_F_VMS_MERGER),	"VMS_MERGER"},
-{ERR_FUNC(DSO_F_VMS_UNLOAD),	"VMS_UNLOAD"},
-{ERR_FUNC(DSO_F_WIN32_BIND_FUNC),	"WIN32_BIND_FUNC"},
-{ERR_FUNC(DSO_F_WIN32_BIND_VAR),	"WIN32_BIND_VAR"},
-{ERR_FUNC(DSO_F_WIN32_JOINER),	"WIN32_JOINER"},
-{ERR_FUNC(DSO_F_WIN32_LOAD),	"WIN32_LOAD"},
-{ERR_FUNC(DSO_F_WIN32_MERGER),	"WIN32_MERGER"},
-{ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER),	"WIN32_NAME_CONVERTER"},
-{ERR_FUNC(DSO_F_WIN32_SPLITTER),	"WIN32_SPLITTER"},
-{ERR_FUNC(DSO_F_WIN32_UNLOAD),	"WIN32_UNLOAD"},
-{0,NULL}
-	};
+static ERR_STRING_DATA DSO_str_functs[] = {
+    {ERR_FUNC(DSO_F_DLFCN_BIND_FUNC), "DLFCN_BIND_FUNC"},
+    {ERR_FUNC(DSO_F_DLFCN_BIND_VAR), "DLFCN_BIND_VAR"},
+    {ERR_FUNC(DSO_F_DLFCN_LOAD), "DLFCN_LOAD"},
+    {ERR_FUNC(DSO_F_DLFCN_MERGER), "DLFCN_MERGER"},
+    {ERR_FUNC(DSO_F_DLFCN_NAME_CONVERTER), "DLFCN_NAME_CONVERTER"},
+    {ERR_FUNC(DSO_F_DLFCN_UNLOAD), "DLFCN_UNLOAD"},
+    {ERR_FUNC(DSO_F_DL_BIND_FUNC), "DL_BIND_FUNC"},
+    {ERR_FUNC(DSO_F_DL_BIND_VAR), "DL_BIND_VAR"},
+    {ERR_FUNC(DSO_F_DL_LOAD), "DL_LOAD"},
+    {ERR_FUNC(DSO_F_DL_MERGER), "DL_MERGER"},
+    {ERR_FUNC(DSO_F_DL_NAME_CONVERTER), "DL_NAME_CONVERTER"},
+    {ERR_FUNC(DSO_F_DL_UNLOAD), "DL_UNLOAD"},
+    {ERR_FUNC(DSO_F_DSO_BIND_FUNC), "DSO_bind_func"},
+    {ERR_FUNC(DSO_F_DSO_BIND_VAR), "DSO_bind_var"},
+    {ERR_FUNC(DSO_F_DSO_CONVERT_FILENAME), "DSO_convert_filename"},
+    {ERR_FUNC(DSO_F_DSO_CTRL), "DSO_ctrl"},
+    {ERR_FUNC(DSO_F_DSO_FREE), "DSO_free"},
+    {ERR_FUNC(DSO_F_DSO_GET_FILENAME), "DSO_get_filename"},
+    {ERR_FUNC(DSO_F_DSO_GET_LOADED_FILENAME), "DSO_get_loaded_filename"},
+    {ERR_FUNC(DSO_F_DSO_LOAD), "DSO_load"},
+    {ERR_FUNC(DSO_F_DSO_MERGE), "DSO_merge"},
+    {ERR_FUNC(DSO_F_DSO_NEW_METHOD), "DSO_new_method"},
+    {ERR_FUNC(DSO_F_DSO_SET_FILENAME), "DSO_set_filename"},
+    {ERR_FUNC(DSO_F_DSO_SET_NAME_CONVERTER), "DSO_set_name_converter"},
+    {ERR_FUNC(DSO_F_DSO_UP_REF), "DSO_up_ref"},
+    {ERR_FUNC(DSO_F_VMS_BIND_SYM), "VMS_BIND_SYM"},
+    {ERR_FUNC(DSO_F_VMS_LOAD), "VMS_LOAD"},
+    {ERR_FUNC(DSO_F_VMS_MERGER), "VMS_MERGER"},
+    {ERR_FUNC(DSO_F_VMS_UNLOAD), "VMS_UNLOAD"},
+    {ERR_FUNC(DSO_F_WIN32_BIND_FUNC), "WIN32_BIND_FUNC"},
+    {ERR_FUNC(DSO_F_WIN32_BIND_VAR), "WIN32_BIND_VAR"},
+    {ERR_FUNC(DSO_F_WIN32_JOINER), "WIN32_JOINER"},
+    {ERR_FUNC(DSO_F_WIN32_LOAD), "WIN32_LOAD"},
+    {ERR_FUNC(DSO_F_WIN32_MERGER), "WIN32_MERGER"},
+    {ERR_FUNC(DSO_F_WIN32_NAME_CONVERTER), "WIN32_NAME_CONVERTER"},
+    {ERR_FUNC(DSO_F_WIN32_SPLITTER), "WIN32_SPLITTER"},
+    {ERR_FUNC(DSO_F_WIN32_UNLOAD), "WIN32_UNLOAD"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA DSO_str_reasons[]=
-	{
-{ERR_REASON(DSO_R_CTRL_FAILED)           ,"control command failed"},
-{ERR_REASON(DSO_R_DSO_ALREADY_LOADED)    ,"dso already loaded"},
-{ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE)  ,"empty file structure"},
-{ERR_REASON(DSO_R_FAILURE)               ,"failure"},
-{ERR_REASON(DSO_R_FILENAME_TOO_BIG)      ,"filename too big"},
-{ERR_REASON(DSO_R_FINISH_FAILED)         ,"cleanup method function failed"},
-{ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX) ,"incorrect file syntax"},
-{ERR_REASON(DSO_R_LOAD_FAILED)           ,"could not load the shared library"},
-{ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED),"name translation failed"},
-{ERR_REASON(DSO_R_NO_FILENAME)           ,"no filename"},
-{ERR_REASON(DSO_R_NO_FILE_SPECIFICATION) ,"no file specification"},
-{ERR_REASON(DSO_R_NULL_HANDLE)           ,"a null shared library handle was used"},
-{ERR_REASON(DSO_R_SET_FILENAME_FAILED)   ,"set filename failed"},
-{ERR_REASON(DSO_R_STACK_ERROR)           ,"the meth_data stack is corrupt"},
-{ERR_REASON(DSO_R_SYM_FAILURE)           ,"could not bind to the requested symbol name"},
-{ERR_REASON(DSO_R_UNLOAD_FAILED)         ,"could not unload the shared library"},
-{ERR_REASON(DSO_R_UNSUPPORTED)           ,"functionality not supported"},
-{0,NULL}
-	};
+static ERR_STRING_DATA DSO_str_reasons[] = {
+    {ERR_REASON(DSO_R_CTRL_FAILED), "control command failed"},
+    {ERR_REASON(DSO_R_DSO_ALREADY_LOADED), "dso already loaded"},
+    {ERR_REASON(DSO_R_EMPTY_FILE_STRUCTURE), "empty file structure"},
+    {ERR_REASON(DSO_R_FAILURE), "failure"},
+    {ERR_REASON(DSO_R_FILENAME_TOO_BIG), "filename too big"},
+    {ERR_REASON(DSO_R_FINISH_FAILED), "cleanup method function failed"},
+    {ERR_REASON(DSO_R_INCORRECT_FILE_SYNTAX), "incorrect file syntax"},
+    {ERR_REASON(DSO_R_LOAD_FAILED), "could not load the shared library"},
+    {ERR_REASON(DSO_R_NAME_TRANSLATION_FAILED), "name translation failed"},
+    {ERR_REASON(DSO_R_NO_FILENAME), "no filename"},
+    {ERR_REASON(DSO_R_NO_FILE_SPECIFICATION), "no file specification"},
+    {ERR_REASON(DSO_R_NULL_HANDLE), "a null shared library handle was used"},
+    {ERR_REASON(DSO_R_SET_FILENAME_FAILED), "set filename failed"},
+    {ERR_REASON(DSO_R_STACK_ERROR), "the meth_data stack is corrupt"},
+    {ERR_REASON(DSO_R_SYM_FAILURE),
+     "could not bind to the requested symbol name"},
+    {ERR_REASON(DSO_R_UNLOAD_FAILED), "could not unload the shared library"},
+    {ERR_REASON(DSO_R_UNSUPPORTED), "functionality not supported"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_DSO_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(DSO_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,DSO_str_functs);
-		ERR_load_strings(0,DSO_str_reasons);
-		}
+    if (ERR_func_error_string(DSO_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, DSO_str_functs);
+        ERR_load_strings(0, DSO_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c
index 49bdd713..f1584665 100644
--- a/Cryptlib/OpenSSL/crypto/dso/dso_lib.c
+++ b/Cryptlib/OpenSSL/crypto/dso/dso_lib.c
@@ -1,6 +1,7 @@
 /* dso_lib.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,403 +65,365 @@
 static DSO_METHOD *default_DSO_meth = NULL;
 
 DSO *DSO_new(void)
-	{
-	return(DSO_new_method(NULL));
-	}
+{
+    return (DSO_new_method(NULL));
+}
 
 void DSO_set_default_method(DSO_METHOD *meth)
-	{
-	default_DSO_meth = meth;
-	}
+{
+    default_DSO_meth = meth;
+}
 
 DSO_METHOD *DSO_get_default_method(void)
-	{
-	return(default_DSO_meth);
-	}
+{
+    return (default_DSO_meth);
+}
 
 DSO_METHOD *DSO_get_method(DSO *dso)
-	{
-	return(dso->meth);
-	}
+{
+    return (dso->meth);
+}
 
 DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth)
-	{
-	DSO_METHOD *mtmp;
-	mtmp = dso->meth;
-	dso->meth = meth;
-	return(mtmp);
-	}
+{
+    DSO_METHOD *mtmp;
+    mtmp = dso->meth;
+    dso->meth = meth;
+    return (mtmp);
+}
 
 DSO *DSO_new_method(DSO_METHOD *meth)
-	{
-	DSO *ret;
-
-	if(default_DSO_meth == NULL)
-		/* We default to DSO_METH_openssl() which in turn defaults
-		 * to stealing the "best available" method. Will fallback
-		 * to DSO_METH_null() in the worst case. */
-		default_DSO_meth = DSO_METHOD_openssl();
-	ret = (DSO *)OPENSSL_malloc(sizeof(DSO));
-	if(ret == NULL)
-		{
-		DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	memset(ret, 0, sizeof(DSO));
-	ret->meth_data = sk_new_null();
-	if(ret->meth_data == NULL)
-		{
-		/* sk_new doesn't generate any errors so we do */
-		DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		OPENSSL_free(ret);
-		return(NULL);
-		}
-	if(meth == NULL)
-		ret->meth = default_DSO_meth;
-	else
-		ret->meth = meth;
-	ret->references = 1;
-	if((ret->meth->init != NULL) && !ret->meth->init(ret))
-		{
-		OPENSSL_free(ret);
-		ret=NULL;
-		}
-	return(ret);
-	}
+{
+    DSO *ret;
+
+    if (default_DSO_meth == NULL)
+        /*
+         * We default to DSO_METH_openssl() which in turn defaults to
+         * stealing the "best available" method. Will fallback to
+         * DSO_METH_null() in the worst case.
+         */
+        default_DSO_meth = DSO_METHOD_openssl();
+    ret = (DSO *)OPENSSL_malloc(sizeof(DSO));
+    if (ret == NULL) {
+        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    memset(ret, 0, sizeof(DSO));
+    ret->meth_data = sk_new_null();
+    if (ret->meth_data == NULL) {
+        /* sk_new doesn't generate any errors so we do */
+        DSOerr(DSO_F_DSO_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(ret);
+        return (NULL);
+    }
+    if (meth == NULL)
+        ret->meth = default_DSO_meth;
+    else
+        ret->meth = meth;
+    ret->references = 1;
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        OPENSSL_free(ret);
+        ret = NULL;
+    }
+    return (ret);
+}
 
 int DSO_free(DSO *dso)
-	{
-        int i;
- 
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DSO_FREE,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
- 
-	i=CRYPTO_add(&dso->references,-1,CRYPTO_LOCK_DSO);
+{
+    int i;
+
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_FREE, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+
+    i = CRYPTO_add(&dso->references, -1, CRYPTO_LOCK_DSO);
 #ifdef REF_PRINT
-	REF_PRINT("DSO",dso);
+    REF_PRINT("DSO", dso);
 #endif
-	if(i > 0) return(1);
+    if (i > 0)
+        return (1);
 #ifdef REF_CHECK
-	if(i < 0)
-		{
-		fprintf(stderr,"DSO_free, bad reference count\n");
-		abort();
-		}
+    if (i < 0) {
+        fprintf(stderr, "DSO_free, bad reference count\n");
+        abort();
+    }
 #endif
 
-	if((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso))
-		{
-		DSOerr(DSO_F_DSO_FREE,DSO_R_UNLOAD_FAILED);
-		return(0);
-		}
- 
-	if((dso->meth->finish != NULL) && !dso->meth->finish(dso))
-		{
-		DSOerr(DSO_F_DSO_FREE,DSO_R_FINISH_FAILED);
-		return(0);
-		}
-	
-	sk_free(dso->meth_data);
-	if(dso->filename != NULL)
-		OPENSSL_free(dso->filename);
-	if(dso->loaded_filename != NULL)
-		OPENSSL_free(dso->loaded_filename);
- 
-	OPENSSL_free(dso);
-	return(1);
-	}
+    if ((dso->meth->dso_unload != NULL) && !dso->meth->dso_unload(dso)) {
+        DSOerr(DSO_F_DSO_FREE, DSO_R_UNLOAD_FAILED);
+        return (0);
+    }
 
-int DSO_flags(DSO *dso)
-	{
-	return((dso == NULL) ? 0 : dso->flags);
-	}
+    if ((dso->meth->finish != NULL) && !dso->meth->finish(dso)) {
+        DSOerr(DSO_F_DSO_FREE, DSO_R_FINISH_FAILED);
+        return (0);
+    }
 
+    sk_free(dso->meth_data);
+    if (dso->filename != NULL)
+        OPENSSL_free(dso->filename);
+    if (dso->loaded_filename != NULL)
+        OPENSSL_free(dso->loaded_filename);
+
+    OPENSSL_free(dso);
+    return (1);
+}
+
+int DSO_flags(DSO *dso)
+{
+    return ((dso == NULL) ? 0 : dso->flags);
+}
 
 int DSO_up_ref(DSO *dso)
-	{
-	if (dso == NULL)
-		{
-		DSOerr(DSO_F_DSO_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
 
-	CRYPTO_add(&dso->references,1,CRYPTO_LOCK_DSO);
-	return(1);
-	}
+    CRYPTO_add(&dso->references, 1, CRYPTO_LOCK_DSO);
+    return (1);
+}
 
 DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags)
-	{
-	DSO *ret;
-	int allocated = 0;
-
-	if(dso == NULL)
-		{
-		ret = DSO_new_method(meth);
-		if(ret == NULL)
-			{
-			DSOerr(DSO_F_DSO_LOAD,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		allocated = 1;
-		/* Pass the provided flags to the new DSO object */
-		if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0)
-			{
-			DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED);
-			goto err;
-			}
-		}
-	else
-		ret = dso;
-	/* Don't load if we're currently already loaded */
-	if(ret->filename != NULL)
-		{
-		DSOerr(DSO_F_DSO_LOAD,DSO_R_DSO_ALREADY_LOADED);
-		goto err;
-		}
-	/* filename can only be NULL if we were passed a dso that already has
-	 * one set. */
-	if(filename != NULL)
-		if(!DSO_set_filename(ret, filename))
-			{
-			DSOerr(DSO_F_DSO_LOAD,DSO_R_SET_FILENAME_FAILED);
-			goto err;
-			}
-	filename = ret->filename;
-	if(filename == NULL)
-		{
-		DSOerr(DSO_F_DSO_LOAD,DSO_R_NO_FILENAME);
-		goto err;
-		}
-	if(ret->meth->dso_load == NULL)
-		{
-		DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED);
-		goto err;
-		}
-	if(!ret->meth->dso_load(ret))
-		{
-		DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED);
-		goto err;
-		}
-	/* Load succeeded */
-	return(ret);
-err:
-	if(allocated)
-		DSO_free(ret);
-	return(NULL);
-	}
+{
+    DSO *ret;
+    int allocated = 0;
+
+    if (dso == NULL) {
+        ret = DSO_new_method(meth);
+        if (ret == NULL) {
+            DSOerr(DSO_F_DSO_LOAD, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        allocated = 1;
+        /* Pass the provided flags to the new DSO object */
+        if (DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) {
+            DSOerr(DSO_F_DSO_LOAD, DSO_R_CTRL_FAILED);
+            goto err;
+        }
+    } else
+        ret = dso;
+    /* Don't load if we're currently already loaded */
+    if (ret->filename != NULL) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_DSO_ALREADY_LOADED);
+        goto err;
+    }
+    /*
+     * filename can only be NULL if we were passed a dso that already has one
+     * set.
+     */
+    if (filename != NULL)
+        if (!DSO_set_filename(ret, filename)) {
+            DSOerr(DSO_F_DSO_LOAD, DSO_R_SET_FILENAME_FAILED);
+            goto err;
+        }
+    filename = ret->filename;
+    if (filename == NULL) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+    if (ret->meth->dso_load == NULL) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_UNSUPPORTED);
+        goto err;
+    }
+    if (!ret->meth->dso_load(ret)) {
+        DSOerr(DSO_F_DSO_LOAD, DSO_R_LOAD_FAILED);
+        goto err;
+    }
+    /* Load succeeded */
+    return (ret);
+ err:
+    if (allocated)
+        DSO_free(ret);
+    return (NULL);
+}
 
 void *DSO_bind_var(DSO *dso, const char *symname)
-	{
-	void *ret = NULL;
-
-	if((dso == NULL) || (symname == NULL))
-		{
-		DSOerr(DSO_F_DSO_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(dso->meth->dso_bind_var == NULL)
-		{
-		DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_UNSUPPORTED);
-		return(NULL);
-		}
-	if((ret = dso->meth->dso_bind_var(dso, symname)) == NULL)
-		{
-		DSOerr(DSO_F_DSO_BIND_VAR,DSO_R_SYM_FAILURE);
-		return(NULL);
-		}
-	/* Success */
-	return(ret);
-	}
+{
+    void *ret = NULL;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DSO_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (dso->meth->dso_bind_var == NULL) {
+        DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_UNSUPPORTED);
+        return (NULL);
+    }
+    if ((ret = dso->meth->dso_bind_var(dso, symname)) == NULL) {
+        DSOerr(DSO_F_DSO_BIND_VAR, DSO_R_SYM_FAILURE);
+        return (NULL);
+    }
+    /* Success */
+    return (ret);
+}
 
 DSO_FUNC_TYPE DSO_bind_func(DSO *dso, const char *symname)
-	{
-	DSO_FUNC_TYPE ret = NULL;
-
-	if((dso == NULL) || (symname == NULL))
-		{
-		DSOerr(DSO_F_DSO_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(dso->meth->dso_bind_func == NULL)
-		{
-		DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_UNSUPPORTED);
-		return(NULL);
-		}
-	if((ret = dso->meth->dso_bind_func(dso, symname)) == NULL)
-		{
-		DSOerr(DSO_F_DSO_BIND_FUNC,DSO_R_SYM_FAILURE);
-		return(NULL);
-		}
-	/* Success */
-	return(ret);
-	}
-
-/* I don't really like these *_ctrl functions very much to be perfectly
- * honest. For one thing, I think I have to return a negative value for
- * any error because possible DSO_ctrl() commands may return values
- * such as "size"s that can legitimately be zero (making the standard
- * "if(DSO_cmd(...))" form that works almost everywhere else fail at
- * odd times. I'd prefer "output" values to be passed by reference and
- * the return value as success/failure like usual ... but we conform
- * when we must... :-) */
+{
+    DSO_FUNC_TYPE ret = NULL;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_DSO_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (dso->meth->dso_bind_func == NULL) {
+        DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_UNSUPPORTED);
+        return (NULL);
+    }
+    if ((ret = dso->meth->dso_bind_func(dso, symname)) == NULL) {
+        DSOerr(DSO_F_DSO_BIND_FUNC, DSO_R_SYM_FAILURE);
+        return (NULL);
+    }
+    /* Success */
+    return (ret);
+}
+
+/*
+ * I don't really like these *_ctrl functions very much to be perfectly
+ * honest. For one thing, I think I have to return a negative value for any
+ * error because possible DSO_ctrl() commands may return values such as
+ * "size"s that can legitimately be zero (making the standard
+ * "if(DSO_cmd(...))" form that works almost everywhere else fail at odd
+ * times. I'd prefer "output" values to be passed by reference and the return
+ * value as success/failure like usual ... but we conform when we must... :-)
+ */
 long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg)
-	{
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DSO_CTRL,ERR_R_PASSED_NULL_PARAMETER);
-		return(-1);
-		}
-	/* We should intercept certain generic commands and only pass control
-	 * to the method-specific ctrl() function if it's something we don't
-	 * handle. */
-	switch(cmd)
-		{
-	case DSO_CTRL_GET_FLAGS:
-		return dso->flags;
-	case DSO_CTRL_SET_FLAGS:
-		dso->flags = (int)larg;
-		return(0);
-	case DSO_CTRL_OR_FLAGS:
-		dso->flags |= (int)larg;
-		return(0);
-	default:
-		break;
-		}
-	if((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL))
-		{
-		DSOerr(DSO_F_DSO_CTRL,DSO_R_UNSUPPORTED);
-		return(-1);
-		}
-	return(dso->meth->dso_ctrl(dso,cmd,larg,parg));
-	}
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return (-1);
+    }
+    /*
+     * We should intercept certain generic commands and only pass control to
+     * the method-specific ctrl() function if it's something we don't handle.
+     */
+    switch (cmd) {
+    case DSO_CTRL_GET_FLAGS:
+        return dso->flags;
+    case DSO_CTRL_SET_FLAGS:
+        dso->flags = (int)larg;
+        return (0);
+    case DSO_CTRL_OR_FLAGS:
+        dso->flags |= (int)larg;
+        return (0);
+    default:
+        break;
+    }
+    if ((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) {
+        DSOerr(DSO_F_DSO_CTRL, DSO_R_UNSUPPORTED);
+        return (-1);
+    }
+    return (dso->meth->dso_ctrl(dso, cmd, larg, parg));
+}
 
 int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb,
-			DSO_NAME_CONVERTER_FUNC *oldcb)
-	{
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DSO_SET_NAME_CONVERTER,
-				ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if(oldcb)
-		*oldcb = dso->name_converter;
-	dso->name_converter = cb;
-	return(1);
-	}
+                           DSO_NAME_CONVERTER_FUNC *oldcb)
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_SET_NAME_CONVERTER, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (oldcb)
+        *oldcb = dso->name_converter;
+    dso->name_converter = cb;
+    return (1);
+}
 
 const char *DSO_get_filename(DSO *dso)
-	{
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DSO_GET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	return(dso->filename);
-	}
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_GET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    return (dso->filename);
+}
 
 int DSO_set_filename(DSO *dso, const char *filename)
-	{
-	char *copied;
-
-	if((dso == NULL) || (filename == NULL))
-		{
-		DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if(dso->loaded_filename)
-		{
-		DSOerr(DSO_F_DSO_SET_FILENAME,DSO_R_DSO_ALREADY_LOADED);
-		return(0);
-		}
-	/* We'll duplicate filename */
-	copied = OPENSSL_malloc(strlen(filename) + 1);
-	if(copied == NULL)
-		{
-		DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	BUF_strlcpy(copied, filename, strlen(filename) + 1);
-	if(dso->filename)
-		OPENSSL_free(dso->filename);
-	dso->filename = copied;
-	return(1);
-	}
+{
+    char *copied;
+
+    if ((dso == NULL) || (filename == NULL)) {
+        DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (dso->loaded_filename) {
+        DSOerr(DSO_F_DSO_SET_FILENAME, DSO_R_DSO_ALREADY_LOADED);
+        return (0);
+    }
+    /* We'll duplicate filename */
+    copied = OPENSSL_malloc(strlen(filename) + 1);
+    if (copied == NULL) {
+        DSOerr(DSO_F_DSO_SET_FILENAME, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    BUF_strlcpy(copied, filename, strlen(filename) + 1);
+    if (dso->filename)
+        OPENSSL_free(dso->filename);
+    dso->filename = copied;
+    return (1);
+}
 
 char *DSO_merge(DSO *dso, const char *filespec1, const char *filespec2)
-	{
-	char *result = NULL;
-
-	if(dso == NULL || filespec1 == NULL)
-		{
-		DSOerr(DSO_F_DSO_MERGE,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(filespec1 == NULL)
-		filespec1 = dso->filename;
-	if(filespec1 == NULL)
-		{
-		DSOerr(DSO_F_DSO_MERGE,DSO_R_NO_FILE_SPECIFICATION);
-		return(NULL);
-		}
-	if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
-		{
-		if(dso->merger != NULL)
-			result = dso->merger(dso, filespec1, filespec2);
-		else if(dso->meth->dso_merger != NULL)
-			result = dso->meth->dso_merger(dso,
-				filespec1, filespec2);
-		}
-	return(result);
-	}
+{
+    char *result = NULL;
+
+    if (dso == NULL || filespec1 == NULL) {
+        DSOerr(DSO_F_DSO_MERGE, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (filespec1 == NULL)
+        filespec1 = dso->filename;
+    if (filespec1 == NULL) {
+        DSOerr(DSO_F_DSO_MERGE, DSO_R_NO_FILE_SPECIFICATION);
+        return (NULL);
+    }
+    if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
+        if (dso->merger != NULL)
+            result = dso->merger(dso, filespec1, filespec2);
+        else if (dso->meth->dso_merger != NULL)
+            result = dso->meth->dso_merger(dso, filespec1, filespec2);
+    }
+    return (result);
+}
 
 char *DSO_convert_filename(DSO *dso, const char *filename)
-	{
-	char *result = NULL;
-
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DSO_CONVERT_FILENAME,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(filename == NULL)
-		filename = dso->filename;
-	if(filename == NULL)
-		{
-		DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME);
-		return(NULL);
-		}
-	if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0)
-		{
-		if(dso->name_converter != NULL)
-			result = dso->name_converter(dso, filename);
-		else if(dso->meth->dso_name_converter != NULL)
-			result = dso->meth->dso_name_converter(dso, filename);
-		}
-	if(result == NULL)
-		{
-		result = OPENSSL_malloc(strlen(filename) + 1);
-		if(result == NULL)
-			{
-			DSOerr(DSO_F_DSO_CONVERT_FILENAME,
-					ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		BUF_strlcpy(result, filename, strlen(filename) + 1);
-		}
-	return(result);
-	}
+{
+    char *result = NULL;
+
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (filename == NULL)
+        filename = dso->filename;
+    if (filename == NULL) {
+        DSOerr(DSO_F_DSO_CONVERT_FILENAME, DSO_R_NO_FILENAME);
+        return (NULL);
+    }
+    if ((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) {
+        if (dso->name_converter != NULL)
+            result = dso->name_converter(dso, filename);
+        else if (dso->meth->dso_name_converter != NULL)
+            result = dso->meth->dso_name_converter(dso, filename);
+    }
+    if (result == NULL) {
+        result = OPENSSL_malloc(strlen(filename) + 1);
+        if (result == NULL) {
+            DSOerr(DSO_F_DSO_CONVERT_FILENAME, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        BUF_strlcpy(result, filename, strlen(filename) + 1);
+    }
+    return (result);
+}
 
 const char *DSO_get_loaded_filename(DSO *dso)
-	{
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_DSO_GET_LOADED_FILENAME,
-				ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	return(dso->loaded_filename);
-	}
+{
+    if (dso == NULL) {
+        DSOerr(DSO_F_DSO_GET_LOADED_FILENAME, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    return (dso->loaded_filename);
+}
diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_null.c b/Cryptlib/OpenSSL/crypto/dso/dso_null.c
index 49729846..3d112729 100644
--- a/Cryptlib/OpenSSL/crypto/dso/dso_null.c
+++ b/Cryptlib/OpenSSL/crypto/dso/dso_null.c
@@ -1,6 +1,7 @@
 /* dso_null.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,33 +57,34 @@
  *
  */
 
-/* This "NULL" method is provided as the fallback for systems that have
- * no appropriate support for "shared-libraries". */
+/*
+ * This "NULL" method is provided as the fallback for systems that have no
+ * appropriate support for "shared-libraries".
+ */
 
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/dso.h>
 
 static DSO_METHOD dso_meth_null = {
-	"NULL shared library method",
-	NULL, /* load */
-	NULL, /* unload */
-	NULL, /* bind_var */
-	NULL, /* bind_func */
+    "NULL shared library method",
+    NULL,                       /* load */
+    NULL,                       /* unload */
+    NULL,                       /* bind_var */
+    NULL,                       /* bind_func */
 /* For now, "unbind" doesn't exist */
 #if 0
-	NULL, /* unbind_var */
-	NULL, /* unbind_func */
+    NULL,                       /* unbind_var */
+    NULL,                       /* unbind_func */
 #endif
-	NULL, /* ctrl */
-	NULL, /* dso_name_converter */
-	NULL, /* dso_merger */
-	NULL, /* init */
-	NULL  /* finish */
-	};
+    NULL,                       /* ctrl */
+    NULL,                       /* dso_name_converter */
+    NULL,                       /* dso_merger */
+    NULL,                       /* init */
+    NULL                        /* finish */
+};
 
 DSO_METHOD *DSO_METHOD_null(void)
-	{
-	return(&dso_meth_null);
-	}
-
+{
+    return (&dso_meth_null);
+}
diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c
index a4395ebf..27b7d559 100644
--- a/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c
+++ b/Cryptlib/OpenSSL/crypto/dso/dso_openssl.c
@@ -1,6 +1,7 @@
 /* dso_openssl.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -63,19 +64,18 @@
 /* We just pinch the method from an appropriate "default" method. */
 
 DSO_METHOD *DSO_METHOD_openssl(void)
-	{
+{
 #ifdef DEF_DSO_METHOD
-	return(DEF_DSO_METHOD());
+    return (DEF_DSO_METHOD());
 #elif defined(DSO_DLFCN)
-	return(DSO_METHOD_dlfcn());
+    return (DSO_METHOD_dlfcn());
 #elif defined(DSO_DL)
-	return(DSO_METHOD_dl());
+    return (DSO_METHOD_dl());
 #elif defined(DSO_WIN32)
-	return(DSO_METHOD_win32());
+    return (DSO_METHOD_win32());
 #elif defined(DSO_VMS)
-	return(DSO_METHOD_vms());
+    return (DSO_METHOD_vms());
 #else
-	return(DSO_METHOD_null());
+    return (DSO_METHOD_null());
 #endif
-	}
-
+}
diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c
index 2c434ee8..12e1db3f 100644
--- a/Cryptlib/OpenSSL/crypto/dso/dso_vms.c
+++ b/Cryptlib/OpenSSL/crypto/dso/dso_vms.c
@@ -1,6 +1,7 @@
 /* dso_vms.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,443 +63,442 @@
 #include "cryptlib.h"
 #include <openssl/dso.h>
 #ifdef OPENSSL_SYS_VMS
-#pragma message disable DOLLARID
-#include <rms.h>
-#include <lib$routines.h>
-#include <stsdef.h>
-#include <descrip.h>
-#include <starlet.h>
+# pragma message disable DOLLARID
+# include <rms.h>
+# include <lib$routines.h>
+# include <stsdef.h>
+# include <descrip.h>
+# include <starlet.h>
 #endif
 
 #ifndef OPENSSL_SYS_VMS
 DSO_METHOD *DSO_METHOD_vms(void)
-	{
-	return NULL;
-	}
+{
+    return NULL;
+}
 #else
-#pragma message disable DOLLARID
+# pragma message disable DOLLARID
 
 static int vms_load(DSO *dso);
 static int vms_unload(DSO *dso);
 static void *vms_bind_var(DSO *dso, const char *symname);
 static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname);
-#if 0
+# if 0
 static int vms_unbind_var(DSO *dso, char *symname, void *symptr);
 static int vms_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
 static int vms_init(DSO *dso);
 static int vms_finish(DSO *dso);
 static long vms_ctrl(DSO *dso, int cmd, long larg, void *parg);
-#endif
+# endif
 static char *vms_name_converter(DSO *dso, const char *filename);
 static char *vms_merger(DSO *dso, const char *filespec1,
-	const char *filespec2);
+                        const char *filespec2);
 
 static DSO_METHOD dso_meth_vms = {
-	"OpenSSL 'VMS' shared library method",
-	vms_load,
-	NULL, /* unload */
-	vms_bind_var,
-	vms_bind_func,
+    "OpenSSL 'VMS' shared library method",
+    vms_load,
+    NULL,                       /* unload */
+    vms_bind_var,
+    vms_bind_func,
 /* For now, "unbind" doesn't exist */
-#if 0
-	NULL, /* unbind_var */
-	NULL, /* unbind_func */
-#endif
-	NULL, /* ctrl */
-	vms_name_converter,
-	vms_merger,
-	NULL, /* init */
-	NULL  /* finish */
-	};
-
-/* On VMS, the only "handle" is the file name.  LIB$FIND_IMAGE_SYMBOL depends
+# if 0
+    NULL,                       /* unbind_var */
+    NULL,                       /* unbind_func */
+# endif
+    NULL,                       /* ctrl */
+    vms_name_converter,
+    vms_merger,
+    NULL,                       /* init */
+    NULL                        /* finish */
+};
+
+/*
+ * On VMS, the only "handle" is the file name.  LIB$FIND_IMAGE_SYMBOL depends
  * on the reference to the file name being the same for all calls regarding
  * one shared image, so we'll just store it in an instance of the following
  * structure and put a pointer to that instance in the meth_data stack.
  */
-typedef struct dso_internal_st
-	{
-	/* This should contain the name only, no directory,
-	 * no extension, nothing but a name. */
-	struct dsc$descriptor_s filename_dsc;
-	char filename[FILENAME_MAX+1];
-	/* This contains whatever is not in filename, if needed.
-	 * Normally not defined. */
-	struct dsc$descriptor_s imagename_dsc;
-	char imagename[FILENAME_MAX+1];
-	} DSO_VMS_INTERNAL;
-
+typedef struct dso_internal_st {
+    /*
+     * This should contain the name only, no directory, no extension, nothing
+     * but a name.
+     */
+    struct dsc$descriptor_s filename_dsc;
+    char filename[FILENAME_MAX + 1];
+    /*
+     * This contains whatever is not in filename, if needed. Normally not
+     * defined.
+     */
+    struct dsc$descriptor_s imagename_dsc;
+    char imagename[FILENAME_MAX + 1];
+} DSO_VMS_INTERNAL;
 
 DSO_METHOD *DSO_METHOD_vms(void)
-	{
-	return(&dso_meth_vms);
-	}
+{
+    return (&dso_meth_vms);
+}
 
 static int vms_load(DSO *dso)
-	{
-	void *ptr = NULL;
-	/* See applicable comments in dso_dl.c */
-	char *filename = DSO_convert_filename(dso, NULL);
-	DSO_VMS_INTERNAL *p;
-	const char *sp1, *sp2;	/* Search result */
-
-	if(filename == NULL)
-		{
-		DSOerr(DSO_F_VMS_LOAD,DSO_R_NO_FILENAME);
-		goto err;
-		}
-
-	/* A file specification may look like this:
-	 *
-	 *	node::dev:[dir-spec]name.type;ver
-	 *
-	 * or (for compatibility with TOPS-20):
-	 *
-	 *	node::dev:<dir-spec>name.type;ver
-	 *
-	 * and the dir-spec uses '.' as separator.  Also, a dir-spec
-	 * may consist of several parts, with mixed use of [] and <>:
-	 *
-	 *	[dir1.]<dir2>
-	 *
-	 * We need to split the file specification into the name and
-	 * the rest (both before and after the name itself).
-	 */
-	/* Start with trying to find the end of a dir-spec, and save the
-	   position of the byte after in sp1 */
-	sp1 = strrchr(filename, ']');
-	sp2 = strrchr(filename, '>');
-	if (sp1 == NULL) sp1 = sp2;
-	if (sp2 != NULL && sp2 > sp1) sp1 = sp2;
-	if (sp1 == NULL) sp1 = strrchr(filename, ':');
-	if (sp1 == NULL)
-		sp1 = filename;
-	else
-		sp1++;		/* The byte after the found character */
-	/* Now, let's see if there's a type, and save the position in sp2 */
-	sp2 = strchr(sp1, '.');
-	/* If we found it, that's where we'll cut.  Otherwise, look for a
-	   version number and save the position in sp2 */
-	if (sp2 == NULL) sp2 = strchr(sp1, ';');
-	/* If there was still nothing to find, set sp2 to point at the end of
-	   the string */
-	if (sp2 == NULL) sp2 = sp1 + strlen(sp1);
-
-	/* Check that we won't get buffer overflows */
-	if (sp2 - sp1 > FILENAME_MAX
-		|| (sp1 - filename) + strlen(sp2) > FILENAME_MAX)
-		{
-		DSOerr(DSO_F_VMS_LOAD,DSO_R_FILENAME_TOO_BIG);
-		goto err;
-		}
-
-	p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL));
-	if(p == NULL)
-		{
-		DSOerr(DSO_F_VMS_LOAD,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	strncpy(p->filename, sp1, sp2-sp1);
-	p->filename[sp2-sp1] = '\0';
-
-	strncpy(p->imagename, filename, sp1-filename);
-	p->imagename[sp1-filename] = '\0';
-	strcat(p->imagename, sp2);
-
-	p->filename_dsc.dsc$w_length = strlen(p->filename);
-	p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-	p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;
-	p->filename_dsc.dsc$a_pointer = p->filename;
-	p->imagename_dsc.dsc$w_length = strlen(p->imagename);
-	p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-	p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
-	p->imagename_dsc.dsc$a_pointer = p->imagename;
-
-	if(!sk_push(dso->meth_data, (char *)p))
-		{
-		DSOerr(DSO_F_VMS_LOAD,DSO_R_STACK_ERROR);
-		goto err;
-		}
-
-	/* Success (for now, we lie.  We actually do not know...) */
-	dso->loaded_filename = filename;
-	return(1);
-err:
-	/* Cleanup! */
-	if(p != NULL)
-		OPENSSL_free(p);
-	if(filename != NULL)
-		OPENSSL_free(filename);
-	return(0);
-	}
-
-/* Note that this doesn't actually unload the shared image, as there is no
+{
+    void *ptr = NULL;
+    /* See applicable comments in dso_dl.c */
+    char *filename = DSO_convert_filename(dso, NULL);
+    DSO_VMS_INTERNAL *p;
+    const char *sp1, *sp2;      /* Search result */
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_VMS_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+
+    /*-
+     * A file specification may look like this:
+     *
+     *      node::dev:[dir-spec]name.type;ver
+     *
+     * or (for compatibility with TOPS-20):
+     *
+     *      node::dev:<dir-spec>name.type;ver
+     *
+     * and the dir-spec uses '.' as separator.  Also, a dir-spec
+     * may consist of several parts, with mixed use of [] and <>:
+     *
+     *      [dir1.]<dir2>
+     *
+     * We need to split the file specification into the name and
+     * the rest (both before and after the name itself).
+     */
+    /*
+     * Start with trying to find the end of a dir-spec, and save the position
+     * of the byte after in sp1
+     */
+    sp1 = strrchr(filename, ']');
+    sp2 = strrchr(filename, '>');
+    if (sp1 == NULL)
+        sp1 = sp2;
+    if (sp2 != NULL && sp2 > sp1)
+        sp1 = sp2;
+    if (sp1 == NULL)
+        sp1 = strrchr(filename, ':');
+    if (sp1 == NULL)
+        sp1 = filename;
+    else
+        sp1++;                  /* The byte after the found character */
+    /* Now, let's see if there's a type, and save the position in sp2 */
+    sp2 = strchr(sp1, '.');
+    /*
+     * If we found it, that's where we'll cut.  Otherwise, look for a version
+     * number and save the position in sp2
+     */
+    if (sp2 == NULL)
+        sp2 = strchr(sp1, ';');
+    /*
+     * If there was still nothing to find, set sp2 to point at the end of the
+     * string
+     */
+    if (sp2 == NULL)
+        sp2 = sp1 + strlen(sp1);
+
+    /* Check that we won't get buffer overflows */
+    if (sp2 - sp1 > FILENAME_MAX
+        || (sp1 - filename) + strlen(sp2) > FILENAME_MAX) {
+        DSOerr(DSO_F_VMS_LOAD, DSO_R_FILENAME_TOO_BIG);
+        goto err;
+    }
+
+    p = (DSO_VMS_INTERNAL *)OPENSSL_malloc(sizeof(DSO_VMS_INTERNAL));
+    if (p == NULL) {
+        DSOerr(DSO_F_VMS_LOAD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    strncpy(p->filename, sp1, sp2 - sp1);
+    p->filename[sp2 - sp1] = '\0';
+
+    strncpy(p->imagename, filename, sp1 - filename);
+    p->imagename[sp1 - filename] = '\0';
+    strcat(p->imagename, sp2);
+
+    p->filename_dsc.dsc$w_length = strlen(p->filename);
+    p->filename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    p->filename_dsc.dsc$b_class = DSC$K_CLASS_S;
+    p->filename_dsc.dsc$a_pointer = p->filename;
+    p->imagename_dsc.dsc$w_length = strlen(p->imagename);
+    p->imagename_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    p->imagename_dsc.dsc$b_class = DSC$K_CLASS_S;
+    p->imagename_dsc.dsc$a_pointer = p->imagename;
+
+    if (!sk_push(dso->meth_data, (char *)p)) {
+        DSOerr(DSO_F_VMS_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+
+    /* Success (for now, we lie.  We actually do not know...) */
+    dso->loaded_filename = filename;
+    return (1);
+ err:
+    /* Cleanup! */
+    if (p != NULL)
+        OPENSSL_free(p);
+    if (filename != NULL)
+        OPENSSL_free(filename);
+    return (0);
+}
+
+/*
+ * Note that this doesn't actually unload the shared image, as there is no
  * such thing in VMS.  Next time it get loaded again, a new copy will
  * actually be loaded.
  */
 static int vms_unload(DSO *dso)
-	{
-	DSO_VMS_INTERNAL *p;
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_VMS_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if(sk_num(dso->meth_data) < 1)
-		return(1);
-	p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data);
-	if(p == NULL)
-		{
-		DSOerr(DSO_F_VMS_UNLOAD,DSO_R_NULL_HANDLE);
-		return(0);
-		}
-	/* Cleanup */
-	OPENSSL_free(p);
-	return(1);
-	}
-
-/* We must do this in a separate function because of the way the exception
-   handler works (it makes this function return */
+{
+    DSO_VMS_INTERNAL *p;
+    if (dso == NULL) {
+        DSOerr(DSO_F_VMS_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (sk_num(dso->meth_data) < 1)
+        return (1);
+    p = (DSO_VMS_INTERNAL *)sk_pop(dso->meth_data);
+    if (p == NULL) {
+        DSOerr(DSO_F_VMS_UNLOAD, DSO_R_NULL_HANDLE);
+        return (0);
+    }
+    /* Cleanup */
+    OPENSSL_free(p);
+    return (1);
+}
+
+/*
+ * We must do this in a separate function because of the way the exception
+ * handler works (it makes this function return
+ */
 static int do_find_symbol(DSO_VMS_INTERNAL *ptr,
-	struct dsc$descriptor_s *symname_dsc, void **sym,
-	unsigned long flags)
-	{
-	/* Make sure that signals are caught and returned instead of
-	   aborting the program.  The exception handler gets unestablished
-	   automatically on return from this function.  */
-	lib$establish(lib$sig_to_ret);
-
-	if(ptr->imagename_dsc.dsc$w_length)
-		return lib$find_image_symbol(&ptr->filename_dsc,
-			symname_dsc, sym,
-			&ptr->imagename_dsc, flags);
-	else
-		return lib$find_image_symbol(&ptr->filename_dsc,
-			symname_dsc, sym,
-			0, flags);
-	}
+                          struct dsc$descriptor_s *symname_dsc, void **sym,
+                          unsigned long flags)
+{
+    /*
+     * Make sure that signals are caught and returned instead of aborting the
+     * program.  The exception handler gets unestablished automatically on
+     * return from this function.
+     */
+    lib$establish(lib$sig_to_ret);
+
+    if (ptr->imagename_dsc.dsc$w_length)
+        return lib$find_image_symbol(&ptr->filename_dsc,
+                                     symname_dsc, sym,
+                                     &ptr->imagename_dsc, flags);
+    else
+        return lib$find_image_symbol(&ptr->filename_dsc,
+                                     symname_dsc, sym, 0, flags);
+}
 
 void vms_bind_sym(DSO *dso, const char *symname, void **sym)
-	{
-	DSO_VMS_INTERNAL *ptr;
-	int status;
-#if 0
-	int flags = (1<<4); /* LIB$M_FIS_MIXEDCASE, but this symbol isn't
-                               defined in VMS older than 7.0 or so */
-#else
-	int flags = 0;
-#endif
-	struct dsc$descriptor_s symname_dsc;
-	*sym = NULL;
-
-	symname_dsc.dsc$w_length = strlen(symname);
-	symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-	symname_dsc.dsc$b_class = DSC$K_CLASS_S;
-	symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */
-
-	if((dso == NULL) || (symname == NULL))
-		{
-		DSOerr(DSO_F_VMS_BIND_SYM,ERR_R_PASSED_NULL_PARAMETER);
-		return;
-		}
-	if(sk_num(dso->meth_data) < 1)
-		{
-		DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_STACK_ERROR);
-		return;
-		}
-	ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data,
-		sk_num(dso->meth_data) - 1);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_NULL_HANDLE);
-		return;
-		}
-
-	if(dso->flags & DSO_FLAG_UPCASE_SYMBOL) flags = 0;
-
-	status = do_find_symbol(ptr, &symname_dsc, sym, flags);
-
-	if(!$VMS_STATUS_SUCCESS(status))
-		{
-		unsigned short length;
-		char errstring[257];
-		struct dsc$descriptor_s errstring_dsc;
-
-		errstring_dsc.dsc$w_length = sizeof(errstring);
-		errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-		errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
-		errstring_dsc.dsc$a_pointer = errstring;
-
-		*sym = NULL;
-
-		status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
-
-		if (!$VMS_STATUS_SUCCESS(status))
-			lib$signal(status); /* This is really bad.  Abort!  */
-		else
-			{
-			errstring[length] = '\0';
-
-			DSOerr(DSO_F_VMS_BIND_SYM,DSO_R_SYM_FAILURE);
-			if (ptr->imagename_dsc.dsc$w_length)
-				ERR_add_error_data(9,
-					"Symbol ", symname,
-					" in ", ptr->filename,
-					" (", ptr->imagename, ")",
-					": ", errstring);
-			else
-				ERR_add_error_data(6,
-					"Symbol ", symname,
-					" in ", ptr->filename,
-					": ", errstring);
-			}
-		return;
-		}
-	return;
-	}
+{
+    DSO_VMS_INTERNAL *ptr;
+    int status;
+# if 0
+    int flags = (1 << 4);       /* LIB$M_FIS_MIXEDCASE, but this symbol isn't
+                                 * defined in VMS older than 7.0 or so */
+# else
+    int flags = 0;
+# endif
+    struct dsc$descriptor_s symname_dsc;
+    *sym = NULL;
+
+    symname_dsc.dsc$w_length = strlen(symname);
+    symname_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+    symname_dsc.dsc$b_class = DSC$K_CLASS_S;
+    symname_dsc.dsc$a_pointer = (char *)symname; /* The cast is needed */
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_VMS_BIND_SYM, ERR_R_PASSED_NULL_PARAMETER);
+        return;
+    }
+    if (sk_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_STACK_ERROR);
+        return;
+    }
+    ptr = (DSO_VMS_INTERNAL *)sk_value(dso->meth_data,
+                                       sk_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_NULL_HANDLE);
+        return;
+    }
+
+    if (dso->flags & DSO_FLAG_UPCASE_SYMBOL)
+        flags = 0;
+
+    status = do_find_symbol(ptr, &symname_dsc, sym, flags);
+
+    if (!$VMS_STATUS_SUCCESS(status)) {
+        unsigned short length;
+        char errstring[257];
+        struct dsc$descriptor_s errstring_dsc;
+
+        errstring_dsc.dsc$w_length = sizeof(errstring);
+        errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+        errstring_dsc.dsc$a_pointer = errstring;
+
+        *sym = NULL;
+
+        status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+        if (!$VMS_STATUS_SUCCESS(status))
+            lib$signal(status); /* This is really bad.  Abort! */
+        else {
+            errstring[length] = '\0';
+
+            DSOerr(DSO_F_VMS_BIND_SYM, DSO_R_SYM_FAILURE);
+            if (ptr->imagename_dsc.dsc$w_length)
+                ERR_add_error_data(9,
+                                   "Symbol ", symname,
+                                   " in ", ptr->filename,
+                                   " (", ptr->imagename, ")",
+                                   ": ", errstring);
+            else
+                ERR_add_error_data(6,
+                                   "Symbol ", symname,
+                                   " in ", ptr->filename, ": ", errstring);
+        }
+        return;
+    }
+    return;
+}
 
 static void *vms_bind_var(DSO *dso, const char *symname)
-	{
-	void *sym = 0;
-	vms_bind_sym(dso, symname, &sym);
-	return sym;
-	}
+{
+    void *sym = 0;
+    vms_bind_sym(dso, symname, &sym);
+    return sym;
+}
 
 static DSO_FUNC_TYPE vms_bind_func(DSO *dso, const char *symname)
-	{
-	DSO_FUNC_TYPE sym = 0;
-	vms_bind_sym(dso, symname, (void **)&sym);
-	return sym;
-	}
-
-static char *vms_merger(DSO *dso, const char *filespec1, const char *filespec2)
-	{
-	int status;
-	int filespec1len, filespec2len;
-	struct FAB fab;
-#ifdef NAML$C_MAXRSS
-	struct NAML nam;
-	char esa[NAML$C_MAXRSS];
-#else
-	struct NAM nam;
-	char esa[NAM$C_MAXRSS];
-#endif
-	char *merged;
-
-	if (!filespec1) filespec1 = "";
-	if (!filespec2) filespec2 = "";
-	filespec1len = strlen(filespec1);
-	filespec2len = strlen(filespec2);
+{
+    DSO_FUNC_TYPE sym = 0;
+    vms_bind_sym(dso, symname, (void **)&sym);
+    return sym;
+}
 
-	fab = cc$rms_fab;
-#ifdef NAML$C_MAXRSS
-	nam = cc$rms_naml;
-#else
-	nam = cc$rms_nam;
-#endif
-
-	fab.fab$l_fna = (char *)filespec1;
-	fab.fab$b_fns = filespec1len;
-	fab.fab$l_dna = (char *)filespec2;
-	fab.fab$b_dns = filespec2len;
-#ifdef NAML$C_MAXRSS
-	if (filespec1len > NAM$C_MAXRSS)
-		{
-		fab.fab$l_fna = 0;
-		fab.fab$b_fns = 0;
-		nam.naml$l_long_filename = (char *)filespec1;
-		nam.naml$l_long_filename_size = filespec1len;
-		}
-	if (filespec2len > NAM$C_MAXRSS)
-		{
-		fab.fab$l_dna = 0;
-		fab.fab$b_dns = 0;
-		nam.naml$l_long_defname = (char *)filespec2;
-		nam.naml$l_long_defname_size = filespec2len;
-		}
-	nam.naml$l_esa = esa;
-	nam.naml$b_ess = NAM$C_MAXRSS;
-	nam.naml$l_long_expand = esa;
-	nam.naml$l_long_expand_alloc = sizeof(esa);
-	nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD;
-	nam.naml$v_no_short_upcase = 1;
-	fab.fab$l_naml = &nam;
-#else
-	nam.nam$l_esa = esa;
-	nam.nam$b_ess = NAM$C_MAXRSS;
-	nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD;
-	fab.fab$l_nam = &nam;
-#endif
-
-	status = sys$parse(&fab, 0, 0);
-
-	if(!$VMS_STATUS_SUCCESS(status))
-		{
-		unsigned short length;
-		char errstring[257];
-		struct dsc$descriptor_s errstring_dsc;
-
-		errstring_dsc.dsc$w_length = sizeof(errstring);
-		errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
-		errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
-		errstring_dsc.dsc$a_pointer = errstring;
-
-		status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
-
-		if (!$VMS_STATUS_SUCCESS(status))
-			lib$signal(status); /* This is really bad.  Abort!  */
-		else
-			{
-			errstring[length] = '\0';
-
-			DSOerr(DSO_F_VMS_MERGER,DSO_R_FAILURE);
-			ERR_add_error_data(7,
-					   "filespec \"", filespec1, "\", ",
-					   "defaults \"", filespec2, "\": ",
-					   errstring);
-			}
-		return(NULL);
-		}
-#ifdef NAML$C_MAXRSS
-	if (nam.naml$l_long_expand_size)
-		{
-		merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1);
-		if(!merged)
-			goto malloc_err;
-		strncpy(merged, nam.naml$l_long_expand,
-			nam.naml$l_long_expand_size);
-		merged[nam.naml$l_long_expand_size] = '\0';
-		}
-	else
-		{
-		merged = OPENSSL_malloc(nam.naml$b_esl + 1);
-		if(!merged)
-			goto malloc_err;
-		strncpy(merged, nam.naml$l_esa,
-			nam.naml$b_esl);
-		merged[nam.naml$b_esl] = '\0';
-		}
-#else
-	merged = OPENSSL_malloc(nam.nam$b_esl + 1);
-	if(!merged)
-		goto malloc_err;
-	strncpy(merged, nam.nam$l_esa,
-		nam.nam$b_esl);
-	merged[nam.nam$b_esl] = '\0';
-#endif
-	return(merged);
+static char *vms_merger(DSO *dso, const char *filespec1,
+                        const char *filespec2)
+{
+    int status;
+    int filespec1len, filespec2len;
+    struct FAB fab;
+# ifdef NAML$C_MAXRSS
+    struct NAML nam;
+    char esa[NAML$C_MAXRSS];
+# else
+    struct NAM nam;
+    char esa[NAM$C_MAXRSS];
+# endif
+    char *merged;
+
+    if (!filespec1)
+        filespec1 = "";
+    if (!filespec2)
+        filespec2 = "";
+    filespec1len = strlen(filespec1);
+    filespec2len = strlen(filespec2);
+
+    fab = cc$rms_fab;
+# ifdef NAML$C_MAXRSS
+    nam = cc$rms_naml;
+# else
+    nam = cc$rms_nam;
+# endif
+
+    fab.fab$l_fna = (char *)filespec1;
+    fab.fab$b_fns = filespec1len;
+    fab.fab$l_dna = (char *)filespec2;
+    fab.fab$b_dns = filespec2len;
+# ifdef NAML$C_MAXRSS
+    if (filespec1len > NAM$C_MAXRSS) {
+        fab.fab$l_fna = 0;
+        fab.fab$b_fns = 0;
+        nam.naml$l_long_filename = (char *)filespec1;
+        nam.naml$l_long_filename_size = filespec1len;
+    }
+    if (filespec2len > NAM$C_MAXRSS) {
+        fab.fab$l_dna = 0;
+        fab.fab$b_dns = 0;
+        nam.naml$l_long_defname = (char *)filespec2;
+        nam.naml$l_long_defname_size = filespec2len;
+    }
+    nam.naml$l_esa = esa;
+    nam.naml$b_ess = NAM$C_MAXRSS;
+    nam.naml$l_long_expand = esa;
+    nam.naml$l_long_expand_alloc = sizeof(esa);
+    nam.naml$b_nop = NAM$M_SYNCHK | NAM$M_PWD;
+    nam.naml$v_no_short_upcase = 1;
+    fab.fab$l_naml = &nam;
+# else
+    nam.nam$l_esa = esa;
+    nam.nam$b_ess = NAM$C_MAXRSS;
+    nam.nam$b_nop = NAM$M_SYNCHK | NAM$M_PWD;
+    fab.fab$l_nam = &nam;
+# endif
+
+    status = sys$parse(&fab, 0, 0);
+
+    if (!$VMS_STATUS_SUCCESS(status)) {
+        unsigned short length;
+        char errstring[257];
+        struct dsc$descriptor_s errstring_dsc;
+
+        errstring_dsc.dsc$w_length = sizeof(errstring);
+        errstring_dsc.dsc$b_dtype = DSC$K_DTYPE_T;
+        errstring_dsc.dsc$b_class = DSC$K_CLASS_S;
+        errstring_dsc.dsc$a_pointer = errstring;
+
+        status = sys$getmsg(status, &length, &errstring_dsc, 1, 0);
+
+        if (!$VMS_STATUS_SUCCESS(status))
+            lib$signal(status); /* This is really bad.  Abort! */
+        else {
+            errstring[length] = '\0';
+
+            DSOerr(DSO_F_VMS_MERGER, DSO_R_FAILURE);
+            ERR_add_error_data(7,
+                               "filespec \"", filespec1, "\", ",
+                               "defaults \"", filespec2, "\": ", errstring);
+        }
+        return (NULL);
+    }
+# ifdef NAML$C_MAXRSS
+    if (nam.naml$l_long_expand_size) {
+        merged = OPENSSL_malloc(nam.naml$l_long_expand_size + 1);
+        if (!merged)
+            goto malloc_err;
+        strncpy(merged, nam.naml$l_long_expand, nam.naml$l_long_expand_size);
+        merged[nam.naml$l_long_expand_size] = '\0';
+    } else {
+        merged = OPENSSL_malloc(nam.naml$b_esl + 1);
+        if (!merged)
+            goto malloc_err;
+        strncpy(merged, nam.naml$l_esa, nam.naml$b_esl);
+        merged[nam.naml$b_esl] = '\0';
+    }
+# else
+    merged = OPENSSL_malloc(nam.nam$b_esl + 1);
+    if (!merged)
+        goto malloc_err;
+    strncpy(merged, nam.nam$l_esa, nam.nam$b_esl);
+    merged[nam.nam$b_esl] = '\0';
+# endif
+    return (merged);
  malloc_err:
-	DSOerr(DSO_F_VMS_MERGER,
-		ERR_R_MALLOC_FAILURE);
-	}
+    DSOerr(DSO_F_VMS_MERGER, ERR_R_MALLOC_FAILURE);
+}
 
 static char *vms_name_converter(DSO *dso, const char *filename)
-	{
-        int len = strlen(filename);
-        char *not_translated = OPENSSL_malloc(len+1);
-        strcpy(not_translated,filename);
-	return(not_translated);
-	}
-
-#endif /* OPENSSL_SYS_VMS */
+{
+    int len = strlen(filename);
+    char *not_translated = OPENSSL_malloc(len + 1);
+    strcpy(not_translated, filename);
+    return (not_translated);
+}
+
+#endif                          /* OPENSSL_SYS_VMS */
diff --git a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c
index f340052a..973e7ebf 100644
--- a/Cryptlib/OpenSSL/crypto/dso/dso_win32.c
+++ b/Cryptlib/OpenSSL/crypto/dso/dso_win32.c
@@ -1,6 +1,7 @@
 /* dso_win32.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -63,601 +64,546 @@
 
 #if !defined(DSO_WIN32)
 DSO_METHOD *DSO_METHOD_win32(void)
-	{
-	return NULL;
-	}
+{
+    return NULL;
+}
 #else
 
-#ifdef _WIN32_WCE
-# if _WIN32_WCE < 300
-static FARPROC GetProcAddressA(HMODULE hModule,LPCSTR lpProcName)
-	{
-	WCHAR lpProcNameW[64];
-	int i;
-
-	for (i=0;lpProcName[i] && i<64;i++)
-		lpProcNameW[i] = (WCHAR)lpProcName[i];
-	if (i==64) return NULL;
-	lpProcNameW[i] = 0;
-
-	return GetProcAddressW(hModule,lpProcNameW);
-	}
-# endif
-# undef GetProcAddress
-# define GetProcAddress GetProcAddressA
+# ifdef _WIN32_WCE
+#  if _WIN32_WCE < 300
+static FARPROC GetProcAddressA(HMODULE hModule, LPCSTR lpProcName)
+{
+    WCHAR lpProcNameW[64];
+    int i;
+
+    for (i = 0; lpProcName[i] && i < 64; i++)
+        lpProcNameW[i] = (WCHAR)lpProcName[i];
+    if (i == 64)
+        return NULL;
+    lpProcNameW[i] = 0;
+
+    return GetProcAddressW(hModule, lpProcNameW);
+}
+#  endif
+#  undef GetProcAddress
+#  define GetProcAddress GetProcAddressA
 
 static HINSTANCE LoadLibraryA(LPCSTR lpLibFileName)
-	{
-	WCHAR *fnamw;
-	size_t len_0=strlen(lpLibFileName)+1,i;
-
-#ifdef _MSC_VER
-	fnamw = (WCHAR *)_alloca (len_0*sizeof(WCHAR));
-#else
-	fnamw = (WCHAR *)alloca (len_0*sizeof(WCHAR));
-#endif
-	if (fnamw == NULL) return NULL;
-
-#if defined(_WIN32_WCE) && _WIN32_WCE>=101
-	if (!MultiByteToWideChar(CP_ACP,0,lpLibFileName,len_0,fnamw,len_0))
-#endif
-		for (i=0;i<len_0;i++) fnamw[i]=(WCHAR)lpLibFileName[i];
-
-	return LoadLibraryW(fnamw);
-	}
-#endif
+{
+    WCHAR *fnamw;
+    size_t len_0 = strlen(lpLibFileName) + 1, i;
+
+#  ifdef _MSC_VER
+    fnamw = (WCHAR *)_alloca(len_0 * sizeof(WCHAR));
+#  else
+    fnamw = (WCHAR *)alloca(len_0 * sizeof(WCHAR));
+#  endif
+    if (fnamw == NULL)
+        return NULL;
+
+#  if defined(_WIN32_WCE) && _WIN32_WCE>=101
+    if (!MultiByteToWideChar(CP_ACP, 0, lpLibFileName, len_0, fnamw, len_0))
+#  endif
+        for (i = 0; i < len_0; i++)
+            fnamw[i] = (WCHAR)lpLibFileName[i];
+
+    return LoadLibraryW(fnamw);
+}
+# endif
 
 /* Part of the hack in "win32_load" ... */
-#define DSO_MAX_TRANSLATED_SIZE 256
+# define DSO_MAX_TRANSLATED_SIZE 256
 
 static int win32_load(DSO *dso);
 static int win32_unload(DSO *dso);
 static void *win32_bind_var(DSO *dso, const char *symname);
 static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname);
-#if 0
+# if 0
 static int win32_unbind_var(DSO *dso, char *symname, void *symptr);
 static int win32_unbind_func(DSO *dso, char *symname, DSO_FUNC_TYPE symptr);
 static int win32_init(DSO *dso);
 static int win32_finish(DSO *dso);
 static long win32_ctrl(DSO *dso, int cmd, long larg, void *parg);
-#endif
+# endif
 static char *win32_name_converter(DSO *dso, const char *filename);
 static char *win32_merger(DSO *dso, const char *filespec1,
-	const char *filespec2);
+                          const char *filespec2);
 
 static const char *openssl_strnchr(const char *string, int c, size_t len);
 
 static DSO_METHOD dso_meth_win32 = {
-	"OpenSSL 'win32' shared library method",
-	win32_load,
-	win32_unload,
-	win32_bind_var,
-	win32_bind_func,
+    "OpenSSL 'win32' shared library method",
+    win32_load,
+    win32_unload,
+    win32_bind_var,
+    win32_bind_func,
 /* For now, "unbind" doesn't exist */
-#if 0
-	NULL, /* unbind_var */
-	NULL, /* unbind_func */
-#endif
-	NULL, /* ctrl */
-	win32_name_converter,
-	win32_merger,
-	NULL, /* init */
-	NULL  /* finish */
-	};
+# if 0
+    NULL,                       /* unbind_var */
+    NULL,                       /* unbind_func */
+# endif
+    NULL,                       /* ctrl */
+    win32_name_converter,
+    win32_merger,
+    NULL,                       /* init */
+    NULL                        /* finish */
+};
 
 DSO_METHOD *DSO_METHOD_win32(void)
-	{
-	return(&dso_meth_win32);
-	}
+{
+    return (&dso_meth_win32);
+}
 
-/* For this DSO_METHOD, our meth_data STACK will contain;
- * (i) a pointer to the handle (HINSTANCE) returned from
- *     LoadLibrary(), and copied.
+/*
+ * For this DSO_METHOD, our meth_data STACK will contain; (i) a pointer to
+ * the handle (HINSTANCE) returned from LoadLibrary(), and copied.
  */
 
 static int win32_load(DSO *dso)
-	{
-	HINSTANCE h = NULL, *p = NULL;
-	/* See applicable comments from dso_dl.c */
-	char *filename = DSO_convert_filename(dso, NULL);
-
-	if(filename == NULL)
-		{
-		DSOerr(DSO_F_WIN32_LOAD,DSO_R_NO_FILENAME);
-		goto err;
-		}
-	h = LoadLibraryA(filename);
-	if(h == NULL)
-		{
-		DSOerr(DSO_F_WIN32_LOAD,DSO_R_LOAD_FAILED);
-		ERR_add_error_data(3, "filename(", filename, ")");
-		goto err;
-		}
-	p = (HINSTANCE *)OPENSSL_malloc(sizeof(HINSTANCE));
-	if(p == NULL)
-		{
-		DSOerr(DSO_F_WIN32_LOAD,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	*p = h;
-	if(!sk_push(dso->meth_data, (char *)p))
-		{
-		DSOerr(DSO_F_WIN32_LOAD,DSO_R_STACK_ERROR);
-		goto err;
-		}
-	/* Success */
-	dso->loaded_filename = filename;
-	return(1);
-err:
-	/* Cleanup !*/
-	if(filename != NULL)
-		OPENSSL_free(filename);
-	if(p != NULL)
-		OPENSSL_free(p);
-	if(h != NULL)
-		FreeLibrary(h);
-	return(0);
-	}
+{
+    HINSTANCE h = NULL, *p = NULL;
+    /* See applicable comments from dso_dl.c */
+    char *filename = DSO_convert_filename(dso, NULL);
+
+    if (filename == NULL) {
+        DSOerr(DSO_F_WIN32_LOAD, DSO_R_NO_FILENAME);
+        goto err;
+    }
+    h = LoadLibraryA(filename);
+    if (h == NULL) {
+        DSOerr(DSO_F_WIN32_LOAD, DSO_R_LOAD_FAILED);
+        ERR_add_error_data(3, "filename(", filename, ")");
+        goto err;
+    }
+    p = (HINSTANCE *) OPENSSL_malloc(sizeof(HINSTANCE));
+    if (p == NULL) {
+        DSOerr(DSO_F_WIN32_LOAD, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    *p = h;
+    if (!sk_push(dso->meth_data, (char *)p)) {
+        DSOerr(DSO_F_WIN32_LOAD, DSO_R_STACK_ERROR);
+        goto err;
+    }
+    /* Success */
+    dso->loaded_filename = filename;
+    return (1);
+ err:
+    /* Cleanup ! */
+    if (filename != NULL)
+        OPENSSL_free(filename);
+    if (p != NULL)
+        OPENSSL_free(p);
+    if (h != NULL)
+        FreeLibrary(h);
+    return (0);
+}
 
 static int win32_unload(DSO *dso)
-	{
-	HINSTANCE *p;
-	if(dso == NULL)
-		{
-		DSOerr(DSO_F_WIN32_UNLOAD,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	if(sk_num(dso->meth_data) < 1)
-		return(1);
-	p = (HINSTANCE *)sk_pop(dso->meth_data);
-	if(p == NULL)
-		{
-		DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_NULL_HANDLE);
-		return(0);
-		}
-	if(!FreeLibrary(*p))
-		{
-		DSOerr(DSO_F_WIN32_UNLOAD,DSO_R_UNLOAD_FAILED);
-		/* We should push the value back onto the stack in
-		 * case of a retry. */
-		sk_push(dso->meth_data, (char *)p);
-		return(0);
-		}
-	/* Cleanup */
-	OPENSSL_free(p);
-	return(1);
-	}
-
-/* Using GetProcAddress for variables? TODO: Check this out in
- * the Win32 API docs, there's probably a variant for variables. */
+{
+    HINSTANCE *p;
+    if (dso == NULL) {
+        DSOerr(DSO_F_WIN32_UNLOAD, ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    if (sk_num(dso->meth_data) < 1)
+        return (1);
+    p = (HINSTANCE *) sk_pop(dso->meth_data);
+    if (p == NULL) {
+        DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_NULL_HANDLE);
+        return (0);
+    }
+    if (!FreeLibrary(*p)) {
+        DSOerr(DSO_F_WIN32_UNLOAD, DSO_R_UNLOAD_FAILED);
+        /*
+         * We should push the value back onto the stack in case of a retry.
+         */
+        sk_push(dso->meth_data, (char *)p);
+        return (0);
+    }
+    /* Cleanup */
+    OPENSSL_free(p);
+    return (1);
+}
+
+/*
+ * Using GetProcAddress for variables? TODO: Check this out in the Win32 API
+ * docs, there's probably a variant for variables.
+ */
 static void *win32_bind_var(DSO *dso, const char *symname)
-	{
-	HINSTANCE *ptr;
-	void *sym;
-
-	if((dso == NULL) || (symname == NULL))
-		{
-		DSOerr(DSO_F_WIN32_BIND_VAR,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(sk_num(dso->meth_data) < 1)
-		{
-		DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_STACK_ERROR);
-		return(NULL);
-		}
-	ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_NULL_HANDLE);
-		return(NULL);
-		}
-	sym = GetProcAddress(*ptr, symname);
-	if(sym == NULL)
-		{
-		DSOerr(DSO_F_WIN32_BIND_VAR,DSO_R_SYM_FAILURE);
-		ERR_add_error_data(3, "symname(", symname, ")");
-		return(NULL);
-		}
-	return(sym);
-	}
+{
+    HINSTANCE *ptr;
+    void *sym;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_WIN32_BIND_VAR, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (sk_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_STACK_ERROR);
+        return (NULL);
+    }
+    ptr = (HINSTANCE *) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_NULL_HANDLE);
+        return (NULL);
+    }
+    sym = GetProcAddress(*ptr, symname);
+    if (sym == NULL) {
+        DSOerr(DSO_F_WIN32_BIND_VAR, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(3, "symname(", symname, ")");
+        return (NULL);
+    }
+    return (sym);
+}
 
 static DSO_FUNC_TYPE win32_bind_func(DSO *dso, const char *symname)
-	{
-	HINSTANCE *ptr;
-	void *sym;
-
-	if((dso == NULL) || (symname == NULL))
-		{
-		DSOerr(DSO_F_WIN32_BIND_FUNC,ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(sk_num(dso->meth_data) < 1)
-		{
-		DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_STACK_ERROR);
-		return(NULL);
-		}
-	ptr = (HINSTANCE *)sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
-	if(ptr == NULL)
-		{
-		DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_NULL_HANDLE);
-		return(NULL);
-		}
-	sym = GetProcAddress(*ptr, symname);
-	if(sym == NULL)
-		{
-		DSOerr(DSO_F_WIN32_BIND_FUNC,DSO_R_SYM_FAILURE);
-		ERR_add_error_data(3, "symname(", symname, ")");
-		return(NULL);
-		}
-	return((DSO_FUNC_TYPE)sym);
-	}
-
-struct file_st
-	{
-	const char *node; int nodelen;
-	const char *device; int devicelen;
-	const char *predir; int predirlen;
-	const char *dir; int dirlen;
-	const char *file; int filelen;
-	};
+{
+    HINSTANCE *ptr;
+    void *sym;
+
+    if ((dso == NULL) || (symname == NULL)) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (sk_num(dso->meth_data) < 1) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_STACK_ERROR);
+        return (NULL);
+    }
+    ptr = (HINSTANCE *) sk_value(dso->meth_data, sk_num(dso->meth_data) - 1);
+    if (ptr == NULL) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_NULL_HANDLE);
+        return (NULL);
+    }
+    sym = GetProcAddress(*ptr, symname);
+    if (sym == NULL) {
+        DSOerr(DSO_F_WIN32_BIND_FUNC, DSO_R_SYM_FAILURE);
+        ERR_add_error_data(3, "symname(", symname, ")");
+        return (NULL);
+    }
+    return ((DSO_FUNC_TYPE)sym);
+}
+
+struct file_st {
+    const char *node;
+    int nodelen;
+    const char *device;
+    int devicelen;
+    const char *predir;
+    int predirlen;
+    const char *dir;
+    int dirlen;
+    const char *file;
+    int filelen;
+};
 
 static struct file_st *win32_splitter(DSO *dso, const char *filename,
-	int assume_last_is_dir)
-	{
-	struct file_st *result = NULL;
-	enum { IN_NODE, IN_DEVICE, IN_FILE } position;
-	const char *start = filename;
-	char last;
-
-	if (!filename)
-		{
-		DSOerr(DSO_F_WIN32_SPLITTER,DSO_R_NO_FILENAME);
-		/*goto err;*/
-		return(NULL);
-		}
-
-	result = OPENSSL_malloc(sizeof(struct file_st));
-	if(result == NULL)
-		{
-		DSOerr(DSO_F_WIN32_SPLITTER,
-			ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-
-	memset(result, 0, sizeof(struct file_st));
-	position = IN_DEVICE;
-
-	if((filename[0] == '\\' && filename[1] == '\\')
-		|| (filename[0] == '/' && filename[1] == '/'))
-		{
-		position = IN_NODE;
-		filename += 2;
-		start = filename;
-		result->node = start;
-		}
-
-	do
-		{
-		last = filename[0];
-		switch(last)
-			{
-		case ':':
-			if(position != IN_DEVICE)
-				{
-				DSOerr(DSO_F_WIN32_SPLITTER,
-					DSO_R_INCORRECT_FILE_SYNTAX);
-				/*goto err;*/
-				OPENSSL_free(result);
-				return(NULL);
-				}
-			result->device = start;
-			result->devicelen = filename - start;
-			position = IN_FILE;
-			start = ++filename;
-			result->dir = start;
-			break;
-		case '\\':
-		case '/':
-			if(position == IN_NODE)
-				{
-				result->nodelen = filename - start;
-				position = IN_FILE;
-				start = ++filename;
-				result->dir = start;
-				}
-			else if(position == IN_DEVICE)
-				{
-				position = IN_FILE;
-				filename++;
-				result->dir = start;
-				result->dirlen = filename - start;
-				start = filename;
-				}
-			else
-				{
-				filename++;
-				result->dirlen += filename - start;
-				start = filename;
-				}
-			break;
-		case '\0':
-			if(position == IN_NODE)
-				{
-				result->nodelen = filename - start;
-				}
-			else
-				{
-				if(filename - start > 0)
-					{
-					if (assume_last_is_dir)
-						{
-						if (position == IN_DEVICE)
-							{
-							result->dir = start;
-							result->dirlen = 0;
-							}
-						result->dirlen +=
-							filename - start;
-						}
-					else
-						{
-						result->file = start;
-						result->filelen =
-							filename - start;
-						}
-					}
-				}
-			break;
-		default:
-			filename++;
-			break;
-			}
-		}
-	while(last);
-
-	if(!result->nodelen) result->node = NULL;
-	if(!result->devicelen) result->device = NULL;
-	if(!result->dirlen) result->dir = NULL;
-	if(!result->filelen) result->file = NULL;
-
-	return(result);
-	}
+                                      int assume_last_is_dir)
+{
+    struct file_st *result = NULL;
+    enum { IN_NODE, IN_DEVICE, IN_FILE } position;
+    const char *start = filename;
+    char last;
+
+    if (!filename) {
+        DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_NO_FILENAME);
+        /*
+         * goto err;
+         */
+        return (NULL);
+    }
+
+    result = OPENSSL_malloc(sizeof(struct file_st));
+    if (result == NULL) {
+        DSOerr(DSO_F_WIN32_SPLITTER, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+
+    memset(result, 0, sizeof(struct file_st));
+    position = IN_DEVICE;
+
+    if ((filename[0] == '\\' && filename[1] == '\\')
+        || (filename[0] == '/' && filename[1] == '/')) {
+        position = IN_NODE;
+        filename += 2;
+        start = filename;
+        result->node = start;
+    }
+
+    do {
+        last = filename[0];
+        switch (last) {
+        case ':':
+            if (position != IN_DEVICE) {
+                DSOerr(DSO_F_WIN32_SPLITTER, DSO_R_INCORRECT_FILE_SYNTAX);
+                /*
+                 * goto err;
+                 */
+                OPENSSL_free(result);
+                return (NULL);
+            }
+            result->device = start;
+            result->devicelen = filename - start;
+            position = IN_FILE;
+            start = ++filename;
+            result->dir = start;
+            break;
+        case '\\':
+        case '/':
+            if (position == IN_NODE) {
+                result->nodelen = filename - start;
+                position = IN_FILE;
+                start = ++filename;
+                result->dir = start;
+            } else if (position == IN_DEVICE) {
+                position = IN_FILE;
+                filename++;
+                result->dir = start;
+                result->dirlen = filename - start;
+                start = filename;
+            } else {
+                filename++;
+                result->dirlen += filename - start;
+                start = filename;
+            }
+            break;
+        case '\0':
+            if (position == IN_NODE) {
+                result->nodelen = filename - start;
+            } else {
+                if (filename - start > 0) {
+                    if (assume_last_is_dir) {
+                        if (position == IN_DEVICE) {
+                            result->dir = start;
+                            result->dirlen = 0;
+                        }
+                        result->dirlen += filename - start;
+                    } else {
+                        result->file = start;
+                        result->filelen = filename - start;
+                    }
+                }
+            }
+            break;
+        default:
+            filename++;
+            break;
+        }
+    }
+    while (last);
+
+    if (!result->nodelen)
+        result->node = NULL;
+    if (!result->devicelen)
+        result->device = NULL;
+    if (!result->dirlen)
+        result->dir = NULL;
+    if (!result->filelen)
+        result->file = NULL;
+
+    return (result);
+}
 
 static char *win32_joiner(DSO *dso, const struct file_st *file_split)
-	{
-	int len = 0, offset = 0;
-	char *result = NULL;
-	const char *start;
-
-	if(!file_split)
-		{
-		DSOerr(DSO_F_WIN32_JOINER,
-				ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if(file_split->node)
-		{
-		len += 2 + file_split->nodelen;	/* 2 for starting \\ */
-		if(file_split->predir || file_split->dir || file_split->file)
-			len++;	/* 1 for ending \ */
-		}
-	else if(file_split->device)
-		{
-		len += file_split->devicelen + 1; /* 1 for ending : */
-		}
-	len += file_split->predirlen;
-	if(file_split->predir && (file_split->dir || file_split->file))
-		{
-		len++;	/* 1 for ending \ */
-		}
-	len += file_split->dirlen;
-	if(file_split->dir && file_split->file)
-		{
-		len++;	/* 1 for ending \ */
-		}
-	len += file_split->filelen;
-
-	if(!len)
-		{
-		DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE);
-		return(NULL);
-		}
-
-	result = OPENSSL_malloc(len + 1);
-	if (!result)
-		{
-		DSOerr(DSO_F_WIN32_JOINER,
-			ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-
-	if(file_split->node)
-		{
-		strcpy(&result[offset], "\\\\"); offset += 2;
-		strncpy(&result[offset], file_split->node,
-			file_split->nodelen); offset += file_split->nodelen;
-		if(file_split->predir || file_split->dir || file_split->file)
-			{
-			result[offset] = '\\'; offset++;
-			}
-		}
-	else if(file_split->device)
-		{
-		strncpy(&result[offset], file_split->device,
-			file_split->devicelen); offset += file_split->devicelen;
-		result[offset] = ':'; offset++;
-		}
-	start = file_split->predir;
-	while(file_split->predirlen > (start - file_split->predir))
-		{
-		const char *end = openssl_strnchr(start, '/',
-			file_split->predirlen - (start - file_split->predir));
-		if(!end)
-			end = start
-				+ file_split->predirlen
-				- (start - file_split->predir);
-		strncpy(&result[offset], start,
-			end - start); offset += end - start;
-		result[offset] = '\\'; offset++;
-		start = end + 1;
-		}
-#if 0 /* Not needed, since the directory converter above already appeneded
-	 a backslash */
-	if(file_split->predir && (file_split->dir || file_split->file))
-		{
-		result[offset] = '\\'; offset++;
-		}
-#endif
-	start = file_split->dir;
-	while(file_split->dirlen > (start - file_split->dir))
-		{
-		const char *end = openssl_strnchr(start, '/',
-			file_split->dirlen - (start - file_split->dir));
-		if(!end)
-			end = start
-				+ file_split->dirlen
-				- (start - file_split->dir);
-		strncpy(&result[offset], start,
-			end - start); offset += end - start;
-		result[offset] = '\\'; offset++;
-		start = end + 1;
-		}
-#if 0 /* Not needed, since the directory converter above already appeneded
-	 a backslash */
-	if(file_split->dir && file_split->file)
-		{
-		result[offset] = '\\'; offset++;
-		}
-#endif
-	strncpy(&result[offset], file_split->file,
-		file_split->filelen); offset += file_split->filelen;
-	result[offset] = '\0';
-	return(result);
-	}
-
-static char *win32_merger(DSO *dso, const char *filespec1, const char *filespec2)
-	{
-	char *merged = NULL;
-	struct file_st *filespec1_split = NULL;
-	struct file_st *filespec2_split = NULL;
-
-	if(!filespec1 && !filespec2)
-		{
-		DSOerr(DSO_F_WIN32_MERGER,
-				ERR_R_PASSED_NULL_PARAMETER);
-		return(NULL);
-		}
-	if (!filespec2)
-		{
-		merged = OPENSSL_malloc(strlen(filespec1) + 1);
-		if(!merged)
-			{
-			DSOerr(DSO_F_WIN32_MERGER,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		strcpy(merged, filespec1);
-		}
-	else if (!filespec1)
-		{
-		merged = OPENSSL_malloc(strlen(filespec2) + 1);
-		if(!merged)
-			{
-			DSOerr(DSO_F_WIN32_MERGER,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		strcpy(merged, filespec2);
-		}
-	else
-		{
-		filespec1_split = win32_splitter(dso, filespec1, 0);
-		if (!filespec1_split)
-			{
-			DSOerr(DSO_F_WIN32_MERGER,
-				ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		filespec2_split = win32_splitter(dso, filespec2, 1);
-		if (!filespec2_split)
-			{
-			DSOerr(DSO_F_WIN32_MERGER,
-				ERR_R_MALLOC_FAILURE);
-			OPENSSL_free(filespec1_split);
-			return(NULL);
-			}
-
-		/* Fill in into filespec1_split */
-		if (!filespec1_split->node && !filespec1_split->device)
-			{
-			filespec1_split->node = filespec2_split->node;
-			filespec1_split->nodelen = filespec2_split->nodelen;
-			filespec1_split->device = filespec2_split->device;
-			filespec1_split->devicelen = filespec2_split->devicelen;
-			}
-		if (!filespec1_split->dir)
-			{
-			filespec1_split->dir = filespec2_split->dir;
-			filespec1_split->dirlen = filespec2_split->dirlen;
-			}
-		else if (filespec1_split->dir[0] != '\\'
-			&& filespec1_split->dir[0] != '/')
-			{
-			filespec1_split->predir = filespec2_split->dir;
-			filespec1_split->predirlen = filespec2_split->dirlen;
-			}
-		if (!filespec1_split->file)
-			{
-			filespec1_split->file = filespec2_split->file;
-			filespec1_split->filelen = filespec2_split->filelen;
-			}
-
-		merged = win32_joiner(dso, filespec1_split);
-		}
-	OPENSSL_free(filespec1_split);
-	OPENSSL_free(filespec2_split);
-	return(merged);
-	}
+{
+    int len = 0, offset = 0;
+    char *result = NULL;
+    const char *start;
+
+    if (!file_split) {
+        DSOerr(DSO_F_WIN32_JOINER, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (file_split->node) {
+        len += 2 + file_split->nodelen; /* 2 for starting \\ */
+        if (file_split->predir || file_split->dir || file_split->file)
+            len++;              /* 1 for ending \ */
+    } else if (file_split->device) {
+        len += file_split->devicelen + 1; /* 1 for ending : */
+    }
+    len += file_split->predirlen;
+    if (file_split->predir && (file_split->dir || file_split->file)) {
+        len++;                  /* 1 for ending \ */
+    }
+    len += file_split->dirlen;
+    if (file_split->dir && file_split->file) {
+        len++;                  /* 1 for ending \ */
+    }
+    len += file_split->filelen;
+
+    if (!len) {
+        DSOerr(DSO_F_WIN32_JOINER, DSO_R_EMPTY_FILE_STRUCTURE);
+        return (NULL);
+    }
+
+    result = OPENSSL_malloc(len + 1);
+    if (!result) {
+        DSOerr(DSO_F_WIN32_JOINER, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+
+    if (file_split->node) {
+        strcpy(&result[offset], "\\\\");
+        offset += 2;
+        strncpy(&result[offset], file_split->node, file_split->nodelen);
+        offset += file_split->nodelen;
+        if (file_split->predir || file_split->dir || file_split->file) {
+            result[offset] = '\\';
+            offset++;
+        }
+    } else if (file_split->device) {
+        strncpy(&result[offset], file_split->device, file_split->devicelen);
+        offset += file_split->devicelen;
+        result[offset] = ':';
+        offset++;
+    }
+    start = file_split->predir;
+    while (file_split->predirlen > (start - file_split->predir)) {
+        const char *end = openssl_strnchr(start, '/',
+                                          file_split->predirlen - (start -
+                                                                   file_split->predir));
+        if (!end)
+            end = start
+                + file_split->predirlen - (start - file_split->predir);
+        strncpy(&result[offset], start, end - start);
+        offset += end - start;
+        result[offset] = '\\';
+        offset++;
+        start = end + 1;
+    }
+# if 0                          /* Not needed, since the directory converter
+                                 * above already appeneded a backslash */
+    if (file_split->predir && (file_split->dir || file_split->file)) {
+        result[offset] = '\\';
+        offset++;
+    }
+# endif
+    start = file_split->dir;
+    while (file_split->dirlen > (start - file_split->dir)) {
+        const char *end = openssl_strnchr(start, '/',
+                                          file_split->dirlen - (start -
+                                                                file_split->dir));
+        if (!end)
+            end = start + file_split->dirlen - (start - file_split->dir);
+        strncpy(&result[offset], start, end - start);
+        offset += end - start;
+        result[offset] = '\\';
+        offset++;
+        start = end + 1;
+    }
+# if 0                          /* Not needed, since the directory converter
+                                 * above already appeneded a backslash */
+    if (file_split->dir && file_split->file) {
+        result[offset] = '\\';
+        offset++;
+    }
+# endif
+    strncpy(&result[offset], file_split->file, file_split->filelen);
+    offset += file_split->filelen;
+    result[offset] = '\0';
+    return (result);
+}
+
+static char *win32_merger(DSO *dso, const char *filespec1,
+                          const char *filespec2)
+{
+    char *merged = NULL;
+    struct file_st *filespec1_split = NULL;
+    struct file_st *filespec2_split = NULL;
+
+    if (!filespec1 && !filespec2) {
+        DSOerr(DSO_F_WIN32_MERGER, ERR_R_PASSED_NULL_PARAMETER);
+        return (NULL);
+    }
+    if (!filespec2) {
+        merged = OPENSSL_malloc(strlen(filespec1) + 1);
+        if (!merged) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec1);
+    } else if (!filespec1) {
+        merged = OPENSSL_malloc(strlen(filespec2) + 1);
+        if (!merged) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        strcpy(merged, filespec2);
+    } else {
+        filespec1_split = win32_splitter(dso, filespec1, 0);
+        if (!filespec1_split) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+        filespec2_split = win32_splitter(dso, filespec2, 1);
+        if (!filespec2_split) {
+            DSOerr(DSO_F_WIN32_MERGER, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(filespec1_split);
+            return (NULL);
+        }
+
+        /* Fill in into filespec1_split */
+        if (!filespec1_split->node && !filespec1_split->device) {
+            filespec1_split->node = filespec2_split->node;
+            filespec1_split->nodelen = filespec2_split->nodelen;
+            filespec1_split->device = filespec2_split->device;
+            filespec1_split->devicelen = filespec2_split->devicelen;
+        }
+        if (!filespec1_split->dir) {
+            filespec1_split->dir = filespec2_split->dir;
+            filespec1_split->dirlen = filespec2_split->dirlen;
+        } else if (filespec1_split->dir[0] != '\\'
+                   && filespec1_split->dir[0] != '/') {
+            filespec1_split->predir = filespec2_split->dir;
+            filespec1_split->predirlen = filespec2_split->dirlen;
+        }
+        if (!filespec1_split->file) {
+            filespec1_split->file = filespec2_split->file;
+            filespec1_split->filelen = filespec2_split->filelen;
+        }
+
+        merged = win32_joiner(dso, filespec1_split);
+    }
+    OPENSSL_free(filespec1_split);
+    OPENSSL_free(filespec2_split);
+    return (merged);
+}
 
 static char *win32_name_converter(DSO *dso, const char *filename)
-	{
-	char *translated;
-	int len, transform;
-
-	len = strlen(filename);
-	transform = ((strstr(filename, "/") == NULL) &&
-			(strstr(filename, "\\") == NULL) &&
-			(strstr(filename, ":") == NULL));
-	if(transform)
-		/* We will convert this to "%s.dll" */
-		translated = OPENSSL_malloc(len + 5);
-	else
-		/* We will simply duplicate filename */
-		translated = OPENSSL_malloc(len + 1);
-	if(translated == NULL)
-		{
-		DSOerr(DSO_F_WIN32_NAME_CONVERTER,
-				DSO_R_NAME_TRANSLATION_FAILED); 
-		return(NULL);   
-		}
-	if(transform)
-		sprintf(translated, "%s.dll", filename);
-	else
-		sprintf(translated, "%s", filename);
-	return(translated);
-	}
+{
+    char *translated;
+    int len, transform;
+
+    len = strlen(filename);
+    transform = ((strstr(filename, "/") == NULL) &&
+                 (strstr(filename, "\\") == NULL) &&
+                 (strstr(filename, ":") == NULL));
+    if (transform)
+        /* We will convert this to "%s.dll" */
+        translated = OPENSSL_malloc(len + 5);
+    else
+        /* We will simply duplicate filename */
+        translated = OPENSSL_malloc(len + 1);
+    if (translated == NULL) {
+        DSOerr(DSO_F_WIN32_NAME_CONVERTER, DSO_R_NAME_TRANSLATION_FAILED);
+        return (NULL);
+    }
+    if (transform)
+        sprintf(translated, "%s.dll", filename);
+    else
+        sprintf(translated, "%s", filename);
+    return (translated);
+}
 
 static const char *openssl_strnchr(const char *string, int c, size_t len)
-	{
-	size_t i;
-	const char *p;
-	for (i = 0, p = string; i < len && *p; i++, p++)
-		{
-		if (*p == c)
-			return p;
-		}
-	return NULL;
-	}
-
-
-#endif /* OPENSSL_SYS_WIN32 */
+{
+    size_t i;
+    const char *p;
+    for (i = 0, p = string; i < len && *p; i++, p++) {
+        if (*p == c)
+            return p;
+    }
+    return NULL;
+}
+
+#endif                          /* OPENSSL_SYS_WIN32 */
diff --git a/Cryptlib/OpenSSL/crypto/dyn_lck.c b/Cryptlib/OpenSSL/crypto/dyn_lck.c
index 7f82c412..e91b9b79 100644
--- a/Cryptlib/OpenSSL/crypto/dyn_lck.c
+++ b/Cryptlib/OpenSSL/crypto/dyn_lck.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,21 +58,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -87,10 +87,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -102,7 +102,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -110,7 +110,7 @@
  */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
+ * ECDH support in OpenSSL originally developed by
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 
@@ -118,311 +118,305 @@
 #include <openssl/safestack.h>
 
 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
-static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */
+static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */
 #endif
 
 DECLARE_STACK_OF(CRYPTO_dynlock)
 IMPLEMENT_STACK_OF(CRYPTO_dynlock)
 
 /* real #defines in crypto.h, keep these upto date */
-static const char* const lock_names[CRYPTO_NUM_LOCKS] =
-	{
-	"<<ERROR>>",
-	"err",
-	"ex_data",
-	"x509",
-	"x509_info",
-	"x509_pkey",
-	"x509_crl",
-	"x509_req",
-	"dsa",
-	"rsa",
-	"evp_pkey",
-	"x509_store",
-	"ssl_ctx",
-	"ssl_cert",
-	"ssl_session",
-	"ssl_sess_cert",
-	"ssl",
-	"ssl_method",
-	"rand",
-	"rand2",
-	"debug_malloc",
-	"BIO",
-	"gethostbyname",
-	"getservbyname",
-	"readdir",
-	"RSA_blinding",
-	"dh",
-	"debug_malloc2",
-	"dso",
-	"dynlock",
-	"engine",
-	"ui",
-	"ecdsa",
-	"ec",
-	"ecdh",
-	"bn",
-	"ec_pre_comp",
-	"store",
-	"comp",
+static const char *const lock_names[CRYPTO_NUM_LOCKS] = {
+    "<<ERROR>>",
+    "err",
+    "ex_data",
+    "x509",
+    "x509_info",
+    "x509_pkey",
+    "x509_crl",
+    "x509_req",
+    "dsa",
+    "rsa",
+    "evp_pkey",
+    "x509_store",
+    "ssl_ctx",
+    "ssl_cert",
+    "ssl_session",
+    "ssl_sess_cert",
+    "ssl",
+    "ssl_method",
+    "rand",
+    "rand2",
+    "debug_malloc",
+    "BIO",
+    "gethostbyname",
+    "getservbyname",
+    "readdir",
+    "RSA_blinding",
+    "dh",
+    "debug_malloc2",
+    "dso",
+    "dynlock",
+    "engine",
+    "ui",
+    "ecdsa",
+    "ec",
+    "ecdh",
+    "bn",
+    "ec_pre_comp",
+    "store",
+    "comp",
 #ifndef OPENSSL_FIPS
 # if CRYPTO_NUM_LOCKS != 39
 #  error "Inconsistency between crypto.h and cryptlib.c"
 # endif
 #else
-	"fips",
-	"fips2",
+    "fips",
+    "fips2",
 # if CRYPTO_NUM_LOCKS != 41
 #  error "Inconsistency between crypto.h and cryptlib.c"
 # endif
 #endif
-	};
-
-/* This is for applications to allocate new type names in the non-dynamic
-   array of lock names.  These are numbered with positive numbers.  */
-static STACK *app_locks=NULL;
+};
 
-/* For applications that want a more dynamic way of handling threads, the
-   following stack is used.  These are externally numbered with negative
-   numbers.  */
-static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL;
+/*
+ * This is for applications to allocate new type names in the non-dynamic
+ * array of lock names.  These are numbered with positive numbers.
+ */
+static STACK *app_locks = NULL;
 
+/*
+ * For applications that want a more dynamic way of handling threads, the
+ * following stack is used.  These are externally numbered with negative
+ * numbers.
+ */
+static STACK_OF(CRYPTO_dynlock) *dyn_locks = NULL;
 
 static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback)
-	(const char *file,int line)=NULL;
-static void (MS_FAR *dynlock_lock_callback)(int mode,
-	struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL;
-static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l,
-	const char *file,int line)=NULL;
+ (const char *file, int line) = NULL;
+static void (MS_FAR *dynlock_lock_callback) (int mode,
+                                             struct CRYPTO_dynlock_value *l,
+                                             const char *file, int line) =
+    NULL;
+static void (MS_FAR *dynlock_destroy_callback) (struct CRYPTO_dynlock_value
+                                                *l, const char *file,
+                                                int line) = NULL;
 
 int CRYPTO_get_new_lockid(char *name)
-	{
-	char *str;
-	int i;
+{
+    char *str;
+    int i;
 
 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
-	/* A hack to make Visual C++ 5.0 work correctly when linking as
-	 * a DLL using /MT. Without this, the application cannot use
-	 * and floating point printf's.
-	 * It also seems to be needed for Visual C 1.5 (win16) */
-	SSLeay_MSVC5_hack=(double)name[0]*(double)name[1];
+    /*
+     * A hack to make Visual C++ 5.0 work correctly when linking as a DLL
+     * using /MT. Without this, the application cannot use and floating point
+     * printf's. It also seems to be needed for Visual C 1.5 (win16)
+     */
+    SSLeay_MSVC5_hack = (double)name[0] * (double)name[1];
 #endif
 
-	if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL))
-		{
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	if ((str=BUF_strdup(name)) == NULL)
-		{
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	i=sk_push(app_locks,str);
-	if (!i)
-		OPENSSL_free(str);
-	else
-		i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */
-	return(i);
-	}
+    if ((app_locks == NULL) && ((app_locks = sk_new_null()) == NULL)) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    if ((str = BUF_strdup(name)) == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    i = sk_push(app_locks, str);
+    if (!i)
+        OPENSSL_free(str);
+    else
+        i += CRYPTO_NUM_LOCKS;  /* gap of one :-) */
+    return (i);
+}
 
 int CRYPTO_get_new_dynlockid(void)
-	{
-	int i = 0;
-	CRYPTO_dynlock *pointer = NULL;
-
-	if (dynlock_create_callback == NULL)
-		{
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
-		return(0);
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-	if ((dyn_locks == NULL)
-		&& ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL))
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
-	pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock));
-	if (pointer == NULL)
-		{
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	pointer->references = 1;
-	pointer->data = dynlock_create_callback(__FILE__,__LINE__);
-	if (pointer->data == NULL)
-		{
-		OPENSSL_free(pointer);
-		CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-
-	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-	/* First, try to find an existing empty slot */
-	i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
-	/* If there was none, push, thereby creating a new one */
-	if (i == -1)
-		/* Since sk_push() returns the number of items on the
-		   stack, not the location of the pushed item, we need
-		   to transform the returned number into a position,
-		   by decreasing it.  */
-		i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
-	else
-		/* If we found a place with a NULL pointer, put our pointer
-		   in it.  */
-		(void)sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
-	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
-	if (i == -1)
-		{
-		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
-		OPENSSL_free(pointer);
-		}
-	else
-		i += 1; /* to avoid 0 */
-	return -i;
-	}
+{
+    int i = 0;
+    CRYPTO_dynlock *pointer = NULL;
+
+    if (dynlock_create_callback == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,
+                  CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK);
+        return (0);
+    }
+    CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+    if ((dyn_locks == NULL)
+        && ((dyn_locks = sk_CRYPTO_dynlock_new_null()) == NULL)) {
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+        CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+    pointer = (CRYPTO_dynlock *) OPENSSL_malloc(sizeof(CRYPTO_dynlock));
+    if (pointer == NULL) {
+        CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    pointer->references = 1;
+    pointer->data = dynlock_create_callback(__FILE__, __LINE__);
+    if (pointer->data == NULL) {
+        OPENSSL_free(pointer);
+        CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+
+    CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+    /* First, try to find an existing empty slot */
+    i = sk_CRYPTO_dynlock_find(dyn_locks, NULL);
+    /* If there was none, push, thereby creating a new one */
+    if (i == -1)
+        /*
+         * Since sk_push() returns the number of items on the stack, not the
+         * location of the pushed item, we need to transform the returned
+         * number into a position, by decreasing it.
+         */
+        i = sk_CRYPTO_dynlock_push(dyn_locks, pointer) - 1;
+    else
+        /*
+         * If we found a place with a NULL pointer, put our pointer in it.
+         */
+        (void)sk_CRYPTO_dynlock_set(dyn_locks, i, pointer);
+    CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+    if (i == -1) {
+        dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
+        OPENSSL_free(pointer);
+    } else
+        i += 1;                 /* to avoid 0 */
+    return -i;
+}
 
 void CRYPTO_destroy_dynlockid(int i)
-	{
-	CRYPTO_dynlock *pointer = NULL;
-	if (i)
-		i = -i-1;
-	if (dynlock_destroy_callback == NULL)
-		return;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
-
-	if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-		return;
-		}
-	pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
-	if (pointer != NULL)
-		{
-		--pointer->references;
+{
+    CRYPTO_dynlock *pointer = NULL;
+    if (i)
+        i = -i - 1;
+    if (dynlock_destroy_callback == NULL)
+        return;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+
+    if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) {
+        CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+        return;
+    }
+    pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+    if (pointer != NULL) {
+        --pointer->references;
 #ifdef REF_CHECK
-		if (pointer->references < 0)
-			{
-			fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n");
-			abort();
-			}
-		else
+        if (pointer->references < 0) {
+            fprintf(stderr,
+                    "CRYPTO_destroy_dynlockid, bad reference count\n");
+            abort();
+        } else
 #endif
-			if (pointer->references <= 0)
-				{
-				(void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
-				}
-			else
-				pointer = NULL;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
-
-	if (pointer)
-		{
-		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
-		OPENSSL_free(pointer);
-		}
-	}
+        if (pointer->references <= 0) {
+            (void)sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
+        } else
+            pointer = NULL;
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+
+    if (pointer) {
+        dynlock_destroy_callback(pointer->data, __FILE__, __LINE__);
+        OPENSSL_free(pointer);
+    }
+}
 
 struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i)
-	{
-	CRYPTO_dynlock *pointer = NULL;
-	if (i)
-		i = -i-1;
+{
+    CRYPTO_dynlock *pointer = NULL;
+    if (i)
+        i = -i - 1;
 
-	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+    CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
 
-	if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))
-		pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
-	if (pointer)
-		pointer->references++;
+    if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks))
+        pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+    if (pointer)
+        pointer->references++;
 
-	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+    CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
 
-	if (pointer)
-		return pointer->data;
-	return NULL;
-	}
+    if (pointer)
+        return pointer->data;
+    return NULL;
+}
 
 struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))
-	(const char *file,int line)
-	{
-	return(dynlock_create_callback);
-	}
+ (const char *file, int line) {
+    return (dynlock_create_callback);
+}
 
-void (*CRYPTO_get_dynlock_lock_callback(void))(int mode,
-	struct CRYPTO_dynlock_value *l, const char *file,int line)
-	{
-	return(dynlock_lock_callback);
-	}
+void (*CRYPTO_get_dynlock_lock_callback(void)) (int mode,
+                                                struct CRYPTO_dynlock_value
+                                                *l, const char *file,
+                                                int line) {
+    return (dynlock_lock_callback);
+}
 
 void (*CRYPTO_get_dynlock_destroy_callback(void))
-	(struct CRYPTO_dynlock_value *l, const char *file,int line)
-	{
-	return(dynlock_destroy_callback);
-	}
+ (struct CRYPTO_dynlock_value *l, const char *file, int line) {
+    return (dynlock_destroy_callback);
+}
 
 void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func)
-	(const char *file, int line))
-	{
-	dynlock_create_callback=func;
-	}
+                                         (const char *file, int line))
+{
+    dynlock_create_callback = func;
+}
 
 static void do_dynlock(int mode, int type, const char *file, int line)
-	{
-	if (dynlock_lock_callback != NULL)
-		{
-		struct CRYPTO_dynlock_value *pointer
-				= CRYPTO_get_dynlock_value(type);
-
-		OPENSSL_assert(pointer != NULL);
-
-		dynlock_lock_callback(mode, pointer, file, line);
-
-		CRYPTO_destroy_dynlockid(type);
-		}
-	}
-
-void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode,
-	struct CRYPTO_dynlock_value *l, const char *file, int line))
-	{
-	/* Set callback so CRYPTO_lock() can now handle dynamic locks.
-	 * This is OK because at this point and application shouldn't be using
-	 * OpenSSL from multiple threads because it is setting up the locking
-	 * callbacks.
-	 */
-	static int done = 0;
-	if (!done)
-		{
-		int_CRYPTO_set_do_dynlock_callback(do_dynlock);
-		done = 1;
-		}
-		
-	dynlock_lock_callback=func;
-	}
+{
+    if (dynlock_lock_callback != NULL) {
+        struct CRYPTO_dynlock_value *pointer = CRYPTO_get_dynlock_value(type);
+
+        OPENSSL_assert(pointer != NULL);
+
+        dynlock_lock_callback(mode, pointer, file, line);
+
+        CRYPTO_destroy_dynlockid(type);
+    }
+}
+
+void CRYPTO_set_dynlock_lock_callback(void (*func) (int mode,
+                                                    struct
+                                                    CRYPTO_dynlock_value *l,
+                                                    const char *file,
+                                                    int line))
+{
+    /*
+     * Set callback so CRYPTO_lock() can now handle dynamic locks. This is OK
+     * because at this point and application shouldn't be using OpenSSL from
+     * multiple threads because it is setting up the locking callbacks.
+     */
+    static int done = 0;
+    if (!done) {
+        int_CRYPTO_set_do_dynlock_callback(do_dynlock);
+        done = 1;
+    }
+
+    dynlock_lock_callback = func;
+}
 
 void CRYPTO_set_dynlock_destroy_callback(void (*func)
-	(struct CRYPTO_dynlock_value *l, const char *file, int line))
-	{
-	dynlock_destroy_callback=func;
-	}
+                                          (struct CRYPTO_dynlock_value *l,
+                                           const char *file, int line))
+{
+    dynlock_destroy_callback = func;
+}
 
 const char *CRYPTO_get_lock_name(int type)
-	{
-	if (type < 0)
-		return("dynamic");
-	else if (type < CRYPTO_NUM_LOCKS)
-		return(lock_names[type]);
-	else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
-		return("ERROR");
-	else
-		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
-	}
-
+{
+    if (type < 0)
+        return ("dynamic");
+    else if (type < CRYPTO_NUM_LOCKS)
+        return (lock_names[type]);
+    else if (type - CRYPTO_NUM_LOCKS > sk_num(app_locks))
+        return ("ERROR");
+    else
+        return (sk_value(app_locks, type - CRYPTO_NUM_LOCKS));
+}
diff --git a/Cryptlib/OpenSSL/crypto/ebcdic.c b/Cryptlib/OpenSSL/crypto/ebcdic.c
index 43e53bca..4b7652c0 100644
--- a/Cryptlib/OpenSSL/crypto/ebcdic.c
+++ b/Cryptlib/OpenSSL/crypto/ebcdic.c
@@ -2,198 +2,262 @@
 
 #ifndef CHARSET_EBCDIC
 
-#include <openssl/e_os2.h>
-#if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
-static void *dummy=&dummy;
-#endif
+# include <openssl/e_os2.h>
+# if defined(PEDANTIC) || defined(__DECC) || defined(OPENSSL_SYS_MACOSX)
+static void *dummy = &dummy;
+# endif
 
-#else /*CHARSET_EBCDIC*/
+#else                           /* CHARSET_EBCDIC */
 
-#include "ebcdic.h"
-/*      Initial Port for  Apache-1.3     by <Martin.Kraemer@Mch.SNI.De>
+# include "ebcdic.h"
+/*-
+ *      Initial Port for  Apache-1.3     by <Martin.Kraemer@Mch.SNI.De>
  *      Adapted for       OpenSSL-0.9.4  by <Martin.Kraemer@Mch.SNI.De>
  */
 
-#ifdef _OSD_POSIX
+# ifdef _OSD_POSIX
 /*
-    "BS2000 OSD" is a POSIX subsystem on a main frame.
-    It is made by Siemens AG, Germany, for their BS2000 mainframe machines.
-    Within the POSIX subsystem, the same character set was chosen as in
-    "native BS2000", namely EBCDIC. (EDF04)
-
-    The name "ASCII" in these routines is misleading: actually, conversion
-    is not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1;
-    that means that (western european) national characters are preserved.
-
-    This table is identical to the one used by rsh/rcp/ftp and other POSIX tools.
-*/
+ * "BS2000 OSD" is a POSIX subsystem on a main frame. It is made by Siemens
+ * AG, Germany, for their BS2000 mainframe machines. Within the POSIX
+ * subsystem, the same character set was chosen as in "native BS2000", namely
+ * EBCDIC. (EDF04)
+ *
+ * The name "ASCII" in these routines is misleading: actually, conversion is
+ * not between EBCDIC and ASCII, but EBCDIC(EDF04) and ISO-8859.1; that means
+ * that (western european) national characters are preserved.
+ *
+ * This table is identical to the one used by rsh/rcp/ftp and other POSIX
+ * tools.
+ */
 
 /* Here's the bijective ebcdic-to-ascii table: */
 const unsigned char os_toascii[256] = {
-/*00*/ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f,
-       0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /*................*/
-/*10*/ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97,
-       0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /*................*/
-/*20*/ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b,
-       0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /*................*/
-/*30*/ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04,
-       0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /*................*/
-/*40*/ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5,
-       0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+|*/
-/*50*/ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef,
-       0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /*&.........!$*);.*/
-/*60*/ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5,
-       0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /*-/........^,%_>?*/
-/*70*/ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf,
-       0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /*..........:#@'="*/
-/*80*/ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
-       0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /*.abcdefghi......*/
-/*90*/ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
-       0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /*.jklmnopqr......*/
-/*a0*/ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
-       0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /*..stuvwxyz......*/
-/*b0*/ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc,
-       0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /*...........[\]..*/
-/*c0*/ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
-       0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /*.ABCDEFGHI......*/
-/*d0*/ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
-       0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /*.JKLMNOPQR......*/
-/*e0*/ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58,
-       0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /*..STUVWXYZ......*/
-/*f0*/ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
-       0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e  /*0123456789.{.}.~*/
+    /*
+     * 00
+     */ 0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f,
+    0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    /*
+     * 10
+     */ 0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97,
+    0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    /*
+     * 20
+     */ 0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b,
+    0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
+    /*
+     * 30
+     */ 0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04,
+    0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
+    /*
+     * 40
+     */ 0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5,
+    0xe7, 0xf1, 0x60, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* .........`.<(+| */
+    /*
+     * 50
+     */ 0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef,
+    0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x9f, /* &.........!$*);. */
+    /*
+     * 60
+     */ 0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5,
+    0xc7, 0xd1, 0x5e, 0x2c, 0x25, 0x5f, 0x3e, 0x3f,    /*-/........^,%_>?*/
+    /*
+     * 70
+     */ 0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf,
+    0xcc, 0xa8, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* ..........:#@'=" */
+    /*
+     * 80
+     */ 0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
+    0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
+    /*
+     * 90
+     */ 0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70,
+    0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
+    /*
+     * a0
+     */ 0xb5, 0xaf, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78,
+    0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0xdd, 0xde, 0xae, /* ..stuvwxyz...... */
+    /*
+     * b0
+     */ 0xa2, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc,
+    0xbd, 0xbe, 0xac, 0x5b, 0x5c, 0x5d, 0xb4, 0xd7, /* ...........[\].. */
+    /*
+     * c0
+     */ 0xf9, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* .ABCDEFGHI...... */
+    /*
+     * d0
+     */ 0xa6, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50,
+    0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xdb, 0xfa, 0xff, /* .JKLMNOPQR...... */
+    /*
+     * e0
+     */ 0xd9, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58,
+    0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* ..STUVWXYZ...... */
+    /*
+     * f0
+     */ 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
+    0x38, 0x39, 0xb3, 0x7b, 0xdc, 0x7d, 0xda, 0x7e /* 0123456789.{.}.~ */
 };
 
-
 /* The ascii-to-ebcdic table: */
 const unsigned char os_toebcdic[256] = {
-/*00*/  0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f,
-	0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,  /*................*/
-/*10*/  0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26,
-	0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f,  /*................*/
-/*20*/  0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d,
-	0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61,  /* !"#$%&'()*+,-./ */
-/*30*/  0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
-	0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f,  /*0123456789:;<=>?*/
-/*40*/  0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
-	0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6,  /*@ABCDEFGHIJKLMNO*/
-/*50*/  0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6,
-	0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d,  /*PQRSTUVWXYZ[\]^_*/
-/*60*/  0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
-	0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96,  /*`abcdefghijklmno*/
-/*70*/  0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6,
-	0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07,  /*pqrstuvwxyz{|}~.*/
-/*80*/  0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08,
-	0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14,  /*................*/
-/*90*/  0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17,
-	0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f,  /*................*/
-/*a0*/  0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5,
-	0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1,  /*................*/
-/*b0*/  0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3,
-	0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab,  /*................*/
-/*c0*/  0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68,
-	0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77,  /*................*/
-/*d0*/  0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf,
-	0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59,  /*................*/
-/*e0*/  0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48,
-	0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57,  /*................*/
-/*f0*/  0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1,
-	0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf   /*................*/
+    /*
+     * 00
+     */ 0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f,
+    0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
+    /*
+     * 10
+     */ 0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26,
+    0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
+    /*
+     * 20
+     */ 0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d,
+    0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */
+    /*
+     * 30
+     */ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
+    0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
+    /*
+     * 40
+     */ 0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
+    0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
+    /*
+     * 50
+     */ 0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6,
+    0xe7, 0xe8, 0xe9, 0xbb, 0xbc, 0xbd, 0x6a, 0x6d, /* PQRSTUVWXYZ[\]^_ */
+    /*
+     * 60
+     */ 0x4a, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+    0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
+    /*
+     * 70
+     */ 0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6,
+    0xa7, 0xa8, 0xa9, 0xfb, 0x4f, 0xfd, 0xff, 0x07, /* pqrstuvwxyz{|}~. */
+    /*
+     * 80
+     */ 0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08,
+    0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
+    /*
+     * 90
+     */ 0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17,
+    0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0x5f, /* ................ */
+    /*
+     * a0
+     */ 0x41, 0xaa, 0xb0, 0xb1, 0x9f, 0xb2, 0xd0, 0xb5,
+    0x79, 0xb4, 0x9a, 0x8a, 0xba, 0xca, 0xaf, 0xa1, /* ................ */
+    /*
+     * b0
+     */ 0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3,
+    0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
+    /*
+     * c0
+     */ 0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68,
+    0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
+    /*
+     * d0
+     */ 0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf,
+    0x80, 0xe0, 0xfe, 0xdd, 0xfc, 0xad, 0xae, 0x59, /* ................ */
+    /*
+     * e0
+     */ 0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48,
+    0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
+    /*
+     * f0
+     */ 0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1,
+    0x70, 0xc0, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */
 };
 
-#else  /*_OSD_POSIX*/
+# else /*_OSD_POSIX*/
 
 /*
-This code does basic character mapping for IBM's TPF and OS/390 operating systems.
-It is a modified version of the BS2000 table.
-
-Bijective EBCDIC (character set IBM-1047) to US-ASCII table:
-This table is bijective - there are no ambigous or duplicate characters.
-*/
+ * This code does basic character mapping for IBM's TPF and OS/390 operating
+ * systems. It is a modified version of the BS2000 table.
+ *
+ * Bijective EBCDIC (character set IBM-1047) to US-ASCII table: This table is
+ * bijective - there are no ambigous or duplicate characters.
+ */
 const unsigned char os_toascii[256] = {
-    0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f:           */
+    0x00, 0x01, 0x02, 0x03, 0x85, 0x09, 0x86, 0x7f, /* 00-0f: */
     0x87, 0x8d, 0x8e, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
-    0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f:           */
+    0x10, 0x11, 0x12, 0x13, 0x8f, 0x0a, 0x08, 0x97, /* 10-1f: */
     0x18, 0x19, 0x9c, 0x9d, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
-    0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f:           */
+    0x80, 0x81, 0x82, 0x83, 0x84, 0x92, 0x17, 0x1b, /* 20-2f: */
     0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x05, 0x06, 0x07, /* ................ */
-    0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f:           */
+    0x90, 0x91, 0x16, 0x93, 0x94, 0x95, 0x96, 0x04, /* 30-3f: */
     0x98, 0x99, 0x9a, 0x9b, 0x14, 0x15, 0x9e, 0x1a, /* ................ */
-    0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f:           */
-    0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /*  ...........<(+| */
-    0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f:           */
+    0x20, 0xa0, 0xe2, 0xe4, 0xe0, 0xe1, 0xe3, 0xe5, /* 40-4f: */
+    0xe7, 0xf1, 0xa2, 0x2e, 0x3c, 0x28, 0x2b, 0x7c, /* ...........<(+| */
+    0x26, 0xe9, 0xea, 0xeb, 0xe8, 0xed, 0xee, 0xef, /* 50-5f: */
     0xec, 0xdf, 0x21, 0x24, 0x2a, 0x29, 0x3b, 0x5e, /* &.........!$*);^ */
-    0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f:           */
+    0x2d, 0x2f, 0xc2, 0xc4, 0xc0, 0xc1, 0xc3, 0xc5, /* 60-6f: */
     0xc7, 0xd1, 0xa6, 0x2c, 0x25, 0x5f, 0x3e, 0x3f, /* -/.........,%_>? */
-    0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f:           */
+    0xf8, 0xc9, 0xca, 0xcb, 0xc8, 0xcd, 0xce, 0xcf, /* 70-7f: */
     0xcc, 0x60, 0x3a, 0x23, 0x40, 0x27, 0x3d, 0x22, /* .........`:#@'=" */
-    0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f:           */
+    0xd8, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, /* 80-8f: */
     0x68, 0x69, 0xab, 0xbb, 0xf0, 0xfd, 0xfe, 0xb1, /* .abcdefghi...... */
-    0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f:           */
+    0xb0, 0x6a, 0x6b, 0x6c, 0x6d, 0x6e, 0x6f, 0x70, /* 90-9f: */
     0x71, 0x72, 0xaa, 0xba, 0xe6, 0xb8, 0xc6, 0xa4, /* .jklmnopqr...... */
-    0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af:           */
+    0xb5, 0x7e, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, /* a0-af: */
     0x79, 0x7a, 0xa1, 0xbf, 0xd0, 0x5b, 0xde, 0xae, /* .~stuvwxyz...[.. */
-    0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf:           */
+    0xac, 0xa3, 0xa5, 0xb7, 0xa9, 0xa7, 0xb6, 0xbc, /* b0-bf: */
     0xbd, 0xbe, 0xdd, 0xa8, 0xaf, 0x5d, 0xb4, 0xd7, /* .............].. */
-    0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf:           */
+    0x7b, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, /* c0-cf: */
     0x48, 0x49, 0xad, 0xf4, 0xf6, 0xf2, 0xf3, 0xf5, /* {ABCDEFGHI...... */
-    0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df:           */
+    0x7d, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, /* d0-df: */
     0x51, 0x52, 0xb9, 0xfb, 0xfc, 0xf9, 0xfa, 0xff, /* }JKLMNOPQR...... */
-    0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef:           */
+    0x5c, 0xf7, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, /* e0-ef: */
     0x59, 0x5a, 0xb2, 0xd4, 0xd6, 0xd2, 0xd3, 0xd5, /* \.STUVWXYZ...... */
-    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff:           */
-    0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f  /* 0123456789...... */
+    0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, /* f0-ff: */
+    0x38, 0x39, 0xb3, 0xdb, 0xdc, 0xd9, 0xda, 0x9f /* 0123456789...... */
 };
 
-
 /*
-The US-ASCII to EBCDIC (character set IBM-1047) table:
-This table is bijective (no ambiguous or duplicate characters)
-*/
+ * The US-ASCII to EBCDIC (character set IBM-1047) table: This table is
+ * bijective (no ambiguous or duplicate characters)
+ */
 const unsigned char os_toebcdic[256] = {
-    0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f:           */
+    0x00, 0x01, 0x02, 0x03, 0x37, 0x2d, 0x2e, 0x2f, /* 00-0f: */
     0x16, 0x05, 0x15, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, /* ................ */
-    0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f:           */
+    0x10, 0x11, 0x12, 0x13, 0x3c, 0x3d, 0x32, 0x26, /* 10-1f: */
     0x18, 0x19, 0x3f, 0x27, 0x1c, 0x1d, 0x1e, 0x1f, /* ................ */
-    0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f:           */
-    0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /*  !"#$%&'()*+,-./ */
-    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f:           */
+    0x40, 0x5a, 0x7f, 0x7b, 0x5b, 0x6c, 0x50, 0x7d, /* 20-2f: */
+    0x4d, 0x5d, 0x5c, 0x4e, 0x6b, 0x60, 0x4b, 0x61, /* !"#$%&'()*+,-./ */
+    0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, /* 30-3f: */
     0xf8, 0xf9, 0x7a, 0x5e, 0x4c, 0x7e, 0x6e, 0x6f, /* 0123456789:;<=>? */
-    0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f:           */
+    0x7c, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, /* 40-4f: */
     0xc8, 0xc9, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, /* @ABCDEFGHIJKLMNO */
-    0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f:           */
+    0xd7, 0xd8, 0xd9, 0xe2, 0xe3, 0xe4, 0xe5, 0xe6, /* 50-5f: */
     0xe7, 0xe8, 0xe9, 0xad, 0xe0, 0xbd, 0x5f, 0x6d, /* PQRSTUVWXYZ[\]^_ */
-    0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f:           */
+    0x79, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, /* 60-6f: */
     0x88, 0x89, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, /* `abcdefghijklmno */
-    0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f:           */
+    0x97, 0x98, 0x99, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, /* 70-7f: */
     0xa7, 0xa8, 0xa9, 0xc0, 0x4f, 0xd0, 0xa1, 0x07, /* pqrstuvwxyz{|}~. */
-    0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f:           */
+    0x20, 0x21, 0x22, 0x23, 0x24, 0x04, 0x06, 0x08, /* 80-8f: */
     0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x09, 0x0a, 0x14, /* ................ */
-    0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f:           */
+    0x30, 0x31, 0x25, 0x33, 0x34, 0x35, 0x36, 0x17, /* 90-9f: */
     0x38, 0x39, 0x3a, 0x3b, 0x1a, 0x1b, 0x3e, 0xff, /* ................ */
-    0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af:           */
+    0x41, 0xaa, 0x4a, 0xb1, 0x9f, 0xb2, 0x6a, 0xb5, /* a0-af: */
     0xbb, 0xb4, 0x9a, 0x8a, 0xb0, 0xca, 0xaf, 0xbc, /* ................ */
-    0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf:           */
+    0x90, 0x8f, 0xea, 0xfa, 0xbe, 0xa0, 0xb6, 0xb3, /* b0-bf: */
     0x9d, 0xda, 0x9b, 0x8b, 0xb7, 0xb8, 0xb9, 0xab, /* ................ */
-    0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf:           */
+    0x64, 0x65, 0x62, 0x66, 0x63, 0x67, 0x9e, 0x68, /* c0-cf: */
     0x74, 0x71, 0x72, 0x73, 0x78, 0x75, 0x76, 0x77, /* ................ */
-    0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df:           */
+    0xac, 0x69, 0xed, 0xee, 0xeb, 0xef, 0xec, 0xbf, /* d0-df: */
     0x80, 0xfd, 0xfe, 0xfb, 0xfc, 0xba, 0xae, 0x59, /* ................ */
-    0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef:           */
+    0x44, 0x45, 0x42, 0x46, 0x43, 0x47, 0x9c, 0x48, /* e0-ef: */
     0x54, 0x51, 0x52, 0x53, 0x58, 0x55, 0x56, 0x57, /* ................ */
-    0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff:           */
-    0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf  /* ................ */
+    0x8c, 0x49, 0xcd, 0xce, 0xcb, 0xcf, 0xcc, 0xe1, /* f0-ff: */
+    0x70, 0xdd, 0xde, 0xdb, 0xdc, 0x8d, 0x8e, 0xdf /* ................ */
 };
-#endif /*_OSD_POSIX*/
+# endif/*_OSD_POSIX*/
 
-/* Translate a memory block from EBCDIC (host charset) to ASCII (net charset)
- * dest and srce may be identical, or separate memory blocks, but
- * should not overlap. These functions intentionally have an interface
- * compatible to memcpy(3).
+/*
+ * Translate a memory block from EBCDIC (host charset) to ASCII (net charset)
+ * dest and srce may be identical, or separate memory blocks, but should not
+ * overlap. These functions intentionally have an interface compatible to
+ * memcpy(3).
  */
 
-void *
-ebcdic2ascii(void *dest, const void *srce, size_t count)
+void *ebcdic2ascii(void *dest, const void *srce, size_t count)
 {
     unsigned char *udest = dest;
     const unsigned char *usrce = srce;
@@ -205,8 +269,7 @@ ebcdic2ascii(void *dest, const void *srce, size_t count)
     return dest;
 }
 
-void *
-ascii2ebcdic(void *dest, const void *srce, size_t count)
+void *ascii2ebcdic(void *dest, const void *srce, size_t count)
 {
     unsigned char *udest = dest;
     const unsigned char *usrce = srce;
diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c
index 6b570a3f..d3ba5d77 100644
--- a/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c
+++ b/Cryptlib/OpenSSL/crypto/ec/ec2_mult.c
@@ -21,7 +21,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -71,319 +71,393 @@
 
 #include "ec_lcl.h"
 
-
-/* Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective 
+/*-
+ * Compute the x-coordinate x/z for the point 2*(x/z) in Montgomery projective
  * coordinates.
- * Uses algorithm Mdouble in appendix of 
- *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
+ * Uses algorithm Mdouble in appendix of
+ *     Lopez, J. and Dahab, R.  "Fast multiplication on elliptic curves over
  *     GF(2^m) without precomputation".
  * modified to not require precomputation of c=b^{2^{m-1}}.
  */
-static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z, BN_CTX *ctx)
-	{
-	BIGNUM *t1;
-	int ret = 0;
-	
-	/* Since Mdouble is static we can guarantee that ctx != NULL. */
-	BN_CTX_start(ctx);
-	t1 = BN_CTX_get(ctx);
-	if (t1 == NULL) goto err;
-
-	if (!group->meth->field_sqr(group, x, x, ctx)) goto err;
-	if (!group->meth->field_sqr(group, t1, z, ctx)) goto err;
-	if (!group->meth->field_mul(group, z, x, t1, ctx)) goto err;
-	if (!group->meth->field_sqr(group, x, x, ctx)) goto err;
-	if (!group->meth->field_sqr(group, t1, t1, ctx)) goto err;
-	if (!group->meth->field_mul(group, t1, &group->b, t1, ctx)) goto err;
-	if (!BN_GF2m_add(x, x, t1)) goto err;
-
-	ret = 1;
+static int gf2m_Mdouble(const EC_GROUP *group, BIGNUM *x, BIGNUM *z,
+                        BN_CTX *ctx)
+{
+    BIGNUM *t1;
+    int ret = 0;
+
+    /* Since Mdouble is static we can guarantee that ctx != NULL. */
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    if (t1 == NULL)
+        goto err;
+
+    if (!group->meth->field_sqr(group, x, x, ctx))
+        goto err;
+    if (!group->meth->field_sqr(group, t1, z, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, z, x, t1, ctx))
+        goto err;
+    if (!group->meth->field_sqr(group, x, x, ctx))
+        goto err;
+    if (!group->meth->field_sqr(group, t1, t1, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, t1, &group->b, t1, ctx))
+        goto err;
+    if (!BN_GF2m_add(x, x, t1))
+        goto err;
+
+    ret = 1;
 
  err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
+    BN_CTX_end(ctx);
+    return ret;
+}
 
-/* Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery 
+/*-
+ * Compute the x-coordinate x1/z1 for the point (x1/z1)+(x2/x2) in Montgomery
  * projective coordinates.
- * Uses algorithm Madd in appendix of 
- *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
+ * Uses algorithm Madd in appendix of
+ *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over
  *     GF(2^m) without precomputation".
  */
-static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1, BIGNUM *z1, 
-	const BIGNUM *x2, const BIGNUM *z2, BN_CTX *ctx)
-	{
-	BIGNUM *t1, *t2;
-	int ret = 0;
-	
-	/* Since Madd is static we can guarantee that ctx != NULL. */
-	BN_CTX_start(ctx);
-	t1 = BN_CTX_get(ctx);
-	t2 = BN_CTX_get(ctx);
-	if (t2 == NULL) goto err;
-
-	if (!BN_copy(t1, x)) goto err;
-	if (!group->meth->field_mul(group, x1, x1, z2, ctx)) goto err;
-	if (!group->meth->field_mul(group, z1, z1, x2, ctx)) goto err;
-	if (!group->meth->field_mul(group, t2, x1, z1, ctx)) goto err;
-	if (!BN_GF2m_add(z1, z1, x1)) goto err;
-	if (!group->meth->field_sqr(group, z1, z1, ctx)) goto err;
-	if (!group->meth->field_mul(group, x1, z1, t1, ctx)) goto err;
-	if (!BN_GF2m_add(x1, x1, t2)) goto err;
-
-	ret = 1;
+static int gf2m_Madd(const EC_GROUP *group, const BIGNUM *x, BIGNUM *x1,
+                     BIGNUM *z1, const BIGNUM *x2, const BIGNUM *z2,
+                     BN_CTX *ctx)
+{
+    BIGNUM *t1, *t2;
+    int ret = 0;
+
+    /* Since Madd is static we can guarantee that ctx != NULL. */
+    BN_CTX_start(ctx);
+    t1 = BN_CTX_get(ctx);
+    t2 = BN_CTX_get(ctx);
+    if (t2 == NULL)
+        goto err;
+
+    if (!BN_copy(t1, x))
+        goto err;
+    if (!group->meth->field_mul(group, x1, x1, z2, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, z1, z1, x2, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, t2, x1, z1, ctx))
+        goto err;
+    if (!BN_GF2m_add(z1, z1, x1))
+        goto err;
+    if (!group->meth->field_sqr(group, z1, z1, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, x1, z1, t1, ctx))
+        goto err;
+    if (!BN_GF2m_add(x1, x1, t2))
+        goto err;
+
+    ret = 1;
 
  err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
-/* Compute the x, y affine coordinates from the point (x1, z1) (x2, z2) 
- * using Montgomery point multiplication algorithm Mxy() in appendix of 
- *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
+    BN_CTX_end(ctx);
+    return ret;
+}
+
+/*-
+ * Compute the x, y affine coordinates from the point (x1, z1) (x2, z2)
+ * using Montgomery point multiplication algorithm Mxy() in appendix of
+ *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over
  *     GF(2^m) without precomputation".
  * Returns:
  *     0 on error
  *     1 if return value should be the point at infinity
  *     2 otherwise
  */
-static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y, BIGNUM *x1, 
-	BIGNUM *z1, BIGNUM *x2, BIGNUM *z2, BN_CTX *ctx)
-	{
-	BIGNUM *t3, *t4, *t5;
-	int ret = 0;
-	
-	if (BN_is_zero(z1))
-		{
-		BN_zero(x2);
-		BN_zero(z2);
-		return 1;
-		}
-	
-	if (BN_is_zero(z2))
-		{
-		if (!BN_copy(x2, x)) return 0;
-		if (!BN_GF2m_add(z2, x, y)) return 0;
-		return 2;
-		}
-		
-	/* Since Mxy is static we can guarantee that ctx != NULL. */
-	BN_CTX_start(ctx);
-	t3 = BN_CTX_get(ctx);
-	t4 = BN_CTX_get(ctx);
-	t5 = BN_CTX_get(ctx);
-	if (t5 == NULL) goto err;
-
-	if (!BN_one(t5)) goto err;
-
-	if (!group->meth->field_mul(group, t3, z1, z2, ctx)) goto err;
-
-	if (!group->meth->field_mul(group, z1, z1, x, ctx)) goto err;
-	if (!BN_GF2m_add(z1, z1, x1)) goto err;
-	if (!group->meth->field_mul(group, z2, z2, x, ctx)) goto err;
-	if (!group->meth->field_mul(group, x1, z2, x1, ctx)) goto err;
-	if (!BN_GF2m_add(z2, z2, x2)) goto err;
-
-	if (!group->meth->field_mul(group, z2, z2, z1, ctx)) goto err;
-	if (!group->meth->field_sqr(group, t4, x, ctx)) goto err;
-	if (!BN_GF2m_add(t4, t4, y)) goto err;
-	if (!group->meth->field_mul(group, t4, t4, t3, ctx)) goto err;
-	if (!BN_GF2m_add(t4, t4, z2)) goto err;
-
-	if (!group->meth->field_mul(group, t3, t3, x, ctx)) goto err;
-	if (!group->meth->field_div(group, t3, t5, t3, ctx)) goto err;
-	if (!group->meth->field_mul(group, t4, t3, t4, ctx)) goto err;
-	if (!group->meth->field_mul(group, x2, x1, t3, ctx)) goto err;
-	if (!BN_GF2m_add(z2, x2, x)) goto err;
-
-	if (!group->meth->field_mul(group, z2, z2, t4, ctx)) goto err;
-	if (!BN_GF2m_add(z2, z2, y)) goto err;
-
-	ret = 2;
+static int gf2m_Mxy(const EC_GROUP *group, const BIGNUM *x, const BIGNUM *y,
+                    BIGNUM *x1, BIGNUM *z1, BIGNUM *x2, BIGNUM *z2,
+                    BN_CTX *ctx)
+{
+    BIGNUM *t3, *t4, *t5;
+    int ret = 0;
+
+    if (BN_is_zero(z1)) {
+        BN_zero(x2);
+        BN_zero(z2);
+        return 1;
+    }
+
+    if (BN_is_zero(z2)) {
+        if (!BN_copy(x2, x))
+            return 0;
+        if (!BN_GF2m_add(z2, x, y))
+            return 0;
+        return 2;
+    }
+
+    /* Since Mxy is static we can guarantee that ctx != NULL. */
+    BN_CTX_start(ctx);
+    t3 = BN_CTX_get(ctx);
+    t4 = BN_CTX_get(ctx);
+    t5 = BN_CTX_get(ctx);
+    if (t5 == NULL)
+        goto err;
+
+    if (!BN_one(t5))
+        goto err;
+
+    if (!group->meth->field_mul(group, t3, z1, z2, ctx))
+        goto err;
+
+    if (!group->meth->field_mul(group, z1, z1, x, ctx))
+        goto err;
+    if (!BN_GF2m_add(z1, z1, x1))
+        goto err;
+    if (!group->meth->field_mul(group, z2, z2, x, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, x1, z2, x1, ctx))
+        goto err;
+    if (!BN_GF2m_add(z2, z2, x2))
+        goto err;
+
+    if (!group->meth->field_mul(group, z2, z2, z1, ctx))
+        goto err;
+    if (!group->meth->field_sqr(group, t4, x, ctx))
+        goto err;
+    if (!BN_GF2m_add(t4, t4, y))
+        goto err;
+    if (!group->meth->field_mul(group, t4, t4, t3, ctx))
+        goto err;
+    if (!BN_GF2m_add(t4, t4, z2))
+        goto err;
+
+    if (!group->meth->field_mul(group, t3, t3, x, ctx))
+        goto err;
+    if (!group->meth->field_div(group, t3, t5, t3, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, t4, t3, t4, ctx))
+        goto err;
+    if (!group->meth->field_mul(group, x2, x1, t3, ctx))
+        goto err;
+    if (!BN_GF2m_add(z2, x2, x))
+        goto err;
+
+    if (!group->meth->field_mul(group, z2, z2, t4, ctx))
+        goto err;
+    if (!BN_GF2m_add(z2, z2, y))
+        goto err;
+
+    ret = 2;
 
  err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
+    BN_CTX_end(ctx);
+    return ret;
+}
 
-/* Computes scalar*point and stores the result in r.
+/*-
+ * Computes scalar*point and stores the result in r.
  * point can not equal r.
  * Uses a modified algorithm 2P of
- *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over 
+ *     Lopex, J. and Dahab, R.  "Fast multiplication on elliptic curves over
  *     GF(2^m) without precomputation".
  *
  * To protect against side-channel attack the function uses constant time
  * swap avoiding conditional branches.
  */
-static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-	const EC_POINT *point, BN_CTX *ctx)
-	{
-	BIGNUM *x1, *x2, *z1, *z2;
-	int ret = 0, i, j;
-	BN_ULONG mask;
-
-	if (r == point)
-		{
-		ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT);
-		return 0;
-		}
-	
-	/* if result should be point at infinity */
-	if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) || 
-		EC_POINT_is_at_infinity(group, point))
-		{
-		return EC_POINT_set_to_infinity(group, r);
-		}
-
-	/* only support affine coordinates */
-	if (!point->Z_is_one) return 0;
-
-	/* Since point_multiply is static we can guarantee that ctx != NULL. */
-	BN_CTX_start(ctx);
-	x1 = BN_CTX_get(ctx);
-	z1 = BN_CTX_get(ctx);
-	if (z1 == NULL) goto err;
-
-	x2 = &r->X;
-	z2 = &r->Y;
-
-	bn_wexpand(x1, group->field.top);
-	bn_wexpand(z1, group->field.top);
-	bn_wexpand(x2, group->field.top);
-	bn_wexpand(z2, group->field.top);
-
-	if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */
-	if (!BN_one(z1)) goto err; /* z1 = 1 */
-	if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */
-	if (!group->meth->field_sqr(group, x2, z2, ctx)) goto err;
-	if (!BN_GF2m_add(x2, x2, &group->b)) goto err; /* x2 = x^4 + b */
-
-	/* find top most bit and go one past it */
-	i = scalar->top - 1; j = BN_BITS2 - 1;
-	mask = BN_TBIT;
-	while (!(scalar->d[i] & mask)) { mask >>= 1; j--; }
-	mask >>= 1; j--;
-	/* if top most bit was at word break, go to next word */
-	if (!mask) 
-		{
-		i--; j = BN_BITS2 - 1;
-		mask = BN_TBIT;
-		}
-
-	for (; i >= 0; i--)
-		{
-		for (; j >= 0; j--)
-			{
-			BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top);
-			BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top);
-			if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err;
-			if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err;
-			BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top);
-			BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top);
-			mask >>= 1;
-			}
-		j = BN_BITS2 - 1;
-		mask = BN_TBIT;
-		}
-
-	/* convert out of "projective" coordinates */
-	i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx);
-	if (i == 0) goto err;
-	else if (i == 1) 
-		{
-		if (!EC_POINT_set_to_infinity(group, r)) goto err;
-		}
-	else
-		{
-		if (!BN_one(&r->Z)) goto err;
-		r->Z_is_one = 1;
-		}
-
-	/* GF(2^m) field elements should always have BIGNUM::neg = 0 */
-	BN_set_negative(&r->X, 0);
-	BN_set_negative(&r->Y, 0);
-
-	ret = 1;
+static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group,
+                                             EC_POINT *r,
+                                             const BIGNUM *scalar,
+                                             const EC_POINT *point,
+                                             BN_CTX *ctx)
+{
+    BIGNUM *x1, *x2, *z1, *z2;
+    int ret = 0, i, j;
+    BN_ULONG mask;
+
+    if (r == point) {
+        ECerr(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY, EC_R_INVALID_ARGUMENT);
+        return 0;
+    }
+
+    /* if result should be point at infinity */
+    if ((scalar == NULL) || BN_is_zero(scalar) || (point == NULL) ||
+        EC_POINT_is_at_infinity(group, point)) {
+        return EC_POINT_set_to_infinity(group, r);
+    }
+
+    /* only support affine coordinates */
+    if (!point->Z_is_one)
+        return 0;
+
+    /*
+     * Since point_multiply is static we can guarantee that ctx != NULL.
+     */
+    BN_CTX_start(ctx);
+    x1 = BN_CTX_get(ctx);
+    z1 = BN_CTX_get(ctx);
+    if (z1 == NULL)
+        goto err;
+
+    x2 = &r->X;
+    z2 = &r->Y;
+
+    bn_wexpand(x1, group->field.top);
+    bn_wexpand(z1, group->field.top);
+    bn_wexpand(x2, group->field.top);
+    bn_wexpand(z2, group->field.top);
+
+    if (!BN_GF2m_mod_arr(x1, &point->X, group->poly))
+        goto err;               /* x1 = x */
+    if (!BN_one(z1))
+        goto err;               /* z1 = 1 */
+    if (!group->meth->field_sqr(group, z2, x1, ctx))
+        goto err;               /* z2 = x1^2 = x^2 */
+    if (!group->meth->field_sqr(group, x2, z2, ctx))
+        goto err;
+    if (!BN_GF2m_add(x2, x2, &group->b))
+        goto err;               /* x2 = x^4 + b */
+
+    /* find top most bit and go one past it */
+    i = scalar->top - 1;
+    j = BN_BITS2 - 1;
+    mask = BN_TBIT;
+    while (!(scalar->d[i] & mask)) {
+        mask >>= 1;
+        j--;
+    }
+    mask >>= 1;
+    j--;
+    /* if top most bit was at word break, go to next word */
+    if (!mask) {
+        i--;
+        j = BN_BITS2 - 1;
+        mask = BN_TBIT;
+    }
+
+    for (; i >= 0; i--) {
+        for (; j >= 0; j--) {
+            BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top);
+            BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top);
+            if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx))
+                goto err;
+            if (!gf2m_Mdouble(group, x1, z1, ctx))
+                goto err;
+            BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top);
+            BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top);
+            mask >>= 1;
+        }
+        j = BN_BITS2 - 1;
+        mask = BN_TBIT;
+    }
+
+    /* convert out of "projective" coordinates */
+    i = gf2m_Mxy(group, &point->X, &point->Y, x1, z1, x2, z2, ctx);
+    if (i == 0)
+        goto err;
+    else if (i == 1) {
+        if (!EC_POINT_set_to_infinity(group, r))
+            goto err;
+    } else {
+        if (!BN_one(&r->Z))
+            goto err;
+        r->Z_is_one = 1;
+    }
+
+    /* GF(2^m) field elements should always have BIGNUM::neg = 0 */
+    BN_set_negative(&r->X, 0);
+    BN_set_negative(&r->Y, 0);
+
+    ret = 1;
 
  err:
-	BN_CTX_end(ctx);
-	return ret;
-	}
-
+    BN_CTX_end(ctx);
+    return ret;
+}
 
-/* Computes the sum
+/*-
+ * Computes the sum
  *     scalar*group->generator + scalars[0]*points[0] + ... + scalars[num-1]*points[num-1]
  * gracefully ignoring NULL scalar values.
  */
-int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	int ret = 0;
-	size_t i;
-	EC_POINT *p=NULL;
-	EC_POINT *acc = NULL;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	/* This implementation is more efficient than the wNAF implementation for 2
-	 * or fewer points.  Use the ec_wNAF_mul implementation for 3 or more points,
-	 * or if we can perform a fast multiplication based on precomputation.
-	 */
-	if ((scalar && (num > 1)) || (num > 2) || (num == 0 && EC_GROUP_have_precompute_mult(group)))
-		{
-		ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
-		goto err;
-		}
-
-	if ((p = EC_POINT_new(group)) == NULL) goto err;
-	if ((acc = EC_POINT_new(group)) == NULL) goto err;
-
-	if (!EC_POINT_set_to_infinity(group, acc)) goto err;
-
-	if (scalar)
-		{
-		if (!ec_GF2m_montgomery_point_multiply(group, p, scalar, group->generator, ctx)) goto err;
-		if (BN_is_negative(scalar))
-			if (!group->meth->invert(group, p, ctx)) goto err;
-		if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
-		}
-
-	for (i = 0; i < num; i++)
-		{
-		if (!ec_GF2m_montgomery_point_multiply(group, p, scalars[i], points[i], ctx)) goto err;
-		if (BN_is_negative(scalars[i]))
-			if (!group->meth->invert(group, p, ctx)) goto err;
-		if (!group->meth->add(group, acc, acc, p, ctx)) goto err;
-		}
-
-	if (!EC_POINT_copy(r, acc)) goto err;
-
-	ret = 1;
-
-  err:
-	if (p) EC_POINT_free(p);
-	if (acc) EC_POINT_free(acc);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-/* Precomputation for point multiplication: fall back to wNAF methods
- * because ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate */
+int ec_GF2m_simple_mul(const EC_GROUP *group, EC_POINT *r,
+                       const BIGNUM *scalar, size_t num,
+                       const EC_POINT *points[], const BIGNUM *scalars[],
+                       BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+    size_t i;
+    EC_POINT *p = NULL;
+    EC_POINT *acc = NULL;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    /*
+     * This implementation is more efficient than the wNAF implementation for
+     * 2 or fewer points.  Use the ec_wNAF_mul implementation for 3 or more
+     * points, or if we can perform a fast multiplication based on
+     * precomputation.
+     */
+    if ((scalar && (num > 1)) || (num > 2)
+        || (num == 0 && EC_GROUP_have_precompute_mult(group))) {
+        ret = ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+        goto err;
+    }
+
+    if ((p = EC_POINT_new(group)) == NULL)
+        goto err;
+    if ((acc = EC_POINT_new(group)) == NULL)
+        goto err;
+
+    if (!EC_POINT_set_to_infinity(group, acc))
+        goto err;
+
+    if (scalar) {
+        if (!ec_GF2m_montgomery_point_multiply
+            (group, p, scalar, group->generator, ctx))
+            goto err;
+        if (BN_is_negative(scalar))
+            if (!group->meth->invert(group, p, ctx))
+                goto err;
+        if (!group->meth->add(group, acc, acc, p, ctx))
+            goto err;
+    }
+
+    for (i = 0; i < num; i++) {
+        if (!ec_GF2m_montgomery_point_multiply
+            (group, p, scalars[i], points[i], ctx))
+            goto err;
+        if (BN_is_negative(scalars[i]))
+            if (!group->meth->invert(group, p, ctx))
+                goto err;
+        if (!group->meth->add(group, acc, acc, p, ctx))
+            goto err;
+    }
+
+    if (!EC_POINT_copy(r, acc))
+        goto err;
+
+    ret = 1;
+
+ err:
+    if (p)
+        EC_POINT_free(p);
+    if (acc)
+        EC_POINT_free(acc);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Precomputation for point multiplication: fall back to wNAF methods because
+ * ec_GF2m_simple_mul() uses ec_wNAF_mul() if appropriate
+ */
 
 int ec_GF2m_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
-	{
-	return ec_wNAF_precompute_mult(group, ctx);
- 	}
+{
+    return ec_wNAF_precompute_mult(group, ctx);
+}
 
 int ec_GF2m_have_precompute_mult(const EC_GROUP *group)
-	{
-	return ec_wNAF_have_precompute_mult(group);
- 	}
+{
+    return ec_wNAF_have_precompute_mult(group);
+}
diff --git a/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c
index c06b3b66..5df41e26 100644
--- a/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c
+++ b/Cryptlib/OpenSSL/crypto/ec/ec2_smpl.c
@@ -21,7 +21,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -71,906 +71,965 @@
 
 #include "ec_lcl.h"
 
-
 const EC_METHOD *EC_GF2m_simple_method(void)
-	{
-	static const EC_METHOD ret = {
-		NID_X9_62_characteristic_two_field,
-		ec_GF2m_simple_group_init,
-		ec_GF2m_simple_group_finish,
-		ec_GF2m_simple_group_clear_finish,
-		ec_GF2m_simple_group_copy,
-		ec_GF2m_simple_group_set_curve,
-		ec_GF2m_simple_group_get_curve,
-		ec_GF2m_simple_group_get_degree,
-		ec_GF2m_simple_group_check_discriminant,
-		ec_GF2m_simple_point_init,
-		ec_GF2m_simple_point_finish,
-		ec_GF2m_simple_point_clear_finish,
-		ec_GF2m_simple_point_copy,
-		ec_GF2m_simple_point_set_to_infinity,
-		0 /* set_Jprojective_coordinates_GFp */,
-		0 /* get_Jprojective_coordinates_GFp */,
-		ec_GF2m_simple_point_set_affine_coordinates,
-		ec_GF2m_simple_point_get_affine_coordinates,
-		ec_GF2m_simple_set_compressed_coordinates,
-		ec_GF2m_simple_point2oct,
-		ec_GF2m_simple_oct2point,
-		ec_GF2m_simple_add,
-		ec_GF2m_simple_dbl,
-		ec_GF2m_simple_invert,
-		ec_GF2m_simple_is_at_infinity,
-		ec_GF2m_simple_is_on_curve,
-		ec_GF2m_simple_cmp,
-		ec_GF2m_simple_make_affine,
-		ec_GF2m_simple_points_make_affine,
-
-		/* the following three method functions are defined in ec2_mult.c */
-		ec_GF2m_simple_mul,
-		ec_GF2m_precompute_mult,
-		ec_GF2m_have_precompute_mult,
-
-		ec_GF2m_simple_field_mul,
-		ec_GF2m_simple_field_sqr,
-		ec_GF2m_simple_field_div,
-		0 /* field_encode */,
-		0 /* field_decode */,
-		0 /* field_set_to_one */ };
-
-	return &ret;
-	}
-
-
-/* Initialize a GF(2^m)-based EC_GROUP structure.
- * Note that all other members are handled by EC_GROUP_new.
+{
+    static const EC_METHOD ret = {
+        NID_X9_62_characteristic_two_field,
+        ec_GF2m_simple_group_init,
+        ec_GF2m_simple_group_finish,
+        ec_GF2m_simple_group_clear_finish,
+        ec_GF2m_simple_group_copy,
+        ec_GF2m_simple_group_set_curve,
+        ec_GF2m_simple_group_get_curve,
+        ec_GF2m_simple_group_get_degree,
+        ec_GF2m_simple_group_check_discriminant,
+        ec_GF2m_simple_point_init,
+        ec_GF2m_simple_point_finish,
+        ec_GF2m_simple_point_clear_finish,
+        ec_GF2m_simple_point_copy,
+        ec_GF2m_simple_point_set_to_infinity,
+        0 /* set_Jprojective_coordinates_GFp */ ,
+        0 /* get_Jprojective_coordinates_GFp */ ,
+        ec_GF2m_simple_point_set_affine_coordinates,
+        ec_GF2m_simple_point_get_affine_coordinates,
+        ec_GF2m_simple_set_compressed_coordinates,
+        ec_GF2m_simple_point2oct,
+        ec_GF2m_simple_oct2point,
+        ec_GF2m_simple_add,
+        ec_GF2m_simple_dbl,
+        ec_GF2m_simple_invert,
+        ec_GF2m_simple_is_at_infinity,
+        ec_GF2m_simple_is_on_curve,
+        ec_GF2m_simple_cmp,
+        ec_GF2m_simple_make_affine,
+        ec_GF2m_simple_points_make_affine,
+
+        /*
+         * the following three method functions are defined in ec2_mult.c
+         */
+        ec_GF2m_simple_mul,
+        ec_GF2m_precompute_mult,
+        ec_GF2m_have_precompute_mult,
+
+        ec_GF2m_simple_field_mul,
+        ec_GF2m_simple_field_sqr,
+        ec_GF2m_simple_field_div,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0                       /* field_set_to_one */
+    };
+
+    return &ret;
+}
+
+/*
+ * Initialize a GF(2^m)-based EC_GROUP structure. Note that all other members
+ * are handled by EC_GROUP_new.
  */
 int ec_GF2m_simple_group_init(EC_GROUP *group)
-	{
-	BN_init(&group->field);
-	BN_init(&group->a);
-	BN_init(&group->b);
-	return 1;
-	}
-
-
-/* Free a GF(2^m)-based EC_GROUP structure.
- * Note that all other members are handled by EC_GROUP_free.
+{
+    BN_init(&group->field);
+    BN_init(&group->a);
+    BN_init(&group->b);
+    return 1;
+}
+
+/*
+ * Free a GF(2^m)-based EC_GROUP structure. Note that all other members are
+ * handled by EC_GROUP_free.
  */
 void ec_GF2m_simple_group_finish(EC_GROUP *group)
-	{
-	BN_free(&group->field);
-	BN_free(&group->a);
-	BN_free(&group->b);
-	}
-
-
-/* Clear and free a GF(2^m)-based EC_GROUP structure.
- * Note that all other members are handled by EC_GROUP_clear_free.
+{
+    BN_free(&group->field);
+    BN_free(&group->a);
+    BN_free(&group->b);
+}
+
+/*
+ * Clear and free a GF(2^m)-based EC_GROUP structure. Note that all other
+ * members are handled by EC_GROUP_clear_free.
  */
 void ec_GF2m_simple_group_clear_finish(EC_GROUP *group)
-	{
-	BN_clear_free(&group->field);
-	BN_clear_free(&group->a);
-	BN_clear_free(&group->b);
-	group->poly[0] = 0;
-	group->poly[1] = 0;
-	group->poly[2] = 0;
-	group->poly[3] = 0;
-	group->poly[4] = 0;
-	}
-
-
-/* Copy a GF(2^m)-based EC_GROUP structure.
- * Note that all other members are handled by EC_GROUP_copy.
+{
+    BN_clear_free(&group->field);
+    BN_clear_free(&group->a);
+    BN_clear_free(&group->b);
+    group->poly[0] = 0;
+    group->poly[1] = 0;
+    group->poly[2] = 0;
+    group->poly[3] = 0;
+    group->poly[4] = 0;
+}
+
+/*
+ * Copy a GF(2^m)-based EC_GROUP structure. Note that all other members are
+ * handled by EC_GROUP_copy.
  */
 int ec_GF2m_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-	{
-	int i;
-	if (!BN_copy(&dest->field, &src->field)) return 0;
-	if (!BN_copy(&dest->a, &src->a)) return 0;
-	if (!BN_copy(&dest->b, &src->b)) return 0;
-	dest->poly[0] = src->poly[0];
-	dest->poly[1] = src->poly[1];
-	dest->poly[2] = src->poly[2];
-	dest->poly[3] = src->poly[3];
-	dest->poly[4] = src->poly[4];
-	if(bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL)
-		return 0;
-	if(bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL)
-		return 0;
-	for (i = dest->a.top; i < dest->a.dmax; i++) dest->a.d[i] = 0;
-	for (i = dest->b.top; i < dest->b.dmax; i++) dest->b.d[i] = 0;
-	return 1;
-	}
-
+{
+    int i;
+    if (!BN_copy(&dest->field, &src->field))
+        return 0;
+    if (!BN_copy(&dest->a, &src->a))
+        return 0;
+    if (!BN_copy(&dest->b, &src->b))
+        return 0;
+    dest->poly[0] = src->poly[0];
+    dest->poly[1] = src->poly[1];
+    dest->poly[2] = src->poly[2];
+    dest->poly[3] = src->poly[3];
+    dest->poly[4] = src->poly[4];
+    if (bn_wexpand(&dest->a, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+        == NULL)
+        return 0;
+    if (bn_wexpand(&dest->b, (int)(dest->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+        == NULL)
+        return 0;
+    for (i = dest->a.top; i < dest->a.dmax; i++)
+        dest->a.d[i] = 0;
+    for (i = dest->b.top; i < dest->b.dmax; i++)
+        dest->b.d[i] = 0;
+    return 1;
+}
 
 /* Set the curve parameters of an EC_GROUP structure. */
 int ec_GF2m_simple_group_set_curve(EC_GROUP *group,
-	const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	int ret = 0, i;
-
-	/* group->field */
-	if (!BN_copy(&group->field, p)) goto err;
-	i = BN_GF2m_poly2arr(&group->field, group->poly, 5);
-	if ((i != 5) && (i != 3))
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
-		goto err;
-		}
-
-	/* group->a */
-	if (!BN_GF2m_mod_arr(&group->a, a, group->poly)) goto err;
-	if(bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err;
-	for (i = group->a.top; i < group->a.dmax; i++) group->a.d[i] = 0;
-	
-	/* group->b */
-	if (!BN_GF2m_mod_arr(&group->b, b, group->poly)) goto err;
-	if(bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2) == NULL) goto err;
-	for (i = group->b.top; i < group->b.dmax; i++) group->b.d[i] = 0;
-		
-	ret = 1;
-  err:
-	return ret;
-	}
-
-
-/* Get the curve parameters of an EC_GROUP structure.
- * If p, a, or b are NULL then there values will not be set but the method will return with success.
+                                   const BIGNUM *p, const BIGNUM *a,
+                                   const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0, i;
+
+    /* group->field */
+    if (!BN_copy(&group->field, p))
+        goto err;
+    i = BN_GF2m_poly2arr(&group->field, group->poly, 5);
+    if ((i != 5) && (i != 3)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE, EC_R_UNSUPPORTED_FIELD);
+        goto err;
+    }
+
+    /* group->a */
+    if (!BN_GF2m_mod_arr(&group->a, a, group->poly))
+        goto err;
+    if (bn_wexpand(&group->a, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+        == NULL)
+        goto err;
+    for (i = group->a.top; i < group->a.dmax; i++)
+        group->a.d[i] = 0;
+
+    /* group->b */
+    if (!BN_GF2m_mod_arr(&group->b, b, group->poly))
+        goto err;
+    if (bn_wexpand(&group->b, (int)(group->poly[0] + BN_BITS2 - 1) / BN_BITS2)
+        == NULL)
+        goto err;
+    for (i = group->b.top; i < group->b.dmax; i++)
+        group->b.d[i] = 0;
+
+    ret = 1;
+ err:
+    return ret;
+}
+
+/*
+ * Get the curve parameters of an EC_GROUP structure. If p, a, or b are NULL
+ * then there values will not be set but the method will return with success.
  */
-int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
-	{
-	int ret = 0;
-	
-	if (p != NULL)
-		{
-		if (!BN_copy(p, &group->field)) return 0;
-		}
-
-	if (a != NULL)
-		{
-		if (!BN_copy(a, &group->a)) goto err;
-		}
-
-	if (b != NULL)
-		{
-		if (!BN_copy(b, &group->b)) goto err;
-		}
-	
-	ret = 1;
-	
-  err:
-	return ret;
-	}
-
-
-/* Gets the degree of the field.  For a curve over GF(2^m) this is the value m. */
-int ec_GF2m_simple_group_get_degree(const EC_GROUP *group)
-	{
-	return BN_num_bits(&group->field)-1;
-	}
+int ec_GF2m_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p,
+                                   BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if (p != NULL) {
+        if (!BN_copy(p, &group->field))
+            return 0;
+    }
+
+    if (a != NULL) {
+        if (!BN_copy(a, &group->a))
+            goto err;
+    }
+
+    if (b != NULL) {
+        if (!BN_copy(b, &group->b))
+            goto err;
+    }
+
+    ret = 1;
 
+ err:
+    return ret;
+}
 
-/* Checks the discriminant of the curve.
- * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p) 
+/*
+ * Gets the degree of the field.  For a curve over GF(2^m) this is the value
+ * m.
  */
-int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BIGNUM *b;
-	BN_CTX *new_ctx = NULL;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			{
-			ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	BN_CTX_start(ctx);
-	b = BN_CTX_get(ctx);
-	if (b == NULL) goto err;
-
-	if (!BN_GF2m_mod_arr(b, &group->b, group->poly)) goto err;
-	
-	/* check the discriminant:
-	 * y^2 + x*y = x^3 + a*x^2 + b is an elliptic curve <=> b != 0 (mod p) 
-	 */
-	if (BN_is_zero(b)) goto err;
-
-	ret = 1;
-
-err:
-	if (ctx != NULL)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
+int ec_GF2m_simple_group_get_degree(const EC_GROUP *group)
+{
+    return BN_num_bits(&group->field) - 1;
+}
 
+/*
+ * Checks the discriminant of the curve. y^2 + x*y = x^3 + a*x^2 + b is an
+ * elliptic curve <=> b != 0 (mod p)
+ */
+int ec_GF2m_simple_group_check_discriminant(const EC_GROUP *group,
+                                            BN_CTX *ctx)
+{
+    int ret = 0;
+    BIGNUM *b;
+    BN_CTX *new_ctx = NULL;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT,
+                  ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    BN_CTX_start(ctx);
+    b = BN_CTX_get(ctx);
+    if (b == NULL)
+        goto err;
+
+    if (!BN_GF2m_mod_arr(b, &group->b, group->poly))
+        goto err;
+
+    /*
+     * check the discriminant: y^2 + x*y = x^3 + a*x^2 + b is an elliptic
+     * curve <=> b != 0 (mod p)
+     */
+    if (BN_is_zero(b))
+        goto err;
+
+    ret = 1;
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
 
 /* Initializes an EC_POINT. */
 int ec_GF2m_simple_point_init(EC_POINT *point)
-	{
-	BN_init(&point->X);
-	BN_init(&point->Y);
-	BN_init(&point->Z);
-	return 1;
-	}
-
+{
+    BN_init(&point->X);
+    BN_init(&point->Y);
+    BN_init(&point->Z);
+    return 1;
+}
 
 /* Frees an EC_POINT. */
 void ec_GF2m_simple_point_finish(EC_POINT *point)
-	{
-	BN_free(&point->X);
-	BN_free(&point->Y);
-	BN_free(&point->Z);
-	}
-
+{
+    BN_free(&point->X);
+    BN_free(&point->Y);
+    BN_free(&point->Z);
+}
 
 /* Clears and frees an EC_POINT. */
 void ec_GF2m_simple_point_clear_finish(EC_POINT *point)
-	{
-	BN_clear_free(&point->X);
-	BN_clear_free(&point->Y);
-	BN_clear_free(&point->Z);
-	point->Z_is_one = 0;
-	}
-
-
-/* Copy the contents of one EC_POINT into another.  Assumes dest is initialized. */
+{
+    BN_clear_free(&point->X);
+    BN_clear_free(&point->Y);
+    BN_clear_free(&point->Z);
+    point->Z_is_one = 0;
+}
+
+/*
+ * Copy the contents of one EC_POINT into another.  Assumes dest is
+ * initialized.
+ */
 int ec_GF2m_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
-	{
-	if (!BN_copy(&dest->X, &src->X)) return 0;
-	if (!BN_copy(&dest->Y, &src->Y)) return 0;
-	if (!BN_copy(&dest->Z, &src->Z)) return 0;
-	dest->Z_is_one = src->Z_is_one;
-
-	return 1;
-	}
-
-
-/* Set an EC_POINT to the point at infinity.  
- * A point at infinity is represented by having Z=0.
+{
+    if (!BN_copy(&dest->X, &src->X))
+        return 0;
+    if (!BN_copy(&dest->Y, &src->Y))
+        return 0;
+    if (!BN_copy(&dest->Z, &src->Z))
+        return 0;
+    dest->Z_is_one = src->Z_is_one;
+
+    return 1;
+}
+
+/*
+ * Set an EC_POINT to the point at infinity. A point at infinity is
+ * represented by having Z=0.
  */
-int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
-	{
-	point->Z_is_one = 0;
-	BN_zero(&point->Z);
-	return 1;
-	}
+int ec_GF2m_simple_point_set_to_infinity(const EC_GROUP *group,
+                                         EC_POINT *point)
+{
+    point->Z_is_one = 0;
+    BN_zero(&point->Z);
+    return 1;
+}
+
+/*
+ * Set the coordinates of an EC_POINT using affine coordinates. Note that
+ * the simple implementation only uses affine coordinates.
+ */
+int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group,
+                                                EC_POINT *point,
+                                                const BIGNUM *x,
+                                                const BIGNUM *y, BN_CTX *ctx)
+{
+    int ret = 0;
+    if (x == NULL || y == NULL) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES,
+              ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (!BN_copy(&point->X, x))
+        goto err;
+    BN_set_negative(&point->X, 0);
+    if (!BN_copy(&point->Y, y))
+        goto err;
+    BN_set_negative(&point->Y, 0);
+    if (!BN_copy(&point->Z, BN_value_one()))
+        goto err;
+    BN_set_negative(&point->Z, 0);
+    point->Z_is_one = 1;
+    ret = 1;
 
+ err:
+    return ret;
+}
 
-/* Set the coordinates of an EC_POINT using affine coordinates. 
- * Note that the simple implementation only uses affine coordinates.
+/*
+ * Gets the affine coordinates of an EC_POINT. Note that the simple
+ * implementation only uses affine coordinates.
  */
-int ec_GF2m_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
-	{
-	int ret = 0;	
-	if (x == NULL || y == NULL)
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-
-	if (!BN_copy(&point->X, x)) goto err;
-	BN_set_negative(&point->X, 0);
-	if (!BN_copy(&point->Y, y)) goto err;
-	BN_set_negative(&point->Y, 0);
-	if (!BN_copy(&point->Z, BN_value_one())) goto err;
-	BN_set_negative(&point->Z, 0);
-	point->Z_is_one = 1;
-	ret = 1;
-
-  err:
-	return ret;
-	}
-
-
-/* Gets the affine coordinates of an EC_POINT. 
- * Note that the simple implementation only uses affine coordinates.
- */
-int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
-	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
-	{
-	int ret = 0;
-
-	if (EC_POINT_is_at_infinity(group, point))
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
-		return 0;
-		}
-
-	if (BN_cmp(&point->Z, BN_value_one())) 
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (x != NULL)
-		{
-		if (!BN_copy(x, &point->X)) goto err;
-		BN_set_negative(x, 0);
-		}
-	if (y != NULL)
-		{
-		if (!BN_copy(y, &point->Y)) goto err;
-		BN_set_negative(y, 0);
-		}
-	ret = 1;
-		
- err:
-	return ret;
-	}
+int ec_GF2m_simple_point_get_affine_coordinates(const EC_GROUP *group,
+                                                const EC_POINT *point,
+                                                BIGNUM *x, BIGNUM *y,
+                                                BN_CTX *ctx)
+{
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+
+    if (BN_cmp(&point->Z, BN_value_one())) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (x != NULL) {
+        if (!BN_copy(x, &point->X))
+            goto err;
+        BN_set_negative(x, 0);
+    }
+    if (y != NULL) {
+        if (!BN_copy(y, &point->Y))
+            goto err;
+        BN_set_negative(y, 0);
+    }
+    ret = 1;
 
+ err:
+    return ret;
+}
 
 /* Include patented algorithms. */
 #include "ec2_smpt.c"
 
-
-/* Converts an EC_POINT to an octet string.  
- * If buf is NULL, the encoded length will be returned.
- * If the length len of buf is smaller than required an error will be returned.
- *
- * The point compression section of this function is patented by Certicom Corp. 
- * under US Patent 6,141,420.  Point compression is disabled by default and can 
- * be enabled by defining the preprocessor macro OPENSSL_EC_BIN_PT_COMP at 
- * Configure-time.
+/*
+ * Converts an EC_POINT to an octet string. If buf is NULL, the encoded
+ * length will be returned. If the length len of buf is smaller than required
+ * an error will be returned. The point compression section of this function
+ * is patented by Certicom Corp. under US Patent 6,141,420.  Point
+ * compression is disabled by default and can be enabled by defining the
+ * preprocessor macro OPENSSL_EC_BIN_PT_COMP at Configure-time.
  */
-size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
-	unsigned char *buf, size_t len, BN_CTX *ctx)
-	{
-	size_t ret;
-	BN_CTX *new_ctx = NULL;
-	int used_ctx = 0;
-	BIGNUM *x, *y, *yxi;
-	size_t field_len, i, skip;
+size_t ec_GF2m_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
+                                point_conversion_form_t form,
+                                unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    size_t ret;
+    BN_CTX *new_ctx = NULL;
+    int used_ctx = 0;
+    BIGNUM *x, *y, *yxi;
+    size_t field_len, i, skip;
 
 #ifndef OPENSSL_EC_BIN_PT_COMP
-	if ((form == POINT_CONVERSION_COMPRESSED) || (form == POINT_CONVERSION_HYBRID)) 
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_DISABLED);
-		goto err;
-		}
+    if ((form == POINT_CONVERSION_COMPRESSED)
+        || (form == POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_DISABLED);
+        goto err;
+    }
 #endif
 
-	if ((form != POINT_CONVERSION_COMPRESSED)
-		&& (form != POINT_CONVERSION_UNCOMPRESSED)
-		&& (form != POINT_CONVERSION_HYBRID))
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
-		goto err;
-		}
-
-	if (EC_POINT_is_at_infinity(group, point))
-		{
-		/* encodes to a single 0 octet */
-		if (buf != NULL)
-			{
-			if (len < 1)
-				{
-				ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
-				return 0;
-				}
-			buf[0] = 0;
-			}
-		return 1;
-		}
-
-
-	/* ret := required output buffer length */
-	field_len = (EC_GROUP_get_degree(group) + 7) / 8;
-	ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
-	/* if 'buf' is NULL, just return required length */
-	if (buf != NULL)
-		{
-		if (len < ret)
-			{
-			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
-			goto err;
-			}
-
-		if (ctx == NULL)
-			{
-			ctx = new_ctx = BN_CTX_new();
-			if (ctx == NULL)
-				return 0;
-			}
-
-		BN_CTX_start(ctx);
-		used_ctx = 1;
-		x = BN_CTX_get(ctx);
-		y = BN_CTX_get(ctx);
-		yxi = BN_CTX_get(ctx);
-		if (yxi == NULL) goto err;
-
-		if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
-
-		buf[0] = form;
+    if ((form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+        goto err;
+    }
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        /* encodes to a single 0 octet */
+        if (buf != NULL) {
+            if (len < 1) {
+                ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                return 0;
+            }
+            buf[0] = 0;
+        }
+        return 1;
+    }
+
+    /* ret := required output buffer length */
+    field_len = (EC_GROUP_get_degree(group) + 7) / 8;
+    ret =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    /* if 'buf' is NULL, just return required length */
+    if (buf != NULL) {
+        if (len < ret) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+            goto err;
+        }
+
+        if (ctx == NULL) {
+            ctx = new_ctx = BN_CTX_new();
+            if (ctx == NULL)
+                return 0;
+        }
+
+        BN_CTX_start(ctx);
+        used_ctx = 1;
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        yxi = BN_CTX_get(ctx);
+        if (yxi == NULL)
+            goto err;
+
+        if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
+            goto err;
+
+        buf[0] = form;
 #ifdef OPENSSL_EC_BIN_PT_COMP
-		if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x))
-			{
-			if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err;
-			if (BN_is_odd(yxi)) buf[0]++;
-			}
+        if ((form != POINT_CONVERSION_UNCOMPRESSED) && !BN_is_zero(x)) {
+            if (!group->meth->field_div(group, yxi, y, x, ctx))
+                goto err;
+            if (BN_is_odd(yxi))
+                buf[0]++;
+        }
 #endif
 
-		i = 1;
-		
-		skip = field_len - BN_num_bytes(x);
-		if (skip > field_len)
-			{
-			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		while (skip > 0)
-			{
-			buf[i++] = 0;
-			skip--;
-			}
-		skip = BN_bn2bin(x, buf + i);
-		i += skip;
-		if (i != 1 + field_len)
-			{
-			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-
-		if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)
-			{
-			skip = field_len - BN_num_bytes(y);
-			if (skip > field_len)
-				{
-				ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			while (skip > 0)
-				{
-				buf[i++] = 0;
-				skip--;
-				}
-			skip = BN_bn2bin(y, buf + i);
-			i += skip;
-			}
-
-		if (i != ret)
-			{
-			ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		}
-	
-	if (used_ctx)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
+        i = 1;
+
+        skip = field_len - BN_num_bytes(x);
+        if (skip > field_len) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        while (skip > 0) {
+            buf[i++] = 0;
+            skip--;
+        }
+        skip = BN_bn2bin(x, buf + i);
+        i += skip;
+        if (i != 1 + field_len) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (form == POINT_CONVERSION_UNCOMPRESSED
+            || form == POINT_CONVERSION_HYBRID) {
+            skip = field_len - BN_num_bytes(y);
+            if (skip > field_len) {
+                ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            while (skip > 0) {
+                buf[i++] = 0;
+                skip--;
+            }
+            skip = BN_bn2bin(y, buf + i);
+            i += skip;
+        }
+
+        if (i != ret) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
 
  err:
-	if (used_ctx)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return 0;
-	}
-
-
-/* Converts an octet string representation to an EC_POINT. 
- * Note that the simple implementation only uses affine coordinates.
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return 0;
+}
+
+/*
+ * Converts an octet string representation to an EC_POINT. Note that the
+ * simple implementation only uses affine coordinates.
  */
 int ec_GF2m_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
-	const unsigned char *buf, size_t len, BN_CTX *ctx)
-	{
-	point_conversion_form_t form;
-	int y_bit;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *x, *y, *yxi;
-	size_t field_len, enc_len;
-	int ret = 0;
-
-	if (len == 0)
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
-		return 0;
-		}
-	form = buf[0];
-	y_bit = form & 1;
-	form = form & ~1U;
-	if ((form != 0)	&& (form != POINT_CONVERSION_COMPRESSED)
-		&& (form != POINT_CONVERSION_UNCOMPRESSED)
-		&& (form != POINT_CONVERSION_HYBRID))
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		return 0;
-		}
-	if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		return 0;
-		}
-
-	if (form == 0)
-		{
-		if (len != 1)
-			{
-			ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-			return 0;
-			}
-
-		return EC_POINT_set_to_infinity(group, point);
-		}
-	
-	field_len = (EC_GROUP_get_degree(group) + 7) / 8;
-	enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
-	if (len != enc_len)
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		return 0;
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	yxi = BN_CTX_get(ctx);
-	if (yxi == NULL) goto err;
-
-	if (!BN_bin2bn(buf + 1, field_len, x)) goto err;
-	if (BN_ucmp(x, &group->field) >= 0)
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		goto err;
-		}
-
-	if (form == POINT_CONVERSION_COMPRESSED)
-		{
-		if (!EC_POINT_set_compressed_coordinates_GF2m(group, point, x, y_bit, ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;
-		if (BN_ucmp(y, &group->field) >= 0)
-			{
-			ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-			goto err;
-			}
-		if (form == POINT_CONVERSION_HYBRID)
-			{
-			if (!group->meth->field_div(group, yxi, y, x, ctx)) goto err;
-			if (y_bit != BN_is_odd(yxi))
-				{
-				ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-				goto err;
-				}
-			}
-
-		if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
-		}
-	
-	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
-		{
-		ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
-		goto err;
-		}
-
-	ret = 1;
-	
- err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
+                             const unsigned char *buf, size_t len,
+                             BN_CTX *ctx)
+{
+    point_conversion_form_t form;
+    int y_bit;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y, *yxi;
+    size_t field_len, enc_len;
+    int ret = 0;
+
+    if (len == 0) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+    form = buf[0];
+    y_bit = form & 1;
+    form = form & ~1U;
+    if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+    if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (form == 0) {
+        if (len != 1) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            return 0;
+        }
+
+        return EC_POINT_set_to_infinity(group, point);
+    }
+
+    field_len = (EC_GROUP_get_degree(group) + 7) / 8;
+    enc_len =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    if (len != enc_len) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    yxi = BN_CTX_get(ctx);
+    if (yxi == NULL)
+        goto err;
+
+    if (!BN_bin2bn(buf + 1, field_len, x))
+        goto err;
+    if (BN_ucmp(x, &group->field) >= 0) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        goto err;
+    }
+
+    if (form == POINT_CONVERSION_COMPRESSED) {
+        if (!EC_POINT_set_compressed_coordinates_GF2m
+            (group, point, x, y_bit, ctx))
+            goto err;
+    } else {
+        if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
+            goto err;
+        if (BN_ucmp(y, &group->field) >= 0) {
+            ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            goto err;
+        }
+        if (form == POINT_CONVERSION_HYBRID) {
+            if (!group->meth->field_div(group, yxi, y, x, ctx))
+                goto err;
+            if (y_bit != BN_is_odd(yxi)) {
+                ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                goto err;
+            }
+        }
+
+        if (!EC_POINT_set_affine_coordinates_GF2m(group, point, x, y, ctx))
+            goto err;
+    }
+
+    /* test required by X9.62 */
+    if (!EC_POINT_is_on_curve(group, point, ctx)) {
+        ECerr(EC_F_EC_GF2M_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+        goto err;
+    }
+
+    ret = 1;
 
-
-/* Computes a + b and stores the result in r.  r could be a or b, a could be b.
- * Uses algorithm A.10.2 of IEEE P1363.
+ err:
+    BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Computes a + b and stores the result in r.  r could be a or b, a could be
+ * b. Uses algorithm A.10.2 of IEEE P1363.
  */
-int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;
-	int ret = 0;
-	
-	if (EC_POINT_is_at_infinity(group, a))
-		{
-		if (!EC_POINT_copy(r, b)) return 0;
-		return 1;
-		}
-
-	if (EC_POINT_is_at_infinity(group, b))
-		{
-		if (!EC_POINT_copy(r, a)) return 0;
-		return 1;
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	x0 = BN_CTX_get(ctx);
-	y0 = BN_CTX_get(ctx);
-	x1 = BN_CTX_get(ctx);
-	y1 = BN_CTX_get(ctx);
-	x2 = BN_CTX_get(ctx);
-	y2 = BN_CTX_get(ctx);
-	s = BN_CTX_get(ctx);
-	t = BN_CTX_get(ctx);
-	if (t == NULL) goto err;
-
-	if (a->Z_is_one) 
-		{
-		if (!BN_copy(x0, &a->X)) goto err;
-		if (!BN_copy(y0, &a->Y)) goto err;
-		}
-	else
-		{
-		if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx)) goto err;
-		}
-	if (b->Z_is_one) 
-		{
-		if (!BN_copy(x1, &b->X)) goto err;
-		if (!BN_copy(y1, &b->Y)) goto err;
-		}
-	else
-		{
-		if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx)) goto err;
-		}
-
-
-	if (BN_GF2m_cmp(x0, x1))
-		{
-		if (!BN_GF2m_add(t, x0, x1)) goto err;
-		if (!BN_GF2m_add(s, y0, y1)) goto err;
-		if (!group->meth->field_div(group, s, s, t, ctx)) goto err;
-		if (!group->meth->field_sqr(group, x2, s, ctx)) goto err;
-		if (!BN_GF2m_add(x2, x2, &group->a)) goto err;
-		if (!BN_GF2m_add(x2, x2, s)) goto err;
-		if (!BN_GF2m_add(x2, x2, t)) goto err;
-		}
-	else
-		{
-		if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1))
-			{
-			if (!EC_POINT_set_to_infinity(group, r)) goto err;
-			ret = 1;
-			goto err;
-			}
-		if (!group->meth->field_div(group, s, y1, x1, ctx)) goto err;
-		if (!BN_GF2m_add(s, s, x1)) goto err;
-		
-		if (!group->meth->field_sqr(group, x2, s, ctx)) goto err;
-		if (!BN_GF2m_add(x2, x2, s)) goto err;
-		if (!BN_GF2m_add(x2, x2, &group->a)) goto err;
-		}
-
-	if (!BN_GF2m_add(y2, x1, x2)) goto err;
-	if (!group->meth->field_mul(group, y2, y2, s, ctx)) goto err;
-	if (!BN_GF2m_add(y2, y2, x2)) goto err;
-	if (!BN_GF2m_add(y2, y2, y1)) goto err;
-
-	if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx)) goto err;
-
-	ret = 1;
+int ec_GF2m_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                       const EC_POINT *b, BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x0, *y0, *x1, *y1, *x2, *y2, *s, *t;
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        if (!EC_POINT_copy(r, b))
+            return 0;
+        return 1;
+    }
+
+    if (EC_POINT_is_at_infinity(group, b)) {
+        if (!EC_POINT_copy(r, a))
+            return 0;
+        return 1;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x0 = BN_CTX_get(ctx);
+    y0 = BN_CTX_get(ctx);
+    x1 = BN_CTX_get(ctx);
+    y1 = BN_CTX_get(ctx);
+    x2 = BN_CTX_get(ctx);
+    y2 = BN_CTX_get(ctx);
+    s = BN_CTX_get(ctx);
+    t = BN_CTX_get(ctx);
+    if (t == NULL)
+        goto err;
+
+    if (a->Z_is_one) {
+        if (!BN_copy(x0, &a->X))
+            goto err;
+        if (!BN_copy(y0, &a->Y))
+            goto err;
+    } else {
+        if (!EC_POINT_get_affine_coordinates_GF2m(group, a, x0, y0, ctx))
+            goto err;
+    }
+    if (b->Z_is_one) {
+        if (!BN_copy(x1, &b->X))
+            goto err;
+        if (!BN_copy(y1, &b->Y))
+            goto err;
+    } else {
+        if (!EC_POINT_get_affine_coordinates_GF2m(group, b, x1, y1, ctx))
+            goto err;
+    }
+
+    if (BN_GF2m_cmp(x0, x1)) {
+        if (!BN_GF2m_add(t, x0, x1))
+            goto err;
+        if (!BN_GF2m_add(s, y0, y1))
+            goto err;
+        if (!group->meth->field_div(group, s, s, t, ctx))
+            goto err;
+        if (!group->meth->field_sqr(group, x2, s, ctx))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, &group->a))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, s))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, t))
+            goto err;
+    } else {
+        if (BN_GF2m_cmp(y0, y1) || BN_is_zero(x1)) {
+            if (!EC_POINT_set_to_infinity(group, r))
+                goto err;
+            ret = 1;
+            goto err;
+        }
+        if (!group->meth->field_div(group, s, y1, x1, ctx))
+            goto err;
+        if (!BN_GF2m_add(s, s, x1))
+            goto err;
+
+        if (!group->meth->field_sqr(group, x2, s, ctx))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, s))
+            goto err;
+        if (!BN_GF2m_add(x2, x2, &group->a))
+            goto err;
+    }
+
+    if (!BN_GF2m_add(y2, x1, x2))
+        goto err;
+    if (!group->meth->field_mul(group, y2, y2, s, ctx))
+        goto err;
+    if (!BN_GF2m_add(y2, y2, x2))
+        goto err;
+    if (!BN_GF2m_add(y2, y2, y1))
+        goto err;
+
+    if (!EC_POINT_set_affine_coordinates_GF2m(group, r, x2, y2, ctx))
+        goto err;
+
+    ret = 1;
 
  err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-/* Computes 2 * a and stores the result in r.  r could be a.
- * Uses algorithm A.10.2 of IEEE P1363.
+    BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Computes 2 * a and stores the result in r.  r could be a. Uses algorithm
+ * A.10.2 of IEEE P1363.
  */
-int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
-	{
-	return ec_GF2m_simple_add(group, r, a, a, ctx);
-	}
-
+int ec_GF2m_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                       BN_CTX *ctx)
+{
+    return ec_GF2m_simple_add(group, r, a, a, ctx);
+}
 
 int ec_GF2m_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
-	{
-	if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
-		/* point is its own inverse */
-		return 1;
-	
-	if (!EC_POINT_make_affine(group, point, ctx)) return 0;
-	return BN_GF2m_add(&point->Y, &point->X, &point->Y);
-	}
+{
+    if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
+        /* point is its own inverse */
+        return 1;
 
+    if (!EC_POINT_make_affine(group, point, ctx))
+        return 0;
+    return BN_GF2m_add(&point->Y, &point->X, &point->Y);
+}
 
 /* Indicates whether the given point is the point at infinity. */
-int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
-	{
-	return BN_is_zero(&point->Z);
-	}
-
-
-/* Determines whether the given EC_POINT is an actual point on the curve defined
+int ec_GF2m_simple_is_at_infinity(const EC_GROUP *group,
+                                  const EC_POINT *point)
+{
+    return BN_is_zero(&point->Z);
+}
+
+/*-
+ * Determines whether the given EC_POINT is an actual point on the curve defined
  * in the EC_GROUP.  A point is valid if it satisfies the Weierstrass equation:
  *      y^2 + x*y = x^3 + a*x^2 + b.
  */
-int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
-	{
-	int ret = -1;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *lh, *y2;
-	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-
-	if (EC_POINT_is_at_infinity(group, point))
-		return 1;
-
-	field_mul = group->meth->field_mul;
-	field_sqr = group->meth->field_sqr;	
-
-	/* only support affine coordinates */
-	if (!point->Z_is_one) return -1;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return -1;
-		}
-
-	BN_CTX_start(ctx);
-	y2 = BN_CTX_get(ctx);
-	lh = BN_CTX_get(ctx);
-	if (lh == NULL) goto err;
-
-	/* We have a curve defined by a Weierstrass equation
-	 *      y^2 + x*y = x^3 + a*x^2 + b.
-	 *  <=> x^3 + a*x^2 + x*y + b + y^2 = 0
-	 *  <=> ((x + a) * x + y ) * x + b + y^2 = 0
-	 */
-	if (!BN_GF2m_add(lh, &point->X, &group->a)) goto err;
-	if (!field_mul(group, lh, lh, &point->X, ctx)) goto err;
-	if (!BN_GF2m_add(lh, lh, &point->Y)) goto err;
-	if (!field_mul(group, lh, lh, &point->X, ctx)) goto err;
-	if (!BN_GF2m_add(lh, lh, &group->b)) goto err;
-	if (!field_sqr(group, y2, &point->Y, ctx)) goto err;
-	if (!BN_GF2m_add(lh, lh, y2)) goto err;
-	ret = BN_is_zero(lh);
+int ec_GF2m_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                               BN_CTX *ctx)
+{
+    int ret = -1;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *lh, *y2;
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+
+    if (EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+
+    /* only support affine coordinates */
+    if (!point->Z_is_one)
+        return -1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    y2 = BN_CTX_get(ctx);
+    lh = BN_CTX_get(ctx);
+    if (lh == NULL)
+        goto err;
+
+    /*-
+     * We have a curve defined by a Weierstrass equation
+     *      y^2 + x*y = x^3 + a*x^2 + b.
+     *  <=> x^3 + a*x^2 + x*y + b + y^2 = 0
+     *  <=> ((x + a) * x + y ) * x + b + y^2 = 0
+     */
+    if (!BN_GF2m_add(lh, &point->X, &group->a))
+        goto err;
+    if (!field_mul(group, lh, lh, &point->X, ctx))
+        goto err;
+    if (!BN_GF2m_add(lh, lh, &point->Y))
+        goto err;
+    if (!field_mul(group, lh, lh, &point->X, ctx))
+        goto err;
+    if (!BN_GF2m_add(lh, lh, &group->b))
+        goto err;
+    if (!field_sqr(group, y2, &point->Y, ctx))
+        goto err;
+    if (!BN_GF2m_add(lh, lh, y2))
+        goto err;
+    ret = BN_is_zero(lh);
  err:
-	if (ctx) BN_CTX_end(ctx);
-	if (new_ctx) BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-/* Indicates whether two points are equal.
+    if (ctx)
+        BN_CTX_end(ctx);
+    if (new_ctx)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*-
+ * Indicates whether two points are equal.
  * Return values:
  *  -1   error
  *   0   equal (in affine coordinates)
  *   1   not equal
  */
-int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-	{
-	BIGNUM *aX, *aY, *bX, *bY;
-	BN_CTX *new_ctx = NULL;
-	int ret = -1;
-
-	if (EC_POINT_is_at_infinity(group, a))
-		{
-		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
-		}
-
-	if (EC_POINT_is_at_infinity(group, b))
-		return 1;
-	
-	if (a->Z_is_one && b->Z_is_one)
-		{
-		return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return -1;
-		}
-
-	BN_CTX_start(ctx);
-	aX = BN_CTX_get(ctx);
-	aY = BN_CTX_get(ctx);
-	bX = BN_CTX_get(ctx);
-	bY = BN_CTX_get(ctx);
-	if (bY == NULL) goto err;
-
-	if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx)) goto err;
-	if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx)) goto err;
-	ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;
-
-  err:	
-	if (ctx) BN_CTX_end(ctx);
-	if (new_ctx) BN_CTX_free(new_ctx);
-	return ret;
-	}
+int ec_GF2m_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
+                       const EC_POINT *b, BN_CTX *ctx)
+{
+    BIGNUM *aX, *aY, *bX, *bY;
+    BN_CTX *new_ctx = NULL;
+    int ret = -1;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+    }
+
+    if (EC_POINT_is_at_infinity(group, b))
+        return 1;
+
+    if (a->Z_is_one && b->Z_is_one) {
+        return ((BN_cmp(&a->X, &b->X) == 0)
+                && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    aX = BN_CTX_get(ctx);
+    aY = BN_CTX_get(ctx);
+    bX = BN_CTX_get(ctx);
+    bY = BN_CTX_get(ctx);
+    if (bY == NULL)
+        goto err;
+
+    if (!EC_POINT_get_affine_coordinates_GF2m(group, a, aX, aY, ctx))
+        goto err;
+    if (!EC_POINT_get_affine_coordinates_GF2m(group, b, bX, bY, ctx))
+        goto err;
+    ret = ((BN_cmp(aX, bX) == 0) && BN_cmp(aY, bY) == 0) ? 0 : 1;
 
+ err:
+    if (ctx)
+        BN_CTX_end(ctx);
+    if (new_ctx)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
 
 /* Forces the given EC_POINT to internally use affine coordinates. */
-int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *x, *y;
-	int ret = 0;
-
-	if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
-		return 1;
-	
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	if (y == NULL) goto err;
-	
-	if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx)) goto err;
-	if (!BN_copy(&point->X, x)) goto err;
-	if (!BN_copy(&point->Y, y)) goto err;
-	if (!BN_one(&point->Z)) goto err;
-	
-	ret = 1;		
-
-  err:
-	if (ctx) BN_CTX_end(ctx);
-	if (new_ctx) BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-/* Forces each of the EC_POINTs in the given array to use affine coordinates. */
-int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
-	{
-	size_t i;
-
-	for (i = 0; i < num; i++)
-		{
-		if (!group->meth->make_affine(group, points[i], ctx)) return 0;
-		}
-
-	return 1;
-	}
+int ec_GF2m_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
+                               BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    int ret = 0;
+
+    if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    if (!EC_POINT_get_affine_coordinates_GF2m(group, point, x, y, ctx))
+        goto err;
+    if (!BN_copy(&point->X, x))
+        goto err;
+    if (!BN_copy(&point->Y, y))
+        goto err;
+    if (!BN_one(&point->Z))
+        goto err;
+
+    ret = 1;
 
+ err:
+    if (ctx)
+        BN_CTX_end(ctx);
+    if (new_ctx)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
+
+/*
+ * Forces each of the EC_POINTs in the given array to use affine coordinates.
+ */
+int ec_GF2m_simple_points_make_affine(const EC_GROUP *group, size_t num,
+                                      EC_POINT *points[], BN_CTX *ctx)
+{
+    size_t i;
 
-/* Wrapper to simple binary polynomial field multiplication implementation. */
-int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx);
-	}
+    for (i = 0; i < num; i++) {
+        if (!group->meth->make_affine(group, points[i], ctx))
+            return 0;
+    }
 
+    return 1;
+}
 
-/* Wrapper to simple binary polynomial field squaring implementation. */
-int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-	{
-	return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx);
-	}
+/* Wrapper to simple binary polynomial field multiplication implementation. */
+int ec_GF2m_simple_field_mul(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    return BN_GF2m_mod_mul_arr(r, a, b, group->poly, ctx);
+}
 
+/* Wrapper to simple binary polynomial field squaring implementation. */
+int ec_GF2m_simple_field_sqr(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, BN_CTX *ctx)
+{
+    return BN_GF2m_mod_sqr_arr(r, a, group->poly, ctx);
+}
 
 /* Wrapper to simple binary polynomial field division implementation. */
-int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	return BN_GF2m_mod_div(r, a, b, &group->field, ctx);
-	}
+int ec_GF2m_simple_field_div(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    return BN_GF2m_mod_div(r, a, b, &group->field, ctx);
+}
diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c b/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c
index ae555398..4ca2545e 100644
--- a/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c
+++ b/Cryptlib/OpenSSL/crypto/ec/ec_asn1.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,144 +62,147 @@
 #include <openssl/asn1t.h>
 #include <openssl/objects.h>
 
-
 int EC_GROUP_get_basis_type(const EC_GROUP *group)
-	{
-	int i=0;
-
-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
-		NID_X9_62_characteristic_two_field)
-		/* everything else is currently not supported */
-		return 0;
-
-	while (group->poly[i] != 0)
-		i++;
-
-	if (i == 4)
-		return NID_X9_62_ppBasis;
-	else if (i == 2)
-		return NID_X9_62_tpBasis;
-	else
-		/* everything else is currently not supported */
-		return 0;
-	}
+{
+    int i = 0;
+
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) !=
+        NID_X9_62_characteristic_two_field)
+        /* everything else is currently not supported */
+        return 0;
+
+    while (group->poly[i] != 0)
+        i++;
+
+    if (i == 4)
+        return NID_X9_62_ppBasis;
+    else if (i == 2)
+        return NID_X9_62_tpBasis;
+    else
+        /* everything else is currently not supported */
+        return 0;
+}
 
 int EC_GROUP_get_trinomial_basis(const EC_GROUP *group, unsigned int *k)
-	{
-	if (group == NULL)
-		return 0;
-
-	if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve
-	    || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] == 0)))
-		{
-		ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-
-	if (k)
-		*k = group->poly[1];
-
-	return 1;
-	}
+{
+    if (group == NULL)
+        return 0;
+
+    if (EC_GROUP_method_of(group)->group_set_curve !=
+        ec_GF2m_simple_group_set_curve || !((group->poly[0] != 0)
+                                            && (group->poly[1] != 0)
+                                            && (group->poly[2] == 0))) {
+        ECerr(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    if (k)
+        *k = group->poly[1];
+
+    return 1;
+}
 
 int EC_GROUP_get_pentanomial_basis(const EC_GROUP *group, unsigned int *k1,
-	unsigned int *k2, unsigned int *k3)
-	{
-	if (group == NULL)
-		return 0;
-
-	if (EC_GROUP_method_of(group)->group_set_curve != ec_GF2m_simple_group_set_curve
-	    || !((group->poly[0] != 0) && (group->poly[1] != 0) && (group->poly[2] != 0) && (group->poly[3] != 0) && (group->poly[4] == 0)))
-		{
-		ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-
-	if (k1)
-		*k1 = group->poly[3];
-	if (k2)
-		*k2 = group->poly[2];
-	if (k3)
-		*k3 = group->poly[1];
-
-	return 1;
-	}
-
-
+                                   unsigned int *k2, unsigned int *k3)
+{
+    if (group == NULL)
+        return 0;
+
+    if (EC_GROUP_method_of(group)->group_set_curve !=
+        ec_GF2m_simple_group_set_curve || !((group->poly[0] != 0)
+                                            && (group->poly[1] != 0)
+                                            && (group->poly[2] != 0)
+                                            && (group->poly[3] != 0)
+                                            && (group->poly[4] == 0))) {
+        ECerr(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+
+    if (k1)
+        *k1 = group->poly[3];
+    if (k2)
+        *k2 = group->poly[2];
+    if (k3)
+        *k3 = group->poly[1];
+
+    return 1;
+}
 
 /* some structures needed for the asn1 encoding */
 typedef struct x9_62_pentanomial_st {
-	long k1;
-	long k2;
-	long k3;
-	} X9_62_PENTANOMIAL;
+    long k1;
+    long k2;
+    long k3;
+} X9_62_PENTANOMIAL;
 
 typedef struct x9_62_characteristic_two_st {
-	long m;
-	ASN1_OBJECT  *type;
-	union	{
-		char *ptr;
-		/* NID_X9_62_onBasis */
-		ASN1_NULL    *onBasis;
-		/* NID_X9_62_tpBasis */
-		ASN1_INTEGER *tpBasis;
-		/* NID_X9_62_ppBasis */
-		X9_62_PENTANOMIAL *ppBasis;
-		/* anything else */
-		ASN1_TYPE *other;
-		} p;
-	} X9_62_CHARACTERISTIC_TWO;
+    long m;
+    ASN1_OBJECT *type;
+    union {
+        char *ptr;
+        /* NID_X9_62_onBasis */
+        ASN1_NULL *onBasis;
+        /* NID_X9_62_tpBasis */
+        ASN1_INTEGER *tpBasis;
+        /* NID_X9_62_ppBasis */
+        X9_62_PENTANOMIAL *ppBasis;
+        /* anything else */
+        ASN1_TYPE *other;
+    } p;
+} X9_62_CHARACTERISTIC_TWO;
 
 typedef struct x9_62_fieldid_st {
-        ASN1_OBJECT *fieldType;
-	union	{
-		char *ptr;
-		/* NID_X9_62_prime_field */
-		ASN1_INTEGER *prime;
-		/* NID_X9_62_characteristic_two_field */
-		X9_62_CHARACTERISTIC_TWO *char_two;
-		/* anything else */
-		ASN1_TYPE *other;
-		} p;
-	} X9_62_FIELDID;
+    ASN1_OBJECT *fieldType;
+    union {
+        char *ptr;
+        /* NID_X9_62_prime_field */
+        ASN1_INTEGER *prime;
+        /* NID_X9_62_characteristic_two_field */
+        X9_62_CHARACTERISTIC_TWO *char_two;
+        /* anything else */
+        ASN1_TYPE *other;
+    } p;
+} X9_62_FIELDID;
 
 typedef struct x9_62_curve_st {
-        ASN1_OCTET_STRING *a;
-        ASN1_OCTET_STRING *b;
-        ASN1_BIT_STRING   *seed;
-        } X9_62_CURVE;
+    ASN1_OCTET_STRING *a;
+    ASN1_OCTET_STRING *b;
+    ASN1_BIT_STRING *seed;
+} X9_62_CURVE;
 
 typedef struct ec_parameters_st {
-        long              version;
-        X9_62_FIELDID     *fieldID;
-        X9_62_CURVE       *curve;
-        ASN1_OCTET_STRING *base;
-        ASN1_INTEGER      *order;
-        ASN1_INTEGER      *cofactor;
-        } ECPARAMETERS;
+    long version;
+    X9_62_FIELDID *fieldID;
+    X9_62_CURVE *curve;
+    ASN1_OCTET_STRING *base;
+    ASN1_INTEGER *order;
+    ASN1_INTEGER *cofactor;
+} ECPARAMETERS;
 
 struct ecpk_parameters_st {
-	int	type;
-	union {
-		ASN1_OBJECT  *named_curve;
-		ECPARAMETERS *parameters;
-		ASN1_NULL    *implicitlyCA;
-	} value;
-	}/* ECPKPARAMETERS */;
+    int type;
+    union {
+        ASN1_OBJECT *named_curve;
+        ECPARAMETERS *parameters;
+        ASN1_NULL *implicitlyCA;
+    } value;
+} /* ECPKPARAMETERS */ ;
 
 /* SEC1 ECPrivateKey */
 typedef struct ec_privatekey_st {
-	long              version;
-	ASN1_OCTET_STRING *privateKey;
-        ECPKPARAMETERS    *parameters;
-	ASN1_BIT_STRING   *publicKey;
-	} EC_PRIVATEKEY;
+    long version;
+    ASN1_OCTET_STRING *privateKey;
+    ECPKPARAMETERS *parameters;
+    ASN1_BIT_STRING *publicKey;
+} EC_PRIVATEKEY;
 
 /* the OpenSSL ASN.1 definitions */
 ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
-	ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG),
-	ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG),
-	ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG)
+        ASN1_SIMPLE(X9_62_PENTANOMIAL, k1, LONG),
+        ASN1_SIMPLE(X9_62_PENTANOMIAL, k2, LONG),
+        ASN1_SIMPLE(X9_62_PENTANOMIAL, k3, LONG)
 } ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
 
 DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
@@ -208,15 +211,15 @@ IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
 ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
 
 ASN1_ADB(X9_62_CHARACTERISTIC_TWO) = {
-	ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)),
-	ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)),
-	ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL))
+        ADB_ENTRY(NID_X9_62_onBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.onBasis, ASN1_NULL)),
+        ADB_ENTRY(NID_X9_62_tpBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.tpBasis, ASN1_INTEGER)),
+        ADB_ENTRY(NID_X9_62_ppBasis, ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.ppBasis, X9_62_PENTANOMIAL))
 } ASN1_ADB_END(X9_62_CHARACTERISTIC_TWO, 0, type, 0, &char_two_def_tt, NULL);
 
 ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
-	ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG),
-	ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),
-	ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
+        ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, m, LONG),
+        ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
 } ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
 
 DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
@@ -225,37 +228,37 @@ IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
 ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
 
 ASN1_ADB(X9_62_FIELDID) = {
-	ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)),
-	ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO))
+        ADB_ENTRY(NID_X9_62_prime_field, ASN1_SIMPLE(X9_62_FIELDID, p.prime, ASN1_INTEGER)),
+        ADB_ENTRY(NID_X9_62_characteristic_two_field, ASN1_SIMPLE(X9_62_FIELDID, p.char_two, X9_62_CHARACTERISTIC_TWO))
 } ASN1_ADB_END(X9_62_FIELDID, 0, fieldType, 0, &fieldID_def_tt, NULL);
 
 ASN1_SEQUENCE(X9_62_FIELDID) = {
-	ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
-	ASN1_ADB_OBJECT(X9_62_FIELDID)
+        ASN1_SIMPLE(X9_62_FIELDID, fieldType, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(X9_62_FIELDID)
 } ASN1_SEQUENCE_END(X9_62_FIELDID)
 
 ASN1_SEQUENCE(X9_62_CURVE) = {
-	ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
-	ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
+        ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING),
+        ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING)
 } ASN1_SEQUENCE_END(X9_62_CURVE)
 
 ASN1_SEQUENCE(ECPARAMETERS) = {
-	ASN1_SIMPLE(ECPARAMETERS, version, LONG),
-	ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
-	ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
-	ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER),
-	ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER)
+        ASN1_SIMPLE(ECPARAMETERS, version, LONG),
+        ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID),
+        ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE),
+        ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER),
+        ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER)
 } ASN1_SEQUENCE_END(ECPARAMETERS)
 
 DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
 
 ASN1_CHOICE(ECPKPARAMETERS) = {
-	ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT),
-	ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS),
-	ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL)
+        ASN1_SIMPLE(ECPKPARAMETERS, value.named_curve, ASN1_OBJECT),
+        ASN1_SIMPLE(ECPKPARAMETERS, value.parameters, ECPARAMETERS),
+        ASN1_SIMPLE(ECPKPARAMETERS, value.implicitlyCA, ASN1_NULL)
 } ASN1_CHOICE_END(ECPKPARAMETERS)
 
 DECLARE_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
@@ -263,10 +266,10 @@ DECLARE_ASN1_ENCODE_FUNCTIONS_const(ECPKPARAMETERS, ECPKPARAMETERS)
 IMPLEMENT_ASN1_FUNCTIONS_const(ECPKPARAMETERS)
 
 ASN1_SEQUENCE(EC_PRIVATEKEY) = {
-	ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
-	ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
-	ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
-	ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
+        ASN1_SIMPLE(EC_PRIVATEKEY, version, LONG),
+        ASN1_SIMPLE(EC_PRIVATEKEY, privateKey, ASN1_OCTET_STRING),
+        ASN1_EXP_OPT(EC_PRIVATEKEY, parameters, ECPKPARAMETERS, 0),
+        ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
 } ASN1_SEQUENCE_END(EC_PRIVATEKEY)
 
 DECLARE_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
@@ -275,1155 +278,999 @@ IMPLEMENT_ASN1_FUNCTIONS_const(EC_PRIVATEKEY)
 
 /* some declarations of internal function */
 
-/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */ 
+/* ec_asn1_group2field() sets the values in a X9_62_FIELDID object */
 static int ec_asn1_group2fieldid(const EC_GROUP *, X9_62_FIELDID *);
-/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */ 
+/* ec_asn1_group2curve() sets the values in a X9_62_CURVE object */
 static int ec_asn1_group2curve(const EC_GROUP *, X9_62_CURVE *);
-/* ec_asn1_parameters2group() creates a EC_GROUP object from a
- * ECPARAMETERS object */
-static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *); 
-/* ec_asn1_group2parameters() creates a ECPARAMETERS object from a 
- * EC_GROUP object */
-static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *,ECPARAMETERS *);
-/* ec_asn1_pkparameters2group() creates a EC_GROUP object from a
- * ECPKPARAMETERS object */
-static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *); 
-/* ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a 
- * EC_GROUP object */
-static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *, 
-	ECPKPARAMETERS *);
-
+/*
+ * ec_asn1_parameters2group() creates a EC_GROUP object from a ECPARAMETERS
+ * object
+ */
+static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *);
+/*
+ * ec_asn1_group2parameters() creates a ECPARAMETERS object from a EC_GROUP
+ * object
+ */
+static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *,
+                                              ECPARAMETERS *);
+/*
+ * ec_asn1_pkparameters2group() creates a EC_GROUP object from a
+ * ECPKPARAMETERS object
+ */
+static EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *);
+/*
+ * ec_asn1_group2pkparameters() creates a ECPKPARAMETERS object from a
+ * EC_GROUP object
+ */
+static ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *,
+                                                  ECPKPARAMETERS *);
 
 /* the function definitions */
 
 static int ec_asn1_group2fieldid(const EC_GROUP *group, X9_62_FIELDID *field)
-	{
-	int			ok=0, nid;
-	BIGNUM			*tmp = NULL;
-	
-	if (group == NULL || field == NULL)
-		return 0;
-
-	/* clear the old values (if necessary) */
-	if (field->fieldType != NULL)
-		ASN1_OBJECT_free(field->fieldType);
-	if (field->p.other != NULL)
-		ASN1_TYPE_free(field->p.other);
-
-	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
-	/* set OID for the field */
-	if ((field->fieldType = OBJ_nid2obj(nid)) == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
-		goto err;
-		}
-
-	if (nid == NID_X9_62_prime_field)
-		{
-		if ((tmp = BN_new()) == NULL) 
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		/* the parameters are specified by the prime number p */
-		if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL))
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
-			goto err;
-			}
-		/* set the prime number */
-		field->p.prime = BN_to_ASN1_INTEGER(tmp,NULL);
-		if (field->p.prime == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
-			goto err;
-			}
-		}
-	else	/* nid == NID_X9_62_characteristic_two_field */
-		{
-		int		field_type;
-		X9_62_CHARACTERISTIC_TWO *char_two;
-
-		field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
-		char_two = field->p.char_two;
-
-		if (char_two == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-	
-		char_two->m = (long)EC_GROUP_get_degree(group);
-
-		field_type = EC_GROUP_get_basis_type(group);
-
-		if (field_type == 0)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
-			goto err;
-			}
-		/* set base type OID */
-		if ((char_two->type = OBJ_nid2obj(field_type)) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
-			goto err;
-			}
-
-		if (field_type == NID_X9_62_tpBasis)
-			{
-			unsigned int k;
-
-			if (!EC_GROUP_get_trinomial_basis(group, &k))
-				goto err;
-
-			char_two->p.tpBasis = ASN1_INTEGER_new();
-			if (!char_two->p.tpBasis)
-				{
-				ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k))
-				{
-				ECerr(EC_F_EC_ASN1_GROUP2FIELDID,
-					ERR_R_ASN1_LIB);
-				goto err;
-				}
-			}
-		else if (field_type == NID_X9_62_ppBasis)
-			{
-			unsigned int k1, k2, k3;
-
-			if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
-				goto err;
-
-			char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
-			if (!char_two->p.ppBasis)
-				{
-				ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-
-			/* set k? values */
-			char_two->p.ppBasis->k1 = (long)k1;
-			char_two->p.ppBasis->k2 = (long)k2;
-			char_two->p.ppBasis->k3 = (long)k3;
-			}
-		else /* field_type == NID_X9_62_onBasis */
-			{
-			/* for ONB the parameters are (asn1) NULL */
-			char_two->p.onBasis = ASN1_NULL_new();
-			if (!char_two->p.onBasis)
-				{
-				ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			}
-		}
-
-	ok = 1;
-
-err :	if (tmp)
-		BN_free(tmp);
-	return(ok);
+{
+    int ok = 0, nid;
+    BIGNUM *tmp = NULL;
+
+    if (group == NULL || field == NULL)
+        return 0;
+
+    /* clear the old values (if necessary) */
+    if (field->fieldType != NULL)
+        ASN1_OBJECT_free(field->fieldType);
+    if (field->p.other != NULL)
+        ASN1_TYPE_free(field->p.other);
+
+    nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
+    /* set OID for the field */
+    if ((field->fieldType = OBJ_nid2obj(nid)) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
+        goto err;
+    }
+
+    if (nid == NID_X9_62_prime_field) {
+        if ((tmp = BN_new()) == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        /* the parameters are specified by the prime number p */
+        if (!EC_GROUP_get_curve_GFp(group, tmp, NULL, NULL, NULL)) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
+            goto err;
+        }
+        /* set the prime number */
+        field->p.prime = BN_to_ASN1_INTEGER(tmp, NULL);
+        if (field->p.prime == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    } else {                    /* nid == NID_X9_62_characteristic_two_field */
+
+        int field_type;
+        X9_62_CHARACTERISTIC_TWO *char_two;
+
+        field->p.char_two = X9_62_CHARACTERISTIC_TWO_new();
+        char_two = field->p.char_two;
+
+        if (char_two == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        char_two->m = (long)EC_GROUP_get_degree(group);
+
+        field_type = EC_GROUP_get_basis_type(group);
+
+        if (field_type == 0) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_EC_LIB);
+            goto err;
+        }
+        /* set base type OID */
+        if ((char_two->type = OBJ_nid2obj(field_type)) == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_OBJ_LIB);
+            goto err;
+        }
+
+        if (field_type == NID_X9_62_tpBasis) {
+            unsigned int k;
+
+            if (!EC_GROUP_get_trinomial_basis(group, &k))
+                goto err;
+
+            char_two->p.tpBasis = ASN1_INTEGER_new();
+            if (!char_two->p.tpBasis) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (!ASN1_INTEGER_set(char_two->p.tpBasis, (long)k)) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_ASN1_LIB);
+                goto err;
+            }
+        } else if (field_type == NID_X9_62_ppBasis) {
+            unsigned int k1, k2, k3;
+
+            if (!EC_GROUP_get_pentanomial_basis(group, &k1, &k2, &k3))
+                goto err;
+
+            char_two->p.ppBasis = X9_62_PENTANOMIAL_new();
+            if (!char_two->p.ppBasis) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+
+            /* set k? values */
+            char_two->p.ppBasis->k1 = (long)k1;
+            char_two->p.ppBasis->k2 = (long)k2;
+            char_two->p.ppBasis->k3 = (long)k3;
+        } else {                /* field_type == NID_X9_62_onBasis */
+
+            /* for ONB the parameters are (asn1) NULL */
+            char_two->p.onBasis = ASN1_NULL_new();
+            if (!char_two->p.onBasis) {
+                ECerr(EC_F_EC_ASN1_GROUP2FIELDID, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+    }
+
+    ok = 1;
+
+ err:if (tmp)
+        BN_free(tmp);
+    return (ok);
 }
 
 static int ec_asn1_group2curve(const EC_GROUP *group, X9_62_CURVE *curve)
-	{
-	int           ok=0, nid;
-	BIGNUM        *tmp_1=NULL, *tmp_2=NULL;
-	unsigned char *buffer_1=NULL, *buffer_2=NULL,
-	              *a_buf=NULL, *b_buf=NULL;
-	size_t        len_1, len_2;
-	unsigned char char_zero = 0;
-
-	if (!group || !curve || !curve->a || !curve->b)
-		return 0;
-
-	if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
-
-	/* get a and b */
-	if (nid == NID_X9_62_prime_field)
-		{
-		if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL))
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-	else	/* nid == NID_X9_62_characteristic_two_field */
-		{
-		if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL))
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-
-	len_1 = (size_t)BN_num_bytes(tmp_1);
-	len_2 = (size_t)BN_num_bytes(tmp_2);
-
-	if (len_1 == 0)
-		{
-		/* len_1 == 0 => a == 0 */
-		a_buf = &char_zero;
-		len_1 = 1;
-		}
-	else
-		{
-		if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2CURVE,
-			      ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if ( (len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
-			goto err;
-			}
-		a_buf = buffer_1;
-		}
-
-	if (len_2 == 0)
-		{
-		/* len_2 == 0 => b == 0 */
-		b_buf = &char_zero;
-		len_2 = 1;
-		}
-	else
-		{
-		if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2CURVE,
-			      ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if ( (len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
-			goto err;
-			}
-		b_buf = buffer_2;
-		}
-	
-	/* set a and b */
-	if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) ||
-	    !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2))
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
-		goto err;
-		}
-	
-	/* set the seed (optional) */
-	if (group->seed)
-		{	
-		if (!curve->seed)
-			if ((curve->seed = ASN1_BIT_STRING_new()) == NULL)
-				{
-				ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-		curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-		curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-		if (!ASN1_BIT_STRING_set(curve->seed, group->seed, 
-		                         (int)group->seed_len))
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
-			goto err;
-			}
-		}
-	else
-		{
-		if (curve->seed)
-			{
-			ASN1_BIT_STRING_free(curve->seed);
-			curve->seed = NULL;
-			}
-		}
-
-	ok = 1;
-
-err:	if (buffer_1)
-		OPENSSL_free(buffer_1);
-	if (buffer_2)
-		OPENSSL_free(buffer_2);
-	if (tmp_1)
-		BN_free(tmp_1);
-	if (tmp_2)
-		BN_free(tmp_2);
-	return(ok);
-	}
+{
+    int ok = 0, nid;
+    BIGNUM *tmp_1 = NULL, *tmp_2 = NULL;
+    unsigned char *buffer_1 = NULL, *buffer_2 = NULL,
+        *a_buf = NULL, *b_buf = NULL;
+    size_t len_1, len_2;
+    unsigned char char_zero = 0;
+
+    if (!group || !curve || !curve->a || !curve->b)
+        return 0;
+
+    if ((tmp_1 = BN_new()) == NULL || (tmp_2 = BN_new()) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    nid = EC_METHOD_get_field_type(EC_GROUP_method_of(group));
+
+    /* get a and b */
+    if (nid == NID_X9_62_prime_field) {
+        if (!EC_GROUP_get_curve_GFp(group, NULL, tmp_1, tmp_2, NULL)) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else {                    /* nid == NID_X9_62_characteristic_two_field */
+
+        if (!EC_GROUP_get_curve_GF2m(group, NULL, tmp_1, tmp_2, NULL)) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    len_1 = (size_t)BN_num_bytes(tmp_1);
+    len_2 = (size_t)BN_num_bytes(tmp_2);
+
+    if (len_1 == 0) {
+        /* len_1 == 0 => a == 0 */
+        a_buf = &char_zero;
+        len_1 = 1;
+    } else {
+        if ((buffer_1 = OPENSSL_malloc(len_1)) == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if ((len_1 = BN_bn2bin(tmp_1, buffer_1)) == 0) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
+            goto err;
+        }
+        a_buf = buffer_1;
+    }
+
+    if (len_2 == 0) {
+        /* len_2 == 0 => b == 0 */
+        b_buf = &char_zero;
+        len_2 = 1;
+    } else {
+        if ((buffer_2 = OPENSSL_malloc(len_2)) == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if ((len_2 = BN_bn2bin(tmp_2, buffer_2)) == 0) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_BN_LIB);
+            goto err;
+        }
+        b_buf = buffer_2;
+    }
+
+    /* set a and b */
+    if (!M_ASN1_OCTET_STRING_set(curve->a, a_buf, len_1) ||
+        !M_ASN1_OCTET_STRING_set(curve->b, b_buf, len_2)) {
+        ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
+        goto err;
+    }
+
+    /* set the seed (optional) */
+    if (group->seed) {
+        if (!curve->seed)
+            if ((curve->seed = ASN1_BIT_STRING_new()) == NULL) {
+                ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        curve->seed->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        curve->seed->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+        if (!ASN1_BIT_STRING_set(curve->seed, group->seed,
+                                 (int)group->seed_len)) {
+            ECerr(EC_F_EC_ASN1_GROUP2CURVE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    } else {
+        if (curve->seed) {
+            ASN1_BIT_STRING_free(curve->seed);
+            curve->seed = NULL;
+        }
+    }
+
+    ok = 1;
+
+ err:if (buffer_1)
+        OPENSSL_free(buffer_1);
+    if (buffer_2)
+        OPENSSL_free(buffer_2);
+    if (tmp_1)
+        BN_free(tmp_1);
+    if (tmp_2)
+        BN_free(tmp_2);
+    return (ok);
+}
 
 static ECPARAMETERS *ec_asn1_group2parameters(const EC_GROUP *group,
                                               ECPARAMETERS *param)
-	{
-	int	ok=0;
-	size_t  len=0;
-	ECPARAMETERS   *ret=NULL;
-	BIGNUM	       *tmp=NULL;
-	unsigned char  *buffer=NULL;
-	const EC_POINT *point=NULL;
-	point_conversion_form_t form;
-
-	if ((tmp = BN_new()) == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (param == NULL)
-	{
-		if ((ret = ECPARAMETERS_new()) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, 
-			      ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-	}
-	else
-		ret = param;
-
-	/* set the version (always one) */
-	ret->version = (long)0x1;
-
-	/* set the fieldID */
-	if (!ec_asn1_group2fieldid(group, ret->fieldID))
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
-		goto err;
-		}
-
-	/* set the curve */
-	if (!ec_asn1_group2curve(group, ret->curve))
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
-		goto err;
-		}
-
-	/* set the base point */
-	if ((point = EC_GROUP_get0_generator(group)) == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR);
-		goto err;
-		}
-
-	form = EC_GROUP_get_point_conversion_form(group);
-
-	len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
-	if (len == 0)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
-		goto err;
-		}
-	if ((buffer = OPENSSL_malloc(len)) == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL))
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
-		goto err;
-		}
-	if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	if (!ASN1_OCTET_STRING_set(ret->base, buffer, len))
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
-		goto err;
-		}
-
-	/* set the order */
-	if (!EC_GROUP_get_order(group, tmp, NULL))
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
-		goto err;
-		}
-	ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
-	if (ret->order == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
-		goto err;
-		}
-
-	/* set the cofactor (optional) */
-	if (EC_GROUP_get_cofactor(group, tmp, NULL))
-		{
-		ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
-		if (ret->cofactor == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
-			goto err;
-			}
-		}
-
-	ok = 1;
-
-err :	if(!ok)
-		{
-		if (ret && !param)
-			ECPARAMETERS_free(ret);
-		ret = NULL;
-		}
-	if (tmp)
-		BN_free(tmp);
-	if (buffer)
-		OPENSSL_free(buffer);
-	return(ret);
-	}
-
-ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group, 
+{
+    int ok = 0;
+    size_t len = 0;
+    ECPARAMETERS *ret = NULL;
+    BIGNUM *tmp = NULL;
+    unsigned char *buffer = NULL;
+    const EC_POINT *point = NULL;
+    point_conversion_form_t form;
+
+    if ((tmp = BN_new()) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (param == NULL) {
+        if ((ret = ECPARAMETERS_new()) == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        ret = param;
+
+    /* set the version (always one) */
+    ret->version = (long)0x1;
+
+    /* set the fieldID */
+    if (!ec_asn1_group2fieldid(group, ret->fieldID)) {
+        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* set the curve */
+    if (!ec_asn1_group2curve(group, ret->curve)) {
+        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* set the base point */
+    if ((point = EC_GROUP_get0_generator(group)) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, EC_R_UNDEFINED_GENERATOR);
+        goto err;
+    }
+
+    form = EC_GROUP_get_point_conversion_form(group);
+
+    len = EC_POINT_point2oct(group, point, form, NULL, len, NULL);
+    if (len == 0) {
+        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+    if ((buffer = OPENSSL_malloc(len)) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!EC_POINT_point2oct(group, point, form, buffer, len, NULL)) {
+        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (ret->base == NULL && (ret->base = ASN1_OCTET_STRING_new()) == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!ASN1_OCTET_STRING_set(ret->base, buffer, len)) {
+        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
+        goto err;
+    }
+
+    /* set the order */
+    if (!EC_GROUP_get_order(group, tmp, NULL)) {
+        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_EC_LIB);
+        goto err;
+    }
+    ret->order = BN_to_ASN1_INTEGER(tmp, ret->order);
+    if (ret->order == NULL) {
+        ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
+        goto err;
+    }
+
+    /* set the cofactor (optional) */
+    if (EC_GROUP_get_cofactor(group, tmp, NULL)) {
+        ret->cofactor = BN_to_ASN1_INTEGER(tmp, ret->cofactor);
+        if (ret->cofactor == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2PARAMETERS, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    }
+
+    ok = 1;
+
+ err:if (!ok) {
+        if (ret && !param)
+            ECPARAMETERS_free(ret);
+        ret = NULL;
+    }
+    if (tmp)
+        BN_free(tmp);
+    if (buffer)
+        OPENSSL_free(buffer);
+    return (ret);
+}
+
+ECPKPARAMETERS *ec_asn1_group2pkparameters(const EC_GROUP *group,
                                            ECPKPARAMETERS *params)
-	{
-	int            ok = 1, tmp;
-	ECPKPARAMETERS *ret = params;
-
-	if (ret == NULL)
-		{
-		if ((ret = ECPKPARAMETERS_new()) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, 
-			      ERR_R_MALLOC_FAILURE);
-			return NULL;
-			}
-		}
-	else
-		{
-		if (ret->type == 0 && ret->value.named_curve)
-			ASN1_OBJECT_free(ret->value.named_curve);
-		else if (ret->type == 1 && ret->value.parameters)
-			ECPARAMETERS_free(ret->value.parameters);
-		}
-
-	if (EC_GROUP_get_asn1_flag(group))
-		{
-		/* use the asn1 OID to describe the
-		 * the elliptic curve parameters
-		 */
-		tmp = EC_GROUP_get_curve_name(group);
-		if (tmp)
-			{
-			ret->type = 0;
-			if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
-				ok = 0;
-			}
-		else
-			/* we don't kmow the nid => ERROR */
-			ok = 0;
-		}
-	else
-		{	
-		/* use the ECPARAMETERS structure */
-		ret->type = 1;
-		if ((ret->value.parameters = ec_asn1_group2parameters(
-		     group, NULL)) == NULL)
-			ok = 0;
-		}
-
-	if (!ok)
-		{
-		ECPKPARAMETERS_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
+{
+    int ok = 1, tmp;
+    ECPKPARAMETERS *ret = params;
+
+    if (ret == NULL) {
+        if ((ret = ECPKPARAMETERS_new()) == NULL) {
+            ECerr(EC_F_EC_ASN1_GROUP2PKPARAMETERS, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else {
+        if (ret->type == 0 && ret->value.named_curve)
+            ASN1_OBJECT_free(ret->value.named_curve);
+        else if (ret->type == 1 && ret->value.parameters)
+            ECPARAMETERS_free(ret->value.parameters);
+    }
+
+    if (EC_GROUP_get_asn1_flag(group)) {
+        /*
+         * use the asn1 OID to describe the the elliptic curve parameters
+         */
+        tmp = EC_GROUP_get_curve_name(group);
+        if (tmp) {
+            ret->type = 0;
+            if ((ret->value.named_curve = OBJ_nid2obj(tmp)) == NULL)
+                ok = 0;
+        } else
+            /* we don't kmow the nid => ERROR */
+            ok = 0;
+    } else {
+        /* use the ECPARAMETERS structure */
+        ret->type = 1;
+        if ((ret->value.parameters =
+             ec_asn1_group2parameters(group, NULL)) == NULL)
+            ok = 0;
+    }
+
+    if (!ok) {
+        ECPKPARAMETERS_free(ret);
+        return NULL;
+    }
+    return ret;
+}
 
 static EC_GROUP *ec_asn1_parameters2group(const ECPARAMETERS *params)
-	{
-	int			ok = 0, tmp;
-	EC_GROUP		*ret = NULL;
-	BIGNUM			*p = NULL, *a = NULL, *b = NULL;
-	EC_POINT		*point=NULL;
-	long    		field_bits;
-
-	if (!params->fieldID || !params->fieldID->fieldType || 
-	    !params->fieldID->p.ptr)
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
-		goto err;
-		}
-
-	/* now extract the curve parameters a and b */
-	if (!params->curve || !params->curve->a || 
-	    !params->curve->a->data || !params->curve->b ||
-	    !params->curve->b->data)
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
-		goto err;
-		}
-	a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
-	if (a == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
-		goto err;
-		}
-	b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
-	if (b == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
-		goto err;
-		}
-
-	/* get the field parameters */
-	tmp = OBJ_obj2nid(params->fieldID->fieldType);
-
-	if (tmp == NID_X9_62_characteristic_two_field)
-		{
-		X9_62_CHARACTERISTIC_TWO *char_two;
-
-		char_two = params->fieldID->p.char_two;
-
-		field_bits = char_two->m;
-		if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS)
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
-			goto err;
-			}
-
-		if ((p = BN_new()) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-
-		/* get the base type */
-		tmp = OBJ_obj2nid(char_two->type);
-
-		if (tmp ==  NID_X9_62_tpBasis)
-			{
-			long tmp_long;
-
-			if (!char_two->p.tpBasis)
-				{
-				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
-				goto err;
-				}
-
-			tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
-
-			if (!(char_two->m > tmp_long && tmp_long > 0))
-				{
-				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_TRINOMIAL_BASIS);
-				goto err;
-				}
-			
-			/* create the polynomial */
-			if (!BN_set_bit(p, (int)char_two->m))
-				goto err;
-			if (!BN_set_bit(p, (int)tmp_long))
-				goto err;
-			if (!BN_set_bit(p, 0))
-				goto err;
-			}
-		else if (tmp == NID_X9_62_ppBasis)
-			{
-			X9_62_PENTANOMIAL *penta;
-
-			penta = char_two->p.ppBasis;
-			if (!penta)
-				{
-				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
-				goto err;
-				}
-
-			if (!(char_two->m > penta->k3 && penta->k3 > penta->k2 && penta->k2 > penta->k1 && penta->k1 > 0))
-				{
-				ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_PENTANOMIAL_BASIS);
-				goto err;
-				}
-			
-			/* create the polynomial */
-			if (!BN_set_bit(p, (int)char_two->m)) goto err;
-			if (!BN_set_bit(p, (int)penta->k1)) goto err;
-			if (!BN_set_bit(p, (int)penta->k2)) goto err;
-			if (!BN_set_bit(p, (int)penta->k3)) goto err;
-			if (!BN_set_bit(p, 0)) goto err;
-			}
-		else if (tmp == NID_X9_62_onBasis)
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED);
-			goto err;
-			}
-		else /* error */
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
-			goto err;
-			}
-
-		/* create the EC_GROUP structure */
-		ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
-		}
-	else if (tmp == NID_X9_62_prime_field)
-		{
-		/* we have a curve over a prime field */
-		/* extract the prime number */
-		if (!params->fieldID->p.prime)
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
-			goto err;
-			}
-		p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
-		if (p == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
-			goto err;
-			}
-
-		if (BN_is_negative(p) || BN_is_zero(p))
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
-			goto err;
-			}
-
-		field_bits = BN_num_bits(p);
-		if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS)
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
-			goto err;
-			}
-
-		/* create the EC_GROUP structure */
-		ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
-		}
-	else
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
-		goto err;
-		}
-
-	if (ret == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
-		goto err;
-		}
-
-	/* extract seed (optional) */
-	if (params->curve->seed != NULL)
-		{
-		if (ret->seed != NULL)
-			OPENSSL_free(ret->seed);
-		if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length)))
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, 
-			      ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		memcpy(ret->seed, params->curve->seed->data, 
-		       params->curve->seed->length);
-		ret->seed_len = params->curve->seed->length;
-		}
-
-	if (!params->order || !params->base || !params->base->data)
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
-		goto err;
-		}
-
-	if ((point = EC_POINT_new(ret)) == NULL) goto err;
-
-	/* set the point conversion form */
-	EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
-				(params->base->data[0] & ~0x01));
-
-	/* extract the ec point */
-	if (!EC_POINT_oct2point(ret, point, params->base->data, 
-		                params->base->length, NULL))
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
-		goto err;
-		}
-
-	/* extract the order */
-	if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
-		goto err;
-		}
-	if (BN_is_negative(a) || BN_is_zero(a))
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
-		goto err;
-		}
-	if (BN_num_bits(a) > (int)field_bits + 1) /* Hasse bound */
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
-		goto err;
-		}
-	
-	/* extract the cofactor (optional) */
-	if (params->cofactor == NULL)
-		{
-		if (b)
-			{
-			BN_free(b);
-			b = NULL;
-			}
-		}
-	else
-		if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
-			goto err;
-			}
-	/* set the generator, order and cofactor (if present) */
-	if (!EC_GROUP_set_generator(ret, point, a, b))
-		{
-		ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
-		goto err;
-		}
-
-	ok = 1;
-
-err:	if (!ok)
-		{
-		if (ret) 
-			EC_GROUP_clear_free(ret);
-		ret = NULL;
-		}
-
-	if (p)	
-		BN_free(p);
-	if (a)	
-		BN_free(a);
-	if (b)	
-		BN_free(b);
-	if (point)	
-		EC_POINT_free(point);
-	return(ret);
+{
+    int ok = 0, tmp;
+    EC_GROUP *ret = NULL;
+    BIGNUM *p = NULL, *a = NULL, *b = NULL;
+    EC_POINT *point = NULL;
+    long field_bits;
+
+    if (!params->fieldID || !params->fieldID->fieldType ||
+        !params->fieldID->p.ptr) {
+        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+        goto err;
+    }
+
+    /* now extract the curve parameters a and b */
+    if (!params->curve || !params->curve->a ||
+        !params->curve->a->data || !params->curve->b ||
+        !params->curve->b->data) {
+        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+        goto err;
+    }
+    a = BN_bin2bn(params->curve->a->data, params->curve->a->length, NULL);
+    if (a == NULL) {
+        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
+        goto err;
+    }
+    b = BN_bin2bn(params->curve->b->data, params->curve->b->length, NULL);
+    if (b == NULL) {
+        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    /* get the field parameters */
+    tmp = OBJ_obj2nid(params->fieldID->fieldType);
+
+    if (tmp == NID_X9_62_characteristic_two_field) {
+        X9_62_CHARACTERISTIC_TWO *char_two;
+
+        char_two = params->fieldID->p.char_two;
+
+        field_bits = char_two->m;
+        if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
+            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
+            goto err;
+        }
+
+        if ((p = BN_new()) == NULL) {
+            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /* get the base type */
+        tmp = OBJ_obj2nid(char_two->type);
+
+        if (tmp == NID_X9_62_tpBasis) {
+            long tmp_long;
+
+            if (!char_two->p.tpBasis) {
+                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+                goto err;
+            }
+
+            tmp_long = ASN1_INTEGER_get(char_two->p.tpBasis);
+
+            if (!(char_two->m > tmp_long && tmp_long > 0)) {
+                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
+                      EC_R_INVALID_TRINOMIAL_BASIS);
+                goto err;
+            }
+
+            /* create the polynomial */
+            if (!BN_set_bit(p, (int)char_two->m))
+                goto err;
+            if (!BN_set_bit(p, (int)tmp_long))
+                goto err;
+            if (!BN_set_bit(p, 0))
+                goto err;
+        } else if (tmp == NID_X9_62_ppBasis) {
+            X9_62_PENTANOMIAL *penta;
+
+            penta = char_two->p.ppBasis;
+            if (!penta) {
+                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+                goto err;
+            }
+
+            if (!
+                (char_two->m > penta->k3 && penta->k3 > penta->k2
+                 && penta->k2 > penta->k1 && penta->k1 > 0)) {
+                ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP,
+                      EC_R_INVALID_PENTANOMIAL_BASIS);
+                goto err;
+            }
+
+            /* create the polynomial */
+            if (!BN_set_bit(p, (int)char_two->m))
+                goto err;
+            if (!BN_set_bit(p, (int)penta->k1))
+                goto err;
+            if (!BN_set_bit(p, (int)penta->k2))
+                goto err;
+            if (!BN_set_bit(p, (int)penta->k3))
+                goto err;
+            if (!BN_set_bit(p, 0))
+                goto err;
+        } else if (tmp == NID_X9_62_onBasis) {
+            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_NOT_IMPLEMENTED);
+            goto err;
+        } else {                /* error */
+
+            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+            goto err;
+        }
+
+        /* create the EC_GROUP structure */
+        ret = EC_GROUP_new_curve_GF2m(p, a, b, NULL);
+    } else if (tmp == NID_X9_62_prime_field) {
+        /* we have a curve over a prime field */
+        /* extract the prime number */
+        if (!params->fieldID->p.prime) {
+            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+            goto err;
+        }
+        p = ASN1_INTEGER_to_BN(params->fieldID->p.prime, NULL);
+        if (p == NULL) {
+            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
+            goto err;
+        }
+
+        if (BN_is_negative(p) || BN_is_zero(p)) {
+            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
+            goto err;
+        }
+
+        field_bits = BN_num_bits(p);
+        if (field_bits > OPENSSL_ECC_MAX_FIELD_BITS) {
+            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_FIELD_TOO_LARGE);
+            goto err;
+        }
+
+        /* create the EC_GROUP structure */
+        ret = EC_GROUP_new_curve_GFp(p, a, b, NULL);
+    } else {
+        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_FIELD);
+        goto err;
+    }
+
+    if (ret == NULL) {
+        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* extract seed (optional) */
+    if (params->curve->seed != NULL) {
+        if (ret->seed != NULL)
+            OPENSSL_free(ret->seed);
+        if (!(ret->seed = OPENSSL_malloc(params->curve->seed->length))) {
+            ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        memcpy(ret->seed, params->curve->seed->data,
+               params->curve->seed->length);
+        ret->seed_len = params->curve->seed->length;
+    }
+
+    if (!params->order || !params->base || !params->base->data) {
+        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_ASN1_ERROR);
+        goto err;
+    }
+
+    if ((point = EC_POINT_new(ret)) == NULL)
+        goto err;
+
+    /* set the point conversion form */
+    EC_GROUP_set_point_conversion_form(ret, (point_conversion_form_t)
+                                       (params->base->data[0] & ~0x01));
+
+    /* extract the ec point */
+    if (!EC_POINT_oct2point(ret, point, params->base->data,
+                            params->base->length, NULL)) {
+        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    /* extract the order */
+    if ((a = ASN1_INTEGER_to_BN(params->order, a)) == NULL) {
+        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
+        goto err;
+    }
+    if (BN_is_negative(a) || BN_is_zero(a)) {
+        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
+    if (BN_num_bits(a) > (int)field_bits + 1) { /* Hasse bound */
+        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
+
+    /* extract the cofactor (optional) */
+    if (params->cofactor == NULL) {
+        if (b) {
+            BN_free(b);
+            b = NULL;
+        }
+    } else if ((b = ASN1_INTEGER_to_BN(params->cofactor, b)) == NULL) {
+        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_ASN1_LIB);
+        goto err;
+    }
+    /* set the generator, order and cofactor (if present) */
+    if (!EC_GROUP_set_generator(ret, point, a, b)) {
+        ECerr(EC_F_EC_ASN1_PARAMETERS2GROUP, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    ok = 1;
+
+ err:if (!ok) {
+        if (ret)
+            EC_GROUP_clear_free(ret);
+        ret = NULL;
+    }
+
+    if (p)
+        BN_free(p);
+    if (a)
+        BN_free(a);
+    if (b)
+        BN_free(b);
+    if (point)
+        EC_POINT_free(point);
+    return (ret);
 }
 
 EC_GROUP *ec_asn1_pkparameters2group(const ECPKPARAMETERS *params)
-	{
-	EC_GROUP *ret=NULL;
-	int      tmp=0;
-
-	if (params == NULL)
-		{
-		ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, 
-		      EC_R_MISSING_PARAMETERS);
-		return NULL;
-		}
-
-	if (params->type == 0)
-		{ /* the curve is given by an OID */
-		tmp = OBJ_obj2nid(params->value.named_curve);
-		if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL)
-			{
-			ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, 
-			      EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
-			return NULL;
-			}
-		EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
-		}
-	else if (params->type == 1)
-		{ /* the parameters are given by a ECPARAMETERS
-		   * structure */
-		ret = ec_asn1_parameters2group(params->value.parameters);
-		if (!ret)
-			{
-			ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB);
-			return NULL;
-			}
-		EC_GROUP_set_asn1_flag(ret, 0x0);
-		}
-	else if (params->type == 2)
-		{ /* implicitlyCA */
-		return NULL;
-		}
-	else
-		{
-		ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR);
-		return NULL;
-		}
-
-	return ret;
-	}
+{
+    EC_GROUP *ret = NULL;
+    int tmp = 0;
+
+    if (params == NULL) {
+        ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_MISSING_PARAMETERS);
+        return NULL;
+    }
+
+    if (params->type == 0) {    /* the curve is given by an OID */
+        tmp = OBJ_obj2nid(params->value.named_curve);
+        if ((ret = EC_GROUP_new_by_curve_name(tmp)) == NULL) {
+            ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP,
+                  EC_R_EC_GROUP_NEW_BY_NAME_FAILURE);
+            return NULL;
+        }
+        EC_GROUP_set_asn1_flag(ret, OPENSSL_EC_NAMED_CURVE);
+    } else if (params->type == 1) { /* the parameters are given by a
+                                     * ECPARAMETERS structure */
+        ret = ec_asn1_parameters2group(params->value.parameters);
+        if (!ret) {
+            ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, ERR_R_EC_LIB);
+            return NULL;
+        }
+        EC_GROUP_set_asn1_flag(ret, 0x0);
+    } else if (params->type == 2) { /* implicitlyCA */
+        return NULL;
+    } else {
+        ECerr(EC_F_EC_ASN1_PKPARAMETERS2GROUP, EC_R_ASN1_ERROR);
+        return NULL;
+    }
+
+    return ret;
+}
 
 /* EC_GROUP <-> DER encoding of ECPKPARAMETERS */
 
 EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
-	{
-	EC_GROUP	*group  = NULL;
-	ECPKPARAMETERS	*params = NULL;
-
-	if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL)
-		{
-		ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
-		ECPKPARAMETERS_free(params);
-		return NULL;
-		}
-	
-	if ((group = ec_asn1_pkparameters2group(params)) == NULL)
-		{
-		ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
-		return NULL; 
-		}
-
-	
-	if (a && *a)
-		EC_GROUP_clear_free(*a);
-	if (a)
-		*a = group;
-
-	ECPKPARAMETERS_free(params);
-	return(group);
-	}
+{
+    EC_GROUP *group = NULL;
+    ECPKPARAMETERS *params = NULL;
+
+    if ((params = d2i_ECPKPARAMETERS(NULL, in, len)) == NULL) {
+        ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_D2I_ECPKPARAMETERS_FAILURE);
+        ECPKPARAMETERS_free(params);
+        return NULL;
+    }
+
+    if ((group = ec_asn1_pkparameters2group(params)) == NULL) {
+        ECerr(EC_F_D2I_ECPKPARAMETERS, EC_R_PKPARAMETERS2GROUP_FAILURE);
+        return NULL;
+    }
+
+    if (a && *a)
+        EC_GROUP_clear_free(*a);
+    if (a)
+        *a = group;
+
+    ECPKPARAMETERS_free(params);
+    return (group);
+}
 
 int i2d_ECPKParameters(const EC_GROUP *a, unsigned char **out)
-	{
-	int		ret=0;
-	ECPKPARAMETERS	*tmp = ec_asn1_group2pkparameters(a, NULL);
-	if (tmp == NULL)
-		{
-		ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
-		return 0;
-		}
-	if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0)
-		{
-		ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
-		ECPKPARAMETERS_free(tmp);
-		return 0;
-		}	
-	ECPKPARAMETERS_free(tmp);
-	return(ret);
-	}
+{
+    int ret = 0;
+    ECPKPARAMETERS *tmp = ec_asn1_group2pkparameters(a, NULL);
+    if (tmp == NULL) {
+        ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_GROUP2PKPARAMETERS_FAILURE);
+        return 0;
+    }
+    if ((ret = i2d_ECPKPARAMETERS(tmp, out)) == 0) {
+        ECerr(EC_F_I2D_ECPKPARAMETERS, EC_R_I2D_ECPKPARAMETERS_FAILURE);
+        ECPKPARAMETERS_free(tmp);
+        return 0;
+    }
+    ECPKPARAMETERS_free(tmp);
+    return (ret);
+}
 
 /* some EC_KEY functions */
 
 EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
-	{
-	int             ok=0;
-	EC_KEY          *ret=NULL;
-	EC_PRIVATEKEY   *priv_key=NULL;
-
-	if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
-		{
-		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL)
-		{
-		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
-		EC_PRIVATEKEY_free(priv_key);
-		return NULL;
-		}
-
-	if (a == NULL || *a == NULL)
-		{
-		if ((ret = EC_KEY_new()) == NULL)	
-			{
-			ECerr(EC_F_D2I_ECPRIVATEKEY,
-                                 ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if (a)
-			*a = ret;
-		}
-	else
-		ret = *a;
-
-	if (priv_key->parameters)
-		{
-		if (ret->group)
-			EC_GROUP_clear_free(ret->group);
-		ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
-		}
-
-	if (ret->group == NULL)
-		{
-		ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
-		goto err;
-		}
-
-	ret->version = priv_key->version;
-
-	if (priv_key->privateKey)
-		{
-		ret->priv_key = BN_bin2bn(
-			M_ASN1_STRING_data(priv_key->privateKey),
-			M_ASN1_STRING_length(priv_key->privateKey),
-			ret->priv_key);
-		if (ret->priv_key == NULL)
-			{
-			ECerr(EC_F_D2I_ECPRIVATEKEY,
-                              ERR_R_BN_LIB);
-			goto err;
-			}
-		}
-	else
-		{
-		ECerr(EC_F_D2I_ECPRIVATEKEY, 
-                      EC_R_MISSING_PRIVATE_KEY);
-		goto err;
-		}
-
-	if (priv_key->publicKey)
-		{
-		const unsigned char *pub_oct;
-		size_t pub_oct_len;
-
-		if (ret->pub_key)
-			EC_POINT_clear_free(ret->pub_key);
-		ret->pub_key = EC_POINT_new(ret->group);
-		if (ret->pub_key == NULL)
-			{
-			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
-			goto err;
-			}
-		pub_oct     = M_ASN1_STRING_data(priv_key->publicKey);
-		pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
-		/* save the point conversion form */
-		ret->conv_form = (point_conversion_form_t)(pub_oct[0] & ~0x01);
-		if (!EC_POINT_oct2point(ret->group, ret->pub_key,
-			pub_oct, pub_oct_len, NULL))
-			{
-			ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-
-	ok = 1;
-err:
-	if (!ok)
-		{
-		if (ret)
-			EC_KEY_free(ret);
-		ret = NULL;
-		}
-
-	if (priv_key)
-		EC_PRIVATEKEY_free(priv_key);
-
-	return(ret);
-	}
-
-int	i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
-	{
-	int             ret=0, ok=0;
-	unsigned char   *buffer=NULL;
-	size_t          buf_len=0, tmp_len;
-	EC_PRIVATEKEY   *priv_key=NULL;
-
-	if (a == NULL || a->group == NULL || a->priv_key == NULL)
-		{
-		ECerr(EC_F_I2D_ECPRIVATEKEY,
-                      ERR_R_PASSED_NULL_PARAMETER);
-		goto err;
-		}
-
-	if ((priv_key = EC_PRIVATEKEY_new()) == NULL)
-		{
-		ECerr(EC_F_I2D_ECPRIVATEKEY,
-                      ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	priv_key->version = a->version;
-
-	buf_len = (size_t)BN_num_bytes(a->priv_key);
-	buffer = OPENSSL_malloc(buf_len);
-	if (buffer == NULL)
-		{
-		ECerr(EC_F_I2D_ECPRIVATEKEY,
-                      ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	
-	if (!BN_bn2bin(a->priv_key, buffer))
-		{
-		ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);
-		goto err;
-		}
-
-	if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len))
-		{
-		ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
-		goto err;
-		}	
-
-	if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS))
-		{
-		if ((priv_key->parameters = ec_asn1_group2pkparameters(
-			a->group, priv_key->parameters)) == NULL)
-			{
-			ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-
-	if (!(a->enc_flag & EC_PKEY_NO_PUBKEY))
-		{
-		priv_key->publicKey = M_ASN1_BIT_STRING_new();
-		if (priv_key->publicKey == NULL)
-			{
-			ECerr(EC_F_I2D_ECPRIVATEKEY,
-				ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-
-		tmp_len = EC_POINT_point2oct(a->group, a->pub_key, 
-				a->conv_form, NULL, 0, NULL);
-
-		if (tmp_len > buf_len)
-			{
-			unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len);
-			if (!tmp_buffer)
-				{
-				ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			buffer = tmp_buffer;
-			buf_len = tmp_len;
-			}
-
-		if (!EC_POINT_point2oct(a->group, a->pub_key, 
-			a->conv_form, buffer, buf_len, NULL))
-			{
-			ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
-			goto err;
-			}
-
-		priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
-		priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-		if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, 
-				buf_len))
-			{
-			ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
-			goto err;
-			}
-		}
-
-	if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0)
-		{
-		ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
-		goto err;
-		}
-	ok=1;
-err:
-	if (buffer)
-		OPENSSL_free(buffer);
-	if (priv_key)
-		EC_PRIVATEKEY_free(priv_key);
-	return(ok?ret:0);
-	}
+{
+    int ok = 0;
+    EC_KEY *ret = NULL;
+    EC_PRIVATEKEY *priv_key = NULL;
+
+    if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if ((priv_key = d2i_EC_PRIVATEKEY(&priv_key, in, len)) == NULL) {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+        EC_PRIVATEKEY_free(priv_key);
+        return NULL;
+    }
+
+    if (a == NULL || *a == NULL) {
+        if ((ret = EC_KEY_new()) == NULL) {
+            ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        ret = *a;
+
+    if (priv_key->parameters) {
+        if (ret->group)
+            EC_GROUP_clear_free(ret->group);
+        ret->group = ec_asn1_pkparameters2group(priv_key->parameters);
+    }
+
+    if (ret->group == NULL) {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    ret->version = priv_key->version;
+
+    if (priv_key->privateKey) {
+        ret->priv_key = BN_bin2bn(M_ASN1_STRING_data(priv_key->privateKey),
+                                  M_ASN1_STRING_length(priv_key->privateKey),
+                                  ret->priv_key);
+        if (ret->priv_key == NULL) {
+            ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_BN_LIB);
+            goto err;
+        }
+    } else {
+        ECerr(EC_F_D2I_ECPRIVATEKEY, EC_R_MISSING_PRIVATE_KEY);
+        goto err;
+    }
+
+    if (priv_key->publicKey) {
+        const unsigned char *pub_oct;
+        size_t pub_oct_len;
+
+        if (ret->pub_key)
+            EC_POINT_clear_free(ret->pub_key);
+        ret->pub_key = EC_POINT_new(ret->group);
+        if (ret->pub_key == NULL) {
+            ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+            goto err;
+        }
+        pub_oct = M_ASN1_STRING_data(priv_key->publicKey);
+        pub_oct_len = M_ASN1_STRING_length(priv_key->publicKey);
+        /* save the point conversion form */
+        ret->conv_form = (point_conversion_form_t) (pub_oct[0] & ~0x01);
+        if (!EC_POINT_oct2point(ret->group, ret->pub_key,
+                                pub_oct, pub_oct_len, NULL)) {
+            ECerr(EC_F_D2I_ECPRIVATEKEY, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    if (a)
+        *a = ret;
+    ok = 1;
+ err:
+    if (!ok) {
+        if (ret && (a == NULL || *a != ret))
+            EC_KEY_free(ret);
+        ret = NULL;
+    }
+
+    if (priv_key)
+        EC_PRIVATEKEY_free(priv_key);
+
+    return (ret);
+}
+
+int i2d_ECPrivateKey(EC_KEY *a, unsigned char **out)
+{
+    int ret = 0, ok = 0;
+    unsigned char *buffer = NULL;
+    size_t buf_len = 0, tmp_len;
+    EC_PRIVATEKEY *priv_key = NULL;
+
+    if (a == NULL || a->group == NULL || a->priv_key == NULL) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+
+    if ((priv_key = EC_PRIVATEKEY_new()) == NULL) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    priv_key->version = a->version;
+
+    buf_len = (size_t)BN_num_bytes(a->priv_key);
+    buffer = OPENSSL_malloc(buf_len);
+    if (buffer == NULL) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!BN_bn2bin(a->priv_key, buffer)) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if (!M_ASN1_OCTET_STRING_set(priv_key->privateKey, buffer, buf_len)) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
+        goto err;
+    }
+
+    if (!(a->enc_flag & EC_PKEY_NO_PARAMETERS)) {
+        if ((priv_key->parameters =
+             ec_asn1_group2pkparameters(a->group,
+                                        priv_key->parameters)) == NULL) {
+            ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    if (!(a->enc_flag & EC_PKEY_NO_PUBKEY)) {
+        priv_key->publicKey = M_ASN1_BIT_STRING_new();
+        if (priv_key->publicKey == NULL) {
+            ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        tmp_len = EC_POINT_point2oct(a->group, a->pub_key,
+                                     a->conv_form, NULL, 0, NULL);
+
+        if (tmp_len > buf_len) {
+            unsigned char *tmp_buffer = OPENSSL_realloc(buffer, tmp_len);
+            if (!tmp_buffer) {
+                ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            buffer = tmp_buffer;
+            buf_len = tmp_len;
+        }
+
+        if (!EC_POINT_point2oct(a->group, a->pub_key,
+                                a->conv_form, buffer, buf_len, NULL)) {
+            ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+            goto err;
+        }
+
+        priv_key->publicKey->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
+        priv_key->publicKey->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+        if (!M_ASN1_BIT_STRING_set(priv_key->publicKey, buffer, buf_len)) {
+            ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_ASN1_LIB);
+            goto err;
+        }
+    }
+
+    if ((ret = i2d_EC_PRIVATEKEY(priv_key, out)) == 0) {
+        ECerr(EC_F_I2D_ECPRIVATEKEY, ERR_R_EC_LIB);
+        goto err;
+    }
+    ok = 1;
+ err:
+    if (buffer)
+        OPENSSL_free(buffer);
+    if (priv_key)
+        EC_PRIVATEKEY_free(priv_key);
+    return (ok ? ret : 0);
+}
 
 int i2d_ECParameters(EC_KEY *a, unsigned char **out)
-	{
-	if (a == NULL)
-		{
-		ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	return i2d_ECPKParameters(a->group, out);
-	}
+{
+    if (a == NULL) {
+        ECerr(EC_F_I2D_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    return i2d_ECPKParameters(a->group, out);
+}
 
 EC_KEY *d2i_ECParameters(EC_KEY **a, const unsigned char **in, long len)
-	{
-	EC_KEY   *ret;
-
-	if (in == NULL || *in == NULL)
-		{
-		ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-
-	if (a == NULL || *a == NULL)
-		{
-		if ((ret = EC_KEY_new()) == NULL)
-			{
-			ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
-			return NULL;
-			}
-		if (a)
-			*a = ret;
-		}
-	else
-		ret = *a;
-
-	if (!d2i_ECPKParameters(&ret->group, in, len))
-		{
-		ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
-		return NULL;
-		}
-
-	return ret;
-	}
+{
+    EC_KEY *ret;
+
+    if (in == NULL || *in == NULL) {
+        ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
+    if (a == NULL || *a == NULL) {
+        if ((ret = EC_KEY_new()) == NULL) {
+            ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    } else
+        ret = *a;
+
+    if (!d2i_ECPKParameters(&ret->group, in, len)) {
+        ECerr(EC_F_D2I_ECPARAMETERS, ERR_R_EC_LIB);
+        if (a == NULL || *a != ret)
+             EC_KEY_free(ret);
+        return NULL;
+    }
+
+    if (a)
+        *a = ret;
+
+    return ret;
+}
 
 EC_KEY *o2i_ECPublicKey(EC_KEY **a, const unsigned char **in, long len)
-	{
-	EC_KEY *ret=NULL;
-
-	if (a == NULL || (*a) == NULL || (*a)->group == NULL)
-		{
-		/* sorry, but a EC_GROUP-structur is necessary
-                 * to set the public key */
-		ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	ret = *a;
-	if (ret->pub_key == NULL && 
-		(ret->pub_key = EC_POINT_new(ret->group)) == NULL)
-		{
-		ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL))
-		{
-		ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
-		return 0;
-		}
-	/* save the point conversion form */
-	ret->conv_form = (point_conversion_form_t)(*in[0] & ~0x01);
-	*in += len;
-	return ret;
-	}
+{
+    EC_KEY *ret = NULL;
+
+    if (a == NULL || (*a) == NULL || (*a)->group == NULL) {
+        /*
+         * sorry, but a EC_GROUP-structur is necessary to set the public key
+         */
+        ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    ret = *a;
+    if (ret->pub_key == NULL &&
+        (ret->pub_key = EC_POINT_new(ret->group)) == NULL) {
+        ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL)) {
+        ECerr(EC_F_O2I_ECPUBLICKEY, ERR_R_EC_LIB);
+        return 0;
+    }
+    /* save the point conversion form */
+    ret->conv_form = (point_conversion_form_t) (*in[0] & ~0x01);
+    *in += len;
+    return ret;
+}
 
 int i2o_ECPublicKey(EC_KEY *a, unsigned char **out)
-	{
-        size_t buf_len=0;
-	int new_buffer = 0;
-
-        if (a == NULL) 
-		{
-		ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-
-        buf_len = EC_POINT_point2oct(a->group, a->pub_key, 
-                              a->conv_form, NULL, 0, NULL);
-
-	if (out == NULL || buf_len == 0)
-	/* out == NULL => just return the length of the octet string */
-		return buf_len;
-
-	if (*out == NULL)
-		{
-		if ((*out = OPENSSL_malloc(buf_len)) == NULL)
-			{
-			ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		new_buffer = 1;
-		}
-        if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
-				*out, buf_len, NULL))
-		{
-		ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
-		OPENSSL_free(*out);
-		*out = NULL;
-		return 0;
-		}
-	if (!new_buffer)
-		*out += buf_len;
-	return buf_len;
-	}
+{
+    size_t buf_len = 0;
+    int new_buffer = 0;
+
+    if (a == NULL) {
+        ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    buf_len = EC_POINT_point2oct(a->group, a->pub_key,
+                                 a->conv_form, NULL, 0, NULL);
+
+    if (out == NULL || buf_len == 0)
+        /* out == NULL => just return the length of the octet string */
+        return buf_len;
+
+    if (*out == NULL) {
+        if ((*out = OPENSSL_malloc(buf_len)) == NULL) {
+            ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        new_buffer = 1;
+    }
+    if (!EC_POINT_point2oct(a->group, a->pub_key, a->conv_form,
+                            *out, buf_len, NULL)) {
+        ECerr(EC_F_I2O_ECPUBLICKEY, ERR_R_EC_LIB);
+        OPENSSL_free(*out);
+        *out = NULL;
+        return 0;
+    }
+    if (!new_buffer)
+        *out += buf_len;
+    return buf_len;
+}
diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_check.c b/Cryptlib/OpenSSL/crypto/ec/ec_check.c
index 0e316b4b..d3f53499 100644
--- a/Cryptlib/OpenSSL/crypto/ec/ec_check.c
+++ b/Cryptlib/OpenSSL/crypto/ec/ec_check.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -57,67 +57,64 @@
 #include <openssl/err.h>
 
 int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BIGNUM *order;
-	BN_CTX *new_ctx = NULL;
-	EC_POINT *point = NULL;
+{
+    int ret = 0;
+    BIGNUM *order;
+    BN_CTX *new_ctx = NULL;
+    EC_POINT *point = NULL;
 
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			{
-			ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	BN_CTX_start(ctx);
-	if ((order = BN_CTX_get(ctx)) == NULL) goto err;
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL) {
+            ECerr(EC_F_EC_GROUP_CHECK, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    BN_CTX_start(ctx);
+    if ((order = BN_CTX_get(ctx)) == NULL)
+        goto err;
 
-	/* check the discriminant */
-	if (!EC_GROUP_check_discriminant(group, ctx))
-		{
-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO);
-		goto err;
-		}
+    /* check the discriminant */
+    if (!EC_GROUP_check_discriminant(group, ctx)) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_DISCRIMINANT_IS_ZERO);
+        goto err;
+    }
 
-	/* check the generator */
-	if (group->generator == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
-		goto err;
-		}
-	if (!EC_POINT_is_on_curve(group, group->generator, ctx))
-		{
-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
-		goto err;
-		}
+    /* check the generator */
+    if (group->generator == NULL) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_GENERATOR);
+        goto err;
+    }
+    if (!EC_POINT_is_on_curve(group, group->generator, ctx)) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_POINT_IS_NOT_ON_CURVE);
+        goto err;
+    }
 
-	/* check the order of the generator */
-	if ((point = EC_POINT_new(group)) == NULL) goto err;
-	if (!EC_GROUP_get_order(group, order, ctx)) goto err; 
-	if (BN_is_zero(order))
-		{
-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER);
-		goto err;
-		}
-	
-	if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx)) goto err;
-	if (!EC_POINT_is_at_infinity(group, point))
-		{
-		ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER);
-		goto err;
-		}
+    /* check the order of the generator */
+    if ((point = EC_POINT_new(group)) == NULL)
+        goto err;
+    if (!EC_GROUP_get_order(group, order, ctx))
+        goto err;
+    if (BN_is_zero(order)) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_UNDEFINED_ORDER);
+        goto err;
+    }
 
-	ret = 1;
+    if (!EC_POINT_mul(group, point, order, NULL, NULL, ctx))
+        goto err;
+    if (!EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GROUP_CHECK, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
 
-err:
-	if (ctx != NULL)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	if (point)
-		EC_POINT_free(point);
-	return ret;
-	}
+    ret = 1;
+
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    if (point)
+        EC_POINT_free(point);
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_curve.c b/Cryptlib/OpenSSL/crypto/ec/ec_curve.c
index beac2096..b4356206 100644
--- a/Cryptlib/OpenSSL/crypto/ec/ec_curve.c
+++ b/Cryptlib/OpenSSL/crypto/ec/ec_curve.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,13 +58,13 @@
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
- * Portions of the attached software ("Contribution") are developed by 
+ * Portions of the attached software ("Contribution") are developed by
  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
  *
  * The Contribution is licensed pursuant to the OpenSSL open source
  * license provided above.
  *
- * The elliptic curve binary polynomial software is originally written by 
+ * The elliptic curve binary polynomial software is originally written by
  * Sheueling Chang Shantz and Douglas Stebila of Sun Microsystems Laboratories.
  *
  */
@@ -74,1197 +74,1262 @@
 #include <openssl/obj_mac.h>
 
 typedef struct ec_curve_data_st {
-	int	field_type;	/* either NID_X9_62_prime_field or
-				 * NID_X9_62_characteristic_two_field */
-	const char *p;		/* either a prime number or a polynomial */
-	const char *a;
-	const char *b;
-	const char *x;		/* the x coordinate of the generator */
-	const char *y;		/* the y coordinate of the generator */
-	const char *order;	/* the order of the group generated by the
-				 * generator */
-	const BN_ULONG cofactor;/* the cofactor */
-	const unsigned char *seed;/* the seed (optional) */
-	size_t	seed_len;
-	const char *comment;	/* a short description of the curve */
+    int field_type;             /* either NID_X9_62_prime_field or
+                                 * NID_X9_62_characteristic_two_field */
+    const char *p;              /* either a prime number or a polynomial */
+    const char *a;
+    const char *b;
+    const char *x;              /* the x coordinate of the generator */
+    const char *y;              /* the y coordinate of the generator */
+    const char *order;          /* the order of the group generated by the
+                                 * generator */
+    const BN_ULONG cofactor;    /* the cofactor */
+    const unsigned char *seed;  /* the seed (optional) */
+    size_t seed_len;
+    const char *comment;        /* a short description of the curve */
 } EC_CURVE_DATA;
 
 /* the nist prime curves */
 static const unsigned char _EC_NIST_PRIME_192_SEED[] = {
-	0x30,0x45,0xAE,0x6F,0xC8,0x42,0x2F,0x64,0xED,0x57,
-	0x95,0x28,0xD3,0x81,0x20,0xEA,0xE1,0x21,0x96,0xD5};
+    0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57,
+    0x95, 0x28, 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5
+};
+
 static const EC_CURVE_DATA _EC_NIST_PRIME_192 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
-	"64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
-	"188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
-	"07192b95ffc8da78631011ed6b24cdd573f977a11e794811",
-	"FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831",1,
-	_EC_NIST_PRIME_192_SEED, 20,
-	"NIST/X9.62/SECG curve over a 192 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+    "64210519E59C80E70FA7E9AB72243049FEB8DEECC146B9B1",
+    "188DA80EB03090F67CBF20EB43A18800F4FF0AFD82FF1012",
+    "07192b95ffc8da78631011ed6b24cdd573f977a11e794811",
+    "FFFFFFFFFFFFFFFFFFFFFFFF99DEF836146BC9B1B4D22831", 1,
+    _EC_NIST_PRIME_192_SEED, 20,
+    "NIST/X9.62/SECG curve over a 192 bit prime field"
+};
 
 static const unsigned char _EC_NIST_PRIME_224_SEED[] = {
-	0xBD,0x71,0x34,0x47,0x99,0xD5,0xC7,0xFC,0xDC,0x45,
-	0xB5,0x9F,0xA3,0xB9,0xAB,0x8F,0x6A,0x94,0x8B,0xC5};
+    0xBD, 0x71, 0x34, 0x47, 0x99, 0xD5, 0xC7, 0xFC, 0xDC, 0x45,
+    0xB5, 0x9F, 0xA3, 0xB9, 0xAB, 0x8F, 0x6A, 0x94, 0x8B, 0xC5
+};
+
 static const EC_CURVE_DATA _EC_NIST_PRIME_224 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
-	"B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
-	"B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
-	"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D",1,
-	_EC_NIST_PRIME_224_SEED, 20,
-	"NIST/SECG curve over a 224 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+    "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+    "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+    "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1,
+    _EC_NIST_PRIME_224_SEED, 20,
+    "NIST/SECG curve over a 224 bit prime field"
+};
 
 static const unsigned char _EC_NIST_PRIME_384_SEED[] = {
-	0xA3,0x35,0x92,0x6A,0xA3,0x19,0xA2,0x7A,0x1D,0x00,
-	0x89,0x6A,0x67,0x73,0xA4,0x82,0x7A,0xCD,0xAC,0x73};
+    0xA3, 0x35, 0x92, 0x6A, 0xA3, 0x19, 0xA2, 0x7A, 0x1D, 0x00,
+    0x89, 0x6A, 0x67, 0x73, 0xA4, 0x82, 0x7A, 0xCD, 0xAC, 0x73
+};
+
 static const EC_CURVE_DATA _EC_NIST_PRIME_384 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
-	"FFF0000000000000000FFFFFFFF",
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
-	"FFF0000000000000000FFFFFFFC",
-	"B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563"
-	"98D8A2ED19D2A85C8EDD3EC2AEF",
-	"AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F"
-	"25DBF55296C3A545E3872760AB7",
-	"3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b"
-	"1ce1d7e819d7a431d7c90ea0e5f",
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0"
-	"DB248B0A77AECEC196ACCC52973",1,
-	_EC_NIST_PRIME_384_SEED, 20,
-	"NIST/SECG curve over a 384 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
+        "FFF0000000000000000FFFFFFFF",
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFF"
+        "FFF0000000000000000FFFFFFFC",
+    "B3312FA7E23EE7E4988E056BE3F82D19181D9C6EFE8141120314088F5013875AC6563"
+        "98D8A2ED19D2A85C8EDD3EC2AEF",
+    "AA87CA22BE8B05378EB1C71EF320AD746E1D3B628BA79B9859F741E082542A385502F"
+        "25DBF55296C3A545E3872760AB7",
+    "3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b"
+        "1ce1d7e819d7a431d7c90ea0e5f",
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC7634D81F4372DDF581A0"
+        "DB248B0A77AECEC196ACCC52973", 1,
+    _EC_NIST_PRIME_384_SEED, 20,
+    "NIST/SECG curve over a 384 bit prime field"
+};
 
 static const unsigned char _EC_NIST_PRIME_521_SEED[] = {
-	0xD0,0x9E,0x88,0x00,0x29,0x1C,0xB8,0x53,0x96,0xCC,
-	0x67,0x17,0x39,0x32,0x84,0xAA,0xA0,0xDA,0x64,0xBA};
+    0xD0, 0x9E, 0x88, 0x00, 0x29, 0x1C, 0xB8, 0x53, 0x96, 0xCC,
+    0x67, 0x17, 0x39, 0x32, 0x84, 0xAA, 0xA0, 0xDA, 0x64, 0xBA
+};
+
 static const EC_CURVE_DATA _EC_NIST_PRIME_521 = {
-	NID_X9_62_prime_field,
-	"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
-	"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
-	"051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156"
-	"193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
-	"C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14"
-	"B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
-	"011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9"
-	"7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
-	"1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51"
-	"868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409",1,
-	_EC_NIST_PRIME_521_SEED, 20,
-	"NIST/SECG curve over a 521 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF",
+    "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+        "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC",
+    "051953EB9618E1C9A1F929A21A0B68540EEA2DA725B99B315F3B8B489918EF109E156"
+        "193951EC7E937B1652C0BD3BB1BF073573DF883D2C34F1EF451FD46B503F00",
+    "C6858E06B70404E9CD9E3ECB662395B4429C648139053FB521F828AF606B4D3DBAA14"
+        "B5E77EFE75928FE1DC127A2FFA8DE3348B3C1856A429BF97E7E31C2E5BD66",
+    "011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c9"
+        "7ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650",
+    "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFA51"
+        "868783BF2F966B7FCC0148F709A5D03BB5C9B8899C47AEBB6FB71E91386409", 1,
+    _EC_NIST_PRIME_521_SEED, 20,
+    "NIST/SECG curve over a 521 bit prime field"
+};
+
 /* the x9.62 prime curves (minus the nist prime curves) */
 static const unsigned char _EC_X9_62_PRIME_192V2_SEED[] = {
-	0x31,0xA9,0x2E,0xE2,0x02,0x9F,0xD1,0x0D,0x90,0x1B,
-	0x11,0x3E,0x99,0x07,0x10,0xF0,0xD2,0x1A,0xC6,0xB6};
+    0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B,
+    0x11, 0x3E, 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6
+};
+
 static const EC_CURVE_DATA _EC_X9_62_PRIME_192V2 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
-	"CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
-	"EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
-	"6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15",
-	"FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31",1,
-	_EC_X9_62_PRIME_192V2_SEED, 20,
-	"X9.62 curve over a 192 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+    "CC22D6DFB95C6B25E49C0D6364A4E5980C393AA21668D953",
+    "EEA2BAE7E1497842F2DE7769CFE9C989C072AD696F48034A",
+    "6574d11d69b6ec7a672bb82a083df2f2b0847de970b2de15",
+    "FFFFFFFFFFFFFFFFFFFFFFFE5FB1A724DC80418648D8DD31", 1,
+    _EC_X9_62_PRIME_192V2_SEED, 20,
+    "X9.62 curve over a 192 bit prime field"
+};
 
 static const unsigned char _EC_X9_62_PRIME_192V3_SEED[] = {
-	0xC4,0x69,0x68,0x44,0x35,0xDE,0xB3,0x78,0xC4,0xB6,
-	0x5C,0xA9,0x59,0x1E,0x2A,0x57,0x63,0x05,0x9A,0x2E};
+    0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6,
+    0x5C, 0xA9, 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E
+};
+
 static const EC_CURVE_DATA _EC_X9_62_PRIME_192V3 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
-	"22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
-	"7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
-	"38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0",
-	"FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13",1,
-	_EC_X9_62_PRIME_192V3_SEED, 20,
-	"X9.62 curve over a 192 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF",
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC",
+    "22123DC2395A05CAA7423DAECCC94760A7D462256BD56916",
+    "7D29778100C65A1DA1783716588DCE2B8B4AEE8E228F1896",
+    "38a90f22637337334b49dcb66a6dc8f9978aca7648a943b0",
+    "FFFFFFFFFFFFFFFFFFFFFFFF7A62D031C83F4294F640EC13", 1,
+    _EC_X9_62_PRIME_192V3_SEED, 20,
+    "X9.62 curve over a 192 bit prime field"
+};
 
 static const unsigned char _EC_X9_62_PRIME_239V1_SEED[] = {
-	0xE4,0x3B,0xB4,0x60,0xF0,0xB8,0x0C,0xC0,0xC0,0xB0,
-	0x75,0x79,0x8E,0x94,0x80,0x60,0xF8,0x32,0x1B,0x7D};
+    0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0,
+    0x75, 0x79, 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D
+};
+
 static const EC_CURVE_DATA _EC_X9_62_PRIME_239V1 = {
-	NID_X9_62_prime_field,
-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
-	"6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
-	"0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
-	"7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae",
-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B",1,
-	_EC_X9_62_PRIME_239V1_SEED, 20,
-	"X9.62 curve over a 239 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+    "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+    "6B016C3BDCF18941D0D654921475CA71A9DB2FB27D1D37796185C2942C0A",
+    "0FFA963CDCA8816CCC33B8642BEDF905C3D358573D3F27FBBD3B3CB9AAAF",
+    "7debe8e4e90a5dae6e4054ca530ba04654b36818ce226b39fccb7b02f1ae",
+    "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF9E5E9A9F5D9071FBD1522688909D0B", 1,
+    _EC_X9_62_PRIME_239V1_SEED, 20,
+    "X9.62 curve over a 239 bit prime field"
+};
 
 static const unsigned char _EC_X9_62_PRIME_239V2_SEED[] = {
-	0xE8,0xB4,0x01,0x16,0x04,0x09,0x53,0x03,0xCA,0x3B,
-	0x80,0x99,0x98,0x2B,0xE0,0x9F,0xCB,0x9A,0xE6,0x16};
+    0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B,
+    0x80, 0x99, 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16
+};
+
 static const EC_CURVE_DATA _EC_X9_62_PRIME_239V2 = {
-	NID_X9_62_prime_field,
-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
-	"617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
-	"38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
-	"5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba",
-	"7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063",1,
-	_EC_X9_62_PRIME_239V2_SEED, 20,
-	"X9.62 curve over a 239 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+    "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+    "617FAB6832576CBBFED50D99F0249C3FEE58B94BA0038C7AE84C8C832F2C",
+    "38AF09D98727705120C921BB5E9E26296A3CDCF2F35757A0EAFD87B830E7",
+    "5b0125e4dbea0ec7206da0fc01d9b081329fb555de6ef460237dff8be4ba",
+    "7FFFFFFFFFFFFFFFFFFFFFFF800000CFA7E8594377D414C03821BC582063", 1,
+    _EC_X9_62_PRIME_239V2_SEED, 20,
+    "X9.62 curve over a 239 bit prime field"
+};
 
 static const unsigned char _EC_X9_62_PRIME_239V3_SEED[] = {
-	0x7D,0x73,0x74,0x16,0x8F,0xFE,0x34,0x71,0xB6,0x0A,
-	0x85,0x76,0x86,0xA1,0x94,0x75,0xD3,0xBF,0xA2,0xFF};
+    0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A,
+    0x85, 0x76, 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF
+};
+
 static const EC_CURVE_DATA _EC_X9_62_PRIME_239V3 = {
-	NID_X9_62_prime_field,
-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
-	"255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
-	"6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
-	"1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3",
-	"7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551",1,
-	_EC_X9_62_PRIME_239V3_SEED, 20,
-	"X9.62 curve over a 239 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFF",
+    "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFFFFFFFF8000000000007FFFFFFFFFFC",
+    "255705FA2A306654B1F4CB03D6A750A30C250102D4988717D9BA15AB6D3E",
+    "6768AE8E18BB92CFCF005C949AA2C6D94853D0E660BBF854B1C9505FE95A",
+    "1607e6898f390c06bc1d552bad226f3b6fcfe48b6e818499af18e3ed6cf3",
+    "7FFFFFFFFFFFFFFFFFFFFFFF7FFFFF975DEB41B3A6057C3C432146526551", 1,
+    _EC_X9_62_PRIME_239V3_SEED, 20,
+    "X9.62 curve over a 239 bit prime field"
+};
 
 static const unsigned char _EC_X9_62_PRIME_256V1_SEED[] = {
-	0xC4,0x9D,0x36,0x08,0x86,0xE7,0x04,0x93,0x6A,0x66,
-	0x78,0xE1,0x13,0x9D,0x26,0xB7,0x81,0x9F,0x7E,0x90};
+    0xC4, 0x9D, 0x36, 0x08, 0x86, 0xE7, 0x04, 0x93, 0x6A, 0x66,
+    0x78, 0xE1, 0x13, 0x9D, 0x26, 0xB7, 0x81, 0x9F, 0x7E, 0x90
+};
+
 static const EC_CURVE_DATA _EC_X9_62_PRIME_256V1 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
-	"FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
-	"5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
-	"6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
-	"4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
-	"FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551",1,
-	_EC_X9_62_PRIME_256V1_SEED, 20,
-	"X9.62/SECG curve over a 256 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF",
+    "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC",
+    "5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B",
+    "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296",
+    "4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5",
+    "FFFFFFFF00000000FFFFFFFFFFFFFFFFBCE6FAADA7179E84F3B9CAC2FC632551", 1,
+    _EC_X9_62_PRIME_256V1_SEED, 20,
+    "X9.62/SECG curve over a 256 bit prime field"
+};
+
 /* the secg prime curves (minus the nist and x9.62 prime curves) */
 static const unsigned char _EC_SECG_PRIME_112R1_SEED[] = {
-	0x00,0xF5,0x0B,0x02,0x8E,0x4D,0x69,0x6E,0x67,0x68,
-	0x75,0x61,0x51,0x75,0x29,0x04,0x72,0x78,0x3F,0xB1};
+    0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68,
+    0x75, 0x61, 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1
+};
+
 static const EC_CURVE_DATA _EC_SECG_PRIME_112R1 = {
-	NID_X9_62_prime_field,
-	"DB7C2ABF62E35E668076BEAD208B",
-	"DB7C2ABF62E35E668076BEAD2088",
-	"659EF8BA043916EEDE8911702B22",
-	"09487239995A5EE76B55F9C2F098",
-	"a89ce5af8724c0a23e0e0ff77500",
-	"DB7C2ABF62E35E7628DFAC6561C5",1,
-	_EC_SECG_PRIME_112R1_SEED, 20,
-	"SECG/WTLS curve over a 112 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "DB7C2ABF62E35E668076BEAD208B",
+    "DB7C2ABF62E35E668076BEAD2088",
+    "659EF8BA043916EEDE8911702B22",
+    "09487239995A5EE76B55F9C2F098",
+    "a89ce5af8724c0a23e0e0ff77500",
+    "DB7C2ABF62E35E7628DFAC6561C5", 1,
+    _EC_SECG_PRIME_112R1_SEED, 20,
+    "SECG/WTLS curve over a 112 bit prime field"
+};
 
 static const unsigned char _EC_SECG_PRIME_112R2_SEED[] = {
-	0x00,0x27,0x57,0xA1,0x11,0x4D,0x69,0x6E,0x67,0x68,
-	0x75,0x61,0x51,0x75,0x53,0x16,0xC0,0x5E,0x0B,0xD4};
+    0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68,
+    0x75, 0x61, 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4
+};
+
 static const EC_CURVE_DATA _EC_SECG_PRIME_112R2 = {
-	NID_X9_62_prime_field,
-	"DB7C2ABF62E35E668076BEAD208B",
-	"6127C24C05F38A0AAAF65C0EF02C",
-	"51DEF1815DB5ED74FCC34C85D709",
-	"4BA30AB5E892B4E1649DD0928643",
-	"adcd46f5882e3747def36e956e97",
-	"36DF0AAFD8B8D7597CA10520D04B",4, 
-	_EC_SECG_PRIME_112R2_SEED, 20,
-	"SECG curve over a 112 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "DB7C2ABF62E35E668076BEAD208B",
+    "6127C24C05F38A0AAAF65C0EF02C",
+    "51DEF1815DB5ED74FCC34C85D709",
+    "4BA30AB5E892B4E1649DD0928643",
+    "adcd46f5882e3747def36e956e97",
+    "36DF0AAFD8B8D7597CA10520D04B", 4,
+    _EC_SECG_PRIME_112R2_SEED, 20,
+    "SECG curve over a 112 bit prime field"
+};
 
 static const unsigned char _EC_SECG_PRIME_128R1_SEED[] = {
-	0x00,0x0E,0x0D,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
-	0x51,0x75,0x0C,0xC0,0x3A,0x44,0x73,0xD0,0x36,0x79};
+    0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
+    0x51, 0x75, 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79
+};
+
 static const EC_CURVE_DATA _EC_SECG_PRIME_128R1 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
-	"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
-	"E87579C11079F43DD824993C2CEE5ED3",
-	"161FF7528B899B2D0C28607CA52C5B86",
-	"cf5ac8395bafeb13c02da292dded7a83",
-	"FFFFFFFE0000000075A30D1B9038A115",1,
-	_EC_SECG_PRIME_128R1_SEED, 20,
-	"SECG curve over a 128 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+    "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC",
+    "E87579C11079F43DD824993C2CEE5ED3",
+    "161FF7528B899B2D0C28607CA52C5B86",
+    "cf5ac8395bafeb13c02da292dded7a83",
+    "FFFFFFFE0000000075A30D1B9038A115", 1,
+    _EC_SECG_PRIME_128R1_SEED, 20,
+    "SECG curve over a 128 bit prime field"
+};
 
 static const unsigned char _EC_SECG_PRIME_128R2_SEED[] = {
-	0x00,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,
-	0x12,0xD8,0xF0,0x34,0x31,0xFC,0xE6,0x3B,0x88,0xF4};
+    0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
+    0x12, 0xD8, 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4
+};
+
 static const EC_CURVE_DATA _EC_SECG_PRIME_128R2 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
-	"D6031998D1B3BBFEBF59CC9BBFF9AEE1",
-	"5EEEFCA380D02919DC2C6558BB6D8A5D",
-	"7B6AA5D85E572983E6FB32A7CDEBC140",
-	"27b6916a894d3aee7106fe805fc34b44",
-	"3FFFFFFF7FFFFFFFBE0024720613B5A3",4,
-	_EC_SECG_PRIME_128R2_SEED, 20,
-	"SECG curve over a 128 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF",
+    "D6031998D1B3BBFEBF59CC9BBFF9AEE1",
+    "5EEEFCA380D02919DC2C6558BB6D8A5D",
+    "7B6AA5D85E572983E6FB32A7CDEBC140",
+    "27b6916a894d3aee7106fe805fc34b44",
+    "3FFFFFFF7FFFFFFFBE0024720613B5A3", 4,
+    _EC_SECG_PRIME_128R2_SEED, 20,
+    "SECG curve over a 128 bit prime field"
+};
 
 static const EC_CURVE_DATA _EC_SECG_PRIME_160K1 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
-	"0",
-	"7",
-	"3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
-	"938cf935318fdced6bc28286531733c3f03c4fee",
-	"0100000000000000000001B8FA16DFAB9ACA16B6B3",1,
-	NULL, 0,
-	"SECG curve over a 160 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
+    "0",
+    "7",
+    "3B4C382CE37AA192A4019E763036F4F5DD4D7EBB",
+    "938cf935318fdced6bc28286531733c3f03c4fee",
+    "0100000000000000000001B8FA16DFAB9ACA16B6B3", 1,
+    NULL, 0,
+    "SECG curve over a 160 bit prime field"
+};
 
 static const unsigned char _EC_SECG_PRIME_160R1_SEED[] = {
-	0x10,0x53,0xCD,0xE4,0x2C,0x14,0xD6,0x96,0xE6,0x76,
-	0x87,0x56,0x15,0x17,0x53,0x3B,0xF3,0xF8,0x33,0x45};
+    0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76,
+    0x87, 0x56, 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45
+};
+
 static const EC_CURVE_DATA _EC_SECG_PRIME_160R1 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
-	"1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
-	"4A96B5688EF573284664698968C38BB913CBFC82",
-	"23a628553168947d59dcc912042351377ac5fb32",
-	"0100000000000000000001F4C8F927AED3CA752257",1,
-	_EC_SECG_PRIME_160R1_SEED, 20,
-	"SECG curve over a 160 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF",
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC",
+    "1C97BEFC54BD7A8B65ACF89F81D4D4ADC565FA45",
+    "4A96B5688EF573284664698968C38BB913CBFC82",
+    "23a628553168947d59dcc912042351377ac5fb32",
+    "0100000000000000000001F4C8F927AED3CA752257", 1,
+    _EC_SECG_PRIME_160R1_SEED, 20,
+    "SECG curve over a 160 bit prime field"
+};
 
 static const unsigned char _EC_SECG_PRIME_160R2_SEED[] = {
-	0xB9,0x9B,0x99,0xB0,0x99,0xB3,0x23,0xE0,0x27,0x09,
-	0xA4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x51};
+    0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09,
+    0xA4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51
+};
+
 static const EC_CURVE_DATA _EC_SECG_PRIME_160R2 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
-	"B4E134D3FB59EB8BAB57274904664D5AF50388BA",
-	"52DCB034293A117E1F4FF11B30F7199D3144CE6D",
-	"feaffef2e331f296e071fa0df9982cfea7d43f2e",
-	"0100000000000000000000351EE786A818F3A1A16B",1,
-	_EC_SECG_PRIME_160R2_SEED, 20,
-	"SECG/WTLS curve over a 160 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73",
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC70",
+    "B4E134D3FB59EB8BAB57274904664D5AF50388BA",
+    "52DCB034293A117E1F4FF11B30F7199D3144CE6D",
+    "feaffef2e331f296e071fa0df9982cfea7d43f2e",
+    "0100000000000000000000351EE786A818F3A1A16B", 1,
+    _EC_SECG_PRIME_160R2_SEED, 20,
+    "SECG/WTLS curve over a 160 bit prime field"
+};
 
 static const EC_CURVE_DATA _EC_SECG_PRIME_192K1 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
-	"0",
-	"3",
-	"DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
-	"9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d",
-	"FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D",1,
-	NULL, 20,
-	"SECG curve over a 192 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37",
+    "0",
+    "3",
+    "DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D",
+    "9b2f2f6d9c5628a7844163d015be86344082aa88d95e2f9d",
+    "FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 1,
+    NULL, 20,
+    "SECG curve over a 192 bit prime field"
+};
 
 static const EC_CURVE_DATA _EC_SECG_PRIME_224K1 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
-	"0",
-	"5",
-	"A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
-	"7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5",
-	"010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7",1,
-	NULL, 20,
-	"SECG curve over a 224 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D",
+    "0",
+    "5",
+    "A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C",
+    "7e089fed7fba344282cafbd6f7e319f7c0b0bd59e2ca4bdb556d61a5",
+    "010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 1,
+    NULL, 20,
+    "SECG curve over a 224 bit prime field"
+};
 
 static const EC_CURVE_DATA _EC_SECG_PRIME_256K1 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
-	"0",
-	"7",
-	"79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
-	"483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141",1,
-	NULL, 20,
-	"SECG curve over a 256 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F",
+    "0",
+    "7",
+    "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798",
+    "483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8",
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 1,
+    NULL, 20,
+    "SECG curve over a 256 bit prime field"
+};
 
 /* some wap/wtls curves */
 static const EC_CURVE_DATA _EC_WTLS_8 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFFFFFFFFFFFFFFFFFFFDE7",
-	"0",
-	"3",
-	"1",
-	"2",
-	"0100000000000001ECEA551AD837E9",1,
-	NULL, 20,
-	"WTLS curve over a 112 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFFFFFFFFFFFFFFFFFFFDE7",
+    "0",
+    "3",
+    "1",
+    "2",
+    "0100000000000001ECEA551AD837E9", 1,
+    NULL, 20,
+    "WTLS curve over a 112 bit prime field"
+};
 
 static const EC_CURVE_DATA _EC_WTLS_9 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F",
-	"0",
-	"3",
-	"1",
-	"2",
-	"0100000000000000000001CDC98AE0E2DE574ABF33",1,
-	NULL, 20,
-	"WTLS curve over a 160 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC808F",
+    "0",
+    "3",
+    "1",
+    "2",
+    "0100000000000000000001CDC98AE0E2DE574ABF33", 1,
+    NULL, 20,
+    "WTLS curve over a 160 bit prime field"
+};
 
 static const EC_CURVE_DATA _EC_WTLS_12 = {
-	NID_X9_62_prime_field,
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
-	"B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
-	"B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
-	"bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
-	"FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1,
-	NULL, 0,
-	"WTLS curvs over a 224 bit prime field"
-	};
+    NID_X9_62_prime_field,
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001",
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE",
+    "B4050A850C04B3ABF54132565044B0B7D7BFD8BA270B39432355FFB4",
+    "B70E0CBD6BB4BF7F321390B94A03C1D356C21122343280D6115C1D21",
+    "bd376388b5f723fb4c22dfe6cd4375a05a07476444d5819985007e34",
+    "FFFFFFFFFFFFFFFFFFFFFFFFFFFF16A2E0B8F03E13DD29455C5C2A3D", 1,
+    NULL, 0,
+    "WTLS curvs over a 224 bit prime field"
+};
 
 /* characteristic two curves */
 static const unsigned char _EC_SECG_CHAR2_113R1_SEED[] = {
-	0x10,0xE7,0x23,0xAB,0x14,0xD6,0x96,0xE6,0x76,0x87,
-	0x56,0x15,0x17,0x56,0xFE,0xBF,0x8F,0xCB,0x49,0xA9};
+    0x10, 0xE7, 0x23, 0xAB, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87,
+    0x56, 0x15, 0x17, 0x56, 0xFE, 0xBF, 0x8F, 0xCB, 0x49, 0xA9
+};
+
 static const EC_CURVE_DATA _EC_SECG_CHAR2_113R1 = {
-	NID_X9_62_characteristic_two_field,
-	"020000000000000000000000000201",
-	"003088250CA6E7C7FE649CE85820F7",
-	"00E8BEE4D3E2260744188BE0E9C723",
-	"009D73616F35F4AB1407D73562C10F",
-	"00A52830277958EE84D1315ED31886",
-	"0100000000000000D9CCEC8A39E56F", 2,
-	_EC_SECG_CHAR2_113R1_SEED, 20,
-	"SECG curve over a 113 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "020000000000000000000000000201",
+    "003088250CA6E7C7FE649CE85820F7",
+    "00E8BEE4D3E2260744188BE0E9C723",
+    "009D73616F35F4AB1407D73562C10F",
+    "00A52830277958EE84D1315ED31886",
+    "0100000000000000D9CCEC8A39E56F", 2,
+    _EC_SECG_CHAR2_113R1_SEED, 20,
+    "SECG curve over a 113 bit binary field"
+};
 
 static const unsigned char _EC_SECG_CHAR2_113R2_SEED[] = {
-	0x10,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,
-	0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x5D};
+    0x10, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE,
+    0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x5D
+};
+
 static const EC_CURVE_DATA _EC_SECG_CHAR2_113R2 = {
-	NID_X9_62_characteristic_two_field,
-	"020000000000000000000000000201",
-	"00689918DBEC7E5A0DD6DFC0AA55C7",
-	"0095E9A9EC9B297BD4BF36E059184F",
-	"01A57A6A7B26CA5EF52FCDB8164797",
-	"00B3ADC94ED1FE674C06E695BABA1D",
-	"010000000000000108789B2496AF93", 2,
-	_EC_SECG_CHAR2_113R2_SEED, 20,
-	"SECG curve over a 113 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "020000000000000000000000000201",
+    "00689918DBEC7E5A0DD6DFC0AA55C7",
+    "0095E9A9EC9B297BD4BF36E059184F",
+    "01A57A6A7B26CA5EF52FCDB8164797",
+    "00B3ADC94ED1FE674C06E695BABA1D",
+    "010000000000000108789B2496AF93", 2,
+    _EC_SECG_CHAR2_113R2_SEED, 20,
+    "SECG curve over a 113 bit binary field"
+};
 
 static const unsigned char _EC_SECG_CHAR2_131R1_SEED[] = {
-	0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,0x51,0x75,0x98,
-	0x5B,0xD3,0xAD,0xBA,0xDA,0x21,0xB4,0x3A,0x97,0xE2};
+    0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x98,
+    0x5B, 0xD3, 0xAD, 0xBA, 0xDA, 0x21, 0xB4, 0x3A, 0x97, 0xE2
+};
+
 static const EC_CURVE_DATA _EC_SECG_CHAR2_131R1 = {
-	NID_X9_62_characteristic_two_field,
-	"080000000000000000000000000000010D",
-	"07A11B09A76B562144418FF3FF8C2570B8",
-	"0217C05610884B63B9C6C7291678F9D341",
-	"0081BAF91FDF9833C40F9C181343638399",
-	"078C6E7EA38C001F73C8134B1B4EF9E150",
-	"0400000000000000023123953A9464B54D", 2,
-	_EC_SECG_CHAR2_131R1_SEED, 20,
-	"SECG/WTLS curve over a 131 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "080000000000000000000000000000010D",
+    "07A11B09A76B562144418FF3FF8C2570B8",
+    "0217C05610884B63B9C6C7291678F9D341",
+    "0081BAF91FDF9833C40F9C181343638399",
+    "078C6E7EA38C001F73C8134B1B4EF9E150",
+    "0400000000000000023123953A9464B54D", 2,
+    _EC_SECG_CHAR2_131R1_SEED, 20,
+    "SECG/WTLS curve over a 131 bit binary field"
+};
 
 static const unsigned char _EC_SECG_CHAR2_131R2_SEED[] = {
-	0x98,0x5B,0xD3,0xAD,0xBA,0xD4,0xD6,0x96,0xE6,0x76,
-	0x87,0x56,0x15,0x17,0x5A,0x21,0xB4,0x3A,0x97,0xE3};
+    0x98, 0x5B, 0xD3, 0xAD, 0xBA, 0xD4, 0xD6, 0x96, 0xE6, 0x76,
+    0x87, 0x56, 0x15, 0x17, 0x5A, 0x21, 0xB4, 0x3A, 0x97, 0xE3
+};
+
 static const EC_CURVE_DATA _EC_SECG_CHAR2_131R2 = {
-	NID_X9_62_characteristic_two_field,
-	"080000000000000000000000000000010D",
-	"03E5A88919D7CAFCBF415F07C2176573B2",
-	"04B8266A46C55657AC734CE38F018F2192",
-	"0356DCD8F2F95031AD652D23951BB366A8",
-	"0648F06D867940A5366D9E265DE9EB240F",
-	"0400000000000000016954A233049BA98F", 2,
-	_EC_SECG_CHAR2_131R2_SEED, 20,
-	"SECG curve over a 131 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "080000000000000000000000000000010D",
+    "03E5A88919D7CAFCBF415F07C2176573B2",
+    "04B8266A46C55657AC734CE38F018F2192",
+    "0356DCD8F2F95031AD652D23951BB366A8",
+    "0648F06D867940A5366D9E265DE9EB240F",
+    "0400000000000000016954A233049BA98F", 2,
+    _EC_SECG_CHAR2_131R2_SEED, 20,
+    "SECG curve over a 131 bit binary field"
+};
 
 static const EC_CURVE_DATA _EC_NIST_CHAR2_163K = {
-	NID_X9_62_characteristic_two_field,
-	"0800000000000000000000000000000000000000C9",
-	"1",
-	"1",
-	"02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
-	"0289070FB05D38FF58321F2E800536D538CCDAA3D9",
-	"04000000000000000000020108A2E0CC0D99F8A5EF", 2,
-	NULL, 0,
-	"NIST/SECG/WTLS curve over a 163 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "0800000000000000000000000000000000000000C9",
+    "1",
+    "1",
+    "02FE13C0537BBC11ACAA07D793DE4E6D5E5C94EEE8",
+    "0289070FB05D38FF58321F2E800536D538CCDAA3D9",
+    "04000000000000000000020108A2E0CC0D99F8A5EF", 2,
+    NULL, 0,
+    "NIST/SECG/WTLS curve over a 163 bit binary field"
+};
 
 static const unsigned char _EC_SECG_CHAR2_163R1_SEED[] = {
-	0x24,0xB7,0xB1,0x37,0xC8,0xA1,0x4D,0x69,0x6E,0x67,
-	0x68,0x75,0x61,0x51,0x75,0x6F,0xD0,0xDA,0x2E,0x5C};
+    0x24, 0xB7, 0xB1, 0x37, 0xC8, 0xA1, 0x4D, 0x69, 0x6E, 0x67,
+    0x68, 0x75, 0x61, 0x51, 0x75, 0x6F, 0xD0, 0xDA, 0x2E, 0x5C
+};
+
 static const EC_CURVE_DATA _EC_SECG_CHAR2_163R1 = {
-	NID_X9_62_characteristic_two_field,
-	"0800000000000000000000000000000000000000C9",
-	"07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
-	"0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
-	"0369979697AB43897789566789567F787A7876A654",
-	"00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
-	"03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2,
-/* The algorithm used to derive the curve parameters from
- * the seed used here is slightly different than the
- * algorithm described in X9.62 .
- */
+    NID_X9_62_characteristic_two_field,
+    "0800000000000000000000000000000000000000C9",
+    "07B6882CAAEFA84F9554FF8428BD88E246D2782AE2",
+    "0713612DCDDCB40AAB946BDA29CA91F73AF958AFD9",
+    "0369979697AB43897789566789567F787A7876A654",
+    "00435EDB42EFAFB2989D51FEFCE3C80988F41FF883",
+    "03FFFFFFFFFFFFFFFFFFFF48AAB689C29CA710279B", 2,
+    /*
+     * The algorithm used to derive the curve parameters from the seed used
+     * here is slightly different than the algorithm described in X9.62 .
+     */
 #if 0
-	_EC_SECG_CHAR2_163R1_SEED, 20,
+    _EC_SECG_CHAR2_163R1_SEED, 20,
 #else
-	NULL, 0,
+    NULL, 0,
 #endif
-	"SECG curve over a 163 bit binary field"
-	};
+    "SECG curve over a 163 bit binary field"
+};
 
 static const unsigned char _EC_NIST_CHAR2_163B_SEED[] = {
-	0x85,0xE2,0x5B,0xFE,0x5C,0x86,0x22,0x6C,0xDB,0x12,
-	0x01,0x6F,0x75,0x53,0xF9,0xD0,0xE6,0x93,0xA2,0x68};
-static const EC_CURVE_DATA _EC_NIST_CHAR2_163B ={
-	NID_X9_62_characteristic_two_field,
-	"0800000000000000000000000000000000000000C9",
-	"1",
-	"020A601907B8C953CA1481EB10512F78744A3205FD",
-	"03F0EBA16286A2D57EA0991168D4994637E8343E36",
-	"00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
-	"040000000000000000000292FE77E70C12A4234C33", 2,
-/* The seed here was used to created the curve parameters in normal
- * basis representation (and not the polynomial representation used here) 
- */
+    0x85, 0xE2, 0x5B, 0xFE, 0x5C, 0x86, 0x22, 0x6C, 0xDB, 0x12,
+    0x01, 0x6F, 0x75, 0x53, 0xF9, 0xD0, 0xE6, 0x93, 0xA2, 0x68
+};
+
+static const EC_CURVE_DATA _EC_NIST_CHAR2_163B = {
+    NID_X9_62_characteristic_two_field,
+    "0800000000000000000000000000000000000000C9",
+    "1",
+    "020A601907B8C953CA1481EB10512F78744A3205FD",
+    "03F0EBA16286A2D57EA0991168D4994637E8343E36",
+    "00D51FBC6C71A0094FA2CDD545B11C5C0C797324F1",
+    "040000000000000000000292FE77E70C12A4234C33", 2,
+    /*
+     * The seed here was used to created the curve parameters in normal basis
+     * representation (and not the polynomial representation used here)
+     */
 #if 0
-	_EC_NIST_CHAR2_163B_SEED, 20,
+    _EC_NIST_CHAR2_163B_SEED, 20,
 #else
-	NULL, 0,
+    NULL, 0,
 #endif
-	"NIST/SECG curve over a 163 bit binary field"
-	};
+    "NIST/SECG curve over a 163 bit binary field"
+};
 
 static const unsigned char _EC_SECG_CHAR2_193R1_SEED[] = {
-	0x10,0x3F,0xAE,0xC7,0x4D,0x69,0x6E,0x67,0x68,0x75,
-	0x61,0x51,0x75,0x77,0x7F,0xC5,0xB1,0x91,0xEF,0x30};
+    0x10, 0x3F, 0xAE, 0xC7, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75,
+    0x61, 0x51, 0x75, 0x77, 0x7F, 0xC5, 0xB1, 0x91, 0xEF, 0x30
+};
+
 static const EC_CURVE_DATA _EC_SECG_CHAR2_193R1 = {
-	NID_X9_62_characteristic_two_field,
-	"02000000000000000000000000000000000000000000008001",
-	"0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
-	"00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
-	"01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
-	"0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
-	"01000000000000000000000000C7F34A778F443ACC920EBA49", 2,
-	_EC_SECG_CHAR2_193R1_SEED, 20,
-	"SECG curve over a 193 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "02000000000000000000000000000000000000000000008001",
+    "0017858FEB7A98975169E171F77B4087DE098AC8A911DF7B01",
+    "00FDFB49BFE6C3A89FACADAA7A1E5BBC7CC1C2E5D831478814",
+    "01F481BC5F0FF84A74AD6CDF6FDEF4BF6179625372D8C0C5E1",
+    "0025E399F2903712CCF3EA9E3A1AD17FB0B3201B6AF7CE1B05",
+    "01000000000000000000000000C7F34A778F443ACC920EBA49", 2,
+    _EC_SECG_CHAR2_193R1_SEED, 20,
+    "SECG curve over a 193 bit binary field"
+};
 
 static const unsigned char _EC_SECG_CHAR2_193R2_SEED[] = {
-	0x10,0xB7,0xB4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,
-	0x17,0x51,0x37,0xC8,0xA1,0x6F,0xD0,0xDA,0x22,0x11};
+    0x10, 0xB7, 0xB4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15,
+    0x17, 0x51, 0x37, 0xC8, 0xA1, 0x6F, 0xD0, 0xDA, 0x22, 0x11
+};
+
 static const EC_CURVE_DATA _EC_SECG_CHAR2_193R2 = {
-	NID_X9_62_characteristic_two_field,
-	"02000000000000000000000000000000000000000000008001",
-	"0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
-	"00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
-	"00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
-	"01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
-	"010000000000000000000000015AAB561B005413CCD4EE99D5", 2,
-	_EC_SECG_CHAR2_193R2_SEED, 20,
-	"SECG curve over a 193 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "02000000000000000000000000000000000000000000008001",
+    "0163F35A5137C2CE3EA6ED8667190B0BC43ECD69977702709B",
+    "00C9BB9E8927D4D64C377E2AB2856A5B16E3EFB7F61D4316AE",
+    "00D9B67D192E0367C803F39E1A7E82CA14A651350AAE617E8F",
+    "01CE94335607C304AC29E7DEFBD9CA01F596F927224CDECF6C",
+    "010000000000000000000000015AAB561B005413CCD4EE99D5", 2,
+    _EC_SECG_CHAR2_193R2_SEED, 20,
+    "SECG curve over a 193 bit binary field"
+};
 
 static const EC_CURVE_DATA _EC_NIST_CHAR2_233K = {
-	NID_X9_62_characteristic_two_field,
-	"020000000000000000000000000000000000000004000000000000000001",
-	"0",
-	"1",
-	"017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
-	"01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
-	"008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4,
-	NULL, 0,
-	"NIST/SECG/WTLS curve over a 233 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "020000000000000000000000000000000000000004000000000000000001",
+    "0",
+    "1",
+    "017232BA853A7E731AF129F22FF4149563A419C26BF50A4C9D6EEFAD6126",
+    "01DB537DECE819B7F70F555A67C427A8CD9BF18AEB9B56E0C11056FAE6A3",
+    "008000000000000000000000000000069D5BB915BCD46EFB1AD5F173ABDF", 4,
+    NULL, 0,
+    "NIST/SECG/WTLS curve over a 233 bit binary field"
+};
 
 static const unsigned char _EC_NIST_CHAR2_233B_SEED[] = {
-	0x74,0xD5,0x9F,0xF0,0x7F,0x6B,0x41,0x3D,0x0E,0xA1,
-	0x4B,0x34,0x4B,0x20,0xA2,0xDB,0x04,0x9B,0x50,0xC3};
+    0x74, 0xD5, 0x9F, 0xF0, 0x7F, 0x6B, 0x41, 0x3D, 0x0E, 0xA1,
+    0x4B, 0x34, 0x4B, 0x20, 0xA2, 0xDB, 0x04, 0x9B, 0x50, 0xC3
+};
+
 static const EC_CURVE_DATA _EC_NIST_CHAR2_233B = {
-	NID_X9_62_characteristic_two_field,
-	"020000000000000000000000000000000000000004000000000000000001",
-	"000000000000000000000000000000000000000000000000000000000001",
-	"0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
-	"00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
-	"01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
-	"01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2,
-	_EC_NIST_CHAR2_233B_SEED, 20,
-	"NIST/SECG/WTLS curve over a 233 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "020000000000000000000000000000000000000004000000000000000001",
+    "000000000000000000000000000000000000000000000000000000000001",
+    "0066647EDE6C332C7F8C0923BB58213B333B20E9CE4281FE115F7D8F90AD",
+    "00FAC9DFCBAC8313BB2139F1BB755FEF65BC391F8B36F8F8EB7371FD558B",
+    "01006A08A41903350678E58528BEBF8A0BEFF867A7CA36716F7E01F81052",
+    "01000000000000000000000000000013E974E72F8A6922031D2603CFE0D7", 2,
+    _EC_NIST_CHAR2_233B_SEED, 20,
+    "NIST/SECG/WTLS curve over a 233 bit binary field"
+};
 
 static const EC_CURVE_DATA _EC_SECG_CHAR2_239K1 = {
-	NID_X9_62_characteristic_two_field,
-	"800000000000000000004000000000000000000000000000000000000001",
-	"0",
-	"1",
-	"29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
-	"76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
-	"2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4,
-	NULL, 0,
-	"SECG curve over a 239 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "800000000000000000004000000000000000000000000000000000000001",
+    "0",
+    "1",
+    "29A0B6A887A983E9730988A68727A8B2D126C44CC2CC7B2A6555193035DC",
+    "76310804F12E549BDB011C103089E73510ACB275FC312A5DC6B76553F0CA",
+    "2000000000000000000000000000005A79FEC67CB6E91F1C1DA800E478A5", 4,
+    NULL, 0,
+    "SECG curve over a 239 bit binary field"
+};
 
 static const EC_CURVE_DATA _EC_NIST_CHAR2_283K = {
-	NID_X9_62_characteristic_two_field,
-	"080000000000000000000000000000000000000000000000000000000000000000001"
-	"0A1",
-	"0",
-	"1",
-	"0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492"
-	"836",
-	"01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2"
-	"259",
-	"01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163"
-	"C61", 4,
-	NULL, 20,
-	"NIST/SECG curve over a 283 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "080000000000000000000000000000000000000000000000000000000000000000001"
+        "0A1",
+    "0",
+    "1",
+    "0503213F78CA44883F1A3B8162F188E553CD265F23C1567A16876913B0C2AC2458492"
+        "836",
+    "01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184698E45962364E34116177DD2"
+        "259",
+    "01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE9AE2ED07577265DFF7F94451E061E163"
+        "C61", 4,
+    NULL, 20,
+    "NIST/SECG curve over a 283 bit binary field"
+};
 
 static const unsigned char _EC_NIST_CHAR2_283B_SEED[] = {
-	0x77,0xE2,0xB0,0x73,0x70,0xEB,0x0F,0x83,0x2A,0x6D,
-	0xD5,0xB6,0x2D,0xFC,0x88,0xCD,0x06,0xBB,0x84,0xBE};
+    0x77, 0xE2, 0xB0, 0x73, 0x70, 0xEB, 0x0F, 0x83, 0x2A, 0x6D,
+    0xD5, 0xB6, 0x2D, 0xFC, 0x88, 0xCD, 0x06, 0xBB, 0x84, 0xBE
+};
+
 static const EC_CURVE_DATA _EC_NIST_CHAR2_283B = {
-	NID_X9_62_characteristic_two_field,
-	"080000000000000000000000000000000000000000000000000000000000000000001"
-	"0A1",
-	"000000000000000000000000000000000000000000000000000000000000000000000"
-	"001",
-	"027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A"
-	"2F5",
-	"05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12"
-	"053",
-	"03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811"
-	"2F4",
-	"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB"
-	"307", 2,
-	_EC_NIST_CHAR2_283B_SEED, 20,
-	"NIST/SECG curve over a 283 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "080000000000000000000000000000000000000000000000000000000000000000001"
+        "0A1",
+    "000000000000000000000000000000000000000000000000000000000000000000000"
+        "001",
+    "027B680AC8B8596DA5A4AF8A19A0303FCA97FD7645309FA2A581485AF6263E313B79A"
+        "2F5",
+    "05F939258DB7DD90E1934F8C70B0DFEC2EED25B8557EAC9C80E2E198F8CDBECD86B12"
+        "053",
+    "03676854FE24141CB98FE6D4B20D02B4516FF702350EDDB0826779C813F0DF45BE811"
+        "2F4",
+    "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEF90399660FC938A90165B042A7CEFADB"
+        "307", 2,
+    _EC_NIST_CHAR2_283B_SEED, 20,
+    "NIST/SECG curve over a 283 bit binary field"
+};
 
 static const EC_CURVE_DATA _EC_NIST_CHAR2_409K = {
-	NID_X9_62_characteristic_two_field,
-	"020000000000000000000000000000000000000000000000000000000000000000000"
-	"00000000000008000000000000000000001",
-	"0",
-	"1",
-	"0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601"
-	"89EB5AAAA62EE222EB1B35540CFE9023746",
-	"01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6"
-	"C42E9C55215AA9CA27A5863EC48D8E0286B",
-	"007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400"
-	"EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4,
-	NULL, 0,
-	"NIST/SECG curve over a 409 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "020000000000000000000000000000000000000000000000000000000000000000000"
+        "00000000000008000000000000000000001",
+    "0",
+    "1",
+    "0060F05F658F49C1AD3AB1890F7184210EFD0987E307C84C27ACCFB8F9F67CC2C4601"
+        "89EB5AAAA62EE222EB1B35540CFE9023746",
+    "01E369050B7C4E42ACBA1DACBF04299C3460782F918EA427E6325165E9EA10E3DA5F6"
+        "C42E9C55215AA9CA27A5863EC48D8E0286B",
+    "007FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE5F83B2D4EA20400"
+        "EC4557D5ED3E3E7CA5B4B5C83B8E01E5FCF", 4,
+    NULL, 0,
+    "NIST/SECG curve over a 409 bit binary field"
+};
 
 static const unsigned char _EC_NIST_CHAR2_409B_SEED[] = {
-	0x40,0x99,0xB5,0xA4,0x57,0xF9,0xD6,0x9F,0x79,0x21,
-	0x3D,0x09,0x4C,0x4B,0xCD,0x4D,0x42,0x62,0x21,0x0B};
+    0x40, 0x99, 0xB5, 0xA4, 0x57, 0xF9, 0xD6, 0x9F, 0x79, 0x21,
+    0x3D, 0x09, 0x4C, 0x4B, 0xCD, 0x4D, 0x42, 0x62, 0x21, 0x0B
+};
+
 static const EC_CURVE_DATA _EC_NIST_CHAR2_409B = {
-	NID_X9_62_characteristic_two_field,
-	"020000000000000000000000000000000000000000000000000000000000000000000"
-	"00000000000008000000000000000000001",
-	"000000000000000000000000000000000000000000000000000000000000000000000"
-	"00000000000000000000000000000000001",
-	"0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19"
-	"7B272822F6CD57A55AA4F50AE317B13545F",
-	"015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255"
-	"A868A1180515603AEAB60794E54BB7996A7",
-	"0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514"
-	"F1FDF4B4F40D2181B3681C364BA0273C706",
-	"010000000000000000000000000000000000000000000000000001E2AAD6A612F3330"
-	"7BE5FA47C3C9E052F838164CD37D9A21173", 2,
-	_EC_NIST_CHAR2_409B_SEED, 20,
-	"NIST/SECG curve over a 409 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "020000000000000000000000000000000000000000000000000000000000000000000"
+        "00000000000008000000000000000000001",
+    "000000000000000000000000000000000000000000000000000000000000000000000"
+        "00000000000000000000000000000000001",
+    "0021A5C2C8EE9FEB5C4B9A753B7B476B7FD6422EF1F3DD674761FA99D6AC27C8A9A19"
+        "7B272822F6CD57A55AA4F50AE317B13545F",
+    "015D4860D088DDB3496B0C6064756260441CDE4AF1771D4DB01FFE5B34E59703DC255"
+        "A868A1180515603AEAB60794E54BB7996A7",
+    "0061B1CFAB6BE5F32BBFA78324ED106A7636B9C5A7BD198D0158AA4F5488D08F38514"
+        "F1FDF4B4F40D2181B3681C364BA0273C706",
+    "010000000000000000000000000000000000000000000000000001E2AAD6A612F3330"
+        "7BE5FA47C3C9E052F838164CD37D9A21173", 2,
+    _EC_NIST_CHAR2_409B_SEED, 20,
+    "NIST/SECG curve over a 409 bit binary field"
+};
 
 static const EC_CURVE_DATA _EC_NIST_CHAR2_571K = {
-	NID_X9_62_characteristic_two_field,
-	"800000000000000000000000000000000000000000000000000000000000000000000"
-	"000000000000000000000000000000000000000000000000000000000000000000000"
-	"00425",
-	"0",
-	"1",
-	"026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709"
-	"58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0"
-	"1C8972",
-	"0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497"
-	"9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E"
-	"F1C7A3",
-	"020000000000000000000000000000000000000000000000000000000000000000000"
-	"000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63"
-	"7C1001", 4,
-	NULL, 0,
-	"NIST/SECG curve over a 571 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "800000000000000000000000000000000000000000000000000000000000000000000"
+        "000000000000000000000000000000000000000000000000000000000000000000000"
+        "00425",
+    "0",
+    "1",
+    "026EB7A859923FBC82189631F8103FE4AC9CA2970012D5D46024804801841CA443709"
+        "58493B205E647DA304DB4CEB08CBBD1BA39494776FB988B47174DCA88C7E2945283A0"
+        "1C8972",
+    "0349DC807F4FBF374F4AEADE3BCA95314DD58CEC9F307A54FFC61EFC006D8A2C9D497"
+        "9C0AC44AEA74FBEBBB9F772AEDCB620B01A7BA7AF1B320430C8591984F601CD4C143E"
+        "F1C7A3",
+    "020000000000000000000000000000000000000000000000000000000000000000000"
+        "000131850E1F19A63E4B391A8DB917F4138B630D84BE5D639381E91DEB45CFE778F63"
+        "7C1001", 4,
+    NULL, 0,
+    "NIST/SECG curve over a 571 bit binary field"
+};
 
 static const unsigned char _EC_NIST_CHAR2_571B_SEED[] = {
-	0x2A,0xA0,0x58,0xF7,0x3A,0x0E,0x33,0xAB,0x48,0x6B,
-	0x0F,0x61,0x04,0x10,0xC5,0x3A,0x7F,0x13,0x23,0x10};
+    0x2A, 0xA0, 0x58, 0xF7, 0x3A, 0x0E, 0x33, 0xAB, 0x48, 0x6B,
+    0x0F, 0x61, 0x04, 0x10, 0xC5, 0x3A, 0x7F, 0x13, 0x23, 0x10
+};
+
 static const EC_CURVE_DATA _EC_NIST_CHAR2_571B = {
-	NID_X9_62_characteristic_two_field,
-	"800000000000000000000000000000000000000000000000000000000000000000000"
-	"000000000000000000000000000000000000000000000000000000000000000000000"
-	"00425",
-	"000000000000000000000000000000000000000000000000000000000000000000000"
-	"000000000000000000000000000000000000000000000000000000000000000000000"
-	"000001",
-	"02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA"
-	"BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29"
-	"55727A",
-	"0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53"
-	"950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E"
-	"EC2D19",
-	"037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423"
-	"E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B"
-	"8AC15B",
-	"03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
-	"FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F"
-	"E84E47", 2,
-	_EC_NIST_CHAR2_571B_SEED, 20,
-	"NIST/SECG curve over a 571 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "800000000000000000000000000000000000000000000000000000000000000000000"
+        "000000000000000000000000000000000000000000000000000000000000000000000"
+        "00425",
+    "000000000000000000000000000000000000000000000000000000000000000000000"
+        "000000000000000000000000000000000000000000000000000000000000000000000"
+        "000001",
+    "02F40E7E2221F295DE297117B7F3D62F5C6A97FFCB8CEFF1CD6BA8CE4A9A18AD84FFA"
+        "BBD8EFA59332BE7AD6756A66E294AFD185A78FF12AA520E4DE739BACA0C7FFEFF7F29"
+        "55727A",
+    "0303001D34B856296C16C0D40D3CD7750A93D1D2955FA80AA5F40FC8DB7B2ABDBDE53"
+        "950F4C0D293CDD711A35B67FB1499AE60038614F1394ABFA3B4C850D927E1E7769C8E"
+        "EC2D19",
+    "037BF27342DA639B6DCCFFFEB73D69D78C6C27A6009CBBCA1980F8533921E8A684423"
+        "E43BAB08A576291AF8F461BB2A8B3531D2F0485C19B16E2F1516E23DD3C1A4827AF1B"
+        "8AC15B",
+    "03FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
+        "FFFE661CE18FF55987308059B186823851EC7DD9CA1161DE93D5174D66E8382E9BB2F"
+        "E84E47", 2,
+    _EC_NIST_CHAR2_571B_SEED, 20,
+    "NIST/SECG curve over a 571 bit binary field"
+};
 
 static const unsigned char _EC_X9_62_CHAR2_163V1_SEED[] = {
-	0xD2,0xC0,0xFB,0x15,0x76,0x08,0x60,0xDE,0xF1,0xEE,
-	0xF4,0xD6,0x96,0xE6,0x76,0x87,0x56,0x15,0x17,0x54};
+    0xD2, 0xC0, 0xFB, 0x15, 0x76, 0x08, 0x60, 0xDE, 0xF1, 0xEE,
+    0xF4, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x54
+};
+
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V1 = {
-	NID_X9_62_characteristic_two_field,
-	"080000000000000000000000000000000000000107",
-	"072546B5435234A422E0789675F432C89435DE5242",
-	"00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
-	"07AF69989546103D79329FCC3D74880F33BBE803CB",
-	"01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
-	"0400000000000000000001E60FC8821CC74DAEAFC1", 2,
-	_EC_X9_62_CHAR2_163V1_SEED, 20,
-	"X9.62 curve over a 163 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "080000000000000000000000000000000000000107",
+    "072546B5435234A422E0789675F432C89435DE5242",
+    "00C9517D06D5240D3CFF38C74B20B6CD4D6F9DD4D9",
+    "07AF69989546103D79329FCC3D74880F33BBE803CB",
+    "01EC23211B5966ADEA1D3F87F7EA5848AEF0B7CA9F",
+    "0400000000000000000001E60FC8821CC74DAEAFC1", 2,
+    _EC_X9_62_CHAR2_163V1_SEED, 20,
+    "X9.62 curve over a 163 bit binary field"
+};
 
 static const unsigned char _EC_X9_62_CHAR2_163V2_SEED[] = {
-	0x53,0x81,0x4C,0x05,0x0D,0x44,0xD6,0x96,0xE6,0x76,
-	0x87,0x56,0x15,0x17,0x58,0x0C,0xA4,0xE2,0x9F,0xFD};
+    0x53, 0x81, 0x4C, 0x05, 0x0D, 0x44, 0xD6, 0x96, 0xE6, 0x76,
+    0x87, 0x56, 0x15, 0x17, 0x58, 0x0C, 0xA4, 0xE2, 0x9F, 0xFD
+};
+
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V2 = {
-	NID_X9_62_characteristic_two_field,
- 	"080000000000000000000000000000000000000107",
-	"0108B39E77C4B108BED981ED0E890E117C511CF072",
-	"0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
-	"0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
-	"079F684DDF6684C5CD258B3890021B2386DFD19FC5",
-	"03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2,
-	_EC_X9_62_CHAR2_163V2_SEED, 20,
-	"X9.62 curve over a 163 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "080000000000000000000000000000000000000107",
+    "0108B39E77C4B108BED981ED0E890E117C511CF072",
+    "0667ACEB38AF4E488C407433FFAE4F1C811638DF20",
+    "0024266E4EB5106D0A964D92C4860E2671DB9B6CC5",
+    "079F684DDF6684C5CD258B3890021B2386DFD19FC5",
+    "03FFFFFFFFFFFFFFFFFFFDF64DE1151ADBB78F10A7", 2,
+    _EC_X9_62_CHAR2_163V2_SEED, 20,
+    "X9.62 curve over a 163 bit binary field"
+};
 
 static const unsigned char _EC_X9_62_CHAR2_163V3_SEED[] = {
-	0x50,0xCB,0xF1,0xD9,0x5C,0xA9,0x4D,0x69,0x6E,0x67,
-	0x68,0x75,0x61,0x51,0x75,0xF1,0x6A,0x36,0xA3,0xB8};
+    0x50, 0xCB, 0xF1, 0xD9, 0x5C, 0xA9, 0x4D, 0x69, 0x6E, 0x67,
+    0x68, 0x75, 0x61, 0x51, 0x75, 0xF1, 0x6A, 0x36, 0xA3, 0xB8
+};
+
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_163V3 = {
-	NID_X9_62_characteristic_two_field,
-	"080000000000000000000000000000000000000107",
-	"07A526C63D3E25A256A007699F5447E32AE456B50E",
-	"03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
-	"02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
-	"05B935590C155E17EA48EB3FF3718B893DF59A05D0",
-	"03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2,
-	_EC_X9_62_CHAR2_163V3_SEED, 20,
-	"X9.62 curve over a 163 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "080000000000000000000000000000000000000107",
+    "07A526C63D3E25A256A007699F5447E32AE456B50E",
+    "03F7061798EB99E238FD6F1BF95B48FEEB4854252B",
+    "02F9F87B7C574D0BDECF8A22E6524775F98CDEBDCB",
+    "05B935590C155E17EA48EB3FF3718B893DF59A05D0",
+    "03FFFFFFFFFFFFFFFFFFFE1AEE140F110AFF961309", 2,
+    _EC_X9_62_CHAR2_163V3_SEED, 20,
+    "X9.62 curve over a 163 bit binary field"
+};
 
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_176V1 = {
-	NID_X9_62_characteristic_two_field,
-	"0100000000000000000000000000000000080000000007",
-	"E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
-	"5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
-	"8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
-	"6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
-	"00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E,
-	NULL, 0,
-	"X9.62 curve over a 176 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "0100000000000000000000000000000000080000000007",
+    "E4E6DB2995065C407D9D39B8D0967B96704BA8E9C90B",
+    "5DDA470ABE6414DE8EC133AE28E9BBD7FCEC0AE0FFF2",
+    "8D16C2866798B600F9F08BB4A8E860F3298CE04A5798",
+    "6FA4539C2DADDDD6BAB5167D61B436E1D92BB16A562C",
+    "00010092537397ECA4F6145799D62B0A19CE06FE26AD", 0xFF6E,
+    NULL, 0,
+    "X9.62 curve over a 176 bit binary field"
+};
 
 static const unsigned char _EC_X9_62_CHAR2_191V1_SEED[] = {
-	0x4E,0x13,0xCA,0x54,0x27,0x44,0xD6,0x96,0xE6,0x76,
-	0x87,0x56,0x15,0x17,0x55,0x2F,0x27,0x9A,0x8C,0x84};
+    0x4E, 0x13, 0xCA, 0x54, 0x27, 0x44, 0xD6, 0x96, 0xE6, 0x76,
+    0x87, 0x56, 0x15, 0x17, 0x55, 0x2F, 0x27, 0x9A, 0x8C, 0x84
+};
+
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V1 = {
-	NID_X9_62_characteristic_two_field,
-	"800000000000000000000000000000000000000000000201",
-	"2866537B676752636A68F56554E12640276B649EF7526267",
-	"2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
-	"36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
-	"765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
-	"40000000000000000000000004A20E90C39067C893BBB9A5", 2,
-	_EC_X9_62_CHAR2_191V1_SEED, 20,
-	"X9.62 curve over a 191 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "800000000000000000000000000000000000000000000201",
+    "2866537B676752636A68F56554E12640276B649EF7526267",
+    "2E45EF571F00786F67B0081B9495A3D95462F5DE0AA185EC",
+    "36B3DAF8A23206F9C4F299D7B21A9C369137F2C84AE1AA0D",
+    "765BE73433B3F95E332932E70EA245CA2418EA0EF98018FB",
+    "40000000000000000000000004A20E90C39067C893BBB9A5", 2,
+    _EC_X9_62_CHAR2_191V1_SEED, 20,
+    "X9.62 curve over a 191 bit binary field"
+};
 
 static const unsigned char _EC_X9_62_CHAR2_191V2_SEED[] = {
-	0x08,0x71,0xEF,0x2F,0xEF,0x24,0xD6,0x96,0xE6,0x76,
-	0x87,0x56,0x15,0x17,0x58,0xBE,0xE0,0xD9,0x5C,0x15};
+    0x08, 0x71, 0xEF, 0x2F, 0xEF, 0x24, 0xD6, 0x96, 0xE6, 0x76,
+    0x87, 0x56, 0x15, 0x17, 0x58, 0xBE, 0xE0, 0xD9, 0x5C, 0x15
+};
+
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V2 = {
-	NID_X9_62_characteristic_two_field,
-	"800000000000000000000000000000000000000000000201",
-	"401028774D7777C7B7666D1366EA432071274F89FF01E718",
-	"0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
-	"3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
-	"17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
-	"20000000000000000000000050508CB89F652824E06B8173", 4,
-	_EC_X9_62_CHAR2_191V2_SEED, 20,
-	"X9.62 curve over a 191 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "800000000000000000000000000000000000000000000201",
+    "401028774D7777C7B7666D1366EA432071274F89FF01E718",
+    "0620048D28BCBD03B6249C99182B7C8CD19700C362C46A01",
+    "3809B2B7CC1B28CC5A87926AAD83FD28789E81E2C9E3BF10",
+    "17434386626D14F3DBF01760D9213A3E1CF37AEC437D668A",
+    "20000000000000000000000050508CB89F652824E06B8173", 4,
+    _EC_X9_62_CHAR2_191V2_SEED, 20,
+    "X9.62 curve over a 191 bit binary field"
+};
 
 static const unsigned char _EC_X9_62_CHAR2_191V3_SEED[] = {
-	0xE0,0x53,0x51,0x2D,0xC6,0x84,0xD6,0x96,0xE6,0x76,
-	0x87,0x56,0x15,0x17,0x50,0x67,0xAE,0x78,0x6D,0x1F};
+    0xE0, 0x53, 0x51, 0x2D, 0xC6, 0x84, 0xD6, 0x96, 0xE6, 0x76,
+    0x87, 0x56, 0x15, 0x17, 0x50, 0x67, 0xAE, 0x78, 0x6D, 0x1F
+};
+
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_191V3 = {
-	NID_X9_62_characteristic_two_field,
-	"800000000000000000000000000000000000000000000201",
-	"6C01074756099122221056911C77D77E77A777E7E7E77FCB",
-	"71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
-	"375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
-	"545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
-	"155555555555555555555555610C0B196812BFB6288A3EA3", 6,
-	_EC_X9_62_CHAR2_191V3_SEED, 20,
-	"X9.62 curve over a 191 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "800000000000000000000000000000000000000000000201",
+    "6C01074756099122221056911C77D77E77A777E7E7E77FCB",
+    "71FE1AF926CF847989EFEF8DB459F66394D90F32AD3F15E8",
+    "375D4CE24FDE434489DE8746E71786015009E66E38A926DD",
+    "545A39176196575D985999366E6AD34CE0A77CD7127B06BE",
+    "155555555555555555555555610C0B196812BFB6288A3EA3", 6,
+    _EC_X9_62_CHAR2_191V3_SEED, 20,
+    "X9.62 curve over a 191 bit binary field"
+};
 
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_208W1 = {
-	NID_X9_62_characteristic_two_field,
-	"010000000000000000000000000000000800000000000000000007",
-	"0000000000000000000000000000000000000000000000000000",
-	"C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
-	"89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
-	"0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
-	"000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48,
-	NULL, 0,
-	"X9.62 curve over a 208 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "010000000000000000000000000000000800000000000000000007",
+    "0000000000000000000000000000000000000000000000000000",
+    "C8619ED45A62E6212E1160349E2BFA844439FAFC2A3FD1638F9E",
+    "89FDFBE4ABE193DF9559ECF07AC0CE78554E2784EB8C1ED1A57A",
+    "0F55B51A06E78E9AC38A035FF520D8B01781BEB1A6BB08617DE3",
+    "000101BAF95C9723C57B6C21DA2EFF2D5ED588BDD5717E212F9D", 0xFE48,
+    NULL, 0,
+    "X9.62 curve over a 208 bit binary field"
+};
 
 static const unsigned char _EC_X9_62_CHAR2_239V1_SEED[] = {
-	0xD3,0x4B,0x9A,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
-	0x51,0x75,0xCA,0x71,0xB9,0x20,0xBF,0xEF,0xB0,0x5D};
+    0xD3, 0x4B, 0x9A, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
+    0x51, 0x75, 0xCA, 0x71, 0xB9, 0x20, 0xBF, 0xEF, 0xB0, 0x5D
+};
+
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V1 = {
-	NID_X9_62_characteristic_two_field,
-	"800000000000000000000000000000000000000000000000001000000001",
-	"32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
-	"790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
-	"57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
-	"61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
-	"2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4,
-	_EC_X9_62_CHAR2_239V1_SEED, 20,
-	"X9.62 curve over a 239 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "800000000000000000000000000000000000000000000000001000000001",
+    "32010857077C5431123A46B808906756F543423E8D27877578125778AC76",
+    "790408F2EEDAF392B012EDEFB3392F30F4327C0CA3F31FC383C422AA8C16",
+    "57927098FA932E7C0A96D3FD5B706EF7E5F5C156E16B7E7C86038552E91D",
+    "61D8EE5077C33FECF6F1A16B268DE469C3C7744EA9A971649FC7A9616305",
+    "2000000000000000000000000000000F4D42FFE1492A4993F1CAD666E447", 4,
+    _EC_X9_62_CHAR2_239V1_SEED, 20,
+    "X9.62 curve over a 239 bit binary field"
+};
 
 static const unsigned char _EC_X9_62_CHAR2_239V2_SEED[] = {
-	0x2A,0xA6,0x98,0x2F,0xDF,0xA4,0xD6,0x96,0xE6,0x76,
-	0x87,0x56,0x15,0x17,0x5D,0x26,0x67,0x27,0x27,0x7D};
+    0x2A, 0xA6, 0x98, 0x2F, 0xDF, 0xA4, 0xD6, 0x96, 0xE6, 0x76,
+    0x87, 0x56, 0x15, 0x17, 0x5D, 0x26, 0x67, 0x27, 0x27, 0x7D
+};
+
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V2 = {
-	NID_X9_62_characteristic_two_field,
-	"800000000000000000000000000000000000000000000000001000000001",
-	"4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
-	"5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
-	"28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
-	"5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
-	"1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6,
-	_EC_X9_62_CHAR2_239V2_SEED, 20,
-	"X9.62 curve over a 239 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "800000000000000000000000000000000000000000000000001000000001",
+    "4230017757A767FAE42398569B746325D45313AF0766266479B75654E65F",
+    "5037EA654196CFF0CD82B2C14A2FCF2E3FF8775285B545722F03EACDB74B",
+    "28F9D04E900069C8DC47A08534FE76D2B900B7D7EF31F5709F200C4CA205",
+    "5667334C45AFF3B5A03BAD9DD75E2C71A99362567D5453F7FA6E227EC833",
+    "1555555555555555555555555555553C6F2885259C31E3FCDF154624522D", 6,
+    _EC_X9_62_CHAR2_239V2_SEED, 20,
+    "X9.62 curve over a 239 bit binary field"
+};
 
 static const unsigned char _EC_X9_62_CHAR2_239V3_SEED[] = {
-	0x9E,0x07,0x6F,0x4D,0x69,0x6E,0x67,0x68,0x75,0x61,
-	0x51,0x75,0xE1,0x1E,0x9F,0xDD,0x77,0xF9,0x20,0x41};
+    0x9E, 0x07, 0x6F, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
+    0x51, 0x75, 0xE1, 0x1E, 0x9F, 0xDD, 0x77, 0xF9, 0x20, 0x41
+};
+
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_239V3 = {
-	NID_X9_62_characteristic_two_field,
-	"800000000000000000000000000000000000000000000000001000000001",
-	"01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
-	"6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
-	"70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
-	"2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
-	"0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA,
-	_EC_X9_62_CHAR2_239V3_SEED, 20,
-	"X9.62 curve over a 239 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "800000000000000000000000000000000000000000000000001000000001",
+    "01238774666A67766D6676F778E676B66999176666E687666D8766C66A9F",
+    "6A941977BA9F6A435199ACFC51067ED587F519C5ECB541B8E44111DE1D40",
+    "70F6E9D04D289C4E89913CE3530BFDE903977D42B146D539BF1BDE4E9C92",
+    "2E5A0EAF6E5E1305B9004DCE5C0ED7FE59A35608F33837C816D80B79F461",
+    "0CCCCCCCCCCCCCCCCCCCCCCCCCCCCCAC4912D2D9DF903EF9888B8A0E4CFF", 0xA,
+    _EC_X9_62_CHAR2_239V3_SEED, 20,
+    "X9.62 curve over a 239 bit binary field"
+};
 
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_272W1 = {
-	NID_X9_62_characteristic_two_field,
-	"010000000000000000000000000000000000000000000000000000010000000000000"
-	"B",
-	"91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
-	"7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
-	"6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
-	"10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
-	"000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
-	0xFF06,
-	NULL, 0,
-	"X9.62 curve over a 272 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "010000000000000000000000000000000000000000000000000000010000000000000"
+        "B",
+    "91A091F03B5FBA4AB2CCF49C4EDD220FB028712D42BE752B2C40094DBACDB586FB20",
+    "7167EFC92BB2E3CE7C8AAAFF34E12A9C557003D7C73A6FAF003F99F6CC8482E540F7",
+    "6108BABB2CEEBCF787058A056CBE0CFE622D7723A289E08A07AE13EF0D10D171DD8D",
+    "10C7695716851EEF6BA7F6872E6142FBD241B830FF5EFCACECCAB05E02005DDE9D23",
+    "000100FAF51354E0E39E4892DF6E319C72C8161603FA45AA7B998A167B8F1E629521",
+    0xFF06,
+    NULL, 0,
+    "X9.62 curve over a 272 bit binary field"
+};
 
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_304W1 = {
-	NID_X9_62_characteristic_two_field,
-	"010000000000000000000000000000000000000000000000000000000000000000000"
-	"000000807",
-	"FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039"
-	"6C8E681",
-	"BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558"
-	"27340BE",
-	"197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7"
-	"40A2614",
-	"E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1"
-	"B92C03B",
-	"000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164"
-	"443051D", 0xFE2E,
-	NULL, 0,
-	"X9.62 curve over a 304 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "010000000000000000000000000000000000000000000000000000000000000000000"
+        "000000807",
+    "FD0D693149A118F651E6DCE6802085377E5F882D1B510B44160074C1288078365A039"
+        "6C8E681",
+    "BDDB97E555A50A908E43B01C798EA5DAA6788F1EA2794EFCF57166B8C14039601E558"
+        "27340BE",
+    "197B07845E9BE2D96ADB0F5F3C7F2CFFBD7A3EB8B6FEC35C7FD67F26DDF6285A644F7"
+        "40A2614",
+    "E19FBEB76E0DA171517ECF401B50289BF014103288527A9B416A105E80260B549FDC1"
+        "B92C03B",
+    "000101D556572AABAC800101D556572AABAC8001022D5C91DD173F8FB561DA6899164"
+        "443051D", 0xFE2E,
+    NULL, 0,
+    "X9.62 curve over a 304 bit binary field"
+};
 
 static const unsigned char _EC_X9_62_CHAR2_359V1_SEED[] = {
-	0x2B,0x35,0x49,0x20,0xB7,0x24,0xD6,0x96,0xE6,0x76,
-	0x87,0x56,0x15,0x17,0x58,0x5B,0xA1,0x33,0x2D,0xC6};
+    0x2B, 0x35, 0x49, 0x20, 0xB7, 0x24, 0xD6, 0x96, 0xE6, 0x76,
+    0x87, 0x56, 0x15, 0x17, 0x58, 0x5B, 0xA1, 0x33, 0x2D, 0xC6
+};
+
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_359V1 = {
-	NID_X9_62_characteristic_two_field,
-	"800000000000000000000000000000000000000000000000000000000000000000000"
-	"000100000000000000001",
-	"5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05"
-	"656FB549016A96656A557",
-	"2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968"
-	"7742B6329E70680231988",
-	"3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9"
-	"8E8E707C07A2239B1B097",
-	"53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E"
-	"4AE2DE211305A407104BD",
-	"01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9"
-	"64FE7719E74F490758D3B", 0x4C,
-	_EC_X9_62_CHAR2_359V1_SEED, 20,
-	"X9.62 curve over a 359 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "800000000000000000000000000000000000000000000000000000000000000000000"
+        "000100000000000000001",
+    "5667676A654B20754F356EA92017D946567C46675556F19556A04616B567D223A5E05"
+        "656FB549016A96656A557",
+    "2472E2D0197C49363F1FE7F5B6DB075D52B6947D135D8CA445805D39BC34562608968"
+        "7742B6329E70680231988",
+    "3C258EF3047767E7EDE0F1FDAA79DAEE3841366A132E163ACED4ED2401DF9C6BDCDE9"
+        "8E8E707C07A2239B1B097",
+    "53D7E08529547048121E9C95F3791DD804963948F34FAE7BF44EA82365DC7868FE57E"
+        "4AE2DE211305A407104BD",
+    "01AF286BCA1AF286BCA1AF286BCA1AF286BCA1AF286BC9FB8F6B85C556892C20A7EB9"
+        "64FE7719E74F490758D3B", 0x4C,
+    _EC_X9_62_CHAR2_359V1_SEED, 20,
+    "X9.62 curve over a 359 bit binary field"
+};
 
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_368W1 = {
-	NID_X9_62_characteristic_two_field,
-	"010000000000000000000000000000000000000000000000000000000000000000000"
-	"0002000000000000000000007",
-	"E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62"
-	"F0AB7519CCD2A1A906AE30D",
-	"FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112"
-	"D84D164F444F8F74786046A",
-	"1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78"
-	"9E927BE216F02E1FB136A5F",
-	"7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855"
-	"ADAA81E2A0750B80FDA2310",
-	"00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90"
-	"9AE40A6F131E9CFCE5BD967", 0xFF70,
-	NULL, 0,
-	"X9.62 curve over a 368 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "010000000000000000000000000000000000000000000000000000000000000000000"
+        "0002000000000000000000007",
+    "E0D2EE25095206F5E2A4F9ED229F1F256E79A0E2B455970D8D0D865BD94778C576D62"
+        "F0AB7519CCD2A1A906AE30D",
+    "FC1217D4320A90452C760A58EDCD30C8DD069B3C34453837A34ED50CB54917E1C2112"
+        "D84D164F444F8F74786046A",
+    "1085E2755381DCCCE3C1557AFA10C2F0C0C2825646C5B34A394CBCFA8BC16B22E7E78"
+        "9E927BE216F02E1FB136A5F",
+    "7B3EB1BDDCBA62D5D8B2059B525797FC73822C59059C623A45FF3843CEE8F87CD1855"
+        "ADAA81E2A0750B80FDA2310",
+    "00010090512DA9AF72B08349D98A5DD4C7B0532ECA51CE03E2D10F3B7AC579BD87E90"
+        "9AE40A6F131E9CFCE5BD967", 0xFF70,
+    NULL, 0,
+    "X9.62 curve over a 368 bit binary field"
+};
 
 static const EC_CURVE_DATA _EC_X9_62_CHAR2_431R1 = {
-	NID_X9_62_characteristic_two_field,
-	"800000000000000000000000000000000000000000000000000000000000000000000"
-	"000000001000000000000000000000000000001",
-	"1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E"
-	"B9906D0957F6C6FEACD615468DF104DE296CD8F",
-	"10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6"
-	"26D4E50A8DD731B107A9962381FB5D807BF2618",
-	"120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2"
-	"1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
-	"20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6"
-	"ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
-	"0340340340340340340340340340340340340340340340340340340323C313FAB5058"
-	"9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760,
-	NULL, 0,
-	"X9.62 curve over a 431 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "800000000000000000000000000000000000000000000000000000000000000000000"
+        "000000001000000000000000000000000000001",
+    "1A827EF00DD6FC0E234CAF046C6A5D8A85395B236CC4AD2CF32A0CADBDC9DDF620B0E"
+        "B9906D0957F6C6FEACD615468DF104DE296CD8F",
+    "10D9B4A3D9047D8B154359ABFB1B7F5485B04CEB868237DDC9DEDA982A679A5A919B6"
+        "26D4E50A8DD731B107A9962381FB5D807BF2618",
+    "120FC05D3C67A99DE161D2F4092622FECA701BE4F50F4758714E8A87BBF2A658EF8C2"
+        "1E7C5EFE965361F6C2999C0C247B0DBD70CE6B7",
+    "20D0AF8903A96F8D5FA2C255745D3C451B302C9346D9B7E485E7BCE41F6B591F3E8F6"
+        "ADDCBB0BC4C2F947A7DE1A89B625D6A598B3760",
+    "0340340340340340340340340340340340340340340340340340340323C313FAB5058"
+        "9703B5EC68D3587FEC60D161CC149C1AD4A91", 0x2760,
+    NULL, 0,
+    "X9.62 curve over a 431 bit binary field"
+};
 
 static const EC_CURVE_DATA _EC_WTLS_1 = {
-	NID_X9_62_characteristic_two_field,
-	"020000000000000000000000000201",
-	"1",
-	"1",
-	"01667979A40BA497E5D5C270780617",
-	"00F44B4AF1ECC2630E08785CEBCC15",
-	"00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2,
-	NULL, 0,
-	"WTLS curve over a 113 bit binary field"
-	};
+    NID_X9_62_characteristic_two_field,
+    "020000000000000000000000000201",
+    "1",
+    "1",
+    "01667979A40BA497E5D5C270780617",
+    "00F44B4AF1ECC2630E08785CEBCC15",
+    "00FFFFFFFFFFFFFFFDBF91AF6DEA73", 2,
+    NULL, 0,
+    "WTLS curve over a 113 bit binary field"
+};
 
 /* IPSec curves */
-/* NOTE: The of curves over a extension field of non prime degree
- * is not recommended (Weil-descent).
- * As the group order is not a prime this curve is not suitable
- * for ECDSA.
+/*
+ * NOTE: The of curves over a extension field of non prime degree is not
+ * recommended (Weil-descent). As the group order is not a prime this curve
+ * is not suitable for ECDSA.
  */
 static const EC_CURVE_DATA _EC_IPSEC_155_ID3 = {
-	NID_X9_62_characteristic_two_field,
-	"0800000000000000000000004000000000000001",
-	"0",
-	"07338f",
-	"7b",
-	"1c8",
-	"2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C",3,
-	NULL, 0,
-	"\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n"
-	"\tNot suitable for ECDSA.\n\tQuestionable extension field!"
-	};
-
-/* NOTE: The of curves over a extension field of non prime degree
- * is not recommended (Weil-descent).
- * As the group order is not a prime this curve is not suitable
- * for ECDSA.
+    NID_X9_62_characteristic_two_field,
+    "0800000000000000000000004000000000000001",
+    "0",
+    "07338f",
+    "7b",
+    "1c8",
+    "2AAAAAAAAAAAAAAAAAAC7F3C7881BD0868FA86C", 3,
+    NULL, 0,
+    "\n\tIPSec/IKE/Oakley curve #3 over a 155 bit binary field.\n"
+        "\tNot suitable for ECDSA.\n\tQuestionable extension field!"
+};
+
+/*
+ * NOTE: The of curves over a extension field of non prime degree is not
+ * recommended (Weil-descent). As the group order is not a prime this curve
+ * is not suitable for ECDSA.
  */
 static const EC_CURVE_DATA _EC_IPSEC_185_ID4 = {
-	NID_X9_62_characteristic_two_field,
-	"020000000000000000000000000000200000000000000001",
-	"0",
-	"1ee9",
-	"18",
-	"0d",
-	"FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E",2,
-	NULL, 0,
-	"\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n"
-	"\tNot suitable for ECDSA.\n\tQuestionable extension field!"
-	};
+    NID_X9_62_characteristic_two_field,
+    "020000000000000000000000000000200000000000000001",
+    "0",
+    "1ee9",
+    "18",
+    "0d",
+    "FFFFFFFFFFFFFFFFFFFFFFEDF97C44DB9F2420BAFCA75E", 2,
+    NULL, 0,
+    "\n\tIPSec/IKE/Oakley curve #4 over a 185 bit binary field.\n"
+        "\tNot suitable for ECDSA.\n\tQuestionable extension field!"
+};
 
 typedef struct _ec_list_element_st {
-	int	nid;
-	const EC_CURVE_DATA *data;
-	} ec_list_element;
+    int nid;
+    const EC_CURVE_DATA *data;
+} ec_list_element;
 
 static const ec_list_element curve_list[] = {
-	/* prime field curves */	
-	/* secg curves */
-	{ NID_secp112r1, &_EC_SECG_PRIME_112R1},
-	{ NID_secp112r2, &_EC_SECG_PRIME_112R2},
-	{ NID_secp128r1, &_EC_SECG_PRIME_128R1},
-	{ NID_secp128r2, &_EC_SECG_PRIME_128R2},
-	{ NID_secp160k1, &_EC_SECG_PRIME_160K1},
-	{ NID_secp160r1, &_EC_SECG_PRIME_160R1},
-	{ NID_secp160r2, &_EC_SECG_PRIME_160R2},
-	/* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
-	{ NID_secp192k1, &_EC_SECG_PRIME_192K1},
-	{ NID_secp224k1, &_EC_SECG_PRIME_224K1},
-	{ NID_secp224r1, &_EC_NIST_PRIME_224},
-	{ NID_secp256k1, &_EC_SECG_PRIME_256K1},
-	/* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
-	{ NID_secp384r1, &_EC_NIST_PRIME_384},
-	{ NID_secp521r1, &_EC_NIST_PRIME_521},
-	/* X9.62 curves */
-	{ NID_X9_62_prime192v1, &_EC_NIST_PRIME_192},
-	{ NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2},
-	{ NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3},
-	{ NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1},
-	{ NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2},
-	{ NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3},
-	{ NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1},
-	/* characteristic two field curves */
-	/* NIST/SECG curves */
-	{ NID_sect113r1, &_EC_SECG_CHAR2_113R1},
-	{ NID_sect113r2, &_EC_SECG_CHAR2_113R2},
-	{ NID_sect131r1, &_EC_SECG_CHAR2_131R1},
-	{ NID_sect131r2, &_EC_SECG_CHAR2_131R2},
-	{ NID_sect163k1, &_EC_NIST_CHAR2_163K },
-	{ NID_sect163r1, &_EC_SECG_CHAR2_163R1},
-	{ NID_sect163r2, &_EC_NIST_CHAR2_163B },
-	{ NID_sect193r1, &_EC_SECG_CHAR2_193R1},
-	{ NID_sect193r2, &_EC_SECG_CHAR2_193R2},
-	{ NID_sect233k1, &_EC_NIST_CHAR2_233K },
-	{ NID_sect233r1, &_EC_NIST_CHAR2_233B },
-	{ NID_sect239k1, &_EC_SECG_CHAR2_239K1},
-	{ NID_sect283k1, &_EC_NIST_CHAR2_283K },
-	{ NID_sect283r1, &_EC_NIST_CHAR2_283B },
-	{ NID_sect409k1, &_EC_NIST_CHAR2_409K },
-	{ NID_sect409r1, &_EC_NIST_CHAR2_409B },
-	{ NID_sect571k1, &_EC_NIST_CHAR2_571K },
-	{ NID_sect571r1, &_EC_NIST_CHAR2_571B },
-	/* X9.62 curves */
-	{ NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1},
-	{ NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2},
-	{ NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3},
-	{ NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1},
-	{ NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1},
-	{ NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2},
-	{ NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3},
-	{ NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1},
-	{ NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1},
-	{ NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2},
-	{ NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3},
-	{ NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1},
-	{ NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1},
-	{ NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1},
-	{ NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1},
-	{ NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1},
-	/* the WAP/WTLS curves
-	 * [unlike SECG, spec has its own OIDs for curves from X9.62] */
-	{ NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1},
-	{ NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K},
-	{ NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1},
-	{ NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1},
-	{ NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1},
-	{ NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2},
-	{ NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8},
-	{ NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9 },
-	{ NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K},
-	{ NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B},
-	{ NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12},
-	/* IPSec curves */
-	{ NID_ipsec3, &_EC_IPSEC_155_ID3},
-	{ NID_ipsec4, &_EC_IPSEC_185_ID4},
-};
-
-static size_t curve_list_length = sizeof(curve_list)/sizeof(ec_list_element);
-
-static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA *data)
-	{
-	EC_GROUP *group=NULL;
-	EC_POINT *P=NULL;
-	BN_CTX	 *ctx=NULL;
-	BIGNUM 	 *p=NULL, *a=NULL, *b=NULL, *x=NULL, *y=NULL, *order=NULL;
-	int	 ok=0;
-
-	if ((ctx = BN_CTX_new()) == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	if ((p = BN_new()) == NULL || (a = BN_new()) == NULL || 
-		(b = BN_new()) == NULL || (x = BN_new()) == NULL ||
-		(y = BN_new()) == NULL || (order = BN_new()) == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	
-	if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a)
-		|| !BN_hex2bn(&b, data->b))
-		{
-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
-		goto err;
-		}
-
-	if (data->field_type == NID_X9_62_prime_field)
-		{
-		if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL)
-			{
-			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-		else
-		{ /* field_type == NID_X9_62_characteristic_two_field */
-		if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL)
-			{
-			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-
-	if ((P = EC_POINT_new(group)) == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-		goto err;
-		}
-	
-	if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y))
-		{
-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
-		goto err;
-		}
-	if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx))
-		{
-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-		goto err;
-		}
-	if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor))
-		{
-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
-		goto err;
-		}
-	if (!EC_GROUP_set_generator(group, P, order, x))
-		{
-		ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-		goto err;
-		}
-	if (data->seed)
-		{
-		if (!EC_GROUP_set_seed(group, data->seed, data->seed_len))
-			{
-			ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
-			goto err;
-			}
-		}
-	ok=1;
-err:
-	if (!ok)
-		{
-		EC_GROUP_free(group);
-		group = NULL;
-		}
-	if (P)
-		EC_POINT_free(P);
-	if (ctx)
-		BN_CTX_free(ctx);
-	if (p)
-		BN_free(p);
-	if (a)
-		BN_free(a);
-	if (b)
-		BN_free(b);
-	if (order)
-		BN_free(order);
-	if (x)
-		BN_free(x);
-	if (y)
-		BN_free(y);
-	return group;
-	}
+    /* prime field curves */
+    /* secg curves */
+    {NID_secp112r1, &_EC_SECG_PRIME_112R1},
+    {NID_secp112r2, &_EC_SECG_PRIME_112R2},
+    {NID_secp128r1, &_EC_SECG_PRIME_128R1},
+    {NID_secp128r2, &_EC_SECG_PRIME_128R2},
+    {NID_secp160k1, &_EC_SECG_PRIME_160K1},
+    {NID_secp160r1, &_EC_SECG_PRIME_160R1},
+    {NID_secp160r2, &_EC_SECG_PRIME_160R2},
+    /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
+    {NID_secp192k1, &_EC_SECG_PRIME_192K1},
+    {NID_secp224k1, &_EC_SECG_PRIME_224K1},
+    {NID_secp224r1, &_EC_NIST_PRIME_224},
+    {NID_secp256k1, &_EC_SECG_PRIME_256K1},
+    /* SECG secp256r1 is the same as X9.62 prime256v1 and hence omitted */
+    {NID_secp384r1, &_EC_NIST_PRIME_384},
+    {NID_secp521r1, &_EC_NIST_PRIME_521},
+    /* X9.62 curves */
+    {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192},
+    {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2},
+    {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3},
+    {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1},
+    {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2},
+    {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3},
+    {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1},
+    /* characteristic two field curves */
+    /* NIST/SECG curves */
+    {NID_sect113r1, &_EC_SECG_CHAR2_113R1},
+    {NID_sect113r2, &_EC_SECG_CHAR2_113R2},
+    {NID_sect131r1, &_EC_SECG_CHAR2_131R1},
+    {NID_sect131r2, &_EC_SECG_CHAR2_131R2},
+    {NID_sect163k1, &_EC_NIST_CHAR2_163K},
+    {NID_sect163r1, &_EC_SECG_CHAR2_163R1},
+    {NID_sect163r2, &_EC_NIST_CHAR2_163B},
+    {NID_sect193r1, &_EC_SECG_CHAR2_193R1},
+    {NID_sect193r2, &_EC_SECG_CHAR2_193R2},
+    {NID_sect233k1, &_EC_NIST_CHAR2_233K},
+    {NID_sect233r1, &_EC_NIST_CHAR2_233B},
+    {NID_sect239k1, &_EC_SECG_CHAR2_239K1},
+    {NID_sect283k1, &_EC_NIST_CHAR2_283K},
+    {NID_sect283r1, &_EC_NIST_CHAR2_283B},
+    {NID_sect409k1, &_EC_NIST_CHAR2_409K},
+    {NID_sect409r1, &_EC_NIST_CHAR2_409B},
+    {NID_sect571k1, &_EC_NIST_CHAR2_571K},
+    {NID_sect571r1, &_EC_NIST_CHAR2_571B},
+    /* X9.62 curves */
+    {NID_X9_62_c2pnb163v1, &_EC_X9_62_CHAR2_163V1},
+    {NID_X9_62_c2pnb163v2, &_EC_X9_62_CHAR2_163V2},
+    {NID_X9_62_c2pnb163v3, &_EC_X9_62_CHAR2_163V3},
+    {NID_X9_62_c2pnb176v1, &_EC_X9_62_CHAR2_176V1},
+    {NID_X9_62_c2tnb191v1, &_EC_X9_62_CHAR2_191V1},
+    {NID_X9_62_c2tnb191v2, &_EC_X9_62_CHAR2_191V2},
+    {NID_X9_62_c2tnb191v3, &_EC_X9_62_CHAR2_191V3},
+    {NID_X9_62_c2pnb208w1, &_EC_X9_62_CHAR2_208W1},
+    {NID_X9_62_c2tnb239v1, &_EC_X9_62_CHAR2_239V1},
+    {NID_X9_62_c2tnb239v2, &_EC_X9_62_CHAR2_239V2},
+    {NID_X9_62_c2tnb239v3, &_EC_X9_62_CHAR2_239V3},
+    {NID_X9_62_c2pnb272w1, &_EC_X9_62_CHAR2_272W1},
+    {NID_X9_62_c2pnb304w1, &_EC_X9_62_CHAR2_304W1},
+    {NID_X9_62_c2tnb359v1, &_EC_X9_62_CHAR2_359V1},
+    {NID_X9_62_c2pnb368w1, &_EC_X9_62_CHAR2_368W1},
+    {NID_X9_62_c2tnb431r1, &_EC_X9_62_CHAR2_431R1},
+    /*
+     * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
+     * from X9.62]
+     */
+    {NID_wap_wsg_idm_ecid_wtls1, &_EC_WTLS_1},
+    {NID_wap_wsg_idm_ecid_wtls3, &_EC_NIST_CHAR2_163K},
+    {NID_wap_wsg_idm_ecid_wtls4, &_EC_SECG_CHAR2_113R1},
+    {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1},
+    {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1},
+    {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2},
+    {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8},
+    {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9},
+    {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K},
+    {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B},
+    {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12},
+    /* IPSec curves */
+    {NID_ipsec3, &_EC_IPSEC_155_ID3},
+    {NID_ipsec4, &_EC_IPSEC_185_ID4},
+};
+
+static size_t curve_list_length =
+    sizeof(curve_list) / sizeof(ec_list_element);
+
+static EC_GROUP *ec_group_new_from_data(const EC_CURVE_DATA * data)
+{
+    EC_GROUP *group = NULL;
+    EC_POINT *P = NULL;
+    BN_CTX *ctx = NULL;
+    BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order =
+        NULL;
+    int ok = 0;
+
+    if ((ctx = BN_CTX_new()) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if ((p = BN_new()) == NULL || (a = BN_new()) == NULL ||
+        (b = BN_new()) == NULL || (x = BN_new()) == NULL ||
+        (y = BN_new()) == NULL || (order = BN_new()) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!BN_hex2bn(&p, data->p) || !BN_hex2bn(&a, data->a)
+        || !BN_hex2bn(&b, data->b)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if (data->field_type == NID_X9_62_prime_field) {
+        if ((group = EC_GROUP_new_curve_GFp(p, a, b, ctx)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else {                    /* field_type ==
+                                 * NID_X9_62_characteristic_two_field */
+        if ((group = EC_GROUP_new_curve_GF2m(p, a, b, ctx)) == NULL) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+
+    if ((P = EC_POINT_new(group)) == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+        goto err;
+    }
+
+    if (!BN_hex2bn(&x, data->x) || !BN_hex2bn(&y, data->y)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+        goto err;
+    }
+    if (!EC_POINT_set_affine_coordinates_GF2m(group, P, x, y, ctx)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (!BN_hex2bn(&order, data->order) || !BN_set_word(x, data->cofactor)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_BN_LIB);
+        goto err;
+    }
+    if (!EC_GROUP_set_generator(group, P, order, x)) {
+        ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (data->seed) {
+        if (!EC_GROUP_set_seed(group, data->seed, data->seed_len)) {
+            ECerr(EC_F_EC_GROUP_NEW_FROM_DATA, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
+    ok = 1;
+ err:
+    if (!ok) {
+        EC_GROUP_free(group);
+        group = NULL;
+    }
+    if (P)
+        EC_POINT_free(P);
+    if (ctx)
+        BN_CTX_free(ctx);
+    if (p)
+        BN_free(p);
+    if (a)
+        BN_free(a);
+    if (b)
+        BN_free(b);
+    if (order)
+        BN_free(order);
+    if (x)
+        BN_free(x);
+    if (y)
+        BN_free(y);
+    return group;
+}
 
 EC_GROUP *EC_GROUP_new_by_curve_name(int nid)
-	{
-	size_t i;
-	EC_GROUP *ret = NULL;
+{
+    size_t i;
+    EC_GROUP *ret = NULL;
 
-	if (nid <= 0)
-		return NULL;
+    if (nid <= 0)
+        return NULL;
 
-	for (i=0; i<curve_list_length; i++)
-		if (curve_list[i].nid == nid)
-			{
-			ret = ec_group_new_from_data(curve_list[i].data);
-			break;
-			}
+    for (i = 0; i < curve_list_length; i++)
+        if (curve_list[i].nid == nid) {
+            ret = ec_group_new_from_data(curve_list[i].data);
+            break;
+        }
 
-	if (ret == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
-		return NULL;
-		}
+    if (ret == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW_BY_CURVE_NAME, EC_R_UNKNOWN_GROUP);
+        return NULL;
+    }
 
-	EC_GROUP_set_curve_name(ret, nid);
+    EC_GROUP_set_curve_name(ret, nid);
 
-	return ret;
-	}
+    return ret;
+}
 
 size_t EC_get_builtin_curves(EC_builtin_curve *r, size_t nitems)
-	{
-	size_t	i, min;
+{
+    size_t i, min;
 
-	if (r == NULL || nitems == 0)
-		return curve_list_length;
+    if (r == NULL || nitems == 0)
+        return curve_list_length;
 
-	min = nitems < curve_list_length ? nitems : curve_list_length;
+    min = nitems < curve_list_length ? nitems : curve_list_length;
 
-	for (i = 0; i < min; i++)
-		{
-		r[i].nid = curve_list[i].nid;
-		r[i].comment = curve_list[i].data->comment;
-		}
+    for (i = 0; i < min; i++) {
+        r[i].nid = curve_list[i].nid;
+        r[i].comment = curve_list[i].data->comment;
+    }
 
-	return curve_list_length;
-	}
+    return curve_list_length;
+}
diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c b/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c
index d45640ba..29b68f6c 100644
--- a/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c
+++ b/Cryptlib/OpenSSL/crypto/ec/ec_cvt.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,7 +58,7 @@
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
  *
- * Portions of the attached software ("Contribution") are developed by 
+ * Portions of the attached software ("Contribution") are developed by
  * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
  *
  * The Contribution is licensed pursuant to the OpenSSL open source
@@ -72,73 +72,70 @@
 #include <openssl/err.h>
 #include "ec_lcl.h"
 
+EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a,
+                                 const BIGNUM *b, BN_CTX *ctx)
+{
+    const EC_METHOD *meth;
+    EC_GROUP *ret;
 
-EC_GROUP *EC_GROUP_new_curve_GFp(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	const EC_METHOD *meth;
-	EC_GROUP *ret;
-
-	meth = EC_GFp_nist_method();
-	
-	ret = EC_GROUP_new(meth);
-	if (ret == NULL)
-		return NULL;
-
-	if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
-		{
-		unsigned long err;
-		  
-		err = ERR_peek_last_error();
-
-		if (!(ERR_GET_LIB(err) == ERR_LIB_EC &&
-			((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) ||
-			 (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME))))
-			{
-			/* real error */
-			
-			EC_GROUP_clear_free(ret);
-			return NULL;
-			}
-			
-		
-		/* not an actual error, we just cannot use EC_GFp_nist_method */
-
-		ERR_clear_error();
-
-		EC_GROUP_clear_free(ret);
-		meth = EC_GFp_mont_method();
-
-		ret = EC_GROUP_new(meth);
-		if (ret == NULL)
-			return NULL;
-
-		if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx))
-			{
-			EC_GROUP_clear_free(ret);
-			return NULL;
-			}
-		}
-
-	return ret;
-	}
-
-
-EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	const EC_METHOD *meth;
-	EC_GROUP *ret;
-	
-	meth = EC_GF2m_simple_method();
-	
-	ret = EC_GROUP_new(meth);
-	if (ret == NULL)
-		return NULL;
-
-	if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx))
-		{
-		EC_GROUP_clear_free(ret);
-		return NULL;
-		}
-
-	return ret;
-	}
+    meth = EC_GFp_nist_method();
+
+    ret = EC_GROUP_new(meth);
+    if (ret == NULL)
+        return NULL;
+
+    if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) {
+        unsigned long err;
+
+        err = ERR_peek_last_error();
+
+        if (!(ERR_GET_LIB(err) == ERR_LIB_EC &&
+              ((ERR_GET_REASON(err) == EC_R_NOT_A_NIST_PRIME) ||
+               (ERR_GET_REASON(err) == EC_R_NOT_A_SUPPORTED_NIST_PRIME)))) {
+            /* real error */
+
+            EC_GROUP_clear_free(ret);
+            return NULL;
+        }
+
+        /*
+         * not an actual error, we just cannot use EC_GFp_nist_method
+         */
+
+        ERR_clear_error();
+
+        EC_GROUP_clear_free(ret);
+        meth = EC_GFp_mont_method();
+
+        ret = EC_GROUP_new(meth);
+        if (ret == NULL)
+            return NULL;
+
+        if (!EC_GROUP_set_curve_GFp(ret, p, a, b, ctx)) {
+            EC_GROUP_clear_free(ret);
+            return NULL;
+        }
+    }
+
+    return ret;
+}
+
+EC_GROUP *EC_GROUP_new_curve_GF2m(const BIGNUM *p, const BIGNUM *a,
+                                  const BIGNUM *b, BN_CTX *ctx)
+{
+    const EC_METHOD *meth;
+    EC_GROUP *ret;
+
+    meth = EC_GF2m_simple_method();
+
+    ret = EC_GROUP_new(meth);
+    if (ret == NULL)
+        return NULL;
+
+    if (!EC_GROUP_set_curve_GF2m(ret, p, a, b, ctx)) {
+        EC_GROUP_clear_free(ret);
+        return NULL;
+    }
+
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_err.c b/Cryptlib/OpenSSL/crypto/ec/ec_err.c
index d04c8955..185116a0 100644
--- a/Cryptlib/OpenSSL/crypto/ec/ec_err.c
+++ b/Cryptlib/OpenSSL/crypto/ec/ec_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,175 +66,210 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EC,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EC,0,reason)
 
-static ERR_STRING_DATA EC_str_functs[]=
-	{
-{ERR_FUNC(EC_F_COMPUTE_WNAF),	"COMPUTE_WNAF"},
-{ERR_FUNC(EC_F_D2I_ECPARAMETERS),	"d2i_ECParameters"},
-{ERR_FUNC(EC_F_D2I_ECPKPARAMETERS),	"d2i_ECPKParameters"},
-{ERR_FUNC(EC_F_D2I_ECPRIVATEKEY),	"d2i_ECPrivateKey"},
-{ERR_FUNC(EC_F_ECPARAMETERS_PRINT),	"ECParameters_print"},
-{ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP),	"ECParameters_print_fp"},
-{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT),	"ECPKParameters_print"},
-{ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP),	"ECPKParameters_print_fp"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_192),	"ECP_NIST_MOD_192"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_224),	"ECP_NIST_MOD_224"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_256),	"ECP_NIST_MOD_256"},
-{ERR_FUNC(EC_F_ECP_NIST_MOD_521),	"ECP_NIST_MOD_521"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE),	"EC_ASN1_GROUP2CURVE"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID),	"EC_ASN1_GROUP2FIELDID"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS),	"EC_ASN1_GROUP2PARAMETERS"},
-{ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS),	"EC_ASN1_GROUP2PKPARAMETERS"},
-{ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP),	"EC_ASN1_PARAMETERS2GROUP"},
-{ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP),	"EC_ASN1_PKPARAMETERS2GROUP"},
-{ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA),	"EC_EX_DATA_set_data"},
-{ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY),	"EC_GF2M_MONTGOMERY_POINT_MULTIPLY"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT),	"ec_GF2m_simple_group_check_discriminant"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE),	"ec_GF2m_simple_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT),	"ec_GF2m_simple_oct2point"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT),	"ec_GF2m_simple_point2oct"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES),	"ec_GF2m_simple_point_get_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES),	"ec_GF2m_simple_point_set_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES),	"ec_GF2m_simple_set_compressed_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE),	"ec_GFp_mont_field_decode"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE),	"ec_GFp_mont_field_encode"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL),	"ec_GFp_mont_field_mul"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE),	"ec_GFp_mont_field_set_to_one"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR),	"ec_GFp_mont_field_sqr"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE),	"ec_GFp_mont_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP),	"EC_GFP_MONT_GROUP_SET_CURVE_GFP"},
-{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL),	"ec_GFp_nist_field_mul"},
-{ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR),	"ec_GFp_nist_field_sqr"},
-{ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE),	"ec_GFp_nist_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT),	"ec_GFp_simple_group_check_discriminant"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE),	"ec_GFp_simple_group_set_curve"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP),	"EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR),	"EC_GFP_SIMPLE_GROUP_SET_GENERATOR"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE),	"ec_GFp_simple_make_affine"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT),	"ec_GFp_simple_oct2point"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT),	"ec_GFp_simple_point2oct"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE),	"ec_GFp_simple_points_make_affine"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES),	"ec_GFp_simple_point_get_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP),	"EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES),	"ec_GFp_simple_point_set_affine_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP),	"EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES),	"ec_GFp_simple_set_compressed_coordinates"},
-{ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP),	"EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"},
-{ERR_FUNC(EC_F_EC_GROUP_CHECK),	"EC_GROUP_check"},
-{ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT),	"EC_GROUP_check_discriminant"},
-{ERR_FUNC(EC_F_EC_GROUP_COPY),	"EC_GROUP_copy"},
-{ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR),	"EC_GROUP_get0_generator"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR),	"EC_GROUP_get_cofactor"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M),	"EC_GROUP_get_curve_GF2m"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP),	"EC_GROUP_get_curve_GFp"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE),	"EC_GROUP_get_degree"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_ORDER),	"EC_GROUP_get_order"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS),	"EC_GROUP_get_pentanomial_basis"},
-{ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS),	"EC_GROUP_get_trinomial_basis"},
-{ERR_FUNC(EC_F_EC_GROUP_NEW),	"EC_GROUP_new"},
-{ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME),	"EC_GROUP_new_by_curve_name"},
-{ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA),	"EC_GROUP_NEW_FROM_DATA"},
-{ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT),	"EC_GROUP_precompute_mult"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M),	"EC_GROUP_set_curve_GF2m"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP),	"EC_GROUP_set_curve_GFp"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA),	"EC_GROUP_SET_EXTRA_DATA"},
-{ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR),	"EC_GROUP_set_generator"},
-{ERR_FUNC(EC_F_EC_KEY_CHECK_KEY),	"EC_KEY_check_key"},
-{ERR_FUNC(EC_F_EC_KEY_COPY),	"EC_KEY_copy"},
-{ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY),	"EC_KEY_generate_key"},
-{ERR_FUNC(EC_F_EC_KEY_NEW),	"EC_KEY_new"},
-{ERR_FUNC(EC_F_EC_KEY_PRINT),	"EC_KEY_print"},
-{ERR_FUNC(EC_F_EC_KEY_PRINT_FP),	"EC_KEY_print_fp"},
-{ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE),	"EC_POINTs_make_affine"},
-{ERR_FUNC(EC_F_EC_POINTS_MUL),	"EC_POINTs_mul"},
-{ERR_FUNC(EC_F_EC_POINT_ADD),	"EC_POINT_add"},
-{ERR_FUNC(EC_F_EC_POINT_CMP),	"EC_POINT_cmp"},
-{ERR_FUNC(EC_F_EC_POINT_COPY),	"EC_POINT_copy"},
-{ERR_FUNC(EC_F_EC_POINT_DBL),	"EC_POINT_dbl"},
-{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M),	"EC_POINT_get_affine_coordinates_GF2m"},
-{ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP),	"EC_POINT_get_affine_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP),	"EC_POINT_get_Jprojective_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_INVERT),	"EC_POINT_invert"},
-{ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY),	"EC_POINT_is_at_infinity"},
-{ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE),	"EC_POINT_is_on_curve"},
-{ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE),	"EC_POINT_make_affine"},
-{ERR_FUNC(EC_F_EC_POINT_MUL),	"EC_POINT_mul"},
-{ERR_FUNC(EC_F_EC_POINT_NEW),	"EC_POINT_new"},
-{ERR_FUNC(EC_F_EC_POINT_OCT2POINT),	"EC_POINT_oct2point"},
-{ERR_FUNC(EC_F_EC_POINT_POINT2OCT),	"EC_POINT_point2oct"},
-{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M),	"EC_POINT_set_affine_coordinates_GF2m"},
-{ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP),	"EC_POINT_set_affine_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M),	"EC_POINT_set_compressed_coordinates_GF2m"},
-{ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP),	"EC_POINT_set_compressed_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP),	"EC_POINT_set_Jprojective_coordinates_GFp"},
-{ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY),	"EC_POINT_set_to_infinity"},
-{ERR_FUNC(EC_F_EC_PRE_COMP_DUP),	"EC_PRE_COMP_DUP"},
-{ERR_FUNC(EC_F_EC_PRE_COMP_NEW),	"EC_PRE_COMP_NEW"},
-{ERR_FUNC(EC_F_EC_WNAF_MUL),	"ec_wNAF_mul"},
-{ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT),	"ec_wNAF_precompute_mult"},
-{ERR_FUNC(EC_F_I2D_ECPARAMETERS),	"i2d_ECParameters"},
-{ERR_FUNC(EC_F_I2D_ECPKPARAMETERS),	"i2d_ECPKParameters"},
-{ERR_FUNC(EC_F_I2D_ECPRIVATEKEY),	"i2d_ECPrivateKey"},
-{ERR_FUNC(EC_F_I2O_ECPUBLICKEY),	"i2o_ECPublicKey"},
-{ERR_FUNC(EC_F_O2I_ECPUBLICKEY),	"o2i_ECPublicKey"},
-{0,NULL}
-	};
+static ERR_STRING_DATA EC_str_functs[] = {
+    {ERR_FUNC(EC_F_COMPUTE_WNAF), "COMPUTE_WNAF"},
+    {ERR_FUNC(EC_F_D2I_ECPARAMETERS), "d2i_ECParameters"},
+    {ERR_FUNC(EC_F_D2I_ECPKPARAMETERS), "d2i_ECPKParameters"},
+    {ERR_FUNC(EC_F_D2I_ECPRIVATEKEY), "d2i_ECPrivateKey"},
+    {ERR_FUNC(EC_F_ECPARAMETERS_PRINT), "ECParameters_print"},
+    {ERR_FUNC(EC_F_ECPARAMETERS_PRINT_FP), "ECParameters_print_fp"},
+    {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT), "ECPKParameters_print"},
+    {ERR_FUNC(EC_F_ECPKPARAMETERS_PRINT_FP), "ECPKParameters_print_fp"},
+    {ERR_FUNC(EC_F_ECP_NIST_MOD_192), "ECP_NIST_MOD_192"},
+    {ERR_FUNC(EC_F_ECP_NIST_MOD_224), "ECP_NIST_MOD_224"},
+    {ERR_FUNC(EC_F_ECP_NIST_MOD_256), "ECP_NIST_MOD_256"},
+    {ERR_FUNC(EC_F_ECP_NIST_MOD_521), "ECP_NIST_MOD_521"},
+    {ERR_FUNC(EC_F_EC_ASN1_GROUP2CURVE), "EC_ASN1_GROUP2CURVE"},
+    {ERR_FUNC(EC_F_EC_ASN1_GROUP2FIELDID), "EC_ASN1_GROUP2FIELDID"},
+    {ERR_FUNC(EC_F_EC_ASN1_GROUP2PARAMETERS), "EC_ASN1_GROUP2PARAMETERS"},
+    {ERR_FUNC(EC_F_EC_ASN1_GROUP2PKPARAMETERS), "EC_ASN1_GROUP2PKPARAMETERS"},
+    {ERR_FUNC(EC_F_EC_ASN1_PARAMETERS2GROUP), "EC_ASN1_PARAMETERS2GROUP"},
+    {ERR_FUNC(EC_F_EC_ASN1_PKPARAMETERS2GROUP), "EC_ASN1_PKPARAMETERS2GROUP"},
+    {ERR_FUNC(EC_F_EC_EX_DATA_SET_DATA), "EC_EX_DATA_set_data"},
+    {ERR_FUNC(EC_F_EC_GF2M_MONTGOMERY_POINT_MULTIPLY),
+     "EC_GF2M_MONTGOMERY_POINT_MULTIPLY"},
+    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_CHECK_DISCRIMINANT),
+     "ec_GF2m_simple_group_check_discriminant"},
+    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_GROUP_SET_CURVE),
+     "ec_GF2m_simple_group_set_curve"},
+    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_OCT2POINT), "ec_GF2m_simple_oct2point"},
+    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT2OCT), "ec_GF2m_simple_point2oct"},
+    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_GET_AFFINE_COORDINATES),
+     "ec_GF2m_simple_point_get_affine_coordinates"},
+    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_POINT_SET_AFFINE_COORDINATES),
+     "ec_GF2m_simple_point_set_affine_coordinates"},
+    {ERR_FUNC(EC_F_EC_GF2M_SIMPLE_SET_COMPRESSED_COORDINATES),
+     "ec_GF2m_simple_set_compressed_coordinates"},
+    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_DECODE), "ec_GFp_mont_field_decode"},
+    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_ENCODE), "ec_GFp_mont_field_encode"},
+    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_MUL), "ec_GFp_mont_field_mul"},
+    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE),
+     "ec_GFp_mont_field_set_to_one"},
+    {ERR_FUNC(EC_F_EC_GFP_MONT_FIELD_SQR), "ec_GFp_mont_field_sqr"},
+    {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE),
+     "ec_GFp_mont_group_set_curve"},
+    {ERR_FUNC(EC_F_EC_GFP_MONT_GROUP_SET_CURVE_GFP),
+     "EC_GFP_MONT_GROUP_SET_CURVE_GFP"},
+    {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_MUL), "ec_GFp_nist_field_mul"},
+    {ERR_FUNC(EC_F_EC_GFP_NIST_FIELD_SQR), "ec_GFp_nist_field_sqr"},
+    {ERR_FUNC(EC_F_EC_GFP_NIST_GROUP_SET_CURVE),
+     "ec_GFp_nist_group_set_curve"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT),
+     "ec_GFp_simple_group_check_discriminant"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE),
+     "ec_GFp_simple_group_set_curve"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP),
+     "EC_GFP_SIMPLE_GROUP_SET_CURVE_GFP"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_GROUP_SET_GENERATOR),
+     "EC_GFP_SIMPLE_GROUP_SET_GENERATOR"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE), "ec_GFp_simple_make_affine"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_OCT2POINT), "ec_GFp_simple_oct2point"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT2OCT), "ec_GFp_simple_point2oct"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE),
+     "ec_GFp_simple_points_make_affine"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES),
+     "ec_GFp_simple_point_get_affine_coordinates"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP),
+     "EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES_GFP"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES),
+     "ec_GFp_simple_point_set_affine_coordinates"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP),
+     "EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES_GFP"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES),
+     "ec_GFp_simple_set_compressed_coordinates"},
+    {ERR_FUNC(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP),
+     "EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES_GFP"},
+    {ERR_FUNC(EC_F_EC_GROUP_CHECK), "EC_GROUP_check"},
+    {ERR_FUNC(EC_F_EC_GROUP_CHECK_DISCRIMINANT),
+     "EC_GROUP_check_discriminant"},
+    {ERR_FUNC(EC_F_EC_GROUP_COPY), "EC_GROUP_copy"},
+    {ERR_FUNC(EC_F_EC_GROUP_GET0_GENERATOR), "EC_GROUP_get0_generator"},
+    {ERR_FUNC(EC_F_EC_GROUP_GET_COFACTOR), "EC_GROUP_get_cofactor"},
+    {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GF2M), "EC_GROUP_get_curve_GF2m"},
+    {ERR_FUNC(EC_F_EC_GROUP_GET_CURVE_GFP), "EC_GROUP_get_curve_GFp"},
+    {ERR_FUNC(EC_F_EC_GROUP_GET_DEGREE), "EC_GROUP_get_degree"},
+    {ERR_FUNC(EC_F_EC_GROUP_GET_ORDER), "EC_GROUP_get_order"},
+    {ERR_FUNC(EC_F_EC_GROUP_GET_PENTANOMIAL_BASIS),
+     "EC_GROUP_get_pentanomial_basis"},
+    {ERR_FUNC(EC_F_EC_GROUP_GET_TRINOMIAL_BASIS),
+     "EC_GROUP_get_trinomial_basis"},
+    {ERR_FUNC(EC_F_EC_GROUP_NEW), "EC_GROUP_new"},
+    {ERR_FUNC(EC_F_EC_GROUP_NEW_BY_CURVE_NAME), "EC_GROUP_new_by_curve_name"},
+    {ERR_FUNC(EC_F_EC_GROUP_NEW_FROM_DATA), "EC_GROUP_NEW_FROM_DATA"},
+    {ERR_FUNC(EC_F_EC_GROUP_PRECOMPUTE_MULT), "EC_GROUP_precompute_mult"},
+    {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GF2M), "EC_GROUP_set_curve_GF2m"},
+    {ERR_FUNC(EC_F_EC_GROUP_SET_CURVE_GFP), "EC_GROUP_set_curve_GFp"},
+    {ERR_FUNC(EC_F_EC_GROUP_SET_EXTRA_DATA), "EC_GROUP_SET_EXTRA_DATA"},
+    {ERR_FUNC(EC_F_EC_GROUP_SET_GENERATOR), "EC_GROUP_set_generator"},
+    {ERR_FUNC(EC_F_EC_KEY_CHECK_KEY), "EC_KEY_check_key"},
+    {ERR_FUNC(EC_F_EC_KEY_COPY), "EC_KEY_copy"},
+    {ERR_FUNC(EC_F_EC_KEY_GENERATE_KEY), "EC_KEY_generate_key"},
+    {ERR_FUNC(EC_F_EC_KEY_NEW), "EC_KEY_new"},
+    {ERR_FUNC(EC_F_EC_KEY_PRINT), "EC_KEY_print"},
+    {ERR_FUNC(EC_F_EC_KEY_PRINT_FP), "EC_KEY_print_fp"},
+    {ERR_FUNC(EC_F_EC_POINTS_MAKE_AFFINE), "EC_POINTs_make_affine"},
+    {ERR_FUNC(EC_F_EC_POINTS_MUL), "EC_POINTs_mul"},
+    {ERR_FUNC(EC_F_EC_POINT_ADD), "EC_POINT_add"},
+    {ERR_FUNC(EC_F_EC_POINT_CMP), "EC_POINT_cmp"},
+    {ERR_FUNC(EC_F_EC_POINT_COPY), "EC_POINT_copy"},
+    {ERR_FUNC(EC_F_EC_POINT_DBL), "EC_POINT_dbl"},
+    {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M),
+     "EC_POINT_get_affine_coordinates_GF2m"},
+    {ERR_FUNC(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP),
+     "EC_POINT_get_affine_coordinates_GFp"},
+    {ERR_FUNC(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP),
+     "EC_POINT_get_Jprojective_coordinates_GFp"},
+    {ERR_FUNC(EC_F_EC_POINT_INVERT), "EC_POINT_invert"},
+    {ERR_FUNC(EC_F_EC_POINT_IS_AT_INFINITY), "EC_POINT_is_at_infinity"},
+    {ERR_FUNC(EC_F_EC_POINT_IS_ON_CURVE), "EC_POINT_is_on_curve"},
+    {ERR_FUNC(EC_F_EC_POINT_MAKE_AFFINE), "EC_POINT_make_affine"},
+    {ERR_FUNC(EC_F_EC_POINT_MUL), "EC_POINT_mul"},
+    {ERR_FUNC(EC_F_EC_POINT_NEW), "EC_POINT_new"},
+    {ERR_FUNC(EC_F_EC_POINT_OCT2POINT), "EC_POINT_oct2point"},
+    {ERR_FUNC(EC_F_EC_POINT_POINT2OCT), "EC_POINT_point2oct"},
+    {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M),
+     "EC_POINT_set_affine_coordinates_GF2m"},
+    {ERR_FUNC(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP),
+     "EC_POINT_set_affine_coordinates_GFp"},
+    {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M),
+     "EC_POINT_set_compressed_coordinates_GF2m"},
+    {ERR_FUNC(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP),
+     "EC_POINT_set_compressed_coordinates_GFp"},
+    {ERR_FUNC(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP),
+     "EC_POINT_set_Jprojective_coordinates_GFp"},
+    {ERR_FUNC(EC_F_EC_POINT_SET_TO_INFINITY), "EC_POINT_set_to_infinity"},
+    {ERR_FUNC(EC_F_EC_PRE_COMP_DUP), "EC_PRE_COMP_DUP"},
+    {ERR_FUNC(EC_F_EC_PRE_COMP_NEW), "EC_PRE_COMP_NEW"},
+    {ERR_FUNC(EC_F_EC_WNAF_MUL), "ec_wNAF_mul"},
+    {ERR_FUNC(EC_F_EC_WNAF_PRECOMPUTE_MULT), "ec_wNAF_precompute_mult"},
+    {ERR_FUNC(EC_F_I2D_ECPARAMETERS), "i2d_ECParameters"},
+    {ERR_FUNC(EC_F_I2D_ECPKPARAMETERS), "i2d_ECPKParameters"},
+    {ERR_FUNC(EC_F_I2D_ECPRIVATEKEY), "i2d_ECPrivateKey"},
+    {ERR_FUNC(EC_F_I2O_ECPUBLICKEY), "i2o_ECPublicKey"},
+    {ERR_FUNC(EC_F_O2I_ECPUBLICKEY), "o2i_ECPublicKey"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA EC_str_reasons[]=
-	{
-{ERR_REASON(EC_R_ASN1_ERROR)             ,"asn1 error"},
-{ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD)     ,"asn1 unknown field"},
-{ERR_REASON(EC_R_BUFFER_TOO_SMALL)       ,"buffer too small"},
-{ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),"d2i ecpkparameters failure"},
-{ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO)   ,"discriminant is zero"},
-{ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),"ec group new by name failure"},
-{ERR_REASON(EC_R_FIELD_TOO_LARGE)        ,"field too large"},
-{ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),"group2pkparameters failure"},
-{ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),"i2d ecpkparameters failure"},
-{ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS)   ,"incompatible objects"},
-{ERR_REASON(EC_R_INVALID_ARGUMENT)       ,"invalid argument"},
-{ERR_REASON(EC_R_INVALID_COMPRESSED_POINT),"invalid compressed point"},
-{ERR_REASON(EC_R_INVALID_COMPRESSION_BIT),"invalid compression bit"},
-{ERR_REASON(EC_R_INVALID_ENCODING)       ,"invalid encoding"},
-{ERR_REASON(EC_R_INVALID_FIELD)          ,"invalid field"},
-{ERR_REASON(EC_R_INVALID_FORM)           ,"invalid form"},
-{ERR_REASON(EC_R_INVALID_GROUP_ORDER)    ,"invalid group order"},
-{ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS),"invalid pentanomial basis"},
-{ERR_REASON(EC_R_INVALID_PRIVATE_KEY)    ,"invalid private key"},
-{ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS),"invalid trinomial basis"},
-{ERR_REASON(EC_R_MISSING_PARAMETERS)     ,"missing parameters"},
-{ERR_REASON(EC_R_MISSING_PRIVATE_KEY)    ,"missing private key"},
-{ERR_REASON(EC_R_NOT_A_NIST_PRIME)       ,"not a NIST prime"},
-{ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME),"not a supported NIST prime"},
-{ERR_REASON(EC_R_NOT_IMPLEMENTED)        ,"not implemented"},
-{ERR_REASON(EC_R_NOT_INITIALIZED)        ,"not initialized"},
-{ERR_REASON(EC_R_NO_FIELD_MOD)           ,"no field mod"},
-{ERR_REASON(EC_R_PASSED_NULL_PARAMETER)  ,"passed null parameter"},
-{ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),"pkparameters2group failure"},
-{ERR_REASON(EC_R_POINT_AT_INFINITY)      ,"point at infinity"},
-{ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE)  ,"point is not on curve"},
-{ERR_REASON(EC_R_SLOT_FULL)              ,"slot full"},
-{ERR_REASON(EC_R_UNDEFINED_GENERATOR)    ,"undefined generator"},
-{ERR_REASON(EC_R_UNDEFINED_ORDER)        ,"undefined order"},
-{ERR_REASON(EC_R_UNKNOWN_GROUP)          ,"unknown group"},
-{ERR_REASON(EC_R_UNKNOWN_ORDER)          ,"unknown order"},
-{ERR_REASON(EC_R_UNSUPPORTED_FIELD)      ,"unsupported field"},
-{ERR_REASON(EC_R_WRONG_ORDER)            ,"wrong order"},
-{0,NULL}
-	};
+static ERR_STRING_DATA EC_str_reasons[] = {
+    {ERR_REASON(EC_R_ASN1_ERROR), "asn1 error"},
+    {ERR_REASON(EC_R_ASN1_UNKNOWN_FIELD), "asn1 unknown field"},
+    {ERR_REASON(EC_R_BUFFER_TOO_SMALL), "buffer too small"},
+    {ERR_REASON(EC_R_D2I_ECPKPARAMETERS_FAILURE),
+     "d2i ecpkparameters failure"},
+    {ERR_REASON(EC_R_DISCRIMINANT_IS_ZERO), "discriminant is zero"},
+    {ERR_REASON(EC_R_EC_GROUP_NEW_BY_NAME_FAILURE),
+     "ec group new by name failure"},
+    {ERR_REASON(EC_R_FIELD_TOO_LARGE), "field too large"},
+    {ERR_REASON(EC_R_GROUP2PKPARAMETERS_FAILURE),
+     "group2pkparameters failure"},
+    {ERR_REASON(EC_R_I2D_ECPKPARAMETERS_FAILURE),
+     "i2d ecpkparameters failure"},
+    {ERR_REASON(EC_R_INCOMPATIBLE_OBJECTS), "incompatible objects"},
+    {ERR_REASON(EC_R_INVALID_ARGUMENT), "invalid argument"},
+    {ERR_REASON(EC_R_INVALID_COMPRESSED_POINT), "invalid compressed point"},
+    {ERR_REASON(EC_R_INVALID_COMPRESSION_BIT), "invalid compression bit"},
+    {ERR_REASON(EC_R_INVALID_ENCODING), "invalid encoding"},
+    {ERR_REASON(EC_R_INVALID_FIELD), "invalid field"},
+    {ERR_REASON(EC_R_INVALID_FORM), "invalid form"},
+    {ERR_REASON(EC_R_INVALID_GROUP_ORDER), "invalid group order"},
+    {ERR_REASON(EC_R_INVALID_PENTANOMIAL_BASIS), "invalid pentanomial basis"},
+    {ERR_REASON(EC_R_INVALID_PRIVATE_KEY), "invalid private key"},
+    {ERR_REASON(EC_R_INVALID_TRINOMIAL_BASIS), "invalid trinomial basis"},
+    {ERR_REASON(EC_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_REASON(EC_R_MISSING_PRIVATE_KEY), "missing private key"},
+    {ERR_REASON(EC_R_NOT_A_NIST_PRIME), "not a NIST prime"},
+    {ERR_REASON(EC_R_NOT_A_SUPPORTED_NIST_PRIME),
+     "not a supported NIST prime"},
+    {ERR_REASON(EC_R_NOT_IMPLEMENTED), "not implemented"},
+    {ERR_REASON(EC_R_NOT_INITIALIZED), "not initialized"},
+    {ERR_REASON(EC_R_NO_FIELD_MOD), "no field mod"},
+    {ERR_REASON(EC_R_PASSED_NULL_PARAMETER), "passed null parameter"},
+    {ERR_REASON(EC_R_PKPARAMETERS2GROUP_FAILURE),
+     "pkparameters2group failure"},
+    {ERR_REASON(EC_R_POINT_AT_INFINITY), "point at infinity"},
+    {ERR_REASON(EC_R_POINT_IS_NOT_ON_CURVE), "point is not on curve"},
+    {ERR_REASON(EC_R_SLOT_FULL), "slot full"},
+    {ERR_REASON(EC_R_UNDEFINED_GENERATOR), "undefined generator"},
+    {ERR_REASON(EC_R_UNDEFINED_ORDER), "undefined order"},
+    {ERR_REASON(EC_R_UNKNOWN_GROUP), "unknown group"},
+    {ERR_REASON(EC_R_UNKNOWN_ORDER), "unknown order"},
+    {ERR_REASON(EC_R_UNSUPPORTED_FIELD), "unsupported field"},
+    {ERR_REASON(EC_R_WRONG_ORDER), "wrong order"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_EC_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(EC_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,EC_str_functs);
-		ERR_load_strings(0,EC_str_reasons);
-		}
+    if (ERR_func_error_string(EC_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, EC_str_functs);
+        ERR_load_strings(0, EC_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_key.c b/Cryptlib/OpenSSL/crypto/ec/ec_key.c
index 6c933d22..7e480151 100644
--- a/Cryptlib/OpenSSL/crypto/ec/ec_key.c
+++ b/Cryptlib/OpenSSL/crypto/ec/ec_key.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -57,416 +57,404 @@
  */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Portions originally developed by SUN MICROSYSTEMS, INC., and 
+ * Portions originally developed by SUN MICROSYSTEMS, INC., and
  * contributed to the OpenSSL project.
  */
 
 #include <string.h>
 #include "ec_lcl.h"
 #include <openssl/err.h>
-#include <string.h>
 
 EC_KEY *EC_KEY_new(void)
-	{
-	EC_KEY *ret;
-
-	ret=(EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY));
-	if (ret == NULL)
-		{
-		ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-
-	ret->version = 1;	
-	ret->group   = NULL;
-	ret->pub_key = NULL;
-	ret->priv_key= NULL;
-	ret->enc_flag= 0; 
-	ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
-	ret->references= 1;
-	ret->method_data = NULL;
-	return(ret);
-	}
+{
+    EC_KEY *ret;
+
+    ret = (EC_KEY *)OPENSSL_malloc(sizeof(EC_KEY));
+    if (ret == NULL) {
+        ECerr(EC_F_EC_KEY_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+
+    ret->version = 1;
+    ret->group = NULL;
+    ret->pub_key = NULL;
+    ret->priv_key = NULL;
+    ret->enc_flag = 0;
+    ret->conv_form = POINT_CONVERSION_UNCOMPRESSED;
+    ret->references = 1;
+    ret->method_data = NULL;
+    return (ret);
+}
 
 EC_KEY *EC_KEY_new_by_curve_name(int nid)
-	{
-	EC_KEY *ret = EC_KEY_new();
-	if (ret == NULL)
-		return NULL;
-	ret->group = EC_GROUP_new_by_curve_name(nid);
-	if (ret->group == NULL)
-		{
-		EC_KEY_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
+{
+    EC_KEY *ret = EC_KEY_new();
+    if (ret == NULL)
+        return NULL;
+    ret->group = EC_GROUP_new_by_curve_name(nid);
+    if (ret->group == NULL) {
+        EC_KEY_free(ret);
+        return NULL;
+    }
+    return ret;
+}
 
 void EC_KEY_free(EC_KEY *r)
-	{
-	int i;
+{
+    int i;
 
-	if (r == NULL) return;
+    if (r == NULL)
+        return;
 
-	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_EC);
+    i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_EC);
 #ifdef REF_PRINT
-	REF_PRINT("EC_KEY",r);
+    REF_PRINT("EC_KEY", r);
 #endif
-	if (i > 0) return;
+    if (i > 0)
+        return;
 #ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"EC_KEY_free, bad reference count\n");
-		abort();
-		}
+    if (i < 0) {
+        fprintf(stderr, "EC_KEY_free, bad reference count\n");
+        abort();
+    }
 #endif
 
-	if (r->group    != NULL) 
-		EC_GROUP_free(r->group);
-	if (r->pub_key  != NULL)
-		EC_POINT_free(r->pub_key);
-	if (r->priv_key != NULL)
-		BN_clear_free(r->priv_key);
+    if (r->group != NULL)
+        EC_GROUP_free(r->group);
+    if (r->pub_key != NULL)
+        EC_POINT_free(r->pub_key);
+    if (r->priv_key != NULL)
+        BN_clear_free(r->priv_key);
 
-	EC_EX_DATA_free_all_data(&r->method_data);
+    EC_EX_DATA_free_all_data(&r->method_data);
 
-	OPENSSL_cleanse((void *)r, sizeof(EC_KEY));
+    OPENSSL_cleanse((void *)r, sizeof(EC_KEY));
 
-	OPENSSL_free(r);
-	}
+    OPENSSL_free(r);
+}
 
 EC_KEY *EC_KEY_copy(EC_KEY *dest, const EC_KEY *src)
-	{
-	EC_EXTRA_DATA *d;
-
-	if (dest == NULL || src == NULL)
-		{
-		ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	/* copy the parameters */
-	if (src->group)
-		{
-		const EC_METHOD *meth = EC_GROUP_method_of(src->group);
-		/* clear the old group */
-		if (dest->group)
-			EC_GROUP_free(dest->group);
-		dest->group = EC_GROUP_new(meth);
-		if (dest->group == NULL)
-			return NULL;
-		if (!EC_GROUP_copy(dest->group, src->group))
-			return NULL;
-		}
-	/*  copy the public key */
-	if (src->pub_key && src->group)
-		{
-		if (dest->pub_key)
-			EC_POINT_free(dest->pub_key);
-		dest->pub_key = EC_POINT_new(src->group);
-		if (dest->pub_key == NULL)
-			return NULL;
-		if (!EC_POINT_copy(dest->pub_key, src->pub_key))
-			return NULL;
-		}
-	/* copy the private key */
-	if (src->priv_key)
-		{
-		if (dest->priv_key == NULL)
-			{
-			dest->priv_key = BN_new();
-			if (dest->priv_key == NULL)
-				return NULL;
-			}
-		if (!BN_copy(dest->priv_key, src->priv_key))
-			return NULL;
-		}
-	/* copy method/extra data */
-	EC_EX_DATA_free_all_data(&dest->method_data);
-
-	for (d = src->method_data; d != NULL; d = d->next)
-		{
-		void *t = d->dup_func(d->data);
-		
-		if (t == NULL)
-			return 0;
-		if (!EC_EX_DATA_set_data(&dest->method_data, t, d->dup_func, d->free_func, d->clear_free_func))
-			return 0;
-		}
-
-	/* copy the rest */
-	dest->enc_flag  = src->enc_flag;
-	dest->conv_form = src->conv_form;
-	dest->version   = src->version;
-
-	return dest;
-	}
+{
+    EC_EXTRA_DATA *d;
+
+    if (dest == NULL || src == NULL) {
+        ECerr(EC_F_EC_KEY_COPY, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    /* copy the parameters */
+    if (src->group) {
+        const EC_METHOD *meth = EC_GROUP_method_of(src->group);
+        /* clear the old group */
+        if (dest->group)
+            EC_GROUP_free(dest->group);
+        dest->group = EC_GROUP_new(meth);
+        if (dest->group == NULL)
+            return NULL;
+        if (!EC_GROUP_copy(dest->group, src->group))
+            return NULL;
+    }
+    /*  copy the public key */
+    if (src->pub_key && src->group) {
+        if (dest->pub_key)
+            EC_POINT_free(dest->pub_key);
+        dest->pub_key = EC_POINT_new(src->group);
+        if (dest->pub_key == NULL)
+            return NULL;
+        if (!EC_POINT_copy(dest->pub_key, src->pub_key))
+            return NULL;
+    }
+    /* copy the private key */
+    if (src->priv_key) {
+        if (dest->priv_key == NULL) {
+            dest->priv_key = BN_new();
+            if (dest->priv_key == NULL)
+                return NULL;
+        }
+        if (!BN_copy(dest->priv_key, src->priv_key))
+            return NULL;
+    }
+    /* copy method/extra data */
+    EC_EX_DATA_free_all_data(&dest->method_data);
+
+    for (d = src->method_data; d != NULL; d = d->next) {
+        void *t = d->dup_func(d->data);
+
+        if (t == NULL)
+            return 0;
+        if (!EC_EX_DATA_set_data
+            (&dest->method_data, t, d->dup_func, d->free_func,
+             d->clear_free_func))
+            return 0;
+    }
+
+    /* copy the rest */
+    dest->enc_flag = src->enc_flag;
+    dest->conv_form = src->conv_form;
+    dest->version = src->version;
+
+    return dest;
+}
 
 EC_KEY *EC_KEY_dup(const EC_KEY *ec_key)
-	{
-	EC_KEY *ret = EC_KEY_new();
-	if (ret == NULL)
-		return NULL;
-	if (EC_KEY_copy(ret, ec_key) == NULL)
-		{
-		EC_KEY_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
+{
+    EC_KEY *ret = EC_KEY_new();
+    if (ret == NULL)
+        return NULL;
+    if (EC_KEY_copy(ret, ec_key) == NULL) {
+        EC_KEY_free(ret);
+        return NULL;
+    }
+    return ret;
+}
 
 int EC_KEY_up_ref(EC_KEY *r)
-	{
-	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);
+{
+    int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_EC);
 #ifdef REF_PRINT
-	REF_PRINT("EC_KEY",r);
+    REF_PRINT("EC_KEY", r);
 #endif
 #ifdef REF_CHECK
-	if (i < 2)
-		{
-		fprintf(stderr, "EC_KEY_up, bad reference count\n");
-		abort();
-		}
+    if (i < 2) {
+        fprintf(stderr, "EC_KEY_up, bad reference count\n");
+        abort();
+    }
 #endif
-	return ((i > 1) ? 1 : 0);
-	}
+    return ((i > 1) ? 1 : 0);
+}
 
 int EC_KEY_generate_key(EC_KEY *eckey)
-	{	
-	int	ok = 0;
-	BN_CTX	*ctx = NULL;
-	BIGNUM	*priv_key = NULL, *order = NULL;
-	EC_POINT *pub_key = NULL;
-
-	if (!eckey || !eckey->group)
-		{
-		ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-
-	if ((order = BN_new()) == NULL) goto err;
-	if ((ctx = BN_CTX_new()) == NULL) goto err;
-
-	if (eckey->priv_key == NULL)
-		{
-		priv_key = BN_new();
-		if (priv_key == NULL)
-			goto err;
-		}
-	else
-		priv_key = eckey->priv_key;
-
-	if (!EC_GROUP_get_order(eckey->group, order, ctx))
-		goto err;
-
-	do
-		if (!BN_rand_range(priv_key, order))
-			goto err;
-	while (BN_is_zero(priv_key));
-
-	if (eckey->pub_key == NULL)
-		{
-		pub_key = EC_POINT_new(eckey->group);
-		if (pub_key == NULL)
-			goto err;
-		}
-	else
-		pub_key = eckey->pub_key;
-
-	if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
-		goto err;
-
-	eckey->priv_key = priv_key;
-	eckey->pub_key  = pub_key;
-
-	ok=1;
-
-err:	
-	if (order)
-		BN_free(order);
-	if (pub_key  != NULL && eckey->pub_key  == NULL)
-		EC_POINT_free(pub_key);
-	if (priv_key != NULL && eckey->priv_key == NULL)
-		BN_free(priv_key);
-	if (ctx != NULL)
-		BN_CTX_free(ctx);
-	return(ok);
-	}
+{
+    int ok = 0;
+    BN_CTX *ctx = NULL;
+    BIGNUM *priv_key = NULL, *order = NULL;
+    EC_POINT *pub_key = NULL;
+
+    if (!eckey || !eckey->group) {
+        ECerr(EC_F_EC_KEY_GENERATE_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if ((order = BN_new()) == NULL)
+        goto err;
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+
+    if (eckey->priv_key == NULL) {
+        priv_key = BN_new();
+        if (priv_key == NULL)
+            goto err;
+    } else
+        priv_key = eckey->priv_key;
+
+    if (!EC_GROUP_get_order(eckey->group, order, ctx))
+        goto err;
+
+    do
+        if (!BN_rand_range(priv_key, order))
+            goto err;
+    while (BN_is_zero(priv_key)) ;
+
+    if (eckey->pub_key == NULL) {
+        pub_key = EC_POINT_new(eckey->group);
+        if (pub_key == NULL)
+            goto err;
+    } else
+        pub_key = eckey->pub_key;
+
+    if (!EC_POINT_mul(eckey->group, pub_key, priv_key, NULL, NULL, ctx))
+        goto err;
+
+    eckey->priv_key = priv_key;
+    eckey->pub_key = pub_key;
+
+    ok = 1;
+
+ err:
+    if (order)
+        BN_free(order);
+    if (pub_key != NULL && eckey->pub_key == NULL)
+        EC_POINT_free(pub_key);
+    if (priv_key != NULL && eckey->priv_key == NULL)
+        BN_free(priv_key);
+    if (ctx != NULL)
+        BN_CTX_free(ctx);
+    return (ok);
+}
 
 int EC_KEY_check_key(const EC_KEY *eckey)
-	{
-	int	ok   = 0;
-	BN_CTX	*ctx = NULL;
-	const BIGNUM	*order  = NULL;
-	EC_POINT *point = NULL;
-
-	if (!eckey || !eckey->group || !eckey->pub_key)
-		{
-		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-
-	if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key))
-		{
-		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
-		goto err;
-		}
-
-	if ((ctx = BN_CTX_new()) == NULL)
-		goto err;
-	if ((point = EC_POINT_new(eckey->group)) == NULL)
-		goto err;
-
-	/* testing whether the pub_key is on the elliptic curve */
-	if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx))
-		{
-		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
-		goto err;
-		}
-	/* testing whether pub_key * order is the point at infinity */
-	order = &eckey->group->order;
-	if (BN_is_zero(order))
-		{
-		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
-		goto err;
-		}
-	if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx))
-		{
-		ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
-		goto err;
-		}
-	if (!EC_POINT_is_at_infinity(eckey->group, point))
-		{
-		ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
-		goto err;
-		}
-	/* in case the priv_key is present : 
-	 * check if generator * priv_key == pub_key 
-	 */
-	if (eckey->priv_key)
-		{
-		if (BN_cmp(eckey->priv_key, order) >= 0)
-			{
-			ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
-			goto err;
-			}
-		if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
-			NULL, NULL, ctx))
-			{
-			ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
-			goto err;
-			}
-		if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, 
-			ctx) != 0)
-			{
-			ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
-			goto err;
-			}
-		}
-	ok = 1;
-err:
-	if (ctx   != NULL)
-		BN_CTX_free(ctx);
-	if (point != NULL)
-		EC_POINT_free(point);
-	return(ok);
-	}
+{
+    int ok = 0;
+    BN_CTX *ctx = NULL;
+    const BIGNUM *order = NULL;
+    EC_POINT *point = NULL;
+
+    if (!eckey || !eckey->group || !eckey->pub_key) {
+        ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (EC_POINT_is_at_infinity(eckey->group, eckey->pub_key)) {
+        ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_AT_INFINITY);
+        goto err;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    if ((point = EC_POINT_new(eckey->group)) == NULL)
+        goto err;
+
+    /* testing whether the pub_key is on the elliptic curve */
+    if (!EC_POINT_is_on_curve(eckey->group, eckey->pub_key, ctx)) {
+        ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_POINT_IS_NOT_ON_CURVE);
+        goto err;
+    }
+    /* testing whether pub_key * order is the point at infinity */
+    order = &eckey->group->order;
+    if (BN_is_zero(order)) {
+        ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_GROUP_ORDER);
+        goto err;
+    }
+    if (!EC_POINT_mul(eckey->group, point, NULL, eckey->pub_key, order, ctx)) {
+        ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (!EC_POINT_is_at_infinity(eckey->group, point)) {
+        ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+        goto err;
+    }
+    /*
+     * in case the priv_key is present : check if generator * priv_key ==
+     * pub_key
+     */
+    if (eckey->priv_key) {
+        if (BN_cmp(eckey->priv_key, order) >= 0) {
+            ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_WRONG_ORDER);
+            goto err;
+        }
+        if (!EC_POINT_mul(eckey->group, point, eckey->priv_key,
+                          NULL, NULL, ctx)) {
+            ECerr(EC_F_EC_KEY_CHECK_KEY, ERR_R_EC_LIB);
+            goto err;
+        }
+        if (EC_POINT_cmp(eckey->group, point, eckey->pub_key, ctx) != 0) {
+            ECerr(EC_F_EC_KEY_CHECK_KEY, EC_R_INVALID_PRIVATE_KEY);
+            goto err;
+        }
+    }
+    ok = 1;
+ err:
+    if (ctx != NULL)
+        BN_CTX_free(ctx);
+    if (point != NULL)
+        EC_POINT_free(point);
+    return (ok);
+}
 
 const EC_GROUP *EC_KEY_get0_group(const EC_KEY *key)
-	{
-	return key->group;
-	}
+{
+    return key->group;
+}
 
 int EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
-	{
-	if (key->group != NULL)
-		EC_GROUP_free(key->group);
-	key->group = EC_GROUP_dup(group);
-	return (key->group == NULL) ? 0 : 1;
-	}
+{
+    if (key->group != NULL)
+        EC_GROUP_free(key->group);
+    key->group = EC_GROUP_dup(group);
+    return (key->group == NULL) ? 0 : 1;
+}
 
 const BIGNUM *EC_KEY_get0_private_key(const EC_KEY *key)
-	{
-	return key->priv_key;
-	}
+{
+    return key->priv_key;
+}
 
 int EC_KEY_set_private_key(EC_KEY *key, const BIGNUM *priv_key)
-	{
-	if (key->priv_key)
-		BN_clear_free(key->priv_key);
-	key->priv_key = BN_dup(priv_key);
-	return (key->priv_key == NULL) ? 0 : 1;
-	}
+{
+    if (key->priv_key)
+        BN_clear_free(key->priv_key);
+    key->priv_key = BN_dup(priv_key);
+    return (key->priv_key == NULL) ? 0 : 1;
+}
 
 const EC_POINT *EC_KEY_get0_public_key(const EC_KEY *key)
-	{
-	return key->pub_key;
-	}
+{
+    return key->pub_key;
+}
 
 int EC_KEY_set_public_key(EC_KEY *key, const EC_POINT *pub_key)
-	{
-	if (key->pub_key != NULL)
-		EC_POINT_free(key->pub_key);
-	key->pub_key = EC_POINT_dup(pub_key, key->group);
-	return (key->pub_key == NULL) ? 0 : 1;
-	}
+{
+    if (key->pub_key != NULL)
+        EC_POINT_free(key->pub_key);
+    key->pub_key = EC_POINT_dup(pub_key, key->group);
+    return (key->pub_key == NULL) ? 0 : 1;
+}
 
 unsigned int EC_KEY_get_enc_flags(const EC_KEY *key)
-	{
-	return key->enc_flag;
-	}
+{
+    return key->enc_flag;
+}
 
 void EC_KEY_set_enc_flags(EC_KEY *key, unsigned int flags)
-	{
-	key->enc_flag = flags;
-	}
+{
+    key->enc_flag = flags;
+}
 
 point_conversion_form_t EC_KEY_get_conv_form(const EC_KEY *key)
-	{
-	return key->conv_form;
-	}
+{
+    return key->conv_form;
+}
 
 void EC_KEY_set_conv_form(EC_KEY *key, point_conversion_form_t cform)
-	{
-	key->conv_form = cform;
-	if (key->group != NULL)
-		EC_GROUP_set_point_conversion_form(key->group, cform);
-	}
+{
+    key->conv_form = cform;
+    if (key->group != NULL)
+        EC_GROUP_set_point_conversion_form(key->group, cform);
+}
 
 void *EC_KEY_get_key_method_data(EC_KEY *key,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
-	{
-	void *ret;
+                                 void *(*dup_func) (void *),
+                                 void (*free_func) (void *),
+                                 void (*clear_free_func) (void *))
+{
+    void *ret;
 
-	CRYPTO_r_lock(CRYPTO_LOCK_EC);
-	ret = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
-	CRYPTO_r_unlock(CRYPTO_LOCK_EC);
+    CRYPTO_r_lock(CRYPTO_LOCK_EC);
+    ret =
+        EC_EX_DATA_get_data(key->method_data, dup_func, free_func,
+                            clear_free_func);
+    CRYPTO_r_unlock(CRYPTO_LOCK_EC);
 
-	return ret;
-	}
+    return ret;
+}
 
 void *EC_KEY_insert_key_method_data(EC_KEY *key, void *data,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
-	{
-	EC_EXTRA_DATA *ex_data;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_EC);
-	ex_data = EC_EX_DATA_get_data(key->method_data, dup_func, free_func, clear_free_func);
-	if (ex_data == NULL)
-		EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func, clear_free_func);
-	CRYPTO_w_unlock(CRYPTO_LOCK_EC);
-
-	return ex_data;
-	}
+                                    void *(*dup_func) (void *),
+                                    void (*free_func) (void *),
+                                    void (*clear_free_func) (void *))
+{
+    EC_EXTRA_DATA *ex_data;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_EC);
+    ex_data =
+        EC_EX_DATA_get_data(key->method_data, dup_func, free_func,
+                            clear_free_func);
+    if (ex_data == NULL)
+        EC_EX_DATA_set_data(&key->method_data, data, dup_func, free_func,
+                            clear_free_func);
+    CRYPTO_w_unlock(CRYPTO_LOCK_EC);
+
+    return ex_data;
+}
 
 void EC_KEY_set_asn1_flag(EC_KEY *key, int flag)
-	{
-	if (key->group != NULL)
-		EC_GROUP_set_asn1_flag(key->group, flag);
-	}
+{
+    if (key->group != NULL)
+        EC_GROUP_set_asn1_flag(key->group, flag);
+}
 
 int EC_KEY_precompute_mult(EC_KEY *key, BN_CTX *ctx)
-	{
-	if (key->group == NULL)
-		return 0;
-	return EC_GROUP_precompute_mult(key->group, ctx);
-	}
+{
+    if (key->group == NULL)
+        return 0;
+    return EC_GROUP_precompute_mult(key->group, ctx);
+}
diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c
index e7d11ffe..8d8b807a 100644
--- a/Cryptlib/OpenSSL/crypto/ec/ec_lib.c
+++ b/Cryptlib/OpenSSL/crypto/ec/ec_lib.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -57,7 +57,7 @@
  */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * Binary polynomial ECC support in OpenSSL originally developed by 
+ * Binary polynomial ECC support in OpenSSL originally developed by
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 
@@ -70,1095 +70,1042 @@
 
 static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;
 
-
 /* functions for EC_GROUP objects */
 
 EC_GROUP *EC_GROUP_new(const EC_METHOD *meth)
-	{
-	EC_GROUP *ret;
-
-	if (meth == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	if (meth->group_init == 0)
-		{
-		ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return NULL;
-		}
-
-	ret = OPENSSL_malloc(sizeof *ret);
-	if (ret == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	ret->meth = meth;
-
-	ret->extra_data = NULL;
-
-	ret->generator = NULL;
-	BN_init(&ret->order);
-	BN_init(&ret->cofactor);
-
-	ret->curve_name = 0;	
-	ret->asn1_flag  = 0;
-	ret->asn1_form  = POINT_CONVERSION_UNCOMPRESSED;
-
-	ret->seed = NULL;
-	ret->seed_len = 0;
-
-	if (!meth->group_init(ret))
-		{
-		OPENSSL_free(ret);
-		return NULL;
-		}
-	
-	return ret;
-	}
-
+{
+    EC_GROUP *ret;
 
-void EC_GROUP_free(EC_GROUP *group)
-	{
-	if (!group) return;
+    if (meth == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (meth->group_init == 0) {
+        ECerr(EC_F_EC_GROUP_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return NULL;
+    }
 
-	if (group->meth->group_finish != 0)
-		group->meth->group_finish(group);
+    ret = OPENSSL_malloc(sizeof *ret);
+    if (ret == NULL) {
+        ECerr(EC_F_EC_GROUP_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
 
-	EC_EX_DATA_free_all_data(&group->extra_data);
+    ret->meth = meth;
 
-	if (group->generator != NULL)
-		EC_POINT_free(group->generator);
-	BN_free(&group->order);
-	BN_free(&group->cofactor);
+    ret->extra_data = NULL;
 
-	if (group->seed)
-		OPENSSL_free(group->seed);
+    ret->generator = NULL;
+    BN_init(&ret->order);
+    BN_init(&ret->cofactor);
 
-	OPENSSL_free(group);
-	}
- 
-
-void EC_GROUP_clear_free(EC_GROUP *group)
-	{
-	if (!group) return;
+    ret->curve_name = 0;
+    ret->asn1_flag = 0;
+    ret->asn1_form = POINT_CONVERSION_UNCOMPRESSED;
 
-	if (group->meth->group_clear_finish != 0)
-		group->meth->group_clear_finish(group);
-	else if (group->meth->group_finish != 0)
-		group->meth->group_finish(group);
+    ret->seed = NULL;
+    ret->seed_len = 0;
 
-	EC_EX_DATA_clear_free_all_data(&group->extra_data);
+    if (!meth->group_init(ret)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
 
-	if (group->generator != NULL)
-		EC_POINT_clear_free(group->generator);
-	BN_clear_free(&group->order);
-	BN_clear_free(&group->cofactor);
+    return ret;
+}
 
-	if (group->seed)
-		{
-		OPENSSL_cleanse(group->seed, group->seed_len);
-		OPENSSL_free(group->seed);
-		}
-
-	OPENSSL_cleanse(group, sizeof *group);
-	OPENSSL_free(group);
-	}
+void EC_GROUP_free(EC_GROUP *group)
+{
+    if (!group)
+        return;
 
+    if (group->meth->group_finish != 0)
+        group->meth->group_finish(group);
 
-int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
-	{
-	EC_EXTRA_DATA *d;
-
-	if (dest->meth->group_copy == 0)
-		{
-		ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (dest->meth != src->meth)
-		{
-		ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	if (dest == src)
-		return 1;
-	
-	EC_EX_DATA_free_all_data(&dest->extra_data);
-
-	for (d = src->extra_data; d != NULL; d = d->next)
-		{
-		void *t = d->dup_func(d->data);
-		
-		if (t == NULL)
-			return 0;
-		if (!EC_EX_DATA_set_data(&dest->extra_data, t, d->dup_func, d->free_func, d->clear_free_func))
-			return 0;
-		}
-
-	if (src->generator != NULL)
-		{
-		if (dest->generator == NULL)
-			{
-			dest->generator = EC_POINT_new(dest);
-			if (dest->generator == NULL) return 0;
-			}
-		if (!EC_POINT_copy(dest->generator, src->generator)) return 0;
-		}
-	else
-		{
-		/* src->generator == NULL */
-		if (dest->generator != NULL)
-			{
-			EC_POINT_clear_free(dest->generator);
-			dest->generator = NULL;
-			}
-		}
-
-	if (!BN_copy(&dest->order, &src->order)) return 0;
-	if (!BN_copy(&dest->cofactor, &src->cofactor)) return 0;
-
-	dest->curve_name = src->curve_name;
-	dest->asn1_flag  = src->asn1_flag;
-	dest->asn1_form  = src->asn1_form;
-
-	if (src->seed)
-		{
-		if (dest->seed)
-			OPENSSL_free(dest->seed);
-		dest->seed = OPENSSL_malloc(src->seed_len);
-		if (dest->seed == NULL)
-			return 0;
-		if (!memcpy(dest->seed, src->seed, src->seed_len))
-			return 0;
-		dest->seed_len = src->seed_len;
-		}
-	else
-		{
-		if (dest->seed)
-			OPENSSL_free(dest->seed);
-		dest->seed = NULL;
-		dest->seed_len = 0;
-		}
-	
-
-	return dest->meth->group_copy(dest, src);
-	}
+    EC_EX_DATA_free_all_data(&group->extra_data);
 
+    if (group->generator != NULL)
+        EC_POINT_free(group->generator);
+    BN_free(&group->order);
+    BN_free(&group->cofactor);
 
-EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
-	{
-	EC_GROUP *t = NULL;
-	int ok = 0;
+    if (group->seed)
+        OPENSSL_free(group->seed);
 
-	if (a == NULL) return NULL;
+    OPENSSL_free(group);
+}
 
-	if ((t = EC_GROUP_new(a->meth)) == NULL) return(NULL);
-	if (!EC_GROUP_copy(t, a)) goto err;
+void EC_GROUP_clear_free(EC_GROUP *group)
+{
+    if (!group)
+        return;
 
-	ok = 1;
+    if (group->meth->group_clear_finish != 0)
+        group->meth->group_clear_finish(group);
+    else if (group->meth->group_finish != 0)
+        group->meth->group_finish(group);
 
-  err:	
-	if (!ok)
-		{
-		if (t) EC_GROUP_free(t);
-		return NULL;
-		}
-	else return t;
-	}
+    EC_EX_DATA_clear_free_all_data(&group->extra_data);
 
+    if (group->generator != NULL)
+        EC_POINT_clear_free(group->generator);
+    BN_clear_free(&group->order);
+    BN_clear_free(&group->cofactor);
 
-const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
-	{
-	return group->meth;
-	}
+    if (group->seed) {
+        OPENSSL_cleanse(group->seed, group->seed_len);
+        OPENSSL_free(group->seed);
+    }
 
+    OPENSSL_cleanse(group, sizeof *group);
+    OPENSSL_free(group);
+}
 
-int EC_METHOD_get_field_type(const EC_METHOD *meth)
-        {
-        return meth->field_type;
+int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
+{
+    EC_EXTRA_DATA *d;
+
+    if (dest->meth->group_copy == 0) {
+        ECerr(EC_F_EC_GROUP_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (dest->meth != src->meth) {
+        ECerr(EC_F_EC_GROUP_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (dest == src)
+        return 1;
+
+    EC_EX_DATA_free_all_data(&dest->extra_data);
+
+    for (d = src->extra_data; d != NULL; d = d->next) {
+        void *t = d->dup_func(d->data);
+
+        if (t == NULL)
+            return 0;
+        if (!EC_EX_DATA_set_data
+            (&dest->extra_data, t, d->dup_func, d->free_func,
+             d->clear_free_func))
+            return 0;
+    }
+
+    if (src->generator != NULL) {
+        if (dest->generator == NULL) {
+            dest->generator = EC_POINT_new(dest);
+            if (dest->generator == NULL)
+                return 0;
+        }
+        if (!EC_POINT_copy(dest->generator, src->generator))
+            return 0;
+    } else {
+        /* src->generator == NULL */
+        if (dest->generator != NULL) {
+            EC_POINT_clear_free(dest->generator);
+            dest->generator = NULL;
         }
+    }
+
+    if (!BN_copy(&dest->order, &src->order))
+        return 0;
+    if (!BN_copy(&dest->cofactor, &src->cofactor))
+        return 0;
+
+    dest->curve_name = src->curve_name;
+    dest->asn1_flag = src->asn1_flag;
+    dest->asn1_form = src->asn1_form;
+
+    if (src->seed) {
+        if (dest->seed)
+            OPENSSL_free(dest->seed);
+        dest->seed = OPENSSL_malloc(src->seed_len);
+        if (dest->seed == NULL)
+            return 0;
+        if (!memcpy(dest->seed, src->seed, src->seed_len))
+            return 0;
+        dest->seed_len = src->seed_len;
+    } else {
+        if (dest->seed)
+            OPENSSL_free(dest->seed);
+        dest->seed = NULL;
+        dest->seed_len = 0;
+    }
+
+    return dest->meth->group_copy(dest, src);
+}
 
+EC_GROUP *EC_GROUP_dup(const EC_GROUP *a)
+{
+    EC_GROUP *t = NULL;
+    int ok = 0;
 
-int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, const BIGNUM *order, const BIGNUM *cofactor)
-	{
-	if (generator == NULL)
-		{
-		ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
-		return 0   ;
-		}
+    if (a == NULL)
+        return NULL;
 
-	if (group->generator == NULL)
-		{
-		group->generator = EC_POINT_new(group);
-		if (group->generator == NULL) return 0;
-		}
-	if (!EC_POINT_copy(group->generator, generator)) return 0;
+    if ((t = EC_GROUP_new(a->meth)) == NULL)
+        return (NULL);
+    if (!EC_GROUP_copy(t, a))
+        goto err;
 
-	if (order != NULL)
-		{ if (!BN_copy(&group->order, order)) return 0; }	
-	else
-		BN_zero(&group->order);
+    ok = 1;
 
-	if (cofactor != NULL)
-		{ if (!BN_copy(&group->cofactor, cofactor)) return 0; }	
-	else
-		BN_zero(&group->cofactor);
+ err:
+    if (!ok) {
+        if (t)
+            EC_GROUP_free(t);
+        return NULL;
+    } else
+        return t;
+}
 
-	return 1;
-	}
+const EC_METHOD *EC_GROUP_method_of(const EC_GROUP *group)
+{
+    return group->meth;
+}
 
+int EC_METHOD_get_field_type(const EC_METHOD *meth)
+{
+    return meth->field_type;
+}
+
+int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator,
+                           const BIGNUM *order, const BIGNUM *cofactor)
+{
+    if (generator == NULL) {
+        ECerr(EC_F_EC_GROUP_SET_GENERATOR, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    if (group->generator == NULL) {
+        group->generator = EC_POINT_new(group);
+        if (group->generator == NULL)
+            return 0;
+    }
+    if (!EC_POINT_copy(group->generator, generator))
+        return 0;
+
+    if (order != NULL) {
+        if (!BN_copy(&group->order, order))
+            return 0;
+    } else
+        BN_zero(&group->order);
+
+    if (cofactor != NULL) {
+        if (!BN_copy(&group->cofactor, cofactor))
+            return 0;
+    } else
+        BN_zero(&group->cofactor);
+
+    return 1;
+}
 
 const EC_POINT *EC_GROUP_get0_generator(const EC_GROUP *group)
-	{
-	return group->generator;
-	}
-
+{
+    return group->generator;
+}
 
 int EC_GROUP_get_order(const EC_GROUP *group, BIGNUM *order, BN_CTX *ctx)
-	{
-	if (!BN_copy(order, &group->order))
-		return 0;
+{
+    if (!BN_copy(order, &group->order))
+        return 0;
 
-	return !BN_is_zero(order);
-	}
+    return !BN_is_zero(order);
+}
 
+int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor,
+                          BN_CTX *ctx)
+{
+    if (!BN_copy(cofactor, &group->cofactor))
+        return 0;
 
-int EC_GROUP_get_cofactor(const EC_GROUP *group, BIGNUM *cofactor, BN_CTX *ctx)
-	{
-	if (!BN_copy(cofactor, &group->cofactor))
-		return 0;
-
-	return !BN_is_zero(&group->cofactor);
-	}
-
+    return !BN_is_zero(&group->cofactor);
+}
 
 void EC_GROUP_set_curve_name(EC_GROUP *group, int nid)
-	{
-	group->curve_name = nid;
-	}
-
+{
+    group->curve_name = nid;
+}
 
 int EC_GROUP_get_curve_name(const EC_GROUP *group)
-	{
-	return group->curve_name;
-	}
-
+{
+    return group->curve_name;
+}
 
 void EC_GROUP_set_asn1_flag(EC_GROUP *group, int flag)
-	{
-	group->asn1_flag = flag;
-	}
-
+{
+    group->asn1_flag = flag;
+}
 
 int EC_GROUP_get_asn1_flag(const EC_GROUP *group)
-	{
-	return group->asn1_flag;
-	}
+{
+    return group->asn1_flag;
+}
 
-
-void EC_GROUP_set_point_conversion_form(EC_GROUP *group, 
+void EC_GROUP_set_point_conversion_form(EC_GROUP *group,
                                         point_conversion_form_t form)
-	{
-	group->asn1_form = form;
-	}
-
-
-point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP *group)
-	{
-	return group->asn1_form;
-	}
+{
+    group->asn1_form = form;
+}
 
+point_conversion_form_t EC_GROUP_get_point_conversion_form(const EC_GROUP
+                                                           *group)
+{
+    return group->asn1_form;
+}
 
 size_t EC_GROUP_set_seed(EC_GROUP *group, const unsigned char *p, size_t len)
-	{
-	if (group->seed)
-		{
-		OPENSSL_free(group->seed);
-		group->seed = NULL;
-		group->seed_len = 0;
-		}
-
-	if (!len || !p)
-		return 1;
+{
+    if (group->seed) {
+        OPENSSL_free(group->seed);
+        group->seed = NULL;
+        group->seed_len = 0;
+    }
 
-	if ((group->seed = OPENSSL_malloc(len)) == NULL)
-		return 0;
-	memcpy(group->seed, p, len);
-	group->seed_len = len;
+    if (!len || !p)
+        return 1;
 
-	return len;
-	}
+    if ((group->seed = OPENSSL_malloc(len)) == NULL)
+        return 0;
+    memcpy(group->seed, p, len);
+    group->seed_len = len;
 
+    return len;
+}
 
 unsigned char *EC_GROUP_get0_seed(const EC_GROUP *group)
-	{
-	return group->seed;
-	}
-
+{
+    return group->seed;
+}
 
 size_t EC_GROUP_get_seed_len(const EC_GROUP *group)
-	{
-	return group->seed_len;
-	}
-
-
-int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	if (group->meth->group_set_curve == 0)
-		{
-		ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	return group->meth->group_set_curve(group, p, a, b, ctx);
-	}
-
-
-int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
-	{
-	if (group->meth->group_get_curve == 0)
-		{
-		ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	return group->meth->group_get_curve(group, p, a, b, ctx);
-	}
-
-
-int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	if (group->meth->group_set_curve == 0)
-		{
-		ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	return group->meth->group_set_curve(group, p, a, b, ctx);
-	}
-
-
-int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
-	{
-	if (group->meth->group_get_curve == 0)
-		{
-		ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	return group->meth->group_get_curve(group, p, a, b, ctx);
-	}
-
+{
+    return group->seed_len;
+}
+
+int EC_GROUP_set_curve_GFp(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                           const BIGNUM *b, BN_CTX *ctx)
+{
+    if (group->meth->group_set_curve == 0) {
+        ECerr(EC_F_EC_GROUP_SET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_set_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_get_curve_GFp(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                           BIGNUM *b, BN_CTX *ctx)
+{
+    if (group->meth->group_get_curve == 0) {
+        ECerr(EC_F_EC_GROUP_GET_CURVE_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_get_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_set_curve_GF2m(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *ctx)
+{
+    if (group->meth->group_set_curve == 0) {
+        ECerr(EC_F_EC_GROUP_SET_CURVE_GF2M,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_set_curve(group, p, a, b, ctx);
+}
+
+int EC_GROUP_get_curve_GF2m(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                            BIGNUM *b, BN_CTX *ctx)
+{
+    if (group->meth->group_get_curve == 0) {
+        ECerr(EC_F_EC_GROUP_GET_CURVE_GF2M,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_get_curve(group, p, a, b, ctx);
+}
 
 int EC_GROUP_get_degree(const EC_GROUP *group)
-	{
-	if (group->meth->group_get_degree == 0)
-		{
-		ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	return group->meth->group_get_degree(group);
-	}
-
+{
+    if (group->meth->group_get_degree == 0) {
+        ECerr(EC_F_EC_GROUP_GET_DEGREE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_get_degree(group);
+}
 
 int EC_GROUP_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
-	{
-	if (group->meth->group_check_discriminant == 0)
-		{
-		ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	return group->meth->group_check_discriminant(group, ctx);
-	}
-
+{
+    if (group->meth->group_check_discriminant == 0) {
+        ECerr(EC_F_EC_GROUP_CHECK_DISCRIMINANT,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    return group->meth->group_check_discriminant(group, ctx);
+}
 
 int EC_GROUP_cmp(const EC_GROUP *a, const EC_GROUP *b, BN_CTX *ctx)
-	{
-	int    r = 0;
-	BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
-	BN_CTX *ctx_new = NULL;
-
-	/* compare the field types*/
-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
-	    EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
-		return 1;
-	/* compare the curve name (if present in both) */
-	if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
-	    EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
-		return 1;
-
-	if (!ctx)
-		ctx_new = ctx = BN_CTX_new();
-	if (!ctx)
-		return -1;
-	
-	BN_CTX_start(ctx);
-	a1 = BN_CTX_get(ctx);
-	a2 = BN_CTX_get(ctx);
-	a3 = BN_CTX_get(ctx);
-	b1 = BN_CTX_get(ctx);
-	b2 = BN_CTX_get(ctx);
-	b3 = BN_CTX_get(ctx);
-	if (!b3)
-		{
-		BN_CTX_end(ctx);
-		if (ctx_new)
-			BN_CTX_free(ctx);
-		return -1;
-		}
-
-	/* XXX This approach assumes that the external representation
-	 * of curves over the same field type is the same.
-	 */
-	if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) ||
-	    !b->meth->group_get_curve(b, b1, b2, b3, ctx))
-		r = 1;
-
-	if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3))
-		r = 1;
-
-	/* XXX EC_POINT_cmp() assumes that the methods are equal */
-	if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a),
-	    EC_GROUP_get0_generator(b), ctx))
-		r = 1;
-
-	if (!r)
-		{
-		/* compare the order and cofactor */
-		if (!EC_GROUP_get_order(a, a1, ctx) ||
-		    !EC_GROUP_get_order(b, b1, ctx) ||
-		    !EC_GROUP_get_cofactor(a, a2, ctx) ||
-		    !EC_GROUP_get_cofactor(b, b2, ctx))
-			{
-			BN_CTX_end(ctx);
-			if (ctx_new)
-				BN_CTX_free(ctx);
-			return -1;
-			}
-		if (BN_cmp(a1, b1) || BN_cmp(a2, b2))
-			r = 1;
-		}
-
-	BN_CTX_end(ctx);
-	if (ctx_new)
-		BN_CTX_free(ctx);
-
-	return r;
-	}
+{
+    int r = 0;
+    BIGNUM *a1, *a2, *a3, *b1, *b2, *b3;
+    BN_CTX *ctx_new = NULL;
+
+    /* compare the field types */
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(a)) !=
+        EC_METHOD_get_field_type(EC_GROUP_method_of(b)))
+        return 1;
+    /* compare the curve name (if present in both) */
+    if (EC_GROUP_get_curve_name(a) && EC_GROUP_get_curve_name(b) &&
+        EC_GROUP_get_curve_name(a) != EC_GROUP_get_curve_name(b))
+        return 1;
+
+    if (!ctx)
+        ctx_new = ctx = BN_CTX_new();
+    if (!ctx)
+        return -1;
+
+    BN_CTX_start(ctx);
+    a1 = BN_CTX_get(ctx);
+    a2 = BN_CTX_get(ctx);
+    a3 = BN_CTX_get(ctx);
+    b1 = BN_CTX_get(ctx);
+    b2 = BN_CTX_get(ctx);
+    b3 = BN_CTX_get(ctx);
+    if (!b3) {
+        BN_CTX_end(ctx);
+        if (ctx_new)
+            BN_CTX_free(ctx);
+        return -1;
+    }
+
+    /*
+     * XXX This approach assumes that the external representation of curves
+     * over the same field type is the same.
+     */
+    if (!a->meth->group_get_curve(a, a1, a2, a3, ctx) ||
+        !b->meth->group_get_curve(b, b1, b2, b3, ctx))
+        r = 1;
+
+    if (r || BN_cmp(a1, b1) || BN_cmp(a2, b2) || BN_cmp(a3, b3))
+        r = 1;
+
+    /* XXX EC_POINT_cmp() assumes that the methods are equal */
+    if (r || EC_POINT_cmp(a, EC_GROUP_get0_generator(a),
+                          EC_GROUP_get0_generator(b), ctx))
+        r = 1;
+
+    if (!r) {
+        /* compare the order and cofactor */
+        if (!EC_GROUP_get_order(a, a1, ctx) ||
+            !EC_GROUP_get_order(b, b1, ctx) ||
+            !EC_GROUP_get_cofactor(a, a2, ctx) ||
+            !EC_GROUP_get_cofactor(b, b2, ctx)) {
+            BN_CTX_end(ctx);
+            if (ctx_new)
+                BN_CTX_free(ctx);
+            return -1;
+        }
+        if (BN_cmp(a1, b1) || BN_cmp(a2, b2))
+            r = 1;
+    }
 
+    BN_CTX_end(ctx);
+    if (ctx_new)
+        BN_CTX_free(ctx);
+
+    return r;
+}
 
 /* this has 'package' visibility */
 int EC_EX_DATA_set_data(EC_EXTRA_DATA **ex_data, void *data,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
-	{
-	EC_EXTRA_DATA *d;
-
-	if (ex_data == NULL)
-		return 0;
-
-	for (d = *ex_data; d != NULL; d = d->next)
-		{
-		if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func)
-			{
-			ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL);
-			return 0;
-			}
-		}
+                        void *(*dup_func) (void *),
+                        void (*free_func) (void *),
+                        void (*clear_free_func) (void *))
+{
+    EC_EXTRA_DATA *d;
+
+    if (ex_data == NULL)
+        return 0;
+
+    for (d = *ex_data; d != NULL; d = d->next) {
+        if (d->dup_func == dup_func && d->free_func == free_func
+            && d->clear_free_func == clear_free_func) {
+            ECerr(EC_F_EC_EX_DATA_SET_DATA, EC_R_SLOT_FULL);
+            return 0;
+        }
+    }
 
-	if (data == NULL)
-		/* no explicit entry needed */
-		return 1;
+    if (data == NULL)
+        /* no explicit entry needed */
+        return 1;
 
-	d = OPENSSL_malloc(sizeof *d);
-	if (d == NULL)
-		return 0;
+    d = OPENSSL_malloc(sizeof *d);
+    if (d == NULL)
+        return 0;
 
-	d->data = data;
-	d->dup_func = dup_func;
-	d->free_func = free_func;
-	d->clear_free_func = clear_free_func;
+    d->data = data;
+    d->dup_func = dup_func;
+    d->free_func = free_func;
+    d->clear_free_func = clear_free_func;
 
-	d->next = *ex_data;
-	*ex_data = d;
+    d->next = *ex_data;
+    *ex_data = d;
 
-	return 1;
-	}
+    return 1;
+}
 
 /* this has 'package' visibility */
 void *EC_EX_DATA_get_data(const EC_EXTRA_DATA *ex_data,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
-	{
-	const EC_EXTRA_DATA *d;
-
-	for (d = ex_data; d != NULL; d = d->next)
-		{
-		if (d->dup_func == dup_func && d->free_func == free_func && d->clear_free_func == clear_free_func)
-			return d->data;
-		}
-	
-	return NULL;
-	}
+                          void *(*dup_func) (void *),
+                          void (*free_func) (void *),
+                          void (*clear_free_func) (void *))
+{
+    const EC_EXTRA_DATA *d;
+
+    for (d = ex_data; d != NULL; d = d->next) {
+        if (d->dup_func == dup_func && d->free_func == free_func
+            && d->clear_free_func == clear_free_func)
+            return d->data;
+    }
+
+    return NULL;
+}
 
 /* this has 'package' visibility */
 void EC_EX_DATA_free_data(EC_EXTRA_DATA **ex_data,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
-	{
-	EC_EXTRA_DATA **p;
-
-	if (ex_data == NULL)
-		return;
-
-	for (p = ex_data; *p != NULL; p = &((*p)->next))
-		{
-		if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func)
-			{
-			EC_EXTRA_DATA *next = (*p)->next;
-
-			(*p)->free_func((*p)->data);
-			OPENSSL_free(*p);
-			
-			*p = next;
-			return;
-			}
-		}
-	}
+                          void *(*dup_func) (void *),
+                          void (*free_func) (void *),
+                          void (*clear_free_func) (void *))
+{
+    EC_EXTRA_DATA **p;
+
+    if (ex_data == NULL)
+        return;
+
+    for (p = ex_data; *p != NULL; p = &((*p)->next)) {
+        if ((*p)->dup_func == dup_func && (*p)->free_func == free_func
+            && (*p)->clear_free_func == clear_free_func) {
+            EC_EXTRA_DATA *next = (*p)->next;
+
+            (*p)->free_func((*p)->data);
+            OPENSSL_free(*p);
+
+            *p = next;
+            return;
+        }
+    }
+}
 
 /* this has 'package' visibility */
 void EC_EX_DATA_clear_free_data(EC_EXTRA_DATA **ex_data,
-	void *(*dup_func)(void *), void (*free_func)(void *), void (*clear_free_func)(void *))
-	{
-	EC_EXTRA_DATA **p;
-
-	if (ex_data == NULL)
-		return;
-
-	for (p = ex_data; *p != NULL; p = &((*p)->next))
-		{
-		if ((*p)->dup_func == dup_func && (*p)->free_func == free_func && (*p)->clear_free_func == clear_free_func)
-			{
-			EC_EXTRA_DATA *next = (*p)->next;
-
-			(*p)->clear_free_func((*p)->data);
-			OPENSSL_free(*p);
-			
-			*p = next;
-			return;
-			}
-		}
-	}
+                                void *(*dup_func) (void *),
+                                void (*free_func) (void *),
+                                void (*clear_free_func) (void *))
+{
+    EC_EXTRA_DATA **p;
+
+    if (ex_data == NULL)
+        return;
+
+    for (p = ex_data; *p != NULL; p = &((*p)->next)) {
+        if ((*p)->dup_func == dup_func && (*p)->free_func == free_func
+            && (*p)->clear_free_func == clear_free_func) {
+            EC_EXTRA_DATA *next = (*p)->next;
+
+            (*p)->clear_free_func((*p)->data);
+            OPENSSL_free(*p);
+
+            *p = next;
+            return;
+        }
+    }
+}
 
 /* this has 'package' visibility */
 void EC_EX_DATA_free_all_data(EC_EXTRA_DATA **ex_data)
-	{
-	EC_EXTRA_DATA *d;
-
-	if (ex_data == NULL)
-		return;
-
-	d = *ex_data;
-	while (d)
-		{
-		EC_EXTRA_DATA *next = d->next;
-		
-		d->free_func(d->data);
-		OPENSSL_free(d);
-		
-		d = next;
-		}
-	*ex_data = NULL;
-	}
+{
+    EC_EXTRA_DATA *d;
+
+    if (ex_data == NULL)
+        return;
+
+    d = *ex_data;
+    while (d) {
+        EC_EXTRA_DATA *next = d->next;
+
+        d->free_func(d->data);
+        OPENSSL_free(d);
+
+        d = next;
+    }
+    *ex_data = NULL;
+}
 
 /* this has 'package' visibility */
 void EC_EX_DATA_clear_free_all_data(EC_EXTRA_DATA **ex_data)
-	{
-	EC_EXTRA_DATA *d;
-
-	if (ex_data == NULL)
-		return;
-
-	d = *ex_data;
-	while (d)
-		{
-		EC_EXTRA_DATA *next = d->next;
-		
-		d->clear_free_func(d->data);
-		OPENSSL_free(d);
-		
-		d = next;
-		}
-	*ex_data = NULL;
-	}
+{
+    EC_EXTRA_DATA *d;
+
+    if (ex_data == NULL)
+        return;
+
+    d = *ex_data;
+    while (d) {
+        EC_EXTRA_DATA *next = d->next;
 
+        d->clear_free_func(d->data);
+        OPENSSL_free(d);
+
+        d = next;
+    }
+    *ex_data = NULL;
+}
 
 /* functions for EC_POINT objects */
 
 EC_POINT *EC_POINT_new(const EC_GROUP *group)
-	{
-	EC_POINT *ret;
-
-	if (group == NULL)
-		{
-		ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	if (group->meth->point_init == 0)
-		{
-		ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return NULL;
-		}
-
-	ret = OPENSSL_malloc(sizeof *ret);
-	if (ret == NULL)
-		{
-		ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	ret->meth = group->meth;
-	
-	if (!ret->meth->point_init(ret))
-		{
-		OPENSSL_free(ret);
-		return NULL;
-		}
-	
-	return ret;
-	}
-
+{
+    EC_POINT *ret;
+
+    if (group == NULL) {
+        ECerr(EC_F_EC_POINT_NEW, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (group->meth->point_init == 0) {
+        ECerr(EC_F_EC_POINT_NEW, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return NULL;
+    }
+
+    ret = OPENSSL_malloc(sizeof *ret);
+    if (ret == NULL) {
+        ECerr(EC_F_EC_POINT_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->meth = group->meth;
+
+    if (!ret->meth->point_init(ret)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    return ret;
+}
 
 void EC_POINT_free(EC_POINT *point)
-	{
-	if (!point) return;
+{
+    if (!point)
+        return;
 
-	if (point->meth->point_finish != 0)
-		point->meth->point_finish(point);
-	OPENSSL_free(point);
-	}
- 
+    if (point->meth->point_finish != 0)
+        point->meth->point_finish(point);
+    OPENSSL_free(point);
+}
 
 void EC_POINT_clear_free(EC_POINT *point)
-	{
-	if (!point) return;
-
-	if (point->meth->point_clear_finish != 0)
-		point->meth->point_clear_finish(point);
-	else if (point->meth != NULL && point->meth->point_finish != 0)
-		point->meth->point_finish(point);
-	OPENSSL_cleanse(point, sizeof *point);
-	OPENSSL_free(point);
-	}
-
+{
+    if (!point)
+        return;
+
+    if (point->meth->point_clear_finish != 0)
+        point->meth->point_clear_finish(point);
+    else if (point->meth != NULL && point->meth->point_finish != 0)
+        point->meth->point_finish(point);
+    OPENSSL_cleanse(point, sizeof *point);
+    OPENSSL_free(point);
+}
 
 int EC_POINT_copy(EC_POINT *dest, const EC_POINT *src)
-	{
-	if (dest->meth->point_copy == 0)
-		{
-		ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (dest->meth != src->meth)
-		{
-		ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	if (dest == src)
-		return 1;
-	return dest->meth->point_copy(dest, src);
-	}
-
+{
+    if (dest->meth->point_copy == 0) {
+        ECerr(EC_F_EC_POINT_COPY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (dest->meth != src->meth) {
+        ECerr(EC_F_EC_POINT_COPY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    if (dest == src)
+        return 1;
+    return dest->meth->point_copy(dest, src);
+}
 
 EC_POINT *EC_POINT_dup(const EC_POINT *a, const EC_GROUP *group)
-	{
-	EC_POINT *t;
-	int r;
-
-	if (a == NULL) return NULL;
-
-	t = EC_POINT_new(group);
-	if (t == NULL) return(NULL);
-	r = EC_POINT_copy(t, a);
-	if (!r)
-		{
-		EC_POINT_free(t);
-		return NULL;
-		}
-	else return t;
-	}
-
+{
+    EC_POINT *t;
+    int r;
+
+    if (a == NULL)
+        return NULL;
+
+    t = EC_POINT_new(group);
+    if (t == NULL)
+        return (NULL);
+    r = EC_POINT_copy(t, a);
+    if (!r) {
+        EC_POINT_free(t);
+        return NULL;
+    } else
+        return t;
+}
 
 const EC_METHOD *EC_POINT_method_of(const EC_POINT *point)
-	{
-	return point->meth;
-	}
-
+{
+    return point->meth;
+}
 
 int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
-	{
-	if (group->meth->point_set_to_infinity == 0)
-		{
-		ECerr(EC_F_EC_POINT_SET_TO_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_set_to_infinity(group, point);
-	}
-
-
-int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
-	{
-	if (group->meth->point_set_Jprojective_coordinates_GFp == 0)
-		{
-		ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
-	}
-
-
-int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
-	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
-	{
-	if (group->meth->point_get_Jprojective_coordinates_GFp == 0)
-		{
-		ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x, y, z, ctx);
-	}
-
-
-int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
-	{
-	if (group->meth->point_set_affine_coordinates == 0)
-		{
-		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
-	}
-
-
-int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
-	{
-	if (group->meth->point_set_affine_coordinates == 0)
-		{
-		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
-	}
-
-
-int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
-	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
-	{
-	if (group->meth->point_get_affine_coordinates == 0)
-		{
-		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
-	}
-
-
-int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, const EC_POINT *point,
-	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
-	{
-	if (group->meth->point_get_affine_coordinates == 0)
-		{
-		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
-	}
-
-
-int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, int y_bit, BN_CTX *ctx)
-	{
-	if (group->meth->point_set_compressed_coordinates == 0)
-		{
-		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
-	}
-
-
-int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, int y_bit, BN_CTX *ctx)
-	{
-	if (group->meth->point_set_compressed_coordinates == 0)
-		{
-		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point_set_compressed_coordinates(group, point, x, y_bit, ctx);
-	}
-
-
-size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
-        unsigned char *buf, size_t len, BN_CTX *ctx)
-	{
-	if (group->meth->point2oct == 0)
-		{
-		ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->point2oct(group, point, form, buf, len, ctx);
-	}
-
+{
+    if (group->meth->point_set_to_infinity == 0) {
+        ECerr(EC_F_EC_POINT_SET_TO_INFINITY,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_SET_TO_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_set_to_infinity(group, point);
+}
+
+int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             EC_POINT *point, const BIGNUM *x,
+                                             const BIGNUM *y, const BIGNUM *z,
+                                             BN_CTX *ctx)
+{
+    if (group->meth->point_set_Jprojective_coordinates_GFp == 0) {
+        ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_SET_JPROJECTIVE_COORDINATES_GFP,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_set_Jprojective_coordinates_GFp(group, point, x,
+                                                              y, z, ctx);
+}
+
+int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                             const EC_POINT *point, BIGNUM *x,
+                                             BIGNUM *y, BIGNUM *z,
+                                             BN_CTX *ctx)
+{
+    if (group->meth->point_get_Jprojective_coordinates_GFp == 0) {
+        ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_GET_JPROJECTIVE_COORDINATES_GFP,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_get_Jprojective_coordinates_GFp(group, point, x,
+                                                              y, z, ctx);
+}
+
+int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group,
+                                        EC_POINT *point, const BIGNUM *x,
+                                        const BIGNUM *y, BN_CTX *ctx)
+{
+    if (group->meth->point_set_affine_coordinates == 0) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GFP,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
+}
+
+int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group,
+                                         EC_POINT *point, const BIGNUM *x,
+                                         const BIGNUM *y, BN_CTX *ctx)
+{
+    if (group->meth->point_set_affine_coordinates == 0) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_SET_AFFINE_COORDINATES_GF2M,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_set_affine_coordinates(group, point, x, y, ctx);
+}
+
+int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group,
+                                        const EC_POINT *point, BIGNUM *x,
+                                        BIGNUM *y, BN_CTX *ctx)
+{
+    if (group->meth->point_get_affine_coordinates == 0) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GFP,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
+}
+
+int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group,
+                                         const EC_POINT *point, BIGNUM *x,
+                                         BIGNUM *y, BN_CTX *ctx)
+{
+    if (group->meth->point_get_affine_coordinates == 0) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_GET_AFFINE_COORDINATES_GF2M,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_get_affine_coordinates(group, point, x, y, ctx);
+}
+
+int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group,
+                                            EC_POINT *point, const BIGNUM *x,
+                                            int y_bit, BN_CTX *ctx)
+{
+    if (group->meth->point_set_compressed_coordinates == 0) {
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GFP,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_set_compressed_coordinates(group, point, x,
+                                                         y_bit, ctx);
+}
+
+int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group,
+                                             EC_POINT *point, const BIGNUM *x,
+                                             int y_bit, BN_CTX *ctx)
+{
+    if (group->meth->point_set_compressed_coordinates == 0) {
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_SET_COMPRESSED_COORDINATES_GF2M,
+              EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point_set_compressed_coordinates(group, point, x,
+                                                         y_bit, ctx);
+}
+
+size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *point,
+                          point_conversion_form_t form, unsigned char *buf,
+                          size_t len, BN_CTX *ctx)
+{
+    if (group->meth->point2oct == 0) {
+        ECerr(EC_F_EC_POINT_POINT2OCT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_POINT2OCT, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->point2oct(group, point, form, buf, len, ctx);
+}
 
 int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *point,
-        const unsigned char *buf, size_t len, BN_CTX *ctx)
-	{
-	if (group->meth->oct2point == 0)
-		{
-		ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->oct2point(group, point, buf, len, ctx);
-	}
-
-
-int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-	{
-	if (group->meth->add == 0)
-		{
-		ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if ((group->meth != r->meth) || (r->meth != a->meth) || (a->meth != b->meth))
-		{
-		ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->add(group, r, a, b, ctx);
-	}
-
-
-int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
-	{
-	if (group->meth->dbl == 0)
-		{
-		ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if ((group->meth != r->meth) || (r->meth != a->meth))
-		{
-		ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->dbl(group, r, a, ctx);
-	}
-
+                       const unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    if (group->meth->oct2point == 0) {
+        ECerr(EC_F_EC_POINT_OCT2POINT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_OCT2POINT, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->oct2point(group, point, buf, len, ctx);
+}
+
+int EC_POINT_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 const EC_POINT *b, BN_CTX *ctx)
+{
+    if (group->meth->add == 0) {
+        ECerr(EC_F_EC_POINT_ADD, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if ((group->meth != r->meth) || (r->meth != a->meth)
+        || (a->meth != b->meth)) {
+        ECerr(EC_F_EC_POINT_ADD, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->add(group, r, a, b, ctx);
+}
+
+int EC_POINT_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                 BN_CTX *ctx)
+{
+    if (group->meth->dbl == 0) {
+        ECerr(EC_F_EC_POINT_DBL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if ((group->meth != r->meth) || (r->meth != a->meth)) {
+        ECerr(EC_F_EC_POINT_DBL, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->dbl(group, r, a, ctx);
+}
 
 int EC_POINT_invert(const EC_GROUP *group, EC_POINT *a, BN_CTX *ctx)
-	{
-	if (group->meth->invert == 0)
-		{
-		ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != a->meth)
-		{
-		ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->invert(group, a, ctx);
-	}
-
+{
+    if (group->meth->invert == 0) {
+        ECerr(EC_F_EC_POINT_INVERT, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != a->meth) {
+        ECerr(EC_F_EC_POINT_INVERT, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->invert(group, a, ctx);
+}
 
 int EC_POINT_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
-	{
-	if (group->meth->is_at_infinity == 0)
-		{
-		ECerr(EC_F_EC_POINT_IS_AT_INFINITY, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->is_at_infinity(group, point);
-	}
-
-
-int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
-	{
-	if (group->meth->is_on_curve == 0)
-		{
-		ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->is_on_curve(group, point, ctx);
-	}
-
-
-int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-	{
-	if (group->meth->point_cmp == 0)
-		{
-		ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return -1;
-		}
-	if ((group->meth != a->meth) || (a->meth != b->meth))
-		{
-		ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
-		return -1;
-		}
-	return group->meth->point_cmp(group, a, b, ctx);
-	}
-
+{
+    if (group->meth->is_at_infinity == 0) {
+        ECerr(EC_F_EC_POINT_IS_AT_INFINITY,
+              ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_IS_AT_INFINITY, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->is_at_infinity(group, point);
+}
+
+int EC_POINT_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                         BN_CTX *ctx)
+{
+    if (group->meth->is_on_curve == 0) {
+        ECerr(EC_F_EC_POINT_IS_ON_CURVE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_IS_ON_CURVE, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->is_on_curve(group, point, ctx);
+}
+
+int EC_POINT_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
+                 BN_CTX *ctx)
+{
+    if (group->meth->point_cmp == 0) {
+        ECerr(EC_F_EC_POINT_CMP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return -1;
+    }
+    if ((group->meth != a->meth) || (a->meth != b->meth)) {
+        ECerr(EC_F_EC_POINT_CMP, EC_R_INCOMPATIBLE_OBJECTS);
+        return -1;
+    }
+    return group->meth->point_cmp(group, a, b, ctx);
+}
 
 int EC_POINT_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
-	{
-	if (group->meth->make_affine == 0)
-		{
-		ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	if (group->meth != point->meth)
-		{
-		ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-	return group->meth->make_affine(group, point, ctx);
-	}
-
-
-int EC_POINTs_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
-	{
-	size_t i;
-
-	if (group->meth->points_make_affine == 0)
-		{
-		ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-		return 0;
-		}
-	for (i = 0; i < num; i++)
-		{
-		if (group->meth != points[i]->meth)
-			{
-			ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
-			return 0;
-			}
-		}
-	return group->meth->points_make_affine(group, num, points, ctx);
-	}
-
-
-/* Functions for point multiplication.
- *
- * If group->meth->mul is 0, we use the wNAF-based implementations in ec_mult.c;
- * otherwise we dispatch through methods.
+{
+    if (group->meth->make_affine == 0) {
+        ECerr(EC_F_EC_POINT_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    if (group->meth != point->meth) {
+        ECerr(EC_F_EC_POINT_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+    return group->meth->make_affine(group, point, ctx);
+}
+
+int EC_POINTs_make_affine(const EC_GROUP *group, size_t num,
+                          EC_POINT *points[], BN_CTX *ctx)
+{
+    size_t i;
+
+    if (group->meth->points_make_affine == 0) {
+        ECerr(EC_F_EC_POINTS_MAKE_AFFINE, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+        return 0;
+    }
+    for (i = 0; i < num; i++) {
+        if (group->meth != points[i]->meth) {
+            ECerr(EC_F_EC_POINTS_MAKE_AFFINE, EC_R_INCOMPATIBLE_OBJECTS);
+            return 0;
+        }
+    }
+    return group->meth->points_make_affine(group, num, points, ctx);
+}
+
+/*
+ * Functions for point multiplication. If group->meth->mul is 0, we use the
+ * wNAF-based implementations in ec_mult.c; otherwise we dispatch through
+ * methods.
  */
 
 int EC_POINTs_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
-	{
-	if (group->meth->mul == 0)
-		/* use default */
-		return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
+                  size_t num, const EC_POINT *points[],
+                  const BIGNUM *scalars[], BN_CTX *ctx)
+{
+    if (group->meth->mul == 0)
+        /* use default */
+        return ec_wNAF_mul(group, r, scalar, num, points, scalars, ctx);
 
-	return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
-	}
+    return group->meth->mul(group, r, scalar, num, points, scalars, ctx);
+}
 
 int EC_POINT_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
-	const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
-	{
-	/* just a convenient interface to EC_POINTs_mul() */
+                 const EC_POINT *point, const BIGNUM *p_scalar, BN_CTX *ctx)
+{
+    /* just a convenient interface to EC_POINTs_mul() */
 
-	const EC_POINT *points[1];
-	const BIGNUM *scalars[1];
+    const EC_POINT *points[1];
+    const BIGNUM *scalars[1];
 
-	points[0] = point;
-	scalars[0] = p_scalar;
+    points[0] = point;
+    scalars[0] = p_scalar;
 
-	return EC_POINTs_mul(group, r, g_scalar, (point != NULL && p_scalar != NULL), points, scalars, ctx);
-	}
+    return EC_POINTs_mul(group, r, g_scalar,
+                         (point != NULL
+                          && p_scalar != NULL), points, scalars, ctx);
+}
 
 int EC_GROUP_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
-	{
-	if (group->meth->mul == 0)
-		/* use default */
-		return ec_wNAF_precompute_mult(group, ctx);
+{
+    if (group->meth->mul == 0)
+        /* use default */
+        return ec_wNAF_precompute_mult(group, ctx);
 
-	if (group->meth->precompute_mult != 0)
-		return group->meth->precompute_mult(group, ctx);
-	else
-		return 1; /* nothing to do, so report success */
-	}
+    if (group->meth->precompute_mult != 0)
+        return group->meth->precompute_mult(group, ctx);
+    else
+        return 1;               /* nothing to do, so report success */
+}
 
 int EC_GROUP_have_precompute_mult(const EC_GROUP *group)
-	{
-	if (group->meth->mul == 0)
-		/* use default */
-		return ec_wNAF_have_precompute_mult(group);
-
-	if (group->meth->have_precompute_mult != 0)
-		return group->meth->have_precompute_mult(group);
-	else
-		return 0; /* cannot tell whether precomputation has been performed */
-	}
+{
+    if (group->meth->mul == 0)
+        /* use default */
+        return ec_wNAF_have_precompute_mult(group);
+
+    if (group->meth->have_precompute_mult != 0)
+        return group->meth->have_precompute_mult(group);
+    else
+        return 0;               /* cannot tell whether precomputation has
+                                 * been performed */
+}
diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_mult.c b/Cryptlib/OpenSSL/crypto/ec/ec_mult.c
index ee422697..333cbc9c 100644
--- a/Cryptlib/OpenSSL/crypto/ec/ec_mult.c
+++ b/Cryptlib/OpenSSL/crypto/ec/ec_mult.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -67,7 +67,6 @@
 
 #include "ec_lcl.h"
 
-
 /*
  * This file implements the wNAF-based interleaving multi-exponentation method
  * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#multiexp>);
@@ -75,114 +74,107 @@
  * (<URL:http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller.html#fastexp>).
  */
 
-
-
-
 /* structure for precomputed multiples of the generator */
 typedef struct ec_pre_comp_st {
-	const EC_GROUP *group; /* parent EC_GROUP object */
-	size_t blocksize;      /* block size for wNAF splitting */
-	size_t numblocks;      /* max. number of blocks for which we have precomputation */
-	size_t w;              /* window size */
-	EC_POINT **points;     /* array with pre-calculated multiples of generator:
-	                        * 'num' pointers to EC_POINT objects followed by a NULL */
-	size_t num;            /* numblocks * 2^(w-1) */
-	int references;
+    const EC_GROUP *group;      /* parent EC_GROUP object */
+    size_t blocksize;           /* block size for wNAF splitting */
+    size_t numblocks;           /* max. number of blocks for which we have
+                                 * precomputation */
+    size_t w;                   /* window size */
+    EC_POINT **points;          /* array with pre-calculated multiples of
+                                 * generator: 'num' pointers to EC_POINT
+                                 * objects followed by a NULL */
+    size_t num;                 /* numblocks * 2^(w-1) */
+    int references;
 } EC_PRE_COMP;
- 
+
 /* functions to manage EC_PRE_COMP within the EC_GROUP extra_data framework */
 static void *ec_pre_comp_dup(void *);
 static void ec_pre_comp_free(void *);
 static void ec_pre_comp_clear_free(void *);
 
 static EC_PRE_COMP *ec_pre_comp_new(const EC_GROUP *group)
-	{
-	EC_PRE_COMP *ret = NULL;
-
-	if (!group)
-		return NULL;
-
-	ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP));
-	if (!ret)
-		{
-		ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
-		return ret;
-		}
-	ret->group = group;
-	ret->blocksize = 8; /* default */
-	ret->numblocks = 0;
-	ret->w = 4; /* default */
-	ret->points = NULL;
-	ret->num = 0;
-	ret->references = 1;
-	return ret;
-	}
+{
+    EC_PRE_COMP *ret = NULL;
+
+    if (!group)
+        return NULL;
+
+    ret = (EC_PRE_COMP *)OPENSSL_malloc(sizeof(EC_PRE_COMP));
+    if (!ret) {
+        ECerr(EC_F_EC_PRE_COMP_NEW, ERR_R_MALLOC_FAILURE);
+        return ret;
+    }
+    ret->group = group;
+    ret->blocksize = 8;         /* default */
+    ret->numblocks = 0;
+    ret->w = 4;                 /* default */
+    ret->points = NULL;
+    ret->num = 0;
+    ret->references = 1;
+    return ret;
+}
 
 static void *ec_pre_comp_dup(void *src_)
-	{
-	EC_PRE_COMP *src = src_;
+{
+    EC_PRE_COMP *src = src_;
 
-	/* no need to actually copy, these objects never change! */
+    /* no need to actually copy, these objects never change! */
 
-	CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
+    CRYPTO_add(&src->references, 1, CRYPTO_LOCK_EC_PRE_COMP);
 
-	return src_;
-	}
+    return src_;
+}
 
 static void ec_pre_comp_free(void *pre_)
-	{
-	int i;
-	EC_PRE_COMP *pre = pre_;
+{
+    int i;
+    EC_PRE_COMP *pre = pre_;
 
-	if (!pre)
-		return;
+    if (!pre)
+        return;
 
-	i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
-	if (i > 0)
-		return;
+    i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
+    if (i > 0)
+        return;
 
-	if (pre->points)
-		{
-		EC_POINT **p;
+    if (pre->points) {
+        EC_POINT **p;
 
-		for (p = pre->points; *p != NULL; p++)
-			EC_POINT_free(*p);
-		OPENSSL_free(pre->points);
-		}
-	OPENSSL_free(pre);
-	}
+        for (p = pre->points; *p != NULL; p++)
+            EC_POINT_free(*p);
+        OPENSSL_free(pre->points);
+    }
+    OPENSSL_free(pre);
+}
 
 static void ec_pre_comp_clear_free(void *pre_)
-	{
-	int i;
-	EC_PRE_COMP *pre = pre_;
-
-	if (!pre)
-		return;
-
-	i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
-	if (i > 0)
-		return;
-
-	if (pre->points)
-		{
-		EC_POINT **p;
-
-		for (p = pre->points; *p != NULL; p++)
-			{
-			EC_POINT_clear_free(*p);
-			OPENSSL_cleanse(p, sizeof *p);
-			}
-		OPENSSL_free(pre->points);
-		}
-	OPENSSL_cleanse(pre, sizeof *pre);
-	OPENSSL_free(pre);
-	}
-
-
-
-
-/* Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
+{
+    int i;
+    EC_PRE_COMP *pre = pre_;
+
+    if (!pre)
+        return;
+
+    i = CRYPTO_add(&pre->references, -1, CRYPTO_LOCK_EC_PRE_COMP);
+    if (i > 0)
+        return;
+
+    if (pre->points) {
+        EC_POINT **p;
+
+        for (p = pre->points; *p != NULL; p++) {
+            EC_POINT_clear_free(*p);
+            OPENSSL_cleanse(p, sizeof *p);
+        }
+        OPENSSL_free(pre->points);
+    }
+    OPENSSL_cleanse(pre, sizeof *pre);
+    OPENSSL_free(pre);
+}
+
+/*-
+ * Determine the modified width-(w+1) Non-Adjacent Form (wNAF) of 'scalar'.
  * This is an array  r[]  of values that are either zero or odd with an
  * absolute value less than  2^w  satisfying
  *     scalar = \sum_j r[j]*2^j
@@ -191,562 +183,544 @@ static void ec_pre_comp_clear_free(void *pre_)
  * w-1 zeros away from that next non-zero digit.
  */
 static signed char *compute_wNAF(const BIGNUM *scalar, int w, size_t *ret_len)
-	{
-	int window_val;
-	int ok = 0;
-	signed char *r = NULL;
-	int sign = 1;
-	int bit, next_bit, mask;
-	size_t len = 0, j;
-	
-	if (BN_is_zero(scalar))
-		{
-		r = OPENSSL_malloc(1);
-		if (!r)
-			{
-			ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		r[0] = 0;
-		*ret_len = 1;
-		return r;
-		}
-		
-	if (w <= 0 || w > 7) /* 'signed char' can represent integers with absolute values less than 2^7 */
-		{
-		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-	bit = 1 << w; /* at most 128 */
-	next_bit = bit << 1; /* at most 256 */
-	mask = next_bit - 1; /* at most 255 */
-
-	if (BN_is_negative(scalar))
-		{
-		sign = -1;
-		}
-
-	len = BN_num_bits(scalar);
-	r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer than binary representation
-	                              * (*ret_len will be set to the actual length, i.e. at most
-	                              * BN_num_bits(scalar) + 1) */
-	if (r == NULL)
-		{
-		ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (scalar->d == NULL || scalar->top == 0)
-		{
-		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-	window_val = scalar->d[0] & mask;
-	j = 0;
-	while ((window_val != 0) || (j + w + 1 < len)) /* if j+w+1 >= len, window_val will not increase */
-		{
-		int digit = 0;
-
-		/* 0 <= window_val <= 2^(w+1) */
-
-		if (window_val & 1)
-			{
-			/* 0 < window_val < 2^(w+1) */
-
-			if (window_val & bit)
-				{
-				digit = window_val - next_bit; /* -2^w < digit < 0 */
-
-#if 1 /* modified wNAF */
-				if (j + w + 1 >= len)
-					{
-					/* special case for generating modified wNAFs:
-					 * no new bits will be added into window_val,
-					 * so using a positive digit here will decrease
-					 * the total length of the representation */
-					
-					digit = window_val & (mask >> 1); /* 0 < digit < 2^w */
-					}
+{
+    int window_val;
+    int ok = 0;
+    signed char *r = NULL;
+    int sign = 1;
+    int bit, next_bit, mask;
+    size_t len = 0, j;
+
+    if (BN_is_zero(scalar)) {
+        r = OPENSSL_malloc(1);
+        if (!r) {
+            ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        r[0] = 0;
+        *ret_len = 1;
+        return r;
+    }
+
+    if (w <= 0 || w > 7) {      /* 'signed char' can represent integers with
+                                 * absolute values less than 2^7 */
+        ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    bit = 1 << w;               /* at most 128 */
+    next_bit = bit << 1;        /* at most 256 */
+    mask = next_bit - 1;        /* at most 255 */
+
+    if (BN_is_negative(scalar)) {
+        sign = -1;
+    }
+
+    len = BN_num_bits(scalar);
+    r = OPENSSL_malloc(len + 1); /* modified wNAF may be one digit longer
+                                  * than binary representation (*ret_len will
+                                  * be set to the actual length, i.e. at most
+                                  * BN_num_bits(scalar) + 1) */
+    if (r == NULL) {
+        ECerr(EC_F_COMPUTE_WNAF, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (scalar->d == NULL || scalar->top == 0) {
+        ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    window_val = scalar->d[0] & mask;
+    j = 0;
+    while ((window_val != 0) || (j + w + 1 < len)) { /* if j+w+1 >= len,
+                                                      * window_val will not
+                                                      * increase */
+        int digit = 0;
+
+        /* 0 <= window_val <= 2^(w+1) */
+
+        if (window_val & 1) {
+            /* 0 < window_val < 2^(w+1) */
+
+            if (window_val & bit) {
+                digit = window_val - next_bit; /* -2^w < digit < 0 */
+
+#if 1                           /* modified wNAF */
+                if (j + w + 1 >= len) {
+                    /*
+                     * special case for generating modified wNAFs: no new
+                     * bits will be added into window_val, so using a
+                     * positive digit here will decrease the total length of
+                     * the representation
+                     */
+
+                    digit = window_val & (mask >> 1); /* 0 < digit < 2^w */
+                }
 #endif
-				}
-			else
-				{
-				digit = window_val; /* 0 < digit < 2^w */
-				}
-			
-			if (digit <= -bit || digit >= bit || !(digit & 1))
-				{
-				ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-
-			window_val -= digit;
-
-			/* now window_val is 0 or 2^(w+1) in standard wNAF generation;
-			 * for modified window NAFs, it may also be 2^w
-			 */
-			if (window_val != 0 && window_val != next_bit && window_val != bit)
-				{
-				ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			}
-
-		r[j++] = sign * digit;
-
-		window_val >>= 1;
-		window_val += bit * BN_is_bit_set(scalar, j + w);
-
-		if (window_val > next_bit)
-			{
-			ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		}
-
-	if (j > len + 1)
-		{
-		ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-	len = j;
-	ok = 1;
+            } else {
+                digit = window_val; /* 0 < digit < 2^w */
+            }
+
+            if (digit <= -bit || digit >= bit || !(digit & 1)) {
+                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            window_val -= digit;
+
+            /*
+             * now window_val is 0 or 2^(w+1) in standard wNAF generation;
+             * for modified window NAFs, it may also be 2^w
+             */
+            if (window_val != 0 && window_val != next_bit
+                && window_val != bit) {
+                ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        }
+
+        r[j++] = sign * digit;
+
+        window_val >>= 1;
+        window_val += bit * BN_is_bit_set(scalar, j + w);
+
+        if (window_val > next_bit) {
+            ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (j > len + 1) {
+        ECerr(EC_F_COMPUTE_WNAF, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    len = j;
+    ok = 1;
 
  err:
-	if (!ok)
-		{
-		OPENSSL_free(r);
-		r = NULL;
-		}
-	if (ok)
-		*ret_len = len;
-	return r;
-	}
-
-
-/* TODO: table should be optimised for the wNAF-based implementation,
- *       sometimes smaller windows will give better performance
- *       (thus the boundaries should be increased)
+    if (!ok) {
+        OPENSSL_free(r);
+        r = NULL;
+    }
+    if (ok)
+        *ret_len = len;
+    return r;
+}
+
+/*
+ * TODO: table should be optimised for the wNAF-based implementation,
+ * sometimes smaller windows will give better performance (thus the
+ * boundaries should be increased)
  */
 #define EC_window_bits_for_scalar_size(b) \
-		((size_t) \
-		 ((b) >= 2000 ? 6 : \
-		  (b) >=  800 ? 5 : \
-		  (b) >=  300 ? 4 : \
-		  (b) >=   70 ? 3 : \
-		  (b) >=   20 ? 2 : \
-		  1))
-
-/* Compute
+                ((size_t) \
+                 ((b) >= 2000 ? 6 : \
+                  (b) >=  800 ? 5 : \
+                  (b) >=  300 ? 4 : \
+                  (b) >=   70 ? 3 : \
+                  (b) >=   20 ? 2 : \
+                  1))
+
+/*-
+ * Compute
  *      \sum scalars[i]*points[i],
  * also including
  *      scalar*generator
  * in the addition if scalar != NULL
  */
 int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
-	size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	const EC_POINT *generator = NULL;
-	EC_POINT *tmp = NULL;
-	size_t totalnum;
-	size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */
-	size_t pre_points_per_block = 0;
-	size_t i, j;
-	int k;
-	int r_is_inverted = 0;
-	int r_is_at_infinity = 1;
-	size_t *wsize = NULL; /* individual window sizes */
-	signed char **wNAF = NULL; /* individual wNAFs */
-	size_t *wNAF_len = NULL;
-	size_t max_len = 0;
-	size_t num_val;
-	EC_POINT **val = NULL; /* precomputation */
-	EC_POINT **v;
-	EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or 'pre_comp->points' */
-	const EC_PRE_COMP *pre_comp = NULL;
-	int num_scalar = 0; /* flag: will be set to 1 if 'scalar' must be treated like other scalars,
-	                     * i.e. precomputation is not available */
-	int ret = 0;
-	
-	if (group->meth != r->meth)
-		{
-		ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-		return 0;
-		}
-
-	if ((scalar == NULL) && (num == 0))
-		{
-		return EC_POINT_set_to_infinity(group, r);
-		}
-
-	for (i = 0; i < num; i++)
-		{
-		if (group->meth != points[i]->meth)
-			{
-			ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
-			return 0;
-			}
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			goto err;
-		}
-
-	if (scalar != NULL)
-		{
-		generator = EC_GROUP_get0_generator(group);
-		if (generator == NULL)
-			{
-			ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR);
-			goto err;
-			}
-		
-		/* look if we can use precomputed multiples of generator */
-
-		pre_comp = EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);
-
-		if (pre_comp && pre_comp->numblocks && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) == 0))
-			{
-			blocksize = pre_comp->blocksize;
-
-			/* determine maximum number of blocks that wNAF splitting may yield
-			 * (NB: maximum wNAF length is bit length plus one) */
-			numblocks = (BN_num_bits(scalar) / blocksize) + 1;
-
-			/* we cannot use more blocks than we have precomputation for */
-			if (numblocks > pre_comp->numblocks)
-				numblocks = pre_comp->numblocks;
-
-			pre_points_per_block = 1u << (pre_comp->w - 1);
-
-			/* check that pre_comp looks sane */
-			if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block))
-				{
-				ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			}
-		else
-			{
-			/* can't use precomputation */
-			pre_comp = NULL;
-			numblocks = 1;
-			num_scalar = 1; /* treat 'scalar' like 'num'-th element of 'scalars' */
-			}
-		}
-	
-	totalnum = num + numblocks;
-
-	wsize    = OPENSSL_malloc(totalnum * sizeof wsize[0]);
-	wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
-	wNAF     = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space for pivot */
-	val_sub  = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
-		 
-	if (!wsize || !wNAF_len || !wNAF || !val_sub)
-		{
-		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	wNAF[0] = NULL;	/* preliminary pivot */
-
-	/* num_val will be the total number of temporarily precomputed points */
-	num_val = 0;
-
-	for (i = 0; i < num + num_scalar; i++)
-		{
-		size_t bits;
-
-		bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
-		wsize[i] = EC_window_bits_for_scalar_size(bits);
-		num_val += 1u << (wsize[i] - 1);
-		wNAF[i + 1] = NULL; /* make sure we always have a pivot */
-		wNAF[i] = compute_wNAF((i < num ? scalars[i] : scalar), wsize[i], &wNAF_len[i]);
-		if (wNAF[i] == NULL)
-			goto err;
-		if (wNAF_len[i] > max_len)
-			max_len = wNAF_len[i];
-		}
-
-	if (numblocks)
-		{
-		/* we go here iff scalar != NULL */
-		
-		if (pre_comp == NULL)
-			{
-			if (num_scalar != 1)
-				{
-				ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			/* we have already generated a wNAF for 'scalar' */
-			}
-		else
-			{
-			signed char *tmp_wNAF = NULL;
-			size_t tmp_len = 0;
-			
-			if (num_scalar != 0)
-				{
-				ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-
-			/* use the window size for which we have precomputation */
-			wsize[num] = pre_comp->w;
-			tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len);
-			if (!tmp_wNAF)
-				goto err;
-
-			if (tmp_len <= max_len)
-				{
-				/* One of the other wNAFs is at least as long
-				 * as the wNAF belonging to the generator,
-				 * so wNAF splitting will not buy us anything. */
-
-				numblocks = 1;
-				totalnum = num + 1; /* don't use wNAF splitting */
-				wNAF[num] = tmp_wNAF;
-				wNAF[num + 1] = NULL;
-				wNAF_len[num] = tmp_len;
-				if (tmp_len > max_len)
-					max_len = tmp_len;
-				/* pre_comp->points starts with the points that we need here: */
-				val_sub[num] = pre_comp->points;
-				}
-			else
-				{
-				/* don't include tmp_wNAF directly into wNAF array
-				 * - use wNAF splitting and include the blocks */
-
-				signed char *pp;
-				EC_POINT **tmp_points;
-				
-				if (tmp_len < numblocks * blocksize)
-					{
-					/* possibly we can do with fewer blocks than estimated */
-					numblocks = (tmp_len + blocksize - 1) / blocksize;
-					if (numblocks > pre_comp->numblocks)
-						{
-						ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-						goto err;
-						}
-					totalnum = num + numblocks;
-					}
-				
-				/* split wNAF in 'numblocks' parts */
-				pp = tmp_wNAF;
-				tmp_points = pre_comp->points;
-
-				for (i = num; i < totalnum; i++)
-					{
-					if (i < totalnum - 1)
-						{
-						wNAF_len[i] = blocksize;
-						if (tmp_len < blocksize)
-							{
-							ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-							goto err;
-							}
-						tmp_len -= blocksize;
-						}
-					else
-						/* last block gets whatever is left
-						 * (this could be more or less than 'blocksize'!) */
-						wNAF_len[i] = tmp_len;
-					
-					wNAF[i + 1] = NULL;
-					wNAF[i] = OPENSSL_malloc(wNAF_len[i]);
-					if (wNAF[i] == NULL)
-						{
-						ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
-						OPENSSL_free(tmp_wNAF);
-						goto err;
-						}
-					memcpy(wNAF[i], pp, wNAF_len[i]);
-					if (wNAF_len[i] > max_len)
-						max_len = wNAF_len[i];
-
-					if (*tmp_points == NULL)
-						{
-						ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-						OPENSSL_free(tmp_wNAF);
-						goto err;
-						}
-					val_sub[i] = tmp_points;
-					tmp_points += pre_points_per_block;
-					pp += blocksize;
-					}
-				OPENSSL_free(tmp_wNAF);
-				}
-			}
-		}
-
-	/* All points we precompute now go into a single array 'val'.
-	 * 'val_sub[i]' is a pointer to the subarray for the i-th point,
-	 * or to a subarray of 'pre_comp->points' if we already have precomputation. */
-	val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);
-	if (val == NULL)
-		{
-		ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	val[num_val] = NULL; /* pivot element */
-
-	/* allocate points for precomputation */
-	v = val;
-	for (i = 0; i < num + num_scalar; i++)
-		{
-		val_sub[i] = v;
-		for (j = 0; j < (1u << (wsize[i] - 1)); j++)
-			{
-			*v = EC_POINT_new(group);
-			if (*v == NULL) goto err;
-			v++;
-			}
-		}
-	if (!(v == val + num_val))
-		{
-		ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-
-	if (!(tmp = EC_POINT_new(group)))
-		goto err;
-
-	/* prepare precomputed values:
-	 *    val_sub[i][0] :=     points[i]
-	 *    val_sub[i][1] := 3 * points[i]
-	 *    val_sub[i][2] := 5 * points[i]
-	 *    ...
-	 */
-	for (i = 0; i < num + num_scalar; i++)
-		{
-		if (i < num)
-			{
-			if (!EC_POINT_copy(val_sub[i][0], points[i])) goto err;
-			}
-		else
-			{
-			if (!EC_POINT_copy(val_sub[i][0], generator)) goto err;
-			}
-
-		if (wsize[i] > 1)
-			{
-			if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx)) goto err;
-			for (j = 1; j < (1u << (wsize[i] - 1)); j++)
-				{
-				if (!EC_POINT_add(group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx)) goto err;
-				}
-			}
-		}
-
-#if 1 /* optional; EC_window_bits_for_scalar_size assumes we do this step */
-	if (!EC_POINTs_make_affine(group, num_val, val, ctx))
-		goto err;
+                size_t num, const EC_POINT *points[], const BIGNUM *scalars[],
+                BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    const EC_POINT *generator = NULL;
+    EC_POINT *tmp = NULL;
+    size_t totalnum;
+    size_t blocksize = 0, numblocks = 0; /* for wNAF splitting */
+    size_t pre_points_per_block = 0;
+    size_t i, j;
+    int k;
+    int r_is_inverted = 0;
+    int r_is_at_infinity = 1;
+    size_t *wsize = NULL;       /* individual window sizes */
+    signed char **wNAF = NULL;  /* individual wNAFs */
+    size_t *wNAF_len = NULL;
+    size_t max_len = 0;
+    size_t num_val;
+    EC_POINT **val = NULL;      /* precomputation */
+    EC_POINT **v;
+    EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' or
+                                 * 'pre_comp->points' */
+    const EC_PRE_COMP *pre_comp = NULL;
+    int num_scalar = 0;         /* flag: will be set to 1 if 'scalar' must be
+                                 * treated like other scalars, i.e.
+                                 * precomputation is not available */
+    int ret = 0;
+
+    if (group->meth != r->meth) {
+        ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+        return 0;
+    }
+
+    if ((scalar == NULL) && (num == 0)) {
+        return EC_POINT_set_to_infinity(group, r);
+    }
+
+    for (i = 0; i < num; i++) {
+        if (group->meth != points[i]->meth) {
+            ECerr(EC_F_EC_WNAF_MUL, EC_R_INCOMPATIBLE_OBJECTS);
+            return 0;
+        }
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            goto err;
+    }
+
+    if (scalar != NULL) {
+        generator = EC_GROUP_get0_generator(group);
+        if (generator == NULL) {
+            ECerr(EC_F_EC_WNAF_MUL, EC_R_UNDEFINED_GENERATOR);
+            goto err;
+        }
+
+        /* look if we can use precomputed multiples of generator */
+
+        pre_comp =
+            EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup,
+                                ec_pre_comp_free, ec_pre_comp_clear_free);
+
+        if (pre_comp && pre_comp->numblocks
+            && (EC_POINT_cmp(group, generator, pre_comp->points[0], ctx) ==
+                0)) {
+            blocksize = pre_comp->blocksize;
+
+            /*
+             * determine maximum number of blocks that wNAF splitting may
+             * yield (NB: maximum wNAF length is bit length plus one)
+             */
+            numblocks = (BN_num_bits(scalar) / blocksize) + 1;
+
+            /*
+             * we cannot use more blocks than we have precomputation for
+             */
+            if (numblocks > pre_comp->numblocks)
+                numblocks = pre_comp->numblocks;
+
+            pre_points_per_block = 1u << (pre_comp->w - 1);
+
+            /* check that pre_comp looks sane */
+            if (pre_comp->num != (pre_comp->numblocks * pre_points_per_block)) {
+                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+        } else {
+            /* can't use precomputation */
+            pre_comp = NULL;
+            numblocks = 1;
+            num_scalar = 1;     /* treat 'scalar' like 'num'-th element of
+                                 * 'scalars' */
+        }
+    }
+
+    totalnum = num + numblocks;
+
+    wsize = OPENSSL_malloc(totalnum * sizeof wsize[0]);
+    wNAF_len = OPENSSL_malloc(totalnum * sizeof wNAF_len[0]);
+    wNAF = OPENSSL_malloc((totalnum + 1) * sizeof wNAF[0]); /* includes space
+                                                             * for pivot */
+    val_sub = OPENSSL_malloc(totalnum * sizeof val_sub[0]);
+
+    if (!wsize || !wNAF_len || !wNAF || !val_sub) {
+        ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    wNAF[0] = NULL;             /* preliminary pivot */
+
+    /*
+     * num_val will be the total number of temporarily precomputed points
+     */
+    num_val = 0;
+
+    for (i = 0; i < num + num_scalar; i++) {
+        size_t bits;
+
+        bits = i < num ? BN_num_bits(scalars[i]) : BN_num_bits(scalar);
+        wsize[i] = EC_window_bits_for_scalar_size(bits);
+        num_val += 1u << (wsize[i] - 1);
+        wNAF[i + 1] = NULL;     /* make sure we always have a pivot */
+        wNAF[i] =
+            compute_wNAF((i < num ? scalars[i] : scalar), wsize[i],
+                         &wNAF_len[i]);
+        if (wNAF[i] == NULL)
+            goto err;
+        if (wNAF_len[i] > max_len)
+            max_len = wNAF_len[i];
+    }
+
+    if (numblocks) {
+        /* we go here iff scalar != NULL */
+
+        if (pre_comp == NULL) {
+            if (num_scalar != 1) {
+                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            /* we have already generated a wNAF for 'scalar' */
+        } else {
+            signed char *tmp_wNAF = NULL;
+            size_t tmp_len = 0;
+
+            if (num_scalar != 0) {
+                ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            /*
+             * use the window size for which we have precomputation
+             */
+            wsize[num] = pre_comp->w;
+            tmp_wNAF = compute_wNAF(scalar, wsize[num], &tmp_len);
+            if (!tmp_wNAF)
+                goto err;
+
+            if (tmp_len <= max_len) {
+                /*
+                 * One of the other wNAFs is at least as long as the wNAF
+                 * belonging to the generator, so wNAF splitting will not buy
+                 * us anything.
+                 */
+
+                numblocks = 1;
+                totalnum = num + 1; /* don't use wNAF splitting */
+                wNAF[num] = tmp_wNAF;
+                wNAF[num + 1] = NULL;
+                wNAF_len[num] = tmp_len;
+                if (tmp_len > max_len)
+                    max_len = tmp_len;
+                /*
+                 * pre_comp->points starts with the points that we need here:
+                 */
+                val_sub[num] = pre_comp->points;
+            } else {
+                /*
+                 * don't include tmp_wNAF directly into wNAF array - use wNAF
+                 * splitting and include the blocks
+                 */
+
+                signed char *pp;
+                EC_POINT **tmp_points;
+
+                if (tmp_len < numblocks * blocksize) {
+                    /*
+                     * possibly we can do with fewer blocks than estimated
+                     */
+                    numblocks = (tmp_len + blocksize - 1) / blocksize;
+                    if (numblocks > pre_comp->numblocks) {
+                        ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                        goto err;
+                    }
+                    totalnum = num + numblocks;
+                }
+
+                /* split wNAF in 'numblocks' parts */
+                pp = tmp_wNAF;
+                tmp_points = pre_comp->points;
+
+                for (i = num; i < totalnum; i++) {
+                    if (i < totalnum - 1) {
+                        wNAF_len[i] = blocksize;
+                        if (tmp_len < blocksize) {
+                            ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                            goto err;
+                        }
+                        tmp_len -= blocksize;
+                    } else
+                        /*
+                         * last block gets whatever is left (this could be
+                         * more or less than 'blocksize'!)
+                         */
+                        wNAF_len[i] = tmp_len;
+
+                    wNAF[i + 1] = NULL;
+                    wNAF[i] = OPENSSL_malloc(wNAF_len[i]);
+                    if (wNAF[i] == NULL) {
+                        ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+                        OPENSSL_free(tmp_wNAF);
+                        goto err;
+                    }
+                    memcpy(wNAF[i], pp, wNAF_len[i]);
+                    if (wNAF_len[i] > max_len)
+                        max_len = wNAF_len[i];
+
+                    if (*tmp_points == NULL) {
+                        ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+                        OPENSSL_free(tmp_wNAF);
+                        goto err;
+                    }
+                    val_sub[i] = tmp_points;
+                    tmp_points += pre_points_per_block;
+                    pp += blocksize;
+                }
+                OPENSSL_free(tmp_wNAF);
+            }
+        }
+    }
+
+    /*
+     * All points we precompute now go into a single array 'val'.
+     * 'val_sub[i]' is a pointer to the subarray for the i-th point, or to a
+     * subarray of 'pre_comp->points' if we already have precomputation.
+     */
+    val = OPENSSL_malloc((num_val + 1) * sizeof val[0]);
+    if (val == NULL) {
+        ECerr(EC_F_EC_WNAF_MUL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    val[num_val] = NULL;        /* pivot element */
+
+    /* allocate points for precomputation */
+    v = val;
+    for (i = 0; i < num + num_scalar; i++) {
+        val_sub[i] = v;
+        for (j = 0; j < (1u << (wsize[i] - 1)); j++) {
+            *v = EC_POINT_new(group);
+            if (*v == NULL)
+                goto err;
+            v++;
+        }
+    }
+    if (!(v == val + num_val)) {
+        ECerr(EC_F_EC_WNAF_MUL, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (!(tmp = EC_POINT_new(group)))
+        goto err;
+
+    /*-
+     * prepare precomputed values:
+     *    val_sub[i][0] :=     points[i]
+     *    val_sub[i][1] := 3 * points[i]
+     *    val_sub[i][2] := 5 * points[i]
+     *    ...
+     */
+    for (i = 0; i < num + num_scalar; i++) {
+        if (i < num) {
+            if (!EC_POINT_copy(val_sub[i][0], points[i]))
+                goto err;
+        } else {
+            if (!EC_POINT_copy(val_sub[i][0], generator))
+                goto err;
+        }
+
+        if (wsize[i] > 1) {
+            if (!EC_POINT_dbl(group, tmp, val_sub[i][0], ctx))
+                goto err;
+            for (j = 1; j < (1u << (wsize[i] - 1)); j++) {
+                if (!EC_POINT_add
+                    (group, val_sub[i][j], val_sub[i][j - 1], tmp, ctx))
+                    goto err;
+            }
+        }
+    }
+
+#if 1                           /* optional; EC_window_bits_for_scalar_size
+                                 * assumes we do this step */
+    if (!EC_POINTs_make_affine(group, num_val, val, ctx))
+        goto err;
 #endif
 
-	r_is_at_infinity = 1;
-
-	for (k = max_len - 1; k >= 0; k--)
-		{
-		if (!r_is_at_infinity)
-			{
-			if (!EC_POINT_dbl(group, r, r, ctx)) goto err;
-			}
-		
-		for (i = 0; i < totalnum; i++)
-			{
-			if (wNAF_len[i] > (size_t)k)
-				{
-				int digit = wNAF[i][k];
-				int is_neg;
-
-				if (digit) 
-					{
-					is_neg = digit < 0;
-
-					if (is_neg)
-						digit = -digit;
-
-					if (is_neg != r_is_inverted)
-						{
-						if (!r_is_at_infinity)
-							{
-							if (!EC_POINT_invert(group, r, ctx)) goto err;
-							}
-						r_is_inverted = !r_is_inverted;
-						}
-
-					/* digit > 0 */
-
-					if (r_is_at_infinity)
-						{
-						if (!EC_POINT_copy(r, val_sub[i][digit >> 1])) goto err;
-						r_is_at_infinity = 0;
-						}
-					else
-						{
-						if (!EC_POINT_add(group, r, r, val_sub[i][digit >> 1], ctx)) goto err;
-						}
-					}
-				}
-			}
-		}
-
-	if (r_is_at_infinity)
-		{
-		if (!EC_POINT_set_to_infinity(group, r)) goto err;
-		}
-	else
-		{
-		if (r_is_inverted)
-			if (!EC_POINT_invert(group, r, ctx)) goto err;
-		}
-	
-	ret = 1;
+    r_is_at_infinity = 1;
+
+    for (k = max_len - 1; k >= 0; k--) {
+        if (!r_is_at_infinity) {
+            if (!EC_POINT_dbl(group, r, r, ctx))
+                goto err;
+        }
+
+        for (i = 0; i < totalnum; i++) {
+            if (wNAF_len[i] > (size_t)k) {
+                int digit = wNAF[i][k];
+                int is_neg;
+
+                if (digit) {
+                    is_neg = digit < 0;
+
+                    if (is_neg)
+                        digit = -digit;
+
+                    if (is_neg != r_is_inverted) {
+                        if (!r_is_at_infinity) {
+                            if (!EC_POINT_invert(group, r, ctx))
+                                goto err;
+                        }
+                        r_is_inverted = !r_is_inverted;
+                    }
+
+                    /* digit > 0 */
+
+                    if (r_is_at_infinity) {
+                        if (!EC_POINT_copy(r, val_sub[i][digit >> 1]))
+                            goto err;
+                        r_is_at_infinity = 0;
+                    } else {
+                        if (!EC_POINT_add
+                            (group, r, r, val_sub[i][digit >> 1], ctx))
+                            goto err;
+                    }
+                }
+            }
+        }
+    }
+
+    if (r_is_at_infinity) {
+        if (!EC_POINT_set_to_infinity(group, r))
+            goto err;
+    } else {
+        if (r_is_inverted)
+            if (!EC_POINT_invert(group, r, ctx))
+                goto err;
+    }
+
+    ret = 1;
 
  err:
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	if (tmp != NULL)
-		EC_POINT_free(tmp);
-	if (wsize != NULL)
-		OPENSSL_free(wsize);
-	if (wNAF_len != NULL)
-		OPENSSL_free(wNAF_len);
-	if (wNAF != NULL)
-		{
-		signed char **w;
-		
-		for (w = wNAF; *w != NULL; w++)
-			OPENSSL_free(*w);
-		
-		OPENSSL_free(wNAF);
-		}
-	if (val != NULL)
-		{
-		for (v = val; *v != NULL; v++)
-			EC_POINT_clear_free(*v);
-
-		OPENSSL_free(val);
-		}
-	if (val_sub != NULL)
-		{
-		OPENSSL_free(val_sub);
-		}
-	return ret;
-	}
-
-
-/* ec_wNAF_precompute_mult()
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    if (tmp != NULL)
+        EC_POINT_free(tmp);
+    if (wsize != NULL)
+        OPENSSL_free(wsize);
+    if (wNAF_len != NULL)
+        OPENSSL_free(wNAF_len);
+    if (wNAF != NULL) {
+        signed char **w;
+
+        for (w = wNAF; *w != NULL; w++)
+            OPENSSL_free(*w);
+
+        OPENSSL_free(wNAF);
+    }
+    if (val != NULL) {
+        for (v = val; *v != NULL; v++)
+            EC_POINT_clear_free(*v);
+
+        OPENSSL_free(val);
+    }
+    if (val_sub != NULL) {
+        OPENSSL_free(val_sub);
+    }
+    return ret;
+}
+
+/*-
+ * ec_wNAF_precompute_mult()
  * creates an EC_PRE_COMP object with preprecomputed multiples of the generator
  * for use with wNAF splitting as implemented in ec_wNAF_mul().
- * 
+ *
  * 'pre_comp->points' is an array of multiples of the generator
  * of the following form:
  * points[0] =     generator;
@@ -763,178 +737,175 @@ int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar,
  * points[2^(w-1)*numblocks]       = NULL
  */
 int ec_wNAF_precompute_mult(EC_GROUP *group, BN_CTX *ctx)
-	{
-	const EC_POINT *generator;
-	EC_POINT *tmp_point = NULL, *base = NULL, **var;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *order;
-	size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num;
-	EC_POINT **points = NULL;
-	EC_PRE_COMP *pre_comp;
-	int ret = 0;
-
-	/* if there is an old EC_PRE_COMP object, throw it away */
-	EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free);
-
-	if ((pre_comp = ec_pre_comp_new(group)) == NULL)
-		return 0;
-
-	generator = EC_GROUP_get0_generator(group);
-	if (generator == NULL)
-		{
-		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
-		goto err;
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			goto err;
-		}
-	
-	BN_CTX_start(ctx);
-	order = BN_CTX_get(ctx);
-	if (order == NULL) goto err;
-	
-	if (!EC_GROUP_get_order(group, order, ctx)) goto err;		
-	if (BN_is_zero(order))
-		{
-		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
-		goto err;
-		}
-
-	bits = BN_num_bits(order);
-	/* The following parameters mean we precompute (approximately)
-	 * one point per bit.
-	 *
-	 * TBD: The combination  8, 4  is perfect for 160 bits; for other
-	 * bit lengths, other parameter combinations might provide better
-	 * efficiency.
-	 */
-	blocksize = 8;
-	w = 4;
-	if (EC_window_bits_for_scalar_size(bits) > w)
-		{
-		/* let's not make the window too small ... */
-		w = EC_window_bits_for_scalar_size(bits);
-		}
-
-	numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks to use for wNAF splitting */
-	
-	pre_points_per_block = 1u << (w - 1);
-	num = pre_points_per_block * numblocks; /* number of points to compute and store */
-
-	points = OPENSSL_malloc(sizeof (EC_POINT*)*(num + 1));
-	if (!points)
-		{
-		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	var = points;
-	var[num] = NULL; /* pivot */
-	for (i = 0; i < num; i++)
-		{
-		if ((var[i] = EC_POINT_new(group)) == NULL)
-			{
-			ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-
-	if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group)))
-		{
-		ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}	
-	
-	if (!EC_POINT_copy(base, generator))
-		goto err;
-	
-	/* do the precomputation */
-	for (i = 0; i < numblocks; i++)
-		{
-		size_t j;
-
-		if (!EC_POINT_dbl(group, tmp_point, base, ctx))
-			goto err;
-
-		if (!EC_POINT_copy(*var++, base))
-			goto err;
-
-		for (j = 1; j < pre_points_per_block; j++, var++)
-			{
-			/* calculate odd multiples of the current base point */
-			if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx))
-				goto err;
-			}
-
-		if (i < numblocks - 1)
-			{
-			/* get the next base (multiply current one by 2^blocksize) */
-			size_t k;
-
-			if (blocksize <= 2)
-				{
-				ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}				
-
-			if (!EC_POINT_dbl(group, base, tmp_point, ctx))
-				goto err;
-			for (k = 2; k < blocksize; k++)
-				{
-				if (!EC_POINT_dbl(group,base,base,ctx))
-					goto err;
-				}
-			}
- 		}
-
-	if (!EC_POINTs_make_affine(group, num, points, ctx))
-		goto err;
-	
-	pre_comp->group = group;
-	pre_comp->blocksize = blocksize;
-	pre_comp->numblocks = numblocks;
-	pre_comp->w = w;
-	pre_comp->points = points;
-	points = NULL;
-	pre_comp->num = num;
-
-	if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp,
-		ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free))
-		goto err;
-	pre_comp = NULL;
-
-	ret = 1;
+{
+    const EC_POINT *generator;
+    EC_POINT *tmp_point = NULL, *base = NULL, **var;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *order;
+    size_t i, bits, w, pre_points_per_block, blocksize, numblocks, num;
+    EC_POINT **points = NULL;
+    EC_PRE_COMP *pre_comp;
+    int ret = 0;
+
+    /* if there is an old EC_PRE_COMP object, throw it away */
+    EC_EX_DATA_free_data(&group->extra_data, ec_pre_comp_dup,
+                         ec_pre_comp_free, ec_pre_comp_clear_free);
+
+    if ((pre_comp = ec_pre_comp_new(group)) == NULL)
+        return 0;
+
+    generator = EC_GROUP_get0_generator(group);
+    if (generator == NULL) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNDEFINED_GENERATOR);
+        goto err;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            goto err;
+    }
+
+    BN_CTX_start(ctx);
+    order = BN_CTX_get(ctx);
+    if (order == NULL)
+        goto err;
+
+    if (!EC_GROUP_get_order(group, order, ctx))
+        goto err;
+    if (BN_is_zero(order)) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, EC_R_UNKNOWN_ORDER);
+        goto err;
+    }
+
+    bits = BN_num_bits(order);
+    /*
+     * The following parameters mean we precompute (approximately) one point
+     * per bit. TBD: The combination 8, 4 is perfect for 160 bits; for other
+     * bit lengths, other parameter combinations might provide better
+     * efficiency.
+     */
+    blocksize = 8;
+    w = 4;
+    if (EC_window_bits_for_scalar_size(bits) > w) {
+        /* let's not make the window too small ... */
+        w = EC_window_bits_for_scalar_size(bits);
+    }
+
+    numblocks = (bits + blocksize - 1) / blocksize; /* max. number of blocks
+                                                     * to use for wNAF
+                                                     * splitting */
+
+    pre_points_per_block = 1u << (w - 1);
+    num = pre_points_per_block * numblocks; /* number of points to compute
+                                             * and store */
+
+    points = OPENSSL_malloc(sizeof(EC_POINT *) * (num + 1));
+    if (!points) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    var = points;
+    var[num] = NULL;            /* pivot */
+    for (i = 0; i < num; i++) {
+        if ((var[i] = EC_POINT_new(group)) == NULL) {
+            ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (!(tmp_point = EC_POINT_new(group)) || !(base = EC_POINT_new(group))) {
+        ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EC_POINT_copy(base, generator))
+        goto err;
+
+    /* do the precomputation */
+    for (i = 0; i < numblocks; i++) {
+        size_t j;
+
+        if (!EC_POINT_dbl(group, tmp_point, base, ctx))
+            goto err;
+
+        if (!EC_POINT_copy(*var++, base))
+            goto err;
+
+        for (j = 1; j < pre_points_per_block; j++, var++) {
+            /*
+             * calculate odd multiples of the current base point
+             */
+            if (!EC_POINT_add(group, *var, tmp_point, *(var - 1), ctx))
+                goto err;
+        }
+
+        if (i < numblocks - 1) {
+            /*
+             * get the next base (multiply current one by 2^blocksize)
+             */
+            size_t k;
+
+            if (blocksize <= 2) {
+                ECerr(EC_F_EC_WNAF_PRECOMPUTE_MULT, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+
+            if (!EC_POINT_dbl(group, base, tmp_point, ctx))
+                goto err;
+            for (k = 2; k < blocksize; k++) {
+                if (!EC_POINT_dbl(group, base, base, ctx))
+                    goto err;
+            }
+        }
+    }
+
+    if (!EC_POINTs_make_affine(group, num, points, ctx))
+        goto err;
+
+    pre_comp->group = group;
+    pre_comp->blocksize = blocksize;
+    pre_comp->numblocks = numblocks;
+    pre_comp->w = w;
+    pre_comp->points = points;
+    points = NULL;
+    pre_comp->num = num;
+
+    if (!EC_EX_DATA_set_data(&group->extra_data, pre_comp,
+                             ec_pre_comp_dup, ec_pre_comp_free,
+                             ec_pre_comp_clear_free))
+        goto err;
+    pre_comp = NULL;
+
+    ret = 1;
  err:
-	if (ctx != NULL)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	if (pre_comp)
-		ec_pre_comp_free(pre_comp);
-	if (points)
-		{
-		EC_POINT **p;
-
-		for (p = points; *p != NULL; p++)
-			EC_POINT_free(*p);
-		OPENSSL_free(points);
-		}
-	if (tmp_point)
-		EC_POINT_free(tmp_point);
-	if (base)
-		EC_POINT_free(base);
-	return ret;
-	}
-
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    if (pre_comp)
+        ec_pre_comp_free(pre_comp);
+    if (points) {
+        EC_POINT **p;
+
+        for (p = points; *p != NULL; p++)
+            EC_POINT_free(*p);
+        OPENSSL_free(points);
+    }
+    if (tmp_point)
+        EC_POINT_free(tmp_point);
+    if (base)
+        EC_POINT_free(base);
+    return ret;
+}
 
 int ec_wNAF_have_precompute_mult(const EC_GROUP *group)
-	{
-	if (EC_EX_DATA_get_data(group->extra_data, ec_pre_comp_dup, ec_pre_comp_free, ec_pre_comp_clear_free) != NULL)
-		return 1;
-	else
-		return 0;
-	}
+{
+    if (EC_EX_DATA_get_data
+        (group->extra_data, ec_pre_comp_dup, ec_pre_comp_free,
+         ec_pre_comp_clear_free) != NULL)
+        return 1;
+    else
+        return 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/ec/ec_print.c b/Cryptlib/OpenSSL/crypto/ec/ec_print.c
index f7c8a303..96b294d8 100644
--- a/Cryptlib/OpenSSL/crypto/ec/ec_print.c
+++ b/Cryptlib/OpenSSL/crypto/ec/ec_print.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,140 +56,124 @@
 #include <openssl/crypto.h>
 #include "ec_lcl.h"
 
-BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, 
-                          const EC_POINT *point, 
+BIGNUM *EC_POINT_point2bn(const EC_GROUP *group,
+                          const EC_POINT *point,
                           point_conversion_form_t form,
-                          BIGNUM *ret,
-                          BN_CTX *ctx)
-	{
-	size_t        buf_len=0;
-	unsigned char *buf;
+                          BIGNUM *ret, BN_CTX *ctx)
+{
+    size_t buf_len = 0;
+    unsigned char *buf;
 
-	buf_len = EC_POINT_point2oct(group, point, form,
-                                     NULL, 0, ctx);
-	if (buf_len == 0)
-		return NULL;
+    buf_len = EC_POINT_point2oct(group, point, form, NULL, 0, ctx);
+    if (buf_len == 0)
+        return NULL;
 
-	if ((buf = OPENSSL_malloc(buf_len)) == NULL)
-		return NULL;
+    if ((buf = OPENSSL_malloc(buf_len)) == NULL)
+        return NULL;
 
-	if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx))
-		{
-		OPENSSL_free(buf);
-		return NULL;
-		}
+    if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) {
+        OPENSSL_free(buf);
+        return NULL;
+    }
 
-	ret = BN_bin2bn(buf, buf_len, ret);
+    ret = BN_bin2bn(buf, buf_len, ret);
 
-	OPENSSL_free(buf);
+    OPENSSL_free(buf);
 
-	return ret;
+    return ret;
 }
 
 EC_POINT *EC_POINT_bn2point(const EC_GROUP *group,
-                            const BIGNUM *bn,
-                            EC_POINT *point, 
-                            BN_CTX *ctx)
-	{
-	size_t        buf_len=0;
-	unsigned char *buf;
-	EC_POINT      *ret;
-
-	if ((buf_len = BN_num_bytes(bn)) == 0) return NULL;
-	buf = OPENSSL_malloc(buf_len);
-	if (buf == NULL)
-		return NULL;
-
-	if (!BN_bn2bin(bn, buf)) 
-		{
-		OPENSSL_free(buf);
-		return NULL;
-		}
-
-	if (point == NULL)
-		{
-		if ((ret = EC_POINT_new(group)) == NULL)
-			{
-			OPENSSL_free(buf);
-			return NULL;
-			}
-		}
-	else
-		ret = point;
-
-	if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx))
-		{
-		if (point == NULL)
-			EC_POINT_clear_free(ret);
-		OPENSSL_free(buf);
-		return NULL;
-		}
-
-	OPENSSL_free(buf);
-	return ret;
-	}
+                            const BIGNUM *bn, EC_POINT *point, BN_CTX *ctx)
+{
+    size_t buf_len = 0;
+    unsigned char *buf;
+    EC_POINT *ret;
+
+    if ((buf_len = BN_num_bytes(bn)) == 0)
+        return NULL;
+    buf = OPENSSL_malloc(buf_len);
+    if (buf == NULL)
+        return NULL;
+
+    if (!BN_bn2bin(bn, buf)) {
+        OPENSSL_free(buf);
+        return NULL;
+    }
+
+    if (point == NULL) {
+        if ((ret = EC_POINT_new(group)) == NULL) {
+            OPENSSL_free(buf);
+            return NULL;
+        }
+    } else
+        ret = point;
+
+    if (!EC_POINT_oct2point(group, ret, buf, buf_len, ctx)) {
+        if (point == NULL)
+            EC_POINT_clear_free(ret);
+        OPENSSL_free(buf);
+        return NULL;
+    }
+
+    OPENSSL_free(buf);
+    return ret;
+}
 
 static const char *HEX_DIGITS = "0123456789ABCDEF";
 
 /* the return value must be freed (using OPENSSL_free()) */
 char *EC_POINT_point2hex(const EC_GROUP *group,
                          const EC_POINT *point,
-                         point_conversion_form_t form,
-                         BN_CTX *ctx)
-	{
-	char          *ret, *p;
-	size_t        buf_len=0,i;
-	unsigned char *buf, *pbuf;
-
-	buf_len = EC_POINT_point2oct(group, point, form,
-                                     NULL, 0, ctx);
-	if (buf_len == 0)
-		return NULL;
-
-	if ((buf = OPENSSL_malloc(buf_len)) == NULL)
-		return NULL;
-
-	if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx))
-		{
-		OPENSSL_free(buf);
-		return NULL;
-		}
-
-	ret = (char *)OPENSSL_malloc(buf_len*2+2);
-	if (ret == NULL)
-		{
-		OPENSSL_free(buf);
-		return NULL;
-		}
-	p = ret;
-	pbuf = buf;
-	for (i=buf_len; i > 0; i--)
-		{
-			int v = (int) *(pbuf++);
-			*(p++)=HEX_DIGITS[v>>4];
-			*(p++)=HEX_DIGITS[v&0x0F];
-		}
-	*p='\0';
-
-	OPENSSL_free(buf);
-
-	return ret;
-	}
+                         point_conversion_form_t form, BN_CTX *ctx)
+{
+    char *ret, *p;
+    size_t buf_len = 0, i;
+    unsigned char *buf, *pbuf;
+
+    buf_len = EC_POINT_point2oct(group, point, form, NULL, 0, ctx);
+    if (buf_len == 0)
+        return NULL;
+
+    if ((buf = OPENSSL_malloc(buf_len)) == NULL)
+        return NULL;
+
+    if (!EC_POINT_point2oct(group, point, form, buf, buf_len, ctx)) {
+        OPENSSL_free(buf);
+        return NULL;
+    }
+
+    ret = (char *)OPENSSL_malloc(buf_len * 2 + 2);
+    if (ret == NULL) {
+        OPENSSL_free(buf);
+        return NULL;
+    }
+    p = ret;
+    pbuf = buf;
+    for (i = buf_len; i > 0; i--) {
+        int v = (int)*(pbuf++);
+        *(p++) = HEX_DIGITS[v >> 4];
+        *(p++) = HEX_DIGITS[v & 0x0F];
+    }
+    *p = '\0';
+
+    OPENSSL_free(buf);
+
+    return ret;
+}
 
 EC_POINT *EC_POINT_hex2point(const EC_GROUP *group,
-                             const char *buf,
-                             EC_POINT *point,
-                             BN_CTX *ctx)
-	{
-	EC_POINT *ret=NULL;
-	BIGNUM   *tmp_bn=NULL;
+                             const char *buf, EC_POINT *point, BN_CTX *ctx)
+{
+    EC_POINT *ret = NULL;
+    BIGNUM *tmp_bn = NULL;
 
-	if (!BN_hex2bn(&tmp_bn, buf))
-		return NULL;
+    if (!BN_hex2bn(&tmp_bn, buf))
+        return NULL;
 
-	ret = EC_POINT_bn2point(group, tmp_bn, point, ctx);
+    ret = EC_POINT_bn2point(group, tmp_bn, point, ctx);
 
-	BN_clear_free(tmp_bn);
+    BN_clear_free(tmp_bn);
 
-	return ret;
-	}
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c b/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c
index 9fc4a466..1bfae5da 100644
--- a/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c
+++ b/Cryptlib/OpenSSL/crypto/ec/ecp_mont.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -65,251 +65,236 @@
 
 #include "ec_lcl.h"
 
-
 const EC_METHOD *EC_GFp_mont_method(void)
-	{
-	static const EC_METHOD ret = {
-		NID_X9_62_prime_field,
-		ec_GFp_mont_group_init,
-		ec_GFp_mont_group_finish,
-		ec_GFp_mont_group_clear_finish,
-		ec_GFp_mont_group_copy,
-		ec_GFp_mont_group_set_curve,
-		ec_GFp_simple_group_get_curve,
-		ec_GFp_simple_group_get_degree,
-		ec_GFp_simple_group_check_discriminant,
-		ec_GFp_simple_point_init,
-		ec_GFp_simple_point_finish,
-		ec_GFp_simple_point_clear_finish,
-		ec_GFp_simple_point_copy,
-		ec_GFp_simple_point_set_to_infinity,
-		ec_GFp_simple_set_Jprojective_coordinates_GFp,
-		ec_GFp_simple_get_Jprojective_coordinates_GFp,
-		ec_GFp_simple_point_set_affine_coordinates,
-		ec_GFp_simple_point_get_affine_coordinates,
-		ec_GFp_simple_set_compressed_coordinates,
-		ec_GFp_simple_point2oct,
-		ec_GFp_simple_oct2point,
-		ec_GFp_simple_add,
-		ec_GFp_simple_dbl,
-		ec_GFp_simple_invert,
-		ec_GFp_simple_is_at_infinity,
-		ec_GFp_simple_is_on_curve,
-		ec_GFp_simple_cmp,
-		ec_GFp_simple_make_affine,
-		ec_GFp_simple_points_make_affine,
-		0 /* mul */,
-		0 /* precompute_mult */,
-		0 /* have_precompute_mult */,	
-		ec_GFp_mont_field_mul,
-		ec_GFp_mont_field_sqr,
-		0 /* field_div */,
-		ec_GFp_mont_field_encode,
-		ec_GFp_mont_field_decode,
-		ec_GFp_mont_field_set_to_one };
-
-	return &ret;
-	}
-
+{
+    static const EC_METHOD ret = {
+        NID_X9_62_prime_field,
+        ec_GFp_mont_group_init,
+        ec_GFp_mont_group_finish,
+        ec_GFp_mont_group_clear_finish,
+        ec_GFp_mont_group_copy,
+        ec_GFp_mont_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_simple_point_get_affine_coordinates,
+        ec_GFp_simple_set_compressed_coordinates,
+        ec_GFp_simple_point2oct,
+        ec_GFp_simple_oct2point,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        0 /* mul */ ,
+        0 /* precompute_mult */ ,
+        0 /* have_precompute_mult */ ,
+        ec_GFp_mont_field_mul,
+        ec_GFp_mont_field_sqr,
+        0 /* field_div */ ,
+        ec_GFp_mont_field_encode,
+        ec_GFp_mont_field_decode,
+        ec_GFp_mont_field_set_to_one
+    };
+
+    return &ret;
+}
 
 int ec_GFp_mont_group_init(EC_GROUP *group)
-	{
-	int ok;
-
-	ok = ec_GFp_simple_group_init(group);
-	group->field_data1 = NULL;
-	group->field_data2 = NULL;
-	return ok;
-	}
+{
+    int ok;
 
+    ok = ec_GFp_simple_group_init(group);
+    group->field_data1 = NULL;
+    group->field_data2 = NULL;
+    return ok;
+}
 
 void ec_GFp_mont_group_finish(EC_GROUP *group)
-	{
-	if (group->field_data1 != NULL)
-		{
-		BN_MONT_CTX_free(group->field_data1);
-		group->field_data1 = NULL;
-		}
-	if (group->field_data2 != NULL)
-		{
-		BN_free(group->field_data2);
-		group->field_data2 = NULL;
-		}
-	ec_GFp_simple_group_finish(group);
-	}
-
+{
+    if (group->field_data1 != NULL) {
+        BN_MONT_CTX_free(group->field_data1);
+        group->field_data1 = NULL;
+    }
+    if (group->field_data2 != NULL) {
+        BN_free(group->field_data2);
+        group->field_data2 = NULL;
+    }
+    ec_GFp_simple_group_finish(group);
+}
 
 void ec_GFp_mont_group_clear_finish(EC_GROUP *group)
-	{
-	if (group->field_data1 != NULL)
-		{
-		BN_MONT_CTX_free(group->field_data1);
-		group->field_data1 = NULL;
-		}
-	if (group->field_data2 != NULL)
-		{
-		BN_clear_free(group->field_data2);
-		group->field_data2 = NULL;
-		}
-	ec_GFp_simple_group_clear_finish(group);
-	}
-
+{
+    if (group->field_data1 != NULL) {
+        BN_MONT_CTX_free(group->field_data1);
+        group->field_data1 = NULL;
+    }
+    if (group->field_data2 != NULL) {
+        BN_clear_free(group->field_data2);
+        group->field_data2 = NULL;
+    }
+    ec_GFp_simple_group_clear_finish(group);
+}
 
 int ec_GFp_mont_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-	{
-	if (dest->field_data1 != NULL)
-		{
-		BN_MONT_CTX_free(dest->field_data1);
-		dest->field_data1 = NULL;
-		}
-	if (dest->field_data2 != NULL)
-		{
-		BN_clear_free(dest->field_data2);
-		dest->field_data2 = NULL;
-		}
-
-	if (!ec_GFp_simple_group_copy(dest, src)) return 0;
-
-	if (src->field_data1 != NULL)
-		{
-		dest->field_data1 = BN_MONT_CTX_new();
-		if (dest->field_data1 == NULL) return 0;
-		if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1)) goto err;
-		}
-	if (src->field_data2 != NULL)
-		{
-		dest->field_data2 = BN_dup(src->field_data2);
-		if (dest->field_data2 == NULL) goto err;
-		}
-
-	return 1;
+{
+    if (dest->field_data1 != NULL) {
+        BN_MONT_CTX_free(dest->field_data1);
+        dest->field_data1 = NULL;
+    }
+    if (dest->field_data2 != NULL) {
+        BN_clear_free(dest->field_data2);
+        dest->field_data2 = NULL;
+    }
+
+    if (!ec_GFp_simple_group_copy(dest, src))
+        return 0;
+
+    if (src->field_data1 != NULL) {
+        dest->field_data1 = BN_MONT_CTX_new();
+        if (dest->field_data1 == NULL)
+            return 0;
+        if (!BN_MONT_CTX_copy(dest->field_data1, src->field_data1))
+            goto err;
+    }
+    if (src->field_data2 != NULL) {
+        dest->field_data2 = BN_dup(src->field_data2);
+        if (dest->field_data2 == NULL)
+            goto err;
+    }
+
+    return 1;
 
  err:
-	if (dest->field_data1 != NULL)
-		{
-		BN_MONT_CTX_free(dest->field_data1);
-		dest->field_data1 = NULL;
-		}
-	return 0;	
-	}
-
-
-int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BN_MONT_CTX *mont = NULL;
-	BIGNUM *one = NULL;
-	int ret = 0;
-
-	if (group->field_data1 != NULL)
-		{
-		BN_MONT_CTX_free(group->field_data1);
-		group->field_data1 = NULL;
-		}
-	if (group->field_data2 != NULL)
-		{
-		BN_free(group->field_data2);
-		group->field_data2 = NULL;
-		}
-	
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	mont = BN_MONT_CTX_new();
-	if (mont == NULL) goto err;
-	if (!BN_MONT_CTX_set(mont, p, ctx))
-		{
-		ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);
-		goto err;
-		}
-	one = BN_new();
-	if (one == NULL) goto err;
-	if (!BN_to_montgomery(one, BN_value_one(), mont, ctx)) goto err;
-
-	group->field_data1 = mont;
-	mont = NULL;
-	group->field_data2 = one;
-	one = NULL;
-
-	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
-
-	if (!ret)
-		{
-		BN_MONT_CTX_free(group->field_data1);
-		group->field_data1 = NULL;
-		BN_free(group->field_data2);
-		group->field_data2 = NULL;
-		}
+    if (dest->field_data1 != NULL) {
+        BN_MONT_CTX_free(dest->field_data1);
+        dest->field_data1 = NULL;
+    }
+    return 0;
+}
+
+int ec_GFp_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p,
+                                const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BN_MONT_CTX *mont = NULL;
+    BIGNUM *one = NULL;
+    int ret = 0;
+
+    if (group->field_data1 != NULL) {
+        BN_MONT_CTX_free(group->field_data1);
+        group->field_data1 = NULL;
+    }
+    if (group->field_data2 != NULL) {
+        BN_free(group->field_data2);
+        group->field_data2 = NULL;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    mont = BN_MONT_CTX_new();
+    if (mont == NULL)
+        goto err;
+    if (!BN_MONT_CTX_set(mont, p, ctx)) {
+        ECerr(EC_F_EC_GFP_MONT_GROUP_SET_CURVE, ERR_R_BN_LIB);
+        goto err;
+    }
+    one = BN_new();
+    if (one == NULL)
+        goto err;
+    if (!BN_to_montgomery(one, BN_value_one(), mont, ctx))
+        goto err;
+
+    group->field_data1 = mont;
+    mont = NULL;
+    group->field_data2 = one;
+    one = NULL;
+
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+
+    if (!ret) {
+        BN_MONT_CTX_free(group->field_data1);
+        group->field_data1 = NULL;
+        BN_free(group->field_data2);
+        group->field_data2 = NULL;
+    }
 
  err:
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	if (mont != NULL)
-		BN_MONT_CTX_free(mont);
-	return ret;
-	}
-
-
-int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	if (group->field_data1 == NULL)
-		{
-		ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);
-		return 0;
-		}
-
-	return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
-	}
-
-
-int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-	{
-	if (group->field_data1 == NULL)
-		{
-		ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);
-		return 0;
-		}
-
-	return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
-	}
-
-
-int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-	{
-	if (group->field_data1 == NULL)
-		{
-		ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);
-		return 0;
-		}
-
-	return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx);
-	}
-
-
-int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-	{
-	if (group->field_data1 == NULL)
-		{
-		ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
-		return 0;
-		}
-
-	return BN_from_montgomery(r, a, group->field_data1, ctx);
-	}
-
-
-int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r, BN_CTX *ctx)
-	{
-	if (group->field_data2 == NULL)
-		{
-		ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED);
-		return 0;
-		}
-
-	if (!BN_copy(r, group->field_data2)) return 0;
-	return 1;
-	}
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    if (mont != NULL)
+        BN_MONT_CTX_free(mont);
+    return ret;
+}
+
+int ec_GFp_mont_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          const BIGNUM *b, BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_MUL, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_mod_mul_montgomery(r, a, b, group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                          BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_SQR, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_mod_mul_montgomery(r, a, a, group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_encode(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_ENCODE, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_to_montgomery(r, a, (BN_MONT_CTX *)group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_decode(const EC_GROUP *group, BIGNUM *r,
+                             const BIGNUM *a, BN_CTX *ctx)
+{
+    if (group->field_data1 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_DECODE, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    return BN_from_montgomery(r, a, group->field_data1, ctx);
+}
+
+int ec_GFp_mont_field_set_to_one(const EC_GROUP *group, BIGNUM *r,
+                                 BN_CTX *ctx)
+{
+    if (group->field_data2 == NULL) {
+        ECerr(EC_F_EC_GFP_MONT_FIELD_SET_TO_ONE, EC_R_NOT_INITIALIZED);
+        return 0;
+    }
+
+    if (!BN_copy(r, group->field_data2))
+        return 0;
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c b/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c
index 71893d5e..dd976d3d 100644
--- a/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c
+++ b/Cryptlib/OpenSSL/crypto/ec/ecp_nist.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -68,169 +68,168 @@
 #include "ec_lcl.h"
 
 const EC_METHOD *EC_GFp_nist_method(void)
-	{
-	static const EC_METHOD ret = {
-		NID_X9_62_prime_field,
-		ec_GFp_simple_group_init,
-		ec_GFp_simple_group_finish,
-		ec_GFp_simple_group_clear_finish,
-		ec_GFp_nist_group_copy,
-		ec_GFp_nist_group_set_curve,
-		ec_GFp_simple_group_get_curve,
-		ec_GFp_simple_group_get_degree,
-		ec_GFp_simple_group_check_discriminant,
-		ec_GFp_simple_point_init,
-		ec_GFp_simple_point_finish,
-		ec_GFp_simple_point_clear_finish,
-		ec_GFp_simple_point_copy,
-		ec_GFp_simple_point_set_to_infinity,
-		ec_GFp_simple_set_Jprojective_coordinates_GFp,
-		ec_GFp_simple_get_Jprojective_coordinates_GFp,
-		ec_GFp_simple_point_set_affine_coordinates,
-		ec_GFp_simple_point_get_affine_coordinates,
-		ec_GFp_simple_set_compressed_coordinates,
-		ec_GFp_simple_point2oct,
-		ec_GFp_simple_oct2point,
-		ec_GFp_simple_add,
-		ec_GFp_simple_dbl,
-		ec_GFp_simple_invert,
-		ec_GFp_simple_is_at_infinity,
-		ec_GFp_simple_is_on_curve,
-		ec_GFp_simple_cmp,
-		ec_GFp_simple_make_affine,
-		ec_GFp_simple_points_make_affine,
-		0 /* mul */,
-		0 /* precompute_mult */,
-		0 /* have_precompute_mult */,	
-		ec_GFp_nist_field_mul,
-		ec_GFp_nist_field_sqr,
-		0 /* field_div */,
-		0 /* field_encode */,
-		0 /* field_decode */,
-		0 /* field_set_to_one */ };
-
-	return &ret;
-	}
+{
+    static const EC_METHOD ret = {
+        NID_X9_62_prime_field,
+        ec_GFp_simple_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_nist_group_copy,
+        ec_GFp_nist_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_simple_point_get_affine_coordinates,
+        ec_GFp_simple_set_compressed_coordinates,
+        ec_GFp_simple_point2oct,
+        ec_GFp_simple_oct2point,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        0 /* mul */ ,
+        0 /* precompute_mult */ ,
+        0 /* have_precompute_mult */ ,
+        ec_GFp_nist_field_mul,
+        ec_GFp_nist_field_sqr,
+        0 /* field_div */ ,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0                       /* field_set_to_one */
+    };
+
+    return &ret;
+}
 
 #if BN_BITS2 == 64
-#define	NO_32_BIT_TYPE
+# define NO_32_BIT_TYPE
 #endif
 
 int ec_GFp_nist_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-	{
-	dest->field_mod_func = src->field_mod_func;
+{
+    dest->field_mod_func = src->field_mod_func;
 
-	return ec_GFp_simple_group_copy(dest, src);
-	}
+    return ec_GFp_simple_group_copy(dest, src);
+}
 
 int ec_GFp_nist_group_set_curve(EC_GROUP *group, const BIGNUM *p,
-	const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *tmp_bn;
-	
-	if (ctx == NULL)
-		if ((ctx = new_ctx = BN_CTX_new()) == NULL) return 0;
-
-	BN_CTX_start(ctx);
-	if ((tmp_bn = BN_CTX_get(ctx)) == NULL) goto err;
-
-	if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0)
-		group->field_mod_func = BN_nist_mod_192;
-	else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0)
-		{
+                                const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp_bn;
+
+    if (ctx == NULL)
+        if ((ctx = new_ctx = BN_CTX_new()) == NULL)
+            return 0;
+
+    BN_CTX_start(ctx);
+    if ((tmp_bn = BN_CTX_get(ctx)) == NULL)
+        goto err;
+
+    if (BN_ucmp(BN_get0_nist_prime_192(), p) == 0)
+        group->field_mod_func = BN_nist_mod_192;
+    else if (BN_ucmp(BN_get0_nist_prime_224(), p) == 0) {
 #ifndef NO_32_BIT_TYPE
-		group->field_mod_func = BN_nist_mod_224;
+        group->field_mod_func = BN_nist_mod_224;
 #else
-		ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
-		goto err;
+        ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE,
+              EC_R_NOT_A_SUPPORTED_NIST_PRIME);
+        goto err;
 #endif
-		}
-	else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0)
-		{
+    } else if (BN_ucmp(BN_get0_nist_prime_256(), p) == 0) {
 #ifndef NO_32_BIT_TYPE
-		group->field_mod_func = BN_nist_mod_256;
+        group->field_mod_func = BN_nist_mod_256;
 #else
-		ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
-		goto err;
+        ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE,
+              EC_R_NOT_A_SUPPORTED_NIST_PRIME);
+        goto err;
 #endif
-		}
-	else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0)
-		{
+    } else if (BN_ucmp(BN_get0_nist_prime_384(), p) == 0) {
 #ifndef NO_32_BIT_TYPE
-		group->field_mod_func = BN_nist_mod_384;
+        group->field_mod_func = BN_nist_mod_384;
 #else
-		ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_SUPPORTED_NIST_PRIME);
-		goto err;
+        ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE,
+              EC_R_NOT_A_SUPPORTED_NIST_PRIME);
+        goto err;
 #endif
-		}
-	else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
-		/* this one works in the NO_32_BIT_TYPE case */
-		group->field_mod_func = BN_nist_mod_521;
-	else
-		{
-		ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME);
-		goto err;
-		}
-
-	ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
+    } else if (BN_ucmp(BN_get0_nist_prime_521(), p) == 0)
+        /* this one works in the NO_32_BIT_TYPE case */
+        group->field_mod_func = BN_nist_mod_521;
+    else {
+        ECerr(EC_F_EC_GFP_NIST_GROUP_SET_CURVE, EC_R_NOT_A_NIST_PRIME);
+        goto err;
+    }
 
- err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
+    ret = ec_GFp_simple_group_set_curve(group, p, a, b, ctx);
 
+ err:
+    BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
 
 int ec_GFp_nist_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
-	const BIGNUM *b, BN_CTX *ctx)
-	{
-	int	ret=0;
-	BN_CTX	*ctx_new=NULL;
-
-	if (!group || !r || !a || !b)
-		{
-		ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER);
-		goto err;
-		}
-	if (!ctx)
-		if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err;
-
-	if (!BN_mul(r, a, b, ctx)) goto err;
-	if (!group->field_mod_func(r, r, &group->field, ctx))
-		goto err;
-
-	ret=1;
-err:
-	if (ctx_new)
-		BN_CTX_free(ctx_new);
-	return ret;
-	}
-
+                          const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *ctx_new = NULL;
+
+    if (!group || !r || !a || !b) {
+        ECerr(EC_F_EC_GFP_NIST_FIELD_MUL, ERR_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+    if (!ctx)
+        if ((ctx_new = ctx = BN_CTX_new()) == NULL)
+            goto err;
+
+    if (!BN_mul(r, a, b, ctx))
+        goto err;
+    if (!group->field_mod_func(r, r, &group->field, ctx))
+        goto err;
+
+    ret = 1;
+ err:
+    if (ctx_new)
+        BN_CTX_free(ctx_new);
+    return ret;
+}
 
 int ec_GFp_nist_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
-	BN_CTX *ctx)
-	{
-	int	ret=0;
-	BN_CTX	*ctx_new=NULL;
-
-	if (!group || !r || !a)
-		{
-		ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER);
-		goto err;
-		}
-	if (!ctx)
-		if ((ctx_new = ctx = BN_CTX_new()) == NULL) goto err;
-
-	if (!BN_sqr(r, a, ctx)) goto err;
-	if (!group->field_mod_func(r, r, &group->field, ctx))
-		goto err;
-
-	ret=1;
-err:
-	if (ctx_new)
-		BN_CTX_free(ctx_new);
-	return ret;
-	}
+                          BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *ctx_new = NULL;
+
+    if (!group || !r || !a) {
+        ECerr(EC_F_EC_GFP_NIST_FIELD_SQR, EC_R_PASSED_NULL_PARAMETER);
+        goto err;
+    }
+    if (!ctx)
+        if ((ctx_new = ctx = BN_CTX_new()) == NULL)
+            goto err;
+
+    if (!BN_sqr(r, a, ctx))
+        goto err;
+    if (!group->field_mod_func(r, r, &group->field, ctx))
+        goto err;
+
+    ret = 1;
+ err:
+    if (ctx_new)
+        BN_CTX_free(ctx_new);
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c
index b2390882..a0c1540c 100644
--- a/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c
+++ b/Cryptlib/OpenSSL/crypto/ec/ecp_smpl.c
@@ -1,8 +1,9 @@
 /* crypto/ec/ecp_smpl.c */
-/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
- * for the OpenSSL project. 
- * Includes code written by Bodo Moeller for the OpenSSL project.
-*/
+/*
+ * Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
+ * for the OpenSSL project. Includes code written by Bodo Moeller for the
+ * OpenSSL project.
+ */
 /* ====================================================================
  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
  *
@@ -11,7 +12,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -68,1630 +69,1701 @@
 #include "ec_lcl.h"
 
 const EC_METHOD *EC_GFp_simple_method(void)
-	{
-	static const EC_METHOD ret = {
-		NID_X9_62_prime_field,
-		ec_GFp_simple_group_init,
-		ec_GFp_simple_group_finish,
-		ec_GFp_simple_group_clear_finish,
-		ec_GFp_simple_group_copy,
-		ec_GFp_simple_group_set_curve,
-		ec_GFp_simple_group_get_curve,
-		ec_GFp_simple_group_get_degree,
-		ec_GFp_simple_group_check_discriminant,
-		ec_GFp_simple_point_init,
-		ec_GFp_simple_point_finish,
-		ec_GFp_simple_point_clear_finish,
-		ec_GFp_simple_point_copy,
-		ec_GFp_simple_point_set_to_infinity,
-		ec_GFp_simple_set_Jprojective_coordinates_GFp,
-		ec_GFp_simple_get_Jprojective_coordinates_GFp,
-		ec_GFp_simple_point_set_affine_coordinates,
-		ec_GFp_simple_point_get_affine_coordinates,
-		ec_GFp_simple_set_compressed_coordinates,
-		ec_GFp_simple_point2oct,
-		ec_GFp_simple_oct2point,
-		ec_GFp_simple_add,
-		ec_GFp_simple_dbl,
-		ec_GFp_simple_invert,
-		ec_GFp_simple_is_at_infinity,
-		ec_GFp_simple_is_on_curve,
-		ec_GFp_simple_cmp,
-		ec_GFp_simple_make_affine,
-		ec_GFp_simple_points_make_affine,
-		0 /* mul */,
-		0 /* precompute_mult */,
-		0 /* have_precompute_mult */,	
-		ec_GFp_simple_field_mul,
-		ec_GFp_simple_field_sqr,
-		0 /* field_div */,
-		0 /* field_encode */,
-		0 /* field_decode */,
-		0 /* field_set_to_one */ };
-
-	return &ret;
-	}
-
-
-/* Most method functions in this file are designed to work with
+{
+    static const EC_METHOD ret = {
+        NID_X9_62_prime_field,
+        ec_GFp_simple_group_init,
+        ec_GFp_simple_group_finish,
+        ec_GFp_simple_group_clear_finish,
+        ec_GFp_simple_group_copy,
+        ec_GFp_simple_group_set_curve,
+        ec_GFp_simple_group_get_curve,
+        ec_GFp_simple_group_get_degree,
+        ec_GFp_simple_group_check_discriminant,
+        ec_GFp_simple_point_init,
+        ec_GFp_simple_point_finish,
+        ec_GFp_simple_point_clear_finish,
+        ec_GFp_simple_point_copy,
+        ec_GFp_simple_point_set_to_infinity,
+        ec_GFp_simple_set_Jprojective_coordinates_GFp,
+        ec_GFp_simple_get_Jprojective_coordinates_GFp,
+        ec_GFp_simple_point_set_affine_coordinates,
+        ec_GFp_simple_point_get_affine_coordinates,
+        ec_GFp_simple_set_compressed_coordinates,
+        ec_GFp_simple_point2oct,
+        ec_GFp_simple_oct2point,
+        ec_GFp_simple_add,
+        ec_GFp_simple_dbl,
+        ec_GFp_simple_invert,
+        ec_GFp_simple_is_at_infinity,
+        ec_GFp_simple_is_on_curve,
+        ec_GFp_simple_cmp,
+        ec_GFp_simple_make_affine,
+        ec_GFp_simple_points_make_affine,
+        0 /* mul */ ,
+        0 /* precompute_mult */ ,
+        0 /* have_precompute_mult */ ,
+        ec_GFp_simple_field_mul,
+        ec_GFp_simple_field_sqr,
+        0 /* field_div */ ,
+        0 /* field_encode */ ,
+        0 /* field_decode */ ,
+        0                       /* field_set_to_one */
+    };
+
+    return &ret;
+}
+
+/*
+ * Most method functions in this file are designed to work with
  * non-trivial representations of field elements if necessary
  * (see ecp_mont.c): while standard modular addition and subtraction
  * are used, the field_mul and field_sqr methods will be used for
  * multiplication, and field_encode and field_decode (if defined)
  * will be used for converting between representations.
-
+ *
  * Functions ec_GFp_simple_points_make_affine() and
  * ec_GFp_simple_point_get_affine_coordinates() specifically assume
  * that if a non-trivial representation is used, it is a Montgomery
  * representation (i.e. 'encoding' means multiplying by some factor R).
  */
 
-
 int ec_GFp_simple_group_init(EC_GROUP *group)
-	{
-	BN_init(&group->field);
-	BN_init(&group->a);
-	BN_init(&group->b);
-	group->a_is_minus3 = 0;
-	return 1;
-	}
-
+{
+    BN_init(&group->field);
+    BN_init(&group->a);
+    BN_init(&group->b);
+    group->a_is_minus3 = 0;
+    return 1;
+}
 
 void ec_GFp_simple_group_finish(EC_GROUP *group)
-	{
-	BN_free(&group->field);
-	BN_free(&group->a);
-	BN_free(&group->b);
-	}
-
+{
+    BN_free(&group->field);
+    BN_free(&group->a);
+    BN_free(&group->b);
+}
 
 void ec_GFp_simple_group_clear_finish(EC_GROUP *group)
-	{
-	BN_clear_free(&group->field);
-	BN_clear_free(&group->a);
-	BN_clear_free(&group->b);
-	}
-
+{
+    BN_clear_free(&group->field);
+    BN_clear_free(&group->a);
+    BN_clear_free(&group->b);
+}
 
 int ec_GFp_simple_group_copy(EC_GROUP *dest, const EC_GROUP *src)
-	{
-	if (!BN_copy(&dest->field, &src->field)) return 0;
-	if (!BN_copy(&dest->a, &src->a)) return 0;
-	if (!BN_copy(&dest->b, &src->b)) return 0;
-
-	dest->a_is_minus3 = src->a_is_minus3;
+{
+    if (!BN_copy(&dest->field, &src->field))
+        return 0;
+    if (!BN_copy(&dest->a, &src->a))
+        return 0;
+    if (!BN_copy(&dest->b, &src->b))
+        return 0;
 
-	return 1;
-	}
+    dest->a_is_minus3 = src->a_is_minus3;
 
+    return 1;
+}
 
 int ec_GFp_simple_group_set_curve(EC_GROUP *group,
-	const BIGNUM *p, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *tmp_a;
-	
-	/* p must be a prime > 3 */
-	if (BN_num_bits(p) <= 2 || !BN_is_odd(p))
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD);
-		return 0;
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	tmp_a = BN_CTX_get(ctx);
-	if (tmp_a == NULL) goto err;
-
-	/* group->field */
-	if (!BN_copy(&group->field, p)) goto err;
-	BN_set_negative(&group->field, 0);
-
-	/* group->a */
-	if (!BN_nnmod(tmp_a, a, p, ctx)) goto err;
-	if (group->meth->field_encode)
-		{ if (!group->meth->field_encode(group, &group->a, tmp_a, ctx)) goto err; }	
-	else
-		if (!BN_copy(&group->a, tmp_a)) goto err;
-	
-	/* group->b */
-	if (!BN_nnmod(&group->b, b, p, ctx)) goto err;
-	if (group->meth->field_encode)
-		if (!group->meth->field_encode(group, &group->b, &group->b, ctx)) goto err;
-	
-	/* group->a_is_minus3 */
-	if (!BN_add_word(tmp_a, 3)) goto err;
-	group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field));
-
-	ret = 1;
+                                  const BIGNUM *p, const BIGNUM *a,
+                                  const BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp_a;
+
+    /* p must be a prime > 3 */
+    if (BN_num_bits(p) <= 2 || !BN_is_odd(p)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_GROUP_SET_CURVE, EC_R_INVALID_FIELD);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    tmp_a = BN_CTX_get(ctx);
+    if (tmp_a == NULL)
+        goto err;
+
+    /* group->field */
+    if (!BN_copy(&group->field, p))
+        goto err;
+    BN_set_negative(&group->field, 0);
+
+    /* group->a */
+    if (!BN_nnmod(tmp_a, a, p, ctx))
+        goto err;
+    if (group->meth->field_encode) {
+        if (!group->meth->field_encode(group, &group->a, tmp_a, ctx))
+            goto err;
+    } else if (!BN_copy(&group->a, tmp_a))
+        goto err;
+
+    /* group->b */
+    if (!BN_nnmod(&group->b, b, p, ctx))
+        goto err;
+    if (group->meth->field_encode)
+        if (!group->meth->field_encode(group, &group->b, &group->b, ctx))
+            goto err;
+
+    /* group->a_is_minus3 */
+    if (!BN_add_word(tmp_a, 3))
+        goto err;
+    group->a_is_minus3 = (0 == BN_cmp(tmp_a, &group->field));
+
+    ret = 1;
 
  err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BN_CTX *new_ctx = NULL;
-	
-	if (p != NULL)
-		{
-		if (!BN_copy(p, &group->field)) return 0;
-		}
-
-	if (a != NULL || b != NULL)
-		{
-		if (group->meth->field_decode)
-			{
-			if (ctx == NULL)
-				{
-				ctx = new_ctx = BN_CTX_new();
-				if (ctx == NULL)
-					return 0;
-				}
-			if (a != NULL)
-				{
-				if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
-				}
-			if (b != NULL)
-				{
-				if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
-				}
-			}
-		else
-			{
-			if (a != NULL)
-				{
-				if (!BN_copy(a, &group->a)) goto err;
-				}
-			if (b != NULL)
-				{
-				if (!BN_copy(b, &group->b)) goto err;
-				}
-			}
-		}
-	
-	ret = 1;
-	
- err:
-	if (new_ctx)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
+    BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a,
+                                  BIGNUM *b, BN_CTX *ctx)
+{
+    int ret = 0;
+    BN_CTX *new_ctx = NULL;
+
+    if (p != NULL) {
+        if (!BN_copy(p, &group->field))
+            return 0;
+    }
+
+    if (a != NULL || b != NULL) {
+        if (group->meth->field_decode) {
+            if (ctx == NULL) {
+                ctx = new_ctx = BN_CTX_new();
+                if (ctx == NULL)
+                    return 0;
+            }
+            if (a != NULL) {
+                if (!group->meth->field_decode(group, a, &group->a, ctx))
+                    goto err;
+            }
+            if (b != NULL) {
+                if (!group->meth->field_decode(group, b, &group->b, ctx))
+                    goto err;
+            }
+        } else {
+            if (a != NULL) {
+                if (!BN_copy(a, &group->a))
+                    goto err;
+            }
+            if (b != NULL) {
+                if (!BN_copy(b, &group->b))
+                    goto err;
+            }
+        }
+    }
+
+    ret = 1;
 
+ err:
+    if (new_ctx)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
 
 int ec_GFp_simple_group_get_degree(const EC_GROUP *group)
-	{
-	return BN_num_bits(&group->field);
-	}
-
+{
+    return BN_num_bits(&group->field);
+}
 
 int ec_GFp_simple_group_check_discriminant(const EC_GROUP *group, BN_CTX *ctx)
-	{
-	int ret = 0;
-	BIGNUM *a,*b,*order,*tmp_1,*tmp_2;
-	const BIGNUM *p = &group->field;
-	BN_CTX *new_ctx = NULL;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT, ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	BN_CTX_start(ctx);
-	a = BN_CTX_get(ctx);
-	b = BN_CTX_get(ctx);
-	tmp_1 = BN_CTX_get(ctx);
-	tmp_2 = BN_CTX_get(ctx);
-	order = BN_CTX_get(ctx);
-	if (order == NULL) goto err;
-
-	if (group->meth->field_decode)
-		{
-		if (!group->meth->field_decode(group, a, &group->a, ctx)) goto err;
-		if (!group->meth->field_decode(group, b, &group->b, ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_copy(a, &group->a)) goto err;
-		if (!BN_copy(b, &group->b)) goto err;
-		}
-	
-	/* check the discriminant:
-	 * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p) 
-         * 0 =< a, b < p */
-	if (BN_is_zero(a))
-		{
-		if (BN_is_zero(b)) goto err;
-		}
-	else if (!BN_is_zero(b))
-		{
-		if (!BN_mod_sqr(tmp_1, a, p, ctx)) goto err;
-		if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx)) goto err;
-		if (!BN_lshift(tmp_1, tmp_2, 2)) goto err;
-		/* tmp_1 = 4*a^3 */
-
-		if (!BN_mod_sqr(tmp_2, b, p, ctx)) goto err;
-		if (!BN_mul_word(tmp_2, 27)) goto err;
-		/* tmp_2 = 27*b^2 */
-
-		if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx)) goto err;
-		if (BN_is_zero(a)) goto err;
-		}
-	ret = 1;
-
-err:
-	if (ctx != NULL)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
+{
+    int ret = 0;
+    BIGNUM *a, *b, *order, *tmp_1, *tmp_2;
+    const BIGNUM *p = &group->field;
+    BN_CTX *new_ctx = NULL;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL) {
+            ECerr(EC_F_EC_GFP_SIMPLE_GROUP_CHECK_DISCRIMINANT,
+                  ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    BN_CTX_start(ctx);
+    a = BN_CTX_get(ctx);
+    b = BN_CTX_get(ctx);
+    tmp_1 = BN_CTX_get(ctx);
+    tmp_2 = BN_CTX_get(ctx);
+    order = BN_CTX_get(ctx);
+    if (order == NULL)
+        goto err;
+
+    if (group->meth->field_decode) {
+        if (!group->meth->field_decode(group, a, &group->a, ctx))
+            goto err;
+        if (!group->meth->field_decode(group, b, &group->b, ctx))
+            goto err;
+    } else {
+        if (!BN_copy(a, &group->a))
+            goto err;
+        if (!BN_copy(b, &group->b))
+            goto err;
+    }
+
+    /*-
+     * check the discriminant:
+     * y^2 = x^3 + a*x + b is an elliptic curve <=> 4*a^3 + 27*b^2 != 0 (mod p)
+     * 0 =< a, b < p
+     */
+    if (BN_is_zero(a)) {
+        if (BN_is_zero(b))
+            goto err;
+    } else if (!BN_is_zero(b)) {
+        if (!BN_mod_sqr(tmp_1, a, p, ctx))
+            goto err;
+        if (!BN_mod_mul(tmp_2, tmp_1, a, p, ctx))
+            goto err;
+        if (!BN_lshift(tmp_1, tmp_2, 2))
+            goto err;
+        /* tmp_1 = 4*a^3 */
+
+        if (!BN_mod_sqr(tmp_2, b, p, ctx))
+            goto err;
+        if (!BN_mul_word(tmp_2, 27))
+            goto err;
+        /* tmp_2 = 27*b^2 */
+
+        if (!BN_mod_add(a, tmp_1, tmp_2, p, ctx))
+            goto err;
+        if (BN_is_zero(a))
+            goto err;
+    }
+    ret = 1;
 
+ err:
+    if (ctx != NULL)
+        BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
 
 int ec_GFp_simple_point_init(EC_POINT *point)
-	{
-	BN_init(&point->X);
-	BN_init(&point->Y);
-	BN_init(&point->Z);
-	point->Z_is_one = 0;
-
-	return 1;
-	}
+{
+    BN_init(&point->X);
+    BN_init(&point->Y);
+    BN_init(&point->Z);
+    point->Z_is_one = 0;
 
+    return 1;
+}
 
 void ec_GFp_simple_point_finish(EC_POINT *point)
-	{
-	BN_free(&point->X);
-	BN_free(&point->Y);
-	BN_free(&point->Z);
-	}
-
+{
+    BN_free(&point->X);
+    BN_free(&point->Y);
+    BN_free(&point->Z);
+}
 
 void ec_GFp_simple_point_clear_finish(EC_POINT *point)
-	{
-	BN_clear_free(&point->X);
-	BN_clear_free(&point->Y);
-	BN_clear_free(&point->Z);
-	point->Z_is_one = 0;
-	}
-
+{
+    BN_clear_free(&point->X);
+    BN_clear_free(&point->Y);
+    BN_clear_free(&point->Z);
+    point->Z_is_one = 0;
+}
 
 int ec_GFp_simple_point_copy(EC_POINT *dest, const EC_POINT *src)
-	{
-	if (!BN_copy(&dest->X, &src->X)) return 0;
-	if (!BN_copy(&dest->Y, &src->Y)) return 0;
-	if (!BN_copy(&dest->Z, &src->Z)) return 0;
-	dest->Z_is_one = src->Z_is_one;
-
-	return 1;
-	}
-
-
-int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group, EC_POINT *point)
-	{
-	point->Z_is_one = 0;
-	BN_zero(&point->Z);
-	return 1;
-	}
-
-
-int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, const BIGNUM *y, const BIGNUM *z, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	int ret = 0;
-	
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	if (x != NULL)
-		{
-		if (!BN_nnmod(&point->X, x, &group->field, ctx)) goto err;
-		if (group->meth->field_encode)
-			{
-			if (!group->meth->field_encode(group, &point->X, &point->X, ctx)) goto err;
-			}
-		}
-	
-	if (y != NULL)
-		{
-		if (!BN_nnmod(&point->Y, y, &group->field, ctx)) goto err;
-		if (group->meth->field_encode)
-			{
-			if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx)) goto err;
-			}
-		}
-	
-	if (z != NULL)
-		{
-		int Z_is_one;
-
-		if (!BN_nnmod(&point->Z, z, &group->field, ctx)) goto err;
-		Z_is_one = BN_is_one(&point->Z);
-		if (group->meth->field_encode)
-			{
-			if (Z_is_one && (group->meth->field_set_to_one != 0))
-				{
-				if (!group->meth->field_set_to_one(group, &point->Z, ctx)) goto err;
-				}
-			else
-				{
-				if (!group->meth->field_encode(group, &point->Z, &point->Z, ctx)) goto err;
-				}
-			}
-		point->Z_is_one = Z_is_one;
-		}
-	
-	ret = 1;
-	
- err:
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group, const EC_POINT *point,
-	BIGNUM *x, BIGNUM *y, BIGNUM *z, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	int ret = 0;
-	
-	if (group->meth->field_decode != 0)
-		{
-		if (ctx == NULL)
-			{
-			ctx = new_ctx = BN_CTX_new();
-			if (ctx == NULL)
-				return 0;
-			}
-
-		if (x != NULL)
-			{
-			if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
-			}
-		if (y != NULL)
-			{
-			if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
-			}
-		if (z != NULL)
-			{
-			if (!group->meth->field_decode(group, z, &point->Z, ctx)) goto err;
-			}
-		}
-	else	
-		{
-		if (x != NULL)
-			{
-			if (!BN_copy(x, &point->X)) goto err;
-			}
-		if (y != NULL)
-			{
-			if (!BN_copy(y, &point->Y)) goto err;
-			}
-		if (z != NULL)
-			{
-			if (!BN_copy(z, &point->Z)) goto err;
-			}
-		}
-	
-	ret = 1;
+{
+    if (!BN_copy(&dest->X, &src->X))
+        return 0;
+    if (!BN_copy(&dest->Y, &src->Y))
+        return 0;
+    if (!BN_copy(&dest->Z, &src->Z))
+        return 0;
+    dest->Z_is_one = src->Z_is_one;
+
+    return 1;
+}
+
+int ec_GFp_simple_point_set_to_infinity(const EC_GROUP *group,
+                                        EC_POINT *point)
+{
+    point->Z_is_one = 0;
+    BN_zero(&point->Z);
+    return 1;
+}
+
+int ec_GFp_simple_set_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                                  EC_POINT *point,
+                                                  const BIGNUM *x,
+                                                  const BIGNUM *y,
+                                                  const BIGNUM *z,
+                                                  BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    if (x != NULL) {
+        if (!BN_nnmod(&point->X, x, &group->field, ctx))
+            goto err;
+        if (group->meth->field_encode) {
+            if (!group->meth->field_encode(group, &point->X, &point->X, ctx))
+                goto err;
+        }
+    }
+
+    if (y != NULL) {
+        if (!BN_nnmod(&point->Y, y, &group->field, ctx))
+            goto err;
+        if (group->meth->field_encode) {
+            if (!group->meth->field_encode(group, &point->Y, &point->Y, ctx))
+                goto err;
+        }
+    }
+
+    if (z != NULL) {
+        int Z_is_one;
+
+        if (!BN_nnmod(&point->Z, z, &group->field, ctx))
+            goto err;
+        Z_is_one = BN_is_one(&point->Z);
+        if (group->meth->field_encode) {
+            if (Z_is_one && (group->meth->field_set_to_one != 0)) {
+                if (!group->meth->field_set_to_one(group, &point->Z, ctx))
+                    goto err;
+            } else {
+                if (!group->
+                    meth->field_encode(group, &point->Z, &point->Z, ctx))
+                    goto err;
+            }
+        }
+        point->Z_is_one = Z_is_one;
+    }
+
+    ret = 1;
 
  err:
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x, const BIGNUM *y, BN_CTX *ctx)
-	{
-	if (x == NULL || y == NULL)
-		{
-		/* unlike for projective coordinates, we do not tolerate this */
-		ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-
-	return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y, BN_value_one(), ctx);
-	}
-
-
-int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
-	BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *Z, *Z_1, *Z_2, *Z_3;
-	const BIGNUM *Z_;
-	int ret = 0;
-
-	if (EC_POINT_is_at_infinity(group, point))
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, EC_R_POINT_AT_INFINITY);
-		return 0;
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	Z = BN_CTX_get(ctx);
-	Z_1 = BN_CTX_get(ctx);
-	Z_2 = BN_CTX_get(ctx);
-	Z_3 = BN_CTX_get(ctx);
-	if (Z_3 == NULL) goto err;
-
-	/* transform  (X, Y, Z)  into  (x, y) := (X/Z^2, Y/Z^3) */
-	
-	if (group->meth->field_decode)
-		{
-		if (!group->meth->field_decode(group, Z, &point->Z, ctx)) goto err;
-		Z_ = Z;
-		}
-	else
-		{
-		Z_ = &point->Z;
-		}
-	
-	if (BN_is_one(Z_))
-		{
-		if (group->meth->field_decode)
-			{
-			if (x != NULL)
-				{
-				if (!group->meth->field_decode(group, x, &point->X, ctx)) goto err;
-				}
-			if (y != NULL)
-				{
-				if (!group->meth->field_decode(group, y, &point->Y, ctx)) goto err;
-				}
-			}
-		else
-			{
-			if (x != NULL)
-				{
-				if (!BN_copy(x, &point->X)) goto err;
-				}
-			if (y != NULL)
-				{
-				if (!BN_copy(y, &point->Y)) goto err;
-				}
-			}
-		}
-	else
-		{
-		if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx))
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES, ERR_R_BN_LIB);
-			goto err;
-			}
-		
-		if (group->meth->field_encode == 0)
-			{
-			/* field_sqr works on standard representation */
-			if (!group->meth->field_sqr(group, Z_2, Z_1, ctx)) goto err;
-			}
-		else
-			{
-			if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx)) goto err;
-			}
-	
-		if (x != NULL)
-			{
-			/* in the Montgomery case, field_mul will cancel out Montgomery factor in X: */
-			if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx)) goto err;
-			}
-
-		if (y != NULL)
-			{
-			if (group->meth->field_encode == 0)
-				{
-				/* field_mul works on standard representation */
-				if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx)) goto err;
-				}
-			else
-				{
-				if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx)) goto err;
-				}
-
-			/* in the Montgomery case, field_mul will cancel out Montgomery factor in Y: */
-			if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx)) goto err;
-			}
-		}
-
-	ret = 1;
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_get_Jprojective_coordinates_GFp(const EC_GROUP *group,
+                                                  const EC_POINT *point,
+                                                  BIGNUM *x, BIGNUM *y,
+                                                  BIGNUM *z, BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    int ret = 0;
+
+    if (group->meth->field_decode != 0) {
+        if (ctx == NULL) {
+            ctx = new_ctx = BN_CTX_new();
+            if (ctx == NULL)
+                return 0;
+        }
+
+        if (x != NULL) {
+            if (!group->meth->field_decode(group, x, &point->X, ctx))
+                goto err;
+        }
+        if (y != NULL) {
+            if (!group->meth->field_decode(group, y, &point->Y, ctx))
+                goto err;
+        }
+        if (z != NULL) {
+            if (!group->meth->field_decode(group, z, &point->Z, ctx))
+                goto err;
+        }
+    } else {
+        if (x != NULL) {
+            if (!BN_copy(x, &point->X))
+                goto err;
+        }
+        if (y != NULL) {
+            if (!BN_copy(y, &point->Y))
+                goto err;
+        }
+        if (z != NULL) {
+            if (!BN_copy(z, &point->Z))
+                goto err;
+        }
+    }
+
+    ret = 1;
 
  err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *point,
-	const BIGNUM *x_, int y_bit, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *tmp1, *tmp2, *x, *y;
-	int ret = 0;
-
-	/* clear error queue*/
-	ERR_clear_error();
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	y_bit = (y_bit != 0);
-
-	BN_CTX_start(ctx);
-	tmp1 = BN_CTX_get(ctx);
-	tmp2 = BN_CTX_get(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	if (y == NULL) goto err;
-
-	/* Recover y.  We have a Weierstrass equation
-	 *     y^2 = x^3 + a*x + b,
-	 * so  y  is one of the square roots of  x^3 + a*x + b.
-	 */
-
-	/* tmp1 := x^3 */
-	if (!BN_nnmod(x, x_, &group->field,ctx)) goto err;
-	if (group->meth->field_decode == 0)
-		{
-		/* field_{sqr,mul} work on standard representation */
-		if (!group->meth->field_sqr(group, tmp2, x_, ctx)) goto err;
-		if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_mod_sqr(tmp2, x_, &group->field, ctx)) goto err;
-		if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx)) goto err;
-		}
-	
-	/* tmp1 := tmp1 + a*x */
-	if (group->a_is_minus3)
-		{
-		if (!BN_mod_lshift1_quick(tmp2, x, &group->field)) goto err;
-		if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field)) goto err;
-		if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
-		}
-	else
-		{
-		if (group->meth->field_decode)
-			{
-			if (!group->meth->field_decode(group, tmp2, &group->a, ctx)) goto err;
-			if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx)) goto err;
-			}
-		else
-			{
-			/* field_mul works on standard representation */
-			if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx)) goto err;
-			}
-		
-		if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
-		}
-	
-	/* tmp1 := tmp1 + b */
-	if (group->meth->field_decode)
-		{
-		if (!group->meth->field_decode(group, tmp2, &group->b, ctx)) goto err;
-		if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field)) goto err;
-		}
-	else
-		{
-		if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field)) goto err;
-		}
-	
-	if (!BN_mod_sqrt(y, tmp1, &group->field, ctx))
-		{
-		unsigned long err = ERR_peek_last_error();
-		
-		if (ERR_GET_LIB(err) == ERR_LIB_BN && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE)
-			{
-			ERR_clear_error();
-			ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
-			}
-		else
-			ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_BN_LIB);
-		goto err;
-		}
-
-	if (y_bit != BN_is_odd(y))
-		{
-		if (BN_is_zero(y))
-			{
-			int kron;
-
-			kron = BN_kronecker(x, &group->field, ctx);
-			if (kron == -2) goto err;
-
-			if (kron == 1)
-				ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSION_BIT);
-			else
-				/* BN_mod_sqrt() should have cought this error (not a square) */
-				ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, EC_R_INVALID_COMPRESSED_POINT);
-			goto err;
-			}
-		if (!BN_usub(y, &group->field, y)) goto err;
-		}
-	if (y_bit != BN_is_odd(y))
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES, ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-
-	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-
-	ret = 1;
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_point_set_affine_coordinates(const EC_GROUP *group,
+                                               EC_POINT *point,
+                                               const BIGNUM *x,
+                                               const BIGNUM *y, BN_CTX *ctx)
+{
+    if (x == NULL || y == NULL) {
+        /*
+         * unlike for projective coordinates, we do not tolerate this
+         */
+        ECerr(EC_F_EC_GFP_SIMPLE_POINT_SET_AFFINE_COORDINATES,
+              ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    return EC_POINT_set_Jprojective_coordinates_GFp(group, point, x, y,
+                                                    BN_value_one(), ctx);
+}
+
+int ec_GFp_simple_point_get_affine_coordinates(const EC_GROUP *group,
+                                               const EC_POINT *point,
+                                               BIGNUM *x, BIGNUM *y,
+                                               BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *Z, *Z_1, *Z_2, *Z_3;
+    const BIGNUM *Z_;
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+              EC_R_POINT_AT_INFINITY);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    Z = BN_CTX_get(ctx);
+    Z_1 = BN_CTX_get(ctx);
+    Z_2 = BN_CTX_get(ctx);
+    Z_3 = BN_CTX_get(ctx);
+    if (Z_3 == NULL)
+        goto err;
+
+    /* transform  (X, Y, Z)  into  (x, y) := (X/Z^2, Y/Z^3) */
+
+    if (group->meth->field_decode) {
+        if (!group->meth->field_decode(group, Z, &point->Z, ctx))
+            goto err;
+        Z_ = Z;
+    } else {
+        Z_ = &point->Z;
+    }
+
+    if (BN_is_one(Z_)) {
+        if (group->meth->field_decode) {
+            if (x != NULL) {
+                if (!group->meth->field_decode(group, x, &point->X, ctx))
+                    goto err;
+            }
+            if (y != NULL) {
+                if (!group->meth->field_decode(group, y, &point->Y, ctx))
+                    goto err;
+            }
+        } else {
+            if (x != NULL) {
+                if (!BN_copy(x, &point->X))
+                    goto err;
+            }
+            if (y != NULL) {
+                if (!BN_copy(y, &point->Y))
+                    goto err;
+            }
+        }
+    } else {
+        if (!BN_mod_inverse(Z_1, Z_, &group->field, ctx)) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT_GET_AFFINE_COORDINATES,
+                  ERR_R_BN_LIB);
+            goto err;
+        }
+
+        if (group->meth->field_encode == 0) {
+            /* field_sqr works on standard representation */
+            if (!group->meth->field_sqr(group, Z_2, Z_1, ctx))
+                goto err;
+        } else {
+            if (!BN_mod_sqr(Z_2, Z_1, &group->field, ctx))
+                goto err;
+        }
+
+        if (x != NULL) {
+            /*
+             * in the Montgomery case, field_mul will cancel out Montgomery
+             * factor in X:
+             */
+            if (!group->meth->field_mul(group, x, &point->X, Z_2, ctx))
+                goto err;
+        }
+
+        if (y != NULL) {
+            if (group->meth->field_encode == 0) {
+                /*
+                 * field_mul works on standard representation
+                 */
+                if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx))
+                    goto err;
+            } else {
+                if (!BN_mod_mul(Z_3, Z_2, Z_1, &group->field, ctx))
+                    goto err;
+            }
+
+            /*
+             * in the Montgomery case, field_mul will cancel out Montgomery
+             * factor in Y:
+             */
+            if (!group->meth->field_mul(group, y, &point->Y, Z_3, ctx))
+                goto err;
+        }
+    }
+
+    ret = 1;
 
  err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point, point_conversion_form_t form,
-	unsigned char *buf, size_t len, BN_CTX *ctx)
-	{
-	size_t ret;
-	BN_CTX *new_ctx = NULL;
-	int used_ctx = 0;
-	BIGNUM *x, *y;
-	size_t field_len, i, skip;
-
-	if ((form != POINT_CONVERSION_COMPRESSED)
-		&& (form != POINT_CONVERSION_UNCOMPRESSED)
-		&& (form != POINT_CONVERSION_HYBRID))
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
-		goto err;
-		}
-
-	if (EC_POINT_is_at_infinity(group, point))
-		{
-		/* encodes to a single 0 octet */
-		if (buf != NULL)
-			{
-			if (len < 1)
-				{
-				ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
-				return 0;
-				}
-			buf[0] = 0;
-			}
-		return 1;
-		}
-
-
-	/* ret := required output buffer length */
-	field_len = BN_num_bytes(&group->field);
-	ret = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
-	/* if 'buf' is NULL, just return required length */
-	if (buf != NULL)
-		{
-		if (len < ret)
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
-			goto err;
-			}
-
-		if (ctx == NULL)
-			{
-			ctx = new_ctx = BN_CTX_new();
-			if (ctx == NULL)
-				return 0;
-			}
-
-		BN_CTX_start(ctx);
-		used_ctx = 1;
-		x = BN_CTX_get(ctx);
-		y = BN_CTX_get(ctx);
-		if (y == NULL) goto err;
-
-		if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-
-		if ((form == POINT_CONVERSION_COMPRESSED || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
-			buf[0] = form + 1;
-		else
-			buf[0] = form;
-	
-		i = 1;
-		
-		skip = field_len - BN_num_bytes(x);
-		if (skip > field_len)
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		while (skip > 0)
-			{
-			buf[i++] = 0;
-			skip--;
-			}
-		skip = BN_bn2bin(x, buf + i);
-		i += skip;
-		if (i != 1 + field_len)
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-
-		if (form == POINT_CONVERSION_UNCOMPRESSED || form == POINT_CONVERSION_HYBRID)
-			{
-			skip = field_len - BN_num_bytes(y);
-			if (skip > field_len)
-				{
-				ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-				goto err;
-				}
-			while (skip > 0)
-				{
-				buf[i++] = 0;
-				skip--;
-				}
-			skip = BN_bn2bin(y, buf + i);
-			i += skip;
-			}
-
-		if (i != ret)
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		}
-	
-	if (used_ctx)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
+    BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_set_compressed_coordinates(const EC_GROUP *group,
+                                             EC_POINT *point,
+                                             const BIGNUM *x_, int y_bit,
+                                             BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp1, *tmp2, *x, *y;
+    int ret = 0;
+
+    /* clear error queue */
+    ERR_clear_error();
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    y_bit = (y_bit != 0);
+
+    BN_CTX_start(ctx);
+    tmp1 = BN_CTX_get(ctx);
+    tmp2 = BN_CTX_get(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    /*-
+     * Recover y.  We have a Weierstrass equation
+     *     y^2 = x^3 + a*x + b,
+     * so  y  is one of the square roots of  x^3 + a*x + b.
+     */
+
+    /* tmp1 := x^3 */
+    if (!BN_nnmod(x, x_, &group->field, ctx))
+        goto err;
+    if (group->meth->field_decode == 0) {
+        /* field_{sqr,mul} work on standard representation */
+        if (!group->meth->field_sqr(group, tmp2, x_, ctx))
+            goto err;
+        if (!group->meth->field_mul(group, tmp1, tmp2, x_, ctx))
+            goto err;
+    } else {
+        if (!BN_mod_sqr(tmp2, x_, &group->field, ctx))
+            goto err;
+        if (!BN_mod_mul(tmp1, tmp2, x_, &group->field, ctx))
+            goto err;
+    }
+
+    /* tmp1 := tmp1 + a*x */
+    if (group->a_is_minus3) {
+        if (!BN_mod_lshift1_quick(tmp2, x, &group->field))
+            goto err;
+        if (!BN_mod_add_quick(tmp2, tmp2, x, &group->field))
+            goto err;
+        if (!BN_mod_sub_quick(tmp1, tmp1, tmp2, &group->field))
+            goto err;
+    } else {
+        if (group->meth->field_decode) {
+            if (!group->meth->field_decode(group, tmp2, &group->a, ctx))
+                goto err;
+            if (!BN_mod_mul(tmp2, tmp2, x, &group->field, ctx))
+                goto err;
+        } else {
+            /* field_mul works on standard representation */
+            if (!group->meth->field_mul(group, tmp2, &group->a, x, ctx))
+                goto err;
+        }
+
+        if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field))
+            goto err;
+    }
+
+    /* tmp1 := tmp1 + b */
+    if (group->meth->field_decode) {
+        if (!group->meth->field_decode(group, tmp2, &group->b, ctx))
+            goto err;
+        if (!BN_mod_add_quick(tmp1, tmp1, tmp2, &group->field))
+            goto err;
+    } else {
+        if (!BN_mod_add_quick(tmp1, tmp1, &group->b, &group->field))
+            goto err;
+    }
+
+    if (!BN_mod_sqrt(y, tmp1, &group->field, ctx)) {
+        unsigned long err = ERR_peek_last_error();
+
+        if (ERR_GET_LIB(err) == ERR_LIB_BN
+            && ERR_GET_REASON(err) == BN_R_NOT_A_SQUARE) {
+            ERR_clear_error();
+            ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                  EC_R_INVALID_COMPRESSED_POINT);
+        } else
+            ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                  ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if (y_bit != BN_is_odd(y)) {
+        if (BN_is_zero(y)) {
+            int kron;
+
+            kron = BN_kronecker(x, &group->field, ctx);
+            if (kron == -2)
+                goto err;
+
+            if (kron == 1)
+                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                      EC_R_INVALID_COMPRESSION_BIT);
+            else
+                /*
+                 * BN_mod_sqrt() should have cought this error (not a square)
+                 */
+                ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+                      EC_R_INVALID_COMPRESSED_POINT);
+            goto err;
+        }
+        if (!BN_usub(y, &group->field, y))
+            goto err;
+    }
+    if (y_bit != BN_is_odd(y)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_SET_COMPRESSED_COORDINATES,
+              ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+        goto err;
+
+    ret = 1;
 
  err:
-	if (used_ctx)
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return 0;
-	}
+    BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
+
+size_t ec_GFp_simple_point2oct(const EC_GROUP *group, const EC_POINT *point,
+                               point_conversion_form_t form,
+                               unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    size_t ret;
+    BN_CTX *new_ctx = NULL;
+    int used_ctx = 0;
+    BIGNUM *x, *y;
+    size_t field_len, i, skip;
+
+    if ((form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_INVALID_FORM);
+        goto err;
+    }
+
+    if (EC_POINT_is_at_infinity(group, point)) {
+        /* encodes to a single 0 octet */
+        if (buf != NULL) {
+            if (len < 1) {
+                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+                return 0;
+            }
+            buf[0] = 0;
+        }
+        return 1;
+    }
+
+    /* ret := required output buffer length */
+    field_len = BN_num_bytes(&group->field);
+    ret =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    /* if 'buf' is NULL, just return required length */
+    if (buf != NULL) {
+        if (len < ret) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
+            goto err;
+        }
+
+        if (ctx == NULL) {
+            ctx = new_ctx = BN_CTX_new();
+            if (ctx == NULL)
+                return 0;
+        }
+
+        BN_CTX_start(ctx);
+        used_ctx = 1;
+        x = BN_CTX_get(ctx);
+        y = BN_CTX_get(ctx);
+        if (y == NULL)
+            goto err;
+
+        if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
+            goto err;
+
+        if ((form == POINT_CONVERSION_COMPRESSED
+             || form == POINT_CONVERSION_HYBRID) && BN_is_odd(y))
+            buf[0] = form + 1;
+        else
+            buf[0] = form;
+
+        i = 1;
+
+        skip = field_len - BN_num_bytes(x);
+        if (skip > field_len) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        while (skip > 0) {
+            buf[i++] = 0;
+            skip--;
+        }
+        skip = BN_bn2bin(x, buf + i);
+        i += skip;
+        if (i != 1 + field_len) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+
+        if (form == POINT_CONVERSION_UNCOMPRESSED
+            || form == POINT_CONVERSION_HYBRID) {
+            skip = field_len - BN_num_bytes(y);
+            if (skip > field_len) {
+                ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
+            while (skip > 0) {
+                buf[i++] = 0;
+                skip--;
+            }
+            skip = BN_bn2bin(y, buf + i);
+            i += skip;
+        }
+
+        if (i != ret) {
+            ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
 
+ err:
+    if (used_ctx)
+        BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return 0;
+}
 
 int ec_GFp_simple_oct2point(const EC_GROUP *group, EC_POINT *point,
-	const unsigned char *buf, size_t len, BN_CTX *ctx)
-	{
-	point_conversion_form_t form;
-	int y_bit;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *x, *y;
-	size_t field_len, enc_len;
-	int ret = 0;
-
-	if (len == 0)
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
-		return 0;
-		}
-	form = buf[0];
-	y_bit = form & 1;
-	form = form & ~1U;
-	if ((form != 0)	&& (form != POINT_CONVERSION_COMPRESSED)
-		&& (form != POINT_CONVERSION_UNCOMPRESSED)
-		&& (form != POINT_CONVERSION_HYBRID))
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		return 0;
-		}
-	if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit)
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		return 0;
-		}
-
-	if (form == 0)
-		{
-		if (len != 1)
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-			return 0;
-			}
-
-		return EC_POINT_set_to_infinity(group, point);
-		}
-	
-	field_len = BN_num_bytes(&group->field);
-	enc_len = (form == POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2*field_len;
-
-	if (len != enc_len)
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		return 0;
-		}
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	if (y == NULL) goto err;
-
-	if (!BN_bin2bn(buf + 1, field_len, x)) goto err;
-	if (BN_ucmp(x, &group->field) >= 0)
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-		goto err;
-		}
-
-	if (form == POINT_CONVERSION_COMPRESSED)
-		{
-		if (!EC_POINT_set_compressed_coordinates_GFp(group, point, x, y_bit, ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_bin2bn(buf + 1 + field_len, field_len, y)) goto err;
-		if (BN_ucmp(y, &group->field) >= 0)
-			{
-			ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-			goto err;
-			}
-		if (form == POINT_CONVERSION_HYBRID)
-			{
-			if (y_bit != BN_is_odd(y))
-				{
-				ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
-				goto err;
-				}
-			}
-
-		if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-		}
-	
-	if (!EC_POINT_is_on_curve(group, point, ctx)) /* test required by X9.62 */
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
-		goto err;
-		}
-
-	ret = 1;
-	
+                            const unsigned char *buf, size_t len, BN_CTX *ctx)
+{
+    point_conversion_form_t form;
+    int y_bit;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    size_t field_len, enc_len;
+    int ret = 0;
+
+    if (len == 0) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
+    form = buf[0];
+    y_bit = form & 1;
+    form = form & ~1U;
+    if ((form != 0) && (form != POINT_CONVERSION_COMPRESSED)
+        && (form != POINT_CONVERSION_UNCOMPRESSED)
+        && (form != POINT_CONVERSION_HYBRID)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+    if ((form == 0 || form == POINT_CONVERSION_UNCOMPRESSED) && y_bit) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (form == 0) {
+        if (len != 1) {
+            ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            return 0;
+        }
+
+        return EC_POINT_set_to_infinity(group, point);
+    }
+
+    field_len = BN_num_bytes(&group->field);
+    enc_len =
+        (form ==
+         POINT_CONVERSION_COMPRESSED) ? 1 + field_len : 1 + 2 * field_len;
+
+    if (len != enc_len) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        return 0;
+    }
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    if (!BN_bin2bn(buf + 1, field_len, x))
+        goto err;
+    if (BN_ucmp(x, &group->field) >= 0) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+        goto err;
+    }
+
+    if (form == POINT_CONVERSION_COMPRESSED) {
+        if (!EC_POINT_set_compressed_coordinates_GFp
+            (group, point, x, y_bit, ctx))
+            goto err;
+    } else {
+        if (!BN_bin2bn(buf + 1 + field_len, field_len, y))
+            goto err;
+        if (BN_ucmp(y, &group->field) >= 0) {
+            ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+            goto err;
+        }
+        if (form == POINT_CONVERSION_HYBRID) {
+            if (y_bit != BN_is_odd(y)) {
+                ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_INVALID_ENCODING);
+                goto err;
+            }
+        }
+
+        if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+            goto err;
+    }
+
+    /* test required by X9.62 */
+    if (!EC_POINT_is_on_curve(group, point, ctx)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_OCT2POINT, EC_R_POINT_IS_NOT_ON_CURVE);
+        goto err;
+    }
+
+    ret = 1;
+
  err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-	{
-	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-	const BIGNUM *p;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
-	int ret = 0;
-	
-	if (a == b)
-		return EC_POINT_dbl(group, r, a, ctx);
-	if (EC_POINT_is_at_infinity(group, a))
-		return EC_POINT_copy(r, b);
-	if (EC_POINT_is_at_infinity(group, b))
-		return EC_POINT_copy(r, a);
-	
-	field_mul = group->meth->field_mul;
-	field_sqr = group->meth->field_sqr;
-	p = &group->field;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	n0 = BN_CTX_get(ctx);
-	n1 = BN_CTX_get(ctx);
-	n2 = BN_CTX_get(ctx);
-	n3 = BN_CTX_get(ctx);
-	n4 = BN_CTX_get(ctx);
-	n5 = BN_CTX_get(ctx);
-	n6 = BN_CTX_get(ctx);
-	if (n6 == NULL) goto end;
-
-	/* Note that in this function we must not read components of 'a' or 'b'
-	 * once we have written the corresponding components of 'r'.
-	 * ('r' might be one of 'a' or 'b'.)
-	 */
-
-	/* n1, n2 */
-	if (b->Z_is_one)
-		{
-		if (!BN_copy(n1, &a->X)) goto end;
-		if (!BN_copy(n2, &a->Y)) goto end;
-		/* n1 = X_a */
-		/* n2 = Y_a */
-		}
-	else
-		{
-		if (!field_sqr(group, n0, &b->Z, ctx)) goto end;
-		if (!field_mul(group, n1, &a->X, n0, ctx)) goto end;
-		/* n1 = X_a * Z_b^2 */
-
-		if (!field_mul(group, n0, n0, &b->Z, ctx)) goto end;
-		if (!field_mul(group, n2, &a->Y, n0, ctx)) goto end;
-		/* n2 = Y_a * Z_b^3 */
-		}
-
-	/* n3, n4 */
-	if (a->Z_is_one)
-		{
-		if (!BN_copy(n3, &b->X)) goto end;
-		if (!BN_copy(n4, &b->Y)) goto end;
-		/* n3 = X_b */
-		/* n4 = Y_b */
-		}
-	else
-		{
-		if (!field_sqr(group, n0, &a->Z, ctx)) goto end;
-		if (!field_mul(group, n3, &b->X, n0, ctx)) goto end;
-		/* n3 = X_b * Z_a^2 */
-
-		if (!field_mul(group, n0, n0, &a->Z, ctx)) goto end;
-		if (!field_mul(group, n4, &b->Y, n0, ctx)) goto end;
-		/* n4 = Y_b * Z_a^3 */
-		}
-
-	/* n5, n6 */
-	if (!BN_mod_sub_quick(n5, n1, n3, p)) goto end;
-	if (!BN_mod_sub_quick(n6, n2, n4, p)) goto end;
-	/* n5 = n1 - n3 */
-	/* n6 = n2 - n4 */
-
-	if (BN_is_zero(n5))
-		{
-		if (BN_is_zero(n6))
-			{
-			/* a is the same point as b */
-			BN_CTX_end(ctx);
-			ret = EC_POINT_dbl(group, r, a, ctx);
-			ctx = NULL;
-			goto end;
-			}
-		else
-			{
-			/* a is the inverse of b */
-			BN_zero(&r->Z);
-			r->Z_is_one = 0;
-			ret = 1;
-			goto end;
-			}
-		}
-
-	/* 'n7', 'n8' */
-	if (!BN_mod_add_quick(n1, n1, n3, p)) goto end;
-	if (!BN_mod_add_quick(n2, n2, n4, p)) goto end;
-	/* 'n7' = n1 + n3 */
-	/* 'n8' = n2 + n4 */
-
-	/* Z_r */
-	if (a->Z_is_one && b->Z_is_one)
-		{
-		if (!BN_copy(&r->Z, n5)) goto end;
-		}
-	else
-		{
-		if (a->Z_is_one)
-			{ if (!BN_copy(n0, &b->Z)) goto end; }
-		else if (b->Z_is_one)
-			{ if (!BN_copy(n0, &a->Z)) goto end; }
-		else
-			{ if (!field_mul(group, n0, &a->Z, &b->Z, ctx)) goto end; }
-		if (!field_mul(group, &r->Z, n0, n5, ctx)) goto end;
-		}
-	r->Z_is_one = 0;
-	/* Z_r = Z_a * Z_b * n5 */
-
-	/* X_r */
-	if (!field_sqr(group, n0, n6, ctx)) goto end;
-	if (!field_sqr(group, n4, n5, ctx)) goto end;
-	if (!field_mul(group, n3, n1, n4, ctx)) goto end;
-	if (!BN_mod_sub_quick(&r->X, n0, n3, p)) goto end;
-	/* X_r = n6^2 - n5^2 * 'n7' */
-	
-	/* 'n9' */
-	if (!BN_mod_lshift1_quick(n0, &r->X, p)) goto end;
-	if (!BN_mod_sub_quick(n0, n3, n0, p)) goto end;
-	/* n9 = n5^2 * 'n7' - 2 * X_r */
-
-	/* Y_r */
-	if (!field_mul(group, n0, n0, n6, ctx)) goto end;
-	if (!field_mul(group, n5, n4, n5, ctx)) goto end; /* now n5 is n5^3 */
-	if (!field_mul(group, n1, n2, n5, ctx)) goto end;
-	if (!BN_mod_sub_quick(n0, n0, n1, p)) goto end;
-	if (BN_is_odd(n0))
-		if (!BN_add(n0, n0, p)) goto end;
-	/* now  0 <= n0 < 2*p,  and n0 is even */
-	if (!BN_rshift1(&r->Y, n0)) goto end;
-	/* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
-
-	ret = 1;
+    BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                      const EC_POINT *b, BN_CTX *ctx)
+{
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    const BIGNUM *p;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
+    int ret = 0;
+
+    if (a == b)
+        return EC_POINT_dbl(group, r, a, ctx);
+    if (EC_POINT_is_at_infinity(group, a))
+        return EC_POINT_copy(r, b);
+    if (EC_POINT_is_at_infinity(group, b))
+        return EC_POINT_copy(r, a);
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+    p = &group->field;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    n0 = BN_CTX_get(ctx);
+    n1 = BN_CTX_get(ctx);
+    n2 = BN_CTX_get(ctx);
+    n3 = BN_CTX_get(ctx);
+    n4 = BN_CTX_get(ctx);
+    n5 = BN_CTX_get(ctx);
+    n6 = BN_CTX_get(ctx);
+    if (n6 == NULL)
+        goto end;
+
+    /*
+     * Note that in this function we must not read components of 'a' or 'b'
+     * once we have written the corresponding components of 'r'. ('r' might
+     * be one of 'a' or 'b'.)
+     */
+
+    /* n1, n2 */
+    if (b->Z_is_one) {
+        if (!BN_copy(n1, &a->X))
+            goto end;
+        if (!BN_copy(n2, &a->Y))
+            goto end;
+        /* n1 = X_a */
+        /* n2 = Y_a */
+    } else {
+        if (!field_sqr(group, n0, &b->Z, ctx))
+            goto end;
+        if (!field_mul(group, n1, &a->X, n0, ctx))
+            goto end;
+        /* n1 = X_a * Z_b^2 */
+
+        if (!field_mul(group, n0, n0, &b->Z, ctx))
+            goto end;
+        if (!field_mul(group, n2, &a->Y, n0, ctx))
+            goto end;
+        /* n2 = Y_a * Z_b^3 */
+    }
+
+    /* n3, n4 */
+    if (a->Z_is_one) {
+        if (!BN_copy(n3, &b->X))
+            goto end;
+        if (!BN_copy(n4, &b->Y))
+            goto end;
+        /* n3 = X_b */
+        /* n4 = Y_b */
+    } else {
+        if (!field_sqr(group, n0, &a->Z, ctx))
+            goto end;
+        if (!field_mul(group, n3, &b->X, n0, ctx))
+            goto end;
+        /* n3 = X_b * Z_a^2 */
+
+        if (!field_mul(group, n0, n0, &a->Z, ctx))
+            goto end;
+        if (!field_mul(group, n4, &b->Y, n0, ctx))
+            goto end;
+        /* n4 = Y_b * Z_a^3 */
+    }
+
+    /* n5, n6 */
+    if (!BN_mod_sub_quick(n5, n1, n3, p))
+        goto end;
+    if (!BN_mod_sub_quick(n6, n2, n4, p))
+        goto end;
+    /* n5 = n1 - n3 */
+    /* n6 = n2 - n4 */
+
+    if (BN_is_zero(n5)) {
+        if (BN_is_zero(n6)) {
+            /* a is the same point as b */
+            BN_CTX_end(ctx);
+            ret = EC_POINT_dbl(group, r, a, ctx);
+            ctx = NULL;
+            goto end;
+        } else {
+            /* a is the inverse of b */
+            BN_zero(&r->Z);
+            r->Z_is_one = 0;
+            ret = 1;
+            goto end;
+        }
+    }
+
+    /* 'n7', 'n8' */
+    if (!BN_mod_add_quick(n1, n1, n3, p))
+        goto end;
+    if (!BN_mod_add_quick(n2, n2, n4, p))
+        goto end;
+    /* 'n7' = n1 + n3 */
+    /* 'n8' = n2 + n4 */
+
+    /* Z_r */
+    if (a->Z_is_one && b->Z_is_one) {
+        if (!BN_copy(&r->Z, n5))
+            goto end;
+    } else {
+        if (a->Z_is_one) {
+            if (!BN_copy(n0, &b->Z))
+                goto end;
+        } else if (b->Z_is_one) {
+            if (!BN_copy(n0, &a->Z))
+                goto end;
+        } else {
+            if (!field_mul(group, n0, &a->Z, &b->Z, ctx))
+                goto end;
+        }
+        if (!field_mul(group, &r->Z, n0, n5, ctx))
+            goto end;
+    }
+    r->Z_is_one = 0;
+    /* Z_r = Z_a * Z_b * n5 */
+
+    /* X_r */
+    if (!field_sqr(group, n0, n6, ctx))
+        goto end;
+    if (!field_sqr(group, n4, n5, ctx))
+        goto end;
+    if (!field_mul(group, n3, n1, n4, ctx))
+        goto end;
+    if (!BN_mod_sub_quick(&r->X, n0, n3, p))
+        goto end;
+    /* X_r = n6^2 - n5^2 * 'n7' */
+
+    /* 'n9' */
+    if (!BN_mod_lshift1_quick(n0, &r->X, p))
+        goto end;
+    if (!BN_mod_sub_quick(n0, n3, n0, p))
+        goto end;
+    /* n9 = n5^2 * 'n7' - 2 * X_r */
+
+    /* Y_r */
+    if (!field_mul(group, n0, n0, n6, ctx))
+        goto end;
+    if (!field_mul(group, n5, n4, n5, ctx))
+        goto end;               /* now n5 is n5^3 */
+    if (!field_mul(group, n1, n2, n5, ctx))
+        goto end;
+    if (!BN_mod_sub_quick(n0, n0, n1, p))
+        goto end;
+    if (BN_is_odd(n0))
+        if (!BN_add(n0, n0, p))
+            goto end;
+    /* now  0 <= n0 < 2*p,  and n0 is even */
+    if (!BN_rshift1(&r->Y, n0))
+        goto end;
+    /* Y_r = (n6 * 'n9' - 'n8' * 'n5^3') / 2 */
+
+    ret = 1;
 
  end:
-	if (ctx) /* otherwise we already called BN_CTX_end */
-		BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
-	{
-	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-	const BIGNUM *p;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *n0, *n1, *n2, *n3;
-	int ret = 0;
-	
-	if (EC_POINT_is_at_infinity(group, a))
-		{
-		BN_zero(&r->Z);
-		r->Z_is_one = 0;
-		return 1;
-		}
-
-	field_mul = group->meth->field_mul;
-	field_sqr = group->meth->field_sqr;
-	p = &group->field;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	n0 = BN_CTX_get(ctx);
-	n1 = BN_CTX_get(ctx);
-	n2 = BN_CTX_get(ctx);
-	n3 = BN_CTX_get(ctx);
-	if (n3 == NULL) goto err;
-
-	/* Note that in this function we must not read components of 'a'
-	 * once we have written the corresponding components of 'r'.
-	 * ('r' might the same as 'a'.)
-	 */
-
-	/* n1 */
-	if (a->Z_is_one)
-		{
-		if (!field_sqr(group, n0, &a->X, ctx)) goto err;
-		if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
-		if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
-		if (!BN_mod_add_quick(n1, n0, &group->a, p)) goto err;
-		/* n1 = 3 * X_a^2 + a_curve */
-		}
-	else if (group->a_is_minus3)
-		{
-		if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
-		if (!BN_mod_add_quick(n0, &a->X, n1, p)) goto err;
-		if (!BN_mod_sub_quick(n2, &a->X, n1, p)) goto err;
-		if (!field_mul(group, n1, n0, n2, ctx)) goto err;
-		if (!BN_mod_lshift1_quick(n0, n1, p)) goto err;
-		if (!BN_mod_add_quick(n1, n0, n1, p)) goto err;
-		/* n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
-		 *    = 3 * X_a^2 - 3 * Z_a^4 */
-		}
-	else
-		{
-		if (!field_sqr(group, n0, &a->X, ctx)) goto err;
-		if (!BN_mod_lshift1_quick(n1, n0, p)) goto err;
-		if (!BN_mod_add_quick(n0, n0, n1, p)) goto err;
-		if (!field_sqr(group, n1, &a->Z, ctx)) goto err;
-		if (!field_sqr(group, n1, n1, ctx)) goto err;
-		if (!field_mul(group, n1, n1, &group->a, ctx)) goto err;
-		if (!BN_mod_add_quick(n1, n1, n0, p)) goto err;
-		/* n1 = 3 * X_a^2 + a_curve * Z_a^4 */
-		}
-
-	/* Z_r */
-	if (a->Z_is_one)
-		{
-		if (!BN_copy(n0, &a->Y)) goto err;
-		}
-	else
-		{
-		if (!field_mul(group, n0, &a->Y, &a->Z, ctx)) goto err;
-		}
-	if (!BN_mod_lshift1_quick(&r->Z, n0, p)) goto err;
-	r->Z_is_one = 0;
-	/* Z_r = 2 * Y_a * Z_a */
-
-	/* n2 */
-	if (!field_sqr(group, n3, &a->Y, ctx)) goto err;
-	if (!field_mul(group, n2, &a->X, n3, ctx)) goto err;
-	if (!BN_mod_lshift_quick(n2, n2, 2, p)) goto err;
-	/* n2 = 4 * X_a * Y_a^2 */
-
-	/* X_r */
-	if (!BN_mod_lshift1_quick(n0, n2, p)) goto err;
-	if (!field_sqr(group, &r->X, n1, ctx)) goto err;
-	if (!BN_mod_sub_quick(&r->X, &r->X, n0, p)) goto err;
-	/* X_r = n1^2 - 2 * n2 */
-	
-	/* n3 */
-	if (!field_sqr(group, n0, n3, ctx)) goto err;
-	if (!BN_mod_lshift_quick(n3, n0, 3, p)) goto err;
-	/* n3 = 8 * Y_a^4 */
-	
-	/* Y_r */
-	if (!BN_mod_sub_quick(n0, n2, &r->X, p)) goto err;
-	if (!field_mul(group, n0, n1, n0, ctx)) goto err;
-	if (!BN_mod_sub_quick(&r->Y, n0, n3, p)) goto err;
-	/* Y_r = n1 * (n2 - X_r) - n3 */
-
-	ret = 1;
+    if (ctx)                    /* otherwise we already called BN_CTX_end */
+        BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a,
+                      BN_CTX *ctx)
+{
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    const BIGNUM *p;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *n0, *n1, *n2, *n3;
+    int ret = 0;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        BN_zero(&r->Z);
+        r->Z_is_one = 0;
+        return 1;
+    }
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+    p = &group->field;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    n0 = BN_CTX_get(ctx);
+    n1 = BN_CTX_get(ctx);
+    n2 = BN_CTX_get(ctx);
+    n3 = BN_CTX_get(ctx);
+    if (n3 == NULL)
+        goto err;
+
+    /*
+     * Note that in this function we must not read components of 'a' once we
+     * have written the corresponding components of 'r'. ('r' might the same
+     * as 'a'.)
+     */
+
+    /* n1 */
+    if (a->Z_is_one) {
+        if (!field_sqr(group, n0, &a->X, ctx))
+            goto err;
+        if (!BN_mod_lshift1_quick(n1, n0, p))
+            goto err;
+        if (!BN_mod_add_quick(n0, n0, n1, p))
+            goto err;
+        if (!BN_mod_add_quick(n1, n0, &group->a, p))
+            goto err;
+        /* n1 = 3 * X_a^2 + a_curve */
+    } else if (group->a_is_minus3) {
+        if (!field_sqr(group, n1, &a->Z, ctx))
+            goto err;
+        if (!BN_mod_add_quick(n0, &a->X, n1, p))
+            goto err;
+        if (!BN_mod_sub_quick(n2, &a->X, n1, p))
+            goto err;
+        if (!field_mul(group, n1, n0, n2, ctx))
+            goto err;
+        if (!BN_mod_lshift1_quick(n0, n1, p))
+            goto err;
+        if (!BN_mod_add_quick(n1, n0, n1, p))
+            goto err;
+        /*-
+         * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2)
+         *    = 3 * X_a^2 - 3 * Z_a^4
+         */
+    } else {
+        if (!field_sqr(group, n0, &a->X, ctx))
+            goto err;
+        if (!BN_mod_lshift1_quick(n1, n0, p))
+            goto err;
+        if (!BN_mod_add_quick(n0, n0, n1, p))
+            goto err;
+        if (!field_sqr(group, n1, &a->Z, ctx))
+            goto err;
+        if (!field_sqr(group, n1, n1, ctx))
+            goto err;
+        if (!field_mul(group, n1, n1, &group->a, ctx))
+            goto err;
+        if (!BN_mod_add_quick(n1, n1, n0, p))
+            goto err;
+        /* n1 = 3 * X_a^2 + a_curve * Z_a^4 */
+    }
+
+    /* Z_r */
+    if (a->Z_is_one) {
+        if (!BN_copy(n0, &a->Y))
+            goto err;
+    } else {
+        if (!field_mul(group, n0, &a->Y, &a->Z, ctx))
+            goto err;
+    }
+    if (!BN_mod_lshift1_quick(&r->Z, n0, p))
+        goto err;
+    r->Z_is_one = 0;
+    /* Z_r = 2 * Y_a * Z_a */
+
+    /* n2 */
+    if (!field_sqr(group, n3, &a->Y, ctx))
+        goto err;
+    if (!field_mul(group, n2, &a->X, n3, ctx))
+        goto err;
+    if (!BN_mod_lshift_quick(n2, n2, 2, p))
+        goto err;
+    /* n2 = 4 * X_a * Y_a^2 */
+
+    /* X_r */
+    if (!BN_mod_lshift1_quick(n0, n2, p))
+        goto err;
+    if (!field_sqr(group, &r->X, n1, ctx))
+        goto err;
+    if (!BN_mod_sub_quick(&r->X, &r->X, n0, p))
+        goto err;
+    /* X_r = n1^2 - 2 * n2 */
+
+    /* n3 */
+    if (!field_sqr(group, n0, n3, ctx))
+        goto err;
+    if (!BN_mod_lshift_quick(n3, n0, 3, p))
+        goto err;
+    /* n3 = 8 * Y_a^4 */
+
+    /* Y_r */
+    if (!BN_mod_sub_quick(n0, n2, &r->X, p))
+        goto err;
+    if (!field_mul(group, n0, n1, n0, ctx))
+        goto err;
+    if (!BN_mod_sub_quick(&r->Y, n0, n3, p))
+        goto err;
+    /* Y_r = n1 * (n2 - X_r) - n3 */
+
+    ret = 1;
 
  err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
+    BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
 
 int ec_GFp_simple_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
-	{
-	if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
-		/* point is its own inverse */
-		return 1;
-	
-	return BN_usub(&point->Y, &group->field, &point->Y);
-	}
+{
+    if (EC_POINT_is_at_infinity(group, point) || BN_is_zero(&point->Y))
+        /* point is its own inverse */
+        return 1;
 
+    return BN_usub(&point->Y, &group->field, &point->Y);
+}
 
 int ec_GFp_simple_is_at_infinity(const EC_GROUP *group, const EC_POINT *point)
-	{
-	return BN_is_zero(&point->Z);
-	}
-
-
-int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
-	{
-	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-	const BIGNUM *p;
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *rh, *tmp, *Z4, *Z6;
-	int ret = -1;
-
-	if (EC_POINT_is_at_infinity(group, point))
-		return 1;
-	
-	field_mul = group->meth->field_mul;
-	field_sqr = group->meth->field_sqr;
-	p = &group->field;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return -1;
-		}
-
-	BN_CTX_start(ctx);
-	rh = BN_CTX_get(ctx);
-	tmp = BN_CTX_get(ctx);
-	Z4 = BN_CTX_get(ctx);
-	Z6 = BN_CTX_get(ctx);
-	if (Z6 == NULL) goto err;
-
-	/* We have a curve defined by a Weierstrass equation
-	 *      y^2 = x^3 + a*x + b.
-	 * The point to consider is given in Jacobian projective coordinates
-	 * where  (X, Y, Z)  represents  (x, y) = (X/Z^2, Y/Z^3).
-	 * Substituting this and multiplying by  Z^6  transforms the above equation into
-	 *      Y^2 = X^3 + a*X*Z^4 + b*Z^6.
-	 * To test this, we add up the right-hand side in 'rh'.
-	 */
-
-	/* rh := X^2 */
-	if (!field_sqr(group, rh, &point->X, ctx)) goto err;
-
-	if (!point->Z_is_one)
-		{
-		if (!field_sqr(group, tmp, &point->Z, ctx)) goto err;
-		if (!field_sqr(group, Z4, tmp, ctx)) goto err;
-		if (!field_mul(group, Z6, Z4, tmp, ctx)) goto err;
-
-		/* rh := (rh + a*Z^4)*X */
-		if (group->a_is_minus3)
-			{
-			if (!BN_mod_lshift1_quick(tmp, Z4, p)) goto err;
-			if (!BN_mod_add_quick(tmp, tmp, Z4, p)) goto err;
-			if (!BN_mod_sub_quick(rh, rh, tmp, p)) goto err;
-			if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
-			}
-		else
-			{
-			if (!field_mul(group, tmp, Z4, &group->a, ctx)) goto err;
-			if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err;
-			if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
-			}
-
-		/* rh := rh + b*Z^6 */
-		if (!field_mul(group, tmp, &group->b, Z6, ctx)) goto err;
-		if (!BN_mod_add_quick(rh, rh, tmp, p)) goto err;
-		}
-	else
-		{
-		/* point->Z_is_one */
-
-		/* rh := (rh + a)*X */
-		if (!BN_mod_add_quick(rh, rh, &group->a, p)) goto err;
-		if (!field_mul(group, rh, rh, &point->X, ctx)) goto err;
-		/* rh := rh + b */
-		if (!BN_mod_add_quick(rh, rh, &group->b, p)) goto err;
-		}
-
-	/* 'lh' := Y^2 */
-	if (!field_sqr(group, tmp, &point->Y, ctx)) goto err;
-
-	ret = (0 == BN_ucmp(tmp, rh));
+{
+    return BN_is_zero(&point->Z);
+}
+
+int ec_GFp_simple_is_on_curve(const EC_GROUP *group, const EC_POINT *point,
+                              BN_CTX *ctx)
+{
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    const BIGNUM *p;
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *rh, *tmp, *Z4, *Z6;
+    int ret = -1;
+
+    if (EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+    p = &group->field;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    rh = BN_CTX_get(ctx);
+    tmp = BN_CTX_get(ctx);
+    Z4 = BN_CTX_get(ctx);
+    Z6 = BN_CTX_get(ctx);
+    if (Z6 == NULL)
+        goto err;
+
+    /*-
+     * We have a curve defined by a Weierstrass equation
+     *      y^2 = x^3 + a*x + b.
+     * The point to consider is given in Jacobian projective coordinates
+     * where  (X, Y, Z)  represents  (x, y) = (X/Z^2, Y/Z^3).
+     * Substituting this and multiplying by  Z^6  transforms the above equation into
+     *      Y^2 = X^3 + a*X*Z^4 + b*Z^6.
+     * To test this, we add up the right-hand side in 'rh'.
+     */
+
+    /* rh := X^2 */
+    if (!field_sqr(group, rh, &point->X, ctx))
+        goto err;
+
+    if (!point->Z_is_one) {
+        if (!field_sqr(group, tmp, &point->Z, ctx))
+            goto err;
+        if (!field_sqr(group, Z4, tmp, ctx))
+            goto err;
+        if (!field_mul(group, Z6, Z4, tmp, ctx))
+            goto err;
+
+        /* rh := (rh + a*Z^4)*X */
+        if (group->a_is_minus3) {
+            if (!BN_mod_lshift1_quick(tmp, Z4, p))
+                goto err;
+            if (!BN_mod_add_quick(tmp, tmp, Z4, p))
+                goto err;
+            if (!BN_mod_sub_quick(rh, rh, tmp, p))
+                goto err;
+            if (!field_mul(group, rh, rh, &point->X, ctx))
+                goto err;
+        } else {
+            if (!field_mul(group, tmp, Z4, &group->a, ctx))
+                goto err;
+            if (!BN_mod_add_quick(rh, rh, tmp, p))
+                goto err;
+            if (!field_mul(group, rh, rh, &point->X, ctx))
+                goto err;
+        }
+
+        /* rh := rh + b*Z^6 */
+        if (!field_mul(group, tmp, &group->b, Z6, ctx))
+            goto err;
+        if (!BN_mod_add_quick(rh, rh, tmp, p))
+            goto err;
+    } else {
+        /* point->Z_is_one */
+
+        /* rh := (rh + a)*X */
+        if (!BN_mod_add_quick(rh, rh, &group->a, p))
+            goto err;
+        if (!field_mul(group, rh, rh, &point->X, ctx))
+            goto err;
+        /* rh := rh + b */
+        if (!BN_mod_add_quick(rh, rh, &group->b, p))
+            goto err;
+    }
+
+    /* 'lh' := Y^2 */
+    if (!field_sqr(group, tmp, &point->Y, ctx))
+        goto err;
+
+    ret = (0 == BN_ucmp(tmp, rh));
 
  err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b, BN_CTX *ctx)
-	{
-	/* return values:
-	 *  -1   error
-	 *   0   equal (in affine coordinates)
-	 *   1   not equal
-	 */
-
-	int (*field_mul)(const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-	int (*field_sqr)(const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
-	const BIGNUM *tmp1_, *tmp2_;
-	int ret = -1;
-	
-	if (EC_POINT_is_at_infinity(group, a))
-		{
-		return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
-		}
-
-	if (EC_POINT_is_at_infinity(group, b))
-		return 1;
-	
-	if (a->Z_is_one && b->Z_is_one)
-		{
-		return ((BN_cmp(&a->X, &b->X) == 0) && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
-		}
-
-	field_mul = group->meth->field_mul;
-	field_sqr = group->meth->field_sqr;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return -1;
-		}
-
-	BN_CTX_start(ctx);
-	tmp1 = BN_CTX_get(ctx);
-	tmp2 = BN_CTX_get(ctx);
-	Za23 = BN_CTX_get(ctx);
-	Zb23 = BN_CTX_get(ctx);
-	if (Zb23 == NULL) goto end;
-
-	/* We have to decide whether
-	 *     (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
-	 * or equivalently, whether
-	 *     (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
-	 */
-
-	if (!b->Z_is_one)
-		{
-		if (!field_sqr(group, Zb23, &b->Z, ctx)) goto end;
-		if (!field_mul(group, tmp1, &a->X, Zb23, ctx)) goto end;
-		tmp1_ = tmp1;
-		}
-	else
-		tmp1_ = &a->X;
-	if (!a->Z_is_one)
-		{
-		if (!field_sqr(group, Za23, &a->Z, ctx)) goto end;
-		if (!field_mul(group, tmp2, &b->X, Za23, ctx)) goto end;
-		tmp2_ = tmp2;
-		}
-	else
-		tmp2_ = &b->X;
-	
-	/* compare  X_a*Z_b^2  with  X_b*Z_a^2 */
-	if (BN_cmp(tmp1_, tmp2_) != 0)
-		{
-		ret = 1; /* points differ */
-		goto end;
-		}
-
-
-	if (!b->Z_is_one)
-		{
-		if (!field_mul(group, Zb23, Zb23, &b->Z, ctx)) goto end;
-		if (!field_mul(group, tmp1, &a->Y, Zb23, ctx)) goto end;
-		/* tmp1_ = tmp1 */
-		}
-	else
-		tmp1_ = &a->Y;
-	if (!a->Z_is_one)
-		{
-		if (!field_mul(group, Za23, Za23, &a->Z, ctx)) goto end;
-		if (!field_mul(group, tmp2, &b->Y, Za23, ctx)) goto end;
-		/* tmp2_ = tmp2 */
-		}
-	else
-		tmp2_ = &b->Y;
-
-	/* compare  Y_a*Z_b^3  with  Y_b*Z_a^3 */
-	if (BN_cmp(tmp1_, tmp2_) != 0)
-		{
-		ret = 1; /* points differ */
-		goto end;
-		}
-
-	/* points are equal */
-	ret = 0;
+    BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_cmp(const EC_GROUP *group, const EC_POINT *a,
+                      const EC_POINT *b, BN_CTX *ctx)
+{
+    /*-
+     * return values:
+     *  -1   error
+     *   0   equal (in affine coordinates)
+     *   1   not equal
+     */
+
+    int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *,
+                      const BIGNUM *, BN_CTX *);
+    int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
+    const BIGNUM *tmp1_, *tmp2_;
+    int ret = -1;
+
+    if (EC_POINT_is_at_infinity(group, a)) {
+        return EC_POINT_is_at_infinity(group, b) ? 0 : 1;
+    }
+
+    if (EC_POINT_is_at_infinity(group, b))
+        return 1;
+
+    if (a->Z_is_one && b->Z_is_one) {
+        return ((BN_cmp(&a->X, &b->X) == 0)
+                && BN_cmp(&a->Y, &b->Y) == 0) ? 0 : 1;
+    }
+
+    field_mul = group->meth->field_mul;
+    field_sqr = group->meth->field_sqr;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return -1;
+    }
+
+    BN_CTX_start(ctx);
+    tmp1 = BN_CTX_get(ctx);
+    tmp2 = BN_CTX_get(ctx);
+    Za23 = BN_CTX_get(ctx);
+    Zb23 = BN_CTX_get(ctx);
+    if (Zb23 == NULL)
+        goto end;
+
+    /*-
+     * We have to decide whether
+     *     (X_a/Z_a^2, Y_a/Z_a^3) = (X_b/Z_b^2, Y_b/Z_b^3),
+     * or equivalently, whether
+     *     (X_a*Z_b^2, Y_a*Z_b^3) = (X_b*Z_a^2, Y_b*Z_a^3).
+     */
+
+    if (!b->Z_is_one) {
+        if (!field_sqr(group, Zb23, &b->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp1, &a->X, Zb23, ctx))
+            goto end;
+        tmp1_ = tmp1;
+    } else
+        tmp1_ = &a->X;
+    if (!a->Z_is_one) {
+        if (!field_sqr(group, Za23, &a->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp2, &b->X, Za23, ctx))
+            goto end;
+        tmp2_ = tmp2;
+    } else
+        tmp2_ = &b->X;
+
+    /* compare  X_a*Z_b^2  with  X_b*Z_a^2 */
+    if (BN_cmp(tmp1_, tmp2_) != 0) {
+        ret = 1;                /* points differ */
+        goto end;
+    }
+
+    if (!b->Z_is_one) {
+        if (!field_mul(group, Zb23, Zb23, &b->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp1, &a->Y, Zb23, ctx))
+            goto end;
+        /* tmp1_ = tmp1 */
+    } else
+        tmp1_ = &a->Y;
+    if (!a->Z_is_one) {
+        if (!field_mul(group, Za23, Za23, &a->Z, ctx))
+            goto end;
+        if (!field_mul(group, tmp2, &b->Y, Za23, ctx))
+            goto end;
+        /* tmp2_ = tmp2 */
+    } else
+        tmp2_ = &b->Y;
+
+    /* compare  Y_a*Z_b^3  with  Y_b*Z_a^3 */
+    if (BN_cmp(tmp1_, tmp2_) != 0) {
+        ret = 1;                /* points differ */
+        goto end;
+    }
+
+    /* points are equal */
+    ret = 0;
 
  end:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *x, *y;
-	int ret = 0;
-
-	if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
-		return 1;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	if (y == NULL) goto err;
-
-	if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-	if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx)) goto err;
-	if (!point->Z_is_one)
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-	
-	ret = 1;
+    BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_make_affine(const EC_GROUP *group, EC_POINT *point,
+                              BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *x, *y;
+    int ret = 0;
+
+    if (point->Z_is_one || EC_POINT_is_at_infinity(group, point))
+        return 1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+    if (y == NULL)
+        goto err;
+
+    if (!EC_POINT_get_affine_coordinates_GFp(group, point, x, y, ctx))
+        goto err;
+    if (!EC_POINT_set_affine_coordinates_GFp(group, point, x, y, ctx))
+        goto err;
+    if (!point->Z_is_one) {
+        ECerr(EC_F_EC_GFP_SIMPLE_MAKE_AFFINE, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+
+    ret = 1;
 
  err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	return ret;
-	}
-
-
-int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT *points[], BN_CTX *ctx)
-	{
-	BN_CTX *new_ctx = NULL;
-	BIGNUM *tmp, *tmp_Z;
-	BIGNUM **prod_Z = NULL;
-	size_t i;
-	int ret = 0;
-
-	if (num == 0)
-		return 1;
-
-	if (ctx == NULL)
-		{
-		ctx = new_ctx = BN_CTX_new();
-		if (ctx == NULL)
-			return 0;
-		}
-
-	BN_CTX_start(ctx);
-	tmp = BN_CTX_get(ctx);
-	tmp_Z = BN_CTX_get(ctx);
-	if (tmp == NULL || tmp_Z == NULL) goto err;
-
-	prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]);
-	if (prod_Z == NULL) goto err;
-	for (i = 0; i < num; i++)
-		{
-		prod_Z[i] = BN_new();
-		if (prod_Z[i] == NULL) goto err;
-		}
-
-	/* Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z,
-	 * skipping any zero-valued inputs (pretend that they're 1). */
-
-	if (!BN_is_zero(&points[0]->Z))
-		{
-		if (!BN_copy(prod_Z[0], &points[0]->Z)) goto err;
-		}
-	else
-		{
-		if (group->meth->field_set_to_one != 0)
-			{
-			if (!group->meth->field_set_to_one(group, prod_Z[0], ctx)) goto err;
-			}
-		else
-			{
-			if (!BN_one(prod_Z[0])) goto err;
-			}
-		}
-
-	for (i = 1; i < num; i++)
-		{
-		if (!BN_is_zero(&points[i]->Z))
-			{
-			if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1], &points[i]->Z, ctx)) goto err;
-			}
-		else
-			{
-			if (!BN_copy(prod_Z[i], prod_Z[i - 1])) goto err;
-			}
-		}
-
-	/* Now use a single explicit inversion to replace every
-	 * non-zero points[i]->Z by its inverse. */
-
-	if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx))
-		{
-		ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
-		goto err;
-		}
-	if (group->meth->field_encode != 0)
-		{
-		/* In the Montgomery case, we just turned  R*H  (representing H)
-		 * into  1/(R*H),  but we need  R*(1/H)  (representing 1/H);
-		 * i.e. we need to multiply by the Montgomery factor twice. */
-		if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
-		if (!group->meth->field_encode(group, tmp, tmp, ctx)) goto err;
-		}
-
-	for (i = num - 1; i > 0; --i)
-		{
-		/* Loop invariant: tmp is the product of the inverses of
-		 * points[0]->Z .. points[i]->Z (zero-valued inputs skipped). */
-		if (!BN_is_zero(&points[i]->Z))
-			{
-			/* Set tmp_Z to the inverse of points[i]->Z (as product
-			 * of Z inverses 0 .. i, Z values 0 .. i - 1). */
-			if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx)) goto err;
-			/* Update tmp to satisfy the loop invariant for i - 1. */
-			if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx)) goto err;
-			/* Replace points[i]->Z by its inverse. */
-			if (!BN_copy(&points[i]->Z, tmp_Z)) goto err;
-			}
-		}
-
-	if (!BN_is_zero(&points[0]->Z))
-		{
-		/* Replace points[0]->Z by its inverse. */
-		if (!BN_copy(&points[0]->Z, tmp)) goto err;
-		}
-
-	/* Finally, fix up the X and Y coordinates for all points. */
-
-	for (i = 0; i < num; i++)
-		{
-		EC_POINT *p = points[i];
-
-		if (!BN_is_zero(&p->Z))
-			{
-			/* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */
-
-			if (!group->meth->field_sqr(group, tmp, &p->Z, ctx)) goto err;
-			if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx)) goto err;
-
-			if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx)) goto err;
-			if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx)) goto err;
-
-			if (group->meth->field_set_to_one != 0)
-				{
-				if (!group->meth->field_set_to_one(group, &p->Z, ctx)) goto err;
-				}
-			else
-				{
-				if (!BN_one(&p->Z)) goto err;
-				}
-			p->Z_is_one = 1;
-			}
-		}
-
-	ret = 1;
+    BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    return ret;
+}
+
+int ec_GFp_simple_points_make_affine(const EC_GROUP *group, size_t num,
+                                     EC_POINT *points[], BN_CTX *ctx)
+{
+    BN_CTX *new_ctx = NULL;
+    BIGNUM *tmp, *tmp_Z;
+    BIGNUM **prod_Z = NULL;
+    size_t i;
+    int ret = 0;
+
+    if (num == 0)
+        return 1;
+
+    if (ctx == NULL) {
+        ctx = new_ctx = BN_CTX_new();
+        if (ctx == NULL)
+            return 0;
+    }
+
+    BN_CTX_start(ctx);
+    tmp = BN_CTX_get(ctx);
+    tmp_Z = BN_CTX_get(ctx);
+    if (tmp == NULL || tmp_Z == NULL)
+        goto err;
+
+    prod_Z = OPENSSL_malloc(num * sizeof prod_Z[0]);
+    if (prod_Z == NULL)
+        goto err;
+    for (i = 0; i < num; i++) {
+        prod_Z[i] = BN_new();
+        if (prod_Z[i] == NULL)
+            goto err;
+    }
+
+    /*
+     * Set each prod_Z[i] to the product of points[0]->Z .. points[i]->Z,
+     * skipping any zero-valued inputs (pretend that they're 1).
+     */
+
+    if (!BN_is_zero(&points[0]->Z)) {
+        if (!BN_copy(prod_Z[0], &points[0]->Z))
+            goto err;
+    } else {
+        if (group->meth->field_set_to_one != 0) {
+            if (!group->meth->field_set_to_one(group, prod_Z[0], ctx))
+                goto err;
+        } else {
+            if (!BN_one(prod_Z[0]))
+                goto err;
+        }
+    }
+
+    for (i = 1; i < num; i++) {
+        if (!BN_is_zero(&points[i]->Z)) {
+            if (!group->meth->field_mul(group, prod_Z[i], prod_Z[i - 1],
+                                        &points[i]->Z, ctx))
+                goto err;
+        } else {
+            if (!BN_copy(prod_Z[i], prod_Z[i - 1]))
+                goto err;
+        }
+    }
+
+    /*
+     * Now use a single explicit inversion to replace every non-zero
+     * points[i]->Z by its inverse.
+     */
+
+    if (!BN_mod_inverse(tmp, prod_Z[num - 1], &group->field, ctx)) {
+        ECerr(EC_F_EC_GFP_SIMPLE_POINTS_MAKE_AFFINE, ERR_R_BN_LIB);
+        goto err;
+    }
+    if (group->meth->field_encode != 0) {
+        /*
+         * In the Montgomery case, we just turned R*H (representing H) into
+         * 1/(R*H), but we need R*(1/H) (representing 1/H); i.e. we need to
+         * multiply by the Montgomery factor twice.
+         */
+        if (!group->meth->field_encode(group, tmp, tmp, ctx))
+            goto err;
+        if (!group->meth->field_encode(group, tmp, tmp, ctx))
+            goto err;
+    }
+
+    for (i = num - 1; i > 0; --i) {
+        /*
+         * Loop invariant: tmp is the product of the inverses of points[0]->Z
+         * .. points[i]->Z (zero-valued inputs skipped).
+         */
+        if (!BN_is_zero(&points[i]->Z)) {
+            /*
+             * Set tmp_Z to the inverse of points[i]->Z (as product of Z
+             * inverses 0 .. i, Z values 0 .. i - 1).
+             */
+            if (!group->
+                meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx))
+                goto err;
+            /*
+             * Update tmp to satisfy the loop invariant for i - 1.
+             */
+            if (!group->meth->field_mul(group, tmp, tmp, &points[i]->Z, ctx))
+                goto err;
+            /* Replace points[i]->Z by its inverse. */
+            if (!BN_copy(&points[i]->Z, tmp_Z))
+                goto err;
+        }
+    }
+
+    if (!BN_is_zero(&points[0]->Z)) {
+        /* Replace points[0]->Z by its inverse. */
+        if (!BN_copy(&points[0]->Z, tmp))
+            goto err;
+    }
+
+    /* Finally, fix up the X and Y coordinates for all points. */
+
+    for (i = 0; i < num; i++) {
+        EC_POINT *p = points[i];
+
+        if (!BN_is_zero(&p->Z)) {
+            /* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */
+
+            if (!group->meth->field_sqr(group, tmp, &p->Z, ctx))
+                goto err;
+            if (!group->meth->field_mul(group, &p->X, &p->X, tmp, ctx))
+                goto err;
+
+            if (!group->meth->field_mul(group, tmp, tmp, &p->Z, ctx))
+                goto err;
+            if (!group->meth->field_mul(group, &p->Y, &p->Y, tmp, ctx))
+                goto err;
+
+            if (group->meth->field_set_to_one != 0) {
+                if (!group->meth->field_set_to_one(group, &p->Z, ctx))
+                    goto err;
+            } else {
+                if (!BN_one(&p->Z))
+                    goto err;
+            }
+            p->Z_is_one = 1;
+        }
+    }
+
+    ret = 1;
 
  err:
-	BN_CTX_end(ctx);
-	if (new_ctx != NULL)
-		BN_CTX_free(new_ctx);
-	if (prod_Z != NULL)
-		{
-		for (i = 0; i < num; i++)
-			{
-			if (prod_Z[i] != NULL)
-				BN_clear_free(prod_Z[i]);
-			}
-		OPENSSL_free(prod_Z);
-		}
-	return ret;
-	}
-
-
-int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx)
-	{
-	return BN_mod_mul(r, a, b, &group->field, ctx);
-	}
-
-
-int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-	{
-	return BN_mod_sqr(r, a, &group->field, ctx);
-	}
+    BN_CTX_end(ctx);
+    if (new_ctx != NULL)
+        BN_CTX_free(new_ctx);
+    if (prod_Z != NULL) {
+        for (i = 0; i < num; i++) {
+            if (prod_Z[i] == NULL)
+                break;
+            BN_clear_free(prod_Z[i]);
+        }
+        OPENSSL_free(prod_Z);
+    }
+    return ret;
+}
+
+int ec_GFp_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                            const BIGNUM *b, BN_CTX *ctx)
+{
+    return BN_mod_mul(r, a, b, &group->field, ctx);
+}
+
+int ec_GFp_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+                            BN_CTX *ctx)
+{
+    return BN_mod_sqr(r, a, &group->field, ctx);
+}
diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c
index 4d2ede75..f1ec12d2 100644
--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c
+++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,34 +66,31 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDH,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDH,0,reason)
 
-static ERR_STRING_DATA ECDH_str_functs[]=
-	{
-{ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY),	"ECDH_compute_key"},
-{ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD),	"ECDH_DATA_NEW_METHOD"},
-{0,NULL}
-	};
+static ERR_STRING_DATA ECDH_str_functs[] = {
+    {ERR_FUNC(ECDH_F_ECDH_COMPUTE_KEY), "ECDH_compute_key"},
+    {ERR_FUNC(ECDH_F_ECDH_DATA_NEW_METHOD), "ECDH_DATA_NEW_METHOD"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA ECDH_str_reasons[]=
-	{
-{ERR_REASON(ECDH_R_KDF_FAILED)           ,"KDF failed"},
-{ERR_REASON(ECDH_R_NO_PRIVATE_VALUE)     ,"no private value"},
-{ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE),"point arithmetic failure"},
-{0,NULL}
-	};
+static ERR_STRING_DATA ECDH_str_reasons[] = {
+    {ERR_REASON(ECDH_R_KDF_FAILED), "KDF failed"},
+    {ERR_REASON(ECDH_R_NO_PRIVATE_VALUE), "no private value"},
+    {ERR_REASON(ECDH_R_POINT_ARITHMETIC_FAILURE), "point arithmetic failure"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_ECDH_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,ECDH_str_functs);
-		ERR_load_strings(0,ECDH_str_reasons);
-		}
+    if (ERR_func_error_string(ECDH_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, ECDH_str_functs);
+        ERR_load_strings(0, ECDH_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c
index f44da929..4045fb2f 100644
--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c
+++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_key.c
@@ -21,7 +21,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -69,15 +69,16 @@
 
 #include "ech_locl.h"
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 
 int ECDH_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-	EC_KEY *eckey,
-	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
+                     EC_KEY *eckey,
+                     void *(*KDF) (const void *in, size_t inlen, void *out,
+                                   size_t *outlen))
 {
-	ECDH_DATA *ecdh = ecdh_check(eckey);
-	if (ecdh == NULL)
-		return 0;
-	return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF);
+    ECDH_DATA *ecdh = ecdh_check(eckey);
+    if (ecdh == NULL)
+        return 0;
+    return ecdh->meth->compute_key(out, outlen, pub_key, eckey, KDF);
 }
diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c
index f9ba5fb5..4bba0743 100644
--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c
+++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_lib.c
@@ -21,7 +21,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -70,179 +70,173 @@
 #include "ech_locl.h"
 #include <string.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 #include <openssl/err.h>
 
-const char ECDH_version[]="ECDH" OPENSSL_VERSION_PTEXT;
+const char ECDH_version[] = "ECDH" OPENSSL_VERSION_PTEXT;
 
 static const ECDH_METHOD *default_ECDH_method = NULL;
 
 static void *ecdh_data_new(void);
 static void *ecdh_data_dup(void *);
-static void  ecdh_data_free(void *);
+static void ecdh_data_free(void *);
 
 void ECDH_set_default_method(const ECDH_METHOD *meth)
-	{
-	default_ECDH_method = meth;
-	}
+{
+    default_ECDH_method = meth;
+}
 
 const ECDH_METHOD *ECDH_get_default_method(void)
-	{
-	if(!default_ECDH_method) 
-		default_ECDH_method = ECDH_OpenSSL();
-	return default_ECDH_method;
-	}
+{
+    if (!default_ECDH_method)
+        default_ECDH_method = ECDH_OpenSSL();
+    return default_ECDH_method;
+}
 
 int ECDH_set_method(EC_KEY *eckey, const ECDH_METHOD *meth)
-	{
-	ECDH_DATA *ecdh;
+{
+    ECDH_DATA *ecdh;
 
-	ecdh = ecdh_check(eckey);
+    ecdh = ecdh_check(eckey);
 
-	if (ecdh == NULL)
-		return 0;
+    if (ecdh == NULL)
+        return 0;
 
 #ifndef OPENSSL_NO_ENGINE
-	if (ecdh->engine)
-		{
-		ENGINE_finish(ecdh->engine);
-		ecdh->engine = NULL;
-		}
+    if (ecdh->engine) {
+        ENGINE_finish(ecdh->engine);
+        ecdh->engine = NULL;
+    }
 #endif
-        ecdh->meth = meth;
+    ecdh->meth = meth;
 #if 0
-        if (meth->init) 
-		meth->init(eckey);
+    if (meth->init)
+        meth->init(eckey);
 #endif
-        return 1;
-	}
+    return 1;
+}
 
 static ECDH_DATA *ECDH_DATA_new_method(ENGINE *engine)
-	{
-	ECDH_DATA *ret;
+{
+    ECDH_DATA *ret;
 
-	ret=(ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA));
-	if (ret == NULL)
-		{
-		ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
+    ret = (ECDH_DATA *)OPENSSL_malloc(sizeof(ECDH_DATA));
+    if (ret == NULL) {
+        ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
 
-	ret->init = NULL;
+    ret->init = NULL;
 
-	ret->meth = ECDH_get_default_method();
-	ret->engine = engine;
+    ret->meth = ECDH_get_default_method();
+    ret->engine = engine;
 #ifndef OPENSSL_NO_ENGINE
-	if (!ret->engine)
-		ret->engine = ENGINE_get_default_ECDH();
-	if (ret->engine)
-		{
-		ret->meth = ENGINE_get_ECDH(ret->engine);
-		if (!ret->meth)
-			{
-			ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
-			ENGINE_finish(ret->engine);
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		}
+    if (!ret->engine)
+        ret->engine = ENGINE_get_default_ECDH();
+    if (ret->engine) {
+        ret->meth = ENGINE_get_ECDH(ret->engine);
+        if (!ret->meth) {
+            ECDHerr(ECDH_F_ECDH_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            ENGINE_finish(ret->engine);
+            OPENSSL_free(ret);
+            return NULL;
+        }
+    }
 #endif
 
-	ret->flags = ret->meth->flags;
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
+    ret->flags = ret->meth->flags;
+    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
 #if 0
-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-		{
-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
-		OPENSSL_free(ret);
-		ret=NULL;
-		}
-#endif	
-	return(ret);
-	}
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, ret, &ret->ex_data);
+        OPENSSL_free(ret);
+        ret = NULL;
+    }
+#endif
+    return (ret);
+}
 
 static void *ecdh_data_new(void)
-	{
-	return (void *)ECDH_DATA_new_method(NULL);
-	}
+{
+    return (void *)ECDH_DATA_new_method(NULL);
+}
 
 static void *ecdh_data_dup(void *data)
 {
-	ECDH_DATA *r = (ECDH_DATA *)data;
+    ECDH_DATA *r = (ECDH_DATA *)data;
 
-	/* XXX: dummy operation */
-	if (r == NULL)
-		return NULL;
+    /* XXX: dummy operation */
+    if (r == NULL)
+        return NULL;
 
-	return (void *)ecdh_data_new();
+    return (void *)ecdh_data_new();
 }
 
 void ecdh_data_free(void *data)
-	{
-	ECDH_DATA *r = (ECDH_DATA *)data;
+{
+    ECDH_DATA *r = (ECDH_DATA *)data;
 
 #ifndef OPENSSL_NO_ENGINE
-	if (r->engine)
-		ENGINE_finish(r->engine);
+    if (r->engine)
+        ENGINE_finish(r->engine);
 #endif
 
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDH, r, &r->ex_data);
 
-	OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA));
+    OPENSSL_cleanse((void *)r, sizeof(ECDH_DATA));
 
-	OPENSSL_free(r);
-	}
+    OPENSSL_free(r);
+}
 
 ECDH_DATA *ecdh_check(EC_KEY *key)
-	{
-	ECDH_DATA *ecdh_data;
- 
-	void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup,
-					ecdh_data_free, ecdh_data_free);
-	if (data == NULL)
-	{
-		ecdh_data = (ECDH_DATA *)ecdh_data_new();
-		if (ecdh_data == NULL)
-			return NULL;
-		data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
-			   ecdh_data_dup, ecdh_data_free, ecdh_data_free);
-		if (data != NULL)
-			{
-			/* Another thread raced us to install the key_method
-			 * data and won. */
-			ecdh_data_free(ecdh_data);
-			ecdh_data = (ECDH_DATA *)data;
-			}
-	}
-	else
-		ecdh_data = (ECDH_DATA *)data;
-	
-
-	return ecdh_data;
-	}
+{
+    ECDH_DATA *ecdh_data;
+
+    void *data = EC_KEY_get_key_method_data(key, ecdh_data_dup,
+                                            ecdh_data_free, ecdh_data_free);
+    if (data == NULL) {
+        ecdh_data = (ECDH_DATA *)ecdh_data_new();
+        if (ecdh_data == NULL)
+            return NULL;
+        data = EC_KEY_insert_key_method_data(key, (void *)ecdh_data,
+                                             ecdh_data_dup, ecdh_data_free,
+                                             ecdh_data_free);
+        if (data != NULL) {
+            /*
+             * Another thread raced us to install the key_method data and
+             * won.
+             */
+            ecdh_data_free(ecdh_data);
+            ecdh_data = (ECDH_DATA *)data;
+        }
+    } else
+        ecdh_data = (ECDH_DATA *)data;
+
+    return ecdh_data;
+}
 
 int ECDH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-	{
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp,
-				new_func, dup_func, free_func);
-	}
+                          CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDH, argl, argp,
+                                   new_func, dup_func, free_func);
+}
 
 int ECDH_set_ex_data(EC_KEY *d, int idx, void *arg)
-	{
-	ECDH_DATA *ecdh;
-	ecdh = ecdh_check(d);
-	if (ecdh == NULL)
-		return 0;
-	return(CRYPTO_set_ex_data(&ecdh->ex_data,idx,arg));
-	}
+{
+    ECDH_DATA *ecdh;
+    ecdh = ecdh_check(d);
+    if (ecdh == NULL)
+        return 0;
+    return (CRYPTO_set_ex_data(&ecdh->ex_data, idx, arg));
+}
 
 void *ECDH_get_ex_data(EC_KEY *d, int idx)
-	{
-	ECDH_DATA *ecdh;
-	ecdh = ecdh_check(d);
-	if (ecdh == NULL)
-		return NULL;
-	return(CRYPTO_get_ex_data(&ecdh->ex_data,idx));
-	}
+{
+    ECDH_DATA *ecdh;
+    ecdh = ecdh_check(d);
+    if (ecdh == NULL)
+        return NULL;
+    return (CRYPTO_get_ex_data(&ecdh->ex_data, idx));
+}
diff --git a/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c b/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c
index 2a40ff12..6a8243d4 100644
--- a/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c
+++ b/Cryptlib/OpenSSL/crypto/ecdh/ech_ossl.c
@@ -21,7 +21,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -67,7 +67,6 @@
  *
  */
 
-
 #include <string.h>
 #include <limits.h>
 
@@ -80,134 +79,127 @@
 #include <openssl/bn.h>
 
 static int ecdh_compute_key(void *out, size_t len, const EC_POINT *pub_key,
-	EC_KEY *ecdh, 
-	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen));
+                            EC_KEY *ecdh,
+                            void *(*KDF) (const void *in, size_t inlen,
+                                          void *out, size_t *outlen));
 
 static ECDH_METHOD openssl_ecdh_meth = {
-	"OpenSSL ECDH method",
-	ecdh_compute_key,
+    "OpenSSL ECDH method",
+    ecdh_compute_key,
 #if 0
-	NULL, /* init     */
-	NULL, /* finish   */
+    NULL,                       /* init */
+    NULL,                       /* finish */
 #endif
-	0,    /* flags    */
-	NULL  /* app_data */
+    0,                          /* flags */
+    NULL                        /* app_data */
 };
 
 const ECDH_METHOD *ECDH_OpenSSL(void)
-	{
-	return &openssl_ecdh_meth;
-	}
-
+{
+    return &openssl_ecdh_meth;
+}
 
-/* This implementation is based on the following primitives in the IEEE 1363 standard:
+/*-
+ * This implementation is based on the following primitives in the IEEE 1363 standard:
  *  - ECKAS-DH1
  *  - ECSVDP-DH
  * Finally an optional KDF is applied.
  */
 static int ecdh_compute_key(void *out, size_t outlen, const EC_POINT *pub_key,
-	EC_KEY *ecdh,
-	void *(*KDF)(const void *in, size_t inlen, void *out, size_t *outlen))
-	{
-	BN_CTX *ctx;
-	EC_POINT *tmp=NULL;
-	BIGNUM *x=NULL, *y=NULL;
-	const BIGNUM *priv_key;
-	const EC_GROUP* group;
-	int ret= -1;
-	size_t buflen, len;
-	unsigned char *buf=NULL;
-
-	if (outlen > INT_MAX)
-		{
-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE); /* sort of, anyway */
-		return -1;
-		}
-
-	if ((ctx = BN_CTX_new()) == NULL) goto err;
-	BN_CTX_start(ctx);
-	x = BN_CTX_get(ctx);
-	y = BN_CTX_get(ctx);
-	
-	priv_key = EC_KEY_get0_private_key(ecdh);
-	if (priv_key == NULL)
-		{
-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_NO_PRIVATE_VALUE);
-		goto err;
-		}
-
-	group = EC_KEY_get0_group(ecdh);
-	if ((tmp=EC_POINT_new(group)) == NULL)
-		{
-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) 
-		{
-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-		goto err;
-		}
-		
-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field) 
-		{
-		if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) 
-			{
-			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-			goto err;
-			}
-		}
-	else
-		{
-		if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) 
-			{
-			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_POINT_ARITHMETIC_FAILURE);
-			goto err;
-			}
-		}
-
-	buflen = (EC_GROUP_get_degree(group) + 7)/8;
-	len = BN_num_bytes(x);
-	if (len > buflen)
-		{
-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_INTERNAL_ERROR);
-		goto err;
-		}
-	if ((buf = OPENSSL_malloc(buflen)) == NULL)
-		{
-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	
-	memset(buf, 0, buflen - len);
-	if (len != (size_t)BN_bn2bin(x, buf + buflen - len))
-		{
-		ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ERR_R_BN_LIB);
-		goto err;
-		}
-
-	if (KDF != 0)
-		{
-		if (KDF(buf, buflen, out, &outlen) == NULL)
-			{
-			ECDHerr(ECDH_F_ECDH_COMPUTE_KEY,ECDH_R_KDF_FAILED);
-			goto err;
-			}
-		ret = outlen;
-		}
-	else
-		{
-		/* no KDF, just copy as much as we can */
-		if (outlen > buflen)
-			outlen = buflen;
-		memcpy(out, buf, outlen);
-		ret = outlen;
-		}
-	
-err:
-	if (tmp) EC_POINT_free(tmp);
-	if (ctx) BN_CTX_end(ctx);
-	if (ctx) BN_CTX_free(ctx);
-	if (buf) OPENSSL_free(buf);
-	return(ret);
-	}
+                            EC_KEY *ecdh,
+                            void *(*KDF) (const void *in, size_t inlen,
+                                          void *out, size_t *outlen))
+{
+    BN_CTX *ctx;
+    EC_POINT *tmp = NULL;
+    BIGNUM *x = NULL, *y = NULL;
+    const BIGNUM *priv_key;
+    const EC_GROUP *group;
+    int ret = -1;
+    size_t buflen, len;
+    unsigned char *buf = NULL;
+
+    if (outlen > INT_MAX) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); /* sort of,
+                                                                 * anyway */
+        return -1;
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    x = BN_CTX_get(ctx);
+    y = BN_CTX_get(ctx);
+
+    priv_key = EC_KEY_get0_private_key(ecdh);
+    if (priv_key == NULL) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_NO_PRIVATE_VALUE);
+        goto err;
+    }
+
+    group = EC_KEY_get0_group(ecdh);
+    if ((tmp = EC_POINT_new(group)) == NULL) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (!EC_POINT_mul(group, tmp, NULL, pub_key, priv_key, ctx)) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
+        goto err;
+    }
+
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+        NID_X9_62_prime_field) {
+        if (!EC_POINT_get_affine_coordinates_GFp(group, tmp, x, y, ctx)) {
+            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
+            goto err;
+        }
+    } else {
+        if (!EC_POINT_get_affine_coordinates_GF2m(group, tmp, x, y, ctx)) {
+            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_POINT_ARITHMETIC_FAILURE);
+            goto err;
+        }
+    }
+
+    buflen = (EC_GROUP_get_degree(group) + 7) / 8;
+    len = BN_num_bytes(x);
+    if (len > buflen) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR);
+        goto err;
+    }
+    if ((buf = OPENSSL_malloc(buflen)) == NULL) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    memset(buf, 0, buflen - len);
+    if (len != (size_t)BN_bn2bin(x, buf + buflen - len)) {
+        ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if (KDF != 0) {
+        if (KDF(buf, buflen, out, &outlen) == NULL) {
+            ECDHerr(ECDH_F_ECDH_COMPUTE_KEY, ECDH_R_KDF_FAILED);
+            goto err;
+        }
+        ret = outlen;
+    } else {
+        /* no KDF, just copy as much as we can */
+        if (outlen > buflen)
+            outlen = buflen;
+        memcpy(out, buf, outlen);
+        ret = outlen;
+    }
+
+ err:
+    if (tmp)
+        EC_POINT_free(tmp);
+    if (ctx)
+        BN_CTX_end(ctx);
+    if (ctx)
+        BN_CTX_free(ctx);
+    if (buf)
+        OPENSSL_free(buf);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c
index b2954894..508b079f 100644
--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c
+++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_asn1.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,8 +58,8 @@
 #include <openssl/asn1t.h>
 
 ASN1_SEQUENCE(ECDSA_SIG) = {
-	ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
-	ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
+        ASN1_SIMPLE(ECDSA_SIG, r, CBIGNUM),
+        ASN1_SIMPLE(ECDSA_SIG, s, CBIGNUM)
 } ASN1_SEQUENCE_END(ECDSA_SIG)
 
 DECLARE_ASN1_FUNCTIONS_const(ECDSA_SIG)
diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c
index d2a53730..80d91aff 100644
--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c
+++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,40 +66,39 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ECDSA,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ECDSA,0,reason)
 
-static ERR_STRING_DATA ECDSA_str_functs[]=
-	{
-{ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD),	"ECDSA_DATA_NEW_METHOD"},
-{ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN),	"ECDSA_do_sign"},
-{ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY),	"ECDSA_do_verify"},
-{ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP),	"ECDSA_sign_setup"},
-{0,NULL}
-	};
+static ERR_STRING_DATA ECDSA_str_functs[] = {
+    {ERR_FUNC(ECDSA_F_ECDSA_DATA_NEW_METHOD), "ECDSA_DATA_NEW_METHOD"},
+    {ERR_FUNC(ECDSA_F_ECDSA_DO_SIGN), "ECDSA_do_sign"},
+    {ERR_FUNC(ECDSA_F_ECDSA_DO_VERIFY), "ECDSA_do_verify"},
+    {ERR_FUNC(ECDSA_F_ECDSA_SIGN_SETUP), "ECDSA_sign_setup"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA ECDSA_str_reasons[]=
-	{
-{ERR_REASON(ECDSA_R_BAD_SIGNATURE)       ,"bad signature"},
-{ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(ECDSA_R_ERR_EC_LIB)          ,"err ec lib"},
-{ERR_REASON(ECDSA_R_MISSING_PARAMETERS)  ,"missing parameters"},
-{ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES),"need new setup values"},
-{ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),"random number generation failed"},
-{ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED),"signature malloc failed"},
-{0,NULL}
-	};
+static ERR_STRING_DATA ECDSA_str_reasons[] = {
+    {ERR_REASON(ECDSA_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_REASON(ECDSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
+     "data too large for key size"},
+    {ERR_REASON(ECDSA_R_ERR_EC_LIB), "err ec lib"},
+    {ERR_REASON(ECDSA_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_REASON(ECDSA_R_NEED_NEW_SETUP_VALUES), "need new setup values"},
+    {ERR_REASON(ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED),
+     "random number generation failed"},
+    {ERR_REASON(ECDSA_R_SIGNATURE_MALLOC_FAILED), "signature malloc failed"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_ECDSA_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,ECDSA_str_functs);
-		ERR_load_strings(0,ECDSA_str_reasons);
-		}
+    if (ERR_func_error_string(ECDSA_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, ECDSA_str_functs);
+        ERR_load_strings(0, ECDSA_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c
index 81082c97..dfcb6dbc 100644
--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c
+++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_lib.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,211 +56,204 @@
 #include <string.h>
 #include "ecs_locl.h"
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 #include <openssl/err.h>
 #include <openssl/bn.h>
 
-const char ECDSA_version[]="ECDSA" OPENSSL_VERSION_PTEXT;
+const char ECDSA_version[] = "ECDSA" OPENSSL_VERSION_PTEXT;
 
 static const ECDSA_METHOD *default_ECDSA_method = NULL;
 
 static void *ecdsa_data_new(void);
 static void *ecdsa_data_dup(void *);
-static void  ecdsa_data_free(void *);
+static void ecdsa_data_free(void *);
 
 void ECDSA_set_default_method(const ECDSA_METHOD *meth)
 {
-	default_ECDSA_method = meth;
+    default_ECDSA_method = meth;
 }
 
 const ECDSA_METHOD *ECDSA_get_default_method(void)
 {
-	if(!default_ECDSA_method) 
-		default_ECDSA_method = ECDSA_OpenSSL();
-	return default_ECDSA_method;
+    if (!default_ECDSA_method)
+        default_ECDSA_method = ECDSA_OpenSSL();
+    return default_ECDSA_method;
 }
 
 int ECDSA_set_method(EC_KEY *eckey, const ECDSA_METHOD *meth)
 {
-	ECDSA_DATA *ecdsa;
+    ECDSA_DATA *ecdsa;
 
-	ecdsa = ecdsa_check(eckey);
+    ecdsa = ecdsa_check(eckey);
 
-	if (ecdsa == NULL)
-		return 0;
+    if (ecdsa == NULL)
+        return 0;
 
 #ifndef OPENSSL_NO_ENGINE
-	if (ecdsa->engine)
-	{
-		ENGINE_finish(ecdsa->engine);
-		ecdsa->engine = NULL;
-	}
+    if (ecdsa->engine) {
+        ENGINE_finish(ecdsa->engine);
+        ecdsa->engine = NULL;
+    }
 #endif
-        ecdsa->meth = meth;
+    ecdsa->meth = meth;
 
-        return 1;
+    return 1;
 }
 
 static ECDSA_DATA *ECDSA_DATA_new_method(ENGINE *engine)
 {
-	ECDSA_DATA *ret;
+    ECDSA_DATA *ret;
 
-	ret=(ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA));
-	if (ret == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
-		return(NULL);
-	}
+    ret = (ECDSA_DATA *)OPENSSL_malloc(sizeof(ECDSA_DATA));
+    if (ret == NULL) {
+        ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
 
-	ret->init = NULL;
+    ret->init = NULL;
 
-	ret->meth = ECDSA_get_default_method();
-	ret->engine = engine;
+    ret->meth = ECDSA_get_default_method();
+    ret->engine = engine;
 #ifndef OPENSSL_NO_ENGINE
-	if (!ret->engine)
-		ret->engine = ENGINE_get_default_ECDSA();
-	if (ret->engine)
-	{
-		ret->meth = ENGINE_get_ECDSA(ret->engine);
-		if (!ret->meth)
-		{
-			ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
-			ENGINE_finish(ret->engine);
-			OPENSSL_free(ret);
-			return NULL;
-		}
-	}
+    if (!ret->engine)
+        ret->engine = ENGINE_get_default_ECDSA();
+    if (ret->engine) {
+        ret->meth = ENGINE_get_ECDSA(ret->engine);
+        if (!ret->meth) {
+            ECDSAerr(ECDSA_F_ECDSA_DATA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            ENGINE_finish(ret->engine);
+            OPENSSL_free(ret);
+            return NULL;
+        }
+    }
 #endif
 
-	ret->flags = ret->meth->flags;
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
+    ret->flags = ret->meth->flags;
+    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
 #if 0
-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-	{
-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
-		OPENSSL_free(ret);
-		ret=NULL;
-	}
-#endif	
-	return(ret);
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, ret, &ret->ex_data);
+        OPENSSL_free(ret);
+        ret = NULL;
+    }
+#endif
+    return (ret);
 }
 
 static void *ecdsa_data_new(void)
 {
-	return (void *)ECDSA_DATA_new_method(NULL);
+    return (void *)ECDSA_DATA_new_method(NULL);
 }
 
 static void *ecdsa_data_dup(void *data)
 {
-	ECDSA_DATA *r = (ECDSA_DATA *)data;
+    ECDSA_DATA *r = (ECDSA_DATA *)data;
 
-	/* XXX: dummy operation */
-	if (r == NULL)
-		return NULL;
+    /* XXX: dummy operation */
+    if (r == NULL)
+        return NULL;
 
-	return ecdsa_data_new();
+    return ecdsa_data_new();
 }
 
 static void ecdsa_data_free(void *data)
 {
-	ECDSA_DATA *r = (ECDSA_DATA *)data;
+    ECDSA_DATA *r = (ECDSA_DATA *)data;
 
 #ifndef OPENSSL_NO_ENGINE
-	if (r->engine)
-		ENGINE_finish(r->engine);
+    if (r->engine)
+        ENGINE_finish(r->engine);
 #endif
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ECDSA, r, &r->ex_data);
 
-	OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA));
+    OPENSSL_cleanse((void *)r, sizeof(ECDSA_DATA));
 
-	OPENSSL_free(r);
+    OPENSSL_free(r);
 }
 
 ECDSA_DATA *ecdsa_check(EC_KEY *key)
 {
-	ECDSA_DATA *ecdsa_data;
- 
-	void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup,
-					ecdsa_data_free, ecdsa_data_free);
-	if (data == NULL)
-	{
-		ecdsa_data = (ECDSA_DATA *)ecdsa_data_new();
-		if (ecdsa_data == NULL)
-			return NULL;
-		data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
-			   ecdsa_data_dup, ecdsa_data_free, ecdsa_data_free);
-		if (data != NULL)
-			{
-			/* Another thread raced us to install the key_method
-			 * data and won. */
-			ecdsa_data_free(ecdsa_data);
-			ecdsa_data = (ECDSA_DATA *)data;
-			}
-	}
-	else
-		ecdsa_data = (ECDSA_DATA *)data;
-	
-
-	return ecdsa_data;
+    ECDSA_DATA *ecdsa_data;
+
+    void *data = EC_KEY_get_key_method_data(key, ecdsa_data_dup,
+                                            ecdsa_data_free, ecdsa_data_free);
+    if (data == NULL) {
+        ecdsa_data = (ECDSA_DATA *)ecdsa_data_new();
+        if (ecdsa_data == NULL)
+            return NULL;
+        data = EC_KEY_insert_key_method_data(key, (void *)ecdsa_data,
+                                             ecdsa_data_dup, ecdsa_data_free,
+                                             ecdsa_data_free);
+        if (data != NULL) {
+            /*
+             * Another thread raced us to install the key_method data and
+             * won.
+             */
+            ecdsa_data_free(ecdsa_data);
+            ecdsa_data = (ECDSA_DATA *)data;
+        }
+    } else
+        ecdsa_data = (ECDSA_DATA *)data;
+
+    return ecdsa_data;
 }
 
 int ECDSA_size(const EC_KEY *r)
 {
-	int ret,i;
-	ASN1_INTEGER bs;
-	BIGNUM	*order=NULL;
-	unsigned char buf[4];
-	const EC_GROUP *group;
-
-	if (r == NULL)
-		return 0;
-	group = EC_KEY_get0_group(r);
-	if (group == NULL)
-		return 0;
-
-	if ((order = BN_new()) == NULL) return 0;
-	if (!EC_GROUP_get_order(group,order,NULL))
-	{
-		BN_clear_free(order);
-		return 0;
-	} 
-	i=BN_num_bits(order);
-	bs.length=(i+7)/8;
-	bs.data=buf;
-	bs.type=V_ASN1_INTEGER;
-	/* If the top bit is set the asn1 encoding is 1 larger. */
-	buf[0]=0xff;	
-
-	i=i2d_ASN1_INTEGER(&bs,NULL);
-	i+=i; /* r and s */
-	ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
-	BN_clear_free(order);
-	return(ret);
+    int ret, i;
+    ASN1_INTEGER bs;
+    BIGNUM *order = NULL;
+    unsigned char buf[4];
+    const EC_GROUP *group;
+
+    if (r == NULL)
+        return 0;
+    group = EC_KEY_get0_group(r);
+    if (group == NULL)
+        return 0;
+
+    if ((order = BN_new()) == NULL)
+        return 0;
+    if (!EC_GROUP_get_order(group, order, NULL)) {
+        BN_clear_free(order);
+        return 0;
+    }
+    i = BN_num_bits(order);
+    bs.length = (i + 7) / 8;
+    bs.data = buf;
+    bs.type = V_ASN1_INTEGER;
+    /* If the top bit is set the asn1 encoding is 1 larger. */
+    buf[0] = 0xff;
+
+    i = i2d_ASN1_INTEGER(&bs, NULL);
+    i += i;                     /* r and s */
+    ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE);
+    BN_clear_free(order);
+    return (ret);
 }
 
-
 int ECDSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+                           CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
 {
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp,
-				new_func, dup_func, free_func);
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ECDSA, argl, argp,
+                                   new_func, dup_func, free_func);
 }
 
 int ECDSA_set_ex_data(EC_KEY *d, int idx, void *arg)
 {
-	ECDSA_DATA *ecdsa;
-	ecdsa = ecdsa_check(d);
-	if (ecdsa == NULL)
-		return 0;
-	return(CRYPTO_set_ex_data(&ecdsa->ex_data,idx,arg));
+    ECDSA_DATA *ecdsa;
+    ecdsa = ecdsa_check(d);
+    if (ecdsa == NULL)
+        return 0;
+    return (CRYPTO_set_ex_data(&ecdsa->ex_data, idx, arg));
 }
 
 void *ECDSA_get_ex_data(EC_KEY *d, int idx)
 {
-	ECDSA_DATA *ecdsa;
-	ecdsa = ecdsa_check(d);
-	if (ecdsa == NULL)
-		return NULL;
-	return(CRYPTO_get_ex_data(&ecdsa->ex_data,idx));
+    ECDSA_DATA *ecdsa;
+    ecdsa = ecdsa_check(d);
+    if (ecdsa == NULL)
+        return NULL;
+    return (CRYPTO_get_ex_data(&ecdsa->ex_data, idx));
 }
diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c
index 1bbf328d..8b29b242 100644
--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c
+++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_ossl.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,420 +61,377 @@
 #include <openssl/obj_mac.h>
 #include <openssl/bn.h>
 
-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen, 
-		const BIGNUM *, const BIGNUM *, EC_KEY *eckey);
-static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 
-		BIGNUM **rp);
-static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len, 
-		const ECDSA_SIG *sig, EC_KEY *eckey);
+static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dlen,
+                                const BIGNUM *, const BIGNUM *,
+                                EC_KEY *eckey);
+static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                            BIGNUM **rp);
+static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
+                           const ECDSA_SIG *sig, EC_KEY *eckey);
 
 static ECDSA_METHOD openssl_ecdsa_meth = {
-	"OpenSSL ECDSA method",
-	ecdsa_do_sign,
-	ecdsa_sign_setup,
-	ecdsa_do_verify,
+    "OpenSSL ECDSA method",
+    ecdsa_do_sign,
+    ecdsa_sign_setup,
+    ecdsa_do_verify,
 #if 0
-	NULL, /* init     */
-	NULL, /* finish   */
+    NULL,                       /* init */
+    NULL,                       /* finish */
 #endif
-	0,    /* flags    */
-	NULL  /* app_data */
+    0,                          /* flags */
+    NULL                        /* app_data */
 };
 
 const ECDSA_METHOD *ECDSA_OpenSSL(void)
 {
-	return &openssl_ecdsa_meth;
+    return &openssl_ecdsa_meth;
 }
 
 static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
-		BIGNUM **rp)
+                            BIGNUM **rp)
 {
-	BN_CTX   *ctx = NULL;
-	BIGNUM	 *k = NULL, *r = NULL, *order = NULL, *X = NULL;
-	EC_POINT *tmp_point=NULL;
-	const EC_GROUP *group;
-	int 	 ret = 0;
+    BN_CTX *ctx = NULL;
+    BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL;
+    EC_POINT *tmp_point = NULL;
+    const EC_GROUP *group;
+    int ret = 0;
 
-	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-	}
+    if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL) {
+        ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
 
-	if (ctx_in == NULL) 
-	{
-		if ((ctx = BN_CTX_new()) == NULL)
-		{
-			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-	}
-	else
-		ctx = ctx_in;
+    if (ctx_in == NULL) {
+        if ((ctx = BN_CTX_new()) == NULL) {
+            ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    } else
+        ctx = ctx_in;
 
-	k     = BN_new();	/* this value is later returned in *kinvp */
-	r     = BN_new();	/* this value is later returned in *rp    */
-	order = BN_new();
-	X     = BN_new();
-	if (!k || !r || !order || !X)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	if ((tmp_point = EC_POINT_new(group)) == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
-		goto err;
-	}
-	if (!EC_GROUP_get_order(group, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
-		goto err;
-	}
-	
-	do
-	{
-		/* get random k */	
-		do
-			if (!BN_rand_range(k, order))
-			{
-				ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
-				 ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);	
-				goto err;
-			}
-		while (BN_is_zero(k));
+    k = BN_new();               /* this value is later returned in *kinvp */
+    r = BN_new();               /* this value is later returned in *rp */
+    order = BN_new();
+    X = BN_new();
+    if (!k || !r || !order || !X) {
+        ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if ((tmp_point = EC_POINT_new(group)) == NULL) {
+        ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (!EC_GROUP_get_order(group, order, ctx)) {
+        ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+        goto err;
+    }
 
-		/* We do not want timing information to leak the length of k,
-		 * so we compute G*k using an equivalent scalar of fixed
-		 * bit-length. */
+    do {
+        /* get random k */
+        do
+            if (!BN_rand_range(k, order)) {
+                ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,
+                         ECDSA_R_RANDOM_NUMBER_GENERATION_FAILED);
+                goto err;
+            }
+        while (BN_is_zero(k)) ;
 
-		if (!BN_add(k, k, order)) goto err;
-		if (BN_num_bits(k) <= BN_num_bits(order))
-			if (!BN_add(k, k, order)) goto err;
+        /*
+         * We do not want timing information to leak the length of k, so we
+         * compute G*k using an equivalent scalar of fixed bit-length.
+         */
 
-		/* compute r the x-coordinate of generator * k */
-		if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx))
-		{
-			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
-			goto err;
-		}
-		if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
-		{
-			if (!EC_POINT_get_affine_coordinates_GFp(group,
-				tmp_point, X, NULL, ctx))
-			{
-				ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB);
-				goto err;
-			}
-		}
-		else /* NID_X9_62_characteristic_two_field */
-		{
-			if (!EC_POINT_get_affine_coordinates_GF2m(group,
-				tmp_point, X, NULL, ctx))
-			{
-				ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP,ERR_R_EC_LIB);
-				goto err;
-			}
-		}
-		if (!BN_nnmod(r, X, order, ctx))
-		{
-			ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
-			goto err;
-		}
-	}
-	while (BN_is_zero(r));
+        if (!BN_add(k, k, order))
+            goto err;
+        if (BN_num_bits(k) <= BN_num_bits(order))
+            if (!BN_add(k, k, order))
+                goto err;
 
-	/* compute the inverse of k */
-	if (!BN_mod_inverse(k, k, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
-		goto err;	
-	}
-	/* clear old values if necessary */
-	if (*rp != NULL)
-		BN_clear_free(*rp);
-	if (*kinvp != NULL) 
-		BN_clear_free(*kinvp);
-	/* save the pre-computed values  */
-	*rp    = r;
-	*kinvp = k;
-	ret = 1;
-err:
-	if (!ret)
-	{
-		if (k != NULL) BN_clear_free(k);
-		if (r != NULL) BN_clear_free(r);
-	}
-	if (ctx_in == NULL) 
-		BN_CTX_free(ctx);
-	if (order != NULL)
-		BN_free(order);
-	if (tmp_point != NULL) 
-		EC_POINT_free(tmp_point);
-	if (X)
-		BN_clear_free(X);
-	return(ret);
-}
+        /* compute r the x-coordinate of generator * k */
+        if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+            goto err;
+        }
+        if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+            NID_X9_62_prime_field) {
+            if (!EC_POINT_get_affine_coordinates_GFp
+                (group, tmp_point, X, NULL, ctx)) {
+                ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+                goto err;
+            }
+        } else {                /* NID_X9_62_characteristic_two_field */
 
+            if (!EC_POINT_get_affine_coordinates_GF2m(group,
+                                                      tmp_point, X, NULL,
+                                                      ctx)) {
+                ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
+                goto err;
+            }
+        }
+        if (!BN_nnmod(r, X, order, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+            goto err;
+        }
+    }
+    while (BN_is_zero(r));
+
+    /* compute the inverse of k */
+    if (!BN_mod_inverse(k, k, order, ctx)) {
+        ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* clear old values if necessary */
+    if (*rp != NULL)
+        BN_clear_free(*rp);
+    if (*kinvp != NULL)
+        BN_clear_free(*kinvp);
+    /* save the pre-computed values  */
+    *rp = r;
+    *kinvp = k;
+    ret = 1;
+ err:
+    if (!ret) {
+        if (k != NULL)
+            BN_clear_free(k);
+        if (r != NULL)
+            BN_clear_free(r);
+    }
+    if (ctx_in == NULL)
+        BN_CTX_free(ctx);
+    if (order != NULL)
+        BN_free(order);
+    if (tmp_point != NULL)
+        EC_POINT_free(tmp_point);
+    if (X)
+        BN_clear_free(X);
+    return (ret);
+}
 
-static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len, 
-		const BIGNUM *in_kinv, const BIGNUM *in_r, EC_KEY *eckey)
+static ECDSA_SIG *ecdsa_do_sign(const unsigned char *dgst, int dgst_len,
+                                const BIGNUM *in_kinv, const BIGNUM *in_r,
+                                EC_KEY *eckey)
 {
-	int     ok = 0, i;
-	BIGNUM *kinv=NULL, *s, *m=NULL,*tmp=NULL,*order=NULL;
-	const BIGNUM *ckinv;
-	BN_CTX     *ctx = NULL;
-	const EC_GROUP   *group;
-	ECDSA_SIG  *ret;
-	ECDSA_DATA *ecdsa;
-	const BIGNUM *priv_key;
+    int ok = 0, i;
+    BIGNUM *kinv = NULL, *s, *m = NULL, *tmp = NULL, *order = NULL;
+    const BIGNUM *ckinv;
+    BN_CTX *ctx = NULL;
+    const EC_GROUP *group;
+    ECDSA_SIG *ret;
+    ECDSA_DATA *ecdsa;
+    const BIGNUM *priv_key;
 
-	ecdsa    = ecdsa_check(eckey);
-	group    = EC_KEY_get0_group(eckey);
-	priv_key = EC_KEY_get0_private_key(eckey);
-	
-	if (group == NULL || priv_key == NULL || ecdsa == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-	}
+    ecdsa = ecdsa_check(eckey);
+    group = EC_KEY_get0_group(eckey);
+    priv_key = EC_KEY_get0_private_key(eckey);
 
-	ret = ECDSA_SIG_new();
-	if (!ret)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	s = ret->s;
+    if (group == NULL || priv_key == NULL || ecdsa == NULL) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
 
-	if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
-		(tmp = BN_new()) == NULL || (m = BN_new()) == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
+    ret = ECDSA_SIG_new();
+    if (!ret) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    s = ret->s;
 
-	if (!EC_GROUP_get_order(group, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
-		goto err;
-	}
-	i = BN_num_bits(order);
-	/* Need to truncate digest if it is too long: first truncate whole
-	 * bytes.
-	 */
-	if (8 * dgst_len > i)
-		dgst_len = (i + 7)/8;
-	if (!BN_bin2bn(dgst, dgst_len, m))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-		goto err;
-	}
-	/* If still too long truncate remaining bits with a shift */
-	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-		goto err;
-	}
-	do
-	{
-		if (in_kinv == NULL || in_r == NULL)
-		{
-			if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r))
-			{
-				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,ERR_R_ECDSA_LIB);
-				goto err;
-			}
-			ckinv = kinv;
-		}
-		else
-		{
-			ckinv  = in_kinv;
-			if (BN_copy(ret->r, in_r) == NULL)
-			{
-				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
-				goto err;
-			}
-		}
+    if ((ctx = BN_CTX_new()) == NULL || (order = BN_new()) == NULL ||
+        (tmp = BN_new()) == NULL || (m = BN_new()) == NULL) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
-		if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx))
-		{
-			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-			goto err;
-		}
-		if (!BN_mod_add_quick(s, tmp, m, order))
-		{
-			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-			goto err;
-		}
-		if (!BN_mod_mul(s, s, ckinv, order, ctx))
-		{
-			ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
-			goto err;
-		}
-		if (BN_is_zero(s))
-		{
-			/* if kinv and r have been supplied by the caller
-			 * don't to generate new kinv and r values */
-			if (in_kinv != NULL && in_r != NULL)
-			{
-				ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ECDSA_R_NEED_NEW_SETUP_VALUES);
-				goto err;
-			}
-		}
-		else
-			/* s != 0 => we have a valid signature */
-			break;
-	}
-	while (1);
+    if (!EC_GROUP_get_order(group, order, ctx)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_EC_LIB);
+        goto err;
+    }
+    i = BN_num_bits(order);
+    /*
+     * Need to truncate digest if it is too long: first truncate whole bytes.
+     */
+    if (8 * dgst_len > i)
+        dgst_len = (i + 7) / 8;
+    if (!BN_bin2bn(dgst, dgst_len, m)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* If still too long truncate remaining bits with a shift */
+    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+        goto err;
+    }
+    do {
+        if (in_kinv == NULL || in_r == NULL) {
+            if (!ECDSA_sign_setup(eckey, ctx, &kinv, &ret->r)) {
+                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_ECDSA_LIB);
+                goto err;
+            }
+            ckinv = kinv;
+        } else {
+            ckinv = in_kinv;
+            if (BN_copy(ret->r, in_r) == NULL) {
+                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
 
-	ok = 1;
-err:
-	if (!ok)
-	{
-		ECDSA_SIG_free(ret);
-		ret = NULL;
-	}
-	if (ctx)
-		BN_CTX_free(ctx);
-	if (m)
-		BN_clear_free(m);
-	if (tmp)
-		BN_clear_free(tmp);
-	if (order)
-		BN_free(order);
-	if (kinv)
-		BN_clear_free(kinv);
-	return ret;
+        if (!BN_mod_mul(tmp, priv_key, ret->r, order, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!BN_mod_add_quick(s, tmp, m, order)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (!BN_mod_mul(s, s, ckinv, order, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_SIGN, ERR_R_BN_LIB);
+            goto err;
+        }
+        if (BN_is_zero(s)) {
+            /*
+             * if kinv and r have been supplied by the caller don't to
+             * generate new kinv and r values
+             */
+            if (in_kinv != NULL && in_r != NULL) {
+                ECDSAerr(ECDSA_F_ECDSA_DO_SIGN,
+                         ECDSA_R_NEED_NEW_SETUP_VALUES);
+                goto err;
+            }
+        } else
+            /* s != 0 => we have a valid signature */
+            break;
+    }
+    while (1);
+
+    ok = 1;
+ err:
+    if (!ok) {
+        ECDSA_SIG_free(ret);
+        ret = NULL;
+    }
+    if (ctx)
+        BN_CTX_free(ctx);
+    if (m)
+        BN_clear_free(m);
+    if (tmp)
+        BN_clear_free(tmp);
+    if (order)
+        BN_free(order);
+    if (kinv)
+        BN_clear_free(kinv);
+    return ret;
 }
 
 static int ecdsa_do_verify(const unsigned char *dgst, int dgst_len,
-		const ECDSA_SIG *sig, EC_KEY *eckey)
+                           const ECDSA_SIG *sig, EC_KEY *eckey)
 {
-	int ret = -1, i;
-	BN_CTX   *ctx;
-	BIGNUM   *order, *u1, *u2, *m, *X;
-	EC_POINT *point = NULL;
-	const EC_GROUP *group;
-	const EC_POINT *pub_key;
+    int ret = -1, i;
+    BN_CTX *ctx;
+    BIGNUM *order, *u1, *u2, *m, *X;
+    EC_POINT *point = NULL;
+    const EC_GROUP *group;
+    const EC_POINT *pub_key;
+
+    /* check input values */
+    if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
+        (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
+        return -1;
+    }
+
+    ctx = BN_CTX_new();
+    if (!ctx) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    BN_CTX_start(ctx);
+    order = BN_CTX_get(ctx);
+    u1 = BN_CTX_get(ctx);
+    u2 = BN_CTX_get(ctx);
+    m = BN_CTX_get(ctx);
+    X = BN_CTX_get(ctx);
+    if (!X) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+        goto err;
+    }
+
+    if (!EC_GROUP_get_order(group, order, ctx)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+        goto err;
+    }
 
-	/* check input values */
-	if (eckey == NULL || (group = EC_KEY_get0_group(eckey)) == NULL ||
-	    (pub_key = EC_KEY_get0_public_key(eckey)) == NULL || sig == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_MISSING_PARAMETERS);
-		return -1;
-	}
+    if (BN_is_zero(sig->r) || BN_is_negative(sig->r) ||
+        BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s) ||
+        BN_is_negative(sig->s) || BN_ucmp(sig->s, order) >= 0) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
+        ret = 0;                /* signature is invalid */
+        goto err;
+    }
+    /* calculate tmp1 = inv(S) mod order */
+    if (!BN_mod_inverse(u2, sig->s, order, ctx)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* digest -> m */
+    i = BN_num_bits(order);
+    /*
+     * Need to truncate digest if it is too long: first truncate whole bytes.
+     */
+    if (8 * dgst_len > i)
+        dgst_len = (i + 7) / 8;
+    if (!BN_bin2bn(dgst, dgst_len, m)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* If still too long truncate remaining bits with a shift */
+    if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7))) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* u1 = m * tmp mod order */
+    if (!BN_mod_mul(u1, m, u2, order, ctx)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+        goto err;
+    }
+    /* u2 = r * w mod q */
+    if (!BN_mod_mul(u2, sig->r, u2, order, ctx)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+        goto err;
+    }
 
-	ctx = BN_CTX_new();
-	if (!ctx)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-		return -1;
-	}
-	BN_CTX_start(ctx);
-	order = BN_CTX_get(ctx);	
-	u1    = BN_CTX_get(ctx);
-	u2    = BN_CTX_get(ctx);
-	m     = BN_CTX_get(ctx);
-	X     = BN_CTX_get(ctx);
-	if (!X)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-		goto err;
-	}
-	
-	if (!EC_GROUP_get_order(group, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-		goto err;
-	}
+    if ((point = EC_POINT_new(group)) == NULL) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+        goto err;
+    }
+    if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) ==
+        NID_X9_62_prime_field) {
+        if (!EC_POINT_get_affine_coordinates_GFp(group, point, X, NULL, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+            goto err;
+        }
+    } else {                    /* NID_X9_62_characteristic_two_field */
 
-	if (BN_is_zero(sig->r)          || BN_is_negative(sig->r) || 
-	    BN_ucmp(sig->r, order) >= 0 || BN_is_zero(sig->s)  ||
-	    BN_is_negative(sig->s)      || BN_ucmp(sig->s, order) >= 0)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ECDSA_R_BAD_SIGNATURE);
-		ret = 0;	/* signature is invalid */
-		goto err;
-	}
-	/* calculate tmp1 = inv(S) mod order */
-	if (!BN_mod_inverse(u2, sig->s, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-		goto err;
-	}
-	/* digest -> m */
-	i = BN_num_bits(order);
-	/* Need to truncate digest if it is too long: first truncate whole
-	 * bytes.
-	 */
-	if (8 * dgst_len > i)
-		dgst_len = (i + 7)/8;
-	if (!BN_bin2bn(dgst, dgst_len, m))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-		goto err;
-	}
-	/* If still too long truncate remaining bits with a shift */
-	if ((8 * dgst_len > i) && !BN_rshift(m, m, 8 - (i & 0x7)))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-		goto err;
-	}
-	/* u1 = m * tmp mod order */
-	if (!BN_mod_mul(u1, m, u2, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-		goto err;
-	}
-	/* u2 = r * w mod q */
-	if (!BN_mod_mul(u2, sig->r, u2, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-		goto err;
-	}
+        if (!EC_POINT_get_affine_coordinates_GF2m(group, point, X, NULL, ctx)) {
+            ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
+            goto err;
+        }
+    }
 
-	if ((point = EC_POINT_new(group)) == NULL)
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	if (!EC_POINT_mul(group, point, u1, pub_key, u2, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-		goto err;
-	}
-	if (EC_METHOD_get_field_type(EC_GROUP_method_of(group)) == NID_X9_62_prime_field)
-	{
-		if (!EC_POINT_get_affine_coordinates_GFp(group,
-			point, X, NULL, ctx))
-		{
-			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-			goto err;
-		}
-	}
-	else /* NID_X9_62_characteristic_two_field */
-	{
-		if (!EC_POINT_get_affine_coordinates_GF2m(group,
-			point, X, NULL, ctx))
-		{
-			ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_EC_LIB);
-			goto err;
-		}
-	}
-	
-	if (!BN_nnmod(u1, X, order, ctx))
-	{
-		ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
-		goto err;
-	}
-	/*  if the signature is correct u1 is equal to sig->r */
-	ret = (BN_ucmp(u1, sig->r) == 0);
-err:
-	BN_CTX_end(ctx);
-	BN_CTX_free(ctx);
-	if (point)
-		EC_POINT_free(point);
-	return ret;
+    if (!BN_nnmod(u1, X, order, ctx)) {
+        ECDSAerr(ECDSA_F_ECDSA_DO_VERIFY, ERR_R_BN_LIB);
+        goto err;
+    }
+    /*  if the signature is correct u1 is equal to sig->r */
+    ret = (BN_ucmp(u1, sig->r) == 0);
+ err:
+    BN_CTX_end(ctx);
+    BN_CTX_free(ctx);
+    if (point)
+        EC_POINT_free(point);
+    return ret;
 }
diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c
index 353d5af5..28652d45 100644
--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c
+++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_sign.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -55,52 +55,52 @@
 
 #include "ecs_locl.h"
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 #include <openssl/rand.h>
 
 ECDSA_SIG *ECDSA_do_sign(const unsigned char *dgst, int dlen, EC_KEY *eckey)
 {
-	return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey);
+    return ECDSA_do_sign_ex(dgst, dlen, NULL, NULL, eckey);
 }
 
 ECDSA_SIG *ECDSA_do_sign_ex(const unsigned char *dgst, int dlen,
-	const BIGNUM *kinv, const BIGNUM *rp, EC_KEY *eckey)
+                            const BIGNUM *kinv, const BIGNUM *rp,
+                            EC_KEY *eckey)
 {
-	ECDSA_DATA *ecdsa = ecdsa_check(eckey);
-	if (ecdsa == NULL)
-		return NULL;
-	return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey);
+    ECDSA_DATA *ecdsa = ecdsa_check(eckey);
+    if (ecdsa == NULL)
+        return NULL;
+    return ecdsa->meth->ecdsa_do_sign(dgst, dlen, kinv, rp, eckey);
 }
 
-int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char 
-		*sig, unsigned int *siglen, EC_KEY *eckey)
+int ECDSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char
+               *sig, unsigned int *siglen, EC_KEY *eckey)
 {
-	return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey);
+    return ECDSA_sign_ex(type, dgst, dlen, sig, siglen, NULL, NULL, eckey);
 }
 
-int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char 
-	*sig, unsigned int *siglen, const BIGNUM *kinv, const BIGNUM *r, 
-	EC_KEY *eckey)
+int ECDSA_sign_ex(int type, const unsigned char *dgst, int dlen, unsigned char
+                  *sig, unsigned int *siglen, const BIGNUM *kinv,
+                  const BIGNUM *r, EC_KEY *eckey)
 {
-	ECDSA_SIG *s;
-	RAND_seed(dgst, dlen);
-	s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
-	if (s == NULL)
-	{
-		*siglen=0;
-		return 0;
-	}
-	*siglen = i2d_ECDSA_SIG(s, &sig);
-	ECDSA_SIG_free(s);
-	return 1;
+    ECDSA_SIG *s;
+    RAND_seed(dgst, dlen);
+    s = ECDSA_do_sign_ex(dgst, dlen, kinv, r, eckey);
+    if (s == NULL) {
+        *siglen = 0;
+        return 0;
+    }
+    *siglen = i2d_ECDSA_SIG(s, &sig);
+    ECDSA_SIG_free(s);
+    return 1;
 }
 
-int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, 
-		BIGNUM **rp)
+int ECDSA_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp,
+                     BIGNUM **rp)
 {
-	ECDSA_DATA *ecdsa = ecdsa_check(eckey);
-	if (ecdsa == NULL)
-		return 0;
-	return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp); 
+    ECDSA_DATA *ecdsa = ecdsa_check(eckey);
+    if (ecdsa == NULL)
+        return 0;
+    return ecdsa->meth->ecdsa_sign_setup(eckey, ctx_in, kinvp, rp);
 }
diff --git a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c
index ef9acf7b..e909aeb4 100644
--- a/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c
+++ b/Cryptlib/OpenSSL/crypto/ecdsa/ecs_vrf.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -57,40 +57,56 @@
  */
 
 #include "ecs_locl.h"
+#include <string.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 
-/* returns
+/*-
+ * returns
  *      1: correct signature
  *      0: incorrect signature
  *     -1: error
  */
-int ECDSA_do_verify(const unsigned char *dgst, int dgst_len, 
-		const ECDSA_SIG *sig, EC_KEY *eckey)
-	{
-	ECDSA_DATA *ecdsa = ecdsa_check(eckey);
-	if (ecdsa == NULL)
-		return 0;
-	return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
-	}
+int ECDSA_do_verify(const unsigned char *dgst, int dgst_len,
+                    const ECDSA_SIG *sig, EC_KEY *eckey)
+{
+    ECDSA_DATA *ecdsa = ecdsa_check(eckey);
+    if (ecdsa == NULL)
+        return 0;
+    return ecdsa->meth->ecdsa_do_verify(dgst, dgst_len, sig, eckey);
+}
 
-/* returns
+/*-
+ * returns
  *      1: correct signature
  *      0: incorrect signature
  *     -1: error
  */
 int ECDSA_verify(int type, const unsigned char *dgst, int dgst_len,
-		const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
- 	{
-	ECDSA_SIG *s;
-	int ret=-1;
+                 const unsigned char *sigbuf, int sig_len, EC_KEY *eckey)
+{
+    ECDSA_SIG *s;
+    const unsigned char *p = sigbuf;
+    unsigned char *der = NULL;
+    int derlen = -1;
+    int ret = -1;
 
-	s = ECDSA_SIG_new();
-	if (s == NULL) return(ret);
-	if (d2i_ECDSA_SIG(&s, &sigbuf, sig_len) == NULL) goto err;
-	ret=ECDSA_do_verify(dgst, dgst_len, s, eckey);
-err:
-	ECDSA_SIG_free(s);
-	return(ret);
-	}
+    s = ECDSA_SIG_new();
+    if (s == NULL)
+        return (ret);
+    if (d2i_ECDSA_SIG(&s, &p, sig_len) == NULL)
+        goto err;
+    /* Ensure signature uses DER and doesn't have trailing garbage */
+    derlen = i2d_ECDSA_SIG(s, &der);
+    if (derlen != sig_len || memcmp(sigbuf, der, derlen))
+        goto err;
+    ret = ECDSA_do_verify(dgst, dgst_len, s, eckey);
+ err:
+    if (derlen > 0) {
+        OPENSSL_cleanse(der, derlen);
+        OPENSSL_free(der);
+    }
+    ECDSA_SIG_free(s);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_all.c b/Cryptlib/OpenSSL/crypto/engine/eng_all.c
index 8a1b9c7c..0683df8c 100644
--- a/Cryptlib/OpenSSL/crypto/engine/eng_all.c
+++ b/Cryptlib/OpenSSL/crypto/engine/eng_all.c
@@ -1,6 +1,7 @@
 /* crypto/engine/eng_all.c -*- mode: C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
- * project 2000.
+/*
+ * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,66 +61,69 @@
 #include "eng_int.h"
 
 void ENGINE_load_builtin_engines(void)
-	{
-	/* There's no longer any need for an "openssl" ENGINE unless, one day,
-	 * it is the *only* way for standard builtin implementations to be be
-	 * accessed (ie. it would be possible to statically link binaries with
-	 * *no* builtin implementations). */
+{
+    /*
+     * There's no longer any need for an "openssl" ENGINE unless, one day, it
+     * is the *only* way for standard builtin implementations to be be
+     * accessed (ie. it would be possible to statically link binaries with
+     * *no* builtin implementations).
+     */
 #if 0
-	ENGINE_load_openssl();
+    ENGINE_load_openssl();
 #endif
 #if !defined(OPENSSL_NO_HW) && !defined(OPENSSL_NO_HW_PADLOCK)
-	ENGINE_load_padlock();
+    ENGINE_load_padlock();
 #endif
-	ENGINE_load_dynamic();
+    ENGINE_load_dynamic();
 #ifndef OPENSSL_NO_STATIC_ENGINE
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_4758_CCA
-	ENGINE_load_4758cca();
-#endif
-#ifndef OPENSSL_NO_HW_AEP
-	ENGINE_load_aep();
-#endif
-#ifndef OPENSSL_NO_HW_ATALLA
-	ENGINE_load_atalla();
-#endif
-#ifndef OPENSSL_NO_HW_CSWIFT
-	ENGINE_load_cswift();
-#endif
-#ifndef OPENSSL_NO_HW_NCIPHER
-	ENGINE_load_chil();
-#endif
-#ifndef OPENSSL_NO_HW_NURON
-	ENGINE_load_nuron();
-#endif
-#ifndef OPENSSL_NO_HW_SUREWARE
-	ENGINE_load_sureware();
-#endif
-#ifndef OPENSSL_NO_HW_UBSEC
-	ENGINE_load_ubsec();
-#endif
-#endif
-#if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP)
-	ENGINE_load_gmp();
-#endif
-#if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
-	ENGINE_load_capi();
-#endif
+# ifndef OPENSSL_NO_HW
+#  ifndef OPENSSL_NO_HW_4758_CCA
+    ENGINE_load_4758cca();
+#  endif
+#  ifndef OPENSSL_NO_HW_AEP
+    ENGINE_load_aep();
+#  endif
+#  ifndef OPENSSL_NO_HW_ATALLA
+    ENGINE_load_atalla();
+#  endif
+#  ifndef OPENSSL_NO_HW_CSWIFT
+    ENGINE_load_cswift();
+#  endif
+#  ifndef OPENSSL_NO_HW_NCIPHER
+    ENGINE_load_chil();
+#  endif
+#  ifndef OPENSSL_NO_HW_NURON
+    ENGINE_load_nuron();
+#  endif
+#  ifndef OPENSSL_NO_HW_SUREWARE
+    ENGINE_load_sureware();
+#  endif
+#  ifndef OPENSSL_NO_HW_UBSEC
+    ENGINE_load_ubsec();
+#  endif
+# endif
+# if !defined(OPENSSL_NO_GMP) && !defined(OPENSSL_NO_HW_GMP)
+    ENGINE_load_gmp();
+# endif
+# if defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_NO_CAPIENG)
+    ENGINE_load_capi();
+# endif
 #endif
 #ifndef OPENSSL_NO_HW
-#if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
-	ENGINE_load_cryptodev();
-#endif
+# if defined(__OpenBSD__) || defined(__FreeBSD__) || defined(HAVE_CRYPTODEV)
+    ENGINE_load_cryptodev();
+# endif
 #endif
-	}
+}
 
 #if defined(__OpenBSD__) || defined(__FreeBSD__)
-void ENGINE_setup_bsd_cryptodev(void) {
-	static int bsd_cryptodev_default_loaded = 0;
-	if (!bsd_cryptodev_default_loaded) {
-		ENGINE_load_cryptodev();
-		ENGINE_register_all_complete();
-	}
-	bsd_cryptodev_default_loaded=1;
+void ENGINE_setup_bsd_cryptodev(void)
+{
+    static int bsd_cryptodev_default_loaded = 0;
+    if (!bsd_cryptodev_default_loaded) {
+        ENGINE_load_cryptodev();
+        ENGINE_register_all_complete();
+    }
+    bsd_cryptodev_default_loaded = 1;
 }
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c b/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c
index 95c40700..f09bec4e 100644
--- a/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c
+++ b/Cryptlib/OpenSSL/crypto/engine/eng_cnf.c
@@ -1,6 +1,7 @@
 /* eng_cnf.c */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,196 +65,178 @@
 /* ENGINE config module */
 
 static char *skip_dot(char *name)
-	{
-	char *p;
-	p = strchr(name, '.');
-	if (p)
-		return p + 1;
-	return name;
-	}
+{
+    char *p;
+    p = strchr(name, '.');
+    if (p)
+        return p + 1;
+    return name;
+}
 
 static STACK_OF(ENGINE) *initialized_engines = NULL;
 
 static int int_engine_init(ENGINE *e)
-	{
-	if (!ENGINE_init(e))
-		return 0;
-	if (!initialized_engines)
-		initialized_engines = sk_ENGINE_new_null();
-	if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e))
-		{
-		ENGINE_finish(e);
-		return 0;
-		}
-	return 1;
-	}
-	
+{
+    if (!ENGINE_init(e))
+        return 0;
+    if (!initialized_engines)
+        initialized_engines = sk_ENGINE_new_null();
+    if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) {
+        ENGINE_finish(e);
+        return 0;
+    }
+    return 1;
+}
 
 static int int_engine_configure(char *name, char *value, const CONF *cnf)
-	{
-	int i;
-	int ret = 0;
-	long do_init = -1;
-	STACK_OF(CONF_VALUE) *ecmds;
-	CONF_VALUE *ecmd = NULL;
-	char *ctrlname, *ctrlvalue;
-	ENGINE *e = NULL;
-	int soft = 0;
-
-	name = skip_dot(name);
+{
+    int i;
+    int ret = 0;
+    long do_init = -1;
+    STACK_OF(CONF_VALUE) *ecmds;
+    CONF_VALUE *ecmd = NULL;
+    char *ctrlname, *ctrlvalue;
+    ENGINE *e = NULL;
+    int soft = 0;
+
+    name = skip_dot(name);
 #ifdef ENGINE_CONF_DEBUG
-	fprintf(stderr, "Configuring engine %s\n", name);
+    fprintf(stderr, "Configuring engine %s\n", name);
 #endif
-	/* Value is a section containing ENGINE commands */
-	ecmds = NCONF_get_section(cnf, value);
-
-	if (!ecmds)
-		{
-		ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_SECTION_ERROR);
-		return 0;
-		}
-
-	for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++)
-		{
-		ecmd = sk_CONF_VALUE_value(ecmds, i);
-		ctrlname = skip_dot(ecmd->name);
-		ctrlvalue = ecmd->value;
+    /* Value is a section containing ENGINE commands */
+    ecmds = NCONF_get_section(cnf, value);
+
+    if (!ecmds) {
+        ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+                  ENGINE_R_ENGINE_SECTION_ERROR);
+        return 0;
+    }
+
+    for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
+        ecmd = sk_CONF_VALUE_value(ecmds, i);
+        ctrlname = skip_dot(ecmd->name);
+        ctrlvalue = ecmd->value;
 #ifdef ENGINE_CONF_DEBUG
-	fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname, ctrlvalue);
+        fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n", ctrlname,
+                ctrlvalue);
 #endif
 
-		/* First handle some special pseudo ctrls */
-
-		/* Override engine name to use */
-		if (!strcmp(ctrlname, "engine_id"))
-			name = ctrlvalue;
-		else if (!strcmp(ctrlname, "soft_load"))
-			soft = 1;
-		/* Load a dynamic ENGINE */
-		else if (!strcmp(ctrlname, "dynamic_path"))
-			{
-			e = ENGINE_by_id("dynamic");
-			if (!e)
-				goto err;
-			if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
-				goto err;
-			if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
-				goto err;
-			if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
-				goto err;
-			}
-		/* ... add other pseudos here ... */
-		else
-			{
-			/* At this point we need an ENGINE structural reference
-			 * if we don't already have one.
-			 */
-			if (!e)
-				{
-				e = ENGINE_by_id(name);
-				if (!e && soft)
-					{
-					ERR_clear_error();
-					return 1;
-					}
-				if (!e)
-					goto err;
-				}
-			/* Allow "EMPTY" to mean no value: this allows a valid
-			 * "value" to be passed to ctrls of type NO_INPUT
-		 	 */
-			if (!strcmp(ctrlvalue, "EMPTY"))
-				ctrlvalue = NULL;
-			if (!strcmp(ctrlname, "init"))
-				{
-				if (!NCONF_get_number_e(cnf, value, "init", &do_init))
-					goto err;
-				if (do_init == 1)
-					{
-					if (!int_engine_init(e))
-						goto err;
-					}
-				else if (do_init != 0)
-					{
-					ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_INVALID_INIT_VALUE);
-					goto err;
-					}
-				}
-			else if (!strcmp(ctrlname, "default_algorithms"))
-				{
-				if (!ENGINE_set_default_string(e, ctrlvalue))
-					goto err;
-				}
-			else if (!ENGINE_ctrl_cmd_string(e,
-					ctrlname, ctrlvalue, 0))
-				goto err;
-			}
-
-
-
-		}
-	if (e && (do_init == -1) && !int_engine_init(e))
-		{
-		ecmd = NULL;
-		goto err;
-		}
-	ret = 1;
-	err:
-	if (ret != 1)
-		{
-		ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE, ENGINE_R_ENGINE_CONFIGURATION_ERROR);
-		if (ecmd)
-			ERR_add_error_data(6, "section=", ecmd->section, 
-						", name=", ecmd->name,
-						", value=", ecmd->value);
-		}
-	if (e)
-		ENGINE_free(e);
-	return ret;
-	}
-
+        /* First handle some special pseudo ctrls */
+
+        /* Override engine name to use */
+        if (!strcmp(ctrlname, "engine_id"))
+            name = ctrlvalue;
+        else if (!strcmp(ctrlname, "soft_load"))
+            soft = 1;
+        /* Load a dynamic ENGINE */
+        else if (!strcmp(ctrlname, "dynamic_path")) {
+            e = ENGINE_by_id("dynamic");
+            if (!e)
+                goto err;
+            if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
+                goto err;
+            if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
+                goto err;
+            if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
+                goto err;
+        }
+        /* ... add other pseudos here ... */
+        else {
+            /*
+             * At this point we need an ENGINE structural reference if we
+             * don't already have one.
+             */
+            if (!e) {
+                e = ENGINE_by_id(name);
+                if (!e && soft) {
+                    ERR_clear_error();
+                    return 1;
+                }
+                if (!e)
+                    goto err;
+            }
+            /*
+             * Allow "EMPTY" to mean no value: this allows a valid "value" to
+             * be passed to ctrls of type NO_INPUT
+             */
+            if (!strcmp(ctrlvalue, "EMPTY"))
+                ctrlvalue = NULL;
+            if (!strcmp(ctrlname, "init")) {
+                if (!NCONF_get_number_e(cnf, value, "init", &do_init))
+                    goto err;
+                if (do_init == 1) {
+                    if (!int_engine_init(e))
+                        goto err;
+                } else if (do_init != 0) {
+                    ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+                              ENGINE_R_INVALID_INIT_VALUE);
+                    goto err;
+                }
+            } else if (!strcmp(ctrlname, "default_algorithms")) {
+                if (!ENGINE_set_default_string(e, ctrlvalue))
+                    goto err;
+            } else if (!ENGINE_ctrl_cmd_string(e, ctrlname, ctrlvalue, 0))
+                goto err;
+        }
+
+    }
+    if (e && (do_init == -1) && !int_engine_init(e)) {
+        ecmd = NULL;
+        goto err;
+    }
+    ret = 1;
+ err:
+    if (ret != 1) {
+        ENGINEerr(ENGINE_F_INT_ENGINE_CONFIGURE,
+                  ENGINE_R_ENGINE_CONFIGURATION_ERROR);
+        if (ecmd)
+            ERR_add_error_data(6, "section=", ecmd->section,
+                               ", name=", ecmd->name,
+                               ", value=", ecmd->value);
+    }
+    if (e)
+        ENGINE_free(e);
+    return ret;
+}
 
 static int int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
-	{
-	STACK_OF(CONF_VALUE) *elist;
-	CONF_VALUE *cval;
-	int i;
+{
+    STACK_OF(CONF_VALUE) *elist;
+    CONF_VALUE *cval;
+    int i;
 #ifdef ENGINE_CONF_DEBUG
-	fprintf(stderr, "Called engine module: name %s, value %s\n",
-			CONF_imodule_get_name(md), CONF_imodule_get_value(md));
+    fprintf(stderr, "Called engine module: name %s, value %s\n",
+            CONF_imodule_get_name(md), CONF_imodule_get_value(md));
 #endif
-	/* Value is a section containing ENGINEs to configure */
-	elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
+    /* Value is a section containing ENGINEs to configure */
+    elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
 
-	if (!elist)
-		{
-		ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT, ENGINE_R_ENGINES_SECTION_ERROR);
-		return 0;
-		}
+    if (!elist) {
+        ENGINEerr(ENGINE_F_INT_ENGINE_MODULE_INIT,
+                  ENGINE_R_ENGINES_SECTION_ERROR);
+        return 0;
+    }
 
-	for (i = 0; i < sk_CONF_VALUE_num(elist); i++)
-		{
-		cval = sk_CONF_VALUE_value(elist, i);
-		if (!int_engine_configure(cval->name, cval->value, cnf))
-			return 0;
-		}
+    for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
+        cval = sk_CONF_VALUE_value(elist, i);
+        if (!int_engine_configure(cval->name, cval->value, cnf))
+            return 0;
+    }
 
-	return 1;
-	}
+    return 1;
+}
 
 static void int_engine_module_finish(CONF_IMODULE *md)
-	{
-	ENGINE *e;
-	while ((e = sk_ENGINE_pop(initialized_engines)))
-		ENGINE_finish(e);
-	sk_ENGINE_free(initialized_engines);
-	initialized_engines = NULL;
-	}
-	
+{
+    ENGINE *e;
+    while ((e = sk_ENGINE_pop(initialized_engines)))
+        ENGINE_finish(e);
+    sk_ENGINE_free(initialized_engines);
+    initialized_engines = NULL;
+}
 
 void ENGINE_add_conf_module(void)
-	{
-	CONF_module_add("engines",
-			int_engine_module_init,
-			int_engine_module_finish);
-	}
+{
+    CONF_module_add("engines",
+                    int_engine_module_init, int_engine_module_finish);
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c b/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c
index eef1e2d8..c94674e7 100644
--- a/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c
+++ b/Cryptlib/OpenSSL/crypto/engine/eng_cryptodev.c
@@ -36,8 +36,8 @@
 #include <openssl/err.h>
 
 #if (defined(__unix__) || defined(unix)) && !defined(USG) && \
-	(defined(OpenBSD) || defined(__FreeBSD__))
-#include <sys/param.h>
+        (defined(OpenBSD) || defined(__FreeBSD__))
+# include <sys/param.h>
 # if (OpenBSD >= 200112) || ((__FreeBSD_version >= 470101 && __FreeBSD_version < 500000) || __FreeBSD_version >= 500041)
 #  define HAVE_CRYPTODEV
 # endif
@@ -48,30 +48,29 @@
 
 #ifndef HAVE_CRYPTODEV
 
-void
-ENGINE_load_cryptodev(void)
+void ENGINE_load_cryptodev(void)
 {
-	/* This is a NOP on platforms without /dev/crypto */
-	return;
+    /* This is a NOP on platforms without /dev/crypto */
+    return;
 }
 
-#else 
- 
-#include <sys/types.h>
-#include <crypto/cryptodev.h>
-#include <sys/ioctl.h>
-#include <errno.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <stdarg.h>
-#include <syslog.h>
-#include <errno.h>
-#include <string.h>
+#else
+
+# include <sys/types.h>
+# include <crypto/cryptodev.h>
+# include <sys/ioctl.h>
+# include <errno.h>
+# include <stdio.h>
+# include <unistd.h>
+# include <fcntl.h>
+# include <stdarg.h>
+# include <syslog.h>
+# include <errno.h>
+# include <string.h>
 
 struct dev_crypto_state {
-	struct session_op d_sess;
-	int d_fd;
+    struct session_op d_sess;
+    int d_fd;
 };
 
 static u_int32_t cryptodev_asymfeat = 0;
@@ -83,144 +82,173 @@ static int cryptodev_max_iv(int cipher);
 static int cryptodev_key_length_valid(int cipher, int len);
 static int cipher_nid_to_cryptodev(int nid);
 static int get_cryptodev_ciphers(const int **cnids);
-/*static int get_cryptodev_digests(const int **cnids);*/
+/*
+ * static int get_cryptodev_digests(const int **cnids);
+ */
 static int cryptodev_usable_ciphers(const int **nids);
 static int cryptodev_usable_digests(const int **nids);
 static int cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, unsigned int inl);
+                            const unsigned char *in, unsigned int inl);
 static int cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-    const unsigned char *iv, int enc);
+                              const unsigned char *iv, int enc);
 static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx);
 static int cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-    const int **nids, int nid);
+                                    const int **nids, int nid);
 static int cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
-    const int **nids, int nid);
+                                    const int **nids, int nid);
 static int bn2crparam(const BIGNUM *a, struct crparam *crp);
 static int crparam2bn(struct crparam *crp, BIGNUM *a);
 static void zapparams(struct crypt_kop *kop);
 static int cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r,
-    int slen, BIGNUM *s);
+                          int slen, BIGNUM *s);
 
 static int cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a,
-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I,
-    RSA *rsa, BN_CTX *ctx);
-static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
+                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx);
+static int cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                                       BN_CTX *ctx);
+static int cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                                 BN_CTX *ctx);
 static int cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a,
-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
+                                    const BIGNUM *p, const BIGNUM *m,
+                                    BN_CTX *ctx, BN_MONT_CTX *m_ctx);
 static int cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-    BN_CTX *ctx, BN_MONT_CTX *mont);
-static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst,
-    int dlen, DSA *dsa);
+                                     BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2,
+                                     BIGNUM *p, BN_CTX *ctx,
+                                     BN_MONT_CTX *mont);
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+                                      DSA *dsa);
 static int cryptodev_dsa_verify(const unsigned char *dgst, int dgst_len,
-    DSA_SIG *sig, DSA *dsa);
+                                DSA_SIG *sig, DSA *dsa);
 static int cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-    BN_MONT_CTX *m_ctx);
-static int cryptodev_dh_compute_key(unsigned char *key,
-    const BIGNUM *pub_key, DH *dh);
-static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p,
-    void (*f)());
+                                const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                                BN_MONT_CTX *m_ctx);
+static int cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key,
+                                    DH *dh);
+static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ());
 void ENGINE_load_cryptodev(void);
 
 static const ENGINE_CMD_DEFN cryptodev_defns[] = {
-	{ 0, NULL, NULL, 0 }
+    {0, NULL, NULL, 0}
 };
 
 static struct {
-	int	id;
-	int	nid;
-	int	ivmax;
-	int	keylen;
+    int id;
+    int nid;
+    int ivmax;
+    int keylen;
 } ciphers[] = {
-	{ CRYPTO_DES_CBC,		NID_des_cbc,		8,	 8, },
-	{ CRYPTO_3DES_CBC,		NID_des_ede3_cbc,	8,	24, },
-	{ CRYPTO_AES_CBC,		NID_aes_128_cbc,	16,	16, },
-	{ CRYPTO_BLF_CBC,		NID_bf_cbc,		8,	16, },
-	{ CRYPTO_CAST_CBC,		NID_cast5_cbc,		8,	16, },
-	{ CRYPTO_SKIPJACK_CBC,		NID_undef,		0,	 0, },
-	{ 0,				NID_undef,		0,	 0, },
+    {
+        CRYPTO_DES_CBC, NID_des_cbc, 8, 8,
+    },
+    {
+        CRYPTO_3DES_CBC, NID_des_ede3_cbc, 8, 24,
+    },
+    {
+        CRYPTO_AES_CBC, NID_aes_128_cbc, 16, 16,
+    },
+    {
+        CRYPTO_BLF_CBC, NID_bf_cbc, 8, 16,
+    },
+    {
+        CRYPTO_CAST_CBC, NID_cast5_cbc, 8, 16,
+    },
+    {
+        CRYPTO_SKIPJACK_CBC, NID_undef, 0, 0,
+    },
+    {
+        0, NID_undef, 0, 0,
+    },
 };
 
-#if 0
+# if 0
 static struct {
-	int	id;
-	int	nid;
+    int id;
+    int nid;
 } digests[] = {
-	{ CRYPTO_SHA1_HMAC,		NID_hmacWithSHA1,	},
-	{ CRYPTO_RIPEMD160_HMAC,	NID_ripemd160,		},
-	{ CRYPTO_MD5_KPDK,		NID_undef,		},
-	{ CRYPTO_SHA1_KPDK,		NID_undef,		},
-	{ CRYPTO_MD5,			NID_md5,		},
-	{ CRYPTO_SHA1,			NID_undef,		},
-	{ 0,				NID_undef,		},
+    {
+        CRYPTO_SHA1_HMAC, NID_hmacWithSHA1,
+    },
+    {
+        CRYPTO_RIPEMD160_HMAC, NID_ripemd160,
+    },
+    {
+        CRYPTO_MD5_KPDK, NID_undef,
+    },
+    {
+        CRYPTO_SHA1_KPDK, NID_undef,
+    },
+    {
+        CRYPTO_MD5, NID_md5,
+    },
+    {
+        CRYPTO_SHA1, NID_undef,
+    },
+    {
+        0, NID_undef,
+    },
 };
-#endif
+# endif
 
 /*
  * Return a fd if /dev/crypto seems usable, 0 otherwise.
  */
-static int
-open_dev_crypto(void)
+static int open_dev_crypto(void)
 {
-	static int fd = -1;
-
-	if (fd == -1) {
-		if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
-			return (-1);
-		/* close on exec */
-		if (fcntl(fd, F_SETFD, 1) == -1) {
-			close(fd);
-			fd = -1;
-			return (-1);
-		}
-	}
-	return (fd);
+    static int fd = -1;
+
+    if (fd == -1) {
+        if ((fd = open("/dev/crypto", O_RDWR, 0)) == -1)
+            return (-1);
+        /* close on exec */
+        if (fcntl(fd, F_SETFD, 1) == -1) {
+            close(fd);
+            fd = -1;
+            return (-1);
+        }
+    }
+    return (fd);
 }
 
-static int
-get_dev_crypto(void)
+static int get_dev_crypto(void)
 {
-	int fd, retfd;
-
-	if ((fd = open_dev_crypto()) == -1)
-		return (-1);
-	if (ioctl(fd, CRIOGET, &retfd) == -1)
-		return (-1);
-
-	/* close on exec */
-	if (fcntl(retfd, F_SETFD, 1) == -1) {
-		close(retfd);
-		return (-1);
-	}
-	return (retfd);
+    int fd, retfd;
+
+    if ((fd = open_dev_crypto()) == -1)
+        return (-1);
+    if (ioctl(fd, CRIOGET, &retfd) == -1)
+        return (-1);
+
+    /* close on exec */
+    if (fcntl(retfd, F_SETFD, 1) == -1) {
+        close(retfd);
+        return (-1);
+    }
+    return (retfd);
 }
 
 /* Caching version for asym operations */
-static int
-get_asym_dev_crypto(void)
+static int get_asym_dev_crypto(void)
 {
-	static int fd = -1;
+    static int fd = -1;
 
-	if (fd == -1)
-		fd = get_dev_crypto();
-	return fd;
+    if (fd == -1)
+        fd = get_dev_crypto();
+    return fd;
 }
 
 /*
  * XXXX this needs to be set for each alg - and determined from
  * a running card.
  */
-static int
-cryptodev_max_iv(int cipher)
+static int cryptodev_max_iv(int cipher)
 {
-	int i;
+    int i;
 
-	for (i = 0; ciphers[i].id; i++)
-		if (ciphers[i].id == cipher)
-			return (ciphers[i].ivmax);
-	return (0);
+    for (i = 0; ciphers[i].id; i++)
+        if (ciphers[i].id == cipher)
+            return (ciphers[i].ivmax);
+    return (0);
 }
 
 /*
@@ -229,27 +257,25 @@ cryptodev_max_iv(int cipher)
  * for real devices should return 1 for the supported key
  * sizes the device can handle.
  */
-static int
-cryptodev_key_length_valid(int cipher, int len)
+static int cryptodev_key_length_valid(int cipher, int len)
 {
-	int i;
+    int i;
 
-	for (i = 0; ciphers[i].id; i++)
-		if (ciphers[i].id == cipher)
-			return (ciphers[i].keylen == len);
-	return (0);
+    for (i = 0; ciphers[i].id; i++)
+        if (ciphers[i].id == cipher)
+            return (ciphers[i].keylen == len);
+    return (0);
 }
 
 /* convert libcrypto nids to cryptodev */
-static int
-cipher_nid_to_cryptodev(int nid)
+static int cipher_nid_to_cryptodev(int nid)
 {
-	int i;
+    int i;
 
-	for (i = 0; ciphers[i].id; i++)
-		if (ciphers[i].nid == nid)
-			return (ciphers[i].id);
-	return (0);
+    for (i = 0; ciphers[i].id; i++)
+        if (ciphers[i].nid == nid)
+            return (ciphers[i].id);
+    return (0);
 }
 
 /*
@@ -258,77 +284,75 @@ cipher_nid_to_cryptodev(int nid)
  * returning them here is harmless, as long as we return NULL
  * when asked for a handler in the cryptodev_engine_ciphers routine
  */
-static int
-get_cryptodev_ciphers(const int **cnids)
+static int get_cryptodev_ciphers(const int **cnids)
 {
-	static int nids[CRYPTO_ALGORITHM_MAX];
-	struct session_op sess;
-	int fd, i, count = 0;
-
-	if ((fd = get_dev_crypto()) < 0) {
-		*cnids = NULL;
-		return (0);
-	}
-	memset(&sess, 0, sizeof(sess));
-	sess.key = (caddr_t)"123456781234567812345678";
-
-	for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-		if (ciphers[i].nid == NID_undef)
-			continue;
-		sess.cipher = ciphers[i].id;
-		sess.keylen = ciphers[i].keylen;
-		sess.mac = 0;
-		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-			nids[count++] = ciphers[i].nid;
-	}
-	close(fd);
-
-	if (count > 0)
-		*cnids = nids;
-	else
-		*cnids = NULL;
-	return (count);
+    static int nids[CRYPTO_ALGORITHM_MAX];
+    struct session_op sess;
+    int fd, i, count = 0;
+
+    if ((fd = get_dev_crypto()) < 0) {
+        *cnids = NULL;
+        return (0);
+    }
+    memset(&sess, 0, sizeof(sess));
+    sess.key = (caddr_t) "123456781234567812345678";
+
+    for (i = 0; ciphers[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+        if (ciphers[i].nid == NID_undef)
+            continue;
+        sess.cipher = ciphers[i].id;
+        sess.keylen = ciphers[i].keylen;
+        sess.mac = 0;
+        if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+            ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+            nids[count++] = ciphers[i].nid;
+    }
+    close(fd);
+
+    if (count > 0)
+        *cnids = nids;
+    else
+        *cnids = NULL;
+    return (count);
 }
 
-#if 0  /* unused */
+# if 0                          /* unused */
 /*
  * Find out what digests /dev/crypto will let us have a session for.
  * XXX note, that some of these openssl doesn't deal with yet!
  * returning them here is harmless, as long as we return NULL
  * when asked for a handler in the cryptodev_engine_digests routine
  */
-static int
-get_cryptodev_digests(const int **cnids)
+static int get_cryptodev_digests(const int **cnids)
 {
-	static int nids[CRYPTO_ALGORITHM_MAX];
-	struct session_op sess;
-	int fd, i, count = 0;
-
-	if ((fd = get_dev_crypto()) < 0) {
-		*cnids = NULL;
-		return (0);
-	}
-	memset(&sess, 0, sizeof(sess));
-	for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
-		if (digests[i].nid == NID_undef)
-			continue;
-		sess.mac = digests[i].id;
-		sess.cipher = 0;
-		if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
-		    ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
-			nids[count++] = digests[i].nid;
-	}
-	close(fd);
-
-	if (count > 0)
-		*cnids = nids;
-	else
-		*cnids = NULL;
-	return (count);
+    static int nids[CRYPTO_ALGORITHM_MAX];
+    struct session_op sess;
+    int fd, i, count = 0;
+
+    if ((fd = get_dev_crypto()) < 0) {
+        *cnids = NULL;
+        return (0);
+    }
+    memset(&sess, 0, sizeof(sess));
+    for (i = 0; digests[i].id && count < CRYPTO_ALGORITHM_MAX; i++) {
+        if (digests[i].nid == NID_undef)
+            continue;
+        sess.mac = digests[i].id;
+        sess.cipher = 0;
+        if (ioctl(fd, CIOCGSESSION, &sess) != -1 &&
+            ioctl(fd, CIOCFSESSION, &sess.ses) != -1)
+            nids[count++] = digests[i].nid;
+    }
+    close(fd);
+
+    if (count > 0)
+        *cnids = nids;
+    else
+        *cnids = NULL;
+    return (count);
 }
 
-#endif
+# endif
 
 /*
  * Find the useable ciphers|digests from dev/crypto - this is the first
@@ -351,153 +375,150 @@ get_cryptodev_digests(const int **cnids)
  * want most of the decisions made about what we actually want
  * to use from /dev/crypto.
  */
-static int
-cryptodev_usable_ciphers(const int **nids)
+static int cryptodev_usable_ciphers(const int **nids)
 {
-	return (get_cryptodev_ciphers(nids));
+    return (get_cryptodev_ciphers(nids));
 }
 
-static int
-cryptodev_usable_digests(const int **nids)
+static int cryptodev_usable_digests(const int **nids)
 {
-	/*
-	 * XXXX just disable all digests for now, because it sucks.
-	 * we need a better way to decide this - i.e. I may not
-	 * want digests on slow cards like hifn on fast machines,
-	 * but might want them on slow or loaded machines, etc.
-	 * will also want them when using crypto cards that don't
-	 * suck moose gonads - would be nice to be able to decide something
-	 * as reasonable default without having hackery that's card dependent.
-	 * of course, the default should probably be just do everything,
-	 * with perhaps a sysctl to turn algoritms off (or have them off
-	 * by default) on cards that generally suck like the hifn.
-	 */
-	*nids = NULL;
-	return (0);
+    /*
+     * XXXX just disable all digests for now, because it sucks.
+     * we need a better way to decide this - i.e. I may not
+     * want digests on slow cards like hifn on fast machines,
+     * but might want them on slow or loaded machines, etc.
+     * will also want them when using crypto cards that don't
+     * suck moose gonads - would be nice to be able to decide something
+     * as reasonable default without having hackery that's card dependent.
+     * of course, the default should probably be just do everything,
+     * with perhaps a sysctl to turn algoritms off (or have them off
+     * by default) on cards that generally suck like the hifn.
+     */
+    *nids = NULL;
+    return (0);
 }
 
 static int
 cryptodev_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, unsigned int inl)
+                 const unsigned char *in, unsigned int inl)
 {
-	struct crypt_op cryp;
-	struct dev_crypto_state *state = ctx->cipher_data;
-	struct session_op *sess = &state->d_sess;
-	const void *iiv;
-	unsigned char save_iv[EVP_MAX_IV_LENGTH];
-
-	if (state->d_fd < 0)
-		return (0);
-	if (!inl)
-		return (1);
-	if ((inl % ctx->cipher->block_size) != 0)
-		return (0);
-
-	memset(&cryp, 0, sizeof(cryp));
-
-	cryp.ses = sess->ses;
-	cryp.flags = 0;
-	cryp.len = inl;
-	cryp.src = (caddr_t) in;
-	cryp.dst = (caddr_t) out;
-	cryp.mac = 0;
-
-	cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
-
-	if (ctx->cipher->iv_len) {
-		cryp.iv = (caddr_t) ctx->iv;
-		if (!ctx->encrypt) {
-			iiv = in + inl - ctx->cipher->iv_len;
-			memcpy(save_iv, iiv, ctx->cipher->iv_len);
-		}
-	} else
-		cryp.iv = NULL;
-
-	if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
-		/* XXX need better errror handling
-		 * this can fail for a number of different reasons.
-		 */
-		return (0);
-	}
-
-	if (ctx->cipher->iv_len) {
-		if (ctx->encrypt)
-			iiv = out + inl - ctx->cipher->iv_len;
-		else
-			iiv = save_iv;
-		memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
-	}
-	return (1);
+    struct crypt_op cryp;
+    struct dev_crypto_state *state = ctx->cipher_data;
+    struct session_op *sess = &state->d_sess;
+    const void *iiv;
+    unsigned char save_iv[EVP_MAX_IV_LENGTH];
+
+    if (state->d_fd < 0)
+        return (0);
+    if (!inl)
+        return (1);
+    if ((inl % ctx->cipher->block_size) != 0)
+        return (0);
+
+    memset(&cryp, 0, sizeof(cryp));
+
+    cryp.ses = sess->ses;
+    cryp.flags = 0;
+    cryp.len = inl;
+    cryp.src = (caddr_t) in;
+    cryp.dst = (caddr_t) out;
+    cryp.mac = 0;
+
+    cryp.op = ctx->encrypt ? COP_ENCRYPT : COP_DECRYPT;
+
+    if (ctx->cipher->iv_len) {
+        cryp.iv = (caddr_t) ctx->iv;
+        if (!ctx->encrypt) {
+            iiv = in + inl - ctx->cipher->iv_len;
+            memcpy(save_iv, iiv, ctx->cipher->iv_len);
+        }
+    } else
+        cryp.iv = NULL;
+
+    if (ioctl(state->d_fd, CIOCCRYPT, &cryp) == -1) {
+        /*
+         * XXX need better errror handling this can fail for a number of
+         * different reasons.
+         */
+        return (0);
+    }
+
+    if (ctx->cipher->iv_len) {
+        if (ctx->encrypt)
+            iiv = out + inl - ctx->cipher->iv_len;
+        else
+            iiv = save_iv;
+        memcpy(ctx->iv, iiv, ctx->cipher->iv_len);
+    }
+    return (1);
 }
 
 static int
 cryptodev_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-    const unsigned char *iv, int enc)
+                   const unsigned char *iv, int enc)
 {
-	struct dev_crypto_state *state = ctx->cipher_data;
-	struct session_op *sess = &state->d_sess;
-	int cipher;
+    struct dev_crypto_state *state = ctx->cipher_data;
+    struct session_op *sess = &state->d_sess;
+    int cipher;
 
-	if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
-		return (0);
+    if ((cipher = cipher_nid_to_cryptodev(ctx->cipher->nid)) == NID_undef)
+        return (0);
 
-	if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
-		return (0);
+    if (ctx->cipher->iv_len > cryptodev_max_iv(cipher))
+        return (0);
 
-	if (!cryptodev_key_length_valid(cipher, ctx->key_len))
-		return (0);
+    if (!cryptodev_key_length_valid(cipher, ctx->key_len))
+        return (0);
 
-	memset(sess, 0, sizeof(struct session_op));
+    memset(sess, 0, sizeof(struct session_op));
 
-	if ((state->d_fd = get_dev_crypto()) < 0)
-		return (0);
+    if ((state->d_fd = get_dev_crypto()) < 0)
+        return (0);
 
-	sess->key = (char *)key;
-	sess->keylen = ctx->key_len;
-	sess->cipher = cipher;
+    sess->key = (char *)key;
+    sess->keylen = ctx->key_len;
+    sess->cipher = cipher;
 
-	if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
-		close(state->d_fd);
-		state->d_fd = -1;
-		return (0);
-	}
-	return (1);
+    if (ioctl(state->d_fd, CIOCGSESSION, sess) == -1) {
+        close(state->d_fd);
+        state->d_fd = -1;
+        return (0);
+    }
+    return (1);
 }
 
 /*
  * free anything we allocated earlier when initting a
  * session, and close the session.
  */
-static int
-cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
+static int cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
 {
-	int ret = 0;
-	struct dev_crypto_state *state = ctx->cipher_data;
-	struct session_op *sess = &state->d_sess;
-
-	if (state->d_fd < 0)
-		return (0);
-
-	/* XXX if this ioctl fails, someting's wrong. the invoker
-	 * may have called us with a bogus ctx, or we could
-	 * have a device that for whatever reason just doesn't
-	 * want to play ball - it's not clear what's right
-	 * here - should this be an error? should it just
-	 * increase a counter, hmm. For right now, we return
-	 * 0 - I don't believe that to be "right". we could
-	 * call the gorpy openssl lib error handlers that
-	 * print messages to users of the library. hmm..
-	 */
-
-	if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
-		ret = 0;
-	} else {
-		ret = 1;
-	}
-	close(state->d_fd);
-	state->d_fd = -1;
-
-	return (ret);
+    int ret = 0;
+    struct dev_crypto_state *state = ctx->cipher_data;
+    struct session_op *sess = &state->d_sess;
+
+    if (state->d_fd < 0)
+        return (0);
+
+    /*
+     * XXX if this ioctl fails, someting's wrong. the invoker may have called
+     * us with a bogus ctx, or we could have a device that for whatever
+     * reason just doesn't want to play ball - it's not clear what's right
+     * here - should this be an error? should it just increase a counter,
+     * hmm. For right now, we return 0 - I don't believe that to be "right".
+     * we could call the gorpy openssl lib error handlers that print messages
+     * to users of the library. hmm..
+     */
+
+    if (ioctl(state->d_fd, CIOCFSESSION, &sess->ses) == -1) {
+        ret = 0;
+    } else {
+        ret = 1;
+    }
+    close(state->d_fd);
+    state->d_fd = -1;
+
+    return (ret);
 }
 
 /*
@@ -507,69 +528,69 @@ cryptodev_cleanup(EVP_CIPHER_CTX *ctx)
 
 /* DES CBC EVP */
 const EVP_CIPHER cryptodev_des_cbc = {
-	NID_des_cbc,
-	8, 8, 8,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
+    NID_des_cbc,
+    8, 8, 8,
+    EVP_CIPH_CBC_MODE,
+    cryptodev_init_key,
+    cryptodev_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    NULL
 };
 
 /* 3DES CBC EVP */
 const EVP_CIPHER cryptodev_3des_cbc = {
-	NID_des_ede3_cbc,
-	8, 24, 8,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
+    NID_des_ede3_cbc,
+    8, 24, 8,
+    EVP_CIPH_CBC_MODE,
+    cryptodev_init_key,
+    cryptodev_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    NULL
 };
 
 const EVP_CIPHER cryptodev_bf_cbc = {
-	NID_bf_cbc,
-	8, 16, 8,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
+    NID_bf_cbc,
+    8, 16, 8,
+    EVP_CIPH_CBC_MODE,
+    cryptodev_init_key,
+    cryptodev_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    NULL
 };
 
 const EVP_CIPHER cryptodev_cast_cbc = {
-	NID_cast5_cbc,
-	8, 16, 8,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
+    NID_cast5_cbc,
+    8, 16, 8,
+    EVP_CIPH_CBC_MODE,
+    cryptodev_init_key,
+    cryptodev_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    NULL
 };
 
 const EVP_CIPHER cryptodev_aes_cbc = {
-	NID_aes_128_cbc,
-	16, 16, 16,
-	EVP_CIPH_CBC_MODE,
-	cryptodev_init_key,
-	cryptodev_cipher,
-	cryptodev_cleanup,
-	sizeof(struct dev_crypto_state),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL
+    NID_aes_128_cbc,
+    16, 16, 16,
+    EVP_CIPH_CBC_MODE,
+    cryptodev_init_key,
+    cryptodev_cipher,
+    cryptodev_cleanup,
+    sizeof(struct dev_crypto_state),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    NULL
 };
 
 /*
@@ -579,50 +600,50 @@ const EVP_CIPHER cryptodev_aes_cbc = {
  */
 static int
 cryptodev_engine_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-    const int **nids, int nid)
+                         const int **nids, int nid)
 {
-	if (!cipher)
-		return (cryptodev_usable_ciphers(nids));
-
-	switch (nid) {
-	case NID_des_ede3_cbc:
-		*cipher = &cryptodev_3des_cbc;
-		break;
-	case NID_des_cbc:
-		*cipher = &cryptodev_des_cbc;
-		break;
-	case NID_bf_cbc:
-		*cipher = &cryptodev_bf_cbc;
-		break;
-	case NID_cast5_cbc:
-		*cipher = &cryptodev_cast_cbc;
-		break;
-	case NID_aes_128_cbc:
-		*cipher = &cryptodev_aes_cbc;
-		break;
-	default:
-		*cipher = NULL;
-		break;
-	}
-	return (*cipher != NULL);
+    if (!cipher)
+        return (cryptodev_usable_ciphers(nids));
+
+    switch (nid) {
+    case NID_des_ede3_cbc:
+        *cipher = &cryptodev_3des_cbc;
+        break;
+    case NID_des_cbc:
+        *cipher = &cryptodev_des_cbc;
+        break;
+    case NID_bf_cbc:
+        *cipher = &cryptodev_bf_cbc;
+        break;
+    case NID_cast5_cbc:
+        *cipher = &cryptodev_cast_cbc;
+        break;
+    case NID_aes_128_cbc:
+        *cipher = &cryptodev_aes_cbc;
+        break;
+    default:
+        *cipher = NULL;
+        break;
+    }
+    return (*cipher != NULL);
 }
 
 static int
 cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
-    const int **nids, int nid)
+                         const int **nids, int nid)
 {
-	if (!digest)
-		return (cryptodev_usable_digests(nids));
-
-	switch (nid) {
-	case NID_md5:
-		*digest = NULL; /* need to make a clean md5 critter */
-		break;
-	default:
-		*digest = NULL;
-		break;
-	}
-	return (*digest != NULL);
+    if (!digest)
+        return (cryptodev_usable_digests(nids));
+
+    switch (nid) {
+    case NID_md5:
+        *digest = NULL;         /* need to make a clean md5 critter */
+        break;
+    default:
+        *digest = NULL;
+        break;
+    }
+    return (*digest != NULL);
 }
 
 /*
@@ -630,527 +651,525 @@ cryptodev_engine_digests(ENGINE *e, const EVP_MD **digest,
  * Upon completion of use, the caller is responsible for freeing
  * crp->crp_p.
  */
-static int
-bn2crparam(const BIGNUM *a, struct crparam *crp)
+static int bn2crparam(const BIGNUM *a, struct crparam *crp)
 {
-	int i, j, k;
-	ssize_t bytes, bits;
-	u_char *b;
-
-	crp->crp_p = NULL;
-	crp->crp_nbits = 0;
-
-	bits = BN_num_bits(a);
-	bytes = (bits + 7) / 8;
-
-	b = malloc(bytes);
-	if (b == NULL)
-		return (1);
-
-	crp->crp_p = (char *)b;
-	crp->crp_nbits = bits;
-
-	for (i = 0, j = 0; i < a->top; i++) {
-		for (k = 0; k < BN_BITS2 / 8; k++) {
-			if ((j + k) >= bytes)
-				return (0);
-			b[j + k] = a->d[i] >> (k * 8);
-		}
-		j += BN_BITS2 / 8;
-	}
-	return (0);
+    int i, j, k;
+    ssize_t bytes, bits;
+    u_char *b;
+
+    crp->crp_p = NULL;
+    crp->crp_nbits = 0;
+
+    bits = BN_num_bits(a);
+    bytes = (bits + 7) / 8;
+
+    b = malloc(bytes);
+    if (b == NULL)
+        return (1);
+
+    crp->crp_p = (char *)b;
+    crp->crp_nbits = bits;
+
+    for (i = 0, j = 0; i < a->top; i++) {
+        for (k = 0; k < BN_BITS2 / 8; k++) {
+            if ((j + k) >= bytes)
+                return (0);
+            b[j + k] = a->d[i] >> (k * 8);
+        }
+        j += BN_BITS2 / 8;
+    }
+    return (0);
 }
 
 /* Convert a /dev/crypto parameter to a BIGNUM */
-static int
-crparam2bn(struct crparam *crp, BIGNUM *a)
+static int crparam2bn(struct crparam *crp, BIGNUM *a)
 {
-	u_int8_t *pd;
-	int i, bytes;
+    u_int8_t *pd;
+    int i, bytes;
 
-	bytes = (crp->crp_nbits + 7) / 8;
+    bytes = (crp->crp_nbits + 7) / 8;
 
-	if (bytes == 0)
-		return (-1);
+    if (bytes == 0)
+        return (-1);
 
-	if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
-		return (-1);
+    if ((pd = (u_int8_t *) malloc(bytes)) == NULL)
+        return (-1);
 
-	for (i = 0; i < bytes; i++)
-		pd[i] = crp->crp_p[bytes - i - 1];
+    for (i = 0; i < bytes; i++)
+        pd[i] = crp->crp_p[bytes - i - 1];
 
-	BN_bin2bn(pd, bytes, a);
-	free(pd);
+    BN_bin2bn(pd, bytes, a);
+    free(pd);
 
-	return (0);
+    return (0);
 }
 
-static void
-zapparams(struct crypt_kop *kop)
+static void zapparams(struct crypt_kop *kop)
 {
-	int i;
-
-	for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
-		if (kop->crk_param[i].crp_p)
-			free(kop->crk_param[i].crp_p);
-		kop->crk_param[i].crp_p = NULL;
-		kop->crk_param[i].crp_nbits = 0;
-	}
+    int i;
+
+    for (i = 0; i <= kop->crk_iparams + kop->crk_oparams; i++) {
+        if (kop->crk_param[i].crp_p)
+            free(kop->crk_param[i].crp_p);
+        kop->crk_param[i].crp_p = NULL;
+        kop->crk_param[i].crp_nbits = 0;
+    }
 }
 
 static int
-cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen, BIGNUM *s)
+cryptodev_asym(struct crypt_kop *kop, int rlen, BIGNUM *r, int slen,
+               BIGNUM *s)
 {
-	int fd, ret = -1;
-
-	if ((fd = get_asym_dev_crypto()) < 0)
-		return (ret);
-
-	if (r) {
-		kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
-		kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
-		kop->crk_oparams++;
-	}
-	if (s) {
-		kop->crk_param[kop->crk_iparams+1].crp_p = calloc(slen, sizeof(char));
-		kop->crk_param[kop->crk_iparams+1].crp_nbits = slen * 8;
-		kop->crk_oparams++;
-	}
-
-	if (ioctl(fd, CIOCKEY, kop) == 0) {
-		if (r)
-			crparam2bn(&kop->crk_param[kop->crk_iparams], r);
-		if (s)
-			crparam2bn(&kop->crk_param[kop->crk_iparams+1], s);
-		ret = 0;
-	}
-
-	return (ret);
+    int fd, ret = -1;
+
+    if ((fd = get_asym_dev_crypto()) < 0)
+        return (ret);
+
+    if (r) {
+        kop->crk_param[kop->crk_iparams].crp_p = calloc(rlen, sizeof(char));
+        kop->crk_param[kop->crk_iparams].crp_nbits = rlen * 8;
+        kop->crk_oparams++;
+    }
+    if (s) {
+        kop->crk_param[kop->crk_iparams + 1].crp_p =
+            calloc(slen, sizeof(char));
+        kop->crk_param[kop->crk_iparams + 1].crp_nbits = slen * 8;
+        kop->crk_oparams++;
+    }
+
+    if (ioctl(fd, CIOCKEY, kop) == 0) {
+        if (r)
+            crparam2bn(&kop->crk_param[kop->crk_iparams], r);
+        if (s)
+            crparam2bn(&kop->crk_param[kop->crk_iparams + 1], s);
+        ret = 0;
+    }
+
+    return (ret);
 }
 
 static int
 cryptodev_bn_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
-    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
+                     const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
 {
-	struct crypt_kop kop;
-	int ret = 1;
-
-	/* Currently, we know we can do mod exp iff we can do any
-	 * asymmetric operations at all.
-	 */
-	if (cryptodev_asymfeat == 0) {
-		ret = BN_mod_exp(r, a, p, m, ctx);
-		return (ret);
-	}
-
-	memset(&kop, 0, sizeof kop);
-	kop.crk_op = CRK_MOD_EXP;
-
-	/* inputs: a^p % m */
-	if (bn2crparam(a, &kop.crk_param[0]))
-		goto err;
-	if (bn2crparam(p, &kop.crk_param[1]))
-		goto err;
-	if (bn2crparam(m, &kop.crk_param[2]))
-		goto err;
-	kop.crk_iparams = 3;
-
-	if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
-		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-		printf("OCF asym process failed, Running in software\n");
-		ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-
-	} else if (ECANCELED == kop.crk_status) {
-		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-		printf("OCF hardware operation cancelled. Running in Software\n");
-		ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
-	}
-	/* else cryptodev operation worked ok ==> ret = 1*/
-
-err:
-	zapparams(&kop);
-	return (ret);
+    struct crypt_kop kop;
+    int ret = 1;
+
+    /*
+     * Currently, we know we can do mod exp iff we can do any asymmetric
+     * operations at all.
+     */
+    if (cryptodev_asymfeat == 0) {
+        ret = BN_mod_exp(r, a, p, m, ctx);
+        return (ret);
+    }
+
+    memset(&kop, 0, sizeof kop);
+    kop.crk_op = CRK_MOD_EXP;
+
+    /* inputs: a^p % m */
+    if (bn2crparam(a, &kop.crk_param[0]))
+        goto err;
+    if (bn2crparam(p, &kop.crk_param[1]))
+        goto err;
+    if (bn2crparam(m, &kop.crk_param[2]))
+        goto err;
+    kop.crk_iparams = 3;
+
+    if (cryptodev_asym(&kop, BN_num_bytes(m), r, 0, NULL)) {
+        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+        printf("OCF asym process failed, Running in software\n");
+        ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+
+    } else if (ECANCELED == kop.crk_status) {
+        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+        printf("OCF hardware operation cancelled. Running in Software\n");
+        ret = meth->bn_mod_exp(r, a, p, m, ctx, in_mont);
+    }
+    /* else cryptodev operation worked ok ==> ret = 1 */
+
+ err:
+    zapparams(&kop);
+    return (ret);
 }
 
 static int
-cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+cryptodev_rsa_nocrt_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa,
+                            BN_CTX *ctx)
 {
-	int r;
+    int r;
 
-	r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
-	return (r);
+    r = cryptodev_bn_mod_exp(r0, I, rsa->d, rsa->n, ctx, NULL);
+    return (r);
 }
 
 static int
 cryptodev_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 {
-	struct crypt_kop kop;
-	int ret = 1;
-
-	if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
-		/* XXX 0 means failure?? */
-		return (0);
-	}
-
-	memset(&kop, 0, sizeof kop);
-	kop.crk_op = CRK_MOD_EXP_CRT;
-	/* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
-	if (bn2crparam(rsa->p, &kop.crk_param[0]))
-		goto err;
-	if (bn2crparam(rsa->q, &kop.crk_param[1]))
-		goto err;
-	if (bn2crparam(I, &kop.crk_param[2]))
-		goto err;
-	if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
-		goto err;
-	if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
-		goto err;
-	if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
-		goto err;
-	kop.crk_iparams = 6;
-
-	if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
-		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-		printf("OCF asym process failed, running in Software\n");
-		ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
-
-	} else if (ECANCELED == kop.crk_status) {
-		const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
-		printf("OCF hardware operation cancelled. Running in Software\n");
-		ret = (*meth->rsa_mod_exp)(r0, I, rsa, ctx);
-	}
-	/* else cryptodev operation worked ok ==> ret = 1*/
-
-err:
-	zapparams(&kop);
-	return (ret);
+    struct crypt_kop kop;
+    int ret = 1;
+
+    if (!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp) {
+        /* XXX 0 means failure?? */
+        return (0);
+    }
+
+    memset(&kop, 0, sizeof kop);
+    kop.crk_op = CRK_MOD_EXP_CRT;
+    /* inputs: rsa->p rsa->q I rsa->dmp1 rsa->dmq1 rsa->iqmp */
+    if (bn2crparam(rsa->p, &kop.crk_param[0]))
+        goto err;
+    if (bn2crparam(rsa->q, &kop.crk_param[1]))
+        goto err;
+    if (bn2crparam(I, &kop.crk_param[2]))
+        goto err;
+    if (bn2crparam(rsa->dmp1, &kop.crk_param[3]))
+        goto err;
+    if (bn2crparam(rsa->dmq1, &kop.crk_param[4]))
+        goto err;
+    if (bn2crparam(rsa->iqmp, &kop.crk_param[5]))
+        goto err;
+    kop.crk_iparams = 6;
+
+    if (cryptodev_asym(&kop, BN_num_bytes(rsa->n), r0, 0, NULL)) {
+        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+        printf("OCF asym process failed, running in Software\n");
+        ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+
+    } else if (ECANCELED == kop.crk_status) {
+        const RSA_METHOD *meth = RSA_PKCS1_SSLeay();
+        printf("OCF hardware operation cancelled. Running in Software\n");
+        ret = (*meth->rsa_mod_exp) (r0, I, rsa, ctx);
+    }
+    /* else cryptodev operation worked ok ==> ret = 1 */
+
+ err:
+    zapparams(&kop);
+    return (ret);
 }
 
 static RSA_METHOD cryptodev_rsa = {
-	"cryptodev RSA method",
-	NULL,				/* rsa_pub_enc */
-	NULL,				/* rsa_pub_dec */
-	NULL,				/* rsa_priv_enc */
-	NULL,				/* rsa_priv_dec */
-	NULL,
-	NULL,
-	NULL,				/* init */
-	NULL,				/* finish */
-	0,				/* flags */
-	NULL,				/* app_data */
-	NULL,				/* rsa_sign */
-	NULL				/* rsa_verify */
+    "cryptodev RSA method",
+    NULL,                       /* rsa_pub_enc */
+    NULL,                       /* rsa_pub_dec */
+    NULL,                       /* rsa_priv_enc */
+    NULL,                       /* rsa_priv_dec */
+    NULL,
+    NULL,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    0,                          /* flags */
+    NULL,                       /* app_data */
+    NULL,                       /* rsa_sign */
+    NULL                        /* rsa_verify */
 };
 
 static int
 cryptodev_dsa_bn_mod_exp(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
-    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
+                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 {
-	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+    return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
 }
 
 static int
 cryptodev_dsa_dsa_mod_exp(DSA *dsa, BIGNUM *t1, BIGNUM *g,
-    BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
-    BN_CTX *ctx, BN_MONT_CTX *mont)
+                          BIGNUM *u1, BIGNUM *pub_key, BIGNUM *u2, BIGNUM *p,
+                          BN_CTX *ctx, BN_MONT_CTX *mont)
 {
-	BIGNUM t2;
-	int ret = 0;
+    BIGNUM t2;
+    int ret = 0;
 
-	BN_init(&t2);
+    BN_init(&t2);
 
-	/* v = ( g^u1 * y^u2 mod p ) mod q */
-	/* let t1 = g ^ u1 mod p */
-	ret = 0;
+    /* v = ( g^u1 * y^u2 mod p ) mod q */
+    /* let t1 = g ^ u1 mod p */
+    ret = 0;
 
-	if (!dsa->meth->bn_mod_exp(dsa,t1,dsa->g,u1,dsa->p,ctx,mont))
-		goto err;
+    if (!dsa->meth->bn_mod_exp(dsa, t1, dsa->g, u1, dsa->p, ctx, mont))
+        goto err;
 
-	/* let t2 = y ^ u2 mod p */
-	if (!dsa->meth->bn_mod_exp(dsa,&t2,dsa->pub_key,u2,dsa->p,ctx,mont))
-		goto err;
-	/* let u1 = t1 * t2 mod p */
-	if (!BN_mod_mul(u1,t1,&t2,dsa->p,ctx))
-		goto err;
+    /* let t2 = y ^ u2 mod p */
+    if (!dsa->meth->bn_mod_exp(dsa, &t2, dsa->pub_key, u2, dsa->p, ctx, mont))
+        goto err;
+    /* let u1 = t1 * t2 mod p */
+    if (!BN_mod_mul(u1, t1, &t2, dsa->p, ctx))
+        goto err;
 
-	BN_copy(t1,u1);
+    BN_copy(t1, u1);
 
-	ret = 1;
-err:
-	BN_free(&t2);
-	return(ret);
+    ret = 1;
+ err:
+    BN_free(&t2);
+    return (ret);
 }
 
-static DSA_SIG *
-cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+static DSA_SIG *cryptodev_dsa_do_sign(const unsigned char *dgst, int dlen,
+                                      DSA *dsa)
 {
-	struct crypt_kop kop;
-	BIGNUM *r = NULL, *s = NULL;
-	DSA_SIG *dsaret = NULL;
-
-	if ((r = BN_new()) == NULL)
-		goto err;
-	if ((s = BN_new()) == NULL) {
-		BN_free(r);
-		goto err;
-	}
-
-	memset(&kop, 0, sizeof kop);
-	kop.crk_op = CRK_DSA_SIGN;
-
-	/* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
-	kop.crk_param[0].crp_p = (caddr_t)dgst;
-	kop.crk_param[0].crp_nbits = dlen * 8;
-	if (bn2crparam(dsa->p, &kop.crk_param[1]))
-		goto err;
-	if (bn2crparam(dsa->q, &kop.crk_param[2]))
-		goto err;
-	if (bn2crparam(dsa->g, &kop.crk_param[3]))
-		goto err;
-	if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
-		goto err;
-	kop.crk_iparams = 5;
-
-	if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
-	    BN_num_bytes(dsa->q), s) == 0) {
-		dsaret = DSA_SIG_new();
-		dsaret->r = r;
-		dsaret->s = s;
-	} else {
-		const DSA_METHOD *meth = DSA_OpenSSL();
-		BN_free(r);
-		BN_free(s);
-		dsaret = (meth->dsa_do_sign)(dgst, dlen, dsa);
-	}
-err:
-	kop.crk_param[0].crp_p = NULL;
-	zapparams(&kop);
-	return (dsaret);
+    struct crypt_kop kop;
+    BIGNUM *r = NULL, *s = NULL;
+    DSA_SIG *dsaret = NULL;
+
+    if ((r = BN_new()) == NULL)
+        goto err;
+    if ((s = BN_new()) == NULL) {
+        BN_free(r);
+        goto err;
+    }
+
+    memset(&kop, 0, sizeof kop);
+    kop.crk_op = CRK_DSA_SIGN;
+
+    /* inputs: dgst dsa->p dsa->q dsa->g dsa->priv_key */
+    kop.crk_param[0].crp_p = (caddr_t) dgst;
+    kop.crk_param[0].crp_nbits = dlen * 8;
+    if (bn2crparam(dsa->p, &kop.crk_param[1]))
+        goto err;
+    if (bn2crparam(dsa->q, &kop.crk_param[2]))
+        goto err;
+    if (bn2crparam(dsa->g, &kop.crk_param[3]))
+        goto err;
+    if (bn2crparam(dsa->priv_key, &kop.crk_param[4]))
+        goto err;
+    kop.crk_iparams = 5;
+
+    if (cryptodev_asym(&kop, BN_num_bytes(dsa->q), r,
+                       BN_num_bytes(dsa->q), s) == 0) {
+        dsaret = DSA_SIG_new();
+        dsaret->r = r;
+        dsaret->s = s;
+    } else {
+        const DSA_METHOD *meth = DSA_OpenSSL();
+        BN_free(r);
+        BN_free(s);
+        dsaret = (meth->dsa_do_sign) (dgst, dlen, dsa);
+    }
+ err:
+    kop.crk_param[0].crp_p = NULL;
+    zapparams(&kop);
+    return (dsaret);
 }
 
 static int
 cryptodev_dsa_verify(const unsigned char *dgst, int dlen,
-    DSA_SIG *sig, DSA *dsa)
+                     DSA_SIG *sig, DSA *dsa)
 {
-	struct crypt_kop kop;
-	int dsaret = 1;
-
-	memset(&kop, 0, sizeof kop);
-	kop.crk_op = CRK_DSA_VERIFY;
-
-	/* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
-	kop.crk_param[0].crp_p = (caddr_t)dgst;
-	kop.crk_param[0].crp_nbits = dlen * 8;
-	if (bn2crparam(dsa->p, &kop.crk_param[1]))
-		goto err;
-	if (bn2crparam(dsa->q, &kop.crk_param[2]))
-		goto err;
-	if (bn2crparam(dsa->g, &kop.crk_param[3]))
-		goto err;
-	if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
-		goto err;
-	if (bn2crparam(sig->r, &kop.crk_param[5]))
-		goto err;
-	if (bn2crparam(sig->s, &kop.crk_param[6]))
-		goto err;
-	kop.crk_iparams = 7;
-
-	if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
-/*OCF success value is 0, if not zero, change dsaret to fail*/
-		if(0 != kop.crk_status) dsaret  = 0;
-	} else {
-		const DSA_METHOD *meth = DSA_OpenSSL();
-
-		dsaret = (meth->dsa_do_verify)(dgst, dlen, sig, dsa);
-	}
-err:
-	kop.crk_param[0].crp_p = NULL;
-	zapparams(&kop);
-	return (dsaret);
+    struct crypt_kop kop;
+    int dsaret = 1;
+
+    memset(&kop, 0, sizeof kop);
+    kop.crk_op = CRK_DSA_VERIFY;
+
+    /* inputs: dgst dsa->p dsa->q dsa->g dsa->pub_key sig->r sig->s */
+    kop.crk_param[0].crp_p = (caddr_t) dgst;
+    kop.crk_param[0].crp_nbits = dlen * 8;
+    if (bn2crparam(dsa->p, &kop.crk_param[1]))
+        goto err;
+    if (bn2crparam(dsa->q, &kop.crk_param[2]))
+        goto err;
+    if (bn2crparam(dsa->g, &kop.crk_param[3]))
+        goto err;
+    if (bn2crparam(dsa->pub_key, &kop.crk_param[4]))
+        goto err;
+    if (bn2crparam(sig->r, &kop.crk_param[5]))
+        goto err;
+    if (bn2crparam(sig->s, &kop.crk_param[6]))
+        goto err;
+    kop.crk_iparams = 7;
+
+    if (cryptodev_asym(&kop, 0, NULL, 0, NULL) == 0) {
+        /*
+         * OCF success value is 0, if not zero, change dsaret to fail
+         */
+        if (0 != kop.crk_status)
+            dsaret = 0;
+    } else {
+        const DSA_METHOD *meth = DSA_OpenSSL();
+
+        dsaret = (meth->dsa_do_verify) (dgst, dlen, sig, dsa);
+    }
+ err:
+    kop.crk_param[0].crp_p = NULL;
+    zapparams(&kop);
+    return (dsaret);
 }
 
 static DSA_METHOD cryptodev_dsa = {
-	"cryptodev DSA method",
-	NULL,
-	NULL,				/* dsa_sign_setup */
-	NULL,
-	NULL,				/* dsa_mod_exp */
-	NULL,
-	NULL,				/* init */
-	NULL,				/* finish */
-	0,	/* flags */
-	NULL	/* app_data */
+    "cryptodev DSA method",
+    NULL,
+    NULL,                       /* dsa_sign_setup */
+    NULL,
+    NULL,                       /* dsa_mod_exp */
+    NULL,
+    NULL,                       /* init */
+    NULL,                       /* finish */
+    0,                          /* flags */
+    NULL                        /* app_data */
 };
 
 static int
 cryptodev_mod_exp_dh(const DH *dh, BIGNUM *r, const BIGNUM *a,
-    const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
-    BN_MONT_CTX *m_ctx)
+                     const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx,
+                     BN_MONT_CTX *m_ctx)
 {
-	return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
+    return (cryptodev_bn_mod_exp(r, a, p, m, ctx, m_ctx));
 }
 
 static int
 cryptodev_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
 {
-	struct crypt_kop kop;
-	int dhret = 1;
-	int fd, keylen;
-
-	if ((fd = get_asym_dev_crypto()) < 0) {
-		const DH_METHOD *meth = DH_OpenSSL();
-
-		return ((meth->compute_key)(key, pub_key, dh));
-	}
-
-	keylen = BN_num_bits(dh->p);
-
-	memset(&kop, 0, sizeof kop);
-	kop.crk_op = CRK_DH_COMPUTE_KEY;
-
-	/* inputs: dh->priv_key pub_key dh->p key */
-	if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
-		goto err;
-	if (bn2crparam(pub_key, &kop.crk_param[1]))
-		goto err;
-	if (bn2crparam(dh->p, &kop.crk_param[2]))
-		goto err;
-	kop.crk_iparams = 3;
-
-	kop.crk_param[3].crp_p = (char *)key;
-	kop.crk_param[3].crp_nbits = keylen * 8;
-	kop.crk_oparams = 1;
-
-	if (ioctl(fd, CIOCKEY, &kop) == -1) {
-		const DH_METHOD *meth = DH_OpenSSL();
-
-		dhret = (meth->compute_key)(key, pub_key, dh);
-	}
-err:
-	kop.crk_param[3].crp_p = NULL;
-	zapparams(&kop);
-	return (dhret);
+    struct crypt_kop kop;
+    int dhret = 1;
+    int fd, keylen;
+
+    if ((fd = get_asym_dev_crypto()) < 0) {
+        const DH_METHOD *meth = DH_OpenSSL();
+
+        return ((meth->compute_key) (key, pub_key, dh));
+    }
+
+    keylen = BN_num_bits(dh->p);
+
+    memset(&kop, 0, sizeof kop);
+    kop.crk_op = CRK_DH_COMPUTE_KEY;
+
+    /* inputs: dh->priv_key pub_key dh->p key */
+    if (bn2crparam(dh->priv_key, &kop.crk_param[0]))
+        goto err;
+    if (bn2crparam(pub_key, &kop.crk_param[1]))
+        goto err;
+    if (bn2crparam(dh->p, &kop.crk_param[2]))
+        goto err;
+    kop.crk_iparams = 3;
+
+    kop.crk_param[3].crp_p = (char *)key;
+    kop.crk_param[3].crp_nbits = keylen * 8;
+    kop.crk_oparams = 1;
+
+    if (ioctl(fd, CIOCKEY, &kop) == -1) {
+        const DH_METHOD *meth = DH_OpenSSL();
+
+        dhret = (meth->compute_key) (key, pub_key, dh);
+    }
+ err:
+    kop.crk_param[3].crp_p = NULL;
+    zapparams(&kop);
+    return (dhret);
 }
 
 static DH_METHOD cryptodev_dh = {
-	"cryptodev DH method",
-	NULL,				/* cryptodev_dh_generate_key */
-	NULL,
-	NULL,
-	NULL,
-	NULL,
-	0,	/* flags */
-	NULL	/* app_data */
+    "cryptodev DH method",
+    NULL,                       /* cryptodev_dh_generate_key */
+    NULL,
+    NULL,
+    NULL,
+    NULL,
+    0,                          /* flags */
+    NULL                        /* app_data */
 };
 
 /*
  * ctrl right now is just a wrapper that doesn't do much
  * but I expect we'll want some options soon.
  */
-static int
-cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)())
+static int cryptodev_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) ())
 {
-#ifdef HAVE_SYSLOG_R
-	struct syslog_data sd = SYSLOG_DATA_INIT;
-#endif
+# ifdef HAVE_SYSLOG_R
+    struct syslog_data sd = SYSLOG_DATA_INIT;
+# endif
 
-	switch (cmd) {
-	default:
-#ifdef HAVE_SYSLOG_R
-		syslog_r(LOG_ERR, &sd,
-		    "cryptodev_ctrl: unknown command %d", cmd);
-#else
-		syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
-#endif
-		break;
-	}
-	return (1);
+    switch (cmd) {
+    default:
+# ifdef HAVE_SYSLOG_R
+        syslog_r(LOG_ERR, &sd, "cryptodev_ctrl: unknown command %d", cmd);
+# else
+        syslog(LOG_ERR, "cryptodev_ctrl: unknown command %d", cmd);
+# endif
+        break;
+    }
+    return (1);
 }
 
-void
-ENGINE_load_cryptodev(void)
+void ENGINE_load_cryptodev(void)
 {
-	ENGINE *engine = ENGINE_new();
-	int fd;
-
-	if (engine == NULL)
-		return;
-	if ((fd = get_dev_crypto()) < 0) {
-		ENGINE_free(engine);
-		return;
-	}
-
-	/*
-	 * find out what asymmetric crypto algorithms we support
-	 */
-	if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
-		close(fd);
-		ENGINE_free(engine);
-		return;
-	}
-	close(fd);
-
-	if (!ENGINE_set_id(engine, "cryptodev") ||
-	    !ENGINE_set_name(engine, "BSD cryptodev engine") ||
-	    !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
-	    !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
-	    !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
-	    !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
-		ENGINE_free(engine);
-		return;
-	}
-
-	if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
-		const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
-
-		cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
-		cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
-		cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
-		cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
-		cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
-		cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
-		if (cryptodev_asymfeat & CRF_MOD_EXP) {
-			cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
-			if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
-				cryptodev_rsa.rsa_mod_exp =
-				    cryptodev_rsa_mod_exp;
-			else
-				cryptodev_rsa.rsa_mod_exp =
-				    cryptodev_rsa_nocrt_mod_exp;
-		}
-	}
-
-	if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
-		const DSA_METHOD *meth = DSA_OpenSSL();
-
-		memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
-		if (cryptodev_asymfeat & CRF_DSA_SIGN)
-			cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
-		if (cryptodev_asymfeat & CRF_MOD_EXP) {
-			cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
-			cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
-		}
-		if (cryptodev_asymfeat & CRF_DSA_VERIFY)
-			cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
-	}
-
-	if (ENGINE_set_DH(engine, &cryptodev_dh)){
-		const DH_METHOD *dh_meth = DH_OpenSSL();
-
-		cryptodev_dh.generate_key = dh_meth->generate_key;
-		cryptodev_dh.compute_key = dh_meth->compute_key;
-		cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
-		if (cryptodev_asymfeat & CRF_MOD_EXP) {
-			cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
-			if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
-				cryptodev_dh.compute_key =
-				    cryptodev_dh_compute_key;
-		}
-	}
-
-	ENGINE_add(engine);
-	ENGINE_free(engine);
-	ERR_clear_error();
+    ENGINE *engine = ENGINE_new();
+    int fd;
+
+    if (engine == NULL)
+        return;
+    if ((fd = get_dev_crypto()) < 0) {
+        ENGINE_free(engine);
+        return;
+    }
+
+    /*
+     * find out what asymmetric crypto algorithms we support
+     */
+    if (ioctl(fd, CIOCASYMFEAT, &cryptodev_asymfeat) == -1) {
+        close(fd);
+        ENGINE_free(engine);
+        return;
+    }
+    close(fd);
+
+    if (!ENGINE_set_id(engine, "cryptodev") ||
+        !ENGINE_set_name(engine, "BSD cryptodev engine") ||
+        !ENGINE_set_ciphers(engine, cryptodev_engine_ciphers) ||
+        !ENGINE_set_digests(engine, cryptodev_engine_digests) ||
+        !ENGINE_set_ctrl_function(engine, cryptodev_ctrl) ||
+        !ENGINE_set_cmd_defns(engine, cryptodev_defns)) {
+        ENGINE_free(engine);
+        return;
+    }
+
+    if (ENGINE_set_RSA(engine, &cryptodev_rsa)) {
+        const RSA_METHOD *rsa_meth = RSA_PKCS1_SSLeay();
+
+        cryptodev_rsa.bn_mod_exp = rsa_meth->bn_mod_exp;
+        cryptodev_rsa.rsa_mod_exp = rsa_meth->rsa_mod_exp;
+        cryptodev_rsa.rsa_pub_enc = rsa_meth->rsa_pub_enc;
+        cryptodev_rsa.rsa_pub_dec = rsa_meth->rsa_pub_dec;
+        cryptodev_rsa.rsa_priv_enc = rsa_meth->rsa_priv_enc;
+        cryptodev_rsa.rsa_priv_dec = rsa_meth->rsa_priv_dec;
+        if (cryptodev_asymfeat & CRF_MOD_EXP) {
+            cryptodev_rsa.bn_mod_exp = cryptodev_bn_mod_exp;
+            if (cryptodev_asymfeat & CRF_MOD_EXP_CRT)
+                cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_mod_exp;
+            else
+                cryptodev_rsa.rsa_mod_exp = cryptodev_rsa_nocrt_mod_exp;
+        }
+    }
+
+    if (ENGINE_set_DSA(engine, &cryptodev_dsa)) {
+        const DSA_METHOD *meth = DSA_OpenSSL();
+
+        memcpy(&cryptodev_dsa, meth, sizeof(DSA_METHOD));
+        if (cryptodev_asymfeat & CRF_DSA_SIGN)
+            cryptodev_dsa.dsa_do_sign = cryptodev_dsa_do_sign;
+        if (cryptodev_asymfeat & CRF_MOD_EXP) {
+            cryptodev_dsa.bn_mod_exp = cryptodev_dsa_bn_mod_exp;
+            cryptodev_dsa.dsa_mod_exp = cryptodev_dsa_dsa_mod_exp;
+        }
+        if (cryptodev_asymfeat & CRF_DSA_VERIFY)
+            cryptodev_dsa.dsa_do_verify = cryptodev_dsa_verify;
+    }
+
+    if (ENGINE_set_DH(engine, &cryptodev_dh)) {
+        const DH_METHOD *dh_meth = DH_OpenSSL();
+
+        cryptodev_dh.generate_key = dh_meth->generate_key;
+        cryptodev_dh.compute_key = dh_meth->compute_key;
+        cryptodev_dh.bn_mod_exp = dh_meth->bn_mod_exp;
+        if (cryptodev_asymfeat & CRF_MOD_EXP) {
+            cryptodev_dh.bn_mod_exp = cryptodev_mod_exp_dh;
+            if (cryptodev_asymfeat & CRF_DH_COMPUTE_KEY)
+                cryptodev_dh.compute_key = cryptodev_dh_compute_key;
+        }
+    }
+
+    ENGINE_add(engine);
+    ENGINE_free(engine);
+    ERR_clear_error();
 }
 
-#endif /* HAVE_CRYPTODEV */
+#endif                          /* HAVE_CRYPTODEV */
diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c b/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c
index 5ce25d92..e6c0dfb0 100644
--- a/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c
+++ b/Cryptlib/OpenSSL/crypto/engine/eng_ctrl.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -55,335 +55,331 @@
 
 #include "eng_int.h"
 
-/* When querying a ENGINE-specific control command's 'description', this string
- * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
+/*
+ * When querying a ENGINE-specific control command's 'description', this
+ * string is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL.
+ */
 static const char *int_no_description = "";
 
-/* These internal functions handle 'CMD'-related control commands when the
+/*
+ * These internal functions handle 'CMD'-related control commands when the
  * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
- * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
+ * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag.
+ */
 
 static int int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
-	{
-	if((defn->cmd_num == 0) || (defn->cmd_name == NULL))
-		return 1;
-	return 0;
-	}
+{
+    if ((defn->cmd_num == 0) || (defn->cmd_name == NULL))
+        return 1;
+    return 0;
+}
 
 static int int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
-	{
-	int idx = 0;
-	while(!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0))
-		{
-		idx++;
-		defn++;
-		}
-	if(int_ctrl_cmd_is_null(defn))
-		/* The given name wasn't found */
-		return -1;
-	return idx;
-	}
+{
+    int idx = 0;
+    while (!int_ctrl_cmd_is_null(defn) && (strcmp(defn->cmd_name, s) != 0)) {
+        idx++;
+        defn++;
+    }
+    if (int_ctrl_cmd_is_null(defn))
+        /* The given name wasn't found */
+        return -1;
+    return idx;
+}
 
 static int int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
-	{
-	int idx = 0;
-	/* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
-	 * our searches don't need to take any longer than necessary. */
-	while(!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num))
-		{
-		idx++;
-		defn++;
-		}
-	if(defn->cmd_num == num)
-		return idx;
-	/* The given cmd_num wasn't found */
-	return -1;
-	}
+{
+    int idx = 0;
+    /*
+     * NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
+     * our searches don't need to take any longer than necessary.
+     */
+    while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) {
+        idx++;
+        defn++;
+    }
+    if (defn->cmd_num == num)
+        return idx;
+    /* The given cmd_num wasn't found */
+    return -1;
+}
 
 static int int_ctrl_helper(ENGINE *e, int cmd, long i, void *p,
-			   void (*f)(void))
-	{
-	int idx;
-	char *s = (char *)p;
-	/* Take care of the easy one first (eg. it requires no searches) */
-	if(cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE)
-		{
-		if((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
-			return 0;
-		return e->cmd_defns->cmd_num;
-		}
-	/* One or two commands require that "p" be a valid string buffer */
-	if((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
-			(cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
-			(cmd == ENGINE_CTRL_GET_DESC_FROM_CMD))
-		{
-		if(s == NULL)
-			{
-			ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
-				ERR_R_PASSED_NULL_PARAMETER);
-			return -1;
-			}
-		}
-	/* Now handle cmd_name -> cmd_num conversion */
-	if(cmd == ENGINE_CTRL_GET_CMD_FROM_NAME)
-		{
-		if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_name(
-						e->cmd_defns, s)) < 0))
-			{
-			ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
-				ENGINE_R_INVALID_CMD_NAME);
-			return -1;
-			}
-		return e->cmd_defns[idx].cmd_num;
-		}
-	/* For the rest of the commands, the 'long' argument must specify a
-	 * valie command number - so we need to conduct a search. */
-	if((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
-					(unsigned int)i)) < 0))
-		{
-		ENGINEerr(ENGINE_F_INT_CTRL_HELPER,
-			ENGINE_R_INVALID_CMD_NUMBER);
-		return -1;
-		}
-	/* Now the logic splits depending on command type */
-	switch(cmd)
-		{
-	case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
-		idx++;
-		if(int_ctrl_cmd_is_null(e->cmd_defns + idx))
-			/* end-of-list */
-			return 0;
-		else
-			return e->cmd_defns[idx].cmd_num;
-	case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
-		return strlen(e->cmd_defns[idx].cmd_name);
-	case ENGINE_CTRL_GET_NAME_FROM_CMD:
-		return BIO_snprintf(s,strlen(e->cmd_defns[idx].cmd_name) + 1,
-				    "%s", e->cmd_defns[idx].cmd_name);
-	case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
-		if(e->cmd_defns[idx].cmd_desc)
-			return strlen(e->cmd_defns[idx].cmd_desc);
-		return strlen(int_no_description);
-	case ENGINE_CTRL_GET_DESC_FROM_CMD:
-		if(e->cmd_defns[idx].cmd_desc)
-			return BIO_snprintf(s,
-					    strlen(e->cmd_defns[idx].cmd_desc) + 1,
-					    "%s", e->cmd_defns[idx].cmd_desc);
-		return BIO_snprintf(s, strlen(int_no_description) + 1,"%s",
-				    int_no_description);
-	case ENGINE_CTRL_GET_CMD_FLAGS:
-		return e->cmd_defns[idx].cmd_flags;
-		}
-	/* Shouldn't really be here ... */
-	ENGINEerr(ENGINE_F_INT_CTRL_HELPER,ENGINE_R_INTERNAL_LIST_ERROR);
-	return -1;
-	}
+                           void (*f) (void))
+{
+    int idx;
+    char *s = (char *)p;
+    /* Take care of the easy one first (eg. it requires no searches) */
+    if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) {
+        if ((e->cmd_defns == NULL) || int_ctrl_cmd_is_null(e->cmd_defns))
+            return 0;
+        return e->cmd_defns->cmd_num;
+    }
+    /* One or two commands require that "p" be a valid string buffer */
+    if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
+        (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
+        (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) {
+        if (s == NULL) {
+            ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ERR_R_PASSED_NULL_PARAMETER);
+            return -1;
+        }
+    }
+    /* Now handle cmd_name -> cmd_num conversion */
+    if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) {
+        if ((e->cmd_defns == NULL)
+            || ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) {
+            ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NAME);
+            return -1;
+        }
+        return e->cmd_defns[idx].cmd_num;
+    }
+    /*
+     * For the rest of the commands, the 'long' argument must specify a valie
+     * command number - so we need to conduct a search.
+     */
+    if ((e->cmd_defns == NULL) || ((idx = int_ctrl_cmd_by_num(e->cmd_defns,
+                                                              (unsigned int)
+                                                              i)) < 0)) {
+        ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INVALID_CMD_NUMBER);
+        return -1;
+    }
+    /* Now the logic splits depending on command type */
+    switch (cmd) {
+    case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+        idx++;
+        if (int_ctrl_cmd_is_null(e->cmd_defns + idx))
+            /* end-of-list */
+            return 0;
+        else
+            return e->cmd_defns[idx].cmd_num;
+    case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+        return strlen(e->cmd_defns[idx].cmd_name);
+    case ENGINE_CTRL_GET_NAME_FROM_CMD:
+        return BIO_snprintf(s, strlen(e->cmd_defns[idx].cmd_name) + 1,
+                            "%s", e->cmd_defns[idx].cmd_name);
+    case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+        if (e->cmd_defns[idx].cmd_desc)
+            return strlen(e->cmd_defns[idx].cmd_desc);
+        return strlen(int_no_description);
+    case ENGINE_CTRL_GET_DESC_FROM_CMD:
+        if (e->cmd_defns[idx].cmd_desc)
+            return BIO_snprintf(s,
+                                strlen(e->cmd_defns[idx].cmd_desc) + 1,
+                                "%s", e->cmd_defns[idx].cmd_desc);
+        return BIO_snprintf(s, strlen(int_no_description) + 1, "%s",
+                            int_no_description);
+    case ENGINE_CTRL_GET_CMD_FLAGS:
+        return e->cmd_defns[idx].cmd_flags;
+    }
+    /* Shouldn't really be here ... */
+    ENGINEerr(ENGINE_F_INT_CTRL_HELPER, ENGINE_R_INTERNAL_LIST_ERROR);
+    return -1;
+}
 
-int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-	{
-	int ctrl_exists, ref_exists;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	ref_exists = ((e->struct_ref > 0) ? 1 : 0);
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
-	if(!ref_exists)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_REFERENCE);
-		return 0;
-		}
-	/* Intercept any "root-level" commands before trying to hand them on to
-	 * ctrl() handlers. */
-	switch(cmd)
-		{
-	case ENGINE_CTRL_HAS_CTRL_FUNCTION:
-		return ctrl_exists;
-	case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
-	case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
-	case ENGINE_CTRL_GET_CMD_FROM_NAME:
-	case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
-	case ENGINE_CTRL_GET_NAME_FROM_CMD:
-	case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
-	case ENGINE_CTRL_GET_DESC_FROM_CMD:
-	case ENGINE_CTRL_GET_CMD_FLAGS:
-		if(ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
-			return int_ctrl_helper(e,cmd,i,p,f);
-		if(!ctrl_exists)
-			{
-			ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
-			/* For these cmd-related functions, failure is indicated
-			 * by a -1 return value (because 0 is used as a valid
-			 * return in some places). */
-			return -1;
-			}
-	default:
-		break;
-		}
-	/* Anything else requires a ctrl() handler to exist. */
-	if(!ctrl_exists)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL,ENGINE_R_NO_CONTROL_FUNCTION);
-		return 0;
-		}
-	return e->ctrl(e, cmd, i, p, f);
-	}
+int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+    int ctrl_exists, ref_exists;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    ref_exists = ((e->struct_ref > 0) ? 1 : 0);
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
+    if (!ref_exists) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_REFERENCE);
+        return 0;
+    }
+    /*
+     * Intercept any "root-level" commands before trying to hand them on to
+     * ctrl() handlers.
+     */
+    switch (cmd) {
+    case ENGINE_CTRL_HAS_CTRL_FUNCTION:
+        return ctrl_exists;
+    case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
+    case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
+    case ENGINE_CTRL_GET_CMD_FROM_NAME:
+    case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
+    case ENGINE_CTRL_GET_NAME_FROM_CMD:
+    case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
+    case ENGINE_CTRL_GET_DESC_FROM_CMD:
+    case ENGINE_CTRL_GET_CMD_FLAGS:
+        if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
+            return int_ctrl_helper(e, cmd, i, p, f);
+        if (!ctrl_exists) {
+            ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
+            /*
+             * For these cmd-related functions, failure is indicated by a -1
+             * return value (because 0 is used as a valid return in some
+             * places).
+             */
+            return -1;
+        }
+    default:
+        break;
+    }
+    /* Anything else requires a ctrl() handler to exist. */
+    if (!ctrl_exists) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL, ENGINE_R_NO_CONTROL_FUNCTION);
+        return 0;
+    }
+    return e->ctrl(e, cmd, i, p, f);
+}
 
 int ENGINE_cmd_is_executable(ENGINE *e, int cmd)
-	{
-	int flags;
-	if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
-			ENGINE_R_INVALID_CMD_NUMBER);
-		return 0;
-		}
-	if(!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
-			!(flags & ENGINE_CMD_FLAG_NUMERIC) &&
-			!(flags & ENGINE_CMD_FLAG_STRING))
-		return 0;
-	return 1;
-	}
+{
+    int flags;
+    if ((flags =
+         ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd, NULL, NULL)) < 0) {
+        ENGINEerr(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE,
+                  ENGINE_R_INVALID_CMD_NUMBER);
+        return 0;
+    }
+    if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
+        !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
+        !(flags & ENGINE_CMD_FLAG_STRING))
+        return 0;
+    return 1;
+}
 
 int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name,
-        long i, void *p, void (*f)(void), int cmd_optional)
-        {
-	int num;
+                    long i, void *p, void (*f) (void), int cmd_optional)
+{
+    int num;
 
-	if((e == NULL) || (cmd_name == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
-					ENGINE_CTRL_GET_CMD_FROM_NAME,
-					0, (void *)cmd_name, NULL)) <= 0))
-		{
-		/* If the command didn't *have* to be supported, we fake
-		 * success. This allows certain settings to be specified for
-		 * multiple ENGINEs and only require a change of ENGINE id
-		 * (without having to selectively apply settings). Eg. changing
-		 * from a hardware device back to the regular software ENGINE
-		 * without editing the config file, etc. */
-		if(cmd_optional)
-			{
-			ERR_clear_error();
-			return 1;
-			}
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD,
-			ENGINE_R_INVALID_CMD_NAME);
-		return 0;
-		}
-	/* Force the result of the control command to 0 or 1, for the reasons
-	 * mentioned before. */
-        if (ENGINE_ctrl(e, num, i, p, f) > 0)
-                return 1;
+    if ((e == NULL) || (cmd_name == NULL)) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ERR_R_PASSED_NULL_PARAMETER);
         return 0;
+    }
+    if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+                                                 ENGINE_CTRL_GET_CMD_FROM_NAME,
+                                                 0, (void *)cmd_name,
+                                                 NULL)) <= 0)) {
+        /*
+         * If the command didn't *have* to be supported, we fake success.
+         * This allows certain settings to be specified for multiple ENGINEs
+         * and only require a change of ENGINE id (without having to
+         * selectively apply settings). Eg. changing from a hardware device
+         * back to the regular software ENGINE without editing the config
+         * file, etc.
+         */
+        if (cmd_optional) {
+            ERR_clear_error();
+            return 1;
         }
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD, ENGINE_R_INVALID_CMD_NAME);
+        return 0;
+    }
+    /*
+     * Force the result of the control command to 0 or 1, for the reasons
+     * mentioned before.
+     */
+    if (ENGINE_ctrl(e, num, i, p, f) > 0)
+        return 1;
+    return 0;
+}
 
 int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
-				int cmd_optional)
-	{
-	int num, flags;
-	long l;
-	char *ptr;
-	if((e == NULL) || (cmd_name == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
-					ENGINE_CTRL_GET_CMD_FROM_NAME,
-					0, (void *)cmd_name, NULL)) <= 0))
-		{
-		/* If the command didn't *have* to be supported, we fake
-		 * success. This allows certain settings to be specified for
-		 * multiple ENGINEs and only require a change of ENGINE id
-		 * (without having to selectively apply settings). Eg. changing
-		 * from a hardware device back to the regular software ENGINE
-		 * without editing the config file, etc. */
-		if(cmd_optional)
-			{
-			ERR_clear_error();
-			return 1;
-			}
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-			ENGINE_R_INVALID_CMD_NAME);
-		return 0;
-		}
-	if(!ENGINE_cmd_is_executable(e, num))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-			ENGINE_R_CMD_NOT_EXECUTABLE);
-		return 0;
-		}
-	if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0)
-		{
-		/* Shouldn't happen, given that ENGINE_cmd_is_executable()
-		 * returned success. */
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-			ENGINE_R_INTERNAL_LIST_ERROR);
-		return 0;
-		}
-	/* If the command takes no input, there must be no input. And vice
-	 * versa. */
-	if(flags & ENGINE_CMD_FLAG_NO_INPUT)
-		{
-		if(arg != NULL)
-			{
-			ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-				ENGINE_R_COMMAND_TAKES_NO_INPUT);
-			return 0;
-			}
-		/* We deliberately force the result of ENGINE_ctrl() to 0 or 1
-		 * rather than returning it as "return data". This is to ensure
-		 * usage of these commands is consistent across applications and
-		 * that certain applications don't understand it one way, and
-		 * others another. */
-		if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
-			return 1;
-		return 0;
-		}
-	/* So, we require input */
-	if(arg == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-			ENGINE_R_COMMAND_TAKES_INPUT);
-		return 0;
-		}
-	/* If it takes string input, that's easy */
-	if(flags & ENGINE_CMD_FLAG_STRING)
-		{
-		/* Same explanation as above */
-		if(ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
-			return 1;
-		return 0;
-		}
-	/* If it doesn't take numeric either, then it is unsupported for use in
-	 * a config-setting situation, which is what this function is for. This
-	 * should never happen though, because ENGINE_cmd_is_executable() was
-	 * used. */
-	if(!(flags & ENGINE_CMD_FLAG_NUMERIC))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-			ENGINE_R_INTERNAL_LIST_ERROR);
-		return 0;
-		}
-	l = strtol(arg, &ptr, 10);
-	if((arg == ptr) || (*ptr != '\0'))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
-			ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
-		return 0;
-		}
-	/* Force the result of the control command to 0 or 1, for the reasons
-	 * mentioned before. */
-	if(ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
-		return 1;
-	return 0;
-	}
+                           int cmd_optional)
+{
+    int num, flags;
+    long l;
+    char *ptr;
+    if ((e == NULL) || (cmd_name == NULL)) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((e->ctrl == NULL) || ((num = ENGINE_ctrl(e,
+                                                 ENGINE_CTRL_GET_CMD_FROM_NAME,
+                                                 0, (void *)cmd_name,
+                                                 NULL)) <= 0)) {
+        /*
+         * If the command didn't *have* to be supported, we fake success.
+         * This allows certain settings to be specified for multiple ENGINEs
+         * and only require a change of ENGINE id (without having to
+         * selectively apply settings). Eg. changing from a hardware device
+         * back to the regular software ENGINE without editing the config
+         * file, etc.
+         */
+        if (cmd_optional) {
+            ERR_clear_error();
+            return 1;
+        }
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING, ENGINE_R_INVALID_CMD_NAME);
+        return 0;
+    }
+    if (!ENGINE_cmd_is_executable(e, num)) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_CMD_NOT_EXECUTABLE);
+        return 0;
+    }
+    if ((flags =
+         ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num, NULL, NULL)) < 0) {
+        /*
+         * Shouldn't happen, given that ENGINE_cmd_is_executable() returned
+         * success.
+         */
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_INTERNAL_LIST_ERROR);
+        return 0;
+    }
+    /*
+     * If the command takes no input, there must be no input. And vice versa.
+     */
+    if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
+        if (arg != NULL) {
+            ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                      ENGINE_R_COMMAND_TAKES_NO_INPUT);
+            return 0;
+        }
+        /*
+         * We deliberately force the result of ENGINE_ctrl() to 0 or 1 rather
+         * than returning it as "return data". This is to ensure usage of
+         * these commands is consistent across applications and that certain
+         * applications don't understand it one way, and others another.
+         */
+        if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
+            return 1;
+        return 0;
+    }
+    /* So, we require input */
+    if (arg == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_COMMAND_TAKES_INPUT);
+        return 0;
+    }
+    /* If it takes string input, that's easy */
+    if (flags & ENGINE_CMD_FLAG_STRING) {
+        /* Same explanation as above */
+        if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
+            return 1;
+        return 0;
+    }
+    /*
+     * If it doesn't take numeric either, then it is unsupported for use in a
+     * config-setting situation, which is what this function is for. This
+     * should never happen though, because ENGINE_cmd_is_executable() was
+     * used.
+     */
+    if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_INTERNAL_LIST_ERROR);
+        return 0;
+    }
+    l = strtol(arg, &ptr, 10);
+    if ((arg == ptr) || (*ptr != '\0')) {
+        ENGINEerr(ENGINE_F_ENGINE_CTRL_CMD_STRING,
+                  ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
+        return 0;
+    }
+    /*
+     * Force the result of the control command to 0 or 1, for the reasons
+     * mentioned before.
+     */
+    if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
+        return 1;
+    return 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c b/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c
index acb30c34..ac9d7ebe 100644
--- a/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c
+++ b/Cryptlib/OpenSSL/crypto/engine/eng_dyn.c
@@ -1,6 +1,7 @@
 /* crypto/engine/eng_dyn.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2001.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,493 +57,516 @@
  *
  */
 
-
 #include "eng_int.h"
 #include <openssl/dso.h>
 
-/* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader
- * should implement the hook-up functions with the following prototypes. */
+/*
+ * Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE
+ * loader should implement the hook-up functions with the following
+ * prototypes.
+ */
 
 /* Our ENGINE handlers */
 static int dynamic_init(ENGINE *e);
 static int dynamic_finish(ENGINE *e);
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void));
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p,
+                        void (*f) (void));
 /* Predeclare our context type */
 typedef struct st_dynamic_data_ctx dynamic_data_ctx;
 /* The implementation for the important control command */
 static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
 
-#define DYNAMIC_CMD_SO_PATH		ENGINE_CMD_BASE
-#define DYNAMIC_CMD_NO_VCHECK		(ENGINE_CMD_BASE + 1)
-#define DYNAMIC_CMD_ID			(ENGINE_CMD_BASE + 2)
-#define DYNAMIC_CMD_LIST_ADD		(ENGINE_CMD_BASE + 3)
-#define DYNAMIC_CMD_DIR_LOAD		(ENGINE_CMD_BASE + 4)
-#define DYNAMIC_CMD_DIR_ADD		(ENGINE_CMD_BASE + 5)
-#define DYNAMIC_CMD_LOAD		(ENGINE_CMD_BASE + 6)
+#define DYNAMIC_CMD_SO_PATH             ENGINE_CMD_BASE
+#define DYNAMIC_CMD_NO_VCHECK           (ENGINE_CMD_BASE + 1)
+#define DYNAMIC_CMD_ID                  (ENGINE_CMD_BASE + 2)
+#define DYNAMIC_CMD_LIST_ADD            (ENGINE_CMD_BASE + 3)
+#define DYNAMIC_CMD_DIR_LOAD            (ENGINE_CMD_BASE + 4)
+#define DYNAMIC_CMD_DIR_ADD             (ENGINE_CMD_BASE + 5)
+#define DYNAMIC_CMD_LOAD                (ENGINE_CMD_BASE + 6)
 
 /* The constants used when creating the ENGINE */
 static const char *engine_dynamic_id = "dynamic";
 static const char *engine_dynamic_name = "Dynamic engine loading support";
 static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
-	{DYNAMIC_CMD_SO_PATH,
-		"SO_PATH",
-		"Specifies the path to the new ENGINE shared library",
-		ENGINE_CMD_FLAG_STRING},
-	{DYNAMIC_CMD_NO_VCHECK,
-		"NO_VCHECK",
-		"Specifies to continue even if version checking fails (boolean)",
-		ENGINE_CMD_FLAG_NUMERIC},
-	{DYNAMIC_CMD_ID,
-		"ID",
-		"Specifies an ENGINE id name for loading",
-		ENGINE_CMD_FLAG_STRING},
-	{DYNAMIC_CMD_LIST_ADD,
-		"LIST_ADD",
-		"Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
-		ENGINE_CMD_FLAG_NUMERIC},
-	{DYNAMIC_CMD_DIR_LOAD,
-		"DIR_LOAD",
-		"Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
-		ENGINE_CMD_FLAG_NUMERIC},
-	{DYNAMIC_CMD_DIR_ADD,
-		"DIR_ADD",
-		"Adds a directory from which ENGINEs can be loaded",
-		ENGINE_CMD_FLAG_STRING},
-	{DYNAMIC_CMD_LOAD,
-		"LOAD",
-		"Load up the ENGINE specified by other settings",
-		ENGINE_CMD_FLAG_NO_INPUT},
-	{0, NULL, NULL, 0}
-	};
+    {DYNAMIC_CMD_SO_PATH,
+     "SO_PATH",
+     "Specifies the path to the new ENGINE shared library",
+     ENGINE_CMD_FLAG_STRING},
+    {DYNAMIC_CMD_NO_VCHECK,
+     "NO_VCHECK",
+     "Specifies to continue even if version checking fails (boolean)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {DYNAMIC_CMD_ID,
+     "ID",
+     "Specifies an ENGINE id name for loading",
+     ENGINE_CMD_FLAG_STRING},
+    {DYNAMIC_CMD_LIST_ADD,
+     "LIST_ADD",
+     "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {DYNAMIC_CMD_DIR_LOAD,
+     "DIR_LOAD",
+     "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
+     ENGINE_CMD_FLAG_NUMERIC},
+    {DYNAMIC_CMD_DIR_ADD,
+     "DIR_ADD",
+     "Adds a directory from which ENGINEs can be loaded",
+     ENGINE_CMD_FLAG_STRING},
+    {DYNAMIC_CMD_LOAD,
+     "LOAD",
+     "Load up the ENGINE specified by other settings",
+     ENGINE_CMD_FLAG_NO_INPUT},
+    {0, NULL, NULL, 0}
+};
+
 static const ENGINE_CMD_DEFN dynamic_cmd_defns_empty[] = {
-	{0, NULL, NULL, 0}
-	};
+    {0, NULL, NULL, 0}
+};
 
-/* Loading code stores state inside the ENGINE structure via the "ex_data"
+/*
+ * Loading code stores state inside the ENGINE structure via the "ex_data"
  * element. We load all our state into a single structure and use that as a
- * single context in the "ex_data" stack. */
-struct st_dynamic_data_ctx
-	{
-	/* The DSO object we load that supplies the ENGINE code */
-	DSO *dynamic_dso;
-	/* The function pointer to the version checking shared library function */
-	dynamic_v_check_fn v_check;
-	/* The function pointer to the engine-binding shared library function */
-	dynamic_bind_engine bind_engine;
-	/* The default name/path for loading the shared library */
-	const char *DYNAMIC_LIBNAME;
-	/* Whether to continue loading on a version check failure */
-	int no_vcheck;
-	/* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
-	const char *engine_id;
-	/* If non-zero, a successfully loaded ENGINE should be added to the internal
-	 * ENGINE list. If 2, the add must succeed or the entire load should fail. */
-	int list_add_value;
-	/* The symbol name for the version checking function */
-	const char *DYNAMIC_F1;
-	/* The symbol name for the "initialise ENGINE structure" function */
-	const char *DYNAMIC_F2;
-	/* Whether to never use 'dirs', use 'dirs' as a fallback, or only use
-	 * 'dirs' for loading. Default is to use 'dirs' as a fallback. */
-	int dir_load;
-	/* A stack of directories from which ENGINEs could be loaded */
-	STACK *dirs;
-	};
+ * single context in the "ex_data" stack.
+ */
+struct st_dynamic_data_ctx {
+    /* The DSO object we load that supplies the ENGINE code */
+    DSO *dynamic_dso;
+    /*
+     * The function pointer to the version checking shared library function
+     */
+    dynamic_v_check_fn v_check;
+    /*
+     * The function pointer to the engine-binding shared library function
+     */
+    dynamic_bind_engine bind_engine;
+    /* The default name/path for loading the shared library */
+    const char *DYNAMIC_LIBNAME;
+    /* Whether to continue loading on a version check failure */
+    int no_vcheck;
+    /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
+    const char *engine_id;
+    /*
+     * If non-zero, a successfully loaded ENGINE should be added to the
+     * internal ENGINE list. If 2, the add must succeed or the entire load
+     * should fail.
+     */
+    int list_add_value;
+    /* The symbol name for the version checking function */
+    const char *DYNAMIC_F1;
+    /* The symbol name for the "initialise ENGINE structure" function */
+    const char *DYNAMIC_F2;
+    /*
+     * Whether to never use 'dirs', use 'dirs' as a fallback, or only use
+     * 'dirs' for loading. Default is to use 'dirs' as a fallback.
+     */
+    int dir_load;
+    /* A stack of directories from which ENGINEs could be loaded */
+    STACK *dirs;
+};
 
-/* This is the "ex_data" index we obtain and reserve for use with our context
- * structure. */
+/*
+ * This is the "ex_data" index we obtain and reserve for use with our context
+ * structure.
+ */
 static int dynamic_ex_data_idx = -1;
 
-static void int_free_str(void *s) { OPENSSL_free(s); }
-/* Because our ex_data element may or may not get allocated depending on whether
- * a "first-use" occurs before the ENGINE is freed, we have a memory leak
- * problem to solve. We can't declare a "new" handler for the ex_data as we
- * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this
- * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free"
- * handler and that will get called if an ENGINE is being destroyed and there
- * was an ex_data element corresponding to our context type. */
+static void int_free_str(void *s)
+{
+    OPENSSL_free(s);
+}
+
+/*
+ * Because our ex_data element may or may not get allocated depending on
+ * whether a "first-use" occurs before the ENGINE is freed, we have a memory
+ * leak problem to solve. We can't declare a "new" handler for the ex_data as
+ * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types
+ * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare
+ * a "free" handler and that will get called if an ENGINE is being destroyed
+ * and there was an ex_data element corresponding to our context type.
+ */
 static void dynamic_data_ctx_free_func(void *parent, void *ptr,
-			CRYPTO_EX_DATA *ad, int idx, long argl, void *argp)
-	{
-	if(ptr)
-		{
-		dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
-		if(ctx->dynamic_dso)
-			DSO_free(ctx->dynamic_dso);
-		if(ctx->DYNAMIC_LIBNAME)
-			OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
-		if(ctx->engine_id)
-			OPENSSL_free((void*)ctx->engine_id);
-		if(ctx->dirs)
-			sk_pop_free(ctx->dirs, int_free_str);
-		OPENSSL_free(ctx);
-		}
-	}
+                                       CRYPTO_EX_DATA *ad, int idx, long argl,
+                                       void *argp)
+{
+    if (ptr) {
+        dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
+        if (ctx->dynamic_dso)
+            DSO_free(ctx->dynamic_dso);
+        if (ctx->DYNAMIC_LIBNAME)
+            OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME);
+        if (ctx->engine_id)
+            OPENSSL_free((void *)ctx->engine_id);
+        if (ctx->dirs)
+            sk_pop_free(ctx->dirs, int_free_str);
+        OPENSSL_free(ctx);
+    }
+}
 
-/* Construct the per-ENGINE context. We create it blindly and then use a lock to
- * check for a race - if so, all but one of the threads "racing" will have
+/*
+ * Construct the per-ENGINE context. We create it blindly and then use a lock
+ * to check for a race - if so, all but one of the threads "racing" will have
  * wasted their time. The alternative involves creating everything inside the
- * lock which is far worse. */
+ * lock which is far worse.
+ */
 static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
-	{
-	dynamic_data_ctx *c;
-	c = OPENSSL_malloc(sizeof(dynamic_data_ctx));
-	if(!c)
-		{
-		ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	memset(c, 0, sizeof(dynamic_data_ctx));
-	c->dynamic_dso = NULL;
-	c->v_check = NULL;
-	c->bind_engine = NULL;
-	c->DYNAMIC_LIBNAME = NULL;
-	c->no_vcheck = 0;
-	c->engine_id = NULL;
-	c->list_add_value = 0;
-	c->DYNAMIC_F1 = "v_check";
-	c->DYNAMIC_F2 = "bind_engine";
-	c->dir_load = 1;
-	c->dirs = sk_new_null();
-	if(!c->dirs)
-		{
-		ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX,ERR_R_MALLOC_FAILURE);
-		OPENSSL_free(c);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
-				dynamic_ex_data_idx)) == NULL)
-		{
-		/* Good, we're the first */
-		ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
-		*ctx = c;
-		c = NULL;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	/* If we lost the race to set the context, c is non-NULL and *ctx is the
-	 * context of the thread that won. */
-	if(c)
-		OPENSSL_free(c);
-	return 1;
-	}
+{
+    dynamic_data_ctx *c;
+    c = OPENSSL_malloc(sizeof(dynamic_data_ctx));
+    if (!c) {
+        ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    memset(c, 0, sizeof(dynamic_data_ctx));
+    c->dynamic_dso = NULL;
+    c->v_check = NULL;
+    c->bind_engine = NULL;
+    c->DYNAMIC_LIBNAME = NULL;
+    c->no_vcheck = 0;
+    c->engine_id = NULL;
+    c->list_add_value = 0;
+    c->DYNAMIC_F1 = "v_check";
+    c->DYNAMIC_F2 = "bind_engine";
+    c->dir_load = 1;
+    c->dirs = sk_new_null();
+    if (!c->dirs) {
+        ENGINEerr(ENGINE_F_DYNAMIC_SET_DATA_CTX, ERR_R_MALLOC_FAILURE);
+        OPENSSL_free(c);
+        return 0;
+    }
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
+                                                       dynamic_ex_data_idx))
+        == NULL) {
+        /* Good, we're the first */
+        ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
+        *ctx = c;
+        c = NULL;
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    /*
+     * If we lost the race to set the context, c is non-NULL and *ctx is the
+     * context of the thread that won.
+     */
+    if (c)
+        OPENSSL_free(c);
+    return 1;
+}
 
-/* This function retrieves the context structure from an ENGINE's "ex_data", or
- * if it doesn't exist yet, sets it up. */
+/*
+ * This function retrieves the context structure from an ENGINE's "ex_data",
+ * or if it doesn't exist yet, sets it up.
+ */
 static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
-	{
-	dynamic_data_ctx *ctx;
-	if(dynamic_ex_data_idx < 0)
-		{
-		/* Create and register the ENGINE ex_data, and associate our
-		 * "free" function with it to ensure any allocated contexts get
-		 * freed when an ENGINE goes underground. */
-		int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
-					dynamic_data_ctx_free_func);
-		if(new_idx == -1)
-			{
-			ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX,ENGINE_R_NO_INDEX);
-			return NULL;
-			}
-		CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-		/* Avoid a race by checking again inside this lock */
-		if(dynamic_ex_data_idx < 0)
-			{
-			/* Good, someone didn't beat us to it */
-			dynamic_ex_data_idx = new_idx;
-			new_idx = -1;
-			}
-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-		/* In theory we could "give back" the index here if
-		 * (new_idx>-1), but it's not possible and wouldn't gain us much
-		 * if it were. */
-		}
-	ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
-	/* Check if the context needs to be created */
-	if((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
-		/* "set_data" will set errors if necessary */
-		return NULL;
-	return ctx;
-	}
+{
+    dynamic_data_ctx *ctx;
+    if (dynamic_ex_data_idx < 0) {
+        /*
+         * Create and register the ENGINE ex_data, and associate our "free"
+         * function with it to ensure any allocated contexts get freed when
+         * an ENGINE goes underground.
+         */
+        int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
+                                              dynamic_data_ctx_free_func);
+        if (new_idx == -1) {
+            ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX, ENGINE_R_NO_INDEX);
+            return NULL;
+        }
+        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        /* Avoid a race by checking again inside this lock */
+        if (dynamic_ex_data_idx < 0) {
+            /* Good, someone didn't beat us to it */
+            dynamic_ex_data_idx = new_idx;
+            new_idx = -1;
+        }
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        /*
+         * In theory we could "give back" the index here if (new_idx>-1), but
+         * it's not possible and wouldn't gain us much if it were.
+         */
+    }
+    ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
+    /* Check if the context needs to be created */
+    if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
+        /* "set_data" will set errors if necessary */
+        return NULL;
+    return ctx;
+}
 
 static ENGINE *engine_dynamic(void)
-	{
-	ENGINE *ret = ENGINE_new();
-	if(!ret)
-		return NULL;
-	if(!ENGINE_set_id(ret, engine_dynamic_id) ||
-			!ENGINE_set_name(ret, engine_dynamic_name) ||
-			!ENGINE_set_init_function(ret, dynamic_init) ||
-			!ENGINE_set_finish_function(ret, dynamic_finish) ||
-			!ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
-			!ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
-			!ENGINE_set_cmd_defns(ret, dynamic_cmd_defns))
-		{
-		ENGINE_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
+{
+    ENGINE *ret = ENGINE_new();
+    if (!ret)
+        return NULL;
+    if (!ENGINE_set_id(ret, engine_dynamic_id) ||
+        !ENGINE_set_name(ret, engine_dynamic_name) ||
+        !ENGINE_set_init_function(ret, dynamic_init) ||
+        !ENGINE_set_finish_function(ret, dynamic_finish) ||
+        !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
+        !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
+        !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
 
 void ENGINE_load_dynamic(void)
-	{
-	ENGINE *toadd = engine_dynamic();
-	if(!toadd) return;
-	ENGINE_add(toadd);
-	/* If the "add" worked, it gets a structural reference. So either way,
-	 * we release our just-created reference. */
-	ENGINE_free(toadd);
-	/* If the "add" didn't work, it was probably a conflict because it was
-	 * already added (eg. someone calling ENGINE_load_blah then calling
-	 * ENGINE_load_builtin_engines() perhaps). */
-	ERR_clear_error();
-	}
+{
+    ENGINE *toadd = engine_dynamic();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    /*
+     * If the "add" worked, it gets a structural reference. So either way, we
+     * release our just-created reference.
+     */
+    ENGINE_free(toadd);
+    /*
+     * If the "add" didn't work, it was probably a conflict because it was
+     * already added (eg. someone calling ENGINE_load_blah then calling
+     * ENGINE_load_builtin_engines() perhaps).
+     */
+    ERR_clear_error();
+}
 
 static int dynamic_init(ENGINE *e)
-	{
-	/* We always return failure - the "dyanamic" engine itself can't be used
-	 * for anything. */
-	return 0;
-	}
+{
+    /*
+     * We always return failure - the "dyanamic" engine itself can't be used
+     * for anything.
+     */
+    return 0;
+}
 
 static int dynamic_finish(ENGINE *e)
-	{
-	/* This should never be called on account of "dynamic_init" always
-	 * failing. */
-	return 0;
-	}
+{
+    /*
+     * This should never be called on account of "dynamic_init" always
+     * failing.
+     */
+    return 0;
+}
+
+static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
+{
+    dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
+    int initialised;
 
-static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-	{
-	dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
-	int initialised;
-	
-	if(!ctx)
-		{
-		ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_NOT_LOADED);
-		return 0;
-		}
-	initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
-	/* All our control commands require the ENGINE to be uninitialised */
-	if(initialised)
-		{
-		ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-			ENGINE_R_ALREADY_LOADED);
-		return 0;
-		}
-	switch(cmd)
-		{
-	case DYNAMIC_CMD_SO_PATH:
-		/* a NULL 'p' or a string of zero-length is the same thing */
-		if(p && (strlen((const char *)p) < 1))
-			p = NULL;
-		if(ctx->DYNAMIC_LIBNAME)
-			OPENSSL_free((void*)ctx->DYNAMIC_LIBNAME);
-		if(p)
-			ctx->DYNAMIC_LIBNAME = BUF_strdup(p);
-		else
-			ctx->DYNAMIC_LIBNAME = NULL;
-		return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
-	case DYNAMIC_CMD_NO_VCHECK:
-		ctx->no_vcheck = ((i == 0) ? 0 : 1);
-		return 1;
-	case DYNAMIC_CMD_ID:
-		/* a NULL 'p' or a string of zero-length is the same thing */
-		if(p && (strlen((const char *)p) < 1))
-			p = NULL;
-		if(ctx->engine_id)
-			OPENSSL_free((void*)ctx->engine_id);
-		if(p)
-			ctx->engine_id = BUF_strdup(p);
-		else
-			ctx->engine_id = NULL;
-		return (ctx->engine_id ? 1 : 0);
-	case DYNAMIC_CMD_LIST_ADD:
-		if((i < 0) || (i > 2))
-			{
-			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-				ENGINE_R_INVALID_ARGUMENT);
-			return 0;
-			}
-		ctx->list_add_value = (int)i;
-		return 1;
-	case DYNAMIC_CMD_LOAD:
-		return dynamic_load(e, ctx);
-	case DYNAMIC_CMD_DIR_LOAD:
-		if((i < 0) || (i > 2))
-			{
-			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-				ENGINE_R_INVALID_ARGUMENT);
-			return 0;
-			}
-		ctx->dir_load = (int)i;
-		return 1;
-	case DYNAMIC_CMD_DIR_ADD:
-		/* a NULL 'p' or a string of zero-length is the same thing */
-		if(!p || (strlen((const char *)p) < 1))
-			{
-			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-				ENGINE_R_INVALID_ARGUMENT);
-			return 0;
-			}
-		{
-		char *tmp_str = BUF_strdup(p);
-		if(!tmp_str)
-			{
-			ENGINEerr(ENGINE_F_DYNAMIC_CTRL,
-				ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		sk_insert(ctx->dirs, tmp_str, -1);
-		}
-		return 1;
-	default:
-		break;
-		}
-	ENGINEerr(ENGINE_F_DYNAMIC_CTRL,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
-	return 0;
-	}
+    if (!ctx) {
+        ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_NOT_LOADED);
+        return 0;
+    }
+    initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
+    /* All our control commands require the ENGINE to be uninitialised */
+    if (initialised) {
+        ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_ALREADY_LOADED);
+        return 0;
+    }
+    switch (cmd) {
+    case DYNAMIC_CMD_SO_PATH:
+        /* a NULL 'p' or a string of zero-length is the same thing */
+        if (p && (strlen((const char *)p) < 1))
+            p = NULL;
+        if (ctx->DYNAMIC_LIBNAME)
+            OPENSSL_free((void *)ctx->DYNAMIC_LIBNAME);
+        if (p)
+            ctx->DYNAMIC_LIBNAME = BUF_strdup(p);
+        else
+            ctx->DYNAMIC_LIBNAME = NULL;
+        return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
+    case DYNAMIC_CMD_NO_VCHECK:
+        ctx->no_vcheck = ((i == 0) ? 0 : 1);
+        return 1;
+    case DYNAMIC_CMD_ID:
+        /* a NULL 'p' or a string of zero-length is the same thing */
+        if (p && (strlen((const char *)p) < 1))
+            p = NULL;
+        if (ctx->engine_id)
+            OPENSSL_free((void *)ctx->engine_id);
+        if (p)
+            ctx->engine_id = BUF_strdup(p);
+        else
+            ctx->engine_id = NULL;
+        return (ctx->engine_id ? 1 : 0);
+    case DYNAMIC_CMD_LIST_ADD:
+        if ((i < 0) || (i > 2)) {
+            ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+            return 0;
+        }
+        ctx->list_add_value = (int)i;
+        return 1;
+    case DYNAMIC_CMD_LOAD:
+        return dynamic_load(e, ctx);
+    case DYNAMIC_CMD_DIR_LOAD:
+        if ((i < 0) || (i > 2)) {
+            ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+            return 0;
+        }
+        ctx->dir_load = (int)i;
+        return 1;
+    case DYNAMIC_CMD_DIR_ADD:
+        /* a NULL 'p' or a string of zero-length is the same thing */
+        if (!p || (strlen((const char *)p) < 1)) {
+            ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_INVALID_ARGUMENT);
+            return 0;
+        }
+        {
+            char *tmp_str = BUF_strdup(p);
+            if (!tmp_str) {
+                ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+            sk_insert(ctx->dirs, tmp_str, -1);
+        }
+        return 1;
+    default:
+        break;
+    }
+    ENGINEerr(ENGINE_F_DYNAMIC_CTRL, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
+    return 0;
+}
 
 static int int_load(dynamic_data_ctx *ctx)
-	{
-	int num, loop;
-	/* Unless told not to, try a direct load */
-	if((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
-				ctx->DYNAMIC_LIBNAME, NULL, 0)) != NULL)
-		return 1;
-	/* If we're not allowed to use 'dirs' or we have none, fail */
-	if(!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1))
-		return 0;
-	for(loop = 0; loop < num; loop++)
-		{
-		const char *s = sk_value(ctx->dirs, loop);
-		char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
-		if(!merge)
-			return 0;
-		if(DSO_load(ctx->dynamic_dso, merge, NULL, 0))
-			{
-			/* Found what we're looking for */
-			OPENSSL_free(merge);
-			return 1;
-			}
-		OPENSSL_free(merge);
-		}
-	return 0;
-	}
+{
+    int num, loop;
+    /* Unless told not to, try a direct load */
+    if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
+                                          ctx->DYNAMIC_LIBNAME, NULL,
+                                          0)) != NULL)
+        return 1;
+    /* If we're not allowed to use 'dirs' or we have none, fail */
+    if (!ctx->dir_load || ((num = sk_num(ctx->dirs)) < 1))
+        return 0;
+    for (loop = 0; loop < num; loop++) {
+        const char *s = sk_value(ctx->dirs, loop);
+        char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
+        if (!merge)
+            return 0;
+        if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) {
+            /* Found what we're looking for */
+            OPENSSL_free(merge);
+            return 1;
+        }
+        OPENSSL_free(merge);
+    }
+    return 0;
+}
 
 static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
-	{
-	ENGINE cpy;
-	dynamic_fns fns;
+{
+    ENGINE cpy;
+    dynamic_fns fns;
 
-	if(!ctx->dynamic_dso)
-		ctx->dynamic_dso = DSO_new();
-	if(!ctx->DYNAMIC_LIBNAME)
-		{
-		if(!ctx->engine_id)
-			return 0;
-		ctx->DYNAMIC_LIBNAME =
-			DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
-		}
-	if(!int_load(ctx))
-		{
-		ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-			ENGINE_R_DSO_NOT_FOUND);
-		DSO_free(ctx->dynamic_dso);
-		ctx->dynamic_dso = NULL;
-		return 0;
-		}
-	/* We have to find a bind function otherwise it'll always end badly */
-	if(!(ctx->bind_engine = (dynamic_bind_engine)DSO_bind_func(
-					ctx->dynamic_dso, ctx->DYNAMIC_F2)))
-		{
-		ctx->bind_engine = NULL;
-		DSO_free(ctx->dynamic_dso);
-		ctx->dynamic_dso = NULL;
-		ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-			ENGINE_R_DSO_FAILURE);
-		return 0;
-		}
-	/* Do we perform version checking? */
-	if(!ctx->no_vcheck)
-		{
-		unsigned long vcheck_res = 0;
-		/* Now we try to find a version checking function and decide how
-		 * to cope with failure if/when it fails. */
-		ctx->v_check = (dynamic_v_check_fn)DSO_bind_func(
-				ctx->dynamic_dso, ctx->DYNAMIC_F1);
-		if(ctx->v_check)
-			vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
-		/* We fail if the version checker veto'd the load *or* if it is
-		 * deferring to us (by returning its version) and we think it is
-		 * too old. */
-		if(vcheck_res < OSSL_DYNAMIC_OLDEST)
-			{
-			/* Fail */
-			ctx->bind_engine = NULL;
-			ctx->v_check = NULL;
-			DSO_free(ctx->dynamic_dso);
-			ctx->dynamic_dso = NULL;
-			ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-				ENGINE_R_VERSION_INCOMPATIBILITY);
-			return 0;
-			}
-		}
-	/* First binary copy the ENGINE structure so that we can roll back if
-	 * the hand-over fails */
-	memcpy(&cpy, e, sizeof(ENGINE));
-	/* Provide the ERR, "ex_data", memory, and locking callbacks so the
-	 * loaded library uses our state rather than its own. FIXME: As noted in
-	 * engine.h, much of this would be simplified if each area of code
-	 * provided its own "summary" structure of all related callbacks. It
-	 * would also increase opaqueness. */
-	fns.static_state = ENGINE_get_static_state();
-	fns.err_fns = ERR_get_implementation();
-	fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
-	CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
-				&fns.mem_fns.realloc_cb,
-				&fns.mem_fns.free_cb);
-	fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
-	fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
-	fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
-	fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
-	fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
-	/* Now that we've loaded the dynamic engine, make sure no "dynamic"
-	 * ENGINE elements will show through. */
-	engine_set_all_null(e);
+    if (!ctx->dynamic_dso)
+        ctx->dynamic_dso = DSO_new();
+    if (!ctx->DYNAMIC_LIBNAME) {
+        if (!ctx->engine_id)
+            return 0;
+        ctx->DYNAMIC_LIBNAME =
+            DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
+    }
+    if (!int_load(ctx)) {
+        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_NOT_FOUND);
+        DSO_free(ctx->dynamic_dso);
+        ctx->dynamic_dso = NULL;
+        return 0;
+    }
+    /* We have to find a bind function otherwise it'll always end badly */
+    if (!
+        (ctx->bind_engine =
+         (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso,
+                                             ctx->DYNAMIC_F2))) {
+        ctx->bind_engine = NULL;
+        DSO_free(ctx->dynamic_dso);
+        ctx->dynamic_dso = NULL;
+        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_DSO_FAILURE);
+        return 0;
+    }
+    /* Do we perform version checking? */
+    if (!ctx->no_vcheck) {
+        unsigned long vcheck_res = 0;
+        /*
+         * Now we try to find a version checking function and decide how to
+         * cope with failure if/when it fails.
+         */
+        ctx->v_check =
+            (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso,
+                                               ctx->DYNAMIC_F1);
+        if (ctx->v_check)
+            vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
+        /*
+         * We fail if the version checker veto'd the load *or* if it is
+         * deferring to us (by returning its version) and we think it is too
+         * old.
+         */
+        if (vcheck_res < OSSL_DYNAMIC_OLDEST) {
+            /* Fail */
+            ctx->bind_engine = NULL;
+            ctx->v_check = NULL;
+            DSO_free(ctx->dynamic_dso);
+            ctx->dynamic_dso = NULL;
+            ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                      ENGINE_R_VERSION_INCOMPATIBILITY);
+            return 0;
+        }
+    }
+    /*
+     * First binary copy the ENGINE structure so that we can roll back if the
+     * hand-over fails
+     */
+    memcpy(&cpy, e, sizeof(ENGINE));
+    /*
+     * Provide the ERR, "ex_data", memory, and locking callbacks so the
+     * loaded library uses our state rather than its own. FIXME: As noted in
+     * engine.h, much of this would be simplified if each area of code
+     * provided its own "summary" structure of all related callbacks. It
+     * would also increase opaqueness.
+     */
+    fns.static_state = ENGINE_get_static_state();
+    fns.err_fns = ERR_get_implementation();
+    fns.ex_data_fns = CRYPTO_get_ex_data_implementation();
+    CRYPTO_get_mem_functions(&fns.mem_fns.malloc_cb,
+                             &fns.mem_fns.realloc_cb, &fns.mem_fns.free_cb);
+    fns.lock_fns.lock_locking_cb = CRYPTO_get_locking_callback();
+    fns.lock_fns.lock_add_lock_cb = CRYPTO_get_add_lock_callback();
+    fns.lock_fns.dynlock_create_cb = CRYPTO_get_dynlock_create_callback();
+    fns.lock_fns.dynlock_lock_cb = CRYPTO_get_dynlock_lock_callback();
+    fns.lock_fns.dynlock_destroy_cb = CRYPTO_get_dynlock_destroy_callback();
+    /*
+     * Now that we've loaded the dynamic engine, make sure no "dynamic"
+     * ENGINE elements will show through.
+     */
+    engine_set_all_null(e);
 
-	/* Try to bind the ENGINE onto our own ENGINE structure */
-	if(!ctx->bind_engine(e, ctx->engine_id, &fns))
-		{
-		ctx->bind_engine = NULL;
-		ctx->v_check = NULL;
-		DSO_free(ctx->dynamic_dso);
-		ctx->dynamic_dso = NULL;
-		ENGINEerr(ENGINE_F_DYNAMIC_LOAD,ENGINE_R_INIT_FAILED);
-		/* Copy the original ENGINE structure back */
-		memcpy(e, &cpy, sizeof(ENGINE));
-		return 0;
-		}
-	/* Do we try to add this ENGINE to the internal list too? */
-	if(ctx->list_add_value > 0)
-		{
-		if(!ENGINE_add(e))
-			{
-			/* Do we tolerate this or fail? */
-			if(ctx->list_add_value > 1)
-				{
-				/* Fail - NB: By this time, it's too late to
-				 * rollback, and trying to do so allows the
-				 * bind_engine() code to have created leaks. We
-				 * just have to fail where we are, after the
-				 * ENGINE has changed. */
-				ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
-					ENGINE_R_CONFLICTING_ENGINE_ID);
-				return 0;
-				}
-			/* Tolerate */
-			ERR_clear_error();
-			}
-		}
-	return 1;
-	}
+    /* Try to bind the ENGINE onto our own ENGINE structure */
+    if (!ctx->bind_engine(e, ctx->engine_id, &fns)) {
+        ctx->bind_engine = NULL;
+        ctx->v_check = NULL;
+        DSO_free(ctx->dynamic_dso);
+        ctx->dynamic_dso = NULL;
+        ENGINEerr(ENGINE_F_DYNAMIC_LOAD, ENGINE_R_INIT_FAILED);
+        /* Copy the original ENGINE structure back */
+        memcpy(e, &cpy, sizeof(ENGINE));
+        return 0;
+    }
+    /* Do we try to add this ENGINE to the internal list too? */
+    if (ctx->list_add_value > 0) {
+        if (!ENGINE_add(e)) {
+            /* Do we tolerate this or fail? */
+            if (ctx->list_add_value > 1) {
+                /*
+                 * Fail - NB: By this time, it's too late to rollback, and
+                 * trying to do so allows the bind_engine() code to have
+                 * created leaks. We just have to fail where we are, after
+                 * the ENGINE has changed.
+                 */
+                ENGINEerr(ENGINE_F_DYNAMIC_LOAD,
+                          ENGINE_R_CONFLICTING_ENGINE_ID);
+                return 0;
+            }
+            /* Tolerate */
+            ERR_clear_error();
+        }
+    }
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_err.c b/Cryptlib/OpenSSL/crypto/engine/eng_err.c
index ac74dd12..20f1ad2b 100644
--- a/Cryptlib/OpenSSL/crypto/engine/eng_err.c
+++ b/Cryptlib/OpenSSL/crypto/engine/eng_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,106 +66,111 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
 
-static ERR_STRING_DATA ENGINE_str_functs[]=
-	{
-{ERR_FUNC(ENGINE_F_DYNAMIC_CTRL),	"DYNAMIC_CTRL"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX),	"DYNAMIC_GET_DATA_CTX"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_LOAD),	"DYNAMIC_LOAD"},
-{ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX),	"DYNAMIC_SET_DATA_CTX"},
-{ERR_FUNC(ENGINE_F_ENGINE_ADD),	"ENGINE_add"},
-{ERR_FUNC(ENGINE_F_ENGINE_BY_ID),	"ENGINE_by_id"},
-{ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE),	"ENGINE_cmd_is_executable"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL),	"ENGINE_ctrl"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD),	"ENGINE_ctrl_cmd"},
-{ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING),	"ENGINE_ctrl_cmd_string"},
-{ERR_FUNC(ENGINE_F_ENGINE_FINISH),	"ENGINE_finish"},
-{ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL),	"ENGINE_FREE_UTIL"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER),	"ENGINE_get_cipher"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE),	"ENGINE_GET_DEFAULT_TYPE"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST),	"ENGINE_get_digest"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT),	"ENGINE_get_next"},
-{ERR_FUNC(ENGINE_F_ENGINE_GET_PREV),	"ENGINE_get_prev"},
-{ERR_FUNC(ENGINE_F_ENGINE_INIT),	"ENGINE_init"},
-{ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD),	"ENGINE_LIST_ADD"},
-{ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE),	"ENGINE_LIST_REMOVE"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY),	"ENGINE_load_private_key"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY),	"ENGINE_load_public_key"},
-{ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT),	"ENGINE_load_ssl_client_cert"},
-{ERR_FUNC(ENGINE_F_ENGINE_NEW),	"ENGINE_new"},
-{ERR_FUNC(ENGINE_F_ENGINE_REMOVE),	"ENGINE_remove"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),	"ENGINE_set_default_string"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE),	"ENGINE_SET_DEFAULT_TYPE"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_ID),	"ENGINE_set_id"},
-{ERR_FUNC(ENGINE_F_ENGINE_SET_NAME),	"ENGINE_set_name"},
-{ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER),	"ENGINE_TABLE_REGISTER"},
-{ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY),	"ENGINE_UNLOAD_KEY"},
-{ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH),	"ENGINE_UNLOCKED_FINISH"},
-{ERR_FUNC(ENGINE_F_ENGINE_UP_REF),	"ENGINE_up_ref"},
-{ERR_FUNC(ENGINE_F_INT_CTRL_HELPER),	"INT_CTRL_HELPER"},
-{ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE),	"INT_ENGINE_CONFIGURE"},
-{ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT),	"INT_ENGINE_MODULE_INIT"},
-{ERR_FUNC(ENGINE_F_LOG_MESSAGE),	"LOG_MESSAGE"},
-{0,NULL}
-	};
+static ERR_STRING_DATA ENGINE_str_functs[] = {
+    {ERR_FUNC(ENGINE_F_DYNAMIC_CTRL), "DYNAMIC_CTRL"},
+    {ERR_FUNC(ENGINE_F_DYNAMIC_GET_DATA_CTX), "DYNAMIC_GET_DATA_CTX"},
+    {ERR_FUNC(ENGINE_F_DYNAMIC_LOAD), "DYNAMIC_LOAD"},
+    {ERR_FUNC(ENGINE_F_DYNAMIC_SET_DATA_CTX), "DYNAMIC_SET_DATA_CTX"},
+    {ERR_FUNC(ENGINE_F_ENGINE_ADD), "ENGINE_add"},
+    {ERR_FUNC(ENGINE_F_ENGINE_BY_ID), "ENGINE_by_id"},
+    {ERR_FUNC(ENGINE_F_ENGINE_CMD_IS_EXECUTABLE), "ENGINE_cmd_is_executable"},
+    {ERR_FUNC(ENGINE_F_ENGINE_CTRL), "ENGINE_ctrl"},
+    {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD), "ENGINE_ctrl_cmd"},
+    {ERR_FUNC(ENGINE_F_ENGINE_CTRL_CMD_STRING), "ENGINE_ctrl_cmd_string"},
+    {ERR_FUNC(ENGINE_F_ENGINE_FINISH), "ENGINE_finish"},
+    {ERR_FUNC(ENGINE_F_ENGINE_FREE_UTIL), "ENGINE_FREE_UTIL"},
+    {ERR_FUNC(ENGINE_F_ENGINE_GET_CIPHER), "ENGINE_get_cipher"},
+    {ERR_FUNC(ENGINE_F_ENGINE_GET_DEFAULT_TYPE), "ENGINE_GET_DEFAULT_TYPE"},
+    {ERR_FUNC(ENGINE_F_ENGINE_GET_DIGEST), "ENGINE_get_digest"},
+    {ERR_FUNC(ENGINE_F_ENGINE_GET_NEXT), "ENGINE_get_next"},
+    {ERR_FUNC(ENGINE_F_ENGINE_GET_PREV), "ENGINE_get_prev"},
+    {ERR_FUNC(ENGINE_F_ENGINE_INIT), "ENGINE_init"},
+    {ERR_FUNC(ENGINE_F_ENGINE_LIST_ADD), "ENGINE_LIST_ADD"},
+    {ERR_FUNC(ENGINE_F_ENGINE_LIST_REMOVE), "ENGINE_LIST_REMOVE"},
+    {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY), "ENGINE_load_private_key"},
+    {ERR_FUNC(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY), "ENGINE_load_public_key"},
+    {ERR_FUNC(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT),
+     "ENGINE_load_ssl_client_cert"},
+    {ERR_FUNC(ENGINE_F_ENGINE_NEW), "ENGINE_new"},
+    {ERR_FUNC(ENGINE_F_ENGINE_REMOVE), "ENGINE_remove"},
+    {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_STRING),
+     "ENGINE_set_default_string"},
+    {ERR_FUNC(ENGINE_F_ENGINE_SET_DEFAULT_TYPE), "ENGINE_SET_DEFAULT_TYPE"},
+    {ERR_FUNC(ENGINE_F_ENGINE_SET_ID), "ENGINE_set_id"},
+    {ERR_FUNC(ENGINE_F_ENGINE_SET_NAME), "ENGINE_set_name"},
+    {ERR_FUNC(ENGINE_F_ENGINE_TABLE_REGISTER), "ENGINE_TABLE_REGISTER"},
+    {ERR_FUNC(ENGINE_F_ENGINE_UNLOAD_KEY), "ENGINE_UNLOAD_KEY"},
+    {ERR_FUNC(ENGINE_F_ENGINE_UNLOCKED_FINISH), "ENGINE_UNLOCKED_FINISH"},
+    {ERR_FUNC(ENGINE_F_ENGINE_UP_REF), "ENGINE_up_ref"},
+    {ERR_FUNC(ENGINE_F_INT_CTRL_HELPER), "INT_CTRL_HELPER"},
+    {ERR_FUNC(ENGINE_F_INT_ENGINE_CONFIGURE), "INT_ENGINE_CONFIGURE"},
+    {ERR_FUNC(ENGINE_F_INT_ENGINE_MODULE_INIT), "INT_ENGINE_MODULE_INIT"},
+    {ERR_FUNC(ENGINE_F_LOG_MESSAGE), "LOG_MESSAGE"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA ENGINE_str_reasons[]=
-	{
-{ERR_REASON(ENGINE_R_ALREADY_LOADED)     ,"already loaded"},
-{ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),"argument is not a number"},
-{ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) ,"cmd not executable"},
-{ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT),"command takes input"},
-{ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT),"command takes no input"},
-{ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID),"conflicting engine id"},
-{ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),"ctrl command not implemented"},
-{ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) ,"dh not implemented"},
-{ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED),"dsa not implemented"},
-{ERR_REASON(ENGINE_R_DSO_FAILURE)        ,"DSO failure"},
-{ERR_REASON(ENGINE_R_DSO_NOT_FOUND)      ,"dso not found"},
-{ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR),"engines section error"},
-{ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),"engine configuration error"},
-{ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST),"engine is not in the list"},
-{ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR),"engine section error"},
-{ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),"failed loading private key"},
-{ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),"failed loading public key"},
-{ERR_REASON(ENGINE_R_FINISH_FAILED)      ,"finish failed"},
-{ERR_REASON(ENGINE_R_GET_HANDLE_FAILED)  ,"could not obtain hardware handle"},
-{ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) ,"'id' or 'name' missing"},
-{ERR_REASON(ENGINE_R_INIT_FAILED)        ,"init failed"},
-{ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR),"internal list error"},
-{ERR_REASON(ENGINE_R_INVALID_ARGUMENT)   ,"invalid argument"},
-{ERR_REASON(ENGINE_R_INVALID_CMD_NAME)   ,"invalid cmd name"},
-{ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) ,"invalid cmd number"},
-{ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) ,"invalid init value"},
-{ERR_REASON(ENGINE_R_INVALID_STRING)     ,"invalid string"},
-{ERR_REASON(ENGINE_R_NOT_INITIALISED)    ,"not initialised"},
-{ERR_REASON(ENGINE_R_NOT_LOADED)         ,"not loaded"},
-{ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION),"no control function"},
-{ERR_REASON(ENGINE_R_NO_INDEX)           ,"no index"},
-{ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION)   ,"no load function"},
-{ERR_REASON(ENGINE_R_NO_REFERENCE)       ,"no reference"},
-{ERR_REASON(ENGINE_R_NO_SUCH_ENGINE)     ,"no such engine"},
-{ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) ,"no unload function"},
-{ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) ,"provide parameters"},
-{ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED),"rsa not implemented"},
-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER),"unimplemented cipher"},
-{ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST),"unimplemented digest"},
-{ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY),"version incompatibility"},
-{0,NULL}
-	};
+static ERR_STRING_DATA ENGINE_str_reasons[] = {
+    {ERR_REASON(ENGINE_R_ALREADY_LOADED), "already loaded"},
+    {ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER),
+     "argument is not a number"},
+    {ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE), "cmd not executable"},
+    {ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT), "command takes input"},
+    {ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT), "command takes no input"},
+    {ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"},
+    {ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED),
+     "ctrl command not implemented"},
+    {ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED), "dh not implemented"},
+    {ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED), "dsa not implemented"},
+    {ERR_REASON(ENGINE_R_DSO_FAILURE), "DSO failure"},
+    {ERR_REASON(ENGINE_R_DSO_NOT_FOUND), "dso not found"},
+    {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"},
+    {ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR),
+     "engine configuration error"},
+    {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST), "engine is not in the list"},
+    {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR), "engine section error"},
+    {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY),
+     "failed loading private key"},
+    {ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY),
+     "failed loading public key"},
+    {ERR_REASON(ENGINE_R_FINISH_FAILED), "finish failed"},
+    {ERR_REASON(ENGINE_R_GET_HANDLE_FAILED),
+     "could not obtain hardware handle"},
+    {ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING), "'id' or 'name' missing"},
+    {ERR_REASON(ENGINE_R_INIT_FAILED), "init failed"},
+    {ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"},
+    {ERR_REASON(ENGINE_R_INVALID_ARGUMENT), "invalid argument"},
+    {ERR_REASON(ENGINE_R_INVALID_CMD_NAME), "invalid cmd name"},
+    {ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER), "invalid cmd number"},
+    {ERR_REASON(ENGINE_R_INVALID_INIT_VALUE), "invalid init value"},
+    {ERR_REASON(ENGINE_R_INVALID_STRING), "invalid string"},
+    {ERR_REASON(ENGINE_R_NOT_INITIALISED), "not initialised"},
+    {ERR_REASON(ENGINE_R_NOT_LOADED), "not loaded"},
+    {ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION), "no control function"},
+    {ERR_REASON(ENGINE_R_NO_INDEX), "no index"},
+    {ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION), "no load function"},
+    {ERR_REASON(ENGINE_R_NO_REFERENCE), "no reference"},
+    {ERR_REASON(ENGINE_R_NO_SUCH_ENGINE), "no such engine"},
+    {ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION), "no unload function"},
+    {ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS), "provide parameters"},
+    {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED), "rsa not implemented"},
+    {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"},
+    {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"},
+    {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY), "version incompatibility"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_ENGINE_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,ENGINE_str_functs);
-		ERR_load_strings(0,ENGINE_str_reasons);
-		}
+    if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, ENGINE_str_functs);
+        ERR_load_strings(0, ENGINE_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_fat.c b/Cryptlib/OpenSSL/crypto/engine/eng_fat.c
index 27c1662f..7fa07548 100644
--- a/Cryptlib/OpenSSL/crypto/engine/eng_fat.c
+++ b/Cryptlib/OpenSSL/crypto/engine/eng_fat.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -54,7 +54,7 @@
  */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
+ * ECDH support in OpenSSL originally developed by
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 
@@ -62,106 +62,104 @@
 #include <openssl/conf.h>
 
 int ENGINE_set_default(ENGINE *e, unsigned int flags)
-	{
-	if((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
-		return 0;
-	if((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
-		return 0;
+{
+    if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
+        return 0;
+    if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
+        return 0;
 #ifndef OPENSSL_NO_RSA
-	if((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
-		return 0;
+    if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
+        return 0;
 #endif
 #ifndef OPENSSL_NO_DSA
-	if((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
-		return 0;
+    if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
+        return 0;
 #endif
 #ifndef OPENSSL_NO_DH
-	if((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
-		return 0;
+    if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
+        return 0;
 #endif
 #ifndef OPENSSL_NO_ECDH
-	if((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
-		return 0;
+    if ((flags & ENGINE_METHOD_ECDH) && !ENGINE_set_default_ECDH(e))
+        return 0;
 #endif
 #ifndef OPENSSL_NO_ECDSA
-	if((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
-		return 0;
+    if ((flags & ENGINE_METHOD_ECDSA) && !ENGINE_set_default_ECDSA(e))
+        return 0;
 #endif
-	if((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
-		return 0;
-	return 1;
-	}
+    if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
+        return 0;
+    return 1;
+}
 
 /* Set default algorithms using a string */
 
 static int int_def_cb(const char *alg, int len, void *arg)
-	{
-	unsigned int *pflags = arg;
-	if (!strncmp(alg, "ALL", len))
-		*pflags |= ENGINE_METHOD_ALL;
-	else if (!strncmp(alg, "RSA", len))
-		*pflags |= ENGINE_METHOD_RSA;
-	else if (!strncmp(alg, "DSA", len))
-		*pflags |= ENGINE_METHOD_DSA;
-	else if (!strncmp(alg, "ECDH", len))
-		*pflags |= ENGINE_METHOD_ECDH;
-	else if (!strncmp(alg, "ECDSA", len))
-		*pflags |= ENGINE_METHOD_ECDSA;
-	else if (!strncmp(alg, "DH", len))
-		*pflags |= ENGINE_METHOD_DH;
-	else if (!strncmp(alg, "RAND", len))
-		*pflags |= ENGINE_METHOD_RAND;
-	else if (!strncmp(alg, "CIPHERS", len))
-		*pflags |= ENGINE_METHOD_CIPHERS;
-	else if (!strncmp(alg, "DIGESTS", len))
-		*pflags |= ENGINE_METHOD_DIGESTS;
-	else
-		return 0;
-	return 1;
-	}
-
+{
+    unsigned int *pflags = arg;
+    if (!strncmp(alg, "ALL", len))
+        *pflags |= ENGINE_METHOD_ALL;
+    else if (!strncmp(alg, "RSA", len))
+        *pflags |= ENGINE_METHOD_RSA;
+    else if (!strncmp(alg, "DSA", len))
+        *pflags |= ENGINE_METHOD_DSA;
+    else if (!strncmp(alg, "ECDH", len))
+        *pflags |= ENGINE_METHOD_ECDH;
+    else if (!strncmp(alg, "ECDSA", len))
+        *pflags |= ENGINE_METHOD_ECDSA;
+    else if (!strncmp(alg, "DH", len))
+        *pflags |= ENGINE_METHOD_DH;
+    else if (!strncmp(alg, "RAND", len))
+        *pflags |= ENGINE_METHOD_RAND;
+    else if (!strncmp(alg, "CIPHERS", len))
+        *pflags |= ENGINE_METHOD_CIPHERS;
+    else if (!strncmp(alg, "DIGESTS", len))
+        *pflags |= ENGINE_METHOD_DIGESTS;
+    else
+        return 0;
+    return 1;
+}
 
 int ENGINE_set_default_string(ENGINE *e, const char *def_list)
-	{
-	unsigned int flags = 0;
-	if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
-					ENGINE_R_INVALID_STRING);
-		ERR_add_error_data(2, "str=",def_list);
-		return 0;
-		}
-	return ENGINE_set_default(e, flags);
-	}
+{
+    unsigned int flags = 0;
+    if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) {
+        ENGINEerr(ENGINE_F_ENGINE_SET_DEFAULT_STRING,
+                  ENGINE_R_INVALID_STRING);
+        ERR_add_error_data(2, "str=", def_list);
+        return 0;
+    }
+    return ENGINE_set_default(e, flags);
+}
 
 int ENGINE_register_complete(ENGINE *e)
-	{
-	ENGINE_register_ciphers(e);
-	ENGINE_register_digests(e);
+{
+    ENGINE_register_ciphers(e);
+    ENGINE_register_digests(e);
 #ifndef OPENSSL_NO_RSA
-	ENGINE_register_RSA(e);
+    ENGINE_register_RSA(e);
 #endif
 #ifndef OPENSSL_NO_DSA
-	ENGINE_register_DSA(e);
+    ENGINE_register_DSA(e);
 #endif
 #ifndef OPENSSL_NO_DH
-	ENGINE_register_DH(e);
+    ENGINE_register_DH(e);
 #endif
 #ifndef OPENSSL_NO_ECDH
-	ENGINE_register_ECDH(e);
+    ENGINE_register_ECDH(e);
 #endif
 #ifndef OPENSSL_NO_ECDSA
-	ENGINE_register_ECDSA(e);
+    ENGINE_register_ECDSA(e);
 #endif
-	ENGINE_register_RAND(e);
-	return 1;
-	}
+    ENGINE_register_RAND(e);
+    return 1;
+}
 
 int ENGINE_register_all_complete(void)
-	{
-	ENGINE *e;
+{
+    ENGINE *e;
 
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_complete(e);
-	return 1;
-	}
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_complete(e);
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_init.c b/Cryptlib/OpenSSL/crypto/engine/eng_init.c
index 7633cf5f..4ea7fe63 100644
--- a/Cryptlib/OpenSSL/crypto/engine/eng_init.c
+++ b/Cryptlib/OpenSSL/crypto/engine/eng_init.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -55,100 +55,103 @@
 
 #include "eng_int.h"
 
-/* Initialise a engine type for use (or up its functional reference count
- * if it's already in use). This version is only used internally. */
+/*
+ * Initialise a engine type for use (or up its functional reference count if
+ * it's already in use). This version is only used internally.
+ */
 int engine_unlocked_init(ENGINE *e)
-	{
-	int to_return = 1;
+{
+    int to_return = 1;
 
-	if((e->funct_ref == 0) && e->init)
-		/* This is the first functional reference and the engine
-		 * requires initialisation so we do it now. */
-		to_return = e->init(e);
-	if(to_return)
-		{
-		/* OK, we return a functional reference which is also a
-		 * structural reference. */
-		e->struct_ref++;
-		e->funct_ref++;
-		engine_ref_debug(e, 0, 1)
-		engine_ref_debug(e, 1, 1)
-		}
-	return to_return;
-	}
+    if ((e->funct_ref == 0) && e->init)
+        /*
+         * This is the first functional reference and the engine requires
+         * initialisation so we do it now.
+         */
+        to_return = e->init(e);
+    if (to_return) {
+        /*
+         * OK, we return a functional reference which is also a structural
+         * reference.
+         */
+        e->struct_ref++;
+        e->funct_ref++;
+        engine_ref_debug(e, 0, 1)
+            engine_ref_debug(e, 1, 1)
+    }
+    return to_return;
+}
 
-/* Free a functional reference to a engine type. This version is only used
- * internally. */
+/*
+ * Free a functional reference to a engine type. This version is only used
+ * internally.
+ */
 int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
-	{
-	int to_return = 1;
+{
+    int to_return = 1;
 
-	/* Reduce the functional reference count here so if it's the terminating
-	 * case, we can release the lock safely and call the finish() handler
-	 * without risk of a race. We get a race if we leave the count until
-	 * after and something else is calling "finish" at the same time -
-	 * there's a chance that both threads will together take the count from
-	 * 2 to 0 without either calling finish(). */
-	e->funct_ref--;
-	engine_ref_debug(e, 1, -1);
-	if((e->funct_ref == 0) && e->finish)
-		{
-		if(unlock_for_handlers)
-			CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-		to_return = e->finish(e);
-		if(unlock_for_handlers)
-			CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-		if(!to_return)
-			return 0;
-		}
+    /*
+     * Reduce the functional reference count here so if it's the terminating
+     * case, we can release the lock safely and call the finish() handler
+     * without risk of a race. We get a race if we leave the count until
+     * after and something else is calling "finish" at the same time -
+     * there's a chance that both threads will together take the count from 2
+     * to 0 without either calling finish().
+     */
+    e->funct_ref--;
+    engine_ref_debug(e, 1, -1);
+    if ((e->funct_ref == 0) && e->finish) {
+        if (unlock_for_handlers)
+            CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        to_return = e->finish(e);
+        if (unlock_for_handlers)
+            CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+        if (!to_return)
+            return 0;
+    }
 #ifdef REF_CHECK
-	if(e->funct_ref < 0)
-		{
-		fprintf(stderr,"ENGINE_finish, bad functional reference count\n");
-		abort();
-		}
+    if (e->funct_ref < 0) {
+        fprintf(stderr, "ENGINE_finish, bad functional reference count\n");
+        abort();
+    }
 #endif
-	/* Release the structural reference too */
-	if(!engine_free_util(e, 0))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH,ENGINE_R_FINISH_FAILED);
-		return 0;
-		}
-	return to_return;
-	}
+    /* Release the structural reference too */
+    if (!engine_free_util(e, 0)) {
+        ENGINEerr(ENGINE_F_ENGINE_UNLOCKED_FINISH, ENGINE_R_FINISH_FAILED);
+        return 0;
+    }
+    return to_return;
+}
 
 /* The API (locked) version of "init" */
 int ENGINE_init(ENGINE *e)
-	{
-	int ret;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_INIT,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	ret = engine_unlocked_init(e);
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return ret;
-	}
+{
+    int ret;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_INIT, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    ret = engine_unlocked_init(e);
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    return ret;
+}
 
 /* The API (locked) version of "finish" */
 int ENGINE_finish(ENGINE *e)
-	{
-	int to_return = 1;
+{
+    int to_return = 1;
 
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_FINISH,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	to_return = engine_unlocked_finish(e, 1);
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	if(!to_return)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_FINISH,ENGINE_R_FINISH_FAILED);
-		return 0;
-		}
-	return to_return;
-	}
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_FINISH, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    to_return = engine_unlocked_finish(e, 1);
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    if (!to_return) {
+        ENGINEerr(ENGINE_F_ENGINE_FINISH, ENGINE_R_FINISH_FAILED);
+        return 0;
+    }
+    return to_return;
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_lib.c b/Cryptlib/OpenSSL/crypto/engine/eng_lib.c
index 5815b867..6238f9d1 100644
--- a/Cryptlib/OpenSSL/crypto/engine/eng_lib.c
+++ b/Cryptlib/OpenSSL/crypto/engine/eng_lib.c
@@ -1,6 +1,7 @@
 /* crypto/engine/eng_lib.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,268 +63,282 @@
 /* The "new"/"free" stuff first */
 
 ENGINE *ENGINE_new(void)
-	{
-	ENGINE *ret;
-
-	ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
-	if(ret == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-	memset(ret, 0, sizeof(ENGINE));
-	ret->struct_ref = 1;
-	engine_ref_debug(ret, 0, 1)
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
-	return ret;
-	}
-
-/* Placed here (close proximity to ENGINE_new) so that modifications to the
+{
+    ENGINE *ret;
+
+    ret = (ENGINE *)OPENSSL_malloc(sizeof(ENGINE));
+    if (ret == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    memset(ret, 0, sizeof(ENGINE));
+    ret->struct_ref = 1;
+    engine_ref_debug(ret, 0, 1)
+        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
+    return ret;
+}
+
+/*
+ * Placed here (close proximity to ENGINE_new) so that modifications to the
  * elements of the ENGINE structure are more likely to be caught and changed
- * here. */
+ * here.
+ */
 void engine_set_all_null(ENGINE *e)
-	{
-	e->id = NULL;
-	e->name = NULL;
-	e->rsa_meth = NULL;
-	e->dsa_meth = NULL;
-	e->dh_meth = NULL;
-	e->rand_meth = NULL;
-	e->store_meth = NULL;
-	e->ciphers = NULL;
-	e->digests = NULL;
-	e->destroy = NULL;
-	e->init = NULL;
-	e->finish = NULL;
-	e->ctrl = NULL;
-	e->load_privkey = NULL;
-	e->load_pubkey = NULL;
-	e->cmd_defns = NULL;
-	e->flags = 0;
-	}
+{
+    e->id = NULL;
+    e->name = NULL;
+    e->rsa_meth = NULL;
+    e->dsa_meth = NULL;
+    e->dh_meth = NULL;
+    e->rand_meth = NULL;
+    e->store_meth = NULL;
+    e->ciphers = NULL;
+    e->digests = NULL;
+    e->destroy = NULL;
+    e->init = NULL;
+    e->finish = NULL;
+    e->ctrl = NULL;
+    e->load_privkey = NULL;
+    e->load_pubkey = NULL;
+    e->cmd_defns = NULL;
+    e->flags = 0;
+}
 
 int engine_free_util(ENGINE *e, int locked)
-	{
-	int i;
-
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if(locked)
-		i = CRYPTO_add(&e->struct_ref,-1,CRYPTO_LOCK_ENGINE);
-	else
-		i = --e->struct_ref;
-	engine_ref_debug(e, 0, -1)
-	if (i > 0) return 1;
+{
+    int i;
+
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_FREE_UTIL, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (locked)
+        i = CRYPTO_add(&e->struct_ref, -1, CRYPTO_LOCK_ENGINE);
+    else
+        i = --e->struct_ref;
+    engine_ref_debug(e, 0, -1)
+        if (i > 0)
+        return 1;
 #ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"ENGINE_free, bad structural reference count\n");
-		abort();
-		}
+    if (i < 0) {
+        fprintf(stderr, "ENGINE_free, bad structural reference count\n");
+        abort();
+    }
 #endif
-	/* Give the ENGINE a chance to do any structural cleanup corresponding
-	 * to allocation it did in its constructor (eg. unload error strings) */
-	if(e->destroy)
-		e->destroy(e);
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
-	OPENSSL_free(e);
-	return 1;
-	}
+    /*
+     * Give the ENGINE a chance to do any structural cleanup corresponding to
+     * allocation it did in its constructor (eg. unload error strings)
+     */
+    if (e->destroy)
+        e->destroy(e);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
+    OPENSSL_free(e);
+    return 1;
+}
 
 int ENGINE_free(ENGINE *e)
-	{
-	return engine_free_util(e, 1);
-	}
+{
+    return engine_free_util(e, 1);
+}
 
 /* Cleanup stuff */
 
-/* ENGINE_cleanup() is coded such that anything that does work that will need
- * cleanup can register a "cleanup" callback here. That way we don't get linker
- * bloat by referring to all *possible* cleanups, but any linker bloat into code
- * "X" will cause X's cleanup function to end up here. */
+/*
+ * ENGINE_cleanup() is coded such that anything that does work that will need
+ * cleanup can register a "cleanup" callback here. That way we don't get
+ * linker bloat by referring to all *possible* cleanups, but any linker bloat
+ * into code "X" will cause X's cleanup function to end up here.
+ */
 static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
 static int int_cleanup_check(int create)
-	{
-	if(cleanup_stack) return 1;
-	if(!create) return 0;
-	cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
-	return (cleanup_stack ? 1 : 0);
-	}
+{
+    if (cleanup_stack)
+        return 1;
+    if (!create)
+        return 0;
+    cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
+    return (cleanup_stack ? 1 : 0);
+}
+
 static ENGINE_CLEANUP_ITEM *int_cleanup_item(ENGINE_CLEANUP_CB *cb)
-	{
-	ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(
-					ENGINE_CLEANUP_ITEM));
-	if(!item) return NULL;
-	item->cb = cb;
-	return item;
-	}
+{
+    ENGINE_CLEANUP_ITEM *item = OPENSSL_malloc(sizeof(ENGINE_CLEANUP_ITEM));
+    if (!item)
+        return NULL;
+    item->cb = cb;
+    return item;
+}
+
 void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
-	{
-	ENGINE_CLEANUP_ITEM *item;
-	if(!int_cleanup_check(1)) return;
-	item = int_cleanup_item(cb);
-	if(item)
-		sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
-	}
+{
+    ENGINE_CLEANUP_ITEM *item;
+    if (!int_cleanup_check(1))
+        return;
+    item = int_cleanup_item(cb);
+    if (item)
+        sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
+}
+
 void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
-	{
-	ENGINE_CLEANUP_ITEM *item;
-	if(!int_cleanup_check(1)) return;
-	item = int_cleanup_item(cb);
-	if(item)
-		sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
-	}
+{
+    ENGINE_CLEANUP_ITEM *item;
+    if (!int_cleanup_check(1))
+        return;
+    item = int_cleanup_item(cb);
+    if (item)
+        sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
+}
+
 /* The API function that performs all cleanup */
 static void engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
-	{
-	(*(item->cb))();
-	OPENSSL_free(item);
-	}
+{
+    (*(item->cb)) ();
+    OPENSSL_free(item);
+}
+
 void ENGINE_cleanup(void)
-	{
-	if(int_cleanup_check(0))
-		{
-		sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
-			engine_cleanup_cb_free);
-		cleanup_stack = NULL;
-		}
-	/* FIXME: This should be handled (somehow) through RAND, eg. by it
-	 * registering a cleanup callback. */
-	RAND_set_rand_method(NULL);
-	}
+{
+    if (int_cleanup_check(0)) {
+        sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
+                                        engine_cleanup_cb_free);
+        cleanup_stack = NULL;
+    }
+    /*
+     * FIXME: This should be handled (somehow) through RAND, eg. by it
+     * registering a cleanup callback.
+     */
+    RAND_set_rand_method(NULL);
+}
 
 /* Now the "ex_data" support */
 
 int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-		CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-	{
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
-			new_func, dup_func, free_func);
-	}
+                            CRYPTO_EX_dup *dup_func,
+                            CRYPTO_EX_free *free_func)
+{
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
+                                   new_func, dup_func, free_func);
+}
 
 int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
-	{
-	return(CRYPTO_set_ex_data(&e->ex_data, idx, arg));
-	}
+{
+    return (CRYPTO_set_ex_data(&e->ex_data, idx, arg));
+}
 
 void *ENGINE_get_ex_data(const ENGINE *e, int idx)
-	{
-	return(CRYPTO_get_ex_data(&e->ex_data, idx));
-	}
+{
+    return (CRYPTO_get_ex_data(&e->ex_data, idx));
+}
 
-/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
- * ENGINE structure itself. */
+/*
+ * Functions to get/set an ENGINE's elements - mainly to avoid exposing the
+ * ENGINE structure itself.
+ */
 
 int ENGINE_set_id(ENGINE *e, const char *id)
-	{
-	if(id == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_ID,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	e->id = id;
-	return 1;
-	}
+{
+    if (id == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_SET_ID, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    e->id = id;
+    return 1;
+}
 
 int ENGINE_set_name(ENGINE *e, const char *name)
-	{
-	if(name == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_SET_NAME,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	e->name = name;
-	return 1;
-	}
+{
+    if (name == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_SET_NAME, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    e->name = name;
+    return 1;
+}
 
 int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
-	{
-	e->destroy = destroy_f;
-	return 1;
-	}
+{
+    e->destroy = destroy_f;
+    return 1;
+}
 
 int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
-	{
-	e->init = init_f;
-	return 1;
-	}
+{
+    e->init = init_f;
+    return 1;
+}
 
 int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
-	{
-	e->finish = finish_f;
-	return 1;
-	}
+{
+    e->finish = finish_f;
+    return 1;
+}
 
 int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
-	{
-	e->ctrl = ctrl_f;
-	return 1;
-	}
+{
+    e->ctrl = ctrl_f;
+    return 1;
+}
 
 int ENGINE_set_flags(ENGINE *e, int flags)
-	{
-	e->flags = flags;
-	return 1;
-	}
+{
+    e->flags = flags;
+    return 1;
+}
 
 int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
-	{
-	e->cmd_defns = defns;
-	return 1;
-	}
+{
+    e->cmd_defns = defns;
+    return 1;
+}
 
 const char *ENGINE_get_id(const ENGINE *e)
-	{
-	return e->id;
-	}
+{
+    return e->id;
+}
 
 const char *ENGINE_get_name(const ENGINE *e)
-	{
-	return e->name;
-	}
+{
+    return e->name;
+}
 
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e)
-	{
-	return e->destroy;
-	}
+{
+    return e->destroy;
+}
 
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e)
-	{
-	return e->init;
-	}
+{
+    return e->init;
+}
 
 ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e)
-	{
-	return e->finish;
-	}
+{
+    return e->finish;
+}
 
 ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e)
-	{
-	return e->ctrl;
-	}
+{
+    return e->ctrl;
+}
 
 int ENGINE_get_flags(const ENGINE *e)
-	{
-	return e->flags;
-	}
+{
+    return e->flags;
+}
 
 const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e)
-	{
-	return e->cmd_defns;
-	}
+{
+    return e->cmd_defns;
+}
 
-/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so
- * put the "static_state" hack here. */
+/*
+ * eng_lib.o is pretty much linked into anything that touches ENGINE already,
+ * so put the "static_state" hack here.
+ */
 
 static int internal_static_hack = 0;
 
 void *ENGINE_get_static_state(void)
-	{
-	return &internal_static_hack;
-	}
+{
+    return &internal_static_hack;
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_list.c b/Cryptlib/OpenSSL/crypto/engine/eng_list.c
index fa2ab973..45029c4f 100644
--- a/Cryptlib/OpenSSL/crypto/engine/eng_list.c
+++ b/Cryptlib/OpenSSL/crypto/engine/eng_list.c
@@ -1,6 +1,7 @@
 /* crypto/engine/eng_list.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -57,376 +58,345 @@
  */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
+ * ECDH support in OpenSSL originally developed by
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 
 #include "eng_int.h"
 
-/* The linked-list of pointers to engine types. engine_list_head
- * incorporates an implicit structural reference but engine_list_tail
- * does not - the latter is a computational niceity and only points
- * to something that is already pointed to by its predecessor in the
- * list (or engine_list_head itself). In the same way, the use of the
- * "prev" pointer in each ENGINE is to save excessive list iteration,
- * it doesn't correspond to an extra structural reference. Hence,
- * engine_list_head, and each non-null "next" pointer account for
- * the list itself assuming exactly 1 structural reference on each
- * list member. */
+/*
+ * The linked-list of pointers to engine types. engine_list_head incorporates
+ * an implicit structural reference but engine_list_tail does not - the
+ * latter is a computational niceity and only points to something that is
+ * already pointed to by its predecessor in the list (or engine_list_head
+ * itself). In the same way, the use of the "prev" pointer in each ENGINE is
+ * to save excessive list iteration, it doesn't correspond to an extra
+ * structural reference. Hence, engine_list_head, and each non-null "next"
+ * pointer account for the list itself assuming exactly 1 structural
+ * reference on each list member.
+ */
 static ENGINE *engine_list_head = NULL;
 static ENGINE *engine_list_tail = NULL;
 
-/* This cleanup function is only needed internally. If it should be called, we
- * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */
+/*
+ * This cleanup function is only needed internally. If it should be called,
+ * we register it with the "ENGINE_cleanup()" stack to be called during
+ * cleanup.
+ */
 
 static void engine_list_cleanup(void)
-	{
-	ENGINE *iterator = engine_list_head;
+{
+    ENGINE *iterator = engine_list_head;
 
-	while(iterator != NULL)
-		{
-		ENGINE_remove(iterator);
-		iterator = engine_list_head;
-		}
-	return;
-	}
+    while (iterator != NULL) {
+        ENGINE_remove(iterator);
+        iterator = engine_list_head;
+    }
+    return;
+}
 
-/* These static functions starting with a lower case "engine_" always
- * take place when CRYPTO_LOCK_ENGINE has been locked up. */
+/*
+ * These static functions starting with a lower case "engine_" always take
+ * place when CRYPTO_LOCK_ENGINE has been locked up.
+ */
 static int engine_list_add(ENGINE *e)
-	{
-	int conflict = 0;
-	ENGINE *iterator = NULL;
+{
+    int conflict = 0;
+    ENGINE *iterator = NULL;
 
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	iterator = engine_list_head;
-	while(iterator && !conflict)
-		{
-		conflict = (strcmp(iterator->id, e->id) == 0);
-		iterator = iterator->next;
-		}
-	if(conflict)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-			ENGINE_R_CONFLICTING_ENGINE_ID);
-		return 0;
-		}
-	if(engine_list_head == NULL)
-		{
-		/* We are adding to an empty list. */
-		if(engine_list_tail)
-			{
-			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-				ENGINE_R_INTERNAL_LIST_ERROR);
-			return 0;
-			}
-		engine_list_head = e;
-		e->prev = NULL;
-		/* The first time the list allocates, we should register the
-		 * cleanup. */
-		engine_cleanup_add_last(engine_list_cleanup);
-		}
-	else
-		{
-		/* We are adding to the tail of an existing list. */
-		if((engine_list_tail == NULL) ||
-				(engine_list_tail->next != NULL))
-			{
-			ENGINEerr(ENGINE_F_ENGINE_LIST_ADD,
-				ENGINE_R_INTERNAL_LIST_ERROR);
-			return 0;
-			}
-		engine_list_tail->next = e;
-		e->prev = engine_list_tail;
-		}
-	/* Having the engine in the list assumes a structural
-	 * reference. */
-	e->struct_ref++;
-	engine_ref_debug(e, 0, 1)
-	/* However it came to be, e is the last item in the list. */
-	engine_list_tail = e;
-	e->next = NULL;
-	return 1;
-	}
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    iterator = engine_list_head;
+    while (iterator && !conflict) {
+        conflict = (strcmp(iterator->id, e->id) == 0);
+        iterator = iterator->next;
+    }
+    if (conflict) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_CONFLICTING_ENGINE_ID);
+        return 0;
+    }
+    if (engine_list_head == NULL) {
+        /* We are adding to an empty list. */
+        if (engine_list_tail) {
+            ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+            return 0;
+        }
+        engine_list_head = e;
+        e->prev = NULL;
+        /*
+         * The first time the list allocates, we should register the cleanup.
+         */
+        engine_cleanup_add_last(engine_list_cleanup);
+    } else {
+        /* We are adding to the tail of an existing list. */
+        if ((engine_list_tail == NULL) || (engine_list_tail->next != NULL)) {
+            ENGINEerr(ENGINE_F_ENGINE_LIST_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+            return 0;
+        }
+        engine_list_tail->next = e;
+        e->prev = engine_list_tail;
+    }
+    /*
+     * Having the engine in the list assumes a structural reference.
+     */
+    e->struct_ref++;
+    engine_ref_debug(e, 0, 1)
+        /* However it came to be, e is the last item in the list. */
+        engine_list_tail = e;
+    e->next = NULL;
+    return 1;
+}
 
 static int engine_list_remove(ENGINE *e)
-	{
-	ENGINE *iterator;
+{
+    ENGINE *iterator;
 
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	/* We need to check that e is in our linked list! */
-	iterator = engine_list_head;
-	while(iterator && (iterator != e))
-		iterator = iterator->next;
-	if(iterator == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
-			ENGINE_R_ENGINE_IS_NOT_IN_LIST);
-		return 0;
-		}
-	/* un-link e from the chain. */
-	if(e->next)
-		e->next->prev = e->prev;
-	if(e->prev)
-		e->prev->next = e->next;
-	/* Correct our head/tail if necessary. */
-	if(engine_list_head == e)
-		engine_list_head = e->next;
-	if(engine_list_tail == e)
-		engine_list_tail = e->prev;
-	engine_free_util(e, 0);
-	return 1;
-	}
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    /* We need to check that e is in our linked list! */
+    iterator = engine_list_head;
+    while (iterator && (iterator != e))
+        iterator = iterator->next;
+    if (iterator == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LIST_REMOVE,
+                  ENGINE_R_ENGINE_IS_NOT_IN_LIST);
+        return 0;
+    }
+    /* un-link e from the chain. */
+    if (e->next)
+        e->next->prev = e->prev;
+    if (e->prev)
+        e->prev->next = e->next;
+    /* Correct our head/tail if necessary. */
+    if (engine_list_head == e)
+        engine_list_head = e->next;
+    if (engine_list_tail == e)
+        engine_list_tail = e->prev;
+    engine_free_util(e, 0);
+    return 1;
+}
 
 /* Get the first/last "ENGINE" type available. */
 ENGINE *ENGINE_get_first(void)
-	{
-	ENGINE *ret;
+{
+    ENGINE *ret;
 
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	ret = engine_list_head;
-	if(ret)
-		{
-		ret->struct_ref++;
-		engine_ref_debug(ret, 0, 1)
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return ret;
-	}
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    ret = engine_list_head;
+    if (ret) {
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1)
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    return ret;
+}
 
 ENGINE *ENGINE_get_last(void)
-	{
-	ENGINE *ret;
+{
+    ENGINE *ret;
 
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	ret = engine_list_tail;
-	if(ret)
-		{
-		ret->struct_ref++;
-		engine_ref_debug(ret, 0, 1)
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return ret;
-	}
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    ret = engine_list_tail;
+    if (ret) {
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1)
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    return ret;
+}
 
 /* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
 ENGINE *ENGINE_get_next(ENGINE *e)
-	{
-	ENGINE *ret = NULL;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_NEXT,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	ret = e->next;
-	if(ret)
-		{
-		/* Return a valid structural refernce to the next ENGINE */
-		ret->struct_ref++;
-		engine_ref_debug(ret, 0, 1)
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	/* Release the structural reference to the previous ENGINE */
-	ENGINE_free(e);
-	return ret;
-	}
+{
+    ENGINE *ret = NULL;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    ret = e->next;
+    if (ret) {
+        /* Return a valid structural refernce to the next ENGINE */
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1)
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    /* Release the structural reference to the previous ENGINE */
+    ENGINE_free(e);
+    return ret;
+}
 
 ENGINE *ENGINE_get_prev(ENGINE *e)
-	{
-	ENGINE *ret = NULL;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_PREV,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	ret = e->prev;
-	if(ret)
-		{
-		/* Return a valid structural reference to the next ENGINE */
-		ret->struct_ref++;
-		engine_ref_debug(ret, 0, 1)
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	/* Release the structural reference to the previous ENGINE */
-	ENGINE_free(e);
-	return ret;
-	}
+{
+    ENGINE *ret = NULL;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_PREV, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    ret = e->prev;
+    if (ret) {
+        /* Return a valid structural reference to the next ENGINE */
+        ret->struct_ref++;
+        engine_ref_debug(ret, 0, 1)
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    /* Release the structural reference to the previous ENGINE */
+    ENGINE_free(e);
+    return ret;
+}
 
 /* Add another "ENGINE" type into the list. */
 int ENGINE_add(ENGINE *e)
-	{
-	int to_return = 1;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_ADD,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if((e->id == NULL) || (e->name == NULL))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_ADD,
-			ENGINE_R_ID_OR_NAME_MISSING);
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(!engine_list_add(e))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_ADD,
-			ENGINE_R_INTERNAL_LIST_ERROR);
-		to_return = 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return to_return;
-	}
+{
+    int to_return = 1;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_ADD, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if ((e->id == NULL) || (e->name == NULL)) {
+        ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_ID_OR_NAME_MISSING);
+    }
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    if (!engine_list_add(e)) {
+        ENGINEerr(ENGINE_F_ENGINE_ADD, ENGINE_R_INTERNAL_LIST_ERROR);
+        to_return = 0;
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    return to_return;
+}
 
 /* Remove an existing "ENGINE" type from the array. */
 int ENGINE_remove(ENGINE *e)
-	{
-	int to_return = 1;
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_REMOVE,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(!engine_list_remove(e))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_REMOVE,
-			ENGINE_R_INTERNAL_LIST_ERROR);
-		to_return = 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return to_return;
-	}
+{
+    int to_return = 1;
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_REMOVE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    if (!engine_list_remove(e)) {
+        ENGINEerr(ENGINE_F_ENGINE_REMOVE, ENGINE_R_INTERNAL_LIST_ERROR);
+        to_return = 0;
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    return to_return;
+}
 
 static void engine_cpy(ENGINE *dest, const ENGINE *src)
-	{
-	dest->id = src->id;
-	dest->name = src->name;
+{
+    dest->id = src->id;
+    dest->name = src->name;
 #ifndef OPENSSL_NO_RSA
-	dest->rsa_meth = src->rsa_meth;
+    dest->rsa_meth = src->rsa_meth;
 #endif
 #ifndef OPENSSL_NO_DSA
-	dest->dsa_meth = src->dsa_meth;
+    dest->dsa_meth = src->dsa_meth;
 #endif
 #ifndef OPENSSL_NO_DH
-	dest->dh_meth = src->dh_meth;
+    dest->dh_meth = src->dh_meth;
 #endif
 #ifndef OPENSSL_NO_ECDH
-	dest->ecdh_meth = src->ecdh_meth;
+    dest->ecdh_meth = src->ecdh_meth;
 #endif
 #ifndef OPENSSL_NO_ECDSA
-	dest->ecdsa_meth = src->ecdsa_meth;
+    dest->ecdsa_meth = src->ecdsa_meth;
 #endif
-	dest->rand_meth = src->rand_meth;
-	dest->store_meth = src->store_meth;
-	dest->ciphers = src->ciphers;
-	dest->digests = src->digests;
-	dest->destroy = src->destroy;
-	dest->init = src->init;
-	dest->finish = src->finish;
-	dest->ctrl = src->ctrl;
-	dest->load_privkey = src->load_privkey;
-	dest->load_pubkey = src->load_pubkey;
-	dest->cmd_defns = src->cmd_defns;
-	dest->flags = src->flags;
-	}
+    dest->rand_meth = src->rand_meth;
+    dest->store_meth = src->store_meth;
+    dest->ciphers = src->ciphers;
+    dest->digests = src->digests;
+    dest->destroy = src->destroy;
+    dest->init = src->init;
+    dest->finish = src->finish;
+    dest->ctrl = src->ctrl;
+    dest->load_privkey = src->load_privkey;
+    dest->load_pubkey = src->load_pubkey;
+    dest->cmd_defns = src->cmd_defns;
+    dest->flags = src->flags;
+}
 
 ENGINE *ENGINE_by_id(const char *id)
-	{
-	ENGINE *iterator;
-	char *load_dir = NULL;
-	if(id == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_BY_ID,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	iterator = engine_list_head;
-	while(iterator && (strcmp(id, iterator->id) != 0))
-		iterator = iterator->next;
-	if(iterator)
-		{
-		/* We need to return a structural reference. If this is an
-		 * ENGINE type that returns copies, make a duplicate - otherwise
-		 * increment the existing ENGINE's reference count. */
-		if(iterator->flags & ENGINE_FLAGS_BY_ID_COPY)
-			{
-			ENGINE *cp = ENGINE_new();
-			if(!cp)
-				iterator = NULL;
-			else
-				{
-				engine_cpy(cp, iterator);
-				iterator = cp;
-				}
-			}
-		else
-			{
-			iterator->struct_ref++;
-			engine_ref_debug(iterator, 0, 1)
-			}
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+{
+    ENGINE *iterator;
+    char *load_dir = NULL;
+    if (id == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_BY_ID, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    iterator = engine_list_head;
+    while (iterator && (strcmp(id, iterator->id) != 0))
+        iterator = iterator->next;
+    if (iterator) {
+        /*
+         * We need to return a structural reference. If this is an ENGINE
+         * type that returns copies, make a duplicate - otherwise increment
+         * the existing ENGINE's reference count.
+         */
+        if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) {
+            ENGINE *cp = ENGINE_new();
+            if (!cp)
+                iterator = NULL;
+            else {
+                engine_cpy(cp, iterator);
+                iterator = cp;
+            }
+        } else {
+            iterator->struct_ref++;
+            engine_ref_debug(iterator, 0, 1)
+        }
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 #if 0
-	if(iterator == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_BY_ID,
-			ENGINE_R_NO_SUCH_ENGINE);
-		ERR_add_error_data(2, "id=", id);
-		}
-	return iterator;
+    if (iterator == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
+        ERR_add_error_data(2, "id=", id);
+    }
+    return iterator;
 #else
-	/* EEK! Experimental code starts */
-	if(iterator) return iterator;
-	/* Prevent infinite recusrion if we're looking for the dynamic engine. */
-	if (strcmp(id, "dynamic"))
-		{
-#ifdef OPENSSL_SYS_VMS
-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = "SSLROOT:[ENGINES]";
-#else
-		if((load_dir = getenv("OPENSSL_ENGINES")) == 0) load_dir = ENGINESDIR;
-#endif
-		iterator = ENGINE_by_id("dynamic");
-		if(!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
-				!ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
-				!ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
-					load_dir, 0) ||
-				!ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
-				goto notfound;
-		return iterator;
-		}
-notfound:
-	ENGINE_free(iterator);
-	ENGINEerr(ENGINE_F_ENGINE_BY_ID,ENGINE_R_NO_SUCH_ENGINE);
-	ERR_add_error_data(2, "id=", id);
-	return NULL;
-	/* EEK! Experimental code ends */
+    /* EEK! Experimental code starts */
+    if (iterator)
+        return iterator;
+    /*
+     * Prevent infinite recusrion if we're looking for the dynamic engine.
+     */
+    if (strcmp(id, "dynamic")) {
+# ifdef OPENSSL_SYS_VMS
+        if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+            load_dir = "SSLROOT:[ENGINES]";
+# else
+        if ((load_dir = getenv("OPENSSL_ENGINES")) == 0)
+            load_dir = ENGINESDIR;
+# endif
+        iterator = ENGINE_by_id("dynamic");
+        if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
+            !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
+            !ENGINE_ctrl_cmd_string(iterator, "DIR_ADD",
+                                    load_dir, 0) ||
+            !ENGINE_ctrl_cmd_string(iterator, "LOAD", NULL, 0))
+            goto notfound;
+        return iterator;
+    }
+ notfound:
+    ENGINE_free(iterator);
+    ENGINEerr(ENGINE_F_ENGINE_BY_ID, ENGINE_R_NO_SUCH_ENGINE);
+    ERR_add_error_data(2, "id=", id);
+    return NULL;
+    /* EEK! Experimental code ends */
 #endif
-	}
+}
 
 int ENGINE_up_ref(ENGINE *e)
-	{
-	if (e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_UP_REF,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_add(&e->struct_ref,1,CRYPTO_LOCK_ENGINE);
-	return 1;
-	}
+{
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_UP_REF, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_add(&e->struct_ref, 1, CRYPTO_LOCK_ENGINE);
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c b/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c
index 7c139ae2..c3aca14b 100644
--- a/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c
+++ b/Cryptlib/OpenSSL/crypto/engine/eng_openssl.c
@@ -1,6 +1,7 @@
 /* crypto/engine/eng_openssl.c */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -57,11 +58,10 @@
  */
 /* ====================================================================
  * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by 
+ * ECDH support in OpenSSL originally developed by
  * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
  */
 
-
 #include <stdio.h>
 #include <openssl/crypto.h>
 #include "cryptlib.h"
@@ -71,18 +71,20 @@
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 #ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
 #endif
 
-/* This testing gunk is implemented (and explained) lower down. It also assumes
- * the application explicitly calls "ENGINE_load_openssl()" because this is no
- * longer automatic in ENGINE_load_builtin_engines(). */
+/*
+ * This testing gunk is implemented (and explained) lower down. It also
+ * assumes the application explicitly calls "ENGINE_load_openssl()" because
+ * this is no longer automatic in ENGINE_load_builtin_engines().
+ */
 #define TEST_ENG_OPENSSL_RC4
 #define TEST_ENG_OPENSSL_PKEY
 /* #define TEST_ENG_OPENSSL_RC4_OTHERS */
@@ -96,118 +98,129 @@
 
 /* Now check what of those algorithms are actually enabled */
 #ifdef OPENSSL_NO_RC4
-#undef TEST_ENG_OPENSSL_RC4
-#undef TEST_ENG_OPENSSL_RC4_OTHERS
-#undef TEST_ENG_OPENSSL_RC4_P_INIT
-#undef TEST_ENG_OPENSSL_RC4_P_CIPHER
+# undef TEST_ENG_OPENSSL_RC4
+# undef TEST_ENG_OPENSSL_RC4_OTHERS
+# undef TEST_ENG_OPENSSL_RC4_P_INIT
+# undef TEST_ENG_OPENSSL_RC4_P_CIPHER
 #endif
 #if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA0) || defined(OPENSSL_NO_SHA1)
-#undef TEST_ENG_OPENSSL_SHA
-#undef TEST_ENG_OPENSSL_SHA_OTHERS
-#undef TEST_ENG_OPENSSL_SHA_P_INIT
-#undef TEST_ENG_OPENSSL_SHA_P_UPDATE
-#undef TEST_ENG_OPENSSL_SHA_P_FINAL 
+# undef TEST_ENG_OPENSSL_SHA
+# undef TEST_ENG_OPENSSL_SHA_OTHERS
+# undef TEST_ENG_OPENSSL_SHA_P_INIT
+# undef TEST_ENG_OPENSSL_SHA_P_UPDATE
+# undef TEST_ENG_OPENSSL_SHA_P_FINAL
 #endif
 
 #ifdef TEST_ENG_OPENSSL_RC4
 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-				const int **nids, int nid);
+                           const int **nids, int nid);
 #endif
 #ifdef TEST_ENG_OPENSSL_SHA
 static int openssl_digests(ENGINE *e, const EVP_MD **digest,
-				const int **nids, int nid);
+                           const int **nids, int nid);
 #endif
 
 #ifdef TEST_ENG_OPENSSL_PKEY
 static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
-	UI_METHOD *ui_method, void *callback_data);
+                                      UI_METHOD *ui_method,
+                                      void *callback_data);
 #endif
 
 /* The constants used when creating the ENGINE */
 static const char *engine_openssl_id = "openssl";
 static const char *engine_openssl_name = "Software engine support";
 
-/* This internal function is used by ENGINE_openssl() and possibly by the
- * "dynamic" ENGINE support too */
+/*
+ * This internal function is used by ENGINE_openssl() and possibly by the
+ * "dynamic" ENGINE support too
+ */
 static int bind_helper(ENGINE *e)
-	{
-	if(!ENGINE_set_id(e, engine_openssl_id)
-			|| !ENGINE_set_name(e, engine_openssl_name)
+{
+    if (!ENGINE_set_id(e, engine_openssl_id)
+        || !ENGINE_set_name(e, engine_openssl_name)
 #ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
-#ifndef OPENSSL_NO_RSA
-			|| !ENGINE_set_RSA(e, RSA_get_default_method())
-#endif
-#ifndef OPENSSL_NO_DSA
-			|| !ENGINE_set_DSA(e, DSA_get_default_method())
-#endif
-#ifndef OPENSSL_NO_ECDH
-			|| !ENGINE_set_ECDH(e, ECDH_OpenSSL())
-#endif
-#ifndef OPENSSL_NO_ECDSA
-			|| !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
-#endif
-#ifndef OPENSSL_NO_DH
-			|| !ENGINE_set_DH(e, DH_get_default_method())
-#endif
-			|| !ENGINE_set_RAND(e, RAND_SSLeay())
-#ifdef TEST_ENG_OPENSSL_RC4
-			|| !ENGINE_set_ciphers(e, openssl_ciphers)
-#endif
-#ifdef TEST_ENG_OPENSSL_SHA
-			|| !ENGINE_set_digests(e, openssl_digests)
-#endif
+# ifndef OPENSSL_NO_RSA
+        || !ENGINE_set_RSA(e, RSA_get_default_method())
+# endif
+# ifndef OPENSSL_NO_DSA
+        || !ENGINE_set_DSA(e, DSA_get_default_method())
+# endif
+# ifndef OPENSSL_NO_ECDH
+        || !ENGINE_set_ECDH(e, ECDH_OpenSSL())
+# endif
+# ifndef OPENSSL_NO_ECDSA
+        || !ENGINE_set_ECDSA(e, ECDSA_OpenSSL())
+# endif
+# ifndef OPENSSL_NO_DH
+        || !ENGINE_set_DH(e, DH_get_default_method())
+# endif
+        || !ENGINE_set_RAND(e, RAND_SSLeay())
+# ifdef TEST_ENG_OPENSSL_RC4
+        || !ENGINE_set_ciphers(e, openssl_ciphers)
+# endif
+# ifdef TEST_ENG_OPENSSL_SHA
+        || !ENGINE_set_digests(e, openssl_digests)
+# endif
 #endif
 #ifdef TEST_ENG_OPENSSL_PKEY
-			|| !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
+        || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
 #endif
-			)
-		return 0;
-	/* If we add errors to this ENGINE, ensure the error handling is setup here */
-	/* openssl_load_error_strings(); */
-	return 1;
-	}
+        )
+        return 0;
+    /*
+     * If we add errors to this ENGINE, ensure the error handling is setup
+     * here
+     */
+    /* openssl_load_error_strings(); */
+    return 1;
+}
 
 static ENGINE *engine_openssl(void)
-	{
-	ENGINE *ret = ENGINE_new();
-	if(!ret)
-		return NULL;
-	if(!bind_helper(ret))
-		{
-		ENGINE_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
+{
+    ENGINE *ret = ENGINE_new();
+    if (!ret)
+        return NULL;
+    if (!bind_helper(ret)) {
+        ENGINE_free(ret);
+        return NULL;
+    }
+    return ret;
+}
 
 void ENGINE_load_openssl(void)
-	{
-	ENGINE *toadd = engine_openssl();
-	if(!toadd) return;
-	ENGINE_add(toadd);
-	/* If the "add" worked, it gets a structural reference. So either way,
-	 * we release our just-created reference. */
-	ENGINE_free(toadd);
-	ERR_clear_error();
-	}
+{
+    ENGINE *toadd = engine_openssl();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    /*
+     * If the "add" worked, it gets a structural reference. So either way, we
+     * release our just-created reference.
+     */
+    ENGINE_free(toadd);
+    ERR_clear_error();
+}
 
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
+ */
 #ifdef ENGINE_DYNAMIC_SUPPORT
 static int bind_fn(ENGINE *e, const char *id)
-	{
-	if(id && (strcmp(id, engine_openssl_id) != 0))
-		return 0;
-	if(!bind_helper(e))
-		return 0;
-	return 1;
-	}
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* ENGINE_DYNAMIC_SUPPORT */
+{
+    if (id && (strcmp(id, engine_openssl_id) != 0))
+        return 0;
+    if (!bind_helper(e))
+        return 0;
+    return 1;
+}
 
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
+#endif                          /* ENGINE_DYNAMIC_SUPPORT */
 #ifdef TEST_ENG_OPENSSL_RC4
-/* This section of code compiles an "alternative implementation" of two modes of
+/*-
+ * This section of code compiles an "alternative implementation" of two modes of
  * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
  * should under normal circumstances go via this support rather than the default
  * EVP support. There are other symbols to tweak the testing;
@@ -217,168 +230,173 @@ IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
  *        the "init_key" handler is called.
  *    TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
  */
-#include <openssl/rc4.h>
-#define TEST_RC4_KEY_SIZE		16
-static int test_cipher_nids[] = {NID_rc4,NID_rc4_40};
+# include <openssl/rc4.h>
+# define TEST_RC4_KEY_SIZE               16
+static int test_cipher_nids[] = { NID_rc4, NID_rc4_40 };
+
 static int test_cipher_nids_number = 2;
 typedef struct {
-	unsigned char key[TEST_RC4_KEY_SIZE];
-	RC4_KEY ks;
-	} TEST_RC4_KEY;
-#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
+    unsigned char key[TEST_RC4_KEY_SIZE];
+    RC4_KEY ks;
+} TEST_RC4_KEY;
+# define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
 static int test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			const unsigned char *iv, int enc)
-	{
-#ifdef TEST_ENG_OPENSSL_RC4_P_INIT
-	fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
-#endif
-	memcpy(&test(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx));
-	RC4_set_key(&test(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
-		test(ctx)->key);
-	return 1;
-	}
+                             const unsigned char *iv, int enc)
+{
+# ifdef TEST_ENG_OPENSSL_RC4_P_INIT
+    fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
+# endif
+    memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx));
+    RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+                test(ctx)->key);
+    return 1;
+}
+
 static int test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		      const unsigned char *in, unsigned int inl)
-	{
-#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
-	fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
-#endif
-	RC4(&test(ctx)->ks,inl,in,out);
-	return 1;
-	}
-static const EVP_CIPHER test_r4_cipher=
-	{
-	NID_rc4,
-	1,TEST_RC4_KEY_SIZE,0,
-	EVP_CIPH_VARIABLE_LENGTH,
-	test_rc4_init_key,
-	test_rc4_cipher,
-	NULL,
-	sizeof(TEST_RC4_KEY),
-	NULL,
-	NULL,
-	NULL,
-	NULL
-	};
-static const EVP_CIPHER test_r4_40_cipher=
-	{
-	NID_rc4_40,
-	1,5 /* 40 bit */,0,
-	EVP_CIPH_VARIABLE_LENGTH,
-	test_rc4_init_key,
-	test_rc4_cipher,
-	NULL,
-	sizeof(TEST_RC4_KEY),
-	NULL, 
-	NULL,
-	NULL,
-	NULL
-	};
+                           const unsigned char *in, unsigned int inl)
+{
+# ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
+    fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
+# endif
+    RC4(&test(ctx)->ks, inl, in, out);
+    return 1;
+}
+
+static const EVP_CIPHER test_r4_cipher = {
+    NID_rc4,
+    1, TEST_RC4_KEY_SIZE, 0,
+    EVP_CIPH_VARIABLE_LENGTH,
+    test_rc4_init_key,
+    test_rc4_cipher,
+    NULL,
+    sizeof(TEST_RC4_KEY),
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
+static const EVP_CIPHER test_r4_40_cipher = {
+    NID_rc4_40,
+    1, 5 /* 40 bit */ , 0,
+    EVP_CIPH_VARIABLE_LENGTH,
+    test_rc4_init_key,
+    test_rc4_cipher,
+    NULL,
+    sizeof(TEST_RC4_KEY),
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
+
 static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-			const int **nids, int nid)
-	{
-	if(!cipher)
-		{
-		/* We are returning a list of supported nids */
-		*nids = test_cipher_nids;
-		return test_cipher_nids_number;
-		}
-	/* We are being asked for a specific cipher */
-	if(nid == NID_rc4)
-		*cipher = &test_r4_cipher;
-	else if(nid == NID_rc4_40)
-		*cipher = &test_r4_40_cipher;
-	else
-		{
-#ifdef TEST_ENG_OPENSSL_RC4_OTHERS
-		fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
-				"nid %d\n", nid);
-#endif
-		*cipher = NULL;
-		return 0;
-		}
-	return 1;
-	}
+                           const int **nids, int nid)
+{
+    if (!cipher) {
+        /* We are returning a list of supported nids */
+        *nids = test_cipher_nids;
+        return test_cipher_nids_number;
+    }
+    /* We are being asked for a specific cipher */
+    if (nid == NID_rc4)
+        *cipher = &test_r4_cipher;
+    else if (nid == NID_rc4_40)
+        *cipher = &test_r4_40_cipher;
+    else {
+# ifdef TEST_ENG_OPENSSL_RC4_OTHERS
+        fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
+                "nid %d\n", nid);
+# endif
+        *cipher = NULL;
+        return 0;
+    }
+    return 1;
+}
 #endif
 
 #ifdef TEST_ENG_OPENSSL_SHA
 /* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
-#include <openssl/sha.h>
-static int test_digest_nids[] = {NID_sha1};
+# include <openssl/sha.h>
+static int test_digest_nids[] = { NID_sha1 };
+
 static int test_digest_nids_number = 1;
 static int test_sha1_init(EVP_MD_CTX *ctx)
-	{
-#ifdef TEST_ENG_OPENSSL_SHA_P_INIT
-	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
-#endif
-	return SHA1_Init(ctx->md_data);
-	}
-static int test_sha1_update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{
-#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
-	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
-#endif
-	return SHA1_Update(ctx->md_data,data,count);
-	}
-static int test_sha1_final(EVP_MD_CTX *ctx,unsigned char *md)
-	{
-#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
-	fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
-#endif
-	return SHA1_Final(md,ctx->md_data);
-	}
-static const EVP_MD test_sha_md=
-	{
-	NID_sha1,
-	NID_sha1WithRSAEncryption,
-	SHA_DIGEST_LENGTH,
-	0,
-	test_sha1_init,
-	test_sha1_update,
-	test_sha1_final,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	SHA_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA_CTX),
-	};
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_INIT
+    fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
+# endif
+    return SHA1_Init(ctx->md_data);
+}
+
+static int test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
+    fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
+# endif
+    return SHA1_Update(ctx->md_data, data, count);
+}
+
+static int test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+# ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
+    fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
+# endif
+    return SHA1_Final(md, ctx->md_data);
+}
+
+static const EVP_MD test_sha_md = {
+    NID_sha1,
+    NID_sha1WithRSAEncryption,
+    SHA_DIGEST_LENGTH,
+    0,
+    test_sha1_init,
+    test_sha1_update,
+    test_sha1_final,
+    NULL,
+    NULL,
+    EVP_PKEY_RSA_method,
+    SHA_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
+
 static int openssl_digests(ENGINE *e, const EVP_MD **digest,
-			const int **nids, int nid)
-	{
-	if(!digest)
-		{
-		/* We are returning a list of supported nids */
-		*nids = test_digest_nids;
-		return test_digest_nids_number;
-		}
-	/* We are being asked for a specific digest */
-	if(nid == NID_sha1)
-		*digest = &test_sha_md;
-	else
-		{
-#ifdef TEST_ENG_OPENSSL_SHA_OTHERS
-		fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
-				"nid %d\n", nid);
-#endif
-		*digest = NULL;
-		return 0;
-		}
-	return 1;
-	}
+                           const int **nids, int nid)
+{
+    if (!digest) {
+        /* We are returning a list of supported nids */
+        *nids = test_digest_nids;
+        return test_digest_nids_number;
+    }
+    /* We are being asked for a specific digest */
+    if (nid == NID_sha1)
+        *digest = &test_sha_md;
+    else {
+# ifdef TEST_ENG_OPENSSL_SHA_OTHERS
+        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
+                "nid %d\n", nid);
+# endif
+        *digest = NULL;
+        return 0;
+    }
+    return 1;
+}
 #endif
 
 #ifdef TEST_ENG_OPENSSL_PKEY
 static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
-	UI_METHOD *ui_method, void *callback_data)
-	{
-	BIO *in;
-	EVP_PKEY *key;
-	fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n", key_id);
-	in = BIO_new_file(key_id, "r");
-	if (!in)
-		return NULL;
-	key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
-	BIO_free(in);
-	return key;
-	}
+                                      UI_METHOD *ui_method,
+                                      void *callback_data)
+{
+    BIO *in;
+    EVP_PKEY *key;
+    fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
+            key_id);
+    in = BIO_new_file(key_id, "r");
+    if (!in)
+        return NULL;
+    key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
+    BIO_free(in);
+    return key;
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c b/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c
index 743558ab..f233b166 100644
--- a/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c
+++ b/Cryptlib/OpenSSL/crypto/engine/eng_padlock.c
@@ -1,10 +1,10 @@
-/* 
+/*-
  * Support for VIA PadLock Advanced Cryptography Engine (ACE)
  * Written by Michal Ludvig <michal@logix.cz>
  *            http://www.logix.cz/michal
  *
- * Big thanks to Andy Polyakov for a help with optimization, 
- * assembler fixes, port to MS Windows and a lot of other 
+ * Big thanks to Andy Polyakov for a help with optimization,
+ * assembler fixes, port to MS Windows and a lot of other
  * valuable work on this engine!
  */
 
@@ -62,7 +62,6 @@
  *
  */
 
-
 #include <stdio.h>
 #include <string.h>
 
@@ -72,66 +71,70 @@
 #include <openssl/engine.h>
 #include <openssl/evp.h>
 #ifndef OPENSSL_NO_AES
-#include <openssl/aes.h>
+# include <openssl/aes.h>
 #endif
 #include <openssl/rand.h>
 #include <openssl/err.h>
 
 #ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_PADLOCK
+# ifndef OPENSSL_NO_HW_PADLOCK
 
 /* Attempt to have a single source for both 0.9.7 and 0.9.8 :-) */
-#if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
-#  ifndef OPENSSL_NO_DYNAMIC_ENGINE
+#  if (OPENSSL_VERSION_NUMBER >= 0x00908000L)
+#   ifndef OPENSSL_NO_DYNAMIC_ENGINE
 #    define DYNAMIC_ENGINE
-#  endif
-#elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)
-#  ifdef ENGINE_DYNAMIC_SUPPORT
+#   endif
+#  elif (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+#   ifdef ENGINE_DYNAMIC_SUPPORT
 #    define DYNAMIC_ENGINE
+#   endif
+#  else
+#   error "Only OpenSSL >= 0.9.7 is supported"
 #  endif
-#else
-#  error "Only OpenSSL >= 0.9.7 is supported"
-#endif
 
-/* VIA PadLock AES is available *ONLY* on some x86 CPUs.
-   Not only that it doesn't exist elsewhere, but it
-   even can't be compiled on other platforms!
- 
-   In addition, because of the heavy use of inline assembler,
-   compiler choice is limited to GCC and Microsoft C. */
-#undef COMPILE_HW_PADLOCK
-#if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
-# if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
+/*
+ * VIA PadLock AES is available *ONLY* on some x86 CPUs. Not only that it
+ * doesn't exist elsewhere, but it even can't be compiled on other platforms!
+ *
+ * In addition, because of the heavy use of inline assembler, compiler choice
+ * is limited to GCC and Microsoft C.
+ */
+#  undef COMPILE_HW_PADLOCK
+#  if !defined(I386_ONLY) && !defined(OPENSSL_NO_INLINE_ASM)
+#   if (defined(__GNUC__) && (defined(__i386__) || defined(__i386))) || \
      (defined(_MSC_VER) && defined(_M_IX86))
-#  define COMPILE_HW_PADLOCK
-static ENGINE *ENGINE_padlock (void);
-# endif
-#endif
+#    define COMPILE_HW_PADLOCK
+static ENGINE *ENGINE_padlock(void);
+#   endif
+#  endif
 
-void ENGINE_load_padlock (void)
+void ENGINE_load_padlock(void)
 {
 /* On non-x86 CPUs it just returns. */
-#ifdef COMPILE_HW_PADLOCK
-	ENGINE *toadd = ENGINE_padlock ();
-	if (!toadd) return;
-	ENGINE_add (toadd);
-	ENGINE_free (toadd);
-	ERR_clear_error ();
-#endif
+#  ifdef COMPILE_HW_PADLOCK
+    ENGINE *toadd = ENGINE_padlock();
+    if (!toadd)
+        return;
+    ENGINE_add(toadd);
+    ENGINE_free(toadd);
+    ERR_clear_error();
+#  endif
 }
 
-#ifdef COMPILE_HW_PADLOCK
-/* We do these includes here to avoid header problems on platforms that
-   do not have the VIA padlock anyway... */
-#ifdef _MSC_VER
-# include <malloc.h>
-# define alloca _alloca
-#elif defined(NETWARE_CLIB) && defined(__GNUC__)
-  void *alloca(size_t);
-# define alloca(s) __builtin_alloca(s)
-#else
-# include <stdlib.h>
-#endif
+#  ifdef COMPILE_HW_PADLOCK
+/*
+ * We do these includes here to avoid header problems on platforms that do
+ * not have the VIA padlock anyway...
+ */
+#   ifdef _MSC_VER
+#    include <malloc.h>
+#    define alloca _alloca
+#   elif defined(NETWARE_CLIB) && defined(__GNUC__)
+void *alloca(size_t);
+#    define alloca(s) __builtin_alloca(s)
+#   else
+#    include <stdlib.h>
+#   endif
 
 /* Function for ENGINE detection and control */
 static int padlock_available(void);
@@ -141,135 +144,131 @@ static int padlock_init(ENGINE *e);
 static RAND_METHOD padlock_rand;
 
 /* Cipher Stuff */
-#ifndef OPENSSL_NO_AES
-static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid);
-#endif
+#   ifndef OPENSSL_NO_AES
+static int padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
+                           const int **nids, int nid);
+#   endif
 
 /* Engine names */
 static const char *padlock_id = "padlock";
 static char padlock_name[100];
 
 /* Available features */
-static int padlock_use_ace = 0;	/* Advanced Cryptography Engine */
-static int padlock_use_rng = 0;	/* Random Number Generator */
-#ifndef OPENSSL_NO_AES
+static int padlock_use_ace = 0; /* Advanced Cryptography Engine */
+static int padlock_use_rng = 0; /* Random Number Generator */
+#   ifndef OPENSSL_NO_AES
 static int padlock_aes_align_required = 1;
-#endif
+#   endif
 
 /* ===== Engine "management" functions ===== */
 
 /* Prepare the ENGINE structure for registration */
-static int
-padlock_bind_helper(ENGINE *e)
+static int padlock_bind_helper(ENGINE *e)
 {
-	/* Check available features */
-	padlock_available();
-
-#if 1	/* disable RNG for now, see commentary in vicinity of RNG code */
-	padlock_use_rng=0;
-#endif
-
-	/* Generate a nice engine name with available features */
-	BIO_snprintf(padlock_name, sizeof(padlock_name),
-		"VIA PadLock (%s, %s)", 
-		 padlock_use_rng ? "RNG" : "no-RNG",
-		 padlock_use_ace ? "ACE" : "no-ACE");
-
-	/* Register everything or return with an error */ 
-	if (!ENGINE_set_id(e, padlock_id) ||
-	    !ENGINE_set_name(e, padlock_name) ||
-
-	    !ENGINE_set_init_function(e, padlock_init) ||
-#ifndef OPENSSL_NO_AES
-	    (padlock_use_ace && !ENGINE_set_ciphers (e, padlock_ciphers)) ||
-#endif
-	    (padlock_use_rng && !ENGINE_set_RAND (e, &padlock_rand))) {
-		return 0;
-	}
-
-	/* Everything looks good */
-	return 1;
+    /* Check available features */
+    padlock_available();
+
+#   if 1                        /* disable RNG for now, see commentary in
+                                 * vicinity of RNG code */
+    padlock_use_rng = 0;
+#   endif
+
+    /* Generate a nice engine name with available features */
+    BIO_snprintf(padlock_name, sizeof(padlock_name),
+                 "VIA PadLock (%s, %s)",
+                 padlock_use_rng ? "RNG" : "no-RNG",
+                 padlock_use_ace ? "ACE" : "no-ACE");
+
+    /* Register everything or return with an error */
+    if (!ENGINE_set_id(e, padlock_id) ||
+        !ENGINE_set_name(e, padlock_name) ||
+        !ENGINE_set_init_function(e, padlock_init) ||
+#   ifndef OPENSSL_NO_AES
+        (padlock_use_ace && !ENGINE_set_ciphers(e, padlock_ciphers)) ||
+#   endif
+        (padlock_use_rng && !ENGINE_set_RAND(e, &padlock_rand))) {
+        return 0;
+    }
+
+    /* Everything looks good */
+    return 1;
 }
 
 /* Constructor */
-static ENGINE *
-ENGINE_padlock(void)
+static ENGINE *ENGINE_padlock(void)
 {
-	ENGINE *eng = ENGINE_new();
+    ENGINE *eng = ENGINE_new();
 
-	if (!eng) {
-		return NULL;
-	}
+    if (!eng) {
+        return NULL;
+    }
 
-	if (!padlock_bind_helper(eng)) {
-		ENGINE_free(eng);
-		return NULL;
-	}
+    if (!padlock_bind_helper(eng)) {
+        ENGINE_free(eng);
+        return NULL;
+    }
 
-	return eng;
+    return eng;
 }
 
 /* Check availability of the engine */
-static int
-padlock_init(ENGINE *e)
+static int padlock_init(ENGINE *e)
 {
-	return (padlock_use_rng || padlock_use_ace);
+    return (padlock_use_rng || padlock_use_ace);
 }
 
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library.
+/*
+ * This stuff is needed if this ENGINE is being compiled into a
+ * self-contained shared-library.
  */
-#ifdef DYNAMIC_ENGINE
-static int
-padlock_bind_fn(ENGINE *e, const char *id)
+#   ifdef DYNAMIC_ENGINE
+static int padlock_bind_fn(ENGINE *e, const char *id)
 {
-	if (id && (strcmp(id, padlock_id) != 0)) {
-		return 0;
-	}
+    if (id && (strcmp(id, padlock_id) != 0)) {
+        return 0;
+    }
 
-	if (!padlock_bind_helper(e))  {
-		return 0;
-	}
+    if (!padlock_bind_helper(e)) {
+        return 0;
+    }
 
-	return 1;
+    return 1;
 }
 
-IMPLEMENT_DYNAMIC_CHECK_FN ()
-IMPLEMENT_DYNAMIC_BIND_FN (padlock_bind_fn)
-#endif /* DYNAMIC_ENGINE */
-
+IMPLEMENT_DYNAMIC_CHECK_FN()
+    IMPLEMENT_DYNAMIC_BIND_FN(padlock_bind_fn)
+#   endif                       /* DYNAMIC_ENGINE */
 /* ===== Here comes the "real" engine ===== */
-
-#ifndef OPENSSL_NO_AES
+#   ifndef OPENSSL_NO_AES
 /* Some AES-related constants */
-#define AES_BLOCK_SIZE		16
-#define AES_KEY_SIZE_128	16
-#define AES_KEY_SIZE_192	24
-#define AES_KEY_SIZE_256	32
-
-/* Here we store the status information relevant to the 
-   current context. */
-/* BIG FAT WARNING:
- * 	Inline assembler in PADLOCK_XCRYPT_ASM()
- * 	depends on the order of items in this structure.
- * 	Don't blindly modify, reorder, etc!
- */
-struct padlock_cipher_data
-{
-	unsigned char iv[AES_BLOCK_SIZE];	/* Initialization vector */
-	union {	unsigned int pad[4];
-		struct {
-			int rounds:4;
-			int dgst:1;	/* n/a in C3 */
-			int align:1;	/* n/a in C3 */
-			int ciphr:1;	/* n/a in C3 */
-			unsigned int keygen:1;
-			int interm:1;
-			unsigned int encdec:1;
-			int ksize:2;
-		} b;
-	} cword;		/* Control word */
-	AES_KEY ks;		/* Encryption key */
+#    define AES_BLOCK_SIZE          16
+#    define AES_KEY_SIZE_128        16
+#    define AES_KEY_SIZE_192        24
+#    define AES_KEY_SIZE_256        32
+    /*
+     * Here we store the status information relevant to the current context.
+     */
+    /*
+     * BIG FAT WARNING: Inline assembler in PADLOCK_XCRYPT_ASM() depends on
+     * the order of items in this structure.  Don't blindly modify, reorder,
+     * etc!
+     */
+struct padlock_cipher_data {
+    unsigned char iv[AES_BLOCK_SIZE]; /* Initialization vector */
+    union {
+        unsigned int pad[4];
+        struct {
+            int rounds:4;
+            int dgst:1;         /* n/a in C3 */
+            int align:1;        /* n/a in C3 */
+            int ciphr:1;        /* n/a in C3 */
+            unsigned int keygen:1;
+            int interm:1;
+            unsigned int encdec:1;
+            int ksize:2;
+        } b;
+    } cword;                    /* Control word */
+    AES_KEY ks;                 /* Encryption key */
 };
 
 /*
@@ -279,9 +278,9 @@ struct padlock_cipher_data
  * so we accept the penatly...
  */
 static volatile struct padlock_cipher_data *padlock_saved_context;
-#endif
+#   endif
 
-/*
+/*-
  * =======================================================
  * Inline assembler section(s).
  * =======================================================
@@ -291,7 +290,7 @@ static volatile struct padlock_cipher_data *padlock_saved_context;
  * argument is passed in %ecx and second - in %edx.
  * =======================================================
  */
-#if defined(__GNUC__) && __GNUC__>=2
+#   if defined(__GNUC__) && __GNUC__>=2
 /*
  * As for excessive "push %ebx"/"pop %ebx" found all over.
  * When generating position-independent code GCC won't let
@@ -299,103 +298,99 @@ static volatile struct padlock_cipher_data *padlock_saved_context;
  * in "clobber description." Therefore the trouble...
  */
 
-/* Helper function - check if a CPUID instruction
-   is available on this CPU */
-static int
-padlock_insn_cpuid_available(void)
+/*
+ * Helper function - check if a CPUID instruction is available on this CPU
+ */
+static int padlock_insn_cpuid_available(void)
 {
-	int result = -1;
-
-	/* We're checking if the bit #21 of EFLAGS 
-	   can be toggled. If yes = CPUID is available. */
-	asm volatile (
-		"pushf\n"
-		"popl %%eax\n"
-		"xorl $0x200000, %%eax\n"
-		"movl %%eax, %%ecx\n"
-		"andl $0x200000, %%ecx\n"
-		"pushl %%eax\n"
-		"popf\n"
-		"pushf\n"
-		"popl %%eax\n"
-		"andl $0x200000, %%eax\n"
-		"xorl %%eax, %%ecx\n"
-		"movl %%ecx, %0\n"
-		: "=r" (result) : : "eax", "ecx");
-	
-	return (result == 0);
+    int result = -1;
+
+    /*
+     * We're checking if the bit #21 of EFLAGS can be toggled. If yes =
+     * CPUID is available.
+     */
+    asm volatile ("pushf\n"
+                  "popl %%eax\n"
+                  "xorl $0x200000, %%eax\n"
+                  "movl %%eax, %%ecx\n"
+                  "andl $0x200000, %%ecx\n"
+                  "pushl %%eax\n"
+                  "popf\n"
+                  "pushf\n"
+                  "popl %%eax\n"
+                  "andl $0x200000, %%eax\n"
+                  "xorl %%eax, %%ecx\n"
+                  "movl %%ecx, %0\n":"=r" (result)::"eax", "ecx");
+
+    return (result == 0);
 }
 
-/* Load supported features of the CPU to see if
-   the PadLock is available. */
-static int
-padlock_available(void)
+/*
+ * Load supported features of the CPU to see if the PadLock is available.
+ */
+static int padlock_available(void)
 {
-	char vendor_string[16];
-	unsigned int eax, edx;
-
-	/* First check if the CPUID instruction is available at all... */
-	if (! padlock_insn_cpuid_available())
-		return 0;
-
-	/* Are we running on the Centaur (VIA) CPU? */
-	eax = 0x00000000;
-	vendor_string[12] = 0;
-	asm volatile (
-		"pushl	%%ebx\n"
-		"cpuid\n"
-		"movl	%%ebx,(%%edi)\n"
-		"movl	%%edx,4(%%edi)\n"
-		"movl	%%ecx,8(%%edi)\n"
-		"popl	%%ebx"
-		: "+a"(eax) : "D"(vendor_string) : "ecx", "edx");
-	if (strcmp(vendor_string, "CentaurHauls") != 0)
-		return 0;
-
-	/* Check for Centaur Extended Feature Flags presence */
-	eax = 0xC0000000;
-	asm volatile ("pushl %%ebx; cpuid; popl	%%ebx"
-		: "+a"(eax) : : "ecx", "edx");
-	if (eax < 0xC0000001)
-		return 0;
-
-	/* Read the Centaur Extended Feature Flags */
-	eax = 0xC0000001;
-	asm volatile ("pushl %%ebx; cpuid; popl %%ebx"
-		: "+a"(eax), "=d"(edx) : : "ecx");
-
-	/* Fill up some flags */
-	padlock_use_ace = ((edx & (0x3<<6)) == (0x3<<6));
-	padlock_use_rng = ((edx & (0x3<<2)) == (0x3<<2));
-
-	return padlock_use_ace + padlock_use_rng;
+    char vendor_string[16];
+    unsigned int eax, edx;
+
+    /* First check if the CPUID instruction is available at all... */
+    if (!padlock_insn_cpuid_available())
+        return 0;
+
+    /* Are we running on the Centaur (VIA) CPU? */
+    eax = 0x00000000;
+    vendor_string[12] = 0;
+    asm volatile ("pushl  %%ebx\n"
+                  "cpuid\n"
+                  "movl   %%ebx,(%%edi)\n"
+                  "movl   %%edx,4(%%edi)\n"
+                  "movl   %%ecx,8(%%edi)\n"
+                  "popl   %%ebx":"+a" (eax):"D"(vendor_string):"ecx", "edx");
+    if (strcmp(vendor_string, "CentaurHauls") != 0)
+        return 0;
+
+    /* Check for Centaur Extended Feature Flags presence */
+    eax = 0xC0000000;
+    asm volatile ("pushl %%ebx; cpuid; popl %%ebx":"+a" (eax)::"ecx", "edx");
+    if (eax < 0xC0000001)
+        return 0;
+
+    /* Read the Centaur Extended Feature Flags */
+    eax = 0xC0000001;
+    asm volatile ("pushl %%ebx; cpuid; popl %%ebx":"+a" (eax),
+                  "=d"(edx)::"ecx");
+
+    /* Fill up some flags */
+    padlock_use_ace = ((edx & (0x3 << 6)) == (0x3 << 6));
+    padlock_use_rng = ((edx & (0x3 << 2)) == (0x3 << 2));
+
+    return padlock_use_ace + padlock_use_rng;
 }
 
-#ifndef OPENSSL_NO_AES
+#    ifndef OPENSSL_NO_AES
 /* Our own htonl()/ntohl() */
-static inline void
-padlock_bswapl(AES_KEY *ks)
+static inline void padlock_bswapl(AES_KEY *ks)
 {
-	size_t i = sizeof(ks->rd_key)/sizeof(ks->rd_key[0]);
-	unsigned int *key = ks->rd_key;
+    size_t i = sizeof(ks->rd_key) / sizeof(ks->rd_key[0]);
+    unsigned int *key = ks->rd_key;
 
-	while (i--) {
-		asm volatile ("bswapl %0" : "+r"(*key));
-		key++;
-	}
+    while (i--) {
+        asm volatile ("bswapl %0":"+r" (*key));
+        key++;
+    }
 }
-#endif
+#    endif
 
-/* Force key reload from memory to the CPU microcode.
-   Loading EFLAGS from the stack clears EFLAGS[30] 
-   which does the trick. */
-static inline void
-padlock_reload_key(void)
+/*
+ * Force key reload from memory to the CPU microcode. Loading EFLAGS from the
+ * stack clears EFLAGS[30] which does the trick.
+ */
+static inline void padlock_reload_key(void)
 {
-	asm volatile ("pushfl; popfl");
+    asm volatile ("pushfl; popfl");
 }
 
-#ifndef OPENSSL_NO_AES
+#    ifndef OPENSSL_NO_AES
 /*
  * This is heuristic key context tracing. At first one
  * believes that one should use atomic swap instructions,
@@ -405,90 +400,89 @@ padlock_reload_key(void)
  * our key *shall* be reloaded upon thread context switch
  * and we are therefore set in either case...
  */
-static inline void
-padlock_verify_context(struct padlock_cipher_data *cdata)
+static inline void padlock_verify_context(struct padlock_cipher_data *cdata)
 {
-	asm volatile (
-	"pushfl\n"
-"	btl	$30,(%%esp)\n"
-"	jnc	1f\n"
-"	cmpl	%2,%1\n"
-"	je	1f\n"
-"	popfl\n"
-"	subl	$4,%%esp\n"
-"1:	addl	$4,%%esp\n"
-"	movl	%2,%0"
-	:"+m"(padlock_saved_context)
-	: "r"(padlock_saved_context), "r"(cdata) : "cc");
+    asm volatile ("pushfl\n"
+                  "       btl     $30,(%%esp)\n"
+                  "       jnc     1f\n"
+                  "       cmpl    %2,%1\n"
+                  "       je      1f\n"
+                  "       popfl\n"
+                  "       subl    $4,%%esp\n"
+                  "1:     addl    $4,%%esp\n"
+                  "       movl    %2,%0":"+m" (padlock_saved_context)
+                  :"r"(padlock_saved_context), "r"(cdata):"cc");
 }
 
 /* Template for padlock_xcrypt_* modes */
-/* BIG FAT WARNING: 
- * 	The offsets used with 'leal' instructions
- * 	describe items of the 'padlock_cipher_data'
- * 	structure.
+/*
+ * BIG FAT WARNING: The offsets used with 'leal' instructions describe items
+ * of the 'padlock_cipher_data' structure.
  */
-#define PADLOCK_XCRYPT_ASM(name,rep_xcrypt)	\
-static inline void *name(size_t cnt,		\
-	struct padlock_cipher_data *cdata,	\
-	void *out, const void *inp) 		\
-{	void *iv; 				\
-	asm volatile ( "pushl	%%ebx\n"	\
-		"	leal	16(%0),%%edx\n"	\
-		"	leal	32(%0),%%ebx\n"	\
-			rep_xcrypt "\n"		\
-		"	popl	%%ebx"		\
-		: "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
-		: "0"(cdata), "1"(cnt), "2"(out), "3"(inp)  \
-		: "edx", "cc", "memory");	\
-	return iv;				\
+#     define PADLOCK_XCRYPT_ASM(name,rep_xcrypt)     \
+static inline void *name(size_t cnt,            \
+        struct padlock_cipher_data *cdata,      \
+        void *out, const void *inp)             \
+{       void *iv;                               \
+        asm volatile ( "pushl   %%ebx\n"        \
+                "       leal    16(%0),%%edx\n" \
+                "       leal    32(%0),%%ebx\n" \
+                        rep_xcrypt "\n"         \
+                "       popl    %%ebx"          \
+                : "=a"(iv), "=c"(cnt), "=D"(out), "=S"(inp) \
+                : "0"(cdata), "1"(cnt), "2"(out), "3"(inp)  \
+                : "edx", "cc", "memory");       \
+        return iv;                              \
 }
 
 /* Generate all functions with appropriate opcodes */
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8")	/* rep xcryptecb */
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0")	/* rep xcryptcbc */
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0")	/* rep xcryptcfb */
-PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8")	/* rep xcryptofb */
-#endif
-
+/* rep xcryptecb */
+PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb, ".byte 0xf3,0x0f,0xa7,0xc8")
+/* rep xcryptcbc */
+    PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc, ".byte 0xf3,0x0f,0xa7,0xd0")
+/* rep xcryptcfb */
+    PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb, ".byte 0xf3,0x0f,0xa7,0xe0")
+/* rep xcryptofb */
+    PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb, ".byte 0xf3,0x0f,0xa7,0xe8")
+#    endif
 /* The RNG call itself */
-static inline unsigned int
-padlock_xstore(void *addr, unsigned int edx_in)
+static inline unsigned int padlock_xstore(void *addr, unsigned int edx_in)
 {
-	unsigned int eax_out;
+    unsigned int eax_out;
 
-	asm volatile (".byte 0x0f,0xa7,0xc0"	/* xstore */
-	    : "=a"(eax_out),"=m"(*(unsigned *)addr)
-	    : "D"(addr), "d" (edx_in)
-	    );
+    asm volatile (".byte 0x0f,0xa7,0xc0" /* xstore */
+                  :"=a" (eax_out), "=m"(*(unsigned *)addr)
+                  :"D"(addr), "d"(edx_in)
+        );
 
-	return eax_out;
+    return eax_out;
 }
 
-/* Why not inline 'rep movsd'? I failed to find information on what
- * value in Direction Flag one can expect and consequently have to
- * apply "better-safe-than-sorry" approach and assume "undefined."
- * I could explicitly clear it and restore the original value upon
- * return from padlock_aes_cipher, but it's presumably too much
- * trouble for too little gain...
- *
- * In case you wonder 'rep xcrypt*' instructions above are *not*
- * affected by the Direction Flag and pointers advance toward
- * larger addresses unconditionally.
- */ 
-static inline unsigned char *
-padlock_memcpy(void *dst,const void *src,size_t n)
+/*
+ * Why not inline 'rep movsd'? I failed to find information on what value in
+ * Direction Flag one can expect and consequently have to apply
+ * "better-safe-than-sorry" approach and assume "undefined." I could
+ * explicitly clear it and restore the original value upon return from
+ * padlock_aes_cipher, but it's presumably too much trouble for too little
+ * gain... In case you wonder 'rep xcrypt*' instructions above are *not*
+ * affected by the Direction Flag and pointers advance toward larger
+ * addresses unconditionally.
+ */
+static inline unsigned char *padlock_memcpy(void *dst, const void *src,
+                                            size_t n)
 {
-	long       *d=dst;
-	const long *s=src;
+    long *d = dst;
+    const long *s = src;
 
-	n /= sizeof(*d);
-	do { *d++ = *s++; } while (--n);
+    n /= sizeof(*d);
+    do {
+        *d++ = *s++;
+    } while (--n);
 
-	return dst;
+    return dst;
 }
 
-#elif defined(_MSC_VER)
+#   elif defined(_MSC_VER)
 /*
  * Unlike GCC these are real functions. In order to minimize impact
  * on performance we adhere to __fastcall calling convention in
@@ -496,26 +490,25 @@ padlock_memcpy(void *dst,const void *src,size_t n)
  * Which kind of suits very well, as instructions in question use
  * both %ecx and %edx as input:-)
  */
-#define REP_XCRYPT(code)		\
-	_asm _emit 0xf3			\
-	_asm _emit 0x0f _asm _emit 0xa7	\
-	_asm _emit code
-
-/* BIG FAT WARNING: 
- * 	The offsets used with 'lea' instructions
- * 	describe items of the 'padlock_cipher_data'
- * 	structure.
+#    define REP_XCRYPT(code)                \
+        _asm _emit 0xf3                 \
+        _asm _emit 0x0f _asm _emit 0xa7 \
+        _asm _emit code
+
+/*
+ * BIG FAT WARNING: The offsets used with 'lea' instructions describe items
+ * of the 'padlock_cipher_data' structure.
  */
-#define PADLOCK_XCRYPT_ASM(name,code)	\
-static void * __fastcall 		\
-	name (size_t cnt, void *cdata,	\
-	void *outp, const void *inp)	\
-{	_asm	mov	eax,edx		\
-	_asm	lea	edx,[eax+16]	\
-	_asm	lea	ebx,[eax+32]	\
-	_asm	mov	edi,outp	\
-	_asm	mov	esi,inp		\
-	REP_XCRYPT(code)		\
+#    define PADLOCK_XCRYPT_ASM(name,code)   \
+static void * __fastcall                \
+        name (size_t cnt, void *cdata,  \
+        void *outp, const void *inp)    \
+{       _asm    mov     eax,edx         \
+        _asm    lea     edx,[eax+16]    \
+        _asm    lea     ebx,[eax+32]    \
+        _asm    mov     edi,outp        \
+        _asm    mov     esi,inp         \
+        REP_XCRYPT(code)                \
 }
 
 PADLOCK_XCRYPT_ASM(padlock_xcrypt_ecb,0xc8)
@@ -523,324 +516,330 @@ PADLOCK_XCRYPT_ASM(padlock_xcrypt_cbc,0xd0)
 PADLOCK_XCRYPT_ASM(padlock_xcrypt_cfb,0xe0)
 PADLOCK_XCRYPT_ASM(padlock_xcrypt_ofb,0xe8)
 
-static int __fastcall
-padlock_xstore(void *outp,unsigned int code)
-{	_asm	mov	edi,ecx
-	_asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0
+static int __fastcall padlock_xstore(void *outp, unsigned int code)
+{
+    _asm    mov edi,ecx
+    _asm _emit 0x0f _asm _emit 0xa7 _asm _emit 0xc0
+}
+
+static void __fastcall padlock_reload_key(void)
+{
+    _asm pushfd
+    _asm popfd
 }
 
-static void __fastcall
-padlock_reload_key(void)
-{	_asm pushfd _asm popfd		}
-
-static void __fastcall
-padlock_verify_context(void *cdata)
-{	_asm	{
-		pushfd
-		bt	DWORD PTR[esp],30
-		jnc	skip
-		cmp	ecx,padlock_saved_context
-		je	skip
-		popfd
-		sub	esp,4
-	skip:	add	esp,4
-		mov	padlock_saved_context,ecx
-		}
+static void __fastcall padlock_verify_context(void *cdata)
+{
+    _asm    {
+        pushfd
+        bt  DWORD PTR[esp],30
+        jnc skip
+        cmp ecx,padlock_saved_context
+        je  skip
+        popfd
+        sub esp,4
+    skip:   add esp,4
+        mov padlock_saved_context,ecx
+    }
 }
 
 static int
 padlock_available(void)
-{	_asm	{
-		pushfd
-		pop	eax
-		mov	ecx,eax
-		xor	eax,1<<21
-		push	eax
-		popfd
-		pushfd
-		pop	eax
-		xor	eax,ecx
-		bt	eax,21
-		jnc	noluck
-		mov	eax,0
-		cpuid
-		xor	eax,eax
-		cmp	ebx,'tneC'
-		jne	noluck
-		cmp	edx,'Hrua'
-		jne	noluck
-		cmp	ecx,'slua'
-		jne	noluck
-		mov	eax,0xC0000000
-		cpuid
-		mov	edx,eax
-		xor	eax,eax
-		cmp	edx,0xC0000001
-		jb	noluck
-		mov	eax,0xC0000001
-		cpuid
-		xor	eax,eax
-		bt	edx,6
-		jnc	skip_a
-		bt	edx,7
-		jnc	skip_a
-		mov	padlock_use_ace,1
-		inc	eax
-	skip_a:	bt	edx,2
-		jnc	skip_r
-		bt	edx,3
-		jnc	skip_r
-		mov	padlock_use_rng,1
-		inc	eax
-	skip_r:
-	noluck:
-		}
+{
+    _asm    {
+        pushfd
+        pop eax
+        mov ecx,eax
+        xor eax,1<<21
+        push    eax
+        popfd
+        pushfd
+        pop eax
+        xor eax,ecx
+        bt  eax,21
+        jnc noluck
+        mov eax,0
+        cpuid
+        xor eax,eax
+        cmp ebx,'tneC'
+        jne noluck
+        cmp edx,'Hrua'
+        jne noluck
+        cmp ecx,'slua'
+        jne noluck
+        mov eax,0xC0000000
+        cpuid
+        mov edx,eax
+        xor eax,eax
+        cmp edx,0xC0000001
+        jb  noluck
+        mov eax,0xC0000001
+        cpuid
+        xor eax,eax
+        bt  edx,6
+        jnc skip_a
+        bt  edx,7
+        jnc skip_a
+        mov padlock_use_ace,1
+        inc eax
+    skip_a: bt  edx,2
+        jnc skip_r
+        bt  edx,3
+        jnc skip_r
+        mov padlock_use_rng,1
+        inc eax
+    skip_r:
+    noluck:
+    }
 }
 
-static void __fastcall
-padlock_bswapl(void *key)
-{	_asm	{
-		pushfd
-		cld
-		mov	esi,ecx
-		mov	edi,ecx
-		mov	ecx,60
-	up:	lodsd
-		bswap	eax
-		stosd
-		loop	up
-		popfd
-		}
+static void __fastcall padlock_bswapl(void *key)
+{
+    _asm    {
+        pushfd
+        cld
+        mov esi,ecx
+        mov edi,ecx
+        mov ecx,60
+    up: lodsd
+        bswap   eax
+        stosd
+        loop    up
+        popfd
+    }
 }
 
-/* MS actually specifies status of Direction Flag and compiler even
- * manages to compile following as 'rep movsd' all by itself...
+/*
+ * MS actually specifies status of Direction Flag and compiler even manages
+ * to compile following as 'rep movsd' all by itself...
  */
-#define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U))
-#endif
-
+#    define padlock_memcpy(o,i,n) ((unsigned char *)memcpy((o),(i),(n)&~3U))
+#   endif
 /* ===== AES encryption/decryption ===== */
-#ifndef OPENSSL_NO_AES
-
-#if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
-#define NID_aes_128_cfb	NID_aes_128_cfb128
-#endif
-
-#if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
-#define NID_aes_128_ofb	NID_aes_128_ofb128
-#endif
-
-#if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
-#define NID_aes_192_cfb	NID_aes_192_cfb128
-#endif
-
-#if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
-#define NID_aes_192_ofb	NID_aes_192_ofb128
-#endif
-
-#if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
-#define NID_aes_256_cfb	NID_aes_256_cfb128
-#endif
-
-#if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
-#define NID_aes_256_ofb	NID_aes_256_ofb128
-#endif
-
-/* List of supported ciphers. */
-static int padlock_cipher_nids[] = {
-	NID_aes_128_ecb,
-	NID_aes_128_cbc,
-	NID_aes_128_cfb,
-	NID_aes_128_ofb,
-
-	NID_aes_192_ecb,
-	NID_aes_192_cbc,
-	NID_aes_192_cfb,
-	NID_aes_192_ofb,
-
-	NID_aes_256_ecb,
-	NID_aes_256_cbc,
-	NID_aes_256_cfb,
-	NID_aes_256_ofb,
+#   ifndef OPENSSL_NO_AES
+#    if defined(NID_aes_128_cfb128) && ! defined (NID_aes_128_cfb)
+#     define NID_aes_128_cfb NID_aes_128_cfb128
+#    endif
+#    if defined(NID_aes_128_ofb128) && ! defined (NID_aes_128_ofb)
+#     define NID_aes_128_ofb NID_aes_128_ofb128
+#    endif
+#    if defined(NID_aes_192_cfb128) && ! defined (NID_aes_192_cfb)
+#     define NID_aes_192_cfb NID_aes_192_cfb128
+#    endif
+#    if defined(NID_aes_192_ofb128) && ! defined (NID_aes_192_ofb)
+#     define NID_aes_192_ofb NID_aes_192_ofb128
+#    endif
+#    if defined(NID_aes_256_cfb128) && ! defined (NID_aes_256_cfb)
+#     define NID_aes_256_cfb NID_aes_256_cfb128
+#    endif
+#    if defined(NID_aes_256_ofb128) && ! defined (NID_aes_256_ofb)
+#     define NID_aes_256_ofb NID_aes_256_ofb128
+#    endif
+/*
+ * List of supported ciphers.
+ */ static int padlock_cipher_nids[] = {
+    NID_aes_128_ecb,
+    NID_aes_128_cbc,
+    NID_aes_128_cfb,
+    NID_aes_128_ofb,
+
+    NID_aes_192_ecb,
+    NID_aes_192_cbc,
+    NID_aes_192_cfb,
+    NID_aes_192_ofb,
+
+    NID_aes_256_ecb,
+    NID_aes_256_cbc,
+    NID_aes_256_cfb,
+    NID_aes_256_ofb,
 };
-static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids)/
-				      sizeof(padlock_cipher_nids[0]));
+
+static int padlock_cipher_nids_num = (sizeof(padlock_cipher_nids) /
+                                      sizeof(padlock_cipher_nids[0]));
 
 /* Function prototypes ... */
 static int padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-				const unsigned char *iv, int enc);
+                                const unsigned char *iv, int enc);
 static int padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			      const unsigned char *in, size_t nbytes);
-
-#define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) +		\
-	( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F )	)
-#define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
-	NEAREST_ALIGNED(ctx->cipher_data))
-
-#define EVP_CIPHER_block_size_ECB	AES_BLOCK_SIZE
-#define EVP_CIPHER_block_size_CBC	AES_BLOCK_SIZE
-#define EVP_CIPHER_block_size_OFB	1
-#define EVP_CIPHER_block_size_CFB	1
-
-/* Declaring so many ciphers by hand would be a pain.
-   Instead introduce a bit of preprocessor magic :-) */
-#define	DECLARE_AES_EVP(ksize,lmode,umode)	\
-static const EVP_CIPHER padlock_aes_##ksize##_##lmode = {	\
-	NID_aes_##ksize##_##lmode,		\
-	EVP_CIPHER_block_size_##umode,	\
-	AES_KEY_SIZE_##ksize,		\
-	AES_BLOCK_SIZE,			\
-	0 | EVP_CIPH_##umode##_MODE,	\
-	padlock_aes_init_key,		\
-	padlock_aes_cipher,		\
-	NULL,				\
-	sizeof(struct padlock_cipher_data) + 16,	\
-	EVP_CIPHER_set_asn1_iv,		\
-	EVP_CIPHER_get_asn1_iv,		\
-	NULL,				\
-	NULL				\
+                              const unsigned char *in, size_t nbytes);
+
+#    define NEAREST_ALIGNED(ptr) ( (unsigned char *)(ptr) +         \
+        ( (0x10 - ((size_t)(ptr) & 0x0F)) & 0x0F )      )
+#    define ALIGNED_CIPHER_DATA(ctx) ((struct padlock_cipher_data *)\
+        NEAREST_ALIGNED(ctx->cipher_data))
+
+#    define EVP_CIPHER_block_size_ECB       AES_BLOCK_SIZE
+#    define EVP_CIPHER_block_size_CBC       AES_BLOCK_SIZE
+#    define EVP_CIPHER_block_size_OFB       1
+#    define EVP_CIPHER_block_size_CFB       1
+
+/*
+ * Declaring so many ciphers by hand would be a pain. Instead introduce a bit
+ * of preprocessor magic :-)
+ */
+#    define DECLARE_AES_EVP(ksize,lmode,umode)      \
+static const EVP_CIPHER padlock_aes_##ksize##_##lmode = {       \
+        NID_aes_##ksize##_##lmode,              \
+        EVP_CIPHER_block_size_##umode,  \
+        AES_KEY_SIZE_##ksize,           \
+        AES_BLOCK_SIZE,                 \
+        0 | EVP_CIPH_##umode##_MODE,    \
+        padlock_aes_init_key,           \
+        padlock_aes_cipher,             \
+        NULL,                           \
+        sizeof(struct padlock_cipher_data) + 16,        \
+        EVP_CIPHER_set_asn1_iv,         \
+        EVP_CIPHER_get_asn1_iv,         \
+        NULL,                           \
+        NULL                            \
 }
 
-DECLARE_AES_EVP(128,ecb,ECB);
-DECLARE_AES_EVP(128,cbc,CBC);
-DECLARE_AES_EVP(128,cfb,CFB);
-DECLARE_AES_EVP(128,ofb,OFB);
+DECLARE_AES_EVP(128, ecb, ECB);
+DECLARE_AES_EVP(128, cbc, CBC);
+DECLARE_AES_EVP(128, cfb, CFB);
+DECLARE_AES_EVP(128, ofb, OFB);
 
-DECLARE_AES_EVP(192,ecb,ECB);
-DECLARE_AES_EVP(192,cbc,CBC);
-DECLARE_AES_EVP(192,cfb,CFB);
-DECLARE_AES_EVP(192,ofb,OFB);
+DECLARE_AES_EVP(192, ecb, ECB);
+DECLARE_AES_EVP(192, cbc, CBC);
+DECLARE_AES_EVP(192, cfb, CFB);
+DECLARE_AES_EVP(192, ofb, OFB);
 
-DECLARE_AES_EVP(256,ecb,ECB);
-DECLARE_AES_EVP(256,cbc,CBC);
-DECLARE_AES_EVP(256,cfb,CFB);
-DECLARE_AES_EVP(256,ofb,OFB);
+DECLARE_AES_EVP(256, ecb, ECB);
+DECLARE_AES_EVP(256, cbc, CBC);
+DECLARE_AES_EVP(256, cfb, CFB);
+DECLARE_AES_EVP(256, ofb, OFB);
 
 static int
-padlock_ciphers (ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
+padlock_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids,
+                int nid)
 {
-	/* No specific cipher => return a list of supported nids ... */
-	if (!cipher) {
-		*nids = padlock_cipher_nids;
-		return padlock_cipher_nids_num;
-	}
-
-	/* ... or the requested "cipher" otherwise */
-	switch (nid) {
-	  case NID_aes_128_ecb:
-	    *cipher = &padlock_aes_128_ecb;
-	    break;
-	  case NID_aes_128_cbc:
-	    *cipher = &padlock_aes_128_cbc;
-	    break;
-	  case NID_aes_128_cfb:
-	    *cipher = &padlock_aes_128_cfb;
-	    break;
-	  case NID_aes_128_ofb:
-	    *cipher = &padlock_aes_128_ofb;
-	    break;
-
-	  case NID_aes_192_ecb:
-	    *cipher = &padlock_aes_192_ecb;
-	    break;
-	  case NID_aes_192_cbc:
-	    *cipher = &padlock_aes_192_cbc;
-	    break;
-	  case NID_aes_192_cfb:
-	    *cipher = &padlock_aes_192_cfb;
-	    break;
-	  case NID_aes_192_ofb:
-	    *cipher = &padlock_aes_192_ofb;
-	    break;
-
-	  case NID_aes_256_ecb:
-	    *cipher = &padlock_aes_256_ecb;
-	    break;
-	  case NID_aes_256_cbc:
-	    *cipher = &padlock_aes_256_cbc;
-	    break;
-	  case NID_aes_256_cfb:
-	    *cipher = &padlock_aes_256_cfb;
-	    break;
-	  case NID_aes_256_ofb:
-	    *cipher = &padlock_aes_256_ofb;
-	    break;
-
-	  default:
-	    /* Sorry, we don't support this NID */
-	    *cipher = NULL;
-	    return 0;
-	}
-
-	return 1;
+    /* No specific cipher => return a list of supported nids ... */
+    if (!cipher) {
+        *nids = padlock_cipher_nids;
+        return padlock_cipher_nids_num;
+    }
+
+    /* ... or the requested "cipher" otherwise */
+    switch (nid) {
+    case NID_aes_128_ecb:
+        *cipher = &padlock_aes_128_ecb;
+        break;
+    case NID_aes_128_cbc:
+        *cipher = &padlock_aes_128_cbc;
+        break;
+    case NID_aes_128_cfb:
+        *cipher = &padlock_aes_128_cfb;
+        break;
+    case NID_aes_128_ofb:
+        *cipher = &padlock_aes_128_ofb;
+        break;
+
+    case NID_aes_192_ecb:
+        *cipher = &padlock_aes_192_ecb;
+        break;
+    case NID_aes_192_cbc:
+        *cipher = &padlock_aes_192_cbc;
+        break;
+    case NID_aes_192_cfb:
+        *cipher = &padlock_aes_192_cfb;
+        break;
+    case NID_aes_192_ofb:
+        *cipher = &padlock_aes_192_ofb;
+        break;
+
+    case NID_aes_256_ecb:
+        *cipher = &padlock_aes_256_ecb;
+        break;
+    case NID_aes_256_cbc:
+        *cipher = &padlock_aes_256_cbc;
+        break;
+    case NID_aes_256_cfb:
+        *cipher = &padlock_aes_256_cfb;
+        break;
+    case NID_aes_256_ofb:
+        *cipher = &padlock_aes_256_ofb;
+        break;
+
+    default:
+        /* Sorry, we don't support this NID */
+        *cipher = NULL;
+        return 0;
+    }
+
+    return 1;
 }
 
 /* Prepare the encryption key for PadLock usage */
 static int
-padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key,
-		      const unsigned char *iv, int enc)
+padlock_aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+                     const unsigned char *iv, int enc)
 {
-	struct padlock_cipher_data *cdata;
-	int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;
-
-	if (key==NULL) return 0;	/* ERROR */
-
-	cdata = ALIGNED_CIPHER_DATA(ctx);
-	memset(cdata, 0, sizeof(struct padlock_cipher_data));
-
-	/* Prepare Control word. */
-	if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
-		cdata->cword.b.encdec = 0;
-	else
-		cdata->cword.b.encdec = (ctx->encrypt == 0);
-	cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
-	cdata->cword.b.ksize = (key_len - 128) / 64;
-
-	switch(key_len) {
-		case 128:
-			/* PadLock can generate an extended key for
-			   AES128 in hardware */
-			memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);
-			cdata->cword.b.keygen = 0;
-			break;
-
-		case 192:
-		case 256:
-			/* Generate an extended AES key in software.
-			   Needed for AES192/AES256 */
-			/* Well, the above applies to Stepping 8 CPUs
-			   and is listed as hardware errata. They most
-			   likely will fix it at some point and then
-			   a check for stepping would be due here. */
-			if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE ||
-			    EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE ||
-			    enc)
-				AES_set_encrypt_key(key, key_len, &cdata->ks);
-			else
-				AES_set_decrypt_key(key, key_len, &cdata->ks);
-#ifndef AES_ASM
-			/* OpenSSL C functions use byte-swapped extended key. */
-			padlock_bswapl(&cdata->ks);
-#endif
-			cdata->cword.b.keygen = 1;
-			break;
-
-		default:
-			/* ERROR */
-			return 0;
-	}
-
-	/*
-	 * This is done to cover for cases when user reuses the
-	 * context for new key. The catch is that if we don't do
-	 * this, padlock_eas_cipher might proceed with old key...
-	 */
-	padlock_reload_key ();
-
-	return 1;
+    struct padlock_cipher_data *cdata;
+    int key_len = EVP_CIPHER_CTX_key_length(ctx) * 8;
+
+    if (key == NULL)
+        return 0;               /* ERROR */
+
+    cdata = ALIGNED_CIPHER_DATA(ctx);
+    memset(cdata, 0, sizeof(struct padlock_cipher_data));
+
+    /* Prepare Control word. */
+    if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
+        cdata->cword.b.encdec = 0;
+    else
+        cdata->cword.b.encdec = (ctx->encrypt == 0);
+    cdata->cword.b.rounds = 10 + (key_len - 128) / 32;
+    cdata->cword.b.ksize = (key_len - 128) / 64;
+
+    switch (key_len) {
+    case 128:
+        /*
+         * PadLock can generate an extended key for AES128 in hardware
+         */
+        memcpy(cdata->ks.rd_key, key, AES_KEY_SIZE_128);
+        cdata->cword.b.keygen = 0;
+        break;
+
+    case 192:
+    case 256:
+        /*
+         * Generate an extended AES key in software. Needed for AES192/AES256
+         */
+        /*
+         * Well, the above applies to Stepping 8 CPUs and is listed as
+         * hardware errata. They most likely will fix it at some point and
+         * then a check for stepping would be due here.
+         */
+        if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE ||
+            EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE || enc)
+            AES_set_encrypt_key(key, key_len, &cdata->ks);
+        else
+            AES_set_decrypt_key(key, key_len, &cdata->ks);
+#    ifndef AES_ASM
+        /*
+         * OpenSSL C functions use byte-swapped extended key.
+         */
+        padlock_bswapl(&cdata->ks);
+#    endif
+        cdata->cword.b.keygen = 1;
+        break;
+
+    default:
+        /* ERROR */
+        return 0;
+    }
+
+    /*
+     * This is done to cover for cases when user reuses the
+     * context for new key. The catch is that if we don't do
+     * this, padlock_eas_cipher might proceed with old key...
+     */
+    padlock_reload_key();
+
+    return 1;
 }
 
-/* 
+/*-
  * Simplified version of padlock_aes_cipher() used when
  * 1) both input and output buffers are at aligned addresses.
  * or when
@@ -848,314 +847,329 @@ padlock_aes_init_key (EVP_CIPHER_CTX *ctx, const unsigned char *key,
  */
 static int
 padlock_aes_cipher_omnivorous(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
-		const unsigned char *in_arg, size_t nbytes)
+                              const unsigned char *in_arg, size_t nbytes)
 {
-	struct padlock_cipher_data *cdata;
-	void  *iv;
-
-	cdata = ALIGNED_CIPHER_DATA(ctx);
-	padlock_verify_context(cdata);
-
-	switch (EVP_CIPHER_CTX_mode(ctx)) {
-	case EVP_CIPH_ECB_MODE:
-		padlock_xcrypt_ecb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
-		break;
-
-	case EVP_CIPH_CBC_MODE:
-		memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
-		iv = padlock_xcrypt_cbc(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
-		memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
-		break;
-
-	case EVP_CIPH_CFB_MODE:
-		memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
-		iv = padlock_xcrypt_cfb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
-		memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
-		break;
-
-	case EVP_CIPH_OFB_MODE:
-		memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
-		padlock_xcrypt_ofb(nbytes/AES_BLOCK_SIZE, cdata, out_arg, in_arg);
-		memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
-		break;
-
-	default:
-		return 0;
-	}
-
-	memset(cdata->iv, 0, AES_BLOCK_SIZE);
-
-	return 1;
+    struct padlock_cipher_data *cdata;
+    void *iv;
+
+    cdata = ALIGNED_CIPHER_DATA(ctx);
+    padlock_verify_context(cdata);
+
+    switch (EVP_CIPHER_CTX_mode(ctx)) {
+    case EVP_CIPH_ECB_MODE:
+        padlock_xcrypt_ecb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, in_arg);
+        break;
+
+    case EVP_CIPH_CBC_MODE:
+        memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+        iv = padlock_xcrypt_cbc(nbytes / AES_BLOCK_SIZE, cdata, out_arg,
+                                in_arg);
+        memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+        break;
+
+    case EVP_CIPH_CFB_MODE:
+        memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+        iv = padlock_xcrypt_cfb(nbytes / AES_BLOCK_SIZE, cdata, out_arg,
+                                in_arg);
+        memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+        break;
+
+    case EVP_CIPH_OFB_MODE:
+        memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+        padlock_xcrypt_ofb(nbytes / AES_BLOCK_SIZE, cdata, out_arg, in_arg);
+        memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
+        break;
+
+    default:
+        return 0;
+    }
+
+    memset(cdata->iv, 0, AES_BLOCK_SIZE);
+
+    return 1;
 }
 
-#ifndef  PADLOCK_CHUNK
-# define PADLOCK_CHUNK	512	/* Must be a power of 2 larger than 16 */
-#endif
-#if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1)
-# error "insane PADLOCK_CHUNK..."
-#endif
+#    ifndef  PADLOCK_CHUNK
+#     define PADLOCK_CHUNK  512 /* Must be a power of 2 larger than 16 */
+#    endif
+#    if PADLOCK_CHUNK<16 || PADLOCK_CHUNK&(PADLOCK_CHUNK-1)
+#     error "insane PADLOCK_CHUNK..."
+#    endif
 
-/* Re-align the arguments to 16-Bytes boundaries and run the 
-   encryption function itself. This function is not AES-specific. */
+/*
+ * Re-align the arguments to 16-Bytes boundaries and run the encryption
+ * function itself. This function is not AES-specific.
+ */
 static int
 padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
-		   const unsigned char *in_arg, size_t nbytes)
+                   const unsigned char *in_arg, size_t nbytes)
 {
-	struct padlock_cipher_data *cdata;
-	const  void *inp;
-	unsigned char  *out;
-	void  *iv;
-	int    inp_misaligned, out_misaligned, realign_in_loop;
-	size_t chunk, allocated=0;
-
-	/* ctx->num is maintained in byte-oriented modes,
-	   such as CFB and OFB... */
-	if ((chunk = ctx->num)) { /* borrow chunk variable */
-		unsigned char *ivp=ctx->iv;
-
-		switch (EVP_CIPHER_CTX_mode(ctx)) {
-		case EVP_CIPH_CFB_MODE:
-			if (chunk >= AES_BLOCK_SIZE)
-				return 0; /* bogus value */
-
-			if (ctx->encrypt)
-				while (chunk<AES_BLOCK_SIZE && nbytes!=0) {
-					ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
-					chunk++, nbytes--;
-				}
-			else	while (chunk<AES_BLOCK_SIZE && nbytes!=0) {
-					unsigned char c = *(in_arg++);
-					*(out_arg++) = c ^ ivp[chunk];
-					ivp[chunk++] = c, nbytes--;
-				}
-
-			ctx->num = chunk%AES_BLOCK_SIZE;
-			break;
-		case EVP_CIPH_OFB_MODE:
-			if (chunk >= AES_BLOCK_SIZE)
-				return 0; /* bogus value */
-
-			while (chunk<AES_BLOCK_SIZE && nbytes!=0) {
-				*(out_arg++) = *(in_arg++) ^ ivp[chunk];
-				chunk++, nbytes--;
-			}
-
-			ctx->num = chunk%AES_BLOCK_SIZE;
-			break;
-		}
-	}
-
-	if (nbytes == 0)
-		return 1;
-#if 0
-	if (nbytes % AES_BLOCK_SIZE)
-		return 0; /* are we expected to do tail processing? */
-#else
-	/* nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC
-	   modes and arbitrary value in byte-oriented modes, such as
-	   CFB and OFB... */
-#endif
-
-	/* VIA promises CPUs that won't require alignment in the future.
-	   For now padlock_aes_align_required is initialized to 1 and
-	   the condition is never met... */
-	/* C7 core is capable to manage unaligned input in non-ECB[!]
-	   mode, but performance penalties appear to be approximately
-	   same as for software alignment below or ~3x. They promise to
-	   improve it in the future, but for now we can just as well
-	   pretend that it can only handle aligned input... */
-	if (!padlock_aes_align_required && (nbytes%AES_BLOCK_SIZE)==0)
-		return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
-
-	inp_misaligned = (((size_t)in_arg) & 0x0F);
-	out_misaligned = (((size_t)out_arg) & 0x0F);
-
-	/* Note that even if output is aligned and input not,
-	 * I still prefer to loop instead of copy the whole
-	 * input and then encrypt in one stroke. This is done
-	 * in order to improve L1 cache utilization... */
-	realign_in_loop = out_misaligned|inp_misaligned;
-
-	if (!realign_in_loop && (nbytes%AES_BLOCK_SIZE)==0)
-		return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
-
-	/* this takes one "if" out of the loops */
-	chunk  = nbytes;
-	chunk %= PADLOCK_CHUNK;
-	if (chunk==0) chunk = PADLOCK_CHUNK;
-
-	if (out_misaligned) {
-		/* optmize for small input */
-		allocated = (chunk<nbytes?PADLOCK_CHUNK:nbytes);
-		out = alloca(0x10 + allocated);
-		out = NEAREST_ALIGNED(out);
-	}
-	else
-		out = out_arg;
-
-	cdata = ALIGNED_CIPHER_DATA(ctx);
-	padlock_verify_context(cdata);
-
-	switch (EVP_CIPHER_CTX_mode(ctx)) {
-	case EVP_CIPH_ECB_MODE:
-		do	{
-			if (inp_misaligned)
-				inp = padlock_memcpy(out, in_arg, chunk);
-			else
-				inp = in_arg;
-			in_arg += chunk;
-
-			padlock_xcrypt_ecb(chunk/AES_BLOCK_SIZE, cdata, out, inp);
-
-			if (out_misaligned)
-				out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
-			else
-				out     = out_arg+=chunk;
-
-			nbytes -= chunk;
-			chunk   = PADLOCK_CHUNK;
-		} while (nbytes);
-		break;
-
-	case EVP_CIPH_CBC_MODE:
-		memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
-		goto cbc_shortcut;
-		do	{
-			if (iv != cdata->iv)
-				memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
-			chunk = PADLOCK_CHUNK;
-		cbc_shortcut: /* optimize for small input */
-			if (inp_misaligned)
-				inp = padlock_memcpy(out, in_arg, chunk);
-			else
-				inp = in_arg;
-			in_arg += chunk;
-
-			iv = padlock_xcrypt_cbc(chunk/AES_BLOCK_SIZE, cdata, out, inp);
-
-			if (out_misaligned)
-				out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
-			else
-				out     = out_arg+=chunk;
-
-		} while (nbytes -= chunk);
-		memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
-		break;
-
-	case EVP_CIPH_CFB_MODE:
-		memcpy (iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE);
-		chunk &= ~(AES_BLOCK_SIZE-1);
-		if (chunk)	goto cfb_shortcut;
-		else		goto cfb_skiploop;
-		do	{
-			if (iv != cdata->iv)
-				memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
-			chunk = PADLOCK_CHUNK;
-		cfb_shortcut: /* optimize for small input */
-			if (inp_misaligned)
-				inp = padlock_memcpy(out, in_arg, chunk);
-			else
-				inp = in_arg;
-			in_arg += chunk;
-
-			iv = padlock_xcrypt_cfb(chunk/AES_BLOCK_SIZE, cdata, out, inp);
-
-			if (out_misaligned)
-				out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
-			else
-				out     = out_arg+=chunk;
-
-			nbytes -= chunk;
-		} while (nbytes >= AES_BLOCK_SIZE);
-
-		cfb_skiploop:
-		if (nbytes) {
-			unsigned char *ivp = cdata->iv;
-
-			if (iv != ivp) {
-				memcpy(ivp, iv, AES_BLOCK_SIZE);
-				iv = ivp;
-			}
-			ctx->num = nbytes;
-			if (cdata->cword.b.encdec) {
-				cdata->cword.b.encdec=0;
-				padlock_reload_key();
-				padlock_xcrypt_ecb(1,cdata,ivp,ivp);
-				cdata->cword.b.encdec=1;
-				padlock_reload_key();
-				while(nbytes) {
-					unsigned char c = *(in_arg++);
-					*(out_arg++) = c ^ *ivp;
-					*(ivp++) = c, nbytes--;
-				}
-			}
-			else {	padlock_reload_key();
-				padlock_xcrypt_ecb(1,cdata,ivp,ivp);
-				padlock_reload_key();
-				while (nbytes) {
-					*ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
-					ivp++, nbytes--;
-				}
-			}
-		}
-
-		memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
-		break;
-
-	case EVP_CIPH_OFB_MODE:
-		memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
-		chunk &= ~(AES_BLOCK_SIZE-1);
-		if (chunk) do	{
-			if (inp_misaligned)
-				inp = padlock_memcpy(out, in_arg, chunk);
-			else
-				inp = in_arg;
-			in_arg += chunk;
-
-			padlock_xcrypt_ofb(chunk/AES_BLOCK_SIZE, cdata, out, inp);
-
-			if (out_misaligned)
-				out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
-			else
-				out     = out_arg+=chunk;
-
-			nbytes -= chunk;
-			chunk   = PADLOCK_CHUNK;
-		} while (nbytes >= AES_BLOCK_SIZE);
-
-		if (nbytes) {
-			unsigned char *ivp = cdata->iv;
-
-			ctx->num = nbytes;
-			padlock_reload_key();	/* empirically found */
-			padlock_xcrypt_ecb(1,cdata,ivp,ivp);
-			padlock_reload_key();	/* empirically found */
-			while (nbytes) {
-				*(out_arg++) = *(in_arg++) ^ *ivp;
-				ivp++, nbytes--;
-			}
-		}
-
-		memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
-		break;
-
-	default:
-		return 0;
-	}
-
-	/* Clean the realign buffer if it was used */
-	if (out_misaligned) {
-		volatile unsigned long *p=(void *)out;
-		size_t   n = allocated/sizeof(*p);
-		while (n--) *p++=0;
-	}
-
-	memset(cdata->iv, 0, AES_BLOCK_SIZE);
-
-	return 1;
+    struct padlock_cipher_data *cdata;
+    const void *inp;
+    unsigned char *out;
+    void *iv;
+    int inp_misaligned, out_misaligned, realign_in_loop;
+    size_t chunk, allocated = 0;
+
+    /*
+     * ctx->num is maintained in byte-oriented modes, such as CFB and OFB...
+     */
+    if ((chunk = ctx->num)) {   /* borrow chunk variable */
+        unsigned char *ivp = ctx->iv;
+
+        switch (EVP_CIPHER_CTX_mode(ctx)) {
+        case EVP_CIPH_CFB_MODE:
+            if (chunk >= AES_BLOCK_SIZE)
+                return 0;       /* bogus value */
+
+            if (ctx->encrypt)
+                while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+                    ivp[chunk] = *(out_arg++) = *(in_arg++) ^ ivp[chunk];
+                    chunk++, nbytes--;
+            } else
+                while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+                    unsigned char c = *(in_arg++);
+                    *(out_arg++) = c ^ ivp[chunk];
+                    ivp[chunk++] = c, nbytes--;
+                }
+
+            ctx->num = chunk % AES_BLOCK_SIZE;
+            break;
+        case EVP_CIPH_OFB_MODE:
+            if (chunk >= AES_BLOCK_SIZE)
+                return 0;       /* bogus value */
+
+            while (chunk < AES_BLOCK_SIZE && nbytes != 0) {
+                *(out_arg++) = *(in_arg++) ^ ivp[chunk];
+                chunk++, nbytes--;
+            }
+
+            ctx->num = chunk % AES_BLOCK_SIZE;
+            break;
+        }
+    }
+
+    if (nbytes == 0)
+        return 1;
+#    if 0
+    if (nbytes % AES_BLOCK_SIZE)
+        return 0;               /* are we expected to do tail processing? */
+#    else
+    /*
+     * nbytes is always multiple of AES_BLOCK_SIZE in ECB and CBC modes and
+     * arbitrary value in byte-oriented modes, such as CFB and OFB...
+     */
+#    endif
+
+    /*
+     * VIA promises CPUs that won't require alignment in the future. For now
+     * padlock_aes_align_required is initialized to 1 and the condition is
+     * never met...
+     */
+    /*
+     * C7 core is capable to manage unaligned input in non-ECB[!] mode, but
+     * performance penalties appear to be approximately same as for software
+     * alignment below or ~3x. They promise to improve it in the future, but
+     * for now we can just as well pretend that it can only handle aligned
+     * input...
+     */
+    if (!padlock_aes_align_required && (nbytes % AES_BLOCK_SIZE) == 0)
+        return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
+
+    inp_misaligned = (((size_t)in_arg) & 0x0F);
+    out_misaligned = (((size_t)out_arg) & 0x0F);
+
+    /*
+     * Note that even if output is aligned and input not, I still prefer to
+     * loop instead of copy the whole input and then encrypt in one stroke.
+     * This is done in order to improve L1 cache utilization...
+     */
+    realign_in_loop = out_misaligned | inp_misaligned;
+
+    if (!realign_in_loop && (nbytes % AES_BLOCK_SIZE) == 0)
+        return padlock_aes_cipher_omnivorous(ctx, out_arg, in_arg, nbytes);
+
+    /* this takes one "if" out of the loops */
+    chunk = nbytes;
+    chunk %= PADLOCK_CHUNK;
+    if (chunk == 0)
+        chunk = PADLOCK_CHUNK;
+
+    if (out_misaligned) {
+        /* optmize for small input */
+        allocated = (chunk < nbytes ? PADLOCK_CHUNK : nbytes);
+        out = alloca(0x10 + allocated);
+        out = NEAREST_ALIGNED(out);
+    } else
+        out = out_arg;
+
+    cdata = ALIGNED_CIPHER_DATA(ctx);
+    padlock_verify_context(cdata);
+
+    switch (EVP_CIPHER_CTX_mode(ctx)) {
+    case EVP_CIPH_ECB_MODE:
+        do {
+            if (inp_misaligned)
+                inp = padlock_memcpy(out, in_arg, chunk);
+            else
+                inp = in_arg;
+            in_arg += chunk;
+
+            padlock_xcrypt_ecb(chunk / AES_BLOCK_SIZE, cdata, out, inp);
+
+            if (out_misaligned)
+                out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
+            else
+                out = out_arg += chunk;
+
+            nbytes -= chunk;
+            chunk = PADLOCK_CHUNK;
+        } while (nbytes);
+        break;
+
+    case EVP_CIPH_CBC_MODE:
+        memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+        goto cbc_shortcut;
+        do {
+            if (iv != cdata->iv)
+                memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
+            chunk = PADLOCK_CHUNK;
+ cbc_shortcut:                 /* optimize for small input */
+            if (inp_misaligned)
+                inp = padlock_memcpy(out, in_arg, chunk);
+            else
+                inp = in_arg;
+            in_arg += chunk;
+
+            iv = padlock_xcrypt_cbc(chunk / AES_BLOCK_SIZE, cdata, out, inp);
+
+            if (out_misaligned)
+                out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
+            else
+                out = out_arg += chunk;
+
+        } while (nbytes -= chunk);
+        memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+        break;
+
+    case EVP_CIPH_CFB_MODE:
+        memcpy(iv = cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+        chunk &= ~(AES_BLOCK_SIZE - 1);
+        if (chunk)
+            goto cfb_shortcut;
+        else
+            goto cfb_skiploop;
+        do {
+            if (iv != cdata->iv)
+                memcpy(cdata->iv, iv, AES_BLOCK_SIZE);
+            chunk = PADLOCK_CHUNK;
+ cfb_shortcut:                 /* optimize for small input */
+            if (inp_misaligned)
+                inp = padlock_memcpy(out, in_arg, chunk);
+            else
+                inp = in_arg;
+            in_arg += chunk;
+
+            iv = padlock_xcrypt_cfb(chunk / AES_BLOCK_SIZE, cdata, out, inp);
+
+            if (out_misaligned)
+                out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
+            else
+                out = out_arg += chunk;
+
+            nbytes -= chunk;
+        } while (nbytes >= AES_BLOCK_SIZE);
+
+ cfb_skiploop:
+        if (nbytes) {
+            unsigned char *ivp = cdata->iv;
+
+            if (iv != ivp) {
+                memcpy(ivp, iv, AES_BLOCK_SIZE);
+                iv = ivp;
+            }
+            ctx->num = nbytes;
+            if (cdata->cword.b.encdec) {
+                cdata->cword.b.encdec = 0;
+                padlock_reload_key();
+                padlock_xcrypt_ecb(1, cdata, ivp, ivp);
+                cdata->cword.b.encdec = 1;
+                padlock_reload_key();
+                while (nbytes) {
+                    unsigned char c = *(in_arg++);
+                    *(out_arg++) = c ^ *ivp;
+                    *(ivp++) = c, nbytes--;
+                }
+            } else {
+                padlock_reload_key();
+                padlock_xcrypt_ecb(1, cdata, ivp, ivp);
+                padlock_reload_key();
+                while (nbytes) {
+                    *ivp = *(out_arg++) = *(in_arg++) ^ *ivp;
+                    ivp++, nbytes--;
+                }
+            }
+        }
+
+        memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
+        break;
+
+    case EVP_CIPH_OFB_MODE:
+        memcpy(cdata->iv, ctx->iv, AES_BLOCK_SIZE);
+        chunk &= ~(AES_BLOCK_SIZE - 1);
+        if (chunk)
+            do {
+                if (inp_misaligned)
+                    inp = padlock_memcpy(out, in_arg, chunk);
+                else
+                    inp = in_arg;
+                in_arg += chunk;
+
+                padlock_xcrypt_ofb(chunk / AES_BLOCK_SIZE, cdata, out, inp);
+
+                if (out_misaligned)
+                    out_arg = padlock_memcpy(out_arg, out, chunk) + chunk;
+                else
+                    out = out_arg += chunk;
+
+                nbytes -= chunk;
+                chunk = PADLOCK_CHUNK;
+            } while (nbytes >= AES_BLOCK_SIZE);
+
+        if (nbytes) {
+            unsigned char *ivp = cdata->iv;
+
+            ctx->num = nbytes;
+            padlock_reload_key(); /* empirically found */
+            padlock_xcrypt_ecb(1, cdata, ivp, ivp);
+            padlock_reload_key(); /* empirically found */
+            while (nbytes) {
+                *(out_arg++) = *(in_arg++) ^ *ivp;
+                ivp++, nbytes--;
+            }
+        }
+
+        memcpy(ctx->iv, cdata->iv, AES_BLOCK_SIZE);
+        break;
+
+    default:
+        return 0;
+    }
+
+    /* Clean the realign buffer if it was used */
+    if (out_misaligned) {
+        volatile unsigned long *p = (void *)out;
+        size_t n = allocated / sizeof(*p);
+        while (n--)
+            *p++ = 0;
+    }
+
+    memset(cdata->iv, 0, AES_BLOCK_SIZE);
+
+    return 1;
 }
 
-#endif /* OPENSSL_NO_AES */
+#   endif                       /* OPENSSL_NO_AES */
 
 /* ===== Random Number Generator ===== */
 /*
@@ -1164,56 +1178,64 @@ padlock_aes_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out_arg,
  * (posted at http://www.via.com.tw/en/viac3/c3.jsp) nor does it
  * provide meaningful error control...
  */
-/* Wrapper that provides an interface between the API and 
-   the raw PadLock RNG */
-static int
-padlock_rand_bytes(unsigned char *output, int count)
+/*
+ * Wrapper that provides an interface between the API and the raw PadLock
+ * RNG
+ */
+static int padlock_rand_bytes(unsigned char *output, int count)
 {
-	unsigned int eax, buf;
-
-	while (count >= 8) {
-		eax = padlock_xstore(output, 0);
-		if (!(eax&(1<<6)))	return 0; /* RNG disabled */
-		/* this ---vv--- covers DC bias, Raw Bits and String Filter */
-		if (eax&(0x1F<<10))	return 0;
-		if ((eax&0x1F)==0)	continue; /* no data, retry... */
-		if ((eax&0x1F)!=8)	return 0; /* fatal failure...  */
-		output += 8;
-		count  -= 8;
-	}
-	while (count > 0) {
-		eax = padlock_xstore(&buf, 3);
-		if (!(eax&(1<<6)))	return 0; /* RNG disabled */
-		/* this ---vv--- covers DC bias, Raw Bits and String Filter */
-		if (eax&(0x1F<<10))	return 0;
-		if ((eax&0x1F)==0)	continue; /* no data, retry... */
-		if ((eax&0x1F)!=1)	return 0; /* fatal failure...  */
-		*output++ = (unsigned char)buf;
-		count--;
-	}
-	*(volatile unsigned int *)&buf=0;
-
-	return 1;
+    unsigned int eax, buf;
+
+    while (count >= 8) {
+        eax = padlock_xstore(output, 0);
+        if (!(eax & (1 << 6)))
+            return 0;           /* RNG disabled */
+        /* this ---vv--- covers DC bias, Raw Bits and String Filter */
+        if (eax & (0x1F << 10))
+            return 0;
+        if ((eax & 0x1F) == 0)
+            continue;           /* no data, retry... */
+        if ((eax & 0x1F) != 8)
+            return 0;           /* fatal failure...  */
+        output += 8;
+        count -= 8;
+    }
+    while (count > 0) {
+        eax = padlock_xstore(&buf, 3);
+        if (!(eax & (1 << 6)))
+            return 0;           /* RNG disabled */
+        /* this ---vv--- covers DC bias, Raw Bits and String Filter */
+        if (eax & (0x1F << 10))
+            return 0;
+        if ((eax & 0x1F) == 0)
+            continue;           /* no data, retry... */
+        if ((eax & 0x1F) != 1)
+            return 0;           /* fatal failure...  */
+        *output++ = (unsigned char)buf;
+        count--;
+    }
+    *(volatile unsigned int *)&buf = 0;
+
+    return 1;
 }
 
 /* Dummy but necessary function */
-static int
-padlock_rand_status(void)
+static int padlock_rand_status(void)
 {
-	return 1;
+    return 1;
 }
 
 /* Prepare structure for registration */
 static RAND_METHOD padlock_rand = {
-	NULL,			/* seed */
-	padlock_rand_bytes,	/* bytes */
-	NULL,			/* cleanup */
-	NULL,			/* add */
-	padlock_rand_bytes,	/* pseudorand */
-	padlock_rand_status,	/* rand status */
+    NULL,                       /* seed */
+    padlock_rand_bytes,         /* bytes */
+    NULL,                       /* cleanup */
+    NULL,                       /* add */
+    padlock_rand_bytes,         /* pseudorand */
+    padlock_rand_status,        /* rand status */
 };
 
-#endif /* COMPILE_HW_PADLOCK */
+#  endif                        /* COMPILE_HW_PADLOCK */
 
-#endif /* !OPENSSL_NO_HW_PADLOCK */
-#endif /* !OPENSSL_NO_HW */
+# endif                         /* !OPENSSL_NO_HW_PADLOCK */
+#endif                          /* !OPENSSL_NO_HW */
diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c b/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c
index 1dfa2e36..23580d9e 100644
--- a/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c
+++ b/Cryptlib/OpenSSL/crypto/engine/eng_pkey.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -57,140 +57,130 @@
 
 /* Basic get/set stuff */
 
-int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)
-	{
-	e->load_privkey = loadpriv_f;
-	return 1;
-	}
+int ENGINE_set_load_privkey_function(ENGINE *e,
+                                     ENGINE_LOAD_KEY_PTR loadpriv_f)
+{
+    e->load_privkey = loadpriv_f;
+    return 1;
+}
 
 int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
-	{
-	e->load_pubkey = loadpub_f;
-	return 1;
-	}
+{
+    e->load_pubkey = loadpub_f;
+    return 1;
+}
 
 int ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
-				ENGINE_SSL_CLIENT_CERT_PTR loadssl_f)
-	{
-	e->load_ssl_client_cert = loadssl_f;
-	return 1;
-	}
+                                             ENGINE_SSL_CLIENT_CERT_PTR
+                                             loadssl_f)
+{
+    e->load_ssl_client_cert = loadssl_f;
+    return 1;
+}
 
 ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e)
-	{
-	return e->load_privkey;
-	}
+{
+    return e->load_privkey;
+}
 
 ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e)
-	{
-	return e->load_pubkey;
-	}
+{
+    return e->load_pubkey;
+}
 
-ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE *e)
-	{
-	return e->load_ssl_client_cert;
-	}
+ENGINE_SSL_CLIENT_CERT_PTR ENGINE_get_ssl_client_cert_function(const ENGINE
+                                                               *e)
+{
+    return e->load_ssl_client_cert;
+}
 
 /* API functions to load public/private keys */
 
 EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
-	UI_METHOD *ui_method, void *callback_data)
-	{
-	EVP_PKEY *pkey;
+                                  UI_METHOD *ui_method, void *callback_data)
+{
+    EVP_PKEY *pkey;
 
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(e->funct_ref == 0)
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-			ENGINE_R_NOT_INITIALISED);
-		return 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	if (!e->load_privkey)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-			ENGINE_R_NO_LOAD_FUNCTION);
-		return 0;
-		}
-	pkey = e->load_privkey(e, key_id, ui_method, callback_data);
-	if (!pkey)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
-			ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
-		return 0;
-		}
-	return pkey;
-	}
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    if (e->funct_ref == 0) {
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY, ENGINE_R_NOT_INITIALISED);
+        return 0;
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    if (!e->load_privkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                  ENGINE_R_NO_LOAD_FUNCTION);
+        return 0;
+    }
+    pkey = e->load_privkey(e, key_id, ui_method, callback_data);
+    if (!pkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PRIVATE_KEY,
+                  ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
+        return 0;
+    }
+    return pkey;
+}
 
 EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id,
-	UI_METHOD *ui_method, void *callback_data)
-	{
-	EVP_PKEY *pkey;
+                                 UI_METHOD *ui_method, void *callback_data)
+{
+    EVP_PKEY *pkey;
 
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(e->funct_ref == 0)
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-			ENGINE_R_NOT_INITIALISED);
-		return 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	if (!e->load_pubkey)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-			ENGINE_R_NO_LOAD_FUNCTION);
-		return 0;
-		}
-	pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
-	if (!pkey)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
-			ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
-		return 0;
-		}
-	return pkey;
-	}
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    if (e->funct_ref == 0) {
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NOT_INITIALISED);
+        return 0;
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    if (!e->load_pubkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY, ENGINE_R_NO_LOAD_FUNCTION);
+        return 0;
+    }
+    pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
+    if (!pkey) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_PUBLIC_KEY,
+                  ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
+        return 0;
+    }
+    return pkey;
+}
 
 int ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s,
-	STACK_OF(X509_NAME) *ca_dn, X509 **pcert, EVP_PKEY **ppkey,
-	STACK_OF(X509) **pother, UI_METHOD *ui_method, void *callback_data)
-	{
+                                STACK_OF(X509_NAME) *ca_dn, X509 **pcert,
+                                EVP_PKEY **ppkey, STACK_OF(X509) **pother,
+                                UI_METHOD *ui_method, void *callback_data)
+{
 
-	if(e == NULL)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(e->funct_ref == 0)
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
-			ENGINE_R_NOT_INITIALISED);
-		return 0;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	if (!e->load_ssl_client_cert)
-		{
-		ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
-			ENGINE_R_NO_LOAD_FUNCTION);
-		return 0;
-		}
-	return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
-					ui_method, callback_data);
-	}
+    if (e == NULL) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                  ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    if (e->funct_ref == 0) {
+        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                  ENGINE_R_NOT_INITIALISED);
+        return 0;
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    if (!e->load_ssl_client_cert) {
+        ENGINEerr(ENGINE_F_ENGINE_LOAD_SSL_CLIENT_CERT,
+                  ENGINE_R_NO_LOAD_FUNCTION);
+        return 0;
+    }
+    return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
+                                   ui_method, callback_data);
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/eng_table.c b/Cryptlib/OpenSSL/crypto/engine/eng_table.c
index 8fc47b33..7dd8b1bc 100644
--- a/Cryptlib/OpenSSL/crypto/engine/eng_table.c
+++ b/Cryptlib/OpenSSL/crypto/engine/eng_table.c
@@ -6,7 +6,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,259 +58,269 @@
 #include "eng_int.h"
 
 /* The type of the items in the table */
-typedef struct st_engine_pile
-	{
-	/* The 'nid' of this algorithm/mode */
-	int nid;
-	/* ENGINEs that implement this algorithm/mode. */
-	STACK_OF(ENGINE) *sk;
-	/* The default ENGINE to perform this algorithm/mode. */
-	ENGINE *funct;
-	/* Zero if 'sk' is newer than the cached 'funct', non-zero otherwise */
-	int uptodate;
-	} ENGINE_PILE;
+typedef struct st_engine_pile {
+    /* The 'nid' of this algorithm/mode */
+    int nid;
+    /* ENGINEs that implement this algorithm/mode. */
+    STACK_OF(ENGINE) *sk;
+    /* The default ENGINE to perform this algorithm/mode. */
+    ENGINE *funct;
+    /*
+     * Zero if 'sk' is newer than the cached 'funct', non-zero otherwise
+     */
+    int uptodate;
+} ENGINE_PILE;
 
 /* The type exposed in eng_int.h */
-struct st_engine_table
-	{
-	LHASH piles;
-	}; /* ENGINE_TABLE */
+struct st_engine_table {
+    LHASH piles;
+};                              /* ENGINE_TABLE */
 
 /* Global flags (ENGINE_TABLE_FLAG_***). */
 static unsigned int table_flags = 0;
 
 /* API function manipulating 'table_flags' */
 unsigned int ENGINE_get_table_flags(void)
-	{
-	return table_flags;
-	}
+{
+    return table_flags;
+}
+
 void ENGINE_set_table_flags(unsigned int flags)
-	{
-	table_flags = flags;
-	}
+{
+    table_flags = flags;
+}
 
 /* Internal functions for the "piles" hash table */
 static unsigned long engine_pile_hash(const ENGINE_PILE *c)
-	{
-	return c->nid;
-	}
+{
+    return c->nid;
+}
+
 static int engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
-	{
-	return a->nid - b->nid;
-	}
+{
+    return a->nid - b->nid;
+}
+
 static IMPLEMENT_LHASH_HASH_FN(engine_pile_hash, const ENGINE_PILE *)
 static IMPLEMENT_LHASH_COMP_FN(engine_pile_cmp, const ENGINE_PILE *)
 static int int_table_check(ENGINE_TABLE **t, int create)
-	{
-	LHASH *lh;
-	if(*t) return 1;
-	if(!create) return 0;
-	if((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),
-			LHASH_COMP_FN(engine_pile_cmp))) == NULL)
-		return 0;
-	*t = (ENGINE_TABLE *)lh;
-	return 1;
-	}
+{
+    LHASH *lh;
+    if (*t)
+        return 1;
+    if (!create)
+        return 0;
+    if ((lh = lh_new(LHASH_HASH_FN(engine_pile_hash),
+                     LHASH_COMP_FN(engine_pile_cmp))) == NULL)
+        return 0;
+    *t = (ENGINE_TABLE *)lh;
+    return 1;
+}
 
-/* Privately exposed (via eng_int.h) functions for adding and/or removing
- * ENGINEs from the implementation table */
+/*
+ * Privately exposed (via eng_int.h) functions for adding and/or removing
+ * ENGINEs from the implementation table
+ */
 int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
-		ENGINE *e, const int *nids, int num_nids, int setdefault)
-	{
-	int ret = 0, added = 0;
-	ENGINE_PILE tmplate, *fnd;
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(!(*table))
-		added = 1;
-	if(!int_table_check(table, 1))
-		goto end;
-	if(added)
-		/* The cleanup callback needs to be added */
-		engine_cleanup_add_first(cleanup);
-	while(num_nids--)
-		{
-		tmplate.nid = *nids;
-		fnd = lh_retrieve(&(*table)->piles, &tmplate);
-		if(!fnd)
-			{
-			fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
-			if(!fnd) goto end;
-			fnd->uptodate = 1;
-			fnd->nid = *nids;
-			fnd->sk = sk_ENGINE_new_null();
-			if(!fnd->sk)
-				{
-				OPENSSL_free(fnd);
-				goto end;
-				}
-			fnd->funct = NULL;
-			lh_insert(&(*table)->piles, fnd);
-			}
-		/* A registration shouldn't add duplciate entries */
-		(void)sk_ENGINE_delete_ptr(fnd->sk, e);
-		/* if 'setdefault', this ENGINE goes to the head of the list */
-		if(!sk_ENGINE_push(fnd->sk, e))
-			goto end;
-		/* "touch" this ENGINE_PILE */
-		fnd->uptodate = 0;
-		if(setdefault)
-			{
-			if(!engine_unlocked_init(e))
-				{
-				ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
-						ENGINE_R_INIT_FAILED);
-				goto end;
-				}
-			if(fnd->funct)
-				engine_unlocked_finish(fnd->funct, 0);
-			fnd->funct = e;
-			fnd->uptodate = 1;
-			}
-		nids++;
-		}
-	ret = 1;
-end:
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	return ret;
-	}
+                          ENGINE *e, const int *nids, int num_nids,
+                          int setdefault)
+{
+    int ret = 0, added = 0;
+    ENGINE_PILE tmplate, *fnd;
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    if (!(*table))
+        added = 1;
+    if (!int_table_check(table, 1))
+        goto end;
+    if (added)
+        /* The cleanup callback needs to be added */
+        engine_cleanup_add_first(cleanup);
+    while (num_nids--) {
+        tmplate.nid = *nids;
+        fnd = lh_retrieve(&(*table)->piles, &tmplate);
+        if (!fnd) {
+            fnd = OPENSSL_malloc(sizeof(ENGINE_PILE));
+            if (!fnd)
+                goto end;
+            fnd->uptodate = 1;
+            fnd->nid = *nids;
+            fnd->sk = sk_ENGINE_new_null();
+            if (!fnd->sk) {
+                OPENSSL_free(fnd);
+                goto end;
+            }
+            fnd->funct = NULL;
+            lh_insert(&(*table)->piles, fnd);
+        }
+        /* A registration shouldn't add duplciate entries */
+        (void)sk_ENGINE_delete_ptr(fnd->sk, e);
+        /*
+         * if 'setdefault', this ENGINE goes to the head of the list
+         */
+        if (!sk_ENGINE_push(fnd->sk, e))
+            goto end;
+        /* "touch" this ENGINE_PILE */
+        fnd->uptodate = 0;
+        if (setdefault) {
+            if (!engine_unlocked_init(e)) {
+                ENGINEerr(ENGINE_F_ENGINE_TABLE_REGISTER,
+                          ENGINE_R_INIT_FAILED);
+                goto end;
+            }
+            if (fnd->funct)
+                engine_unlocked_finish(fnd->funct, 0);
+            fnd->funct = e;
+            fnd->uptodate = 1;
+        }
+        nids++;
+    }
+    ret = 1;
+ end:
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    return ret;
+}
+
 static void int_unregister_cb(ENGINE_PILE *pile, ENGINE *e)
-	{
-	int n;
-	/* Iterate the 'c->sk' stack removing any occurance of 'e' */
-	while((n = sk_ENGINE_find(pile->sk, e)) >= 0)
-		{
-		(void)sk_ENGINE_delete(pile->sk, n);
-		pile->uptodate = 0;
-		}
-	if(pile->funct == e)
-		{
-		engine_unlocked_finish(e, 0);
-		pile->funct = NULL;
-		}
-	}
-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb,ENGINE_PILE *,ENGINE *)
+{
+    int n;
+    /* Iterate the 'c->sk' stack removing any occurance of 'e' */
+    while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) {
+        (void)sk_ENGINE_delete(pile->sk, n);
+        pile->uptodate = 0;
+    }
+    if (pile->funct == e) {
+        engine_unlocked_finish(e, 0);
+        pile->funct = NULL;
+    }
+}
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE *,
+                                    ENGINE *)
 void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
-	{
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(int_table_check(table, 0))
-		lh_doall_arg(&(*table)->piles,
-			LHASH_DOALL_ARG_FN(int_unregister_cb), e);
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	}
+{
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    if (int_table_check(table, 0))
+        lh_doall_arg(&(*table)->piles,
+                     LHASH_DOALL_ARG_FN(int_unregister_cb), e);
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+}
 
 static void int_cleanup_cb(ENGINE_PILE *p)
-	{
-	sk_ENGINE_free(p->sk);
-	if(p->funct)
-		engine_unlocked_finish(p->funct, 0);
-	OPENSSL_free(p);
-	}
-static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb,ENGINE_PILE *)
+{
+    sk_ENGINE_free(p->sk);
+    if (p->funct)
+        engine_unlocked_finish(p->funct, 0);
+    OPENSSL_free(p);
+}
+
+static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE *)
 void engine_table_cleanup(ENGINE_TABLE **table)
-	{
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	if(*table)
-		{
-		lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb));
-		lh_free(&(*table)->piles);
-		*table = NULL;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	}
+{
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    if (*table) {
+        lh_doall(&(*table)->piles, LHASH_DOALL_FN(int_cleanup_cb));
+        lh_free(&(*table)->piles);
+        *table = NULL;
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+}
 
 /* return a functional reference for a given 'nid' */
 #ifndef ENGINE_TABLE_DEBUG
 ENGINE *engine_table_select(ENGINE_TABLE **table, int nid)
 #else
-ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l)
+ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
+                                int l)
 #endif
-	{
-	ENGINE *ret = NULL;
-	ENGINE_PILE tmplate, *fnd=NULL;
-	int initres, loop = 0;
+{
+    ENGINE *ret = NULL;
+    ENGINE_PILE tmplate, *fnd = NULL;
+    int initres, loop = 0;
 
-	if(!(*table))
-		{
+    if (!(*table)) {
 #ifdef ENGINE_TABLE_DEBUG
-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing "
-			"registered!\n", f, l, nid);
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing "
+                "registered!\n", f, l, nid);
 #endif
-		return NULL;
-		}
-	ERR_set_mark();
-	CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-	/* Check again inside the lock otherwise we could race against cleanup
-	 * operations. But don't worry about a fprintf(stderr). */
-	if(!int_table_check(table, 0)) goto end;
-	tmplate.nid = nid;
-	fnd = lh_retrieve(&(*table)->piles, &tmplate);
-	if(!fnd) goto end;
-	if(fnd->funct && engine_unlocked_init(fnd->funct))
-		{
+        return NULL;
+    }
+    ERR_set_mark();
+    CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
+    /*
+     * Check again inside the lock otherwise we could race against cleanup
+     * operations. But don't worry about a fprintf(stderr).
+     */
+    if (!int_table_check(table, 0))
+        goto end;
+    tmplate.nid = nid;
+    fnd = lh_retrieve(&(*table)->piles, &tmplate);
+    if (!fnd)
+        goto end;
+    if (fnd->funct && engine_unlocked_init(fnd->funct)) {
 #ifdef ENGINE_TABLE_DEBUG
-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
-			"ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+                "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
 #endif
-		ret = fnd->funct;
-		goto end;
-		}
-	if(fnd->uptodate)
-		{
-		ret = fnd->funct;
-		goto end;
-		}
-trynext:
-	ret = sk_ENGINE_value(fnd->sk, loop++);
-	if(!ret)
-		{
+        ret = fnd->funct;
+        goto end;
+    }
+    if (fnd->uptodate) {
+        ret = fnd->funct;
+        goto end;
+    }
+ trynext:
+    ret = sk_ENGINE_value(fnd->sk, loop++);
+    if (!ret) {
 #ifdef ENGINE_TABLE_DEBUG
-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
-				"registered implementations would initialise\n",
-				f, l, nid);
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
+                "registered implementations would initialise\n", f, l, nid);
 #endif
-		goto end;
-		}
-	/* Try to initialise the ENGINE? */
-	if((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
-		initres = engine_unlocked_init(ret);
-	else
-		initres = 0;
-	if(initres)
-		{
-		/* Update 'funct' */
-		if((fnd->funct != ret) && engine_unlocked_init(ret))
-			{
-			/* If there was a previous default we release it. */
-			if(fnd->funct)
-				engine_unlocked_finish(fnd->funct, 0);
-			fnd->funct = ret;
+        goto end;
+    }
+    /* Try to initialise the ENGINE? */
+    if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
+        initres = engine_unlocked_init(ret);
+    else
+        initres = 0;
+    if (initres) {
+        /* Update 'funct' */
+        if ((fnd->funct != ret) && engine_unlocked_init(ret)) {
+            /* If there was a previous default we release it. */
+            if (fnd->funct)
+                engine_unlocked_finish(fnd->funct, 0);
+            fnd->funct = ret;
 #ifdef ENGINE_TABLE_DEBUG
-			fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
-				"setting default to '%s'\n", f, l, nid, ret->id);
+            fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
+                    "setting default to '%s'\n", f, l, nid, ret->id);
 #endif
-			}
+        }
 #ifdef ENGINE_TABLE_DEBUG
-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
-				"newly initialised '%s'\n", f, l, nid, ret->id);
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
+                "newly initialised '%s'\n", f, l, nid, ret->id);
 #endif
-		goto end;
-		}
-	goto trynext;
-end:
-	/* If it failed, it is unlikely to succeed again until some future
-	 * registrations have taken place. In all cases, we cache. */
-	if(fnd) fnd->uptodate = 1;
+        goto end;
+    }
+    goto trynext;
+ end:
+    /*
+     * If it failed, it is unlikely to succeed again until some future
+     * registrations have taken place. In all cases, we cache.
+     */
+    if (fnd)
+        fnd->uptodate = 1;
 #ifdef ENGINE_TABLE_DEBUG
-	if(ret)
-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
-				"ENGINE '%s'\n", f, l, nid, ret->id);
-	else
-		fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
-				"'no matching ENGINE'\n", f, l, nid);
+    if (ret)
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+                "ENGINE '%s'\n", f, l, nid, ret->id);
+    else
+        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
+                "'no matching ENGINE'\n", f, l, nid);
 #endif
-	CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-	/* Whatever happened, any failed init()s are not failures in this
-	 * context, so clear our error state. */
-	ERR_pop_to_mark();
-	return ret;
-	}
+    CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
+    /*
+     * Whatever happened, any failed init()s are not failures in this
+     * context, so clear our error state.
+     */
+    ERR_pop_to_mark();
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c b/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c
index 177fc1fb..fcfb2efd 100644
--- a/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c
+++ b/Cryptlib/OpenSSL/crypto/engine/tb_cipher.c
@@ -6,7 +6,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -54,90 +54,90 @@
 
 #include "eng_int.h"
 
-/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that
- * is used by EVP to hook in cipher code and cache defaults (etc), will display
- * brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_cipher_engine(), the function
+ * that is used by EVP to hook in cipher code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'.
+ */
 /* #define ENGINE_CIPHER_DEBUG */
 
 static ENGINE_TABLE *cipher_table = NULL;
 
 void ENGINE_unregister_ciphers(ENGINE *e)
-	{
-	engine_table_unregister(&cipher_table, e);
-	}
+{
+    engine_table_unregister(&cipher_table, e);
+}
 
 static void engine_unregister_all_ciphers(void)
-	{
-	engine_table_cleanup(&cipher_table);
-	}
+{
+    engine_table_cleanup(&cipher_table);
+}
 
 int ENGINE_register_ciphers(ENGINE *e)
-	{
-	if(e->ciphers)
-		{
-		const int *nids;
-		int num_nids = e->ciphers(e, NULL, &nids, 0);
-		if(num_nids > 0)
-			return engine_table_register(&cipher_table,
-					engine_unregister_all_ciphers, e, nids,
-					num_nids, 0);
-		}
-	return 1;
-	}
+{
+    if (e->ciphers) {
+        const int *nids;
+        int num_nids = e->ciphers(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&cipher_table,
+                                         engine_unregister_all_ciphers, e,
+                                         nids, num_nids, 0);
+    }
+    return 1;
+}
 
 void ENGINE_register_all_ciphers()
-	{
-	ENGINE *e;
+{
+    ENGINE *e;
 
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_ciphers(e);
-	}
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_ciphers(e);
+}
 
 int ENGINE_set_default_ciphers(ENGINE *e)
-	{
-	if(e->ciphers)
-		{
-		const int *nids;
-		int num_nids = e->ciphers(e, NULL, &nids, 0);
-		if(num_nids > 0)
-			return engine_table_register(&cipher_table,
-					engine_unregister_all_ciphers, e, nids,
-					num_nids, 1);
-		}
-	return 1;
-	}
+{
+    if (e->ciphers) {
+        const int *nids;
+        int num_nids = e->ciphers(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&cipher_table,
+                                         engine_unregister_all_ciphers, e,
+                                         nids, num_nids, 1);
+    }
+    return 1;
+}
 
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
  * table (ie. try to get a functional reference from the tabled structural
- * references) for a given cipher 'nid' */
+ * references) for a given cipher 'nid'
+ */
 ENGINE *ENGINE_get_cipher_engine(int nid)
-	{
-	return engine_table_select(&cipher_table, nid);
-	}
+{
+    return engine_table_select(&cipher_table, nid);
+}
 
 /* Obtains a cipher implementation from an ENGINE functional reference */
 const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid)
-	{
-	const EVP_CIPHER *ret;
-	ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
-	if(!fn || !fn(e, &ret, NULL, nid))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER,
-				ENGINE_R_UNIMPLEMENTED_CIPHER);
-		return NULL;
-		}
-	return ret;
-	}
+{
+    const EVP_CIPHER *ret;
+    ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
+    if (!fn || !fn(e, &ret, NULL, nid)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_CIPHER, ENGINE_R_UNIMPLEMENTED_CIPHER);
+        return NULL;
+    }
+    return ret;
+}
 
 /* Gets the cipher callback from an ENGINE structure */
 ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e)
-	{
-	return e->ciphers;
-	}
+{
+    return e->ciphers;
+}
 
 /* Sets the cipher callback in an ENGINE structure */
 int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
-	{
-	e->ciphers = f;
-	return 1;
-	}
+{
+    e->ciphers = f;
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dh.c b/Cryptlib/OpenSSL/crypto/engine/tb_dh.c
index 6e9d4287..8114afa6 100644
--- a/Cryptlib/OpenSSL/crypto/engine/tb_dh.c
+++ b/Cryptlib/OpenSSL/crypto/engine/tb_dh.c
@@ -6,7 +6,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -54,65 +54,71 @@
 
 #include "eng_int.h"
 
-/* If this symbol is defined then ENGINE_get_default_DH(), the function that is
- * used by DH to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_default_DH(), the function that
+ * is used by DH to hook in implementation code and cache defaults (etc),
+ * will display brief debugging summaries to stderr with the 'nid'.
+ */
 /* #define ENGINE_DH_DEBUG */
 
 static ENGINE_TABLE *dh_table = NULL;
 static const int dummy_nid = 1;
 
 void ENGINE_unregister_DH(ENGINE *e)
-	{
-	engine_table_unregister(&dh_table, e);
-	}
+{
+    engine_table_unregister(&dh_table, e);
+}
 
 static void engine_unregister_all_DH(void)
-	{
-	engine_table_cleanup(&dh_table);
-	}
+{
+    engine_table_cleanup(&dh_table);
+}
 
 int ENGINE_register_DH(ENGINE *e)
-	{
-	if(e->dh_meth)
-		return engine_table_register(&dh_table,
-				engine_unregister_all_DH, e, &dummy_nid, 1, 0);
-	return 1;
-	}
+{
+    if (e->dh_meth)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_DH, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
 
 void ENGINE_register_all_DH()
-	{
-	ENGINE *e;
+{
+    ENGINE *e;
 
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_DH(e);
-	}
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_DH(e);
+}
 
 int ENGINE_set_default_DH(ENGINE *e)
-	{
-	if(e->dh_meth)
-		return engine_table_register(&dh_table,
-				engine_unregister_all_DH, e, &dummy_nid, 1, 1);
-	return 1;
-	}
+{
+    if (e->dh_meth)
+        return engine_table_register(&dh_table,
+                                     engine_unregister_all_DH, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
 
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
  * table (ie. try to get a functional reference from the tabled structural
- * references). */
+ * references).
+ */
 ENGINE *ENGINE_get_default_DH(void)
-	{
-	return engine_table_select(&dh_table, dummy_nid);
-	}
+{
+    return engine_table_select(&dh_table, dummy_nid);
+}
 
 /* Obtains an DH implementation from an ENGINE functional reference */
 const DH_METHOD *ENGINE_get_DH(const ENGINE *e)
-	{
-	return e->dh_meth;
-	}
+{
+    return e->dh_meth;
+}
 
 /* Sets an DH implementation in an ENGINE structure */
 int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
-	{
-	e->dh_meth = dh_meth;
-	return 1;
-	}
+{
+    e->dh_meth = dh_meth;
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_digest.c b/Cryptlib/OpenSSL/crypto/engine/tb_digest.c
index d3f4bb27..de1ad9c0 100644
--- a/Cryptlib/OpenSSL/crypto/engine/tb_digest.c
+++ b/Cryptlib/OpenSSL/crypto/engine/tb_digest.c
@@ -6,7 +6,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -54,90 +54,90 @@
 
 #include "eng_int.h"
 
-/* If this symbol is defined then ENGINE_get_digest_engine(), the function that
- * is used by EVP to hook in digest code and cache defaults (etc), will display
- * brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_digest_engine(), the function
+ * that is used by EVP to hook in digest code and cache defaults (etc), will
+ * display brief debugging summaries to stderr with the 'nid'.
+ */
 /* #define ENGINE_DIGEST_DEBUG */
 
 static ENGINE_TABLE *digest_table = NULL;
 
 void ENGINE_unregister_digests(ENGINE *e)
-	{
-	engine_table_unregister(&digest_table, e);
-	}
+{
+    engine_table_unregister(&digest_table, e);
+}
 
 static void engine_unregister_all_digests(void)
-	{
-	engine_table_cleanup(&digest_table);
-	}
+{
+    engine_table_cleanup(&digest_table);
+}
 
 int ENGINE_register_digests(ENGINE *e)
-	{
-	if(e->digests)
-		{
-		const int *nids;
-		int num_nids = e->digests(e, NULL, &nids, 0);
-		if(num_nids > 0)
-			return engine_table_register(&digest_table,
-					engine_unregister_all_digests, e, nids,
-					num_nids, 0);
-		}
-	return 1;
-	}
+{
+    if (e->digests) {
+        const int *nids;
+        int num_nids = e->digests(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&digest_table,
+                                         engine_unregister_all_digests, e,
+                                         nids, num_nids, 0);
+    }
+    return 1;
+}
 
 void ENGINE_register_all_digests()
-	{
-	ENGINE *e;
+{
+    ENGINE *e;
 
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_digests(e);
-	}
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_digests(e);
+}
 
 int ENGINE_set_default_digests(ENGINE *e)
-	{
-	if(e->digests)
-		{
-		const int *nids;
-		int num_nids = e->digests(e, NULL, &nids, 0);
-		if(num_nids > 0)
-			return engine_table_register(&digest_table,
-					engine_unregister_all_digests, e, nids,
-					num_nids, 1);
-		}
-	return 1;
-	}
+{
+    if (e->digests) {
+        const int *nids;
+        int num_nids = e->digests(e, NULL, &nids, 0);
+        if (num_nids > 0)
+            return engine_table_register(&digest_table,
+                                         engine_unregister_all_digests, e,
+                                         nids, num_nids, 1);
+    }
+    return 1;
+}
 
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
  * table (ie. try to get a functional reference from the tabled structural
- * references) for a given digest 'nid' */
+ * references) for a given digest 'nid'
+ */
 ENGINE *ENGINE_get_digest_engine(int nid)
-	{
-	return engine_table_select(&digest_table, nid);
-	}
+{
+    return engine_table_select(&digest_table, nid);
+}
 
 /* Obtains a digest implementation from an ENGINE functional reference */
 const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid)
-	{
-	const EVP_MD *ret;
-	ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
-	if(!fn || !fn(e, &ret, NULL, nid))
-		{
-		ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST,
-				ENGINE_R_UNIMPLEMENTED_DIGEST);
-		return NULL;
-		}
-	return ret;
-	}
+{
+    const EVP_MD *ret;
+    ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
+    if (!fn || !fn(e, &ret, NULL, nid)) {
+        ENGINEerr(ENGINE_F_ENGINE_GET_DIGEST, ENGINE_R_UNIMPLEMENTED_DIGEST);
+        return NULL;
+    }
+    return ret;
+}
 
 /* Gets the digest callback from an ENGINE structure */
 ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e)
-	{
-	return e->digests;
-	}
+{
+    return e->digests;
+}
 
 /* Sets the digest callback in an ENGINE structure */
 int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
-	{
-	e->digests = f;
-	return 1;
-	}
+{
+    e->digests = f;
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c
index e4674f5f..c1f57f14 100644
--- a/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c
+++ b/Cryptlib/OpenSSL/crypto/engine/tb_dsa.c
@@ -6,7 +6,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -54,65 +54,71 @@
 
 #include "eng_int.h"
 
-/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is
- * used by DSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_default_DSA(), the function that
+ * is used by DSA to hook in implementation code and cache defaults (etc),
+ * will display brief debugging summaries to stderr with the 'nid'.
+ */
 /* #define ENGINE_DSA_DEBUG */
 
 static ENGINE_TABLE *dsa_table = NULL;
 static const int dummy_nid = 1;
 
 void ENGINE_unregister_DSA(ENGINE *e)
-	{
-	engine_table_unregister(&dsa_table, e);
-	}
+{
+    engine_table_unregister(&dsa_table, e);
+}
 
 static void engine_unregister_all_DSA(void)
-	{
-	engine_table_cleanup(&dsa_table);
-	}
+{
+    engine_table_cleanup(&dsa_table);
+}
 
 int ENGINE_register_DSA(ENGINE *e)
-	{
-	if(e->dsa_meth)
-		return engine_table_register(&dsa_table,
-				engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
-	return 1;
-	}
+{
+    if (e->dsa_meth)
+        return engine_table_register(&dsa_table,
+                                     engine_unregister_all_DSA, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
 
 void ENGINE_register_all_DSA()
-	{
-	ENGINE *e;
+{
+    ENGINE *e;
 
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_DSA(e);
-	}
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_DSA(e);
+}
 
 int ENGINE_set_default_DSA(ENGINE *e)
-	{
-	if(e->dsa_meth)
-		return engine_table_register(&dsa_table,
-				engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
-	return 1;
-	}
+{
+    if (e->dsa_meth)
+        return engine_table_register(&dsa_table,
+                                     engine_unregister_all_DSA, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
 
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
  * table (ie. try to get a functional reference from the tabled structural
- * references). */
+ * references).
+ */
 ENGINE *ENGINE_get_default_DSA(void)
-	{
-	return engine_table_select(&dsa_table, dummy_nid);
-	}
+{
+    return engine_table_select(&dsa_table, dummy_nid);
+}
 
 /* Obtains an DSA implementation from an ENGINE functional reference */
 const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e)
-	{
-	return e->dsa_meth;
-	}
+{
+    return e->dsa_meth;
+}
 
 /* Sets an DSA implementation in an ENGINE structure */
 int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
-	{
-	e->dsa_meth = dsa_meth;
-	return 1;
-	}
+{
+    e->dsa_meth = dsa_meth;
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c
index c8ec7812..c51441be 100644
--- a/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c
+++ b/Cryptlib/OpenSSL/crypto/engine/tb_ecdh.c
@@ -21,7 +21,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -69,65 +69,71 @@
 
 #include "eng_int.h"
 
-/* If this symbol is defined then ENGINE_get_default_ECDH(), the function that is
- * used by ECDH to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_default_ECDH(), the function
+ * that is used by ECDH to hook in implementation code and cache defaults
+ * (etc), will display brief debugging summaries to stderr with the 'nid'.
+ */
 /* #define ENGINE_ECDH_DEBUG */
 
 static ENGINE_TABLE *ecdh_table = NULL;
 static const int dummy_nid = 1;
 
 void ENGINE_unregister_ECDH(ENGINE *e)
-	{
-	engine_table_unregister(&ecdh_table, e);
-	}
+{
+    engine_table_unregister(&ecdh_table, e);
+}
 
 static void engine_unregister_all_ECDH(void)
-	{
-	engine_table_cleanup(&ecdh_table);
-	}
+{
+    engine_table_cleanup(&ecdh_table);
+}
 
 int ENGINE_register_ECDH(ENGINE *e)
-	{
-	if(e->ecdh_meth)
-		return engine_table_register(&ecdh_table,
-				engine_unregister_all_ECDH, e, &dummy_nid, 1, 0);
-	return 1;
-	}
+{
+    if (e->ecdh_meth)
+        return engine_table_register(&ecdh_table,
+                                     engine_unregister_all_ECDH, e,
+                                     &dummy_nid, 1, 0);
+    return 1;
+}
 
 void ENGINE_register_all_ECDH()
-	{
-	ENGINE *e;
+{
+    ENGINE *e;
 
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_ECDH(e);
-	}
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_ECDH(e);
+}
 
 int ENGINE_set_default_ECDH(ENGINE *e)
-	{
-	if(e->ecdh_meth)
-		return engine_table_register(&ecdh_table,
-				engine_unregister_all_ECDH, e, &dummy_nid, 1, 1);
-	return 1;
-	}
+{
+    if (e->ecdh_meth)
+        return engine_table_register(&ecdh_table,
+                                     engine_unregister_all_ECDH, e,
+                                     &dummy_nid, 1, 1);
+    return 1;
+}
 
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
  * table (ie. try to get a functional reference from the tabled structural
- * references). */
+ * references).
+ */
 ENGINE *ENGINE_get_default_ECDH(void)
-	{
-	return engine_table_select(&ecdh_table, dummy_nid);
-	}
+{
+    return engine_table_select(&ecdh_table, dummy_nid);
+}
 
 /* Obtains an ECDH implementation from an ENGINE functional reference */
 const ECDH_METHOD *ENGINE_get_ECDH(const ENGINE *e)
-	{
-	return e->ecdh_meth;
-	}
+{
+    return e->ecdh_meth;
+}
 
 /* Sets an ECDH implementation in an ENGINE structure */
 int ENGINE_set_ECDH(ENGINE *e, const ECDH_METHOD *ecdh_meth)
-	{
-	e->ecdh_meth = ecdh_meth;
-	return 1;
-	}
+{
+    e->ecdh_meth = ecdh_meth;
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c
index 005ecb62..a8b9be60 100644
--- a/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c
+++ b/Cryptlib/OpenSSL/crypto/engine/tb_ecdsa.c
@@ -6,7 +6,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -54,65 +54,71 @@
 
 #include "eng_int.h"
 
-/* If this symbol is defined then ENGINE_get_default_ECDSA(), the function that is
- * used by ECDSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_default_ECDSA(), the function
+ * that is used by ECDSA to hook in implementation code and cache defaults
+ * (etc), will display brief debugging summaries to stderr with the 'nid'.
+ */
 /* #define ENGINE_ECDSA_DEBUG */
 
 static ENGINE_TABLE *ecdsa_table = NULL;
 static const int dummy_nid = 1;
 
 void ENGINE_unregister_ECDSA(ENGINE *e)
-	{
-	engine_table_unregister(&ecdsa_table, e);
-	}
+{
+    engine_table_unregister(&ecdsa_table, e);
+}
 
 static void engine_unregister_all_ECDSA(void)
-	{
-	engine_table_cleanup(&ecdsa_table);
-	}
+{
+    engine_table_cleanup(&ecdsa_table);
+}
 
 int ENGINE_register_ECDSA(ENGINE *e)
-	{
-	if(e->ecdsa_meth)
-		return engine_table_register(&ecdsa_table,
-				engine_unregister_all_ECDSA, e, &dummy_nid, 1, 0);
-	return 1;
-	}
+{
+    if (e->ecdsa_meth)
+        return engine_table_register(&ecdsa_table,
+                                     engine_unregister_all_ECDSA, e,
+                                     &dummy_nid, 1, 0);
+    return 1;
+}
 
 void ENGINE_register_all_ECDSA()
-	{
-	ENGINE *e;
+{
+    ENGINE *e;
 
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_ECDSA(e);
-	}
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_ECDSA(e);
+}
 
 int ENGINE_set_default_ECDSA(ENGINE *e)
-	{
-	if(e->ecdsa_meth)
-		return engine_table_register(&ecdsa_table,
-				engine_unregister_all_ECDSA, e, &dummy_nid, 1, 1);
-	return 1;
-	}
+{
+    if (e->ecdsa_meth)
+        return engine_table_register(&ecdsa_table,
+                                     engine_unregister_all_ECDSA, e,
+                                     &dummy_nid, 1, 1);
+    return 1;
+}
 
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
  * table (ie. try to get a functional reference from the tabled structural
- * references). */
+ * references).
+ */
 ENGINE *ENGINE_get_default_ECDSA(void)
-	{
-	return engine_table_select(&ecdsa_table, dummy_nid);
-	}
+{
+    return engine_table_select(&ecdsa_table, dummy_nid);
+}
 
 /* Obtains an ECDSA implementation from an ENGINE functional reference */
 const ECDSA_METHOD *ENGINE_get_ECDSA(const ENGINE *e)
-	{
-	return e->ecdsa_meth;
-	}
+{
+    return e->ecdsa_meth;
+}
 
 /* Sets an ECDSA implementation in an ENGINE structure */
 int ENGINE_set_ECDSA(ENGINE *e, const ECDSA_METHOD *ecdsa_meth)
-	{
-	e->ecdsa_meth = ecdsa_meth;
-	return 1;
-	}
+{
+    e->ecdsa_meth = ecdsa_meth;
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rand.c b/Cryptlib/OpenSSL/crypto/engine/tb_rand.c
index f36f67c0..a522264d 100644
--- a/Cryptlib/OpenSSL/crypto/engine/tb_rand.c
+++ b/Cryptlib/OpenSSL/crypto/engine/tb_rand.c
@@ -6,7 +6,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -54,65 +54,71 @@
 
 #include "eng_int.h"
 
-/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is
- * used by RAND to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_default_RAND(), the function
+ * that is used by RAND to hook in implementation code and cache defaults
+ * (etc), will display brief debugging summaries to stderr with the 'nid'.
+ */
 /* #define ENGINE_RAND_DEBUG */
 
 static ENGINE_TABLE *rand_table = NULL;
 static const int dummy_nid = 1;
 
 void ENGINE_unregister_RAND(ENGINE *e)
-	{
-	engine_table_unregister(&rand_table, e);
-	}
+{
+    engine_table_unregister(&rand_table, e);
+}
 
 static void engine_unregister_all_RAND(void)
-	{
-	engine_table_cleanup(&rand_table);
-	}
+{
+    engine_table_cleanup(&rand_table);
+}
 
 int ENGINE_register_RAND(ENGINE *e)
-	{
-	if(e->rand_meth)
-		return engine_table_register(&rand_table,
-				engine_unregister_all_RAND, e, &dummy_nid, 1, 0);
-	return 1;
-	}
+{
+    if (e->rand_meth)
+        return engine_table_register(&rand_table,
+                                     engine_unregister_all_RAND, e,
+                                     &dummy_nid, 1, 0);
+    return 1;
+}
 
 void ENGINE_register_all_RAND()
-	{
-	ENGINE *e;
+{
+    ENGINE *e;
 
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_RAND(e);
-	}
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_RAND(e);
+}
 
 int ENGINE_set_default_RAND(ENGINE *e)
-	{
-	if(e->rand_meth)
-		return engine_table_register(&rand_table,
-				engine_unregister_all_RAND, e, &dummy_nid, 1, 1);
-	return 1;
-	}
+{
+    if (e->rand_meth)
+        return engine_table_register(&rand_table,
+                                     engine_unregister_all_RAND, e,
+                                     &dummy_nid, 1, 1);
+    return 1;
+}
 
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
  * table (ie. try to get a functional reference from the tabled structural
- * references). */
+ * references).
+ */
 ENGINE *ENGINE_get_default_RAND(void)
-	{
-	return engine_table_select(&rand_table, dummy_nid);
-	}
+{
+    return engine_table_select(&rand_table, dummy_nid);
+}
 
 /* Obtains an RAND implementation from an ENGINE functional reference */
 const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e)
-	{
-	return e->rand_meth;
-	}
+{
+    return e->rand_meth;
+}
 
 /* Sets an RAND implementation in an ENGINE structure */
 int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
-	{
-	e->rand_meth = rand_meth;
-	return 1;
-	}
+{
+    e->rand_meth = rand_meth;
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c b/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c
index fbc707fd..2790a821 100644
--- a/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c
+++ b/Cryptlib/OpenSSL/crypto/engine/tb_rsa.c
@@ -6,7 +6,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -54,65 +54,71 @@
 
 #include "eng_int.h"
 
-/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is
- * used by RSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_default_RSA(), the function that
+ * is used by RSA to hook in implementation code and cache defaults (etc),
+ * will display brief debugging summaries to stderr with the 'nid'.
+ */
 /* #define ENGINE_RSA_DEBUG */
 
 static ENGINE_TABLE *rsa_table = NULL;
 static const int dummy_nid = 1;
 
 void ENGINE_unregister_RSA(ENGINE *e)
-	{
-	engine_table_unregister(&rsa_table, e);
-	}
+{
+    engine_table_unregister(&rsa_table, e);
+}
 
 static void engine_unregister_all_RSA(void)
-	{
-	engine_table_cleanup(&rsa_table);
-	}
+{
+    engine_table_cleanup(&rsa_table);
+}
 
 int ENGINE_register_RSA(ENGINE *e)
-	{
-	if(e->rsa_meth)
-		return engine_table_register(&rsa_table,
-				engine_unregister_all_RSA, e, &dummy_nid, 1, 0);
-	return 1;
-	}
+{
+    if (e->rsa_meth)
+        return engine_table_register(&rsa_table,
+                                     engine_unregister_all_RSA, e, &dummy_nid,
+                                     1, 0);
+    return 1;
+}
 
 void ENGINE_register_all_RSA()
-	{
-	ENGINE *e;
+{
+    ENGINE *e;
 
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_RSA(e);
-	}
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_RSA(e);
+}
 
 int ENGINE_set_default_RSA(ENGINE *e)
-	{
-	if(e->rsa_meth)
-		return engine_table_register(&rsa_table,
-				engine_unregister_all_RSA, e, &dummy_nid, 1, 1);
-	return 1;
-	}
+{
+    if (e->rsa_meth)
+        return engine_table_register(&rsa_table,
+                                     engine_unregister_all_RSA, e, &dummy_nid,
+                                     1, 1);
+    return 1;
+}
 
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
  * table (ie. try to get a functional reference from the tabled structural
- * references). */
+ * references).
+ */
 ENGINE *ENGINE_get_default_RSA(void)
-	{
-	return engine_table_select(&rsa_table, dummy_nid);
-	}
+{
+    return engine_table_select(&rsa_table, dummy_nid);
+}
 
 /* Obtains an RSA implementation from an ENGINE functional reference */
 const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e)
-	{
-	return e->rsa_meth;
-	}
+{
+    return e->rsa_meth;
+}
 
 /* Sets an RSA implementation in an ENGINE structure */
 int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
-	{
-	e->rsa_meth = rsa_meth;
-	return 1;
-	}
+{
+    e->rsa_meth = rsa_meth;
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/engine/tb_store.c b/Cryptlib/OpenSSL/crypto/engine/tb_store.c
index 8cc435c9..1eab49d7 100644
--- a/Cryptlib/OpenSSL/crypto/engine/tb_store.c
+++ b/Cryptlib/OpenSSL/crypto/engine/tb_store.c
@@ -6,7 +6,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -54,70 +54,76 @@
 
 #include "eng_int.h"
 
-/* If this symbol is defined then ENGINE_get_default_STORE(), the function that is
- * used by STORE to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
+/*
+ * If this symbol is defined then ENGINE_get_default_STORE(), the function
+ * that is used by STORE to hook in implementation code and cache defaults
+ * (etc), will display brief debugging summaries to stderr with the 'nid'.
+ */
 /* #define ENGINE_STORE_DEBUG */
 
 static ENGINE_TABLE *store_table = NULL;
 static const int dummy_nid = 1;
 
 void ENGINE_unregister_STORE(ENGINE *e)
-	{
-	engine_table_unregister(&store_table, e);
-	}
+{
+    engine_table_unregister(&store_table, e);
+}
 
 static void engine_unregister_all_STORE(void)
-	{
-	engine_table_cleanup(&store_table);
-	}
+{
+    engine_table_cleanup(&store_table);
+}
 
 int ENGINE_register_STORE(ENGINE *e)
-	{
-	if(e->store_meth)
-		return engine_table_register(&store_table,
-				engine_unregister_all_STORE, e, &dummy_nid, 1, 0);
-	return 1;
-	}
+{
+    if (e->store_meth)
+        return engine_table_register(&store_table,
+                                     engine_unregister_all_STORE, e,
+                                     &dummy_nid, 1, 0);
+    return 1;
+}
 
 void ENGINE_register_all_STORE()
-	{
-	ENGINE *e;
+{
+    ENGINE *e;
 
-	for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e))
-		ENGINE_register_STORE(e);
-	}
+    for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
+        ENGINE_register_STORE(e);
+}
 
 /* The following two functions are removed because they're useless. */
 #if 0
 int ENGINE_set_default_STORE(ENGINE *e)
-	{
-	if(e->store_meth)
-		return engine_table_register(&store_table,
-				engine_unregister_all_STORE, e, &dummy_nid, 1, 1);
-	return 1;
-	}
+{
+    if (e->store_meth)
+        return engine_table_register(&store_table,
+                                     engine_unregister_all_STORE, e,
+                                     &dummy_nid, 1, 1);
+    return 1;
+}
 #endif
 
 #if 0
-/* Exposed API function to get a functional reference from the implementation
+/*
+ * Exposed API function to get a functional reference from the implementation
  * table (ie. try to get a functional reference from the tabled structural
- * references). */
+ * references).
+ */
 ENGINE *ENGINE_get_default_STORE(void)
-	{
-	return engine_table_select(&store_table, dummy_nid);
-	}
+{
+    return engine_table_select(&store_table, dummy_nid);
+}
 #endif
 
 /* Obtains an STORE implementation from an ENGINE functional reference */
 const STORE_METHOD *ENGINE_get_STORE(const ENGINE *e)
-	{
-	return e->store_meth;
-	}
+{
+    return e->store_meth;
+}
 
 /* Sets an STORE implementation in an ENGINE structure */
 int ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth)
-	{
-	e->store_meth = store_meth;
-	return 1;
-	}
+{
+    e->store_meth = store_meth;
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/err/err.c b/Cryptlib/OpenSSL/crypto/err/err.c
index a25e5b30..424eed99 100644
--- a/Cryptlib/OpenSSL/crypto/err/err.c
+++ b/Cryptlib/OpenSSL/crypto/err/err.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -119,199 +119,207 @@
 #include <openssl/bio.h>
 #include <openssl/err.h>
 
-static unsigned long get_error_values(int inc,int top,
-					const char **file,int *line,
-					const char **data,int *flags);
+static unsigned long get_error_values(int inc, int top,
+                                      const char **file, int *line,
+                                      const char **data, int *flags);
 
 #define err_clear_data(p,i) \
-	do { \
-	if (((p)->err_data[i] != NULL) && \
-		(p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
-		{  \
-		OPENSSL_free((p)->err_data[i]); \
-		(p)->err_data[i]=NULL; \
-		} \
-	(p)->err_data_flags[i]=0; \
-	} while(0)
+        do { \
+        if (((p)->err_data[i] != NULL) && \
+                (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
+                {  \
+                OPENSSL_free((p)->err_data[i]); \
+                (p)->err_data[i]=NULL; \
+                } \
+        (p)->err_data_flags[i]=0; \
+        } while(0)
 
 #define err_clear(p,i) \
-	do { \
-	(p)->err_flags[i]=0; \
-	(p)->err_buffer[i]=0; \
-	err_clear_data(p,i); \
-	(p)->err_file[i]=NULL; \
-	(p)->err_line[i]= -1; \
-	} while(0)
-
-void ERR_put_error(int lib, int func, int reason, const char *file,
-	     int line)
-	{
-	ERR_STATE *es;
+        do { \
+        (p)->err_flags[i]=0; \
+        (p)->err_buffer[i]=0; \
+        err_clear_data(p,i); \
+        (p)->err_file[i]=NULL; \
+        (p)->err_line[i]= -1; \
+        } while(0)
+
+void ERR_put_error(int lib, int func, int reason, const char *file, int line)
+{
+    ERR_STATE *es;
 
 #ifdef _OSD_POSIX
-	/* In the BS2000-OSD POSIX subsystem, the compiler generates
-	 * path names in the form "*POSIX(/etc/passwd)".
-	 * This dirty hack strips them to something sensible.
-	 * @@@ We shouldn't modify a const string, though.
-	 */
-	if (strncmp(file,"*POSIX(", sizeof("*POSIX(")-1) == 0) {
-		char *end;
-
-		/* Skip the "*POSIX(" prefix */
-		file += sizeof("*POSIX(")-1;
-		end = &file[strlen(file)-1];
-		if (*end == ')')
-			*end = '\0';
-		/* Optional: use the basename of the path only. */
-		if ((end = strrchr(file, '/')) != NULL)
-			file = &end[1];
-	}
+    /*
+     * In the BS2000-OSD POSIX subsystem, the compiler generates path names
+     * in the form "*POSIX(/etc/passwd)". This dirty hack strips them to
+     * something sensible. @@@ We shouldn't modify a const string, though.
+     */
+    if (strncmp(file, "*POSIX(", sizeof("*POSIX(") - 1) == 0) {
+        char *end;
+
+        /* Skip the "*POSIX(" prefix */
+        file += sizeof("*POSIX(") - 1;
+        end = &file[strlen(file) - 1];
+        if (*end == ')')
+            *end = '\0';
+        /* Optional: use the basename of the path only. */
+        if ((end = strrchr(file, '/')) != NULL)
+            file = &end[1];
+    }
 #endif
-	es=ERR_get_state();
-
-	es->top=(es->top+1)%ERR_NUM_ERRORS;
-	if (es->top == es->bottom)
-		es->bottom=(es->bottom+1)%ERR_NUM_ERRORS;
-	es->err_flags[es->top]=0;
-	es->err_buffer[es->top]=ERR_PACK(lib,func,reason);
-	es->err_file[es->top]=file;
-	es->err_line[es->top]=line;
-	err_clear_data(es,es->top);
-	}
+    es = ERR_get_state();
+
+    es->top = (es->top + 1) % ERR_NUM_ERRORS;
+    if (es->top == es->bottom)
+        es->bottom = (es->bottom + 1) % ERR_NUM_ERRORS;
+    es->err_flags[es->top] = 0;
+    es->err_buffer[es->top] = ERR_PACK(lib, func, reason);
+    es->err_file[es->top] = file;
+    es->err_line[es->top] = line;
+    err_clear_data(es, es->top);
+}
 
 void ERR_clear_error(void)
-	{
-	int i;
-	ERR_STATE *es;
+{
+    int i;
+    ERR_STATE *es;
 
-	es=ERR_get_state();
-
-	for (i=0; i<ERR_NUM_ERRORS; i++)
-		{
-		err_clear(es,i);
-		}
-	es->top=es->bottom=0;
-	}
+    es = ERR_get_state();
 
+    for (i = 0; i < ERR_NUM_ERRORS; i++) {
+        err_clear(es, i);
+    }
+    es->top = es->bottom = 0;
+}
 
 unsigned long ERR_get_error(void)
-	{ return(get_error_values(1,0,NULL,NULL,NULL,NULL)); }
+{
+    return (get_error_values(1, 0, NULL, NULL, NULL, NULL));
+}
 
-unsigned long ERR_get_error_line(const char **file,
-	     int *line)
-	{ return(get_error_values(1,0,file,line,NULL,NULL)); }
+unsigned long ERR_get_error_line(const char **file, int *line)
+{
+    return (get_error_values(1, 0, file, line, NULL, NULL));
+}
 
 unsigned long ERR_get_error_line_data(const char **file, int *line,
-	     const char **data, int *flags)
-	{ return(get_error_values(1,0,file,line,data,flags)); }
-
+                                      const char **data, int *flags)
+{
+    return (get_error_values(1, 0, file, line, data, flags));
+}
 
 unsigned long ERR_peek_error(void)
-	{ return(get_error_values(0,0,NULL,NULL,NULL,NULL)); }
+{
+    return (get_error_values(0, 0, NULL, NULL, NULL, NULL));
+}
 
 unsigned long ERR_peek_error_line(const char **file, int *line)
-	{ return(get_error_values(0,0,file,line,NULL,NULL)); }
+{
+    return (get_error_values(0, 0, file, line, NULL, NULL));
+}
 
 unsigned long ERR_peek_error_line_data(const char **file, int *line,
-	     const char **data, int *flags)
-	{ return(get_error_values(0,0,file,line,data,flags)); }
-
+                                       const char **data, int *flags)
+{
+    return (get_error_values(0, 0, file, line, data, flags));
+}
 
 unsigned long ERR_peek_last_error(void)
-	{ return(get_error_values(0,1,NULL,NULL,NULL,NULL)); }
+{
+    return (get_error_values(0, 1, NULL, NULL, NULL, NULL));
+}
 
 unsigned long ERR_peek_last_error_line(const char **file, int *line)
-	{ return(get_error_values(0,1,file,line,NULL,NULL)); }
+{
+    return (get_error_values(0, 1, file, line, NULL, NULL));
+}
 
 unsigned long ERR_peek_last_error_line_data(const char **file, int *line,
-	     const char **data, int *flags)
-	{ return(get_error_values(0,1,file,line,data,flags)); }
-
-
-static unsigned long get_error_values(int inc, int top, const char **file, int *line,
-	     const char **data, int *flags)
-	{	
-	int i=0;
-	ERR_STATE *es;
-	unsigned long ret;
-
-	es=ERR_get_state();
-
-	if (inc && top)
-		{
-		if (file) *file = "";
-		if (line) *line = 0;
-		if (data) *data = "";
-		if (flags) *flags = 0;
-			
-		return ERR_R_INTERNAL_ERROR;
-		}
-
-	if (es->bottom == es->top) return 0;
-	if (top)
-		i=es->top;			 /* last error */
-	else
-		i=(es->bottom+1)%ERR_NUM_ERRORS; /* first error */
-
-	ret=es->err_buffer[i];
-	if (inc)
-		{
-		es->bottom=i;
-		es->err_buffer[i]=0;
-		}
-
-	if ((file != NULL) && (line != NULL))
-		{
-		if (es->err_file[i] == NULL)
-			{
-			*file="NA";
-			if (line != NULL) *line=0;
-			}
-		else
-			{
-			*file=es->err_file[i];
-			if (line != NULL) *line=es->err_line[i];
-			}
-		}
-
-	if (data == NULL)
-		{
-		if (inc)
-			{
-			err_clear_data(es, i);
-			}
-		}
-	else
-		{
-		if (es->err_data[i] == NULL)
-			{
-			*data="";
-			if (flags != NULL) *flags=0;
-			}
-		else
-			{
-			*data=es->err_data[i];
-			if (flags != NULL) *flags=es->err_data_flags[i];
-			}
-		}
-	return ret;
-	}
+                                            const char **data, int *flags)
+{
+    return (get_error_values(0, 1, file, line, data, flags));
+}
+
+static unsigned long get_error_values(int inc, int top, const char **file,
+                                      int *line, const char **data,
+                                      int *flags)
+{
+    int i = 0;
+    ERR_STATE *es;
+    unsigned long ret;
+
+    es = ERR_get_state();
+
+    if (inc && top) {
+        if (file)
+            *file = "";
+        if (line)
+            *line = 0;
+        if (data)
+            *data = "";
+        if (flags)
+            *flags = 0;
+
+        return ERR_R_INTERNAL_ERROR;
+    }
+
+    if (es->bottom == es->top)
+        return 0;
+    if (top)
+        i = es->top;            /* last error */
+    else
+        i = (es->bottom + 1) % ERR_NUM_ERRORS; /* first error */
+
+    ret = es->err_buffer[i];
+    if (inc) {
+        es->bottom = i;
+        es->err_buffer[i] = 0;
+    }
+
+    if ((file != NULL) && (line != NULL)) {
+        if (es->err_file[i] == NULL) {
+            *file = "NA";
+            if (line != NULL)
+                *line = 0;
+        } else {
+            *file = es->err_file[i];
+            if (line != NULL)
+                *line = es->err_line[i];
+        }
+    }
+
+    if (data == NULL) {
+        if (inc) {
+            err_clear_data(es, i);
+        }
+    } else {
+        if (es->err_data[i] == NULL) {
+            *data = "";
+            if (flags != NULL)
+                *flags = 0;
+        } else {
+            *data = es->err_data[i];
+            if (flags != NULL)
+                *flags = es->err_data_flags[i];
+        }
+    }
+    return ret;
+}
 
 void ERR_set_error_data(char *data, int flags)
-	{
-	ERR_STATE *es;
-	int i;
+{
+    ERR_STATE *es;
+    int i;
 
-	es=ERR_get_state();
+    es = ERR_get_state();
 
-	i=es->top;
-	if (i == 0)
-		i=ERR_NUM_ERRORS-1;
+    i = es->top;
+    if (i == 0)
+        i = ERR_NUM_ERRORS - 1;
 
-	err_clear_data(es,i);
-	es->err_data[i]=data;
-	es->err_data_flags[i]=flags;
-	}
+    err_clear_data(es, i);
+    es->err_data[i] = data;
+    es->err_data_flags[i] = flags;
+}
 
 /* Add EFIAPI for UEFI version. */
 #if defined(OPENSSL_SYS_UEFI)
@@ -319,103 +327,101 @@ void EFIAPI ERR_add_error_data(int num, ...)
 #else
 void ERR_add_error_data(int num, ...)
 #endif
-	{
-	va_list args;
-	int i,n,s;
-	char *str,*p,*a;
-
-	s=80;
-	str=OPENSSL_malloc(s+1);
-	if (str == NULL) return;
-	str[0]='\0';
-
-	va_start(args, num);
-	n=0;
-	for (i=0; i<num; i++)
-		{
-		a=va_arg(args, char*);
-		/* ignore NULLs, thanks to Bob Beck <beck@obtuse.com> */
-		if (a != NULL)
-			{
-			n+=strlen(a);
-			if (n > s)
-				{
-				s=n+20;
-				p=OPENSSL_realloc(str,s+1);
-				if (p == NULL)
-					{
-					OPENSSL_free(str);
-					goto err;
-					}
-				else
-					str=p;
-				}
-			BUF_strlcat(str,a,(size_t)s+1);
-			}
-		}
-	ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
-
-err:
-	va_end(args);
-	}
+{
+    va_list args;
+    int i, n, s;
+    char *str, *p, *a;
+
+    s = 80;
+    str = OPENSSL_malloc(s + 1);
+    if (str == NULL)
+        return;
+    str[0] = '\0';
+
+    va_start(args, num);
+    n = 0;
+    for (i = 0; i < num; i++) {
+        a = va_arg(args, char *);
+        /* ignore NULLs, thanks to Bob Beck <beck@obtuse.com> */
+        if (a != NULL) {
+            n += strlen(a);
+            if (n > s) {
+                s = n + 20;
+                p = OPENSSL_realloc(str, s + 1);
+                if (p == NULL) {
+                    OPENSSL_free(str);
+                    goto err;
+                } else
+                    str = p;
+            }
+            BUF_strlcat(str, a, (size_t)s + 1);
+        }
+    }
+    ERR_set_error_data(str, ERR_TXT_MALLOCED | ERR_TXT_STRING);
+
+ err:
+    va_end(args);
+}
 
 int ERR_set_mark(void)
-	{
-	ERR_STATE *es;
+{
+    ERR_STATE *es;
 
-	es=ERR_get_state();
+    es = ERR_get_state();
 
-	if (es->bottom == es->top) return 0;
-	es->err_flags[es->top]|=ERR_FLAG_MARK;
-	return 1;
-	}
+    if (es->bottom == es->top)
+        return 0;
+    es->err_flags[es->top] |= ERR_FLAG_MARK;
+    return 1;
+}
 
 int ERR_pop_to_mark(void)
-	{
-	ERR_STATE *es;
-
-	es=ERR_get_state();
-
-	while(es->bottom != es->top
-		&& (es->err_flags[es->top] & ERR_FLAG_MARK) == 0)
-		{
-		err_clear(es,es->top);
-		es->top-=1;
-		if (es->top == -1) es->top=ERR_NUM_ERRORS-1;
-		}
-		
-	if (es->bottom == es->top) return 0;
-	es->err_flags[es->top]&=~ERR_FLAG_MARK;
-	return 1;
-	}
+{
+    ERR_STATE *es;
+
+    es = ERR_get_state();
+
+    while (es->bottom != es->top
+           && (es->err_flags[es->top] & ERR_FLAG_MARK) == 0) {
+        err_clear(es, es->top);
+        es->top -= 1;
+        if (es->top == -1)
+            es->top = ERR_NUM_ERRORS - 1;
+    }
+
+    if (es->bottom == es->top)
+        return 0;
+    es->err_flags[es->top] &= ~ERR_FLAG_MARK;
+    return 1;
+}
 
 #ifdef OPENSSL_FIPS
 
 static ERR_STATE *fget_state(void)
-	{
-	static ERR_STATE fstate;
-	return &fstate;
-	}
+{
+    static ERR_STATE fstate;
+    return &fstate;
+}
 
-ERR_STATE *(*get_state_func)(void) = fget_state;
-void (*remove_state_func)(unsigned long pid);
+ERR_STATE *(*get_state_func) (void) = fget_state;
+void (*remove_state_func) (unsigned long pid);
 
 ERR_STATE *ERR_get_state(void)
-	{
-	return get_state_func();
-	}
+{
+    return get_state_func();
+}
 
-void int_ERR_set_state_func(ERR_STATE *(*get_func)(void),
-				void (*remove_func)(unsigned long pid))
-	{
-	get_state_func = get_func;
-	remove_state_func = remove_func;
-	}
+void int_ERR_set_state_func(ERR_STATE *(*get_func) (void),
+                            void (*remove_func) (unsigned long pid))
+{
+    get_state_func = get_func;
+    remove_state_func = remove_func;
+}
 
 void ERR_remove_state(unsigned long pid)
-	{
-	if (remove_state_func)
-		remove_state_func(pid);
-	}
+{
+    if (remove_state_func)
+        remove_state_func(pid);
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/err/err_all.c b/Cryptlib/OpenSSL/crypto/err/err_all.c
index 0429389f..6e12a7e6 100644
--- a/Cryptlib/OpenSSL/crypto/err/err_all.c
+++ b/Cryptlib/OpenSSL/crypto/err/err_all.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,24 +60,24 @@
 #include <openssl/asn1.h>
 #include <openssl/bn.h>
 #ifndef OPENSSL_NO_EC
-#include <openssl/ec.h>
+# include <openssl/ec.h>
 #endif
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 #ifndef OPENSSL_NO_ECDSA
-#include <openssl/ecdsa.h>
+# include <openssl/ecdsa.h>
 #endif
 #ifndef OPENSSL_NO_ECDH
-#include <openssl/ecdh.h>
+# include <openssl/ecdh.h>
 #endif
 #include <openssl/evp.h>
 #include <openssl/objects.h>
@@ -89,77 +89,77 @@
 #include <openssl/rand.h>
 #include <openssl/dso.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 #include <openssl/ui.h>
 #include <openssl/ocsp.h>
 #include <openssl/err.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
 #ifndef OPENSSL_NO_CMS
-#include <openssl/cms.h>
+# include <openssl/cms.h>
 #endif
 #ifndef OPENSSL_NO_JPAKE
-#include <openssl/jpake.h>
+# include <openssl/jpake.h>
 #endif
 #ifndef OPENSSL_NO_COMP
-#include <openssl/comp.h>
+# include <openssl/comp.h>
 #endif
 
 void ERR_load_crypto_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
-	ERR_load_ERR_strings(); /* include error strings for SYSerr */
-	ERR_load_BN_strings();
-#ifndef OPENSSL_NO_RSA
-	ERR_load_RSA_strings();
-#endif
-#ifndef OPENSSL_NO_DH
-	ERR_load_DH_strings();
-#endif
-	ERR_load_EVP_strings();
-	ERR_load_BUF_strings();
-	ERR_load_OBJ_strings();
-	ERR_load_PEM_strings();
-#ifndef OPENSSL_NO_DSA
-	ERR_load_DSA_strings();
-#endif
-	ERR_load_X509_strings();
-	ERR_load_ASN1_strings();
-	ERR_load_CONF_strings();
-	ERR_load_CRYPTO_strings();
-#ifndef OPENSSL_NO_EC
-	ERR_load_EC_strings();
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	ERR_load_ECDSA_strings();
-#endif
-#ifndef OPENSSL_NO_ECDH
-	ERR_load_ECDH_strings();
-#endif
-	/* skip ERR_load_SSL_strings() because it is not in this library */
-	ERR_load_BIO_strings();
-	ERR_load_PKCS7_strings();	
-	ERR_load_X509V3_strings();
-	ERR_load_PKCS12_strings();
-	ERR_load_RAND_strings();
-	ERR_load_DSO_strings();
-#ifndef OPENSSL_NO_ENGINE
-	ERR_load_ENGINE_strings();
-#endif
-	ERR_load_OCSP_strings();
-	ERR_load_UI_strings();
-#ifdef OPENSSL_FIPS
-	ERR_load_FIPS_strings();
-#endif
-#ifndef OPENSSL_NO_CMS
-	ERR_load_CMS_strings();
-#endif
-#ifndef OPENSSL_NO_JPAKE
-	ERR_load_JPAKE_strings();
-#endif
-	ERR_load_COMP_strings();
-#endif
-	}
+    ERR_load_ERR_strings();     /* include error strings for SYSerr */
+    ERR_load_BN_strings();
+# ifndef OPENSSL_NO_RSA
+    ERR_load_RSA_strings();
+# endif
+# ifndef OPENSSL_NO_DH
+    ERR_load_DH_strings();
+# endif
+    ERR_load_EVP_strings();
+    ERR_load_BUF_strings();
+    ERR_load_OBJ_strings();
+    ERR_load_PEM_strings();
+# ifndef OPENSSL_NO_DSA
+    ERR_load_DSA_strings();
+# endif
+    ERR_load_X509_strings();
+    ERR_load_ASN1_strings();
+    ERR_load_CONF_strings();
+    ERR_load_CRYPTO_strings();
+# ifndef OPENSSL_NO_EC
+    ERR_load_EC_strings();
+# endif
+# ifndef OPENSSL_NO_ECDSA
+    ERR_load_ECDSA_strings();
+# endif
+# ifndef OPENSSL_NO_ECDH
+    ERR_load_ECDH_strings();
+# endif
+    /* skip ERR_load_SSL_strings() because it is not in this library */
+    ERR_load_BIO_strings();
+    ERR_load_PKCS7_strings();
+    ERR_load_X509V3_strings();
+    ERR_load_PKCS12_strings();
+    ERR_load_RAND_strings();
+    ERR_load_DSO_strings();
+# ifndef OPENSSL_NO_ENGINE
+    ERR_load_ENGINE_strings();
+# endif
+    ERR_load_OCSP_strings();
+    ERR_load_UI_strings();
+# ifdef OPENSSL_FIPS
+    ERR_load_FIPS_strings();
+# endif
+# ifndef OPENSSL_NO_CMS
+    ERR_load_CMS_strings();
+# endif
+# ifndef OPENSSL_NO_JPAKE
+    ERR_load_JPAKE_strings();
+# endif
+    ERR_load_COMP_strings();
+#endif
+}
diff --git a/Cryptlib/OpenSSL/crypto/err/err_bio.c b/Cryptlib/OpenSSL/crypto/err/err_bio.c
index a42f8048..b8b22fa9 100644
--- a/Cryptlib/OpenSSL/crypto/err/err_bio.c
+++ b/Cryptlib/OpenSSL/crypto/err/err_bio.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,12 +64,11 @@
 #include <openssl/err.h>
 
 static int print_bio(const char *str, size_t len, void *bp)
-	{
-	return BIO_write((BIO *)bp, str, len);
-	}
-void ERR_print_errors(BIO *bp)
-	{
-	ERR_print_errors_cb(print_bio, bp);
-	}
+{
+    return BIO_write((BIO *)bp, str, len);
+}
 
-	
+void ERR_print_errors(BIO *bp)
+{
+    ERR_print_errors_cb(print_bio, bp);
+}
diff --git a/Cryptlib/OpenSSL/crypto/err/err_def.c b/Cryptlib/OpenSSL/crypto/err/err_def.c
index 7ed3d849..8144652a 100644
--- a/Cryptlib/OpenSSL/crypto/err/err_def.c
+++ b/Cryptlib/OpenSSL/crypto/err/err_def.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -120,47 +120,46 @@
 #include <openssl/err.h>
 
 #define err_clear_data(p,i) \
-	do { \
-	if (((p)->err_data[i] != NULL) && \
-		(p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
-		{  \
-		OPENSSL_free((p)->err_data[i]); \
-		(p)->err_data[i]=NULL; \
-		} \
-	(p)->err_data_flags[i]=0; \
-	} while(0)
+        do { \
+        if (((p)->err_data[i] != NULL) && \
+                (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \
+                {  \
+                OPENSSL_free((p)->err_data[i]); \
+                (p)->err_data[i]=NULL; \
+                } \
+        (p)->err_data_flags[i]=0; \
+        } while(0)
 
 #define err_clear(p,i) \
-	do { \
-	(p)->err_flags[i]=0; \
-	(p)->err_buffer[i]=0; \
-	err_clear_data(p,i); \
-	(p)->err_file[i]=NULL; \
-	(p)->err_line[i]= -1; \
-	} while(0)
+        do { \
+        (p)->err_flags[i]=0; \
+        (p)->err_buffer[i]=0; \
+        err_clear_data(p,i); \
+        (p)->err_file[i]=NULL; \
+        (p)->err_line[i]= -1; \
+        } while(0)
 
 static void err_load_strings(int lib, ERR_STRING_DATA *str);
 
 static void ERR_STATE_free(ERR_STATE *s);
 
 /* Define the predeclared (but externally opaque) "ERR_FNS" type */
-struct st_ERR_FNS
-	{
-	/* Works on the "error_hash" string table */
-	LHASH *(*cb_err_get)(int create);
-	void (*cb_err_del)(void);
-	ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *);
-	ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *);
-	ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *);
-	/* Works on the "thread_hash" error-state table */
-	LHASH *(*cb_thread_get)(int create);
-	void (*cb_thread_release)(LHASH **hash);
-	ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *);
-	ERR_STATE *(*cb_thread_set_item)(ERR_STATE *);
-	void (*cb_thread_del_item)(const ERR_STATE *);
-	/* Returns the next available error "library" numbers */
-	int (*cb_get_next_lib)(void);
-	};
+struct st_ERR_FNS {
+    /* Works on the "error_hash" string table */
+    LHASH *(*cb_err_get) (int create);
+    void (*cb_err_del) (void);
+    ERR_STRING_DATA *(*cb_err_get_item) (const ERR_STRING_DATA *);
+    ERR_STRING_DATA *(*cb_err_set_item) (ERR_STRING_DATA *);
+    ERR_STRING_DATA *(*cb_err_del_item) (ERR_STRING_DATA *);
+    /* Works on the "thread_hash" error-state table */
+    LHASH *(*cb_thread_get) (int create);
+    void (*cb_thread_release) (LHASH **hash);
+    ERR_STATE *(*cb_thread_get_item) (const ERR_STATE *);
+    ERR_STATE *(*cb_thread_set_item) (ERR_STATE *);
+    void (*cb_thread_del_item) (const ERR_STATE *);
+    /* Returns the next available error "library" numbers */
+    int (*cb_get_next_lib) (void);
+};
 
 /* Predeclarations of the "err_defaults" functions */
 static LHASH *int_err_get(int create);
@@ -175,20 +174,19 @@ static ERR_STATE *int_thread_set_item(ERR_STATE *);
 static void int_thread_del_item(const ERR_STATE *);
 static int int_err_get_next_lib(void);
 /* The static ERR_FNS table using these defaults functions */
-static const ERR_FNS err_defaults =
-	{
-	int_err_get,
-	int_err_del,
-	int_err_get_item,
-	int_err_set_item,
-	int_err_del_item,
-	int_thread_get,
-	int_thread_release,
-	int_thread_get_item,
-	int_thread_set_item,
-	int_thread_del_item,
-	int_err_get_next_lib
-	};
+static const ERR_FNS err_defaults = {
+    int_err_get,
+    int_err_del,
+    int_err_get_item,
+    int_err_set_item,
+    int_err_del_item,
+    int_thread_get,
+    int_thread_release,
+    int_thread_get_item,
+    int_thread_set_item,
+    int_thread_del_item,
+    int_err_get_next_lib
+};
 
 /* The replacable table of ERR_FNS functions we use at run-time */
 static const ERR_FNS *err_fns = NULL;
@@ -196,54 +194,62 @@ static const ERR_FNS *err_fns = NULL;
 /* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */
 #define ERRFN(a) err_fns->cb_##a
 
-/* The internal state used by "err_defaults" - as such, the setting, reading,
+/*
+ * The internal state used by "err_defaults" - as such, the setting, reading,
  * creating, and deleting of this data should only be permitted via the
- * "err_defaults" functions. This way, a linked module can completely defer all
- * ERR state operation (together with requisite locking) to the implementations
- * and state in the loading application. */
+ * "err_defaults" functions. This way, a linked module can completely defer
+ * all ERR state operation (together with requisite locking) to the
+ * implementations and state in the loading application.
+ */
 static LHASH *int_error_hash = NULL;
 static LHASH *int_thread_hash = NULL;
 static int int_thread_hash_references = 0;
-static int int_err_library_number= ERR_LIB_USER;
+static int int_err_library_number = ERR_LIB_USER;
 
-/* Internal function that checks whether "err_fns" is set and if not, sets it to
- * the defaults. */
+/*
+ * Internal function that checks whether "err_fns" is set and if not, sets it
+ * to the defaults.
+ */
 static void err_fns_check(void)
-	{
-	if (err_fns) return;
-	
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	if (!err_fns)
-		err_fns = &err_defaults;
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-	}
+{
+    if (err_fns)
+        return;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+    if (!err_fns)
+        err_fns = &err_defaults;
+    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+}
 
 /* API functions to get or set the underlying ERR functions. */
 
 const ERR_FNS *ERR_get_implementation(void)
-	{
-	err_fns_check();
-	return err_fns;
-	}
+{
+    err_fns_check();
+    return err_fns;
+}
 
 int ERR_set_implementation(const ERR_FNS *fns)
-	{
-	int ret = 0;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	/* It's too late if 'err_fns' is non-NULL. BTW: not much point setting
-	 * an error is there?! */
-	if (!err_fns)
-		{
-		err_fns = fns;
-		ret = 1;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-	return ret;
-	}
-
-/* These are the callbacks provided to "lh_new()" when creating the LHASH tables
- * internal to the "err_defaults" implementation. */
+{
+    int ret = 0;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+    /*
+     * It's too late if 'err_fns' is non-NULL. BTW: not much point setting an
+     * error is there?!
+     */
+    if (!err_fns) {
+        err_fns = fns;
+        ret = 1;
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+    return ret;
+}
+
+/*
+ * These are the callbacks provided to "lh_new()" when creating the LHASH
+ * tables internal to the "err_defaults" implementation.
+ */
 
 /* static unsigned long err_hash(ERR_STRING_DATA *a); */
 static unsigned long err_hash(const void *a_void);
@@ -252,414 +258,408 @@ static int err_cmp(const void *a_void, const void *b_void);
 /* static unsigned long pid_hash(ERR_STATE *pid); */
 static unsigned long pid_hash(const void *pid_void);
 /* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */
-static int pid_cmp(const void *a_void,const void *pid_void);
+static int pid_cmp(const void *a_void, const void *pid_void);
 
 /* The internal functions used in the "err_defaults" implementation */
 
 static LHASH *int_err_get(int create)
-	{
-	LHASH *ret = NULL;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	if (!int_error_hash && create)
-		{
-		CRYPTO_push_info("int_err_get (err.c)");
-		int_error_hash = lh_new(err_hash, err_cmp);
-		CRYPTO_pop_info();
-		}
-	if (int_error_hash)
-		ret = int_error_hash;
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-	return ret;
-	}
+{
+    LHASH *ret = NULL;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+    if (!int_error_hash && create) {
+        CRYPTO_push_info("int_err_get (err.c)");
+        int_error_hash = lh_new(err_hash, err_cmp);
+        CRYPTO_pop_info();
+    }
+    if (int_error_hash)
+        ret = int_error_hash;
+    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+    return ret;
+}
 
 static void int_err_del(void)
-	{
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	if (int_error_hash)
-		{
-		lh_free(int_error_hash);
-		int_error_hash = NULL;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-	}
+{
+    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+    if (int_error_hash) {
+        lh_free(int_error_hash);
+        int_error_hash = NULL;
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+}
 
 static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d)
-	{
-	ERR_STRING_DATA *p;
-	LHASH *hash;
+{
+    ERR_STRING_DATA *p;
+    LHASH *hash;
 
-	err_fns_check();
-	hash = ERRFN(err_get)(0);
-	if (!hash)
-		return NULL;
+    err_fns_check();
+    hash = ERRFN(err_get) (0);
+    if (!hash)
+        return NULL;
 
-	CRYPTO_r_lock(CRYPTO_LOCK_ERR);
-	p = (ERR_STRING_DATA *)lh_retrieve(hash, d);
-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+    CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+    p = (ERR_STRING_DATA *)lh_retrieve(hash, d);
+    CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
 
-	return p;
-	}
+    return p;
+}
 
 static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d)
-	{
-	ERR_STRING_DATA *p;
-	LHASH *hash;
+{
+    ERR_STRING_DATA *p;
+    LHASH *hash;
 
-	err_fns_check();
-	hash = ERRFN(err_get)(1);
-	if (!hash)
-		return NULL;
+    err_fns_check();
+    hash = ERRFN(err_get) (1);
+    if (!hash)
+        return NULL;
 
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	p = (ERR_STRING_DATA *)lh_insert(hash, d);
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+    p = (ERR_STRING_DATA *)lh_insert(hash, d);
+    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 
-	return p;
-	}
+    return p;
+}
 
 static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d)
-	{
-	ERR_STRING_DATA *p;
-	LHASH *hash;
+{
+    ERR_STRING_DATA *p;
+    LHASH *hash;
 
-	err_fns_check();
-	hash = ERRFN(err_get)(0);
-	if (!hash)
-		return NULL;
+    err_fns_check();
+    hash = ERRFN(err_get) (0);
+    if (!hash)
+        return NULL;
 
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	p = (ERR_STRING_DATA *)lh_delete(hash, d);
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+    p = (ERR_STRING_DATA *)lh_delete(hash, d);
+    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 
-	return p;
-	}
+    return p;
+}
 
 static LHASH *int_thread_get(int create)
-	{
-	LHASH *ret = NULL;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	if (!int_thread_hash && create)
-		{
-		CRYPTO_push_info("int_thread_get (err.c)");
-		int_thread_hash = lh_new(pid_hash, pid_cmp);
-		CRYPTO_pop_info();
-		}
-	if (int_thread_hash)
-		{
-		int_thread_hash_references++;
-		ret = int_thread_hash;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-	return ret;
-	}
+{
+    LHASH *ret = NULL;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+    if (!int_thread_hash && create) {
+        CRYPTO_push_info("int_thread_get (err.c)");
+        int_thread_hash = lh_new(pid_hash, pid_cmp);
+        CRYPTO_pop_info();
+    }
+    if (int_thread_hash) {
+        int_thread_hash_references++;
+        ret = int_thread_hash;
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+    return ret;
+}
 
 static void int_thread_release(LHASH **hash)
-	{
-	int i;
+{
+    int i;
 
-	if (hash == NULL || *hash == NULL)
-		return;
+    if (hash == NULL || *hash == NULL)
+        return;
 
-	i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
+    i = CRYPTO_add(&int_thread_hash_references, -1, CRYPTO_LOCK_ERR);
 
 #ifdef REF_PRINT
-	fprintf(stderr,"%4d:%s\n",int_thread_hash_references,"ERR");
+    fprintf(stderr, "%4d:%s\n", int_thread_hash_references, "ERR");
 #endif
-	if (i > 0) return;
+    if (i > 0)
+        return;
 #ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"int_thread_release, bad reference count\n");
-		abort(); /* ok */
-		}
+    if (i < 0) {
+        fprintf(stderr, "int_thread_release, bad reference count\n");
+        abort();                /* ok */
+    }
 #endif
-	*hash = NULL;
-	}
+    *hash = NULL;
+}
 
 static ERR_STATE *int_thread_get_item(const ERR_STATE *d)
-	{
-	ERR_STATE *p;
-	LHASH *hash;
+{
+    ERR_STATE *p;
+    LHASH *hash;
 
-	err_fns_check();
-	hash = ERRFN(thread_get)(0);
-	if (!hash)
-		return NULL;
+    err_fns_check();
+    hash = ERRFN(thread_get) (0);
+    if (!hash)
+        return NULL;
 
-	CRYPTO_r_lock(CRYPTO_LOCK_ERR);
-	p = (ERR_STATE *)lh_retrieve(hash, d);
-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+    CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+    p = (ERR_STATE *)lh_retrieve(hash, d);
+    CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
 
-	ERRFN(thread_release)(&hash);
-	return p;
-	}
+    ERRFN(thread_release) (&hash);
+    return p;
+}
 
 static ERR_STATE *int_thread_set_item(ERR_STATE *d)
-	{
-	ERR_STATE *p;
-	LHASH *hash;
+{
+    ERR_STATE *p;
+    LHASH *hash;
 
-	err_fns_check();
-	hash = ERRFN(thread_get)(1);
-	if (!hash)
-		return NULL;
+    err_fns_check();
+    hash = ERRFN(thread_get) (1);
+    if (!hash)
+        return NULL;
 
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	p = (ERR_STATE *)lh_insert(hash, d);
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+    p = (ERR_STATE *)lh_insert(hash, d);
+    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 
-	ERRFN(thread_release)(&hash);
-	return p;
-	}
+    ERRFN(thread_release) (&hash);
+    return p;
+}
 
 static void int_thread_del_item(const ERR_STATE *d)
-	{
-	ERR_STATE *p;
-	LHASH *hash;
-
-	err_fns_check();
-	hash = ERRFN(thread_get)(0);
-	if (!hash)
-		return;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	p = (ERR_STATE *)lh_delete(hash, d);
-	/* make sure we don't leak memory */
-	if (int_thread_hash_references == 1
-		&& int_thread_hash && (lh_num_items(int_thread_hash) == 0))
-		{
-		lh_free(int_thread_hash);
-		int_thread_hash = NULL;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-
-	ERRFN(thread_release)(&hash);
-	if (p)
-		ERR_STATE_free(p);
-	}
+{
+    ERR_STATE *p;
+    LHASH *hash;
+
+    err_fns_check();
+    hash = ERRFN(thread_get) (0);
+    if (!hash)
+        return;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+    p = (ERR_STATE *)lh_delete(hash, d);
+    /* make sure we don't leak memory */
+    if (int_thread_hash_references == 1
+        && int_thread_hash && (lh_num_items(int_thread_hash) == 0)) {
+        lh_free(int_thread_hash);
+        int_thread_hash = NULL;
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+
+    ERRFN(thread_release) (&hash);
+    if (p)
+        ERR_STATE_free(p);
+}
 
 static int int_err_get_next_lib(void)
-	{
-	int ret;
+{
+    int ret;
 
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	ret = int_err_library_number++;
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+    ret = int_err_library_number++;
+    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
 
-	return ret;
-	}
+    return ret;
+}
 
 static void ERR_STATE_free(ERR_STATE *s)
-	{
-	int i;
+{
+    int i;
 
-	if (s == NULL)
-	    return;
+    if (s == NULL)
+        return;
 
-	for (i=0; i<ERR_NUM_ERRORS; i++)
-		{
-		err_clear_data(s,i);
-		}
-	OPENSSL_free(s);
-	}
+    for (i = 0; i < ERR_NUM_ERRORS; i++) {
+        err_clear_data(s, i);
+    }
+    OPENSSL_free(s);
+}
 
 static void err_load_strings(int lib, ERR_STRING_DATA *str)
-	{
-	while (str->error)
-		{
-		if (lib)
-			str->error|=ERR_PACK(lib,0,0);
-		ERRFN(err_set_item)(str);
-		str++;
-		}
-	}
+{
+    while (str->error) {
+        if (lib)
+            str->error |= ERR_PACK(lib, 0, 0);
+        ERRFN(err_set_item) (str);
+        str++;
+    }
+}
 
 void ERR_load_strings(int lib, ERR_STRING_DATA *str)
-	{
-	err_fns_check();
-	err_load_strings(lib, str);
-	}
+{
+    err_fns_check();
+    err_load_strings(lib, str);
+}
 
 void ERR_unload_strings(int lib, ERR_STRING_DATA *str)
-	{
-	while (str->error)
-		{
-		if (lib)
-			str->error|=ERR_PACK(lib,0,0);
-		ERRFN(err_del_item)(str);
-		str++;
-		}
-	}
+{
+    while (str->error) {
+        if (lib)
+            str->error |= ERR_PACK(lib, 0, 0);
+        ERRFN(err_del_item) (str);
+        str++;
+    }
+}
 
 void ERR_free_strings(void)
-	{
-	err_fns_check();
-	ERRFN(err_del)();
-	}
+{
+    err_fns_check();
+    ERRFN(err_del) ();
+}
 
 LHASH *ERR_get_string_table(void)
-	{
-	err_fns_check();
-	return ERRFN(err_get)(0);
-	}
+{
+    err_fns_check();
+    return ERRFN(err_get) (0);
+}
 
 LHASH *ERR_get_err_state_table(void)
-	{
-	err_fns_check();
-	return ERRFN(thread_get)(0);
-	}
+{
+    err_fns_check();
+    return ERRFN(thread_get) (0);
+}
 
 void ERR_release_err_state_table(LHASH **hash)
-	{
-	err_fns_check();
-	ERRFN(thread_release)(hash);
-	}
+{
+    err_fns_check();
+    ERRFN(thread_release) (hash);
+}
 
 const char *ERR_lib_error_string(unsigned long e)
-	{
-	ERR_STRING_DATA d,*p;
-	unsigned long l;
+{
+    ERR_STRING_DATA d, *p;
+    unsigned long l;
 
-	err_fns_check();
-	l=ERR_GET_LIB(e);
-	d.error=ERR_PACK(l,0,0);
-	p=ERRFN(err_get_item)(&d);
-	return((p == NULL)?NULL:p->string);
-	}
+    err_fns_check();
+    l = ERR_GET_LIB(e);
+    d.error = ERR_PACK(l, 0, 0);
+    p = ERRFN(err_get_item) (&d);
+    return ((p == NULL) ? NULL : p->string);
+}
 
 const char *ERR_func_error_string(unsigned long e)
-	{
-	ERR_STRING_DATA d,*p;
-	unsigned long l,f;
-
-	err_fns_check();
-	l=ERR_GET_LIB(e);
-	f=ERR_GET_FUNC(e);
-	d.error=ERR_PACK(l,f,0);
-	p=ERRFN(err_get_item)(&d);
-	return((p == NULL)?NULL:p->string);
-	}
+{
+    ERR_STRING_DATA d, *p;
+    unsigned long l, f;
+
+    err_fns_check();
+    l = ERR_GET_LIB(e);
+    f = ERR_GET_FUNC(e);
+    d.error = ERR_PACK(l, f, 0);
+    p = ERRFN(err_get_item) (&d);
+    return ((p == NULL) ? NULL : p->string);
+}
 
 const char *ERR_reason_error_string(unsigned long e)
-	{
-	ERR_STRING_DATA d,*p=NULL;
-	unsigned long l,r;
-
-	err_fns_check();
-	l=ERR_GET_LIB(e);
-	r=ERR_GET_REASON(e);
-	d.error=ERR_PACK(l,0,r);
-	p=ERRFN(err_get_item)(&d);
-	if (!p)
-		{
-		d.error=ERR_PACK(0,0,r);
-		p=ERRFN(err_get_item)(&d);
-		}
-	return((p == NULL)?NULL:p->string);
-	}
+{
+    ERR_STRING_DATA d, *p = NULL;
+    unsigned long l, r;
+
+    err_fns_check();
+    l = ERR_GET_LIB(e);
+    r = ERR_GET_REASON(e);
+    d.error = ERR_PACK(l, 0, r);
+    p = ERRFN(err_get_item) (&d);
+    if (!p) {
+        d.error = ERR_PACK(0, 0, r);
+        p = ERRFN(err_get_item) (&d);
+    }
+    return ((p == NULL) ? NULL : p->string);
+}
 
 /* static unsigned long err_hash(ERR_STRING_DATA *a) */
 static unsigned long err_hash(const void *a_void)
-	{
-	unsigned long ret,l;
+{
+    unsigned long ret, l;
 
-	l=((const ERR_STRING_DATA *)a_void)->error;
-	ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l);
-	return(ret^ret%19*13);
-	}
+    l = ((const ERR_STRING_DATA *)a_void)->error;
+    ret = l ^ ERR_GET_LIB(l) ^ ERR_GET_FUNC(l);
+    return (ret ^ ret % 19 * 13);
+}
 
 /* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */
 static int err_cmp(const void *a_void, const void *b_void)
-	{
-	return((int)(((const ERR_STRING_DATA *)a_void)->error -
-			((const ERR_STRING_DATA *)b_void)->error));
-	}
+{
+    return ((int)(((const ERR_STRING_DATA *)a_void)->error -
+                  ((const ERR_STRING_DATA *)b_void)->error));
+}
 
 /* static unsigned long pid_hash(ERR_STATE *a) */
 static unsigned long pid_hash(const void *a_void)
-	{
-	return(((const ERR_STATE *)a_void)->pid*13);
-	}
+{
+    return (((const ERR_STATE *)a_void)->pid * 13);
+}
 
 /* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */
 static int pid_cmp(const void *a_void, const void *b_void)
-	{
-	return((int)((long)((const ERR_STATE *)a_void)->pid -
-			(long)((const ERR_STATE *)b_void)->pid));
-	}
+{
+    return ((int)((long)((const ERR_STATE *)a_void)->pid -
+                  (long)((const ERR_STATE *)b_void)->pid));
+}
+
 #ifdef OPENSSL_FIPS
 static void int_err_remove_state(unsigned long pid)
 #else
 void ERR_remove_state(unsigned long pid)
 #endif
-	{
-	ERR_STATE tmp;
-
-	err_fns_check();
-	if (pid == 0)
-		pid=(unsigned long)CRYPTO_thread_id();
-	tmp.pid=pid;
-	/* thread_del_item automatically destroys the LHASH if the number of
-	 * items reaches zero. */
-	ERRFN(thread_del_item)(&tmp);
-	}
+{
+    ERR_STATE tmp;
+
+    err_fns_check();
+    if (pid == 0)
+        pid = (unsigned long)CRYPTO_thread_id();
+    tmp.pid = pid;
+    /*
+     * thread_del_item automatically destroys the LHASH if the number of
+     * items reaches zero.
+     */
+    ERRFN(thread_del_item) (&tmp);
+}
 
 #ifdef OPENSSL_FIPS
-	static ERR_STATE *int_err_get_state(void)
+static ERR_STATE *int_err_get_state(void)
 #else
 ERR_STATE *ERR_get_state(void)
 #endif
-	{
-	static ERR_STATE fallback;
-	ERR_STATE *ret,tmp,*tmpp=NULL;
-	int i;
-	unsigned long pid;
-
-	err_fns_check();
-	pid=(unsigned long)CRYPTO_thread_id();
-	tmp.pid=pid;
-	ret=ERRFN(thread_get_item)(&tmp);
-
-	/* ret == the error state, if NULL, make a new one */
-	if (ret == NULL)
-		{
-		ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
-		if (ret == NULL) return(&fallback);
-		ret->pid=pid;
-		ret->top=0;
-		ret->bottom=0;
-		for (i=0; i<ERR_NUM_ERRORS; i++)
-			{
-			ret->err_data[i]=NULL;
-			ret->err_data_flags[i]=0;
-			}
-		tmpp = ERRFN(thread_set_item)(ret);
-		/* To check if insertion failed, do a get. */
-		if (ERRFN(thread_get_item)(ret) != ret)
-			{
-			ERR_STATE_free(ret); /* could not insert it */
-			return(&fallback);
-			}
-		/* If a race occured in this function and we came second, tmpp
-		 * is the first one that we just replaced. */
-		if (tmpp)
-			ERR_STATE_free(tmpp);
-		}
-	return ret;
-	}
+{
+    static ERR_STATE fallback;
+    ERR_STATE *ret, tmp, *tmpp = NULL;
+    int i;
+    unsigned long pid;
+
+    err_fns_check();
+    pid = (unsigned long)CRYPTO_thread_id();
+    tmp.pid = pid;
+    ret = ERRFN(thread_get_item) (&tmp);
+
+    /* ret == the error state, if NULL, make a new one */
+    if (ret == NULL) {
+        ret = (ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE));
+        if (ret == NULL)
+            return (&fallback);
+        ret->pid = pid;
+        ret->top = 0;
+        ret->bottom = 0;
+        for (i = 0; i < ERR_NUM_ERRORS; i++) {
+            ret->err_data[i] = NULL;
+            ret->err_data_flags[i] = 0;
+        }
+        tmpp = ERRFN(thread_set_item) (ret);
+        /* To check if insertion failed, do a get. */
+        if (ERRFN(thread_get_item) (ret) != ret) {
+            ERR_STATE_free(ret); /* could not insert it */
+            return (&fallback);
+        }
+        /*
+         * If a race occured in this function and we came second, tmpp is the
+         * first one that we just replaced.
+         */
+        if (tmpp)
+            ERR_STATE_free(tmpp);
+    }
+    return ret;
+}
 
 #ifdef OPENSSL_FIPS
 void int_ERR_lib_init(void)
-	{
-	int_ERR_set_state_func(int_err_get_state, int_err_remove_state);
-	}
+{
+    int_ERR_set_state_func(int_err_get_state, int_err_remove_state);
+}
 #endif
 
 int ERR_get_next_error_library(void)
-	{
-	err_fns_check();
-	return ERRFN(get_next_lib)();
-	}
+{
+    err_fns_check();
+    return ERRFN(get_next_lib) ();
+}
diff --git a/Cryptlib/OpenSSL/crypto/err/err_prn.c b/Cryptlib/OpenSSL/crypto/err/err_prn.c
index 1e46f93e..060853a2 100644
--- a/Cryptlib/OpenSSL/crypto/err/err_prn.c
+++ b/Cryptlib/OpenSSL/crypto/err/err_prn.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,101 +63,104 @@
 #include <openssl/buffer.h>
 #include <openssl/err.h>
 
-void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u),
-			 void *u)
-	{
-	unsigned long l;
-	char buf[256];
-	char buf2[4096];
-	const char *file,*data;
-	int line,flags;
-	unsigned long es;
-
-	es=CRYPTO_thread_id();
-	while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0)
-		{
-		ERR_error_string_n(l, buf, sizeof buf);
-		BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
-			file, line, (flags & ERR_TXT_STRING) ? data : "");
-		if (cb(buf2, strlen(buf2), u) <= 0)
-			break; /* abort outputting the error report */
-		}
-	}
+void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
+                         void *u)
+{
+    unsigned long l;
+    char buf[256];
+    char buf2[4096];
+    const char *file, *data;
+    int line, flags;
+    unsigned long es;
+
+    es = CRYPTO_thread_id();
+    while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
+        ERR_error_string_n(l, buf, sizeof buf);
+        BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf,
+                     file, line, (flags & ERR_TXT_STRING) ? data : "");
+        if (cb(buf2, strlen(buf2), u) <= 0)
+            break;              /* abort outputting the error report */
+    }
+}
 
 #ifndef OPENSSL_NO_FP_API
 static int print_fp(const char *str, size_t len, void *fp)
-	{
-	BIO bio;
+{
+    BIO bio;
+
+    BIO_set(&bio, BIO_s_file());
+    BIO_set_fp(&bio, fp, BIO_NOCLOSE);
 
-	BIO_set(&bio,BIO_s_file());
-	BIO_set_fp(&bio,fp,BIO_NOCLOSE);
+    return BIO_printf(&bio, "%s", str);
+}
 
-	return BIO_printf(&bio, "%s", str);
-	}
 void ERR_print_errors_fp(FILE *fp)
-	{
-	ERR_print_errors_cb(print_fp, fp);
-	}
+{
+    ERR_print_errors_cb(print_fp, fp);
+}
 #endif
 
 void ERR_error_string_n(unsigned long e, char *buf, size_t len)
-	{
-	char lsbuf[64], fsbuf[64], rsbuf[64];
-	const char *ls,*fs,*rs;
-	unsigned long l,f,r;
-
-	l=ERR_GET_LIB(e);
-	f=ERR_GET_FUNC(e);
-	r=ERR_GET_REASON(e);
-
-	ls=ERR_lib_error_string(e);
-	fs=ERR_func_error_string(e);
-	rs=ERR_reason_error_string(e);
-
-	if (ls == NULL) 
-		BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
-	if (fs == NULL)
-		BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
-	if (rs == NULL)
-		BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
-
-	BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, 
-		fs?fs:fsbuf, rs?rs:rsbuf);
-	if (strlen(buf) == len-1)
-		{
-		/* output may be truncated; make sure we always have 5 
-		 * colon-separated fields, i.e. 4 colons ... */
+{
+    char lsbuf[64], fsbuf[64], rsbuf[64];
+    const char *ls, *fs, *rs;
+    unsigned long l, f, r;
+
+    l = ERR_GET_LIB(e);
+    f = ERR_GET_FUNC(e);
+    r = ERR_GET_REASON(e);
+
+    ls = ERR_lib_error_string(e);
+    fs = ERR_func_error_string(e);
+    rs = ERR_reason_error_string(e);
+
+    if (ls == NULL)
+        BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l);
+    if (fs == NULL)
+        BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f);
+    if (rs == NULL)
+        BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r);
+
+    BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls ? ls : lsbuf,
+                 fs ? fs : fsbuf, rs ? rs : rsbuf);
+    if (strlen(buf) == len - 1) {
+        /*
+         * output may be truncated; make sure we always have 5
+         * colon-separated fields, i.e. 4 colons ...
+         */
 #define NUM_COLONS 4
-		if (len > NUM_COLONS) /* ... if possible */
-			{
-			int i;
-			char *s = buf;
-			
-			for (i = 0; i < NUM_COLONS; i++)
-				{
-				char *colon = strchr(s, ':');
-				if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i)
-					{
-					/* set colon no. i at last possible position
-					 * (buf[len-1] is the terminating 0)*/
-					colon = &buf[len-1] - NUM_COLONS + i;
-					*colon = ':';
-					}
-				s = colon + 1;
-				}
-			}
-		}
-	}
+        if (len > NUM_COLONS) { /* ... if possible */
+            int i;
+            char *s = buf;
+
+            for (i = 0; i < NUM_COLONS; i++) {
+                char *colon = strchr(s, ':');
+                if (colon == NULL || colon > &buf[len - 1] - NUM_COLONS + i) {
+                    /*
+                     * set colon no. i at last possible position (buf[len-1]
+                     * is the terminating 0)
+                     */
+                    colon = &buf[len - 1] - NUM_COLONS + i;
+                    *colon = ':';
+                }
+                s = colon + 1;
+            }
+        }
+    }
+}
 
 /* BAD for multi-threading: uses a local buffer if ret == NULL */
-/* ERR_error_string_n should be used instead for ret != NULL
- * as ERR_error_string cannot know how large the buffer is */
+/*
+ * ERR_error_string_n should be used instead for ret != NULL as
+ * ERR_error_string cannot know how large the buffer is
+ */
 char *ERR_error_string(unsigned long e, char *ret)
-	{
-	static char buf[256];
+{
+    static char buf[256];
 
-	if (ret == NULL) ret=buf;
-	ERR_error_string_n(e, ret, 256);
+    if (ret == NULL)
+        ret = buf;
+    ERR_error_string_n(e, ret, 256);
 
-	return ret;
-	}
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/err/err_str.c b/Cryptlib/OpenSSL/crypto/err/err_str.c
index d3904088..5a642fb7 100644
--- a/Cryptlib/OpenSSL/crypto/err/err_str.c
+++ b/Cryptlib/OpenSSL/crypto/err/err_str.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -120,176 +120,170 @@
 #include <openssl/err.h>
 
 #ifndef OPENSSL_NO_ERR
-static ERR_STRING_DATA ERR_str_libraries[]=
-	{
-{ERR_PACK(ERR_LIB_NONE,0,0)		,"unknown library"},
-{ERR_PACK(ERR_LIB_SYS,0,0)		,"system library"},
-{ERR_PACK(ERR_LIB_BN,0,0)		,"bignum routines"},
-{ERR_PACK(ERR_LIB_RSA,0,0)		,"rsa routines"},
-{ERR_PACK(ERR_LIB_DH,0,0)		,"Diffie-Hellman routines"},
-{ERR_PACK(ERR_LIB_EVP,0,0)		,"digital envelope routines"},
-{ERR_PACK(ERR_LIB_BUF,0,0)		,"memory buffer routines"},
-{ERR_PACK(ERR_LIB_OBJ,0,0)		,"object identifier routines"},
-{ERR_PACK(ERR_LIB_PEM,0,0)		,"PEM routines"},
-{ERR_PACK(ERR_LIB_DSA,0,0)		,"dsa routines"},
-{ERR_PACK(ERR_LIB_X509,0,0)		,"x509 certificate routines"},
-{ERR_PACK(ERR_LIB_ASN1,0,0)		,"asn1 encoding routines"},
-{ERR_PACK(ERR_LIB_CONF,0,0)		,"configuration file routines"},
-{ERR_PACK(ERR_LIB_CRYPTO,0,0)		,"common libcrypto routines"},
-{ERR_PACK(ERR_LIB_EC,0,0)		,"elliptic curve routines"},
-{ERR_PACK(ERR_LIB_SSL,0,0)		,"SSL routines"},
-{ERR_PACK(ERR_LIB_BIO,0,0)		,"BIO routines"},
-{ERR_PACK(ERR_LIB_PKCS7,0,0)		,"PKCS7 routines"},
-{ERR_PACK(ERR_LIB_X509V3,0,0)		,"X509 V3 routines"},
-{ERR_PACK(ERR_LIB_PKCS12,0,0)		,"PKCS12 routines"},
-{ERR_PACK(ERR_LIB_RAND,0,0)		,"random number generator"},
-{ERR_PACK(ERR_LIB_DSO,0,0)		,"DSO support routines"},
-{ERR_PACK(ERR_LIB_ENGINE,0,0)		,"engine routines"},
-{ERR_PACK(ERR_LIB_OCSP,0,0)		,"OCSP routines"},
-{ERR_PACK(ERR_LIB_FIPS,0,0)		,"FIPS routines"},
-{ERR_PACK(ERR_LIB_CMS,0,0)		,"CMS routines"},
-{ERR_PACK(ERR_LIB_JPAKE,0,0)		,"JPAKE routines"},
-{0,NULL},
-	};
+static ERR_STRING_DATA ERR_str_libraries[] = {
+    {ERR_PACK(ERR_LIB_NONE, 0, 0), "unknown library"},
+    {ERR_PACK(ERR_LIB_SYS, 0, 0), "system library"},
+    {ERR_PACK(ERR_LIB_BN, 0, 0), "bignum routines"},
+    {ERR_PACK(ERR_LIB_RSA, 0, 0), "rsa routines"},
+    {ERR_PACK(ERR_LIB_DH, 0, 0), "Diffie-Hellman routines"},
+    {ERR_PACK(ERR_LIB_EVP, 0, 0), "digital envelope routines"},
+    {ERR_PACK(ERR_LIB_BUF, 0, 0), "memory buffer routines"},
+    {ERR_PACK(ERR_LIB_OBJ, 0, 0), "object identifier routines"},
+    {ERR_PACK(ERR_LIB_PEM, 0, 0), "PEM routines"},
+    {ERR_PACK(ERR_LIB_DSA, 0, 0), "dsa routines"},
+    {ERR_PACK(ERR_LIB_X509, 0, 0), "x509 certificate routines"},
+    {ERR_PACK(ERR_LIB_ASN1, 0, 0), "asn1 encoding routines"},
+    {ERR_PACK(ERR_LIB_CONF, 0, 0), "configuration file routines"},
+    {ERR_PACK(ERR_LIB_CRYPTO, 0, 0), "common libcrypto routines"},
+    {ERR_PACK(ERR_LIB_EC, 0, 0), "elliptic curve routines"},
+    {ERR_PACK(ERR_LIB_SSL, 0, 0), "SSL routines"},
+    {ERR_PACK(ERR_LIB_BIO, 0, 0), "BIO routines"},
+    {ERR_PACK(ERR_LIB_PKCS7, 0, 0), "PKCS7 routines"},
+    {ERR_PACK(ERR_LIB_X509V3, 0, 0), "X509 V3 routines"},
+    {ERR_PACK(ERR_LIB_PKCS12, 0, 0), "PKCS12 routines"},
+    {ERR_PACK(ERR_LIB_RAND, 0, 0), "random number generator"},
+    {ERR_PACK(ERR_LIB_DSO, 0, 0), "DSO support routines"},
+    {ERR_PACK(ERR_LIB_ENGINE, 0, 0), "engine routines"},
+    {ERR_PACK(ERR_LIB_OCSP, 0, 0), "OCSP routines"},
+    {ERR_PACK(ERR_LIB_FIPS, 0, 0), "FIPS routines"},
+    {ERR_PACK(ERR_LIB_CMS, 0, 0), "CMS routines"},
+    {ERR_PACK(ERR_LIB_JPAKE, 0, 0), "JPAKE routines"},
+    {0, NULL},
+};
 
-static ERR_STRING_DATA ERR_str_functs[]=
-	{
-	{ERR_PACK(0,SYS_F_FOPEN,0),     	"fopen"},
-	{ERR_PACK(0,SYS_F_CONNECT,0),		"connect"},
-	{ERR_PACK(0,SYS_F_GETSERVBYNAME,0),	"getservbyname"},
-	{ERR_PACK(0,SYS_F_SOCKET,0),		"socket"}, 
-	{ERR_PACK(0,SYS_F_IOCTLSOCKET,0),	"ioctlsocket"},
-	{ERR_PACK(0,SYS_F_BIND,0),		"bind"},
-	{ERR_PACK(0,SYS_F_LISTEN,0),		"listen"},
-	{ERR_PACK(0,SYS_F_ACCEPT,0),		"accept"},
-#ifdef OPENSSL_SYS_WINDOWS
-	{ERR_PACK(0,SYS_F_WSASTARTUP,0),	"WSAstartup"},
-#endif
-	{ERR_PACK(0,SYS_F_OPENDIR,0),		"opendir"},
-	{ERR_PACK(0,SYS_F_FREAD,0),		"fread"},
-	{0,NULL},
-	};
+static ERR_STRING_DATA ERR_str_functs[] = {
+    {ERR_PACK(0, SYS_F_FOPEN, 0), "fopen"},
+    {ERR_PACK(0, SYS_F_CONNECT, 0), "connect"},
+    {ERR_PACK(0, SYS_F_GETSERVBYNAME, 0), "getservbyname"},
+    {ERR_PACK(0, SYS_F_SOCKET, 0), "socket"},
+    {ERR_PACK(0, SYS_F_IOCTLSOCKET, 0), "ioctlsocket"},
+    {ERR_PACK(0, SYS_F_BIND, 0), "bind"},
+    {ERR_PACK(0, SYS_F_LISTEN, 0), "listen"},
+    {ERR_PACK(0, SYS_F_ACCEPT, 0), "accept"},
+# ifdef OPENSSL_SYS_WINDOWS
+    {ERR_PACK(0, SYS_F_WSASTARTUP, 0), "WSAstartup"},
+# endif
+    {ERR_PACK(0, SYS_F_OPENDIR, 0), "opendir"},
+    {ERR_PACK(0, SYS_F_FREAD, 0), "fread"},
+    {0, NULL},
+};
 
-static ERR_STRING_DATA ERR_str_reasons[]=
-	{
-{ERR_R_SYS_LIB				,"system lib"},
-{ERR_R_BN_LIB				,"BN lib"},
-{ERR_R_RSA_LIB				,"RSA lib"},
-{ERR_R_DH_LIB				,"DH lib"},
-{ERR_R_EVP_LIB				,"EVP lib"},
-{ERR_R_BUF_LIB				,"BUF lib"},
-{ERR_R_OBJ_LIB				,"OBJ lib"},
-{ERR_R_PEM_LIB				,"PEM lib"},
-{ERR_R_DSA_LIB				,"DSA lib"},
-{ERR_R_X509_LIB				,"X509 lib"},
-{ERR_R_ASN1_LIB				,"ASN1 lib"},
-{ERR_R_CONF_LIB				,"CONF lib"},
-{ERR_R_CRYPTO_LIB			,"CRYPTO lib"},
-{ERR_R_EC_LIB				,"EC lib"},
-{ERR_R_SSL_LIB				,"SSL lib"},
-{ERR_R_BIO_LIB				,"BIO lib"},
-{ERR_R_PKCS7_LIB			,"PKCS7 lib"},
-{ERR_R_X509V3_LIB			,"X509V3 lib"},
-{ERR_R_PKCS12_LIB			,"PKCS12 lib"},
-{ERR_R_RAND_LIB				,"RAND lib"},
-{ERR_R_DSO_LIB				,"DSO lib"},
-{ERR_R_ENGINE_LIB			,"ENGINE lib"},
-{ERR_R_OCSP_LIB				,"OCSP lib"},
+static ERR_STRING_DATA ERR_str_reasons[] = {
+    {ERR_R_SYS_LIB, "system lib"},
+    {ERR_R_BN_LIB, "BN lib"},
+    {ERR_R_RSA_LIB, "RSA lib"},
+    {ERR_R_DH_LIB, "DH lib"},
+    {ERR_R_EVP_LIB, "EVP lib"},
+    {ERR_R_BUF_LIB, "BUF lib"},
+    {ERR_R_OBJ_LIB, "OBJ lib"},
+    {ERR_R_PEM_LIB, "PEM lib"},
+    {ERR_R_DSA_LIB, "DSA lib"},
+    {ERR_R_X509_LIB, "X509 lib"},
+    {ERR_R_ASN1_LIB, "ASN1 lib"},
+    {ERR_R_CONF_LIB, "CONF lib"},
+    {ERR_R_CRYPTO_LIB, "CRYPTO lib"},
+    {ERR_R_EC_LIB, "EC lib"},
+    {ERR_R_SSL_LIB, "SSL lib"},
+    {ERR_R_BIO_LIB, "BIO lib"},
+    {ERR_R_PKCS7_LIB, "PKCS7 lib"},
+    {ERR_R_X509V3_LIB, "X509V3 lib"},
+    {ERR_R_PKCS12_LIB, "PKCS12 lib"},
+    {ERR_R_RAND_LIB, "RAND lib"},
+    {ERR_R_DSO_LIB, "DSO lib"},
+    {ERR_R_ENGINE_LIB, "ENGINE lib"},
+    {ERR_R_OCSP_LIB, "OCSP lib"},
 
-{ERR_R_NESTED_ASN1_ERROR		,"nested asn1 error"},
-{ERR_R_BAD_ASN1_OBJECT_HEADER		,"bad asn1 object header"},
-{ERR_R_BAD_GET_ASN1_OBJECT_CALL		,"bad get asn1 object call"},
-{ERR_R_EXPECTING_AN_ASN1_SEQUENCE	,"expecting an asn1 sequence"},
-{ERR_R_ASN1_LENGTH_MISMATCH		,"asn1 length mismatch"},
-{ERR_R_MISSING_ASN1_EOS			,"missing asn1 eos"},
+    {ERR_R_NESTED_ASN1_ERROR, "nested asn1 error"},
+    {ERR_R_BAD_ASN1_OBJECT_HEADER, "bad asn1 object header"},
+    {ERR_R_BAD_GET_ASN1_OBJECT_CALL, "bad get asn1 object call"},
+    {ERR_R_EXPECTING_AN_ASN1_SEQUENCE, "expecting an asn1 sequence"},
+    {ERR_R_ASN1_LENGTH_MISMATCH, "asn1 length mismatch"},
+    {ERR_R_MISSING_ASN1_EOS, "missing asn1 eos"},
 
-{ERR_R_FATAL                            ,"fatal"},
-{ERR_R_MALLOC_FAILURE			,"malloc failure"},
-{ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED	,"called a function you should not call"},
-{ERR_R_PASSED_NULL_PARAMETER		,"passed a null parameter"},
-{ERR_R_INTERNAL_ERROR			,"internal error"},
-{ERR_R_DISABLED				,"called a function that was disabled at compile-time"},
+    {ERR_R_FATAL, "fatal"},
+    {ERR_R_MALLOC_FAILURE, "malloc failure"},
+    {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
+     "called a function you should not call"},
+    {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"},
+    {ERR_R_INTERNAL_ERROR, "internal error"},
+    {ERR_R_DISABLED, "called a function that was disabled at compile-time"},
 
-{0,NULL},
-	};
+    {0, NULL},
+};
 #endif
 
 #ifndef OPENSSL_NO_ERR
-#define NUM_SYS_STR_REASONS 127
-#define LEN_SYS_STR_REASON 32
+# define NUM_SYS_STR_REASONS 127
+# define LEN_SYS_STR_REASON 32
 
 static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1];
-/* SYS_str_reasons is filled with copies of strerror() results at
- * initialization.
- * 'errno' values up to 127 should cover all usual errors,
- * others will be displayed numerically by ERR_error_string.
- * It is crucial that we have something for each reason code
- * that occurs in ERR_str_reasons, or bogus reason strings
- * will be returned for SYSerr, which always gets an errno
- * value and never one of those 'standard' reason codes. */
+/*
+ * SYS_str_reasons is filled with copies of strerror() results at
+ * initialization. 'errno' values up to 127 should cover all usual errors,
+ * others will be displayed numerically by ERR_error_string. It is crucial
+ * that we have something for each reason code that occurs in
+ * ERR_str_reasons, or bogus reason strings will be returned for SYSerr,
+ * which always gets an errno value and never one of those 'standard' reason
+ * codes.
+ */
 
 static void build_SYS_str_reasons(void)
-	{
-	/* OPENSSL_malloc cannot be used here, use static storage instead */
-	static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
-	int i;
-	static int init = 1;
+{
+    /* OPENSSL_malloc cannot be used here, use static storage instead */
+    static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON];
+    int i;
+    static int init = 1;
+
+    CRYPTO_r_lock(CRYPTO_LOCK_ERR);
+    if (!init) {
+        CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+        return;
+    }
 
-	CRYPTO_r_lock(CRYPTO_LOCK_ERR);
-	if (!init)
-		{
-		CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-		return;
-		}
-	
-	CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
-	CRYPTO_w_lock(CRYPTO_LOCK_ERR);
-	if (!init)
-		{
-		CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-		return;
-		}
+    CRYPTO_r_unlock(CRYPTO_LOCK_ERR);
+    CRYPTO_w_lock(CRYPTO_LOCK_ERR);
+    if (!init) {
+        CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+        return;
+    }
 
-	for (i = 1; i <= NUM_SYS_STR_REASONS; i++)
-		{
-		ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
+    for (i = 1; i <= NUM_SYS_STR_REASONS; i++) {
+        ERR_STRING_DATA *str = &SYS_str_reasons[i - 1];
 
-		str->error = (unsigned long)i;
-		if (str->string == NULL)
-			{
-			char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
-			char *src = strerror(i);
-			if (src != NULL)
-				{
-				strncpy(*dest, src, sizeof *dest);
-				(*dest)[sizeof *dest - 1] = '\0';
-				str->string = *dest;
-				}
-			}
-		if (str->string == NULL)
-			str->string = "unknown";
-		}
+        str->error = (unsigned long)i;
+        if (str->string == NULL) {
+            char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]);
+            char *src = strerror(i);
+            if (src != NULL) {
+                strncpy(*dest, src, sizeof *dest);
+                (*dest)[sizeof *dest - 1] = '\0';
+                str->string = *dest;
+            }
+        }
+        if (str->string == NULL)
+            str->string = "unknown";
+    }
 
-	/* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL},
-	 * as required by ERR_load_strings. */
+    /*
+     * Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, as
+     * required by ERR_load_strings.
+     */
 
-	init = 0;
-	
-	CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
-	}
+    init = 0;
+
+    CRYPTO_w_unlock(CRYPTO_LOCK_ERR);
+}
 #endif
 
 void ERR_load_ERR_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
-	if (ERR_func_error_string(ERR_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,ERR_str_libraries);
-		ERR_load_strings(0,ERR_str_reasons);
-		ERR_load_strings(ERR_LIB_SYS,ERR_str_functs);
-		build_SYS_str_reasons();
-		ERR_load_strings(ERR_LIB_SYS,SYS_str_reasons);
-		}
+    if (ERR_func_error_string(ERR_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, ERR_str_libraries);
+        ERR_load_strings(0, ERR_str_reasons);
+        ERR_load_strings(ERR_LIB_SYS, ERR_str_functs);
+        build_SYS_str_reasons();
+        ERR_load_strings(ERR_LIB_SYS, SYS_str_reasons);
+    }
 #endif
-	}
-
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c
index 16863fe2..538b5202 100644
--- a/Cryptlib/OpenSSL/crypto/evp/bio_b64.c
+++ b/Cryptlib/OpenSSL/crypto/evp/bio_b64.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -65,535 +65,509 @@
 static int b64_write(BIO *h, const char *buf, int num);
 static int b64_read(BIO *h, char *buf, int size);
 static int b64_puts(BIO *h, const char *str);
-/*static int b64_gets(BIO *h, char *str, int size); */
+/*
+ * static int b64_gets(BIO *h, char *str, int size);
+ */
 static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int b64_new(BIO *h);
 static int b64_free(BIO *data);
-static long b64_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
-#define B64_BLOCK_SIZE	1024
-#define B64_BLOCK_SIZE2	768
-#define B64_NONE	0
-#define B64_ENCODE	1
-#define B64_DECODE	2
-
-typedef struct b64_struct
-	{
-	/*BIO *bio; moved to the BIO structure */
-	int buf_len;
-	int buf_off;
-	int tmp_len;		/* used to find the start when decoding */
-	int tmp_nl;		/* If true, scan until '\n' */
-	int encode;
-	int start;		/* have we started decoding yet? */
-	int cont;		/* <= 0 when finished */
-	EVP_ENCODE_CTX base64;
-	char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE)+10];
-	char tmp[B64_BLOCK_SIZE];
-	} BIO_B64_CTX;
-
-static BIO_METHOD methods_b64=
-	{
-	BIO_TYPE_BASE64,"base64 encoding",
-	b64_write,
-	b64_read,
-	b64_puts,
-	NULL, /* b64_gets, */
-	b64_ctrl,
-	b64_new,
-	b64_free,
-	b64_callback_ctrl,
-	};
+static long b64_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+#define B64_BLOCK_SIZE  1024
+#define B64_BLOCK_SIZE2 768
+#define B64_NONE        0
+#define B64_ENCODE      1
+#define B64_DECODE      2
+
+typedef struct b64_struct {
+    /*
+     * BIO *bio; moved to the BIO structure
+     */
+    int buf_len;
+    int buf_off;
+    int tmp_len;                /* used to find the start when decoding */
+    int tmp_nl;                 /* If true, scan until '\n' */
+    int encode;
+    int start;                  /* have we started decoding yet? */
+    int cont;                   /* <= 0 when finished */
+    EVP_ENCODE_CTX base64;
+    char buf[EVP_ENCODE_LENGTH(B64_BLOCK_SIZE) + 10];
+    char tmp[B64_BLOCK_SIZE];
+} BIO_B64_CTX;
+
+static BIO_METHOD methods_b64 = {
+    BIO_TYPE_BASE64, "base64 encoding",
+    b64_write,
+    b64_read,
+    b64_puts,
+    NULL,                       /* b64_gets, */
+    b64_ctrl,
+    b64_new,
+    b64_free,
+    b64_callback_ctrl,
+};
 
 BIO_METHOD *BIO_f_base64(void)
-	{
-	return(&methods_b64);
-	}
+{
+    return (&methods_b64);
+}
 
 static int b64_new(BIO *bi)
-	{
-	BIO_B64_CTX *ctx;
-
-	ctx=(BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX));
-	if (ctx == NULL) return(0);
-
-	ctx->buf_len=0;
-	ctx->tmp_len=0;
-	ctx->tmp_nl=0;
-	ctx->buf_off=0;
-	ctx->cont=1;
-	ctx->start=1;
-	ctx->encode=0;
-
-	bi->init=1;
-	bi->ptr=(char *)ctx;
-	bi->flags=0;
-	bi->num = 0;
-	return(1);
-	}
+{
+    BIO_B64_CTX *ctx;
+
+    ctx = (BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX));
+    if (ctx == NULL)
+        return (0);
+
+    ctx->buf_len = 0;
+    ctx->tmp_len = 0;
+    ctx->tmp_nl = 0;
+    ctx->buf_off = 0;
+    ctx->cont = 1;
+    ctx->start = 1;
+    ctx->encode = 0;
+
+    bi->init = 1;
+    bi->ptr = (char *)ctx;
+    bi->flags = 0;
+    bi->num = 0;
+    return (1);
+}
 
 static int b64_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	OPENSSL_free(a->ptr);
-	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;
-	return(1);
-	}
-	
+{
+    if (a == NULL)
+        return (0);
+    OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return (1);
+}
+
 static int b64_read(BIO *b, char *out, int outl)
-	{
-	int ret=0,i,ii,j,k,x,n,num,ret_code=0;
-	BIO_B64_CTX *ctx;
-	unsigned char *p,*q;
-
-	if (out == NULL) return(0);
-	ctx=(BIO_B64_CTX *)b->ptr;
-
-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
-	BIO_clear_retry_flags(b);
-
-	if (ctx->encode != B64_DECODE)
-		{
-		ctx->encode=B64_DECODE;
-		ctx->buf_len=0;
-		ctx->buf_off=0;
-		ctx->tmp_len=0;
-		EVP_DecodeInit(&(ctx->base64));
-		}
-
-	/* First check if there are bytes decoded/encoded */
-	if (ctx->buf_len > 0)
-		{
-		OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-		i=ctx->buf_len-ctx->buf_off;
-		if (i > outl) i=outl;
-		OPENSSL_assert(ctx->buf_off+i < (int)sizeof(ctx->buf));
-		memcpy(out,&(ctx->buf[ctx->buf_off]),i);
-		ret=i;
-		out+=i;
-		outl-=i;
-		ctx->buf_off+=i;
-		if (ctx->buf_len == ctx->buf_off)
-			{
-			ctx->buf_len=0;
-			ctx->buf_off=0;
-			}
-		}
-
-	/* At this point, we have room of outl bytes and an empty
-	 * buffer, so we should read in some more. */
-
-	ret_code=0;
-	while (outl > 0)
-		{
-		if (ctx->cont <= 0)
-			break;
-
-		i=BIO_read(b->next_bio,&(ctx->tmp[ctx->tmp_len]),
-			B64_BLOCK_SIZE-ctx->tmp_len);
-
-		if (i <= 0)
-			{
-			ret_code=i;
-
-			/* Should we continue next time we are called? */
-			if (!BIO_should_retry(b->next_bio))
-				{
-				ctx->cont=i;
-				/* If buffer empty break */
-				if(ctx->tmp_len == 0)
-					break;
-				/* Fall through and process what we have */
-				else
-					i = 0;
-				}
-			/* else we retry and add more data to buffer */
-			else
-				break;
-			}
-		i+=ctx->tmp_len;
-		ctx->tmp_len = i;
-
-		/* We need to scan, a line at a time until we
-		 * have a valid line if we are starting. */
-		if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL))
-			{
-			/* ctx->start=1; */
-			ctx->tmp_len=0;
-			}
-		else if (ctx->start)
-			{
-			q=p=(unsigned char *)ctx->tmp;
-			num = 0;
-			for (j=0; j<i; j++)
-				{
-				if (*(q++) != '\n') continue;
-
-				/* due to a previous very long line,
-				 * we need to keep on scanning for a '\n'
-				 * before we even start looking for
-				 * base64 encoded stuff. */
-				if (ctx->tmp_nl)
-					{
-					p=q;
-					ctx->tmp_nl=0;
-					continue;
-					}
-
-				k=EVP_DecodeUpdate(&(ctx->base64),
-					(unsigned char *)ctx->buf,
-					&num,p,q-p);
-				if ((k <= 0) && (num == 0) && (ctx->start))
-					EVP_DecodeInit(&ctx->base64);
-				else 
-					{
-					if (p != (unsigned char *)
-						&(ctx->tmp[0]))
-						{
-						i-=(p- (unsigned char *)
-							&(ctx->tmp[0]));
-						for (x=0; x < i; x++)
-							ctx->tmp[x]=p[x];
-						}
-					EVP_DecodeInit(&ctx->base64);
-					ctx->start=0;
-					break;
-					}
-				p=q;
-				}
-
-			/* we fell off the end without starting */
-			if ((j == i) && (num == 0))
-				{
-				/* Is this is one long chunk?, if so, keep on
-				 * reading until a new line. */
-				if (p == (unsigned char *)&(ctx->tmp[0]))
-					{
-					/* Check buffer full */
-					if (i == B64_BLOCK_SIZE)
-						{
-						ctx->tmp_nl=1;
-						ctx->tmp_len=0;
-						}
-					}
-				else if (p != q) /* finished on a '\n' */
-					{
-					n=q-p;
-					for (ii=0; ii<n; ii++)
-						ctx->tmp[ii]=p[ii];
-					ctx->tmp_len=n;
-					}
-				/* else finished on a '\n' */
-				continue;
-				}
-			else
-			{
-				ctx->tmp_len=0;
-			}
-		}
-		else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0))
-		{
-			/* If buffer isn't full and we can retry then
-			 * restart to read in more data.
-			 */
-			continue;
-		}
-
-		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
-			{
-			int z,jj;
+{
+    int ret = 0, i, ii, j, k, x, n, num, ret_code = 0;
+    BIO_B64_CTX *ctx;
+    unsigned char *p, *q;
+
+    if (out == NULL)
+        return (0);
+    ctx = (BIO_B64_CTX *)b->ptr;
+
+    if ((ctx == NULL) || (b->next_bio == NULL))
+        return (0);
+
+    BIO_clear_retry_flags(b);
+
+    if (ctx->encode != B64_DECODE) {
+        ctx->encode = B64_DECODE;
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+        ctx->tmp_len = 0;
+        EVP_DecodeInit(&(ctx->base64));
+    }
+
+    /* First check if there are bytes decoded/encoded */
+    if (ctx->buf_len > 0) {
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        i = ctx->buf_len - ctx->buf_off;
+        if (i > outl)
+            i = outl;
+        OPENSSL_assert(ctx->buf_off + i < (int)sizeof(ctx->buf));
+        memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+        ret = i;
+        out += i;
+        outl -= i;
+        ctx->buf_off += i;
+        if (ctx->buf_len == ctx->buf_off) {
+            ctx->buf_len = 0;
+            ctx->buf_off = 0;
+        }
+    }
+
+    /*
+     * At this point, we have room of outl bytes and an empty buffer, so we
+     * should read in some more.
+     */
+
+    ret_code = 0;
+    while (outl > 0) {
+        if (ctx->cont <= 0)
+            break;
+
+        i = BIO_read(b->next_bio, &(ctx->tmp[ctx->tmp_len]),
+                     B64_BLOCK_SIZE - ctx->tmp_len);
+
+        if (i <= 0) {
+            ret_code = i;
+
+            /* Should we continue next time we are called? */
+            if (!BIO_should_retry(b->next_bio)) {
+                ctx->cont = i;
+                /* If buffer empty break */
+                if (ctx->tmp_len == 0)
+                    break;
+                /* Fall through and process what we have */
+                else
+                    i = 0;
+            }
+            /* else we retry and add more data to buffer */
+            else
+                break;
+        }
+        i += ctx->tmp_len;
+        ctx->tmp_len = i;
+
+        /*
+         * We need to scan, a line at a time until we have a valid line if we
+         * are starting.
+         */
+        if (ctx->start && (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)) {
+            /* ctx->start=1; */
+            ctx->tmp_len = 0;
+        } else if (ctx->start) {
+            q = p = (unsigned char *)ctx->tmp;
+            num = 0;
+            for (j = 0; j < i; j++) {
+                if (*(q++) != '\n')
+                    continue;
+
+                /*
+                 * due to a previous very long line, we need to keep on
+                 * scanning for a '\n' before we even start looking for
+                 * base64 encoded stuff.
+                 */
+                if (ctx->tmp_nl) {
+                    p = q;
+                    ctx->tmp_nl = 0;
+                    continue;
+                }
+
+                k = EVP_DecodeUpdate(&(ctx->base64),
+                                     (unsigned char *)ctx->buf,
+                                     &num, p, q - p);
+                if ((k <= 0) && (num == 0) && (ctx->start))
+                    EVP_DecodeInit(&ctx->base64);
+                else {
+                    if (p != (unsigned char *)
+                        &(ctx->tmp[0])) {
+                        i -= (p - (unsigned char *)
+                              &(ctx->tmp[0]));
+                        for (x = 0; x < i; x++)
+                            ctx->tmp[x] = p[x];
+                    }
+                    EVP_DecodeInit(&ctx->base64);
+                    ctx->start = 0;
+                    break;
+                }
+                p = q;
+            }
+
+            /* we fell off the end without starting */
+            if ((j == i) && (num == 0)) {
+                /*
+                 * Is this is one long chunk?, if so, keep on reading until a
+                 * new line.
+                 */
+                if (p == (unsigned char *)&(ctx->tmp[0])) {
+                    /* Check buffer full */
+                    if (i == B64_BLOCK_SIZE) {
+                        ctx->tmp_nl = 1;
+                        ctx->tmp_len = 0;
+                    }
+                } else if (p != q) { /* finished on a '\n' */
+                    n = q - p;
+                    for (ii = 0; ii < n; ii++)
+                        ctx->tmp[ii] = p[ii];
+                    ctx->tmp_len = n;
+                }
+                /* else finished on a '\n' */
+                continue;
+            } else {
+                ctx->tmp_len = 0;
+            }
+        } else if ((i < B64_BLOCK_SIZE) && (ctx->cont > 0)) {
+            /*
+             * If buffer isn't full and we can retry then restart to read in
+             * more data.
+             */
+            continue;
+        }
+
+        if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
+            int z, jj;
 
 #if 0
-			jj=(i>>2)<<2;
+            jj = (i >> 2) << 2;
 #else
-			jj = i & ~3; /* process per 4 */
+            jj = i & ~3;        /* process per 4 */
 #endif
-			z=EVP_DecodeBlock((unsigned char *)ctx->buf,
-				(unsigned char *)ctx->tmp,jj);
-			if (jj > 2)
-				{
-				if (ctx->tmp[jj-1] == '=')
-					{
-					z--;
-					if (ctx->tmp[jj-2] == '=')
-						z--;
-					}
-				}
-			/* z is now number of output bytes and jj is the
-			 * number consumed */
-			if (jj != i)
-				{
-				memmove(ctx->tmp, &ctx->tmp[jj], i-jj);
-				ctx->tmp_len=i-jj;
-				}
-			ctx->buf_len=0;
-			if (z > 0)
-				{
-				ctx->buf_len=z;
-				}
-			i=z;
-			}
-		else
-			{
-			i=EVP_DecodeUpdate(&(ctx->base64),
-				(unsigned char *)ctx->buf,&ctx->buf_len,
-				(unsigned char *)ctx->tmp,i);
-			ctx->tmp_len = 0;
-			}
-		ctx->buf_off=0;
-		if (i < 0)
-			{
-			ret_code=0;
-			ctx->buf_len=0;
-			break;
-			}
-
-		if (ctx->buf_len <= outl)
-			i=ctx->buf_len;
-		else
-			i=outl;
-
-		memcpy(out,ctx->buf,i);
-		ret+=i;
-		ctx->buf_off=i;
-		if (ctx->buf_off == ctx->buf_len)
-			{
-			ctx->buf_len=0;
-			ctx->buf_off=0;
-			}
-		outl-=i;
-		out+=i;
-		}
-	/* BIO_clear_retry_flags(b); */
-	BIO_copy_next_retry(b);
-	return((ret == 0)?ret_code:ret);
-	}
+            z = EVP_DecodeBlock((unsigned char *)ctx->buf,
+                                (unsigned char *)ctx->tmp, jj);
+            if (jj > 2) {
+                if (ctx->tmp[jj - 1] == '=') {
+                    z--;
+                    if (ctx->tmp[jj - 2] == '=')
+                        z--;
+                }
+            }
+            /*
+             * z is now number of output bytes and jj is the number consumed
+             */
+            if (jj != i) {
+                memmove(ctx->tmp, &ctx->tmp[jj], i - jj);
+                ctx->tmp_len = i - jj;
+            }
+            ctx->buf_len = 0;
+            if (z > 0) {
+                ctx->buf_len = z;
+            }
+            i = z;
+        } else {
+            i = EVP_DecodeUpdate(&(ctx->base64),
+                                 (unsigned char *)ctx->buf, &ctx->buf_len,
+                                 (unsigned char *)ctx->tmp, i);
+            ctx->tmp_len = 0;
+        }
+        ctx->buf_off = 0;
+        if (i < 0) {
+            ret_code = 0;
+            ctx->buf_len = 0;
+            break;
+        }
+
+        if (ctx->buf_len <= outl)
+            i = ctx->buf_len;
+        else
+            i = outl;
+
+        memcpy(out, ctx->buf, i);
+        ret += i;
+        ctx->buf_off = i;
+        if (ctx->buf_off == ctx->buf_len) {
+            ctx->buf_len = 0;
+            ctx->buf_off = 0;
+        }
+        outl -= i;
+        out += i;
+    }
+    /* BIO_clear_retry_flags(b); */
+    BIO_copy_next_retry(b);
+    return ((ret == 0) ? ret_code : ret);
+}
 
 static int b64_write(BIO *b, const char *in, int inl)
-	{
-	int ret=0;
-	int n;
-	int i;
-	BIO_B64_CTX *ctx;
-
-	ctx=(BIO_B64_CTX *)b->ptr;
-	BIO_clear_retry_flags(b);
-
-	if (ctx->encode != B64_ENCODE)
-		{
-		ctx->encode=B64_ENCODE;
-		ctx->buf_len=0;
-		ctx->buf_off=0;
-		ctx->tmp_len=0;
-		EVP_EncodeInit(&(ctx->base64));
-		}
-
-	OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
-	OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
-	OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-	n=ctx->buf_len-ctx->buf_off;
-	while (n > 0)
-		{
-		i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-		if (i <= 0)
-			{
-			BIO_copy_next_retry(b);
-			return(i);
-			}
-		OPENSSL_assert(i <= n);
-		ctx->buf_off+=i;
-		OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
-		OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-		n-=i;
-		}
-	/* at this point all pending data has been written */
-	ctx->buf_off=0;
-	ctx->buf_len=0;
-
-	if ((in == NULL) || (inl <= 0)) return(0);
-
-	while (inl > 0)
-		{
-		n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl;
-
-		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
-			{
-			if (ctx->tmp_len > 0)
-				{
-				OPENSSL_assert(ctx->tmp_len <= 3);
-				n=3-ctx->tmp_len;
-				/* There's a theoretical possibility for this */
-				if (n > inl) 
-					n=inl;
-				memcpy(&(ctx->tmp[ctx->tmp_len]),in,n);
-				ctx->tmp_len+=n;
-				ret += n;
-				if (ctx->tmp_len < 3)
-					break;
-				ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(unsigned char *)ctx->tmp,ctx->tmp_len);
-				OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
-				OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-				/* Since we're now done using the temporary
-				   buffer, the length should be 0'd */
-				ctx->tmp_len=0;
-				}
-			else
-				{
-				if (n < 3)
-					{
-					memcpy(ctx->tmp,in,n);
-					ctx->tmp_len=n;
-					ret += n;
-					break;
-					}
-				n-=n%3;
-				ctx->buf_len=EVP_EncodeBlock((unsigned char *)ctx->buf,(const unsigned char *)in,n);
-				OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
-				OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-				ret += n;
-				}
-			}
-		else
-			{
-			EVP_EncodeUpdate(&(ctx->base64),
-				(unsigned char *)ctx->buf,&ctx->buf_len,
-				(unsigned char *)in,n);
-			OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
-			OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-			ret += n;
-			}
-		inl-=n;
-		in+=n;
-
-		ctx->buf_off=0;
-		n=ctx->buf_len;
-		while (n > 0)
-			{
-			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-			if (i <= 0)
-				{
-				BIO_copy_next_retry(b);
-				return((ret == 0)?i:ret);
-				}
-			OPENSSL_assert(i <= n);
-			n-=i;
-			ctx->buf_off+=i;
-			OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
-			OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-			}
-		ctx->buf_len=0;
-		ctx->buf_off=0;
-		}
-	return(ret);
-	}
+{
+    int ret = 0;
+    int n;
+    int i;
+    BIO_B64_CTX *ctx;
+
+    ctx = (BIO_B64_CTX *)b->ptr;
+    BIO_clear_retry_flags(b);
+
+    if (ctx->encode != B64_ENCODE) {
+        ctx->encode = B64_ENCODE;
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+        ctx->tmp_len = 0;
+        EVP_EncodeInit(&(ctx->base64));
+    }
+
+    OPENSSL_assert(ctx->buf_off < (int)sizeof(ctx->buf));
+    OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+    OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+    n = ctx->buf_len - ctx->buf_off;
+    while (n > 0) {
+        i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+        if (i <= 0) {
+            BIO_copy_next_retry(b);
+            return (i);
+        }
+        OPENSSL_assert(i <= n);
+        ctx->buf_off += i;
+        OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        n -= i;
+    }
+    /* at this point all pending data has been written */
+    ctx->buf_off = 0;
+    ctx->buf_len = 0;
+
+    if ((in == NULL) || (inl <= 0))
+        return (0);
+
+    while (inl > 0) {
+        n = (inl > B64_BLOCK_SIZE) ? B64_BLOCK_SIZE : inl;
+
+        if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
+            if (ctx->tmp_len > 0) {
+                OPENSSL_assert(ctx->tmp_len <= 3);
+                n = 3 - ctx->tmp_len;
+                /*
+                 * There's a theoretical possibility for this
+                 */
+                if (n > inl)
+                    n = inl;
+                memcpy(&(ctx->tmp[ctx->tmp_len]), in, n);
+                ctx->tmp_len += n;
+                ret += n;
+                if (ctx->tmp_len < 3)
+                    break;
+                ctx->buf_len =
+                    EVP_EncodeBlock((unsigned char *)ctx->buf,
+                                    (unsigned char *)ctx->tmp, ctx->tmp_len);
+                OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+                /*
+                 * Since we're now done using the temporary buffer, the
+                 * length should be 0'd
+                 */
+                ctx->tmp_len = 0;
+            } else {
+                if (n < 3) {
+                    memcpy(ctx->tmp, in, n);
+                    ctx->tmp_len = n;
+                    ret += n;
+                    break;
+                }
+                n -= n % 3;
+                ctx->buf_len =
+                    EVP_EncodeBlock((unsigned char *)ctx->buf,
+                                    (const unsigned char *)in, n);
+                OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+                OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+                ret += n;
+            }
+        } else {
+            EVP_EncodeUpdate(&(ctx->base64),
+                             (unsigned char *)ctx->buf, &ctx->buf_len,
+                             (unsigned char *)in, n);
+            OPENSSL_assert(ctx->buf_len <= (int)sizeof(ctx->buf));
+            OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+            ret += n;
+        }
+        inl -= n;
+        in += n;
+
+        ctx->buf_off = 0;
+        n = ctx->buf_len;
+        while (n > 0) {
+            i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                return ((ret == 0) ? i : ret);
+            }
+            OPENSSL_assert(i <= n);
+            n -= i;
+            ctx->buf_off += i;
+            OPENSSL_assert(ctx->buf_off <= (int)sizeof(ctx->buf));
+            OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        }
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+    }
+    return (ret);
+}
 
 static long b64_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	BIO_B64_CTX *ctx;
-	long ret=1;
-	int i;
-
-	ctx=(BIO_B64_CTX *)b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ctx->cont=1;
-		ctx->start=1;
-		ctx->encode=B64_NONE;
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_EOF:	/* More to read */
-		if (ctx->cont <= 0)
-			ret=1;
-		else
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_WPENDING: /* More to write in buffer */
-		OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-		ret=ctx->buf_len-ctx->buf_off;
-		if ((ret == 0) && (ctx->encode != B64_NONE)
-			&& (ctx->base64.num != 0))
-			ret=1;
-		else if (ret <= 0)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_PENDING: /* More to read in buffer */
-		OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
-		ret=ctx->buf_len-ctx->buf_off;
-		if (ret <= 0)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_FLUSH:
-		/* do a final write */
-again:
-		while (ctx->buf_len != ctx->buf_off)
-			{
-			i=b64_write(b,NULL,0);
-			if (i < 0)
-				return i;
-			}
-		if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL)
-			{
-			if (ctx->tmp_len != 0)
-				{
-				ctx->buf_len=EVP_EncodeBlock(
-					(unsigned char *)ctx->buf,
-					(unsigned char *)ctx->tmp,
-					ctx->tmp_len);
-				ctx->buf_off=0;
-				ctx->tmp_len=0;
-				goto again;
-				}
-			}
-		else if (ctx->encode != B64_NONE && ctx->base64.num != 0)
-			{
-			ctx->buf_off=0;
-			EVP_EncodeFinal(&(ctx->base64),
-				(unsigned char *)ctx->buf,
-				&(ctx->buf_len));
-			/* push out the bytes */
-			goto again;
-			}
-		/* Finally flush the underlying BIO */
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-
-	case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-
-	case BIO_CTRL_DUP:
-		break;
-	case BIO_CTRL_INFO:
-	case BIO_CTRL_GET:
-	case BIO_CTRL_SET:
-	default:
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-		}
-	return(ret);
-	}
+{
+    BIO_B64_CTX *ctx;
+    long ret = 1;
+    int i;
+
+    ctx = (BIO_B64_CTX *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->cont = 1;
+        ctx->start = 1;
+        ctx->encode = B64_NONE;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:         /* More to read */
+        if (ctx->cont <= 0)
+            ret = 1;
+        else
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_WPENDING:    /* More to write in buffer */
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        ret = ctx->buf_len - ctx->buf_off;
+        if ((ret == 0) && (ctx->encode != B64_NONE)
+            && (ctx->base64.num != 0))
+            ret = 1;
+        else if (ret <= 0)
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:     /* More to read in buffer */
+        OPENSSL_assert(ctx->buf_len >= ctx->buf_off);
+        ret = ctx->buf_len - ctx->buf_off;
+        if (ret <= 0)
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_FLUSH:
+        /* do a final write */
+ again:
+        while (ctx->buf_len != ctx->buf_off) {
+            i = b64_write(b, NULL, 0);
+            if (i < 0)
+                return i;
+        }
+        if (BIO_get_flags(b) & BIO_FLAGS_BASE64_NO_NL) {
+            if (ctx->tmp_len != 0) {
+                ctx->buf_len = EVP_EncodeBlock((unsigned char *)ctx->buf,
+                                               (unsigned char *)ctx->tmp,
+                                               ctx->tmp_len);
+                ctx->buf_off = 0;
+                ctx->tmp_len = 0;
+                goto again;
+            }
+        } else if (ctx->encode != B64_NONE && ctx->base64.num != 0) {
+            ctx->buf_off = 0;
+            EVP_EncodeFinal(&(ctx->base64),
+                            (unsigned char *)ctx->buf, &(ctx->buf_len));
+            /* push out the bytes */
+            goto again;
+        }
+        /* Finally flush the underlying BIO */
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+
+    case BIO_CTRL_DUP:
+        break;
+    case BIO_CTRL_INFO:
+    case BIO_CTRL_GET:
+    case BIO_CTRL_SET:
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+}
 
 static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return (ret);
+}
 
 static int b64_puts(BIO *b, const char *str)
-	{
-	return b64_write(b,str,strlen(str));
-	}
+{
+    return b64_write(b, str, strlen(str));
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c
index f6ac94c6..4397fb19 100644
--- a/Cryptlib/OpenSSL/crypto/evp/bio_enc.c
+++ b/Cryptlib/OpenSSL/crypto/evp/bio_enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,363 +64,363 @@
 
 static int enc_write(BIO *h, const char *buf, int num);
 static int enc_read(BIO *h, char *buf, int size);
-/*static int enc_puts(BIO *h, const char *str); */
-/*static int enc_gets(BIO *h, char *str, int size); */
+/*
+ * static int enc_puts(BIO *h, const char *str);
+ */
+/*
+ * static int enc_gets(BIO *h, char *str, int size);
+ */
 static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int enc_new(BIO *h);
 static int enc_free(BIO *data);
 static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps);
-#define ENC_BLOCK_SIZE	(1024*4)
-#define BUF_OFFSET	(EVP_MAX_BLOCK_LENGTH*2)
-
-typedef struct enc_struct
-	{
-	int buf_len;
-	int buf_off;
-	int cont;		/* <= 0 when finished */
-	int finished;
-	int ok;			/* bad decrypt */
-	EVP_CIPHER_CTX cipher;
-	/* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate
-	 * can return up to a block more data than is presented to it
-	 */
-	char buf[ENC_BLOCK_SIZE+BUF_OFFSET+2];
-	} BIO_ENC_CTX;
-
-static BIO_METHOD methods_enc=
-	{
-	BIO_TYPE_CIPHER,"cipher",
-	enc_write,
-	enc_read,
-	NULL, /* enc_puts, */
-	NULL, /* enc_gets, */
-	enc_ctrl,
-	enc_new,
-	enc_free,
-	enc_callback_ctrl,
-	};
+#define ENC_BLOCK_SIZE  (1024*4)
+#define BUF_OFFSET      (EVP_MAX_BLOCK_LENGTH*2)
+
+typedef struct enc_struct {
+    int buf_len;
+    int buf_off;
+    int cont;                   /* <= 0 when finished */
+    int finished;
+    int ok;                     /* bad decrypt */
+    EVP_CIPHER_CTX cipher;
+    /*
+     * buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate can return
+     * up to a block more data than is presented to it
+     */
+    char buf[ENC_BLOCK_SIZE + BUF_OFFSET + 2];
+} BIO_ENC_CTX;
+
+static BIO_METHOD methods_enc = {
+    BIO_TYPE_CIPHER, "cipher",
+    enc_write,
+    enc_read,
+    NULL,                       /* enc_puts, */
+    NULL,                       /* enc_gets, */
+    enc_ctrl,
+    enc_new,
+    enc_free,
+    enc_callback_ctrl,
+};
 
 BIO_METHOD *BIO_f_cipher(void)
-	{
-	return(&methods_enc);
-	}
+{
+    return (&methods_enc);
+}
 
 static int enc_new(BIO *bi)
-	{
-	BIO_ENC_CTX *ctx;
-
-	ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
-	if (ctx == NULL) return(0);
-	EVP_CIPHER_CTX_init(&ctx->cipher);
-
-	ctx->buf_len=0;
-	ctx->buf_off=0;
-	ctx->cont=1;
-	ctx->finished=0;
-	ctx->ok=1;
-
-	bi->init=0;
-	bi->ptr=(char *)ctx;
-	bi->flags=0;
-	return(1);
-	}
+{
+    BIO_ENC_CTX *ctx;
+
+    ctx = (BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
+    if (ctx == NULL)
+        return (0);
+    EVP_CIPHER_CTX_init(&ctx->cipher);
+
+    ctx->buf_len = 0;
+    ctx->buf_off = 0;
+    ctx->cont = 1;
+    ctx->finished = 0;
+    ctx->ok = 1;
+
+    bi->init = 0;
+    bi->ptr = (char *)ctx;
+    bi->flags = 0;
+    return (1);
+}
 
 static int enc_free(BIO *a)
-	{
-	BIO_ENC_CTX *b;
-
-	if (a == NULL) return(0);
-	b=(BIO_ENC_CTX *)a->ptr;
-	EVP_CIPHER_CTX_cleanup(&(b->cipher));
-	OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
-	OPENSSL_free(a->ptr);
-	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;
-	return(1);
-	}
-	
+{
+    BIO_ENC_CTX *b;
+
+    if (a == NULL)
+        return (0);
+    b = (BIO_ENC_CTX *)a->ptr;
+    EVP_CIPHER_CTX_cleanup(&(b->cipher));
+    OPENSSL_cleanse(a->ptr, sizeof(BIO_ENC_CTX));
+    OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return (1);
+}
+
 static int enc_read(BIO *b, char *out, int outl)
-	{
-	int ret=0,i;
-	BIO_ENC_CTX *ctx;
-
-	if (out == NULL) return(0);
-	ctx=(BIO_ENC_CTX *)b->ptr;
-
-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
-
-	/* First check if there are bytes decoded/encoded */
-	if (ctx->buf_len > 0)
-		{
-		i=ctx->buf_len-ctx->buf_off;
-		if (i > outl) i=outl;
-		memcpy(out,&(ctx->buf[ctx->buf_off]),i);
-		ret=i;
-		out+=i;
-		outl-=i;
-		ctx->buf_off+=i;
-		if (ctx->buf_len == ctx->buf_off)
-			{
-			ctx->buf_len=0;
-			ctx->buf_off=0;
-			}
-		}
-
-	/* At this point, we have room of outl bytes and an empty
-	 * buffer, so we should read in some more. */
-
-	while (outl > 0)
-		{
-		if (ctx->cont <= 0) break;
-
-		/* read in at IV offset, read the EVP_Cipher
-		 * documentation about why */
-		i=BIO_read(b->next_bio,&(ctx->buf[BUF_OFFSET]),ENC_BLOCK_SIZE);
-
-		if (i <= 0)
-			{
-			/* Should be continue next time we are called? */
-			if (!BIO_should_retry(b->next_bio))
-				{
-				ctx->cont=i;
-				i=EVP_CipherFinal_ex(&(ctx->cipher),
-					(unsigned char *)ctx->buf,
-					&(ctx->buf_len));
-				ctx->ok=i;
-				ctx->buf_off=0;
-				}
-			else 
-				{
-				ret=(ret == 0)?i:ret;
-				break;
-				}
-			}
-		else
-			{
-			EVP_CipherUpdate(&(ctx->cipher),
-				(unsigned char *)ctx->buf,&ctx->buf_len,
-				(unsigned char *)&(ctx->buf[BUF_OFFSET]),i);
-			ctx->cont=1;
-			/* Note: it is possible for EVP_CipherUpdate to
-			 * decrypt zero bytes because this is or looks like
-			 * the final block: if this happens we should retry
-			 * and either read more data or decrypt the final
-			 * block
-			 */
-			if(ctx->buf_len == 0) continue;
-			}
-
-		if (ctx->buf_len <= outl)
-			i=ctx->buf_len;
-		else
-			i=outl;
-		if (i <= 0) break;
-		memcpy(out,ctx->buf,i);
-		ret+=i;
-		ctx->buf_off=i;
-		outl-=i;
-		out+=i;
-		}
-
-	BIO_clear_retry_flags(b);
-	BIO_copy_next_retry(b);
-	return((ret == 0)?ctx->cont:ret);
-	}
+{
+    int ret = 0, i;
+    BIO_ENC_CTX *ctx;
+
+    if (out == NULL)
+        return (0);
+    ctx = (BIO_ENC_CTX *)b->ptr;
+
+    if ((ctx == NULL) || (b->next_bio == NULL))
+        return (0);
+
+    /* First check if there are bytes decoded/encoded */
+    if (ctx->buf_len > 0) {
+        i = ctx->buf_len - ctx->buf_off;
+        if (i > outl)
+            i = outl;
+        memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+        ret = i;
+        out += i;
+        outl -= i;
+        ctx->buf_off += i;
+        if (ctx->buf_len == ctx->buf_off) {
+            ctx->buf_len = 0;
+            ctx->buf_off = 0;
+        }
+    }
+
+    /*
+     * At this point, we have room of outl bytes and an empty buffer, so we
+     * should read in some more.
+     */
+
+    while (outl > 0) {
+        if (ctx->cont <= 0)
+            break;
+
+        /*
+         * read in at IV offset, read the EVP_Cipher documentation about why
+         */
+        i = BIO_read(b->next_bio, &(ctx->buf[BUF_OFFSET]), ENC_BLOCK_SIZE);
+
+        if (i <= 0) {
+            /* Should be continue next time we are called? */
+            if (!BIO_should_retry(b->next_bio)) {
+                ctx->cont = i;
+                i = EVP_CipherFinal_ex(&(ctx->cipher),
+                                       (unsigned char *)ctx->buf,
+                                       &(ctx->buf_len));
+                ctx->ok = i;
+                ctx->buf_off = 0;
+            } else {
+                ret = (ret == 0) ? i : ret;
+                break;
+            }
+        } else {
+            EVP_CipherUpdate(&(ctx->cipher),
+                             (unsigned char *)ctx->buf, &ctx->buf_len,
+                             (unsigned char *)&(ctx->buf[BUF_OFFSET]), i);
+            ctx->cont = 1;
+            /*
+             * Note: it is possible for EVP_CipherUpdate to decrypt zero
+             * bytes because this is or looks like the final block: if this
+             * happens we should retry and either read more data or decrypt
+             * the final block
+             */
+            if (ctx->buf_len == 0)
+                continue;
+        }
+
+        if (ctx->buf_len <= outl)
+            i = ctx->buf_len;
+        else
+            i = outl;
+        if (i <= 0)
+            break;
+        memcpy(out, ctx->buf, i);
+        ret += i;
+        ctx->buf_off = i;
+        outl -= i;
+        out += i;
+    }
+
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return ((ret == 0) ? ctx->cont : ret);
+}
 
 static int enc_write(BIO *b, const char *in, int inl)
-	{
-	int ret=0,n,i;
-	BIO_ENC_CTX *ctx;
-
-	ctx=(BIO_ENC_CTX *)b->ptr;
-	ret=inl;
-
-	BIO_clear_retry_flags(b);
-	n=ctx->buf_len-ctx->buf_off;
-	while (n > 0)
-		{
-		i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-		if (i <= 0)
-			{
-			BIO_copy_next_retry(b);
-			return(i);
-			}
-		ctx->buf_off+=i;
-		n-=i;
-		}
-	/* at this point all pending data has been written */
-
-	if ((in == NULL) || (inl <= 0)) return(0);
-
-	ctx->buf_off=0;
-	while (inl > 0)
-		{
-		n=(inl > ENC_BLOCK_SIZE)?ENC_BLOCK_SIZE:inl;
-		EVP_CipherUpdate(&(ctx->cipher),
-			(unsigned char *)ctx->buf,&ctx->buf_len,
-			(unsigned char *)in,n);
-		inl-=n;
-		in+=n;
-
-		ctx->buf_off=0;
-		n=ctx->buf_len;
-		while (n > 0)
-			{
-			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-			if (i <= 0)
-				{
-				BIO_copy_next_retry(b);
-				return (ret == inl) ? i : ret - inl;
-				}
-			n-=i;
-			ctx->buf_off+=i;
-			}
-		ctx->buf_len=0;
-		ctx->buf_off=0;
-		}
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
+{
+    int ret = 0, n, i;
+    BIO_ENC_CTX *ctx;
+
+    ctx = (BIO_ENC_CTX *)b->ptr;
+    ret = inl;
+
+    BIO_clear_retry_flags(b);
+    n = ctx->buf_len - ctx->buf_off;
+    while (n > 0) {
+        i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+        if (i <= 0) {
+            BIO_copy_next_retry(b);
+            return (i);
+        }
+        ctx->buf_off += i;
+        n -= i;
+    }
+    /* at this point all pending data has been written */
+
+    if ((in == NULL) || (inl <= 0))
+        return (0);
+
+    ctx->buf_off = 0;
+    while (inl > 0) {
+        n = (inl > ENC_BLOCK_SIZE) ? ENC_BLOCK_SIZE : inl;
+        EVP_CipherUpdate(&(ctx->cipher),
+                         (unsigned char *)ctx->buf, &ctx->buf_len,
+                         (unsigned char *)in, n);
+        inl -= n;
+        in += n;
+
+        ctx->buf_off = 0;
+        n = ctx->buf_len;
+        while (n > 0) {
+            i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                return (ret == inl) ? i : ret - inl;
+            }
+            n -= i;
+            ctx->buf_off += i;
+        }
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+    }
+    BIO_copy_next_retry(b);
+    return (ret);
+}
 
 static long enc_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	BIO *dbio;
-	BIO_ENC_CTX *ctx,*dctx;
-	long ret=1;
-	int i;
-	EVP_CIPHER_CTX **c_ctx;
-
-	ctx=(BIO_ENC_CTX *)b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ctx->ok=1;
-		ctx->finished=0;
-		EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL,
-			ctx->cipher.encrypt);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_EOF:	/* More to read */
-		if (ctx->cont <= 0)
-			ret=1;
-		else
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_WPENDING:
-		ret=ctx->buf_len-ctx->buf_off;
-		if (ret <= 0)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_PENDING: /* More to read in buffer */
-		ret=ctx->buf_len-ctx->buf_off;
-		if (ret <= 0)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_FLUSH:
-		/* do a final write */
-again:
-		while (ctx->buf_len != ctx->buf_off)
-			{
-			i=enc_write(b,NULL,0);
-			if (i < 0)
-				return i;
-			}
-
-		if (!ctx->finished)
-			{
-			ctx->finished=1;
-			ctx->buf_off=0;
-			ret=EVP_CipherFinal_ex(&(ctx->cipher),
-				(unsigned char *)ctx->buf,
-				&(ctx->buf_len));
-			ctx->ok=(int)ret;
-			if (ret <= 0) break;
-
-			/* push out the bytes */
-			goto again;
-			}
-		
-		/* Finally flush the underlying BIO */
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_C_GET_CIPHER_STATUS:
-		ret=(long)ctx->ok;
-		break;
-	case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-	case BIO_C_GET_CIPHER_CTX:
-		c_ctx=(EVP_CIPHER_CTX **)ptr;
-		(*c_ctx)= &(ctx->cipher);
-		b->init=1;
-		break;
-	case BIO_CTRL_DUP:
-		dbio=(BIO *)ptr;
-		dctx=(BIO_ENC_CTX *)dbio->ptr;
-		memcpy(&(dctx->cipher),&(ctx->cipher),sizeof(ctx->cipher));
-		dbio->init=1;
-		break;
-	default:
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-		}
-	return(ret);
-	}
+{
+    BIO *dbio;
+    BIO_ENC_CTX *ctx, *dctx;
+    long ret = 1;
+    int i;
+    EVP_CIPHER_CTX **c_ctx;
+
+    ctx = (BIO_ENC_CTX *)b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->ok = 1;
+        ctx->finished = 0;
+        EVP_CipherInit_ex(&(ctx->cipher), NULL, NULL, NULL, NULL,
+                          ctx->cipher.encrypt);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:         /* More to read */
+        if (ctx->cont <= 0)
+            ret = 1;
+        else
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_WPENDING:
+        ret = ctx->buf_len - ctx->buf_off;
+        if (ret <= 0)
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:     /* More to read in buffer */
+        ret = ctx->buf_len - ctx->buf_off;
+        if (ret <= 0)
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_FLUSH:
+        /* do a final write */
+ again:
+        while (ctx->buf_len != ctx->buf_off) {
+            i = enc_write(b, NULL, 0);
+            if (i < 0)
+                return i;
+        }
+
+        if (!ctx->finished) {
+            ctx->finished = 1;
+            ctx->buf_off = 0;
+            ret = EVP_CipherFinal_ex(&(ctx->cipher),
+                                     (unsigned char *)ctx->buf,
+                                     &(ctx->buf_len));
+            ctx->ok = (int)ret;
+            if (ret <= 0)
+                break;
+
+            /* push out the bytes */
+            goto again;
+        }
+
+        /* Finally flush the underlying BIO */
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_C_GET_CIPHER_STATUS:
+        ret = (long)ctx->ok;
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_C_GET_CIPHER_CTX:
+        c_ctx = (EVP_CIPHER_CTX **)ptr;
+        (*c_ctx) = &(ctx->cipher);
+        b->init = 1;
+        break;
+    case BIO_CTRL_DUP:
+        dbio = (BIO *)ptr;
+        dctx = (BIO_ENC_CTX *)dbio->ptr;
+        memcpy(&(dctx->cipher), &(ctx->cipher), sizeof(ctx->cipher));
+        dbio->init = 1;
+        break;
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+}
 
 static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
-
-/*
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return (ret);
+}
+
+/*-
 void BIO_set_cipher_ctx(b,c)
 BIO *b;
 EVP_CIPHER_ctx *c;
-	{
-	if (b == NULL) return;
-
-	if ((b->callback != NULL) &&
-		(b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
-		return;
-
-	b->init=1;
-	ctx=(BIO_ENC_CTX *)b->ptr;
-	memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
-	
-	if (b->callback != NULL)
-		b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
-	}
+        {
+        if (b == NULL) return;
+
+        if ((b->callback != NULL) &&
+                (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0))
+                return;
+
+        b->init=1;
+        ctx=(BIO_ENC_CTX *)b->ptr;
+        memcpy(ctx->cipher,c,sizeof(EVP_CIPHER_CTX));
+
+        if (b->callback != NULL)
+                b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L);
+        }
 */
 
 void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, const unsigned char *k,
-	     const unsigned char *i, int e)
-	{
-	BIO_ENC_CTX *ctx;
+                    const unsigned char *i, int e)
+{
+    BIO_ENC_CTX *ctx;
 
-	if (b == NULL) return;
+    if (b == NULL)
+        return;
 
-	if ((b->callback != NULL) &&
-		(b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,0L) <= 0))
-		return;
+    if ((b->callback != NULL) &&
+        (b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 0L) <=
+         0))
+        return;
 
-	b->init=1;
-	ctx=(BIO_ENC_CTX *)b->ptr;
-	EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e);
-	
-	if (b->callback != NULL)
-		b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L);
-	}
+    b->init = 1;
+    ctx = (BIO_ENC_CTX *)b->ptr;
+    EVP_CipherInit_ex(&(ctx->cipher), c, NULL, k, i, e);
 
+    if (b->callback != NULL)
+        b->callback(b, BIO_CB_CTRL, (const char *)c, BIO_CTRL_SET, e, 1L);
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_md.c b/Cryptlib/OpenSSL/crypto/evp/bio_md.c
index ed5c1135..9f0024b9 100644
--- a/Cryptlib/OpenSSL/crypto/evp/bio_md.c
+++ b/Cryptlib/OpenSSL/crypto/evp/bio_md.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,203 +62,200 @@
 #include <openssl/buffer.h>
 #include <openssl/evp.h>
 
-/* BIO_put and BIO_get both add to the digest,
- * BIO_gets returns the digest */
+/*
+ * BIO_put and BIO_get both add to the digest, BIO_gets returns the digest
+ */
 
 static int md_write(BIO *h, char const *buf, int num);
 static int md_read(BIO *h, char *buf, int size);
-/*static int md_puts(BIO *h, const char *str); */
+/*
+ * static int md_puts(BIO *h, const char *str);
+ */
 static int md_gets(BIO *h, char *str, int size);
 static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2);
 static int md_new(BIO *h);
 static int md_free(BIO *data);
-static long md_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp);
+static long md_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
 
-static BIO_METHOD methods_md=
-	{
-	BIO_TYPE_MD,"message digest",
-	md_write,
-	md_read,
-	NULL, /* md_puts, */
-	md_gets,
-	md_ctrl,
-	md_new,
-	md_free,
-	md_callback_ctrl,
-	};
+static BIO_METHOD methods_md = {
+    BIO_TYPE_MD, "message digest",
+    md_write,
+    md_read,
+    NULL,                       /* md_puts, */
+    md_gets,
+    md_ctrl,
+    md_new,
+    md_free,
+    md_callback_ctrl,
+};
 
 BIO_METHOD *BIO_f_md(void)
-	{
-	return(&methods_md);
-	}
+{
+    return (&methods_md);
+}
 
 static int md_new(BIO *bi)
-	{
-	EVP_MD_CTX *ctx;
+{
+    EVP_MD_CTX *ctx;
 
-	ctx=EVP_MD_CTX_create();
-	if (ctx == NULL) return(0);
+    ctx = EVP_MD_CTX_create();
+    if (ctx == NULL)
+        return (0);
 
-	bi->init=0;
-	bi->ptr=(char *)ctx;
-	bi->flags=0;
-	return(1);
-	}
+    bi->init = 0;
+    bi->ptr = (char *)ctx;
+    bi->flags = 0;
+    return (1);
+}
 
 static int md_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	EVP_MD_CTX_destroy(a->ptr);
-	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;
-	return(1);
-	}
-	
+{
+    if (a == NULL)
+        return (0);
+    EVP_MD_CTX_destroy(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return (1);
+}
+
 static int md_read(BIO *b, char *out, int outl)
-	{
-	int ret=0;
-	EVP_MD_CTX *ctx;
+{
+    int ret = 0;
+    EVP_MD_CTX *ctx;
 
-	if (out == NULL) return(0);
-	ctx=b->ptr;
+    if (out == NULL)
+        return (0);
+    ctx = b->ptr;
 
-	if ((ctx == NULL) || (b->next_bio == NULL)) return(0);
+    if ((ctx == NULL) || (b->next_bio == NULL))
+        return (0);
 
-	ret=BIO_read(b->next_bio,out,outl);
-	if (b->init)
-		{
-		if (ret > 0)
-			{
-			EVP_DigestUpdate(ctx,(unsigned char *)out,
-				(unsigned int)ret);
-			}
-		}
-	BIO_clear_retry_flags(b);
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
+    ret = BIO_read(b->next_bio, out, outl);
+    if (b->init) {
+        if (ret > 0) {
+            EVP_DigestUpdate(ctx, (unsigned char *)out, (unsigned int)ret);
+        }
+    }
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return (ret);
+}
 
 static int md_write(BIO *b, const char *in, int inl)
-	{
-	int ret=0;
-	EVP_MD_CTX *ctx;
+{
+    int ret = 0;
+    EVP_MD_CTX *ctx;
 
-	if ((in == NULL) || (inl <= 0)) return(0);
-	ctx=b->ptr;
+    if ((in == NULL) || (inl <= 0))
+        return (0);
+    ctx = b->ptr;
 
-	if ((ctx != NULL) && (b->next_bio != NULL))
-		ret=BIO_write(b->next_bio,in,inl);
-	if (b->init)
-		{
-		if (ret > 0)
-			{
-			EVP_DigestUpdate(ctx,(const unsigned char *)in,
-				(unsigned int)ret);
-			}
-		}
-	BIO_clear_retry_flags(b);
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
+    if ((ctx != NULL) && (b->next_bio != NULL))
+        ret = BIO_write(b->next_bio, in, inl);
+    if (b->init) {
+        if (ret > 0) {
+            EVP_DigestUpdate(ctx, (const unsigned char *)in,
+                             (unsigned int)ret);
+        }
+    }
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return (ret);
+}
 
 static long md_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	EVP_MD_CTX *ctx,*dctx,**pctx;
-	const EVP_MD **ppmd;
-	EVP_MD *md;
-	long ret=1;
-	BIO *dbio;
+{
+    EVP_MD_CTX *ctx, *dctx, **pctx;
+    const EVP_MD **ppmd;
+    EVP_MD *md;
+    long ret = 1;
+    BIO *dbio;
 
-	ctx=b->ptr;
+    ctx = b->ptr;
 
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		if (b->init)
-			ret = EVP_DigestInit_ex(ctx,ctx->digest, NULL);
-		else
-			ret=0;
-		if (ret > 0)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_C_GET_MD:
-		if (b->init)
-			{
-			ppmd=ptr;
-			*ppmd=ctx->digest;
-			}
-		else
-			ret=0;
-		break;
-	case BIO_C_GET_MD_CTX:
-		pctx=ptr;
-		*pctx=ctx;
-		break;
-	case BIO_C_SET_MD_CTX:
-		if (b->init)
-			b->ptr=ptr;
-		else
-			ret=0;
-		break;
-	case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        if (b->init)
+            ret = EVP_DigestInit_ex(ctx, ctx->digest, NULL);
+        else
+            ret = 0;
+        if (ret > 0)
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_C_GET_MD:
+        if (b->init) {
+            ppmd = ptr;
+            *ppmd = ctx->digest;
+        } else
+            ret = 0;
+        break;
+    case BIO_C_GET_MD_CTX:
+        pctx = ptr;
+        *pctx = ctx;
+        break;
+    case BIO_C_SET_MD_CTX:
+        if (b->init)
+            b->ptr = ptr;
+        else
+            ret = 0;
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
 
-	case BIO_C_SET_MD:
-		md=ptr;
-		ret = EVP_DigestInit_ex(ctx,md, NULL);
-		if (ret > 0)
-			b->init=1;
-		break;
-	case BIO_CTRL_DUP:
-		dbio=ptr;
-		dctx=dbio->ptr;
-		EVP_MD_CTX_copy_ex(dctx,ctx);
-		b->init=1;
-		break;
-	default:
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-		}
-	return(ret);
-	}
+    case BIO_C_SET_MD:
+        md = ptr;
+        ret = EVP_DigestInit_ex(ctx, md, NULL);
+        if (ret > 0)
+            b->init = 1;
+        break;
+    case BIO_CTRL_DUP:
+        dbio = ptr;
+        dctx = dbio->ptr;
+        EVP_MD_CTX_copy_ex(dctx, ctx);
+        b->init = 1;
+        break;
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+}
 
 static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
+{
+    long ret = 1;
 
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return (ret);
+}
 
 static int md_gets(BIO *bp, char *buf, int size)
-	{
-	EVP_MD_CTX *ctx;
-	unsigned int ret;
+{
+    EVP_MD_CTX *ctx;
+    unsigned int ret;
 
+    ctx = bp->ptr;
+    if (size < ctx->digest->md_size)
+        return (0);
+    EVP_DigestFinal_ex(ctx, (unsigned char *)buf, &ret);
+    return ((int)ret);
+}
 
-	ctx=bp->ptr;
-	if (size < ctx->digest->md_size)
-		return(0);
-	EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret);
-	return((int)ret);
-	}
-
-/*
+/*-
 static int md_puts(bp,str)
 BIO *bp;
 char *str;
-	{
-	return(-1);
-	}
+        {
+        return(-1);
+        }
 */
-
diff --git a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c
index 98bc1ab4..e66854c4 100644
--- a/Cryptlib/OpenSSL/crypto/evp/bio_ok.c
+++ b/Cryptlib/OpenSSL/crypto/evp/bio_ok.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,71 +49,71 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-/*
-	From: Arne Ansper <arne@cyber.ee>
-
-	Why BIO_f_reliable?
-
-	I wrote function which took BIO* as argument, read data from it
-	and processed it. Then I wanted to store the input file in 
-	encrypted form. OK I pushed BIO_f_cipher to the BIO stack
-	and everything was OK. BUT if user types wrong password 
-	BIO_f_cipher outputs only garbage and my function crashes. Yes
-	I can and I should fix my function, but BIO_f_cipher is 
-	easy way to add encryption support to many existing applications
-	and it's hard to debug and fix them all. 
-
-	So I wanted another BIO which would catch the incorrect passwords and
-	file damages which cause garbage on BIO_f_cipher's output. 
-
-	The easy way is to push the BIO_f_md and save the checksum at 
-	the end of the file. However there are several problems with this
-	approach:
-
-	1) you must somehow separate checksum from actual data. 
-	2) you need lot's of memory when reading the file, because you 
-	must read to the end of the file and verify the checksum before
-	letting the application to read the data. 
-	
-	BIO_f_reliable tries to solve both problems, so that you can 
-	read and write arbitrary long streams using only fixed amount
-	of memory.
-
-	BIO_f_reliable splits data stream into blocks. Each block is prefixed
-	with it's length and suffixed with it's digest. So you need only 
-	several Kbytes of memory to buffer single block before verifying 
-	it's digest. 
-
-	BIO_f_reliable goes further and adds several important capabilities:
-
-	1) the digest of the block is computed over the whole stream 
-	-- so nobody can rearrange the blocks or remove or replace them.
-
-	2) to detect invalid passwords right at the start BIO_f_reliable 
-	adds special prefix to the stream. In order to avoid known plain-text
-	attacks this prefix is generated as follows:
-
-		*) digest is initialized with random seed instead of 
-		standardized one.
-		*) same seed is written to output
-		*) well-known text is then hashed and the output 
-		of the digest is also written to output.
-
-	reader can now read the seed from stream, hash the same string
-	and then compare the digest output.
-
-	Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I 
-	initially wrote and tested this code on x86 machine and wrote the
-	digests out in machine-dependent order :( There are people using
-	this code and I cannot change this easily without making existing
-	data files unreadable.
+/*-
+        From: Arne Ansper <arne@cyber.ee>
+
+        Why BIO_f_reliable?
+
+        I wrote function which took BIO* as argument, read data from it
+        and processed it. Then I wanted to store the input file in
+        encrypted form. OK I pushed BIO_f_cipher to the BIO stack
+        and everything was OK. BUT if user types wrong password
+        BIO_f_cipher outputs only garbage and my function crashes. Yes
+        I can and I should fix my function, but BIO_f_cipher is
+        easy way to add encryption support to many existing applications
+        and it's hard to debug and fix them all.
+
+        So I wanted another BIO which would catch the incorrect passwords and
+        file damages which cause garbage on BIO_f_cipher's output.
+
+        The easy way is to push the BIO_f_md and save the checksum at
+        the end of the file. However there are several problems with this
+        approach:
+
+        1) you must somehow separate checksum from actual data.
+        2) you need lot's of memory when reading the file, because you
+        must read to the end of the file and verify the checksum before
+        letting the application to read the data.
+
+        BIO_f_reliable tries to solve both problems, so that you can
+        read and write arbitrary long streams using only fixed amount
+        of memory.
+
+        BIO_f_reliable splits data stream into blocks. Each block is prefixed
+        with it's length and suffixed with it's digest. So you need only
+        several Kbytes of memory to buffer single block before verifying
+        it's digest.
+
+        BIO_f_reliable goes further and adds several important capabilities:
+
+        1) the digest of the block is computed over the whole stream
+        -- so nobody can rearrange the blocks or remove or replace them.
+
+        2) to detect invalid passwords right at the start BIO_f_reliable
+        adds special prefix to the stream. In order to avoid known plain-text
+        attacks this prefix is generated as follows:
+
+                *) digest is initialized with random seed instead of
+                standardized one.
+                *) same seed is written to output
+                *) well-known text is then hashed and the output
+                of the digest is also written to output.
+
+        reader can now read the seed from stream, hash the same string
+        and then compare the digest output.
+
+        Bad things: BIO_f_reliable knows what's going on in EVP_Digest. I
+        initially wrote and tested this code on x86 machine and wrote the
+        digests out in machine-dependent order :( There are people using
+        this code and I cannot change this easily without making existing
+        data files unreadable.
 
 */
 
@@ -133,443 +133,450 @@ static int ok_new(BIO *h);
 static int ok_free(BIO *data);
 static long ok_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
 
-static void sig_out(BIO* b);
-static void sig_in(BIO* b);
-static void block_out(BIO* b);
-static void block_in(BIO* b);
-#define OK_BLOCK_SIZE	(1024*4)
-#define OK_BLOCK_BLOCK	4
-#define IOBS		(OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
+static void sig_out(BIO *b);
+static void sig_in(BIO *b);
+static void block_out(BIO *b);
+static void block_in(BIO *b);
+#define OK_BLOCK_SIZE   (1024*4)
+#define OK_BLOCK_BLOCK  4
+#define IOBS            (OK_BLOCK_SIZE+ OK_BLOCK_BLOCK+ 3*EVP_MAX_MD_SIZE)
 #define WELLKNOWN "The quick brown fox jumped over the lazy dog's back."
 
-typedef struct ok_struct
-	{
-	size_t buf_len;
-	size_t buf_off;
-	size_t buf_len_save;
-	size_t buf_off_save;
-	int cont;		/* <= 0 when finished */
-	int finished;
-	EVP_MD_CTX md;
-	int blockout;		/* output block is ready */ 
-	int sigio;		/* must process signature */
-	unsigned char buf[IOBS];
-	} BIO_OK_CTX;
-
-static BIO_METHOD methods_ok=
-	{
-	BIO_TYPE_CIPHER,"reliable",
-	ok_write,
-	ok_read,
-	NULL, /* ok_puts, */
-	NULL, /* ok_gets, */
-	ok_ctrl,
-	ok_new,
-	ok_free,
-	ok_callback_ctrl,
-	};
+typedef struct ok_struct {
+    size_t buf_len;
+    size_t buf_off;
+    size_t buf_len_save;
+    size_t buf_off_save;
+    int cont;                   /* <= 0 when finished */
+    int finished;
+    EVP_MD_CTX md;
+    int blockout;               /* output block is ready */
+    int sigio;                  /* must process signature */
+    unsigned char buf[IOBS];
+} BIO_OK_CTX;
+
+static BIO_METHOD methods_ok = {
+    BIO_TYPE_CIPHER, "reliable",
+    ok_write,
+    ok_read,
+    NULL,                       /* ok_puts, */
+    NULL,                       /* ok_gets, */
+    ok_ctrl,
+    ok_new,
+    ok_free,
+    ok_callback_ctrl,
+};
 
 BIO_METHOD *BIO_f_reliable(void)
-	{
-	return(&methods_ok);
-	}
+{
+    return (&methods_ok);
+}
 
 static int ok_new(BIO *bi)
-	{
-	BIO_OK_CTX *ctx;
-
-	ctx=(BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX));
-	if (ctx == NULL) return(0);
-
-	ctx->buf_len=0;
-	ctx->buf_off=0;
-	ctx->buf_len_save=0;
-	ctx->buf_off_save=0;
-	ctx->cont=1;
-	ctx->finished=0;
-	ctx->blockout= 0;
-	ctx->sigio=1;
-
-	EVP_MD_CTX_init(&ctx->md);
-
-	bi->init=0;
-	bi->ptr=(char *)ctx;
-	bi->flags=0;
-	return(1);
-	}
+{
+    BIO_OK_CTX *ctx;
+
+    ctx = (BIO_OK_CTX *)OPENSSL_malloc(sizeof(BIO_OK_CTX));
+    if (ctx == NULL)
+        return (0);
+
+    ctx->buf_len = 0;
+    ctx->buf_off = 0;
+    ctx->buf_len_save = 0;
+    ctx->buf_off_save = 0;
+    ctx->cont = 1;
+    ctx->finished = 0;
+    ctx->blockout = 0;
+    ctx->sigio = 1;
+
+    EVP_MD_CTX_init(&ctx->md);
+
+    bi->init = 0;
+    bi->ptr = (char *)ctx;
+    bi->flags = 0;
+    return (1);
+}
 
 static int ok_free(BIO *a)
-	{
-	if (a == NULL) return(0);
-	EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
-	OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
-	OPENSSL_free(a->ptr);
-	a->ptr=NULL;
-	a->init=0;
-	a->flags=0;
-	return(1);
-	}
-	
+{
+    if (a == NULL)
+        return (0);
+    EVP_MD_CTX_cleanup(&((BIO_OK_CTX *)a->ptr)->md);
+    OPENSSL_cleanse(a->ptr, sizeof(BIO_OK_CTX));
+    OPENSSL_free(a->ptr);
+    a->ptr = NULL;
+    a->init = 0;
+    a->flags = 0;
+    return (1);
+}
+
 static int ok_read(BIO *b, char *out, int outl)
-	{
-	int ret=0,i,n;
-	BIO_OK_CTX *ctx;
-
-	if (out == NULL) return(0);
-	ctx=(BIO_OK_CTX *)b->ptr;
-
-	if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
-
-	while(outl > 0)
-		{
-
-		/* copy clean bytes to output buffer */
-		if (ctx->blockout)
-			{
-			i=ctx->buf_len-ctx->buf_off;
-			if (i > outl) i=outl;
-			memcpy(out,&(ctx->buf[ctx->buf_off]),i);
-			ret+=i;
-			out+=i;
-			outl-=i;
-			ctx->buf_off+=i;
-
-			/* all clean bytes are out */
-			if (ctx->buf_len == ctx->buf_off)
-				{
-				ctx->buf_off=0;
-
-				/* copy start of the next block into proper place */
-				if(ctx->buf_len_save- ctx->buf_off_save > 0)
-					{
-					ctx->buf_len= ctx->buf_len_save- ctx->buf_off_save;
-					memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
-							ctx->buf_len);
-					}
-				else
-					{
-					ctx->buf_len=0;
-					}
-				ctx->blockout= 0;
-				}
-			}
-	
-		/* output buffer full -- cancel */
-		if (outl == 0) break;
-
-		/* no clean bytes in buffer -- fill it */
-		n=IOBS- ctx->buf_len;
-		i=BIO_read(b->next_bio,&(ctx->buf[ctx->buf_len]),n);
-
-		if (i <= 0) break;	/* nothing new */
-
-		ctx->buf_len+= i;
-
-		/* no signature yet -- check if we got one */
-		if (ctx->sigio == 1) sig_in(b);
-
-		/* signature ok -- check if we got block */
-		if (ctx->sigio == 0) block_in(b);
-
-		/* invalid block -- cancel */
-		if (ctx->cont <= 0) break;
-
-		}
-
-	BIO_clear_retry_flags(b);
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
+{
+    int ret = 0, i, n;
+    BIO_OK_CTX *ctx;
+
+    if (out == NULL)
+        return (0);
+    ctx = (BIO_OK_CTX *)b->ptr;
+
+    if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0))
+        return (0);
+
+    while (outl > 0) {
+
+        /* copy clean bytes to output buffer */
+        if (ctx->blockout) {
+            i = ctx->buf_len - ctx->buf_off;
+            if (i > outl)
+                i = outl;
+            memcpy(out, &(ctx->buf[ctx->buf_off]), i);
+            ret += i;
+            out += i;
+            outl -= i;
+            ctx->buf_off += i;
+
+            /* all clean bytes are out */
+            if (ctx->buf_len == ctx->buf_off) {
+                ctx->buf_off = 0;
+
+                /*
+                 * copy start of the next block into proper place
+                 */
+                if (ctx->buf_len_save - ctx->buf_off_save > 0) {
+                    ctx->buf_len = ctx->buf_len_save - ctx->buf_off_save;
+                    memmove(ctx->buf, &(ctx->buf[ctx->buf_off_save]),
+                            ctx->buf_len);
+                } else {
+                    ctx->buf_len = 0;
+                }
+                ctx->blockout = 0;
+            }
+        }
+
+        /* output buffer full -- cancel */
+        if (outl == 0)
+            break;
+
+        /* no clean bytes in buffer -- fill it */
+        n = IOBS - ctx->buf_len;
+        i = BIO_read(b->next_bio, &(ctx->buf[ctx->buf_len]), n);
+
+        if (i <= 0)
+            break;              /* nothing new */
+
+        ctx->buf_len += i;
+
+        /* no signature yet -- check if we got one */
+        if (ctx->sigio == 1)
+            sig_in(b);
+
+        /* signature ok -- check if we got block */
+        if (ctx->sigio == 0)
+            block_in(b);
+
+        /* invalid block -- cancel */
+        if (ctx->cont <= 0)
+            break;
+
+    }
+
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return (ret);
+}
 
 static int ok_write(BIO *b, const char *in, int inl)
-	{
-	int ret=0,n,i;
-	BIO_OK_CTX *ctx;
-
-	if (inl <= 0) return inl;
-
-	ctx=(BIO_OK_CTX *)b->ptr;
-	ret=inl;
-
-	if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0)) return(0);
-
-	if(ctx->sigio) sig_out(b);
-
-	do{
-		BIO_clear_retry_flags(b);
-		n=ctx->buf_len-ctx->buf_off;
-		while (ctx->blockout && n > 0)
-			{
-			i=BIO_write(b->next_bio,&(ctx->buf[ctx->buf_off]),n);
-			if (i <= 0)
-				{
-				BIO_copy_next_retry(b);
-				if(!BIO_should_retry(b))
-					ctx->cont= 0;
-				return(i);
-				}
-			ctx->buf_off+=i;
-			n-=i;
-			}
-
-		/* at this point all pending data has been written */
-		ctx->blockout= 0;
-		if (ctx->buf_len == ctx->buf_off)
-			{
-			ctx->buf_len=OK_BLOCK_BLOCK;
-			ctx->buf_off=0;
-			}
-	
-		if ((in == NULL) || (inl <= 0)) return(0);
-
-		n= (inl+ ctx->buf_len > OK_BLOCK_SIZE+ OK_BLOCK_BLOCK) ? 
-			(int)(OK_BLOCK_SIZE+OK_BLOCK_BLOCK-ctx->buf_len) : inl;
-
-		memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),(unsigned char *)in,n);
-		ctx->buf_len+= n;
-		inl-=n;
-		in+=n;
-
-		if(ctx->buf_len >= OK_BLOCK_SIZE+ OK_BLOCK_BLOCK)
-			{
-			block_out(b);
-			}
-	}while(inl > 0);
-
-	BIO_clear_retry_flags(b);
-	BIO_copy_next_retry(b);
-	return(ret);
-	}
+{
+    int ret = 0, n, i;
+    BIO_OK_CTX *ctx;
+
+    if (inl <= 0)
+        return inl;
+
+    ctx = (BIO_OK_CTX *)b->ptr;
+    ret = inl;
+
+    if ((ctx == NULL) || (b->next_bio == NULL) || (b->init == 0))
+        return (0);
+
+    if (ctx->sigio)
+        sig_out(b);
+
+    do {
+        BIO_clear_retry_flags(b);
+        n = ctx->buf_len - ctx->buf_off;
+        while (ctx->blockout && n > 0) {
+            i = BIO_write(b->next_bio, &(ctx->buf[ctx->buf_off]), n);
+            if (i <= 0) {
+                BIO_copy_next_retry(b);
+                if (!BIO_should_retry(b))
+                    ctx->cont = 0;
+                return (i);
+            }
+            ctx->buf_off += i;
+            n -= i;
+        }
+
+        /* at this point all pending data has been written */
+        ctx->blockout = 0;
+        if (ctx->buf_len == ctx->buf_off) {
+            ctx->buf_len = OK_BLOCK_BLOCK;
+            ctx->buf_off = 0;
+        }
+
+        if ((in == NULL) || (inl <= 0))
+            return (0);
+
+        n = (inl + ctx->buf_len > OK_BLOCK_SIZE + OK_BLOCK_BLOCK) ?
+            (int)(OK_BLOCK_SIZE + OK_BLOCK_BLOCK - ctx->buf_len) : inl;
+
+        memcpy((unsigned char *)(&(ctx->buf[ctx->buf_len])),
+               (unsigned char *)in, n);
+        ctx->buf_len += n;
+        inl -= n;
+        in += n;
+
+        if (ctx->buf_len >= OK_BLOCK_SIZE + OK_BLOCK_BLOCK) {
+            block_out(b);
+        }
+    } while (inl > 0);
+
+    BIO_clear_retry_flags(b);
+    BIO_copy_next_retry(b);
+    return (ret);
+}
 
 static long ok_ctrl(BIO *b, int cmd, long num, void *ptr)
-	{
-	BIO_OK_CTX *ctx;
-	EVP_MD *md;
-	const EVP_MD **ppmd;
-	long ret=1;
-	int i;
-
-	ctx=b->ptr;
-
-	switch (cmd)
-		{
-	case BIO_CTRL_RESET:
-		ctx->buf_len=0;
-		ctx->buf_off=0;
-		ctx->buf_len_save=0;
-		ctx->buf_off_save=0;
-		ctx->cont=1;
-		ctx->finished=0;
-		ctx->blockout= 0;
-		ctx->sigio=1;
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_EOF:	/* More to read */
-		if (ctx->cont <= 0)
-			ret=1;
-		else
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_PENDING: /* More to read in buffer */
-	case BIO_CTRL_WPENDING: /* More to read in buffer */
-		ret=ctx->blockout ? ctx->buf_len-ctx->buf_off : 0;
-		if (ret <= 0)
-			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_CTRL_FLUSH:
-		/* do a final write */
-		if(ctx->blockout == 0)
-			block_out(b);
-
-		while (ctx->blockout)
-			{
-			i=ok_write(b,NULL,0);
-			if (i < 0)
-				{
-				ret=i;
-				break;
-				}
-			}
-
-		ctx->finished=1;
-		ctx->buf_off=ctx->buf_len=0;
-		ctx->cont=(int)ret;
-		
-		/* Finally flush the underlying BIO */
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-	case BIO_C_DO_STATE_MACHINE:
-		BIO_clear_retry_flags(b);
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		BIO_copy_next_retry(b);
-		break;
-	case BIO_CTRL_INFO:
-		ret=(long)ctx->cont;
-		break;
-	case BIO_C_SET_MD:
-		md=ptr;
-		EVP_DigestInit_ex(&ctx->md, md, NULL);
-		b->init=1;
-		break;
-	case BIO_C_GET_MD:
-		if (b->init)
-			{
-			ppmd=ptr;
-			*ppmd=ctx->md.digest;
-			}
-		else
-			ret=0;
-		break;
-	default:
-		ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
-		break;
-		}
-	return(ret);
-	}
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD *md;
+    const EVP_MD **ppmd;
+    long ret = 1;
+    int i;
+
+    ctx = b->ptr;
+
+    switch (cmd) {
+    case BIO_CTRL_RESET:
+        ctx->buf_len = 0;
+        ctx->buf_off = 0;
+        ctx->buf_len_save = 0;
+        ctx->buf_off_save = 0;
+        ctx->cont = 1;
+        ctx->finished = 0;
+        ctx->blockout = 0;
+        ctx->sigio = 1;
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_EOF:         /* More to read */
+        if (ctx->cont <= 0)
+            ret = 1;
+        else
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_PENDING:     /* More to read in buffer */
+    case BIO_CTRL_WPENDING:    /* More to read in buffer */
+        ret = ctx->blockout ? ctx->buf_len - ctx->buf_off : 0;
+        if (ret <= 0)
+            ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_CTRL_FLUSH:
+        /* do a final write */
+        if (ctx->blockout == 0)
+            block_out(b);
+
+        while (ctx->blockout) {
+            i = ok_write(b, NULL, 0);
+            if (i < 0) {
+                ret = i;
+                break;
+            }
+        }
+
+        ctx->finished = 1;
+        ctx->buf_off = ctx->buf_len = 0;
+        ctx->cont = (int)ret;
+
+        /* Finally flush the underlying BIO */
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    case BIO_C_DO_STATE_MACHINE:
+        BIO_clear_retry_flags(b);
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        BIO_copy_next_retry(b);
+        break;
+    case BIO_CTRL_INFO:
+        ret = (long)ctx->cont;
+        break;
+    case BIO_C_SET_MD:
+        md = ptr;
+        EVP_DigestInit_ex(&ctx->md, md, NULL);
+        b->init = 1;
+        break;
+    case BIO_C_GET_MD:
+        if (b->init) {
+            ppmd = ptr;
+            *ppmd = ctx->md.digest;
+        } else
+            ret = 0;
+        break;
+    default:
+        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
+        break;
+    }
+    return (ret);
+}
 
 static long ok_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp)
-	{
-	long ret=1;
-
-	if (b->next_bio == NULL) return(0);
-	switch (cmd)
-		{
-	default:
-		ret=BIO_callback_ctrl(b->next_bio,cmd,fp);
-		break;
-		}
-	return(ret);
-	}
+{
+    long ret = 1;
+
+    if (b->next_bio == NULL)
+        return (0);
+    switch (cmd) {
+    default:
+        ret = BIO_callback_ctrl(b->next_bio, cmd, fp);
+        break;
+    }
+    return (ret);
+}
 
 static void longswap(void *_ptr, size_t len)
-{	const union { long one; char little; } is_endian = {1};
+{
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+
+    if (is_endian.little) {
+        size_t i;
+        unsigned char *p = _ptr, c;
+
+        for (i = 0; i < len; i += 4) {
+            c = p[0], p[0] = p[3], p[3] = c;
+            c = p[1], p[1] = p[2], p[2] = c;
+        }
+    }
+}
 
-	if (is_endian.little) {
-		size_t i;
-		unsigned char *p=_ptr,c;
+static void sig_out(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+
+    ctx = b->ptr;
+    md = &ctx->md;
+
+    if (ctx->buf_len + 2 * md->digest->md_size > OK_BLOCK_SIZE)
+        return;
+
+    EVP_DigestInit_ex(md, md->digest, NULL);
+    /*
+     * FIXME: there's absolutely no guarantee this makes any sense at all,
+     * particularly now EVP_MD_CTX has been restructured.
+     */
+    RAND_pseudo_bytes(md->md_data, md->digest->md_size);
+    memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
+    longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
+    ctx->buf_len += md->digest->md_size;
+
+    EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
+    EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
+    ctx->buf_len += md->digest->md_size;
+    ctx->blockout = 1;
+    ctx->sigio = 0;
+}
 
-		for(i= 0;i < len;i+= 4) {
-			c=p[0],p[0]=p[3],p[3]=c;
-			c=p[1],p[1]=p[2],p[2]=c;
-		}
-	}
+static void sig_in(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    unsigned char tmp[EVP_MAX_MD_SIZE];
+    int ret = 0;
+
+    ctx = b->ptr;
+    md = &ctx->md;
+
+    if ((int)(ctx->buf_len - ctx->buf_off) < 2 * md->digest->md_size)
+        return;
+
+    EVP_DigestInit_ex(md, md->digest, NULL);
+    memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
+    longswap(md->md_data, md->digest->md_size);
+    ctx->buf_off += md->digest->md_size;
+
+    EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
+    EVP_DigestFinal_ex(md, tmp, NULL);
+    ret = memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
+    ctx->buf_off += md->digest->md_size;
+    if (ret == 1) {
+        ctx->sigio = 0;
+        if (ctx->buf_len != ctx->buf_off) {
+            memmove(ctx->buf, &(ctx->buf[ctx->buf_off]),
+                    ctx->buf_len - ctx->buf_off);
+        }
+        ctx->buf_len -= ctx->buf_off;
+        ctx->buf_off = 0;
+    } else {
+        ctx->cont = 0;
+    }
 }
 
-static void sig_out(BIO* b)
-	{
-	BIO_OK_CTX *ctx;
-	EVP_MD_CTX *md;
-
-	ctx=b->ptr;
-	md=&ctx->md;
-
-	if(ctx->buf_len+ 2* md->digest->md_size > OK_BLOCK_SIZE) return;
-
-	EVP_DigestInit_ex(md, md->digest, NULL);
-	/* FIXME: there's absolutely no guarantee this makes any sense at all,
-	 * particularly now EVP_MD_CTX has been restructured.
-	 */
-	RAND_pseudo_bytes(md->md_data, md->digest->md_size);
-	memcpy(&(ctx->buf[ctx->buf_len]), md->md_data, md->digest->md_size);
-	longswap(&(ctx->buf[ctx->buf_len]), md->digest->md_size);
-	ctx->buf_len+= md->digest->md_size;
-
-	EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
-	EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
-	ctx->buf_len+= md->digest->md_size;
-	ctx->blockout= 1;
-	ctx->sigio= 0;
-	}
-
-static void sig_in(BIO* b)
-	{
-	BIO_OK_CTX *ctx;
-	EVP_MD_CTX *md;
-	unsigned char tmp[EVP_MAX_MD_SIZE];
-	int ret= 0;
-
-	ctx=b->ptr;
-	md=&ctx->md;
-
-	if((int)(ctx->buf_len-ctx->buf_off) < 2*md->digest->md_size) return;
-
-	EVP_DigestInit_ex(md, md->digest, NULL);
-	memcpy(md->md_data, &(ctx->buf[ctx->buf_off]), md->digest->md_size);
-	longswap(md->md_data, md->digest->md_size);
-	ctx->buf_off+= md->digest->md_size;
-
-	EVP_DigestUpdate(md, WELLKNOWN, strlen(WELLKNOWN));
-	EVP_DigestFinal_ex(md, tmp, NULL);
-	ret= memcmp(&(ctx->buf[ctx->buf_off]), tmp, md->digest->md_size) == 0;
-	ctx->buf_off+= md->digest->md_size;
-	if(ret == 1)
-		{
-		ctx->sigio= 0;
-		if(ctx->buf_len != ctx->buf_off)
-			{
-			memmove(ctx->buf, &(ctx->buf[ctx->buf_off]), ctx->buf_len- ctx->buf_off);
-			}
-		ctx->buf_len-= ctx->buf_off;
-		ctx->buf_off= 0;
-		}
-	else
-		{
-		ctx->cont= 0;
-		}
-	}
-
-static void block_out(BIO* b)
-	{
-	BIO_OK_CTX *ctx;
-	EVP_MD_CTX *md;
-	unsigned long tl;
-
-	ctx=b->ptr;
-	md=&ctx->md;
-
-	tl= ctx->buf_len- OK_BLOCK_BLOCK;
-	ctx->buf[0]=(unsigned char)(tl>>24);
-	ctx->buf[1]=(unsigned char)(tl>>16);
-	ctx->buf[2]=(unsigned char)(tl>>8);
-	ctx->buf[3]=(unsigned char)(tl);
-	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
-	EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
-	ctx->buf_len+= md->digest->md_size;
-	ctx->blockout= 1;
-	}
-
-static void block_in(BIO* b)
-	{
-	BIO_OK_CTX *ctx;
-	EVP_MD_CTX *md;
-	unsigned long tl= 0;
-	unsigned char tmp[EVP_MAX_MD_SIZE];
-
-	ctx=b->ptr;
-	md=&ctx->md;
-
-	assert(sizeof(tl)>=OK_BLOCK_BLOCK);	/* always true */
-	tl =ctx->buf[0]; tl<<=8;
-	tl|=ctx->buf[1]; tl<<=8;
-	tl|=ctx->buf[2]; tl<<=8;
-	tl|=ctx->buf[3];
-
-	if (ctx->buf_len < tl+ OK_BLOCK_BLOCK+ md->digest->md_size) return;
- 
-	EVP_DigestUpdate(md, (unsigned char*) &(ctx->buf[OK_BLOCK_BLOCK]), tl);
-	EVP_DigestFinal_ex(md, tmp, NULL);
-	if(memcmp(&(ctx->buf[tl+ OK_BLOCK_BLOCK]), tmp, md->digest->md_size) == 0)
-		{
-		/* there might be parts from next block lurking around ! */
-		ctx->buf_off_save= tl+ OK_BLOCK_BLOCK+ md->digest->md_size;
-		ctx->buf_len_save= ctx->buf_len;
-		ctx->buf_off= OK_BLOCK_BLOCK;
-		ctx->buf_len= tl+ OK_BLOCK_BLOCK;
-		ctx->blockout= 1;
-		}
-	else
-		{
-		ctx->cont= 0;
-		}
-	}
+static void block_out(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    unsigned long tl;
+
+    ctx = b->ptr;
+    md = &ctx->md;
+
+    tl = ctx->buf_len - OK_BLOCK_BLOCK;
+    ctx->buf[0] = (unsigned char)(tl >> 24);
+    ctx->buf[1] = (unsigned char)(tl >> 16);
+    ctx->buf[2] = (unsigned char)(tl >> 8);
+    ctx->buf[3] = (unsigned char)(tl);
+    EVP_DigestUpdate(md, (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl);
+    EVP_DigestFinal_ex(md, &(ctx->buf[ctx->buf_len]), NULL);
+    ctx->buf_len += md->digest->md_size;
+    ctx->blockout = 1;
+}
 
+static void block_in(BIO *b)
+{
+    BIO_OK_CTX *ctx;
+    EVP_MD_CTX *md;
+    unsigned long tl = 0;
+    unsigned char tmp[EVP_MAX_MD_SIZE];
+
+    ctx = b->ptr;
+    md = &ctx->md;
+
+    assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */
+    tl = ctx->buf[0];
+    tl <<= 8;
+    tl |= ctx->buf[1];
+    tl <<= 8;
+    tl |= ctx->buf[2];
+    tl <<= 8;
+    tl |= ctx->buf[3];
+
+    if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md->digest->md_size)
+        return;
+
+    EVP_DigestUpdate(md, (unsigned char *)&(ctx->buf[OK_BLOCK_BLOCK]), tl);
+    EVP_DigestFinal_ex(md, tmp, NULL);
+    if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md->digest->md_size) ==
+        0) {
+        /* there might be parts from next block lurking around ! */
+        ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md->digest->md_size;
+        ctx->buf_len_save = ctx->buf_len;
+        ctx->buf_off = OK_BLOCK_BLOCK;
+        ctx->buf_len = tl + OK_BLOCK_BLOCK;
+        ctx->blockout = 1;
+    } else {
+        ctx->cont = 0;
+    }
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/c_all.c b/Cryptlib/OpenSSL/crypto/evp/c_all.c
index a5da52e6..83f5003b 100644
--- a/Cryptlib/OpenSSL/crypto/evp/c_all.c
+++ b/Cryptlib/OpenSSL/crypto/evp/c_all.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,31 +60,31 @@
 #include "cryptlib.h"
 #include <openssl/evp.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 
 #if 0
-#undef OpenSSL_add_all_algorithms
+# undef OpenSSL_add_all_algorithms
 
 void OpenSSL_add_all_algorithms(void)
-	{
-	OPENSSL_add_all_algorithms_noconf();
-	}
+{
+    OPENSSL_add_all_algorithms_noconf();
+}
 #endif
 
 void OPENSSL_add_all_algorithms_noconf(void)
-	{
-	/*
-	 * For the moment OPENSSL_cpuid_setup does something
-	 * only on IA-32, but we reserve the option for all
-	 * platforms...
-	 */
-	OPENSSL_cpuid_setup();
-	OpenSSL_add_all_ciphers();
-	OpenSSL_add_all_digests();
+{
+    /*
+     * For the moment OPENSSL_cpuid_setup does something
+     * only on IA-32, but we reserve the option for all
+     * platforms...
+     */
+    OPENSSL_cpuid_setup();
+    OpenSSL_add_all_ciphers();
+    OpenSSL_add_all_digests();
 #ifndef OPENSSL_NO_ENGINE
 # if defined(__OpenBSD__) || defined(__FreeBSD__)
-	ENGINE_setup_bsd_cryptodev();
+    ENGINE_setup_bsd_cryptodev();
 # endif
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/c_allc.c b/Cryptlib/OpenSSL/crypto/evp/c_allc.c
index e45cee8a..7a2b524d 100644
--- a/Cryptlib/OpenSSL/crypto/evp/c_allc.c
+++ b/Cryptlib/OpenSSL/crypto/evp/c_allc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,165 +63,165 @@
 #include <openssl/objects.h>
 
 void OpenSSL_add_all_ciphers(void)
-	{
+{
 
 #ifndef OPENSSL_NO_DES
-	EVP_add_cipher(EVP_des_cfb());
-	EVP_add_cipher(EVP_des_cfb1());
-	EVP_add_cipher(EVP_des_cfb8());
-	EVP_add_cipher(EVP_des_ede_cfb());
-	EVP_add_cipher(EVP_des_ede3_cfb());
-	EVP_add_cipher(EVP_des_ede3_cfb1());
-	EVP_add_cipher(EVP_des_ede3_cfb8());
-
-	EVP_add_cipher(EVP_des_ofb());
-	EVP_add_cipher(EVP_des_ede_ofb());
-	EVP_add_cipher(EVP_des_ede3_ofb());
-
-	EVP_add_cipher(EVP_desx_cbc());
-	EVP_add_cipher_alias(SN_desx_cbc,"DESX");
-	EVP_add_cipher_alias(SN_desx_cbc,"desx");
-
-	EVP_add_cipher(EVP_des_cbc());
-	EVP_add_cipher_alias(SN_des_cbc,"DES");
-	EVP_add_cipher_alias(SN_des_cbc,"des");
-	EVP_add_cipher(EVP_des_ede_cbc());
-	EVP_add_cipher(EVP_des_ede3_cbc());
-	EVP_add_cipher_alias(SN_des_ede3_cbc,"DES3");
-	EVP_add_cipher_alias(SN_des_ede3_cbc,"des3");
-
-	EVP_add_cipher(EVP_des_ecb());
-	EVP_add_cipher(EVP_des_ede());
-	EVP_add_cipher(EVP_des_ede3());
+    EVP_add_cipher(EVP_des_cfb());
+    EVP_add_cipher(EVP_des_cfb1());
+    EVP_add_cipher(EVP_des_cfb8());
+    EVP_add_cipher(EVP_des_ede_cfb());
+    EVP_add_cipher(EVP_des_ede3_cfb());
+    EVP_add_cipher(EVP_des_ede3_cfb1());
+    EVP_add_cipher(EVP_des_ede3_cfb8());
+
+    EVP_add_cipher(EVP_des_ofb());
+    EVP_add_cipher(EVP_des_ede_ofb());
+    EVP_add_cipher(EVP_des_ede3_ofb());
+
+    EVP_add_cipher(EVP_desx_cbc());
+    EVP_add_cipher_alias(SN_desx_cbc, "DESX");
+    EVP_add_cipher_alias(SN_desx_cbc, "desx");
+
+    EVP_add_cipher(EVP_des_cbc());
+    EVP_add_cipher_alias(SN_des_cbc, "DES");
+    EVP_add_cipher_alias(SN_des_cbc, "des");
+    EVP_add_cipher(EVP_des_ede_cbc());
+    EVP_add_cipher(EVP_des_ede3_cbc());
+    EVP_add_cipher_alias(SN_des_ede3_cbc, "DES3");
+    EVP_add_cipher_alias(SN_des_ede3_cbc, "des3");
+
+    EVP_add_cipher(EVP_des_ecb());
+    EVP_add_cipher(EVP_des_ede());
+    EVP_add_cipher(EVP_des_ede3());
 #endif
 
 #ifndef OPENSSL_NO_RC4
-	EVP_add_cipher(EVP_rc4());
-	EVP_add_cipher(EVP_rc4_40());
+    EVP_add_cipher(EVP_rc4());
+    EVP_add_cipher(EVP_rc4_40());
 #endif
 
 #ifndef OPENSSL_NO_IDEA
-	EVP_add_cipher(EVP_idea_ecb());
-	EVP_add_cipher(EVP_idea_cfb());
-	EVP_add_cipher(EVP_idea_ofb());
-	EVP_add_cipher(EVP_idea_cbc());
-	EVP_add_cipher_alias(SN_idea_cbc,"IDEA");
-	EVP_add_cipher_alias(SN_idea_cbc,"idea");
+    EVP_add_cipher(EVP_idea_ecb());
+    EVP_add_cipher(EVP_idea_cfb());
+    EVP_add_cipher(EVP_idea_ofb());
+    EVP_add_cipher(EVP_idea_cbc());
+    EVP_add_cipher_alias(SN_idea_cbc, "IDEA");
+    EVP_add_cipher_alias(SN_idea_cbc, "idea");
 #endif
 
 #ifndef OPENSSL_NO_SEED
-	EVP_add_cipher(EVP_seed_ecb());
-	EVP_add_cipher(EVP_seed_cfb());
-	EVP_add_cipher(EVP_seed_ofb());
-	EVP_add_cipher(EVP_seed_cbc());
-	EVP_add_cipher_alias(SN_seed_cbc,"SEED");
-	EVP_add_cipher_alias(SN_seed_cbc,"seed");
+    EVP_add_cipher(EVP_seed_ecb());
+    EVP_add_cipher(EVP_seed_cfb());
+    EVP_add_cipher(EVP_seed_ofb());
+    EVP_add_cipher(EVP_seed_cbc());
+    EVP_add_cipher_alias(SN_seed_cbc, "SEED");
+    EVP_add_cipher_alias(SN_seed_cbc, "seed");
 #endif
 
 #ifndef OPENSSL_NO_RC2
-	EVP_add_cipher(EVP_rc2_ecb());
-	EVP_add_cipher(EVP_rc2_cfb());
-	EVP_add_cipher(EVP_rc2_ofb());
-	EVP_add_cipher(EVP_rc2_cbc());
-	EVP_add_cipher(EVP_rc2_40_cbc());
-	EVP_add_cipher(EVP_rc2_64_cbc());
-	EVP_add_cipher_alias(SN_rc2_cbc,"RC2");
-	EVP_add_cipher_alias(SN_rc2_cbc,"rc2");
+    EVP_add_cipher(EVP_rc2_ecb());
+    EVP_add_cipher(EVP_rc2_cfb());
+    EVP_add_cipher(EVP_rc2_ofb());
+    EVP_add_cipher(EVP_rc2_cbc());
+    EVP_add_cipher(EVP_rc2_40_cbc());
+    EVP_add_cipher(EVP_rc2_64_cbc());
+    EVP_add_cipher_alias(SN_rc2_cbc, "RC2");
+    EVP_add_cipher_alias(SN_rc2_cbc, "rc2");
 #endif
 
 #ifndef OPENSSL_NO_BF
-	EVP_add_cipher(EVP_bf_ecb());
-	EVP_add_cipher(EVP_bf_cfb());
-	EVP_add_cipher(EVP_bf_ofb());
-	EVP_add_cipher(EVP_bf_cbc());
-	EVP_add_cipher_alias(SN_bf_cbc,"BF");
-	EVP_add_cipher_alias(SN_bf_cbc,"bf");
-	EVP_add_cipher_alias(SN_bf_cbc,"blowfish");
+    EVP_add_cipher(EVP_bf_ecb());
+    EVP_add_cipher(EVP_bf_cfb());
+    EVP_add_cipher(EVP_bf_ofb());
+    EVP_add_cipher(EVP_bf_cbc());
+    EVP_add_cipher_alias(SN_bf_cbc, "BF");
+    EVP_add_cipher_alias(SN_bf_cbc, "bf");
+    EVP_add_cipher_alias(SN_bf_cbc, "blowfish");
 #endif
 
 #ifndef OPENSSL_NO_CAST
-	EVP_add_cipher(EVP_cast5_ecb());
-	EVP_add_cipher(EVP_cast5_cfb());
-	EVP_add_cipher(EVP_cast5_ofb());
-	EVP_add_cipher(EVP_cast5_cbc());
-	EVP_add_cipher_alias(SN_cast5_cbc,"CAST");
-	EVP_add_cipher_alias(SN_cast5_cbc,"cast");
-	EVP_add_cipher_alias(SN_cast5_cbc,"CAST-cbc");
-	EVP_add_cipher_alias(SN_cast5_cbc,"cast-cbc");
+    EVP_add_cipher(EVP_cast5_ecb());
+    EVP_add_cipher(EVP_cast5_cfb());
+    EVP_add_cipher(EVP_cast5_ofb());
+    EVP_add_cipher(EVP_cast5_cbc());
+    EVP_add_cipher_alias(SN_cast5_cbc, "CAST");
+    EVP_add_cipher_alias(SN_cast5_cbc, "cast");
+    EVP_add_cipher_alias(SN_cast5_cbc, "CAST-cbc");
+    EVP_add_cipher_alias(SN_cast5_cbc, "cast-cbc");
 #endif
 
 #ifndef OPENSSL_NO_RC5
-	EVP_add_cipher(EVP_rc5_32_12_16_ecb());
-	EVP_add_cipher(EVP_rc5_32_12_16_cfb());
-	EVP_add_cipher(EVP_rc5_32_12_16_ofb());
-	EVP_add_cipher(EVP_rc5_32_12_16_cbc());
-	EVP_add_cipher_alias(SN_rc5_cbc,"rc5");
-	EVP_add_cipher_alias(SN_rc5_cbc,"RC5");
+    EVP_add_cipher(EVP_rc5_32_12_16_ecb());
+    EVP_add_cipher(EVP_rc5_32_12_16_cfb());
+    EVP_add_cipher(EVP_rc5_32_12_16_ofb());
+    EVP_add_cipher(EVP_rc5_32_12_16_cbc());
+    EVP_add_cipher_alias(SN_rc5_cbc, "rc5");
+    EVP_add_cipher_alias(SN_rc5_cbc, "RC5");
 #endif
 
 #ifndef OPENSSL_NO_AES
-	EVP_add_cipher(EVP_aes_128_ecb());
-	EVP_add_cipher(EVP_aes_128_cbc());
-	EVP_add_cipher(EVP_aes_128_cfb());
-	EVP_add_cipher(EVP_aes_128_cfb1());
-	EVP_add_cipher(EVP_aes_128_cfb8());
-	EVP_add_cipher(EVP_aes_128_ofb());
-#if 0
-	EVP_add_cipher(EVP_aes_128_ctr());
-#endif
-	EVP_add_cipher_alias(SN_aes_128_cbc,"AES128");
-	EVP_add_cipher_alias(SN_aes_128_cbc,"aes128");
-	EVP_add_cipher(EVP_aes_192_ecb());
-	EVP_add_cipher(EVP_aes_192_cbc());
-	EVP_add_cipher(EVP_aes_192_cfb());
-	EVP_add_cipher(EVP_aes_192_cfb1());
-	EVP_add_cipher(EVP_aes_192_cfb8());
-	EVP_add_cipher(EVP_aes_192_ofb());
-#if 0
-	EVP_add_cipher(EVP_aes_192_ctr());
-#endif
-	EVP_add_cipher_alias(SN_aes_192_cbc,"AES192");
-	EVP_add_cipher_alias(SN_aes_192_cbc,"aes192");
-	EVP_add_cipher(EVP_aes_256_ecb());
-	EVP_add_cipher(EVP_aes_256_cbc());
-	EVP_add_cipher(EVP_aes_256_cfb());
-	EVP_add_cipher(EVP_aes_256_cfb1());
-	EVP_add_cipher(EVP_aes_256_cfb8());
-	EVP_add_cipher(EVP_aes_256_ofb());
-#if 0
-	EVP_add_cipher(EVP_aes_256_ctr());
-#endif
-	EVP_add_cipher_alias(SN_aes_256_cbc,"AES256");
-	EVP_add_cipher_alias(SN_aes_256_cbc,"aes256");
+    EVP_add_cipher(EVP_aes_128_ecb());
+    EVP_add_cipher(EVP_aes_128_cbc());
+    EVP_add_cipher(EVP_aes_128_cfb());
+    EVP_add_cipher(EVP_aes_128_cfb1());
+    EVP_add_cipher(EVP_aes_128_cfb8());
+    EVP_add_cipher(EVP_aes_128_ofb());
+# if 0
+    EVP_add_cipher(EVP_aes_128_ctr());
+# endif
+    EVP_add_cipher_alias(SN_aes_128_cbc, "AES128");
+    EVP_add_cipher_alias(SN_aes_128_cbc, "aes128");
+    EVP_add_cipher(EVP_aes_192_ecb());
+    EVP_add_cipher(EVP_aes_192_cbc());
+    EVP_add_cipher(EVP_aes_192_cfb());
+    EVP_add_cipher(EVP_aes_192_cfb1());
+    EVP_add_cipher(EVP_aes_192_cfb8());
+    EVP_add_cipher(EVP_aes_192_ofb());
+# if 0
+    EVP_add_cipher(EVP_aes_192_ctr());
+# endif
+    EVP_add_cipher_alias(SN_aes_192_cbc, "AES192");
+    EVP_add_cipher_alias(SN_aes_192_cbc, "aes192");
+    EVP_add_cipher(EVP_aes_256_ecb());
+    EVP_add_cipher(EVP_aes_256_cbc());
+    EVP_add_cipher(EVP_aes_256_cfb());
+    EVP_add_cipher(EVP_aes_256_cfb1());
+    EVP_add_cipher(EVP_aes_256_cfb8());
+    EVP_add_cipher(EVP_aes_256_ofb());
+# if 0
+    EVP_add_cipher(EVP_aes_256_ctr());
+# endif
+    EVP_add_cipher_alias(SN_aes_256_cbc, "AES256");
+    EVP_add_cipher_alias(SN_aes_256_cbc, "aes256");
 #endif
 
 #ifndef OPENSSL_NO_CAMELLIA
-	EVP_add_cipher(EVP_camellia_128_ecb());
-	EVP_add_cipher(EVP_camellia_128_cbc());
-	EVP_add_cipher(EVP_camellia_128_cfb());
-	EVP_add_cipher(EVP_camellia_128_cfb1());
-	EVP_add_cipher(EVP_camellia_128_cfb8());
-	EVP_add_cipher(EVP_camellia_128_ofb());
-	EVP_add_cipher_alias(SN_camellia_128_cbc,"CAMELLIA128");
-	EVP_add_cipher_alias(SN_camellia_128_cbc,"camellia128");
-	EVP_add_cipher(EVP_camellia_192_ecb());
-	EVP_add_cipher(EVP_camellia_192_cbc());
-	EVP_add_cipher(EVP_camellia_192_cfb());
-	EVP_add_cipher(EVP_camellia_192_cfb1());
-	EVP_add_cipher(EVP_camellia_192_cfb8());
-	EVP_add_cipher(EVP_camellia_192_ofb());
-	EVP_add_cipher_alias(SN_camellia_192_cbc,"CAMELLIA192");
-	EVP_add_cipher_alias(SN_camellia_192_cbc,"camellia192");
-	EVP_add_cipher(EVP_camellia_256_ecb());
-	EVP_add_cipher(EVP_camellia_256_cbc());
-	EVP_add_cipher(EVP_camellia_256_cfb());
-	EVP_add_cipher(EVP_camellia_256_cfb1());
-	EVP_add_cipher(EVP_camellia_256_cfb8());
-	EVP_add_cipher(EVP_camellia_256_ofb());
-	EVP_add_cipher_alias(SN_camellia_256_cbc,"CAMELLIA256");
-	EVP_add_cipher_alias(SN_camellia_256_cbc,"camellia256");
+    EVP_add_cipher(EVP_camellia_128_ecb());
+    EVP_add_cipher(EVP_camellia_128_cbc());
+    EVP_add_cipher(EVP_camellia_128_cfb());
+    EVP_add_cipher(EVP_camellia_128_cfb1());
+    EVP_add_cipher(EVP_camellia_128_cfb8());
+    EVP_add_cipher(EVP_camellia_128_ofb());
+    EVP_add_cipher_alias(SN_camellia_128_cbc, "CAMELLIA128");
+    EVP_add_cipher_alias(SN_camellia_128_cbc, "camellia128");
+    EVP_add_cipher(EVP_camellia_192_ecb());
+    EVP_add_cipher(EVP_camellia_192_cbc());
+    EVP_add_cipher(EVP_camellia_192_cfb());
+    EVP_add_cipher(EVP_camellia_192_cfb1());
+    EVP_add_cipher(EVP_camellia_192_cfb8());
+    EVP_add_cipher(EVP_camellia_192_ofb());
+    EVP_add_cipher_alias(SN_camellia_192_cbc, "CAMELLIA192");
+    EVP_add_cipher_alias(SN_camellia_192_cbc, "camellia192");
+    EVP_add_cipher(EVP_camellia_256_ecb());
+    EVP_add_cipher(EVP_camellia_256_cbc());
+    EVP_add_cipher(EVP_camellia_256_cfb());
+    EVP_add_cipher(EVP_camellia_256_cfb1());
+    EVP_add_cipher(EVP_camellia_256_cfb8());
+    EVP_add_cipher(EVP_camellia_256_ofb());
+    EVP_add_cipher_alias(SN_camellia_256_cbc, "CAMELLIA256");
+    EVP_add_cipher_alias(SN_camellia_256_cbc, "camellia256");
 #endif
 
-	PKCS12_PBE_add();
-	PKCS5_PBE_add();
-	}
+    PKCS12_PBE_add();
+    PKCS5_PBE_add();
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/c_alld.c b/Cryptlib/OpenSSL/crypto/evp/c_alld.c
index e0841d12..ab17f7c3 100644
--- a/Cryptlib/OpenSSL/crypto/evp/c_alld.c
+++ b/Cryptlib/OpenSSL/crypto/evp/c_alld.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,49 +63,49 @@
 #include <openssl/objects.h>
 
 void OpenSSL_add_all_digests(void)
-	{
+{
 #ifndef OPENSSL_NO_MD4
-	EVP_add_digest(EVP_md4());
+    EVP_add_digest(EVP_md4());
 #endif
 #ifndef OPENSSL_NO_MD5
-	EVP_add_digest(EVP_md5());
-	EVP_add_digest_alias(SN_md5,"ssl2-md5");
-	EVP_add_digest_alias(SN_md5,"ssl3-md5");
+    EVP_add_digest(EVP_md5());
+    EVP_add_digest_alias(SN_md5, "ssl2-md5");
+    EVP_add_digest_alias(SN_md5, "ssl3-md5");
 #endif
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
-	EVP_add_digest(EVP_sha());
-#ifndef OPENSSL_NO_DSA
-	EVP_add_digest(EVP_dss());
-#endif
+    EVP_add_digest(EVP_sha());
+# ifndef OPENSSL_NO_DSA
+    EVP_add_digest(EVP_dss());
+# endif
 #endif
 #ifndef OPENSSL_NO_SHA
-	EVP_add_digest(EVP_sha1());
-	EVP_add_digest_alias(SN_sha1,"ssl3-sha1");
-	EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA);
-#ifndef OPENSSL_NO_DSA
-	EVP_add_digest(EVP_dss1());
-	EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2);
-	EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1");
-	EVP_add_digest_alias(SN_dsaWithSHA1,"dss1");
-#endif
-#ifndef OPENSSL_NO_ECDSA
-	EVP_add_digest(EVP_ecdsa());
-#endif
+    EVP_add_digest(EVP_sha1());
+    EVP_add_digest_alias(SN_sha1, "ssl3-sha1");
+    EVP_add_digest_alias(SN_sha1WithRSAEncryption, SN_sha1WithRSA);
+# ifndef OPENSSL_NO_DSA
+    EVP_add_digest(EVP_dss1());
+    EVP_add_digest_alias(SN_dsaWithSHA1, SN_dsaWithSHA1_2);
+    EVP_add_digest_alias(SN_dsaWithSHA1, "DSS1");
+    EVP_add_digest_alias(SN_dsaWithSHA1, "dss1");
+# endif
+# ifndef OPENSSL_NO_ECDSA
+    EVP_add_digest(EVP_ecdsa());
+# endif
 #endif
 #if !defined(OPENSSL_NO_MDC2) && !defined(OPENSSL_NO_DES)
-	EVP_add_digest(EVP_mdc2());
+    EVP_add_digest(EVP_mdc2());
 #endif
 #ifndef OPENSSL_NO_RIPEMD
-	EVP_add_digest(EVP_ripemd160());
-	EVP_add_digest_alias(SN_ripemd160,"ripemd");
-	EVP_add_digest_alias(SN_ripemd160,"rmd160");
+    EVP_add_digest(EVP_ripemd160());
+    EVP_add_digest_alias(SN_ripemd160, "ripemd");
+    EVP_add_digest_alias(SN_ripemd160, "rmd160");
 #endif
 #ifndef OPENSSL_NO_SHA256
-	EVP_add_digest(EVP_sha224());
-	EVP_add_digest(EVP_sha256());
+    EVP_add_digest(EVP_sha224());
+    EVP_add_digest(EVP_sha256());
 #endif
 #ifndef OPENSSL_NO_SHA512
-	EVP_add_digest(EVP_sha384());
-	EVP_add_digest(EVP_sha512());
+    EVP_add_digest(EVP_sha384());
+    EVP_add_digest(EVP_sha512());
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/dig_eng.c b/Cryptlib/OpenSSL/crypto/evp/dig_eng.c
index 64cdf936..a0a6bc08 100644
--- a/Cryptlib/OpenSSL/crypto/evp/dig_eng.c
+++ b/Cryptlib/OpenSSL/crypto/evp/dig_eng.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -114,67 +114,63 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 #include "evp_locl.h"
 
 #ifndef OPENSSL_NO_ENGINE
 
-#ifdef OPENSSL_FIPS
+# ifdef OPENSSL_FIPS
 
-static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
-	{
-	if (*ptype)
-		{
-		/* Ensure an ENGINE left lying around from last time is cleared
-		 * (the previous check attempted to avoid this if the same
-		 * ENGINE and EVP_MD could be used). */
-		if(ctx->engine)
-			ENGINE_finish(ctx->engine);
-		if(impl)
-			{
-			if (!ENGINE_init(impl))
-				{
-				EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR);
-				return 0;
-				}
-			}
-		else
-			/* Ask if an ENGINE is reserved for this job */
-			impl = ENGINE_get_digest_engine((*ptype)->type);
-		if(impl)
-			{
-			/* There's an ENGINE for this job ... (apparently) */
-			const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
-			if(!d)
-				{
-				/* Same comment from evp_enc.c */
-				EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_INITIALIZATION_ERROR);
-				return 0;
-				}
-			/* We'll use the ENGINE's private digest definition */
-			*ptype = d;
-			/* Store the ENGINE functional reference so we know
-			 * 'type' came from an ENGINE and we need to release
-			 * it when done. */
-			ctx->engine = impl;
-			}
-		else
-			ctx->engine = NULL;
-		}
-	else
-	if(!ctx->digest)
-		{
-		EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,EVP_R_NO_DIGEST_SET);
-		return 0;
-		}
-	return 1;
-	}
+static int do_evp_md_engine_full(EVP_MD_CTX *ctx, const EVP_MD **ptype,
+                                 ENGINE *impl)
+{
+    if (*ptype) {
+        /*
+         * Ensure an ENGINE left lying around from last time is cleared (the
+         * previous check attempted to avoid this if the same ENGINE and
+         * EVP_MD could be used).
+         */
+        if (ctx->engine)
+            ENGINE_finish(ctx->engine);
+        if (impl) {
+            if (!ENGINE_init(impl)) {
+                EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,
+                       EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+        } else
+            /* Ask if an ENGINE is reserved for this job */
+            impl = ENGINE_get_digest_engine((*ptype)->type);
+        if (impl) {
+            /* There's an ENGINE for this job ... (apparently) */
+            const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
+            if (!d) {
+                /* Same comment from evp_enc.c */
+                EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL,
+                       EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+            /* We'll use the ENGINE's private digest definition */
+            *ptype = d;
+            /*
+             * Store the ENGINE functional reference so we know 'type' came
+             * from an ENGINE and we need to release it when done.
+             */
+            ctx->engine = impl;
+        } else
+            ctx->engine = NULL;
+    } else if (!ctx->digest) {
+        EVPerr(EVP_F_DO_EVP_MD_ENGINE_FULL, EVP_R_NO_DIGEST_SET);
+        return 0;
+    }
+    return 1;
+}
 
 void int_EVP_MD_init_engine_callbacks(void)
-	{
-	int_EVP_MD_set_engine_callbacks(
-		ENGINE_init, ENGINE_finish, do_evp_md_engine_full);
-	}
-#endif
+{
+    int_EVP_MD_set_engine_callbacks(ENGINE_init, ENGINE_finish,
+                                    do_evp_md_engine_full);
+}
+# endif
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/digest.c b/Cryptlib/OpenSSL/crypto/evp/digest.c
index 10a36071..9f5ee7b9 100644
--- a/Cryptlib/OpenSSL/crypto/evp/digest.c
+++ b/Cryptlib/OpenSSL/crypto/evp/digest.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -114,345 +114,347 @@
 #include <openssl/objects.h>
 #include <openssl/evp.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 #include "evp_locl.h"
 
 void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
-	{
-	memset(ctx,'\0',sizeof *ctx);
-	}
+{
+    memset(ctx, '\0', sizeof *ctx);
+}
 
 EVP_MD_CTX *EVP_MD_CTX_create(void)
-	{
-	EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
+{
+    EVP_MD_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
 
-	if (ctx)
-		EVP_MD_CTX_init(ctx);
+    if (ctx)
+        EVP_MD_CTX_init(ctx);
 
-	return ctx;
-	}
+    return ctx;
+}
 
 int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type)
-	{
-	EVP_MD_CTX_init(ctx);
-	return EVP_DigestInit_ex(ctx, type, NULL);
-	}
+{
+    EVP_MD_CTX_init(ctx);
+    return EVP_DigestInit_ex(ctx, type, NULL);
+}
 
 #ifdef OPENSSL_FIPS
 
-/* The purpose of these is to trap programs that attempt to use non FIPS
+/*
+ * The purpose of these is to trap programs that attempt to use non FIPS
  * algorithms in FIPS mode and ignore the errors.
  */
 
 static int bad_init(EVP_MD_CTX *ctx)
-	{ FIPS_ERROR_IGNORED("Digest init"); return 0;}
-
-static int bad_update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ FIPS_ERROR_IGNORED("Digest update"); return 0;}
-
-static int bad_final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ FIPS_ERROR_IGNORED("Digest Final"); return 0;}
-
-static const EVP_MD bad_md =
-	{
-	0,
-	0,
-	0,
-	0,
-	bad_init,
-	bad_update,
-	bad_final,
-	NULL,
-	NULL,
-	NULL,
-	0,
-	{0,0,0,0},
-	};
+{
+    FIPS_ERROR_IGNORED("Digest init");
+    return 0;
+}
+
+static int bad_update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    FIPS_ERROR_IGNORED("Digest update");
+    return 0;
+}
+
+static int bad_final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    FIPS_ERROR_IGNORED("Digest Final");
+    return 0;
+}
+
+static const EVP_MD bad_md = {
+    0,
+    0,
+    0,
+    0,
+    bad_init,
+    bad_update,
+    bad_final,
+    NULL,
+    NULL,
+    NULL,
+    0,
+    {0, 0, 0, 0},
+};
 
 #endif
 
 #ifndef OPENSSL_NO_ENGINE
 
-#ifdef OPENSSL_FIPS
+# ifdef OPENSSL_FIPS
+
+static int do_engine_null(ENGINE *impl)
+{
+    return 0;
+}
 
-static int do_engine_null(ENGINE *impl) { return 0;}
 static int do_evp_md_engine_null(EVP_MD_CTX *ctx,
-				const EVP_MD **ptype, ENGINE *impl)
-	{ return 1; }
+                                 const EVP_MD **ptype, ENGINE *impl)
+{
+    return 1;
+}
 
-static int (*do_engine_init)(ENGINE *impl)
-		= do_engine_null;
+static int (*do_engine_init) (ENGINE *impl)
+    = do_engine_null;
 
-static int (*do_engine_finish)(ENGINE *impl)
-		= do_engine_null;
+static int (*do_engine_finish) (ENGINE *impl)
+    = do_engine_null;
 
 static int (*do_evp_md_engine)
-	(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
-		= do_evp_md_engine_null;
-
-void int_EVP_MD_set_engine_callbacks(
-	int (*eng_md_init)(ENGINE *impl),
-	int (*eng_md_fin)(ENGINE *impl),
-	int (*eng_md_evp)
-		(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl))
-	{
-	do_engine_init = eng_md_init;
-	do_engine_finish = eng_md_fin;
-	do_evp_md_engine = eng_md_evp;
-	}
-
-#else
-
-#define do_engine_init	ENGINE_init
-#define do_engine_finish ENGINE_finish
-
-static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
-	{
-	if (*ptype)
-		{
-		/* Ensure an ENGINE left lying around from last time is cleared
-		 * (the previous check attempted to avoid this if the same
-		 * ENGINE and EVP_MD could be used). */
-		if(ctx->engine)
-			ENGINE_finish(ctx->engine);
-		if(impl)
-			{
-			if (!ENGINE_init(impl))
-				{
-				EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
-				return 0;
-				}
-			}
-		else
-			/* Ask if an ENGINE is reserved for this job */
-			impl = ENGINE_get_digest_engine((*ptype)->type);
-		if(impl)
-			{
-			/* There's an ENGINE for this job ... (apparently) */
-			const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
-			if(!d)
-				{
-				/* Same comment from evp_enc.c */
-				EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_INITIALIZATION_ERROR);
-				ENGINE_finish(impl);
-				return 0;
-				}
-			/* We'll use the ENGINE's private digest definition */
-			*ptype = d;
-			/* Store the ENGINE functional reference so we know
-			 * 'type' came from an ENGINE and we need to release
-			 * it when done. */
-			ctx->engine = impl;
-			}
-		else
-			ctx->engine = NULL;
-		}
-	else
-	if(!ctx->digest)
-		{
-		EVPerr(EVP_F_DO_EVP_MD_ENGINE,EVP_R_NO_DIGEST_SET);
-		return 0;
-		}
-	return 1;
-	}
-
-#endif
+ (EVP_MD_CTX *ctx, const EVP_MD **ptype, ENGINE *impl)
+    = do_evp_md_engine_null;
+
+void int_EVP_MD_set_engine_callbacks(int (*eng_md_init) (ENGINE *impl),
+                                     int (*eng_md_fin) (ENGINE *impl),
+                                     int (*eng_md_evp)
+                                      (EVP_MD_CTX *ctx, const EVP_MD **ptype,
+                                       ENGINE *impl))
+{
+    do_engine_init = eng_md_init;
+    do_engine_finish = eng_md_fin;
+    do_evp_md_engine = eng_md_evp;
+}
+
+# else
+
+#  define do_engine_init  ENGINE_init
+#  define do_engine_finish ENGINE_finish
+
+static int do_evp_md_engine(EVP_MD_CTX *ctx, const EVP_MD **ptype,
+                            ENGINE *impl)
+{
+    if (*ptype) {
+        /*
+         * Ensure an ENGINE left lying around from last time is cleared (the
+         * previous check attempted to avoid this if the same ENGINE and
+         * EVP_MD could be used).
+         */
+        if (ctx->engine)
+            ENGINE_finish(ctx->engine);
+        if (impl) {
+            if (!ENGINE_init(impl)) {
+                EVPerr(EVP_F_DO_EVP_MD_ENGINE, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+        } else
+            /* Ask if an ENGINE is reserved for this job */
+            impl = ENGINE_get_digest_engine((*ptype)->type);
+        if (impl) {
+            /* There's an ENGINE for this job ... (apparently) */
+            const EVP_MD *d = ENGINE_get_digest(impl, (*ptype)->type);
+            if (!d) {
+                /* Same comment from evp_enc.c */
+                EVPerr(EVP_F_DO_EVP_MD_ENGINE, EVP_R_INITIALIZATION_ERROR);
+                ENGINE_finish(impl);
+                return 0;
+            }
+            /* We'll use the ENGINE's private digest definition */
+            *ptype = d;
+            /*
+             * Store the ENGINE functional reference so we know 'type' came
+             * from an ENGINE and we need to release it when done.
+             */
+            ctx->engine = impl;
+        } else
+            ctx->engine = NULL;
+    } else if (!ctx->digest) {
+        EVPerr(EVP_F_DO_EVP_MD_ENGINE, EVP_R_NO_DIGEST_SET);
+        return 0;
+    }
+    return 1;
+}
+
+# endif
 
 #endif
 
 int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
-	{
-	M_EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
+{
+    M_EVP_MD_CTX_clear_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
 #ifdef OPENSSL_FIPS
-	if(FIPS_selftest_failed())
-		{
-		FIPSerr(FIPS_F_EVP_DIGESTINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
-		ctx->digest = &bad_md;
-		return 0;
-		}
+    if (FIPS_selftest_failed()) {
+        FIPSerr(FIPS_F_EVP_DIGESTINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED);
+        ctx->digest = &bad_md;
+        return 0;
+    }
 #endif
 #ifndef OPENSSL_NO_ENGINE
-	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
-	 * so this context may already have an ENGINE! Try to avoid releasing
-	 * the previous handle, re-querying for an ENGINE, and having a
-	 * reinitialisation, when it may all be unecessary. */
-	if (ctx->engine && ctx->digest && (!type ||
-			(type && (type->type == ctx->digest->type))))
-		goto skip_to_init;
-	if (!do_evp_md_engine(ctx, &type, impl))
-		return 0;
+    /*
+     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
+     * this context may already have an ENGINE! Try to avoid releasing the
+     * previous handle, re-querying for an ENGINE, and having a
+     * reinitialisation, when it may all be unecessary.
+     */
+    if (ctx->engine && ctx->digest && (!type ||
+                                       (type
+                                        && (type->type ==
+                                            ctx->digest->type))))
+        goto skip_to_init;
+    if (!do_evp_md_engine(ctx, &type, impl))
+        return 0;
 #endif
-	if (ctx->digest != type)
-		{
+    if (ctx->digest != type) {
 #ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			{
-			if (!(type->flags & EVP_MD_FLAG_FIPS) 
-			 && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW))
-				{
-				EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
-				ctx->digest = &bad_md;
-				return 0;
-				}
-			}
+        if (FIPS_mode()) {
+            if (!(type->flags & EVP_MD_FLAG_FIPS)
+                && !(ctx->flags & EVP_MD_CTX_FLAG_NON_FIPS_ALLOW)) {
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX, EVP_R_DISABLED_FOR_FIPS);
+                ctx->digest = &bad_md;
+                return 0;
+            }
+        }
 #endif
-		if (ctx->digest && ctx->digest->ctx_size)
-			OPENSSL_free(ctx->md_data);
-		ctx->digest=type;
-		if (type->ctx_size)
-			{
-			ctx->md_data=OPENSSL_malloc(type->ctx_size);
-			if (!ctx->md_data)
-				{
-				EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
-				return 0;
-				}
-			}
-		}
+        if (ctx->digest && ctx->digest->ctx_size)
+            OPENSSL_free(ctx->md_data);
+        ctx->digest = type;
+        if (type->ctx_size) {
+            ctx->md_data = OPENSSL_malloc(type->ctx_size);
+            if (!ctx->md_data) {
+                EVPerr(EVP_F_EVP_DIGESTINIT_EX, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+    }
 #ifndef OPENSSL_NO_ENGINE
-	skip_to_init:
+ skip_to_init:
 #endif
-	return ctx->digest->init(ctx);
-	}
+    return ctx->digest->init(ctx);
+}
 
-int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data,
-	     size_t count)
-	{
+int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
 #ifdef OPENSSL_FIPS
-	FIPS_selftest_check();
+    FIPS_selftest_check();
 #endif
-	return ctx->digest->update(ctx,data,count);
-	}
+    return ctx->digest->update(ctx, data, count);
+}
 
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
-	{
-	int ret;
-	ret = EVP_DigestFinal_ex(ctx, md, size);
-	EVP_MD_CTX_cleanup(ctx);
-	return ret;
-	}
+{
+    int ret;
+    ret = EVP_DigestFinal_ex(ctx, md, size);
+    EVP_MD_CTX_cleanup(ctx);
+    return ret;
+}
 
 /* The caller can assume that this removes any secret data from the context */
 int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size)
-	{
-	int ret;
+{
+    int ret;
 #ifdef OPENSSL_FIPS
-	FIPS_selftest_check();
+    FIPS_selftest_check();
 #endif
 
-	OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
-	ret=ctx->digest->final(ctx,md);
-	if (size != NULL)
-		*size=ctx->digest->md_size;
-	if (ctx->digest->cleanup)
-		{
-		ctx->digest->cleanup(ctx);
-		M_EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
-		}
-	memset(ctx->md_data,0,ctx->digest->ctx_size);
-	return ret;
-	}
+    OPENSSL_assert(ctx->digest->md_size <= EVP_MAX_MD_SIZE);
+    ret = ctx->digest->final(ctx, md);
+    if (size != NULL)
+        *size = ctx->digest->md_size;
+    if (ctx->digest->cleanup) {
+        ctx->digest->cleanup(ctx);
+        M_EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_CLEANED);
+    }
+    memset(ctx->md_data, 0, ctx->digest->ctx_size);
+    return ret;
+}
 
 int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in)
-	{
-	EVP_MD_CTX_init(out);
-	return EVP_MD_CTX_copy_ex(out, in);
-	}
+{
+    EVP_MD_CTX_init(out);
+    return EVP_MD_CTX_copy_ex(out, in);
+}
 
 int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in)
-	{
-	unsigned char *tmp_buf;
-	if ((in == NULL) || (in->digest == NULL))
-		{
-		EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,EVP_R_INPUT_NOT_INITIALIZED);
-		return 0;
-		}
+{
+    unsigned char *tmp_buf;
+    if ((in == NULL) || (in->digest == NULL)) {
+        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, EVP_R_INPUT_NOT_INITIALIZED);
+        return 0;
+    }
 #ifndef OPENSSL_NO_ENGINE
-	/* Make sure it's safe to copy a digest context using an ENGINE */
-	if (in->engine && !do_engine_init(in->engine))
-		{
-		EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_ENGINE_LIB);
-		return 0;
-		}
+    /* Make sure it's safe to copy a digest context using an ENGINE */
+    if (in->engine && !do_engine_init(in->engine)) {
+        EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_ENGINE_LIB);
+        return 0;
+    }
 #endif
 
-	if (out->digest == in->digest)
-		{
-		tmp_buf = out->md_data;
-	    	M_EVP_MD_CTX_set_flags(out,EVP_MD_CTX_FLAG_REUSE);
-		}
-	else tmp_buf = NULL;
-	EVP_MD_CTX_cleanup(out);
-	memcpy(out,in,sizeof *out);
-
-	if (out->digest->ctx_size)
-		{
-		if (tmp_buf)
-			out->md_data = tmp_buf;
-		else
-			{
-			out->md_data=OPENSSL_malloc(out->digest->ctx_size);
-			if (!out->md_data)
-				{
-				EVPerr(EVP_F_EVP_MD_CTX_COPY_EX,ERR_R_MALLOC_FAILURE);
-				return 0;
-				}
-			}
-		memcpy(out->md_data,in->md_data,out->digest->ctx_size);
-		}
-
-	if (out->digest->copy)
-		return out->digest->copy(out,in);
-	
-	return 1;
-	}
+    if (out->digest == in->digest) {
+        tmp_buf = out->md_data;
+        M_EVP_MD_CTX_set_flags(out, EVP_MD_CTX_FLAG_REUSE);
+    } else
+        tmp_buf = NULL;
+    EVP_MD_CTX_cleanup(out);
+    memcpy(out, in, sizeof *out);
+
+    if (out->digest->ctx_size) {
+        if (tmp_buf)
+            out->md_data = tmp_buf;
+        else {
+            out->md_data = OPENSSL_malloc(out->digest->ctx_size);
+            if (!out->md_data) {
+                EVPerr(EVP_F_EVP_MD_CTX_COPY_EX, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+        memcpy(out->md_data, in->md_data, out->digest->ctx_size);
+    }
+
+    if (out->digest->copy)
+        return out->digest->copy(out, in);
+
+    return 1;
+}
 
 int EVP_Digest(const void *data, size_t count,
-		unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl)
-	{
-	EVP_MD_CTX ctx;
-	int ret;
-
-	EVP_MD_CTX_init(&ctx);
-	M_EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT);
-	ret=EVP_DigestInit_ex(&ctx, type, impl)
-	  && EVP_DigestUpdate(&ctx, data, count)
-	  && EVP_DigestFinal_ex(&ctx, md, size);
-	EVP_MD_CTX_cleanup(&ctx);
-
-	return ret;
-	}
+               unsigned char *md, unsigned int *size, const EVP_MD *type,
+               ENGINE *impl)
+{
+    EVP_MD_CTX ctx;
+    int ret;
+
+    EVP_MD_CTX_init(&ctx);
+    M_EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT);
+    ret = EVP_DigestInit_ex(&ctx, type, impl)
+        && EVP_DigestUpdate(&ctx, data, count)
+        && EVP_DigestFinal_ex(&ctx, md, size);
+    EVP_MD_CTX_cleanup(&ctx);
+
+    return ret;
+}
 
 void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
-	{
-	EVP_MD_CTX_cleanup(ctx);
-	OPENSSL_free(ctx);
-	}
+{
+    EVP_MD_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+}
 
 /* This call frees resources associated with the context */
 int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx)
-	{
-	/* Don't assume ctx->md_data was cleaned in EVP_Digest_Final,
-	 * because sometimes only copies of the context are ever finalised.
-	 */
-	if (ctx->digest && ctx->digest->cleanup
-	    && !M_EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED))
-		ctx->digest->cleanup(ctx);
-	if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
-	    && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE))
-		{
-		OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
-		OPENSSL_free(ctx->md_data);
-		}
+{
+    /*
+     * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
+     * sometimes only copies of the context are ever finalised.
+     */
+    if (ctx->digest && ctx->digest->cleanup
+        && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
+        ctx->digest->cleanup(ctx);
+    if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
+        && !M_EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
+        OPENSSL_cleanse(ctx->md_data, ctx->digest->ctx_size);
+        OPENSSL_free(ctx->md_data);
+    }
 #ifndef OPENSSL_NO_ENGINE
-	if(ctx->engine)
-		/* The EVP_MD we used belongs to an ENGINE, release the
-		 * functional reference we held for this reason. */
-		do_engine_finish(ctx->engine);
+    if (ctx->engine)
+        /*
+         * The EVP_MD we used belongs to an ENGINE, release the functional
+         * reference we held for this reason.
+         */
+        do_engine_finish(ctx->engine);
 #endif
-	memset(ctx,'\0',sizeof *ctx);
+    memset(ctx, '\0', sizeof *ctx);
 
-	return 1;
-	}
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/e_aes.c b/Cryptlib/OpenSSL/crypto/evp/e_aes.c
index c9a5ee8d..5d08405a 100644
--- a/Cryptlib/OpenSSL/crypto/evp/e_aes.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_aes.c
@@ -6,7 +6,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -50,68 +50,60 @@
 
 #include <openssl/opensslconf.h>
 #ifndef OPENSSL_NO_AES
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <string.h>
-#include <assert.h>
-#include <openssl/aes.h>
-#include "evp_locl.h"
+# include <openssl/evp.h>
+# include <openssl/err.h>
+# include <string.h>
+# include <assert.h>
+# include <openssl/aes.h>
+# include "evp_locl.h"
 
 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-					const unsigned char *iv, int enc);
+                        const unsigned char *iv, int enc);
 
-typedef struct
-	{
-	AES_KEY ks;
-	} EVP_AES_KEY;
+typedef struct {
+    AES_KEY ks;
+} EVP_AES_KEY;
 
-#define data(ctx)	EVP_C_DATA(EVP_AES_KEY,ctx)
+# define data(ctx)       EVP_C_DATA(EVP_AES_KEY,ctx)
 
 IMPLEMENT_BLOCK_CIPHER(aes_128, ks, AES, EVP_AES_KEY,
-		       NID_aes_128, 16, 16, 16, 128,
-		       EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
-		       aes_init_key,
-		       NULL, NULL, NULL, NULL)
-IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
-		       NID_aes_192, 16, 24, 16, 128,
-		       EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
-		       aes_init_key,
-		       NULL, NULL, NULL, NULL)
-IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
-		       NID_aes_256, 16, 32, 16, 128,
-		       EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
-		       aes_init_key,
-		       NULL, NULL, NULL, NULL)
+                       NID_aes_128, 16, 16, 16, 128,
+                       EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       aes_init_key, NULL, NULL, NULL, NULL)
+    IMPLEMENT_BLOCK_CIPHER(aes_192, ks, AES, EVP_AES_KEY,
+                       NID_aes_192, 16, 24, 16, 128,
+                       EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       aes_init_key, NULL, NULL, NULL, NULL)
+    IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY,
+                       NID_aes_256, 16, 32, 16, 128,
+                       EVP_CIPH_FLAG_FIPS | EVP_CIPH_FLAG_DEFAULT_ASN1,
+                       aes_init_key, NULL, NULL, NULL, NULL)
+# define IMPLEMENT_AES_CFBR(ksize,cbits,flags)   IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
+    IMPLEMENT_AES_CFBR(128, 1, EVP_CIPH_FLAG_FIPS)
+    IMPLEMENT_AES_CFBR(192, 1, EVP_CIPH_FLAG_FIPS)
+    IMPLEMENT_AES_CFBR(256, 1, EVP_CIPH_FLAG_FIPS)
 
-#define IMPLEMENT_AES_CFBR(ksize,cbits,flags)	IMPLEMENT_CFBR(aes,AES,EVP_AES_KEY,ks,ksize,cbits,16,flags)
-
-IMPLEMENT_AES_CFBR(128,1,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(192,1,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(256,1,EVP_CIPH_FLAG_FIPS)
-
-IMPLEMENT_AES_CFBR(128,8,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(192,8,EVP_CIPH_FLAG_FIPS)
-IMPLEMENT_AES_CFBR(256,8,EVP_CIPH_FLAG_FIPS)
+    IMPLEMENT_AES_CFBR(128, 8, EVP_CIPH_FLAG_FIPS)
+    IMPLEMENT_AES_CFBR(192, 8, EVP_CIPH_FLAG_FIPS)
+    IMPLEMENT_AES_CFBR(256, 8, EVP_CIPH_FLAG_FIPS)
 
 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-		   const unsigned char *iv, int enc)
-	{
-	int ret;
+                        const unsigned char *iv, int enc)
+{
+    int ret;
 
-	if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
-	    || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE
-	    || enc) 
-		ret=AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
-	else
-		ret=AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+    if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE
+        || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE || enc)
+        ret = AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
+    else
+        ret = AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data);
 
-	if(ret < 0)
-		{
-		EVPerr(EVP_F_AES_INIT_KEY,EVP_R_AES_KEY_SETUP_FAILED);
-		return 0;
-		}
+    if (ret < 0) {
+        EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        return 0;
+    }
 
-	return 1;
-	}
+    return 1;
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/e_bf.c b/Cryptlib/OpenSSL/crypto/evp/e_bf.c
index cc224e53..d6a01782 100644
--- a/Cryptlib/OpenSSL/crypto/evp/e_bf.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_bf.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,30 +59,29 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #ifndef OPENSSL_NO_BF
-#include <openssl/evp.h>
-#include "evp_locl.h"
-#include <openssl/objects.h>
-#include <openssl/blowfish.h>
+# include <openssl/evp.h>
+# include "evp_locl.h"
+# include <openssl/objects.h>
+# include <openssl/blowfish.h>
 
 static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-		       const unsigned char *iv, int enc);
+                       const unsigned char *iv, int enc);
 
-typedef struct
-	{
-	BF_KEY ks;
-	} EVP_BF_KEY;
+typedef struct {
+    BF_KEY ks;
+} EVP_BF_KEY;
 
-#define data(ctx)	EVP_C_DATA(EVP_BF_KEY,ctx)
+# define data(ctx)       EVP_C_DATA(EVP_BF_KEY,ctx)
 
 IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64,
-			EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, 
-			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-	
+                       EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL,
+                       EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+
 static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-		       const unsigned char *iv, int enc)
-	{
-	BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
-	return 1;
-	}
+                       const unsigned char *iv, int enc)
+{
+    BF_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+    return 1;
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/e_cast.c b/Cryptlib/OpenSSL/crypto/evp/e_cast.c
index d77bcd92..3f745485 100644
--- a/Cryptlib/OpenSSL/crypto/evp/e_cast.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_cast.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,31 +60,30 @@
 #include "cryptlib.h"
 
 #ifndef OPENSSL_NO_CAST
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/cast.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include <openssl/cast.h>
 
 static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			 const unsigned char *iv,int enc);
+                         const unsigned char *iv, int enc);
+
+typedef struct {
+    CAST_KEY ks;
+} EVP_CAST_KEY;
 
-typedef struct
-	{
-	CAST_KEY ks;
-	} EVP_CAST_KEY;
+# define data(ctx)       EVP_C_DATA(EVP_CAST_KEY,ctx)
 
-#define data(ctx)	EVP_C_DATA(EVP_CAST_KEY,ctx)
+IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY,
+                       NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
+                       EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
 
-IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, 
-			NID_cast5, 8, CAST_KEY_LENGTH, 8, 64,
-			EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL,
-			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
-			
 static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			 const unsigned char *iv, int enc)
-	{
-	CAST_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key);
-	return 1;
-	}
+                         const unsigned char *iv, int enc)
+{
+    CAST_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+    return 1;
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des.c b/Cryptlib/OpenSSL/crypto/evp/e_des.c
index 04376df2..e5b99ec2 100644
--- a/Cryptlib/OpenSSL/crypto/evp/e_des.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_des.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,121 +59,124 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #ifndef OPENSSL_NO_DES
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/des.h>
-#include <openssl/rand.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include <openssl/des.h>
+# include <openssl/rand.h>
 
 static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			const unsigned char *iv, int enc);
+                        const unsigned char *iv, int enc);
 static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
 
-/* Because of various casts and different names can't use IMPLEMENT_BLOCK_CIPHER */
+/*
+ * Because of various casts and different names can't use
+ * IMPLEMENT_BLOCK_CIPHER
+ */
 
 static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			  const unsigned char *in, unsigned int inl)
+                          const unsigned char *in, unsigned int inl)
 {
-	BLOCK_CIPHER_ecb_loop()
-		DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt);
-	return 1;
+    BLOCK_CIPHER_ecb_loop()
+        DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i),
+                        ctx->cipher_data, ctx->encrypt);
+    return 1;
 }
 
 static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			  const unsigned char *in, unsigned int inl)
+                          const unsigned char *in, unsigned int inl)
 {
-	DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num);
-	return 1;
+    DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data,
+                      (DES_cblock *)ctx->iv, &ctx->num);
+    return 1;
 }
 
 static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			  const unsigned char *in, unsigned int inl)
+                          const unsigned char *in, unsigned int inl)
 {
-	DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
-			 (DES_cblock *)ctx->iv, ctx->encrypt);
-	return 1;
+    DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data,
+                     (DES_cblock *)ctx->iv, ctx->encrypt);
+    return 1;
 }
 
 static int des_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			    const unsigned char *in, unsigned int inl)
+                            const unsigned char *in, unsigned int inl)
 {
-	DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
-			  (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
-	return 1;
+    DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data,
+                      (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+    return 1;
 }
 
-/* Although we have a CFB-r implementation for DES, it doesn't pack the right
-   way, so wrap it here */
+/*
+ * Although we have a CFB-r implementation for DES, it doesn't pack the right
+ * way, so wrap it here
+ */
 static int des_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			   const unsigned char *in, unsigned int inl)
-    {
+                           const unsigned char *in, unsigned int inl)
+{
     unsigned int n;
-    unsigned char c[1],d[1];
-
-    for(n=0 ; n < inl ; ++n)
-	{
-	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-	DES_cfb_encrypt(c,d,1,1,ctx->cipher_data,(DES_cblock *)ctx->iv,
-			ctx->encrypt);
-	out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
-	}
-    return 1;
+    unsigned char c[1], d[1];
+
+    for (n = 0; n < inl; ++n) {
+        c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+        DES_cfb_encrypt(c, d, 1, 1, ctx->cipher_data, (DES_cblock *)ctx->iv,
+                        ctx->encrypt);
+        out[n / 8] =
+            (out[n / 8] & ~(0x80 >> (n % 8))) | ((d[0] & 0x80) >> (n % 8));
     }
+    return 1;
+}
 
 static int des_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			   const unsigned char *in, unsigned int inl)
-    {
-    DES_cfb_encrypt(in,out,8,inl,ctx->cipher_data,(DES_cblock *)ctx->iv,
-		    ctx->encrypt);
+                           const unsigned char *in, unsigned int inl)
+{
+    DES_cfb_encrypt(in, out, 8, inl, ctx->cipher_data, (DES_cblock *)ctx->iv,
+                    ctx->encrypt);
     return 1;
-    }
+}
 
 BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64,
-			EVP_CIPH_RAND_KEY,
-			des_init_key, NULL,
-			EVP_CIPHER_set_asn1_iv,
-			EVP_CIPHER_get_asn1_iv,
-			des_ctrl)
-
-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,1,
-		     EVP_CIPH_RAND_KEY,
-		     des_init_key, NULL,
-		     EVP_CIPHER_set_asn1_iv,
-		     EVP_CIPHER_get_asn1_iv,des_ctrl)
-
-BLOCK_CIPHER_def_cfb(des,DES_key_schedule,NID_des,8,8,8,
-		     EVP_CIPH_RAND_KEY,
-		     des_init_key,NULL,
-		     EVP_CIPHER_set_asn1_iv,
-		     EVP_CIPHER_get_asn1_iv,des_ctrl)
+                  EVP_CIPH_RAND_KEY,
+                  des_init_key, NULL,
+                  EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+
+BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 1,
+                 EVP_CIPH_RAND_KEY,
+                 des_init_key, NULL,
+                 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+BLOCK_CIPHER_def_cfb(des, DES_key_schedule, NID_des, 8, 8, 8,
+                     EVP_CIPH_RAND_KEY,
+                     des_init_key, NULL,
+                     EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
 
 static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			const unsigned char *iv, int enc)
-	{
-	DES_cblock *deskey = (DES_cblock *)key;
-#ifdef EVP_CHECK_DES_KEY
-	if(DES_set_key_checked(deskey,ctx->cipher_data) != 0)
-		return 0;
-#else
-	DES_set_key_unchecked(deskey,ctx->cipher_data);
-#endif
-	return 1;
-	}
+                        const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
+# ifdef EVP_CHECK_DES_KEY
+    if (DES_set_key_checked(deskey, ctx->cipher_data) != 0)
+        return 0;
+# else
+    DES_set_key_unchecked(deskey, ctx->cipher_data);
+# endif
+    return 1;
+}
 
 static int des_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
-	{
-	
-	switch(type)
-		{
-	case EVP_CTRL_RAND_KEY:
-		if (RAND_bytes(ptr, 8) <= 0)
-			return 0;
-		DES_set_odd_parity((DES_cblock *)ptr);
-		return 1;
-
-	default:
-		return -1;
-		}
-	}
+{
+
+    switch (type) {
+    case EVP_CTRL_RAND_KEY:
+        if (RAND_bytes(ptr, 8) <= 0)
+            return 0;
+        DES_set_odd_parity((DES_cblock *)ptr);
+        return 1;
+
+    default:
+        return -1;
+    }
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/e_des3.c b/Cryptlib/OpenSSL/crypto/evp/e_des3.c
index f910af19..b80348bb 100644
--- a/Cryptlib/OpenSSL/crypto/evp/e_des3.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_des3.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,212 +59,213 @@
 #include <stdio.h>
 #include "cryptlib.h"
 #ifndef OPENSSL_NO_DES
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/des.h>
-#include <openssl/rand.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include <openssl/des.h>
+# include <openssl/rand.h>
 
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			    const unsigned char *iv,int enc);
+                            const unsigned char *iv, int enc);
 
 static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			     const unsigned char *iv,int enc);
+                             const unsigned char *iv, int enc);
 
 static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
 
-typedef struct
-    {
-    DES_key_schedule ks1;/* key schedule */
-    DES_key_schedule ks2;/* key schedule (for ede) */
-    DES_key_schedule ks3;/* key schedule (for ede3) */
-    } DES_EDE_KEY;
+typedef struct {
+    DES_key_schedule ks1;       /* key schedule */
+    DES_key_schedule ks2;       /* key schedule (for ede) */
+    DES_key_schedule ks3;       /* key schedule (for ede3) */
+} DES_EDE_KEY;
 
-#define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
+# define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data)
 
-/* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */
+/*
+ * Because of various casts and different args can't use
+ * IMPLEMENT_BLOCK_CIPHER
+ */
 
 static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			      const unsigned char *in, unsigned int inl)
+                              const unsigned char *in, unsigned int inl)
 {
-	BLOCK_CIPHER_ecb_loop()
-		DES_ecb3_encrypt((const_DES_cblock *)(in + i),
-				 (DES_cblock *)(out + i),
-				 &data(ctx)->ks1, &data(ctx)->ks2,
-				 &data(ctx)->ks3,
-				 ctx->encrypt);
-	return 1;
+    BLOCK_CIPHER_ecb_loop()
+        DES_ecb3_encrypt((const_DES_cblock *)(in + i),
+                         (DES_cblock *)(out + i),
+                         &data(ctx)->ks1, &data(ctx)->ks2,
+                         &data(ctx)->ks3, ctx->encrypt);
+    return 1;
 }
 
 static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			      const unsigned char *in, unsigned int inl)
+                              const unsigned char *in, unsigned int inl)
 {
-	DES_ede3_ofb64_encrypt(in, out, (long)inl,
-			       &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
-			       (DES_cblock *)ctx->iv, &ctx->num);
-	return 1;
+    DES_ede3_ofb64_encrypt(in, out, (long)inl,
+                           &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+                           (DES_cblock *)ctx->iv, &ctx->num);
+    return 1;
 }
 
 static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			      const unsigned char *in, unsigned int inl)
+                              const unsigned char *in, unsigned int inl)
 {
-#ifdef KSSL_DEBUG
-	{
+# ifdef KSSL_DEBUG
+    {
         int i;
-	printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx, ctx->buf_len);
-	printf("\t iv= ");
-        for(i=0;i<8;i++)
-                printf("%02X",ctx->iv[i]);
-	printf("\n");
-	}
-#endif    /* KSSL_DEBUG */
-	DES_ede3_cbc_encrypt(in, out, (long)inl,
-			     &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
-			     (DES_cblock *)ctx->iv, ctx->encrypt);
-	return 1;
+        printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", (unsigned long)ctx,
+               ctx->buf_len);
+        printf("\t iv= ");
+        for (i = 0; i < 8; i++)
+            printf("%02X", ctx->iv[i]);
+        printf("\n");
+    }
+# endif                         /* KSSL_DEBUG */
+    DES_ede3_cbc_encrypt(in, out, (long)inl,
+                         &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+                         (DES_cblock *)ctx->iv, ctx->encrypt);
+    return 1;
 }
 
 static int des_ede_cfb64_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			      const unsigned char *in, unsigned int inl)
+                                const unsigned char *in, unsigned int inl)
 {
-	DES_ede3_cfb64_encrypt(in, out, (long)inl, 
-			       &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
-			       (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
-	return 1;
+    DES_ede3_cfb64_encrypt(in, out, (long)inl,
+                           &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+                           (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt);
+    return 1;
 }
 
-/* Although we have a CFB-r implementation for 3-DES, it doesn't pack the right
-   way, so wrap it here */
+/*
+ * Although we have a CFB-r implementation for 3-DES, it doesn't pack the
+ * right way, so wrap it here
+ */
 static int des_ede3_cfb1_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-				const unsigned char *in, unsigned int inl)
-    {
+                                const unsigned char *in, unsigned int inl)
+{
     unsigned int n;
-    unsigned char c[1],d[1];
+    unsigned char c[1], d[1];
 
-    for(n=0 ; n < inl ; ++n)
-	{
-	c[0]=(in[n/8]&(1 << (7-n%8))) ? 0x80 : 0;
-	DES_ede3_cfb_encrypt(c,d,1,1,
-			     &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
-			     (DES_cblock *)ctx->iv,ctx->encrypt);
-	out[n/8]=(out[n/8]&~(0x80 >> (n%8)))|((d[0]&0x80) >> (n%8));
-	}
+    for (n = 0; n < inl; ++n) {
+        c[0] = (in[n / 8] & (1 << (7 - n % 8))) ? 0x80 : 0;
+        DES_ede3_cfb_encrypt(c, d, 1, 1,
+                             &data(ctx)->ks1, &data(ctx)->ks2,
+                             &data(ctx)->ks3, (DES_cblock *)ctx->iv,
+                             ctx->encrypt);
+        out[n / 8] =
+            (out[n / 8] & ~(0x80 >> (n % 8))) | ((d[0] & 0x80) >> (n % 8));
+    }
 
     return 1;
-    }
+}
 
 static int des_ede3_cfb8_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-				const unsigned char *in, unsigned int inl)
-    {
-    DES_ede3_cfb_encrypt(in,out,8,inl,
-			 &data(ctx)->ks1,&data(ctx)->ks2,&data(ctx)->ks3,
-			 (DES_cblock *)ctx->iv,ctx->encrypt);
+                                const unsigned char *in, unsigned int inl)
+{
+    DES_ede3_cfb_encrypt(in, out, 8, inl,
+                         &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3,
+                         (DES_cblock *)ctx->iv, ctx->encrypt);
     return 1;
-    }
+}
 
 BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
-		EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
-			des_ede_init_key,
-			NULL, NULL, NULL,
-			des3_ctrl)
-
-#define des_ede3_cfb64_cipher des_ede_cfb64_cipher
-#define des_ede3_ofb_cipher des_ede_ofb_cipher
-#define des_ede3_cbc_cipher des_ede_cbc_cipher
-#define des_ede3_ecb_cipher des_ede_ecb_cipher
+                  EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
+                  EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede_init_key, NULL, NULL,
+                  NULL, des3_ctrl)
+# define des_ede3_cfb64_cipher des_ede_cfb64_cipher
+# define des_ede3_ofb_cipher des_ede_ofb_cipher
+# define des_ede3_cbc_cipher des_ede_cbc_cipher
+# define des_ede3_ecb_cipher des_ede_ecb_cipher
+    BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
+                  EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
+                  EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL, NULL,
+                  des3_ctrl)
 
-BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-		EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
-			des_ede3_init_key,
-			NULL, NULL, NULL,
-			des3_ctrl)
+    BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
+                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
+                     EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL,
+                     NULL, des3_ctrl)
 
-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,1,
-		EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
-		     des_ede3_init_key,
-		     NULL, NULL, NULL,
-		     des3_ctrl)
-
-BLOCK_CIPHER_def_cfb(des_ede3,DES_EDE_KEY,NID_des_ede3,24,8,8,
-		EVP_CIPH_RAND_KEY|EVP_CIPH_FLAG_FIPS|EVP_CIPH_FLAG_DEFAULT_ASN1,
-		     des_ede3_init_key,
-		     NULL, NULL, NULL,
-		     des3_ctrl)
+    BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
+                     EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_FIPS |
+                     EVP_CIPH_FLAG_DEFAULT_ASN1, des_ede3_init_key, NULL, NULL,
+                     NULL, des3_ctrl)
 
 static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			    const unsigned char *iv, int enc)
-	{
-	DES_cblock *deskey = (DES_cblock *)key;
-#ifdef EVP_CHECK_DES_KEY
-	if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
-		!! DES_set_key_checked(&deskey[1],&data(ctx)->ks2))
-		return 0;
-#else
-	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
-	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
-#endif
-	memcpy(&data(ctx)->ks3,&data(ctx)->ks1,
-	       sizeof(data(ctx)->ks1));
-	return 1;
-	}
+                            const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
+# ifdef EVP_CHECK_DES_KEY
+    if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1)
+        ! !DES_set_key_checked(&deskey[1], &data(ctx)->ks2))
+        return 0;
+# else
+    DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
+    DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
+# endif
+    memcpy(&data(ctx)->ks3, &data(ctx)->ks1, sizeof(data(ctx)->ks1));
+    return 1;
+}
 
 static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			     const unsigned char *iv, int enc)
-	{
-	DES_cblock *deskey = (DES_cblock *)key;
-#ifdef KSSL_DEBUG
-	{
+                             const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
+# ifdef KSSL_DEBUG
+    {
         int i;
         printf("des_ede3_init_key(ctx=%lx)\n", (unsigned long)ctx);
-	printf("\tKEY= ");
-        for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n");
-	printf("\t IV= ");
-        for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n");
-	}
-#endif	/* KSSL_DEBUG */
+        printf("\tKEY= ");
+        for (i = 0; i < 24; i++)
+            printf("%02X", key[i]);
+        printf("\n");
+        printf("\t IV= ");
+        for (i = 0; i < 8; i++)
+            printf("%02X", iv[i]);
+        printf("\n");
+    }
+# endif                         /* KSSL_DEBUG */
 
-#ifdef EVP_CHECK_DES_KEY
-	if (DES_set_key_checked(&deskey[0],&data(ctx)->ks1)
-		|| DES_set_key_checked(&deskey[1],&data(ctx)->ks2)
-		|| DES_set_key_checked(&deskey[2],&data(ctx)->ks3))
-		return 0;
-#else
-	DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1);
-	DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2);
-	DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3);
-#endif
-	return 1;
-	}
+# ifdef EVP_CHECK_DES_KEY
+    if (DES_set_key_checked(&deskey[0], &data(ctx)->ks1)
+        || DES_set_key_checked(&deskey[1], &data(ctx)->ks2)
+        || DES_set_key_checked(&deskey[2], &data(ctx)->ks3))
+        return 0;
+# else
+    DES_set_key_unchecked(&deskey[0], &data(ctx)->ks1);
+    DES_set_key_unchecked(&deskey[1], &data(ctx)->ks2);
+    DES_set_key_unchecked(&deskey[2], &data(ctx)->ks3);
+# endif
+    return 1;
+}
 
 static int des3_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
-	{
+{
 
-	DES_cblock *deskey = ptr;
+    DES_cblock *deskey = ptr;
 
-	switch(type)
-		{
-	case EVP_CTRL_RAND_KEY:
-		if (RAND_bytes(ptr, c->key_len) <= 0)
-			return 0;
-		DES_set_odd_parity(deskey);
-		if (c->key_len >= 16)
-			DES_set_odd_parity(deskey + 1);
-		if (c->key_len >= 24)
-			DES_set_odd_parity(deskey + 2);
-		return 1;
+    switch (type) {
+    case EVP_CTRL_RAND_KEY:
+        if (RAND_bytes(ptr, c->key_len) <= 0)
+            return 0;
+        DES_set_odd_parity(deskey);
+        if (c->key_len >= 16)
+            DES_set_odd_parity(deskey + 1);
+        if (c->key_len >= 24)
+            DES_set_odd_parity(deskey + 2);
+        return 1;
 
-	default:
-		return -1;
-		}
-	}
+    default:
+        return -1;
+    }
+}
 
 const EVP_CIPHER *EVP_des_ede(void)
 {
-	return &des_ede_ecb;
+    return &des_ede_ecb;
 }
 
 const EVP_CIPHER *EVP_des_ede3(void)
 {
-	return &des_ede3_ecb;
+    return &des_ede3_ecb;
 }
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/e_idea.c b/Cryptlib/OpenSSL/crypto/evp/e_idea.c
index 48c33a77..035034b3 100644
--- a/Cryptlib/OpenSSL/crypto/evp/e_idea.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_idea.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,59 +60,60 @@
 #include "cryptlib.h"
 
 #ifndef OPENSSL_NO_IDEA
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/idea.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include <openssl/idea.h>
 
 static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			 const unsigned char *iv,int enc);
+                         const unsigned char *iv, int enc);
 
-/* NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a special
- * case 
+/*
+ * NB idea_ecb_encrypt doesn't take an 'encrypt' argument so we treat it as a
+ * special case
  */
 
 static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			   const unsigned char *in, unsigned int inl)
+                           const unsigned char *in, unsigned int inl)
 {
-	BLOCK_CIPHER_ecb_loop()
-		idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
-	return 1;
+    BLOCK_CIPHER_ecb_loop()
+        idea_ecb_encrypt(in + i, out + i, ctx->cipher_data);
+    return 1;
 }
 
 /* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */
 
-typedef struct
-	{
-	IDEA_KEY_SCHEDULE ks;
-	} EVP_IDEA_KEY;
+typedef struct {
+    IDEA_KEY_SCHEDULE ks;
+} EVP_IDEA_KEY;
 
 BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks)
-BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks)
-BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks)
+    BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks)
+    BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks)
 
-BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
-			0, idea_init_key, NULL, 
-			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+    BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64,
+                  0, idea_init_key, NULL,
+                  EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
 
 static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			 const unsigned char *iv, int enc)
-	{
-	if(!enc) {
-		if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1;
-		else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1;
-	}
-	if (enc) idea_set_encrypt_key(key,ctx->cipher_data);
-	else
-		{
-		IDEA_KEY_SCHEDULE tmp;
+                         const unsigned char *iv, int enc)
+{
+    if (!enc) {
+        if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE)
+            enc = 1;
+        else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE)
+            enc = 1;
+    }
+    if (enc)
+        idea_set_encrypt_key(key, ctx->cipher_data);
+    else {
+        IDEA_KEY_SCHEDULE tmp;
 
-		idea_set_encrypt_key(key,&tmp);
-		idea_set_decrypt_key(&tmp,ctx->cipher_data);
-		OPENSSL_cleanse((unsigned char *)&tmp,
-				sizeof(IDEA_KEY_SCHEDULE));
-		}
-	return 1;
-	}
+        idea_set_encrypt_key(key, &tmp);
+        idea_set_decrypt_key(&tmp, ctx->cipher_data);
+        OPENSSL_cleanse((unsigned char *)&tmp, sizeof(IDEA_KEY_SCHEDULE));
+    }
+    return 1;
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/e_null.c b/Cryptlib/OpenSSL/crypto/evp/e_null.c
index 0872d733..13e359cc 100644
--- a/Cryptlib/OpenSSL/crypto/evp/e_null.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_null.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,41 +62,39 @@
 #include <openssl/objects.h>
 
 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-	const unsigned char *iv,int enc);
+                         const unsigned char *iv, int enc);
 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	const unsigned char *in, unsigned int inl);
-static const EVP_CIPHER n_cipher=
-	{
-	NID_undef,
-	1,0,0,
-	EVP_CIPH_FLAG_FIPS,
-	null_init_key,
-	null_cipher,
-	NULL,
-	0,
-	NULL,
-	NULL,
-	NULL,
-	NULL
-	};
+                       const unsigned char *in, unsigned int inl);
+static const EVP_CIPHER n_cipher = {
+    NID_undef,
+    1, 0, 0,
+    EVP_CIPH_FLAG_FIPS,
+    null_init_key,
+    null_cipher,
+    NULL,
+    0,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
 
 const EVP_CIPHER *EVP_enc_null(void)
-	{
-	return(&n_cipher);
-	}
+{
+    return (&n_cipher);
+}
 
 static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-	     const unsigned char *iv, int enc)
-	{
-	/*	memset(&(ctx->c),0,sizeof(ctx->c));*/
-	return 1;
-	}
+                         const unsigned char *iv, int enc)
+{
+    /*      memset(&(ctx->c),0,sizeof(ctx->c)); */
+    return 1;
+}
 
 static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-	     const unsigned char *in, unsigned int inl)
-	{
-	if (in != out)
-		memcpy((char *)out,(const char *)in,(size_t)inl);
-	return 1;
-	}
-
+                       const unsigned char *in, unsigned int inl)
+{
+    if (in != out)
+        memcpy((char *)out, (const char *)in, (size_t)inl);
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/e_old.c b/Cryptlib/OpenSSL/crypto/evp/e_old.c
index 1642af48..c93f5a54 100644
--- a/Cryptlib/OpenSSL/crypto/evp/e_old.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_old.c
@@ -1,6 +1,7 @@
 /* crypto/evp/e_old.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2004.
+/*
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
+ * 2004.
  */
 /* ====================================================================
  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,66 +61,104 @@
 static void *dummy = &dummy;
 #else
 
-#include <openssl/evp.h>
+# include <openssl/evp.h>
 
-/* Define some deprecated functions, so older programs
-   don't crash and burn too quickly.  On Windows and VMS,
-   these will never be used, since functions and variables
-   in shared libraries are selected by entry point location,
-   not by name.  */
+/*
+ * Define some deprecated functions, so older programs don't crash and burn
+ * too quickly.  On Windows and VMS, these will never be used, since
+ * functions and variables in shared libraries are selected by entry point
+ * location, not by name.
+ */
 
-#ifndef OPENSSL_NO_BF
-#undef EVP_bf_cfb
+# ifndef OPENSSL_NO_BF
+#  undef EVP_bf_cfb
 const EVP_CIPHER *EVP_bf_cfb(void);
-const EVP_CIPHER *EVP_bf_cfb(void) { return EVP_bf_cfb64(); }
-#endif
+const EVP_CIPHER *EVP_bf_cfb(void)
+{
+    return EVP_bf_cfb64();
+}
+# endif
 
-#ifndef OPENSSL_NO_DES
-#undef EVP_des_cfb
+# ifndef OPENSSL_NO_DES
+#  undef EVP_des_cfb
 const EVP_CIPHER *EVP_des_cfb(void);
-const EVP_CIPHER *EVP_des_cfb(void) { return EVP_des_cfb64(); }
-#undef EVP_des_ede3_cfb
+const EVP_CIPHER *EVP_des_cfb(void)
+{
+    return EVP_des_cfb64();
+}
+
+#  undef EVP_des_ede3_cfb
 const EVP_CIPHER *EVP_des_ede3_cfb(void);
-const EVP_CIPHER *EVP_des_ede3_cfb(void) { return EVP_des_ede3_cfb64(); }
-#undef EVP_des_ede_cfb
+const EVP_CIPHER *EVP_des_ede3_cfb(void)
+{
+    return EVP_des_ede3_cfb64();
+}
+
+#  undef EVP_des_ede_cfb
 const EVP_CIPHER *EVP_des_ede_cfb(void);
-const EVP_CIPHER *EVP_des_ede_cfb(void) { return EVP_des_ede_cfb64(); }
-#endif
+const EVP_CIPHER *EVP_des_ede_cfb(void)
+{
+    return EVP_des_ede_cfb64();
+}
+# endif
 
-#ifndef OPENSSL_NO_IDEA
-#undef EVP_idea_cfb
+# ifndef OPENSSL_NO_IDEA
+#  undef EVP_idea_cfb
 const EVP_CIPHER *EVP_idea_cfb(void);
-const EVP_CIPHER *EVP_idea_cfb(void) { return EVP_idea_cfb64(); }
-#endif
+const EVP_CIPHER *EVP_idea_cfb(void)
+{
+    return EVP_idea_cfb64();
+}
+# endif
 
-#ifndef OPENSSL_NO_RC2
-#undef EVP_rc2_cfb
+# ifndef OPENSSL_NO_RC2
+#  undef EVP_rc2_cfb
 const EVP_CIPHER *EVP_rc2_cfb(void);
-const EVP_CIPHER *EVP_rc2_cfb(void) { return EVP_rc2_cfb64(); }
-#endif
+const EVP_CIPHER *EVP_rc2_cfb(void)
+{
+    return EVP_rc2_cfb64();
+}
+# endif
 
-#ifndef OPENSSL_NO_CAST
-#undef EVP_cast5_cfb
+# ifndef OPENSSL_NO_CAST
+#  undef EVP_cast5_cfb
 const EVP_CIPHER *EVP_cast5_cfb(void);
-const EVP_CIPHER *EVP_cast5_cfb(void) { return EVP_cast5_cfb64(); }
-#endif
+const EVP_CIPHER *EVP_cast5_cfb(void)
+{
+    return EVP_cast5_cfb64();
+}
+# endif
 
-#ifndef OPENSSL_NO_RC5
-#undef EVP_rc5_32_12_16_cfb
+# ifndef OPENSSL_NO_RC5
+#  undef EVP_rc5_32_12_16_cfb
 const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void);
-const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void) { return EVP_rc5_32_12_16_cfb64(); }
-#endif
+const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+{
+    return EVP_rc5_32_12_16_cfb64();
+}
+# endif
 
-#ifndef OPENSSL_NO_AES
-#undef EVP_aes_128_cfb
+# ifndef OPENSSL_NO_AES
+#  undef EVP_aes_128_cfb
 const EVP_CIPHER *EVP_aes_128_cfb(void);
-const EVP_CIPHER *EVP_aes_128_cfb(void) { return EVP_aes_128_cfb128(); }
-#undef EVP_aes_192_cfb
+const EVP_CIPHER *EVP_aes_128_cfb(void)
+{
+    return EVP_aes_128_cfb128();
+}
+
+#  undef EVP_aes_192_cfb
 const EVP_CIPHER *EVP_aes_192_cfb(void);
-const EVP_CIPHER *EVP_aes_192_cfb(void) { return EVP_aes_192_cfb128(); }
-#undef EVP_aes_256_cfb
+const EVP_CIPHER *EVP_aes_192_cfb(void)
+{
+    return EVP_aes_192_cfb128();
+}
+
+#  undef EVP_aes_256_cfb
 const EVP_CIPHER *EVP_aes_256_cfb(void);
-const EVP_CIPHER *EVP_aes_256_cfb(void) { return EVP_aes_256_cfb128(); }
-#endif
+const EVP_CIPHER *EVP_aes_256_cfb(void)
+{
+    return EVP_aes_256_cfb128();
+}
+# endif
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c
index d37726ff..2990f91d 100644
--- a/Cryptlib/OpenSSL/crypto/evp/e_rc2.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_rc2.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,172 +61,170 @@
 
 #ifndef OPENSSL_NO_RC2
 
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/rc2.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include <openssl/rc2.h>
 
 static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			const unsigned char *iv,int enc);
+                        const unsigned char *iv, int enc);
 static int rc2_meth_to_magic(EVP_CIPHER_CTX *ctx);
 static int rc2_magic_to_meth(int i);
 static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
 static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
 static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
 
-typedef struct
-	{
-	int key_bits;	/* effective key bits */
-	RC2_KEY ks;	/* key schedule */
-	} EVP_RC2_KEY;
+typedef struct {
+    int key_bits;               /* effective key bits */
+    RC2_KEY ks;                 /* key schedule */
+} EVP_RC2_KEY;
 
-#define data(ctx)	((EVP_RC2_KEY *)(ctx)->cipher_data)
+# define data(ctx)       ((EVP_RC2_KEY *)(ctx)->cipher_data)
 
 IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2,
-			8,
-			RC2_KEY_LENGTH, 8, 64,
-			EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-			rc2_init_key, NULL,
-			rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, 
-			rc2_ctrl)
-
-#define RC2_40_MAGIC	0xa0
-#define RC2_64_MAGIC	0x78
-#define RC2_128_MAGIC	0x3a
-
-static const EVP_CIPHER r2_64_cbc_cipher=
-	{
-	NID_rc2_64_cbc,
-	8,8 /* 64 bit */,8,
-	EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-	rc2_init_key,
-	rc2_cbc_cipher,
-	NULL,
-	sizeof(EVP_RC2_KEY),
-	rc2_set_asn1_type_and_iv,
-	rc2_get_asn1_type_and_iv,
-	rc2_ctrl,
-	NULL
-	};
-
-static const EVP_CIPHER r2_40_cbc_cipher=
-	{
-	NID_rc2_40_cbc,
-	8,5 /* 40 bit */,8,
-	EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-	rc2_init_key,
-	rc2_cbc_cipher,
-	NULL,
-	sizeof(EVP_RC2_KEY),
-	rc2_set_asn1_type_and_iv,
-	rc2_get_asn1_type_and_iv,
-	rc2_ctrl,
-	NULL
-	};
+                       8,
+                       RC2_KEY_LENGTH, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+                       rc2_init_key, NULL,
+                       rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv,
+                       rc2_ctrl)
+# define RC2_40_MAGIC    0xa0
+# define RC2_64_MAGIC    0x78
+# define RC2_128_MAGIC   0x3a
+static const EVP_CIPHER r2_64_cbc_cipher = {
+    NID_rc2_64_cbc,
+    8, 8 /* 64 bit */ , 8,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+    rc2_init_key,
+    rc2_cbc_cipher,
+    NULL,
+    sizeof(EVP_RC2_KEY),
+    rc2_set_asn1_type_and_iv,
+    rc2_get_asn1_type_and_iv,
+    rc2_ctrl,
+    NULL
+};
+
+static const EVP_CIPHER r2_40_cbc_cipher = {
+    NID_rc2_40_cbc,
+    8, 5 /* 40 bit */ , 8,
+    EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+    rc2_init_key,
+    rc2_cbc_cipher,
+    NULL,
+    sizeof(EVP_RC2_KEY),
+    rc2_set_asn1_type_and_iv,
+    rc2_get_asn1_type_and_iv,
+    rc2_ctrl,
+    NULL
+};
 
 const EVP_CIPHER *EVP_rc2_64_cbc(void)
-	{
-	return(&r2_64_cbc_cipher);
-	}
+{
+    return (&r2_64_cbc_cipher);
+}
 
 const EVP_CIPHER *EVP_rc2_40_cbc(void)
-	{
-	return(&r2_40_cbc_cipher);
-	}
-	
+{
+    return (&r2_40_cbc_cipher);
+}
+
 static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			const unsigned char *iv, int enc)
-	{
-	RC2_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
-		    key,data(ctx)->key_bits);
-	return 1;
-	}
+                        const unsigned char *iv, int enc)
+{
+    RC2_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+                key, data(ctx)->key_bits);
+    return 1;
+}
 
 static int rc2_meth_to_magic(EVP_CIPHER_CTX *e)
-	{
-	int i;
-
-	EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
-	if 	(i == 128) return(RC2_128_MAGIC);
-	else if (i == 64)  return(RC2_64_MAGIC);
-	else if (i == 40)  return(RC2_40_MAGIC);
-	else return(0);
-	}
+{
+    int i;
+
+    EVP_CIPHER_CTX_ctrl(e, EVP_CTRL_GET_RC2_KEY_BITS, 0, &i);
+    if (i == 128)
+        return (RC2_128_MAGIC);
+    else if (i == 64)
+        return (RC2_64_MAGIC);
+    else if (i == 40)
+        return (RC2_40_MAGIC);
+    else
+        return (0);
+}
 
 static int rc2_magic_to_meth(int i)
-	{
-	if      (i == RC2_128_MAGIC) return 128;
-	else if (i == RC2_64_MAGIC)  return 64;
-	else if (i == RC2_40_MAGIC)  return 40;
-	else
-		{
-		EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE);
-		return(0);
-		}
-	}
+{
+    if (i == RC2_128_MAGIC)
+        return 128;
+    else if (i == RC2_64_MAGIC)
+        return 64;
+    else if (i == RC2_40_MAGIC)
+        return 40;
+    else {
+        EVPerr(EVP_F_RC2_MAGIC_TO_METH, EVP_R_UNSUPPORTED_KEY_SIZE);
+        return (0);
+    }
+}
 
 static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-	{
-	long num=0;
-	int i=0;
-	int key_bits;
-	unsigned int l;
-	unsigned char iv[EVP_MAX_IV_LENGTH];
-
-	if (type != NULL)
-		{
-		l=EVP_CIPHER_CTX_iv_length(c);
-		OPENSSL_assert(l <= sizeof(iv));
-		i=ASN1_TYPE_get_int_octetstring(type,&num,iv,l);
-		if (i != (int)l)
-			return(-1);
-		key_bits =rc2_magic_to_meth((int)num);
-		if (!key_bits)
-			return(-1);
-		if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1);
-		EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
-		EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
-		}
-	return(i);
-	}
+{
+    long num = 0;
+    int i = 0;
+    int key_bits;
+    unsigned int l;
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+
+    if (type != NULL) {
+        l = EVP_CIPHER_CTX_iv_length(c);
+        OPENSSL_assert(l <= sizeof(iv));
+        i = ASN1_TYPE_get_int_octetstring(type, &num, iv, l);
+        if (i != (int)l)
+            return (-1);
+        key_bits = rc2_magic_to_meth((int)num);
+        if (!key_bits)
+            return (-1);
+        if (i > 0)
+            EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1);
+        EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL);
+        EVP_CIPHER_CTX_set_key_length(c, key_bits / 8);
+    }
+    return (i);
+}
 
 static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-	{
-	long num;
-	int i=0,j;
-
-	if (type != NULL)
-		{
-		num=rc2_meth_to_magic(c);
-		j=EVP_CIPHER_CTX_iv_length(c);
-		i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j);
-		}
-	return(i);
-	}
+{
+    long num;
+    int i = 0, j;
+
+    if (type != NULL) {
+        num = rc2_meth_to_magic(c);
+        j = EVP_CIPHER_CTX_iv_length(c);
+        i = ASN1_TYPE_set_int_octetstring(type, num, c->oiv, j);
+    }
+    return (i);
+}
 
 static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
-	{
-	switch(type)
-		{
-	case EVP_CTRL_INIT:
-		data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
-		return 1;
-
-	case EVP_CTRL_GET_RC2_KEY_BITS:
-		*(int *)ptr = data(c)->key_bits;
-		return 1;
-			
-	case EVP_CTRL_SET_RC2_KEY_BITS:
-		if(arg > 0)
-			{
-			data(c)->key_bits = arg;
-			return 1;
-			}
-		return 0;
-
-	default:
-		return -1;
-		}
-	}
+{
+    switch (type) {
+    case EVP_CTRL_INIT:
+        data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8;
+        return 1;
+
+    case EVP_CTRL_GET_RC2_KEY_BITS:
+        *(int *)ptr = data(c)->key_bits;
+        return 1;
+
+    case EVP_CTRL_SET_RC2_KEY_BITS:
+        if (arg > 0) {
+            data(c)->key_bits = arg;
+            return 1;
+        }
+        return 0;
+
+    default:
+        return -1;
+    }
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c
index 55baad74..544cc25e 100644
--- a/Cryptlib/OpenSSL/crypto/evp/e_rc4.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_rc4.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,77 +61,73 @@
 
 #ifndef OPENSSL_NO_RC4
 
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/rc4.h>
-#include "evp_locl.h"
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/rc4.h>
+# include "evp_locl.h"
 
 /* FIXME: surely this is available elsewhere? */
-#define EVP_RC4_KEY_SIZE		16
+# define EVP_RC4_KEY_SIZE                16
 
-typedef struct
-    {
-    RC4_KEY ks;	/* working key */
-    } EVP_RC4_KEY;
+typedef struct {
+    RC4_KEY ks;                 /* working key */
+} EVP_RC4_KEY;
 
-#define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)
+# define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data)
 
 static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			const unsigned char *iv,int enc);
+                        const unsigned char *iv, int enc);
 static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		      const unsigned char *in, unsigned int inl);
-static const EVP_CIPHER r4_cipher=
-	{
-	NID_rc4,
-	1,EVP_RC4_KEY_SIZE,0,
-	EVP_CIPH_VARIABLE_LENGTH,
-	rc4_init_key,
-	rc4_cipher,
-	NULL,
-	sizeof(EVP_RC4_KEY),
-	NULL,
-	NULL,
-	NULL,
-	NULL
-	};
+                      const unsigned char *in, unsigned int inl);
+static const EVP_CIPHER r4_cipher = {
+    NID_rc4,
+    1, EVP_RC4_KEY_SIZE, 0,
+    EVP_CIPH_VARIABLE_LENGTH,
+    rc4_init_key,
+    rc4_cipher,
+    NULL,
+    sizeof(EVP_RC4_KEY),
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
 
-static const EVP_CIPHER r4_40_cipher=
-	{
-	NID_rc4_40,
-	1,5 /* 40 bit */,0,
-	EVP_CIPH_VARIABLE_LENGTH,
-	rc4_init_key,
-	rc4_cipher,
-	NULL,
-	sizeof(EVP_RC4_KEY),
-	NULL, 
-	NULL,
-	NULL,
-	NULL
-	};
+static const EVP_CIPHER r4_40_cipher = {
+    NID_rc4_40,
+    1, 5 /* 40 bit */ , 0,
+    EVP_CIPH_VARIABLE_LENGTH,
+    rc4_init_key,
+    rc4_cipher,
+    NULL,
+    sizeof(EVP_RC4_KEY),
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
 
 const EVP_CIPHER *EVP_rc4(void)
-	{
-	return(&r4_cipher);
-	}
+{
+    return (&r4_cipher);
+}
 
 const EVP_CIPHER *EVP_rc4_40(void)
-	{
-	return(&r4_40_cipher);
-	}
+{
+    return (&r4_40_cipher);
+}
 
 static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			const unsigned char *iv, int enc)
-	{
-	RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
-		    key);
-	return 1;
-	}
+                        const unsigned char *iv, int enc)
+{
+    RC4_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx), key);
+    return 1;
+}
 
 static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-		      const unsigned char *in, unsigned int inl)
-	{
-	RC4(&data(ctx)->ks,inl,in,out);
-	return 1;
-	}
+                      const unsigned char *in, unsigned int inl)
+{
+    RC4(&data(ctx)->ks, inl, in, out);
+    return 1;
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c
index 19a10c64..f17e99d0 100644
--- a/Cryptlib/OpenSSL/crypto/evp/e_rc5.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_rc5.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,66 +61,62 @@
 
 #ifndef OPENSSL_NO_RC5
 
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include "evp_locl.h"
-#include <openssl/rc5.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include "evp_locl.h"
+# include <openssl/rc5.h>
 
 static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			       const unsigned char *iv,int enc);
+                               const unsigned char *iv, int enc);
 static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr);
 
-typedef struct
-	{
-	int rounds;	/* number of rounds */
-	RC5_32_KEY ks;	/* key schedule */
-	} EVP_RC5_KEY;
+typedef struct {
+    int rounds;                 /* number of rounds */
+    RC5_32_KEY ks;              /* key schedule */
+} EVP_RC5_KEY;
 
-#define data(ctx)	EVP_C_DATA(EVP_RC5_KEY,ctx)
+# define data(ctx)       EVP_C_DATA(EVP_RC5_KEY,ctx)
 
 IMPLEMENT_BLOCK_CIPHER(rc5_32_12_16, ks, RC5_32, EVP_RC5_KEY, NID_rc5,
-		       8, RC5_32_KEY_LENGTH, 8, 64,
-		       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
-		       r_32_12_16_init_key, NULL,
-		       NULL, NULL, rc5_ctrl)
+                       8, RC5_32_KEY_LENGTH, 8, 64,
+                       EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT,
+                       r_32_12_16_init_key, NULL, NULL, NULL, rc5_ctrl)
 
 static int rc5_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
-	{
-	switch(type)
-		{
-	case EVP_CTRL_INIT:
-		data(c)->rounds = RC5_12_ROUNDS;
-		return 1;
+{
+    switch (type) {
+    case EVP_CTRL_INIT:
+        data(c)->rounds = RC5_12_ROUNDS;
+        return 1;
+
+    case EVP_CTRL_GET_RC5_ROUNDS:
+        *(int *)ptr = data(c)->rounds;
+        return 1;
 
-	case EVP_CTRL_GET_RC5_ROUNDS:
-		*(int *)ptr = data(c)->rounds;
-		return 1;
-			
-	case EVP_CTRL_SET_RC5_ROUNDS:
-		switch(arg)
-			{
-		case RC5_8_ROUNDS:
-		case RC5_12_ROUNDS:
-		case RC5_16_ROUNDS:
-			data(c)->rounds = arg;
-			return 1;
+    case EVP_CTRL_SET_RC5_ROUNDS:
+        switch (arg) {
+        case RC5_8_ROUNDS:
+        case RC5_12_ROUNDS:
+        case RC5_16_ROUNDS:
+            data(c)->rounds = arg;
+            return 1;
 
-		default:
-			EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
-			return 0;
-			}
+        default:
+            EVPerr(EVP_F_RC5_CTRL, EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS);
+            return 0;
+        }
 
-	default:
-		return -1;
-		}
-	}
+    default:
+        return -1;
+    }
+}
 
 static int r_32_12_16_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			       const unsigned char *iv, int enc)
-	{
-	RC5_32_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),
-		       key,data(ctx)->rounds);
-	return 1;
-	}
+                               const unsigned char *iv, int enc)
+{
+    RC5_32_set_key(&data(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
+                   key, data(ctx)->rounds);
+    return 1;
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c
index 8832da24..105967f9 100644
--- a/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c
+++ b/Cryptlib/OpenSSL/crypto/evp/e_xcbc_d.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,65 +61,60 @@
 
 #ifndef OPENSSL_NO_DES
 
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/des.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/des.h>
 
 static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			     const unsigned char *iv,int enc);
+                             const unsigned char *iv, int enc);
 static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			   const unsigned char *in, unsigned int inl);
-
+                           const unsigned char *in, unsigned int inl);
 
-typedef struct
-    {
-    DES_key_schedule ks;/* key schedule */
+typedef struct {
+    DES_key_schedule ks;        /* key schedule */
     DES_cblock inw;
     DES_cblock outw;
-    } DESX_CBC_KEY;
+} DESX_CBC_KEY;
 
-#define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
+# define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data)
 
-static const EVP_CIPHER d_xcbc_cipher=
-	{
-	NID_desx_cbc,
-	8,24,8,
-	EVP_CIPH_CBC_MODE,
-	desx_cbc_init_key,
-	desx_cbc_cipher,
-	NULL,
-	sizeof(DESX_CBC_KEY),
-	EVP_CIPHER_set_asn1_iv,
-	EVP_CIPHER_get_asn1_iv,
-	NULL,
-	NULL
-	};
+static const EVP_CIPHER d_xcbc_cipher = {
+    NID_desx_cbc,
+    8, 24, 8,
+    EVP_CIPH_CBC_MODE,
+    desx_cbc_init_key,
+    desx_cbc_cipher,
+    NULL,
+    sizeof(DESX_CBC_KEY),
+    EVP_CIPHER_set_asn1_iv,
+    EVP_CIPHER_get_asn1_iv,
+    NULL,
+    NULL
+};
 
 const EVP_CIPHER *EVP_desx_cbc(void)
-	{
-	return(&d_xcbc_cipher);
-	}
-	
+{
+    return (&d_xcbc_cipher);
+}
+
 static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-			     const unsigned char *iv, int enc)
-	{
-	DES_cblock *deskey = (DES_cblock *)key;
+                             const unsigned char *iv, int enc)
+{
+    DES_cblock *deskey = (DES_cblock *)key;
 
-	DES_set_key_unchecked(deskey,&data(ctx)->ks);
-	memcpy(&data(ctx)->inw[0],&key[8],8);
-	memcpy(&data(ctx)->outw[0],&key[16],8);
+    DES_set_key_unchecked(deskey, &data(ctx)->ks);
+    memcpy(&data(ctx)->inw[0], &key[8], 8);
+    memcpy(&data(ctx)->outw[0], &key[16], 8);
 
-	return 1;
-	}
+    return 1;
+}
 
 static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			   const unsigned char *in, unsigned int inl)
-	{
-	DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks,
-			 (DES_cblock *)&(ctx->iv[0]),
-			 &data(ctx)->inw,
-			 &data(ctx)->outw,
-			 ctx->encrypt);
-	return 1;
-	}
+                           const unsigned char *in, unsigned int inl)
+{
+    DES_xcbc_encrypt(in, out, inl, &data(ctx)->ks,
+                     (DES_cblock *)&(ctx->iv[0]),
+                     &data(ctx)->inw, &data(ctx)->outw, ctx->encrypt);
+    return 1;
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/enc_min.c b/Cryptlib/OpenSSL/crypto/evp/enc_min.c
index a8c176fb..77e0126e 100644
--- a/Cryptlib/OpenSSL/crypto/evp/enc_min.c
+++ b/Cryptlib/OpenSSL/crypto/evp/enc_min.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,330 +62,349 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 #include "evp_locl.h"
 
 void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx)
-	{
+{
 #ifdef OPENSSL_FIPS
-	FIPS_selftest_check();
+    FIPS_selftest_check();
 #endif
-	memset(ctx,0,sizeof(EVP_CIPHER_CTX));
-	/* ctx->cipher=NULL; */
-	}
+    memset(ctx, 0, sizeof(EVP_CIPHER_CTX));
+    /* ctx->cipher=NULL; */
+}
 
 #ifdef OPENSSL_FIPS
 
-/* The purpose of these is to trap programs that attempt to use non FIPS
+/*
+ * The purpose of these is to trap programs that attempt to use non FIPS
  * algorithms in FIPS mode and ignore the errors.
  */
 
 static int bad_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-		    const unsigned char *iv, int enc)
-	{ FIPS_ERROR_IGNORED("Cipher init"); return 0;}
+                    const unsigned char *iv, int enc)
+{
+    FIPS_ERROR_IGNORED("Cipher init");
+    return 0;
+}
 
 static int bad_do_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-			 const unsigned char *in, unsigned int inl)
-	{ FIPS_ERROR_IGNORED("Cipher update"); return 0;}
+                         const unsigned char *in, unsigned int inl)
+{
+    FIPS_ERROR_IGNORED("Cipher update");
+    return 0;
+}
 
 /* NB: no cleanup because it is allowed after failed init */
 
 static int bad_set_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
-	{ FIPS_ERROR_IGNORED("Cipher set_asn1"); return 0;}
+{
+    FIPS_ERROR_IGNORED("Cipher set_asn1");
+    return 0;
+}
+
 static int bad_get_asn1(EVP_CIPHER_CTX *ctx, ASN1_TYPE *typ)
-	{ FIPS_ERROR_IGNORED("Cipher get_asn1"); return 0;}
+{
+    FIPS_ERROR_IGNORED("Cipher get_asn1");
+    return 0;
+}
+
 static int bad_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
-	{ FIPS_ERROR_IGNORED("Cipher ctrl"); return 0;}
-
-static const EVP_CIPHER bad_cipher =
-	{
-	0,
-	0,
-	0,
-	0,
-	0,
-	bad_init,
-	bad_do_cipher,
-	NULL,
-	0,
-	bad_set_asn1,
-	bad_get_asn1,
-	bad_ctrl,
-	NULL
-	};
+{
+    FIPS_ERROR_IGNORED("Cipher ctrl");
+    return 0;
+}
+
+static const EVP_CIPHER bad_cipher = {
+    0,
+    0,
+    0,
+    0,
+    0,
+    bad_init,
+    bad_do_cipher,
+    NULL,
+    0,
+    bad_set_asn1,
+    bad_get_asn1,
+    bad_ctrl,
+    NULL
+};
 
 #endif
 
 #ifndef OPENSSL_NO_ENGINE
 
-#ifdef OPENSSL_FIPS
+# ifdef OPENSSL_FIPS
+
+static int do_engine_null(ENGINE *impl)
+{
+    return 0;
+}
 
-static int do_engine_null(ENGINE *impl) { return 0;}
 static int do_evp_enc_engine_null(EVP_CIPHER_CTX *ctx,
-				const EVP_CIPHER **pciph, ENGINE *impl)
-	{ return 1; }
+                                  const EVP_CIPHER **pciph, ENGINE *impl)
+{
+    return 1;
+}
 
-static int (*do_engine_finish)(ENGINE *impl)
-		= do_engine_null;
+static int (*do_engine_finish) (ENGINE *impl)
+    = do_engine_null;
 
 static int (*do_evp_enc_engine)
-	(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl)
-		= do_evp_enc_engine_null;
-
-void int_EVP_CIPHER_set_engine_callbacks(
-	int (*eng_ciph_fin)(ENGINE *impl),
-	int (*eng_ciph_evp)
-		(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl))
-	{
-	do_engine_finish = eng_ciph_fin;
-	do_evp_enc_engine = eng_ciph_evp;
-	}
-
-#else
-
-#define do_engine_finish ENGINE_finish
-
-static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
-	{
-	if(impl)
-		{
-		if (!ENGINE_init(impl))
-			{
-			EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR);
-			return 0;
-			}
-		}
-	else
-		/* Ask if an ENGINE is reserved for this job */
-		impl = ENGINE_get_cipher_engine((*pcipher)->nid);
-	if(impl)
-		{
-		/* There's an ENGINE for this job ... (apparently) */
-		const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
-		if(!c)
-			{
-			/* One positive side-effect of US's export
-			 * control history, is that we should at least
-			 * be able to avoid using US mispellings of
-			 * "initialisation"? */
-			EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR);
-			return 0;
-			}
-		/* We'll use the ENGINE's private cipher definition */
-		*pcipher = c;
-		/* Store the ENGINE functional reference so we know
-		 * 'cipher' came from an ENGINE and we need to release
-		 * it when done. */
-		ctx->engine = impl;
-		}
-	else
-		ctx->engine = NULL;
-	return 1;
-	}
+ (EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pciph, ENGINE *impl)
+    = do_evp_enc_engine_null;
+
+void int_EVP_CIPHER_set_engine_callbacks(int (*eng_ciph_fin) (ENGINE *impl),
+                                         int (*eng_ciph_evp)
+                                          (EVP_CIPHER_CTX *ctx,
+                                           const EVP_CIPHER **pciph,
+                                           ENGINE *impl))
+{
+    do_engine_finish = eng_ciph_fin;
+    do_evp_enc_engine = eng_ciph_evp;
+}
 
-#endif
+# else
+
+#  define do_engine_finish ENGINE_finish
+
+static int do_evp_enc_engine(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher,
+                             ENGINE *impl)
+{
+    if (impl) {
+        if (!ENGINE_init(impl)) {
+            EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR);
+            return 0;
+        }
+    } else
+        /* Ask if an ENGINE is reserved for this job */
+        impl = ENGINE_get_cipher_engine((*pcipher)->nid);
+    if (impl) {
+        /* There's an ENGINE for this job ... (apparently) */
+        const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
+        if (!c) {
+            /*
+             * One positive side-effect of US's export control history, is
+             * that we should at least be able to avoid using US mispellings
+             * of "initialisation"?
+             */
+            EVPerr(EVP_F_DO_EVP_ENC_ENGINE, EVP_R_INITIALIZATION_ERROR);
+            return 0;
+        }
+        /* We'll use the ENGINE's private cipher definition */
+        *pcipher = c;
+        /*
+         * Store the ENGINE functional reference so we know 'cipher' came
+         * from an ENGINE and we need to release it when done.
+         */
+        ctx->engine = impl;
+    } else
+        ctx->engine = NULL;
+    return 1;
+}
+
+# endif
 
 #endif
 
-int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
-	     const unsigned char *key, const unsigned char *iv, int enc)
-	{
-	if (enc == -1)
-		enc = ctx->encrypt;
-	else
-		{
-		if (enc)
-			enc = 1;
-		ctx->encrypt = enc;
-		}
+int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                      ENGINE *impl, const unsigned char *key,
+                      const unsigned char *iv, int enc)
+{
+    if (enc == -1)
+        enc = ctx->encrypt;
+    else {
+        if (enc)
+            enc = 1;
+        ctx->encrypt = enc;
+    }
 #ifdef OPENSSL_FIPS
-	if(FIPS_selftest_failed())
-		{
-		FIPSerr(FIPS_F_EVP_CIPHERINIT_EX,FIPS_R_FIPS_SELFTEST_FAILED);
-		ctx->cipher = &bad_cipher;
-		return 0;
-		}
+    if (FIPS_selftest_failed()) {
+        FIPSerr(FIPS_F_EVP_CIPHERINIT_EX, FIPS_R_FIPS_SELFTEST_FAILED);
+        ctx->cipher = &bad_cipher;
+        return 0;
+    }
 #endif
 #ifndef OPENSSL_NO_ENGINE
-	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
-	 * so this context may already have an ENGINE! Try to avoid releasing
-	 * the previous handle, re-querying for an ENGINE, and having a
-	 * reinitialisation, when it may all be unecessary. */
-	if (ctx->engine && ctx->cipher && (!cipher ||
-			(cipher && (cipher->nid == ctx->cipher->nid))))
-		goto skip_to_init;
+    /*
+     * Whether it's nice or not, "Inits" can be used on "Final"'d contexts so
+     * this context may already have an ENGINE! Try to avoid releasing the
+     * previous handle, re-querying for an ENGINE, and having a
+     * reinitialisation, when it may all be unecessary.
+     */
+    if (ctx->engine && ctx->cipher && (!cipher ||
+                                       (cipher
+                                        && (cipher->nid ==
+                                            ctx->cipher->nid))))
+        goto skip_to_init;
 #endif
-	if (cipher)
-		{
-		/* Ensure a context left lying around from last time is cleared
-		 * (the previous check attempted to avoid this if the same
-		 * ENGINE and EVP_CIPHER could be used). */
-		EVP_CIPHER_CTX_cleanup(ctx);
-
-		/* Restore encrypt field: it is zeroed by cleanup */
-		ctx->encrypt = enc;
+    if (cipher) {
+        /*
+         * Ensure a context left lying around from last time is cleared (the
+         * previous check attempted to avoid this if the same ENGINE and
+         * EVP_CIPHER could be used).
+         */
+        EVP_CIPHER_CTX_cleanup(ctx);
+
+        /* Restore encrypt field: it is zeroed by cleanup */
+        ctx->encrypt = enc;
 #ifndef OPENSSL_NO_ENGINE
-		if (!do_evp_enc_engine(ctx, &cipher, impl))
-			return 0;
+        if (!do_evp_enc_engine(ctx, &cipher, impl))
+            return 0;
 #endif
 
-		ctx->cipher=cipher;
-		if (ctx->cipher->ctx_size)
-			{
-			ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
-			if (!ctx->cipher_data)
-				{
-				EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
-				return 0;
-				}
-			}
-		else
-			{
-			ctx->cipher_data = NULL;
-			}
-		ctx->key_len = cipher->key_len;
-		ctx->flags = 0;
-		if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT)
-			{
-			if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
-				{
-				EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
-				return 0;
-				}
-			}
-		}
-	else if(!ctx->cipher)
-		{
-		EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
-		return 0;
-		}
+        ctx->cipher = cipher;
+        if (ctx->cipher->ctx_size) {
+            ctx->cipher_data = OPENSSL_malloc(ctx->cipher->ctx_size);
+            if (!ctx->cipher_data) {
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        } else {
+            ctx->cipher_data = NULL;
+        }
+        ctx->key_len = cipher->key_len;
+        ctx->flags = 0;
+        if (ctx->cipher->flags & EVP_CIPH_CTRL_INIT) {
+            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) {
+                EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_INITIALIZATION_ERROR);
+                return 0;
+            }
+        }
+    } else if (!ctx->cipher) {
+        EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_NO_CIPHER_SET);
+        return 0;
+    }
 #ifndef OPENSSL_NO_ENGINE
-skip_to_init:
+ skip_to_init:
 #endif
-	/* we assume block size is a power of 2 in *cryptUpdate */
-	OPENSSL_assert(ctx->cipher->block_size == 1
-	    || ctx->cipher->block_size == 8
-	    || ctx->cipher->block_size == 16);
-
-	if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
-		switch(EVP_CIPHER_CTX_mode(ctx)) {
-
-			case EVP_CIPH_STREAM_CIPHER:
-			case EVP_CIPH_ECB_MODE:
-			break;
-
-			case EVP_CIPH_CFB_MODE:
-			case EVP_CIPH_OFB_MODE:
-
-			ctx->num = 0;
-			/* fall-through */
-
-			case EVP_CIPH_CBC_MODE:
-
-			OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
-					(int)sizeof(ctx->iv));
-			if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
-			memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
-			break;
-
-			default:
-			return 0;
-			break;
-		}
-	}
-
+    /* we assume block size is a power of 2 in *cryptUpdate */
+    OPENSSL_assert(ctx->cipher->block_size == 1
+                   || ctx->cipher->block_size == 8
+                   || ctx->cipher->block_size == 16);
+
+    if (!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) {
+        switch (EVP_CIPHER_CTX_mode(ctx)) {
+
+        case EVP_CIPH_STREAM_CIPHER:
+        case EVP_CIPH_ECB_MODE:
+            break;
+
+        case EVP_CIPH_CFB_MODE:
+        case EVP_CIPH_OFB_MODE:
+
+            ctx->num = 0;
+            /* fall-through */
+
+        case EVP_CIPH_CBC_MODE:
+
+            OPENSSL_assert(EVP_CIPHER_CTX_iv_length(ctx) <=
+                           (int)sizeof(ctx->iv));
+            if (iv)
+                memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
+            memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
+            break;
+
+        default:
+            return 0;
+            break;
+        }
+    }
 #ifdef OPENSSL_FIPS
-	/* After 'key' is set no further parameters changes are permissible.
-	 * So only check for non FIPS enabling at this point.
-	 */
-	if (key && FIPS_mode())
-		{
-		if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
-			& !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW))
-			{
-			EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS);
-#if 0
-			ERR_add_error_data(2, "cipher=",
-						EVP_CIPHER_name(ctx->cipher));
-#endif
-			ctx->cipher = &bad_cipher;
-			return 0;
-			}
-		}
+    /*
+     * After 'key' is set no further parameters changes are permissible. So
+     * only check for non FIPS enabling at this point.
+     */
+    if (key && FIPS_mode()) {
+        if (!(ctx->cipher->flags & EVP_CIPH_FLAG_FIPS)
+            & !(ctx->flags & EVP_CIPH_FLAG_NON_FIPS_ALLOW)) {
+            EVPerr(EVP_F_EVP_CIPHERINIT_EX, EVP_R_DISABLED_FOR_FIPS);
+# if 0
+            ERR_add_error_data(2, "cipher=", EVP_CIPHER_name(ctx->cipher));
+# endif
+            ctx->cipher = &bad_cipher;
+            return 0;
+        }
+    }
 #endif
 
-	if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
-		if(!ctx->cipher->init(ctx,key,iv,enc)) return 0;
-	}
-	ctx->buf_len=0;
-	ctx->final_used=0;
-	ctx->block_mask=ctx->cipher->block_size-1;
-	return 1;
-	}
+    if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) {
+        if (!ctx->cipher->init(ctx, key, iv, enc))
+            return 0;
+    }
+    ctx->buf_len = 0;
+    ctx->final_used = 0;
+    ctx->block_mask = ctx->cipher->block_size - 1;
+    return 1;
+}
 
 int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
-	{
-	if (c->cipher != NULL)
-		{
-		if(c->cipher->cleanup && !c->cipher->cleanup(c))
-			return 0;
-		/* Cleanse cipher context data */
-		if (c->cipher_data)
-			OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
-		}
-	if (c->cipher_data)
-		OPENSSL_free(c->cipher_data);
+{
+    if (c->cipher != NULL) {
+        if (c->cipher->cleanup && !c->cipher->cleanup(c))
+            return 0;
+        /* Cleanse cipher context data */
+        if (c->cipher_data)
+            OPENSSL_cleanse(c->cipher_data, c->cipher->ctx_size);
+    }
+    if (c->cipher_data)
+        OPENSSL_free(c->cipher_data);
 #ifndef OPENSSL_NO_ENGINE
-	if (c->engine)
-		/* The EVP_CIPHER we used belongs to an ENGINE, release the
-		 * functional reference we held for this reason. */
-		do_engine_finish(c->engine);
+    if (c->engine)
+        /*
+         * The EVP_CIPHER we used belongs to an ENGINE, release the
+         * functional reference we held for this reason.
+         */
+        do_engine_finish(c->engine);
 #endif
-	memset(c,0,sizeof(EVP_CIPHER_CTX));
-	return 1;
-	}
+    memset(c, 0, sizeof(EVP_CIPHER_CTX));
+    return 1;
+}
 
-int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl)
-	{
+int EVP_Cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+               const unsigned char *in, unsigned int inl)
+{
 #ifdef OPENSSL_FIPS
-	FIPS_selftest_check();
+    FIPS_selftest_check();
 #endif
-	return ctx->cipher->do_cipher(ctx,out,in,inl);
-	}
+    return ctx->cipher->do_cipher(ctx, out, in, inl);
+}
 
 int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr)
 {
-	int ret;
-	if(!ctx->cipher) {
-		EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
-		return 0;
-	}
-
-	if(!ctx->cipher->ctrl) {
-		EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
-		return 0;
-	}
-
-	ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
-	if(ret == -1) {
-		EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
-		return 0;
-	}
-	return ret;
+    int ret;
+    if (!ctx->cipher) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET);
+        return 0;
+    }
+
+    if (!ctx->cipher->ctrl) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED);
+        return 0;
+    }
+
+    ret = ctx->cipher->ctrl(ctx, type, arg, ptr);
+    if (ret == -1) {
+        EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL,
+               EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED);
+        return 0;
+    }
+    return ret;
 }
 
 unsigned long EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
-	{
-	return ctx->cipher->flags;
-	}
+{
+    return ctx->cipher->flags;
+}
 
 int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
-	{
-	return ctx->cipher->iv_len;
-	}
+{
+    return ctx->cipher->iv_len;
+}
 
 int EVP_CIPHER_nid(const EVP_CIPHER *cipher)
-	{
-	return cipher->nid;
-	}
+{
+    return cipher->nid;
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/encode.c b/Cryptlib/OpenSSL/crypto/evp/encode.c
index 69f7ccad..9bdcd572 100644
--- a/Cryptlib/OpenSSL/crypto/evp/encode.c
+++ b/Cryptlib/OpenSSL/crypto/evp/encode.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,20 +61,21 @@
 #include <openssl/evp.h>
 
 #ifndef CHARSET_EBCDIC
-#define conv_bin2ascii(a)	(data_bin2ascii[(a)&0x3f])
-#define conv_ascii2bin(a)	(data_ascii2bin[(a)&0x7f])
+# define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
+# define conv_ascii2bin(a)       (data_ascii2bin[(a)&0x7f])
 #else
-/* We assume that PEM encoded files are EBCDIC files
- * (i.e., printable text files). Convert them here while decoding.
- * When encoding, output is EBCDIC (text) format again.
- * (No need for conversion in the conv_bin2ascii macro, as the
- * underlying textstring data_bin2ascii[] is already EBCDIC)
+/*
+ * We assume that PEM encoded files are EBCDIC files (i.e., printable text
+ * files). Convert them here while decoding. When encoding, output is EBCDIC
+ * (text) format again. (No need for conversion in the conv_bin2ascii macro,
+ * as the underlying textstring data_bin2ascii[] is already EBCDIC)
  */
-#define conv_bin2ascii(a)	(data_bin2ascii[(a)&0x3f])
-#define conv_ascii2bin(a)	(data_ascii2bin[os_toascii[a]&0x7f])
+# define conv_bin2ascii(a)       (data_bin2ascii[(a)&0x3f])
+# define conv_ascii2bin(a)       (data_ascii2bin[os_toascii[a]&0x7f])
 #endif
 
-/* 64 char lines
+/*-
+ * 64 char lines
  * pad input with 0
  * left over chars are set to =
  * 1 byte  => xx==
@@ -85,362 +86,367 @@
 #define CHUNKS_PER_LINE (64/4)
 #define CHAR_PER_LINE   (64+1)
 
-static unsigned char data_bin2ascii[65]="ABCDEFGHIJKLMNOPQRSTUVWXYZ\
+static unsigned char data_bin2ascii[65] = "ABCDEFGHIJKLMNOPQRSTUVWXYZ\
 abcdefghijklmnopqrstuvwxyz0123456789+/";
 
-/* 0xF0 is a EOLN
+/*-
+ * 0xF0 is a EOLN
  * 0xF1 is ignore but next needs to be 0xF0 (for \r\n processing).
  * 0xF2 is EOF
  * 0xE0 is ignore at start of line.
  * 0xFF is error
  */
 
-#define B64_EOLN		0xF0
-#define B64_CR			0xF1
-#define B64_EOF			0xF2
-#define B64_WS			0xE0
-#define B64_ERROR       	0xFF
-#define B64_NOT_BASE64(a)	(((a)|0x13) == 0xF3)
-
-static unsigned char data_ascii2bin[128]={
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0xFF,0xE0,0xF0,0xFF,0xFF,0xF1,0xFF,0xFF,
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0xE0,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0xFF,0xFF,0xFF,0x3E,0xFF,0xF2,0xFF,0x3F,
-	0x34,0x35,0x36,0x37,0x38,0x39,0x3A,0x3B,
-	0x3C,0x3D,0xFF,0xFF,0xFF,0x00,0xFF,0xFF,
-	0xFF,0x00,0x01,0x02,0x03,0x04,0x05,0x06,
-	0x07,0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,
-	0x0F,0x10,0x11,0x12,0x13,0x14,0x15,0x16,
-	0x17,0x18,0x19,0xFF,0xFF,0xFF,0xFF,0xFF,
-	0xFF,0x1A,0x1B,0x1C,0x1D,0x1E,0x1F,0x20,
-	0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,
-	0x29,0x2A,0x2B,0x2C,0x2D,0x2E,0x2F,0x30,
-	0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF,
-	};
+#define B64_EOLN                0xF0
+#define B64_CR                  0xF1
+#define B64_EOF                 0xF2
+#define B64_WS                  0xE0
+#define B64_ERROR               0xFF
+#define B64_NOT_BASE64(a)       (((a)|0x13) == 0xF3)
+
+static unsigned char data_ascii2bin[128] = {
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xE0, 0xF0, 0xFF, 0xFF, 0xF1, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xE0, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0xFF, 0xFF, 0x3E, 0xFF, 0xF2, 0xFF, 0x3F,
+    0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B,
+    0x3C, 0x3D, 0xFF, 0xFF, 0xFF, 0x00, 0xFF, 0xFF,
+    0xFF, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+    0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E,
+    0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+    0x17, 0x18, 0x19, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xFF, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
+    0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+    0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F, 0x30,
+    0x31, 0x32, 0x33, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
 
 void EVP_EncodeInit(EVP_ENCODE_CTX *ctx)
-	{
-	ctx->length=48;
-	ctx->num=0;
-	ctx->line_num=0;
-	}
+{
+    ctx->length = 48;
+    ctx->num = 0;
+    ctx->line_num = 0;
+}
 
 void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-	     const unsigned char *in, int inl)
-	{
-	int i,j;
-	unsigned int total=0;
-
-	*outl=0;
-	if (inl == 0) return;
-	OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
-	if ((ctx->num+inl) < ctx->length)
-		{
-		memcpy(&(ctx->enc_data[ctx->num]),in,inl);
-		ctx->num+=inl;
-		return;
-		}
-	if (ctx->num != 0)
-		{
-		i=ctx->length-ctx->num;
-		memcpy(&(ctx->enc_data[ctx->num]),in,i);
-		in+=i;
-		inl-=i;
-		j=EVP_EncodeBlock(out,ctx->enc_data,ctx->length);
-		ctx->num=0;
-		out+=j;
-		*(out++)='\n';
-		*out='\0';
-		total=j+1;
-		}
-	while (inl >= ctx->length)
-		{
-		j=EVP_EncodeBlock(out,in,ctx->length);
-		in+=ctx->length;
-		inl-=ctx->length;
-		out+=j;
-		*(out++)='\n';
-		*out='\0';
-		total+=j+1;
-		}
-	if (inl != 0)
-		memcpy(&(ctx->enc_data[0]),in,inl);
-	ctx->num=inl;
-	*outl=total;
-	}
+                      const unsigned char *in, int inl)
+{
+    int i, j;
+    unsigned int total = 0;
+
+    *outl = 0;
+    if (inl == 0)
+        return;
+    OPENSSL_assert(ctx->length <= (int)sizeof(ctx->enc_data));
+    if ((ctx->num + inl) < ctx->length) {
+        memcpy(&(ctx->enc_data[ctx->num]), in, inl);
+        ctx->num += inl;
+        return;
+    }
+    if (ctx->num != 0) {
+        i = ctx->length - ctx->num;
+        memcpy(&(ctx->enc_data[ctx->num]), in, i);
+        in += i;
+        inl -= i;
+        j = EVP_EncodeBlock(out, ctx->enc_data, ctx->length);
+        ctx->num = 0;
+        out += j;
+        *(out++) = '\n';
+        *out = '\0';
+        total = j + 1;
+    }
+    while (inl >= ctx->length) {
+        j = EVP_EncodeBlock(out, in, ctx->length);
+        in += ctx->length;
+        inl -= ctx->length;
+        out += j;
+        *(out++) = '\n';
+        *out = '\0';
+        total += j + 1;
+    }
+    if (inl != 0)
+        memcpy(&(ctx->enc_data[0]), in, inl);
+    ctx->num = inl;
+    *outl = total;
+}
 
 void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
-	{
-	unsigned int ret=0;
-
-	if (ctx->num != 0)
-		{
-		ret=EVP_EncodeBlock(out,ctx->enc_data,ctx->num);
-		out[ret++]='\n';
-		out[ret]='\0';
-		ctx->num=0;
-		}
-	*outl=ret;
-	}
+{
+    unsigned int ret = 0;
+
+    if (ctx->num != 0) {
+        ret = EVP_EncodeBlock(out, ctx->enc_data, ctx->num);
+        out[ret++] = '\n';
+        out[ret] = '\0';
+        ctx->num = 0;
+    }
+    *outl = ret;
+}
 
 int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen)
-	{
-	int i,ret=0;
-	unsigned long l;
-
-	for (i=dlen; i > 0; i-=3)
-		{
-		if (i >= 3)
-			{
-			l=	(((unsigned long)f[0])<<16L)|
-				(((unsigned long)f[1])<< 8L)|f[2];
-			*(t++)=conv_bin2ascii(l>>18L);
-			*(t++)=conv_bin2ascii(l>>12L);
-			*(t++)=conv_bin2ascii(l>> 6L);
-			*(t++)=conv_bin2ascii(l     );
-			}
-		else
-			{
-			l=((unsigned long)f[0])<<16L;
-			if (i == 2) l|=((unsigned long)f[1]<<8L);
-
-			*(t++)=conv_bin2ascii(l>>18L);
-			*(t++)=conv_bin2ascii(l>>12L);
-			*(t++)=(i == 1)?'=':conv_bin2ascii(l>> 6L);
-			*(t++)='=';
-			}
-		ret+=4;
-		f+=3;
-		}
-
-	*t='\0';
-	return(ret);
-	}
+{
+    int i, ret = 0;
+    unsigned long l;
+
+    for (i = dlen; i > 0; i -= 3) {
+        if (i >= 3) {
+            l = (((unsigned long)f[0]) << 16L) |
+                (((unsigned long)f[1]) << 8L) | f[2];
+            *(t++) = conv_bin2ascii(l >> 18L);
+            *(t++) = conv_bin2ascii(l >> 12L);
+            *(t++) = conv_bin2ascii(l >> 6L);
+            *(t++) = conv_bin2ascii(l);
+        } else {
+            l = ((unsigned long)f[0]) << 16L;
+            if (i == 2)
+                l |= ((unsigned long)f[1] << 8L);
+
+            *(t++) = conv_bin2ascii(l >> 18L);
+            *(t++) = conv_bin2ascii(l >> 12L);
+            *(t++) = (i == 1) ? '=' : conv_bin2ascii(l >> 6L);
+            *(t++) = '=';
+        }
+        ret += 4;
+        f += 3;
+    }
+
+    *t = '\0';
+    return (ret);
+}
 
 void EVP_DecodeInit(EVP_ENCODE_CTX *ctx)
-	{
-	ctx->length=30;
-	ctx->num=0;
-	ctx->line_num=0;
-	ctx->expect_nl=0;
-	}
-
-/* -1 for error
+{
+    ctx->length = 30;
+    ctx->num = 0;
+    ctx->line_num = 0;
+    ctx->expect_nl = 0;
+}
+
+/*-
+ * -1 for error
  *  0 for last line
  *  1 for full line
  */
 int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl,
-	     const unsigned char *in, int inl)
-	{
-	int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,exp_nl;
-	unsigned char *d;
-
-	n=ctx->num;
-	d=ctx->enc_data;
-	ln=ctx->line_num;
-	exp_nl=ctx->expect_nl;
-
-	/* last line of input. */
-	if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF)))
-		{ rv=0; goto end; }
-		
-	/* We parse the input data */
-	for (i=0; i<inl; i++)
-		{
-		/* If the current line is > 80 characters, scream alot */
-		if (ln >= 80) { rv= -1; goto end; }
-
-		/* Get char and put it into the buffer */
-		tmp= *(in++);
-		v=conv_ascii2bin(tmp);
-		/* only save the good data :-) */
-		if (!B64_NOT_BASE64(v))
-			{
-			OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
-			d[n++]=tmp;
-			ln++;
-			}
-		else if (v == B64_ERROR)
-			{
-			rv= -1;
-			goto end;
-			}
-
-		/* have we seen a '=' which is 'definitly' the last
-		 * input line.  seof will point to the character that
-		 * holds it. and eof will hold how many characters to
-		 * chop off. */
-		if (tmp == '=')
-			{
-			if (seof == -1) seof=n;
-			eof++;
-			}
-
-		if (v == B64_CR)
-			{
-			ln = 0;
-			if (exp_nl)
-				continue;
-			}
-
-		/* eoln */
-		if (v == B64_EOLN)
-			{
-			ln=0;
-			if (exp_nl)
-				{
-				exp_nl=0;
-				continue;
-				}
-			}
-		exp_nl=0;
-
-		/* If we are at the end of input and it looks like a
-		 * line, process it. */
-		if (((i+1) == inl) && (((n&3) == 0) || eof))
-			{
-			v=B64_EOF;
-			/* In case things were given us in really small
-			   records (so two '=' were given in separate
-			   updates), eof may contain the incorrect number
-			   of ending bytes to skip, so let's redo the count */
-			eof = 0;
-			if (d[n-1] == '=') eof++;
-			if (d[n-2] == '=') eof++;
-			/* There will never be more than two '=' */
-			}
-
-		if ((v == B64_EOF && (n&3) == 0) || (n >= 64))
-			{
-			/* This is needed to work correctly on 64 byte input
-			 * lines.  We process the line and then need to
-			 * accept the '\n' */
-			if ((v != B64_EOF) && (n >= 64)) exp_nl=1;
-			if (n > 0)
-				{
-				v=EVP_DecodeBlock(out,d,n);
-				n=0;
-				if (v < 0) { rv=0; goto end; }
-				if (eof > v) { rv=-1; goto end; }
-				ret+=(v-eof);
-				}
-			else
-				{
-				eof=1;
-				v=0;
-				}
-
-			/* This is the case where we have had a short
-			 * but valid input line */
-			if ((v < ctx->length) && eof)
-				{
-				rv=0;
-				goto end;
-				}
-			else
-				ctx->length=v;
-
-			if (seof >= 0) { rv=0; goto end; }
-			out+=v;
-			}
-		}
-	rv=1;
-end:
-	*outl=ret;
-	ctx->num=n;
-	ctx->line_num=ln;
-	ctx->expect_nl=exp_nl;
-	return(rv);
-	}
+                     const unsigned char *in, int inl)
+{
+    int seof = -1, eof = 0, rv = -1, ret = 0, i, v, tmp, n, ln, exp_nl;
+    unsigned char *d;
+
+    n = ctx->num;
+    d = ctx->enc_data;
+    ln = ctx->line_num;
+    exp_nl = ctx->expect_nl;
+
+    /* last line of input. */
+    if ((inl == 0) || ((n == 0) && (conv_ascii2bin(in[0]) == B64_EOF))) {
+        rv = 0;
+        goto end;
+    }
+
+    /* We parse the input data */
+    for (i = 0; i < inl; i++) {
+        /* If the current line is > 80 characters, scream alot */
+        if (ln >= 80) {
+            rv = -1;
+            goto end;
+        }
+
+        /* Get char and put it into the buffer */
+        tmp = *(in++);
+        v = conv_ascii2bin(tmp);
+        /* only save the good data :-) */
+        if (!B64_NOT_BASE64(v)) {
+            OPENSSL_assert(n < (int)sizeof(ctx->enc_data));
+            d[n++] = tmp;
+            ln++;
+        } else if (v == B64_ERROR) {
+            rv = -1;
+            goto end;
+        }
+
+        /*
+         * have we seen a '=' which is 'definitly' the last input line.  seof
+         * will point to the character that holds it. and eof will hold how
+         * many characters to chop off.
+         */
+        if (tmp == '=') {
+            if (seof == -1)
+                seof = n;
+            eof++;
+        }
+
+        if (v == B64_CR) {
+            ln = 0;
+            if (exp_nl)
+                continue;
+        }
+
+        /* eoln */
+        if (v == B64_EOLN) {
+            ln = 0;
+            if (exp_nl) {
+                exp_nl = 0;
+                continue;
+            }
+        }
+        exp_nl = 0;
+
+        /*
+         * If we are at the end of input and it looks like a line, process
+         * it.
+         */
+        if (((i + 1) == inl) && (((n & 3) == 0) || eof)) {
+            v = B64_EOF;
+            /*
+             * In case things were given us in really small records (so two
+             * '=' were given in separate updates), eof may contain the
+             * incorrect number of ending bytes to skip, so let's redo the
+             * count
+             */
+            eof = 0;
+            if (d[n - 1] == '=')
+                eof++;
+            if (d[n - 2] == '=')
+                eof++;
+            /* There will never be more than two '=' */
+        }
+
+        if ((v == B64_EOF && (n & 3) == 0) || (n >= 64)) {
+            /*
+             * This is needed to work correctly on 64 byte input lines.  We
+             * process the line and then need to accept the '\n'
+             */
+            if ((v != B64_EOF) && (n >= 64))
+                exp_nl = 1;
+            if (n > 0) {
+                v = EVP_DecodeBlock(out, d, n);
+                n = 0;
+                if (v < 0) {
+                    rv = 0;
+                    goto end;
+                }
+                if (eof > v) {
+                    rv = -1;
+                    goto end;
+                }
+                ret += (v - eof);
+            } else {
+                eof = 1;
+                v = 0;
+            }
+
+            /*
+             * This is the case where we have had a short but valid input
+             * line
+             */
+            if ((v < ctx->length) && eof) {
+                rv = 0;
+                goto end;
+            } else
+                ctx->length = v;
+
+            if (seof >= 0) {
+                rv = 0;
+                goto end;
+            }
+            out += v;
+        }
+    }
+    rv = 1;
+ end:
+    *outl = ret;
+    ctx->num = n;
+    ctx->line_num = ln;
+    ctx->expect_nl = exp_nl;
+    return (rv);
+}
 
 int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n)
-	{
-	int i,ret=0,a,b,c,d;
-	unsigned long l;
-
-	/* trim white space from the start of the line. */
-	while ((conv_ascii2bin(*f) == B64_WS) && (n > 0))
-		{
-		f++;
-		n--;
-		}
-
-	/* strip off stuff at the end of the line
-	 * ascii2bin values B64_WS, B64_EOLN, B64_EOLN and B64_EOF */
-	while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n-1]))))
-		n--;
-
-	if (n%4 != 0) return(-1);
-
-	for (i=0; i<n; i+=4)
-		{
-		a=conv_ascii2bin(*(f++));
-		b=conv_ascii2bin(*(f++));
-		c=conv_ascii2bin(*(f++));
-		d=conv_ascii2bin(*(f++));
-		if (	(a & 0x80) || (b & 0x80) ||
-			(c & 0x80) || (d & 0x80))
-			return(-1);
-		l=(	(((unsigned long)a)<<18L)|
-			(((unsigned long)b)<<12L)|
-			(((unsigned long)c)<< 6L)|
-			(((unsigned long)d)     ));
-		*(t++)=(unsigned char)(l>>16L)&0xff;
-		*(t++)=(unsigned char)(l>> 8L)&0xff;
-		*(t++)=(unsigned char)(l     )&0xff;
-		ret+=3;
-		}
-	return(ret);
-	}
+{
+    int i, ret = 0, a, b, c, d;
+    unsigned long l;
+
+    /* trim white space from the start of the line. */
+    while ((conv_ascii2bin(*f) == B64_WS) && (n > 0)) {
+        f++;
+        n--;
+    }
+
+    /*
+     * strip off stuff at the end of the line ascii2bin values B64_WS,
+     * B64_EOLN, B64_EOLN and B64_EOF
+     */
+    while ((n > 3) && (B64_NOT_BASE64(conv_ascii2bin(f[n - 1]))))
+        n--;
+
+    if (n % 4 != 0)
+        return (-1);
+
+    for (i = 0; i < n; i += 4) {
+        a = conv_ascii2bin(*(f++));
+        b = conv_ascii2bin(*(f++));
+        c = conv_ascii2bin(*(f++));
+        d = conv_ascii2bin(*(f++));
+        if ((a & 0x80) || (b & 0x80) || (c & 0x80) || (d & 0x80))
+            return (-1);
+        l = ((((unsigned long)a) << 18L) |
+             (((unsigned long)b) << 12L) |
+             (((unsigned long)c) << 6L) | (((unsigned long)d)));
+        *(t++) = (unsigned char)(l >> 16L) & 0xff;
+        *(t++) = (unsigned char)(l >> 8L) & 0xff;
+        *(t++) = (unsigned char)(l) & 0xff;
+        ret += 3;
+    }
+    return (ret);
+}
 
 int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl)
-	{
-	int i;
-
-	*outl=0;
-	if (ctx->num != 0)
-		{
-		i=EVP_DecodeBlock(out,ctx->enc_data,ctx->num);
-		if (i < 0) return(-1);
-		ctx->num=0;
-		*outl=i;
-		return(1);
-		}
-	else
-		return(1);
-	}
+{
+    int i;
+
+    *outl = 0;
+    if (ctx->num != 0) {
+        i = EVP_DecodeBlock(out, ctx->enc_data, ctx->num);
+        if (i < 0)
+            return (-1);
+        ctx->num = 0;
+        *outl = i;
+        return (1);
+    } else
+        return (1);
+}
 
 #ifdef undef
 int EVP_DecodeValid(unsigned char *buf, int len)
-	{
-	int i,num=0,bad=0;
-
-	if (len == 0) return(-1);
-	while (conv_ascii2bin(*buf) == B64_WS)
-		{
-		buf++;
-		len--;
-		if (len == 0) return(-1);
-		}
-
-	for (i=len; i >= 4; i-=4)
-		{
-		if (	(conv_ascii2bin(buf[0]) >= 0x40) ||
-			(conv_ascii2bin(buf[1]) >= 0x40) ||
-			(conv_ascii2bin(buf[2]) >= 0x40) ||
-			(conv_ascii2bin(buf[3]) >= 0x40))
-			return(-1);
-		buf+=4;
-		num+=1+(buf[2] != '=')+(buf[3] != '=');
-		}
-	if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))
-		return(num);
-	if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&
-		(conv_ascii2bin(buf[0]) == B64_EOLN))
-		return(num);
-	return(1);
-	}
+{
+    int i, num = 0, bad = 0;
+
+    if (len == 0)
+        return (-1);
+    while (conv_ascii2bin(*buf) == B64_WS) {
+        buf++;
+        len--;
+        if (len == 0)
+            return (-1);
+    }
+
+    for (i = len; i >= 4; i -= 4) {
+        if ((conv_ascii2bin(buf[0]) >= 0x40) ||
+            (conv_ascii2bin(buf[1]) >= 0x40) ||
+            (conv_ascii2bin(buf[2]) >= 0x40) ||
+            (conv_ascii2bin(buf[3]) >= 0x40))
+            return (-1);
+        buf += 4;
+        num += 1 + (buf[2] != '=') + (buf[3] != '=');
+    }
+    if ((i == 1) && (conv_ascii2bin(buf[0]) == B64_EOLN))
+        return (num);
+    if ((i == 2) && (conv_ascii2bin(buf[0]) == B64_EOLN) &&
+        (conv_ascii2bin(buf[0]) == B64_EOLN))
+        return (num);
+    return (1);
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c
index 643a1864..9703116e 100644
--- a/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c
+++ b/Cryptlib/OpenSSL/crypto/evp/evp_acnf.c
@@ -1,6 +1,7 @@
 /* evp_acnf.c */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,14 +61,13 @@
 #include <openssl/evp.h>
 #include <openssl/conf.h>
 
-
-/* Load all algorithms and configure OpenSSL.
- * This function is called automatically when
- * OPENSSL_LOAD_CONF is set.
+/*
+ * Load all algorithms and configure OpenSSL. This function is called
+ * automatically when OPENSSL_LOAD_CONF is set.
  */
 
 void OPENSSL_add_all_algorithms_conf(void)
-	{
-	OPENSSL_add_all_algorithms_noconf();
-	OPENSSL_config(NULL);
-	}
+{
+    OPENSSL_add_all_algorithms_noconf();
+    OPENSSL_config(NULL);
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c
index 2e4db302..6fd3a6da 100644
--- a/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c
+++ b/Cryptlib/OpenSSL/crypto/evp/evp_cnf.c
@@ -1,6 +1,7 @@
 /* evp_cnf.c */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2007.
+/*
+ * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
+ * 2007.
  */
 /* ====================================================================
  * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -65,61 +66,53 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
-
 /* Algorithm configuration module. */
 
 static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
-	{
-	int i;
-	const char *oid_section;
-	STACK_OF(CONF_VALUE) *sktmp;
-	CONF_VALUE *oval;
-	oid_section = CONF_imodule_get_value(md);
-	if(!(sktmp = NCONF_get_section(cnf, oid_section)))
-		{
-		EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION);
-		return 0;
-		}
-	for(i = 0; i < sk_CONF_VALUE_num(sktmp); i++)
-		{
-		oval = sk_CONF_VALUE_value(sktmp, i);
-		if (!strcmp(oval->name, "fips_mode"))
-			{
-			int m;
-			if (!X509V3_get_value_bool(oval, &m))
-				{
-				EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE);
-				return 0;
-				}
-			if (m > 0)
-				{
+{
+    int i;
+    const char *oid_section;
+    STACK_OF(CONF_VALUE) *sktmp;
+    CONF_VALUE *oval;
+    oid_section = CONF_imodule_get_value(md);
+    if (!(sktmp = NCONF_get_section(cnf, oid_section))) {
+        EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION);
+        return 0;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
+        oval = sk_CONF_VALUE_value(sktmp, i);
+        if (!strcmp(oval->name, "fips_mode")) {
+            int m;
+            if (!X509V3_get_value_bool(oval, &m)) {
+                EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE);
+                return 0;
+            }
+            if (m > 0) {
 #ifdef OPENSSL_FIPS
-				if (!FIPS_mode() && !FIPS_mode_set(1))
-					{
-					EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_SETTING_FIPS_MODE);
-					return 0;
-					}
+                if (!FIPS_mode() && !FIPS_mode_set(1)) {
+                    EVPerr(EVP_F_ALG_MODULE_INIT,
+                           EVP_R_ERROR_SETTING_FIPS_MODE);
+                    return 0;
+                }
 #else
-				EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED);
-				return 0;
+                EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED);
+                return 0;
 #endif
-				}
-			}
-		else
-			{
-			EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
-			ERR_add_error_data(4, "name=", oval->name,
-						", value=", oval->value);
-			}
-				
-		}
-	return 1;
-	}
+            }
+        } else {
+            EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION);
+            ERR_add_error_data(4, "name=", oval->name,
+                               ", value=", oval->value);
+        }
+
+    }
+    return 1;
+}
 
 void EVP_add_alg_module(void)
-	{
-	CONF_module_add("alg_section", alg_module_init, 0);
-	}
+{
+    CONF_module_add("alg_section", alg_module_init, 0);
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c
index 30e0ca4d..8a91a679 100644
--- a/Cryptlib/OpenSSL/crypto/evp/evp_enc.c
+++ b/Cryptlib/OpenSSL/crypto/evp/evp_enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,379 +62,359 @@
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 #include "evp_locl.h"
 
 #ifdef OPENSSL_FIPS
-	#define M_do_cipher(ctx, out, in, inl) \
-		EVP_Cipher(ctx,out,in,inl)
+# define M_do_cipher(ctx, out, in, inl) \
+                EVP_Cipher(ctx,out,in,inl)
 #else
-	#define M_do_cipher(ctx, out, in, inl) \
-		ctx->cipher->do_cipher(ctx,out,in,inl)
+# define M_do_cipher(ctx, out, in, inl) \
+                ctx->cipher->do_cipher(ctx,out,in,inl)
 #endif
 
-const char EVP_version[]="EVP" OPENSSL_VERSION_PTEXT;
+const char EVP_version[] = "EVP" OPENSSL_VERSION_PTEXT;
 
 EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
-	{
-	EVP_CIPHER_CTX *ctx=OPENSSL_malloc(sizeof *ctx);
-	if (ctx)
-		EVP_CIPHER_CTX_init(ctx);
-	return ctx;
-	}
+{
+    EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+    if (ctx)
+        EVP_CIPHER_CTX_init(ctx);
+    return ctx;
+}
 
 int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-	     const unsigned char *key, const unsigned char *iv, int enc)
-	{
-	if (cipher)
-		EVP_CIPHER_CTX_init(ctx);
-	return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc);
-	}
+                   const unsigned char *key, const unsigned char *iv, int enc)
+{
+    if (cipher)
+        EVP_CIPHER_CTX_init(ctx);
+    return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, enc);
+}
 
 int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-	     const unsigned char *in, int inl)
-	{
-	if (ctx->encrypt)
-		return EVP_EncryptUpdate(ctx,out,outl,in,inl);
-	else	return EVP_DecryptUpdate(ctx,out,outl,in,inl);
-	}
+                     const unsigned char *in, int inl)
+{
+    if (ctx->encrypt)
+        return EVP_EncryptUpdate(ctx, out, outl, in, inl);
+    else
+        return EVP_DecryptUpdate(ctx, out, outl, in, inl);
+}
 
 int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	if (ctx->encrypt)
-		return EVP_EncryptFinal_ex(ctx,out,outl);
-	else	return EVP_DecryptFinal_ex(ctx,out,outl);
-	}
+{
+    if (ctx->encrypt)
+        return EVP_EncryptFinal_ex(ctx, out, outl);
+    else
+        return EVP_DecryptFinal_ex(ctx, out, outl);
+}
 
 int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	if (ctx->encrypt)
-		return EVP_EncryptFinal(ctx,out,outl);
-	else	return EVP_DecryptFinal(ctx,out,outl);
-	}
+{
+    if (ctx->encrypt)
+        return EVP_EncryptFinal(ctx, out, outl);
+    else
+        return EVP_DecryptFinal(ctx, out, outl);
+}
 
 int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-	     const unsigned char *key, const unsigned char *iv)
-	{
-	return EVP_CipherInit(ctx, cipher, key, iv, 1);
-	}
-
-int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl,
-		const unsigned char *key, const unsigned char *iv)
-	{
-	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
-	}
+                    const unsigned char *key, const unsigned char *iv)
+{
+    return EVP_CipherInit(ctx, cipher, key, iv, 1);
+}
+
+int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                       ENGINE *impl, const unsigned char *key,
+                       const unsigned char *iv)
+{
+    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
+}
 
 int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
-	     const unsigned char *key, const unsigned char *iv)
-	{
-	return EVP_CipherInit(ctx, cipher, key, iv, 0);
-	}
-
-int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
-	     const unsigned char *key, const unsigned char *iv)
-	{
-	return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
-	}
+                    const unsigned char *key, const unsigned char *iv)
+{
+    return EVP_CipherInit(ctx, cipher, key, iv, 0);
+}
+
+int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+                       ENGINE *impl, const unsigned char *key,
+                       const unsigned char *iv)
+{
+    return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
+}
 
 int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-	     const unsigned char *in, int inl)
-	{
-	int i,j,bl;
-
-	if (inl <= 0)
-		{
-		*outl = 0;
-		return inl == 0;
-		}
-
-	if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0)
-		{
-		if(M_do_cipher(ctx,out,in,inl))
-			{
-			*outl=inl;
-			return 1;
-			}
-		else
-			{
-			*outl=0;
-			return 0;
-			}
-		}
-	i=ctx->buf_len;
-	bl=ctx->cipher->block_size;
-	OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
-	if (i != 0)
-		{
-		if (i+inl < bl)
-			{
-			memcpy(&(ctx->buf[i]),in,inl);
-			ctx->buf_len+=inl;
-			*outl=0;
-			return 1;
-			}
-		else
-			{
-			j=bl-i;
-			memcpy(&(ctx->buf[i]),in,j);
-			if(!M_do_cipher(ctx,out,ctx->buf,bl)) return 0;
-			inl-=j;
-			in+=j;
-			out+=bl;
-			*outl=bl;
-			}
-		}
-	else
-		*outl = 0;
-	i=inl&(bl-1);
-	inl-=i;
-	if (inl > 0)
-		{
-		if(!M_do_cipher(ctx,out,in,inl)) return 0;
-		*outl+=inl;
-		}
-
-	if (i != 0)
-		memcpy(ctx->buf,&(in[inl]),i);
-	ctx->buf_len=i;
-	return 1;
-	}
+                      const unsigned char *in, int inl)
+{
+    int i, j, bl;
+
+    if (inl <= 0) {
+        *outl = 0;
+        return inl == 0;
+    }
+
+    if (ctx->buf_len == 0 && (inl & (ctx->block_mask)) == 0) {
+        if (M_do_cipher(ctx, out, in, inl)) {
+            *outl = inl;
+            return 1;
+        } else {
+            *outl = 0;
+            return 0;
+        }
+    }
+    i = ctx->buf_len;
+    bl = ctx->cipher->block_size;
+    OPENSSL_assert(bl <= (int)sizeof(ctx->buf));
+    if (i != 0) {
+        if (i + inl < bl) {
+            memcpy(&(ctx->buf[i]), in, inl);
+            ctx->buf_len += inl;
+            *outl = 0;
+            return 1;
+        } else {
+            j = bl - i;
+            memcpy(&(ctx->buf[i]), in, j);
+            if (!M_do_cipher(ctx, out, ctx->buf, bl))
+                return 0;
+            inl -= j;
+            in += j;
+            out += bl;
+            *outl = bl;
+        }
+    } else
+        *outl = 0;
+    i = inl & (bl - 1);
+    inl -= i;
+    if (inl > 0) {
+        if (!M_do_cipher(ctx, out, in, inl))
+            return 0;
+        *outl += inl;
+    }
+
+    if (i != 0)
+        memcpy(ctx->buf, &(in[inl]), i);
+    ctx->buf_len = i;
+    return 1;
+}
 
 int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	int ret;
-	ret = EVP_EncryptFinal_ex(ctx, out, outl);
-	return ret;
-	}
+{
+    int ret;
+    ret = EVP_EncryptFinal_ex(ctx, out, outl);
+    return ret;
+}
 
 int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	int n,ret;
-	unsigned int i, b, bl;
-
-	b=ctx->cipher->block_size;
-	OPENSSL_assert(b <= sizeof ctx->buf);
-	if (b == 1)
-		{
-		*outl=0;
-		return 1;
-		}
-	bl=ctx->buf_len;
-	if (ctx->flags & EVP_CIPH_NO_PADDING)
-		{
-		if(bl)
-			{
-			EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
-			return 0;
-			}
-		*outl = 0;
-		return 1;
-		}
-
-	n=b-bl;
-	for (i=bl; i<b; i++)
-		ctx->buf[i]=n;
-	ret=M_do_cipher(ctx,out,ctx->buf,b);
-
-
-	if(ret)
-		*outl=b;
-
-	return ret;
-	}
+{
+    int n, ret;
+    unsigned int i, b, bl;
+
+    b = ctx->cipher->block_size;
+    OPENSSL_assert(b <= sizeof ctx->buf);
+    if (b == 1) {
+        *outl = 0;
+        return 1;
+    }
+    bl = ctx->buf_len;
+    if (ctx->flags & EVP_CIPH_NO_PADDING) {
+        if (bl) {
+            EVPerr(EVP_F_EVP_ENCRYPTFINAL_EX,
+                   EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+            return 0;
+        }
+        *outl = 0;
+        return 1;
+    }
+
+    n = b - bl;
+    for (i = bl; i < b; i++)
+        ctx->buf[i] = n;
+    ret = M_do_cipher(ctx, out, ctx->buf, b);
+
+    if (ret)
+        *outl = b;
+
+    return ret;
+}
 
 int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
-	     const unsigned char *in, int inl)
-	{
-	int fix_len;
-	unsigned int b;
-
-	if (inl <= 0)
-		{
-		*outl = 0;
-		return inl == 0;
-		}
-
-	if (ctx->flags & EVP_CIPH_NO_PADDING)
-		return EVP_EncryptUpdate(ctx, out, outl, in, inl);
-
-	b=ctx->cipher->block_size;
-	OPENSSL_assert(b <= sizeof ctx->final);
-
-	if(ctx->final_used)
-		{
-		memcpy(out,ctx->final,b);
-		out+=b;
-		fix_len = 1;
-		}
-	else
-		fix_len = 0;
-
-
-	if(!EVP_EncryptUpdate(ctx,out,outl,in,inl))
-		return 0;
-
-	/* if we have 'decrypted' a multiple of block size, make sure
-	 * we have a copy of this last block */
-	if (b > 1 && !ctx->buf_len)
-		{
-		*outl-=b;
-		ctx->final_used=1;
-		memcpy(ctx->final,&out[*outl],b);
-		}
-	else
-		ctx->final_used = 0;
-
-	if (fix_len)
-		*outl += b;
-		
-	return 1;
-	}
+                      const unsigned char *in, int inl)
+{
+    int fix_len;
+    unsigned int b;
+
+    if (inl <= 0) {
+        *outl = 0;
+        return inl == 0;
+    }
+
+    if (ctx->flags & EVP_CIPH_NO_PADDING)
+        return EVP_EncryptUpdate(ctx, out, outl, in, inl);
+
+    b = ctx->cipher->block_size;
+    OPENSSL_assert(b <= sizeof ctx->final);
+
+    if (ctx->final_used) {
+        memcpy(out, ctx->final, b);
+        out += b;
+        fix_len = 1;
+    } else
+        fix_len = 0;
+
+    if (!EVP_EncryptUpdate(ctx, out, outl, in, inl))
+        return 0;
+
+    /*
+     * if we have 'decrypted' a multiple of block size, make sure we have a
+     * copy of this last block
+     */
+    if (b > 1 && !ctx->buf_len) {
+        *outl -= b;
+        ctx->final_used = 1;
+        memcpy(ctx->final, &out[*outl], b);
+    } else
+        ctx->final_used = 0;
+
+    if (fix_len)
+        *outl += b;
+
+    return 1;
+}
 
 int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	int ret;
-	ret = EVP_DecryptFinal_ex(ctx, out, outl);
-	return ret;
-	}
+{
+    int ret;
+    ret = EVP_DecryptFinal_ex(ctx, out, outl);
+    return ret;
+}
 
 int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	int i,n;
-	unsigned int b;
-
-	*outl=0;
-	b=ctx->cipher->block_size;
-	if (ctx->flags & EVP_CIPH_NO_PADDING)
-		{
-		if(ctx->buf_len)
-			{
-			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
-			return 0;
-			}
-		*outl = 0;
-		return 1;
-		}
-	if (b > 1)
-		{
-		if (ctx->buf_len || !ctx->final_used)
-			{
-			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_WRONG_FINAL_BLOCK_LENGTH);
-			return(0);
-			}
-		OPENSSL_assert(b <= sizeof ctx->final);
-		n=ctx->final[b-1];
-		if (n == 0 || n > (int)b)
-			{
-			EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
-			return(0);
-			}
-		for (i=0; i<n; i++)
-			{
-			if (ctx->final[--b] != n)
-				{
-				EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,EVP_R_BAD_DECRYPT);
-				return(0);
-				}
-			}
-		n=ctx->cipher->block_size-n;
-		for (i=0; i<n; i++)
-			out[i]=ctx->final[i];
-		*outl=n;
-		}
-	else
-		*outl=0;
-	return(1);
-	}
+{
+    int i, n;
+    unsigned int b;
+
+    *outl = 0;
+    b = ctx->cipher->block_size;
+    if (ctx->flags & EVP_CIPH_NO_PADDING) {
+        if (ctx->buf_len) {
+            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX,
+                   EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
+            return 0;
+        }
+        *outl = 0;
+        return 1;
+    }
+    if (b > 1) {
+        if (ctx->buf_len || !ctx->final_used) {
+            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH);
+            return (0);
+        }
+        OPENSSL_assert(b <= sizeof ctx->final);
+        n = ctx->final[b - 1];
+        if (n == 0 || n > (int)b) {
+            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+            return (0);
+        }
+        for (i = 0; i < n; i++) {
+            if (ctx->final[--b] != n) {
+                EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+                return (0);
+            }
+        }
+        n = ctx->cipher->block_size - n;
+        for (i = 0; i < n; i++)
+            out[i] = ctx->final[i];
+        *outl = n;
+    } else
+        *outl = 0;
+    return (1);
+}
 
 void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
-	{
-	if (ctx)
-		{
-		EVP_CIPHER_CTX_cleanup(ctx);
-		OPENSSL_free(ctx);
-		}
-	}
+{
+    if (ctx) {
+        EVP_CIPHER_CTX_cleanup(ctx);
+        OPENSSL_free(ctx);
+    }
+}
 
 int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
-	{
-	if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) 
-		return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
-	if(c->key_len == keylen) return 1;
-	if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH))
-		{
-		c->key_len = keylen;
-		return 1;
-		}
-	EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH);
-	return 0;
-	}
+{
+    if (c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH)
+        return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL);
+    if (c->key_len == keylen)
+        return 1;
+    if ((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) {
+        c->key_len = keylen;
+        return 1;
+    }
+    EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH);
+    return 0;
+}
 
 int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad)
-	{
-	if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING;
-	else ctx->flags |= EVP_CIPH_NO_PADDING;
-	return 1;
-	}
+{
+    if (pad)
+        ctx->flags &= ~EVP_CIPH_NO_PADDING;
+    else
+        ctx->flags |= EVP_CIPH_NO_PADDING;
+    return 1;
+}
 
 int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
-	{
-	if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
-		return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
-	if (RAND_bytes(key, ctx->key_len) <= 0)
-		return 0;
-	return 1;
-	}
+{
+    if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
+        return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
+    if (RAND_bytes(key, ctx->key_len) <= 0)
+        return 0;
+    return 1;
+}
 
 #ifndef OPENSSL_NO_ENGINE
 
-#ifdef OPENSSL_FIPS
-
-static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx, const EVP_CIPHER **pcipher, ENGINE *impl)
-	{
-	if(impl)
-		{
-		if (!ENGINE_init(impl))
-			{
-			EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
-			return 0;
-			}
-		}
-	else
-		/* Ask if an ENGINE is reserved for this job */
-		impl = ENGINE_get_cipher_engine((*pcipher)->nid);
-	if(impl)
-		{
-		/* There's an ENGINE for this job ... (apparently) */
-		const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
-		if(!c)
-			{
-			/* One positive side-effect of US's export
-			 * control history, is that we should at least
-			 * be able to avoid using US mispellings of
-			 * "initialisation"? */
-			EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
-			return 0;
-			}
-		/* We'll use the ENGINE's private cipher definition */
-		*pcipher = c;
-		/* Store the ENGINE functional reference so we know
-		 * 'cipher' came from an ENGINE and we need to release
-		 * it when done. */
-		ctx->engine = impl;
-		}
-	else
-		ctx->engine = NULL;
-	return 1;
-	}
+# ifdef OPENSSL_FIPS
+
+static int do_evp_enc_engine_full(EVP_CIPHER_CTX *ctx,
+                                  const EVP_CIPHER **pcipher, ENGINE *impl)
+{
+    if (impl) {
+        if (!ENGINE_init(impl)) {
+            EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
+            return 0;
+        }
+    } else
+        /* Ask if an ENGINE is reserved for this job */
+        impl = ENGINE_get_cipher_engine((*pcipher)->nid);
+    if (impl) {
+        /* There's an ENGINE for this job ... (apparently) */
+        const EVP_CIPHER *c = ENGINE_get_cipher(impl, (*pcipher)->nid);
+        if (!c) {
+            /*
+             * One positive side-effect of US's export control history, is
+             * that we should at least be able to avoid using US mispellings
+             * of "initialisation"?
+             */
+            EVPerr(EVP_F_DO_EVP_ENC_ENGINE_FULL, EVP_R_INITIALIZATION_ERROR);
+            return 0;
+        }
+        /* We'll use the ENGINE's private cipher definition */
+        *pcipher = c;
+        /*
+         * Store the ENGINE functional reference so we know 'cipher' came
+         * from an ENGINE and we need to release it when done.
+         */
+        ctx->engine = impl;
+    } else
+        ctx->engine = NULL;
+    return 1;
+}
 
 void int_EVP_CIPHER_init_engine_callbacks(void)
-	{
-	int_EVP_CIPHER_set_engine_callbacks(
-		ENGINE_finish, do_evp_enc_engine_full);
-	}
+{
+    int_EVP_CIPHER_set_engine_callbacks(ENGINE_finish,
+                                        do_evp_enc_engine_full);
+}
 
-#endif
+# endif
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_err.c b/Cryptlib/OpenSSL/crypto/evp/evp_err.c
index b5b900d4..02d24ec4 100644
--- a/Cryptlib/OpenSSL/crypto/evp/evp_err.c
+++ b/Cryptlib/OpenSSL/crypto/evp/evp_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,124 +66,131 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_EVP,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_EVP,0,reason)
 
-static ERR_STRING_DATA EVP_str_functs[]=
-	{
-{ERR_FUNC(EVP_F_AES_INIT_KEY),	"AES_INIT_KEY"},
-{ERR_FUNC(EVP_F_ALG_MODULE_INIT),	"ALG_MODULE_INIT"},
-{ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY),	"CAMELLIA_INIT_KEY"},
-{ERR_FUNC(EVP_F_D2I_PKEY),	"D2I_PKEY"},
-{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE),	"DO_EVP_ENC_ENGINE"},
-{ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL),	"DO_EVP_ENC_ENGINE_FULL"},
-{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE),	"DO_EVP_MD_ENGINE"},
-{ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL),	"DO_EVP_MD_ENGINE_FULL"},
-{ERR_FUNC(EVP_F_DSAPKEY2PKCS8),	"DSAPKEY2PKCS8"},
-{ERR_FUNC(EVP_F_DSA_PKEY2PKCS8),	"DSA_PKEY2PKCS8"},
-{ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8),	"ECDSA_PKEY2PKCS8"},
-{ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8),	"ECKEY_PKEY2PKCS8"},
-{ERR_FUNC(EVP_F_EVP_CIPHERINIT),	"EVP_CipherInit"},
-{ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX),	"EVP_CipherInit_ex"},
-{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL),	"EVP_CIPHER_CTX_ctrl"},
-{ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),	"EVP_CIPHER_CTX_set_key_length"},
-{ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX),	"EVP_DecryptFinal_ex"},
-{ERR_FUNC(EVP_F_EVP_DIGESTINIT),	"EVP_DigestInit"},
-{ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX),	"EVP_DigestInit_ex"},
-{ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX),	"EVP_EncryptFinal_ex"},
-{ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX),	"EVP_MD_CTX_copy_ex"},
-{ERR_FUNC(EVP_F_EVP_OPENINIT),	"EVP_OpenInit"},
-{ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD),	"EVP_PBE_alg_add"},
-{ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT),	"EVP_PBE_CipherInit"},
-{ERR_FUNC(EVP_F_EVP_PKCS82PKEY),	"EVP_PKCS82PKEY"},
-{ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN),	"EVP_PKEY2PKCS8_broken"},
-{ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS),	"EVP_PKEY_copy_parameters"},
-{ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT),	"EVP_PKEY_decrypt"},
-{ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT),	"EVP_PKEY_encrypt"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH),	"EVP_PKEY_get1_DH"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA),	"EVP_PKEY_get1_DSA"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA),	"EVP_PKEY_GET1_ECDSA"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY),	"EVP_PKEY_get1_EC_KEY"},
-{ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA),	"EVP_PKEY_get1_RSA"},
-{ERR_FUNC(EVP_F_EVP_PKEY_NEW),	"EVP_PKEY_new"},
-{ERR_FUNC(EVP_F_EVP_RIJNDAEL),	"EVP_RIJNDAEL"},
-{ERR_FUNC(EVP_F_EVP_SIGNFINAL),	"EVP_SignFinal"},
-{ERR_FUNC(EVP_F_EVP_VERIFYFINAL),	"EVP_VerifyFinal"},
-{ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN),	"PKCS5_PBE_keyivgen"},
-{ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN),	"PKCS5_v2_PBE_keyivgen"},
-{ERR_FUNC(EVP_F_PKCS8_SET_BROKEN),	"PKCS8_set_broken"},
-{ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH),	"RC2_MAGIC_TO_METH"},
-{ERR_FUNC(EVP_F_RC5_CTRL),	"RC5_CTRL"},
-{0,NULL}
-	};
+static ERR_STRING_DATA EVP_str_functs[] = {
+    {ERR_FUNC(EVP_F_AES_INIT_KEY), "AES_INIT_KEY"},
+    {ERR_FUNC(EVP_F_ALG_MODULE_INIT), "ALG_MODULE_INIT"},
+    {ERR_FUNC(EVP_F_CAMELLIA_INIT_KEY), "CAMELLIA_INIT_KEY"},
+    {ERR_FUNC(EVP_F_D2I_PKEY), "D2I_PKEY"},
+    {ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE), "DO_EVP_ENC_ENGINE"},
+    {ERR_FUNC(EVP_F_DO_EVP_ENC_ENGINE_FULL), "DO_EVP_ENC_ENGINE_FULL"},
+    {ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE), "DO_EVP_MD_ENGINE"},
+    {ERR_FUNC(EVP_F_DO_EVP_MD_ENGINE_FULL), "DO_EVP_MD_ENGINE_FULL"},
+    {ERR_FUNC(EVP_F_DSAPKEY2PKCS8), "DSAPKEY2PKCS8"},
+    {ERR_FUNC(EVP_F_DSA_PKEY2PKCS8), "DSA_PKEY2PKCS8"},
+    {ERR_FUNC(EVP_F_ECDSA_PKEY2PKCS8), "ECDSA_PKEY2PKCS8"},
+    {ERR_FUNC(EVP_F_ECKEY_PKEY2PKCS8), "ECKEY_PKEY2PKCS8"},
+    {ERR_FUNC(EVP_F_EVP_CIPHERINIT), "EVP_CipherInit"},
+    {ERR_FUNC(EVP_F_EVP_CIPHERINIT_EX), "EVP_CipherInit_ex"},
+    {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_CTRL), "EVP_CIPHER_CTX_ctrl"},
+    {ERR_FUNC(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH),
+     "EVP_CIPHER_CTX_set_key_length"},
+    {ERR_FUNC(EVP_F_EVP_DECRYPTFINAL_EX), "EVP_DecryptFinal_ex"},
+    {ERR_FUNC(EVP_F_EVP_DIGESTINIT), "EVP_DigestInit"},
+    {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"},
+    {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"},
+    {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"},
+    {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"},
+    {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"},
+    {ERR_FUNC(EVP_F_EVP_PBE_CIPHERINIT), "EVP_PBE_CipherInit"},
+    {ERR_FUNC(EVP_F_EVP_PKCS82PKEY), "EVP_PKCS82PKEY"},
+    {ERR_FUNC(EVP_F_EVP_PKEY2PKCS8_BROKEN), "EVP_PKEY2PKCS8_broken"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_COPY_PARAMETERS), "EVP_PKEY_copy_parameters"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_DECRYPT), "EVP_PKEY_decrypt"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_ENCRYPT), "EVP_PKEY_encrypt"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DH), "EVP_PKEY_get1_DH"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_GET1_DSA), "EVP_PKEY_get1_DSA"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_GET1_ECDSA), "EVP_PKEY_GET1_ECDSA"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_GET1_EC_KEY), "EVP_PKEY_get1_EC_KEY"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_GET1_RSA), "EVP_PKEY_get1_RSA"},
+    {ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
+    {ERR_FUNC(EVP_F_EVP_RIJNDAEL), "EVP_RIJNDAEL"},
+    {ERR_FUNC(EVP_F_EVP_SIGNFINAL), "EVP_SignFinal"},
+    {ERR_FUNC(EVP_F_EVP_VERIFYFINAL), "EVP_VerifyFinal"},
+    {ERR_FUNC(EVP_F_PKCS5_PBE_KEYIVGEN), "PKCS5_PBE_keyivgen"},
+    {ERR_FUNC(EVP_F_PKCS5_V2_PBE_KEYIVGEN), "PKCS5_v2_PBE_keyivgen"},
+    {ERR_FUNC(EVP_F_PKCS8_SET_BROKEN), "PKCS8_set_broken"},
+    {ERR_FUNC(EVP_F_RC2_MAGIC_TO_METH), "RC2_MAGIC_TO_METH"},
+    {ERR_FUNC(EVP_F_RC5_CTRL), "RC5_CTRL"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA EVP_str_reasons[]=
-	{
-{ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED)  ,"aes key setup failed"},
-{ERR_REASON(EVP_R_ASN1_LIB)              ,"asn1 lib"},
-{ERR_REASON(EVP_R_BAD_BLOCK_LENGTH)      ,"bad block length"},
-{ERR_REASON(EVP_R_BAD_DECRYPT)           ,"bad decrypt"},
-{ERR_REASON(EVP_R_BAD_KEY_LENGTH)        ,"bad key length"},
-{ERR_REASON(EVP_R_BN_DECODE_ERROR)       ,"bn decode error"},
-{ERR_REASON(EVP_R_BN_PUBKEY_ERROR)       ,"bn pubkey error"},
-{ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),"camellia key setup failed"},
-{ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR),"cipher parameter error"},
-{ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED)  ,"ctrl not implemented"},
-{ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),"ctrl operation not implemented"},
-{ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),"data not multiple of block length"},
-{ERR_REASON(EVP_R_DECODE_ERROR)          ,"decode error"},
-{ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES)   ,"different key types"},
-{ERR_REASON(EVP_R_DISABLED_FOR_FIPS)     ,"disabled for fips"},
-{ERR_REASON(EVP_R_ENCODE_ERROR)          ,"encode error"},
-{ERR_REASON(EVP_R_ERROR_LOADING_SECTION) ,"error loading section"},
-{ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE),"error setting fips mode"},
-{ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR),"evp pbe cipherinit error"},
-{ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY)  ,"expecting an rsa key"},
-{ERR_REASON(EVP_R_EXPECTING_A_DH_KEY)    ,"expecting a dh key"},
-{ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY)   ,"expecting a dsa key"},
-{ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY) ,"expecting a ecdsa key"},
-{ERR_REASON(EVP_R_EXPECTING_A_EC_KEY)    ,"expecting a ec key"},
-{ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED),"fips mode not supported"},
-{ERR_REASON(EVP_R_INITIALIZATION_ERROR)  ,"initialization error"},
-{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED) ,"input not initialized"},
-{ERR_REASON(EVP_R_INVALID_FIPS_MODE)     ,"invalid fips mode"},
-{ERR_REASON(EVP_R_INVALID_KEY_LENGTH)    ,"invalid key length"},
-{ERR_REASON(EVP_R_IV_TOO_LARGE)          ,"iv too large"},
-{ERR_REASON(EVP_R_KEYGEN_FAILURE)        ,"keygen failure"},
-{ERR_REASON(EVP_R_MISSING_PARAMETERS)    ,"missing parameters"},
-{ERR_REASON(EVP_R_NO_CIPHER_SET)         ,"no cipher set"},
-{ERR_REASON(EVP_R_NO_DIGEST_SET)         ,"no digest set"},
-{ERR_REASON(EVP_R_NO_DSA_PARAMETERS)     ,"no dsa parameters"},
-{ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),"no sign function configured"},
-{ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),"no verify function configured"},
-{ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),"pkcs8 unknown broken type"},
-{ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA)    ,"public key not rsa"},
-{ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED) ,"seed key setup failed"},
-{ERR_REASON(EVP_R_UNKNOWN_OPTION)        ,"unknown option"},
-{ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM) ,"unknown pbe algorithm"},
-{ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),"unsuported number of rounds"},
-{ERR_REASON(EVP_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
-{ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH) ,"unsupported keylength"},
-{ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),"unsupported key derivation function"},
-{ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE)  ,"unsupported key size"},
-{ERR_REASON(EVP_R_UNSUPPORTED_PRF)       ,"unsupported prf"},
-{ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),"unsupported private key algorithm"},
-{ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE) ,"unsupported salt type"},
-{ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH),"wrong final block length"},
-{ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE) ,"wrong public key type"},
-{0,NULL}
-	};
+static ERR_STRING_DATA EVP_str_reasons[] = {
+    {ERR_REASON(EVP_R_AES_KEY_SETUP_FAILED), "aes key setup failed"},
+    {ERR_REASON(EVP_R_ASN1_LIB), "asn1 lib"},
+    {ERR_REASON(EVP_R_BAD_BLOCK_LENGTH), "bad block length"},
+    {ERR_REASON(EVP_R_BAD_DECRYPT), "bad decrypt"},
+    {ERR_REASON(EVP_R_BAD_KEY_LENGTH), "bad key length"},
+    {ERR_REASON(EVP_R_BN_DECODE_ERROR), "bn decode error"},
+    {ERR_REASON(EVP_R_BN_PUBKEY_ERROR), "bn pubkey error"},
+    {ERR_REASON(EVP_R_CAMELLIA_KEY_SETUP_FAILED),
+     "camellia key setup failed"},
+    {ERR_REASON(EVP_R_CIPHER_PARAMETER_ERROR), "cipher parameter error"},
+    {ERR_REASON(EVP_R_CTRL_NOT_IMPLEMENTED), "ctrl not implemented"},
+    {ERR_REASON(EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED),
+     "ctrl operation not implemented"},
+    {ERR_REASON(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH),
+     "data not multiple of block length"},
+    {ERR_REASON(EVP_R_DECODE_ERROR), "decode error"},
+    {ERR_REASON(EVP_R_DIFFERENT_KEY_TYPES), "different key types"},
+    {ERR_REASON(EVP_R_DISABLED_FOR_FIPS), "disabled for fips"},
+    {ERR_REASON(EVP_R_ENCODE_ERROR), "encode error"},
+    {ERR_REASON(EVP_R_ERROR_LOADING_SECTION), "error loading section"},
+    {ERR_REASON(EVP_R_ERROR_SETTING_FIPS_MODE), "error setting fips mode"},
+    {ERR_REASON(EVP_R_EVP_PBE_CIPHERINIT_ERROR), "evp pbe cipherinit error"},
+    {ERR_REASON(EVP_R_EXPECTING_AN_RSA_KEY), "expecting an rsa key"},
+    {ERR_REASON(EVP_R_EXPECTING_A_DH_KEY), "expecting a dh key"},
+    {ERR_REASON(EVP_R_EXPECTING_A_DSA_KEY), "expecting a dsa key"},
+    {ERR_REASON(EVP_R_EXPECTING_A_ECDSA_KEY), "expecting a ecdsa key"},
+    {ERR_REASON(EVP_R_EXPECTING_A_EC_KEY), "expecting a ec key"},
+    {ERR_REASON(EVP_R_FIPS_MODE_NOT_SUPPORTED), "fips mode not supported"},
+    {ERR_REASON(EVP_R_INITIALIZATION_ERROR), "initialization error"},
+    {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},
+    {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
+    {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
+    {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"},
+    {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"},
+    {ERR_REASON(EVP_R_MISSING_PARAMETERS), "missing parameters"},
+    {ERR_REASON(EVP_R_NO_CIPHER_SET), "no cipher set"},
+    {ERR_REASON(EVP_R_NO_DIGEST_SET), "no digest set"},
+    {ERR_REASON(EVP_R_NO_DSA_PARAMETERS), "no dsa parameters"},
+    {ERR_REASON(EVP_R_NO_SIGN_FUNCTION_CONFIGURED),
+     "no sign function configured"},
+    {ERR_REASON(EVP_R_NO_VERIFY_FUNCTION_CONFIGURED),
+     "no verify function configured"},
+    {ERR_REASON(EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE),
+     "pkcs8 unknown broken type"},
+    {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
+    {ERR_REASON(EVP_R_SEED_KEY_SETUP_FAILED), "seed key setup failed"},
+    {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
+    {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"},
+    {ERR_REASON(EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS),
+     "unsuported number of rounds"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),
+     "unsupported key derivation function"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),
+     "unsupported private key algorithm"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_SALT_TYPE), "unsupported salt type"},
+    {ERR_REASON(EVP_R_WRONG_FINAL_BLOCK_LENGTH), "wrong final block length"},
+    {ERR_REASON(EVP_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_EVP_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(EVP_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,EVP_str_functs);
-		ERR_load_strings(0,EVP_str_reasons);
-		}
+    if (ERR_func_error_string(EVP_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, EVP_str_functs);
+        ERR_load_strings(0, EVP_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_key.c b/Cryptlib/OpenSSL/crypto/evp/evp_key.c
index 361ea69a..924e12fe 100644
--- a/Cryptlib/OpenSSL/crypto/evp/evp_key.c
+++ b/Cryptlib/OpenSSL/crypto/evp/evp_key.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -67,109 +67,112 @@
 static char prompt_string[80];
 
 void EVP_set_pw_prompt(const char *prompt)
-	{
-	if (prompt == NULL)
-		prompt_string[0]='\0';
-	else
-		{
-		strncpy(prompt_string,prompt,79);
-		prompt_string[79]='\0';
-		}
-	}
+{
+    if (prompt == NULL)
+        prompt_string[0] = '\0';
+    else {
+        strncpy(prompt_string, prompt, 79);
+        prompt_string[79] = '\0';
+    }
+}
 
 char *EVP_get_pw_prompt(void)
-	{
-	if (prompt_string[0] == '\0')
-		return(NULL);
-	else
-		return(prompt_string);
-	}
+{
+    if (prompt_string[0] == '\0')
+        return (NULL);
+    else
+        return (prompt_string);
+}
 
-/* For historical reasons, the standard function for reading passwords is
- * in the DES library -- if someone ever wants to disable DES,
- * this function will fail */
+/*
+ * For historical reasons, the standard function for reading passwords is in
+ * the DES library -- if someone ever wants to disable DES, this function
+ * will fail
+ */
 int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify)
-	{
-	int ret;
-	char buff[BUFSIZ];
-	UI *ui;
-
-	if ((prompt == NULL) && (prompt_string[0] != '\0'))
-		prompt=prompt_string;
-	ui = UI_new();
-	UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len);
-	if (verify)
-		UI_add_verify_string(ui,prompt,0,
-			buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf);
-	ret = UI_process(ui);
-	UI_free(ui);
-	OPENSSL_cleanse(buff,BUFSIZ);
-	return ret;
-	}
+{
+    int ret;
+    char buff[BUFSIZ];
+    UI *ui;
 
-int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, 
-	     const unsigned char *salt, const unsigned char *data, int datal,
-	     int count, unsigned char *key, unsigned char *iv)
-	{
-	EVP_MD_CTX c;
-	unsigned char md_buf[EVP_MAX_MD_SIZE];
-	int niv,nkey,addmd=0;
-	unsigned int mds=0,i;
+    if ((prompt == NULL) && (prompt_string[0] != '\0'))
+        prompt = prompt_string;
+    ui = UI_new();
+    UI_add_input_string(ui, prompt, 0, buf, 0,
+                        (len >= BUFSIZ) ? BUFSIZ - 1 : len);
+    if (verify)
+        UI_add_verify_string(ui, prompt, 0,
+                             buff, 0, (len >= BUFSIZ) ? BUFSIZ - 1 : len,
+                             buf);
+    ret = UI_process(ui);
+    UI_free(ui);
+    OPENSSL_cleanse(buff, BUFSIZ);
+    return ret;
+}
 
-	nkey=type->key_len;
-	niv=type->iv_len;
-	OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
-	OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
+int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md,
+                   const unsigned char *salt, const unsigned char *data,
+                   int datal, int count, unsigned char *key,
+                   unsigned char *iv)
+{
+    EVP_MD_CTX c;
+    unsigned char md_buf[EVP_MAX_MD_SIZE];
+    int niv, nkey, addmd = 0;
+    unsigned int mds = 0, i;
 
-	if (data == NULL) return(nkey);
+    nkey = type->key_len;
+    niv = type->iv_len;
+    OPENSSL_assert(nkey <= EVP_MAX_KEY_LENGTH);
+    OPENSSL_assert(niv <= EVP_MAX_IV_LENGTH);
 
-	EVP_MD_CTX_init(&c);
-	for (;;)
-		{
-		if (!EVP_DigestInit_ex(&c,md, NULL))
-			return 0;
-		if (addmd++)
-			EVP_DigestUpdate(&c,&(md_buf[0]),mds);
-		EVP_DigestUpdate(&c,data,datal);
-		if (salt != NULL)
-			EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN);
-		EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
+    if (data == NULL)
+        return (nkey);
 
-		for (i=1; i<(unsigned int)count; i++)
-			{
-			EVP_DigestInit_ex(&c,md, NULL);
-			EVP_DigestUpdate(&c,&(md_buf[0]),mds);
-			EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds);
-			}
-		i=0;
-		if (nkey)
-			{
-			for (;;)
-				{
-				if (nkey == 0) break;
-				if (i == mds) break;
-				if (key != NULL)
-					*(key++)=md_buf[i];
-				nkey--;
-				i++;
-				}
-			}
-		if (niv && (i != mds))
-			{
-			for (;;)
-				{
-				if (niv == 0) break;
-				if (i == mds) break;
-				if (iv != NULL)
-					*(iv++)=md_buf[i];
-				niv--;
-				i++;
-				}
-			}
-		if ((nkey == 0) && (niv == 0)) break;
-		}
-	EVP_MD_CTX_cleanup(&c);
-	OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
-	return(type->key_len);
-	}
+    EVP_MD_CTX_init(&c);
+    for (;;) {
+        if (!EVP_DigestInit_ex(&c, md, NULL))
+            return 0;
+        if (addmd++)
+            EVP_DigestUpdate(&c, &(md_buf[0]), mds);
+        EVP_DigestUpdate(&c, data, datal);
+        if (salt != NULL)
+            EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN);
+        EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds);
 
+        for (i = 1; i < (unsigned int)count; i++) {
+            EVP_DigestInit_ex(&c, md, NULL);
+            EVP_DigestUpdate(&c, &(md_buf[0]), mds);
+            EVP_DigestFinal_ex(&c, &(md_buf[0]), &mds);
+        }
+        i = 0;
+        if (nkey) {
+            for (;;) {
+                if (nkey == 0)
+                    break;
+                if (i == mds)
+                    break;
+                if (key != NULL)
+                    *(key++) = md_buf[i];
+                nkey--;
+                i++;
+            }
+        }
+        if (niv && (i != mds)) {
+            for (;;) {
+                if (niv == 0)
+                    break;
+                if (i == mds)
+                    break;
+                if (iv != NULL)
+                    *(iv++) = md_buf[i];
+                niv--;
+                i++;
+            }
+        }
+        if ((nkey == 0) && (niv == 0))
+            break;
+    }
+    EVP_MD_CTX_cleanup(&c);
+    OPENSSL_cleanse(&(md_buf[0]), EVP_MAX_MD_SIZE);
+    return (type->key_len);
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c
index 9c200617..13dad6e0 100644
--- a/Cryptlib/OpenSSL/crypto/evp/evp_lib.c
+++ b/Cryptlib/OpenSSL/crypto/evp/evp_lib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,223 +62,222 @@
 #include <openssl/objects.h>
 
 int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-	{
-	int ret;
-
-	if (c->cipher->set_asn1_parameters != NULL)
-		ret=c->cipher->set_asn1_parameters(c,type);
-	else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
-		ret=EVP_CIPHER_set_asn1_iv(c, type);
-	else
-		ret=-1;
-	return(ret);
-	}
+{
+    int ret;
+
+    if (c->cipher->set_asn1_parameters != NULL)
+        ret = c->cipher->set_asn1_parameters(c, type);
+    else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
+        ret = EVP_CIPHER_set_asn1_iv(c, type);
+    else
+        ret = -1;
+    return (ret);
+}
 
 int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-	{
-	int ret;
-
-	if (c->cipher->get_asn1_parameters != NULL)
-		ret=c->cipher->get_asn1_parameters(c,type);
-	else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
-		ret=EVP_CIPHER_get_asn1_iv(c, type);
-	else
-		ret=-1;
-	return(ret);
-	}
+{
+    int ret;
+
+    if (c->cipher->get_asn1_parameters != NULL)
+        ret = c->cipher->get_asn1_parameters(c, type);
+    else if (c->cipher->flags & EVP_CIPH_FLAG_DEFAULT_ASN1)
+        ret = EVP_CIPHER_get_asn1_iv(c, type);
+    else
+        ret = -1;
+    return (ret);
+}
 
 int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-	{
-	int i=0;
-	unsigned int l;
-
-	if (type != NULL) 
-		{
-		l=EVP_CIPHER_CTX_iv_length(c);
-		OPENSSL_assert(l <= sizeof(c->iv));
-		i=ASN1_TYPE_get_octetstring(type,c->oiv,l);
-		if (i != (int)l)
-			return(-1);
-		else if (i > 0)
-			memcpy(c->iv,c->oiv,l);
-		}
-	return(i);
-	}
+{
+    int i = 0;
+    unsigned int l;
+
+    if (type != NULL) {
+        l = EVP_CIPHER_CTX_iv_length(c);
+        OPENSSL_assert(l <= sizeof(c->iv));
+        i = ASN1_TYPE_get_octetstring(type, c->oiv, l);
+        if (i != (int)l)
+            return (-1);
+        else if (i > 0)
+            memcpy(c->iv, c->oiv, l);
+    }
+    return (i);
+}
 
 int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
-	{
-	int i=0;
-	unsigned int j;
-
-	if (type != NULL)
-		{
-		j=EVP_CIPHER_CTX_iv_length(c);
-		OPENSSL_assert(j <= sizeof(c->iv));
-		i=ASN1_TYPE_set_octetstring(type,c->oiv,j);
-		}
-	return(i);
-	}
+{
+    int i = 0;
+    unsigned int j;
+
+    if (type != NULL) {
+        j = EVP_CIPHER_CTX_iv_length(c);
+        OPENSSL_assert(j <= sizeof(c->iv));
+        i = ASN1_TYPE_set_octetstring(type, c->oiv, j);
+    }
+    return (i);
+}
 
 /* Convert the various cipher NIDs and dummies to a proper OID NID */
 int EVP_CIPHER_type(const EVP_CIPHER *ctx)
 {
-	int nid;
-	ASN1_OBJECT *otmp;
-	nid = EVP_CIPHER_nid(ctx);
+    int nid;
+    ASN1_OBJECT *otmp;
+    nid = EVP_CIPHER_nid(ctx);
 
-	switch(nid) {
+    switch (nid) {
 
-		case NID_rc2_cbc:
-		case NID_rc2_64_cbc:
-		case NID_rc2_40_cbc:
+    case NID_rc2_cbc:
+    case NID_rc2_64_cbc:
+    case NID_rc2_40_cbc:
 
-		return NID_rc2_cbc;
+        return NID_rc2_cbc;
 
-		case NID_rc4:
-		case NID_rc4_40:
+    case NID_rc4:
+    case NID_rc4_40:
 
-		return NID_rc4;
+        return NID_rc4;
 
-		case NID_aes_128_cfb128:
-		case NID_aes_128_cfb8:
-		case NID_aes_128_cfb1:
+    case NID_aes_128_cfb128:
+    case NID_aes_128_cfb8:
+    case NID_aes_128_cfb1:
 
-		return NID_aes_128_cfb128;
+        return NID_aes_128_cfb128;
 
-		case NID_aes_192_cfb128:
-		case NID_aes_192_cfb8:
-		case NID_aes_192_cfb1:
+    case NID_aes_192_cfb128:
+    case NID_aes_192_cfb8:
+    case NID_aes_192_cfb1:
 
-		return NID_aes_192_cfb128;
+        return NID_aes_192_cfb128;
 
-		case NID_aes_256_cfb128:
-		case NID_aes_256_cfb8:
-		case NID_aes_256_cfb1:
+    case NID_aes_256_cfb128:
+    case NID_aes_256_cfb8:
+    case NID_aes_256_cfb1:
 
-		return NID_aes_256_cfb128;
+        return NID_aes_256_cfb128;
 
-		case NID_des_cfb64:
-		case NID_des_cfb8:
-		case NID_des_cfb1:
+    case NID_des_cfb64:
+    case NID_des_cfb8:
+    case NID_des_cfb1:
 
-		return NID_des_cfb64;
+        return NID_des_cfb64;
 
-		case NID_des_ede3_cfb64:
-		case NID_des_ede3_cfb8:
-		case NID_des_ede3_cfb1:
+    case NID_des_ede3_cfb64:
+    case NID_des_ede3_cfb8:
+    case NID_des_ede3_cfb1:
 
-		return NID_des_cfb64;
+        return NID_des_cfb64;
 
-		default:
-		/* Check it has an OID and it is valid */
-		otmp = OBJ_nid2obj(nid);
-		if(!otmp || !otmp->data) nid = NID_undef;
-		ASN1_OBJECT_free(otmp);
-		return nid;
-	}
+    default:
+        /* Check it has an OID and it is valid */
+        otmp = OBJ_nid2obj(nid);
+        if (!otmp || !otmp->data)
+            nid = NID_undef;
+        ASN1_OBJECT_free(otmp);
+        return nid;
+    }
 }
 
 int EVP_CIPHER_block_size(const EVP_CIPHER *e)
-	{
-	return e->block_size;
-	}
+{
+    return e->block_size;
+}
 
 int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
-	{
-	return ctx->cipher->block_size;
-	}
+{
+    return ctx->cipher->block_size;
+}
 
 const EVP_CIPHER *EVP_CIPHER_CTX_cipher(const EVP_CIPHER_CTX *ctx)
-	{
-	return ctx->cipher;
-	}
+{
+    return ctx->cipher;
+}
 
 unsigned long EVP_CIPHER_flags(const EVP_CIPHER *cipher)
-	{
-	return cipher->flags;
-	}
+{
+    return cipher->flags;
+}
 
 void *EVP_CIPHER_CTX_get_app_data(const EVP_CIPHER_CTX *ctx)
-	{
-	return ctx->app_data;
-	}
+{
+    return ctx->app_data;
+}
 
 void EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
-	{
-	ctx->app_data = data;
-	}
+{
+    ctx->app_data = data;
+}
 
 int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
-	{
-	return cipher->iv_len;
-	}
+{
+    return cipher->iv_len;
+}
 
 int EVP_CIPHER_key_length(const EVP_CIPHER *cipher)
-	{
-	return cipher->key_len;
-	}
+{
+    return cipher->key_len;
+}
 
 int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
-	{
-	return ctx->key_len;
-	}
+{
+    return ctx->key_len;
+}
 
 int EVP_CIPHER_CTX_nid(const EVP_CIPHER_CTX *ctx)
-	{
-	return ctx->cipher->nid;
-	}
+{
+    return ctx->cipher->nid;
+}
 
-int EVP_MD_block_size(const EVP_MD *md) 
-	{
-	return md->block_size;
-	}
+int EVP_MD_block_size(const EVP_MD *md)
+{
+    return md->block_size;
+}
 
 int EVP_MD_type(const EVP_MD *md)
-	{
-	return md->type;
-	}
+{
+    return md->type;
+}
 
 int EVP_MD_pkey_type(const EVP_MD *md)
-	{
-	return md->pkey_type;
-	}
+{
+    return md->pkey_type;
+}
 
 int EVP_MD_size(const EVP_MD *md)
-	{
-	return md->md_size;
-	}
+{
+    return md->md_size;
+}
 
-const EVP_MD * EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
-	{
-	return ctx->digest;
-	}
+const EVP_MD *EVP_MD_CTX_md(const EVP_MD_CTX *ctx)
+{
+    return ctx->digest;
+}
 
 void EVP_MD_CTX_set_flags(EVP_MD_CTX *ctx, int flags)
-	{
-	ctx->flags |= flags;
-	}
+{
+    ctx->flags |= flags;
+}
 
 void EVP_MD_CTX_clear_flags(EVP_MD_CTX *ctx, int flags)
-	{
-	ctx->flags &= ~flags;
-	}
+{
+    ctx->flags &= ~flags;
+}
 
 int EVP_MD_CTX_test_flags(const EVP_MD_CTX *ctx, int flags)
-	{
-	return (ctx->flags & flags);
-	}
+{
+    return (ctx->flags & flags);
+}
 
 void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags)
-	{
-	ctx->flags |= flags;
-	}
+{
+    ctx->flags |= flags;
+}
 
 void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags)
-	{
-	ctx->flags &= ~flags;
-	}
+{
+    ctx->flags &= ~flags;
+}
 
 int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags)
-	{
-	return (ctx->flags & flags);
-	}
+{
+    return (ctx->flags & flags);
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c
index 766ea42b..e83fbe74 100644
--- a/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c
+++ b/Cryptlib/OpenSSL/crypto/evp/evp_pbe.c
@@ -1,6 +1,7 @@
 /* evp_pbe.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -68,103 +69,101 @@ static STACK *pbe_algs;
 /* Setup a cipher context from a PBE algorithm */
 
 typedef struct {
-int pbe_nid;
-const EVP_CIPHER *cipher;
-const EVP_MD *md;
-EVP_PBE_KEYGEN *keygen;
+    int pbe_nid;
+    const EVP_CIPHER *cipher;
+    const EVP_MD *md;
+    EVP_PBE_KEYGEN *keygen;
 } EVP_PBE_CTL;
 
 int EVP_PBE_CipherInit(ASN1_OBJECT *pbe_obj, const char *pass, int passlen,
-	     ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
+                       ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de)
 {
 
-	EVP_PBE_CTL *pbetmp, pbelu;
-	int i;
-	pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
-	if (pbelu.pbe_nid != NID_undef) i = sk_find(pbe_algs, (char *)&pbelu);
-	else i = -1;
+    EVP_PBE_CTL *pbetmp, pbelu;
+    int i;
+    pbelu.pbe_nid = OBJ_obj2nid(pbe_obj);
+    if (pbelu.pbe_nid != NID_undef)
+        i = sk_find(pbe_algs, (char *)&pbelu);
+    else
+        i = -1;
 
-	if (i == -1) {
-		char obj_tmp[80];
-		EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_UNKNOWN_PBE_ALGORITHM);
-		if (!pbe_obj) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
-		else i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
-		ERR_add_error_data(2, "TYPE=", obj_tmp);
-		return 0;
-	}
-	if(!pass) passlen = 0;
-	else if (passlen == -1) passlen = strlen(pass);
-	pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i);
-	i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher,
-						 pbetmp->md, en_de);
-	if (!i) {
-		EVPerr(EVP_F_EVP_PBE_CIPHERINIT,EVP_R_KEYGEN_FAILURE);
-		return 0;
-	}
-	return 1;	
+    if (i == -1) {
+        char obj_tmp[80];
+        EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_UNKNOWN_PBE_ALGORITHM);
+        if (!pbe_obj)
+            BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp);
+        else
+            i2t_ASN1_OBJECT(obj_tmp, sizeof obj_tmp, pbe_obj);
+        ERR_add_error_data(2, "TYPE=", obj_tmp);
+        return 0;
+    }
+    if (!pass)
+        passlen = 0;
+    else if (passlen == -1)
+        passlen = strlen(pass);
+    pbetmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i);
+    i = (*pbetmp->keygen) (ctx, pass, passlen, param, pbetmp->cipher,
+                           pbetmp->md, en_de);
+    if (!i) {
+        EVPerr(EVP_F_EVP_PBE_CIPHERINIT, EVP_R_KEYGEN_FAILURE);
+        return 0;
+    }
+    return 1;
 }
 
-static int pbe_cmp(const char * const *a, const char * const *b)
+static int pbe_cmp(const char *const *a, const char *const *b)
 {
-	const EVP_PBE_CTL * const *pbe1 = (const EVP_PBE_CTL * const *) a,
-			* const *pbe2 = (const EVP_PBE_CTL * const *)b;
-	return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
+    const EVP_PBE_CTL *const *pbe1 = (const EVP_PBE_CTL *const *)a,
+        *const *pbe2 = (const EVP_PBE_CTL *const *)b;
+    return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid);
 }
 
 /* Add a PBE algorithm */
 
 int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md,
-	     EVP_PBE_KEYGEN *keygen)
+                    EVP_PBE_KEYGEN *keygen)
 {
-	EVP_PBE_CTL *pbe_tmp = NULL, pbelu;
-	int i;
-	if (!pbe_algs)
-		{
-		pbe_algs = sk_new(pbe_cmp);
-		if (!pbe_algs)
-			{
-			EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		}
-	else
-		{
-		/* Check if already present */
-		pbelu.pbe_nid = nid;
-		i = sk_find(pbe_algs, (char *)&pbelu);
-		if (i >= 0)
-			{
-			pbe_tmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i);
-			/* If everything identical leave alone */
-			if (pbe_tmp->cipher == cipher
-				&& pbe_tmp->md == md
-				&& pbe_tmp->keygen == keygen)
-				return 1;
-			}
-		}
+    EVP_PBE_CTL *pbe_tmp = NULL, pbelu;
+    int i;
+    if (!pbe_algs) {
+        pbe_algs = sk_new(pbe_cmp);
+        if (!pbe_algs) {
+            EVPerr(EVP_F_EVP_PBE_ALG_ADD, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    } else {
+        /* Check if already present */
+        pbelu.pbe_nid = nid;
+        i = sk_find(pbe_algs, (char *)&pbelu);
+        if (i >= 0) {
+            pbe_tmp = (EVP_PBE_CTL *)sk_value(pbe_algs, i);
+            /* If everything identical leave alone */
+            if (pbe_tmp->cipher == cipher
+                && pbe_tmp->md == md && pbe_tmp->keygen == keygen)
+                return 1;
+        }
+    }
 
-	if (!pbe_tmp)
-		{
-		pbe_tmp = OPENSSL_malloc (sizeof(EVP_PBE_CTL));
-		if (!pbe_tmp)
-			{
-			EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		/* If adding a new PBE, set nid, append and sort */
-		pbe_tmp->pbe_nid = nid;
-		sk_push (pbe_algs, (char *)pbe_tmp);
-		sk_sort(pbe_algs);
-		}
-		
-	pbe_tmp->cipher = cipher;
-	pbe_tmp->md = md;
-	pbe_tmp->keygen = keygen;
-	return 1;
+    if (!pbe_tmp) {
+        pbe_tmp = OPENSSL_malloc(sizeof(EVP_PBE_CTL));
+        if (!pbe_tmp) {
+            EVPerr(EVP_F_EVP_PBE_ALG_ADD, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        /* If adding a new PBE, set nid, append and sort */
+        pbe_tmp->pbe_nid = nid;
+        sk_push(pbe_algs, (char *)pbe_tmp);
+        sk_sort(pbe_algs);
+    }
+
+    pbe_tmp->cipher = cipher;
+    pbe_tmp->md = md;
+    pbe_tmp->keygen = keygen;
+    return 1;
 }
 
 void EVP_PBE_cleanup(void)
 {
-	sk_pop_free(pbe_algs, OPENSSL_freeFunc);
-	pbe_algs = NULL;
+    sk_pop_free(pbe_algs, OPENSSL_freeFunc);
+    pbe_algs = NULL;
 }
diff --git a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c
index 10d9e9e7..bc4d5c28 100644
--- a/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c
+++ b/Cryptlib/OpenSSL/crypto/evp/evp_pkey.c
@@ -1,6 +1,7 @@
 /* evp_pkey.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,10 +63,10 @@
 #include <openssl/x509.h>
 #include <openssl/rand.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 #include <openssl/bn.h>
 
@@ -80,654 +81,641 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey);
 
 EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
 {
-	EVP_PKEY *pkey = NULL;
+    EVP_PKEY *pkey = NULL;
 #ifndef OPENSSL_NO_RSA
-	RSA *rsa = NULL;
+    RSA *rsa = NULL;
 #endif
 #ifndef OPENSSL_NO_DSA
-	DSA *dsa = NULL;
-	ASN1_TYPE *t1, *t2;
-	ASN1_INTEGER *privkey;
-	STACK_OF(ASN1_TYPE) *ndsa = NULL;
+    DSA *dsa = NULL;
+    ASN1_TYPE *t1, *t2;
+    ASN1_INTEGER *privkey;
+    STACK_OF(ASN1_TYPE) *ndsa = NULL;
 #endif
 #ifndef OPENSSL_NO_EC
-	EC_KEY *eckey = NULL;
-	const unsigned char *p_tmp;
+    EC_KEY *eckey = NULL;
+    const unsigned char *p_tmp;
 #endif
 #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
-	ASN1_TYPE    *param = NULL;	
-	BN_CTX *ctx = NULL;
-	int plen;
+    ASN1_TYPE *param = NULL;
+    BN_CTX *ctx = NULL;
+    int plen;
 #endif
-	X509_ALGOR *a;
-	const unsigned char *p;
-	const unsigned char *cp;
-	int pkeylen;
-	int  nid;
-	char obj_tmp[80];
-
-	if(p8->pkey->type == V_ASN1_OCTET_STRING) {
-		p8->broken = PKCS8_OK;
-		p = p8->pkey->value.octet_string->data;
-		pkeylen = p8->pkey->value.octet_string->length;
-	} else {
-		p8->broken = PKCS8_NO_OCTET;
-		p = p8->pkey->value.sequence->data;
-		pkeylen = p8->pkey->value.sequence->length;
-	}
-	if (!(pkey = EVP_PKEY_new())) {
-		EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	a = p8->pkeyalg;
-	nid = OBJ_obj2nid(a->algorithm);
-	switch(nid)
-	{
+    X509_ALGOR *a;
+    const unsigned char *p;
+    const unsigned char *cp;
+    int pkeylen;
+    int nid;
+    char obj_tmp[80];
+
+    if (p8->pkey->type == V_ASN1_OCTET_STRING) {
+        p8->broken = PKCS8_OK;
+        p = p8->pkey->value.octet_string->data;
+        pkeylen = p8->pkey->value.octet_string->length;
+    } else {
+        p8->broken = PKCS8_NO_OCTET;
+        p = p8->pkey->value.sequence->data;
+        pkeylen = p8->pkey->value.sequence->length;
+    }
+    if (!(pkey = EVP_PKEY_new())) {
+        EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    a = p8->pkeyalg;
+    nid = OBJ_obj2nid(a->algorithm);
+    switch (nid) {
 #ifndef OPENSSL_NO_RSA
-		case NID_rsaEncryption:
-		cp = p;
-		if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) {
-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-			return NULL;
-		}
-		EVP_PKEY_assign_RSA (pkey, rsa);
-		break;
+    case NID_rsaEncryption:
+        cp = p;
+        if (!(rsa = d2i_RSAPrivateKey(NULL, &cp, pkeylen))) {
+            EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+            return NULL;
+        }
+        EVP_PKEY_assign_RSA(pkey, rsa);
+        break;
 #endif
 #ifndef OPENSSL_NO_DSA
-		case NID_dsa:
-		/* PKCS#8 DSA is weird: you just get a private key integer
-	         * and parameters in the AlgorithmIdentifier the pubkey must
-		 * be recalculated.
-		 */
-	
-		/* Check for broken DSA PKCS#8, UGH! */
-		if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
-		    if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, 
-							  d2i_ASN1_TYPE,
-							  ASN1_TYPE_free))) {
-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-			goto dsaerr;
-		    }
-		    if(sk_ASN1_TYPE_num(ndsa) != 2 ) {
-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-			goto dsaerr;
-		    }
-		    /* Handle Two broken types:
-		     * SEQUENCE {parameters, priv_key}
-		     * SEQUENCE {pub_key, priv_key}
-		     */
-
-		    t1 = sk_ASN1_TYPE_value(ndsa, 0);
-		    t2 = sk_ASN1_TYPE_value(ndsa, 1);
-		    if(t1->type == V_ASN1_SEQUENCE) {
-			p8->broken = PKCS8_EMBEDDED_PARAM;
-			param = t1;
-		    } else if(a->parameter->type == V_ASN1_SEQUENCE) {
-			p8->broken = PKCS8_NS_DB;
-			param = a->parameter;
-		    } else {
-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-			goto dsaerr;
-		    }
-
-		    if(t2->type != V_ASN1_INTEGER) {
-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-			goto dsaerr;
-		    }
-		    privkey = t2->value.integer;
-		} else {
-			if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) {
-				EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-				goto dsaerr;
-			}
-			param = p8->pkeyalg->parameter;
-		}
-		if (!param || (param->type != V_ASN1_SEQUENCE)) {
-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-			goto dsaerr;
-		}
-		cp = p = param->value.sequence->data;
-		plen = param->value.sequence->length;
-		if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) {
-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-			goto dsaerr;
-		}
-		/* We have parameters now set private key */
-		if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
-			EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR);
-			goto dsaerr;
-		}
-		/* Calculate public key (ouch!) */
-		if (!(dsa->pub_key = BN_new())) {
-			EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-			goto dsaerr;
-		}
-		if (!(ctx = BN_CTX_new())) {
-			EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE);
-			goto dsaerr;
-		}
-			
-		if (!BN_mod_exp(dsa->pub_key, dsa->g,
-						 dsa->priv_key, dsa->p, ctx)) {
-			
-			EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR);
-			goto dsaerr;
-		}
-
-		EVP_PKEY_assign_DSA(pkey, dsa);
-		BN_CTX_free (ctx);
-		if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-		else ASN1_INTEGER_free(privkey);
-		break;
-		dsaerr:
-		BN_CTX_free (ctx);
-		sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-		DSA_free(dsa);
-		EVP_PKEY_free(pkey);
-		return NULL;
-		break;
+    case NID_dsa:
+        /*
+         * PKCS#8 DSA is weird: you just get a private key integer and
+         * parameters in the AlgorithmIdentifier the pubkey must be
+         * recalculated.
+         */
+
+        /* Check for broken DSA PKCS#8, UGH! */
+        if (*p == (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) {
+            if (!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen,
+                                                   d2i_ASN1_TYPE,
+                                                   ASN1_TYPE_free))) {
+                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                goto dsaerr;
+            }
+            if (sk_ASN1_TYPE_num(ndsa) != 2) {
+                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                goto dsaerr;
+            }
+            /*
+             * Handle Two broken types: SEQUENCE {parameters, priv_key}
+             * SEQUENCE {pub_key, priv_key}
+             */
+
+            t1 = sk_ASN1_TYPE_value(ndsa, 0);
+            t2 = sk_ASN1_TYPE_value(ndsa, 1);
+            if (t1->type == V_ASN1_SEQUENCE) {
+                p8->broken = PKCS8_EMBEDDED_PARAM;
+                param = t1;
+            } else if (a->parameter->type == V_ASN1_SEQUENCE) {
+                p8->broken = PKCS8_NS_DB;
+                param = a->parameter;
+            } else {
+                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                goto dsaerr;
+            }
+
+            if (t2->type != V_ASN1_INTEGER) {
+                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                goto dsaerr;
+            }
+            privkey = t2->value.integer;
+        } else {
+            if (!(privkey = d2i_ASN1_INTEGER(NULL, &p, pkeylen))) {
+                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                goto dsaerr;
+            }
+            param = p8->pkeyalg->parameter;
+        }
+        if (!param || (param->type != V_ASN1_SEQUENCE)) {
+            EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+            goto dsaerr;
+        }
+        cp = p = param->value.sequence->data;
+        plen = param->value.sequence->length;
+        if (!(dsa = d2i_DSAparams(NULL, &cp, plen))) {
+            EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+            goto dsaerr;
+        }
+        /* We have parameters now set private key */
+        if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) {
+            EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_DECODE_ERROR);
+            goto dsaerr;
+        }
+        /* Calculate public key (ouch!) */
+        if (!(dsa->pub_key = BN_new())) {
+            EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE);
+            goto dsaerr;
+        }
+        if (!(ctx = BN_CTX_new())) {
+            EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE);
+            goto dsaerr;
+        }
+
+        if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
+
+            EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_BN_PUBKEY_ERROR);
+            goto dsaerr;
+        }
+
+        EVP_PKEY_assign_DSA(pkey, dsa);
+        BN_CTX_free(ctx);
+        if (ndsa)
+            sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+        else
+            ASN1_INTEGER_free(privkey);
+        break;
+ dsaerr:
+        BN_CTX_free(ctx);
+        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+        DSA_free(dsa);
+        EVP_PKEY_free(pkey);
+        return NULL;
+        break;
 #endif
 #ifndef OPENSSL_NO_EC
-		case NID_X9_62_id_ecPublicKey:
-		p_tmp = p;
-		/* extract the ec parameters */
-		param = p8->pkeyalg->parameter;
-
-		if (!param || ((param->type != V_ASN1_SEQUENCE) &&
-		    (param->type != V_ASN1_OBJECT)))
-		{
-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-			goto ecerr;
-		}
-
-		if (param->type == V_ASN1_SEQUENCE)
-		{
-			cp = p = param->value.sequence->data;
-			plen = param->value.sequence->length;
-
-			if (!(eckey = d2i_ECParameters(NULL, &cp, plen)))
-			{
-				EVPerr(EVP_F_EVP_PKCS82PKEY,
-					EVP_R_DECODE_ERROR);
-				goto ecerr;
-			}
-		}
-		else
-		{
-			EC_GROUP *group;
-			cp = p = param->value.object->data;
-			plen = param->value.object->length;
-
-			/* type == V_ASN1_OBJECT => the parameters are given
-			 * by an asn1 OID
-			 */
-			if ((eckey = EC_KEY_new()) == NULL)
-			{
-				EVPerr(EVP_F_EVP_PKCS82PKEY,
-					ERR_R_MALLOC_FAILURE);
-				goto ecerr;
-			}
-			group = EC_GROUP_new_by_curve_name(OBJ_obj2nid(a->parameter->value.object));
-			if (group == NULL)
-				goto ecerr;
-			EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
-			if (EC_KEY_set_group(eckey, group) == 0)
-				goto ecerr;
-			EC_GROUP_free(group);
-		}
-
-		/* We have parameters now set private key */
-		if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen))
-		{
-			EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
-			goto ecerr;
-		}
-
-		/* calculate public key (if necessary) */
-		if (EC_KEY_get0_public_key(eckey) == NULL)
-		{
-			const BIGNUM *priv_key;
-			const EC_GROUP *group;
-			EC_POINT *pub_key;
-			/* the public key was not included in the SEC1 private
-			 * key => calculate the public key */
-			group   = EC_KEY_get0_group(eckey);
-			pub_key = EC_POINT_new(group);
-			if (pub_key == NULL)
-			{
-				EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-				goto ecerr;
-			}
-			if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group)))
-			{
-				EC_POINT_free(pub_key);
-				EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-				goto ecerr;
-			}
-			priv_key = EC_KEY_get0_private_key(eckey);
-			if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx))
-			{
-				EC_POINT_free(pub_key);
-				EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-				goto ecerr;
-			}
-			if (EC_KEY_set_public_key(eckey, pub_key) == 0)
-			{
-				EC_POINT_free(pub_key);
-				EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
-				goto ecerr;
-			}
-			EC_POINT_free(pub_key);
-		}
-
-		EVP_PKEY_assign_EC_KEY(pkey, eckey);
-		if (ctx)
-			BN_CTX_free(ctx);
-		break;
-ecerr:
-		if (ctx)
-			BN_CTX_free(ctx);
-		if (eckey)
-			EC_KEY_free(eckey);
-		if (pkey)
-			EVP_PKEY_free(pkey);
-		return NULL;
+    case NID_X9_62_id_ecPublicKey:
+        p_tmp = p;
+        /* extract the ec parameters */
+        param = p8->pkeyalg->parameter;
+
+        if (!param || ((param->type != V_ASN1_SEQUENCE) &&
+                       (param->type != V_ASN1_OBJECT))) {
+            EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+            goto ecerr;
+        }
+
+        if (param->type == V_ASN1_SEQUENCE) {
+            cp = p = param->value.sequence->data;
+            plen = param->value.sequence->length;
+
+            if (!(eckey = d2i_ECParameters(NULL, &cp, plen))) {
+                EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+                goto ecerr;
+            }
+        } else {
+            EC_GROUP *group;
+            cp = p = param->value.object->data;
+            plen = param->value.object->length;
+
+            /*
+             * type == V_ASN1_OBJECT => the parameters are given by an asn1
+             * OID
+             */
+            if ((eckey = EC_KEY_new()) == NULL) {
+                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_MALLOC_FAILURE);
+                goto ecerr;
+            }
+            group =
+                EC_GROUP_new_by_curve_name(OBJ_obj2nid
+                                           (a->parameter->value.object));
+            if (group == NULL)
+                goto ecerr;
+            EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE);
+            if (EC_KEY_set_group(eckey, group) == 0)
+                goto ecerr;
+            EC_GROUP_free(group);
+        }
+
+        /* We have parameters now set private key */
+        if (!d2i_ECPrivateKey(&eckey, &p_tmp, pkeylen)) {
+            EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR);
+            goto ecerr;
+        }
+
+        /* calculate public key (if necessary) */
+        if (EC_KEY_get0_public_key(eckey) == NULL) {
+            const BIGNUM *priv_key;
+            const EC_GROUP *group;
+            EC_POINT *pub_key;
+            /*
+             * the public key was not included in the SEC1 private key =>
+             * calculate the public key
+             */
+            group = EC_KEY_get0_group(eckey);
+            pub_key = EC_POINT_new(group);
+            if (pub_key == NULL) {
+                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
+                goto ecerr;
+            }
+            if (!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
+                EC_POINT_free(pub_key);
+                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
+                goto ecerr;
+            }
+            priv_key = EC_KEY_get0_private_key(eckey);
+            if (!EC_POINT_mul(group, pub_key, priv_key, NULL, NULL, ctx)) {
+                EC_POINT_free(pub_key);
+                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
+                goto ecerr;
+            }
+            if (EC_KEY_set_public_key(eckey, pub_key) == 0) {
+                EC_POINT_free(pub_key);
+                EVPerr(EVP_F_EVP_PKCS82PKEY, ERR_R_EC_LIB);
+                goto ecerr;
+            }
+            EC_POINT_free(pub_key);
+        }
+
+        EVP_PKEY_assign_EC_KEY(pkey, eckey);
+        if (ctx)
+            BN_CTX_free(ctx);
+        break;
+ ecerr:
+        if (ctx)
+            BN_CTX_free(ctx);
+        if (eckey)
+            EC_KEY_free(eckey);
+        if (pkey)
+            EVP_PKEY_free(pkey);
+        return NULL;
 #endif
-		default:
-		EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-		if (!a->algorithm) BUF_strlcpy (obj_tmp, "NULL", sizeof obj_tmp);
-		else i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
-		ERR_add_error_data(2, "TYPE=", obj_tmp);
-		EVP_PKEY_free (pkey);
-		return NULL;
-	}
-	return pkey;
+    default:
+        EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+        if (!a->algorithm)
+            BUF_strlcpy(obj_tmp, "NULL", sizeof obj_tmp);
+        else
+            i2t_ASN1_OBJECT(obj_tmp, 80, a->algorithm);
+        ERR_add_error_data(2, "TYPE=", obj_tmp);
+        EVP_PKEY_free(pkey);
+        return NULL;
+    }
+    return pkey;
 }
 
 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey)
 {
-	return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
+    return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK);
 }
 
 /* Turn a private key into a PKCS8 structure */
 
 PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken)
 {
-	PKCS8_PRIV_KEY_INFO *p8;
-
-	if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {	
-		EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	p8->broken = broken;
-	if (!ASN1_INTEGER_set(p8->version, 0)) {
-		EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
-		PKCS8_PRIV_KEY_INFO_free (p8);
-		return NULL;
-	}
-	if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) {
-		EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
-		PKCS8_PRIV_KEY_INFO_free (p8);
-		return NULL;
-	}
-	p8->pkey->type = V_ASN1_OCTET_STRING;
-	switch (EVP_PKEY_type(pkey->type)) {
+    PKCS8_PRIV_KEY_INFO *p8;
+
+    if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) {
+        EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    p8->broken = broken;
+    if (!ASN1_INTEGER_set(p8->version, 0)) {
+        EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE);
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        return NULL;
+    }
+    if (!(p8->pkeyalg->parameter = ASN1_TYPE_new())) {
+        EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE);
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        return NULL;
+    }
+    p8->pkey->type = V_ASN1_OCTET_STRING;
+    switch (EVP_PKEY_type(pkey->type)) {
 #ifndef OPENSSL_NO_RSA
-		case EVP_PKEY_RSA:
-
-		if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE;
-
-		p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
-		p8->pkeyalg->parameter->type = V_ASN1_NULL;
-		if (!ASN1_pack_string_of (EVP_PKEY,pkey, i2d_PrivateKey,
-					 &p8->pkey->value.octet_string)) {
-			EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,ERR_R_MALLOC_FAILURE);
-			PKCS8_PRIV_KEY_INFO_free (p8);
-			return NULL;
-		}
-		break;
+    case EVP_PKEY_RSA:
+
+        if (p8->broken == PKCS8_NO_OCTET)
+            p8->pkey->type = V_ASN1_SEQUENCE;
+
+        p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
+        p8->pkeyalg->parameter->type = V_ASN1_NULL;
+        if (!ASN1_pack_string_of(EVP_PKEY, pkey, i2d_PrivateKey,
+                                 &p8->pkey->value.octet_string)) {
+            EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, ERR_R_MALLOC_FAILURE);
+            PKCS8_PRIV_KEY_INFO_free(p8);
+            return NULL;
+        }
+        break;
 #endif
 #ifndef OPENSSL_NO_DSA
-		case EVP_PKEY_DSA:
-		if(!dsa_pkey2pkcs8(p8, pkey)) {
-			PKCS8_PRIV_KEY_INFO_free (p8);
-			return NULL;
-		}
+    case EVP_PKEY_DSA:
+        if (!dsa_pkey2pkcs8(p8, pkey)) {
+            PKCS8_PRIV_KEY_INFO_free(p8);
+            return NULL;
+        }
 
-		break;
+        break;
 #endif
 #ifndef OPENSSL_NO_EC
-		case EVP_PKEY_EC:
-		if (!eckey_pkey2pkcs8(p8, pkey))
-		{
-			PKCS8_PRIV_KEY_INFO_free(p8);
-			return(NULL);
-		}
-		break;
+    case EVP_PKEY_EC:
+        if (!eckey_pkey2pkcs8(p8, pkey)) {
+            PKCS8_PRIV_KEY_INFO_free(p8);
+            return (NULL);
+        }
+        break;
 #endif
-		default:
-		EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN, EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
-		PKCS8_PRIV_KEY_INFO_free (p8);
-		return NULL;
-	}
-	RAND_add(p8->pkey->value.octet_string->data,
-		 p8->pkey->value.octet_string->length, 0.0);
-	return p8;
+    default:
+        EVPerr(EVP_F_EVP_PKEY2PKCS8_BROKEN,
+               EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM);
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        return NULL;
+    }
+    RAND_add(p8->pkey->value.octet_string->data,
+             p8->pkey->value.octet_string->length, 0.0);
+    return p8;
 }
 
 PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken)
 {
-	switch (broken) {
-
-		case PKCS8_OK:
-		p8->broken = PKCS8_OK;
-		return p8;
-		break;
-
-		case PKCS8_NO_OCTET:
-		p8->broken = PKCS8_NO_OCTET;
-		p8->pkey->type = V_ASN1_SEQUENCE;
-		return p8;
-		break;
-
-		default:
-		EVPerr(EVP_F_PKCS8_SET_BROKEN,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
-		return NULL;
-	}
+    switch (broken) {
+
+    case PKCS8_OK:
+        p8->broken = PKCS8_OK;
+        return p8;
+        break;
+
+    case PKCS8_NO_OCTET:
+        p8->broken = PKCS8_NO_OCTET;
+        p8->pkey->type = V_ASN1_SEQUENCE;
+        return p8;
+        break;
+
+    default:
+        EVPerr(EVP_F_PKCS8_SET_BROKEN, EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE);
+        return NULL;
+    }
 }
 
 #ifndef OPENSSL_NO_DSA
 static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
 {
-	ASN1_STRING *params = NULL;
-	ASN1_INTEGER *prkey = NULL;
-	ASN1_TYPE *ttmp = NULL;
-	STACK_OF(ASN1_TYPE) *ndsa = NULL;
-	unsigned char *p = NULL, *q;
-	int len;
-
-	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
-	len = i2d_DSAparams (pkey->pkey.dsa, NULL);
-	if (!(p = OPENSSL_malloc(len))) {
-		EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	q = p;
-	i2d_DSAparams (pkey->pkey.dsa, &q);
-	if (!(params = ASN1_STRING_new())) {
-		EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	if (!ASN1_STRING_set(params, p, len)) {
-		EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-	OPENSSL_free(p);
-	p = NULL;
-	/* Get private key into integer */
-	if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) {
-		EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-		goto err;
-	}
-
-	switch(p8->broken) {
-
-		case PKCS8_OK:
-		case PKCS8_NO_OCTET:
-
-		if (!ASN1_pack_string_of(ASN1_INTEGER,prkey, i2d_ASN1_INTEGER,
-					 &p8->pkey->value.octet_string)) {
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-
-		M_ASN1_INTEGER_free (prkey);
-		prkey = NULL;
-		p8->pkeyalg->parameter->value.sequence = params;
-		params = NULL;
-		p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-
-		break;
-
-		case PKCS8_NS_DB:
-
-		p8->pkeyalg->parameter->value.sequence = params;
-		params = NULL;
-		p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-		if (!(ndsa = sk_ASN1_TYPE_new_null())) {
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		if (!(ttmp = ASN1_TYPE_new())) {
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		if (!(ttmp->value.integer =
-			BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-			goto err;
-		}
-		ttmp->type = V_ASN1_INTEGER;
-		if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-
-		if (!(ttmp = ASN1_TYPE_new())) {
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		ttmp->value.integer = prkey;
-		prkey = NULL;
-		ttmp->type = V_ASN1_INTEGER;
-		if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		ttmp = NULL;
-
-		if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-
-		if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
-					 &p8->pkey->value.octet_string->data,
-					 &p8->pkey->value.octet_string->length)) {
-
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-		break;
-
-		case PKCS8_EMBEDDED_PARAM:
-
-		p8->pkeyalg->parameter->type = V_ASN1_NULL;
-		if (!(ndsa = sk_ASN1_TYPE_new_null())) {
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		if (!(ttmp = ASN1_TYPE_new())) {
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		ttmp->value.sequence = params;
-		params = NULL;
-		ttmp->type = V_ASN1_SEQUENCE;
-		if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-
-		if (!(ttmp = ASN1_TYPE_new())) {
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		ttmp->value.integer = prkey;
-		prkey = NULL;
-		ttmp->type = V_ASN1_INTEGER;
-		if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		ttmp = NULL;
-
-		if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-
-		if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
-					 &p8->pkey->value.octet_string->data,
-					 &p8->pkey->value.octet_string->length)) {
-
-			EVPerr(EVP_F_DSA_PKEY2PKCS8,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-		break;
-	}
-	return 1;
-err:
-	if (p != NULL) OPENSSL_free(p);
-	if (params != NULL) ASN1_STRING_free(params);
-	if (prkey != NULL) M_ASN1_INTEGER_free(prkey);
-	if (ttmp != NULL) ASN1_TYPE_free(ttmp);
-	if (ndsa != NULL) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
-	return 0;
+    ASN1_STRING *params = NULL;
+    ASN1_INTEGER *prkey = NULL;
+    ASN1_TYPE *ttmp = NULL;
+    STACK_OF(ASN1_TYPE) *ndsa = NULL;
+    unsigned char *p = NULL, *q;
+    int len;
+
+    p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa);
+    len = i2d_DSAparams(pkey->pkey.dsa, NULL);
+    if (!(p = OPENSSL_malloc(len))) {
+        EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    q = p;
+    i2d_DSAparams(pkey->pkey.dsa, &q);
+    if (!(params = ASN1_STRING_new())) {
+        EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (!ASN1_STRING_set(params, p, len)) {
+        EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    OPENSSL_free(p);
+    p = NULL;
+    /* Get private key into integer */
+    if (!(prkey = BN_to_ASN1_INTEGER(pkey->pkey.dsa->priv_key, NULL))) {
+        EVPerr(EVP_F_DSA_PKEY2PKCS8, EVP_R_ENCODE_ERROR);
+        goto err;
+    }
+
+    switch (p8->broken) {
+
+    case PKCS8_OK:
+    case PKCS8_NO_OCTET:
+
+        if (!ASN1_pack_string_of(ASN1_INTEGER, prkey, i2d_ASN1_INTEGER,
+                                 &p8->pkey->value.octet_string)) {
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        M_ASN1_INTEGER_free(prkey);
+        prkey = NULL;
+        p8->pkeyalg->parameter->value.sequence = params;
+        params = NULL;
+        p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+
+        break;
+
+    case PKCS8_NS_DB:
+
+        p8->pkeyalg->parameter->value.sequence = params;
+        params = NULL;
+        p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+        if (!(ndsa = sk_ASN1_TYPE_new_null())) {
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!(ttmp = ASN1_TYPE_new())) {
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!(ttmp->value.integer =
+              BN_to_ASN1_INTEGER(pkey->pkey.dsa->pub_key, NULL))) {
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, EVP_R_ENCODE_ERROR);
+            goto err;
+        }
+        ttmp->type = V_ASN1_INTEGER;
+        if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        if (!(ttmp = ASN1_TYPE_new())) {
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        ttmp->value.integer = prkey;
+        prkey = NULL;
+        ttmp->type = V_ASN1_INTEGER;
+        if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        ttmp = NULL;
+
+        if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
+                                     &p8->pkey->value.octet_string->data,
+                                     &p8->pkey->value.octet_string->length)) {
+
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+        break;
+
+    case PKCS8_EMBEDDED_PARAM:
+
+        p8->pkeyalg->parameter->type = V_ASN1_NULL;
+        if (!(ndsa = sk_ASN1_TYPE_new_null())) {
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!(ttmp = ASN1_TYPE_new())) {
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        ttmp->value.sequence = params;
+        params = NULL;
+        ttmp->type = V_ASN1_SEQUENCE;
+        if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        if (!(ttmp = ASN1_TYPE_new())) {
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        ttmp->value.integer = prkey;
+        prkey = NULL;
+        ttmp->type = V_ASN1_INTEGER;
+        if (!sk_ASN1_TYPE_push(ndsa, ttmp)) {
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        ttmp = NULL;
+
+        if (!(p8->pkey->value.octet_string = ASN1_OCTET_STRING_new())) {
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE,
+                                     &p8->pkey->value.octet_string->data,
+                                     &p8->pkey->value.octet_string->length)) {
+
+            EVPerr(EVP_F_DSA_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+        break;
+    }
+    return 1;
+ err:
+    if (p != NULL)
+        OPENSSL_free(p);
+    if (params != NULL)
+        ASN1_STRING_free(params);
+    if (prkey != NULL)
+        M_ASN1_INTEGER_free(prkey);
+    if (ttmp != NULL)
+        ASN1_TYPE_free(ttmp);
+    if (ndsa != NULL)
+        sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free);
+    return 0;
 }
 #endif
 
 #ifndef OPENSSL_NO_EC
 static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
 {
-	EC_KEY		*ec_key;
-	const EC_GROUP  *group;
-	unsigned char	*p, *pp;
-	int 		nid, i, ret = 0;
-	unsigned int    tmp_flags, old_flags;
-
-	ec_key = pkey->pkey.ec;
-	if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) 
-	{
-		EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
-		return 0;
-	}
-
-	/* set the ec parameters OID */
-	if (p8->pkeyalg->algorithm)
-		ASN1_OBJECT_free(p8->pkeyalg->algorithm);
-
-	p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
-
-	/* set the ec parameters */
-
-	if (p8->pkeyalg->parameter)
-	{
-		ASN1_TYPE_free(p8->pkeyalg->parameter);
-		p8->pkeyalg->parameter = NULL;
-	}
-
-	if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL)
-	{
-		EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	
-	if (EC_GROUP_get_asn1_flag(group)
-                     && (nid = EC_GROUP_get_curve_name(group)))
-	{
-		/* we have a 'named curve' => just set the OID */
-		p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
-		p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
-	}
-	else	/* explicit parameters */
-	{
-		if ((i = i2d_ECParameters(ec_key, NULL)) == 0)
-		{
-			EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-			return 0;
-		}
-		if ((p = (unsigned char *) OPENSSL_malloc(i)) == NULL)
-		{
-			EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-			return 0;
-		}	
-		pp = p;
-		if (!i2d_ECParameters(ec_key, &pp))
-		{
-			EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-			OPENSSL_free(p);
-			return 0;
-		}
-		p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
-		if ((p8->pkeyalg->parameter->value.sequence 
-			= ASN1_STRING_new()) == NULL)
-		{
-			EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
-			OPENSSL_free(p);
-			return 0;
-		}
-		ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
-		OPENSSL_free(p);
-	}
-
-	/* set the private key */
-
-	/* do not include the parameters in the SEC1 private key
-	 * see PKCS#11 12.11 */
-	old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
-	tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
-	EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
-	i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
-	if (!i)
-	{
-		EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-		EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-		return 0;
-	}
-	p = (unsigned char *) OPENSSL_malloc(i);
-	if (!p)
-	{
-		EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-		EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	pp = p;
-	if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp))
-	{
-		EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-		EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
-		OPENSSL_free(p);
-		return 0;
-	}
-	/* restore old encoding flags */
-	EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
-
-	switch(p8->broken) {
-
-		case PKCS8_OK:
-		p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
-		if (!p8->pkey->value.octet_string ||
-		    !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
-		    (const void *)p, i))
-
-		{
-			EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
-		}
-		else
-			ret = 1;
-		break;
-		case PKCS8_NO_OCTET:		/* RSA specific */
-		case PKCS8_NS_DB:		/* DSA specific */
-		case PKCS8_EMBEDDED_PARAM:	/* DSA specific */
-		default:
-			EVPerr(EVP_F_ECKEY_PKEY2PKCS8,EVP_R_ENCODE_ERROR);
-	}
-	OPENSSL_cleanse(p, (size_t)i);
-	OPENSSL_free(p);
-	return ret;
+    EC_KEY *ec_key;
+    const EC_GROUP *group;
+    unsigned char *p, *pp;
+    int nid, i, ret = 0;
+    unsigned int tmp_flags, old_flags;
+
+    ec_key = pkey->pkey.ec;
+    if (ec_key == NULL || (group = EC_KEY_get0_group(ec_key)) == NULL) {
+        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_MISSING_PARAMETERS);
+        return 0;
+    }
+
+    /* set the ec parameters OID */
+    if (p8->pkeyalg->algorithm)
+        ASN1_OBJECT_free(p8->pkeyalg->algorithm);
+
+    p8->pkeyalg->algorithm = OBJ_nid2obj(NID_X9_62_id_ecPublicKey);
+
+    /* set the ec parameters */
+
+    if (p8->pkeyalg->parameter) {
+        ASN1_TYPE_free(p8->pkeyalg->parameter);
+        p8->pkeyalg->parameter = NULL;
+    }
+
+    if ((p8->pkeyalg->parameter = ASN1_TYPE_new()) == NULL) {
+        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (EC_GROUP_get_asn1_flag(group)
+        && (nid = EC_GROUP_get_curve_name(group))) {
+        /* we have a 'named curve' => just set the OID */
+        p8->pkeyalg->parameter->type = V_ASN1_OBJECT;
+        p8->pkeyalg->parameter->value.object = OBJ_nid2obj(nid);
+    } else {                    /* explicit parameters */
+
+        if ((i = i2d_ECParameters(ec_key, NULL)) == 0) {
+            EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
+            return 0;
+        }
+        if ((p = (unsigned char *)OPENSSL_malloc(i)) == NULL) {
+            EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        pp = p;
+        if (!i2d_ECParameters(ec_key, &pp)) {
+            EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
+            OPENSSL_free(p);
+            return 0;
+        }
+        p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE;
+        if ((p8->pkeyalg->parameter->value.sequence
+             = ASN1_STRING_new()) == NULL) {
+            EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_ASN1_LIB);
+            OPENSSL_free(p);
+            return 0;
+        }
+        ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, i);
+        OPENSSL_free(p);
+    }
+
+    /* set the private key */
+
+    /*
+     * do not include the parameters in the SEC1 private key see PKCS#11
+     * 12.11
+     */
+    old_flags = EC_KEY_get_enc_flags(pkey->pkey.ec);
+    tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
+    EC_KEY_set_enc_flags(pkey->pkey.ec, tmp_flags);
+    i = i2d_ECPrivateKey(pkey->pkey.ec, NULL);
+    if (!i) {
+        EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
+        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
+        return 0;
+    }
+    p = (unsigned char *)OPENSSL_malloc(i);
+    if (!p) {
+        EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
+        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    pp = p;
+    if (!i2d_ECPrivateKey(pkey->pkey.ec, &pp)) {
+        EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
+        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_EC_LIB);
+        OPENSSL_free(p);
+        return 0;
+    }
+    /* restore old encoding flags */
+    EC_KEY_set_enc_flags(pkey->pkey.ec, old_flags);
+
+    switch (p8->broken) {
+
+    case PKCS8_OK:
+        p8->pkey->value.octet_string = ASN1_OCTET_STRING_new();
+        if (!p8->pkey->value.octet_string ||
+            !M_ASN1_OCTET_STRING_set(p8->pkey->value.octet_string,
+                                     (const void *)p, i)) {
+            EVPerr(EVP_F_ECKEY_PKEY2PKCS8, ERR_R_MALLOC_FAILURE);
+        } else
+            ret = 1;
+        break;
+    case PKCS8_NO_OCTET:       /* RSA specific */
+    case PKCS8_NS_DB:          /* DSA specific */
+    case PKCS8_EMBEDDED_PARAM: /* DSA specific */
+    default:
+        EVPerr(EVP_F_ECKEY_PKEY2PKCS8, EVP_R_ENCODE_ERROR);
+    }
+    OPENSSL_cleanse(p, (size_t)i);
+    OPENSSL_free(p);
+    return ret;
 }
 #endif
 
@@ -735,60 +723,60 @@ static int eckey_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey)
 
 int EVP_PKEY_get_attr_count(const EVP_PKEY *key)
 {
-	return X509at_get_attr_count(key->attributes);
+    return X509at_get_attr_count(key->attributes);
 }
 
-int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid,
-			  int lastpos)
+int EVP_PKEY_get_attr_by_NID(const EVP_PKEY *key, int nid, int lastpos)
 {
-	return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
+    return X509at_get_attr_by_NID(key->attributes, nid, lastpos);
 }
 
 int EVP_PKEY_get_attr_by_OBJ(const EVP_PKEY *key, ASN1_OBJECT *obj,
-			  int lastpos)
+                             int lastpos)
 {
-	return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
+    return X509at_get_attr_by_OBJ(key->attributes, obj, lastpos);
 }
 
 X509_ATTRIBUTE *EVP_PKEY_get_attr(const EVP_PKEY *key, int loc)
 {
-	return X509at_get_attr(key->attributes, loc);
+    return X509at_get_attr(key->attributes, loc);
 }
 
 X509_ATTRIBUTE *EVP_PKEY_delete_attr(EVP_PKEY *key, int loc)
 {
-	return X509at_delete_attr(key->attributes, loc);
+    return X509at_delete_attr(key->attributes, loc);
 }
 
 int EVP_PKEY_add1_attr(EVP_PKEY *key, X509_ATTRIBUTE *attr)
 {
-	if(X509at_add1_attr(&key->attributes, attr)) return 1;
-	return 0;
+    if (X509at_add1_attr(&key->attributes, attr))
+        return 1;
+    return 0;
 }
 
 int EVP_PKEY_add1_attr_by_OBJ(EVP_PKEY *key,
-			const ASN1_OBJECT *obj, int type,
-			const unsigned char *bytes, int len)
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len)
 {
-	if(X509at_add1_attr_by_OBJ(&key->attributes, obj,
-				type, bytes, len)) return 1;
-	return 0;
+    if (X509at_add1_attr_by_OBJ(&key->attributes, obj, type, bytes, len))
+        return 1;
+    return 0;
 }
 
 int EVP_PKEY_add1_attr_by_NID(EVP_PKEY *key,
-			int nid, int type,
-			const unsigned char *bytes, int len)
+                              int nid, int type,
+                              const unsigned char *bytes, int len)
 {
-	if(X509at_add1_attr_by_NID(&key->attributes, nid,
-				type, bytes, len)) return 1;
-	return 0;
+    if (X509at_add1_attr_by_NID(&key->attributes, nid, type, bytes, len))
+        return 1;
+    return 0;
 }
 
 int EVP_PKEY_add1_attr_by_txt(EVP_PKEY *key,
-			const char *attrname, int type,
-			const unsigned char *bytes, int len)
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len)
 {
-	if(X509at_add1_attr_by_txt(&key->attributes, attrname,
-				type, bytes, len)) return 1;
-	return 0;
+    if (X509at_add1_attr_by_txt(&key->attributes, attrname, type, bytes, len))
+        return 1;
+    return 0;
 }
diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss.c b/Cryptlib/OpenSSL/crypto/evp/m_dss.c
index 6b0c0aa7..24c852df 100644
--- a/Cryptlib/OpenSSL/crypto/evp/m_dss.c
+++ b/Cryptlib/OpenSSL/crypto/evp/m_dss.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,38 +62,43 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 
 #ifndef OPENSSL_NO_SHA
 
 static int init(EVP_MD_CTX *ctx)
-	{ return SHA1_Init(ctx->md_data); }
+{
+    return SHA1_Init(ctx->md_data);
+}
 
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return SHA1_Update(ctx->md_data,data,count); }
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA1_Update(ctx->md_data, data, count);
+}
 
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return SHA1_Final(md,ctx->md_data); }
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA1_Final(md, ctx->md_data);
+}
 
-static const EVP_MD dsa_md=
-	{
-	NID_dsaWithSHA,
-	NID_dsaWithSHA,
-	SHA_DIGEST_LENGTH,
-	EVP_MD_FLAG_FIPS,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_DSA_method,
-	SHA_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA_CTX),
-	};
+static const EVP_MD dsa_md = {
+    NID_dsaWithSHA,
+    NID_dsaWithSHA,
+    SHA_DIGEST_LENGTH,
+    EVP_MD_FLAG_FIPS,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    EVP_PKEY_DSA_method,
+    SHA_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
 
 const EVP_MD *EVP_dss(void)
-	{
-	return(&dsa_md);
-	}
+{
+    return (&dsa_md);
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c
index da8babc1..137eb365 100644
--- a/Cryptlib/OpenSSL/crypto/evp/m_dss1.c
+++ b/Cryptlib/OpenSSL/crypto/evp/m_dss1.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,43 +61,48 @@
 
 #ifndef OPENSSL_NO_SHA
 
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# ifndef OPENSSL_NO_DSA
+#  include <openssl/dsa.h>
+# endif
 
-#ifndef OPENSSL_FIPS
+# ifndef OPENSSL_FIPS
 
 static int init(EVP_MD_CTX *ctx)
-	{ return SHA1_Init(ctx->md_data); }
+{
+    return SHA1_Init(ctx->md_data);
+}
 
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return SHA1_Update(ctx->md_data,data,count); }
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA1_Update(ctx->md_data, data, count);
+}
 
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return SHA1_Final(md,ctx->md_data); }
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA1_Final(md, ctx->md_data);
+}
 
-static const EVP_MD dss1_md=
-	{
-	NID_dsa,
-	NID_dsaWithSHA1,
-	SHA_DIGEST_LENGTH,
-	0,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_DSA_method,
-	SHA_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA_CTX),
-	};
+static const EVP_MD dss1_md = {
+    NID_dsa,
+    NID_dsaWithSHA1,
+    SHA_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    EVP_PKEY_DSA_method,
+    SHA_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
 
 const EVP_MD *EVP_dss1(void)
-	{
-	return(&dss1_md);
-	}
-#endif
+{
+    return (&dss1_md);
+}
+# endif
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c
index fad270fa..aef84c27 100644
--- a/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c
+++ b/Cryptlib/OpenSSL/crypto/evp/m_ecdsa.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,21 +58,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -87,10 +87,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -102,7 +102,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -117,32 +117,37 @@
 
 #ifndef OPENSSL_NO_SHA
 static int init(EVP_MD_CTX *ctx)
-	{ return SHA1_Init(ctx->md_data); }
+{
+    return SHA1_Init(ctx->md_data);
+}
 
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return SHA1_Update(ctx->md_data,data,count); }
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA1_Update(ctx->md_data, data, count);
+}
 
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return SHA1_Final(md,ctx->md_data); }
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA1_Final(md, ctx->md_data);
+}
 
-static const EVP_MD ecdsa_md=
-	{
-	NID_ecdsa_with_SHA1,
-	NID_ecdsa_with_SHA1,
-	SHA_DIGEST_LENGTH,
-	0,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_ECDSA_method,
-	SHA_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA_CTX),
-	};
+static const EVP_MD ecdsa_md = {
+    NID_ecdsa_with_SHA1,
+    NID_ecdsa_with_SHA1,
+    SHA_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    EVP_PKEY_ECDSA_method,
+    SHA_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
 
 const EVP_MD *EVP_ecdsa(void)
-	{
-	return(&ecdsa_md);
-	}
+{
+    return (&ecdsa_md);
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md2.c b/Cryptlib/OpenSSL/crypto/evp/m_md2.c
index 8eee6236..7c6efd1b 100644
--- a/Cryptlib/OpenSSL/crypto/evp/m_md2.c
+++ b/Cryptlib/OpenSSL/crypto/evp/m_md2.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,41 +62,46 @@
 
 #ifndef OPENSSL_NO_MD2
 
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/md2.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md2.h>
+# ifndef OPENSSL_NO_RSA
+#  include <openssl/rsa.h>
+# endif
 
 static int init(EVP_MD_CTX *ctx)
-	{ return MD2_Init(ctx->md_data); }
+{
+    return MD2_Init(ctx->md_data);
+}
 
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return MD2_Update(ctx->md_data,data,count); }
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return MD2_Update(ctx->md_data, data, count);
+}
 
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return MD2_Final(md,ctx->md_data); }
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return MD2_Final(md, ctx->md_data);
+}
 
-static const EVP_MD md2_md=
-	{
-	NID_md2,
-	NID_md2WithRSAEncryption,
-	MD2_DIGEST_LENGTH,
-	0,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	MD2_BLOCK,
-	sizeof(EVP_MD *)+sizeof(MD2_CTX),
-	};
+static const EVP_MD md2_md = {
+    NID_md2,
+    NID_md2WithRSAEncryption,
+    MD2_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    EVP_PKEY_RSA_method,
+    MD2_BLOCK,
+    sizeof(EVP_MD *) + sizeof(MD2_CTX),
+};
 
 const EVP_MD *EVP_md2(void)
-	{
-	return(&md2_md);
-	}
+{
+    return (&md2_md);
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md4.c b/Cryptlib/OpenSSL/crypto/evp/m_md4.c
index 5cd2ab5a..01a05ada 100644
--- a/Cryptlib/OpenSSL/crypto/evp/m_md4.c
+++ b/Cryptlib/OpenSSL/crypto/evp/m_md4.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,41 +62,46 @@
 
 #ifndef OPENSSL_NO_MD4
 
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/md4.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md4.h>
+# ifndef OPENSSL_NO_RSA
+#  include <openssl/rsa.h>
+# endif
 
 static int init(EVP_MD_CTX *ctx)
-	{ return MD4_Init(ctx->md_data); }
+{
+    return MD4_Init(ctx->md_data);
+}
 
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return MD4_Update(ctx->md_data,data,count); }
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return MD4_Update(ctx->md_data, data, count);
+}
 
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return MD4_Final(md,ctx->md_data); }
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return MD4_Final(md, ctx->md_data);
+}
 
-static const EVP_MD md4_md=
-	{
-	NID_md4,
-	NID_md4WithRSAEncryption,
-	MD4_DIGEST_LENGTH,
-	0,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	MD4_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(MD4_CTX),
-	};
+static const EVP_MD md4_md = {
+    NID_md4,
+    NID_md4WithRSAEncryption,
+    MD4_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    EVP_PKEY_RSA_method,
+    MD4_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(MD4_CTX),
+};
 
 const EVP_MD *EVP_md4(void)
-	{
-	return(&md4_md);
-	}
+{
+    return (&md4_md);
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/m_md5.c b/Cryptlib/OpenSSL/crypto/evp/m_md5.c
index 64558296..5aabcb7d 100644
--- a/Cryptlib/OpenSSL/crypto/evp/m_md5.c
+++ b/Cryptlib/OpenSSL/crypto/evp/m_md5.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,42 +61,47 @@
 
 #ifndef OPENSSL_NO_MD5
 
-#include <openssl/evp.h>
-#include "evp_locl.h"
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/md5.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
+# include <openssl/evp.h>
+# include "evp_locl.h"
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/md5.h>
+# ifndef OPENSSL_NO_RSA
+#  include <openssl/rsa.h>
+# endif
 
 static int init(EVP_MD_CTX *ctx)
-	{ return MD5_Init(ctx->md_data); }
+{
+    return MD5_Init(ctx->md_data);
+}
 
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return MD5_Update(ctx->md_data,data,count); }
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return MD5_Update(ctx->md_data, data, count);
+}
 
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return MD5_Final(md,ctx->md_data); }
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return MD5_Final(md, ctx->md_data);
+}
 
-static const EVP_MD md5_md=
-	{
-	NID_md5,
-	NID_md5WithRSAEncryption,
-	MD5_DIGEST_LENGTH,
-	0,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	MD5_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(MD5_CTX),
-	};
+static const EVP_MD md5_md = {
+    NID_md5,
+    NID_md5WithRSAEncryption,
+    MD5_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    EVP_PKEY_RSA_method,
+    MD5_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(MD5_CTX),
+};
 
 const EVP_MD *EVP_md5(void)
-	{
-	return(&md5_md);
-	}
+{
+    return (&md5_md);
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/m_null.c b/Cryptlib/OpenSSL/crypto/evp/m_null.c
index cb072169..017e1feb 100644
--- a/Cryptlib/OpenSSL/crypto/evp/m_null.c
+++ b/Cryptlib/OpenSSL/crypto/evp/m_null.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,33 +63,36 @@
 #include <openssl/x509.h>
 
 static int init(EVP_MD_CTX *ctx)
-	{ return 1; }
+{
+    return 1;
+}
 
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return 1; }
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return 1;
+}
 
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return 1; }
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return 1;
+}
 
-static const EVP_MD null_md=
-	{
-	NID_undef,
-	NID_undef,
-	0,
-	0,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_NULL_method,
-	0,
-	sizeof(EVP_MD *),
-	};
+static const EVP_MD null_md = {
+    NID_undef,
+    NID_undef,
+    0,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    EVP_PKEY_NULL_method,
+    0,
+    sizeof(EVP_MD *),
+};
 
 const EVP_MD *EVP_md_null(void)
-	{
-	return(&null_md);
-	}
-
-
+{
+    return (&null_md);
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c
index a1d60ee7..979f77cd 100644
--- a/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c
+++ b/Cryptlib/OpenSSL/crypto/evp/m_ripemd.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,41 +61,46 @@
 
 #ifndef OPENSSL_NO_RIPEMD
 
-#include <openssl/ripemd.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
+# include <openssl/ripemd.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# ifndef OPENSSL_NO_RSA
+#  include <openssl/rsa.h>
+# endif
 
 static int init(EVP_MD_CTX *ctx)
-	{ return RIPEMD160_Init(ctx->md_data); }
+{
+    return RIPEMD160_Init(ctx->md_data);
+}
 
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return RIPEMD160_Update(ctx->md_data,data,count); }
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return RIPEMD160_Update(ctx->md_data, data, count);
+}
 
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return RIPEMD160_Final(md,ctx->md_data); }
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return RIPEMD160_Final(md, ctx->md_data);
+}
 
-static const EVP_MD ripemd160_md=
-	{
-	NID_ripemd160,
-	NID_ripemd160WithRSA,
-	RIPEMD160_DIGEST_LENGTH,
-	0,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	RIPEMD160_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX),
-	};
+static const EVP_MD ripemd160_md = {
+    NID_ripemd160,
+    NID_ripemd160WithRSA,
+    RIPEMD160_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    EVP_PKEY_RSA_method,
+    RIPEMD160_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(RIPEMD160_CTX),
+};
 
 const EVP_MD *EVP_ripemd160(void)
-	{
-	return(&ripemd160_md);
-	}
+{
+    return (&ripemd160_md);
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha.c b/Cryptlib/OpenSSL/crypto/evp/m_sha.c
index 3f30dfc5..918ca5ec 100644
--- a/Cryptlib/OpenSSL/crypto/evp/m_sha.c
+++ b/Cryptlib/OpenSSL/crypto/evp/m_sha.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,40 +62,45 @@
 
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0)
 
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# ifndef OPENSSL_NO_RSA
+#  include <openssl/rsa.h>
+# endif
 
 static int init(EVP_MD_CTX *ctx)
-	{ return SHA_Init(ctx->md_data); }
+{
+    return SHA_Init(ctx->md_data);
+}
 
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return SHA_Update(ctx->md_data,data,count); }
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA_Update(ctx->md_data, data, count);
+}
 
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return SHA_Final(md,ctx->md_data); }
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA_Final(md, ctx->md_data);
+}
 
-static const EVP_MD sha_md=
-	{
-	NID_sha,
-	NID_shaWithRSAEncryption,
-	SHA_DIGEST_LENGTH,
-	0,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	SHA_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA_CTX),
-	};
+static const EVP_MD sha_md = {
+    NID_sha,
+    NID_shaWithRSAEncryption,
+    SHA_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    EVP_PKEY_RSA_method,
+    SHA_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
 
 const EVP_MD *EVP_sha(void)
-	{
-	return(&sha_md);
-	}
+{
+    return (&sha_md);
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c
index 471ec30b..4b107691 100644
--- a/Cryptlib/OpenSSL/crypto/evp/m_sha1.c
+++ b/Cryptlib/OpenSSL/crypto/evp/m_sha1.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,149 +61,180 @@
 
 #ifndef OPENSSL_NO_SHA
 
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# ifndef OPENSSL_NO_RSA
+#  include <openssl/rsa.h>
+# endif
 
-#ifndef OPENSSL_FIPS
+# ifndef OPENSSL_FIPS
 
 static int init(EVP_MD_CTX *ctx)
-	{ return SHA1_Init(ctx->md_data); }
-
-static int update(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return SHA1_Update(ctx->md_data,data,count); }
-
-static int final(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return SHA1_Final(md,ctx->md_data); }
-
-static const EVP_MD sha1_md=
-	{
-	NID_sha1,
-	NID_sha1WithRSAEncryption,
-	SHA_DIGEST_LENGTH,
-	0,
-	init,
-	update,
-	final,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	SHA_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA_CTX),
-	};
+{
+    return SHA1_Init(ctx->md_data);
+}
+
+static int update(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA1_Update(ctx->md_data, data, count);
+}
+
+static int final(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA1_Final(md, ctx->md_data);
+}
+
+static const EVP_MD sha1_md = {
+    NID_sha1,
+    NID_sha1WithRSAEncryption,
+    SHA_DIGEST_LENGTH,
+    0,
+    init,
+    update,
+    final,
+    NULL,
+    NULL,
+    EVP_PKEY_RSA_method,
+    SHA_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA_CTX),
+};
 
 const EVP_MD *EVP_sha1(void)
-	{
-	return(&sha1_md);
-	}
+{
+    return (&sha1_md);
+}
 
-#ifndef OPENSSL_NO_SHA256
+#  ifndef OPENSSL_NO_SHA256
 static int init224(EVP_MD_CTX *ctx)
-	{ return SHA224_Init(ctx->md_data); }
+{
+    return SHA224_Init(ctx->md_data);
+}
+
 static int init256(EVP_MD_CTX *ctx)
-	{ return SHA256_Init(ctx->md_data); }
+{
+    return SHA256_Init(ctx->md_data);
+}
+
 /*
  * Even though there're separate SHA224_[Update|Final], we call
  * SHA256 functions even in SHA224 context. This is what happens
  * there anyway, so we can spare few CPU cycles:-)
  */
-static int update256(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return SHA256_Update(ctx->md_data,data,count); }
-static int final256(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return SHA256_Final(md,ctx->md_data); }
-
-static const EVP_MD sha224_md=
-	{
-	NID_sha224,
-	NID_sha224WithRSAEncryption,
-	SHA224_DIGEST_LENGTH,
-	0,
-	init224,
-	update256,
-	final256,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	SHA256_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA256_CTX),
-	};
+static int update256(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA256_Update(ctx->md_data, data, count);
+}
+
+static int final256(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA256_Final(md, ctx->md_data);
+}
+
+static const EVP_MD sha224_md = {
+    NID_sha224,
+    NID_sha224WithRSAEncryption,
+    SHA224_DIGEST_LENGTH,
+    0,
+    init224,
+    update256,
+    final256,
+    NULL,
+    NULL,
+    EVP_PKEY_RSA_method,
+    SHA256_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA256_CTX),
+};
 
 const EVP_MD *EVP_sha224(void)
-	{ return(&sha224_md); }
-
-static const EVP_MD sha256_md=
-	{
-	NID_sha256,
-	NID_sha256WithRSAEncryption,
-	SHA256_DIGEST_LENGTH,
-	0,
-	init256,
-	update256,
-	final256,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	SHA256_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA256_CTX),
-	};
+{
+    return (&sha224_md);
+}
+
+static const EVP_MD sha256_md = {
+    NID_sha256,
+    NID_sha256WithRSAEncryption,
+    SHA256_DIGEST_LENGTH,
+    0,
+    init256,
+    update256,
+    final256,
+    NULL,
+    NULL,
+    EVP_PKEY_RSA_method,
+    SHA256_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA256_CTX),
+};
 
 const EVP_MD *EVP_sha256(void)
-	{ return(&sha256_md); }
-#endif	/* ifndef OPENSSL_NO_SHA256 */
+{
+    return (&sha256_md);
+}
+#  endif                        /* ifndef OPENSSL_NO_SHA256 */
 
-#ifndef OPENSSL_NO_SHA512
+#  ifndef OPENSSL_NO_SHA512
 static int init384(EVP_MD_CTX *ctx)
-	{ return SHA384_Init(ctx->md_data); }
+{
+    return SHA384_Init(ctx->md_data);
+}
+
 static int init512(EVP_MD_CTX *ctx)
-	{ return SHA512_Init(ctx->md_data); }
+{
+    return SHA512_Init(ctx->md_data);
+}
+
 /* See comment in SHA224/256 section */
-static int update512(EVP_MD_CTX *ctx,const void *data,size_t count)
-	{ return SHA512_Update(ctx->md_data,data,count); }
-static int final512(EVP_MD_CTX *ctx,unsigned char *md)
-	{ return SHA512_Final(md,ctx->md_data); }
-
-static const EVP_MD sha384_md=
-	{
-	NID_sha384,
-	NID_sha384WithRSAEncryption,
-	SHA384_DIGEST_LENGTH,
-	0,
-	init384,
-	update512,
-	final512,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	SHA512_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA512_CTX),
-	};
+static int update512(EVP_MD_CTX *ctx, const void *data, size_t count)
+{
+    return SHA512_Update(ctx->md_data, data, count);
+}
+
+static int final512(EVP_MD_CTX *ctx, unsigned char *md)
+{
+    return SHA512_Final(md, ctx->md_data);
+}
+
+static const EVP_MD sha384_md = {
+    NID_sha384,
+    NID_sha384WithRSAEncryption,
+    SHA384_DIGEST_LENGTH,
+    0,
+    init384,
+    update512,
+    final512,
+    NULL,
+    NULL,
+    EVP_PKEY_RSA_method,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
 
 const EVP_MD *EVP_sha384(void)
-	{ return(&sha384_md); }
-
-static const EVP_MD sha512_md=
-	{
-	NID_sha512,
-	NID_sha512WithRSAEncryption,
-	SHA512_DIGEST_LENGTH,
-	0,
-	init512,
-	update512,
-	final512,
-	NULL,
-	NULL,
-	EVP_PKEY_RSA_method,
-	SHA512_CBLOCK,
-	sizeof(EVP_MD *)+sizeof(SHA512_CTX),
-	};
+{
+    return (&sha384_md);
+}
+
+static const EVP_MD sha512_md = {
+    NID_sha512,
+    NID_sha512WithRSAEncryption,
+    SHA512_DIGEST_LENGTH,
+    0,
+    init512,
+    update512,
+    final512,
+    NULL,
+    NULL,
+    EVP_PKEY_RSA_method,
+    SHA512_CBLOCK,
+    sizeof(EVP_MD *) + sizeof(SHA512_CTX),
+};
 
 const EVP_MD *EVP_sha512(void)
-	{ return(&sha512_md); }
-#endif	/* ifndef OPENSSL_NO_SHA512 */
+{
+    return (&sha512_md);
+}
+#  endif                        /* ifndef OPENSSL_NO_SHA512 */
 
-#endif
+# endif
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/names.c b/Cryptlib/OpenSSL/crypto/evp/names.c
index 945879dc..d05c0006 100644
--- a/Cryptlib/OpenSSL/crypto/evp/names.c
+++ b/Cryptlib/OpenSSL/crypto/evp/names.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,68 +63,76 @@
 #include <openssl/x509.h>
 
 int EVP_add_cipher(const EVP_CIPHER *c)
-	{
-	int r;
+{
+    int r;
 
 #ifdef OPENSSL_FIPS
-	OPENSSL_init();
+    OPENSSL_init();
 #endif
 
-	r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
-	if (r == 0) return(0);
-	r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(const char *)c);
-	return(r);
-	}
+    r = OBJ_NAME_add(OBJ_nid2sn(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
+                     (const char *)c);
+    if (r == 0)
+        return (0);
+    r = OBJ_NAME_add(OBJ_nid2ln(c->nid), OBJ_NAME_TYPE_CIPHER_METH,
+                     (const char *)c);
+    return (r);
+}
 
 int EVP_add_digest(const EVP_MD *md)
-	{
-	int r;
-	const char *name;
+{
+    int r;
+    const char *name;
 
 #ifdef OPENSSL_FIPS
-	OPENSSL_init();
+    OPENSSL_init();
 #endif
-	name=OBJ_nid2sn(md->type);
-	r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(const char *)md);
-	if (r == 0) return(0);
-	r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(const char *)md);
-	if (r == 0) return(0);
+    name = OBJ_nid2sn(md->type);
+    r = OBJ_NAME_add(name, OBJ_NAME_TYPE_MD_METH, (const char *)md);
+    if (r == 0)
+        return (0);
+    r = OBJ_NAME_add(OBJ_nid2ln(md->type), OBJ_NAME_TYPE_MD_METH,
+                     (const char *)md);
+    if (r == 0)
+        return (0);
 
-	if (md->pkey_type && md->type != md->pkey_type)
-		{
-		r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
-			OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
-		if (r == 0) return(0);
-		r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
-			OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name);
-		}
-	return(r);
-	}
+    if (md->pkey_type && md->type != md->pkey_type) {
+        r = OBJ_NAME_add(OBJ_nid2sn(md->pkey_type),
+                         OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name);
+        if (r == 0)
+            return (0);
+        r = OBJ_NAME_add(OBJ_nid2ln(md->pkey_type),
+                         OBJ_NAME_TYPE_MD_METH | OBJ_NAME_ALIAS, name);
+    }
+    return (r);
+}
 
 const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
-	{
-	const EVP_CIPHER *cp;
+{
+    const EVP_CIPHER *cp;
 
-	cp=(const EVP_CIPHER *)OBJ_NAME_get(name,OBJ_NAME_TYPE_CIPHER_METH);
-	return(cp);
-	}
+    cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
+    return (cp);
+}
 
 const EVP_MD *EVP_get_digestbyname(const char *name)
-	{
-	const EVP_MD *cp;
+{
+    const EVP_MD *cp;
 
-	cp=(const EVP_MD *)OBJ_NAME_get(name,OBJ_NAME_TYPE_MD_METH);
-	return(cp);
-	}
+    cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
+    return (cp);
+}
 
 void EVP_cleanup(void)
-	{
-	OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);
-	OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);
-	/* The above calls will only clean out the contents of the name
-	   hash table, but not the hash table itself.  The following line
-	   does that part.  -- Richard Levitte */
-	OBJ_NAME_cleanup(-1);
+{
+    OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH);
+    OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH);
+    /*
+     * The above calls will only clean out the contents of the name hash
+     * table, but not the hash table itself.  The following line does that
+     * part.  -- Richard Levitte
+     */
+    OBJ_NAME_cleanup(-1);
 
-	EVP_PBE_cleanup();
-	}
+    EVP_PBE_cleanup();
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c
index 2a265fde..0607feaa 100644
--- a/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c
+++ b/Cryptlib/OpenSSL/crypto/evp/p5_crpt.c
@@ -1,6 +1,7 @@
 /* p5_crpt.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,98 +63,103 @@
 #include <openssl/x509.h>
 #include <openssl/evp.h>
 
-/* PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info.
+/*
+ * PKCS#5 v1.5 compatible PBE functions: see PKCS#5 v2.0 for more info.
  */
 
 void PKCS5_PBE_add(void)
 {
 #ifndef OPENSSL_NO_DES
-#  ifndef OPENSSL_NO_MD5
-EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(),
-							 PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_MD2
-EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(),
-							 PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_SHA
-EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(),
-							 PKCS5_PBE_keyivgen);
-#  endif
+# ifndef OPENSSL_NO_MD5
+    EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(),
+                    PKCS5_PBE_keyivgen);
+# endif
+# ifndef OPENSSL_NO_MD2
+    EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(),
+                    PKCS5_PBE_keyivgen);
+# endif
+# ifndef OPENSSL_NO_SHA
+    EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(),
+                    PKCS5_PBE_keyivgen);
+# endif
 #endif
 #ifndef OPENSSL_NO_RC2
-#  ifndef OPENSSL_NO_MD5
-EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(),
-							 PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_MD2
-EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(),
-							 PKCS5_PBE_keyivgen);
-#  endif
-#  ifndef OPENSSL_NO_SHA
-EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
-							 PKCS5_PBE_keyivgen);
-#  endif
+# ifndef OPENSSL_NO_MD5
+    EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(),
+                    PKCS5_PBE_keyivgen);
+# endif
+# ifndef OPENSSL_NO_MD2
+    EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(),
+                    PKCS5_PBE_keyivgen);
+# endif
+# ifndef OPENSSL_NO_SHA
+    EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(),
+                    PKCS5_PBE_keyivgen);
+# endif
 #endif
 #ifndef OPENSSL_NO_HMAC
-EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);
+    EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen);
 #endif
 }
 
 int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
-			 ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md,
-			 int en_de)
+                       ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                       const EVP_MD *md, int en_de)
 {
-	EVP_MD_CTX ctx;
-	unsigned char md_tmp[EVP_MAX_MD_SIZE];
-	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
-	int i;
-	PBEPARAM *pbe;
-	int saltlen, iter;
-	unsigned char *salt;
-	const unsigned char *pbuf;
+    EVP_MD_CTX ctx;
+    unsigned char md_tmp[EVP_MAX_MD_SIZE];
+    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+    int i;
+    PBEPARAM *pbe;
+    int saltlen, iter;
+    unsigned char *salt;
+    const unsigned char *pbuf;
 
-	/* Extract useful info from parameter */
-	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
-	    param->value.sequence == NULL) {
-		EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-		return 0;
-	}
+    /* Extract useful info from parameter */
+    if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+        param->value.sequence == NULL) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+        return 0;
+    }
 
-	pbuf = param->value.sequence->data;
-	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
-		EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-		return 0;
-	}
+    pbuf = param->value.sequence->data;
+    if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
+        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+        return 0;
+    }
 
-	if (!pbe->iter) iter = 1;
-	else iter = ASN1_INTEGER_get (pbe->iter);
-	salt = pbe->salt->data;
-	saltlen = pbe->salt->length;
+    if (!pbe->iter)
+        iter = 1;
+    else
+        iter = ASN1_INTEGER_get(pbe->iter);
+    salt = pbe->salt->data;
+    saltlen = pbe->salt->length;
 
-	if(!pass) passlen = 0;
-	else if(passlen == -1) passlen = strlen(pass);
+    if (!pass)
+        passlen = 0;
+    else if (passlen == -1)
+        passlen = strlen(pass);
 
-	EVP_MD_CTX_init(&ctx);
-	EVP_DigestInit_ex(&ctx, md, NULL);
-	EVP_DigestUpdate(&ctx, pass, passlen);
-	EVP_DigestUpdate(&ctx, salt, saltlen);
-	PBEPARAM_free(pbe);
-	EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
-	for (i = 1; i < iter; i++) {
-		EVP_DigestInit_ex(&ctx, md, NULL);
-		EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
-		EVP_DigestFinal_ex (&ctx, md_tmp, NULL);
-	}
-	EVP_MD_CTX_cleanup(&ctx);
-	OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
-	memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
-	OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
-	memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
-						 EVP_CIPHER_iv_length(cipher));
-	EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
-	OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
-	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
-	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
-	return 1;
+    EVP_MD_CTX_init(&ctx);
+    EVP_DigestInit_ex(&ctx, md, NULL);
+    EVP_DigestUpdate(&ctx, pass, passlen);
+    EVP_DigestUpdate(&ctx, salt, saltlen);
+    PBEPARAM_free(pbe);
+    EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
+    for (i = 1; i < iter; i++) {
+        EVP_DigestInit_ex(&ctx, md, NULL);
+        EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md));
+        EVP_DigestFinal_ex(&ctx, md_tmp, NULL);
+    }
+    EVP_MD_CTX_cleanup(&ctx);
+    OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));
+    memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));
+    OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);
+    memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+           EVP_CIPHER_iv_length(cipher));
+    EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de);
+    OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+    OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+    OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+    return 1;
 }
diff --git a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c
index 6bec77ba..4c9496c0 100644
--- a/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c
+++ b/Cryptlib/OpenSSL/crypto/evp/p5_crpt2.c
@@ -1,6 +1,7 @@
 /* p5_crpt2.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -59,205 +60,212 @@
 #include <stdlib.h>
 #include "cryptlib.h"
 #if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA)
-#include <openssl/x509.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
+# include <openssl/x509.h>
+# include <openssl/evp.h>
+# include <openssl/hmac.h>
 
 /* set this to print out info about the keygen algorithm */
 /* #define DEBUG_PKCS5V2 */
 
-#ifdef DEBUG_PKCS5V2
-	static void h__dump (const unsigned char *p, int len);
-#endif
+# ifdef DEBUG_PKCS5V2
+static void h__dump(const unsigned char *p, int len);
+# endif
 
-/* This is an implementation of PKCS#5 v2.0 password based encryption key
+/*
+ * This is an implementation of PKCS#5 v2.0 password based encryption key
  * derivation function PBKDF2 using the only currently defined function HMAC
  * with SHA1. Verified against test vectors posted by Peter Gutmann
- * <pgut001@cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng@rsa.com> mailing list.
+ * <pgut001@cs.auckland.ac.nz> to the PKCS-TNG <pkcs-tng@rsa.com> mailing
+ * list.
  */
 
 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
-			   const unsigned char *salt, int saltlen, int iter,
-			   int keylen, unsigned char *out)
+                           const unsigned char *salt, int saltlen, int iter,
+                           int keylen, unsigned char *out)
 {
-	unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
-	int cplen, j, k, tkeylen;
-	unsigned long i = 1;
-	HMAC_CTX hctx;
+    unsigned char digtmp[SHA_DIGEST_LENGTH], *p, itmp[4];
+    int cplen, j, k, tkeylen;
+    unsigned long i = 1;
+    HMAC_CTX hctx;
 
-	HMAC_CTX_init(&hctx);
-	p = out;
-	tkeylen = keylen;
-	if(!pass) passlen = 0;
-	else if(passlen == -1) passlen = strlen(pass);
-	while(tkeylen) {
-		if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH;
-		else cplen = tkeylen;
-		/* We are unlikely to ever use more than 256 blocks (5120 bits!)
-		 * but just in case...
-		 */
-		itmp[0] = (unsigned char)((i >> 24) & 0xff);
-		itmp[1] = (unsigned char)((i >> 16) & 0xff);
-		itmp[2] = (unsigned char)((i >> 8) & 0xff);
-		itmp[3] = (unsigned char)(i & 0xff);
-		HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL);
-		HMAC_Update(&hctx, salt, saltlen);
-		HMAC_Update(&hctx, itmp, 4);
-		HMAC_Final(&hctx, digtmp, NULL);
-		memcpy(p, digtmp, cplen);
-		for(j = 1; j < iter; j++) {
-			HMAC(EVP_sha1(), pass, passlen,
-				 digtmp, SHA_DIGEST_LENGTH, digtmp, NULL);
-			for(k = 0; k < cplen; k++) p[k] ^= digtmp[k];
-		}
-		tkeylen-= cplen;
-		i++;
-		p+= cplen;
-	}
-	HMAC_CTX_cleanup(&hctx);
-#ifdef DEBUG_PKCS5V2
-	fprintf(stderr, "Password:\n");
-	h__dump (pass, passlen);
-	fprintf(stderr, "Salt:\n");
-	h__dump (salt, saltlen);
-	fprintf(stderr, "Iteration count %d\n", iter);
-	fprintf(stderr, "Key:\n");
-	h__dump (out, keylen);
-#endif
-	return 1;
+    HMAC_CTX_init(&hctx);
+    p = out;
+    tkeylen = keylen;
+    if (!pass)
+        passlen = 0;
+    else if (passlen == -1)
+        passlen = strlen(pass);
+    while (tkeylen) {
+        if (tkeylen > SHA_DIGEST_LENGTH)
+            cplen = SHA_DIGEST_LENGTH;
+        else
+            cplen = tkeylen;
+        /*
+         * We are unlikely to ever use more than 256 blocks (5120 bits!) but
+         * just in case...
+         */
+        itmp[0] = (unsigned char)((i >> 24) & 0xff);
+        itmp[1] = (unsigned char)((i >> 16) & 0xff);
+        itmp[2] = (unsigned char)((i >> 8) & 0xff);
+        itmp[3] = (unsigned char)(i & 0xff);
+        HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL);
+        HMAC_Update(&hctx, salt, saltlen);
+        HMAC_Update(&hctx, itmp, 4);
+        HMAC_Final(&hctx, digtmp, NULL);
+        memcpy(p, digtmp, cplen);
+        for (j = 1; j < iter; j++) {
+            HMAC(EVP_sha1(), pass, passlen,
+                 digtmp, SHA_DIGEST_LENGTH, digtmp, NULL);
+            for (k = 0; k < cplen; k++)
+                p[k] ^= digtmp[k];
+        }
+        tkeylen -= cplen;
+        i++;
+        p += cplen;
+    }
+    HMAC_CTX_cleanup(&hctx);
+# ifdef DEBUG_PKCS5V2
+    fprintf(stderr, "Password:\n");
+    h__dump(pass, passlen);
+    fprintf(stderr, "Salt:\n");
+    h__dump(salt, saltlen);
+    fprintf(stderr, "Iteration count %d\n", iter);
+    fprintf(stderr, "Key:\n");
+    h__dump(out, keylen);
+# endif
+    return 1;
 }
 
-#ifdef DO_TEST
+# ifdef DO_TEST
 main()
 {
-	unsigned char out[4];
-	unsigned char salt[] = {0x12, 0x34, 0x56, 0x78};
-	PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out);
-	fprintf(stderr, "Out %02X %02X %02X %02X\n",
-					 out[0], out[1], out[2], out[3]);
+    unsigned char out[4];
+    unsigned char salt[] = { 0x12, 0x34, 0x56, 0x78 };
+    PKCS5_PBKDF2_HMAC_SHA1("password", -1, salt, 4, 5, 4, out);
+    fprintf(stderr, "Out %02X %02X %02X %02X\n",
+            out[0], out[1], out[2], out[3]);
 }
 
-#endif
+# endif
 
-/* Now the key derivation function itself. This is a bit evil because
- * it has to check the ASN1 parameters are valid: and there are quite a
- * few of them...
+/*
+ * Now the key derivation function itself. This is a bit evil because it has
+ * to check the ASN1 parameters are valid: and there are quite a few of
+ * them...
  */
 
 int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-                         ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md,
-                         int en_de)
+                          ASN1_TYPE *param, const EVP_CIPHER *c,
+                          const EVP_MD *md, int en_de)
 {
-	unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
-	const unsigned char *pbuf;
-	int saltlen, iter, plen;
-	unsigned int keylen;
-	PBE2PARAM *pbe2 = NULL;
-	const EVP_CIPHER *cipher;
-	PBKDF2PARAM *kdf = NULL;
+    unsigned char *salt, key[EVP_MAX_KEY_LENGTH];
+    const unsigned char *pbuf;
+    int saltlen, iter, plen;
+    unsigned int keylen;
+    PBE2PARAM *pbe2 = NULL;
+    const EVP_CIPHER *cipher;
+    PBKDF2PARAM *kdf = NULL;
 
-	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
-	    param->value.sequence == NULL) {
-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-		return 0;
-	}
+    if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+        param->value.sequence == NULL) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+        return 0;
+    }
 
-	pbuf = param->value.sequence->data;
-	plen = param->value.sequence->length;
-	if(!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-		return 0;
-	}
+    pbuf = param->value.sequence->data;
+    plen = param->value.sequence->length;
+    if (!(pbe2 = d2i_PBE2PARAM(NULL, &pbuf, plen))) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+        return 0;
+    }
 
-	/* See if we recognise the key derivation function */
+    /* See if we recognise the key derivation function */
 
-	if(OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-				EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
-		goto err;
-	}
+    if (OBJ_obj2nid(pbe2->keyfunc->algorithm) != NID_id_pbkdf2) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
+               EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION);
+        goto err;
+    }
 
-	/* lets see if we recognise the encryption algorithm.
-	 */
+    /*
+     * lets see if we recognise the encryption algorithm.
+     */
 
-	cipher = EVP_get_cipherbyname(
-			OBJ_nid2sn(OBJ_obj2nid(pbe2->encryption->algorithm)));
+    cipher =
+        EVP_get_cipherbyname(OBJ_nid2sn
+                             (OBJ_obj2nid(pbe2->encryption->algorithm)));
 
-	if(!cipher) {
-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-						EVP_R_UNSUPPORTED_CIPHER);
-		goto err;
-	}
+    if (!cipher) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_CIPHER);
+        goto err;
+    }
 
-	/* Fixup cipher based on AlgorithmIdentifier */
-	EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
-	if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-					EVP_R_CIPHER_PARAMETER_ERROR);
-		goto err;
-	}
-	keylen = EVP_CIPHER_CTX_key_length(ctx);
-	OPENSSL_assert(keylen <= sizeof key);
+    /* Fixup cipher based on AlgorithmIdentifier */
+    EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de);
+    if (EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_CIPHER_PARAMETER_ERROR);
+        goto err;
+    }
+    keylen = EVP_CIPHER_CTX_key_length(ctx);
+    OPENSSL_assert(keylen <= sizeof key);
 
-	/* Now decode key derivation function */
+    /* Now decode key derivation function */
 
-	if(!pbe2->keyfunc->parameter ||
-		 (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE))
-		{
-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-		goto err;
-		}
+    if (!pbe2->keyfunc->parameter ||
+        (pbe2->keyfunc->parameter->type != V_ASN1_SEQUENCE)) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+        goto err;
+    }
 
-	pbuf = pbe2->keyfunc->parameter->value.sequence->data;
-	plen = pbe2->keyfunc->parameter->value.sequence->length;
-	if(!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen)) ) {
-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,EVP_R_DECODE_ERROR);
-		goto err;
-	}
+    pbuf = pbe2->keyfunc->parameter->value.sequence->data;
+    plen = pbe2->keyfunc->parameter->value.sequence->length;
+    if (!(kdf = d2i_PBKDF2PARAM(NULL, &pbuf, plen))) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_DECODE_ERROR);
+        goto err;
+    }
 
-	PBE2PARAM_free(pbe2);
-	pbe2 = NULL;
+    PBE2PARAM_free(pbe2);
+    pbe2 = NULL;
 
-	/* Now check the parameters of the kdf */
+    /* Now check the parameters of the kdf */
 
-	if(kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)){
-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-						EVP_R_UNSUPPORTED_KEYLENGTH);
-		goto err;
-	}
+    if (kdf->keylength && (ASN1_INTEGER_get(kdf->keylength) != (int)keylen)) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_KEYLENGTH);
+        goto err;
+    }
 
-	if(kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) {
-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
-		goto err;
-	}
+    if (kdf->prf && (OBJ_obj2nid(kdf->prf->algorithm) != NID_hmacWithSHA1)) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_PRF);
+        goto err;
+    }
 
-	if(kdf->salt->type != V_ASN1_OCTET_STRING) {
-		EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN,
-						EVP_R_UNSUPPORTED_SALT_TYPE);
-		goto err;
-	}
+    if (kdf->salt->type != V_ASN1_OCTET_STRING) {
+        EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, EVP_R_UNSUPPORTED_SALT_TYPE);
+        goto err;
+    }
 
-	/* it seems that its all OK */
-	salt = kdf->salt->value.octet_string->data;
-	saltlen = kdf->salt->value.octet_string->length;
-	iter = ASN1_INTEGER_get(kdf->iter);
-	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
-	EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
-	OPENSSL_cleanse(key, keylen);
-	PBKDF2PARAM_free(kdf);
-	return 1;
+    /* it seems that its all OK */
+    salt = kdf->salt->value.octet_string->data;
+    saltlen = kdf->salt->value.octet_string->length;
+    iter = ASN1_INTEGER_get(kdf->iter);
+    PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+    EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de);
+    OPENSSL_cleanse(key, keylen);
+    PBKDF2PARAM_free(kdf);
+    return 1;
 
-	err:
-	PBE2PARAM_free(pbe2);
-	PBKDF2PARAM_free(kdf);
-	return 0;
+ err:
+    PBE2PARAM_free(pbe2);
+    PBKDF2PARAM_free(kdf);
+    return 0;
 }
 
-#ifdef DEBUG_PKCS5V2
-static void h__dump (const unsigned char *p, int len)
+# ifdef DEBUG_PKCS5V2
+static void h__dump(const unsigned char *p, int len)
 {
-        for (; len --; p++) fprintf(stderr, "%02X ", *p);
-        fprintf(stderr, "\n");
+    for (; len--; p++)
+        fprintf(stderr, "%02X ", *p);
+    fprintf(stderr, "\n");
 }
-#endif
+# endif
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/p_dec.c b/Cryptlib/OpenSSL/crypto/evp/p_dec.c
index f64901f6..65d3fef6 100644
--- a/Cryptlib/OpenSSL/crypto/evp/p_dec.c
+++ b/Cryptlib/OpenSSL/crypto/evp/p_dec.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,28 +60,28 @@
 #include "cryptlib.h"
 #include <openssl/rand.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
 int EVP_PKEY_decrypt(unsigned char *key, const unsigned char *ek, int ekl,
-	     EVP_PKEY *priv)
-	{
-	int ret= -1;
-	
+                     EVP_PKEY *priv)
+{
+    int ret = -1;
+
 #ifndef OPENSSL_NO_RSA
-	if (priv->type != EVP_PKEY_RSA)
-		{
+    if (priv->type != EVP_PKEY_RSA) {
 #endif
-		EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+        EVPerr(EVP_F_EVP_PKEY_DECRYPT, EVP_R_PUBLIC_KEY_NOT_RSA);
 #ifndef OPENSSL_NO_RSA
-		goto err;
-                }
+        goto err;
+    }
 
-	ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING);
-err:
+    ret =
+        RSA_private_decrypt(ekl, ek, key, priv->pkey.rsa, RSA_PKCS1_PADDING);
+ err:
 #endif
-	return(ret);
-	}
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/p_enc.c b/Cryptlib/OpenSSL/crypto/evp/p_enc.c
index c2dfdc52..5342146e 100644
--- a/Cryptlib/OpenSSL/crypto/evp/p_enc.c
+++ b/Cryptlib/OpenSSL/crypto/evp/p_enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,27 +60,28 @@
 #include "cryptlib.h"
 #include <openssl/rand.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
 int EVP_PKEY_encrypt(unsigned char *ek, const unsigned char *key, int key_len,
-	     EVP_PKEY *pubk)
-	{
-	int ret=0;
-	
+                     EVP_PKEY *pubk)
+{
+    int ret = 0;
+
 #ifndef OPENSSL_NO_RSA
-	if (pubk->type != EVP_PKEY_RSA)
-		{
+    if (pubk->type != EVP_PKEY_RSA) {
 #endif
-		EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA);
+        EVPerr(EVP_F_EVP_PKEY_ENCRYPT, EVP_R_PUBLIC_KEY_NOT_RSA);
 #ifndef OPENSSL_NO_RSA
-		goto err;
-		}
-	ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING);
-err:
+        goto err;
+    }
+    ret =
+        RSA_public_encrypt(key_len, key, ek, pubk->pkey.rsa,
+                           RSA_PKCS1_PADDING);
+ err:
 #endif
-	return(ret);
-	}
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/p_lib.c b/Cryptlib/OpenSSL/crypto/evp/p_lib.c
index 22155ecf..6430f6ce 100644
--- a/Cryptlib/OpenSSL/crypto/evp/p_lib.c
+++ b/Cryptlib/OpenSSL/crypto/evp/p_lib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -65,317 +65,308 @@
 #include <openssl/asn1_mac.h>
 #include <openssl/x509.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 #ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
 #endif
 
 static void EVP_PKEY_free_it(EVP_PKEY *x);
 
 int EVP_PKEY_bits(EVP_PKEY *pkey)
-	{
-	if (0)
-		return 0;
+{
+    if (0)
+        return 0;
 #ifndef OPENSSL_NO_RSA
-	else if (pkey->type == EVP_PKEY_RSA)
-		return(BN_num_bits(pkey->pkey.rsa->n));
+    else if (pkey->type == EVP_PKEY_RSA)
+        return (BN_num_bits(pkey->pkey.rsa->n));
 #endif
 #ifndef OPENSSL_NO_DSA
-	else if (pkey->type == EVP_PKEY_DSA)
-		return(BN_num_bits(pkey->pkey.dsa->p));
+    else if (pkey->type == EVP_PKEY_DSA)
+        return (BN_num_bits(pkey->pkey.dsa->p));
 #endif
 #ifndef OPENSSL_NO_EC
-	else if (pkey->type == EVP_PKEY_EC)
-		{
-		BIGNUM *order = BN_new();
-		const EC_GROUP *group;
-		int ret;
-
-		if (!order)
-			{
-			ERR_clear_error();
-			return 0;
-			}
-		group = EC_KEY_get0_group(pkey->pkey.ec);
-		if (!EC_GROUP_get_order(group, order, NULL))
-			{
-			ERR_clear_error();
-			return 0;
-			}
-
-		ret = BN_num_bits(order);
-		BN_free(order);
-		return ret;
-		}
+    else if (pkey->type == EVP_PKEY_EC) {
+        BIGNUM *order = BN_new();
+        const EC_GROUP *group;
+        int ret;
+
+        if (!order) {
+            ERR_clear_error();
+            return 0;
+        }
+        group = EC_KEY_get0_group(pkey->pkey.ec);
+        if (!EC_GROUP_get_order(group, order, NULL)) {
+            ERR_clear_error();
+            return 0;
+        }
+
+        ret = BN_num_bits(order);
+        BN_free(order);
+        return ret;
+    }
 #endif
-	return(0);
-	}
+    return (0);
+}
 
 int EVP_PKEY_size(EVP_PKEY *pkey)
-	{
-	if (pkey == NULL)
-		return(0);
+{
+    if (pkey == NULL)
+        return (0);
 #ifndef OPENSSL_NO_RSA
-	if (pkey->type == EVP_PKEY_RSA)
-		return(RSA_size(pkey->pkey.rsa));
-	else
+    if (pkey->type == EVP_PKEY_RSA)
+        return (RSA_size(pkey->pkey.rsa));
+    else
 #endif
 #ifndef OPENSSL_NO_DSA
-		if (pkey->type == EVP_PKEY_DSA)
-		return(DSA_size(pkey->pkey.dsa));
+    if (pkey->type == EVP_PKEY_DSA)
+        return (DSA_size(pkey->pkey.dsa));
 #endif
 #ifndef OPENSSL_NO_ECDSA
-		if (pkey->type == EVP_PKEY_EC)
-		return(ECDSA_size(pkey->pkey.ec));
+    if (pkey->type == EVP_PKEY_EC)
+        return (ECDSA_size(pkey->pkey.ec));
 #endif
 
-	return(0);
-	}
+    return (0);
+}
 
 int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
-	{
+{
 #ifndef OPENSSL_NO_DSA
-	if (pkey->type == EVP_PKEY_DSA)
-		{
-		int ret=pkey->save_parameters;
-
-		if (mode >= 0)
-			pkey->save_parameters=mode;
-		return(ret);
-		}
+    if (pkey->type == EVP_PKEY_DSA) {
+        int ret = pkey->save_parameters;
+
+        if (mode >= 0)
+            pkey->save_parameters = mode;
+        return (ret);
+    }
 #endif
 #ifndef OPENSSL_NO_EC
-	if (pkey->type == EVP_PKEY_EC)
-		{
-		int ret = pkey->save_parameters;
-
-		if (mode >= 0)
-			pkey->save_parameters = mode;
-		return(ret);
-		}
+    if (pkey->type == EVP_PKEY_EC) {
+        int ret = pkey->save_parameters;
+
+        if (mode >= 0)
+            pkey->save_parameters = mode;
+        return (ret);
+    }
 #endif
-	return(0);
-	}
+    return (0);
+}
 
 int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from)
-	{
-	if (to->type != from->type)
-		{
-		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_DIFFERENT_KEY_TYPES);
-		goto err;
-		}
-
-	if (EVP_PKEY_missing_parameters(from))
-		{
-		EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS);
-		goto err;
-		}
+{
+    if (to->type != from->type) {
+        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_DIFFERENT_KEY_TYPES);
+        goto err;
+    }
+
+    if (EVP_PKEY_missing_parameters(from)) {
+        EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS, EVP_R_MISSING_PARAMETERS);
+        goto err;
+    }
 #ifndef OPENSSL_NO_DSA
-	if (to->type == EVP_PKEY_DSA)
-		{
-		BIGNUM *a;
-
-		if ((a=BN_dup(from->pkey.dsa->p)) == NULL) goto err;
-		if (to->pkey.dsa->p != NULL) BN_free(to->pkey.dsa->p);
-		to->pkey.dsa->p=a;
-
-		if ((a=BN_dup(from->pkey.dsa->q)) == NULL) goto err;
-		if (to->pkey.dsa->q != NULL) BN_free(to->pkey.dsa->q);
-		to->pkey.dsa->q=a;
-
-		if ((a=BN_dup(from->pkey.dsa->g)) == NULL) goto err;
-		if (to->pkey.dsa->g != NULL) BN_free(to->pkey.dsa->g);
-		to->pkey.dsa->g=a;
-		}
+    if (to->type == EVP_PKEY_DSA) {
+        BIGNUM *a;
+
+        if ((a = BN_dup(from->pkey.dsa->p)) == NULL)
+            goto err;
+        if (to->pkey.dsa->p != NULL)
+            BN_free(to->pkey.dsa->p);
+        to->pkey.dsa->p = a;
+
+        if ((a = BN_dup(from->pkey.dsa->q)) == NULL)
+            goto err;
+        if (to->pkey.dsa->q != NULL)
+            BN_free(to->pkey.dsa->q);
+        to->pkey.dsa->q = a;
+
+        if ((a = BN_dup(from->pkey.dsa->g)) == NULL)
+            goto err;
+        if (to->pkey.dsa->g != NULL)
+            BN_free(to->pkey.dsa->g);
+        to->pkey.dsa->g = a;
+    }
 #endif
 #ifndef OPENSSL_NO_EC
-	if (to->type == EVP_PKEY_EC)
-		{
-		EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
-		if (group == NULL)
-			goto err;
-		if (EC_KEY_set_group(to->pkey.ec, group) == 0)
-			goto err;
-		EC_GROUP_free(group);
-		}
+    if (to->type == EVP_PKEY_EC) {
+        EC_GROUP *group = EC_GROUP_dup(EC_KEY_get0_group(from->pkey.ec));
+        if (group == NULL)
+            goto err;
+        if (EC_KEY_set_group(to->pkey.ec, group) == 0)
+            goto err;
+        EC_GROUP_free(group);
+    }
 #endif
-	return(1);
-err:
-	return(0);
-	}
+    return (1);
+ err:
+    return (0);
+}
 
 int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey)
-	{
+{
 #ifndef OPENSSL_NO_DSA
-	if (pkey->type == EVP_PKEY_DSA)
-		{
-		DSA *dsa;
-
-		dsa=pkey->pkey.dsa;
-		if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
-			return(1);
-		}
+    if (pkey->type == EVP_PKEY_DSA) {
+        DSA *dsa;
+
+        dsa = pkey->pkey.dsa;
+        if ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))
+            return (1);
+    }
 #endif
 #ifndef OPENSSL_NO_EC
-	if (pkey->type == EVP_PKEY_EC)
-		{
-		if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
-			return(1);
-		}
+    if (pkey->type == EVP_PKEY_EC) {
+        if (EC_KEY_get0_group(pkey->pkey.ec) == NULL)
+            return (1);
+    }
 #endif
 
-	return(0);
-	}
+    return (0);
+}
 
 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b)
-	{
+{
 #ifndef OPENSSL_NO_DSA
-	if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA))
-		{
-		if (	BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) ||
-			BN_cmp(a->pkey.dsa->q,b->pkey.dsa->q) ||
-			BN_cmp(a->pkey.dsa->g,b->pkey.dsa->g))
-			return(0);
-		else
-			return(1);
-		}
+    if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) {
+        if (BN_cmp(a->pkey.dsa->p, b->pkey.dsa->p) ||
+            BN_cmp(a->pkey.dsa->q, b->pkey.dsa->q) ||
+            BN_cmp(a->pkey.dsa->g, b->pkey.dsa->g))
+            return (0);
+        else
+            return (1);
+    }
 #endif
 #ifndef OPENSSL_NO_EC
-	if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC)
-		{
-		const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
-		               *group_b = EC_KEY_get0_group(b->pkey.ec);
-		if (EC_GROUP_cmp(group_a, group_b, NULL))
-			return 0;
-		else
-			return 1;
-		}
+    if (a->type == EVP_PKEY_EC && b->type == EVP_PKEY_EC) {
+        const EC_GROUP *group_a = EC_KEY_get0_group(a->pkey.ec),
+            *group_b = EC_KEY_get0_group(b->pkey.ec);
+        if (EC_GROUP_cmp(group_a, group_b, NULL))
+            return 0;
+        else
+            return 1;
+    }
 #endif
-	return(-1);
-	}
+    return (-1);
+}
 
 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
-	{
-	if (a->type != b->type)
-		return -1;
+{
+    if (a->type != b->type)
+        return -1;
 
-	if (EVP_PKEY_cmp_parameters(a, b) == 0)
-		return 0;
+    if (EVP_PKEY_cmp_parameters(a, b) == 0)
+        return 0;
 
-	switch (a->type)
-		{
+    switch (a->type) {
 #ifndef OPENSSL_NO_RSA
-	case EVP_PKEY_RSA:
-		if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0
-			|| BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
-			return 0;
-		break;
+    case EVP_PKEY_RSA:
+        if (BN_cmp(b->pkey.rsa->n, a->pkey.rsa->n) != 0
+            || BN_cmp(b->pkey.rsa->e, a->pkey.rsa->e) != 0)
+            return 0;
+        break;
 #endif
 #ifndef OPENSSL_NO_DSA
-	case EVP_PKEY_DSA:
-		if (BN_cmp(b->pkey.dsa->pub_key,a->pkey.dsa->pub_key) != 0)
-			return 0;
-		break;
+    case EVP_PKEY_DSA:
+        if (BN_cmp(b->pkey.dsa->pub_key, a->pkey.dsa->pub_key) != 0)
+            return 0;
+        break;
 #endif
 #ifndef OPENSSL_NO_EC
-	case EVP_PKEY_EC:
-		{
-		int  r;
-		const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
-		const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
-		               *pb = EC_KEY_get0_public_key(b->pkey.ec);
-		r = EC_POINT_cmp(group, pa, pb, NULL);
-		if (r != 0)
-			{
-			if (r == 1)
-				return 0;
-			else
-				return -2;
-			}
-		}
- 		break;
+    case EVP_PKEY_EC:
+        {
+            int r;
+            const EC_GROUP *group = EC_KEY_get0_group(b->pkey.ec);
+            const EC_POINT *pa = EC_KEY_get0_public_key(a->pkey.ec),
+                *pb = EC_KEY_get0_public_key(b->pkey.ec);
+            r = EC_POINT_cmp(group, pa, pb, NULL);
+            if (r != 0) {
+                if (r == 1)
+                    return 0;
+                else
+                    return -2;
+            }
+        }
+        break;
 #endif
 #ifndef OPENSSL_NO_DH
-	case EVP_PKEY_DH:
-		return -2;
+    case EVP_PKEY_DH:
+        return -2;
 #endif
-	default:
-		return -2;
-		}
+    default:
+        return -2;
+    }
 
-	return 1;
-	}
+    return 1;
+}
 
 EVP_PKEY *EVP_PKEY_new(void)
-	{
-	EVP_PKEY *ret;
-
-	ret=(EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY));
-	if (ret == NULL)
-		{
-		EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE);
-		return(NULL);
-		}
-	ret->type=EVP_PKEY_NONE;
-	ret->references=1;
-	ret->pkey.ptr=NULL;
-	ret->attributes=NULL;
-	ret->save_parameters=1;
-	return(ret);
-	}
+{
+    EVP_PKEY *ret;
+
+    ret = (EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY));
+    if (ret == NULL) {
+        EVPerr(EVP_F_EVP_PKEY_NEW, ERR_R_MALLOC_FAILURE);
+        return (NULL);
+    }
+    ret->type = EVP_PKEY_NONE;
+    ret->references = 1;
+    ret->pkey.ptr = NULL;
+    ret->attributes = NULL;
+    ret->save_parameters = 1;
+    return (ret);
+}
 
 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)
-	{
-	if (pkey == NULL) return(0);
-	if (pkey->pkey.ptr != NULL)
-		EVP_PKEY_free_it(pkey);
-	pkey->type=EVP_PKEY_type(type);
-	pkey->save_type=type;
-	pkey->pkey.ptr=key;
-	return(key != NULL);
-	}
+{
+    if (pkey == NULL)
+        return (0);
+    if (pkey->pkey.ptr != NULL)
+        EVP_PKEY_free_it(pkey);
+    pkey->type = EVP_PKEY_type(type);
+    pkey->save_type = type;
+    pkey->pkey.ptr = key;
+    return (key != NULL);
+}
 
 #ifndef OPENSSL_NO_RSA
 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key)
 {
-	int ret = EVP_PKEY_assign_RSA(pkey, key);
-	if(ret)
-		RSA_up_ref(key);
-	return ret;
+    int ret = EVP_PKEY_assign_RSA(pkey, key);
+    if (ret)
+        RSA_up_ref(key);
+    return ret;
 }
 
 RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey)
-	{
-	if(pkey->type != EVP_PKEY_RSA) {
-		EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
-		return NULL;
-	}
-	RSA_up_ref(pkey->pkey.rsa);
-	return pkey->pkey.rsa;
+{
+    if (pkey->type != EVP_PKEY_RSA) {
+        EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
+        return NULL;
+    }
+    RSA_up_ref(pkey->pkey.rsa);
+    return pkey->pkey.rsa;
 }
 #endif
 
 #ifndef OPENSSL_NO_DSA
 int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key)
 {
-	int ret = EVP_PKEY_assign_DSA(pkey, key);
-	if(ret)
-		DSA_up_ref(key);
-	return ret;
+    int ret = EVP_PKEY_assign_DSA(pkey, key);
+    if (ret)
+        DSA_up_ref(key);
+    return ret;
 }
 
 DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
-	{
-	if(pkey->type != EVP_PKEY_DSA) {
-		EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY);
-		return NULL;
-	}
-	DSA_up_ref(pkey->pkey.dsa);
-	return pkey->pkey.dsa;
+{
+    if (pkey->type != EVP_PKEY_DSA) {
+        EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY);
+        return NULL;
+    }
+    DSA_up_ref(pkey->pkey.dsa);
+    return pkey->pkey.dsa;
 }
 #endif
 
@@ -383,120 +374,116 @@ DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey)
 
 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
 {
-	int ret = EVP_PKEY_assign_EC_KEY(pkey,key);
-	if (ret)
-		EC_KEY_up_ref(key);
-	return ret;
+    int ret = EVP_PKEY_assign_EC_KEY(pkey, key);
+    if (ret)
+        EC_KEY_up_ref(key);
+    return ret;
 }
 
 EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey)
 {
-	if (pkey->type != EVP_PKEY_EC)
-	{
-		EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
-		return NULL;
-	}
-	EC_KEY_up_ref(pkey->pkey.ec);
-	return pkey->pkey.ec;
+    if (pkey->type != EVP_PKEY_EC) {
+        EVPerr(EVP_F_EVP_PKEY_GET1_EC_KEY, EVP_R_EXPECTING_A_EC_KEY);
+        return NULL;
+    }
+    EC_KEY_up_ref(pkey->pkey.ec);
+    return pkey->pkey.ec;
 }
 #endif
 
-
 #ifndef OPENSSL_NO_DH
 
 int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
 {
-	int ret = EVP_PKEY_assign_DH(pkey, key);
-	if(ret)
-		DH_up_ref(key);
-	return ret;
+    int ret = EVP_PKEY_assign_DH(pkey, key);
+    if (ret)
+        DH_up_ref(key);
+    return ret;
 }
 
 DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey)
-	{
-	if(pkey->type != EVP_PKEY_DH) {
-		EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
-		return NULL;
-	}
-	DH_up_ref(pkey->pkey.dh);
-	return pkey->pkey.dh;
+{
+    if (pkey->type != EVP_PKEY_DH) {
+        EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY);
+        return NULL;
+    }
+    DH_up_ref(pkey->pkey.dh);
+    return pkey->pkey.dh;
 }
 #endif
 
 int EVP_PKEY_type(int type)
-	{
-	switch (type)
-		{
-	case EVP_PKEY_RSA:
-	case EVP_PKEY_RSA2:
-		return(EVP_PKEY_RSA);
-	case EVP_PKEY_DSA:
-	case EVP_PKEY_DSA1:
-	case EVP_PKEY_DSA2:
-	case EVP_PKEY_DSA3:
-	case EVP_PKEY_DSA4:
-		return(EVP_PKEY_DSA);
-	case EVP_PKEY_DH:
-		return(EVP_PKEY_DH);
-	case EVP_PKEY_EC:
-		return(EVP_PKEY_EC);
-	default:
-		return(NID_undef);
-		}
-	}
+{
+    switch (type) {
+    case EVP_PKEY_RSA:
+    case EVP_PKEY_RSA2:
+        return (EVP_PKEY_RSA);
+    case EVP_PKEY_DSA:
+    case EVP_PKEY_DSA1:
+    case EVP_PKEY_DSA2:
+    case EVP_PKEY_DSA3:
+    case EVP_PKEY_DSA4:
+        return (EVP_PKEY_DSA);
+    case EVP_PKEY_DH:
+        return (EVP_PKEY_DH);
+    case EVP_PKEY_EC:
+        return (EVP_PKEY_EC);
+    default:
+        return (NID_undef);
+    }
+}
 
 void EVP_PKEY_free(EVP_PKEY *x)
-	{
-	int i;
+{
+    int i;
 
-	if (x == NULL) return;
+    if (x == NULL)
+        return;
 
-	i=CRYPTO_add(&x->references,-1,CRYPTO_LOCK_EVP_PKEY);
+    i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_EVP_PKEY);
 #ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",x);
+    REF_PRINT("EVP_PKEY", x);
 #endif
-	if (i > 0) return;
+    if (i > 0)
+        return;
 #ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"EVP_PKEY_free, bad reference count\n");
-		abort();
-		}
+    if (i < 0) {
+        fprintf(stderr, "EVP_PKEY_free, bad reference count\n");
+        abort();
+    }
 #endif
-	EVP_PKEY_free_it(x);
-	if (x->attributes)
-		sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
-	OPENSSL_free(x);
-	}
+    EVP_PKEY_free_it(x);
+    if (x->attributes)
+        sk_X509_ATTRIBUTE_pop_free(x->attributes, X509_ATTRIBUTE_free);
+    OPENSSL_free(x);
+}
 
 static void EVP_PKEY_free_it(EVP_PKEY *x)
-	{
-	switch (x->type)
-		{
+{
+    switch (x->type) {
 #ifndef OPENSSL_NO_RSA
-	case EVP_PKEY_RSA:
-	case EVP_PKEY_RSA2:
-		RSA_free(x->pkey.rsa);
-		break;
+    case EVP_PKEY_RSA:
+    case EVP_PKEY_RSA2:
+        RSA_free(x->pkey.rsa);
+        break;
 #endif
 #ifndef OPENSSL_NO_DSA
-	case EVP_PKEY_DSA:
-	case EVP_PKEY_DSA2:
-	case EVP_PKEY_DSA3:
-	case EVP_PKEY_DSA4:
-		DSA_free(x->pkey.dsa);
-		break;
+    case EVP_PKEY_DSA:
+    case EVP_PKEY_DSA2:
+    case EVP_PKEY_DSA3:
+    case EVP_PKEY_DSA4:
+        DSA_free(x->pkey.dsa);
+        break;
 #endif
 #ifndef OPENSSL_NO_EC
-	case EVP_PKEY_EC:
-		EC_KEY_free(x->pkey.ec);
-		break;
+    case EVP_PKEY_EC:
+        EC_KEY_free(x->pkey.ec);
+        break;
 #endif
 #ifndef OPENSSL_NO_DH
-	case EVP_PKEY_DH:
-		DH_free(x->pkey.dh);
-		break;
+    case EVP_PKEY_DH:
+        DH_free(x->pkey.dh);
+        break;
 #endif
-		}
-	}
-
+    }
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/p_open.c b/Cryptlib/OpenSSL/crypto/evp/p_open.c
index 9935206d..6740ac81 100644
--- a/Cryptlib/OpenSSL/crypto/evp/p_open.c
+++ b/Cryptlib/OpenSSL/crypto/evp/p_open.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,67 +61,68 @@
 
 #ifndef OPENSSL_NO_RSA
 
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/rsa.h>
+# include <openssl/evp.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/rsa.h>
 
 int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
-	const unsigned char *ek, int ekl, const unsigned char *iv,
-	EVP_PKEY *priv)
-	{
-	unsigned char *key=NULL;
-	int i,size=0,ret=0;
+                 const unsigned char *ek, int ekl, const unsigned char *iv,
+                 EVP_PKEY *priv)
+{
+    unsigned char *key = NULL;
+    int i, size = 0, ret = 0;
 
-	if(type) {	
-		EVP_CIPHER_CTX_init(ctx);
-		if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0;
-	}
+    if (type) {
+        EVP_CIPHER_CTX_init(ctx);
+        if (!EVP_DecryptInit_ex(ctx, type, NULL, NULL, NULL))
+            return 0;
+    }
 
-	if(!priv) return 1;
+    if (!priv)
+        return 1;
 
-	if (priv->type != EVP_PKEY_RSA)
-		{
-		EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA);
-		goto err;
-                }
+    if (priv->type != EVP_PKEY_RSA) {
+        EVPerr(EVP_F_EVP_OPENINIT, EVP_R_PUBLIC_KEY_NOT_RSA);
+        goto err;
+    }
 
-	size=RSA_size(priv->pkey.rsa);
-	key=(unsigned char *)OPENSSL_malloc(size+2);
-	if (key == NULL)
-		{
-		/* ERROR */
-		EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
+    size = RSA_size(priv->pkey.rsa);
+    key = (unsigned char *)OPENSSL_malloc(size + 2);
+    if (key == NULL) {
+        /* ERROR */
+        EVPerr(EVP_F_EVP_OPENINIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
-	i=EVP_PKEY_decrypt(key,ek,ekl,priv);
-	if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i))
-		{
-		/* ERROR */
-		goto err;
-		}
-	if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err;
+    i = EVP_PKEY_decrypt(key, ek, ekl, priv);
+    if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) {
+        /* ERROR */
+        goto err;
+    }
+    if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
+        goto err;
 
-	ret=1;
-err:
-	if (key != NULL) OPENSSL_cleanse(key,size);
-	OPENSSL_free(key);
-	return(ret);
-	}
+    ret = 1;
+ err:
+    if (key != NULL)
+        OPENSSL_cleanse(key, size);
+    OPENSSL_free(key);
+    return (ret);
+}
 
 int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	int i;
+{
+    int i;
 
-	i=EVP_DecryptFinal_ex(ctx,out,outl);
-	EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL);
-	return(i);
-	}
-#else /* !OPENSSL_NO_RSA */
+    i = EVP_DecryptFinal_ex(ctx, out, outl);
+    EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+    return (i);
+}
+#else                           /* !OPENSSL_NO_RSA */
 
 # ifdef PEDANTIC
-static void *dummy=&dummy;
+static void *dummy = &dummy;
 # endif
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/evp/p_seal.c b/Cryptlib/OpenSSL/crypto/evp/p_seal.c
index 8cc8fcb0..be297dc9 100644
--- a/Cryptlib/OpenSSL/crypto/evp/p_seal.c
+++ b/Cryptlib/OpenSSL/crypto/evp/p_seal.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,56 +60,59 @@
 #include "cryptlib.h"
 #include <openssl/rand.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #include <openssl/evp.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek,
-	     int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk)
-	{
-	unsigned char key[EVP_MAX_KEY_LENGTH];
-	int i;
-	
-	if(type) {
-		EVP_CIPHER_CTX_init(ctx);
-		if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0;
-	}
-	if ((npubk <= 0) || !pubk)
-		return 1;
-	if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
-		return 0;
-	if (EVP_CIPHER_CTX_iv_length(ctx))
-		RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx));
+int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
+                 unsigned char **ek, int *ekl, unsigned char *iv,
+                 EVP_PKEY **pubk, int npubk)
+{
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    int i;
+
+    if (type) {
+        EVP_CIPHER_CTX_init(ctx);
+        if (!EVP_EncryptInit_ex(ctx, type, NULL, NULL, NULL))
+            return 0;
+    }
+    if ((npubk <= 0) || !pubk)
+        return 1;
+    if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
+        return 0;
+    if (EVP_CIPHER_CTX_iv_length(ctx))
+        RAND_pseudo_bytes(iv, EVP_CIPHER_CTX_iv_length(ctx));
 
-	if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0;
+    if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
+        return 0;
 
-	for (i=0; i<npubk; i++)
-		{
-		ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_CTX_key_length(ctx),
-			pubk[i]);
-		if (ekl[i] <= 0) return(-1);
-		}
-	return(npubk);
-	}
+    for (i = 0; i < npubk; i++) {
+        ekl[i] = EVP_PKEY_encrypt(ek[i], key, EVP_CIPHER_CTX_key_length(ctx),
+                                  pubk[i]);
+        if (ekl[i] <= 0)
+            return (-1);
+    }
+    return (npubk);
+}
 
-/* MACRO
+/*- MACRO
 void EVP_SealUpdate(ctx,out,outl,in,inl)
 EVP_CIPHER_CTX *ctx;
 unsigned char *out;
 int *outl;
 unsigned char *in;
 int inl;
-	{
-	EVP_EncryptUpdate(ctx,out,outl,in,inl);
-	}
+        {
+        EVP_EncryptUpdate(ctx,out,outl,in,inl);
+        }
 */
 
 int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
-	{
-	int i;
-	i = EVP_EncryptFinal_ex(ctx,out,outl);
-	EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL);
-	return i;
-	}
+{
+    int i;
+    i = EVP_EncryptFinal_ex(ctx, out, outl);
+    EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL);
+    return i;
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/p_sign.c b/Cryptlib/OpenSSL/crypto/evp/p_sign.c
index 782d1405..6f319127 100644
--- a/Cryptlib/OpenSSL/crypto/evp/p_sign.c
+++ b/Cryptlib/OpenSSL/crypto/evp/p_sign.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,63 +64,55 @@
 
 #ifdef undef
 void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
-	{
-	EVP_DigestInit_ex(ctx,type);
-	}
+{
+    EVP_DigestInit_ex(ctx, type);
+}
 
-void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
-	     unsigned int count)
-	{
-	EVP_DigestUpdate(ctx,data,count);
-	}
+void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count)
+{
+    EVP_DigestUpdate(ctx, data, count);
+}
 #endif
 
-int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
-	     EVP_PKEY *pkey)
-	{
-	unsigned char m[EVP_MAX_MD_SIZE];
-	unsigned int m_len;
-	int i,ok=0,v;
-	EVP_MD_CTX tmp_ctx;
-
-	*siglen=0;
-	for (i=0; i<4; i++)
-		{
-		v=ctx->digest->required_pkey_type[i];
-		if (v == 0) break;
-		if (pkey->type == v)
-			{
-			ok=1;
-			break;
-			}
-		}
-	if (!ok)
-		{
-		EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
-		return(0);
-		}
-	if (ctx->digest->sign == NULL)
-		{
-		EVPerr(EVP_F_EVP_SIGNFINAL,EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
-		return(0);
-		}
-	EVP_MD_CTX_init(&tmp_ctx);
-	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);
-	if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
-		{
-		EVP_MD_SVCTX sctmp;
-		sctmp.mctx = &tmp_ctx;
-		sctmp.key = pkey->pkey.ptr;
-		i = ctx->digest->sign(ctx->digest->type,
-			NULL, -1, sigret, siglen, &sctmp);
-		}
-	else
-		{
-		EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
-		i = ctx->digest->sign(ctx->digest->type,m,m_len,sigret,siglen,
-					pkey->pkey.ptr);
-		}
-	EVP_MD_CTX_cleanup(&tmp_ctx);
-	return i;
-	}
+int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                  unsigned int *siglen, EVP_PKEY *pkey)
+{
+    unsigned char m[EVP_MAX_MD_SIZE];
+    unsigned int m_len;
+    int i, ok = 0, v;
+    EVP_MD_CTX tmp_ctx;
 
+    *siglen = 0;
+    for (i = 0; i < 4; i++) {
+        v = ctx->digest->required_pkey_type[i];
+        if (v == 0)
+            break;
+        if (pkey->type == v) {
+            ok = 1;
+            break;
+        }
+    }
+    if (!ok) {
+        EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE);
+        return (0);
+    }
+    if (ctx->digest->sign == NULL) {
+        EVPerr(EVP_F_EVP_SIGNFINAL, EVP_R_NO_SIGN_FUNCTION_CONFIGURED);
+        return (0);
+    }
+    EVP_MD_CTX_init(&tmp_ctx);
+    EVP_MD_CTX_copy_ex(&tmp_ctx, ctx);
+    if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) {
+        EVP_MD_SVCTX sctmp;
+        sctmp.mctx = &tmp_ctx;
+        sctmp.key = pkey->pkey.ptr;
+        i = ctx->digest->sign(ctx->digest->type,
+                              NULL, -1, sigret, siglen, &sctmp);
+    } else {
+        EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len);
+        i = ctx->digest->sign(ctx->digest->type, m, m_len, sigret, siglen,
+                              pkey->pkey.ptr);
+    }
+    EVP_MD_CTX_cleanup(&tmp_ctx);
+    return i;
+}
diff --git a/Cryptlib/OpenSSL/crypto/evp/p_verify.c b/Cryptlib/OpenSSL/crypto/evp/p_verify.c
index 072c1279..ee2f2574 100644
--- a/Cryptlib/OpenSSL/crypto/evp/p_verify.c
+++ b/Cryptlib/OpenSSL/crypto/evp/p_verify.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,51 +63,44 @@
 #include <openssl/x509.h>
 
 int EVP_VerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sigbuf,
-	     unsigned int siglen, EVP_PKEY *pkey)
-	{
-	unsigned char m[EVP_MAX_MD_SIZE];
-	unsigned int m_len;
-	int i,ok=0,v;
-	EVP_MD_CTX tmp_ctx;
-
-	for (i=0; i<4; i++)
-		{
-		v=ctx->digest->required_pkey_type[i];
-		if (v == 0) break;
-		if (pkey->type == v)
-			{
-			ok=1;
-			break;
-			}
-		}
-	if (!ok)
-		{
-		EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE);
-		return(-1);
-		}
-	if (ctx->digest->verify == NULL)
-                {
-		EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
-		return(0);
-		}
+                    unsigned int siglen, EVP_PKEY *pkey)
+{
+    unsigned char m[EVP_MAX_MD_SIZE];
+    unsigned int m_len;
+    int i, ok = 0, v;
+    EVP_MD_CTX tmp_ctx;
 
-	EVP_MD_CTX_init(&tmp_ctx);
-	EVP_MD_CTX_copy_ex(&tmp_ctx,ctx);     
-	if (ctx->digest->flags & EVP_MD_FLAG_SVCTX)
-		{
-		EVP_MD_SVCTX sctmp;
-		sctmp.mctx = &tmp_ctx;
-		sctmp.key = pkey->pkey.ptr;
-		i = ctx->digest->verify(ctx->digest->type,
-			NULL, -1, sigbuf, siglen, &sctmp);
-		}
-	else
-		{
-		EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len);
-		i = ctx->digest->verify(ctx->digest->type,m,m_len,
-					sigbuf,siglen,pkey->pkey.ptr);
-		}
-	EVP_MD_CTX_cleanup(&tmp_ctx);
-	return i;
-	}
+    for (i = 0; i < 4; i++) {
+        v = ctx->digest->required_pkey_type[i];
+        if (v == 0)
+            break;
+        if (pkey->type == v) {
+            ok = 1;
+            break;
+        }
+    }
+    if (!ok) {
+        EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_WRONG_PUBLIC_KEY_TYPE);
+        return (-1);
+    }
+    if (ctx->digest->verify == NULL) {
+        EVPerr(EVP_F_EVP_VERIFYFINAL, EVP_R_NO_VERIFY_FUNCTION_CONFIGURED);
+        return (0);
+    }
 
+    EVP_MD_CTX_init(&tmp_ctx);
+    EVP_MD_CTX_copy_ex(&tmp_ctx, ctx);
+    if (ctx->digest->flags & EVP_MD_FLAG_SVCTX) {
+        EVP_MD_SVCTX sctmp;
+        sctmp.mctx = &tmp_ctx;
+        sctmp.key = pkey->pkey.ptr;
+        i = ctx->digest->verify(ctx->digest->type,
+                                NULL, -1, sigbuf, siglen, &sctmp);
+    } else {
+        EVP_DigestFinal_ex(&tmp_ctx, &(m[0]), &m_len);
+        i = ctx->digest->verify(ctx->digest->type, m, m_len,
+                                sigbuf, siglen, pkey->pkey.ptr);
+    }
+    EVP_MD_CTX_cleanup(&tmp_ctx);
+    return i;
+}
diff --git a/Cryptlib/OpenSSL/crypto/ex_data.c b/Cryptlib/OpenSSL/crypto/ex_data.c
index 3b11e7a5..efd9911c 100644
--- a/Cryptlib/OpenSSL/crypto/ex_data.c
+++ b/Cryptlib/OpenSSL/crypto/ex_data.c
@@ -34,21 +34,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -63,10 +63,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -78,7 +78,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -92,7 +92,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -142,103 +142,108 @@
 #include <openssl/lhash.h>
 
 /* What an "implementation of ex_data functionality" looks like */
-struct st_CRYPTO_EX_DATA_IMPL
-	{
-	/*********************/
-	/* GLOBAL OPERATIONS */
-	/* Return a new class index */
-	int (*cb_new_class)(void);
-	/* Cleanup all state used by the implementation */
-	void (*cb_cleanup)(void);
-	/************************/
-	/* PER-CLASS OPERATIONS */
-	/* Get a new method index within a class */
-	int (*cb_get_new_index)(int class_index, long argl, void *argp,
-			CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-			CRYPTO_EX_free *free_func);
-	/* Initialise a new CRYPTO_EX_DATA of a given class */
-	int (*cb_new_ex_data)(int class_index, void *obj,
-			CRYPTO_EX_DATA *ad);
-	/* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */
-	int (*cb_dup_ex_data)(int class_index, CRYPTO_EX_DATA *to,
-			CRYPTO_EX_DATA *from);
-	/* Cleanup a CRYPTO_EX_DATA of a given class */
-	void (*cb_free_ex_data)(int class_index, void *obj,
-			CRYPTO_EX_DATA *ad);
-	};
+struct st_CRYPTO_EX_DATA_IMPL {
+        /*********************/
+    /* GLOBAL OPERATIONS */
+    /* Return a new class index */
+    int (*cb_new_class) (void);
+    /* Cleanup all state used by the implementation */
+    void (*cb_cleanup) (void);
+        /************************/
+    /* PER-CLASS OPERATIONS */
+    /* Get a new method index within a class */
+    int (*cb_get_new_index) (int class_index, long argl, void *argp,
+                             CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                             CRYPTO_EX_free *free_func);
+    /* Initialise a new CRYPTO_EX_DATA of a given class */
+    int (*cb_new_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad);
+    /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */
+    int (*cb_dup_ex_data) (int class_index, CRYPTO_EX_DATA *to,
+                           CRYPTO_EX_DATA *from);
+    /* Cleanup a CRYPTO_EX_DATA of a given class */
+    void (*cb_free_ex_data) (int class_index, void *obj, CRYPTO_EX_DATA *ad);
+};
 
 /* The implementation we use at run-time */
 static const CRYPTO_EX_DATA_IMPL *impl = NULL;
 
-/* To call "impl" functions, use this macro rather than referring to 'impl' directly, eg.
- * EX_IMPL(get_new_index)(...); */
+/*
+ * To call "impl" functions, use this macro rather than referring to 'impl'
+ * directly, eg. EX_IMPL(get_new_index)(...);
+ */
 #define EX_IMPL(a) impl->cb_##a
 
 /* Predeclare the "default" ex_data implementation */
 static int int_new_class(void);
 static void int_cleanup(void);
 static int int_get_new_index(int class_index, long argl, void *argp,
-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-		CRYPTO_EX_free *free_func);
-static int int_new_ex_data(int class_index, void *obj,
-		CRYPTO_EX_DATA *ad);
+                             CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                             CRYPTO_EX_free *free_func);
+static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
 static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-		CRYPTO_EX_DATA *from);
-static void int_free_ex_data(int class_index, void *obj,
-		CRYPTO_EX_DATA *ad);
-static CRYPTO_EX_DATA_IMPL impl_default =
-	{
-	int_new_class,
-	int_cleanup,
-	int_get_new_index,
-	int_new_ex_data,
-	int_dup_ex_data,
-	int_free_ex_data
-	};
-
-/* Internal function that checks whether "impl" is set and if not, sets it to
- * the default. */
+                           CRYPTO_EX_DATA *from);
+static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad);
+static CRYPTO_EX_DATA_IMPL impl_default = {
+    int_new_class,
+    int_cleanup,
+    int_get_new_index,
+    int_new_ex_data,
+    int_dup_ex_data,
+    int_free_ex_data
+};
+
+/*
+ * Internal function that checks whether "impl" is set and if not, sets it to
+ * the default.
+ */
 static void impl_check(void)
-	{
-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-	if(!impl)
-		impl = &impl_default;
-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-	}
-/* A macro wrapper for impl_check that first uses a non-locked test before
- * invoking the function (which checks again inside a lock). */
+{
+    CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+    if (!impl)
+        impl = &impl_default;
+    CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+}
+
+/*
+ * A macro wrapper for impl_check that first uses a non-locked test before
+ * invoking the function (which checks again inside a lock).
+ */
 #define IMPL_CHECK if(!impl) impl_check();
 
 /* API functions to get/set the "ex_data" implementation */
 const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void)
-	{
-	IMPL_CHECK
-	return impl;
-	}
+{
+    IMPL_CHECK return impl;
+}
+
 int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i)
-	{
-	int toret = 0;
-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-	if(!impl)
-		{
-		impl = i;
-		toret = 1;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-	return toret;
-	}
+{
+    int toret = 0;
+    CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+    if (!impl) {
+        impl = i;
+        toret = 1;
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+    return toret;
+}
 
 /****************************************************************************/
-/* Interal (default) implementation of "ex_data" support. API functions are
- * further down. */
+/*
+ * Interal (default) implementation of "ex_data" support. API functions are
+ * further down.
+ */
 
-/* The type that represents what each "class" used to implement locally. A STACK
- * of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is the global
- * value representing the class that is used to distinguish these items. */
+/*
+ * The type that represents what each "class" used to implement locally. A
+ * STACK of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is
+ * the global value representing the class that is used to distinguish these
+ * items.
+ */
 typedef struct st_ex_class_item {
-	int class_index;
-	STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth;
-	int meth_num;
+    int class_index;
+    STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth;
+    int meth_num;
 } EX_CLASS_ITEM;
 
 /* When assigning new class indexes, this is our counter */
@@ -249,384 +254,388 @@ static LHASH *ex_data = NULL;
 
 /* The callbacks required in the "ex_data" hash table */
 static unsigned long ex_hash_cb(const void *a_void)
-	{
-	return ((const EX_CLASS_ITEM *)a_void)->class_index;
-	}
+{
+    return ((const EX_CLASS_ITEM *)a_void)->class_index;
+}
+
 static int ex_cmp_cb(const void *a_void, const void *b_void)
-	{
-	return (((const EX_CLASS_ITEM *)a_void)->class_index -
-		((const EX_CLASS_ITEM *)b_void)->class_index);
-	}
+{
+    return (((const EX_CLASS_ITEM *)a_void)->class_index -
+            ((const EX_CLASS_ITEM *)b_void)->class_index);
+}
 
-/* Internal functions used by the "impl_default" implementation to access the
- * state */
+/*
+ * Internal functions used by the "impl_default" implementation to access the
+ * state
+ */
 
 static int ex_data_check(void)
-	{
-	int toret = 1;
-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-	if(!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL))
-		toret = 0;
-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-	return toret;
-	}
-/* This macros helps reduce the locking from repeated checks because the
- * ex_data_check() function checks ex_data again inside a lock. */
+{
+    int toret = 1;
+    CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+    if (!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL))
+        toret = 0;
+    CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+    return toret;
+}
+
+/*
+ * This macros helps reduce the locking from repeated checks because the
+ * ex_data_check() function checks ex_data again inside a lock.
+ */
 #define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail}
 
 /* This "inner" callback is used by the callback function that follows it */
 static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs)
-	{
-	OPENSSL_free(funcs);
-	}
+{
+    OPENSSL_free(funcs);
+}
 
-/* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from
- * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do
- * any locking. */
+/*
+ * This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from
+ * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't
+ * do any locking.
+ */
 static void def_cleanup_cb(void *a_void)
-	{
-	EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void;
-	sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb);
-	OPENSSL_free(item);
-	}
-
-/* Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to a
- * given class. Handles locking. */
+{
+    EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void;
+    sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb);
+    OPENSSL_free(item);
+}
+
+/*
+ * Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to
+ * a given class. Handles locking.
+ */
 static EX_CLASS_ITEM *def_get_class(int class_index)
-	{
-	EX_CLASS_ITEM d, *p, *gen;
-	EX_DATA_CHECK(return NULL;)
-	d.class_index = class_index;
-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-	p = lh_retrieve(ex_data, &d);
-	if(!p)
-		{
-		gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM));
-		if(gen)
-			{
-			gen->class_index = class_index;
-			gen->meth_num = 0;
-			gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
-			if(!gen->meth)
-				OPENSSL_free(gen);
-			else
-				{
-				/* Because we're inside the ex_data lock, the
-				 * return value from the insert will be NULL */
-				lh_insert(ex_data, gen);
-				p = gen;
-				}
-			}
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-	if(!p)
-		CRYPTOerr(CRYPTO_F_DEF_GET_CLASS,ERR_R_MALLOC_FAILURE);
-	return p;
-	}
-
-/* Add a new method to the given EX_CLASS_ITEM and return the corresponding
- * index (or -1 for error). Handles locking. */
+{
+    EX_CLASS_ITEM d, *p, *gen;
+    EX_DATA_CHECK(return NULL;)
+        d.class_index = class_index;
+    CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+    p = lh_retrieve(ex_data, &d);
+    if (!p) {
+        gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM));
+        if (gen) {
+            gen->class_index = class_index;
+            gen->meth_num = 0;
+            gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null();
+            if (!gen->meth)
+                OPENSSL_free(gen);
+            else {
+                /*
+                 * Because we're inside the ex_data lock, the return value
+                 * from the insert will be NULL
+                 */
+                lh_insert(ex_data, gen);
+                p = gen;
+            }
+        }
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+    if (!p)
+        CRYPTOerr(CRYPTO_F_DEF_GET_CLASS, ERR_R_MALLOC_FAILURE);
+    return p;
+}
+
+/*
+ * Add a new method to the given EX_CLASS_ITEM and return the corresponding
+ * index (or -1 for error). Handles locking.
+ */
 static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp,
-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-		CRYPTO_EX_free *free_func)
-	{
-	int toret = -1;
-	CRYPTO_EX_DATA_FUNCS *a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(
-					sizeof(CRYPTO_EX_DATA_FUNCS));
-	if(!a)
-		{
-		CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);
-		return -1;
-		}
-	a->argl=argl;
-	a->argp=argp;
-	a->new_func=new_func;
-	a->dup_func=dup_func;
-	a->free_func=free_func;
-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-	while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num)
-		{
-		if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL))
-			{
-			CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE);
-			OPENSSL_free(a);
-			goto err;
-			}
-		}
-	toret = item->meth_num++;
-	(void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);
-err:
-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-	return toret;
-	}
+                         CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                         CRYPTO_EX_free *free_func)
+{
+    int toret = -1;
+    CRYPTO_EX_DATA_FUNCS *a =
+        (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc(sizeof(CRYPTO_EX_DATA_FUNCS));
+    if (!a) {
+        CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    a->argl = argl;
+    a->argp = argp;
+    a->new_func = new_func;
+    a->dup_func = dup_func;
+    a->free_func = free_func;
+    CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+    while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) {
+        if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) {
+            CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX, ERR_R_MALLOC_FAILURE);
+            OPENSSL_free(a);
+            goto err;
+        }
+    }
+    toret = item->meth_num++;
+    (void)sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a);
+ err:
+    CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+    return toret;
+}
 
 /**************************************************************/
 /* The functions in the default CRYPTO_EX_DATA_IMPL structure */
 
 static int int_new_class(void)
-	{
-	int toret;
-	CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
-	toret = ex_class++;
-	CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
-	return toret;
-	}
+{
+    int toret;
+    CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
+    toret = ex_class++;
+    CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
+    return toret;
+}
 
 static void int_cleanup(void)
-	{
-	EX_DATA_CHECK(return;)
-	lh_doall(ex_data, def_cleanup_cb);
-	lh_free(ex_data);
-	ex_data = NULL;
-	impl = NULL;
-	}
+{
+    EX_DATA_CHECK(return;)
+        lh_doall(ex_data, def_cleanup_cb);
+    lh_free(ex_data);
+    ex_data = NULL;
+    impl = NULL;
+}
 
 static int int_get_new_index(int class_index, long argl, void *argp,
-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-		CRYPTO_EX_free *free_func)
-	{
-	EX_CLASS_ITEM *item = def_get_class(class_index);
-	if(!item)
-		return -1;
-	return def_add_index(item, argl, argp, new_func, dup_func, free_func);
-	}
-
-/* Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries in
- * the lock, then using them outside the lock. NB: Thread-safety only applies to
- * the global "ex_data" state (ie. class definitions), not thread-safe on 'ad'
- * itself. */
-static int int_new_ex_data(int class_index, void *obj,
-		CRYPTO_EX_DATA *ad)
-	{
-	int mx,i;
-	void *ptr;
-	CRYPTO_EX_DATA_FUNCS **storage = NULL;
-	EX_CLASS_ITEM *item = def_get_class(class_index);
-	if(!item)
-		/* error is already set */
-		return 0;
-	ad->sk = NULL;
-	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
-	mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
-	if(mx > 0)
-		{
-		storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
-		if(!storage)
-			goto skip;
-		for(i = 0; i < mx; i++)
-			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
-		}
-skip:
-	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
-	if((mx > 0) && !storage)
-		{
-		CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	for(i = 0; i < mx; i++)
-		{
-		if(storage[i] && storage[i]->new_func)
-			{
-			ptr = CRYPTO_get_ex_data(ad, i);
-			storage[i]->new_func(obj,ptr,ad,i,
-				storage[i]->argl,storage[i]->argp);
-			}
-		}
-	if(storage)
-		OPENSSL_free(storage);
-	return 1;
-	}
+                             CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                             CRYPTO_EX_free *free_func)
+{
+    EX_CLASS_ITEM *item = def_get_class(class_index);
+    if (!item)
+        return -1;
+    return def_add_index(item, argl, argp, new_func, dup_func, free_func);
+}
+
+/*
+ * Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries
+ * in the lock, then using them outside the lock. NB: Thread-safety only
+ * applies to the global "ex_data" state (ie. class definitions), not
+ * thread-safe on 'ad' itself.
+ */
+static int int_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+{
+    int mx, i;
+    void *ptr;
+    CRYPTO_EX_DATA_FUNCS **storage = NULL;
+    EX_CLASS_ITEM *item = def_get_class(class_index);
+    if (!item)
+        /* error is already set */
+        return 0;
+    ad->sk = NULL;
+    CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
+    mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+    if (mx > 0) {
+        storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
+        if (!storage)
+            goto skip;
+        for (i = 0; i < mx; i++)
+            storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i);
+    }
+ skip:
+    CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+    if ((mx > 0) && !storage) {
+        CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < mx; i++) {
+        if (storage[i] && storage[i]->new_func) {
+            ptr = CRYPTO_get_ex_data(ad, i);
+            storage[i]->new_func(obj, ptr, ad, i,
+                                 storage[i]->argl, storage[i]->argp);
+        }
+    }
+    if (storage)
+        OPENSSL_free(storage);
+    return 1;
+}
 
 /* Same thread-safety notes as for "int_new_ex_data" */
 static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-		CRYPTO_EX_DATA *from)
-	{
-	int mx, j, i;
-	char *ptr;
-	CRYPTO_EX_DATA_FUNCS **storage = NULL;
-	EX_CLASS_ITEM *item;
-	if(!from->sk)
-		/* 'to' should be "blank" which *is* just like 'from' */
-		return 1;
-	if((item = def_get_class(class_index)) == NULL)
-		return 0;
-	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
-	mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
-	j = sk_num(from->sk);
-	if(j < mx)
-		mx = j;
-	if(mx > 0)
-		{
-		storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
-		if(!storage)
-			goto skip;
-		for(i = 0; i < mx; i++)
-			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
-		}
-skip:
-	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
-	if((mx > 0) && !storage)
-		{
-		CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	for(i = 0; i < mx; i++)
-		{
-		ptr = CRYPTO_get_ex_data(from, i);
-		if(storage[i] && storage[i]->dup_func)
-			storage[i]->dup_func(to,from,&ptr,i,
-				storage[i]->argl,storage[i]->argp);
-		CRYPTO_set_ex_data(to,i,ptr);
-		}
-	if(storage)
-		OPENSSL_free(storage);
-	return 1;
-	}
+                           CRYPTO_EX_DATA *from)
+{
+    int mx, j, i;
+    char *ptr;
+    CRYPTO_EX_DATA_FUNCS **storage = NULL;
+    EX_CLASS_ITEM *item;
+    if (!from->sk)
+        /* 'to' should be "blank" which *is* just like 'from' */
+        return 1;
+    if ((item = def_get_class(class_index)) == NULL)
+        return 0;
+    CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
+    mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+    j = sk_num(from->sk);
+    if (j < mx)
+        mx = j;
+    if (mx > 0) {
+        storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
+        if (!storage)
+            goto skip;
+        for (i = 0; i < mx; i++)
+            storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i);
+    }
+ skip:
+    CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+    if ((mx > 0) && !storage) {
+        CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    for (i = 0; i < mx; i++) {
+        ptr = CRYPTO_get_ex_data(from, i);
+        if (storage[i] && storage[i]->dup_func)
+            storage[i]->dup_func(to, from, &ptr, i,
+                                 storage[i]->argl, storage[i]->argp);
+        CRYPTO_set_ex_data(to, i, ptr);
+    }
+    if (storage)
+        OPENSSL_free(storage);
+    return 1;
+}
 
 /* Same thread-safety notes as for "int_new_ex_data" */
-static void int_free_ex_data(int class_index, void *obj,
-		CRYPTO_EX_DATA *ad)
-	{
-	int mx,i;
-	EX_CLASS_ITEM *item;
-	void *ptr;
-	CRYPTO_EX_DATA_FUNCS **storage = NULL;
-	if((item = def_get_class(class_index)) == NULL)
-		return;
-	CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
-	mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
-	if(mx > 0)
-		{
-		storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*));
-		if(!storage)
-			goto skip;
-		for(i = 0; i < mx; i++)
-			storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i);
-		}
-skip:
-	CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
-	if((mx > 0) && !storage)
-		{
-		CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA,ERR_R_MALLOC_FAILURE);
-		return;
-		}
-	for(i = 0; i < mx; i++)
-		{
-		if(storage[i] && storage[i]->free_func)
-			{
-			ptr = CRYPTO_get_ex_data(ad,i);
-			storage[i]->free_func(obj,ptr,ad,i,
-				storage[i]->argl,storage[i]->argp);
-			}
-		}
-	if(storage)
-		OPENSSL_free(storage);
-	if(ad->sk)
-		{
-		sk_free(ad->sk);
-		ad->sk=NULL;
-		}
-	}
+static void int_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
+{
+    int mx, i;
+    EX_CLASS_ITEM *item;
+    void *ptr;
+    CRYPTO_EX_DATA_FUNCS **storage = NULL;
+    if ((item = def_get_class(class_index)) == NULL)
+        return;
+    CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
+    mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);
+    if (mx > 0) {
+        storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS *));
+        if (!storage)
+            goto skip;
+        for (i = 0; i < mx; i++)
+            storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth, i);
+    }
+ skip:
+    CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA);
+    if ((mx > 0) && !storage) {
+        CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA, ERR_R_MALLOC_FAILURE);
+        return;
+    }
+    for (i = 0; i < mx; i++) {
+        if (storage[i] && storage[i]->free_func) {
+            ptr = CRYPTO_get_ex_data(ad, i);
+            storage[i]->free_func(obj, ptr, ad, i,
+                                  storage[i]->argl, storage[i]->argp);
+        }
+    }
+    if (storage)
+        OPENSSL_free(storage);
+    if (ad->sk) {
+        sk_free(ad->sk);
+        ad->sk = NULL;
+    }
+}
 
 /********************************************************************/
-/* API functions that defer all "state" operations to the "ex_data"
- * implementation we have set. */
+/*
+ * API functions that defer all "state" operations to the "ex_data"
+ * implementation we have set.
+ */
 
-/* Obtain an index for a new class (not the same as getting a new index within
- * an existing class - this is actually getting a new *class*) */
+/*
+ * Obtain an index for a new class (not the same as getting a new index
+ * within an existing class - this is actually getting a new *class*)
+ */
 int CRYPTO_ex_data_new_class(void)
-	{
-	IMPL_CHECK
-	return EX_IMPL(new_class)();
-	}
+{
+    IMPL_CHECK return EX_IMPL(new_class) ();
+}
 
-/* Release all "ex_data" state to prevent memory leaks. This can't be made
+/*
+ * Release all "ex_data" state to prevent memory leaks. This can't be made
  * thread-safe without overhauling a lot of stuff, and shouldn't really be
  * called under potential race-conditions anyway (it's for program shutdown
- * after all). */
+ * after all).
+ */
 void CRYPTO_cleanup_all_ex_data(void)
-	{
-	IMPL_CHECK
-	EX_IMPL(cleanup)();
-	}
+{
+    IMPL_CHECK EX_IMPL(cleanup) ();
+}
 
 /* Inside an existing class, get/register a new index. */
 int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,
-		CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-		CRYPTO_EX_free *free_func)
-	{
-	int ret = -1;
-
-	IMPL_CHECK
-	ret = EX_IMPL(get_new_index)(class_index,
-			argl, argp, new_func, dup_func, free_func);
-	return ret;
-	}
-
-/* Initialise a new CRYPTO_EX_DATA for use in a particular class - including
- * calling new() callbacks for each index in the class used by this variable */
+                            CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
+                            CRYPTO_EX_free *free_func)
+{
+    int ret = -1;
+
+    IMPL_CHECK
+        ret = EX_IMPL(get_new_index) (class_index,
+                                      argl, argp, new_func, dup_func,
+                                      free_func);
+    return ret;
+}
+
+/*
+ * Initialise a new CRYPTO_EX_DATA for use in a particular class - including
+ * calling new() callbacks for each index in the class used by this variable
+ */
 int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
-	{
-	IMPL_CHECK
-	return EX_IMPL(new_ex_data)(class_index, obj, ad);
-	}
+{
+    IMPL_CHECK return EX_IMPL(new_ex_data) (class_index, obj, ad);
+}
 
-/* Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks for
- * each index in the class used by this variable */
+/*
+ * Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks
+ * for each index in the class used by this variable
+ */
 int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to,
-	     CRYPTO_EX_DATA *from)
-	{
-	IMPL_CHECK
-	return EX_IMPL(dup_ex_data)(class_index, to, from);
-	}
-
-/* Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
- * each index in the class used by this variable */
+                       CRYPTO_EX_DATA *from)
+{
+    IMPL_CHECK return EX_IMPL(dup_ex_data) (class_index, to, from);
+}
+
+/*
+ * Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for
+ * each index in the class used by this variable
+ */
 void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad)
-	{
-	IMPL_CHECK
-	EX_IMPL(free_ex_data)(class_index, obj, ad);
-	}
+{
+    IMPL_CHECK EX_IMPL(free_ex_data) (class_index, obj, ad);
+}
 
-/* For a given CRYPTO_EX_DATA variable, set the value corresponding to a
- * particular index in the class used by this variable */
+/*
+ * For a given CRYPTO_EX_DATA variable, set the value corresponding to a
+ * particular index in the class used by this variable
+ */
 int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val)
-	{
-	int i;
-
-	if (ad->sk == NULL)
-		{
-		if ((ad->sk=sk_new_null()) == NULL)
-			{
-			CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		}
-	i=sk_num(ad->sk);
-
-	while (i <= idx)
-		{
-		if (!sk_push(ad->sk,NULL))
-			{
-			CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		i++;
-		}
-	sk_set(ad->sk,idx,val);
-	return(1);
-	}
-
-/* For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a
- * particular index in the class used by this variable */
+{
+    int i;
+
+    if (ad->sk == NULL) {
+        if ((ad->sk = sk_new_null()) == NULL) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE);
+            return (0);
+        }
+    }
+    i = sk_num(ad->sk);
+
+    while (i <= idx) {
+        if (!sk_push(ad->sk, NULL)) {
+            CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA, ERR_R_MALLOC_FAILURE);
+            return (0);
+        }
+        i++;
+    }
+    sk_set(ad->sk, idx, val);
+    return (1);
+}
+
+/*
+ * For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a
+ * particular index in the class used by this variable
+ */
 void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx)
-	{
-	if (ad->sk == NULL)
-		return(0);
-	else if (idx >= sk_num(ad->sk))
-		return(0);
-	else
-		return(sk_value(ad->sk,idx));
-	}
+{
+    if (ad->sk == NULL)
+        return (0);
+    else if (idx >= sk_num(ad->sk))
+        return (0);
+    else
+        return (sk_value(ad->sk, idx));
+}
 
 IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS)
diff --git a/Cryptlib/OpenSSL/crypto/fips_err.c b/Cryptlib/OpenSSL/crypto/fips_err.c
index 09f11748..1788ed28 100644
--- a/Cryptlib/OpenSSL/crypto/fips_err.c
+++ b/Cryptlib/OpenSSL/crypto/fips_err.c
@@ -3,5 +3,5 @@
 #ifdef OPENSSL_FIPS
 # include "fips_err.h"
 #else
-static void *dummy=&dummy;
+static void *dummy = &dummy;
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/hmac/hmac.c b/Cryptlib/OpenSSL/crypto/hmac/hmac.c
index 6899be63..639fd8c3 100644
--- a/Cryptlib/OpenSSL/crypto/hmac/hmac.c
+++ b/Cryptlib/OpenSSL/crypto/hmac/hmac.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,117 +64,109 @@
 #ifndef OPENSSL_FIPS
 
 void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len,
-		  const EVP_MD *md, ENGINE *impl)
-	{
-	int i,j,reset=0;
-	unsigned char pad[HMAC_MAX_MD_CBLOCK];
-
-	if (md != NULL)
-		{
-		reset=1;
-		ctx->md=md;
-		}
-	else
-		md=ctx->md;
-
-	if (key != NULL)
-		{
-		reset=1;
-		j=EVP_MD_block_size(md);
-		OPENSSL_assert(j <= (int)sizeof(ctx->key));
-		if (j < len)
-			{
-			EVP_DigestInit_ex(&ctx->md_ctx,md, impl);
-			EVP_DigestUpdate(&ctx->md_ctx,key,len);
-			EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key,
-				&ctx->key_length);
-			}
-		else
-			{
-			OPENSSL_assert(len>=0 && len<=(int)sizeof(ctx->key));
-			memcpy(ctx->key,key,len);
-			ctx->key_length=len;
-			}
-		if(ctx->key_length != HMAC_MAX_MD_CBLOCK)
-			memset(&ctx->key[ctx->key_length], 0,
-				HMAC_MAX_MD_CBLOCK - ctx->key_length);
-		}
-
-	if (reset)	
-		{
-		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
-			pad[i]=0x36^ctx->key[i];
-		EVP_DigestInit_ex(&ctx->i_ctx,md, impl);
-		EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md));
-
-		for (i=0; i<HMAC_MAX_MD_CBLOCK; i++)
-			pad[i]=0x5c^ctx->key[i];
-		EVP_DigestInit_ex(&ctx->o_ctx,md, impl);
-		EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md));
-		}
-	EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx);
-	}
-
-void HMAC_Init(HMAC_CTX *ctx, const void *key, int len,
-	       const EVP_MD *md)
-	{
-	if(key && md)
-	    HMAC_CTX_init(ctx);
-	HMAC_Init_ex(ctx,key,len,md, NULL);
-	}
+                  const EVP_MD *md, ENGINE *impl)
+{
+    int i, j, reset = 0;
+    unsigned char pad[HMAC_MAX_MD_CBLOCK];
+
+    if (md != NULL) {
+        reset = 1;
+        ctx->md = md;
+    } else
+        md = ctx->md;
+
+    if (key != NULL) {
+        reset = 1;
+        j = EVP_MD_block_size(md);
+        OPENSSL_assert(j <= (int)sizeof(ctx->key));
+        if (j < len) {
+            EVP_DigestInit_ex(&ctx->md_ctx, md, impl);
+            EVP_DigestUpdate(&ctx->md_ctx, key, len);
+            EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key, &ctx->key_length);
+        } else {
+            OPENSSL_assert(len >= 0 && len <= (int)sizeof(ctx->key));
+            memcpy(ctx->key, key, len);
+            ctx->key_length = len;
+        }
+        if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
+            memset(&ctx->key[ctx->key_length], 0,
+                   HMAC_MAX_MD_CBLOCK - ctx->key_length);
+    }
+
+    if (reset) {
+        for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+            pad[i] = 0x36 ^ ctx->key[i];
+        EVP_DigestInit_ex(&ctx->i_ctx, md, impl);
+        EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md));
+
+        for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
+            pad[i] = 0x5c ^ ctx->key[i];
+        EVP_DigestInit_ex(&ctx->o_ctx, md, impl);
+        EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md));
+    }
+    EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx);
+}
+
+void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md)
+{
+    if (key && md)
+        HMAC_CTX_init(ctx);
+    HMAC_Init_ex(ctx, key, len, md, NULL);
+}
 
 void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
-	{
-	EVP_DigestUpdate(&ctx->md_ctx,data,len);
-	}
+{
+    EVP_DigestUpdate(&ctx->md_ctx, data, len);
+}
 
 void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
-	{
-	unsigned int i;
-	unsigned char buf[EVP_MAX_MD_SIZE];
+{
+    unsigned int i;
+    unsigned char buf[EVP_MAX_MD_SIZE];
 
-	EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i);
-	EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx);
-	EVP_DigestUpdate(&ctx->md_ctx,buf,i);
-	EVP_DigestFinal_ex(&ctx->md_ctx,md,len);
-	}
+    EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i);
+    EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx);
+    EVP_DigestUpdate(&ctx->md_ctx, buf, i);
+    EVP_DigestFinal_ex(&ctx->md_ctx, md, len);
+}
 
 void HMAC_CTX_init(HMAC_CTX *ctx)
-	{
-	EVP_MD_CTX_init(&ctx->i_ctx);
-	EVP_MD_CTX_init(&ctx->o_ctx);
-	EVP_MD_CTX_init(&ctx->md_ctx);
-	}
+{
+    EVP_MD_CTX_init(&ctx->i_ctx);
+    EVP_MD_CTX_init(&ctx->o_ctx);
+    EVP_MD_CTX_init(&ctx->md_ctx);
+}
 
 void HMAC_CTX_cleanup(HMAC_CTX *ctx)
-	{
-	EVP_MD_CTX_cleanup(&ctx->i_ctx);
-	EVP_MD_CTX_cleanup(&ctx->o_ctx);
-	EVP_MD_CTX_cleanup(&ctx->md_ctx);
-	memset(ctx,0,sizeof *ctx);
-	}
+{
+    EVP_MD_CTX_cleanup(&ctx->i_ctx);
+    EVP_MD_CTX_cleanup(&ctx->o_ctx);
+    EVP_MD_CTX_cleanup(&ctx->md_ctx);
+    memset(ctx, 0, sizeof *ctx);
+}
 
 unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
-		    const unsigned char *d, size_t n, unsigned char *md,
-		    unsigned int *md_len)
-	{
-	HMAC_CTX c;
-	static unsigned char m[EVP_MAX_MD_SIZE];
-
-	if (md == NULL) md=m;
-	HMAC_CTX_init(&c);
-	HMAC_Init(&c,key,key_len,evp_md);
-	HMAC_Update(&c,d,n);
-	HMAC_Final(&c,md,md_len);
-	HMAC_CTX_cleanup(&c);
-	return(md);
-	}
+                    const unsigned char *d, size_t n, unsigned char *md,
+                    unsigned int *md_len)
+{
+    HMAC_CTX c;
+    static unsigned char m[EVP_MAX_MD_SIZE];
+
+    if (md == NULL)
+        md = m;
+    HMAC_CTX_init(&c);
+    HMAC_Init(&c, key, key_len, evp_md);
+    HMAC_Update(&c, d, n);
+    HMAC_Final(&c, md, md_len);
+    HMAC_CTX_cleanup(&c);
+    return (md);
+}
 
 void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
-	{
-	EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
-	EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
-	EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
-	}
+{
+    EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
+    EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
+    EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cbc.c b/Cryptlib/OpenSSL/crypto/idea/i_cbc.c
index ecb9cb8b..950df98c 100644
--- a/Cryptlib/OpenSSL/crypto/idea/i_cbc.c
+++ b/Cryptlib/OpenSSL/crypto/idea/i_cbc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS  SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,110 +59,113 @@
 #include <openssl/idea.h>
 #include "idea_lcl.h"
 
-void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	     IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int encrypt)
-	{
-	register unsigned long tin0,tin1;
-	register unsigned long tout0,tout1,xor0,xor1;
-	register long l=length;
-	unsigned long tin[2];
+void idea_cbc_encrypt(const unsigned char *in, unsigned char *out,
+                      long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,
+                      int encrypt)
+{
+    register unsigned long tin0, tin1;
+    register unsigned long tout0, tout1, xor0, xor1;
+    register long l = length;
+    unsigned long tin[2];
 
-	if (encrypt)
-		{
-		n2l(iv,tout0);
-		n2l(iv,tout1);
-		iv-=8;
-		for (l-=8; l>=0; l-=8)
-			{
-			n2l(in,tin0);
-			n2l(in,tin1);
-			tin0^=tout0;
-			tin1^=tout1;
-			tin[0]=tin0;
-			tin[1]=tin1;
-			idea_encrypt(tin,ks);
-			tout0=tin[0]; l2n(tout0,out);
-			tout1=tin[1]; l2n(tout1,out);
-			}
-		if (l != -8)
-			{
-			n2ln(in,tin0,tin1,l+8);
-			tin0^=tout0;
-			tin1^=tout1;
-			tin[0]=tin0;
-			tin[1]=tin1;
-			idea_encrypt(tin,ks);
-			tout0=tin[0]; l2n(tout0,out);
-			tout1=tin[1]; l2n(tout1,out);
-			}
-		l2n(tout0,iv);
-		l2n(tout1,iv);
-		}
-	else
-		{
-		n2l(iv,xor0);
-		n2l(iv,xor1);
-		iv-=8;
-		for (l-=8; l>=0; l-=8)
-			{
-			n2l(in,tin0); tin[0]=tin0;
-			n2l(in,tin1); tin[1]=tin1;
-			idea_encrypt(tin,ks);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2n(tout0,out);
-			l2n(tout1,out);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		if (l != -8)
-			{
-			n2l(in,tin0); tin[0]=tin0;
-			n2l(in,tin1); tin[1]=tin1;
-			idea_encrypt(tin,ks);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2nn(tout0,tout1,out,l+8);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		l2n(xor0,iv);
-		l2n(xor1,iv);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
+    if (encrypt) {
+        n2l(iv, tout0);
+        n2l(iv, tout1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            n2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            idea_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2n(tout0, out);
+            tout1 = tin[1];
+            l2n(tout1, out);
+        }
+        if (l != -8) {
+            n2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            idea_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2n(tout0, out);
+            tout1 = tin[1];
+            l2n(tout1, out);
+        }
+        l2n(tout0, iv);
+        l2n(tout1, iv);
+    } else {
+        n2l(iv, xor0);
+        n2l(iv, xor1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            n2l(in, tin0);
+            tin[0] = tin0;
+            n2l(in, tin1);
+            tin[1] = tin1;
+            idea_encrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2n(tout0, out);
+            l2n(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            n2l(in, tin0);
+            tin[0] = tin0;
+            n2l(in, tin1);
+            tin[1] = tin1;
+            idea_encrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2nn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2n(xor0, iv);
+        l2n(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
 
 void idea_encrypt(unsigned long *d, IDEA_KEY_SCHEDULE *key)
-	{
-	register IDEA_INT *p;
-	register unsigned long x1,x2,x3,x4,t0,t1,ul;
+{
+    register IDEA_INT *p;
+    register unsigned long x1, x2, x3, x4, t0, t1, ul;
 
-	x2=d[0];
-	x1=(x2>>16);
-	x4=d[1];
-	x3=(x4>>16);
+    x2 = d[0];
+    x1 = (x2 >> 16);
+    x4 = d[1];
+    x3 = (x4 >> 16);
 
-	p= &(key->data[0][0]);
+    p = &(key->data[0][0]);
 
-	E_IDEA(0);
-	E_IDEA(1);
-	E_IDEA(2);
-	E_IDEA(3);
-	E_IDEA(4);
-	E_IDEA(5);
-	E_IDEA(6);
-	E_IDEA(7);
+    E_IDEA(0);
+    E_IDEA(1);
+    E_IDEA(2);
+    E_IDEA(3);
+    E_IDEA(4);
+    E_IDEA(5);
+    E_IDEA(6);
+    E_IDEA(7);
 
-	x1&=0xffff;
-	idea_mul(x1,x1,*p,ul); p++;
+    x1 &= 0xffff;
+    idea_mul(x1, x1, *p, ul);
+    p++;
 
-	t0= x3+ *(p++);
-	t1= x2+ *(p++);
+    t0 = x3 + *(p++);
+    t1 = x2 + *(p++);
 
-	x4&=0xffff;
-	idea_mul(x4,x4,*p,ul);
+    x4 &= 0xffff;
+    idea_mul(x4, x4, *p, ul);
 
-	d[0]=(t0&0xffff)|((x1&0xffff)<<16);
-	d[1]=(x4&0xffff)|((t1&0xffff)<<16);
-	}
+    d[0] = (t0 & 0xffff) | ((x1 & 0xffff) << 16);
+    d[1] = (x4 & 0xffff) | ((t1 & 0xffff) << 16);
+}
diff --git a/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c b/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c
index 66d49d52..a1547ed5 100644
--- a/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c
+++ b/Cryptlib/OpenSSL/crypto/idea/i_cfb64.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,64 +59,65 @@
 #include <openssl/idea.h>
 #include "idea_lcl.h"
 
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
  */
 
 void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-			long length, IDEA_KEY_SCHEDULE *schedule,
-			unsigned char *ivec, int *num, int encrypt)
-	{
-	register unsigned long v0,v1,t;
-	register int n= *num;
-	register long l=length;
-	unsigned long ti[2];
-	unsigned char *iv,c,cc;
-
-	iv=(unsigned char *)ivec;
-	if (encrypt)
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				n2l(iv,v0); ti[0]=v0;
-				n2l(iv,v1); ti[1]=v1;
-				idea_encrypt((unsigned long *)ti,schedule);
-				iv=(unsigned char *)ivec;
-				t=ti[0]; l2n(t,iv);
-				t=ti[1]; l2n(t,iv);
-				iv=(unsigned char *)ivec;
-				}
-			c= *(in++)^iv[n];
-			*(out++)=c;
-			iv[n]=c;
-			n=(n+1)&0x07;
-			}
-		}
-	else
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				n2l(iv,v0); ti[0]=v0;
-				n2l(iv,v1); ti[1]=v1;
-				idea_encrypt((unsigned long *)ti,schedule);
-				iv=(unsigned char *)ivec;
-				t=ti[0]; l2n(t,iv);
-				t=ti[1]; l2n(t,iv);
-				iv=(unsigned char *)ivec;
-				}
-			cc= *(in++);
-			c=iv[n];
-			iv[n]=cc;
-			*(out++)=c^cc;
-			n=(n+1)&0x07;
-			}
-		}
-	v0=v1=ti[0]=ti[1]=t=c=cc=0;
-	*num=n;
-	}
+                        long length, IDEA_KEY_SCHEDULE *schedule,
+                        unsigned char *ivec, int *num, int encrypt)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned long ti[2];
+    unsigned char *iv, c, cc;
 
+    iv = (unsigned char *)ivec;
+    if (encrypt) {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                idea_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                n2l(iv, v0);
+                ti[0] = v0;
+                n2l(iv, v1);
+                ti[1] = v1;
+                idea_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2n(t, iv);
+                t = ti[1];
+                l2n(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ecb.c b/Cryptlib/OpenSSL/crypto/idea/i_ecb.c
index fef38230..a6b879a9 100644
--- a/Cryptlib/OpenSSL/crypto/idea/i_ecb.c
+++ b/Cryptlib/OpenSSL/crypto/idea/i_ecb.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,26 +60,29 @@
 #include "idea_lcl.h"
 #include <openssl/opensslv.h>
 
-const char IDEA_version[]="IDEA" OPENSSL_VERSION_PTEXT;
+const char IDEA_version[] = "IDEA" OPENSSL_VERSION_PTEXT;
 
 const char *idea_options(void)
-	{
-	if (sizeof(short) != sizeof(IDEA_INT))
-		return("idea(int)");
-	else
-		return("idea(short)");
-	}
+{
+    if (sizeof(short) != sizeof(IDEA_INT))
+        return ("idea(int)");
+    else
+        return ("idea(short)");
+}
 
 void idea_ecb_encrypt(const unsigned char *in, unsigned char *out,
-	     IDEA_KEY_SCHEDULE *ks)
-	{
-	unsigned long l0,l1,d[2];
-
-	n2l(in,l0); d[0]=l0;
-	n2l(in,l1); d[1]=l1;
-	idea_encrypt(d,ks);
-	l0=d[0]; l2n(l0,out);
-	l1=d[1]; l2n(l1,out);
-	l0=l1=d[0]=d[1]=0;
-	}
+                      IDEA_KEY_SCHEDULE *ks)
+{
+    unsigned long l0, l1, d[2];
 
+    n2l(in, l0);
+    d[0] = l0;
+    n2l(in, l1);
+    d[1] = l1;
+    idea_encrypt(d, ks);
+    l0 = d[0];
+    l2n(l0, out);
+    l1 = d[1];
+    l2n(l1, out);
+    l0 = l1 = d[0] = d[1] = 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c b/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c
index e749e88e..aa594880 100644
--- a/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c
+++ b/Cryptlib/OpenSSL/crypto/idea/i_ofb64.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,53 +59,52 @@
 #include <openssl/idea.h>
 #include "idea_lcl.h"
 
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
  */
 void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-			long length, IDEA_KEY_SCHEDULE *schedule,
-			unsigned char *ivec, int *num)
-	{
-	register unsigned long v0,v1,t;
-	register int n= *num;
-	register long l=length;
-	unsigned char d[8];
-	register char *dp;
-	unsigned long ti[2];
-	unsigned char *iv;
-	int save=0;
-
-	iv=(unsigned char *)ivec;
-	n2l(iv,v0);
-	n2l(iv,v1);
-	ti[0]=v0;
-	ti[1]=v1;
-	dp=(char *)d;
-	l2n(v0,dp);
-	l2n(v1,dp);
-	while (l--)
-		{
-		if (n == 0)
-			{
-			idea_encrypt((unsigned long *)ti,schedule);
-			dp=(char *)d;
-			t=ti[0]; l2n(t,dp);
-			t=ti[1]; l2n(t,dp);
-			save++;
-			}
-		*(out++)= *(in++)^d[n];
-		n=(n+1)&0x07;
-		}
-	if (save)
-		{
-		v0=ti[0];
-		v1=ti[1];
-		iv=(unsigned char *)ivec;
-		l2n(v0,iv);
-		l2n(v1,iv);
-		}
-	t=v0=v1=ti[0]=ti[1]=0;
-	*num=n;
-	}
+                        long length, IDEA_KEY_SCHEDULE *schedule,
+                        unsigned char *ivec, int *num)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    unsigned long ti[2];
+    unsigned char *iv;
+    int save = 0;
 
+    iv = (unsigned char *)ivec;
+    n2l(iv, v0);
+    n2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2n(v0, dp);
+    l2n(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            idea_encrypt((unsigned long *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2n(t, dp);
+            t = ti[1];
+            l2n(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = (unsigned char *)ivec;
+        l2n(v0, iv);
+        l2n(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/Cryptlib/OpenSSL/crypto/idea/i_skey.c b/Cryptlib/OpenSSL/crypto/idea/i_skey.c
index fa75b144..195e2ef3 100644
--- a/Cryptlib/OpenSSL/crypto/idea/i_skey.c
+++ b/Cryptlib/OpenSSL/crypto/idea/i_skey.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,7 +59,7 @@
 #include <openssl/idea.h>
 #include <openssl/crypto.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
 #include "idea_lcl.h"
@@ -68,107 +68,113 @@ static IDEA_INT inverse(unsigned int xin);
 
 #ifdef OPENSSL_FIPS
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
-	{
-	if (FIPS_mode())
-		FIPS_BAD_ABORT(IDEA)
-	private_idea_set_encrypt_key(key, ks);
-	}
+{
+    if (FIPS_mode())
+        FIPS_BAD_ABORT(IDEA)
+            private_idea_set_encrypt_key(key, ks);
+}
+
 void private_idea_set_encrypt_key(const unsigned char *key,
-						IDEA_KEY_SCHEDULE *ks)
+                                  IDEA_KEY_SCHEDULE *ks)
 #else
 void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks)
 #endif
-	{
-	int i;
-	register IDEA_INT *kt,*kf,r0,r1,r2;
+{
+    int i;
+    register IDEA_INT *kt, *kf, r0, r1, r2;
 
-	kt= &(ks->data[0][0]);
-	n2s(key,kt[0]); n2s(key,kt[1]); n2s(key,kt[2]); n2s(key,kt[3]);
-	n2s(key,kt[4]); n2s(key,kt[5]); n2s(key,kt[6]); n2s(key,kt[7]);
+    kt = &(ks->data[0][0]);
+    n2s(key, kt[0]);
+    n2s(key, kt[1]);
+    n2s(key, kt[2]);
+    n2s(key, kt[3]);
+    n2s(key, kt[4]);
+    n2s(key, kt[5]);
+    n2s(key, kt[6]);
+    n2s(key, kt[7]);
 
-	kf=kt;
-	kt+=8;
-	for (i=0; i<6; i++)
-		{
-		r2= kf[1];
-		r1= kf[2];
-		*(kt++)= ((r2<<9) | (r1>>7))&0xffff;
-		r0= kf[3];
-		*(kt++)= ((r1<<9) | (r0>>7))&0xffff;
-		r1= kf[4];
-		*(kt++)= ((r0<<9) | (r1>>7))&0xffff;
-		r0= kf[5];
-		*(kt++)= ((r1<<9) | (r0>>7))&0xffff;
-		r1= kf[6];
-		*(kt++)= ((r0<<9) | (r1>>7))&0xffff;
-		r0= kf[7];
-		*(kt++)= ((r1<<9) | (r0>>7))&0xffff;
-		r1= kf[0];
-		if (i >= 5) break;
-		*(kt++)= ((r0<<9) | (r1>>7))&0xffff;
-		*(kt++)= ((r1<<9) | (r2>>7))&0xffff;
-		kf+=8;
-		}
-	}
+    kf = kt;
+    kt += 8;
+    for (i = 0; i < 6; i++) {
+        r2 = kf[1];
+        r1 = kf[2];
+        *(kt++) = ((r2 << 9) | (r1 >> 7)) & 0xffff;
+        r0 = kf[3];
+        *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
+        r1 = kf[4];
+        *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
+        r0 = kf[5];
+        *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
+        r1 = kf[6];
+        *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
+        r0 = kf[7];
+        *(kt++) = ((r1 << 9) | (r0 >> 7)) & 0xffff;
+        r1 = kf[0];
+        if (i >= 5)
+            break;
+        *(kt++) = ((r0 << 9) | (r1 >> 7)) & 0xffff;
+        *(kt++) = ((r1 << 9) | (r2 >> 7)) & 0xffff;
+        kf += 8;
+    }
+}
 
 void idea_set_decrypt_key(const IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk)
-	{
-	int r;
-	register IDEA_INT *tp,t;
-	const IDEA_INT *fp;
+{
+    int r;
+    register IDEA_INT *tp, t;
+    const IDEA_INT *fp;
 
-	tp= &(dk->data[0][0]);
-	fp= &(ek->data[8][0]);
-	for (r=0; r<9; r++)
-		{
-		*(tp++)=inverse(fp[0]);
-		*(tp++)=((int)(0x10000L-fp[2])&0xffff);
-		*(tp++)=((int)(0x10000L-fp[1])&0xffff);
-		*(tp++)=inverse(fp[3]);
-		if (r == 8) break;
-		fp-=6;
-		*(tp++)=fp[4];
-		*(tp++)=fp[5];
-		}
+    tp = &(dk->data[0][0]);
+    fp = &(ek->data[8][0]);
+    for (r = 0; r < 9; r++) {
+        *(tp++) = inverse(fp[0]);
+        *(tp++) = ((int)(0x10000L - fp[2]) & 0xffff);
+        *(tp++) = ((int)(0x10000L - fp[1]) & 0xffff);
+        *(tp++) = inverse(fp[3]);
+        if (r == 8)
+            break;
+        fp -= 6;
+        *(tp++) = fp[4];
+        *(tp++) = fp[5];
+    }
 
-	tp= &(dk->data[0][0]);
-	t=tp[1];
-	tp[1]=tp[2];
-	tp[2]=t;
+    tp = &(dk->data[0][0]);
+    t = tp[1];
+    tp[1] = tp[2];
+    tp[2] = t;
 
-	t=tp[49];
-	tp[49]=tp[50];
-	tp[50]=t;
-	}
+    t = tp[49];
+    tp[49] = tp[50];
+    tp[50] = t;
+}
 
 /* taken directly from the 'paper' I'll have a look at it later */
 static IDEA_INT inverse(unsigned int xin)
-	{
-	long n1,n2,q,r,b1,b2,t;
+{
+    long n1, n2, q, r, b1, b2, t;
 
-	if (xin == 0)
-		b2=0;
-	else
-		{
-		n1=0x10001;
-		n2=xin;
-		b2=1;
-		b1=0;
+    if (xin == 0)
+        b2 = 0;
+    else {
+        n1 = 0x10001;
+        n2 = xin;
+        b2 = 1;
+        b1 = 0;
 
-		do	{
-			r=(n1%n2);
-			q=(n1-r)/n2;
-			if (r == 0)
-				{ if (b2 < 0) b2=0x10001+b2; }
-			else
-				{
-				n1=n2;
-				n2=r;
-				t=b2;
-				b2=b1-q*b2;
-				b1=t;
-				}
-			} while (r != 0);
-		}
-	return((IDEA_INT)b2);
-	}
+        do {
+            r = (n1 % n2);
+            q = (n1 - r) / n2;
+            if (r == 0) {
+                if (b2 < 0)
+                    b2 = 0x10001 + b2;
+            } else {
+                n1 = n2;
+                n2 = r;
+                t = b2;
+                b2 = b1 - q * b2;
+                b1 = t;
+            }
+        } while (r != 0);
+    }
+    return ((IDEA_INT) b2);
+}
diff --git a/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c b/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c
index 1fb741d2..d9851e97 100644
--- a/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c
+++ b/Cryptlib/OpenSSL/crypto/krb5/krb5_asn.c
@@ -1,7 +1,8 @@
 /* krb5_asn.c */
-/* Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project,
-** using ocsp/{*.h,*asn*.c} as a starting point
-*/
+/*
+ * Written by Vern Staats <staatsvr@asc.hpc.mil> for the OpenSSL project, **
+ * using ocsp/{*.h,*asn*.c} as a starting point
+ */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
  *
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,107 +62,101 @@
 
 
 ASN1_SEQUENCE(KRB5_ENCDATA) = {
-	ASN1_EXP(KRB5_ENCDATA, etype,		ASN1_INTEGER,	  0),
-	ASN1_EXP_OPT(KRB5_ENCDATA, kvno,	ASN1_INTEGER,	  1),
-	ASN1_EXP(KRB5_ENCDATA, cipher,		ASN1_OCTET_STRING,2)
+        ASN1_EXP(KRB5_ENCDATA, etype,           ASN1_INTEGER,     0),
+        ASN1_EXP_OPT(KRB5_ENCDATA, kvno,        ASN1_INTEGER,     1),
+        ASN1_EXP(KRB5_ENCDATA, cipher,          ASN1_OCTET_STRING,2)
 } ASN1_SEQUENCE_END(KRB5_ENCDATA)
 
 IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCDATA)
 
 
 ASN1_SEQUENCE(KRB5_PRINCNAME) = {
-	ASN1_EXP(KRB5_PRINCNAME, nametype,	ASN1_INTEGER,	  0),
-	ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1)
+        ASN1_EXP(KRB5_PRINCNAME, nametype,      ASN1_INTEGER,     0),
+        ASN1_EXP_SEQUENCE_OF(KRB5_PRINCNAME, namestring, ASN1_GENERALSTRING, 1)
 } ASN1_SEQUENCE_END(KRB5_PRINCNAME)
 
 IMPLEMENT_ASN1_FUNCTIONS(KRB5_PRINCNAME)
 
-
 /* [APPLICATION 1] = 0x61 */
 ASN1_SEQUENCE(KRB5_TKTBODY) = {
-	ASN1_EXP(KRB5_TKTBODY, tktvno,		ASN1_INTEGER,	  0),
-	ASN1_EXP(KRB5_TKTBODY, realm, 		ASN1_GENERALSTRING, 1),
-	ASN1_EXP(KRB5_TKTBODY, sname,		KRB5_PRINCNAME,	  2),
-	ASN1_EXP(KRB5_TKTBODY, encdata,		KRB5_ENCDATA,	  3)
+        ASN1_EXP(KRB5_TKTBODY, tktvno,          ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_TKTBODY, realm,           ASN1_GENERALSTRING, 1),
+        ASN1_EXP(KRB5_TKTBODY, sname,           KRB5_PRINCNAME,   2),
+        ASN1_EXP(KRB5_TKTBODY, encdata,         KRB5_ENCDATA,     3)
 } ASN1_SEQUENCE_END(KRB5_TKTBODY)
 
 IMPLEMENT_ASN1_FUNCTIONS(KRB5_TKTBODY)
 
 
-ASN1_ITEM_TEMPLATE(KRB5_TICKET) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1,
-			KRB5_TICKET, KRB5_TKTBODY)
+ASN1_ITEM_TEMPLATE(KRB5_TICKET) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 1,
+                        KRB5_TICKET, KRB5_TKTBODY)
 ASN1_ITEM_TEMPLATE_END(KRB5_TICKET)
 
 IMPLEMENT_ASN1_FUNCTIONS(KRB5_TICKET)
 
-
 /* [APPLICATION 14] = 0x6e */
 ASN1_SEQUENCE(KRB5_APREQBODY) = {
-	ASN1_EXP(KRB5_APREQBODY, pvno,		ASN1_INTEGER,	  0),
-	ASN1_EXP(KRB5_APREQBODY, msgtype,	ASN1_INTEGER,	  1),
-	ASN1_EXP(KRB5_APREQBODY, apoptions,	ASN1_BIT_STRING,  2),
-	ASN1_EXP(KRB5_APREQBODY, ticket, 	KRB5_TICKET,	  3),
-	ASN1_EXP(KRB5_APREQBODY, authenticator,	KRB5_ENCDATA,	  4),
+        ASN1_EXP(KRB5_APREQBODY, pvno,          ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_APREQBODY, msgtype,       ASN1_INTEGER,     1),
+        ASN1_EXP(KRB5_APREQBODY, apoptions,     ASN1_BIT_STRING,  2),
+        ASN1_EXP(KRB5_APREQBODY, ticket,        KRB5_TICKET,      3),
+        ASN1_EXP(KRB5_APREQBODY, authenticator, KRB5_ENCDATA,     4),
 } ASN1_SEQUENCE_END(KRB5_APREQBODY)
 
 IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQBODY)
 
-ASN1_ITEM_TEMPLATE(KRB5_APREQ) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14,
-			KRB5_APREQ, KRB5_APREQBODY)
+ASN1_ITEM_TEMPLATE(KRB5_APREQ) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 14,
+                        KRB5_APREQ, KRB5_APREQBODY)
 ASN1_ITEM_TEMPLATE_END(KRB5_APREQ)
 
 IMPLEMENT_ASN1_FUNCTIONS(KRB5_APREQ)
 
-
-/*  Authenticator stuff 	*/
+/*  Authenticator stuff         */
 
 ASN1_SEQUENCE(KRB5_CHECKSUM) = {
-	ASN1_EXP(KRB5_CHECKSUM, ctype,		ASN1_INTEGER,	  0),
-	ASN1_EXP(KRB5_CHECKSUM, checksum,	ASN1_OCTET_STRING,1)
+        ASN1_EXP(KRB5_CHECKSUM, ctype,          ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_CHECKSUM, checksum,       ASN1_OCTET_STRING,1)
 } ASN1_SEQUENCE_END(KRB5_CHECKSUM)
 
 IMPLEMENT_ASN1_FUNCTIONS(KRB5_CHECKSUM)
 
 
 ASN1_SEQUENCE(KRB5_ENCKEY) = {
-	ASN1_EXP(KRB5_ENCKEY,	ktype,		ASN1_INTEGER,	  0),
-	ASN1_EXP(KRB5_ENCKEY,	keyvalue,	ASN1_OCTET_STRING,1)
+        ASN1_EXP(KRB5_ENCKEY,   ktype,          ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_ENCKEY,   keyvalue,       ASN1_OCTET_STRING,1)
 } ASN1_SEQUENCE_END(KRB5_ENCKEY)
 
 IMPLEMENT_ASN1_FUNCTIONS(KRB5_ENCKEY)
 
-
 /* SEQ OF SEQ; see ASN1_EXP_SEQUENCE_OF_OPT() below */
 ASN1_SEQUENCE(KRB5_AUTHDATA) = {
-	ASN1_EXP(KRB5_AUTHDATA,	adtype,		ASN1_INTEGER,	  0),
-	ASN1_EXP(KRB5_AUTHDATA,	addata, 	ASN1_OCTET_STRING,1)
+        ASN1_EXP(KRB5_AUTHDATA, adtype,         ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_AUTHDATA, addata,         ASN1_OCTET_STRING,1)
 } ASN1_SEQUENCE_END(KRB5_AUTHDATA)
 
 IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHDATA)
 
-
 /* [APPLICATION 2] = 0x62 */
 ASN1_SEQUENCE(KRB5_AUTHENTBODY) = {
-	ASN1_EXP(KRB5_AUTHENTBODY,	avno,	ASN1_INTEGER,	  0),
-	ASN1_EXP(KRB5_AUTHENTBODY,	crealm,	ASN1_GENERALSTRING, 1),
-	ASN1_EXP(KRB5_AUTHENTBODY,	cname,	KRB5_PRINCNAME,	  2),
-	ASN1_EXP_OPT(KRB5_AUTHENTBODY,	cksum,	KRB5_CHECKSUM,	  3),
-	ASN1_EXP(KRB5_AUTHENTBODY,	cusec,	ASN1_INTEGER,	  4),
-	ASN1_EXP(KRB5_AUTHENTBODY,	ctime,	ASN1_GENERALIZEDTIME, 5),
-	ASN1_EXP_OPT(KRB5_AUTHENTBODY,	subkey,	KRB5_ENCKEY,	  6),
-	ASN1_EXP_OPT(KRB5_AUTHENTBODY,	seqnum,	ASN1_INTEGER,	  7),
-	ASN1_EXP_SEQUENCE_OF_OPT
-		    (KRB5_AUTHENTBODY,	authorization,	KRB5_AUTHDATA, 8),
+        ASN1_EXP(KRB5_AUTHENTBODY,      avno,   ASN1_INTEGER,     0),
+        ASN1_EXP(KRB5_AUTHENTBODY,      crealm, ASN1_GENERALSTRING, 1),
+        ASN1_EXP(KRB5_AUTHENTBODY,      cname,  KRB5_PRINCNAME,   2),
+        ASN1_EXP_OPT(KRB5_AUTHENTBODY,  cksum,  KRB5_CHECKSUM,    3),
+        ASN1_EXP(KRB5_AUTHENTBODY,      cusec,  ASN1_INTEGER,     4),
+        ASN1_EXP(KRB5_AUTHENTBODY,      ctime,  ASN1_GENERALIZEDTIME, 5),
+        ASN1_EXP_OPT(KRB5_AUTHENTBODY,  subkey, KRB5_ENCKEY,      6),
+        ASN1_EXP_OPT(KRB5_AUTHENTBODY,  seqnum, ASN1_INTEGER,     7),
+        ASN1_EXP_SEQUENCE_OF_OPT
+                    (KRB5_AUTHENTBODY,  authorization,  KRB5_AUTHDATA, 8),
 } ASN1_SEQUENCE_END(KRB5_AUTHENTBODY)
 
 IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENTBODY)
 
-ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2,
-			KRB5_AUTHENT, KRB5_AUTHENTBODY)
+ASN1_ITEM_TEMPLATE(KRB5_AUTHENT) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION, 2,
+                        KRB5_AUTHENT, KRB5_AUTHENTBODY)
 ASN1_ITEM_TEMPLATE_END(KRB5_AUTHENT)
 
 IMPLEMENT_ASN1_FUNCTIONS(KRB5_AUTHENT)
-
diff --git a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c
index 5aa7766a..2e87a462 100644
--- a/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c
+++ b/Cryptlib/OpenSSL/crypto/lhash/lh_stats.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,190 +59,188 @@
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-/* If you wish to build this outside of SSLeay, remove the following lines
- * and things should work as expected */
+/*
+ * If you wish to build this outside of SSLeay, remove the following lines
+ * and things should work as expected
+ */
 #include "cryptlib.h"
 
 #ifndef OPENSSL_NO_BIO
-#include <openssl/bio.h>
+# include <openssl/bio.h>
 #endif
 #include <openssl/lhash.h>
 
 #ifdef OPENSSL_NO_BIO
 
 void lh_stats(LHASH *lh, FILE *out)
-	{
-	fprintf(out,"num_items             = %lu\n",lh->num_items);
-	fprintf(out,"num_nodes             = %u\n",lh->num_nodes);
-	fprintf(out,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
-	fprintf(out,"num_expands           = %lu\n",lh->num_expands);
-	fprintf(out,"num_expand_reallocs   = %lu\n",lh->num_expand_reallocs);
-	fprintf(out,"num_contracts         = %lu\n",lh->num_contracts);
-	fprintf(out,"num_contract_reallocs = %lu\n",lh->num_contract_reallocs);
-	fprintf(out,"num_hash_calls        = %lu\n",lh->num_hash_calls);
-	fprintf(out,"num_comp_calls        = %lu\n",lh->num_comp_calls);
-	fprintf(out,"num_insert            = %lu\n",lh->num_insert);
-	fprintf(out,"num_replace           = %lu\n",lh->num_replace);
-	fprintf(out,"num_delete            = %lu\n",lh->num_delete);
-	fprintf(out,"num_no_delete         = %lu\n",lh->num_no_delete);
-	fprintf(out,"num_retrieve          = %lu\n",lh->num_retrieve);
-	fprintf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
-	fprintf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);
-#if 0
-	fprintf(out,"p                     = %u\n",lh->p);
-	fprintf(out,"pmax                  = %u\n",lh->pmax);
-	fprintf(out,"up_load               = %lu\n",lh->up_load);
-	fprintf(out,"down_load             = %lu\n",lh->down_load);
-#endif
-	}
+{
+    fprintf(out, "num_items             = %lu\n", lh->num_items);
+    fprintf(out, "num_nodes             = %u\n", lh->num_nodes);
+    fprintf(out, "num_alloc_nodes       = %u\n", lh->num_alloc_nodes);
+    fprintf(out, "num_expands           = %lu\n", lh->num_expands);
+    fprintf(out, "num_expand_reallocs   = %lu\n", lh->num_expand_reallocs);
+    fprintf(out, "num_contracts         = %lu\n", lh->num_contracts);
+    fprintf(out, "num_contract_reallocs = %lu\n", lh->num_contract_reallocs);
+    fprintf(out, "num_hash_calls        = %lu\n", lh->num_hash_calls);
+    fprintf(out, "num_comp_calls        = %lu\n", lh->num_comp_calls);
+    fprintf(out, "num_insert            = %lu\n", lh->num_insert);
+    fprintf(out, "num_replace           = %lu\n", lh->num_replace);
+    fprintf(out, "num_delete            = %lu\n", lh->num_delete);
+    fprintf(out, "num_no_delete         = %lu\n", lh->num_no_delete);
+    fprintf(out, "num_retrieve          = %lu\n", lh->num_retrieve);
+    fprintf(out, "num_retrieve_miss     = %lu\n", lh->num_retrieve_miss);
+    fprintf(out, "num_hash_comps        = %lu\n", lh->num_hash_comps);
+# if 0
+    fprintf(out, "p                     = %u\n", lh->p);
+    fprintf(out, "pmax                  = %u\n", lh->pmax);
+    fprintf(out, "up_load               = %lu\n", lh->up_load);
+    fprintf(out, "down_load             = %lu\n", lh->down_load);
+# endif
+}
 
 void lh_node_stats(LHASH *lh, FILE *out)
-	{
-	LHASH_NODE *n;
-	unsigned int i,num;
-
-	for (i=0; i<lh->num_nodes; i++)
-		{
-		for (n=lh->b[i],num=0; n != NULL; n=n->next)
-			num++;
-		fprintf(out,"node %6u -> %3u\n",i,num);
-		}
-	}
+{
+    LHASH_NODE *n;
+    unsigned int i, num;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+            num++;
+        fprintf(out, "node %6u -> %3u\n", i, num);
+    }
+}
 
 void lh_node_usage_stats(LHASH *lh, FILE *out)
-	{
-	LHASH_NODE *n;
-	unsigned long num;
-	unsigned int i;
-	unsigned long total=0,n_used=0;
-
-	for (i=0; i<lh->num_nodes; i++)
-		{
-		for (n=lh->b[i],num=0; n != NULL; n=n->next)
-			num++;
-		if (num != 0)
-			{
-			n_used++;
-			total+=num;
-			}
-		}
-	fprintf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
-	fprintf(out,"%lu items\n",total);
-	if (n_used == 0) return;
-	fprintf(out,"load %d.%02d  actual load %d.%02d\n",
-		(int)(total/lh->num_nodes),
-		(int)((total%lh->num_nodes)*100/lh->num_nodes),
-		(int)(total/n_used),
-		(int)((total%n_used)*100/n_used));
-	}
+{
+    LHASH_NODE *n;
+    unsigned long num;
+    unsigned int i;
+    unsigned long total = 0, n_used = 0;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+            num++;
+        if (num != 0) {
+            n_used++;
+            total += num;
+        }
+    }
+    fprintf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes);
+    fprintf(out, "%lu items\n", total);
+    if (n_used == 0)
+        return;
+    fprintf(out, "load %d.%02d  actual load %d.%02d\n",
+            (int)(total / lh->num_nodes),
+            (int)((total % lh->num_nodes) * 100 / lh->num_nodes),
+            (int)(total / n_used), (int)((total % n_used) * 100 / n_used));
+}
 
 #else
 
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 void lh_stats(const LHASH *lh, FILE *fp)
-	{
-	BIO *bp;
-
-	bp=BIO_new(BIO_s_file());
-	if (bp == NULL) goto end;
-	BIO_set_fp(bp,fp,BIO_NOCLOSE);
-	lh_stats_bio(lh,bp);
-	BIO_free(bp);
-end:;
-	}
+{
+    BIO *bp;
+
+    bp = BIO_new(BIO_s_file());
+    if (bp == NULL)
+        goto end;
+    BIO_set_fp(bp, fp, BIO_NOCLOSE);
+    lh_stats_bio(lh, bp);
+    BIO_free(bp);
+ end:;
+}
 
 void lh_node_stats(const LHASH *lh, FILE *fp)
-	{
-	BIO *bp;
-
-	bp=BIO_new(BIO_s_file());
-	if (bp == NULL) goto end;
-	BIO_set_fp(bp,fp,BIO_NOCLOSE);
-	lh_node_stats_bio(lh,bp);
-	BIO_free(bp);
-end:;
-	}
+{
+    BIO *bp;
+
+    bp = BIO_new(BIO_s_file());
+    if (bp == NULL)
+        goto end;
+    BIO_set_fp(bp, fp, BIO_NOCLOSE);
+    lh_node_stats_bio(lh, bp);
+    BIO_free(bp);
+ end:;
+}
 
 void lh_node_usage_stats(const LHASH *lh, FILE *fp)
-	{
-	BIO *bp;
+{
+    BIO *bp;
 
-	bp=BIO_new(BIO_s_file());
-	if (bp == NULL) goto end;
-	BIO_set_fp(bp,fp,BIO_NOCLOSE);
-	lh_node_usage_stats_bio(lh,bp);
-	BIO_free(bp);
-end:;
-	}
+    bp = BIO_new(BIO_s_file());
+    if (bp == NULL)
+        goto end;
+    BIO_set_fp(bp, fp, BIO_NOCLOSE);
+    lh_node_usage_stats_bio(lh, bp);
+    BIO_free(bp);
+ end:;
+}
 
-#endif
+# endif
 
 void lh_stats_bio(const LHASH *lh, BIO *out)
-	{
-	BIO_printf(out,"num_items             = %lu\n",lh->num_items);
-	BIO_printf(out,"num_nodes             = %u\n",lh->num_nodes);
-	BIO_printf(out,"num_alloc_nodes       = %u\n",lh->num_alloc_nodes);
-	BIO_printf(out,"num_expands           = %lu\n",lh->num_expands);
-	BIO_printf(out,"num_expand_reallocs   = %lu\n",
-		   lh->num_expand_reallocs);
-	BIO_printf(out,"num_contracts         = %lu\n",lh->num_contracts);
-	BIO_printf(out,"num_contract_reallocs = %lu\n",
-		   lh->num_contract_reallocs);
-	BIO_printf(out,"num_hash_calls        = %lu\n",lh->num_hash_calls);
-	BIO_printf(out,"num_comp_calls        = %lu\n",lh->num_comp_calls);
-	BIO_printf(out,"num_insert            = %lu\n",lh->num_insert);
-	BIO_printf(out,"num_replace           = %lu\n",lh->num_replace);
-	BIO_printf(out,"num_delete            = %lu\n",lh->num_delete);
-	BIO_printf(out,"num_no_delete         = %lu\n",lh->num_no_delete);
-	BIO_printf(out,"num_retrieve          = %lu\n",lh->num_retrieve);
-	BIO_printf(out,"num_retrieve_miss     = %lu\n",lh->num_retrieve_miss);
-	BIO_printf(out,"num_hash_comps        = %lu\n",lh->num_hash_comps);
-#if 0
-	BIO_printf(out,"p                     = %u\n",lh->p);
-	BIO_printf(out,"pmax                  = %u\n",lh->pmax);
-	BIO_printf(out,"up_load               = %lu\n",lh->up_load);
-	BIO_printf(out,"down_load             = %lu\n",lh->down_load);
-#endif
-	}
+{
+    BIO_printf(out, "num_items             = %lu\n", lh->num_items);
+    BIO_printf(out, "num_nodes             = %u\n", lh->num_nodes);
+    BIO_printf(out, "num_alloc_nodes       = %u\n", lh->num_alloc_nodes);
+    BIO_printf(out, "num_expands           = %lu\n", lh->num_expands);
+    BIO_printf(out, "num_expand_reallocs   = %lu\n", lh->num_expand_reallocs);
+    BIO_printf(out, "num_contracts         = %lu\n", lh->num_contracts);
+    BIO_printf(out, "num_contract_reallocs = %lu\n",
+               lh->num_contract_reallocs);
+    BIO_printf(out, "num_hash_calls        = %lu\n", lh->num_hash_calls);
+    BIO_printf(out, "num_comp_calls        = %lu\n", lh->num_comp_calls);
+    BIO_printf(out, "num_insert            = %lu\n", lh->num_insert);
+    BIO_printf(out, "num_replace           = %lu\n", lh->num_replace);
+    BIO_printf(out, "num_delete            = %lu\n", lh->num_delete);
+    BIO_printf(out, "num_no_delete         = %lu\n", lh->num_no_delete);
+    BIO_printf(out, "num_retrieve          = %lu\n", lh->num_retrieve);
+    BIO_printf(out, "num_retrieve_miss     = %lu\n", lh->num_retrieve_miss);
+    BIO_printf(out, "num_hash_comps        = %lu\n", lh->num_hash_comps);
+# if 0
+    BIO_printf(out, "p                     = %u\n", lh->p);
+    BIO_printf(out, "pmax                  = %u\n", lh->pmax);
+    BIO_printf(out, "up_load               = %lu\n", lh->up_load);
+    BIO_printf(out, "down_load             = %lu\n", lh->down_load);
+# endif
+}
 
 void lh_node_stats_bio(const LHASH *lh, BIO *out)
-	{
-	LHASH_NODE *n;
-	unsigned int i,num;
-
-	for (i=0; i<lh->num_nodes; i++)
-		{
-		for (n=lh->b[i],num=0; n != NULL; n=n->next)
-			num++;
-		BIO_printf(out,"node %6u -> %3u\n",i,num);
-		}
-	}
+{
+    LHASH_NODE *n;
+    unsigned int i, num;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+            num++;
+        BIO_printf(out, "node %6u -> %3u\n", i, num);
+    }
+}
 
 void lh_node_usage_stats_bio(const LHASH *lh, BIO *out)
-	{
-	LHASH_NODE *n;
-	unsigned long num;
-	unsigned int i;
-	unsigned long total=0,n_used=0;
-
-	for (i=0; i<lh->num_nodes; i++)
-		{
-		for (n=lh->b[i],num=0; n != NULL; n=n->next)
-			num++;
-		if (num != 0)
-			{
-			n_used++;
-			total+=num;
-			}
-		}
-	BIO_printf(out,"%lu nodes used out of %u\n",n_used,lh->num_nodes);
-	BIO_printf(out,"%lu items\n",total);
-	if (n_used == 0) return;
-	BIO_printf(out,"load %d.%02d  actual load %d.%02d\n",
-		   (int)(total/lh->num_nodes),
-		   (int)((total%lh->num_nodes)*100/lh->num_nodes),
-		   (int)(total/n_used),
-		   (int)((total%n_used)*100/n_used));
-	}
+{
+    LHASH_NODE *n;
+    unsigned long num;
+    unsigned int i;
+    unsigned long total = 0, n_used = 0;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        for (n = lh->b[i], num = 0; n != NULL; n = n->next)
+            num++;
+        if (num != 0) {
+            n_used++;
+            total += num;
+        }
+    }
+    BIO_printf(out, "%lu nodes used out of %u\n", n_used, lh->num_nodes);
+    BIO_printf(out, "%lu items\n", total);
+    if (n_used == 0)
+        return;
+    BIO_printf(out, "load %d.%02d  actual load %d.%02d\n",
+               (int)(total / lh->num_nodes),
+               (int)((total % lh->num_nodes) * 100 / lh->num_nodes),
+               (int)(total / n_used), (int)((total % n_used) * 100 / n_used));
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/lhash/lhash.c b/Cryptlib/OpenSSL/crypto/lhash/lhash.c
index 0b41f876..d48fe562 100644
--- a/Cryptlib/OpenSSL/crypto/lhash/lhash.c
+++ b/Cryptlib/OpenSSL/crypto/lhash/lhash.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,32 +49,33 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-/* Code for dynamic hash table routines
+/*-
+ * Code for dynamic hash table routines
  * Author - Eric Young v 2.0
  *
  * 2.2 eay - added #include "crypto.h" so the memory leak checking code is
- *	     present. eay 18-Jun-98
+ *           present. eay 18-Jun-98
  *
  * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98
  *
  * 2.0 eay - Fixed a bug that occurred when using lh_delete
- *	     from inside lh_doall().  As entries were deleted,
- *	     the 'table' was 'contract()ed', making some entries
- *	     jump from the end of the table to the start, there by
- *	     skipping the lh_doall() processing. eay - 4/12/95
+ *           from inside lh_doall().  As entries were deleted,
+ *           the 'table' was 'contract()ed', making some entries
+ *           jump from the end of the table to the start, there by
+ *           skipping the lh_doall() processing. eay - 4/12/95
  *
  * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs
- *	     were not being free()ed. 21/11/95
+ *           were not being free()ed. 21/11/95
  *
  * 1.8 eay - Put the stats routines into a separate file, lh_stats.c
- *	     19/09/95
+ *           19/09/95
  *
  * 1.7 eay - Removed the fputs() for realloc failures - the code
  *           should silently tolerate them.  I have also fixed things
@@ -100,375 +101,357 @@
 #include <openssl/crypto.h>
 #include <openssl/lhash.h>
 
-const char lh_version[]="lhash" OPENSSL_VERSION_PTEXT;
+const char lh_version[] = "lhash" OPENSSL_VERSION_PTEXT;
 
-#undef MIN_NODES 
-#define MIN_NODES	16
-#define UP_LOAD		(2*LH_LOAD_MULT) /* load times 256  (default 2) */
-#define DOWN_LOAD	(LH_LOAD_MULT)   /* load times 256  (default 1) */
+#undef MIN_NODES
+#define MIN_NODES       16
+#define UP_LOAD         (2*LH_LOAD_MULT) /* load times 256 (default 2) */
+#define DOWN_LOAD       (LH_LOAD_MULT) /* load times 256 (default 1) */
 
 static void expand(LHASH *lh);
 static void contract(LHASH *lh);
 static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash);
 
 LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c)
-	{
-	LHASH *ret;
-	int i;
-
-	if ((ret=(LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL)
-		goto err0;
-	if ((ret->b=(LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL)
-		goto err1;
-	for (i=0; i<MIN_NODES; i++)
-		ret->b[i]=NULL;
-	ret->comp=((c == NULL)?(LHASH_COMP_FN_TYPE)strcmp:c);
-	ret->hash=((h == NULL)?(LHASH_HASH_FN_TYPE)lh_strhash:h);
-	ret->num_nodes=MIN_NODES/2;
-	ret->num_alloc_nodes=MIN_NODES;
-	ret->p=0;
-	ret->pmax=MIN_NODES/2;
-	ret->up_load=UP_LOAD;
-	ret->down_load=DOWN_LOAD;
-	ret->num_items=0;
-
-	ret->num_expands=0;
-	ret->num_expand_reallocs=0;
-	ret->num_contracts=0;
-	ret->num_contract_reallocs=0;
-	ret->num_hash_calls=0;
-	ret->num_comp_calls=0;
-	ret->num_insert=0;
-	ret->num_replace=0;
-	ret->num_delete=0;
-	ret->num_no_delete=0;
-	ret->num_retrieve=0;
-	ret->num_retrieve_miss=0;
-	ret->num_hash_comps=0;
-
-	ret->error=0;
-	return(ret);
-err1:
-	OPENSSL_free(ret);
-err0:
-	return(NULL);
-	}
+{
+    LHASH *ret;
+    int i;
+
+    if ((ret = (LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL)
+        goto err0;
+    if ((ret->b =
+         (LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *) * MIN_NODES)) ==
+        NULL)
+        goto err1;
+    for (i = 0; i < MIN_NODES; i++)
+        ret->b[i] = NULL;
+    ret->comp = ((c == NULL) ? (LHASH_COMP_FN_TYPE)strcmp : c);
+    ret->hash = ((h == NULL) ? (LHASH_HASH_FN_TYPE)lh_strhash : h);
+    ret->num_nodes = MIN_NODES / 2;
+    ret->num_alloc_nodes = MIN_NODES;
+    ret->p = 0;
+    ret->pmax = MIN_NODES / 2;
+    ret->up_load = UP_LOAD;
+    ret->down_load = DOWN_LOAD;
+    ret->num_items = 0;
+
+    ret->num_expands = 0;
+    ret->num_expand_reallocs = 0;
+    ret->num_contracts = 0;
+    ret->num_contract_reallocs = 0;
+    ret->num_hash_calls = 0;
+    ret->num_comp_calls = 0;
+    ret->num_insert = 0;
+    ret->num_replace = 0;
+    ret->num_delete = 0;
+    ret->num_no_delete = 0;
+    ret->num_retrieve = 0;
+    ret->num_retrieve_miss = 0;
+    ret->num_hash_comps = 0;
+
+    ret->error = 0;
+    return (ret);
+ err1:
+    OPENSSL_free(ret);
+ err0:
+    return (NULL);
+}
 
 void lh_free(LHASH *lh)
-	{
-	unsigned int i;
-	LHASH_NODE *n,*nn;
-
-	if (lh == NULL)
-	    return;
-
-	for (i=0; i<lh->num_nodes; i++)
-		{
-		n=lh->b[i];
-		while (n != NULL)
-			{
-			nn=n->next;
-			OPENSSL_free(n);
-			n=nn;
-			}
-		}
-	OPENSSL_free(lh->b);
-	OPENSSL_free(lh);
-	}
+{
+    unsigned int i;
+    LHASH_NODE *n, *nn;
+
+    if (lh == NULL)
+        return;
+
+    for (i = 0; i < lh->num_nodes; i++) {
+        n = lh->b[i];
+        while (n != NULL) {
+            nn = n->next;
+            OPENSSL_free(n);
+            n = nn;
+        }
+    }
+    OPENSSL_free(lh->b);
+    OPENSSL_free(lh);
+}
 
 void *lh_insert(LHASH *lh, void *data)
-	{
-	unsigned long hash;
-	LHASH_NODE *nn,**rn;
-	void *ret;
-
-	lh->error=0;
-	if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))
-		expand(lh);
-
-	rn=getrn(lh,data,&hash);
-
-	if (*rn == NULL)
-		{
-		if ((nn=(LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL)
-			{
-			lh->error++;
-			return(NULL);
-			}
-		nn->data=data;
-		nn->next=NULL;
+{
+    unsigned long hash;
+    LHASH_NODE *nn, **rn;
+    void *ret;
+
+    lh->error = 0;
+    if (lh->up_load <= (lh->num_items * LH_LOAD_MULT / lh->num_nodes))
+        expand(lh);
+
+    rn = getrn(lh, data, &hash);
+
+    if (*rn == NULL) {
+        if ((nn = (LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL) {
+            lh->error++;
+            return (NULL);
+        }
+        nn->data = data;
+        nn->next = NULL;
 #ifndef OPENSSL_NO_HASH_COMP
-		nn->hash=hash;
+        nn->hash = hash;
 #endif
-		*rn=nn;
-		ret=NULL;
-		lh->num_insert++;
-		lh->num_items++;
-		}
-	else /* replace same key */
-		{
-		ret= (*rn)->data;
-		(*rn)->data=data;
-		lh->num_replace++;
-		}
-	return(ret);
-	}
+        *rn = nn;
+        ret = NULL;
+        lh->num_insert++;
+        lh->num_items++;
+    } else {                    /* replace same key */
+
+        ret = (*rn)->data;
+        (*rn)->data = data;
+        lh->num_replace++;
+    }
+    return (ret);
+}
 
 void *lh_delete(LHASH *lh, const void *data)
-	{
-	unsigned long hash;
-	LHASH_NODE *nn,**rn;
-	void *ret;
-
-	lh->error=0;
-	rn=getrn(lh,data,&hash);
-
-	if (*rn == NULL)
-		{
-		lh->num_no_delete++;
-		return(NULL);
-		}
-	else
-		{
-		nn= *rn;
-		*rn=nn->next;
-		ret=nn->data;
-		OPENSSL_free(nn);
-		lh->num_delete++;
-		}
-
-	lh->num_items--;
-	if ((lh->num_nodes > MIN_NODES) &&
-		(lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)))
-		contract(lh);
-
-	return(ret);
-	}
+{
+    unsigned long hash;
+    LHASH_NODE *nn, **rn;
+    void *ret;
+
+    lh->error = 0;
+    rn = getrn(lh, data, &hash);
+
+    if (*rn == NULL) {
+        lh->num_no_delete++;
+        return (NULL);
+    } else {
+        nn = *rn;
+        *rn = nn->next;
+        ret = nn->data;
+        OPENSSL_free(nn);
+        lh->num_delete++;
+    }
+
+    lh->num_items--;
+    if ((lh->num_nodes > MIN_NODES) &&
+        (lh->down_load >= (lh->num_items * LH_LOAD_MULT / lh->num_nodes)))
+        contract(lh);
+
+    return (ret);
+}
 
 void *lh_retrieve(LHASH *lh, const void *data)
-	{
-	unsigned long hash;
-	LHASH_NODE **rn;
-	void *ret;
-
-	lh->error=0;
-	rn=getrn(lh,data,&hash);
-
-	if (*rn == NULL)
-		{
-		lh->num_retrieve_miss++;
-		return(NULL);
-		}
-	else
-		{
-		ret= (*rn)->data;
-		lh->num_retrieve++;
-		}
-	return(ret);
-	}
+{
+    unsigned long hash;
+    LHASH_NODE **rn;
+    void *ret;
+
+    lh->error = 0;
+    rn = getrn(lh, data, &hash);
+
+    if (*rn == NULL) {
+        lh->num_retrieve_miss++;
+        return (NULL);
+    } else {
+        ret = (*rn)->data;
+        lh->num_retrieve++;
+    }
+    return (ret);
+}
 
 static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func,
-			  LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg)
-	{
-	int i;
-	LHASH_NODE *a,*n;
-
-	/* reverse the order so we search from 'top to bottom'
-	 * We were having memory leaks otherwise */
-	for (i=lh->num_nodes-1; i>=0; i--)
-		{
-		a=lh->b[i];
-		while (a != NULL)
-			{
-			/* 28/05/91 - eay - n added so items can be deleted
-			 * via lh_doall */
-			n=a->next;
-			if(use_arg)
-				func_arg(a->data,arg);
-			else
-				func(a->data);
-			a=n;
-			}
-		}
-	}
+                          LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg)
+{
+    int i;
+    LHASH_NODE *a, *n;
+
+    /*
+     * reverse the order so we search from 'top to bottom' We were having
+     * memory leaks otherwise
+     */
+    for (i = lh->num_nodes - 1; i >= 0; i--) {
+        a = lh->b[i];
+        while (a != NULL) {
+            /*
+             * 28/05/91 - eay - n added so items can be deleted via lh_doall
+             */
+            n = a->next;
+            if (use_arg)
+                func_arg(a->data, arg);
+            else
+                func(a->data);
+            a = n;
+        }
+    }
+}
 
 void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func)
-	{
-	doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL);
-	}
+{
+    doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL);
+}
 
 void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg)
-	{
-	doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
-	}
+{
+    doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg);
+}
 
 static void expand(LHASH *lh)
-	{
-	LHASH_NODE **n,**n1,**n2,*np;
-	unsigned int p,i,j,pmax;
-	unsigned long hash,nni;
-
-	p=(int)lh->p++;
-	nni=lh->num_alloc_nodes;
-	pmax=lh->pmax;
-
-	if ((lh->p) >= lh->pmax)
-		{
-		j=(int)lh->num_alloc_nodes*2;
-		n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
-			(int)sizeof(LHASH_NODE *)*j);
-		if (n == NULL)
-			{
-/*			fputs("realloc error in lhash",stderr); */
-			lh->error++;
-			lh->p=0;
-			return;
-			}
-		/* else */
-		for (i=(int)lh->num_alloc_nodes; i<j; i++)/* 26/02/92 eay */
-			n[i]=NULL;			  /* 02/03/92 eay */
-		lh->pmax=lh->num_alloc_nodes;
-		lh->num_alloc_nodes=j;
-		lh->num_expand_reallocs++;
-		lh->p=0;
-		lh->b=n;
-		}
-
-	lh->num_nodes++;
-	lh->num_expands++;
-	n1= &(lh->b[p]);
-	n2= &(lh->b[p+pmax]);
-	*n2=NULL;        /* 27/07/92 - eay - undefined pointer bug */
-	
-	for (np= *n1; np != NULL; )
-		{
+{
+    LHASH_NODE **n, **n1, **n2, *np;
+    unsigned int p, i, j, pmax;
+    unsigned long hash, nni;
+
+    p = (int)lh->p++;
+    nni = lh->num_alloc_nodes;
+    pmax = lh->pmax;
+
+    if ((lh->p) >= lh->pmax) {
+        j = (int)lh->num_alloc_nodes * 2;
+        n = (LHASH_NODE **)OPENSSL_realloc(lh->b,
+                                           (int)sizeof(LHASH_NODE *) * j);
+        if (n == NULL) {
+/*                      fputs("realloc error in lhash",stderr); */
+            lh->error++;
+            lh->p = 0;
+            return;
+        }
+        /* else */
+        for (i = (int)lh->num_alloc_nodes; i < j; i++) /* 26/02/92 eay */
+            n[i] = NULL;        /* 02/03/92 eay */
+        lh->pmax = lh->num_alloc_nodes;
+        lh->num_alloc_nodes = j;
+        lh->num_expand_reallocs++;
+        lh->p = 0;
+        lh->b = n;
+    }
+
+    lh->num_nodes++;
+    lh->num_expands++;
+    n1 = &(lh->b[p]);
+    n2 = &(lh->b[p + pmax]);
+    *n2 = NULL;                 /* 27/07/92 - eay - undefined pointer bug */
+
+    for (np = *n1; np != NULL;) {
 #ifndef OPENSSL_NO_HASH_COMP
-		hash=np->hash;
+        hash = np->hash;
 #else
-		hash=lh->hash(np->data);
-		lh->num_hash_calls++;
+        hash = lh->hash(np->data);
+        lh->num_hash_calls++;
 #endif
-		if ((hash%nni) != p)
-			{ /* move it */
-			*n1= (*n1)->next;
-			np->next= *n2;
-			*n2=np;
-			}
-		else
-			n1= &((*n1)->next);
-		np= *n1;
-		}
-
-	}
+        if ((hash % nni) != p) { /* move it */
+            *n1 = (*n1)->next;
+            np->next = *n2;
+            *n2 = np;
+        } else
+            n1 = &((*n1)->next);
+        np = *n1;
+    }
+
+}
 
 static void contract(LHASH *lh)
-	{
-	LHASH_NODE **n,*n1,*np;
-	int idx = lh->p+lh->pmax-1;
-
-	np=lh->b[idx];
-	if (lh->p == 0)
-		{
-		n=(LHASH_NODE **)OPENSSL_realloc(lh->b,
-			(unsigned int)(sizeof(LHASH_NODE *)*lh->pmax));
-		if (n == NULL)
-			{
-/*			fputs("realloc error in lhash",stderr); */
-			lh->error++;
-			return;
-			}
-		lh->num_contract_reallocs++;
-		lh->num_alloc_nodes/=2;
-		lh->pmax/=2;
-		lh->p=lh->pmax-1;
-		lh->b=n;
-		}
-	else
-		lh->p--;
-
-	lh->b[idx] = NULL;
-	lh->num_nodes--;
-	lh->num_contracts++;
-
-	n1=lh->b[(int)lh->p];
-	if (n1 == NULL)
-		lh->b[(int)lh->p]=np;
-	else
-		{
-		while (n1->next != NULL)
-			n1=n1->next;
-		n1->next=np;
-		}
-	}
+{
+    LHASH_NODE **n, *n1, *np;
+    int idx = lh->p + lh->pmax - 1;
+
+    np = lh->b[idx];
+    if (lh->p == 0) {
+        n = (LHASH_NODE **)OPENSSL_realloc(lh->b,
+                                           (unsigned int)(sizeof(LHASH_NODE *)
+                                                          * lh->pmax));
+        if (n == NULL) {
+/*                      fputs("realloc error in lhash",stderr); */
+            lh->error++;
+            return;
+        }
+        lh->num_contract_reallocs++;
+        lh->num_alloc_nodes /= 2;
+        lh->pmax /= 2;
+        lh->p = lh->pmax - 1;
+        lh->b = n;
+    } else
+        lh->p--;
+
+    lh->b[idx] = NULL;
+    lh->num_nodes--;
+    lh->num_contracts++;
+
+    n1 = lh->b[(int)lh->p];
+    if (n1 == NULL)
+        lh->b[(int)lh->p] = np;
+    else {
+        while (n1->next != NULL)
+            n1 = n1->next;
+        n1->next = np;
+    }
+}
 
 static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash)
-	{
-	LHASH_NODE **ret,*n1;
-	unsigned long hash,nn;
-	LHASH_COMP_FN_TYPE cf;
-
-	hash=(*(lh->hash))(data);
-	lh->num_hash_calls++;
-	*rhash=hash;
-
-	nn=hash%lh->pmax;
-	if (nn < lh->p)
-		nn=hash%lh->num_alloc_nodes;
-
-	cf=lh->comp;
-	ret= &(lh->b[(int)nn]);
-	for (n1= *ret; n1 != NULL; n1=n1->next)
-		{
+{
+    LHASH_NODE **ret, *n1;
+    unsigned long hash, nn;
+    LHASH_COMP_FN_TYPE cf;
+
+    hash = (*(lh->hash)) (data);
+    lh->num_hash_calls++;
+    *rhash = hash;
+
+    nn = hash % lh->pmax;
+    if (nn < lh->p)
+        nn = hash % lh->num_alloc_nodes;
+
+    cf = lh->comp;
+    ret = &(lh->b[(int)nn]);
+    for (n1 = *ret; n1 != NULL; n1 = n1->next) {
 #ifndef OPENSSL_NO_HASH_COMP
-		lh->num_hash_comps++;
-		if (n1->hash != hash)
-			{
-			ret= &(n1->next);
-			continue;
-			}
+        lh->num_hash_comps++;
+        if (n1->hash != hash) {
+            ret = &(n1->next);
+            continue;
+        }
 #endif
-		lh->num_comp_calls++;
-		if(cf(n1->data,data) == 0)
-			break;
-		ret= &(n1->next);
-		}
-	return(ret);
-	}
-
-/* The following hash seems to work very well on normal text strings
- * no collisions on /usr/dict/words and it distributes on %2^n quite
- * well, not as good as MD5, but still good.
+        lh->num_comp_calls++;
+        if (cf(n1->data, data) == 0)
+            break;
+        ret = &(n1->next);
+    }
+    return (ret);
+}
+
+/*
+ * The following hash seems to work very well on normal text strings no
+ * collisions on /usr/dict/words and it distributes on %2^n quite well, not
+ * as good as MD5, but still good.
  */
 unsigned long lh_strhash(const char *c)
-	{
-	unsigned long ret=0;
-	long n;
-	unsigned long v;
-	int r;
-
-	if ((c == NULL) || (*c == '\0'))
-		return(ret);
-/*
-	unsigned char b[16];
-	MD5(c,strlen(c),b);
-	return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24)); 
+{
+    unsigned long ret = 0;
+    long n;
+    unsigned long v;
+    int r;
+
+    if ((c == NULL) || (*c == '\0'))
+        return (ret);
+/*-
+    unsigned char b[16];
+    MD5(c,strlen(c),b);
+    return(b[0]|(b[1]<<8)|(b[2]<<16)|(b[3]<<24));
 */
 
-	n=0x100;
-	while (*c)
-		{
-		v=n|(*c);
-		n+=0x100;
-		r= (int)((v>>2)^v)&0x0f;
-		ret=(ret<<r)|(ret>>(32-r));
-		ret&=0xFFFFFFFFL;
-		ret^=v*v;
-		c++;
-		}
-	return((ret>>16)^ret);
-	}
+    n = 0x100;
+    while (*c) {
+        v = n | (*c);
+        n += 0x100;
+        r = (int)((v >> 2) ^ v) & 0x0f;
+        ret = (ret << r) | (ret >> (32 - r));
+        ret &= 0xFFFFFFFFL;
+        ret ^= v * v;
+        c++;
+    }
+    return ((ret >> 16) ^ ret);
+}
 
 unsigned long lh_num_items(const LHASH *lh)
-	{
-	return lh ? lh->num_items : 0;
-	}
+{
+    return lh ? lh->num_items : 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c b/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c
index cc4eeaf7..75e74170 100644
--- a/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c
+++ b/Cryptlib/OpenSSL/crypto/md2/md2_dgst.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,170 +63,167 @@
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
 #include <openssl/err.h>
 
-const char MD2_version[]="MD2" OPENSSL_VERSION_PTEXT;
+const char MD2_version[] = "MD2" OPENSSL_VERSION_PTEXT;
 
-/* Implemented from RFC1319 The MD2 Message-Digest Algorithm
+/*
+ * Implemented from RFC1319 The MD2 Message-Digest Algorithm
  */
 
-#define UCHAR	unsigned char
+#define UCHAR   unsigned char
 
 static void md2_block(MD2_CTX *c, const unsigned char *d);
-/* The magic S table - I have converted it to hex since it is
- * basically just a random byte string. */
-static MD2_INT S[256]={
-	0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
-	0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
-	0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
-	0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA,
-	0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
-	0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,
-	0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49,
-	0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A,
-	0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,
-	0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
-	0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27,
-	0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,
-	0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1,
-	0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6,
-	0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
-	0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1,
-	0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20,
-	0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,
-	0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6,
-	0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
-	0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,
-	0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26,
-	0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09,
-	0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,
-	0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
-	0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A,
-	0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,
-	0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39,
-	0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4,
-	0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
-	0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A,
-	0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
-	};
+/*
+ * The magic S table - I have converted it to hex since it is basically just
+ * a random byte string.
+ */
+static MD2_INT S[256] = {
+    0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01,
+    0x3D, 0x36, 0x54, 0xA1, 0xEC, 0xF0, 0x06, 0x13,
+    0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
+    0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA,
+    0x1E, 0x9B, 0x57, 0x3C, 0xFD, 0xD4, 0xE0, 0x16,
+    0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,
+    0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49,
+    0xA0, 0xFB, 0xF5, 0x8E, 0xBB, 0x2F, 0xEE, 0x7A,
+    0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,
+    0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21,
+    0x80, 0x7F, 0x5D, 0x9A, 0x5A, 0x90, 0x32, 0x27,
+    0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,
+    0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1,
+    0xD7, 0x5E, 0x92, 0x2A, 0xAC, 0x56, 0xAA, 0xC6,
+    0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
+    0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1,
+    0x45, 0x9D, 0x70, 0x59, 0x64, 0x71, 0x87, 0x20,
+    0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,
+    0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6,
+    0x1C, 0x46, 0x61, 0x69, 0x34, 0x40, 0x7E, 0x0F,
+    0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,
+    0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26,
+    0x2C, 0x53, 0x0D, 0x6E, 0x85, 0x28, 0x84, 0x09,
+    0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,
+    0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA,
+    0x24, 0xE1, 0x7B, 0x08, 0x0C, 0xBD, 0xB1, 0x4A,
+    0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,
+    0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39,
+    0xF2, 0xEF, 0xB7, 0x0E, 0x66, 0x58, 0xD0, 0xE4,
+    0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
+    0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A,
+    0xDB, 0x99, 0x8D, 0x33, 0x9F, 0x11, 0x83, 0x14,
+};
 
 const char *MD2_options(void)
-	{
-	if (sizeof(MD2_INT) == 1)
-		return("md2(char)");
-	else
-		return("md2(int)");
-	}
+{
+    if (sizeof(MD2_INT) == 1)
+        return ("md2(char)");
+    else
+        return ("md2(int)");
+}
 
 FIPS_NON_FIPS_MD_Init(MD2)
-	{
-	c->num=0;
-	memset(c->state,0,sizeof c->state);
-	memset(c->cksm,0,sizeof c->cksm);
-	memset(c->data,0,sizeof c->data);
-	return 1;
-	}
+{
+    c->num = 0;
+    memset(c->state, 0, sizeof c->state);
+    memset(c->cksm, 0, sizeof c->cksm);
+    memset(c->data, 0, sizeof c->data);
+    return 1;
+}
 
 int MD2_Update(MD2_CTX *c, const unsigned char *data, size_t len)
-	{
-	register UCHAR *p;
-
-	if (len == 0) return 1;
-
-	p=c->data;
-	if (c->num != 0)
-		{
-		if ((c->num+len) >= MD2_BLOCK)
-			{
-			memcpy(&(p[c->num]),data,MD2_BLOCK-c->num);
-			md2_block(c,c->data);
-			data+=(MD2_BLOCK - c->num);
-			len-=(MD2_BLOCK - c->num);
-			c->num=0;
-			/* drop through and do the rest */
-			}
-		else
-			{
-			memcpy(&(p[c->num]),data,len);
-			/* data+=len; */
-			c->num+=(int)len;
-			return 1;
-			}
-		}
-	/* we now can process the input data in blocks of MD2_BLOCK
-	 * chars and save the leftovers to c->data. */
-	while (len >= MD2_BLOCK)
-		{
-		md2_block(c,data);
-		data+=MD2_BLOCK;
-		len-=MD2_BLOCK;
-		}
-	memcpy(p,data,len);
-	c->num=(int)len;
-	return 1;
-	}
+{
+    register UCHAR *p;
+
+    if (len == 0)
+        return 1;
+
+    p = c->data;
+    if (c->num != 0) {
+        if ((c->num + len) >= MD2_BLOCK) {
+            memcpy(&(p[c->num]), data, MD2_BLOCK - c->num);
+            md2_block(c, c->data);
+            data += (MD2_BLOCK - c->num);
+            len -= (MD2_BLOCK - c->num);
+            c->num = 0;
+            /* drop through and do the rest */
+        } else {
+            memcpy(&(p[c->num]), data, len);
+            /* data+=len; */
+            c->num += (int)len;
+            return 1;
+        }
+    }
+    /*
+     * we now can process the input data in blocks of MD2_BLOCK chars and
+     * save the leftovers to c->data.
+     */
+    while (len >= MD2_BLOCK) {
+        md2_block(c, data);
+        data += MD2_BLOCK;
+        len -= MD2_BLOCK;
+    }
+    memcpy(p, data, len);
+    c->num = (int)len;
+    return 1;
+}
 
 static void md2_block(MD2_CTX *c, const unsigned char *d)
-	{
-	register MD2_INT t,*sp1,*sp2;
-	register int i,j;
-	MD2_INT state[48];
-
-	sp1=c->state;
-	sp2=c->cksm;
-	j=sp2[MD2_BLOCK-1];
-	for (i=0; i<16; i++)
-		{
-		state[i]=sp1[i];
-		state[i+16]=t=d[i];
-		state[i+32]=(t^sp1[i]);
-		j=sp2[i]^=S[t^j];
-		}
-	t=0;
-	for (i=0; i<18; i++)
-		{
-		for (j=0; j<48; j+=8)
-			{
-			t= state[j+ 0]^=S[t];
-			t= state[j+ 1]^=S[t];
-			t= state[j+ 2]^=S[t];
-			t= state[j+ 3]^=S[t];
-			t= state[j+ 4]^=S[t];
-			t= state[j+ 5]^=S[t];
-			t= state[j+ 6]^=S[t];
-			t= state[j+ 7]^=S[t];
-			}
-		t=(t+i)&0xff;
-		}
-	memcpy(sp1,state,16*sizeof(MD2_INT));
-	OPENSSL_cleanse(state,48*sizeof(MD2_INT));
-	}
+{
+    register MD2_INT t, *sp1, *sp2;
+    register int i, j;
+    MD2_INT state[48];
+
+    sp1 = c->state;
+    sp2 = c->cksm;
+    j = sp2[MD2_BLOCK - 1];
+    for (i = 0; i < 16; i++) {
+        state[i] = sp1[i];
+        state[i + 16] = t = d[i];
+        state[i + 32] = (t ^ sp1[i]);
+        j = sp2[i] ^= S[t ^ j];
+    }
+    t = 0;
+    for (i = 0; i < 18; i++) {
+        for (j = 0; j < 48; j += 8) {
+            t = state[j + 0] ^= S[t];
+            t = state[j + 1] ^= S[t];
+            t = state[j + 2] ^= S[t];
+            t = state[j + 3] ^= S[t];
+            t = state[j + 4] ^= S[t];
+            t = state[j + 5] ^= S[t];
+            t = state[j + 6] ^= S[t];
+            t = state[j + 7] ^= S[t];
+        }
+        t = (t + i) & 0xff;
+    }
+    memcpy(sp1, state, 16 * sizeof(MD2_INT));
+    OPENSSL_cleanse(state, 48 * sizeof(MD2_INT));
+}
 
 int MD2_Final(unsigned char *md, MD2_CTX *c)
-	{
-	int i,v;
-	register UCHAR *cp;
-	register MD2_INT *p1,*p2;
-
-	cp=c->data;
-	p1=c->state;
-	p2=c->cksm;
-	v=MD2_BLOCK-c->num;
-	for (i=c->num; i<MD2_BLOCK; i++)
-		cp[i]=(UCHAR)v;
-
-	md2_block(c,cp);
-
-	for (i=0; i<MD2_BLOCK; i++)
-		cp[i]=(UCHAR)p2[i];
-	md2_block(c,cp);
-
-	for (i=0; i<16; i++)
-		md[i]=(UCHAR)(p1[i]&0xff);
-	memset((char *)&c,0,sizeof(c));
-	return 1;
-	}
-
+{
+    int i, v;
+    register UCHAR *cp;
+    register MD2_INT *p1, *p2;
+
+    cp = c->data;
+    p1 = c->state;
+    p2 = c->cksm;
+    v = MD2_BLOCK - c->num;
+    for (i = c->num; i < MD2_BLOCK; i++)
+        cp[i] = (UCHAR) v;
+
+    md2_block(c, cp);
+
+    for (i = 0; i < MD2_BLOCK; i++)
+        cp[i] = (UCHAR) p2[i];
+    md2_block(c, cp);
+
+    for (i = 0; i < 16; i++)
+        md[i] = (UCHAR) (p1[i] & 0xff);
+    memset((char *)&c, 0, sizeof(c));
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/md2/md2_one.c b/Cryptlib/OpenSSL/crypto/md2/md2_one.c
index f7fef5cc..cd2631b2 100644
--- a/Cryptlib/OpenSSL/crypto/md2/md2_one.c
+++ b/Cryptlib/OpenSSL/crypto/md2/md2_one.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,35 +60,37 @@
 #include "cryptlib.h"
 #include <openssl/md2.h>
 
-/* This is a separate file so that #defines in cryptlib.h can
- * map my MD functions to different names */
+/*
+ * This is a separate file so that #defines in cryptlib.h can map my MD
+ * functions to different names
+ */
 
 unsigned char *MD2(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	MD2_CTX c;
-	static unsigned char m[MD2_DIGEST_LENGTH];
+{
+    MD2_CTX c;
+    static unsigned char m[MD2_DIGEST_LENGTH];
 
-	if (md == NULL) md=m;
-	if (!MD2_Init(&c))
-		return NULL;
+    if (md == NULL)
+        md = m;
+    if (!MD2_Init(&c))
+        return NULL;
 #ifndef CHARSET_EBCDIC
-	MD2_Update(&c,d,n);
+    MD2_Update(&c, d, n);
 #else
-	{
-		char temp[1024];
-		unsigned long chunk;
+    {
+        char temp[1024];
+        unsigned long chunk;
 
-		while (n > 0)
-		{
-			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
-			ebcdic2ascii(temp, d, chunk);
-			MD2_Update(&c,temp,chunk);
-			n -= chunk;
-			d += chunk;
-		}
-	}
+        while (n > 0) {
+            chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+            ebcdic2ascii(temp, d, chunk);
+            MD2_Update(&c, temp, chunk);
+            n -= chunk;
+            d += chunk;
+        }
+    }
 #endif
-	MD2_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c));	/* Security consideration */
-	return(md);
-	}
+    MD2_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* Security consideration */
+    return (md);
+}
diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c
index 0f544860..584d9b82 100644
--- a/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c
+++ b/Cryptlib/OpenSSL/crypto/md4/md4_dgst.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,13 +61,13 @@
 #include <openssl/opensslv.h>
 #include <openssl/err.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
+const char MD4_version[] = "MD4" OPENSSL_VERSION_PTEXT;
 
-const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
-
-/* Implemented from RFC1186 The MD4 Message-Digest Algorithm
+/*
+ * Implemented from RFC1186 The MD4 Message-Digest Algorithm
  */
 
 #define INIT_DATA_A (unsigned long)0x67452301L
@@ -76,99 +76,129 @@ const char MD4_version[]="MD4" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_D (unsigned long)0x10325476L
 
 FIPS_NON_FIPS_MD_Init(MD4)
-	{
-	c->A=INIT_DATA_A;
-	c->B=INIT_DATA_B;
-	c->C=INIT_DATA_C;
-	c->D=INIT_DATA_D;
-	c->Nl=0;
-	c->Nh=0;
-	c->num=0;
-	return 1;
-	}
+{
+    c->A = INIT_DATA_A;
+    c->B = INIT_DATA_B;
+    c->C = INIT_DATA_C;
+    c->D = INIT_DATA_D;
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    return 1;
+}
 
 #ifndef md4_block_data_order
-#ifdef X
-#undef X
-#endif
-void md4_block_data_order (MD4_CTX *c, const void *data_, size_t num)
-	{
-	const unsigned char *data=data_;
-	register unsigned MD32_REG_T A,B,C,D,l;
-#ifndef MD32_XARRAY
-	/* See comment in crypto/sha/sha_locl.h for details. */
-	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-# define X(i)	XX##i
-#else
-	MD4_LONG XX[MD4_LBLOCK];
-# define X(i)	XX[i]
-#endif
+# ifdef X
+#  undef X
+# endif
+void md4_block_data_order(MD4_CTX *c, const void *data_, size_t num)
+{
+    const unsigned char *data = data_;
+    register unsigned MD32_REG_T A, B, C, D, l;
+# ifndef MD32_XARRAY
+    /* See comment in crypto/sha/sha_locl.h for details. */
+    unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+        XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+#  define X(i)   XX##i
+# else
+    MD4_LONG XX[MD4_LBLOCK];
+#  define X(i)   XX[i]
+# endif
 
-	A=c->A;
-	B=c->B;
-	C=c->C;
-	D=c->D;
+    A = c->A;
+    B = c->B;
+    C = c->C;
+    D = c->D;
 
-	for (;num--;)
-		{
-	HOST_c2l(data,l); X( 0)=l;		HOST_c2l(data,l); X( 1)=l;
-	/* Round 0 */
-	R0(A,B,C,D,X( 0), 3,0);	HOST_c2l(data,l); X( 2)=l;
-	R0(D,A,B,C,X( 1), 7,0);	HOST_c2l(data,l); X( 3)=l;
-	R0(C,D,A,B,X( 2),11,0);	HOST_c2l(data,l); X( 4)=l;
-	R0(B,C,D,A,X( 3),19,0);	HOST_c2l(data,l); X( 5)=l;
-	R0(A,B,C,D,X( 4), 3,0);	HOST_c2l(data,l); X( 6)=l;
-	R0(D,A,B,C,X( 5), 7,0);	HOST_c2l(data,l); X( 7)=l;
-	R0(C,D,A,B,X( 6),11,0);	HOST_c2l(data,l); X( 8)=l;
-	R0(B,C,D,A,X( 7),19,0);	HOST_c2l(data,l); X( 9)=l;
-	R0(A,B,C,D,X( 8), 3,0);	HOST_c2l(data,l); X(10)=l;
-	R0(D,A,B,C,X( 9), 7,0);	HOST_c2l(data,l); X(11)=l;
-	R0(C,D,A,B,X(10),11,0);	HOST_c2l(data,l); X(12)=l;
-	R0(B,C,D,A,X(11),19,0);	HOST_c2l(data,l); X(13)=l;
-	R0(A,B,C,D,X(12), 3,0);	HOST_c2l(data,l); X(14)=l;
-	R0(D,A,B,C,X(13), 7,0);	HOST_c2l(data,l); X(15)=l;
-	R0(C,D,A,B,X(14),11,0);
-	R0(B,C,D,A,X(15),19,0);
-	/* Round 1 */
-	R1(A,B,C,D,X( 0), 3,0x5A827999L);
-	R1(D,A,B,C,X( 4), 5,0x5A827999L);
-	R1(C,D,A,B,X( 8), 9,0x5A827999L);
-	R1(B,C,D,A,X(12),13,0x5A827999L);
-	R1(A,B,C,D,X( 1), 3,0x5A827999L);
-	R1(D,A,B,C,X( 5), 5,0x5A827999L);
-	R1(C,D,A,B,X( 9), 9,0x5A827999L);
-	R1(B,C,D,A,X(13),13,0x5A827999L);
-	R1(A,B,C,D,X( 2), 3,0x5A827999L);
-	R1(D,A,B,C,X( 6), 5,0x5A827999L);
-	R1(C,D,A,B,X(10), 9,0x5A827999L);
-	R1(B,C,D,A,X(14),13,0x5A827999L);
-	R1(A,B,C,D,X( 3), 3,0x5A827999L);
-	R1(D,A,B,C,X( 7), 5,0x5A827999L);
-	R1(C,D,A,B,X(11), 9,0x5A827999L);
-	R1(B,C,D,A,X(15),13,0x5A827999L);
-	/* Round 2 */
-	R2(A,B,C,D,X( 0), 3,0x6ED9EBA1L);
-	R2(D,A,B,C,X( 8), 9,0x6ED9EBA1L);
-	R2(C,D,A,B,X( 4),11,0x6ED9EBA1L);
-	R2(B,C,D,A,X(12),15,0x6ED9EBA1L);
-	R2(A,B,C,D,X( 2), 3,0x6ED9EBA1L);
-	R2(D,A,B,C,X(10), 9,0x6ED9EBA1L);
-	R2(C,D,A,B,X( 6),11,0x6ED9EBA1L);
-	R2(B,C,D,A,X(14),15,0x6ED9EBA1L);
-	R2(A,B,C,D,X( 1), 3,0x6ED9EBA1L);
-	R2(D,A,B,C,X( 9), 9,0x6ED9EBA1L);
-	R2(C,D,A,B,X( 5),11,0x6ED9EBA1L);
-	R2(B,C,D,A,X(13),15,0x6ED9EBA1L);
-	R2(A,B,C,D,X( 3), 3,0x6ED9EBA1L);
-	R2(D,A,B,C,X(11), 9,0x6ED9EBA1L);
-	R2(C,D,A,B,X( 7),11,0x6ED9EBA1L);
-	R2(B,C,D,A,X(15),15,0x6ED9EBA1L);
+    for (; num--;) {
+        HOST_c2l(data, l);
+        X(0) = l;
+        HOST_c2l(data, l);
+        X(1) = l;
+        /* Round 0 */
+        R0(A, B, C, D, X(0), 3, 0);
+        HOST_c2l(data, l);
+        X(2) = l;
+        R0(D, A, B, C, X(1), 7, 0);
+        HOST_c2l(data, l);
+        X(3) = l;
+        R0(C, D, A, B, X(2), 11, 0);
+        HOST_c2l(data, l);
+        X(4) = l;
+        R0(B, C, D, A, X(3), 19, 0);
+        HOST_c2l(data, l);
+        X(5) = l;
+        R0(A, B, C, D, X(4), 3, 0);
+        HOST_c2l(data, l);
+        X(6) = l;
+        R0(D, A, B, C, X(5), 7, 0);
+        HOST_c2l(data, l);
+        X(7) = l;
+        R0(C, D, A, B, X(6), 11, 0);
+        HOST_c2l(data, l);
+        X(8) = l;
+        R0(B, C, D, A, X(7), 19, 0);
+        HOST_c2l(data, l);
+        X(9) = l;
+        R0(A, B, C, D, X(8), 3, 0);
+        HOST_c2l(data, l);
+        X(10) = l;
+        R0(D, A, B, C, X(9), 7, 0);
+        HOST_c2l(data, l);
+        X(11) = l;
+        R0(C, D, A, B, X(10), 11, 0);
+        HOST_c2l(data, l);
+        X(12) = l;
+        R0(B, C, D, A, X(11), 19, 0);
+        HOST_c2l(data, l);
+        X(13) = l;
+        R0(A, B, C, D, X(12), 3, 0);
+        HOST_c2l(data, l);
+        X(14) = l;
+        R0(D, A, B, C, X(13), 7, 0);
+        HOST_c2l(data, l);
+        X(15) = l;
+        R0(C, D, A, B, X(14), 11, 0);
+        R0(B, C, D, A, X(15), 19, 0);
+        /* Round 1 */
+        R1(A, B, C, D, X(0), 3, 0x5A827999L);
+        R1(D, A, B, C, X(4), 5, 0x5A827999L);
+        R1(C, D, A, B, X(8), 9, 0x5A827999L);
+        R1(B, C, D, A, X(12), 13, 0x5A827999L);
+        R1(A, B, C, D, X(1), 3, 0x5A827999L);
+        R1(D, A, B, C, X(5), 5, 0x5A827999L);
+        R1(C, D, A, B, X(9), 9, 0x5A827999L);
+        R1(B, C, D, A, X(13), 13, 0x5A827999L);
+        R1(A, B, C, D, X(2), 3, 0x5A827999L);
+        R1(D, A, B, C, X(6), 5, 0x5A827999L);
+        R1(C, D, A, B, X(10), 9, 0x5A827999L);
+        R1(B, C, D, A, X(14), 13, 0x5A827999L);
+        R1(A, B, C, D, X(3), 3, 0x5A827999L);
+        R1(D, A, B, C, X(7), 5, 0x5A827999L);
+        R1(C, D, A, B, X(11), 9, 0x5A827999L);
+        R1(B, C, D, A, X(15), 13, 0x5A827999L);
+        /* Round 2 */
+        R2(A, B, C, D, X(0), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(8), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(4), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(12), 15, 0x6ED9EBA1L);
+        R2(A, B, C, D, X(2), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(10), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(6), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(14), 15, 0x6ED9EBA1L);
+        R2(A, B, C, D, X(1), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(9), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(5), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(13), 15, 0x6ED9EBA1L);
+        R2(A, B, C, D, X(3), 3, 0x6ED9EBA1L);
+        R2(D, A, B, C, X(11), 9, 0x6ED9EBA1L);
+        R2(C, D, A, B, X(7), 11, 0x6ED9EBA1L);
+        R2(B, C, D, A, X(15), 15, 0x6ED9EBA1L);
 
-	A = c->A += A;
-	B = c->B += B;
-	C = c->C += C;
-	D = c->D += D;
-		}
-	}
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+    }
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/md4/md4_one.c b/Cryptlib/OpenSSL/crypto/md4/md4_one.c
index bb643626..32ebd5fa 100644
--- a/Cryptlib/OpenSSL/crypto/md4/md4_one.c
+++ b/Cryptlib/OpenSSL/crypto/md4/md4_one.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,36 +62,35 @@
 #include <openssl/crypto.h>
 
 #ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
+# include <openssl/ebcdic.h>
 #endif
 
 unsigned char *MD4(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	MD4_CTX c;
-	static unsigned char m[MD4_DIGEST_LENGTH];
+{
+    MD4_CTX c;
+    static unsigned char m[MD4_DIGEST_LENGTH];
 
-	if (md == NULL) md=m;
-	if (!MD4_Init(&c))
-		return NULL;
+    if (md == NULL)
+        md = m;
+    if (!MD4_Init(&c))
+        return NULL;
 #ifndef CHARSET_EBCDIC
-	MD4_Update(&c,d,n);
+    MD4_Update(&c, d, n);
 #else
-	{
-		char temp[1024];
-		unsigned long chunk;
+    {
+        char temp[1024];
+        unsigned long chunk;
 
-		while (n > 0)
-		{
-			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
-			ebcdic2ascii(temp, d, chunk);
-			MD4_Update(&c,temp,chunk);
-			n -= chunk;
-			d += chunk;
-		}
-	}
+        while (n > 0) {
+            chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+            ebcdic2ascii(temp, d, chunk);
+            MD4_Update(&c, temp, chunk);
+            n -= chunk;
+            d += chunk;
+        }
+    }
 #endif
-	MD4_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
-	return(md);
-	}
-
+    MD4_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+    return (md);
+}
diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c
index 47bb9020..efebf9ed 100644
--- a/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c
+++ b/Cryptlib/OpenSSL/crypto/md5/md5_dgst.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,13 +61,13 @@
 #include <openssl/opensslv.h>
 #include <openssl/err.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
+const char MD5_version[] = "MD5" OPENSSL_VERSION_PTEXT;
 
-const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
-
-/* Implemented from RFC1321 The MD5 Message-Digest Algorithm
+/*
+ * Implemented from RFC1321 The MD5 Message-Digest Algorithm
  */
 
 #define INIT_DATA_A (unsigned long)0x67452301L
@@ -76,116 +76,146 @@ const char MD5_version[]="MD5" OPENSSL_VERSION_PTEXT;
 #define INIT_DATA_D (unsigned long)0x10325476L
 
 FIPS_NON_FIPS_MD_Init(MD5)
-	{
-	c->A=INIT_DATA_A;
-	c->B=INIT_DATA_B;
-	c->C=INIT_DATA_C;
-	c->D=INIT_DATA_D;
-	c->Nl=0;
-	c->Nh=0;
-	c->num=0;
-	return 1;
-	}
+{
+    c->A = INIT_DATA_A;
+    c->B = INIT_DATA_B;
+    c->C = INIT_DATA_C;
+    c->D = INIT_DATA_D;
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    return 1;
+}
 
 #ifndef md5_block_data_order
-#ifdef X
-#undef X
-#endif
-void md5_block_data_order (MD5_CTX *c, const void *data_, size_t num)
-	{
-	const unsigned char *data=data_;
-	register unsigned MD32_REG_T A,B,C,D,l;
-#ifndef MD32_XARRAY
-	/* See comment in crypto/sha/sha_locl.h for details. */
-	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-# define X(i)	XX##i
-#else
-	MD5_LONG XX[MD5_LBLOCK];
-# define X(i)	XX[i]
-#endif
+# ifdef X
+#  undef X
+# endif
+void md5_block_data_order(MD5_CTX *c, const void *data_, size_t num)
+{
+    const unsigned char *data = data_;
+    register unsigned MD32_REG_T A, B, C, D, l;
+# ifndef MD32_XARRAY
+    /* See comment in crypto/sha/sha_locl.h for details. */
+    unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+        XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+#  define X(i)   XX##i
+# else
+    MD5_LONG XX[MD5_LBLOCK];
+#  define X(i)   XX[i]
+# endif
 
-	A=c->A;
-	B=c->B;
-	C=c->C;
-	D=c->D;
+    A = c->A;
+    B = c->B;
+    C = c->C;
+    D = c->D;
 
-	for (;num--;)
-		{
-	HOST_c2l(data,l); X( 0)=l;		HOST_c2l(data,l); X( 1)=l;
-	/* Round 0 */
-	R0(A,B,C,D,X( 0), 7,0xd76aa478L);	HOST_c2l(data,l); X( 2)=l;
-	R0(D,A,B,C,X( 1),12,0xe8c7b756L);	HOST_c2l(data,l); X( 3)=l;
-	R0(C,D,A,B,X( 2),17,0x242070dbL);	HOST_c2l(data,l); X( 4)=l;
-	R0(B,C,D,A,X( 3),22,0xc1bdceeeL);	HOST_c2l(data,l); X( 5)=l;
-	R0(A,B,C,D,X( 4), 7,0xf57c0fafL);	HOST_c2l(data,l); X( 6)=l;
-	R0(D,A,B,C,X( 5),12,0x4787c62aL);	HOST_c2l(data,l); X( 7)=l;
-	R0(C,D,A,B,X( 6),17,0xa8304613L);	HOST_c2l(data,l); X( 8)=l;
-	R0(B,C,D,A,X( 7),22,0xfd469501L);	HOST_c2l(data,l); X( 9)=l;
-	R0(A,B,C,D,X( 8), 7,0x698098d8L);	HOST_c2l(data,l); X(10)=l;
-	R0(D,A,B,C,X( 9),12,0x8b44f7afL);	HOST_c2l(data,l); X(11)=l;
-	R0(C,D,A,B,X(10),17,0xffff5bb1L);	HOST_c2l(data,l); X(12)=l;
-	R0(B,C,D,A,X(11),22,0x895cd7beL);	HOST_c2l(data,l); X(13)=l;
-	R0(A,B,C,D,X(12), 7,0x6b901122L);	HOST_c2l(data,l); X(14)=l;
-	R0(D,A,B,C,X(13),12,0xfd987193L);	HOST_c2l(data,l); X(15)=l;
-	R0(C,D,A,B,X(14),17,0xa679438eL);
-	R0(B,C,D,A,X(15),22,0x49b40821L);
-	/* Round 1 */
-	R1(A,B,C,D,X( 1), 5,0xf61e2562L);
-	R1(D,A,B,C,X( 6), 9,0xc040b340L);
-	R1(C,D,A,B,X(11),14,0x265e5a51L);
-	R1(B,C,D,A,X( 0),20,0xe9b6c7aaL);
-	R1(A,B,C,D,X( 5), 5,0xd62f105dL);
-	R1(D,A,B,C,X(10), 9,0x02441453L);
-	R1(C,D,A,B,X(15),14,0xd8a1e681L);
-	R1(B,C,D,A,X( 4),20,0xe7d3fbc8L);
-	R1(A,B,C,D,X( 9), 5,0x21e1cde6L);
-	R1(D,A,B,C,X(14), 9,0xc33707d6L);
-	R1(C,D,A,B,X( 3),14,0xf4d50d87L);
-	R1(B,C,D,A,X( 8),20,0x455a14edL);
-	R1(A,B,C,D,X(13), 5,0xa9e3e905L);
-	R1(D,A,B,C,X( 2), 9,0xfcefa3f8L);
-	R1(C,D,A,B,X( 7),14,0x676f02d9L);
-	R1(B,C,D,A,X(12),20,0x8d2a4c8aL);
-	/* Round 2 */
-	R2(A,B,C,D,X( 5), 4,0xfffa3942L);
-	R2(D,A,B,C,X( 8),11,0x8771f681L);
-	R2(C,D,A,B,X(11),16,0x6d9d6122L);
-	R2(B,C,D,A,X(14),23,0xfde5380cL);
-	R2(A,B,C,D,X( 1), 4,0xa4beea44L);
-	R2(D,A,B,C,X( 4),11,0x4bdecfa9L);
-	R2(C,D,A,B,X( 7),16,0xf6bb4b60L);
-	R2(B,C,D,A,X(10),23,0xbebfbc70L);
-	R2(A,B,C,D,X(13), 4,0x289b7ec6L);
-	R2(D,A,B,C,X( 0),11,0xeaa127faL);
-	R2(C,D,A,B,X( 3),16,0xd4ef3085L);
-	R2(B,C,D,A,X( 6),23,0x04881d05L);
-	R2(A,B,C,D,X( 9), 4,0xd9d4d039L);
-	R2(D,A,B,C,X(12),11,0xe6db99e5L);
-	R2(C,D,A,B,X(15),16,0x1fa27cf8L);
-	R2(B,C,D,A,X( 2),23,0xc4ac5665L);
-	/* Round 3 */
-	R3(A,B,C,D,X( 0), 6,0xf4292244L);
-	R3(D,A,B,C,X( 7),10,0x432aff97L);
-	R3(C,D,A,B,X(14),15,0xab9423a7L);
-	R3(B,C,D,A,X( 5),21,0xfc93a039L);
-	R3(A,B,C,D,X(12), 6,0x655b59c3L);
-	R3(D,A,B,C,X( 3),10,0x8f0ccc92L);
-	R3(C,D,A,B,X(10),15,0xffeff47dL);
-	R3(B,C,D,A,X( 1),21,0x85845dd1L);
-	R3(A,B,C,D,X( 8), 6,0x6fa87e4fL);
-	R3(D,A,B,C,X(15),10,0xfe2ce6e0L);
-	R3(C,D,A,B,X( 6),15,0xa3014314L);
-	R3(B,C,D,A,X(13),21,0x4e0811a1L);
-	R3(A,B,C,D,X( 4), 6,0xf7537e82L);
-	R3(D,A,B,C,X(11),10,0xbd3af235L);
-	R3(C,D,A,B,X( 2),15,0x2ad7d2bbL);
-	R3(B,C,D,A,X( 9),21,0xeb86d391L);
+    for (; num--;) {
+        HOST_c2l(data, l);
+        X(0) = l;
+        HOST_c2l(data, l);
+        X(1) = l;
+        /* Round 0 */
+        R0(A, B, C, D, X(0), 7, 0xd76aa478L);
+        HOST_c2l(data, l);
+        X(2) = l;
+        R0(D, A, B, C, X(1), 12, 0xe8c7b756L);
+        HOST_c2l(data, l);
+        X(3) = l;
+        R0(C, D, A, B, X(2), 17, 0x242070dbL);
+        HOST_c2l(data, l);
+        X(4) = l;
+        R0(B, C, D, A, X(3), 22, 0xc1bdceeeL);
+        HOST_c2l(data, l);
+        X(5) = l;
+        R0(A, B, C, D, X(4), 7, 0xf57c0fafL);
+        HOST_c2l(data, l);
+        X(6) = l;
+        R0(D, A, B, C, X(5), 12, 0x4787c62aL);
+        HOST_c2l(data, l);
+        X(7) = l;
+        R0(C, D, A, B, X(6), 17, 0xa8304613L);
+        HOST_c2l(data, l);
+        X(8) = l;
+        R0(B, C, D, A, X(7), 22, 0xfd469501L);
+        HOST_c2l(data, l);
+        X(9) = l;
+        R0(A, B, C, D, X(8), 7, 0x698098d8L);
+        HOST_c2l(data, l);
+        X(10) = l;
+        R0(D, A, B, C, X(9), 12, 0x8b44f7afL);
+        HOST_c2l(data, l);
+        X(11) = l;
+        R0(C, D, A, B, X(10), 17, 0xffff5bb1L);
+        HOST_c2l(data, l);
+        X(12) = l;
+        R0(B, C, D, A, X(11), 22, 0x895cd7beL);
+        HOST_c2l(data, l);
+        X(13) = l;
+        R0(A, B, C, D, X(12), 7, 0x6b901122L);
+        HOST_c2l(data, l);
+        X(14) = l;
+        R0(D, A, B, C, X(13), 12, 0xfd987193L);
+        HOST_c2l(data, l);
+        X(15) = l;
+        R0(C, D, A, B, X(14), 17, 0xa679438eL);
+        R0(B, C, D, A, X(15), 22, 0x49b40821L);
+        /* Round 1 */
+        R1(A, B, C, D, X(1), 5, 0xf61e2562L);
+        R1(D, A, B, C, X(6), 9, 0xc040b340L);
+        R1(C, D, A, B, X(11), 14, 0x265e5a51L);
+        R1(B, C, D, A, X(0), 20, 0xe9b6c7aaL);
+        R1(A, B, C, D, X(5), 5, 0xd62f105dL);
+        R1(D, A, B, C, X(10), 9, 0x02441453L);
+        R1(C, D, A, B, X(15), 14, 0xd8a1e681L);
+        R1(B, C, D, A, X(4), 20, 0xe7d3fbc8L);
+        R1(A, B, C, D, X(9), 5, 0x21e1cde6L);
+        R1(D, A, B, C, X(14), 9, 0xc33707d6L);
+        R1(C, D, A, B, X(3), 14, 0xf4d50d87L);
+        R1(B, C, D, A, X(8), 20, 0x455a14edL);
+        R1(A, B, C, D, X(13), 5, 0xa9e3e905L);
+        R1(D, A, B, C, X(2), 9, 0xfcefa3f8L);
+        R1(C, D, A, B, X(7), 14, 0x676f02d9L);
+        R1(B, C, D, A, X(12), 20, 0x8d2a4c8aL);
+        /* Round 2 */
+        R2(A, B, C, D, X(5), 4, 0xfffa3942L);
+        R2(D, A, B, C, X(8), 11, 0x8771f681L);
+        R2(C, D, A, B, X(11), 16, 0x6d9d6122L);
+        R2(B, C, D, A, X(14), 23, 0xfde5380cL);
+        R2(A, B, C, D, X(1), 4, 0xa4beea44L);
+        R2(D, A, B, C, X(4), 11, 0x4bdecfa9L);
+        R2(C, D, A, B, X(7), 16, 0xf6bb4b60L);
+        R2(B, C, D, A, X(10), 23, 0xbebfbc70L);
+        R2(A, B, C, D, X(13), 4, 0x289b7ec6L);
+        R2(D, A, B, C, X(0), 11, 0xeaa127faL);
+        R2(C, D, A, B, X(3), 16, 0xd4ef3085L);
+        R2(B, C, D, A, X(6), 23, 0x04881d05L);
+        R2(A, B, C, D, X(9), 4, 0xd9d4d039L);
+        R2(D, A, B, C, X(12), 11, 0xe6db99e5L);
+        R2(C, D, A, B, X(15), 16, 0x1fa27cf8L);
+        R2(B, C, D, A, X(2), 23, 0xc4ac5665L);
+        /* Round 3 */
+        R3(A, B, C, D, X(0), 6, 0xf4292244L);
+        R3(D, A, B, C, X(7), 10, 0x432aff97L);
+        R3(C, D, A, B, X(14), 15, 0xab9423a7L);
+        R3(B, C, D, A, X(5), 21, 0xfc93a039L);
+        R3(A, B, C, D, X(12), 6, 0x655b59c3L);
+        R3(D, A, B, C, X(3), 10, 0x8f0ccc92L);
+        R3(C, D, A, B, X(10), 15, 0xffeff47dL);
+        R3(B, C, D, A, X(1), 21, 0x85845dd1L);
+        R3(A, B, C, D, X(8), 6, 0x6fa87e4fL);
+        R3(D, A, B, C, X(15), 10, 0xfe2ce6e0L);
+        R3(C, D, A, B, X(6), 15, 0xa3014314L);
+        R3(B, C, D, A, X(13), 21, 0x4e0811a1L);
+        R3(A, B, C, D, X(4), 6, 0xf7537e82L);
+        R3(D, A, B, C, X(11), 10, 0xbd3af235L);
+        R3(C, D, A, B, X(2), 15, 0x2ad7d2bbL);
+        R3(B, C, D, A, X(9), 21, 0xeb86d391L);
 
-	A = c->A += A;
-	B = c->B += B;
-	C = c->C += C;
-	D = c->D += D;
-		}
-	}
+        A = c->A += A;
+        B = c->B += B;
+        C = c->C += C;
+        D = c->D += D;
+    }
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/md5/md5_one.c b/Cryptlib/OpenSSL/crypto/md5/md5_one.c
index 43fee893..4ac882e7 100644
--- a/Cryptlib/OpenSSL/crypto/md5/md5_one.c
+++ b/Cryptlib/OpenSSL/crypto/md5/md5_one.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,36 +62,35 @@
 #include <openssl/crypto.h>
 
 #ifdef CHARSET_EBCDIC
-#include <openssl/ebcdic.h>
+# include <openssl/ebcdic.h>
 #endif
 
 unsigned char *MD5(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	MD5_CTX c;
-	static unsigned char m[MD5_DIGEST_LENGTH];
+{
+    MD5_CTX c;
+    static unsigned char m[MD5_DIGEST_LENGTH];
 
-	if (md == NULL) md=m;
-	if (!MD5_Init(&c))
-		return NULL;
+    if (md == NULL)
+        md = m;
+    if (!MD5_Init(&c))
+        return NULL;
 #ifndef CHARSET_EBCDIC
-	MD5_Update(&c,d,n);
+    MD5_Update(&c, d, n);
 #else
-	{
-		char temp[1024];
-		unsigned long chunk;
+    {
+        char temp[1024];
+        unsigned long chunk;
 
-		while (n > 0)
-		{
-			chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
-			ebcdic2ascii(temp, d, chunk);
-			MD5_Update(&c,temp,chunk);
-			n -= chunk;
-			d += chunk;
-		}
-	}
+        while (n > 0) {
+            chunk = (n > sizeof(temp)) ? sizeof(temp) : n;
+            ebcdic2ascii(temp, d, chunk);
+            MD5_Update(&c, temp, chunk);
+            n -= chunk;
+            d += chunk;
+        }
+    }
 #endif
-	MD5_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
-	return(md);
-	}
-
+    MD5_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+    return (md);
+}
diff --git a/Cryptlib/OpenSSL/crypto/mem.c b/Cryptlib/OpenSSL/crypto/mem.c
index 05d7b9cd..0620a51f 100644
--- a/Cryptlib/OpenSSL/crypto/mem.c
+++ b/Cryptlib/OpenSSL/crypto/mem.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,390 +61,427 @@
 #include <openssl/crypto.h>
 #include "cryptlib.h"
 
+static int allow_customize = 1; /* we provide flexible functions for */
+static int allow_customize_debug = 1; /* exchanging memory-related functions
+                                       * at run-time, but this must be done
+                                       * before any blocks are actually
+                                       * allocated; or we'll run into huge
+                                       * problems when malloc/free pairs
+                                       * don't match etc. */
 
-static int allow_customize = 1;      /* we provide flexible functions for */
-static int allow_customize_debug = 1;/* exchanging memory-related functions at
-                                      * run-time, but this must be done
-                                      * before any blocks are actually
-                                      * allocated; or we'll run into huge
-                                      * problems when malloc/free pairs
-                                      * don't match etc. */
-
-
-
-/* the following pointers may be changed as long as 'allow_customize' is set */
+/*
+ * the following pointers may be changed as long as 'allow_customize' is set
+ */
 
-static void *(*malloc_func)(size_t)         = malloc;
+static void *(*malloc_func) (size_t) = malloc;
 static void *default_malloc_ex(size_t num, const char *file, int line)
-	{ return malloc_func(num); }
-static void *(*malloc_ex_func)(size_t, const char *file, int line)
-        = default_malloc_ex;
+{
+    return malloc_func(num);
+}
 
-static void *(*realloc_func)(void *, size_t)= realloc;
+static void *(*malloc_ex_func) (size_t, const char *file, int line)
+    = default_malloc_ex;
+
+static void *(*realloc_func) (void *, size_t) = realloc;
 static void *default_realloc_ex(void *str, size_t num,
-        const char *file, int line)
-	{ return realloc_func(str,num); }
-static void *(*realloc_ex_func)(void *, size_t, const char *file, int line)
-        = default_realloc_ex;
+                                const char *file, int line)
+{
+    return realloc_func(str, num);
+}
 
-static void (*free_func)(void *)            = free;
+static void *(*realloc_ex_func) (void *, size_t, const char *file, int line)
+    = default_realloc_ex;
 
-static void *(*malloc_locked_func)(size_t)  = malloc;
-static void *default_malloc_locked_ex(size_t num, const char *file, int line)
-	{ return malloc_locked_func(num); }
-static void *(*malloc_locked_ex_func)(size_t, const char *file, int line)
-        = default_malloc_locked_ex;
+static void (*free_func) (void *) = free;
 
-static void (*free_locked_func)(void *)     = free;
+static void *(*malloc_locked_func) (size_t) = malloc;
+static void *default_malloc_locked_ex(size_t num, const char *file, int line)
+{
+    return malloc_locked_func(num);
+}
 
+static void *(*malloc_locked_ex_func) (size_t, const char *file, int line)
+    = default_malloc_locked_ex;
 
+static void (*free_locked_func) (void *) = free;
 
 /* may be changed as long as 'allow_customize_debug' is set */
 /* XXX use correct function pointer types */
 #if defined(CRYPTO_MDEBUG) && !defined(OPENSSL_FIPS)
 /* use default functions from mem_dbg.c */
-static void (*malloc_debug_func)(void *,int,const char *,int,int)
-	= CRYPTO_dbg_malloc;
-static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
-	= CRYPTO_dbg_realloc;
-static void (*free_debug_func)(void *,int) = CRYPTO_dbg_free;
-static void (*set_debug_options_func)(long) = CRYPTO_dbg_set_options;
-static long (*get_debug_options_func)(void) = CRYPTO_dbg_get_options;
-
-static int  (*push_info_func)(const char *info, const char *file, int line)
-	= CRYPTO_dbg_push_info;
-static int  (*pop_info_func)(void)
-	= CRYPTO_dbg_pop_info;
-static int (*remove_all_info_func)(void)
-	= CRYPTO_dbg_remove_all_info;
+static void (*malloc_debug_func) (void *, int, const char *, int, int)
+    = CRYPTO_dbg_malloc;
+static void (*realloc_debug_func) (void *, void *, int, const char *, int,
+                                   int)
+    = CRYPTO_dbg_realloc;
+static void (*free_debug_func) (void *, int) = CRYPTO_dbg_free;
+static void (*set_debug_options_func) (long) = CRYPTO_dbg_set_options;
+static long (*get_debug_options_func) (void) = CRYPTO_dbg_get_options;
+
+static int (*push_info_func) (const char *info, const char *file, int line)
+    = CRYPTO_dbg_push_info;
+static int (*pop_info_func) (void)
+    = CRYPTO_dbg_pop_info;
+static int (*remove_all_info_func) (void)
+    = CRYPTO_dbg_remove_all_info;
 
 #else
-/* applications can use CRYPTO_malloc_debug_init() to select above case
- * at run-time */
-static void (*malloc_debug_func)(void *,int,const char *,int,int) = NULL;
-static void (*realloc_debug_func)(void *,void *,int,const char *,int,int)
-	= NULL;
-static void (*free_debug_func)(void *,int) = NULL;
-static void (*set_debug_options_func)(long) = NULL;
-static long (*get_debug_options_func)(void) = NULL;
-
-
-static int  (*push_info_func)(const char *info, const char *file, int line)
-	= NULL;
-static int  (*pop_info_func)(void) = NULL;
-static int (*remove_all_info_func)(void) = NULL;
+/*
+ * applications can use CRYPTO_malloc_debug_init() to select above case at
+ * run-time
+ */
+static void (*malloc_debug_func) (void *, int, const char *, int, int) = NULL;
+static void (*realloc_debug_func) (void *, void *, int, const char *, int,
+                                   int)
+    = NULL;
+static void (*free_debug_func) (void *, int) = NULL;
+static void (*set_debug_options_func) (long) = NULL;
+static long (*get_debug_options_func) (void) = NULL;
+
+static int (*push_info_func) (const char *info, const char *file, int line)
+    = NULL;
+static int (*pop_info_func) (void) = NULL;
+static int (*remove_all_info_func) (void) = NULL;
 
 #endif
 
-
-int CRYPTO_set_mem_functions(void *(*m)(size_t), void *(*r)(void *, size_t),
-	void (*f)(void *))
-	{
-	if (!allow_customize)
-		return 0;
-	if ((m == 0) || (r == 0) || (f == 0))
-		return 0;
-	malloc_func=m; malloc_ex_func=default_malloc_ex;
-	realloc_func=r; realloc_ex_func=default_realloc_ex;
-	free_func=f;
-	malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;
-	free_locked_func=f;
-	return 1;
-	}
-
-int CRYPTO_set_mem_ex_functions(
-        void *(*m)(size_t,const char *,int),
-        void *(*r)(void *, size_t,const char *,int),
-	void (*f)(void *))
-	{
-	if (!allow_customize)
-		return 0;
-	if ((m == 0) || (r == 0) || (f == 0))
-		return 0;
-	malloc_func=0; malloc_ex_func=m;
-	realloc_func=0; realloc_ex_func=r;
-	free_func=f;
-	malloc_locked_func=0; malloc_locked_ex_func=m;
-	free_locked_func=f;
-	return 1;
-	}
-
-int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*f)(void *))
-	{
-	if (!allow_customize)
-		return 0;
-	if ((m == NULL) || (f == NULL))
-		return 0;
-	malloc_locked_func=m; malloc_locked_ex_func=default_malloc_locked_ex;
-	free_locked_func=f;
-	return 1;
-	}
-
-int CRYPTO_set_locked_mem_ex_functions(
-        void *(*m)(size_t,const char *,int),
-        void (*f)(void *))
-	{
-	if (!allow_customize)
-		return 0;
-	if ((m == NULL) || (f == NULL))
-		return 0;
-	malloc_locked_func=0; malloc_locked_ex_func=m;
-	free_func=f;
-	return 1;
-	}
-
-int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int),
-				   void (*r)(void *,void *,int,const char *,int,int),
-				   void (*f)(void *,int),
-				   void (*so)(long),
-				   long (*go)(void))
-	{
-	if (!allow_customize_debug)
-		return 0;
-	malloc_debug_func=m;
-	realloc_debug_func=r;
-	free_debug_func=f;
-	set_debug_options_func=so;
-	get_debug_options_func=go;
-	return 1;
-	}
-
-void CRYPTO_set_mem_info_functions(
-	int  (*push_info_fn)(const char *info, const char *file, int line),
-	int  (*pop_info_fn)(void),
-	int (*remove_all_info_fn)(void))
-	{
-	push_info_func = push_info_fn;
-	pop_info_func = pop_info_fn;
-	remove_all_info_func = remove_all_info_fn;
-	}
-
-void CRYPTO_get_mem_functions(void *(**m)(size_t), void *(**r)(void *, size_t),
-	void (**f)(void *))
-	{
-	if (m != NULL) *m = (malloc_ex_func == default_malloc_ex) ? 
-	                     malloc_func : 0;
-	if (r != NULL) *r = (realloc_ex_func == default_realloc_ex) ? 
-	                     realloc_func : 0;
-	if (f != NULL) *f=free_func;
-	}
-
-void CRYPTO_get_mem_ex_functions(
-        void *(**m)(size_t,const char *,int),
-        void *(**r)(void *, size_t,const char *,int),
-	void (**f)(void *))
-	{
-	if (m != NULL) *m = (malloc_ex_func != default_malloc_ex) ?
-	                    malloc_ex_func : 0;
-	if (r != NULL) *r = (realloc_ex_func != default_realloc_ex) ?
-	                    realloc_ex_func : 0;
-	if (f != NULL) *f=free_func;
-	}
-
-void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *))
-	{
-	if (m != NULL) *m = (malloc_locked_ex_func == default_malloc_locked_ex) ? 
-	                     malloc_locked_func : 0;
-	if (f != NULL) *f=free_locked_func;
-	}
-
-void CRYPTO_get_locked_mem_ex_functions(
-        void *(**m)(size_t,const char *,int),
-        void (**f)(void *))
-	{
-	if (m != NULL) *m = (malloc_locked_ex_func != default_malloc_locked_ex) ?
-	                    malloc_locked_ex_func : 0;
-	if (f != NULL) *f=free_locked_func;
-	}
-
-void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int),
-				    void (**r)(void *,void *,int,const char *,int,int),
-				    void (**f)(void *,int),
-				    void (**so)(long),
-				    long (**go)(void))
-	{
-	if (m != NULL) *m=malloc_debug_func;
-	if (r != NULL) *r=realloc_debug_func;
-	if (f != NULL) *f=free_debug_func;
-	if (so != NULL) *so=set_debug_options_func;
-	if (go != NULL) *go=get_debug_options_func;
-	}
-
+int CRYPTO_set_mem_functions(void *(*m) (size_t), void *(*r) (void *, size_t),
+                             void (*f) (void *))
+{
+    if (!allow_customize)
+        return 0;
+    if ((m == 0) || (r == 0) || (f == 0))
+        return 0;
+    malloc_func = m;
+    malloc_ex_func = default_malloc_ex;
+    realloc_func = r;
+    realloc_ex_func = default_realloc_ex;
+    free_func = f;
+    malloc_locked_func = m;
+    malloc_locked_ex_func = default_malloc_locked_ex;
+    free_locked_func = f;
+    return 1;
+}
+
+int CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
+                                void *(*r) (void *, size_t, const char *,
+                                            int), void (*f) (void *))
+{
+    if (!allow_customize)
+        return 0;
+    if ((m == 0) || (r == 0) || (f == 0))
+        return 0;
+    malloc_func = 0;
+    malloc_ex_func = m;
+    realloc_func = 0;
+    realloc_ex_func = r;
+    free_func = f;
+    malloc_locked_func = 0;
+    malloc_locked_ex_func = m;
+    free_locked_func = f;
+    return 1;
+}
+
+int CRYPTO_set_locked_mem_functions(void *(*m) (size_t), void (*f) (void *))
+{
+    if (!allow_customize)
+        return 0;
+    if ((m == NULL) || (f == NULL))
+        return 0;
+    malloc_locked_func = m;
+    malloc_locked_ex_func = default_malloc_locked_ex;
+    free_locked_func = f;
+    return 1;
+}
+
+int CRYPTO_set_locked_mem_ex_functions(void *(*m) (size_t, const char *, int),
+                                       void (*f) (void *))
+{
+    if (!allow_customize)
+        return 0;
+    if ((m == NULL) || (f == NULL))
+        return 0;
+    malloc_locked_func = 0;
+    malloc_locked_ex_func = m;
+    free_func = f;
+    return 1;
+}
+
+int CRYPTO_set_mem_debug_functions(void (*m)
+                                    (void *, int, const char *, int, int),
+                                   void (*r) (void *, void *, int,
+                                              const char *, int, int),
+                                   void (*f) (void *, int), void (*so) (long),
+                                   long (*go) (void))
+{
+    if (!allow_customize_debug)
+        return 0;
+    malloc_debug_func = m;
+    realloc_debug_func = r;
+    free_debug_func = f;
+    set_debug_options_func = so;
+    get_debug_options_func = go;
+    return 1;
+}
+
+void CRYPTO_set_mem_info_functions(int (*push_info_fn)
+                                    (const char *info, const char *file,
+                                     int line), int (*pop_info_fn) (void),
+                                   int (*remove_all_info_fn) (void))
+{
+    push_info_func = push_info_fn;
+    pop_info_func = pop_info_fn;
+    remove_all_info_func = remove_all_info_fn;
+}
+
+void CRYPTO_get_mem_functions(void *(**m) (size_t),
+                              void *(**r) (void *, size_t),
+                              void (**f) (void *))
+{
+    if (m != NULL)
+        *m = (malloc_ex_func == default_malloc_ex) ? malloc_func : 0;
+    if (r != NULL)
+        *r = (realloc_ex_func == default_realloc_ex) ? realloc_func : 0;
+    if (f != NULL)
+        *f = free_func;
+}
+
+void CRYPTO_get_mem_ex_functions(void *(**m) (size_t, const char *, int),
+                                 void *(**r) (void *, size_t, const char *,
+                                              int), void (**f) (void *))
+{
+    if (m != NULL)
+        *m = (malloc_ex_func != default_malloc_ex) ? malloc_ex_func : 0;
+    if (r != NULL)
+        *r = (realloc_ex_func != default_realloc_ex) ? realloc_ex_func : 0;
+    if (f != NULL)
+        *f = free_func;
+}
+
+void CRYPTO_get_locked_mem_functions(void *(**m) (size_t),
+                                     void (**f) (void *))
+{
+    if (m != NULL)
+        *m = (malloc_locked_ex_func == default_malloc_locked_ex) ?
+            malloc_locked_func : 0;
+    if (f != NULL)
+        *f = free_locked_func;
+}
+
+void CRYPTO_get_locked_mem_ex_functions(void
+                                        *(**m) (size_t, const char *, int),
+                                        void (**f) (void *))
+{
+    if (m != NULL)
+        *m = (malloc_locked_ex_func != default_malloc_locked_ex) ?
+            malloc_locked_ex_func : 0;
+    if (f != NULL)
+        *f = free_locked_func;
+}
+
+void CRYPTO_get_mem_debug_functions(void (**m)
+                                     (void *, int, const char *, int, int),
+                                    void (**r) (void *, void *, int,
+                                                const char *, int, int),
+                                    void (**f) (void *, int),
+                                    void (**so) (long), long (**go) (void))
+{
+    if (m != NULL)
+        *m = malloc_debug_func;
+    if (r != NULL)
+        *r = realloc_debug_func;
+    if (f != NULL)
+        *f = free_debug_func;
+    if (so != NULL)
+        *so = set_debug_options_func;
+    if (go != NULL)
+        *go = get_debug_options_func;
+}
 
 void *CRYPTO_malloc_locked(int num, const char *file, int line)
-	{
-	void *ret = NULL;
-	extern unsigned char cleanse_ctr;
-
-	if (num <= 0) return NULL;
-
-	allow_customize = 0;
-	if (malloc_debug_func != NULL)
-		{
-		allow_customize_debug = 0;
-		malloc_debug_func(NULL, num, file, line, 0);
-		}
-	ret = malloc_locked_ex_func(num,file,line);
+{
+    void *ret = NULL;
+    extern unsigned char cleanse_ctr;
+
+    if (num <= 0)
+        return NULL;
+
+    allow_customize = 0;
+    if (malloc_debug_func != NULL) {
+        allow_customize_debug = 0;
+        malloc_debug_func(NULL, num, file, line, 0);
+    }
+    ret = malloc_locked_ex_func(num, file, line);
 #ifdef LEVITTE_DEBUG_MEM
-	fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
+    fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
 #endif
-	if (malloc_debug_func != NULL)
-		malloc_debug_func(ret, num, file, line, 1);
+    if (malloc_debug_func != NULL)
+        malloc_debug_func(ret, num, file, line, 1);
 
-        /* Create a dependency on the value of 'cleanse_ctr' so our memory
-         * sanitisation function can't be optimised out. NB: We only do
-         * this for >2Kb so the overhead doesn't bother us. */
-        if(ret && (num > 2048))
-		((unsigned char *)ret)[0] = cleanse_ctr;
+    /*
+     * Create a dependency on the value of 'cleanse_ctr' so our memory
+     * sanitisation function can't be optimised out. NB: We only do this for
+     * >2Kb so the overhead doesn't bother us.
+     */
+    if (ret && (num > 2048))
+        ((unsigned char *)ret)[0] = cleanse_ctr;
 
-	return ret;
-	}
+    return ret;
+}
 
 void CRYPTO_free_locked(void *str)
-	{
-	if (free_debug_func != NULL)
-		free_debug_func(str, 0);
+{
+    if (free_debug_func != NULL)
+        free_debug_func(str, 0);
 #ifdef LEVITTE_DEBUG_MEM
-	fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
+    fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
 #endif
-	free_locked_func(str);
-	if (free_debug_func != NULL)
-		free_debug_func(NULL, 1);
-	}
+    free_locked_func(str);
+    if (free_debug_func != NULL)
+        free_debug_func(NULL, 1);
+}
 
 void *CRYPTO_malloc(int num, const char *file, int line)
-	{
-	void *ret = NULL;
-	extern unsigned char cleanse_ctr;
-
-	if (num <= 0) return NULL;
-
-	allow_customize = 0;
-	if (malloc_debug_func != NULL)
-		{
-		allow_customize_debug = 0;
-		malloc_debug_func(NULL, num, file, line, 0);
-		}
-	ret = malloc_ex_func(num,file,line);
+{
+    void *ret = NULL;
+    extern unsigned char cleanse_ctr;
+
+    if (num <= 0)
+        return NULL;
+
+    allow_customize = 0;
+    if (malloc_debug_func != NULL) {
+        allow_customize_debug = 0;
+        malloc_debug_func(NULL, num, file, line, 0);
+    }
+    ret = malloc_ex_func(num, file, line);
 #ifdef LEVITTE_DEBUG_MEM
-	fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
+    fprintf(stderr, "LEVITTE_DEBUG_MEM:         > 0x%p (%d)\n", ret, num);
 #endif
-	if (malloc_debug_func != NULL)
-		malloc_debug_func(ret, num, file, line, 1);
+    if (malloc_debug_func != NULL)
+        malloc_debug_func(ret, num, file, line, 1);
 
-        /* Create a dependency on the value of 'cleanse_ctr' so our memory
-         * sanitisation function can't be optimised out. NB: We only do
-         * this for >2Kb so the overhead doesn't bother us. */
-        if(ret && (num > 2048))
-                ((unsigned char *)ret)[0] = cleanse_ctr;
+    /*
+     * Create a dependency on the value of 'cleanse_ctr' so our memory
+     * sanitisation function can't be optimised out. NB: We only do this for
+     * >2Kb so the overhead doesn't bother us.
+     */
+    if (ret && (num > 2048))
+        ((unsigned char *)ret)[0] = cleanse_ctr;
 
-	return ret;
-	}
+    return ret;
+}
 
 void *CRYPTO_realloc(void *str, int num, const char *file, int line)
-	{
-	void *ret = NULL;
+{
+    void *ret = NULL;
 
-	if (str == NULL)
-		return CRYPTO_malloc(num, file, line);
+    if (str == NULL)
+        return CRYPTO_malloc(num, file, line);
 
-	if (num <= 0) return NULL;
+    if (num <= 0)
+        return NULL;
 
-	if (realloc_debug_func != NULL)
-		realloc_debug_func(str, NULL, num, file, line, 0);
-	ret = realloc_ex_func(str,num,file,line);
+    if (realloc_debug_func != NULL)
+        realloc_debug_func(str, NULL, num, file, line, 0);
+    ret = realloc_ex_func(str, num, file, line);
 #ifdef LEVITTE_DEBUG_MEM
-	fprintf(stderr, "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n", str, ret, num);
+    fprintf(stderr, "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n", str,
+            ret, num);
 #endif
-	if (realloc_debug_func != NULL)
-		realloc_debug_func(str, ret, num, file, line, 1);
+    if (realloc_debug_func != NULL)
+        realloc_debug_func(str, ret, num, file, line, 1);
 
-	return ret;
-	}
+    return ret;
+}
 
 void *CRYPTO_realloc_clean(void *str, int old_len, int num, const char *file,
-			   int line)
-	{
-	void *ret = NULL;
-
-	if (str == NULL)
-		return CRYPTO_malloc(num, file, line);
-
-	if (num <= 0) return NULL;
-
-	/* We don't support shrinking the buffer. Note the memcpy that copies
-	 * |old_len| bytes to the new buffer, below. */
-	if (num < old_len) return NULL;
-
-	if (realloc_debug_func != NULL)
-		realloc_debug_func(str, NULL, num, file, line, 0);
-	ret=malloc_ex_func(num,file,line);
-	if(ret)
-		{
-		memcpy(ret,str,old_len);
-		OPENSSL_cleanse(str,old_len);
-		free_func(str);
-		}
+                           int line)
+{
+    void *ret = NULL;
+
+    if (str == NULL)
+        return CRYPTO_malloc(num, file, line);
+
+    if (num <= 0)
+        return NULL;
+
+    /*
+     * We don't support shrinking the buffer. Note the memcpy that copies
+     * |old_len| bytes to the new buffer, below.
+     */
+    if (num < old_len)
+        return NULL;
+
+    if (realloc_debug_func != NULL)
+        realloc_debug_func(str, NULL, num, file, line, 0);
+    ret = malloc_ex_func(num, file, line);
+    if (ret) {
+        memcpy(ret, str, old_len);
+        OPENSSL_cleanse(str, old_len);
+        free_func(str);
+    }
 #ifdef LEVITTE_DEBUG_MEM
-	fprintf(stderr,
-		"LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n",
-		str, ret, num);
+    fprintf(stderr,
+            "LEVITTE_DEBUG_MEM:         | 0x%p -> 0x%p (%d)\n",
+            str, ret, num);
 #endif
-	if (realloc_debug_func != NULL)
-		realloc_debug_func(str, ret, num, file, line, 1);
+    if (realloc_debug_func != NULL)
+        realloc_debug_func(str, ret, num, file, line, 1);
 
-	return ret;
-	}
+    return ret;
+}
 
 void CRYPTO_free(void *str)
-	{
-	if (free_debug_func != NULL)
-		free_debug_func(str, 0);
+{
+    if (free_debug_func != NULL)
+        free_debug_func(str, 0);
 #ifdef LEVITTE_DEBUG_MEM
-	fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
+    fprintf(stderr, "LEVITTE_DEBUG_MEM:         < 0x%p\n", str);
 #endif
-	free_func(str);
-	if (free_debug_func != NULL)
-		free_debug_func(NULL, 1);
-	}
+    free_func(str);
+    if (free_debug_func != NULL)
+        free_debug_func(NULL, 1);
+}
 
 void *CRYPTO_remalloc(void *a, int num, const char *file, int line)
-	{
-	if (a != NULL) OPENSSL_free(a);
-	a=(char *)OPENSSL_malloc(num);
-	return(a);
-	}
+{
+    if (a != NULL)
+        OPENSSL_free(a);
+    a = (char *)OPENSSL_malloc(num);
+    return (a);
+}
 
 void CRYPTO_set_mem_debug_options(long bits)
-	{
-	if (set_debug_options_func != NULL)
-		set_debug_options_func(bits);
-	}
+{
+    if (set_debug_options_func != NULL)
+        set_debug_options_func(bits);
+}
 
 long CRYPTO_get_mem_debug_options(void)
-	{
-	if (get_debug_options_func != NULL)
-		return get_debug_options_func();
-	return 0;
-	}
+{
+    if (get_debug_options_func != NULL)
+        return get_debug_options_func();
+    return 0;
+}
 
 int CRYPTO_push_info_(const char *info, const char *file, int line)
-	{
-	if (push_info_func)
-		return push_info_func(info, file, line);
-	return 1;
-	}
+{
+    if (push_info_func)
+        return push_info_func(info, file, line);
+    return 1;
+}
 
 int CRYPTO_pop_info(void)
-	{
-	if (pop_info_func)
-		return pop_info_func();
-	return 1;
-	}
+{
+    if (pop_info_func)
+        return pop_info_func();
+    return 1;
+}
 
 int CRYPTO_remove_all_info(void)
-	{
-	if (remove_all_info_func)
-		return remove_all_info_func();
-	return 1;
-	}
+{
+    if (remove_all_info_func)
+        return remove_all_info_func();
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/mem_clr.c b/Cryptlib/OpenSSL/crypto/mem_clr.c
index add1f780..3df1f392 100644
--- a/Cryptlib/OpenSSL/crypto/mem_clr.c
+++ b/Cryptlib/OpenSSL/crypto/mem_clr.c
@@ -1,6 +1,7 @@
 /* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2002.
+/*
+ * Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL project
+ * 2002.
  */
 /* ====================================================================
  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,16 +63,15 @@
 unsigned char cleanse_ctr = 0;
 
 void OPENSSL_cleanse(void *ptr, size_t len)
-	{
-	unsigned char *p = ptr;
-	size_t loop = len, ctr = cleanse_ctr;
-	while(loop--)
-		{
-		*(p++) = (unsigned char)ctr;
-		ctr += (17 + ((size_t)p & 0xF));
-		}
-	p=memchr(ptr, (unsigned char)ctr, len);
-	if(p)
-		ctr += (63 + (size_t)p);
-	cleanse_ctr = (unsigned char)ctr;
-	}
+{
+    unsigned char *p = ptr;
+    size_t loop = len, ctr = cleanse_ctr;
+    while (loop--) {
+        *(p++) = (unsigned char)ctr;
+        ctr += (17 + ((size_t)p & 0xF));
+    }
+    p = memchr(ptr, (unsigned char)ctr, len);
+    if (p)
+        ctr += (63 + (size_t)p);
+    cleanse_ctr = (unsigned char)ctr;
+}
diff --git a/Cryptlib/OpenSSL/crypto/mem_dbg.c b/Cryptlib/OpenSSL/crypto/mem_dbg.c
index dfeb0847..e506e6b8 100644
--- a/Cryptlib/OpenSSL/crypto/mem_dbg.c
+++ b/Cryptlib/OpenSSL/crypto/mem_dbg.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -58,760 +58,712 @@
 
 #include <stdio.h>
 #include <stdlib.h>
-#include <time.h>	
+#include <time.h>
 #include "cryptlib.h"
 #include <openssl/crypto.h>
 #include <openssl/buffer.h>
 #include <openssl/bio.h>
 #include <openssl/lhash.h>
 
-static int mh_mode=CRYPTO_MEM_CHECK_OFF;
-/* The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE
- * when the application asks for it (usually after library initialisation
- * for which no book-keeping is desired).
- *
- * State CRYPTO_MEM_CHECK_ON exists only temporarily when the library
- * thinks that certain allocations should not be checked (e.g. the data
- * structures used for memory checking).  It is not suitable as an initial
- * state: the library will unexpectedly enable memory checking when it
- * executes one of those sections that want to disable checking
- * temporarily.
- *
- * State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes no sense whatsoever.
+static int mh_mode = CRYPTO_MEM_CHECK_OFF;
+/*
+ * The state changes to CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE when
+ * the application asks for it (usually after library initialisation for
+ * which no book-keeping is desired). State CRYPTO_MEM_CHECK_ON exists only
+ * temporarily when the library thinks that certain allocations should not be
+ * checked (e.g. the data structures used for memory checking).  It is not
+ * suitable as an initial state: the library will unexpectedly enable memory
+ * checking when it executes one of those sections that want to disable
+ * checking temporarily. State CRYPTO_MEM_CHECK_ENABLE without ..._ON makes
+ * no sense whatsoever.
  */
 
 static unsigned long order = 0; /* number of memory requests */
-static LHASH *mh=NULL; /* hash-table of memory requests (address as key);
-                        * access requires MALLOC2 lock */
-
+static LHASH *mh = NULL;        /* hash-table of memory requests (address as
+                                 * key); access requires MALLOC2 lock */
 
 typedef struct app_mem_info_st
-/* For application-defined information (static C-string `info')
+/*-
+ * For application-defined information (static C-string `info')
  * to be displayed in memory leak list.
  * Each thread has its own stack.  For applications, there is
  *   CRYPTO_push_info("...")     to push an entry,
  *   CRYPTO_pop_info()           to pop an entry,
  *   CRYPTO_remove_all_info()    to pop all entries.
  */
-	{	
-	unsigned long thread;
-	const char *file;
-	int line;
-	const char *info;
-	struct app_mem_info_st *next; /* tail of thread's stack */
-	int references;
-	} APP_INFO;
+{
+    unsigned long thread;
+    const char *file;
+    int line;
+    const char *info;
+    struct app_mem_info_st *next; /* tail of thread's stack */
+    int references;
+} APP_INFO;
 
 static void app_info_free(APP_INFO *);
 
-static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
-                          * that are at the top of their thread's stack
-                          * (with `thread' as key);
-                          * access requires MALLOC2 lock */
+static LHASH *amih = NULL;      /* hash-table with those app_mem_info_st's
+                                 * that are at the top of their thread's
+                                 * stack (with `thread' as key); access
+                                 * requires MALLOC2 lock */
 
 typedef struct mem_st
 /* memory-block description */
-	{
-	void *addr;
-	int num;
-	const char *file;
-	int line;
-	unsigned long thread;
-	unsigned long order;
-	time_t time;
-	APP_INFO *app_info;
-	} MEM;
-
-static long options =             /* extra information to be recorded */
+{
+    void *addr;
+    int num;
+    const char *file;
+    int line;
+    unsigned long thread;
+    unsigned long order;
+    time_t time;
+    APP_INFO *app_info;
+} MEM;
+
+static long options =           /* extra information to be recorded */
 #if defined(CRYPTO_MDEBUG_TIME) || defined(CRYPTO_MDEBUG_ALL)
-	V_CRYPTO_MDEBUG_TIME |
+    V_CRYPTO_MDEBUG_TIME |
 #endif
 #if defined(CRYPTO_MDEBUG_THREAD) || defined(CRYPTO_MDEBUG_ALL)
-	V_CRYPTO_MDEBUG_THREAD |
+    V_CRYPTO_MDEBUG_THREAD |
 #endif
-	0;
-
+    0;
 
-static unsigned int num_disable = 0; /* num_disable > 0
-                                      *     iff
-                                      * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE)
-                                      */
+static unsigned int num_disable = 0; /* num_disable > 0 iff mh_mode ==
+                                      * CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) */
 static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0.
                                             * CRYPTO_LOCK_MALLOC2 is locked
                                             * exactly in this case (by the
-                                            * thread named in disabling_thread).
-                                            */
+                                            * thread named in
+                                            * disabling_thread). */
 
 static void app_info_free(APP_INFO *inf)
-	{
-	if (--(inf->references) <= 0)
-		{
-		if (inf->next != NULL)
-			{
-			app_info_free(inf->next);
-			}
-		OPENSSL_free(inf);
-		}
-	}
+{
+    if (--(inf->references) <= 0) {
+        if (inf->next != NULL) {
+            app_info_free(inf->next);
+        }
+        OPENSSL_free(inf);
+    }
+}
 
 int CRYPTO_mem_ctrl(int mode)
-	{
-	int ret=mh_mode;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-	switch (mode)
-		{
-	/* for applications (not to be called while multiple threads
-	 * use the library): */
-	case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */
-		mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE;
-		num_disable = 0;
-		break;
-	case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */
-		mh_mode = 0;
-		num_disable = 0; /* should be true *before* MemCheck_stop is used,
-		                    or there'll be a lot of confusion */
-		break;
-
-	/* switch off temporarily (for library-internal use): */
-	case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
-		if (mh_mode & CRYPTO_MEM_CHECK_ON)
-			{
-			if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */
-				{
-				/* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while
-				 * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if
-				 * somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot release
-				 * it because we block entry to this function).
-				 * Give them a chance, first, and then claim the locks in
-				 * appropriate order (long-time lock first).
-				 */
-				CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
-				/* Note that after we have waited for CRYPTO_LOCK_MALLOC2
-				 * and CRYPTO_LOCK_MALLOC, we'll still be in the right
-				 * "case" and "if" branch because MemCheck_start and
-				 * MemCheck_stop may never be used while there are multiple
-				 * OpenSSL threads. */
-				CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
-				CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-				mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
-				disabling_thread=CRYPTO_thread_id();
-				}
-			num_disable++;
-			}
-		break;
-	case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */
-		if (mh_mode & CRYPTO_MEM_CHECK_ON)
-			{
-			if (num_disable) /* always true, or something is going wrong */
-				{
-				num_disable--;
-				if (num_disable == 0)
-					{
-					mh_mode|=CRYPTO_MEM_CHECK_ENABLE;
-					CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
-					}
-				}
-			}
-		break;
-
-	default:
-		break;
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
-	return(ret);
-	}
+{
+    int ret = mh_mode;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+    switch (mode) {
+        /*
+         * for applications (not to be called while multiple threads use the
+         * library):
+         */
+    case CRYPTO_MEM_CHECK_ON:  /* aka MemCheck_start() */
+        mh_mode = CRYPTO_MEM_CHECK_ON | CRYPTO_MEM_CHECK_ENABLE;
+        num_disable = 0;
+        break;
+    case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */
+        mh_mode = 0;
+        num_disable = 0;        /* should be true *before* MemCheck_stop is
+                                 * used, or there'll be a lot of confusion */
+        break;
+
+        /* switch off temporarily (for library-internal use): */
+    case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */
+        if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+            /* otherwise we already have the MALLOC2 lock */
+            if (!num_disable || (disabling_thread != CRYPTO_thread_id())) {
+                /*
+                 * Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed
+                 * while we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock
+                 * if somebody else holds CRYPTO_LOCK_MALLOC2 (and cannot
+                 * release it because we block entry to this function). Give
+                 * them a chance, first, and then claim the locks in
+                 * appropriate order (long-time lock first).
+                 */
+                CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+                /*
+                 * Note that after we have waited for CRYPTO_LOCK_MALLOC2 and
+                 * CRYPTO_LOCK_MALLOC, we'll still be in the right "case" and
+                 * "if" branch because MemCheck_start and MemCheck_stop may
+                 * never be used while there are multiple OpenSSL threads.
+                 */
+                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
+                CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+                mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE;
+                disabling_thread = CRYPTO_thread_id();
+            }
+            num_disable++;
+        }
+        break;
+    case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */
+        if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+            if (num_disable) {  /* always true, or something is going wrong */
+                num_disable--;
+                if (num_disable == 0) {
+                    mh_mode |= CRYPTO_MEM_CHECK_ENABLE;
+                    CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
+                }
+            }
+        }
+        break;
+
+    default:
+        break;
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+    return (ret);
+}
 
 int CRYPTO_is_mem_check_on(void)
-	{
-	int ret = 0;
+{
+    int ret = 0;
 
-	if (mh_mode & CRYPTO_MEM_CHECK_ON)
-		{
-		CRYPTO_r_lock(CRYPTO_LOCK_MALLOC);
+    if (mh_mode & CRYPTO_MEM_CHECK_ON) {
+        CRYPTO_r_lock(CRYPTO_LOCK_MALLOC);
 
-		ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
-			|| (disabling_thread != CRYPTO_thread_id());
-
-		CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC);
-		}
-	return(ret);
-	}	
+        ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE)
+            || (disabling_thread != CRYPTO_thread_id());
 
+        CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC);
+    }
+    return (ret);
+}
 
 void CRYPTO_dbg_set_options(long bits)
-	{
-	options = bits;
-	}
+{
+    options = bits;
+}
 
 long CRYPTO_dbg_get_options(void)
-	{
-	return options;
-	}
+{
+    return options;
+}
 
 /* static int mem_cmp(MEM *a, MEM *b) */
 static int mem_cmp(const void *a_void, const void *b_void)
-	{
+{
 #ifdef _WIN64
-	const char *a=(const char *)((const MEM *)a_void)->addr,
-		   *b=(const char *)((const MEM *)b_void)->addr;
-	if (a==b)	return 0;
-	else if (a>b)	return 1;
-	else		return -1;
+    const char *a = (const char *)((const MEM *)a_void)->addr,
+        *b = (const char *)((const MEM *)b_void)->addr;
+    if (a == b)
+        return 0;
+    else if (a > b)
+        return 1;
+    else
+        return -1;
 #else
-	return((const char *)((const MEM *)a_void)->addr
-		- (const char *)((const MEM *)b_void)->addr);
+    return ((const char *)((const MEM *)a_void)->addr
+            - (const char *)((const MEM *)b_void)->addr);
 #endif
-	}
+}
 
 /* static unsigned long mem_hash(MEM *a) */
 static unsigned long mem_hash(const void *a_void)
-	{
-	unsigned long ret;
+{
+    unsigned long ret;
 
-	ret=(unsigned long)((const MEM *)a_void)->addr;
+    ret = (unsigned long)((const MEM *)a_void)->addr;
 
-	ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
-	return(ret);
-	}
+    ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251;
+    return (ret);
+}
 
 /* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */
 static int app_info_cmp(const void *a_void, const void *b_void)
-	{
-	return(((const APP_INFO *)a_void)->thread
-		!= ((const APP_INFO *)b_void)->thread);
-	}
+{
+    return (((const APP_INFO *)a_void)->thread
+            != ((const APP_INFO *)b_void)->thread);
+}
 
 /* static unsigned long app_info_hash(APP_INFO *a) */
 static unsigned long app_info_hash(const void *a_void)
-	{
-	unsigned long ret;
+{
+    unsigned long ret;
 
-	ret=(unsigned long)((const APP_INFO *)a_void)->thread;
+    ret = (unsigned long)((const APP_INFO *)a_void)->thread;
 
-	ret=ret*17851+(ret>>14)*7+(ret>>4)*251;
-	return(ret);
-	}
+    ret = ret * 17851 + (ret >> 14) * 7 + (ret >> 4) * 251;
+    return (ret);
+}
 
 static APP_INFO *pop_info(void)
-	{
-	APP_INFO tmp;
-	APP_INFO *ret = NULL;
-
-	if (amih != NULL)
-		{
-		tmp.thread=CRYPTO_thread_id();
-		if ((ret=(APP_INFO *)lh_delete(amih,&tmp)) != NULL)
-			{
-			APP_INFO *next=ret->next;
-
-			if (next != NULL)
-				{
-				next->references++;
-				lh_insert(amih,(char *)next);
-				}
+{
+    APP_INFO tmp;
+    APP_INFO *ret = NULL;
+
+    if (amih != NULL) {
+        tmp.thread = CRYPTO_thread_id();
+        if ((ret = (APP_INFO *)lh_delete(amih, &tmp)) != NULL) {
+            APP_INFO *next = ret->next;
+
+            if (next != NULL) {
+                next->references++;
+                lh_insert(amih, (char *)next);
+            }
 #ifdef LEVITTE_DEBUG_MEM
-			if (ret->thread != tmp.thread)
-				{
-				fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
-					ret->thread, tmp.thread);
-				abort();
-				}
+            if (ret->thread != tmp.thread) {
+                fprintf(stderr,
+                        "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
+                        ret->thread, tmp.thread);
+                abort();
+            }
 #endif
-			if (--(ret->references) <= 0)
-				{
-				ret->next = NULL;
-				if (next != NULL)
-					next->references--;
-				OPENSSL_free(ret);
-				}
-			}
-		}
-	return(ret);
-	}
+            if (--(ret->references) <= 0) {
+                ret->next = NULL;
+                if (next != NULL)
+                    next->references--;
+                OPENSSL_free(ret);
+            }
+        }
+    }
+    return (ret);
+}
 
 int CRYPTO_dbg_push_info(const char *info, const char *file, int line)
-	{
-	APP_INFO *ami, *amim;
-	int ret=0;
-
-	if (is_MemCheck_on())
-		{
-		MemCheck_off(); /* obtain MALLOC2 lock */
-
-		if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL)
-			{
-			ret=0;
-			goto err;
-			}
-		if (amih == NULL)
-			{
-			if ((amih=lh_new(app_info_hash, app_info_cmp)) == NULL)
-				{
-				OPENSSL_free(ami);
-				ret=0;
-				goto err;
-				}
-			}
-
-		ami->thread=CRYPTO_thread_id();
-		ami->file=file;
-		ami->line=line;
-		ami->info=info;
-		ami->references=1;
-		ami->next=NULL;
-
-		if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL)
-			{
+{
+    APP_INFO *ami, *amim;
+    int ret = 0;
+
+    if (is_MemCheck_on()) {
+        MemCheck_off();         /* obtain MALLOC2 lock */
+
+        if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL) {
+            ret = 0;
+            goto err;
+        }
+        if (amih == NULL) {
+            if ((amih = lh_new(app_info_hash, app_info_cmp)) == NULL) {
+                OPENSSL_free(ami);
+                ret = 0;
+                goto err;
+            }
+        }
+
+        ami->thread = CRYPTO_thread_id();
+        ami->file = file;
+        ami->line = line;
+        ami->info = info;
+        ami->references = 1;
+        ami->next = NULL;
+
+        if ((amim = (APP_INFO *)lh_insert(amih, (char *)ami)) != NULL) {
 #ifdef LEVITTE_DEBUG_MEM
-			if (ami->thread != amim->thread)
-				{
-				fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
-					amim->thread, ami->thread);
-				abort();
-				}
+            if (ami->thread != amim->thread) {
+                fprintf(stderr,
+                        "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n",
+                        amim->thread, ami->thread);
+                abort();
+            }
 #endif
-			ami->next=amim;
-			}
+            ami->next = amim;
+        }
  err:
-		MemCheck_on(); /* release MALLOC2 lock */
-		}
+        MemCheck_on();          /* release MALLOC2 lock */
+    }
 
-	return(ret);
-	}
+    return (ret);
+}
 
 int CRYPTO_dbg_pop_info(void)
-	{
-	int ret=0;
+{
+    int ret = 0;
 
-	if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */
-		{
-		MemCheck_off(); /* obtain MALLOC2 lock */
+    if (is_MemCheck_on()) {     /* _must_ be true, or something went severely
+                                 * wrong */
+        MemCheck_off();         /* obtain MALLOC2 lock */
 
-		ret=(pop_info() != NULL);
+        ret = (pop_info() != NULL);
 
-		MemCheck_on(); /* release MALLOC2 lock */
-		}
-	return(ret);
-	}
+        MemCheck_on();          /* release MALLOC2 lock */
+    }
+    return (ret);
+}
 
 int CRYPTO_dbg_remove_all_info(void)
-	{
-	int ret=0;
-
-	if (is_MemCheck_on()) /* _must_ be true */
-		{
-		MemCheck_off(); /* obtain MALLOC2 lock */
+{
+    int ret = 0;
 
-		while(pop_info() != NULL)
-			ret++;
+    if (is_MemCheck_on()) {     /* _must_ be true */
+        MemCheck_off();         /* obtain MALLOC2 lock */
 
-		MemCheck_on(); /* release MALLOC2 lock */
-		}
-	return(ret);
-	}
+        while (pop_info() != NULL)
+            ret++;
 
+        MemCheck_on();          /* release MALLOC2 lock */
+    }
+    return (ret);
+}
 
-static unsigned long break_order_num=0;
+static unsigned long break_order_num = 0;
 void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line,
-	int before_p)
-	{
-	MEM *m,*mm;
-	APP_INFO tmp,*amim;
-
-	switch(before_p & 127)
-		{
-	case 0:
-		break;
-	case 1:
-		if (addr == NULL)
-			break;
-
-		if (is_MemCheck_on())
-			{
-			MemCheck_off(); /* make sure we hold MALLOC2 lock */
-			if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL)
-				{
-				OPENSSL_free(addr);
-				MemCheck_on(); /* release MALLOC2 lock
-				                * if num_disabled drops to 0 */
-				return;
-				}
-			if (mh == NULL)
-				{
-				if ((mh=lh_new(mem_hash, mem_cmp)) == NULL)
-					{
-					OPENSSL_free(addr);
-					OPENSSL_free(m);
-					addr=NULL;
-					goto err;
-					}
-				}
-
-			m->addr=addr;
-			m->file=file;
-			m->line=line;
-			m->num=num;
-			if (options & V_CRYPTO_MDEBUG_THREAD)
-				m->thread=CRYPTO_thread_id();
-			else
-				m->thread=0;
-
-			if (order == break_order_num)
-				{
-				/* BREAK HERE */
-				m->order=order;
-				}
-			m->order=order++;
+                       int before_p)
+{
+    MEM *m, *mm;
+    APP_INFO tmp, *amim;
+
+    switch (before_p & 127) {
+    case 0:
+        break;
+    case 1:
+        if (addr == NULL)
+            break;
+
+        if (is_MemCheck_on()) {
+            MemCheck_off();     /* make sure we hold MALLOC2 lock */
+            if ((m = (MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL) {
+                OPENSSL_free(addr);
+                MemCheck_on();  /* release MALLOC2 lock if num_disabled drops
+                                 * to 0 */
+                return;
+            }
+            if (mh == NULL) {
+                if ((mh = lh_new(mem_hash, mem_cmp)) == NULL) {
+                    OPENSSL_free(addr);
+                    OPENSSL_free(m);
+                    addr = NULL;
+                    goto err;
+                }
+            }
+
+            m->addr = addr;
+            m->file = file;
+            m->line = line;
+            m->num = num;
+            if (options & V_CRYPTO_MDEBUG_THREAD)
+                m->thread = CRYPTO_thread_id();
+            else
+                m->thread = 0;
+
+            if (order == break_order_num) {
+                /* BREAK HERE */
+                m->order = order;
+            }
+            m->order = order++;
 #ifdef LEVITTE_DEBUG_MEM
-			fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n",
-				m->order,
-				(before_p & 128) ? '*' : '+',
-				m->addr, m->num);
+            fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n",
+                    m->order, (before_p & 128) ? '*' : '+', m->addr, m->num);
 #endif
-			if (options & V_CRYPTO_MDEBUG_TIME)
-				m->time=time(NULL);
-			else
-				m->time=0;
-
-			tmp.thread=CRYPTO_thread_id();
-			m->app_info=NULL;
-			if (amih != NULL
-				&& (amim=(APP_INFO *)lh_retrieve(amih,(char *)&tmp)) != NULL)
-				{
-				m->app_info = amim;
-				amim->references++;
-				}
-
-			if ((mm=(MEM *)lh_insert(mh,(char *)m)) != NULL)
-				{
-				/* Not good, but don't sweat it */
-				if (mm->app_info != NULL)
-					{
-					mm->app_info->references--;
-					}
-				OPENSSL_free(mm);
-				}
-		err:
-			MemCheck_on(); /* release MALLOC2 lock
-			                * if num_disabled drops to 0 */
-			}
-		break;
-		}
-	return;
-	}
+            if (options & V_CRYPTO_MDEBUG_TIME)
+                m->time = time(NULL);
+            else
+                m->time = 0;
+
+            tmp.thread = CRYPTO_thread_id();
+            m->app_info = NULL;
+            if (amih != NULL
+                && (amim =
+                    (APP_INFO *)lh_retrieve(amih, (char *)&tmp)) != NULL) {
+                m->app_info = amim;
+                amim->references++;
+            }
+
+            if ((mm = (MEM *)lh_insert(mh, (char *)m)) != NULL) {
+                /* Not good, but don't sweat it */
+                if (mm->app_info != NULL) {
+                    mm->app_info->references--;
+                }
+                OPENSSL_free(mm);
+            }
+ err:
+            MemCheck_on();      /* release MALLOC2 lock if num_disabled drops
+                                 * to 0 */
+        }
+        break;
+    }
+    return;
+}
 
 void CRYPTO_dbg_free(void *addr, int before_p)
-	{
-	MEM m,*mp;
-
-	switch(before_p)
-		{
-	case 0:
-		if (addr == NULL)
-			break;
-
-		if (is_MemCheck_on() && (mh != NULL))
-			{
-			MemCheck_off(); /* make sure we hold MALLOC2 lock */
-
-			m.addr=addr;
-			mp=(MEM *)lh_delete(mh,(char *)&m);
-			if (mp != NULL)
-				{
+{
+    MEM m, *mp;
+
+    switch (before_p) {
+    case 0:
+        if (addr == NULL)
+            break;
+
+        if (is_MemCheck_on() && (mh != NULL)) {
+            MemCheck_off();     /* make sure we hold MALLOC2 lock */
+
+            m.addr = addr;
+            mp = (MEM *)lh_delete(mh, (char *)&m);
+            if (mp != NULL) {
 #ifdef LEVITTE_DEBUG_MEM
-			fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n",
-				mp->order, mp->addr, mp->num);
+                fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n",
+                        mp->order, mp->addr, mp->num);
 #endif
-				if (mp->app_info != NULL)
-					app_info_free(mp->app_info);
-				OPENSSL_free(mp);
-				}
-
-			MemCheck_on(); /* release MALLOC2 lock
-			                * if num_disabled drops to 0 */
-			}
-		break;
-	case 1:
-		break;
-		}
-	}
+                if (mp->app_info != NULL)
+                    app_info_free(mp->app_info);
+                OPENSSL_free(mp);
+            }
+
+            MemCheck_on();      /* release MALLOC2 lock if num_disabled drops
+                                 * to 0 */
+        }
+        break;
+    case 1:
+        break;
+    }
+}
 
 void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num,
-	const char *file, int line, int before_p)
-	{
-	MEM m,*mp;
+                        const char *file, int line, int before_p)
+{
+    MEM m, *mp;
 
 #ifdef LEVITTE_DEBUG_MEM
-	fprintf(stderr, "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n",
-		addr1, addr2, num, file, line, before_p);
+    fprintf(stderr,
+            "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n",
+            addr1, addr2, num, file, line, before_p);
 #endif
 
-	switch(before_p)
-		{
-	case 0:
-		break;
-	case 1:
-		if (addr2 == NULL)
-			break;
-
-		if (addr1 == NULL)
-			{
-			CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p);
-			break;
-			}
-
-		if (is_MemCheck_on())
-			{
-			MemCheck_off(); /* make sure we hold MALLOC2 lock */
-
-			m.addr=addr1;
-			mp=(MEM *)lh_delete(mh,(char *)&m);
-			if (mp != NULL)
-				{
+    switch (before_p) {
+    case 0:
+        break;
+    case 1:
+        if (addr2 == NULL)
+            break;
+
+        if (addr1 == NULL) {
+            CRYPTO_dbg_malloc(addr2, num, file, line, 128 | before_p);
+            break;
+        }
+
+        if (is_MemCheck_on()) {
+            MemCheck_off();     /* make sure we hold MALLOC2 lock */
+
+            m.addr = addr1;
+            mp = (MEM *)lh_delete(mh, (char *)&m);
+            if (mp != NULL) {
 #ifdef LEVITTE_DEBUG_MEM
-				fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n",
-					mp->order,
-					mp->addr, mp->num,
-					addr2, num);
+                fprintf(stderr,
+                        "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n",
+                        mp->order, mp->addr, mp->num, addr2, num);
 #endif
-				mp->addr=addr2;
-				mp->num=num;
-				lh_insert(mh,(char *)mp);
-				}
-
-			MemCheck_on(); /* release MALLOC2 lock
-			                * if num_disabled drops to 0 */
-			}
-		break;
-		}
-	return;
-	}
-
-
-typedef struct mem_leak_st
-	{
-	BIO *bio;
-	int chunks;
-	long bytes;
-	} MEM_LEAK;
+                mp->addr = addr2;
+                mp->num = num;
+                lh_insert(mh, (char *)mp);
+            }
+
+            MemCheck_on();      /* release MALLOC2 lock if num_disabled drops
+                                 * to 0 */
+        }
+        break;
+    }
+    return;
+}
+
+typedef struct mem_leak_st {
+    BIO *bio;
+    int chunks;
+    long bytes;
+} MEM_LEAK;
 
 static void print_leak(const MEM *m, MEM_LEAK *l)
-	{
-	char buf[1024];
-	char *bufp = buf;
-	APP_INFO *amip;
-	int ami_cnt;
-	struct tm *lcl = NULL;
-	unsigned long ti;
+{
+    char buf[1024];
+    char *bufp = buf;
+    APP_INFO *amip;
+    int ami_cnt;
+    struct tm *lcl = NULL;
+    unsigned long ti;
 
 #define BUF_REMAIN (sizeof buf - (size_t)(bufp - buf))
 
-	if(m->addr == (char *)l->bio)
-	    return;
-
-	if (options & V_CRYPTO_MDEBUG_TIME)
-		{
-		lcl = localtime(&m->time);
-	
-		BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
-			lcl->tm_hour,lcl->tm_min,lcl->tm_sec);
-		bufp += strlen(bufp);
-		}
-
-	BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
-		m->order,m->file,m->line);
-	bufp += strlen(bufp);
-
-	if (options & V_CRYPTO_MDEBUG_THREAD)
-		{
-		BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
-		bufp += strlen(bufp);
-		}
-
-	BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
-		m->num,(unsigned long)m->addr);
-	bufp += strlen(bufp);
-
-	BIO_puts(l->bio,buf);
-	
-	l->chunks++;
-	l->bytes+=m->num;
-
-	amip=m->app_info;
-	ami_cnt=0;
-	if (!amip)
-		return;
-	ti=amip->thread;
-	
-	do
-		{
-		int buf_len;
-		int info_len;
-
-		ami_cnt++;
-		memset(buf,'>',ami_cnt);
-		BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
-			" thread=%lu, file=%s, line=%d, info=\"",
-			amip->thread, amip->file, amip->line);
-		buf_len=strlen(buf);
-		info_len=strlen(amip->info);
-		if (128 - buf_len - 3 < info_len)
-			{
-			memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
-			buf_len = 128 - 3;
-			}
-		else
-			{
-			BUF_strlcpy(buf + buf_len, amip->info,
-				    sizeof buf - buf_len);
-			buf_len = strlen(buf);
-			}
-		BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
-		
-		BIO_puts(l->bio,buf);
-
-		amip = amip->next;
-		}
-	while(amip && amip->thread == ti);
-		
+    if (m->addr == (char *)l->bio)
+        return;
+
+    if (options & V_CRYPTO_MDEBUG_TIME) {
+        lcl = localtime(&m->time);
+
+        BIO_snprintf(bufp, BUF_REMAIN, "[%02d:%02d:%02d] ",
+                     lcl->tm_hour, lcl->tm_min, lcl->tm_sec);
+        bufp += strlen(bufp);
+    }
+
+    BIO_snprintf(bufp, BUF_REMAIN, "%5lu file=%s, line=%d, ",
+                 m->order, m->file, m->line);
+    bufp += strlen(bufp);
+
+    if (options & V_CRYPTO_MDEBUG_THREAD) {
+        BIO_snprintf(bufp, BUF_REMAIN, "thread=%lu, ", m->thread);
+        bufp += strlen(bufp);
+    }
+
+    BIO_snprintf(bufp, BUF_REMAIN, "number=%d, address=%08lX\n",
+                 m->num, (unsigned long)m->addr);
+    bufp += strlen(bufp);
+
+    BIO_puts(l->bio, buf);
+
+    l->chunks++;
+    l->bytes += m->num;
+
+    amip = m->app_info;
+    ami_cnt = 0;
+    if (!amip)
+        return;
+    ti = amip->thread;
+
+    do {
+        int buf_len;
+        int info_len;
+
+        ami_cnt++;
+        memset(buf, '>', ami_cnt);
+        BIO_snprintf(buf + ami_cnt, sizeof buf - ami_cnt,
+                     " thread=%lu, file=%s, line=%d, info=\"",
+                     amip->thread, amip->file, amip->line);
+        buf_len = strlen(buf);
+        info_len = strlen(amip->info);
+        if (128 - buf_len - 3 < info_len) {
+            memcpy(buf + buf_len, amip->info, 128 - buf_len - 3);
+            buf_len = 128 - 3;
+        } else {
+            BUF_strlcpy(buf + buf_len, amip->info, sizeof buf - buf_len);
+            buf_len = strlen(buf);
+        }
+        BIO_snprintf(buf + buf_len, sizeof buf - buf_len, "\"\n");
+
+        BIO_puts(l->bio, buf);
+
+        amip = amip->next;
+    }
+    while (amip && amip->thread == ti);
+
 #ifdef LEVITTE_DEBUG_MEM
-	if (amip)
-		{
-		fprintf(stderr, "Thread switch detected in backtrace!!!!\n");
-		abort();
-		}
+    if (amip) {
+        fprintf(stderr, "Thread switch detected in backtrace!!!!\n");
+        abort();
+    }
 #endif
-	}
+}
 
 static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *)
 
 void CRYPTO_mem_leaks(BIO *b)
-	{
-	MEM_LEAK ml;
-
-	if (mh == NULL && amih == NULL)
-		return;
-
-	MemCheck_off(); /* obtain MALLOC2 lock */
-
-	ml.bio=b;
-	ml.bytes=0;
-	ml.chunks=0;
-	if (mh != NULL)
-		lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak),
-				(char *)&ml);
-	if (ml.chunks != 0)
-		{
-		BIO_printf(b,"%ld bytes leaked in %d chunks\n",
-			   ml.bytes,ml.chunks);
-		}
-	else
-		{
-		/* Make sure that, if we found no leaks, memory-leak debugging itself
-		 * does not introduce memory leaks (which might irritate
-		 * external debugging tools).
-		 * (When someone enables leak checking, but does not call
-		 * this function, we declare it to be their fault.)
-		 *
-		 * XXX    This should be in CRYPTO_mem_leaks_cb,
-		 * and CRYPTO_mem_leaks should be implemented by
-		 * using CRYPTO_mem_leaks_cb.
-		 * (Also their should be a variant of lh_doall_arg
-		 * that takes a function pointer instead of a void *;
-		 * this would obviate the ugly and illegal
-		 * void_fn_to_char kludge in CRYPTO_mem_leaks_cb.
-		 * Otherwise the code police will come and get us.)
-		 */
-		int old_mh_mode;
-
-		CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
-
-		/* avoid deadlock when lh_free() uses CRYPTO_dbg_free(),
-		 * which uses CRYPTO_is_mem_check_on */
-		old_mh_mode = mh_mode;
-		mh_mode = CRYPTO_MEM_CHECK_OFF;
-
-		if (mh != NULL)
-			{
-			lh_free(mh);
-			mh = NULL;
-			}
-		if (amih != NULL)
-			{
-			if (lh_num_items(amih) == 0) 
-				{
-				lh_free(amih);
-				amih = NULL;
-				}
-			}
-
-		mh_mode = old_mh_mode;
-		CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
-		}
-	MemCheck_on(); /* release MALLOC2 lock */
-	}
+{
+    MEM_LEAK ml;
+
+    if (mh == NULL && amih == NULL)
+        return;
+
+    MemCheck_off();             /* obtain MALLOC2 lock */
+
+    ml.bio = b;
+    ml.bytes = 0;
+    ml.chunks = 0;
+    if (mh != NULL)
+        lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), (char *)&ml);
+    if (ml.chunks != 0) {
+        BIO_printf(b, "%ld bytes leaked in %d chunks\n", ml.bytes, ml.chunks);
+    } else {
+        /*
+         * Make sure that, if we found no leaks, memory-leak debugging itself
+         * does not introduce memory leaks (which might irritate external
+         * debugging tools). (When someone enables leak checking, but does not
+         * call this function, we declare it to be their fault.) XXX This
+         * should be in CRYPTO_mem_leaks_cb, and CRYPTO_mem_leaks should be
+         * implemented by using CRYPTO_mem_leaks_cb. (Also their should be a
+         * variant of lh_doall_arg that takes a function pointer instead of a
+         * void *; this would obviate the ugly and illegal void_fn_to_char
+         * kludge in CRYPTO_mem_leaks_cb. Otherwise the code police will come
+         * and get us.)
+         */
+        int old_mh_mode;
+
+        CRYPTO_w_lock(CRYPTO_LOCK_MALLOC);
+
+        /*
+         * avoid deadlock when lh_free() uses CRYPTO_dbg_free(), which uses
+         * CRYPTO_is_mem_check_on
+         */
+        old_mh_mode = mh_mode;
+        mh_mode = CRYPTO_MEM_CHECK_OFF;
+
+        if (mh != NULL) {
+            lh_free(mh);
+            mh = NULL;
+        }
+        if (amih != NULL) {
+            if (lh_num_items(amih) == 0) {
+                lh_free(amih);
+                amih = NULL;
+            }
+        }
+
+        mh_mode = old_mh_mode;
+        CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC);
+    }
+    MemCheck_on();              /* release MALLOC2 lock */
+}
 
 #ifndef OPENSSL_NO_FP_API
 void CRYPTO_mem_leaks_fp(FILE *fp)
-	{
-	BIO *b;
-
-	if (mh == NULL) return;
-	/* Need to turn off memory checking when allocated BIOs ... especially
-	 * as we're creating them at a time when we're trying to check we've not
-	 * left anything un-free()'d!! */
-	MemCheck_off();
-	b = BIO_new(BIO_s_file());
-	MemCheck_on();
-	if(!b) return;
-	BIO_set_fp(b,fp,BIO_NOCLOSE);
-	CRYPTO_mem_leaks(b);
-	BIO_free(b);
-	}
+{
+    BIO *b;
+
+    if (mh == NULL)
+        return;
+    /*
+     * Need to turn off memory checking when allocated BIOs ... especially as
+     * we're creating them at a time when we're trying to check we've not
+     * left anything un-free()'d!!
+     */
+    MemCheck_off();
+    b = BIO_new(BIO_s_file());
+    MemCheck_on();
+    if (!b)
+        return;
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    CRYPTO_mem_leaks(b);
+    BIO_free(b);
+}
 #endif
 
-
-
-/* FIXME: We really don't allow much to the callback.  For example, it has
-   no chance of reaching the info stack for the item it processes.  Should
-   it really be this way?  -- Richard Levitte */
-/* NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside crypto.h
- * If this code is restructured, remove the callback type if it is no longer
- * needed. -- Geoff Thorpe */
+/*
+ * FIXME: We really don't allow much to the callback.  For example, it has no
+ * chance of reaching the info stack for the item it processes.  Should it
+ * really be this way? -- Richard Levitte
+ */
+/*
+ * NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside
+ * crypto.h If this code is restructured, remove the callback type if it is
+ * no longer needed. -- Geoff Thorpe
+ */
 static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb)
-	{
-	(**cb)(m->order,m->file,m->line,m->num,m->addr);
-	}
+{
+    (**cb) (m->order, m->file, m->line, m->num, m->addr);
+}
 
-static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, CRYPTO_MEM_LEAK_CB **)
+static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *,
+                                    CRYPTO_MEM_LEAK_CB **)
 
 void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb)
-	{
-	if (mh == NULL) return;
-	CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
-	lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb);
-	CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
-	}
+{
+    if (mh == NULL)
+        return;
+    CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2);
+    lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb);
+    CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2);
+}
 
 void CRYPTO_malloc_debug_init(void)
-	{
-	CRYPTO_set_mem_debug_functions(
-		CRYPTO_dbg_malloc,
-		CRYPTO_dbg_realloc,
-		CRYPTO_dbg_free,
-		CRYPTO_dbg_set_options,
-		CRYPTO_dbg_get_options);
-	CRYPTO_set_mem_info_functions(
-		CRYPTO_dbg_push_info,
-		CRYPTO_dbg_pop_info,
-		CRYPTO_dbg_remove_all_info);
-	}
+{
+    CRYPTO_set_mem_debug_functions(CRYPTO_dbg_malloc,
+                                   CRYPTO_dbg_realloc,
+                                   CRYPTO_dbg_free,
+                                   CRYPTO_dbg_set_options,
+                                   CRYPTO_dbg_get_options);
+    CRYPTO_set_mem_info_functions(CRYPTO_dbg_push_info,
+                                  CRYPTO_dbg_pop_info,
+                                  CRYPTO_dbg_remove_all_info);
+}
 
 char *CRYPTO_strdup(const char *str, const char *file, int line)
-	{
-	char *ret = CRYPTO_malloc(strlen(str)+1, file, line);
+{
+    char *ret = CRYPTO_malloc(strlen(str) + 1, file, line);
 
-	strcpy(ret, str);
-	return ret;
-	}
+    strcpy(ret, str);
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/o_dir.c b/Cryptlib/OpenSSL/crypto/o_dir.c
index 42891ea4..26242444 100644
--- a/Cryptlib/OpenSSL/crypto/o_dir.c
+++ b/Cryptlib/OpenSSL/crypto/o_dir.c
@@ -1,6 +1,7 @@
 /* crypto/o_dir.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2004.
+/*
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
+ * 2004.
  */
 /* ====================================================================
  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -59,9 +60,11 @@
 #include <errno.h>
 #include <e_os.h>
 
-/* The routines really come from the Levitte Programming, so to make
-   life simple, let's just use the raw files and hack the symbols to
-   fit our namespace.  */
+/*
+ * The routines really come from the Levitte Programming, so to make life
+ * simple, let's just use the raw files and hack the symbols to fit our
+ * namespace.
+ */
 #define LP_DIR_CTX OPENSSL_DIR_CTX
 #define LP_dir_context_st OPENSSL_dir_context_st
 #define LP_find_file OPENSSL_DIR_read
@@ -71,13 +74,13 @@
 
 #define LPDIR_H
 #if defined OPENSSL_SYS_UNIX || defined DJGPP
-#include "LPdir_unix.c"
+# include "LPdir_unix.c"
 #elif defined OPENSSL_SYS_VMS
-#include "LPdir_vms.c"
+# include "LPdir_vms.c"
 #elif defined OPENSSL_SYS_WIN32
-#include "LPdir_win32.c"
+# include "LPdir_win32.c"
 #elif defined OPENSSL_SYS_WINCE
-#include "LPdir_wince.c"
+# include "LPdir_wince.c"
 #else
-#include "LPdir_nyi.c"
+# include "LPdir_nyi.c"
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/o_init.c b/Cryptlib/OpenSSL/crypto/o_init.c
index c89fda58..6f5103e2 100644
--- a/Cryptlib/OpenSSL/crypto/o_init.c
+++ b/Cryptlib/OpenSSL/crypto/o_init.c
@@ -1,5 +1,6 @@
 /* o_init.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,50 +62,50 @@
 
 /* Internal only functions: only ever used here */
 #ifdef OPENSSL_FIPS
-extern	void int_ERR_lib_init(void);
+extern void int_ERR_lib_init(void);
 # ifndef OPENSSL_NO_ENGINE
-extern	void int_EVP_MD_init_engine_callbacks(void );
-extern	void int_EVP_CIPHER_init_engine_callbacks(void );
-extern	void int_RAND_init_engine_callbacks(void );
+extern void int_EVP_MD_init_engine_callbacks(void);
+extern void int_EVP_CIPHER_init_engine_callbacks(void);
+extern void int_RAND_init_engine_callbacks(void);
 # endif
 #endif
 
-/* Perform any essential OpenSSL initialization operations.
- * Currently only sets FIPS callbacks
+/*
+ * Perform any essential OpenSSL initialization operations. Currently only
+ * sets FIPS callbacks
  */
 
 void OPENSSL_init(void)
-	{
+{
 #ifdef OPENSSL_FIPS
-	static int done = 0;
-	if (!done)
-		{
-		int_ERR_lib_init();
-#ifdef CRYPTO_MDEBUG
-		CRYPTO_malloc_debug_init();
-#endif
-#ifndef OPENSSL_NO_ENGINE
-		int_EVP_MD_init_engine_callbacks();
-		int_EVP_CIPHER_init_engine_callbacks();
-		int_RAND_init_engine_callbacks();
-#endif
-		done = 1;
-		}
+    static int done = 0;
+    if (!done) {
+        int_ERR_lib_init();
+# ifdef CRYPTO_MDEBUG
+        CRYPTO_malloc_debug_init();
+# endif
+# ifndef OPENSSL_NO_ENGINE
+        int_EVP_MD_init_engine_callbacks();
+        int_EVP_CIPHER_init_engine_callbacks();
+        int_RAND_init_engine_callbacks();
+# endif
+        done = 1;
+    }
 #endif
-	}
-		
+}
+
 #ifdef OPENSSL_FIPS
 
 int CRYPTO_memcmp(const void *in_a, const void *in_b, size_t len)
-	{
-	size_t i;
-	const unsigned char *a = in_a;
-	const unsigned char *b = in_b;
-	unsigned char x = 0;
+{
+    size_t i;
+    const unsigned char *a = in_a;
+    const unsigned char *b = in_b;
+    unsigned char x = 0;
 
-	for (i = 0; i < len; i++)
-		x |= a[i] ^ b[i];
+    for (i = 0; i < len; i++)
+        x |= a[i] ^ b[i];
 
-	return x;
-	}
+    return x;
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/o_str.c b/Cryptlib/OpenSSL/crypto/o_str.c
index 56104a6c..b23ef323 100644
--- a/Cryptlib/OpenSSL/crypto/o_str.c
+++ b/Cryptlib/OpenSSL/crypto/o_str.c
@@ -1,6 +1,7 @@
 /* crypto/o_str.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2003.
+/*
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
+ * 2003.
  */
 /* ====================================================================
  * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -67,45 +68,49 @@
 #endif
 
 int OPENSSL_strncasecmp(const char *str1, const char *str2, size_t n)
-	{
+{
 #if defined(OPENSSL_IMPLEMENTS_strncasecmp)
-	while (*str1 && *str2 && n)
-		{
-		int res = toupper(*str1) - toupper(*str2);
-		if (res) return res < 0 ? -1 : 1;
-		str1++;
-		str2++;
-		n--;
-		}
-	if (n == 0)
-		return 0;
-	if (*str1)
-		return 1;
-	if (*str2)
-		return -1;
-	return 0;
+    while (*str1 && *str2 && n) {
+        int res = toupper(*str1) - toupper(*str2);
+        if (res)
+            return res < 0 ? -1 : 1;
+        str1++;
+        str2++;
+        n--;
+    }
+    if (n == 0)
+        return 0;
+    if (*str1)
+        return 1;
+    if (*str2)
+        return -1;
+    return 0;
 #else
-	/* Recursion hazard warning! Whenever strncasecmp is #defined as
-	 * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be
-	 * defined as well. */
-	return strncasecmp(str1, str2, n);
+    /*
+     * Recursion hazard warning! Whenever strncasecmp is #defined as
+     * OPENSSL_strncasecmp, OPENSSL_IMPLEMENTS_strncasecmp must be defined as
+     * well.
+     */
+    return strncasecmp(str1, str2, n);
 #endif
-	}
+}
+
 int OPENSSL_strcasecmp(const char *str1, const char *str2)
-	{
+{
 #if defined(OPENSSL_IMPLEMENTS_strncasecmp)
-	return OPENSSL_strncasecmp(str1, str2, (size_t)-1);
+    return OPENSSL_strncasecmp(str1, str2, (size_t)-1);
 #else
-	return strcasecmp(str1, str2);
+    return strcasecmp(str1, str2);
 #endif
-	}
+}
 
-int OPENSSL_memcmp(const void *v1,const void *v2,size_t n)
-	{
-	const unsigned char *c1=v1,*c2=v2;
-	int ret=0;
+int OPENSSL_memcmp(const void *v1, const void *v2, size_t n)
+{
+    const unsigned char *c1 = v1, *c2 = v2;
+    int ret = 0;
 
-	while(n && (ret=*c1-*c2)==0) n--,c1++,c2++;
+    while (n && (ret = *c1 - *c2) == 0)
+        n--, c1++, c2++;
 
-	return ret;
-	}
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/o_time.c b/Cryptlib/OpenSSL/crypto/o_time.c
index e29091d6..504e313d 100644
--- a/Cryptlib/OpenSSL/crypto/o_time.c
+++ b/Cryptlib/OpenSSL/crypto/o_time.c
@@ -1,6 +1,7 @@
 /* crypto/o_time.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -70,148 +71,157 @@
 #endif
 
 struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result)
-	{
-	struct tm *ts = NULL;
+{
+    struct tm *ts = NULL;
 
 #if defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_OS2) && !defined(__CYGWIN32__) && (!defined(OPENSSL_SYS_VMS) || defined(gmtime_r)) && !defined(OPENSSL_SYS_MACOSX) && !defined(OPENSSL_SYS_SUNOS)
-	/* should return &data, but doesn't on some systems,
-	   so we don't even look at the return value */
-	gmtime_r(timer,result);
-	ts = result;
+    /*
+     * should return &data, but doesn't on some systems, so we don't even
+     * look at the return value
+     */
+    gmtime_r(timer, result);
+    ts = result;
 #elif !defined(OPENSSL_SYS_VMS)
-	ts = gmtime(timer);
-	if (ts == NULL)
-		return NULL;
+    ts = gmtime(timer);
+    if (ts == NULL)
+        return NULL;
 
-	memcpy(result, ts, sizeof(struct tm));
-	ts = result;
+    memcpy(result, ts, sizeof(struct tm));
+    ts = result;
 #endif
 #ifdef OPENSSL_SYS_VMS
-	if (ts == NULL)
-		{
-		static $DESCRIPTOR(tabnam,"LNM$DCL_LOGICAL");
-		static $DESCRIPTOR(lognam,"SYS$TIMEZONE_DIFFERENTIAL");
-		char logvalue[256];
-		unsigned int reslen = 0;
-		struct {
-			short buflen;
-			short code;
-			void *bufaddr;
-			unsigned int *reslen;
-		} itemlist[] = {
-			{ 0, LNM$_STRING, 0, 0 },
-			{ 0, 0, 0, 0 },
-		};
-		int status;
-		time_t t;
-
-		/* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
-		itemlist[0].buflen = sizeof(logvalue);
-		itemlist[0].bufaddr = logvalue;
-		itemlist[0].reslen = &reslen;
-		status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
-		if (!(status & 1))
-			return NULL;
-		logvalue[reslen] = '\0';
-
-		t = *timer;
+    if (ts == NULL) {
+        static $DESCRIPTOR(tabnam, "LNM$DCL_LOGICAL");
+        static $DESCRIPTOR(lognam, "SYS$TIMEZONE_DIFFERENTIAL");
+        char logvalue[256];
+        unsigned int reslen = 0;
+        struct {
+            short buflen;
+            short code;
+            void *bufaddr;
+            unsigned int *reslen;
+        } itemlist[] = {
+            {
+                0, LNM$_STRING, 0, 0
+            },
+            {
+                0, 0, 0, 0
+            },
+        };
+        int status;
+        time_t t;
+
+        /* Get the value for SYS$TIMEZONE_DIFFERENTIAL */
+        itemlist[0].buflen = sizeof(logvalue);
+        itemlist[0].bufaddr = logvalue;
+        itemlist[0].reslen = &reslen;
+        status = sys$trnlnm(0, &tabnam, &lognam, 0, itemlist);
+        if (!(status & 1))
+            return NULL;
+        logvalue[reslen] = '\0';
+
+        t = *timer;
 
 /* The following is extracted from the DEC C header time.h */
-/*
-**  Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime
-**  have two implementations.  One implementation is provided
-**  for compatibility and deals with time in terms of local time,
-**  the other __utc_* deals with time in terms of UTC.
-*/
-/* We use the same conditions as in said time.h to check if we should
-   assume that t contains local time (and should therefore be adjusted)
-   or UTC (and should therefore be left untouched). */
-#if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE
-		/* Get the numerical value of the equivalence string */
-		status = atoi(logvalue);
-
-		/* and use it to move time to GMT */
-		t -= status;
-#endif
-
-		/* then convert the result to the time structure */
-
-		/* Since there was no gmtime_r() to do this stuff for us,
-		   we have to do it the hard way. */
-		{
-		/* The VMS epoch is the astronomical Smithsonian date,
-		   if I remember correctly, which is November 17, 1858.
-		   Furthermore, time is measure in thenths of microseconds
-		   and stored in quadwords (64 bit integers).  unix_epoch
-		   below is January 1st 1970 expressed as a VMS time.  The
-		   following code was used to get this number:
-
-		   #include <stdio.h>
-		   #include <stdlib.h>
-		   #include <lib$routines.h>
-		   #include <starlet.h>
-
-		   main()
-		   {
-		     unsigned long systime[2];
-		     unsigned short epoch_values[7] =
-		       { 1970, 1, 1, 0, 0, 0, 0 };
-
-		     lib$cvt_vectim(epoch_values, systime);
-
-		     printf("%u %u", systime[0], systime[1]);
-		   }
-		*/
-		unsigned long unix_epoch[2] = { 1273708544, 8164711 };
-		unsigned long deltatime[2];
-		unsigned long systime[2];
-		struct vms_vectime
-			{
-			short year, month, day, hour, minute, second,
-				centi_second;
-			} time_values;
-		long operation;
-
-		/* Turn the number of seconds since January 1st 1970 to
-		   an internal delta time.
-		   Note that lib$cvt_to_internal_time() will assume
-		   that t is signed, and will therefore break on 32-bit
-		   systems some time in 2038.
-		*/
-		operation = LIB$K_DELTA_SECONDS;
-		status = lib$cvt_to_internal_time(&operation,
-			&t, deltatime);
-
-		/* Add the delta time with the Unix epoch and we have
-		   the current UTC time in internal format */
-		status = lib$add_times(unix_epoch, deltatime, systime);
-
-		/* Turn the internal time into a time vector */
-		status = sys$numtim(&time_values, systime);
-
-		/* Fill in the struct tm with the result */
-		result->tm_sec = time_values.second;
-		result->tm_min = time_values.minute;
-		result->tm_hour = time_values.hour;
-		result->tm_mday = time_values.day;
-		result->tm_mon = time_values.month - 1;
-		result->tm_year = time_values.year - 1900;
-
-		operation = LIB$K_DAY_OF_WEEK;
-		status = lib$cvt_from_internal_time(&operation,
-			&result->tm_wday, systime);
-		result->tm_wday %= 7;
-
-		operation = LIB$K_DAY_OF_YEAR;
-		status = lib$cvt_from_internal_time(&operation,
-			&result->tm_yday, systime);
-		result->tm_yday--;
-
-		result->tm_isdst = 0; /* There's no way to know... */
-
-		ts = result;
-		}
-		}
+        /*
+         **  Beginning in OpenVMS Version 7.0 mktime, time, ctime, strftime
+         **  have two implementations.  One implementation is provided
+         **  for compatibility and deals with time in terms of local time,
+         **  the other __utc_* deals with time in terms of UTC.
+         */
+        /*
+         * We use the same conditions as in said time.h to check if we should
+         * assume that t contains local time (and should therefore be
+         * adjusted) or UTC (and should therefore be left untouched).
+         */
+# if __CRTL_VER < 70000000 || defined _VMS_V6_SOURCE
+        /* Get the numerical value of the equivalence string */
+        status = atoi(logvalue);
+
+        /* and use it to move time to GMT */
+        t -= status;
+# endif
+
+        /* then convert the result to the time structure */
+
+        /*
+         * Since there was no gmtime_r() to do this stuff for us, we have to
+         * do it the hard way.
+         */
+        {
+            /*-
+             * The VMS epoch is the astronomical Smithsonian date,
+               if I remember correctly, which is November 17, 1858.
+               Furthermore, time is measure in thenths of microseconds
+               and stored in quadwords (64 bit integers).  unix_epoch
+               below is January 1st 1970 expressed as a VMS time.  The
+               following code was used to get this number:
+
+               #include <stdio.h>
+               #include <stdlib.h>
+               #include <lib$routines.h>
+               #include <starlet.h>
+
+               main()
+               {
+                 unsigned long systime[2];
+                 unsigned short epoch_values[7] =
+                   { 1970, 1, 1, 0, 0, 0, 0 };
+
+                 lib$cvt_vectim(epoch_values, systime);
+
+                 printf("%u %u", systime[0], systime[1]);
+               }
+            */
+            unsigned long unix_epoch[2] = { 1273708544, 8164711 };
+            unsigned long deltatime[2];
+            unsigned long systime[2];
+            struct vms_vectime {
+                short year, month, day, hour, minute, second, centi_second;
+            } time_values;
+            long operation;
+
+            /*
+             * Turn the number of seconds since January 1st 1970 to an
+             * internal delta time. Note that lib$cvt_to_internal_time() will
+             * assume that t is signed, and will therefore break on 32-bit
+             * systems some time in 2038.
+             */
+            operation = LIB$K_DELTA_SECONDS;
+            status = lib$cvt_to_internal_time(&operation, &t, deltatime);
+
+            /*
+             * Add the delta time with the Unix epoch and we have the current
+             * UTC time in internal format
+             */
+            status = lib$add_times(unix_epoch, deltatime, systime);
+
+            /* Turn the internal time into a time vector */
+            status = sys$numtim(&time_values, systime);
+
+            /* Fill in the struct tm with the result */
+            result->tm_sec = time_values.second;
+            result->tm_min = time_values.minute;
+            result->tm_hour = time_values.hour;
+            result->tm_mday = time_values.day;
+            result->tm_mon = time_values.month - 1;
+            result->tm_year = time_values.year - 1900;
+
+            operation = LIB$K_DAY_OF_WEEK;
+            status = lib$cvt_from_internal_time(&operation,
+                                                &result->tm_wday, systime);
+            result->tm_wday %= 7;
+
+            operation = LIB$K_DAY_OF_YEAR;
+            status = lib$cvt_from_internal_time(&operation,
+                                                &result->tm_yday, systime);
+            result->tm_yday--;
+
+            result->tm_isdst = 0; /* There's no way to know... */
+
+            ts = result;
+        }
+    }
 #endif
-	return ts;
-	}	
+    return ts;
+}
diff --git a/Cryptlib/OpenSSL/crypto/objects/o_names.c b/Cryptlib/OpenSSL/crypto/objects/o_names.c
index adb5731f..1c41c081 100644
--- a/Cryptlib/OpenSSL/crypto/objects/o_names.c
+++ b/Cryptlib/OpenSSL/crypto/objects/o_names.c
@@ -8,7 +8,8 @@
 #include <openssl/safestack.h>
 #include <openssl/e_os2.h>
 
-/* Later versions of DEC C has started to add lnkage information to certain
+/*
+ * Later versions of DEC C has started to add lnkage information to certain
  * functions, which makes it tricky to use them as values to regular function
  * pointers.  One way is to define a macro that takes care of casting them
  * correctly.
@@ -19,351 +20,340 @@
 # define OPENSSL_strcmp strcmp
 #endif
 
-/* I use the ex_data stuff to manage the identifiers for the obj_name_types
+/*
+ * I use the ex_data stuff to manage the identifiers for the obj_name_types
  * that applications may define.  I only really use the free function field.
  */
-static LHASH *names_lh=NULL;
-static int names_type_num=OBJ_NAME_TYPE_NUM;
+static LHASH *names_lh = NULL;
+static int names_type_num = OBJ_NAME_TYPE_NUM;
 
-typedef struct name_funcs_st
-	{
-	unsigned long (*hash_func)(const char *name);
-	int (*cmp_func)(const char *a,const char *b);
-	void (*free_func)(const char *, int, const char *);
-	} NAME_FUNCS;
+typedef struct name_funcs_st {
+    unsigned long (*hash_func) (const char *name);
+    int (*cmp_func) (const char *a, const char *b);
+    void (*free_func) (const char *, int, const char *);
+} NAME_FUNCS;
 
 DECLARE_STACK_OF(NAME_FUNCS)
 IMPLEMENT_STACK_OF(NAME_FUNCS)
 
 static STACK_OF(NAME_FUNCS) *name_funcs_stack;
 
-/* The LHASH callbacks now use the raw "void *" prototypes and do per-variable
- * casting in the functions. This prevents function pointer casting without the
- * need for macro-generated wrapper functions. */
+/*
+ * The LHASH callbacks now use the raw "void *" prototypes and do
+ * per-variable casting in the functions. This prevents function pointer
+ * casting without the need for macro-generated wrapper functions.
+ */
 
 /* static unsigned long obj_name_hash(OBJ_NAME *a); */
 static unsigned long obj_name_hash(const void *a_void);
 /* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */
-static int obj_name_cmp(const void *a_void,const void *b_void);
+static int obj_name_cmp(const void *a_void, const void *b_void);
 
 int OBJ_NAME_init(void)
-	{
-	if (names_lh != NULL) return(1);
-	MemCheck_off();
-	names_lh=lh_new(obj_name_hash, obj_name_cmp);
-	MemCheck_on();
-	return(names_lh != NULL);
-	}
-
-int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *),
-	int (*cmp_func)(const char *, const char *),
-	void (*free_func)(const char *, int, const char *))
-	{
-	int ret;
-	int i;
-	NAME_FUNCS *name_funcs;
-
-	if (name_funcs_stack == NULL)
-		{
-		MemCheck_off();
-		name_funcs_stack=sk_NAME_FUNCS_new_null();
-		MemCheck_on();
-		}
-	if ((name_funcs_stack == NULL))
-		{
-		/* ERROR */
-		return(0);
-		}
-	ret=names_type_num;
-	names_type_num++;
-	for (i=sk_NAME_FUNCS_num(name_funcs_stack); i<names_type_num; i++)
-		{
-		MemCheck_off();
-		name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
-		MemCheck_on();
-		if (!name_funcs)
-			{
-			OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		name_funcs->hash_func = lh_strhash;
-		name_funcs->cmp_func = OPENSSL_strcmp;
-		name_funcs->free_func = 0; /* NULL is often declared to
-						* ((void *)0), which according
-						* to Compaq C is not really
-						* compatible with a function
-						* pointer.	-- Richard Levitte*/
-		MemCheck_off();
-		sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);
-		MemCheck_on();
-		}
-	name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
-	if (hash_func != NULL)
-		name_funcs->hash_func = hash_func;
-	if (cmp_func != NULL)
-		name_funcs->cmp_func = cmp_func;
-	if (free_func != NULL)
-		name_funcs->free_func = free_func;
-	return(ret);
-	}
+{
+    if (names_lh != NULL)
+        return (1);
+    MemCheck_off();
+    names_lh = lh_new(obj_name_hash, obj_name_cmp);
+    MemCheck_on();
+    return (names_lh != NULL);
+}
+
+int OBJ_NAME_new_index(unsigned long (*hash_func) (const char *),
+                       int (*cmp_func) (const char *, const char *),
+                       void (*free_func) (const char *, int, const char *))
+{
+    int ret;
+    int i;
+    NAME_FUNCS *name_funcs;
+
+    if (name_funcs_stack == NULL) {
+        MemCheck_off();
+        name_funcs_stack = sk_NAME_FUNCS_new_null();
+        MemCheck_on();
+    }
+    if ((name_funcs_stack == NULL)) {
+        /* ERROR */
+        return (0);
+    }
+    ret = names_type_num;
+    names_type_num++;
+    for (i = sk_NAME_FUNCS_num(name_funcs_stack); i < names_type_num; i++) {
+        MemCheck_off();
+        name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
+        MemCheck_on();
+        if (!name_funcs) {
+            OBJerr(OBJ_F_OBJ_NAME_NEW_INDEX, ERR_R_MALLOC_FAILURE);
+            return (0);
+        }
+        name_funcs->hash_func = lh_strhash;
+        name_funcs->cmp_func = OPENSSL_strcmp;
+        name_funcs->free_func = 0; /* NULL is often declared to * ((void
+                                    * *)0), which according * to Compaq C is
+                                    * not really * compatible with a function
+                                    * * pointer.  -- Richard Levitte */
+        MemCheck_off();
+        sk_NAME_FUNCS_push(name_funcs_stack, name_funcs);
+        MemCheck_on();
+    }
+    name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret);
+    if (hash_func != NULL)
+        name_funcs->hash_func = hash_func;
+    if (cmp_func != NULL)
+        name_funcs->cmp_func = cmp_func;
+    if (free_func != NULL)
+        name_funcs->free_func = free_func;
+    return (ret);
+}
 
 /* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */
 static int obj_name_cmp(const void *a_void, const void *b_void)
-	{
-	int ret;
-	const OBJ_NAME *a = (const OBJ_NAME *)a_void;
-	const OBJ_NAME *b = (const OBJ_NAME *)b_void;
-
-	ret=a->type-b->type;
-	if (ret == 0)
-		{
-		if ((name_funcs_stack != NULL)
-			&& (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
-			{
-			ret=sk_NAME_FUNCS_value(name_funcs_stack,
-				a->type)->cmp_func(a->name,b->name);
-			}
-		else
-			ret=strcmp(a->name,b->name);
-		}
-	return(ret);
-	}
+{
+    int ret;
+    const OBJ_NAME *a = (const OBJ_NAME *)a_void;
+    const OBJ_NAME *b = (const OBJ_NAME *)b_void;
+
+    ret = a->type - b->type;
+    if (ret == 0) {
+        if ((name_funcs_stack != NULL)
+            && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
+            ret = sk_NAME_FUNCS_value(name_funcs_stack,
+                                      a->type)->cmp_func(a->name, b->name);
+        } else
+            ret = strcmp(a->name, b->name);
+    }
+    return (ret);
+}
 
 /* static unsigned long obj_name_hash(OBJ_NAME *a) */
 static unsigned long obj_name_hash(const void *a_void)
-	{
-	unsigned long ret;
-	const OBJ_NAME *a = (const OBJ_NAME *)a_void;
-
-	if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type))
-		{
-		ret=sk_NAME_FUNCS_value(name_funcs_stack,
-			a->type)->hash_func(a->name);
-		}
-	else
-		{
-		ret=lh_strhash(a->name);
-		}
-	ret^=a->type;
-	return(ret);
-	}
+{
+    unsigned long ret;
+    const OBJ_NAME *a = (const OBJ_NAME *)a_void;
+
+    if ((name_funcs_stack != NULL)
+        && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) {
+        ret =
+            sk_NAME_FUNCS_value(name_funcs_stack,
+                                a->type)->hash_func(a->name);
+    } else {
+        ret = lh_strhash(a->name);
+    }
+    ret ^= a->type;
+    return (ret);
+}
 
 const char *OBJ_NAME_get(const char *name, int type)
-	{
-	OBJ_NAME on,*ret;
-	int num=0,alias;
-
-	if (name == NULL) return(NULL);
-	if ((names_lh == NULL) && !OBJ_NAME_init()) return(NULL);
-
-	alias=type&OBJ_NAME_ALIAS;
-	type&= ~OBJ_NAME_ALIAS;
-
-	on.name=name;
-	on.type=type;
-
-	for (;;)
-	{
-		ret=(OBJ_NAME *)lh_retrieve(names_lh,&on);
-		if (ret == NULL) return(NULL);
-		if ((ret->alias) && !alias)
-			{
-			if (++num > 10) return(NULL);
-			on.name=ret->data;
-			}
-		else
-			{
-			return(ret->data);
-			}
-		}
-	}
+{
+    OBJ_NAME on, *ret;
+    int num = 0, alias;
+
+    if (name == NULL)
+        return (NULL);
+    if ((names_lh == NULL) && !OBJ_NAME_init())
+        return (NULL);
+
+    alias = type & OBJ_NAME_ALIAS;
+    type &= ~OBJ_NAME_ALIAS;
+
+    on.name = name;
+    on.type = type;
+
+    for (;;) {
+        ret = (OBJ_NAME *)lh_retrieve(names_lh, &on);
+        if (ret == NULL)
+            return (NULL);
+        if ((ret->alias) && !alias) {
+            if (++num > 10)
+                return (NULL);
+            on.name = ret->data;
+        } else {
+            return (ret->data);
+        }
+    }
+}
 
 int OBJ_NAME_add(const char *name, int type, const char *data)
-	{
-	OBJ_NAME *onp,*ret;
-	int alias;
-
-	if ((names_lh == NULL) && !OBJ_NAME_init()) return(0);
-
-	alias=type&OBJ_NAME_ALIAS;
-	type&= ~OBJ_NAME_ALIAS;
-
-	onp=(OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME));
-	if (onp == NULL)
-		{
-		/* ERROR */
-		return(0);
-		}
-
-	onp->name=name;
-	onp->alias=alias;
-	onp->type=type;
-	onp->data=data;
-
-	ret=(OBJ_NAME *)lh_insert(names_lh,onp);
-	if (ret != NULL)
-		{
-		/* free things */
-		if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type))
-			{
-			/* XXX: I'm not sure I understand why the free
-			 * function should get three arguments...
-			 * -- Richard Levitte
-			 */
-			sk_NAME_FUNCS_value(name_funcs_stack,
-				ret->type)->free_func(ret->name,ret->type,ret->data);
-			}
-		OPENSSL_free(ret);
-		}
-	else
-		{
-		if (lh_error(names_lh))
-			{
-			/* ERROR */
-			return(0);
-			}
-		}
-	return(1);
-	}
+{
+    OBJ_NAME *onp, *ret;
+    int alias;
+
+    if ((names_lh == NULL) && !OBJ_NAME_init())
+        return (0);
+
+    alias = type & OBJ_NAME_ALIAS;
+    type &= ~OBJ_NAME_ALIAS;
+
+    onp = (OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME));
+    if (onp == NULL) {
+        /* ERROR */
+        return (0);
+    }
+
+    onp->name = name;
+    onp->alias = alias;
+    onp->type = type;
+    onp->data = data;
+
+    ret = (OBJ_NAME *)lh_insert(names_lh, onp);
+    if (ret != NULL) {
+        /* free things */
+        if ((name_funcs_stack != NULL)
+            && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) {
+            /*
+             * XXX: I'm not sure I understand why the free function should
+             * get three arguments... -- Richard Levitte
+             */
+            sk_NAME_FUNCS_value(name_funcs_stack,
+                                ret->type)->free_func(ret->name, ret->type,
+                                                      ret->data);
+        }
+        OPENSSL_free(ret);
+    } else {
+        if (lh_error(names_lh)) {
+            /* ERROR */
+            return (0);
+        }
+    }
+    return (1);
+}
 
 int OBJ_NAME_remove(const char *name, int type)
-	{
-	OBJ_NAME on,*ret;
-
-	if (names_lh == NULL) return(0);
-
-	type&= ~OBJ_NAME_ALIAS;
-	on.name=name;
-	on.type=type;
-	ret=(OBJ_NAME *)lh_delete(names_lh,&on);
-	if (ret != NULL)
-		{
-		/* free things */
-		if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type))
-			{
-			/* XXX: I'm not sure I understand why the free
-			 * function should get three arguments...
-			 * -- Richard Levitte
-			 */
-			sk_NAME_FUNCS_value(name_funcs_stack,
-				ret->type)->free_func(ret->name,ret->type,ret->data);
-			}
-		OPENSSL_free(ret);
-		return(1);
-		}
-	else
-		return(0);
-	}
-
-struct doall
-	{
-	int type;
-	void (*fn)(const OBJ_NAME *,void *arg);
-	void *arg;
-	};
-
-static void do_all_fn(const OBJ_NAME *name,struct doall *d)
-	{
-	if(name->type == d->type)
-		d->fn(name,d->arg);
-	}
-
-static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, struct doall *)
-
-void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg)
-	{
-	struct doall d;
-
-	d.type=type;
-	d.fn=fn;
-	d.arg=arg;
-
-	lh_doall_arg(names_lh,LHASH_DOALL_ARG_FN(do_all_fn),&d);
-	}
-
-struct doall_sorted
-	{
-	int type;
-	int n;
-	const OBJ_NAME **names;
-	};
-
-static void do_all_sorted_fn(const OBJ_NAME *name,void *d_)
-	{
-	struct doall_sorted *d=d_;
-
-	if(name->type != d->type)
-		return;
-
-	d->names[d->n++]=name;
-	}
-
-static int do_all_sorted_cmp(const void *n1_,const void *n2_)
-	{
-	const OBJ_NAME * const *n1=n1_;
-	const OBJ_NAME * const *n2=n2_;
-
-	return strcmp((*n1)->name,(*n2)->name);
-	}
-
-void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg),
-				void *arg)
-	{
-	struct doall_sorted d;
-	int n;
-
-	d.type=type;
-	d.names=OPENSSL_malloc(lh_num_items(names_lh)*sizeof *d.names);
-	d.n=0;
-	OBJ_NAME_do_all(type,do_all_sorted_fn,&d);
-
-	qsort((void *)d.names,d.n,sizeof *d.names,do_all_sorted_cmp);
-
-	for(n=0 ; n < d.n ; ++n)
-		fn(d.names[n],arg);
-
-	OPENSSL_free((void *)d.names);
-	}
+{
+    OBJ_NAME on, *ret;
+
+    if (names_lh == NULL)
+        return (0);
+
+    type &= ~OBJ_NAME_ALIAS;
+    on.name = name;
+    on.type = type;
+    ret = (OBJ_NAME *)lh_delete(names_lh, &on);
+    if (ret != NULL) {
+        /* free things */
+        if ((name_funcs_stack != NULL)
+            && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) {
+            /*
+             * XXX: I'm not sure I understand why the free function should
+             * get three arguments... -- Richard Levitte
+             */
+            sk_NAME_FUNCS_value(name_funcs_stack,
+                                ret->type)->free_func(ret->name, ret->type,
+                                                      ret->data);
+        }
+        OPENSSL_free(ret);
+        return (1);
+    } else
+        return (0);
+}
+
+struct doall {
+    int type;
+    void (*fn) (const OBJ_NAME *, void *arg);
+    void *arg;
+};
+
+static void do_all_fn(const OBJ_NAME *name, struct doall *d)
+{
+    if (name->type == d->type)
+        d->fn(name, d->arg);
+}
+
+static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *,
+                                    struct doall *)
+
+void OBJ_NAME_do_all(int type, void (*fn) (const OBJ_NAME *, void *arg),
+                     void *arg)
+{
+    struct doall d;
+
+    d.type = type;
+    d.fn = fn;
+    d.arg = arg;
+
+    lh_doall_arg(names_lh, LHASH_DOALL_ARG_FN(do_all_fn), &d);
+}
+
+struct doall_sorted {
+    int type;
+    int n;
+    const OBJ_NAME **names;
+};
+
+static void do_all_sorted_fn(const OBJ_NAME *name, void *d_)
+{
+    struct doall_sorted *d = d_;
+
+    if (name->type != d->type)
+        return;
+
+    d->names[d->n++] = name;
+}
+
+static int do_all_sorted_cmp(const void *n1_, const void *n2_)
+{
+    const OBJ_NAME *const *n1 = n1_;
+    const OBJ_NAME *const *n2 = n2_;
+
+    return strcmp((*n1)->name, (*n2)->name);
+}
+
+void OBJ_NAME_do_all_sorted(int type,
+                            void (*fn) (const OBJ_NAME *, void *arg),
+                            void *arg)
+{
+    struct doall_sorted d;
+    int n;
+
+    d.type = type;
+    d.names = OPENSSL_malloc(lh_num_items(names_lh) * sizeof *d.names);
+    d.n = 0;
+    OBJ_NAME_do_all(type, do_all_sorted_fn, &d);
+
+    qsort((void *)d.names, d.n, sizeof *d.names, do_all_sorted_cmp);
+
+    for (n = 0; n < d.n; ++n)
+        fn(d.names[n], arg);
+
+    OPENSSL_free((void *)d.names);
+}
 
 static int free_type;
 
 static void names_lh_free(OBJ_NAME *onp)
 {
-	if(onp == NULL)
-		return;
+    if (onp == NULL)
+        return;
 
-	if ((free_type < 0) || (free_type == onp->type))
-		{
-		OBJ_NAME_remove(onp->name,onp->type);
-		}
-	}
+    if ((free_type < 0) || (free_type == onp->type)) {
+        OBJ_NAME_remove(onp->name, onp->type);
+    }
+}
 
 static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *)
 
 static void name_funcs_free(NAME_FUNCS *ptr)
-	{
-	OPENSSL_free(ptr);
-	}
+{
+    OPENSSL_free(ptr);
+}
 
 void OBJ_NAME_cleanup(int type)
-	{
-	unsigned long down_load;
-
-	if (names_lh == NULL) return;
-
-	free_type=type;
-	down_load=names_lh->down_load;
-	names_lh->down_load=0;
-
-	lh_doall(names_lh,LHASH_DOALL_FN(names_lh_free));
-	if (type < 0)
-		{
-		lh_free(names_lh);
-		sk_NAME_FUNCS_pop_free(name_funcs_stack,name_funcs_free);
-		names_lh=NULL;
-		name_funcs_stack = NULL;
-		}
-	else
-		names_lh->down_load=down_load;
-	}
-
+{
+    unsigned long down_load;
+
+    if (names_lh == NULL)
+        return;
+
+    free_type = type;
+    down_load = names_lh->down_load;
+    names_lh->down_load = 0;
+
+    lh_doall(names_lh, LHASH_DOALL_FN(names_lh_free));
+    if (type < 0) {
+        lh_free(names_lh);
+        sk_NAME_FUNCS_pop_free(name_funcs_stack, name_funcs_free);
+        names_lh = NULL;
+        name_funcs_stack = NULL;
+    } else
+        names_lh->down_load = down_load;
+}
diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c
index cf5ba2a1..9654775a 100644
--- a/Cryptlib/OpenSSL/crypto/objects/obj_dat.c
+++ b/Cryptlib/OpenSSL/crypto/objects/obj_dat.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -67,13 +67,13 @@
 
 /* obj_dat.h is generated from objects.h by obj_dat.pl */
 #ifndef OPENSSL_NO_OBJECT
-#include "obj_dat.h"
+# include "obj_dat.h"
 #else
 /* You will have to load all the objects needed manually in the application */
-#define NUM_NID 0
-#define NUM_SN 0
-#define NUM_LN 0
-#define NUM_OBJ 0
+# define NUM_NID 0
+# define NUM_SN 0
+# define NUM_LN 0
+# define NUM_OBJ 0
 static unsigned char lvalues[1];
 static ASN1_OBJECT nid_objs[1];
 static ASN1_OBJECT *sn_objs[1];
@@ -84,708 +84,689 @@ static ASN1_OBJECT *obj_objs[1];
 static int sn_cmp(const void *a, const void *b);
 static int ln_cmp(const void *a, const void *b);
 static int obj_cmp(const void *a, const void *b);
-#define ADDED_DATA	0
-#define ADDED_SNAME	1
-#define ADDED_LNAME	2
-#define ADDED_NID	3
+#define ADDED_DATA      0
+#define ADDED_SNAME     1
+#define ADDED_LNAME     2
+#define ADDED_NID       3
 
-typedef struct added_obj_st
-	{
-	int type;
-	ASN1_OBJECT *obj;
-	} ADDED_OBJ;
+typedef struct added_obj_st {
+    int type;
+    ASN1_OBJECT *obj;
+} ADDED_OBJ;
 
-static int new_nid=NUM_NID;
-static LHASH *added=NULL;
+static int new_nid = NUM_NID;
+static LHASH *added = NULL;
 
 static int sn_cmp(const void *a, const void *b)
-	{
-	const ASN1_OBJECT * const *ap = a, * const *bp = b;
-	return(strcmp((*ap)->sn,(*bp)->sn));
-	}
+{
+    const ASN1_OBJECT *const *ap = a, *const *bp = b;
+    return (strcmp((*ap)->sn, (*bp)->sn));
+}
 
 static int ln_cmp(const void *a, const void *b)
-	{ 
-	const ASN1_OBJECT * const *ap = a, * const *bp = b;
-	return(strcmp((*ap)->ln,(*bp)->ln));
-	}
+{
+    const ASN1_OBJECT *const *ap = a, *const *bp = b;
+    return (strcmp((*ap)->ln, (*bp)->ln));
+}
 
 /* static unsigned long add_hash(ADDED_OBJ *ca) */
 static unsigned long add_hash(const void *ca_void)
-	{
-	const ASN1_OBJECT *a;
-	int i;
-	unsigned long ret=0;
-	unsigned char *p;
-	const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
-
-	a=ca->obj;
-	switch (ca->type)
-		{
-	case ADDED_DATA:
-		ret=a->length<<20L;
-		p=(unsigned char *)a->data;
-		for (i=0; i<a->length; i++)
-			ret^=p[i]<<((i*3)%24);
-		break;
-	case ADDED_SNAME:
-		ret=lh_strhash(a->sn);
-		break;
-	case ADDED_LNAME:
-		ret=lh_strhash(a->ln);
-		break;
-	case ADDED_NID:
-		ret=a->nid;
-		break;
-	default:
-		/* abort(); */
-		return 0;
-		}
-	ret&=0x3fffffffL;
-	ret|=ca->type<<30L;
-	return(ret);
-	}
+{
+    const ASN1_OBJECT *a;
+    int i;
+    unsigned long ret = 0;
+    unsigned char *p;
+    const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
+
+    a = ca->obj;
+    switch (ca->type) {
+    case ADDED_DATA:
+        ret = a->length << 20L;
+        p = (unsigned char *)a->data;
+        for (i = 0; i < a->length; i++)
+            ret ^= p[i] << ((i * 3) % 24);
+        break;
+    case ADDED_SNAME:
+        ret = lh_strhash(a->sn);
+        break;
+    case ADDED_LNAME:
+        ret = lh_strhash(a->ln);
+        break;
+    case ADDED_NID:
+        ret = a->nid;
+        break;
+    default:
+        /* abort(); */
+        return 0;
+    }
+    ret &= 0x3fffffffL;
+    ret |= ca->type << 30L;
+    return (ret);
+}
 
 /* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */
 static int add_cmp(const void *ca_void, const void *cb_void)
-	{
-	ASN1_OBJECT *a,*b;
-	int i;
-	const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
-	const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void;
-
-	i=ca->type-cb->type;
-	if (i) return(i);
-	a=ca->obj;
-	b=cb->obj;
-	switch (ca->type)
-		{
-	case ADDED_DATA:
-		i=(a->length - b->length);
-		if (i) return(i);
-		return(memcmp(a->data,b->data,(size_t)a->length));
-	case ADDED_SNAME:
-		if (a->sn == NULL) return(-1);
-		else if (b->sn == NULL) return(1);
-		else return(strcmp(a->sn,b->sn));
-	case ADDED_LNAME:
-		if (a->ln == NULL) return(-1);
-		else if (b->ln == NULL) return(1);
-		else return(strcmp(a->ln,b->ln));
-	case ADDED_NID:
-		return(a->nid-b->nid);
-	default:
-		/* abort(); */
-		return 0;
-		}
-	}
+{
+    ASN1_OBJECT *a, *b;
+    int i;
+    const ADDED_OBJ *ca = (const ADDED_OBJ *)ca_void;
+    const ADDED_OBJ *cb = (const ADDED_OBJ *)cb_void;
+
+    i = ca->type - cb->type;
+    if (i)
+        return (i);
+    a = ca->obj;
+    b = cb->obj;
+    switch (ca->type) {
+    case ADDED_DATA:
+        i = (a->length - b->length);
+        if (i)
+            return (i);
+        return (memcmp(a->data, b->data, (size_t)a->length));
+    case ADDED_SNAME:
+        if (a->sn == NULL)
+            return (-1);
+        else if (b->sn == NULL)
+            return (1);
+        else
+            return (strcmp(a->sn, b->sn));
+    case ADDED_LNAME:
+        if (a->ln == NULL)
+            return (-1);
+        else if (b->ln == NULL)
+            return (1);
+        else
+            return (strcmp(a->ln, b->ln));
+    case ADDED_NID:
+        return (a->nid - b->nid);
+    default:
+        /* abort(); */
+        return 0;
+    }
+}
 
 static int init_added(void)
-	{
-	if (added != NULL) return(1);
-	added=lh_new(add_hash,add_cmp);
-	return(added != NULL);
-	}
+{
+    if (added != NULL)
+        return (1);
+    added = lh_new(add_hash, add_cmp);
+    return (added != NULL);
+}
 
 static void cleanup1(ADDED_OBJ *a)
-	{
-	a->obj->nid=0;
-	a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC|
-	                ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
-			ASN1_OBJECT_FLAG_DYNAMIC_DATA;
-	}
+{
+    a->obj->nid = 0;
+    a->obj->flags |= ASN1_OBJECT_FLAG_DYNAMIC |
+        ASN1_OBJECT_FLAG_DYNAMIC_STRINGS | ASN1_OBJECT_FLAG_DYNAMIC_DATA;
+}
 
 static void cleanup2(ADDED_OBJ *a)
-	{ a->obj->nid++; }
+{
+    a->obj->nid++;
+}
 
 static void cleanup3(ADDED_OBJ *a)
-	{
-	if (--a->obj->nid == 0)
-		ASN1_OBJECT_free(a->obj);
-	OPENSSL_free(a);
-	}
+{
+    if (--a->obj->nid == 0)
+        ASN1_OBJECT_free(a->obj);
+    OPENSSL_free(a);
+}
 
 static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *)
 static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *)
 static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *)
 
 void OBJ_cleanup(void)
-	{
-	if (added == NULL) return;
-	added->down_load=0;
-	lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */
-	lh_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */
-	lh_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */
-	lh_free(added);
-	added=NULL;
-	}
+{
+    if (added == NULL)
+        return;
+    added->down_load = 0;
+    lh_doall(added, LHASH_DOALL_FN(cleanup1)); /* zero counters */
+    lh_doall(added, LHASH_DOALL_FN(cleanup2)); /* set counters */
+    lh_doall(added, LHASH_DOALL_FN(cleanup3)); /* free objects */
+    lh_free(added);
+    added = NULL;
+}
 
 int OBJ_new_nid(int num)
-	{
-	int i;
+{
+    int i;
 
-	i=new_nid;
-	new_nid+=num;
-	return(i);
-	}
+    i = new_nid;
+    new_nid += num;
+    return (i);
+}
 
 int OBJ_add_object(const ASN1_OBJECT *obj)
-	{
-	ASN1_OBJECT *o;
-	ADDED_OBJ *ao[4]={NULL,NULL,NULL,NULL},*aop;
-	int i;
-
-	if (added == NULL)
-		if (!init_added()) return(0);
-	if ((o=OBJ_dup(obj)) == NULL) goto err;
-	if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
-	if ((o->length != 0) && (obj->data != NULL))
-		if (!(ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
-	if (o->sn != NULL)
-		if (!(ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
-	if (o->ln != NULL)
-		if (!(ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err2;
-
-	for (i=ADDED_DATA; i<=ADDED_NID; i++)
-		{
-		if (ao[i] != NULL)
-			{
-			ao[i]->type=i;
-			ao[i]->obj=o;
-			aop=(ADDED_OBJ *)lh_insert(added,ao[i]);
-			/* memory leak, buit should not normally matter */
-			if (aop != NULL)
-				OPENSSL_free(aop);
-			}
-		}
-	o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|
-			ASN1_OBJECT_FLAG_DYNAMIC_DATA);
-
-	return(o->nid);
-err2:
-	OBJerr(OBJ_F_OBJ_ADD_OBJECT,ERR_R_MALLOC_FAILURE);
-err:
-	for (i=ADDED_DATA; i<=ADDED_NID; i++)
-		if (ao[i] != NULL) OPENSSL_free(ao[i]);
-	if (o != NULL) OPENSSL_free(o);
-	return(NID_undef);
-	}
+{
+    ASN1_OBJECT *o;
+    ADDED_OBJ *ao[4] = { NULL, NULL, NULL, NULL }, *aop;
+    int i;
+
+    if (added == NULL)
+        if (!init_added())
+            return (0);
+    if ((o = OBJ_dup(obj)) == NULL)
+        goto err;
+    if (!(ao[ADDED_NID] = (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ))))
+        goto err2;
+    if ((o->length != 0) && (obj->data != NULL))
+        if (!
+            (ao[ADDED_DATA] = (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ))))
+            goto err2;
+    if (o->sn != NULL)
+        if (!
+            (ao[ADDED_SNAME] =
+             (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ))))
+            goto err2;
+    if (o->ln != NULL)
+        if (!
+            (ao[ADDED_LNAME] =
+             (ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ))))
+            goto err2;
+
+    for (i = ADDED_DATA; i <= ADDED_NID; i++) {
+        if (ao[i] != NULL) {
+            ao[i]->type = i;
+            ao[i]->obj = o;
+            aop = (ADDED_OBJ *)lh_insert(added, ao[i]);
+            /* memory leak, buit should not normally matter */
+            if (aop != NULL)
+                OPENSSL_free(aop);
+        }
+    }
+    o->flags &=
+        ~(ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+          ASN1_OBJECT_FLAG_DYNAMIC_DATA);
+
+    return (o->nid);
+ err2:
+    OBJerr(OBJ_F_OBJ_ADD_OBJECT, ERR_R_MALLOC_FAILURE);
+ err:
+    for (i = ADDED_DATA; i <= ADDED_NID; i++)
+        if (ao[i] != NULL)
+            OPENSSL_free(ao[i]);
+    if (o != NULL)
+        OPENSSL_free(o);
+    return (NID_undef);
+}
 
 ASN1_OBJECT *OBJ_nid2obj(int n)
-	{
-	ADDED_OBJ ad,*adp;
-	ASN1_OBJECT ob;
-
-	if ((n >= 0) && (n < NUM_NID))
-		{
-		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
-			{
-			OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);
-			return(NULL);
-			}
-		return((ASN1_OBJECT *)&(nid_objs[n]));
-		}
-	else if (added == NULL)
-		return(NULL);
-	else
-		{
-		ad.type=ADDED_NID;
-		ad.obj= &ob;
-		ob.nid=n;
-		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
-		if (adp != NULL)
-			return(adp->obj);
-		else
-			{
-			OBJerr(OBJ_F_OBJ_NID2OBJ,OBJ_R_UNKNOWN_NID);
-			return(NULL);
-			}
-		}
-	}
+{
+    ADDED_OBJ ad, *adp;
+    ASN1_OBJECT ob;
+
+    if ((n >= 0) && (n < NUM_NID)) {
+        if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
+            OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+            return (NULL);
+        }
+        return ((ASN1_OBJECT *)&(nid_objs[n]));
+    } else if (added == NULL)
+        return (NULL);
+    else {
+        ad.type = ADDED_NID;
+        ad.obj = &ob;
+        ob.nid = n;
+        adp = (ADDED_OBJ *)lh_retrieve(added, &ad);
+        if (adp != NULL)
+            return (adp->obj);
+        else {
+            OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+            return (NULL);
+        }
+    }
+}
 
 const char *OBJ_nid2sn(int n)
-	{
-	ADDED_OBJ ad,*adp;
-	ASN1_OBJECT ob;
-
-	if ((n >= 0) && (n < NUM_NID))
-		{
-		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
-			{
-			OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);
-			return(NULL);
-			}
-		return(nid_objs[n].sn);
-		}
-	else if (added == NULL)
-		return(NULL);
-	else
-		{
-		ad.type=ADDED_NID;
-		ad.obj= &ob;
-		ob.nid=n;
-		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
-		if (adp != NULL)
-			return(adp->obj->sn);
-		else
-			{
-			OBJerr(OBJ_F_OBJ_NID2SN,OBJ_R_UNKNOWN_NID);
-			return(NULL);
-			}
-		}
-	}
+{
+    ADDED_OBJ ad, *adp;
+    ASN1_OBJECT ob;
+
+    if ((n >= 0) && (n < NUM_NID)) {
+        if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
+            OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
+            return (NULL);
+        }
+        return (nid_objs[n].sn);
+    } else if (added == NULL)
+        return (NULL);
+    else {
+        ad.type = ADDED_NID;
+        ad.obj = &ob;
+        ob.nid = n;
+        adp = (ADDED_OBJ *)lh_retrieve(added, &ad);
+        if (adp != NULL)
+            return (adp->obj->sn);
+        else {
+            OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
+            return (NULL);
+        }
+    }
+}
 
 const char *OBJ_nid2ln(int n)
-	{
-	ADDED_OBJ ad,*adp;
-	ASN1_OBJECT ob;
-
-	if ((n >= 0) && (n < NUM_NID))
-		{
-		if ((n != NID_undef) && (nid_objs[n].nid == NID_undef))
-			{
-			OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);
-			return(NULL);
-			}
-		return(nid_objs[n].ln);
-		}
-	else if (added == NULL)
-		return(NULL);
-	else
-		{
-		ad.type=ADDED_NID;
-		ad.obj= &ob;
-		ob.nid=n;
-		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
-		if (adp != NULL)
-			return(adp->obj->ln);
-		else
-			{
-			OBJerr(OBJ_F_OBJ_NID2LN,OBJ_R_UNKNOWN_NID);
-			return(NULL);
-			}
-		}
-	}
+{
+    ADDED_OBJ ad, *adp;
+    ASN1_OBJECT ob;
+
+    if ((n >= 0) && (n < NUM_NID)) {
+        if ((n != NID_undef) && (nid_objs[n].nid == NID_undef)) {
+            OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
+            return (NULL);
+        }
+        return (nid_objs[n].ln);
+    } else if (added == NULL)
+        return (NULL);
+    else {
+        ad.type = ADDED_NID;
+        ad.obj = &ob;
+        ob.nid = n;
+        adp = (ADDED_OBJ *)lh_retrieve(added, &ad);
+        if (adp != NULL)
+            return (adp->obj->ln);
+        else {
+            OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
+            return (NULL);
+        }
+    }
+}
 
 int OBJ_obj2nid(const ASN1_OBJECT *a)
-	{
-	ASN1_OBJECT **op;
-	ADDED_OBJ ad,*adp;
-
-	if (a == NULL)
-		return(NID_undef);
-	if (a->nid != 0)
-		return(a->nid);
-
-	if (added != NULL)
-		{
-		ad.type=ADDED_DATA;
-		ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */
-		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
-		if (adp != NULL) return (adp->obj->nid);
-		}
-	op=(ASN1_OBJECT **)OBJ_bsearch((const char *)&a,(const char *)obj_objs,
-		NUM_OBJ, sizeof(ASN1_OBJECT *),obj_cmp);
-	if (op == NULL)
-		return(NID_undef);
-	return((*op)->nid);
-	}
-
-/* Convert an object name into an ASN1_OBJECT
- * if "noname" is not set then search for short and long names first.
- * This will convert the "dotted" form into an object: unlike OBJ_txt2nid
- * it can be used with any objects, not just registered ones.
+{
+    ASN1_OBJECT **op;
+    ADDED_OBJ ad, *adp;
+
+    if (a == NULL)
+        return (NID_undef);
+    if (a->nid != 0)
+        return (a->nid);
+
+    if (added != NULL) {
+        ad.type = ADDED_DATA;
+        ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
+        adp = (ADDED_OBJ *)lh_retrieve(added, &ad);
+        if (adp != NULL)
+            return (adp->obj->nid);
+    }
+    op = (ASN1_OBJECT **)OBJ_bsearch((const char *)&a, (const char *)obj_objs,
+                                     NUM_OBJ, sizeof(ASN1_OBJECT *), obj_cmp);
+    if (op == NULL)
+        return (NID_undef);
+    return ((*op)->nid);
+}
+
+/*
+ * Convert an object name into an ASN1_OBJECT if "noname" is not set then
+ * search for short and long names first. This will convert the "dotted" form
+ * into an object: unlike OBJ_txt2nid it can be used with any objects, not
+ * just registered ones.
  */
 
 ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name)
-	{
-	int nid = NID_undef;
-	ASN1_OBJECT *op=NULL;
-	unsigned char *buf;
-	unsigned char *p;
-	const unsigned char *cp;
-	int i, j;
-
-	if(!no_name) {
-		if( ((nid = OBJ_sn2nid(s)) != NID_undef) ||
-			((nid = OBJ_ln2nid(s)) != NID_undef) ) 
-					return OBJ_nid2obj(nid);
-	}
-
-	/* Work out size of content octets */
-	i=a2d_ASN1_OBJECT(NULL,0,s,-1);
-	if (i <= 0) {
-		/* Don't clear the error */
-		/*ERR_clear_error();*/
-		return NULL;
-	}
-	/* Work out total size */
-	j = ASN1_object_size(0,i,V_ASN1_OBJECT);
-
-	if((buf=(unsigned char *)OPENSSL_malloc(j)) == NULL) return NULL;
-
-	p = buf;
-	/* Write out tag+length */
-	ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL);
-	/* Write out contents */
-	a2d_ASN1_OBJECT(p,i,s,-1);
-
-	cp=buf;
-	op=d2i_ASN1_OBJECT(NULL,&cp,j);
-	OPENSSL_free(buf);
-	return op;
-	}
+{
+    int nid = NID_undef;
+    ASN1_OBJECT *op = NULL;
+    unsigned char *buf;
+    unsigned char *p;
+    const unsigned char *cp;
+    int i, j;
+
+    if (!no_name) {
+        if (((nid = OBJ_sn2nid(s)) != NID_undef) ||
+            ((nid = OBJ_ln2nid(s)) != NID_undef))
+            return OBJ_nid2obj(nid);
+    }
+
+    /* Work out size of content octets */
+    i = a2d_ASN1_OBJECT(NULL, 0, s, -1);
+    if (i <= 0) {
+        /* Don't clear the error */
+        /*
+         * ERR_clear_error();
+         */
+        return NULL;
+    }
+    /* Work out total size */
+    j = ASN1_object_size(0, i, V_ASN1_OBJECT);
+
+    if ((buf = (unsigned char *)OPENSSL_malloc(j)) == NULL)
+        return NULL;
+
+    p = buf;
+    /* Write out tag+length */
+    ASN1_put_object(&p, 0, i, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
+    /* Write out contents */
+    a2d_ASN1_OBJECT(p, i, s, -1);
+
+    cp = buf;
+    op = d2i_ASN1_OBJECT(NULL, &cp, j);
+    OPENSSL_free(buf);
+    return op;
+}
 
 int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name)
 {
-	int i,n=0,len,nid, first, use_bn;
-	BIGNUM *bl;
-	unsigned long l;
-	unsigned char *p;
-	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
-
-	/* Ensure that, at every state, |buf| is NUL-terminated. */
-	if (buf && buf_len > 0)
-		buf[0] = '\0';
-
-	if ((a == NULL) || (a->data == NULL))
-		return(0);
-
-	if (!no_name && (nid=OBJ_obj2nid(a)) != NID_undef)
-		{
-		const char *s;
-		s=OBJ_nid2ln(nid);
-		if (s == NULL)
-			s=OBJ_nid2sn(nid);
-		if (s)
-			{
-			if (buf)
-				BUF_strlcpy(buf,s,buf_len);
-			n=strlen(s);
-			return n;
-			}
-		}
-
-
-	len=a->length;
-	p=a->data;
-
-	first = 1;
-	bl = NULL;
-
-	while (len > 0)
-		{
-		l=0;
-		use_bn = 0;
-		for (;;)
-			{
-			unsigned char c = *p++;
-			len--;
-			if ((len == 0) && (c & 0x80))
-				goto err;
-			if (use_bn)
-				{
-				if (!BN_add_word(bl, c & 0x7f))
-					goto err;
-				}
-			else
-				l |= c  & 0x7f;
-			if (!(c & 0x80))
-				break;
-			if (!use_bn && (l > (ULONG_MAX >> 7L)))
-				{
-				if (!bl && !(bl = BN_new()))
-					goto err;
-				if (!BN_set_word(bl, l))
-					goto err;
-				use_bn = 1;
-				}
-			if (use_bn)
-				{
-				if (!BN_lshift(bl, bl, 7))
-					goto err;
-				}
-			else
-				l<<=7L;
-			}
-
-		if (first)
-			{
-			first = 0;
-			if (l >= 80)
-				{
-				i = 2;
-				if (use_bn)
-					{
-					if (!BN_sub_word(bl, 80))
-						goto err;
-					}
-				else
-					l -= 80;
-				}
-			else
-				{
-				i=(int)(l/40);
-				l-=(long)(i*40);
-				}
-			if (buf && (buf_len > 1))
-				{
-				*buf++ = i + '0';
-				*buf = '\0';
-				buf_len--;
-				}
-			n++;
-			}
-
-		if (use_bn)
-			{
-			char *bndec;
-			bndec = BN_bn2dec(bl);
-			if (!bndec)
-				goto err;
-			i = strlen(bndec);
-			if (buf)
-				{
-				if (buf_len > 1)
-					{
-					*buf++ = '.';
-					*buf = '\0';
-					buf_len--;
-					}
-				BUF_strlcpy(buf,bndec,buf_len);
-				if (i > buf_len)
-					{
-					buf += buf_len;
-					buf_len = 0;
-					}
-				else
-					{
-					buf+=i;
-					buf_len-=i;
-					}
-				}
-			n++;
-			n += i;
-			OPENSSL_free(bndec);
-			}
-		else
-			{
-			BIO_snprintf(tbuf,sizeof tbuf,".%lu",l);
-			i=strlen(tbuf);
-			if (buf && (buf_len > 0))
-				{
-				BUF_strlcpy(buf,tbuf,buf_len);
-				if (i > buf_len)
-					{
-					buf += buf_len;
-					buf_len = 0;
-					}
-				else
-					{
-					buf+=i;
-					buf_len-=i;
-					}
-				}
-			n+=i;
-			l=0;
-			}
-		}
-
-	if (bl)
-		BN_free(bl);
-	return n;
-
-	err:
-	if (bl)
-		BN_free(bl);
-	return -1;
+    int i, n = 0, len, nid, first, use_bn;
+    BIGNUM *bl;
+    unsigned long l;
+    unsigned char *p;
+    char tbuf[DECIMAL_SIZE(i) + DECIMAL_SIZE(l) + 2];
+
+    /* Ensure that, at every state, |buf| is NUL-terminated. */
+    if (buf && buf_len > 0)
+        buf[0] = '\0';
+
+    if ((a == NULL) || (a->data == NULL))
+        return (0);
+
+    if (!no_name && (nid = OBJ_obj2nid(a)) != NID_undef) {
+        const char *s;
+        s = OBJ_nid2ln(nid);
+        if (s == NULL)
+            s = OBJ_nid2sn(nid);
+        if (s) {
+            if (buf)
+                BUF_strlcpy(buf, s, buf_len);
+            n = strlen(s);
+            return n;
+        }
+    }
+
+    len = a->length;
+    p = a->data;
+
+    first = 1;
+    bl = NULL;
+
+    while (len > 0) {
+        l = 0;
+        use_bn = 0;
+        for (;;) {
+            unsigned char c = *p++;
+            len--;
+            if ((len == 0) && (c & 0x80))
+                goto err;
+            if (use_bn) {
+                if (!BN_add_word(bl, c & 0x7f))
+                    goto err;
+            } else
+                l |= c & 0x7f;
+            if (!(c & 0x80))
+                break;
+            if (!use_bn && (l > (ULONG_MAX >> 7L))) {
+                if (!bl && !(bl = BN_new()))
+                    goto err;
+                if (!BN_set_word(bl, l))
+                    goto err;
+                use_bn = 1;
+            }
+            if (use_bn) {
+                if (!BN_lshift(bl, bl, 7))
+                    goto err;
+            } else
+                l <<= 7L;
+        }
+
+        if (first) {
+            first = 0;
+            if (l >= 80) {
+                i = 2;
+                if (use_bn) {
+                    if (!BN_sub_word(bl, 80))
+                        goto err;
+                } else
+                    l -= 80;
+            } else {
+                i = (int)(l / 40);
+                l -= (long)(i * 40);
+            }
+            if (buf && (buf_len > 1)) {
+                *buf++ = i + '0';
+                *buf = '\0';
+                buf_len--;
+            }
+            n++;
+        }
+
+        if (use_bn) {
+            char *bndec;
+            bndec = BN_bn2dec(bl);
+            if (!bndec)
+                goto err;
+            i = strlen(bndec);
+            if (buf) {
+                if (buf_len > 1) {
+                    *buf++ = '.';
+                    *buf = '\0';
+                    buf_len--;
+                }
+                BUF_strlcpy(buf, bndec, buf_len);
+                if (i > buf_len) {
+                    buf += buf_len;
+                    buf_len = 0;
+                } else {
+                    buf += i;
+                    buf_len -= i;
+                }
+            }
+            n++;
+            n += i;
+            OPENSSL_free(bndec);
+        } else {
+            BIO_snprintf(tbuf, sizeof tbuf, ".%lu", l);
+            i = strlen(tbuf);
+            if (buf && (buf_len > 0)) {
+                BUF_strlcpy(buf, tbuf, buf_len);
+                if (i > buf_len) {
+                    buf += buf_len;
+                    buf_len = 0;
+                } else {
+                    buf += i;
+                    buf_len -= i;
+                }
+            }
+            n += i;
+            l = 0;
+        }
+    }
+
+    if (bl)
+        BN_free(bl);
+    return n;
+
+ err:
+    if (bl)
+        BN_free(bl);
+    return -1;
 }
 
 int OBJ_txt2nid(const char *s)
 {
-	ASN1_OBJECT *obj;
-	int nid;
-	obj = OBJ_txt2obj(s, 0);
-	nid = OBJ_obj2nid(obj);
-	ASN1_OBJECT_free(obj);
-	return nid;
+    ASN1_OBJECT *obj;
+    int nid;
+    obj = OBJ_txt2obj(s, 0);
+    nid = OBJ_obj2nid(obj);
+    ASN1_OBJECT_free(obj);
+    return nid;
 }
 
 int OBJ_ln2nid(const char *s)
-	{
-	ASN1_OBJECT o,*oo= &o,**op;
-	ADDED_OBJ ad,*adp;
-
-	o.ln=s;
-	if (added != NULL)
-		{
-		ad.type=ADDED_LNAME;
-		ad.obj= &o;
-		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
-		if (adp != NULL) return (adp->obj->nid);
-		}
-	op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs, NUM_LN,
-		sizeof(ASN1_OBJECT *),ln_cmp);
-	if (op == NULL) return(NID_undef);
-	return((*op)->nid);
-	}
+{
+    ASN1_OBJECT o, *oo = &o, **op;
+    ADDED_OBJ ad, *adp;
+
+    o.ln = s;
+    if (added != NULL) {
+        ad.type = ADDED_LNAME;
+        ad.obj = &o;
+        adp = (ADDED_OBJ *)lh_retrieve(added, &ad);
+        if (adp != NULL)
+            return (adp->obj->nid);
+    }
+    op = (ASN1_OBJECT **)OBJ_bsearch((char *)&oo, (char *)ln_objs, NUM_LN,
+                                     sizeof(ASN1_OBJECT *), ln_cmp);
+    if (op == NULL)
+        return (NID_undef);
+    return ((*op)->nid);
+}
 
 int OBJ_sn2nid(const char *s)
-	{
-	ASN1_OBJECT o,*oo= &o,**op;
-	ADDED_OBJ ad,*adp;
-
-	o.sn=s;
-	if (added != NULL)
-		{
-		ad.type=ADDED_SNAME;
-		ad.obj= &o;
-		adp=(ADDED_OBJ *)lh_retrieve(added,&ad);
-		if (adp != NULL) return (adp->obj->nid);
-		}
-	op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN,
-		sizeof(ASN1_OBJECT *),sn_cmp);
-	if (op == NULL) return(NID_undef);
-	return((*op)->nid);
-	}
+{
+    ASN1_OBJECT o, *oo = &o, **op;
+    ADDED_OBJ ad, *adp;
+
+    o.sn = s;
+    if (added != NULL) {
+        ad.type = ADDED_SNAME;
+        ad.obj = &o;
+        adp = (ADDED_OBJ *)lh_retrieve(added, &ad);
+        if (adp != NULL)
+            return (adp->obj->nid);
+    }
+    op = (ASN1_OBJECT **)OBJ_bsearch((char *)&oo, (char *)sn_objs, NUM_SN,
+                                     sizeof(ASN1_OBJECT *), sn_cmp);
+    if (op == NULL)
+        return (NID_undef);
+    return ((*op)->nid);
+}
 
 static int obj_cmp(const void *ap, const void *bp)
-	{
-	int j;
-	const ASN1_OBJECT *a= *(ASN1_OBJECT * const *)ap;
-	const ASN1_OBJECT *b= *(ASN1_OBJECT * const *)bp;
-
-	j=(a->length - b->length);
-        if (j) return(j);
-	return(memcmp(a->data,b->data,a->length));
-        }
+{
+    int j;
+    const ASN1_OBJECT *a = *(ASN1_OBJECT *const *)ap;
+    const ASN1_OBJECT *b = *(ASN1_OBJECT *const *)bp;
+
+    j = (a->length - b->length);
+    if (j)
+        return (j);
+    return (memcmp(a->data, b->data, a->length));
+}
 
 const char *OBJ_bsearch(const char *key, const char *base, int num, int size,
-	int (*cmp)(const void *, const void *))
-	{
-	return OBJ_bsearch_ex(key, base, num, size, cmp, 0);
-	}
+                        int (*cmp) (const void *, const void *))
+{
+    return OBJ_bsearch_ex(key, base, num, size, cmp, 0);
+}
 
 const char *OBJ_bsearch_ex(const char *key, const char *base, int num,
-	int size, int (*cmp)(const void *, const void *), int flags)
-	{
-	int l,h,i=0,c=0;
-	const char *p = NULL;
-
-	if (num == 0) return(NULL);
-	l=0;
-	h=num;
-	while (l < h)
-		{
-		i=(l+h)/2;
-		p= &(base[i*size]);
-		c=(*cmp)(key,p);
-		if (c < 0)
-			h=i;
-		else if (c > 0)
-			l=i+1;
-		else
-			break;
-		}
+                           int size, int (*cmp) (const void *, const void *),
+                           int flags)
+{
+    int l, h, i = 0, c = 0;
+    const char *p = NULL;
+
+    if (num == 0)
+        return (NULL);
+    l = 0;
+    h = num;
+    while (l < h) {
+        i = (l + h) / 2;
+        p = &(base[i * size]);
+        c = (*cmp) (key, p);
+        if (c < 0)
+            h = i;
+        else if (c > 0)
+            l = i + 1;
+        else
+            break;
+    }
 #ifdef CHARSET_EBCDIC
-/* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and
- * I don't have perl (yet), we revert to a *LINEAR* search
- * when the object wasn't found in the binary search.
- */
-	if (c != 0)
-		{
-		for (i=0; i<num; ++i)
-			{
-			p= &(base[i*size]);
-			c = (*cmp)(key,p);
-			if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))
-				return p;
-			}
-		}
+    /*
+     * THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and I
+     * don't have perl (yet), we revert to a *LINEAR* search when the object
+     * wasn't found in the binary search.
+     */
+    if (c != 0) {
+        for (i = 0; i < num; ++i) {
+            p = &(base[i * size]);
+            c = (*cmp) (key, p);
+            if (c == 0 || (c < 0 && (flags & OBJ_BSEARCH_VALUE_ON_NOMATCH)))
+                return p;
+        }
+    }
 #endif
-	if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))
-		p = NULL;
-	else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH))
-		{
-		while(i > 0 && (*cmp)(key,&(base[(i-1)*size])) == 0)
-			i--;
-		p = &(base[i*size]);
-		}
-	return(p);
-	}
+    if (c != 0 && !(flags & OBJ_BSEARCH_VALUE_ON_NOMATCH))
+        p = NULL;
+    else if (c == 0 && (flags & OBJ_BSEARCH_FIRST_VALUE_ON_MATCH)) {
+        while (i > 0 && (*cmp) (key, &(base[(i - 1) * size])) == 0)
+            i--;
+        p = &(base[i * size]);
+    }
+    return (p);
+}
 
 int OBJ_create_objects(BIO *in)
-	{
-	MS_STATIC char buf[512];
-	int i,num=0;
-	char *o,*s,*l=NULL;
-
-	for (;;)
-		{
-		s=o=NULL;
-		i=BIO_gets(in,buf,512);
-		if (i <= 0) return(num);
-		buf[i-1]='\0';
-		if (!isalnum((unsigned char)buf[0])) return(num);
-		o=s=buf;
-		while (isdigit((unsigned char)*s) || (*s == '.'))
-			s++;
-		if (*s != '\0')
-			{
-			*(s++)='\0';
-			while (isspace((unsigned char)*s))
-				s++;
-			if (*s == '\0')
-				s=NULL;
-			else
-				{
-				l=s;
-				while ((*l != '\0') && !isspace((unsigned char)*l))
-					l++;
-				if (*l != '\0')
-					{
-					*(l++)='\0';
-					while (isspace((unsigned char)*l))
-						l++;
-					if (*l == '\0') l=NULL;
-					}
-				else
-					l=NULL;
-				}
-			}
-		else
-			s=NULL;
-		if ((o == NULL) || (*o == '\0')) return(num);
-		if (!OBJ_create(o,s,l)) return(num);
-		num++;
-		}
-	/* return(num); */
-	}
+{
+    MS_STATIC char buf[512];
+    int i, num = 0;
+    char *o, *s, *l = NULL;
+
+    for (;;) {
+        s = o = NULL;
+        i = BIO_gets(in, buf, 512);
+        if (i <= 0)
+            return (num);
+        buf[i - 1] = '\0';
+        if (!isalnum((unsigned char)buf[0]))
+            return (num);
+        o = s = buf;
+        while (isdigit((unsigned char)*s) || (*s == '.'))
+            s++;
+        if (*s != '\0') {
+            *(s++) = '\0';
+            while (isspace((unsigned char)*s))
+                s++;
+            if (*s == '\0')
+                s = NULL;
+            else {
+                l = s;
+                while ((*l != '\0') && !isspace((unsigned char)*l))
+                    l++;
+                if (*l != '\0') {
+                    *(l++) = '\0';
+                    while (isspace((unsigned char)*l))
+                        l++;
+                    if (*l == '\0')
+                        l = NULL;
+                } else
+                    l = NULL;
+            }
+        } else
+            s = NULL;
+        if ((o == NULL) || (*o == '\0'))
+            return (num);
+        if (!OBJ_create(o, s, l))
+            return (num);
+        num++;
+    }
+    /* return(num); */
+}
 
 int OBJ_create(const char *oid, const char *sn, const char *ln)
-	{
-	int ok=0;
-	ASN1_OBJECT *op=NULL;
-	unsigned char *buf;
-	int i;
-
-	i=a2d_ASN1_OBJECT(NULL,0,oid,-1);
-	if (i <= 0) return(0);
-
-	if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL)
-		{
-		OBJerr(OBJ_F_OBJ_CREATE,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	i=a2d_ASN1_OBJECT(buf,i,oid,-1);
-	if (i == 0)
-		goto err;
-	op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln);
-	if (op == NULL) 
-		goto err;
-	ok=OBJ_add_object(op);
-err:
-	ASN1_OBJECT_free(op);
-	OPENSSL_free(buf);
-	return(ok);
-	}
+{
+    int ok = 0;
+    ASN1_OBJECT *op = NULL;
+    unsigned char *buf;
+    int i;
+
+    i = a2d_ASN1_OBJECT(NULL, 0, oid, -1);
+    if (i <= 0)
+        return (0);
+
+    if ((buf = (unsigned char *)OPENSSL_malloc(i)) == NULL) {
+        OBJerr(OBJ_F_OBJ_CREATE, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    i = a2d_ASN1_OBJECT(buf, i, oid, -1);
+    if (i == 0)
+        goto err;
+    op = (ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1), buf, i, sn, ln);
+    if (op == NULL)
+        goto err;
+    ok = OBJ_add_object(op);
+ err:
+    ASN1_OBJECT_free(op);
+    OPENSSL_free(buf);
+    return (ok);
+}
diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_err.c b/Cryptlib/OpenSSL/crypto/objects/obj_err.c
index 12b48850..75321ecb 100644
--- a/Cryptlib/OpenSSL/crypto/objects/obj_err.c
+++ b/Cryptlib/OpenSSL/crypto/objects/obj_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,38 +66,35 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OBJ,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OBJ,0,reason)
 
-static ERR_STRING_DATA OBJ_str_functs[]=
-	{
-{ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT),	"OBJ_add_object"},
-{ERR_FUNC(OBJ_F_OBJ_CREATE),	"OBJ_create"},
-{ERR_FUNC(OBJ_F_OBJ_DUP),	"OBJ_dup"},
-{ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX),	"OBJ_NAME_new_index"},
-{ERR_FUNC(OBJ_F_OBJ_NID2LN),	"OBJ_nid2ln"},
-{ERR_FUNC(OBJ_F_OBJ_NID2OBJ),	"OBJ_nid2obj"},
-{ERR_FUNC(OBJ_F_OBJ_NID2SN),	"OBJ_nid2sn"},
-{0,NULL}
-	};
+static ERR_STRING_DATA OBJ_str_functs[] = {
+    {ERR_FUNC(OBJ_F_OBJ_ADD_OBJECT), "OBJ_add_object"},
+    {ERR_FUNC(OBJ_F_OBJ_CREATE), "OBJ_create"},
+    {ERR_FUNC(OBJ_F_OBJ_DUP), "OBJ_dup"},
+    {ERR_FUNC(OBJ_F_OBJ_NAME_NEW_INDEX), "OBJ_NAME_new_index"},
+    {ERR_FUNC(OBJ_F_OBJ_NID2LN), "OBJ_nid2ln"},
+    {ERR_FUNC(OBJ_F_OBJ_NID2OBJ), "OBJ_nid2obj"},
+    {ERR_FUNC(OBJ_F_OBJ_NID2SN), "OBJ_nid2sn"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA OBJ_str_reasons[]=
-	{
-{ERR_REASON(OBJ_R_MALLOC_FAILURE)        ,"malloc failure"},
-{ERR_REASON(OBJ_R_UNKNOWN_NID)           ,"unknown nid"},
-{0,NULL}
-	};
+static ERR_STRING_DATA OBJ_str_reasons[] = {
+    {ERR_REASON(OBJ_R_MALLOC_FAILURE), "malloc failure"},
+    {ERR_REASON(OBJ_R_UNKNOWN_NID), "unknown nid"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_OBJ_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,OBJ_str_functs);
-		ERR_load_strings(0,OBJ_str_reasons);
-		}
+    if (ERR_func_error_string(OBJ_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, OBJ_str_functs);
+        ERR_load_strings(0, OBJ_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c
index 706fa0b0..0687602a 100644
--- a/Cryptlib/OpenSSL/crypto/objects/obj_lib.c
+++ b/Cryptlib/OpenSSL/crypto/objects/obj_lib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,66 +63,69 @@
 #include <openssl/buffer.h>
 
 ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o)
-	{
-	ASN1_OBJECT *r;
-	int i;
-	char *ln=NULL;
+{
+    ASN1_OBJECT *r;
+    int i;
+    char *ln = NULL;
 
-	if (o == NULL) return(NULL);
-	if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
-		return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of
-					     duplication is this??? */
+    if (o == NULL)
+        return (NULL);
+    if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC))
+        return ((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of duplication
+                                    * is this??? */
 
-	r=ASN1_OBJECT_new();
-	if (r == NULL)
-		{
-		OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB);
-		return(NULL);
-		}
-	r->data=OPENSSL_malloc(o->length);
-	if (r->data == NULL)
-		goto err;
-	if (o->data != NULL)
-		memcpy(r->data,o->data,o->length);
-	r->length=o->length;
-	r->nid=o->nid;
-	r->ln=r->sn=NULL;
-	if (o->ln != NULL)
-		{
-		i=strlen(o->ln)+1;
-		r->ln=ln=OPENSSL_malloc(i);
-		if (r->ln == NULL) goto err;
-		memcpy(ln,o->ln,i);
-		}
+    r = ASN1_OBJECT_new();
+    if (r == NULL) {
+        OBJerr(OBJ_F_OBJ_DUP, ERR_R_ASN1_LIB);
+        return (NULL);
+    }
+    r->data = OPENSSL_malloc(o->length);
+    if (r->data == NULL)
+        goto err;
+    if (o->data != NULL)
+        memcpy(r->data, o->data, o->length);
+    r->length = o->length;
+    r->nid = o->nid;
+    r->ln = r->sn = NULL;
+    if (o->ln != NULL) {
+        i = strlen(o->ln) + 1;
+        r->ln = ln = OPENSSL_malloc(i);
+        if (r->ln == NULL)
+            goto err;
+        memcpy(ln, o->ln, i);
+    }
 
-	if (o->sn != NULL)
-		{
-		char *s;
+    if (o->sn != NULL) {
+        char *s;
 
-		i=strlen(o->sn)+1;
-		r->sn=s=OPENSSL_malloc(i);
-		if (r->sn == NULL) goto err;
-		memcpy(s,o->sn,i);
-		}
-	r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC|
-		ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA);
-	return(r);
-err:
-	OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE);
-	if (r != NULL)
-		{
-		if (ln != NULL) OPENSSL_free(ln);
-		if (r->data != NULL) OPENSSL_free(r->data);
-		OPENSSL_free(r);
-		}
-	return(NULL);
-	}
+        i = strlen(o->sn) + 1;
+        r->sn = s = OPENSSL_malloc(i);
+        if (r->sn == NULL)
+            goto err;
+        memcpy(s, o->sn, i);
+    }
+    r->flags = o->flags | (ASN1_OBJECT_FLAG_DYNAMIC |
+                           ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
+                           ASN1_OBJECT_FLAG_DYNAMIC_DATA);
+    return (r);
+ err:
+    OBJerr(OBJ_F_OBJ_DUP, ERR_R_MALLOC_FAILURE);
+    if (r != NULL) {
+        if (ln != NULL)
+            OPENSSL_free(ln);
+        if (r->data != NULL)
+            OPENSSL_free(r->data);
+        OPENSSL_free(r);
+    }
+    return (NULL);
+}
 
 int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b)
-	{
-	int ret;
+{
+    int ret;
 
-	ret=(a->length-b->length);
-	if (ret) return(ret);
-	return(memcmp(a->data,b->data,a->length));
-	}
+    ret = (a->length - b->length);
+    if (ret)
+        return (ret);
+    return (memcmp(a->data, b->data, a->length));
+}
diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c
index bfe892ac..e2e52e77 100644
--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c
+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_asn.c
@@ -1,6 +1,7 @@
 /* ocsp_asn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,41 +61,41 @@
 #include <openssl/ocsp.h>
 
 ASN1_SEQUENCE(OCSP_SIGNATURE) = {
-	ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
-	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
+        ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
+        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
 } ASN1_SEQUENCE_END(OCSP_SIGNATURE)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
 
 ASN1_SEQUENCE(OCSP_CERTID) = {
-	ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
-	ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
-	ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
+        ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
+        ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
+        ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
 } ASN1_SEQUENCE_END(OCSP_CERTID)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)
 
 ASN1_SEQUENCE(OCSP_ONEREQ) = {
-	ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID),
-	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0)
+        ASN1_SIMPLE(OCSP_ONEREQ, reqCert, OCSP_CERTID),
+        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_ONEREQ, singleRequestExtensions, X509_EXTENSION, 0)
 } ASN1_SEQUENCE_END(OCSP_ONEREQ)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_ONEREQ)
 
 ASN1_SEQUENCE(OCSP_REQINFO) = {
-	ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0),
-	ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1),
-	ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ),
-	ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2)
+        ASN1_EXP_OPT(OCSP_REQINFO, version, ASN1_INTEGER, 0),
+        ASN1_EXP_OPT(OCSP_REQINFO, requestorName, GENERAL_NAME, 1),
+        ASN1_SEQUENCE_OF(OCSP_REQINFO, requestList, OCSP_ONEREQ),
+        ASN1_EXP_SEQUENCE_OF_OPT(OCSP_REQINFO, requestExtensions, X509_EXTENSION, 2)
 } ASN1_SEQUENCE_END(OCSP_REQINFO)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
 
 ASN1_SEQUENCE(OCSP_REQUEST) = {
-	ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
-	ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
+        ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
+        ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
 } ASN1_SEQUENCE_END(OCSP_REQUEST)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST)
@@ -102,81 +103,81 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST)
 /* OCSP_RESPONSE templates */
 
 ASN1_SEQUENCE(OCSP_RESPBYTES) = {
-	    ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
-	    ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
+            ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
+            ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(OCSP_RESPBYTES)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)
 
 ASN1_SEQUENCE(OCSP_RESPONSE) = {
-	ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED),
-	ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0)
+        ASN1_SIMPLE(OCSP_RESPONSE, responseStatus, ASN1_ENUMERATED),
+        ASN1_EXP_OPT(OCSP_RESPONSE, responseBytes, OCSP_RESPBYTES, 0)
 } ASN1_SEQUENCE_END(OCSP_RESPONSE)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
 
 ASN1_CHOICE(OCSP_RESPID) = {
-	   ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
-	   ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
+           ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
+           ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
 } ASN1_CHOICE_END(OCSP_RESPID)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID)
 
 ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {
-	ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),
-  	ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
+        ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),
+        ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
 } ASN1_SEQUENCE_END(OCSP_REVOKEDINFO)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
 
 ASN1_CHOICE(OCSP_CERTSTATUS) = {
-	ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0),
-	ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1),
-	ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2)
+        ASN1_IMP(OCSP_CERTSTATUS, value.good, ASN1_NULL, 0),
+        ASN1_IMP(OCSP_CERTSTATUS, value.revoked, OCSP_REVOKEDINFO, 1),
+        ASN1_IMP(OCSP_CERTSTATUS, value.unknown, ASN1_NULL, 2)
 } ASN1_CHOICE_END(OCSP_CERTSTATUS)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
 
 ASN1_SEQUENCE(OCSP_SINGLERESP) = {
-	   ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
-	   ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
-	   ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
-	   ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
-	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
+           ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
+           ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
+           ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
+           ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
+           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
 } ASN1_SEQUENCE_END(OCSP_SINGLERESP)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
 
 ASN1_SEQUENCE(OCSP_RESPDATA) = {
-	   ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
-	   ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
-	   ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
-	   ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
-	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
+           ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
+           ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
+           ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
+           ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
+           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
 } ASN1_SEQUENCE_END(OCSP_RESPDATA)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
 
 ASN1_SEQUENCE(OCSP_BASICRESP) = {
-	   ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
-	   ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
-	   ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
-	   ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
+           ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
+           ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
+           ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
+           ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
 } ASN1_SEQUENCE_END(OCSP_BASICRESP)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
 
 ASN1_SEQUENCE(OCSP_CRLID) = {
-	   ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
-	   ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
-	   ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
+           ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
+           ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
+           ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
 } ASN1_SEQUENCE_END(OCSP_CRLID)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
 
 ASN1_SEQUENCE(OCSP_SERVICELOC) = {
-	ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
-	ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
+        ASN1_SIMPLE(OCSP_SERVICELOC, issuer, X509_NAME),
+        ASN1_SEQUENCE_OF_OPT(OCSP_SERVICELOC, locator, ACCESS_DESCRIPTION)
 } ASN1_SEQUENCE_END(OCSP_SERVICELOC)
 
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_SERVICELOC)
diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c
index 17bab5fc..bbb1830b 100644
--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c
+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_cl.c
@@ -1,11 +1,14 @@
 /* ocsp_cl.c */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
+/*
+ * Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project.
+ */
 
-/* History:
-   This file was transfered to Richard Levitte from CertCo by Kathy
-   Weinhold in mid-spring 2000 to be included in OpenSSL or released
-   as a patch kit. */
+/*
+ * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
+ * patch kit.
+ */
 
 /* ====================================================================
  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
@@ -15,7 +18,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -71,302 +74,312 @@
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
 
-/* Utility functions related to sending OCSP requests and extracting
- * relevant information from the response.
+/*
+ * Utility functions related to sending OCSP requests and extracting relevant
+ * information from the response.
  */
 
-/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ 
- * pointer: useful if we want to add extensions.
+/*
+ * Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ pointer:
+ * useful if we want to add extensions.
  */
 
 OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
-        {
-	OCSP_ONEREQ *one = NULL;
-
-	if (!(one = OCSP_ONEREQ_new())) goto err;
-	if (one->reqCert) OCSP_CERTID_free(one->reqCert);
-	one->reqCert = cid;
-	if (req &&
-		!sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
-				goto err;
-	return one;
-err:
-	OCSP_ONEREQ_free(one);
-	return NULL;
-        }
+{
+    OCSP_ONEREQ *one = NULL;
+
+    if (!(one = OCSP_ONEREQ_new()))
+        goto err;
+    if (one->reqCert)
+        OCSP_CERTID_free(one->reqCert);
+    one->reqCert = cid;
+    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
+        goto err;
+    return one;
+ err:
+    OCSP_ONEREQ_free(one);
+    return NULL;
+}
 
 /* Set requestorName from an X509_NAME structure */
 
 int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
-	{
-	GENERAL_NAME *gen;
-	gen = GENERAL_NAME_new();
-	if (gen == NULL)
-		return 0;
-	if (!X509_NAME_set(&gen->d.directoryName, nm))
-		{
-		GENERAL_NAME_free(gen);
-		return 0;
-		}
-	gen->type = GEN_DIRNAME;
-	if (req->tbsRequest->requestorName)
-		GENERAL_NAME_free(req->tbsRequest->requestorName);
-	req->tbsRequest->requestorName = gen;
-	return 1;
-	}
-	
+{
+    GENERAL_NAME *gen;
+    gen = GENERAL_NAME_new();
+    if (gen == NULL)
+        return 0;
+    if (!X509_NAME_set(&gen->d.directoryName, nm)) {
+        GENERAL_NAME_free(gen);
+        return 0;
+    }
+    gen->type = GEN_DIRNAME;
+    if (req->tbsRequest->requestorName)
+        GENERAL_NAME_free(req->tbsRequest->requestorName);
+    req->tbsRequest->requestorName = gen;
+    return 1;
+}
 
 /* Add a certificate to an OCSP request */
 
 int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
-	{
-	OCSP_SIGNATURE *sig;
-	if (!req->optionalSignature)
-		req->optionalSignature = OCSP_SIGNATURE_new();
-	sig = req->optionalSignature;
-	if (!sig) return 0;
-	if (!cert) return 1;
-	if (!sig->certs && !(sig->certs = sk_X509_new_null()))
-		return 0;
-
-	if(!sk_X509_push(sig->certs, cert)) return 0;
-	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
-	return 1;
-	}
-
-/* Sign an OCSP request set the requestorName to the subjec
- * name of an optional signers certificate and include one
- * or more optional certificates in the request. Behaves
- * like PKCS7_sign().
+{
+    OCSP_SIGNATURE *sig;
+    if (!req->optionalSignature)
+        req->optionalSignature = OCSP_SIGNATURE_new();
+    sig = req->optionalSignature;
+    if (!sig)
+        return 0;
+    if (!cert)
+        return 1;
+    if (!sig->certs && !(sig->certs = sk_X509_new_null()))
+        return 0;
+
+    if (!sk_X509_push(sig->certs, cert))
+        return 0;
+    CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+    return 1;
+}
+
+/*
+ * Sign an OCSP request set the requestorName to the subjec name of an
+ * optional signers certificate and include one or more optional certificates
+ * in the request. Behaves like PKCS7_sign().
  */
 
-int OCSP_request_sign(OCSP_REQUEST   *req,
-		      X509           *signer,
-		      EVP_PKEY       *key,
-		      const EVP_MD   *dgst,
-		      STACK_OF(X509) *certs,
-		      unsigned long flags)
-        {
-	int i;
-	OCSP_SIGNATURE *sig;
-	X509 *x;
-
-	if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
-			goto err;
-
-	if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
-	if (!dgst) dgst = EVP_sha1();
-	if (key)
-		{
-		if (!X509_check_private_key(signer, key))
-			{
-			OCSPerr(OCSP_F_OCSP_REQUEST_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-			goto err;
-			}
-		if (!OCSP_REQUEST_sign(req, key, dgst)) goto err;
-		}
-
-	if (!(flags & OCSP_NOCERTS))
-		{
-		if(!OCSP_request_add1_cert(req, signer)) goto err;
-		for (i = 0; i < sk_X509_num(certs); i++)
-			{
-			x = sk_X509_value(certs, i);
-			if (!OCSP_request_add1_cert(req, x)) goto err;
-			}
-		}
-
-	return 1;
-err:
-	OCSP_SIGNATURE_free(req->optionalSignature);
-	req->optionalSignature = NULL;
-	return 0;
-	}
+int OCSP_request_sign(OCSP_REQUEST *req,
+                      X509 *signer,
+                      EVP_PKEY *key,
+                      const EVP_MD *dgst,
+                      STACK_OF(X509) *certs, unsigned long flags)
+{
+    int i;
+    OCSP_SIGNATURE *sig;
+    X509 *x;
+
+    if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
+        goto err;
+
+    if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new()))
+        goto err;
+    if (!dgst)
+        dgst = EVP_sha1();
+    if (key) {
+        if (!X509_check_private_key(signer, key)) {
+            OCSPerr(OCSP_F_OCSP_REQUEST_SIGN,
+                    OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+            goto err;
+        }
+        if (!OCSP_REQUEST_sign(req, key, dgst))
+            goto err;
+    }
+
+    if (!(flags & OCSP_NOCERTS)) {
+        if (!OCSP_request_add1_cert(req, signer))
+            goto err;
+        for (i = 0; i < sk_X509_num(certs); i++) {
+            x = sk_X509_value(certs, i);
+            if (!OCSP_request_add1_cert(req, x))
+                goto err;
+        }
+    }
+
+    return 1;
+ err:
+    OCSP_SIGNATURE_free(req->optionalSignature);
+    req->optionalSignature = NULL;
+    return 0;
+}
 
 /* Get response status */
 
 int OCSP_response_status(OCSP_RESPONSE *resp)
-	{
-	return ASN1_ENUMERATED_get(resp->responseStatus);
-	}
+{
+    return ASN1_ENUMERATED_get(resp->responseStatus);
+}
 
-/* Extract basic response from OCSP_RESPONSE or NULL if
- * no basic response present.
+/*
+ * Extract basic response from OCSP_RESPONSE or NULL if no basic response
+ * present.
  */
- 
 
 OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp)
-	{
-	OCSP_RESPBYTES *rb;
-	rb = resp->responseBytes;
-	if (!rb)
-		{
-		OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA);
-		return NULL;
-		}
-	if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)
-		{
-		OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE);
-		return NULL;
-		}
-
-	return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
-	}
-
-/* Return number of OCSP_SINGLERESP reponses present in
- * a basic response.
+{
+    OCSP_RESPBYTES *rb;
+    rb = resp->responseBytes;
+    if (!rb) {
+        OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NO_RESPONSE_DATA);
+        return NULL;
+    }
+    if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
+        OCSPerr(OCSP_F_OCSP_RESPONSE_GET1_BASIC, OCSP_R_NOT_BASIC_RESPONSE);
+        return NULL;
+    }
+
+    return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP));
+}
+
+/*
+ * Return number of OCSP_SINGLERESP reponses present in a basic response.
  */
 
 int OCSP_resp_count(OCSP_BASICRESP *bs)
-	{
-	if (!bs) return -1;
-	return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses);
-	}
+{
+    if (!bs)
+        return -1;
+    return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses);
+}
 
 /* Extract an OCSP_SINGLERESP response with a given index */
 
 OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
-	{
-	if (!bs) return NULL;
-	return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
-	}
+{
+    if (!bs)
+        return NULL;
+    return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
+}
 
 /* Look single response matching a given certificate ID */
 
 int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
-	{
-	int i;
-	STACK_OF(OCSP_SINGLERESP) *sresp;
-	OCSP_SINGLERESP *single;
-	if (!bs) return -1;
-	if (last < 0) last = 0;
-	else last++;
-	sresp = bs->tbsResponseData->responses;
-	for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++)
-		{
-		single = sk_OCSP_SINGLERESP_value(sresp, i);
-		if (!OCSP_id_cmp(id, single->certId)) return i;
-		}
-	return -1;
-	}
-
-/* Extract status information from an OCSP_SINGLERESP structure.
- * Note: the revtime and reason values are only set if the 
- * certificate status is revoked. Returns numerical value of
- * status.
+{
+    int i;
+    STACK_OF(OCSP_SINGLERESP) *sresp;
+    OCSP_SINGLERESP *single;
+    if (!bs)
+        return -1;
+    if (last < 0)
+        last = 0;
+    else
+        last++;
+    sresp = bs->tbsResponseData->responses;
+    for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
+        single = sk_OCSP_SINGLERESP_value(sresp, i);
+        if (!OCSP_id_cmp(id, single->certId))
+            return i;
+    }
+    return -1;
+}
+
+/*
+ * Extract status information from an OCSP_SINGLERESP structure. Note: the
+ * revtime and reason values are only set if the certificate status is
+ * revoked. Returns numerical value of status.
  */
 
 int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
-				ASN1_GENERALIZEDTIME **revtime,
-				ASN1_GENERALIZEDTIME **thisupd,
-				ASN1_GENERALIZEDTIME **nextupd)
-	{
-	int ret;
-	OCSP_CERTSTATUS *cst;
-	if(!single) return -1;
-	cst = single->certStatus;
-	ret = cst->type;
-	if (ret == V_OCSP_CERTSTATUS_REVOKED)
-		{
-		OCSP_REVOKEDINFO *rev = cst->value.revoked;
-		if (revtime) *revtime = rev->revocationTime;
-		if (reason) 
-			{
-			if(rev->revocationReason)
-				*reason = ASN1_ENUMERATED_get(rev->revocationReason);
-			else *reason = -1;
-			}
-		}
-	if(thisupd) *thisupd = single->thisUpdate;
-	if(nextupd) *nextupd = single->nextUpdate;
-	return ret;
-	}
-
-/* This function combines the previous ones: look up a certificate ID and
- * if found extract status information. Return 0 is successful.
+                            ASN1_GENERALIZEDTIME **revtime,
+                            ASN1_GENERALIZEDTIME **thisupd,
+                            ASN1_GENERALIZEDTIME **nextupd)
+{
+    int ret;
+    OCSP_CERTSTATUS *cst;
+    if (!single)
+        return -1;
+    cst = single->certStatus;
+    ret = cst->type;
+    if (ret == V_OCSP_CERTSTATUS_REVOKED) {
+        OCSP_REVOKEDINFO *rev = cst->value.revoked;
+        if (revtime)
+            *revtime = rev->revocationTime;
+        if (reason) {
+            if (rev->revocationReason)
+                *reason = ASN1_ENUMERATED_get(rev->revocationReason);
+            else
+                *reason = -1;
+        }
+    }
+    if (thisupd)
+        *thisupd = single->thisUpdate;
+    if (nextupd)
+        *nextupd = single->nextUpdate;
+    return ret;
+}
+
+/*
+ * This function combines the previous ones: look up a certificate ID and if
+ * found extract status information. Return 0 is successful.
  */
 
 int OCSP_resp_find_status(OCSP_BASICRESP *bs, OCSP_CERTID *id, int *status,
-				int *reason,
-				ASN1_GENERALIZEDTIME **revtime,
-				ASN1_GENERALIZEDTIME **thisupd,
-				ASN1_GENERALIZEDTIME **nextupd)
-	{
-	int i;
-	OCSP_SINGLERESP *single;
-	i = OCSP_resp_find(bs, id, -1);
-	/* Maybe check for multiple responses and give an error? */
-	if(i < 0) return 0;
-	single = OCSP_resp_get0(bs, i);
-	i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd);
-	if(status) *status = i;
-	return 1;
-	}
-
-/* Check validity of thisUpdate and nextUpdate fields. It is possible that the request will
- * take a few seconds to process and/or the time wont be totally accurate. Therefore to avoid
- * rejecting otherwise valid time we allow the times to be within 'nsec' of the current time.
- * Also to avoid accepting very old responses without a nextUpdate field an optional maxage
+                          int *reason,
+                          ASN1_GENERALIZEDTIME **revtime,
+                          ASN1_GENERALIZEDTIME **thisupd,
+                          ASN1_GENERALIZEDTIME **nextupd)
+{
+    int i;
+    OCSP_SINGLERESP *single;
+    i = OCSP_resp_find(bs, id, -1);
+    /* Maybe check for multiple responses and give an error? */
+    if (i < 0)
+        return 0;
+    single = OCSP_resp_get0(bs, i);
+    i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd);
+    if (status)
+        *status = i;
+    return 1;
+}
+
+/*
+ * Check validity of thisUpdate and nextUpdate fields. It is possible that
+ * the request will take a few seconds to process and/or the time wont be
+ * totally accurate. Therefore to avoid rejecting otherwise valid time we
+ * allow the times to be within 'nsec' of the current time. Also to avoid
+ * accepting very old responses without a nextUpdate field an optional maxage
  * parameter specifies the maximum age the thisUpdate field can be.
  */
 
-int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
-	{
-	int ret = 1;
-	time_t t_now, t_tmp;
-	time(&t_now);
-	/* Check thisUpdate is valid and not more than nsec in the future */
-	if (!ASN1_GENERALIZEDTIME_check(thisupd))
-		{
-		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD);
-		ret = 0;
-		}
-	else 
-		{
-			t_tmp = t_now + nsec;
-			if (X509_cmp_time(thisupd, &t_tmp) > 0)
-			{
-			OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID);
-			ret = 0;
-			}
-
-		/* If maxsec specified check thisUpdate is not more than maxsec in the past */
-		if (maxsec >= 0)
-			{
-			t_tmp = t_now - maxsec;
-			if (X509_cmp_time(thisupd, &t_tmp) < 0)
-				{
-				OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD);
-				ret = 0;
-				}
-			}
-		}
-		
-
-	if (!nextupd) return ret;
-
-	/* Check nextUpdate is valid and not more than nsec in the past */
-	if (!ASN1_GENERALIZEDTIME_check(nextupd))
-		{
-		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
-		ret = 0;
-		}
-	else 
-		{
-		t_tmp = t_now - nsec;
-		if (X509_cmp_time(nextupd, &t_tmp) < 0)
-			{
-			OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED);
-			ret = 0;
-			}
-		}
-
-	/* Also don't allow nextUpdate to precede thisUpdate */
-	if (ASN1_STRING_cmp(nextupd, thisupd) < 0)
-		{
-		OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
-		ret = 0;
-		}
-
-	return ret;
-	}
+int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
+                        ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
+{
+    int ret = 1;
+    time_t t_now, t_tmp;
+    time(&t_now);
+    /* Check thisUpdate is valid and not more than nsec in the future */
+    if (!ASN1_GENERALIZEDTIME_check(thisupd)) {
+        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_THISUPDATE_FIELD);
+        ret = 0;
+    } else {
+        t_tmp = t_now + nsec;
+        if (X509_cmp_time(thisupd, &t_tmp) > 0) {
+            OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_NOT_YET_VALID);
+            ret = 0;
+        }
+
+        /*
+         * If maxsec specified check thisUpdate is not more than maxsec in
+         * the past
+         */
+        if (maxsec >= 0) {
+            t_tmp = t_now - maxsec;
+            if (X509_cmp_time(thisupd, &t_tmp) < 0) {
+                OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_TOO_OLD);
+                ret = 0;
+            }
+        }
+    }
+
+    if (!nextupd)
+        return ret;
+
+    /* Check nextUpdate is valid and not more than nsec in the past */
+    if (!ASN1_GENERALIZEDTIME_check(nextupd)) {
+        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_ERROR_IN_NEXTUPDATE_FIELD);
+        ret = 0;
+    } else {
+        t_tmp = t_now - nsec;
+        if (X509_cmp_time(nextupd, &t_tmp) < 0) {
+            OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY, OCSP_R_STATUS_EXPIRED);
+            ret = 0;
+        }
+    }
+
+    /* Also don't allow nextUpdate to precede thisUpdate */
+    if (ASN1_STRING_cmp(nextupd, thisupd) < 0) {
+        OCSPerr(OCSP_F_OCSP_CHECK_VALIDITY,
+                OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE);
+        ret = 0;
+    }
+
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c
index d2f2e79f..0bbf71f7 100644
--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c
+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,77 +66,83 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
 
-static ERR_STRING_DATA OCSP_str_functs[]=
-	{
-{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE),	"ASN1_STRING_encode"},
-{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE),	"D2I_OCSP_NONCE"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS),	"OCSP_basic_add1_status"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN),	"OCSP_basic_sign"},
-{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY),	"OCSP_basic_verify"},
-{ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW),	"OCSP_cert_id_new"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED),	"OCSP_CHECK_DELEGATED"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS),	"OCSP_CHECK_IDS"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER),	"OCSP_CHECK_ISSUER"},
-{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY),	"OCSP_check_validity"},
-{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID),	"OCSP_MATCH_ISSUERID"},
-{ERR_FUNC(OCSP_F_OCSP_PARSE_URL),	"OCSP_parse_url"},
-{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN),	"OCSP_request_sign"},
-{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY),	"OCSP_request_verify"},
-{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC),	"OCSP_response_get1_basic"},
-{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO),	"OCSP_sendreq_bio"},
-{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1),	"PARSE_HTTP_LINE1"},
-{ERR_FUNC(OCSP_F_REQUEST_VERIFY),	"REQUEST_VERIFY"},
-{0,NULL}
-	};
+static ERR_STRING_DATA OCSP_str_functs[] = {
+    {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},
+    {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"},
+    {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
+    {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
+    {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
+    {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"},
+    {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
+    {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"},
+    {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"},
+    {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},
+    {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"},
+    {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},
+    {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
+    {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
+    {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
+    {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
+    {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"},
+    {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA OCSP_str_reasons[]=
-	{
-{ERR_REASON(OCSP_R_BAD_DATA)             ,"bad data"},
-{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
-{ERR_REASON(OCSP_R_DIGEST_ERR)           ,"digest err"},
-{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"},
-{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"},
-{ERR_REASON(OCSP_R_ERROR_PARSING_URL)    ,"error parsing url"},
-{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"},
-{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"},
-{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE)   ,"not basic response"},
-{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"},
-{ERR_REASON(OCSP_R_NO_CONTENT)           ,"no content"},
-{ERR_REASON(OCSP_R_NO_PUBLIC_KEY)        ,"no public key"},
-{ERR_REASON(OCSP_R_NO_RESPONSE_DATA)     ,"no response data"},
-{ERR_REASON(OCSP_R_NO_REVOKED_TIME)      ,"no revoked time"},
-{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
-{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED)   ,"request not signed"},
-{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"},
-{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED)  ,"root ca not trusted"},
-{ERR_REASON(OCSP_R_SERVER_READ_ERROR)    ,"server read error"},
-{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"},
-{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"},
-{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR)   ,"server write error"},
-{ERR_REASON(OCSP_R_SIGNATURE_FAILURE)    ,"signature failure"},
-{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
-{ERR_REASON(OCSP_R_STATUS_EXPIRED)       ,"status expired"},
-{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"},
-{ERR_REASON(OCSP_R_STATUS_TOO_OLD)       ,"status too old"},
-{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"},
-{ERR_REASON(OCSP_R_UNKNOWN_NID)          ,"unknown nid"},
-{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"},
-{0,NULL}
-	};
+static ERR_STRING_DATA OCSP_str_reasons[] = {
+    {ERR_REASON(OCSP_R_BAD_DATA), "bad data"},
+    {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
+    {ERR_REASON(OCSP_R_DIGEST_ERR), "digest err"},
+    {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),
+     "error in nextupdate field"},
+    {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),
+     "error in thisupdate field"},
+    {ERR_REASON(OCSP_R_ERROR_PARSING_URL), "error parsing url"},
+    {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),
+     "missing ocspsigning usage"},
+    {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),
+     "nextupdate before thisupdate"},
+    {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE), "not basic response"},
+    {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"},
+    {ERR_REASON(OCSP_R_NO_CONTENT), "no content"},
+    {ERR_REASON(OCSP_R_NO_PUBLIC_KEY), "no public key"},
+    {ERR_REASON(OCSP_R_NO_RESPONSE_DATA), "no response data"},
+    {ERR_REASON(OCSP_R_NO_REVOKED_TIME), "no revoked time"},
+    {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+     "private key does not match certificate"},
+    {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED), "request not signed"},
+    {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),
+     "response contains no revocation data"},
+    {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED), "root ca not trusted"},
+    {ERR_REASON(OCSP_R_SERVER_READ_ERROR), "server read error"},
+    {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"},
+    {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),
+     "server response parse error"},
+    {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR), "server write error"},
+    {ERR_REASON(OCSP_R_SIGNATURE_FAILURE), "signature failure"},
+    {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),
+     "signer certificate not found"},
+    {ERR_REASON(OCSP_R_STATUS_EXPIRED), "status expired"},
+    {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID), "status not yet valid"},
+    {ERR_REASON(OCSP_R_STATUS_TOO_OLD), "status too old"},
+    {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"},
+    {ERR_REASON(OCSP_R_UNKNOWN_NID), "unknown nid"},
+    {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),
+     "unsupported requestorname type"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_OCSP_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,OCSP_str_functs);
-		ERR_load_strings(0,OCSP_str_reasons);
-		}
+    if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, OCSP_str_functs);
+        ERR_load_strings(0, OCSP_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c
index 815cc29d..e341caea 100644
--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c
+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c
@@ -1,11 +1,14 @@
 /* ocsp_ext.c */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
+/*
+ * Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project.
+ */
 
-/* History:
-   This file was transfered to Richard Levitte from CertCo by Kathy
-   Weinhold in mid-spring 2000 to be included in OpenSSL or released
-   as a patch kit. */
+/*
+ * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
+ * patch kit.
+ */
 
 /* ====================================================================
  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
@@ -15,7 +18,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -74,293 +77,318 @@
 /* OCSP request extensions */
 
 int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
-	{
-	return(X509v3_get_ext_count(x->tbsRequest->requestExtensions));
-	}
+{
+    return (X509v3_get_ext_count(x->tbsRequest->requestExtensions));
+}
 
 int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
-	{
-	return(X509v3_get_ext_by_NID(x->tbsRequest->requestExtensions,nid,lastpos));
-	}
-
-int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos)
-	{
-	return(X509v3_get_ext_by_OBJ(x->tbsRequest->requestExtensions,obj,lastpos));
-	}
+{
+    return (X509v3_get_ext_by_NID
+            (x->tbsRequest->requestExtensions, nid, lastpos));
+}
+
+int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
+                                int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ
+            (x->tbsRequest->requestExtensions, obj, lastpos));
+}
 
 int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
-	{
-	return(X509v3_get_ext_by_critical(x->tbsRequest->requestExtensions,crit,lastpos));
-	}
+{
+    return (X509v3_get_ext_by_critical
+            (x->tbsRequest->requestExtensions, crit, lastpos));
+}
 
 X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
-	{
-	return(X509v3_get_ext(x->tbsRequest->requestExtensions,loc));
-	}
+{
+    return (X509v3_get_ext(x->tbsRequest->requestExtensions, loc));
+}
 
 X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
-	{
-	return(X509v3_delete_ext(x->tbsRequest->requestExtensions,loc));
-	}
+{
+    return (X509v3_delete_ext(x->tbsRequest->requestExtensions, loc));
+}
 
 void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
-	{
-	return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
-	}
+{
+    return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
+}
 
 int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
-							unsigned long flags)
-	{
-	return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, crit, flags);
-	}
+                              unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value,
+                           crit, flags);
+}
 
 int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
-	{
-	return(X509v3_add_ext(&(x->tbsRequest->requestExtensions),ex,loc) != NULL);
-	}
+{
+    return (X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) !=
+            NULL);
+}
 
 /* Single extensions */
 
 int OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x)
-	{
-	return(X509v3_get_ext_count(x->singleRequestExtensions));
-	}
+{
+    return (X509v3_get_ext_count(x->singleRequestExtensions));
+}
 
 int OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos)
-	{
-	return(X509v3_get_ext_by_NID(x->singleRequestExtensions,nid,lastpos));
-	}
+{
+    return (X509v3_get_ext_by_NID(x->singleRequestExtensions, nid, lastpos));
+}
 
 int OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos)
-	{
-	return(X509v3_get_ext_by_OBJ(x->singleRequestExtensions,obj,lastpos));
-	}
+{
+    return (X509v3_get_ext_by_OBJ(x->singleRequestExtensions, obj, lastpos));
+}
 
 int OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos)
-	{
-	return(X509v3_get_ext_by_critical(x->singleRequestExtensions,crit,lastpos));
-	}
+{
+    return (X509v3_get_ext_by_critical
+            (x->singleRequestExtensions, crit, lastpos));
+}
 
 X509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc)
-	{
-	return(X509v3_get_ext(x->singleRequestExtensions,loc));
-	}
+{
+    return (X509v3_get_ext(x->singleRequestExtensions, loc));
+}
 
 X509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
-	{
-	return(X509v3_delete_ext(x->singleRequestExtensions,loc));
-	}
+{
+    return (X509v3_delete_ext(x->singleRequestExtensions, loc));
+}
 
 void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
-	{
-	return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
-	}
+{
+    return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
+}
 
 int OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit,
-							unsigned long flags)
-	{
-	return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, flags);
-	}
+                             unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit,
+                           flags);
+}
 
 int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
-	{
-	return(X509v3_add_ext(&(x->singleRequestExtensions),ex,loc) != NULL);
-	}
+{
+    return (X509v3_add_ext(&(x->singleRequestExtensions), ex, loc) != NULL);
+}
 
 /* OCSP Basic response */
 
 int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
-	{
-	return(X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
-	}
+{
+    return (X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
+}
 
 int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
-	{
-	return(X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,nid,lastpos));
-	}
-
-int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos)
-	{
-	return(X509v3_get_ext_by_OBJ(x->tbsResponseData->responseExtensions,obj,lastpos));
-	}
-
-int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos)
-	{
-	return(X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions,crit,lastpos));
-	}
+{
+    return (X509v3_get_ext_by_NID
+            (x->tbsResponseData->responseExtensions, nid, lastpos));
+}
+
+int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
+                                  int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ
+            (x->tbsResponseData->responseExtensions, obj, lastpos));
+}
+
+int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
+                                       int lastpos)
+{
+    return (X509v3_get_ext_by_critical
+            (x->tbsResponseData->responseExtensions, crit, lastpos));
+}
 
 X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
-	{
-	return(X509v3_get_ext(x->tbsResponseData->responseExtensions,loc));
-	}
+{
+    return (X509v3_get_ext(x->tbsResponseData->responseExtensions, loc));
+}
 
 X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
-	{
-	return(X509v3_delete_ext(x->tbsResponseData->responseExtensions,loc));
-	}
-
-void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx)
-	{
-	return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, idx);
-	}
-
-int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit,
-							unsigned long flags)
-	{
-	return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, value, crit, flags);
-	}
+{
+    return (X509v3_delete_ext(x->tbsResponseData->responseExtensions, loc));
+}
+
+void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
+                                  int *idx)
+{
+    return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit,
+                          idx);
+}
+
+int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
+                                int crit, unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid,
+                           value, crit, flags);
+}
 
 int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
-	{
-	return(X509v3_add_ext(&(x->tbsResponseData->responseExtensions),ex,loc) != NULL);
-	}
+{
+    return (X509v3_add_ext(&(x->tbsResponseData->responseExtensions), ex, loc)
+            != NULL);
+}
 
 /* OCSP single response extensions */
 
 int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x)
-	{
-	return(X509v3_get_ext_count(x->singleExtensions));
-	}
+{
+    return (X509v3_get_ext_count(x->singleExtensions));
+}
 
 int OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos)
-	{
-	return(X509v3_get_ext_by_NID(x->singleExtensions,nid,lastpos));
-	}
-
-int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos)
-	{
-	return(X509v3_get_ext_by_OBJ(x->singleExtensions,obj,lastpos));
-	}
-
-int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos)
-	{
-	return(X509v3_get_ext_by_critical(x->singleExtensions,crit,lastpos));
-	}
+{
+    return (X509v3_get_ext_by_NID(x->singleExtensions, nid, lastpos));
+}
+
+int OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj,
+                                   int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ(x->singleExtensions, obj, lastpos));
+}
+
+int OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit,
+                                        int lastpos)
+{
+    return (X509v3_get_ext_by_critical(x->singleExtensions, crit, lastpos));
+}
 
 X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc)
-	{
-	return(X509v3_get_ext(x->singleExtensions,loc));
-	}
+{
+    return (X509v3_get_ext(x->singleExtensions, loc));
+}
 
 X509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc)
-	{
-	return(X509v3_delete_ext(x->singleExtensions,loc));
-	}
-
-void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx)
-	{
-	return X509V3_get_d2i(x->singleExtensions, nid, crit, idx);
-	}
-
-int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit,
-							unsigned long flags)
-	{
-	return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);
-	}
+{
+    return (X509v3_delete_ext(x->singleExtensions, loc));
+}
+
+void *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit,
+                                   int *idx)
+{
+    return X509V3_get_d2i(x->singleExtensions, nid, crit, idx);
+}
+
+int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value,
+                                 int crit, unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags);
+}
 
 int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
-	{
-	return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL);
-	}
+{
+    return (X509v3_add_ext(&(x->singleExtensions), ex, loc) != NULL);
+}
 
 /* also CRL Entry Extensions */
 
 ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
-				void *data, STACK_OF(ASN1_OBJECT) *sk)
-        {
-	int i;
-	unsigned char *p, *b = NULL;
-
-	if (data)
-	        {
-		if ((i=i2d(data,NULL)) <= 0) goto err;
-		if (!(b=p=OPENSSL_malloc((unsigned int)i)))
-			goto err;
-	        if (i2d(data, &p) <= 0) goto err;
-		}
-	else if (sk)
-	        {
-		if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,
-						   (I2D_OF(ASN1_OBJECT))i2d,
-						   V_ASN1_SEQUENCE,
-						   V_ASN1_UNIVERSAL,
-						   IS_SEQUENCE))<=0) goto err;
-		if (!(b=p=OPENSSL_malloc((unsigned int)i)))
-			goto err;
-		if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d,
-						V_ASN1_SEQUENCE,
-						V_ASN1_UNIVERSAL,
-						IS_SEQUENCE)<=0) goto err;
-		}
-	else
-		{
-		OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA);
-		goto err;
-		}
-	if (!s && !(s = ASN1_STRING_new())) goto err;
-	if (!(ASN1_STRING_set(s, b, i))) goto err;
-	OPENSSL_free(b);
-	return s;
-err:
-	if (b) OPENSSL_free(b);
-	return NULL;
-	}
+                                void *data, STACK_OF(ASN1_OBJECT) *sk)
+{
+    int i;
+    unsigned char *p, *b = NULL;
+
+    if (data) {
+        if ((i = i2d(data, NULL)) <= 0)
+            goto err;
+        if (!(b = p = OPENSSL_malloc((unsigned int)i)))
+            goto err;
+        if (i2d(data, &p) <= 0)
+            goto err;
+    } else if (sk) {
+        if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL,
+                                             (I2D_OF(ASN1_OBJECT)) i2d,
+                                             V_ASN1_SEQUENCE,
+                                             V_ASN1_UNIVERSAL,
+                                             IS_SEQUENCE)) <= 0)
+             goto err;
+        if (!(b = p = OPENSSL_malloc((unsigned int)i)))
+            goto err;
+        if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p, (I2D_OF(ASN1_OBJECT)) i2d,
+                                        V_ASN1_SEQUENCE,
+                                        V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0)
+             goto err;
+    } else {
+        OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA);
+        goto err;
+    }
+    if (!s && !(s = ASN1_STRING_new()))
+        goto err;
+    if (!(ASN1_STRING_set(s, b, i)))
+        goto err;
+    OPENSSL_free(b);
+    return s;
+ err:
+    if (b)
+        OPENSSL_free(b);
+    return NULL;
+}
 
 /* Nonce handling functions */
 
-/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
- * a random nonce will be generated.
- * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the 
- * nonce, previous versions used the raw nonce.
+/*
+ * Add a nonce to an extension stack. A nonce can be specificed or if NULL a
+ * random nonce will be generated. Note: OpenSSL 0.9.7d and later create an
+ * OCTET STRING containing the nonce, previous versions used the raw nonce.
  */
 
-static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
-	{
-	unsigned char *tmpval;
-	ASN1_OCTET_STRING os;
-	int ret = 0;
-	if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH;
-	/* Create the OCTET STRING manually by writing out the header and
-	 * appending the content octets. This avoids an extra memory allocation
-	 * operation in some cases. Applications should *NOT* do this because
-         * it relies on library internals.
-	 */
-	os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
-	os.data = OPENSSL_malloc(os.length);
-	if (os.data == NULL)
-		goto err;
-	tmpval = os.data;
-	ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
-	if (val)
-		memcpy(tmpval, val, len);
-	else
-		RAND_pseudo_bytes(tmpval, len);
-	if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
-			&os, 0, X509V3_ADD_REPLACE))
-				goto err;
-	ret = 1;
-	err:
-	if (os.data)
-		OPENSSL_free(os.data);
-	return ret;
-	}
-
+static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
+                           unsigned char *val, int len)
+{
+    unsigned char *tmpval;
+    ASN1_OCTET_STRING os;
+    int ret = 0;
+    if (len <= 0)
+        len = OCSP_DEFAULT_NONCE_LENGTH;
+    /*
+     * Create the OCTET STRING manually by writing out the header and
+     * appending the content octets. This avoids an extra memory allocation
+     * operation in some cases. Applications should *NOT* do this because it
+     * relies on library internals.
+     */
+    os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING);
+    os.data = OPENSSL_malloc(os.length);
+    if (os.data == NULL)
+        goto err;
+    tmpval = os.data;
+    ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
+    if (val)
+        memcpy(tmpval, val, len);
+    else
+        RAND_pseudo_bytes(tmpval, len);
+    if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
+                         &os, 0, X509V3_ADD_REPLACE))
+        goto err;
+    ret = 1;
+ err:
+    if (os.data)
+        OPENSSL_free(os.data);
+    return ret;
+}
 
 /* Add nonce to an OCSP request */
 
 int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
-	{
-	return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
-	}
+{
+    return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
+}
 
 /* Same as above but for a response */
 
 int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
-	{
-	return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, len);
-	}
+{
+    return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val,
+                           len);
+}
 
-/* Check nonce validity in a request and response.
+/*-
+ * Check nonce validity in a request and response.
  * Return value reflects result:
  *  1: nonces present and equal.
  *  2: nonces both absent.
@@ -374,172 +402,204 @@ int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
  */
 
 int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
-	{
-	/*
-	 * Since we are only interested in the presence or absence of
-	 * the nonce and comparing its value there is no need to use
-	 * the X509V3 routines: this way we can avoid them allocating an
-	 * ASN1_OCTET_STRING structure for the value which would be
-	 * freed immediately anyway.
-	 */
-
-	int req_idx, resp_idx;
-	X509_EXTENSION *req_ext, *resp_ext;
-	req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
-	resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
-	/* Check both absent */
-	if((req_idx < 0) && (resp_idx < 0))
-		return 2;
-	/* Check in request only */
-	if((req_idx >= 0) && (resp_idx < 0))
-		return -1;
-	/* Check in response but not request */
-	if((req_idx < 0) && (resp_idx >= 0))
-		return 3;
-	/* Otherwise nonce in request and response so retrieve the extensions */
-	req_ext = OCSP_REQUEST_get_ext(req, req_idx);
-	resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
-	if(ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value))
-		return 0;
-	return 1;
-	}
-
-/* Copy the nonce value (if any) from an OCSP request to 
- * a response.
+{
+    /*
+     * Since we are only interested in the presence or absence of
+     * the nonce and comparing its value there is no need to use
+     * the X509V3 routines: this way we can avoid them allocating an
+     * ASN1_OCTET_STRING structure for the value which would be
+     * freed immediately anyway.
+     */
+
+    int req_idx, resp_idx;
+    X509_EXTENSION *req_ext, *resp_ext;
+    req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+    resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1);
+    /* Check both absent */
+    if ((req_idx < 0) && (resp_idx < 0))
+        return 2;
+    /* Check in request only */
+    if ((req_idx >= 0) && (resp_idx < 0))
+        return -1;
+    /* Check in response but not request */
+    if ((req_idx < 0) && (resp_idx >= 0))
+        return 3;
+    /*
+     * Otherwise nonce in request and response so retrieve the extensions
+     */
+    req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+    resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
+    if (ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value))
+        return 0;
+    return 1;
+}
+
+/*
+ * Copy the nonce value (if any) from an OCSP request to a response.
  */
 
 int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
-	{
-	X509_EXTENSION *req_ext;
-	int req_idx;
-	/* Check for nonce in request */
-	req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
-	/* If no nonce that's OK */
-	if (req_idx < 0) return 2;
-	req_ext = OCSP_REQUEST_get_ext(req, req_idx);
-	return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
-	}
+{
+    X509_EXTENSION *req_ext;
+    int req_idx;
+    /* Check for nonce in request */
+    req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+    /* If no nonce that's OK */
+    if (req_idx < 0)
+        return 2;
+    req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+    return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
+}
 
 X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
-        {
-	X509_EXTENSION *x = NULL;
-	OCSP_CRLID *cid = NULL;
-	
-	if (!(cid = OCSP_CRLID_new())) goto err;
-	if (url)
-	        {
-		if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err;
-		if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err;
-		}
-	if (n)
-	        {
-		if (!(cid->crlNum = ASN1_INTEGER_new())) goto err;
-		if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err;
-		}
-	if (tim)
-	        {
-		if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err;
-		if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 
-		        goto err;
-		}
-	if (!(x = X509_EXTENSION_new())) goto err;
-	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
-	if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid,
-				    NULL)))
-	        goto err;
-	OCSP_CRLID_free(cid);
-	return x;
-err:
-	if (x) X509_EXTENSION_free(x);
-	if (cid) OCSP_CRLID_free(cid);
-	return NULL;
-	}
+{
+    X509_EXTENSION *x = NULL;
+    OCSP_CRLID *cid = NULL;
+
+    if (!(cid = OCSP_CRLID_new()))
+        goto err;
+    if (url) {
+        if (!(cid->crlUrl = ASN1_IA5STRING_new()))
+            goto err;
+        if (!(ASN1_STRING_set(cid->crlUrl, url, -1)))
+            goto err;
+    }
+    if (n) {
+        if (!(cid->crlNum = ASN1_INTEGER_new()))
+            goto err;
+        if (!(ASN1_INTEGER_set(cid->crlNum, *n)))
+            goto err;
+    }
+    if (tim) {
+        if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new()))
+            goto err;
+        if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
+            goto err;
+    }
+    if (!(x = X509_EXTENSION_new()))
+        goto err;
+    if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID)))
+        goto err;
+    if (!(ASN1_STRING_encode_of(OCSP_CRLID, x->value, i2d_OCSP_CRLID, cid,
+                                NULL)))
+         goto err;
+    OCSP_CRLID_free(cid);
+    return x;
+ err:
+    if (x)
+        X509_EXTENSION_free(x);
+    if (cid)
+        OCSP_CRLID_free(cid);
+    return NULL;
+}
 
 /*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
 X509_EXTENSION *OCSP_accept_responses_new(char **oids)
-        {
-	int nid;
-	STACK_OF(ASN1_OBJECT) *sk = NULL;
-	ASN1_OBJECT *o = NULL;
-        X509_EXTENSION *x = NULL;
-
-	if (!(sk = sk_ASN1_OBJECT_new_null())) goto err;
-	while (oids && *oids)
-	        {
-		if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) 
-		        sk_ASN1_OBJECT_push(sk, o);
-		oids++;
-		}
-	if (!(x = X509_EXTENSION_new())) goto err;
-	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
-		goto err;
-	if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL,
-				    sk)))
-	        goto err;
-	sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-	return x;
-err:
-	if (x) X509_EXTENSION_free(x);
-	if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-	return NULL;
-        }
+{
+    int nid;
+    STACK_OF(ASN1_OBJECT) *sk = NULL;
+    ASN1_OBJECT *o = NULL;
+    X509_EXTENSION *x = NULL;
+
+    if (!(sk = sk_ASN1_OBJECT_new_null()))
+        goto err;
+    while (oids && *oids) {
+        if ((nid = OBJ_txt2nid(*oids)) != NID_undef && (o = OBJ_nid2obj(nid)))
+            sk_ASN1_OBJECT_push(sk, o);
+        oids++;
+    }
+    if (!(x = X509_EXTENSION_new()))
+        goto err;
+    if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
+        goto err;
+    if (!(ASN1_STRING_encode_of(ASN1_OBJECT, x->value, i2d_ASN1_OBJECT, NULL,
+                                sk)))
+         goto err;
+    sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+    return x;
+ err:
+    if (x)
+        X509_EXTENSION_free(x);
+    if (sk)
+        sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
+    return NULL;
+}
 
 /*  ArchiveCutoff ::= GeneralizedTime */
-X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
-        {
-	X509_EXTENSION *x=NULL;
-	ASN1_GENERALIZEDTIME *gt = NULL;
-
-	if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
-	if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
-	if (!(x = X509_EXTENSION_new())) goto err;
-	if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
-	if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value,
-				    i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err;
-	ASN1_GENERALIZEDTIME_free(gt);
-	return x;
-err:
-	if (gt) ASN1_GENERALIZEDTIME_free(gt);
-	if (x) X509_EXTENSION_free(x);
-	return NULL;
-	}
-
-/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
- * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This
- * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
+X509_EXTENSION *OCSP_archive_cutoff_new(char *tim)
+{
+    X509_EXTENSION *x = NULL;
+    ASN1_GENERALIZEDTIME *gt = NULL;
+
+    if (!(gt = ASN1_GENERALIZEDTIME_new()))
+        goto err;
+    if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
+        goto err;
+    if (!(x = X509_EXTENSION_new()))
+        goto err;
+    if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))
+        goto err;
+    if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME, x->value,
+                                i2d_ASN1_GENERALIZEDTIME, gt, NULL)))
+         goto err;
+    ASN1_GENERALIZEDTIME_free(gt);
+    return x;
+ err:
+    if (gt)
+        ASN1_GENERALIZEDTIME_free(gt);
+    if (x)
+        X509_EXTENSION_free(x);
+    return NULL;
+}
+
+/*
+ * per ACCESS_DESCRIPTION parameter are oids, of which there are currently
+ * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This method
+ * forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
  */
-X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
-        {
-	X509_EXTENSION *x = NULL;
-	ASN1_IA5STRING *ia5 = NULL;
-	OCSP_SERVICELOC *sloc = NULL;
-	ACCESS_DESCRIPTION *ad = NULL;
-	
-	if (!(sloc = OCSP_SERVICELOC_new())) goto err;
-	if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err;
-	if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) goto err;
-	while (urls && *urls)
-	        {
-		if (!(ad = ACCESS_DESCRIPTION_new())) goto err;
-		if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err;
-		if (!(ad->location = GENERAL_NAME_new())) goto err;
-	        if (!(ia5 = ASN1_IA5STRING_new())) goto err;
-		if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err;
-		ad->location->type = GEN_URI;
-		ad->location->d.ia5 = ia5;
-		if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
-		urls++;
-		}
-	if (!(x = X509_EXTENSION_new())) goto err;
-	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) 
-	        goto err;
-	if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value,
-				    i2d_OCSP_SERVICELOC,sloc,NULL))) goto err;
-	OCSP_SERVICELOC_free(sloc);
-	return x;
-err:
-	if (x) X509_EXTENSION_free(x);
-	if (sloc) OCSP_SERVICELOC_free(sloc);
-	return NULL;
-	}
-
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls)
+{
+    X509_EXTENSION *x = NULL;
+    ASN1_IA5STRING *ia5 = NULL;
+    OCSP_SERVICELOC *sloc = NULL;
+    ACCESS_DESCRIPTION *ad = NULL;
+
+    if (!(sloc = OCSP_SERVICELOC_new()))
+        goto err;
+    if (!(sloc->issuer = X509_NAME_dup(issuer)))
+        goto err;
+    if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null()))
+        goto err;
+    while (urls && *urls) {
+        if (!(ad = ACCESS_DESCRIPTION_new()))
+            goto err;
+        if (!(ad->method = OBJ_nid2obj(NID_ad_OCSP)))
+            goto err;
+        if (!(ad->location = GENERAL_NAME_new()))
+            goto err;
+        if (!(ia5 = ASN1_IA5STRING_new()))
+            goto err;
+        if (!ASN1_STRING_set((ASN1_STRING *)ia5, *urls, -1))
+            goto err;
+        ad->location->type = GEN_URI;
+        ad->location->d.ia5 = ia5;
+        if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad))
+            goto err;
+        urls++;
+    }
+    if (!(x = X509_EXTENSION_new()))
+        goto err;
+    if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator)))
+        goto err;
+    if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC, x->value,
+                                i2d_OCSP_SERVICELOC, sloc, NULL)))
+         goto err;
+    OCSP_SERVICELOC_free(sloc);
+    return x;
+ err:
+    if (x)
+        X509_EXTENSION_free(x);
+    if (sloc)
+        OCSP_SERVICELOC_free(sloc);
+    return NULL;
+}
diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c
index fb87cd76..67546428 100644
--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c
+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ht.c
@@ -1,6 +1,7 @@
 /* ocsp_ht.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2006.
  */
 /* ====================================================================
  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -66,416 +67,378 @@
 #include <openssl/err.h>
 #include <openssl/buffer.h>
 #ifdef OPENSSL_SYS_SUNOS
-#define strtoul (unsigned long)strtol
-#endif /* OPENSSL_SYS_SUNOS */
+# define strtoul (unsigned long)strtol
+#endif                          /* OPENSSL_SYS_SUNOS */
 
 /* Stateful OCSP request code, supporting non-blocking I/O */
 
 /* Opaque OCSP request status structure */
 
 struct ocsp_req_ctx_st {
-	int state;		/* Current I/O state */
-	unsigned char *iobuf;	/* Line buffer */
-	int iobuflen;		/* Line buffer length */
-	BIO *io;		/* BIO to perform I/O with */
-	BIO *mem;		/* Memory BIO response is built into */
-	unsigned long asn1_len;	/* ASN1 length of response */
-	};
+    int state;                  /* Current I/O state */
+    unsigned char *iobuf;       /* Line buffer */
+    int iobuflen;               /* Line buffer length */
+    BIO *io;                    /* BIO to perform I/O with */
+    BIO *mem;                   /* Memory BIO response is built into */
+    unsigned long asn1_len;     /* ASN1 length of response */
+};
 
-#define OCSP_MAX_REQUEST_LENGTH	(100 * 1024)
-#define OCSP_MAX_LINE_LEN	4096;
+#define OCSP_MAX_REQUEST_LENGTH (100 * 1024)
+#define OCSP_MAX_LINE_LEN       4096;
 
 /* OCSP states */
 
 /* If set no reading should be performed */
-#define OHS_NOREAD		0x1000
+#define OHS_NOREAD              0x1000
 /* Error condition */
-#define OHS_ERROR		(0 | OHS_NOREAD)
+#define OHS_ERROR               (0 | OHS_NOREAD)
 /* First line being read */
-#define OHS_FIRSTLINE		1
+#define OHS_FIRSTLINE           1
 /* MIME headers being read */
-#define OHS_HEADERS		2
+#define OHS_HEADERS             2
 /* OCSP initial header (tag + length) being read */
-#define OHS_ASN1_HEADER		3
+#define OHS_ASN1_HEADER         3
 /* OCSP content octets being read */
-#define OHS_ASN1_CONTENT	4
+#define OHS_ASN1_CONTENT        4
 /* Request being sent */
-#define OHS_ASN1_WRITE		(6 | OHS_NOREAD)
+#define OHS_ASN1_WRITE          (6 | OHS_NOREAD)
 /* Request being flushed */
-#define OHS_ASN1_FLUSH		(7 | OHS_NOREAD)
+#define OHS_ASN1_FLUSH          (7 | OHS_NOREAD)
 /* Completed */
-#define OHS_DONE		(8 | OHS_NOREAD)
-
+#define OHS_DONE                (8 | OHS_NOREAD)
 
 static int parse_http_line1(char *line);
 
 void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
-	{
-	if (rctx->mem)
-		BIO_free(rctx->mem);
-	if (rctx->iobuf)
-		OPENSSL_free(rctx->iobuf);
-	OPENSSL_free(rctx);
-	}
+{
+    if (rctx->mem)
+        BIO_free(rctx->mem);
+    if (rctx->iobuf)
+        OPENSSL_free(rctx->iobuf);
+    OPENSSL_free(rctx);
+}
 
 OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
-								int maxline)
-	{
-	static char post_hdr[] = "POST %s HTTP/1.0\r\n"
-	"Content-Type: application/ocsp-request\r\n"
-	"Content-Length: %d\r\n\r\n";
-
-	OCSP_REQ_CTX *rctx;
-	rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
-	rctx->state = OHS_FIRSTLINE;
-	rctx->mem = BIO_new(BIO_s_mem());
-	rctx->io = io;
-	if (maxline > 0)
-		rctx->iobuflen = maxline;
-	else
-		rctx->iobuflen = OCSP_MAX_LINE_LEN;
-	rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
-	if (!path)
-		path = "/";
-
-        if (BIO_printf(rctx->mem, post_hdr, path,
-				i2d_OCSP_REQUEST(req, NULL)) <= 0)
-		{
-		rctx->state = OHS_ERROR;
-		return 0;
-		}
-        if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0)
-		{
-		rctx->state = OHS_ERROR;
-		return 0;
-		}
-	rctx->state = OHS_ASN1_WRITE;
-	rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
-
-	return rctx;
-	}
-
-/* Parse the HTTP response. This will look like this:
- * "HTTP/1.0 200 OK". We need to obtain the numeric code and
- * (optional) informational message.
+                               int maxline)
+{
+    static char post_hdr[] = "POST %s HTTP/1.0\r\n"
+        "Content-Type: application/ocsp-request\r\n"
+        "Content-Length: %d\r\n\r\n";
+
+    OCSP_REQ_CTX *rctx;
+    rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
+    rctx->state = OHS_FIRSTLINE;
+    rctx->mem = BIO_new(BIO_s_mem());
+    rctx->io = io;
+    if (maxline > 0)
+        rctx->iobuflen = maxline;
+    else
+        rctx->iobuflen = OCSP_MAX_LINE_LEN;
+    rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
+    if (!path)
+        path = "/";
+
+    if (BIO_printf(rctx->mem, post_hdr, path,
+                   i2d_OCSP_REQUEST(req, NULL)) <= 0) {
+        rctx->state = OHS_ERROR;
+        return 0;
+    }
+    if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) {
+        rctx->state = OHS_ERROR;
+        return 0;
+    }
+    rctx->state = OHS_ASN1_WRITE;
+    rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
+
+    return rctx;
+}
+
+/*
+ * Parse the HTTP response. This will look like this: "HTTP/1.0 200 OK". We
+ * need to obtain the numeric code and (optional) informational message.
  */
 
 static int parse_http_line1(char *line)
-	{
-	int retcode;
-	char *p, *q, *r;
-	/* Skip to first white space (passed protocol info) */
-
-	for(p = line; *p && !isspace((unsigned char)*p); p++)
-		continue;
-	if(!*p)
-		{
-		OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
-					OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-		return 0;
-		}
-
-	/* Skip past white space to start of response code */
-	while(*p && isspace((unsigned char)*p))
-		p++;
-
-	if(!*p)
-		{
-		OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
-					OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-		return 0;
-		}
-
-	/* Find end of response code: first whitespace after start of code */
-	for(q = p; *q && !isspace((unsigned char)*q); q++)
-		continue;
-
-	if(!*q)
-		{
-		OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
-					OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-		return 0;
-		}
-
-	/* Set end of response code and start of message */ 
-	*q++ = 0;
-
-	/* Attempt to parse numeric code */
-	retcode = strtoul(p, &r, 10);
-
-	if(*r)
-		return 0;
-
-	/* Skip over any leading white space in message */
-	while(*q && isspace((unsigned char)*q))
-		q++;
-
-	if(*q)
-		{
-		/* Finally zap any trailing white space in message (include
-		 * CRLF) */
-
-		/* We know q has a non white space character so this is OK */
-		for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--)
-			*r = 0;
-		}
-	if(retcode != 200)
-		{
-		OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR);
-		if(!*q)
-			ERR_add_error_data(2, "Code=", p);
-		else
-			ERR_add_error_data(4, "Code=", p, ",Reason=", q);
-		return 0;
-		}
-
-
-	return 1;
-
-	}
+{
+    int retcode;
+    char *p, *q, *r;
+    /* Skip to first white space (passed protocol info) */
+
+    for (p = line; *p && !isspace((unsigned char)*p); p++)
+        continue;
+    if (!*p) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+        return 0;
+    }
+
+    /* Skip past white space to start of response code */
+    while (*p && isspace((unsigned char)*p))
+        p++;
+
+    if (!*p) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+        return 0;
+    }
+
+    /* Find end of response code: first whitespace after start of code */
+    for (q = p; *q && !isspace((unsigned char)*q); q++)
+        continue;
+
+    if (!*q) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
+        return 0;
+    }
+
+    /* Set end of response code and start of message */
+    *q++ = 0;
+
+    /* Attempt to parse numeric code */
+    retcode = strtoul(p, &r, 10);
+
+    if (*r)
+        return 0;
+
+    /* Skip over any leading white space in message */
+    while (*q && isspace((unsigned char)*q))
+        q++;
+
+    if (*q) {
+        /*
+         * Finally zap any trailing white space in message (include CRLF)
+         */
+
+        /* We know q has a non white space character so this is OK */
+        for (r = q + strlen(q) - 1; isspace((unsigned char)*r); r--)
+            *r = 0;
+    }
+    if (retcode != 200) {
+        OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR);
+        if (!*q)
+            ERR_add_error_data(2, "Code=", p);
+        else
+            ERR_add_error_data(4, "Code=", p, ",Reason=", q);
+        return 0;
+    }
+
+    return 1;
+
+}
 
 int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
-	{
-	int i, n;
-	const unsigned char *p;
-	next_io:
-	if (!(rctx->state & OHS_NOREAD))
-		{
-		n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen);
-
-		if (n <= 0)
-			{
-			if (BIO_should_retry(rctx->io))
-				return -1;
-			return 0;
-			}
-
-		/* Write data to memory BIO */
-
-		if (BIO_write(rctx->mem, rctx->iobuf, n) != n)
-			return 0;
-		}
-
-	switch(rctx->state)
-		{
-
-		case OHS_ASN1_WRITE:
-		n = BIO_get_mem_data(rctx->mem, &p);
-
-		i = BIO_write(rctx->io,
-			p + (n - rctx->asn1_len), rctx->asn1_len);
-
-		if (i <= 0)
-			{
-			if (BIO_should_retry(rctx->io))
-				return -1;
-			rctx->state = OHS_ERROR;
-			return 0;
-			}
-
-		rctx->asn1_len -= i;
-
-		if (rctx->asn1_len > 0)
-			goto next_io;
-
-		rctx->state = OHS_ASN1_FLUSH;
-
-		(void)BIO_reset(rctx->mem);
-
-		case OHS_ASN1_FLUSH:
-
-		i = BIO_flush(rctx->io);
-
-		if (i > 0)
-			{
-			rctx->state = OHS_FIRSTLINE;
-			goto next_io;
-			}
-
-		if (BIO_should_retry(rctx->io))
-			return -1;
-
-		rctx->state = OHS_ERROR;
-		return 0;
-
-		case OHS_ERROR:
-		return 0;
-
-		case OHS_FIRSTLINE:
-		case OHS_HEADERS:
-
-		/* Attempt to read a line in */
-
-		next_line:
-		/* Due to &%^*$" memory BIO behaviour with BIO_gets we
-		 * have to check there's a complete line in there before
-		 * calling BIO_gets or we'll just get a partial read.
-		 */
-		n = BIO_get_mem_data(rctx->mem, &p);
-		if ((n <= 0) || !memchr(p, '\n', n))
-			{
-			if (n >= rctx->iobuflen)
-				{
-				rctx->state = OHS_ERROR;
-				return 0;
-				}
-			goto next_io;
-			}
-		n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen);
-
-		if (n <= 0)
-			{
-			if (BIO_should_retry(rctx->mem))
-				goto next_io;
-			rctx->state = OHS_ERROR;
-			return 0;
-			}
-
-		/* Don't allow excessive lines */
-		if (n == rctx->iobuflen)
-			{
-			rctx->state = OHS_ERROR;
-			return 0;
-			}
-
-		/* First line */
-		if (rctx->state == OHS_FIRSTLINE)
-			{
-			if (parse_http_line1((char *)rctx->iobuf))
-				{
-				rctx->state = OHS_HEADERS;
-				goto next_line;
-				}
-			else
-				{
-				rctx->state = OHS_ERROR;
-				return 0;
-				}
-			}
-		else
-			{
-			/* Look for blank line: end of headers */
-			for (p = rctx->iobuf; *p; p++)
-				{
-				if ((*p != '\r') && (*p != '\n'))
-					break;
-				}
-			if (*p)
-				goto next_line;
-
-			rctx->state = OHS_ASN1_HEADER;
-
-			}
- 
-		/* Fall thru */
-
-
-		case OHS_ASN1_HEADER:
-		/* Now reading ASN1 header: can read at least 2 bytes which
-		 * is enough for ASN1 SEQUENCE header and either length field
-		 * or at least the length of the length field.
-		 */
-		n = BIO_get_mem_data(rctx->mem, &p);
-		if (n < 2)
-			goto next_io;
-
-		/* Check it is an ASN1 SEQUENCE */
-		if (*p++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
-			{
-			rctx->state = OHS_ERROR;
-			return 0;
-			}
-
-		/* Check out length field */
-		if (*p & 0x80)
-			{
-			/* If MSB set on initial length octet we can now
-			 * always read 6 octets: make sure we have them.
-			 */
-			if (n < 6)
-				goto next_io;
-			n = *p & 0x7F;
-			/* Not NDEF or excessive length */
-			if (!n || (n > 4))
-				{
-				rctx->state = OHS_ERROR;
-				return 0;
-				}
-			p++;
-			rctx->asn1_len = 0;
-			for (i = 0; i < n; i++)
-				{
-				rctx->asn1_len <<= 8;
-				rctx->asn1_len |= *p++;
-				}
-
-			if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH)
-				{
-				rctx->state = OHS_ERROR;
-				return 0;
-				}
-
-			rctx->asn1_len += n + 2;
-			}
-		else
-			rctx->asn1_len = *p + 2;
-
-		rctx->state = OHS_ASN1_CONTENT;
-
-		/* Fall thru */
-		
-		case OHS_ASN1_CONTENT:
-		n = BIO_get_mem_data(rctx->mem, &p);
-		if (n < (int)rctx->asn1_len)
-			goto next_io;
-
-
-		*presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len);
-		if (*presp)
-			{
-			rctx->state = OHS_DONE;
-			return 1;
-			}
-
-		rctx->state = OHS_ERROR;
-		return 0;
-
-		break;
-
-		case OHS_DONE:
-		return 1;
-
-		}
-
-
-
-	return 0;
-
-
-	}
+{
+    int i, n;
+    const unsigned char *p;
+ next_io:
+    if (!(rctx->state & OHS_NOREAD)) {
+        n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen);
+
+        if (n <= 0) {
+            if (BIO_should_retry(rctx->io))
+                return -1;
+            return 0;
+        }
+
+        /* Write data to memory BIO */
+
+        if (BIO_write(rctx->mem, rctx->iobuf, n) != n)
+            return 0;
+    }
+
+    switch (rctx->state) {
+
+    case OHS_ASN1_WRITE:
+        n = BIO_get_mem_data(rctx->mem, &p);
+
+        i = BIO_write(rctx->io, p + (n - rctx->asn1_len), rctx->asn1_len);
+
+        if (i <= 0) {
+            if (BIO_should_retry(rctx->io))
+                return -1;
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        rctx->asn1_len -= i;
+
+        if (rctx->asn1_len > 0)
+            goto next_io;
+
+        rctx->state = OHS_ASN1_FLUSH;
+
+        (void)BIO_reset(rctx->mem);
+
+    case OHS_ASN1_FLUSH:
+
+        i = BIO_flush(rctx->io);
+
+        if (i > 0) {
+            rctx->state = OHS_FIRSTLINE;
+            goto next_io;
+        }
+
+        if (BIO_should_retry(rctx->io))
+            return -1;
+
+        rctx->state = OHS_ERROR;
+        return 0;
+
+    case OHS_ERROR:
+        return 0;
+
+    case OHS_FIRSTLINE:
+    case OHS_HEADERS:
+
+        /* Attempt to read a line in */
+
+ next_line:
+        /*
+         * Due to &%^*$" memory BIO behaviour with BIO_gets we have to check
+         * there's a complete line in there before calling BIO_gets or we'll
+         * just get a partial read.
+         */
+        n = BIO_get_mem_data(rctx->mem, &p);
+        if ((n <= 0) || !memchr(p, '\n', n)) {
+            if (n >= rctx->iobuflen) {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+            goto next_io;
+        }
+        n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen);
+
+        if (n <= 0) {
+            if (BIO_should_retry(rctx->mem))
+                goto next_io;
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        /* Don't allow excessive lines */
+        if (n == rctx->iobuflen) {
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        /* First line */
+        if (rctx->state == OHS_FIRSTLINE) {
+            if (parse_http_line1((char *)rctx->iobuf)) {
+                rctx->state = OHS_HEADERS;
+                goto next_line;
+            } else {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+        } else {
+            /* Look for blank line: end of headers */
+            for (p = rctx->iobuf; *p; p++) {
+                if ((*p != '\r') && (*p != '\n'))
+                    break;
+            }
+            if (*p)
+                goto next_line;
+
+            rctx->state = OHS_ASN1_HEADER;
+
+        }
+
+        /* Fall thru */
+
+    case OHS_ASN1_HEADER:
+        /*
+         * Now reading ASN1 header: can read at least 2 bytes which is enough
+         * for ASN1 SEQUENCE header and either length field or at least the
+         * length of the length field.
+         */
+        n = BIO_get_mem_data(rctx->mem, &p);
+        if (n < 2)
+            goto next_io;
+
+        /* Check it is an ASN1 SEQUENCE */
+        if (*p++ != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) {
+            rctx->state = OHS_ERROR;
+            return 0;
+        }
+
+        /* Check out length field */
+        if (*p & 0x80) {
+            /*
+             * If MSB set on initial length octet we can now always read 6
+             * octets: make sure we have them.
+             */
+            if (n < 6)
+                goto next_io;
+            n = *p & 0x7F;
+            /* Not NDEF or excessive length */
+            if (!n || (n > 4)) {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+            p++;
+            rctx->asn1_len = 0;
+            for (i = 0; i < n; i++) {
+                rctx->asn1_len <<= 8;
+                rctx->asn1_len |= *p++;
+            }
+
+            if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH) {
+                rctx->state = OHS_ERROR;
+                return 0;
+            }
+
+            rctx->asn1_len += n + 2;
+        } else
+            rctx->asn1_len = *p + 2;
+
+        rctx->state = OHS_ASN1_CONTENT;
+
+        /* Fall thru */
+
+    case OHS_ASN1_CONTENT:
+        n = BIO_get_mem_data(rctx->mem, &p);
+        if (n < (int)rctx->asn1_len)
+            goto next_io;
+
+        *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len);
+        if (*presp) {
+            rctx->state = OHS_DONE;
+            return 1;
+        }
+
+        rctx->state = OHS_ERROR;
+        return 0;
+
+        break;
+
+    case OHS_DONE:
+        return 1;
+
+    }
+
+    return 0;
+
+}
 
 /* Blocking OCSP request handler: now a special case of non-blocking I/O */
 
 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
-	{
-	OCSP_RESPONSE *resp = NULL;
-	OCSP_REQ_CTX *ctx;
-	int rv;
+{
+    OCSP_RESPONSE *resp = NULL;
+    OCSP_REQ_CTX *ctx;
+    int rv;
 
-	ctx = OCSP_sendreq_new(b, path, req, -1);
+    ctx = OCSP_sendreq_new(b, path, req, -1);
 
-	if (!ctx)
-		return NULL;
+    if (!ctx)
+        return NULL;
 
-	do
-		{
-		rv = OCSP_sendreq_nbio(&resp, ctx);
-		} while ((rv == -1) && BIO_should_retry(b));
+    do {
+        rv = OCSP_sendreq_nbio(&resp, ctx);
+    } while ((rv == -1) && BIO_should_retry(b));
 
-	OCSP_REQ_CTX_free(ctx);
+    OCSP_REQ_CTX_free(ctx);
 
-	if (rv)
-		return resp;
+    if (rv)
+        return resp;
 
-	return NULL;
-	}
+    return NULL;
+}
diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c
index 5883b4e0..a6686e5f 100644
--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c
+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_lib.c
@@ -1,11 +1,14 @@
 /* ocsp_lib.c */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
+/*
+ * Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project.
+ */
 
-/* History:
-   This file was transfered to Richard Levitte from CertCo by Kathy
-   Weinhold in mid-spring 2000 to be included in OpenSSL or released
-   as a patch kit. */
+/*
+ * History: This file was transfered to Richard Levitte from CertCo by Kathy
+ * Weinhold in mid-spring 2000 to be included in OpenSSL or released as a
+ * patch kit.
+ */
 
 /* ====================================================================
  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
@@ -15,7 +18,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -74,200 +77,210 @@
 
 OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer)
 {
-	X509_NAME *iname;
-	ASN1_INTEGER *serial;
-	ASN1_BIT_STRING *ikey;
+    X509_NAME *iname;
+    ASN1_INTEGER *serial;
+    ASN1_BIT_STRING *ikey;
 #ifndef OPENSSL_NO_SHA1
-	if(!dgst) dgst = EVP_sha1();
+    if (!dgst)
+        dgst = EVP_sha1();
 #endif
-	if (subject)
-		{
-		iname = X509_get_issuer_name(subject);
-		serial = X509_get_serialNumber(subject);
-		}
-	else
-		{
-		iname = X509_get_subject_name(issuer);
-		serial = NULL;
-		}
-	ikey = X509_get0_pubkey_bitstr(issuer);
-	return OCSP_cert_id_new(dgst, iname, ikey, serial);
+    if (subject) {
+        iname = X509_get_issuer_name(subject);
+        serial = X509_get_serialNumber(subject);
+    } else {
+        iname = X509_get_subject_name(issuer);
+        serial = NULL;
+    }
+    ikey = X509_get0_pubkey_bitstr(issuer);
+    return OCSP_cert_id_new(dgst, iname, ikey, serial);
 }
 
-
-OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
-			      X509_NAME *issuerName, 
-			      ASN1_BIT_STRING* issuerKey, 
-			      ASN1_INTEGER *serialNumber)
-        {
-	int nid;
-        unsigned int i;
-	X509_ALGOR *alg;
-	OCSP_CERTID *cid = NULL;
-	unsigned char md[EVP_MAX_MD_SIZE];
-
-	if (!(cid = OCSP_CERTID_new())) goto err;
-
-	alg = cid->hashAlgorithm;
-	if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);
-	if ((nid = EVP_MD_type(dgst)) == NID_undef)
-	        {
-		OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
-		goto err;
-		}
-	if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;
-	if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
-	alg->parameter->type=V_ASN1_NULL;
-
-	if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr;
-	if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
-
-	/* Calculate the issuerKey hash, excluding tag and length */
-	EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL);
-
-	if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
-
-	if (serialNumber)
-		{
-		ASN1_INTEGER_free(cid->serialNumber);
-		if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;
-		}
-	return cid;
-digerr:
-	OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
-err:
-	if (cid) OCSP_CERTID_free(cid);
-	return NULL;
-	}
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+                              X509_NAME *issuerName,
+                              ASN1_BIT_STRING *issuerKey,
+                              ASN1_INTEGER *serialNumber)
+{
+    int nid;
+    unsigned int i;
+    X509_ALGOR *alg;
+    OCSP_CERTID *cid = NULL;
+    unsigned char md[EVP_MAX_MD_SIZE];
+
+    if (!(cid = OCSP_CERTID_new()))
+        goto err;
+
+    alg = cid->hashAlgorithm;
+    if (alg->algorithm != NULL)
+        ASN1_OBJECT_free(alg->algorithm);
+    if ((nid = EVP_MD_type(dgst)) == NID_undef) {
+        OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
+        goto err;
+    }
+    if (!(alg->algorithm = OBJ_nid2obj(nid)))
+        goto err;
+    if ((alg->parameter = ASN1_TYPE_new()) == NULL)
+        goto err;
+    alg->parameter->type = V_ASN1_NULL;
+
+    if (!X509_NAME_digest(issuerName, dgst, md, &i))
+        goto digerr;
+    if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i)))
+        goto err;
+
+    /* Calculate the issuerKey hash, excluding tag and length */
+    EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL);
+
+    if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i)))
+        goto err;
+
+    if (serialNumber) {
+        ASN1_INTEGER_free(cid->serialNumber);
+        if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber)))
+            goto err;
+    }
+    return cid;
+ digerr:
+    OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
+ err:
+    if (cid)
+        OCSP_CERTID_free(cid);
+    return NULL;
+}
 
 int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
-	{
-	int ret;
-	ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
-	if (ret) return ret;
-	ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
-	if (ret) return ret;
-	return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
-	}
+{
+    int ret;
+    ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
+    if (ret)
+        return ret;
+    ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
+    if (ret)
+        return ret;
+    return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
+}
 
 int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
-	{
-	int ret;
-	ret = OCSP_id_issuer_cmp(a, b);
-	if (ret) return ret;
-	return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
-	}
-
+{
+    int ret;
+    ret = OCSP_id_issuer_cmp(a, b);
+    if (ret)
+        return ret;
+    return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
+}
 
-/* Parse a URL and split it up into host, port and path components and whether
- * it is SSL.
+/*
+ * Parse a URL and split it up into host, port and path components and
+ * whether it is SSL.
  */
 
-int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
-	{
-	char *p, *buf;
-
-	char *host, *port;
-
-	*phost = NULL;
-	*pport = NULL;
-	*ppath = NULL;
-
-	/* dup the buffer since we are going to mess with it */
-	buf = BUF_strdup(url);
-	if (!buf) goto mem_err;
-
-	/* Check for initial colon */
-	p = strchr(buf, ':');
-
-	if (!p) goto parse_err;
-
-	*(p++) = '\0';
-
-	if (!strcmp(buf, "http"))
-		{
-		*pssl = 0;
-		port = "80";
-		}
-	else if (!strcmp(buf, "https"))
-		{
-		*pssl = 1;
-		port = "443";
-		}
-	else
-		goto parse_err;
-
-	/* Check for double slash */
-	if ((p[0] != '/') || (p[1] != '/'))
-		goto parse_err;
-
-	p += 2;
-
-	host = p;
-
-	/* Check for trailing part of path */
-
-	p = strchr(p, '/');
-
-	if (!p) 
-		*ppath = BUF_strdup("/");
-	else
-		{
-		*ppath = BUF_strdup(p);
-		/* Set start of path to 0 so hostname is valid */
-		*p = '\0';
-		}
-
-	if (!*ppath) goto mem_err;
-
-	p = host;
-	if(host[0] == '[')
-		{
-		/* ipv6 literal */
-		host++;
-		p = strchr(host, ']');
-		if(!p) goto parse_err;
-		*p = '\0';
-		p++;
-		}
-
-	/* Look for optional ':' for port number */
-	if ((p = strchr(p, ':')))
-		{
-		*p = 0;
-		port = p + 1;
-		}
-	else
-		{
-		/* Not found: set default port */
-		if (*pssl) port = "443";
-		else port = "80";
-		}
-
-	*pport = BUF_strdup(port);
-	if (!*pport) goto mem_err;
-
-	*phost = BUF_strdup(host);
-
-	if (!*phost) goto mem_err;
-
-	OPENSSL_free(buf);
-
-	return 1;
-
-	mem_err:
-	OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
-	goto err;
-
-	parse_err:
-	OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
-
+int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath,
+                   int *pssl)
+{
+    char *p, *buf;
+
+    char *host, *port;
+
+    *phost = NULL;
+    *pport = NULL;
+    *ppath = NULL;
+
+    /* dup the buffer since we are going to mess with it */
+    buf = BUF_strdup(url);
+    if (!buf)
+        goto mem_err;
+
+    /* Check for initial colon */
+    p = strchr(buf, ':');
+
+    if (!p)
+        goto parse_err;
+
+    *(p++) = '\0';
+
+    if (!strcmp(buf, "http")) {
+        *pssl = 0;
+        port = "80";
+    } else if (!strcmp(buf, "https")) {
+        *pssl = 1;
+        port = "443";
+    } else
+        goto parse_err;
+
+    /* Check for double slash */
+    if ((p[0] != '/') || (p[1] != '/'))
+        goto parse_err;
+
+    p += 2;
+
+    host = p;
+
+    /* Check for trailing part of path */
+
+    p = strchr(p, '/');
+
+    if (!p)
+        *ppath = BUF_strdup("/");
+    else {
+        *ppath = BUF_strdup(p);
+        /* Set start of path to 0 so hostname is valid */
+        *p = '\0';
+    }
+
+    if (!*ppath)
+        goto mem_err;
+
+    p = host;
+    if (host[0] == '[') {
+        /* ipv6 literal */
+        host++;
+        p = strchr(host, ']');
+        if (!p)
+            goto parse_err;
+        *p = '\0';
+        p++;
+    }
+
+    /* Look for optional ':' for port number */
+    if ((p = strchr(p, ':'))) {
+        *p = 0;
+        port = p + 1;
+    } else {
+        /* Not found: set default port */
+        if (*pssl)
+            port = "443";
+        else
+            port = "80";
+    }
+
+    *pport = BUF_strdup(port);
+    if (!*pport)
+        goto mem_err;
+
+    *phost = BUF_strdup(host);
+
+    if (!*phost)
+        goto mem_err;
+
+    OPENSSL_free(buf);
+
+    return 1;
+
+ mem_err:
+    OCSPerr(OCSP_F_OCSP_PARSE_URL, ERR_R_MALLOC_FAILURE);
+    goto err;
+
+ parse_err:
+    OCSPerr(OCSP_F_OCSP_PARSE_URL, OCSP_R_ERROR_PARSING_URL);
+
+ err:
+    if (buf)
+        OPENSSL_free(buf);
+    if (*ppath)
+        OPENSSL_free(*ppath);
+    if (*pport)
+        OPENSSL_free(*pport);
+    if (*phost)
+        OPENSSL_free(*phost);
+    return 0;
 
-	err:
-	if (buf) OPENSSL_free(buf);
-	if (*ppath) OPENSSL_free(*ppath);
-	if (*pport) OPENSSL_free(*pport);
-	if (*phost) OPENSSL_free(*phost);
-	return 0;
-
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c
index b8b7871d..f6181771 100644
--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c
+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_prn.c
@@ -1,11 +1,14 @@
 /* ocsp_prn.c */
-/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
- * project. */
+/*
+ * Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project.
+ */
 
-/* History:
-   This file was originally part of ocsp.c and was transfered to Richard
-   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
-   in OpenSSL or released as a patch kit. */
+/*
+ * History: This file was originally part of ocsp.c and was transfered to
+ * Richard Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be
+ * included in OpenSSL or released as a patch kit.
+ */
 
 /* ====================================================================
  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
@@ -15,7 +18,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -66,225 +69,232 @@
 #include <openssl/ocsp.h>
 #include <openssl/pem.h>
 
-static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent)
-        {
-	BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
-	indent += 2;
-	BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
-	i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
-	BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
-	i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
-	BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
-	i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
-	BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
-	i2a_ASN1_INTEGER(bp, a->serialNumber);
-	BIO_printf(bp, "\n");
-	return 1;
-	}
+static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
+{
+    BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
+    indent += 2;
+    BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
+    i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
+    BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
+    i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
+    BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
+    i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
+    BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
+    i2a_ASN1_INTEGER(bp, a->serialNumber);
+    BIO_printf(bp, "\n");
+    return 1;
+}
 
-typedef struct
-	{
-	long t;
-	char *m;
-	} OCSP_TBLSTR;
+typedef struct {
+    long t;
+    char *m;
+} OCSP_TBLSTR;
 
 static char *table2string(long s, OCSP_TBLSTR *ts, int len)
 {
-	OCSP_TBLSTR *p;
-	for (p=ts; p < ts + len; p++)
-	        if (p->t == s)
-		         return p->m;
-	return "(UNKNOWN)";
+    OCSP_TBLSTR *p;
+    for (p = ts; p < ts + len; p++)
+        if (p->t == s)
+            return p->m;
+    return "(UNKNOWN)";
 }
 
 char *OCSP_response_status_str(long s)
-        {
-	static OCSP_TBLSTR rstat_tbl[] = {
-	        { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
-	        { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
-	        { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
-	        { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
-	        { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
-	        { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } };
-	return table2string(s, rstat_tbl, 6);
-	} 
+{
+    static OCSP_TBLSTR rstat_tbl[] = {
+        {OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful"},
+        {OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest"},
+        {OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror"},
+        {OCSP_RESPONSE_STATUS_TRYLATER, "trylater"},
+        {OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired"},
+        {OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized"}
+    };
+    return table2string(s, rstat_tbl, 6);
+}
 
 char *OCSP_cert_status_str(long s)
-        {
-	static OCSP_TBLSTR cstat_tbl[] = {
-	        { V_OCSP_CERTSTATUS_GOOD, "good" },
-	        { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
-	        { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } };
-	return table2string(s, cstat_tbl, 3);
-	} 
+{
+    static OCSP_TBLSTR cstat_tbl[] = {
+        {V_OCSP_CERTSTATUS_GOOD, "good"},
+        {V_OCSP_CERTSTATUS_REVOKED, "revoked"},
+        {V_OCSP_CERTSTATUS_UNKNOWN, "unknown"}
+    };
+    return table2string(s, cstat_tbl, 3);
+}
 
 char *OCSP_crl_reason_str(long s)
-        {
-	OCSP_TBLSTR reason_tbl[] = {
-	  { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
-          { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
-          { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
-          { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
-          { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
-          { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
-          { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
-          { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } };
-	return table2string(s, reason_tbl, 8);
-	} 
+{
+    OCSP_TBLSTR reason_tbl[] = {
+        {OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified"},
+        {OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise"},
+        {OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise"},
+        {OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged"},
+        {OCSP_REVOKED_STATUS_SUPERSEDED, "superseded"},
+        {OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation"},
+        {OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold"},
+        {OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL"}
+    };
+    return table2string(s, reason_tbl, 8);
+}
 
-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
-        {
-	int i;
-	long l;
-	OCSP_CERTID* cid = NULL;
-	OCSP_ONEREQ *one = NULL;
-	OCSP_REQINFO *inf = o->tbsRequest;
-	OCSP_SIGNATURE *sig = o->optionalSignature;
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
+{
+    int i;
+    long l;
+    OCSP_CERTID *cid = NULL;
+    OCSP_ONEREQ *one = NULL;
+    OCSP_REQINFO *inf = o->tbsRequest;
+    OCSP_SIGNATURE *sig = o->optionalSignature;
 
-	if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err;
-	l=ASN1_INTEGER_get(inf->version);
-	if (BIO_printf(bp,"    Version: %lu (0x%lx)",l+1,l) <= 0) goto err;
-	if (inf->requestorName != NULL)
-	        {
-		if (BIO_write(bp,"\n    Requestor Name: ",21) <= 0) 
-		        goto err;
-		GENERAL_NAME_print(bp, inf->requestorName);
-		}
-	if (BIO_write(bp,"\n    Requestor List:\n",21) <= 0) goto err;
-	for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++)
-	        {
-		one = sk_OCSP_ONEREQ_value(inf->requestList, i);
-		cid = one->reqCert;
-		ocsp_certid_print(bp, cid, 8);
-		if (!X509V3_extensions_print(bp,
-					"Request Single Extensions",
-					one->singleRequestExtensions, flags, 8))
-							goto err;
-		}
-	if (!X509V3_extensions_print(bp, "Request Extensions",
-			inf->requestExtensions, flags, 4))
-							goto err;
-	if (sig)
-	        {
-		X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
-		for (i=0; i<sk_X509_num(sig->certs); i++)
-			{
-			X509_print(bp, sk_X509_value(sig->certs,i));
-			PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i));
-			}
-		}
-	return 1;
-err:
-	return 0;
-	}
+    if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
+        goto err;
+    l = ASN1_INTEGER_get(inf->version);
+    if (BIO_printf(bp, "    Version: %lu (0x%lx)", l + 1, l) <= 0)
+        goto err;
+    if (inf->requestorName != NULL) {
+        if (BIO_write(bp, "\n    Requestor Name: ", 21) <= 0)
+            goto err;
+        GENERAL_NAME_print(bp, inf->requestorName);
+    }
+    if (BIO_write(bp, "\n    Requestor List:\n", 21) <= 0)
+        goto err;
+    for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) {
+        one = sk_OCSP_ONEREQ_value(inf->requestList, i);
+        cid = one->reqCert;
+        ocsp_certid_print(bp, cid, 8);
+        if (!X509V3_extensions_print(bp,
+                                     "Request Single Extensions",
+                                     one->singleRequestExtensions, flags, 8))
+            goto err;
+    }
+    if (!X509V3_extensions_print(bp, "Request Extensions",
+                                 inf->requestExtensions, flags, 4))
+        goto err;
+    if (sig) {
+        X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
+        for (i = 0; i < sk_X509_num(sig->certs); i++) {
+            X509_print(bp, sk_X509_value(sig->certs, i));
+            PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
+        }
+    }
+    return 1;
+ err:
+    return 0;
+}
 
-int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
-        {
-	int i, ret = 0;
-	long l;
-	OCSP_CERTID *cid = NULL;
-	OCSP_BASICRESP *br = NULL;
-	OCSP_RESPID *rid = NULL;
-	OCSP_RESPDATA  *rd = NULL;
-	OCSP_CERTSTATUS *cst = NULL;
-	OCSP_REVOKEDINFO *rev = NULL;
-	OCSP_SINGLERESP *single = NULL;
-	OCSP_RESPBYTES *rb = o->responseBytes;
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
+{
+    int i, ret = 0;
+    long l;
+    OCSP_CERTID *cid = NULL;
+    OCSP_BASICRESP *br = NULL;
+    OCSP_RESPID *rid = NULL;
+    OCSP_RESPDATA *rd = NULL;
+    OCSP_CERTSTATUS *cst = NULL;
+    OCSP_REVOKEDINFO *rev = NULL;
+    OCSP_SINGLERESP *single = NULL;
+    OCSP_RESPBYTES *rb = o->responseBytes;
 
-	if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err;
-	l=ASN1_ENUMERATED_get(o->responseStatus);
-	if (BIO_printf(bp,"    OCSP Response Status: %s (0x%lx)\n",
-		       OCSP_response_status_str(l), l) <= 0) goto err;
-	if (rb == NULL) return 1;
-        if (BIO_puts(bp,"    Response Type: ") <= 0)
-	        goto err;
-	if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
-	        goto err;
-	if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) 
-	        {
-		BIO_puts(bp," (unknown response type)\n");
-		return 1;
-		}
+    if (BIO_puts(bp, "OCSP Response Data:\n") <= 0)
+        goto err;
+    l = ASN1_ENUMERATED_get(o->responseStatus);
+    if (BIO_printf(bp, "    OCSP Response Status: %s (0x%lx)\n",
+                   OCSP_response_status_str(l), l) <= 0)
+        goto err;
+    if (rb == NULL)
+        return 1;
+    if (BIO_puts(bp, "    Response Type: ") <= 0)
+        goto err;
+    if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
+        goto err;
+    if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
+        BIO_puts(bp, " (unknown response type)\n");
+        return 1;
+    }
 
-	i = ASN1_STRING_length(rb->response);
-	if (!(br = OCSP_response_get1_basic(o))) goto err;
-	rd = br->tbsResponseData;
-	l=ASN1_INTEGER_get(rd->version);
-	if (BIO_printf(bp,"\n    Version: %lu (0x%lx)\n",
-		       l+1,l) <= 0) goto err;
-	if (BIO_puts(bp,"    Responder Id: ") <= 0) goto err;
+    i = ASN1_STRING_length(rb->response);
+    if (!(br = OCSP_response_get1_basic(o)))
+        goto err;
+    rd = br->tbsResponseData;
+    l = ASN1_INTEGER_get(rd->version);
+    if (BIO_printf(bp, "\n    Version: %lu (0x%lx)\n", l + 1, l) <= 0)
+        goto err;
+    if (BIO_puts(bp, "    Responder Id: ") <= 0)
+        goto err;
 
-	rid =  rd->responderId;
-	switch (rid->type)
-		{
-		case V_OCSP_RESPID_NAME:
-		        X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
-		        break;
-		case V_OCSP_RESPID_KEY:
-		        i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
-		        break;
-		}
+    rid = rd->responderId;
+    switch (rid->type) {
+    case V_OCSP_RESPID_NAME:
+        X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
+        break;
+    case V_OCSP_RESPID_KEY:
+        i2a_ASN1_STRING(bp, rid->value.byKey, V_ASN1_OCTET_STRING);
+        break;
+    }
 
-	if (BIO_printf(bp,"\n    Produced At: ")<=0) goto err;
-	if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err;
-	if (BIO_printf(bp,"\n    Responses:\n") <= 0) goto err;
-	for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++)
-	        {
-		if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue;
-		single = sk_OCSP_SINGLERESP_value(rd->responses, i);
-		cid = single->certId;
-		if(ocsp_certid_print(bp, cid, 4) <= 0) goto err;
-		cst = single->certStatus;
-		if (BIO_printf(bp,"    Cert Status: %s",
-			       OCSP_cert_status_str(cst->type)) <= 0)
-		        goto err;
-		if (cst->type == V_OCSP_CERTSTATUS_REVOKED)
-		        {
-		        rev = cst->value.revoked;
-			if (BIO_printf(bp, "\n    Revocation Time: ") <= 0) 
-			        goto err;
-			if (!ASN1_GENERALIZEDTIME_print(bp, 
-							rev->revocationTime)) 
-				goto err;
-			if (rev->revocationReason) 
-			        {
-				l=ASN1_ENUMERATED_get(rev->revocationReason);
-				if (BIO_printf(bp, 
-					 "\n    Revocation Reason: %s (0x%lx)",
-					       OCSP_crl_reason_str(l), l) <= 0)
-				        goto err;
-				}
-			}
-		if (BIO_printf(bp,"\n    This Update: ") <= 0) goto err;
-		if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) 
-			goto err;
-		if (single->nextUpdate)
-		        {
-			if (BIO_printf(bp,"\n    Next Update: ") <= 0)goto err;
-			if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
-				goto err;
-			}
-		if (BIO_write(bp,"\n",1) <= 0) goto err;
-		if (!X509V3_extensions_print(bp,
-					"Response Single Extensions",
-					single->singleExtensions, flags, 8))
-							goto err;
-		if (BIO_write(bp,"\n",1) <= 0) goto err;
-		}
-	if (!X509V3_extensions_print(bp, "Response Extensions",
-					rd->responseExtensions, flags, 4))
-							goto err;
-	if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
-							goto err;
+    if (BIO_printf(bp, "\n    Produced At: ") <= 0)
+        goto err;
+    if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt))
+        goto err;
+    if (BIO_printf(bp, "\n    Responses:\n") <= 0)
+        goto err;
+    for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) {
+        if (!sk_OCSP_SINGLERESP_value(rd->responses, i))
+            continue;
+        single = sk_OCSP_SINGLERESP_value(rd->responses, i);
+        cid = single->certId;
+        if (ocsp_certid_print(bp, cid, 4) <= 0)
+            goto err;
+        cst = single->certStatus;
+        if (BIO_printf(bp, "    Cert Status: %s",
+                       OCSP_cert_status_str(cst->type)) <= 0)
+            goto err;
+        if (cst->type == V_OCSP_CERTSTATUS_REVOKED) {
+            rev = cst->value.revoked;
+            if (BIO_printf(bp, "\n    Revocation Time: ") <= 0)
+                goto err;
+            if (!ASN1_GENERALIZEDTIME_print(bp, rev->revocationTime))
+                goto err;
+            if (rev->revocationReason) {
+                l = ASN1_ENUMERATED_get(rev->revocationReason);
+                if (BIO_printf(bp,
+                               "\n    Revocation Reason: %s (0x%lx)",
+                               OCSP_crl_reason_str(l), l) <= 0)
+                    goto err;
+            }
+        }
+        if (BIO_printf(bp, "\n    This Update: ") <= 0)
+            goto err;
+        if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
+            goto err;
+        if (single->nextUpdate) {
+            if (BIO_printf(bp, "\n    Next Update: ") <= 0)
+                goto err;
+            if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate))
+                goto err;
+        }
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+        if (!X509V3_extensions_print(bp,
+                                     "Response Single Extensions",
+                                     single->singleExtensions, flags, 8))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (!X509V3_extensions_print(bp, "Response Extensions",
+                                 rd->responseExtensions, flags, 4))
+        goto err;
+    if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
+        goto err;
 
-	for (i=0; i<sk_X509_num(br->certs); i++)
-		{
-		X509_print(bp, sk_X509_value(br->certs,i));
-		PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
-		}
+    for (i = 0; i < sk_X509_num(br->certs); i++) {
+        X509_print(bp, sk_X509_value(br->certs, i));
+        PEM_write_bio_X509(bp, sk_X509_value(br->certs, i));
+    }
 
-	ret = 1;
-err:
-	OCSP_BASICRESP_free(br);
-	return ret;
-	}
+    ret = 1;
+ err:
+    OCSP_BASICRESP_free(br);
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c
index 1c606dd0..2ec2c636 100644
--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c
+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_srv.c
@@ -1,6 +1,7 @@
 /* ocsp_srv.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -65,200 +66,206 @@
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
 
-/* Utility functions related to sending OCSP responses and extracting
+/*
+ * Utility functions related to sending OCSP responses and extracting
  * relevant information from the request.
  */
 
 int OCSP_request_onereq_count(OCSP_REQUEST *req)
-	{
-	return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
-	}
+{
+    return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
+}
 
 OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
-	{
-	return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
-	}
+{
+    return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
+}
 
 OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
-	{
-	return one->reqCert;
-	}
+{
+    return one->reqCert;
+}
 
 int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
-			ASN1_OCTET_STRING **pikeyHash,
-			ASN1_INTEGER **pserial, OCSP_CERTID *cid)
-	{
-	if (!cid) return 0;
-	if (pmd) *pmd = cid->hashAlgorithm->algorithm;
-	if(piNameHash) *piNameHash = cid->issuerNameHash;
-	if (pikeyHash) *pikeyHash = cid->issuerKeyHash;
-	if (pserial) *pserial = cid->serialNumber;
-	return 1;
-	}
+                      ASN1_OCTET_STRING **pikeyHash,
+                      ASN1_INTEGER **pserial, OCSP_CERTID *cid)
+{
+    if (!cid)
+        return 0;
+    if (pmd)
+        *pmd = cid->hashAlgorithm->algorithm;
+    if (piNameHash)
+        *piNameHash = cid->issuerNameHash;
+    if (pikeyHash)
+        *pikeyHash = cid->issuerKeyHash;
+    if (pserial)
+        *pserial = cid->serialNumber;
+    return 1;
+}
 
 int OCSP_request_is_signed(OCSP_REQUEST *req)
-	{
-	if(req->optionalSignature) return 1;
-	return 0;
-	}
+{
+    if (req->optionalSignature)
+        return 1;
+    return 0;
+}
 
 /* Create an OCSP response and encode an optional basic response */
 OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
-        {
-        OCSP_RESPONSE *rsp = NULL;
-
-	if (!(rsp = OCSP_RESPONSE_new())) goto err;
-	if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err;
-	if (!bs) return rsp;
-	if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;
-	rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
-	if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
-				goto err;
-	return rsp;
-err:
-	if (rsp) OCSP_RESPONSE_free(rsp);
-	return NULL;
-	}
-
+{
+    OCSP_RESPONSE *rsp = NULL;
+
+    if (!(rsp = OCSP_RESPONSE_new()))
+        goto err;
+    if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status)))
+        goto err;
+    if (!bs)
+        return rsp;
+    if (!(rsp->responseBytes = OCSP_RESPBYTES_new()))
+        goto err;
+    rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
+    if (!ASN1_item_pack
+        (bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
+         goto err;
+    return rsp;
+ err:
+    if (rsp)
+        OCSP_RESPONSE_free(rsp);
+    return NULL;
+}
 
 OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
-						OCSP_CERTID *cid,
-						int status, int reason,
-						ASN1_TIME *revtime,
-					ASN1_TIME *thisupd, ASN1_TIME *nextupd)
-	{
-	OCSP_SINGLERESP *single = NULL;
-	OCSP_CERTSTATUS *cs;
-	OCSP_REVOKEDINFO *ri;
-
-	if(!rsp->tbsResponseData->responses &&
-	    !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
-		goto err;
-
-	if (!(single = OCSP_SINGLERESP_new()))
-		goto err;
-
-
-
-	if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
-		goto err;
-	if (nextupd &&
-		!ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
-		goto err;
-
-	OCSP_CERTID_free(single->certId);
-
-	if(!(single->certId = OCSP_CERTID_dup(cid)))
-		goto err;
-
-	cs = single->certStatus;
-	switch(cs->type = status)
-		{
-	case V_OCSP_CERTSTATUS_REVOKED:
-		if (!revtime)
-		        {
-		        OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME);
-			goto err;
-		        }
-		if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err;
-		if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
-			goto err;	
-		if (reason != OCSP_REVOKED_STATUS_NOSTATUS)
-		        {
-			if (!(ri->revocationReason = ASN1_ENUMERATED_new())) 
-			        goto err;
-			if (!(ASN1_ENUMERATED_set(ri->revocationReason, 
-						  reason)))
-			        goto err;	
-			}
-		break;
-
-	case V_OCSP_CERTSTATUS_GOOD:
-		cs->value.good = ASN1_NULL_new();
-		break;
-
-	case V_OCSP_CERTSTATUS_UNKNOWN:
-		cs->value.unknown = ASN1_NULL_new();
-		break;
-
-	default:
-		goto err;
-
-		}
-	if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
-		goto err;
-	return single;
-err:
-	OCSP_SINGLERESP_free(single);
-	return NULL;
-	}
+                                        OCSP_CERTID *cid,
+                                        int status, int reason,
+                                        ASN1_TIME *revtime,
+                                        ASN1_TIME *thisupd,
+                                        ASN1_TIME *nextupd)
+{
+    OCSP_SINGLERESP *single = NULL;
+    OCSP_CERTSTATUS *cs;
+    OCSP_REVOKEDINFO *ri;
+
+    if (!rsp->tbsResponseData->responses &&
+        !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
+        goto err;
+
+    if (!(single = OCSP_SINGLERESP_new()))
+        goto err;
+
+    if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
+        goto err;
+    if (nextupd &&
+        !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
+        goto err;
+
+    OCSP_CERTID_free(single->certId);
+
+    if (!(single->certId = OCSP_CERTID_dup(cid)))
+        goto err;
+
+    cs = single->certStatus;
+    switch (cs->type = status) {
+    case V_OCSP_CERTSTATUS_REVOKED:
+        if (!revtime) {
+            OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, OCSP_R_NO_REVOKED_TIME);
+            goto err;
+        }
+        if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))
+            goto err;
+        if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
+            goto err;
+        if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
+            if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
+                goto err;
+            if (!(ASN1_ENUMERATED_set(ri->revocationReason, reason)))
+                goto err;
+        }
+        break;
+
+    case V_OCSP_CERTSTATUS_GOOD:
+        cs->value.good = ASN1_NULL_new();
+        break;
+
+    case V_OCSP_CERTSTATUS_UNKNOWN:
+        cs->value.unknown = ASN1_NULL_new();
+        break;
+
+    default:
+        goto err;
+
+    }
+    if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
+        goto err;
+    return single;
+ err:
+    OCSP_SINGLERESP_free(single);
+    return NULL;
+}
 
 /* Add a certificate to an OCSP request */
 
 int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
-	{
-	if (!resp->certs && !(resp->certs = sk_X509_new_null()))
-		return 0;
-
-	if(!sk_X509_push(resp->certs, cert)) return 0;
-	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
-	return 1;
-	}
-
-int OCSP_basic_sign(OCSP_BASICRESP *brsp, 
-			X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
-			STACK_OF(X509) *certs, unsigned long flags)
-        {
-	int i;
-	OCSP_RESPID *rid;
-
-	if (!X509_check_private_key(signer, key))
-		{
-		OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-		goto err;
-		}
-
-	if(!(flags & OCSP_NOCERTS))
-		{
-		if(!OCSP_basic_add1_cert(brsp, signer))
-			goto err;
-		for (i = 0; i < sk_X509_num(certs); i++)
-			{
-			X509 *tmpcert = sk_X509_value(certs, i);
-			if(!OCSP_basic_add1_cert(brsp, tmpcert))
-				goto err;
-			}
-		}
-
-	rid = brsp->tbsResponseData->responderId;
-	if (flags & OCSP_RESPID_KEY)
-		{
-		unsigned char md[SHA_DIGEST_LENGTH];
-		X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
-		if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
-			goto err;
-		if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH)))
-				goto err;
-		rid->type = V_OCSP_RESPID_KEY;
-		}
-	else
-		{
-		if (!X509_NAME_set(&rid->value.byName,
-					X509_get_subject_name(signer)))
-				goto err;
-		rid->type = V_OCSP_RESPID_NAME;
-		}
-
-	if (!(flags & OCSP_NOTIME) &&
-		!X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
-		goto err;
-
-	/* Right now, I think that not doing double hashing is the right
-	   thing.	-- Richard Levitte */
-
-	if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err;
-
-	return 1;
-err:
-	return 0;
-	}
+{
+    if (!resp->certs && !(resp->certs = sk_X509_new_null()))
+        return 0;
+
+    if (!sk_X509_push(resp->certs, cert))
+        return 0;
+    CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
+    return 1;
+}
+
+int OCSP_basic_sign(OCSP_BASICRESP *brsp,
+                    X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+                    STACK_OF(X509) *certs, unsigned long flags)
+{
+    int i;
+    OCSP_RESPID *rid;
+
+    if (!X509_check_private_key(signer, key)) {
+        OCSPerr(OCSP_F_OCSP_BASIC_SIGN,
+                OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        goto err;
+    }
+
+    if (!(flags & OCSP_NOCERTS)) {
+        if (!OCSP_basic_add1_cert(brsp, signer))
+            goto err;
+        for (i = 0; i < sk_X509_num(certs); i++) {
+            X509 *tmpcert = sk_X509_value(certs, i);
+            if (!OCSP_basic_add1_cert(brsp, tmpcert))
+                goto err;
+        }
+    }
+
+    rid = brsp->tbsResponseData->responderId;
+    if (flags & OCSP_RESPID_KEY) {
+        unsigned char md[SHA_DIGEST_LENGTH];
+        X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
+        if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
+            goto err;
+        if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH)))
+            goto err;
+        rid->type = V_OCSP_RESPID_KEY;
+    } else {
+        if (!X509_NAME_set(&rid->value.byName, X509_get_subject_name(signer)))
+            goto err;
+        rid->type = V_OCSP_RESPID_NAME;
+    }
+
+    if (!(flags & OCSP_NOTIME) &&
+        !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
+        goto err;
+
+    /*
+     * Right now, I think that not doing double hashing is the right thing.
+     * -- Richard Levitte
+     */
+
+    if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0))
+        goto err;
+
+    return 1;
+ err:
+    return 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c
index f24080fa..726ea03c 100644
--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c
+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_vfy.c
@@ -1,6 +1,7 @@
 /* ocsp_vfy.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000-2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,389 +61,377 @@
 #include <openssl/err.h>
 #include <string.h>
 
-static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
-				X509_STORE *st, unsigned long flags);
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
+                            STACK_OF(X509) *certs, X509_STORE *st,
+                            unsigned long flags);
 static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags);
-static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret);
-static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, STACK_OF(OCSP_SINGLERESP) *sresp);
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
+                             unsigned long flags);
+static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp,
+                          OCSP_CERTID **ret);
+static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
+                               STACK_OF(OCSP_SINGLERESP) *sresp);
 static int ocsp_check_delegated(X509 *x, int flags);
-static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
-				X509_STORE *st, unsigned long flags);
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
+                                X509_NAME *nm, STACK_OF(X509) *certs,
+                                X509_STORE *st, unsigned long flags);
 
 /* Verify a basic response message */
 
 int OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
-				X509_STORE *st, unsigned long flags)
-	{
-	X509 *signer, *x;
-	STACK_OF(X509) *chain = NULL;
-	X509_STORE_CTX ctx;
-	int i, ret = 0;
-	ret = ocsp_find_signer(&signer, bs, certs, st, flags);
-	if (!ret)
-		{
-		OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
-		goto end;
-		}
-	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
-		flags |= OCSP_NOVERIFY;
-	if (!(flags & OCSP_NOSIGS))
-		{
-		EVP_PKEY *skey;
-		skey = X509_get_pubkey(signer);
-		if (skey)
-			{
-			ret = OCSP_BASICRESP_verify(bs, skey, 0);
-			EVP_PKEY_free(skey);
-			}
-		if(!skey || ret <= 0)
-			{
-			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
-			goto end;
-			}
-		}
-	if (!(flags & OCSP_NOVERIFY))
-		{
-		int init_res;
-		if(flags & OCSP_NOCHAIN)
-			init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
-		else
-			init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
-		if(!init_res)
-			{
-			ret = -1;
-			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB);
-			goto end;
-			}
-
-		X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
-		ret = X509_verify_cert(&ctx);
-		chain = X509_STORE_CTX_get1_chain(&ctx);
-		X509_STORE_CTX_cleanup(&ctx);
-                if (ret <= 0)
-			{
-			i = X509_STORE_CTX_get_error(&ctx);	
-			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
-			ERR_add_error_data(2, "Verify error:",
-					X509_verify_cert_error_string(i));
-                        goto end;
-                	}
-		if(flags & OCSP_NOCHECKS)
-			{
-			ret = 1;
-			goto end;
-			}
-		/* At this point we have a valid certificate chain
-		 * need to verify it against the OCSP issuer criteria.
-		 */
-		ret = ocsp_check_issuer(bs, chain, flags);
-
-		/* If fatal error or valid match then finish */
-		if (ret != 0) goto end;
-
-		/* Easy case: explicitly trusted. Get root CA and
-		 * check for explicit trust
-		 */
-		if(flags & OCSP_NOEXPLICIT) goto end;
-
-		x = sk_X509_value(chain, sk_X509_num(chain) - 1);
-		if(X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED)
-			{
-			OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,OCSP_R_ROOT_CA_NOT_TRUSTED);
-			goto end;
-			}
-		ret = 1;
-		}
-
-
-
-	end:
-	if(chain) sk_X509_pop_free(chain, X509_free);
-	return ret;
-	}
-
-
-static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
-				X509_STORE *st, unsigned long flags)
-	{
-	X509 *signer;
-	OCSP_RESPID *rid = bs->tbsResponseData->responderId;
-	if ((signer = ocsp_find_signer_sk(certs, rid)))
-		{
-		*psigner = signer;
-		return 2;
-		}
-	if(!(flags & OCSP_NOINTERN) &&
-	    (signer = ocsp_find_signer_sk(bs->certs, rid)))
-		{
-		*psigner = signer;
-		return 1;
-		}
-	/* Maybe lookup from store if by subject name */
-
-	*psigner = NULL;
-	return 0;
-	}
+                      X509_STORE *st, unsigned long flags)
+{
+    X509 *signer, *x;
+    STACK_OF(X509) *chain = NULL;
+    X509_STORE_CTX ctx;
+    int i, ret = 0;
+    ret = ocsp_find_signer(&signer, bs, certs, st, flags);
+    if (!ret) {
+        OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
+                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+        goto end;
+    }
+    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+        flags |= OCSP_NOVERIFY;
+    if (!(flags & OCSP_NOSIGS)) {
+        EVP_PKEY *skey;
+        skey = X509_get_pubkey(signer);
+        if (skey) {
+            ret = OCSP_BASICRESP_verify(bs, skey, 0);
+            EVP_PKEY_free(skey);
+        }
+        if (!skey || ret <= 0) {
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+            goto end;
+        }
+    }
+    if (!(flags & OCSP_NOVERIFY)) {
+        int init_res;
+        if (flags & OCSP_NOCHAIN)
+            init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
+        else
+            init_res = X509_STORE_CTX_init(&ctx, st, signer, bs->certs);
+        if (!init_res) {
+            ret = -1;
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
+            goto end;
+        }
 
+        X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
+        ret = X509_verify_cert(&ctx);
+        chain = X509_STORE_CTX_get1_chain(&ctx);
+        X509_STORE_CTX_cleanup(&ctx);
+        if (ret <= 0) {
+            i = X509_STORE_CTX_get_error(&ctx);
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
+                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
+            ERR_add_error_data(2, "Verify error:",
+                               X509_verify_cert_error_string(i));
+            goto end;
+        }
+        if (flags & OCSP_NOCHECKS) {
+            ret = 1;
+            goto end;
+        }
+        /*
+         * At this point we have a valid certificate chain need to verify it
+         * against the OCSP issuer criteria.
+         */
+        ret = ocsp_check_issuer(bs, chain, flags);
+
+        /* If fatal error or valid match then finish */
+        if (ret != 0)
+            goto end;
+
+        /*
+         * Easy case: explicitly trusted. Get root CA and check for explicit
+         * trust
+         */
+        if (flags & OCSP_NOEXPLICIT)
+            goto end;
+
+        x = sk_X509_value(chain, sk_X509_num(chain) - 1);
+        if (X509_check_trust(x, NID_OCSP_sign, 0) != X509_TRUST_TRUSTED) {
+            OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, OCSP_R_ROOT_CA_NOT_TRUSTED);
+            goto end;
+        }
+        ret = 1;
+    }
+
+ end:
+    if (chain)
+        sk_X509_pop_free(chain, X509_free);
+    return ret;
+}
+
+static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
+                            STACK_OF(X509) *certs, X509_STORE *st,
+                            unsigned long flags)
+{
+    X509 *signer;
+    OCSP_RESPID *rid = bs->tbsResponseData->responderId;
+    if ((signer = ocsp_find_signer_sk(certs, rid))) {
+        *psigner = signer;
+        return 2;
+    }
+    if (!(flags & OCSP_NOINTERN) &&
+        (signer = ocsp_find_signer_sk(bs->certs, rid))) {
+        *psigner = signer;
+        return 1;
+    }
+    /* Maybe lookup from store if by subject name */
+
+    *psigner = NULL;
+    return 0;
+}
 
 static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id)
-	{
-	int i;
-	unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
-	X509 *x;
-
-	/* Easy if lookup by name */
-	if (id->type == V_OCSP_RESPID_NAME)
-		return X509_find_by_subject(certs, id->value.byName);
-
-	/* Lookup by key hash */
-
-	/* If key hash isn't SHA1 length then forget it */
-	if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL;
-	keyhash = id->value.byKey->data;
-	/* Calculate hash of each key and compare */
-	for (i = 0; i < sk_X509_num(certs); i++)
-		{
-		x = sk_X509_value(certs, i);
-		X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
-		if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
-			return x;
-		}
-	return NULL;
-	}
-
-
-static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, unsigned long flags)
-	{
-	STACK_OF(OCSP_SINGLERESP) *sresp;
-	X509 *signer, *sca;
-	OCSP_CERTID *caid = NULL;
-	int i;
-	sresp = bs->tbsResponseData->responses;
-
-	if (sk_X509_num(chain) <= 0)
-		{
-		OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
-		return -1;
-		}
-
-	/* See if the issuer IDs match. */
-	i = ocsp_check_ids(sresp, &caid);
-
-	/* If ID mismatch or other error then return */
-	if (i <= 0) return i;
-
-	signer = sk_X509_value(chain, 0);
-	/* Check to see if OCSP responder CA matches request CA */
-	if (sk_X509_num(chain) > 1)
-		{
-		sca = sk_X509_value(chain, 1);
-		i = ocsp_match_issuerid(sca, caid, sresp);
-		if (i < 0) return i;
-		if (i)
-			{
-			/* We have a match, if extensions OK then success */
-			if (ocsp_check_delegated(signer, flags)) return 1;
-			return 0;
-			}
-		}
-
-	/* Otherwise check if OCSP request signed directly by request CA */
-	return ocsp_match_issuerid(signer, caid, sresp);
-	}
-
-
-/* Check the issuer certificate IDs for equality. If there is a mismatch with the same
- * algorithm then there's no point trying to match any certificates against the issuer.
- * If the issuer IDs all match then we just need to check equality against one of them.
+{
+    int i;
+    unsigned char tmphash[SHA_DIGEST_LENGTH], *keyhash;
+    X509 *x;
+
+    /* Easy if lookup by name */
+    if (id->type == V_OCSP_RESPID_NAME)
+        return X509_find_by_subject(certs, id->value.byName);
+
+    /* Lookup by key hash */
+
+    /* If key hash isn't SHA1 length then forget it */
+    if (id->value.byKey->length != SHA_DIGEST_LENGTH)
+        return NULL;
+    keyhash = id->value.byKey->data;
+    /* Calculate hash of each key and compare */
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        x = sk_X509_value(certs, i);
+        X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL);
+        if (!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH))
+            return x;
+    }
+    return NULL;
+}
+
+static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
+                             unsigned long flags)
+{
+    STACK_OF(OCSP_SINGLERESP) *sresp;
+    X509 *signer, *sca;
+    OCSP_CERTID *caid = NULL;
+    int i;
+    sresp = bs->tbsResponseData->responses;
+
+    if (sk_X509_num(chain) <= 0) {
+        OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
+        return -1;
+    }
+
+    /* See if the issuer IDs match. */
+    i = ocsp_check_ids(sresp, &caid);
+
+    /* If ID mismatch or other error then return */
+    if (i <= 0)
+        return i;
+
+    signer = sk_X509_value(chain, 0);
+    /* Check to see if OCSP responder CA matches request CA */
+    if (sk_X509_num(chain) > 1) {
+        sca = sk_X509_value(chain, 1);
+        i = ocsp_match_issuerid(sca, caid, sresp);
+        if (i < 0)
+            return i;
+        if (i) {
+            /* We have a match, if extensions OK then success */
+            if (ocsp_check_delegated(signer, flags))
+                return 1;
+            return 0;
+        }
+    }
+
+    /* Otherwise check if OCSP request signed directly by request CA */
+    return ocsp_match_issuerid(signer, caid, sresp);
+}
+
+/*
+ * Check the issuer certificate IDs for equality. If there is a mismatch with
+ * the same algorithm then there's no point trying to match any certificates
+ * against the issuer. If the issuer IDs all match then we just need to check
+ * equality against one of them.
  */
-	
+
 static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
-	{
-	OCSP_CERTID *tmpid, *cid;
-	int i, idcount;
-
-	idcount = sk_OCSP_SINGLERESP_num(sresp);
-	if (idcount <= 0)
-		{
-		OCSPerr(OCSP_F_OCSP_CHECK_IDS, OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
-		return -1;
-		}
-
-	cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
-
-	*ret = NULL;
-
-	for (i = 1; i < idcount; i++)
-		{
-		tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
-		/* Check to see if IDs match */
-		if (OCSP_id_issuer_cmp(cid, tmpid))
-			{
-			/* If algoritm mismatch let caller deal with it */
-			if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
-					cid->hashAlgorithm->algorithm))
-					return 2;
-			/* Else mismatch */
-			return 0;
-			}
-		}
-
-	/* All IDs match: only need to check one ID */
-	*ret = cid;
-	return 1;
-	}
+{
+    OCSP_CERTID *tmpid, *cid;
+    int i, idcount;
+
+    idcount = sk_OCSP_SINGLERESP_num(sresp);
+    if (idcount <= 0) {
+        OCSPerr(OCSP_F_OCSP_CHECK_IDS,
+                OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA);
+        return -1;
+    }
+
+    cid = sk_OCSP_SINGLERESP_value(sresp, 0)->certId;
+
+    *ret = NULL;
+
+    for (i = 1; i < idcount; i++) {
+        tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
+        /* Check to see if IDs match */
+        if (OCSP_id_issuer_cmp(cid, tmpid)) {
+            /* If algoritm mismatch let caller deal with it */
+            if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
+                        cid->hashAlgorithm->algorithm))
+                return 2;
+            /* Else mismatch */
+            return 0;
+        }
+    }
 
+    /* All IDs match: only need to check one ID */
+    *ret = cid;
+    return 1;
+}
 
 static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
-			STACK_OF(OCSP_SINGLERESP) *sresp)
-	{
-	/* If only one ID to match then do it */
-	if(cid)
-		{
-		const EVP_MD *dgst;
-		X509_NAME *iname;
-		int mdlen;
-		unsigned char md[EVP_MAX_MD_SIZE];
-		if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm)))
-			{
-			OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST);
-			return -1;
-			}
-
-		mdlen = EVP_MD_size(dgst);
-		if ((cid->issuerNameHash->length != mdlen) ||
-		   (cid->issuerKeyHash->length != mdlen))
-			return 0;
-		iname = X509_get_subject_name(cert);
-		if (!X509_NAME_digest(iname, dgst, md, NULL))
-			return -1;
-		if (memcmp(md, cid->issuerNameHash->data, mdlen))
-			return 0;
-		X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
-		if (memcmp(md, cid->issuerKeyHash->data, mdlen))
-			return 0;
-
-		return 1;
-
-		}
-	else
-		{
-		/* We have to match the whole lot */
-		int i, ret;
-		OCSP_CERTID *tmpid;
-		for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++)
-			{
-			tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
-			ret = ocsp_match_issuerid(cert, tmpid, NULL);
-			if (ret <= 0) return ret;
-			}
-		return 1;
-		}
-			
-	}
+                               STACK_OF(OCSP_SINGLERESP) *sresp)
+{
+    /* If only one ID to match then do it */
+    if (cid) {
+        const EVP_MD *dgst;
+        X509_NAME *iname;
+        int mdlen;
+        unsigned char md[EVP_MAX_MD_SIZE];
+        if (!(dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))) {
+            OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
+                    OCSP_R_UNKNOWN_MESSAGE_DIGEST);
+            return -1;
+        }
+
+        mdlen = EVP_MD_size(dgst);
+        if ((cid->issuerNameHash->length != mdlen) ||
+            (cid->issuerKeyHash->length != mdlen))
+            return 0;
+        iname = X509_get_subject_name(cert);
+        if (!X509_NAME_digest(iname, dgst, md, NULL))
+            return -1;
+        if (memcmp(md, cid->issuerNameHash->data, mdlen))
+            return 0;
+        X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
+        if (memcmp(md, cid->issuerKeyHash->data, mdlen))
+            return 0;
+
+        return 1;
+
+    } else {
+        /* We have to match the whole lot */
+        int i, ret;
+        OCSP_CERTID *tmpid;
+        for (i = 0; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
+            tmpid = sk_OCSP_SINGLERESP_value(sresp, i)->certId;
+            ret = ocsp_match_issuerid(cert, tmpid, NULL);
+            if (ret <= 0)
+                return ret;
+        }
+        return 1;
+    }
+
+}
 
 static int ocsp_check_delegated(X509 *x, int flags)
-	{
-	X509_check_purpose(x, -1, 0);
-	if ((x->ex_flags & EXFLAG_XKUSAGE) &&
-	    (x->ex_xkusage & XKU_OCSP_SIGN))
-		return 1;
-	OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
-	return 0;
-	}
-
-/* Verify an OCSP request. This is fortunately much easier than OCSP
- * response verify. Just find the signers certificate and verify it
- * against a given trust value.
+{
+    X509_check_purpose(x, -1, 0);
+    if ((x->ex_flags & EXFLAG_XKUSAGE) && (x->ex_xkusage & XKU_OCSP_SIGN))
+        return 1;
+    OCSPerr(OCSP_F_OCSP_CHECK_DELEGATED, OCSP_R_MISSING_OCSPSIGNING_USAGE);
+    return 0;
+}
+
+/*
+ * Verify an OCSP request. This is fortunately much easier than OCSP response
+ * verify. Just find the signers certificate and verify it against a given
+ * trust value.
  */
 
-int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, unsigned long flags)
-        {
-	X509 *signer;
-	X509_NAME *nm;
-	GENERAL_NAME *gen;
-	int ret;
-	X509_STORE_CTX ctx;
-	if (!req->optionalSignature) 
-		{
-		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
-		return 0;
-		}
-	gen = req->tbsRequest->requestorName;
-	if (!gen || gen->type != GEN_DIRNAME)
-		{
-		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
-		return 0;
-		}
-	nm = gen->d.directoryName;
-	ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
-	if (ret <= 0)
-		{
-		OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
-		return 0;
-		}
-	if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
-		flags |= OCSP_NOVERIFY;
-	if (!(flags & OCSP_NOSIGS))
-		{
-		EVP_PKEY *skey;
-		skey = X509_get_pubkey(signer);
-		ret = OCSP_REQUEST_verify(req, skey);
-		EVP_PKEY_free(skey);
-		if(ret <= 0)
-			{
-			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
-			return 0;
-			}
-		}
-	if (!(flags & OCSP_NOVERIFY))
-		{
-		int init_res;
-		if(flags & OCSP_NOCHAIN)
-			init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
-		else
-			init_res = X509_STORE_CTX_init(&ctx, store, signer,
-					req->optionalSignature->certs);
-		if(!init_res)
-			{
-			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB);
-			return 0;
-			}
-
-		X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
-		X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
-		ret = X509_verify_cert(&ctx);
-		X509_STORE_CTX_cleanup(&ctx);
-                if (ret <= 0)
-			{
-			ret = X509_STORE_CTX_get_error(&ctx);	
-			OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,OCSP_R_CERTIFICATE_VERIFY_ERROR);
-			ERR_add_error_data(2, "Verify error:",
-					X509_verify_cert_error_string(ret));
-                        return 0;
-                	}
-		}
-	return 1;
+int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
+                        X509_STORE *store, unsigned long flags)
+{
+    X509 *signer;
+    X509_NAME *nm;
+    GENERAL_NAME *gen;
+    int ret;
+    X509_STORE_CTX ctx;
+    if (!req->optionalSignature) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
+        return 0;
+    }
+    gen = req->tbsRequest->requestorName;
+    if (!gen || gen->type != GEN_DIRNAME) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
+        return 0;
+    }
+    nm = gen->d.directoryName;
+    ret = ocsp_req_find_signer(&signer, req, nm, certs, store, flags);
+    if (ret <= 0) {
+        OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND);
+        return 0;
+    }
+    if ((ret == 2) && (flags & OCSP_TRUSTOTHER))
+        flags |= OCSP_NOVERIFY;
+    if (!(flags & OCSP_NOSIGS)) {
+        EVP_PKEY *skey;
+        skey = X509_get_pubkey(signer);
+        ret = OCSP_REQUEST_verify(req, skey);
+        EVP_PKEY_free(skey);
+        if (ret <= 0) {
+            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_SIGNATURE_FAILURE);
+            return 0;
+        }
+    }
+    if (!(flags & OCSP_NOVERIFY)) {
+        int init_res;
+        if (flags & OCSP_NOCHAIN)
+            init_res = X509_STORE_CTX_init(&ctx, store, signer, NULL);
+        else
+            init_res = X509_STORE_CTX_init(&ctx, store, signer,
+                                           req->optionalSignature->certs);
+        if (!init_res) {
+            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
+            return 0;
         }
 
-static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, X509_NAME *nm, STACK_OF(X509) *certs,
-				X509_STORE *st, unsigned long flags)
-	{
-	X509 *signer;
-	if(!(flags & OCSP_NOINTERN))
-		{
-		signer = X509_find_by_subject(req->optionalSignature->certs, nm);
-		*psigner = signer;
-		return 1;
-		}
-
-	signer = X509_find_by_subject(certs, nm);
-	if (signer)
-		{
-		*psigner = signer;
-		return 2;
-		}
-	return 0;
-	}
+        X509_STORE_CTX_set_purpose(&ctx, X509_PURPOSE_OCSP_HELPER);
+        X509_STORE_CTX_set_trust(&ctx, X509_TRUST_OCSP_REQUEST);
+        ret = X509_verify_cert(&ctx);
+        X509_STORE_CTX_cleanup(&ctx);
+        if (ret <= 0) {
+            ret = X509_STORE_CTX_get_error(&ctx);
+            OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
+                    OCSP_R_CERTIFICATE_VERIFY_ERROR);
+            ERR_add_error_data(2, "Verify error:",
+                               X509_verify_cert_error_string(ret));
+            return 0;
+        }
+    }
+    return 1;
+}
+
+static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
+                                X509_NAME *nm, STACK_OF(X509) *certs,
+                                X509_STORE *st, unsigned long flags)
+{
+    X509 *signer;
+    if (!(flags & OCSP_NOINTERN)) {
+        signer = X509_find_by_subject(req->optionalSignature->certs, nm);
+        *psigner = signer;
+        return 1;
+    }
+
+    signer = X509_find_by_subject(certs, nm);
+    if (signer) {
+        *psigner = signer;
+        return 2;
+    }
+    return 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_all.c b/Cryptlib/OpenSSL/crypto/pem/pem_all.c
index 69dd19bf..d4022aac 100644
--- a/Cryptlib/OpenSSL/crypto/pem/pem_all.c
+++ b/Cryptlib/OpenSSL/crypto/pem/pem_all.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -118,13 +118,13 @@
 #include <openssl/pkcs7.h>
 #include <openssl/pem.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 #ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
+# include <openssl/dh.h>
 #endif
 
 #ifndef OPENSSL_NO_RSA
@@ -141,342 +141,319 @@ static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey);
 IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ)
 
 IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ)
-
 IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL)
-
 IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7)
 
 IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE,
-					PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
-
-
+                 PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE)
 #ifndef OPENSSL_NO_RSA
-
-/* We treat RSA or DSA private keys as a special case.
- *
- * For private keys we read in an EVP_PKEY structure with
- * PEM_read_bio_PrivateKey() and extract the relevant private
- * key: this means can handle "traditional" and PKCS#8 formats
- * transparently.
+/*
+ * We treat RSA or DSA private keys as a special case. For private keys we
+ * read in an EVP_PKEY structure with PEM_read_bio_PrivateKey() and extract
+ * the relevant private key: this means can handle "traditional" and PKCS#8
+ * formats transparently.
  */
-
 static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa)
 {
-	RSA *rtmp;
-	if(!key) return NULL;
-	rtmp = EVP_PKEY_get1_RSA(key);
-	EVP_PKEY_free(key);
-	if(!rtmp) return NULL;
-	if(rsa) {
-		RSA_free(*rsa);
-		*rsa = rtmp;
-	}
-	return rtmp;
+    RSA *rtmp;
+    if (!key)
+        return NULL;
+    rtmp = EVP_PKEY_get1_RSA(key);
+    EVP_PKEY_free(key);
+    if (!rtmp)
+        return NULL;
+    if (rsa) {
+        RSA_free(*rsa);
+        *rsa = rtmp;
+    }
+    return rtmp;
 }
 
 RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb,
-								void *u)
+                                void *u)
 {
-	EVP_PKEY *pktmp;
-	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
-	return pkey_get_rsa(pktmp, rsa);
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+    return pkey_get_rsa(pktmp, rsa);
 }
 
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 
-RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb,
-								void *u)
+RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, void *u)
 {
-	EVP_PKEY *pktmp;
-	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
-	return pkey_get_rsa(pktmp, rsa);
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+    return pkey_get_rsa(pktmp, rsa);
 }
 
-#endif
+# endif
 
-#ifdef OPENSSL_FIPS
+# ifdef OPENSSL_FIPS
 
 int PEM_write_bio_RSAPrivateKey(BIO *bp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
+                                unsigned char *kstr, int klen,
+                                pem_password_cb *cb, void *u)
 {
-	EVP_PKEY *k;
-	int ret;
-	k = EVP_PKEY_new();
-	if (!k)
-		return 0;
-	EVP_PKEY_set1_RSA(k, x);
-
-	ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-	EVP_PKEY_free(k);
-	return ret;
+    EVP_PKEY *k;
+    int ret;
+    k = EVP_PKEY_new();
+    if (!k)
+        return 0;
+    EVP_PKEY_set1_RSA(k, x);
+
+    ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+    EVP_PKEY_free(k);
+    return ret;
 }
 
-#ifndef OPENSSL_NO_FP_API
+#  ifndef OPENSSL_NO_FP_API
 int PEM_write_RSAPrivateKey(FILE *fp, RSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
+                            unsigned char *kstr, int klen,
+                            pem_password_cb *cb, void *u)
 {
-	EVP_PKEY *k;
-	int ret;
-	k = EVP_PKEY_new();
-	if (!k)
-		return 0;
+    EVP_PKEY *k;
+    int ret;
+    k = EVP_PKEY_new();
+    if (!k)
+        return 0;
 
-	EVP_PKEY_set1_RSA(k, x);
+    EVP_PKEY_set1_RSA(k, x);
 
-	ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-	EVP_PKEY_free(k);
-	return ret;
+    ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+    EVP_PKEY_free(k);
+    return ret;
 }
-#endif
+#  endif
 
-#else
-
-IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey)
-
-#endif
-
-IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey)
-IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY)
+# else
 
+IMPLEMENT_PEM_write_cb_const(RSAPrivateKey, RSA, PEM_STRING_RSA,
+                             RSAPrivateKey)
+# endif
+IMPLEMENT_PEM_rw_const(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC,
+                       RSAPublicKey) IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA,
+                                                      PEM_STRING_PUBLIC,
+                                                      RSA_PUBKEY)
 #endif
-
 #ifndef OPENSSL_NO_DSA
-
 static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa)
 {
-	DSA *dtmp;
-	if(!key) return NULL;
-	dtmp = EVP_PKEY_get1_DSA(key);
-	EVP_PKEY_free(key);
-	if(!dtmp) return NULL;
-	if(dsa) {
-		DSA_free(*dsa);
-		*dsa = dtmp;
-	}
-	return dtmp;
+    DSA *dtmp;
+    if (!key)
+        return NULL;
+    dtmp = EVP_PKEY_get1_DSA(key);
+    EVP_PKEY_free(key);
+    if (!dtmp)
+        return NULL;
+    if (dsa) {
+        DSA_free(*dsa);
+        *dsa = dtmp;
+    }
+    return dtmp;
 }
 
 DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb,
-								void *u)
+                                void *u)
 {
-	EVP_PKEY *pktmp;
-	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
-	return pkey_get_dsa(pktmp, dsa);
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+    return pkey_get_dsa(pktmp, dsa);
 }
 
-#ifdef OPENSSL_FIPS
+# ifdef OPENSSL_FIPS
 
 int PEM_write_bio_DSAPrivateKey(BIO *bp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
+                                unsigned char *kstr, int klen,
+                                pem_password_cb *cb, void *u)
 {
-	EVP_PKEY *k;
-	int ret;
-	k = EVP_PKEY_new();
-	if (!k)
-		return 0;
-	EVP_PKEY_set1_DSA(k, x);
-
-	ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-	EVP_PKEY_free(k);
-	return ret;
+    EVP_PKEY *k;
+    int ret;
+    k = EVP_PKEY_new();
+    if (!k)
+        return 0;
+    EVP_PKEY_set1_DSA(k, x);
+
+    ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+    EVP_PKEY_free(k);
+    return ret;
 }
 
-#ifndef OPENSSL_NO_FP_API
+#  ifndef OPENSSL_NO_FP_API
 int PEM_write_DSAPrivateKey(FILE *fp, DSA *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
+                            unsigned char *kstr, int klen,
+                            pem_password_cb *cb, void *u)
 {
-	EVP_PKEY *k;
-	int ret;
-	k = EVP_PKEY_new();
-	if (!k)
-		return 0;
-	EVP_PKEY_set1_DSA(k, x);
-	ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-	EVP_PKEY_free(k);
-	return ret;
+    EVP_PKEY *k;
+    int ret;
+    k = EVP_PKEY_new();
+    if (!k)
+        return 0;
+    EVP_PKEY_set1_DSA(k, x);
+    ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+    EVP_PKEY_free(k);
+    return ret;
 }
-#endif
+#  endif
 
-#else
-
-IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey)
-
-#endif
+# else
 
-IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
-
-#ifndef OPENSSL_NO_FP_API
-
-DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb,
-								void *u)
+IMPLEMENT_PEM_write_cb_const(DSAPrivateKey, DSA, PEM_STRING_DSA,
+                             DSAPrivateKey)
+# endif
+    IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY)
+# ifndef OPENSSL_NO_FP_API
+DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, void *u)
 {
-	EVP_PKEY *pktmp;
-	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
-	return pkey_get_dsa(pktmp, dsa);
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+    return pkey_get_dsa(pktmp, dsa);
 }
 
-#endif
+# endif
 
 IMPLEMENT_PEM_rw_const(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams)
-
 #endif
-
-
 #ifndef OPENSSL_NO_EC
 static EC_KEY *pkey_get_eckey(EVP_PKEY *key, EC_KEY **eckey)
 {
-	EC_KEY *dtmp;
-	if(!key) return NULL;
-	dtmp = EVP_PKEY_get1_EC_KEY(key);
-	EVP_PKEY_free(key);
-	if(!dtmp) return NULL;
-	if(eckey) 
-	{
- 		EC_KEY_free(*eckey);
-		*eckey = dtmp;
-	}
-	return dtmp;
+    EC_KEY *dtmp;
+    if (!key)
+        return NULL;
+    dtmp = EVP_PKEY_get1_EC_KEY(key);
+    EVP_PKEY_free(key);
+    if (!dtmp)
+        return NULL;
+    if (eckey) {
+        EC_KEY_free(*eckey);
+        *eckey = dtmp;
+    }
+    return dtmp;
 }
 
 EC_KEY *PEM_read_bio_ECPrivateKey(BIO *bp, EC_KEY **key, pem_password_cb *cb,
-							void *u)
+                                  void *u)
 {
-	EVP_PKEY *pktmp;
-	pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
-	return pkey_get_eckey(pktmp, key);
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u);
+    return pkey_get_eckey(pktmp, key);
 }
 
-IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS, ECPKParameters)
-
-
-
-#ifdef OPENSSL_FIPS
-
+IMPLEMENT_PEM_rw_const(ECPKParameters, EC_GROUP, PEM_STRING_ECPARAMETERS,
+                       ECPKParameters)
+# ifdef OPENSSL_FIPS
 int PEM_write_bio_ECPrivateKey(BIO *bp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
+                               unsigned char *kstr, int klen,
+                               pem_password_cb *cb, void *u)
 {
-	EVP_PKEY *k;
-	int ret;
-	k = EVP_PKEY_new();
-	if (!k)
-		return 0;
-	EVP_PKEY_set1_EC_KEY(k, x);
-
-	ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
-	EVP_PKEY_free(k);
-	return ret;
+    EVP_PKEY *k;
+    int ret;
+    k = EVP_PKEY_new();
+    if (!k)
+        return 0;
+    EVP_PKEY_set1_EC_KEY(k, x);
+
+    ret = PEM_write_bio_PrivateKey(bp, k, enc, kstr, klen, cb, u);
+    EVP_PKEY_free(k);
+    return ret;
 }
 
-#ifndef OPENSSL_NO_FP_API
+#  ifndef OPENSSL_NO_FP_API
 int PEM_write_ECPrivateKey(FILE *fp, EC_KEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
+                           unsigned char *kstr, int klen,
+                           pem_password_cb *cb, void *u)
 {
-	EVP_PKEY *k;
-	int ret;
-	k = EVP_PKEY_new();
-	if (!k)
-		return 0;
-	EVP_PKEY_set1_EC_KEY(k, x);
-	ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
-	EVP_PKEY_free(k);
-	return ret;
+    EVP_PKEY *k;
+    int ret;
+    k = EVP_PKEY_new();
+    if (!k)
+        return 0;
+    EVP_PKEY_set1_EC_KEY(k, x);
+    ret = PEM_write_PrivateKey(fp, k, enc, kstr, klen, cb, u);
+    EVP_PKEY_free(k);
+    return ret;
 }
-#endif
-
-#else
-
-IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY, ECPrivateKey)
-
-#endif
+#  endif
 
+# else
+    IMPLEMENT_PEM_write_cb(ECPrivateKey, EC_KEY, PEM_STRING_ECPRIVATEKEY,
+                       ECPrivateKey)
+# endif
 IMPLEMENT_PEM_rw(EC_PUBKEY, EC_KEY, PEM_STRING_PUBLIC, EC_PUBKEY)
-
-#ifndef OPENSSL_NO_FP_API
- 
+# ifndef OPENSSL_NO_FP_API
 EC_KEY *PEM_read_ECPrivateKey(FILE *fp, EC_KEY **eckey, pem_password_cb *cb,
- 								void *u)
+                              void *u)
 {
-	EVP_PKEY *pktmp;
-	pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
-	return pkey_get_eckey(pktmp, eckey);
+    EVP_PKEY *pktmp;
+    pktmp = PEM_read_PrivateKey(fp, NULL, cb, u);
+    return pkey_get_eckey(pktmp, eckey);
 }
 
-#endif
+# endif
 
 #endif
 
 #ifndef OPENSSL_NO_DH
 
 IMPLEMENT_PEM_rw_const(DHparams, DH, PEM_STRING_DHPARAMS, DHparams)
-
 #endif
-
-
-/* The PrivateKey case is not that straightforward.
+/*-
+ * The PrivateKey case is not that straightforward.
  *   IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey)
  * does not work, RSA and DSA keys have specific strings.
  * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything
  * appropriate.)
  */
-
 #ifdef OPENSSL_FIPS
-
 static const char *pkey_str(EVP_PKEY *x)
-	{
-	switch (x->type)
-		{
-		case EVP_PKEY_RSA:
-		return PEM_STRING_RSA;
-
-		case EVP_PKEY_DSA:
-		return PEM_STRING_DSA;
+{
+    switch (x->type) {
+    case EVP_PKEY_RSA:
+        return PEM_STRING_RSA;
 
-		case EVP_PKEY_EC:
-		return PEM_STRING_ECPRIVATEKEY;
+    case EVP_PKEY_DSA:
+        return PEM_STRING_DSA;
 
-		default:
-		return NULL;
-		}
-	}
+    case EVP_PKEY_EC:
+        return PEM_STRING_ECPRIVATEKEY;
 
+    default:
+        return NULL;
+    }
+}
 
 int PEM_write_bio_PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-	{
-		if (FIPS_mode())
-			return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
-						(char *)kstr, klen, cb, u);
-		else
-                	return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
-			pkey_str(x), bp,(char *)x,enc,kstr,klen,cb,u);
-	}
-
-#ifndef OPENSSL_NO_FP_API
+                             unsigned char *kstr, int klen,
+                             pem_password_cb *cb, void *u)
+{
+    if (FIPS_mode())
+        return PEM_write_bio_PKCS8PrivateKey(bp, x, enc,
+                                             (char *)kstr, klen, cb, u);
+    else
+        return PEM_ASN1_write_bio((i2d_of_void *)i2d_PrivateKey,
+                                  pkey_str(x), bp, (char *)x, enc, kstr, klen,
+                                  cb, u);
+}
+
+# ifndef OPENSSL_NO_FP_API
 int PEM_write_PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-                                               unsigned char *kstr, int klen,
-                                               pem_password_cb *cb, void *u)
-	{
-		if (FIPS_mode())
-			return PEM_write_PKCS8PrivateKey(fp, x, enc,
-						(char *)kstr, klen, cb, u);
-		else
-                	return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey,
-			pkey_str(x), fp,(char *)x,enc,kstr,klen,cb,u);
-	}
-#endif
+                         unsigned char *kstr, int klen,
+                         pem_password_cb *cb, void *u)
+{
+    if (FIPS_mode())
+        return PEM_write_PKCS8PrivateKey(fp, x, enc,
+                                         (char *)kstr, klen, cb, u);
+    else
+        return PEM_ASN1_write((i2d_of_void *)i2d_PrivateKey,
+                              pkey_str(x), fp, (char *)x, enc, kstr, klen, cb,
+                              u);
+}
+# endif
 
 #else
-IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:\
-			(x->type == EVP_PKEY_RSA)?PEM_STRING_RSA:PEM_STRING_ECPRIVATEKEY), PrivateKey)
-
+IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY,
+                       ((x->type ==
+                         EVP_PKEY_DSA) ? PEM_STRING_DSA : (x->type ==
+                                                           EVP_PKEY_RSA) ?
+                        PEM_STRING_RSA : PEM_STRING_ECPRIVATEKEY), PrivateKey)
 #endif
-
-IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
-
+    IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY)
diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_err.c b/Cryptlib/OpenSSL/crypto/pem/pem_err.c
index 3133563d..7452d25e 100644
--- a/Cryptlib/OpenSSL/crypto/pem/pem_err.c
+++ b/Cryptlib/OpenSSL/crypto/pem/pem_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,71 +66,71 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PEM,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PEM,0,reason)
 
-static ERR_STRING_DATA PEM_str_functs[]=
-	{
-{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO),	"d2i_PKCS8PrivateKey_bio"},
-{ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP),	"d2i_PKCS8PrivateKey_fp"},
-{ERR_FUNC(PEM_F_DO_PK8PKEY),	"DO_PK8PKEY"},
-{ERR_FUNC(PEM_F_DO_PK8PKEY_FP),	"DO_PK8PKEY_FP"},
-{ERR_FUNC(PEM_F_LOAD_IV),	"LOAD_IV"},
-{ERR_FUNC(PEM_F_PEM_ASN1_READ),	"PEM_ASN1_read"},
-{ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO),	"PEM_ASN1_read_bio"},
-{ERR_FUNC(PEM_F_PEM_ASN1_WRITE),	"PEM_ASN1_write"},
-{ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO),	"PEM_ASN1_write_bio"},
-{ERR_FUNC(PEM_F_PEM_DEF_CALLBACK),	"PEM_def_callback"},
-{ERR_FUNC(PEM_F_PEM_DO_HEADER),	"PEM_do_header"},
-{ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY),	"PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
-{ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO),	"PEM_get_EVP_CIPHER_INFO"},
-{ERR_FUNC(PEM_F_PEM_PK8PKEY),	"PEM_PK8PKEY"},
-{ERR_FUNC(PEM_F_PEM_READ),	"PEM_read"},
-{ERR_FUNC(PEM_F_PEM_READ_BIO),	"PEM_read_bio"},
-{ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY),	"PEM_READ_BIO_PRIVATEKEY"},
-{ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY),	"PEM_READ_PRIVATEKEY"},
-{ERR_FUNC(PEM_F_PEM_SEALFINAL),	"PEM_SealFinal"},
-{ERR_FUNC(PEM_F_PEM_SEALINIT),	"PEM_SealInit"},
-{ERR_FUNC(PEM_F_PEM_SIGNFINAL),	"PEM_SignFinal"},
-{ERR_FUNC(PEM_F_PEM_WRITE),	"PEM_write"},
-{ERR_FUNC(PEM_F_PEM_WRITE_BIO),	"PEM_write_bio"},
-{ERR_FUNC(PEM_F_PEM_X509_INFO_READ),	"PEM_X509_INFO_read"},
-{ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO),	"PEM_X509_INFO_read_bio"},
-{ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO),	"PEM_X509_INFO_write_bio"},
-{0,NULL}
-	};
+static ERR_STRING_DATA PEM_str_functs[] = {
+    {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_BIO), "d2i_PKCS8PrivateKey_bio"},
+    {ERR_FUNC(PEM_F_D2I_PKCS8PRIVATEKEY_FP), "d2i_PKCS8PrivateKey_fp"},
+    {ERR_FUNC(PEM_F_DO_PK8PKEY), "DO_PK8PKEY"},
+    {ERR_FUNC(PEM_F_DO_PK8PKEY_FP), "DO_PK8PKEY_FP"},
+    {ERR_FUNC(PEM_F_LOAD_IV), "LOAD_IV"},
+    {ERR_FUNC(PEM_F_PEM_ASN1_READ), "PEM_ASN1_read"},
+    {ERR_FUNC(PEM_F_PEM_ASN1_READ_BIO), "PEM_ASN1_read_bio"},
+    {ERR_FUNC(PEM_F_PEM_ASN1_WRITE), "PEM_ASN1_write"},
+    {ERR_FUNC(PEM_F_PEM_ASN1_WRITE_BIO), "PEM_ASN1_write_bio"},
+    {ERR_FUNC(PEM_F_PEM_DEF_CALLBACK), "PEM_def_callback"},
+    {ERR_FUNC(PEM_F_PEM_DO_HEADER), "PEM_do_header"},
+    {ERR_FUNC(PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY),
+     "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"},
+    {ERR_FUNC(PEM_F_PEM_GET_EVP_CIPHER_INFO), "PEM_get_EVP_CIPHER_INFO"},
+    {ERR_FUNC(PEM_F_PEM_PK8PKEY), "PEM_PK8PKEY"},
+    {ERR_FUNC(PEM_F_PEM_READ), "PEM_read"},
+    {ERR_FUNC(PEM_F_PEM_READ_BIO), "PEM_read_bio"},
+    {ERR_FUNC(PEM_F_PEM_READ_BIO_PRIVATEKEY), "PEM_READ_BIO_PRIVATEKEY"},
+    {ERR_FUNC(PEM_F_PEM_READ_PRIVATEKEY), "PEM_READ_PRIVATEKEY"},
+    {ERR_FUNC(PEM_F_PEM_SEALFINAL), "PEM_SealFinal"},
+    {ERR_FUNC(PEM_F_PEM_SEALINIT), "PEM_SealInit"},
+    {ERR_FUNC(PEM_F_PEM_SIGNFINAL), "PEM_SignFinal"},
+    {ERR_FUNC(PEM_F_PEM_WRITE), "PEM_write"},
+    {ERR_FUNC(PEM_F_PEM_WRITE_BIO), "PEM_write_bio"},
+    {ERR_FUNC(PEM_F_PEM_X509_INFO_READ), "PEM_X509_INFO_read"},
+    {ERR_FUNC(PEM_F_PEM_X509_INFO_READ_BIO), "PEM_X509_INFO_read_bio"},
+    {ERR_FUNC(PEM_F_PEM_X509_INFO_WRITE_BIO), "PEM_X509_INFO_write_bio"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA PEM_str_reasons[]=
-	{
-{ERR_REASON(PEM_R_BAD_BASE64_DECODE)     ,"bad base64 decode"},
-{ERR_REASON(PEM_R_BAD_DECRYPT)           ,"bad decrypt"},
-{ERR_REASON(PEM_R_BAD_END_LINE)          ,"bad end line"},
-{ERR_REASON(PEM_R_BAD_IV_CHARS)          ,"bad iv chars"},
-{ERR_REASON(PEM_R_BAD_PASSWORD_READ)     ,"bad password read"},
-{ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),"error converting private key"},
-{ERR_REASON(PEM_R_NOT_DEK_INFO)          ,"not dek info"},
-{ERR_REASON(PEM_R_NOT_ENCRYPTED)         ,"not encrypted"},
-{ERR_REASON(PEM_R_NOT_PROC_TYPE)         ,"not proc type"},
-{ERR_REASON(PEM_R_NO_START_LINE)         ,"no start line"},
-{ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),"problems getting password"},
-{ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA)     ,"public key no rsa"},
-{ERR_REASON(PEM_R_READ_KEY)              ,"read key"},
-{ERR_REASON(PEM_R_SHORT_HEADER)          ,"short header"},
-{ERR_REASON(PEM_R_UNSUPPORTED_CIPHER)    ,"unsupported cipher"},
-{ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION),"unsupported encryption"},
-{0,NULL}
-	};
+static ERR_STRING_DATA PEM_str_reasons[] = {
+    {ERR_REASON(PEM_R_BAD_BASE64_DECODE), "bad base64 decode"},
+    {ERR_REASON(PEM_R_BAD_DECRYPT), "bad decrypt"},
+    {ERR_REASON(PEM_R_BAD_END_LINE), "bad end line"},
+    {ERR_REASON(PEM_R_BAD_IV_CHARS), "bad iv chars"},
+    {ERR_REASON(PEM_R_BAD_PASSWORD_READ), "bad password read"},
+    {ERR_REASON(PEM_R_ERROR_CONVERTING_PRIVATE_KEY),
+     "error converting private key"},
+    {ERR_REASON(PEM_R_NOT_DEK_INFO), "not dek info"},
+    {ERR_REASON(PEM_R_NOT_ENCRYPTED), "not encrypted"},
+    {ERR_REASON(PEM_R_NOT_PROC_TYPE), "not proc type"},
+    {ERR_REASON(PEM_R_NO_START_LINE), "no start line"},
+    {ERR_REASON(PEM_R_PROBLEMS_GETTING_PASSWORD),
+     "problems getting password"},
+    {ERR_REASON(PEM_R_PUBLIC_KEY_NO_RSA), "public key no rsa"},
+    {ERR_REASON(PEM_R_READ_KEY), "read key"},
+    {ERR_REASON(PEM_R_SHORT_HEADER), "short header"},
+    {ERR_REASON(PEM_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
+    {ERR_REASON(PEM_R_UNSUPPORTED_ENCRYPTION), "unsupported encryption"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_PEM_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(PEM_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,PEM_str_functs);
-		ERR_load_strings(0,PEM_str_reasons);
-		}
+    if (ERR_func_error_string(PEM_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, PEM_str_functs);
+        ERR_load_strings(0, PEM_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_info.c b/Cryptlib/OpenSSL/crypto/pem/pem_info.c
index 3a273f6f..91842b6c 100644
--- a/Cryptlib/OpenSSL/crypto/pem/pem_info.c
+++ b/Cryptlib/OpenSSL/crypto/pem/pem_info.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,334 +64,320 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 
 #ifndef OPENSSL_NO_FP_API
-STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
-	{
-        BIO *b;
-        STACK_OF(X509_INFO) *ret;
+STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk,
+                                        pem_password_cb *cb, void *u)
+{
+    BIO *b;
+    STACK_OF(X509_INFO) *ret;
 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		PEMerr(PEM_F_PEM_X509_INFO_READ,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_X509_INFO_read_bio(b,sk,cb,u);
-        BIO_free(b);
-        return(ret);
-	}
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_X509_INFO_READ, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_X509_INFO_read_bio(b, sk, cb, u);
+    BIO_free(b);
+    return (ret);
+}
 #endif
 
-STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u)
-	{
-	X509_INFO *xi=NULL;
-	char *name=NULL,*header=NULL;
-	void *pp;
-	unsigned char *data=NULL;
-	const unsigned char *p;
-	long len,error=0;
-	int ok=0;
-	STACK_OF(X509_INFO) *ret=NULL;
-	unsigned int i,raw;
-	d2i_of_void *d2i;
+STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk,
+                                            pem_password_cb *cb, void *u)
+{
+    X509_INFO *xi = NULL;
+    char *name = NULL, *header = NULL;
+    void *pp;
+    unsigned char *data = NULL;
+    const unsigned char *p;
+    long len, error = 0;
+    int ok = 0;
+    STACK_OF(X509_INFO) *ret = NULL;
+    unsigned int i, raw;
+    d2i_of_void *d2i;
 
-	if (sk == NULL)
-		{
-		if ((ret=sk_X509_INFO_new_null()) == NULL)
-			{
-			PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	else
-		ret=sk;
+    if (sk == NULL) {
+        if ((ret = sk_X509_INFO_new_null()) == NULL) {
+            PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    } else
+        ret = sk;
 
-	if ((xi=X509_INFO_new()) == NULL) goto err;
-	for (;;)
-		{
-		raw=0;
-		i=PEM_read_bio(bp,&name,&header,&data,&len);
-		if (i == 0)
-			{
-			error=ERR_GET_REASON(ERR_peek_last_error());
-			if (error == PEM_R_NO_START_LINE)
-				{
-				ERR_clear_error();
-				break;
-				}
-			goto err;
-			}
-start:
-		if (	(strcmp(name,PEM_STRING_X509) == 0) ||
-			(strcmp(name,PEM_STRING_X509_OLD) == 0))
-			{
-			d2i=(D2I_OF(void))d2i_X509;
-			if (xi->x509 != NULL)
-				{
-				if (!sk_X509_INFO_push(ret,xi)) goto err;
-				if ((xi=X509_INFO_new()) == NULL) goto err;
-				goto start;
-				}
-			pp=&(xi->x509);
-			}
-		else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0))
-			{
-			d2i=(D2I_OF(void))d2i_X509_AUX;
-			if (xi->x509 != NULL)
-				{
-				if (!sk_X509_INFO_push(ret,xi)) goto err;
-				if ((xi=X509_INFO_new()) == NULL) goto err;
-				goto start;
-				}
-			pp=&(xi->x509);
-			}
-		else if (strcmp(name,PEM_STRING_X509_CRL) == 0)
-			{
-			d2i=(D2I_OF(void))d2i_X509_CRL;
-			if (xi->crl != NULL)
-				{
-				if (!sk_X509_INFO_push(ret,xi)) goto err;
-				if ((xi=X509_INFO_new()) == NULL) goto err;
-				goto start;
-				}
-			pp=&(xi->crl);
-			}
-		else
+    if ((xi = X509_INFO_new()) == NULL)
+        goto err;
+    for (;;) {
+        raw = 0;
+        i = PEM_read_bio(bp, &name, &header, &data, &len);
+        if (i == 0) {
+            error = ERR_GET_REASON(ERR_peek_last_error());
+            if (error == PEM_R_NO_START_LINE) {
+                ERR_clear_error();
+                break;
+            }
+            goto err;
+        }
+ start:
+        if ((strcmp(name, PEM_STRING_X509) == 0) ||
+            (strcmp(name, PEM_STRING_X509_OLD) == 0)) {
+            d2i = (D2I_OF(void)) d2i_X509;
+            if (xi->x509 != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+            pp = &(xi->x509);
+        } else if ((strcmp(name, PEM_STRING_X509_TRUSTED) == 0)) {
+            d2i = (D2I_OF(void)) d2i_X509_AUX;
+            if (xi->x509 != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+            pp = &(xi->x509);
+        } else if (strcmp(name, PEM_STRING_X509_CRL) == 0) {
+            d2i = (D2I_OF(void)) d2i_X509_CRL;
+            if (xi->crl != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+            pp = &(xi->crl);
+        } else
 #ifndef OPENSSL_NO_RSA
-			if (strcmp(name,PEM_STRING_RSA) == 0)
-			{
-			d2i=(D2I_OF(void))d2i_RSAPrivateKey;
-			if (xi->x_pkey != NULL) 
-				{
-				if (!sk_X509_INFO_push(ret,xi)) goto err;
-				if ((xi=X509_INFO_new()) == NULL) goto err;
-				goto start;
-				}
+        if (strcmp(name, PEM_STRING_RSA) == 0) {
+            d2i = (D2I_OF(void)) d2i_RSAPrivateKey;
+            if (xi->x_pkey != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
 
-			xi->enc_data=NULL;
-			xi->enc_len=0;
+            xi->enc_data = NULL;
+            xi->enc_len = 0;
 
-			xi->x_pkey=X509_PKEY_new();
-			if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
-				goto err;
-			xi->x_pkey->dec_pkey->type=EVP_PKEY_RSA;
-			pp=&(xi->x_pkey->dec_pkey->pkey.rsa);
-			if ((int)strlen(header) > 10) /* assume encrypted */
-				raw=1;
-			}
-		else
+            xi->x_pkey = X509_PKEY_new();
+            if ((xi->x_pkey->dec_pkey = EVP_PKEY_new()) == NULL)
+                goto err;
+            xi->x_pkey->dec_pkey->type = EVP_PKEY_RSA;
+            pp = &(xi->x_pkey->dec_pkey->pkey.rsa);
+            if ((int)strlen(header) > 10) /* assume encrypted */
+                raw = 1;
+        } else
 #endif
 #ifndef OPENSSL_NO_DSA
-			if (strcmp(name,PEM_STRING_DSA) == 0)
-			{
-			d2i=(D2I_OF(void))d2i_DSAPrivateKey;
-			if (xi->x_pkey != NULL) 
-				{
-				if (!sk_X509_INFO_push(ret,xi)) goto err;
-				if ((xi=X509_INFO_new()) == NULL) goto err;
-				goto start;
-				}
+        if (strcmp(name, PEM_STRING_DSA) == 0) {
+            d2i = (D2I_OF(void)) d2i_DSAPrivateKey;
+            if (xi->x_pkey != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
 
-			xi->enc_data=NULL;
-			xi->enc_len=0;
+            xi->enc_data = NULL;
+            xi->enc_len = 0;
 
-			xi->x_pkey=X509_PKEY_new();
-			if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
-				goto err;
-			xi->x_pkey->dec_pkey->type=EVP_PKEY_DSA;
-			pp=&xi->x_pkey->dec_pkey->pkey.dsa;
-			if ((int)strlen(header) > 10) /* assume encrypted */
-				raw=1;
-			}
-		else
+            xi->x_pkey = X509_PKEY_new();
+            if ((xi->x_pkey->dec_pkey = EVP_PKEY_new()) == NULL)
+                goto err;
+            xi->x_pkey->dec_pkey->type = EVP_PKEY_DSA;
+            pp = &xi->x_pkey->dec_pkey->pkey.dsa;
+            if ((int)strlen(header) > 10) /* assume encrypted */
+                raw = 1;
+        } else
 #endif
 #ifndef OPENSSL_NO_EC
- 			if (strcmp(name,PEM_STRING_ECPRIVATEKEY) == 0)
- 			{
- 				d2i=(D2I_OF(void))d2i_ECPrivateKey;
- 				if (xi->x_pkey != NULL) 
- 				{
- 					if (!sk_X509_INFO_push(ret,xi)) goto err;
- 					if ((xi=X509_INFO_new()) == NULL) goto err;
- 						goto start;
- 				}
- 
- 			xi->enc_data=NULL;
- 			xi->enc_len=0;
- 
- 			xi->x_pkey=X509_PKEY_new();
- 			if ((xi->x_pkey->dec_pkey=EVP_PKEY_new()) == NULL)
- 				goto err;
- 			xi->x_pkey->dec_pkey->type=EVP_PKEY_EC;
- 			pp=&(xi->x_pkey->dec_pkey->pkey.ec);
- 			if ((int)strlen(header) > 10) /* assume encrypted */
- 				raw=1;
-			}
-		else
+        if (strcmp(name, PEM_STRING_ECPRIVATEKEY) == 0) {
+            d2i = (D2I_OF(void)) d2i_ECPrivateKey;
+            if (xi->x_pkey != NULL) {
+                if (!sk_X509_INFO_push(ret, xi))
+                    goto err;
+                if ((xi = X509_INFO_new()) == NULL)
+                    goto err;
+                goto start;
+            }
+
+            xi->enc_data = NULL;
+            xi->enc_len = 0;
+
+            xi->x_pkey = X509_PKEY_new();
+            if ((xi->x_pkey->dec_pkey = EVP_PKEY_new()) == NULL)
+                goto err;
+            xi->x_pkey->dec_pkey->type = EVP_PKEY_EC;
+            pp = &(xi->x_pkey->dec_pkey->pkey.ec);
+            if ((int)strlen(header) > 10) /* assume encrypted */
+                raw = 1;
+        } else
 #endif
-			{
-			d2i=NULL;
-			pp=NULL;
-			}
+        {
+            d2i = NULL;
+            pp = NULL;
+        }
 
-		if (d2i != NULL)
-			{
-			if (!raw)
-				{
-				EVP_CIPHER_INFO cipher;
+        if (d2i != NULL) {
+            if (!raw) {
+                EVP_CIPHER_INFO cipher;
 
-				if (!PEM_get_EVP_CIPHER_INFO(header,&cipher))
-					goto err;
-				if (!PEM_do_header(&cipher,data,&len,cb,u))
-					goto err;
-				p=data;
-				if (d2i(pp,&p,len) == NULL)
-					{
-					PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_ASN1_LIB);
-					goto err;
-					}
-				}
-			else
-				{ /* encrypted RSA data */
-				if (!PEM_get_EVP_CIPHER_INFO(header,
-					&xi->enc_cipher)) goto err;
-				xi->enc_data=(char *)data;
-				xi->enc_len=(int)len;
-				data=NULL;
-				}
-			}
-		else	{
-			/* unknown */
-			}
-		if (name != NULL) OPENSSL_free(name);
-		if (header != NULL) OPENSSL_free(header);
-		if (data != NULL) OPENSSL_free(data);
-		name=NULL;
-		header=NULL;
-		data=NULL;
-		}
+                if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
+                    goto err;
+                if (!PEM_do_header(&cipher, data, &len, cb, u))
+                    goto err;
+                p = data;
+                if (d2i(pp, &p, len) == NULL) {
+                    PEMerr(PEM_F_PEM_X509_INFO_READ_BIO, ERR_R_ASN1_LIB);
+                    goto err;
+                }
+            } else {            /* encrypted RSA data */
+                if (!PEM_get_EVP_CIPHER_INFO(header, &xi->enc_cipher))
+                    goto err;
+                xi->enc_data = (char *)data;
+                xi->enc_len = (int)len;
+                data = NULL;
+            }
+        } else {
+            /* unknown */
+        }
+        if (name != NULL)
+            OPENSSL_free(name);
+        if (header != NULL)
+            OPENSSL_free(header);
+        if (data != NULL)
+            OPENSSL_free(data);
+        name = NULL;
+        header = NULL;
+        data = NULL;
+    }
 
-	/* if the last one hasn't been pushed yet and there is anything
-	 * in it then add it to the stack ... 
-	 */
-	if ((xi->x509 != NULL) || (xi->crl != NULL) ||
-		(xi->x_pkey != NULL) || (xi->enc_data != NULL))
-		{
-		if (!sk_X509_INFO_push(ret,xi)) goto err;
-		xi=NULL;
-		}
-	ok=1;
-err:
-	if (xi != NULL) X509_INFO_free(xi);
-	if (!ok)
-		{
-		for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++)
-			{
-			xi=sk_X509_INFO_value(ret,i);
-			X509_INFO_free(xi);
-			}
-		if (ret != sk) sk_X509_INFO_free(ret);
-		ret=NULL;
-		}
-		
-	if (name != NULL) OPENSSL_free(name);
-	if (header != NULL) OPENSSL_free(header);
-	if (data != NULL) OPENSSL_free(data);
-	return(ret);
-	}
+    /*
+     * if the last one hasn't been pushed yet and there is anything in it
+     * then add it to the stack ...
+     */
+    if ((xi->x509 != NULL) || (xi->crl != NULL) ||
+        (xi->x_pkey != NULL) || (xi->enc_data != NULL)) {
+        if (!sk_X509_INFO_push(ret, xi))
+            goto err;
+        xi = NULL;
+    }
+    ok = 1;
+ err:
+    if (xi != NULL)
+        X509_INFO_free(xi);
+    if (!ok) {
+        for (i = 0; ((int)i) < sk_X509_INFO_num(ret); i++) {
+            xi = sk_X509_INFO_value(ret, i);
+            X509_INFO_free(xi);
+        }
+        if (ret != sk)
+            sk_X509_INFO_free(ret);
+        ret = NULL;
+    }
 
+    if (name != NULL)
+        OPENSSL_free(name);
+    if (header != NULL)
+        OPENSSL_free(header);
+    if (data != NULL)
+        OPENSSL_free(data);
+    return (ret);
+}
 
 /* A TJH addition */
 int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc,
-	     unsigned char *kstr, int klen, pem_password_cb *cb, void *u)
-	{
-	EVP_CIPHER_CTX ctx;
-	int i,ret=0;
-	unsigned char *data=NULL;
-	const char *objstr=NULL;
-	char buf[PEM_BUFSIZE];
-	unsigned char *iv=NULL;
-	
-	if (enc != NULL)
-		{
-		objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
-		if (objstr == NULL)
-			{
-			PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
-			goto err;
-			}
-		}
+                            unsigned char *kstr, int klen,
+                            pem_password_cb *cb, void *u)
+{
+    EVP_CIPHER_CTX ctx;
+    int i, ret = 0;
+    unsigned char *data = NULL;
+    const char *objstr = NULL;
+    char buf[PEM_BUFSIZE];
+    unsigned char *iv = NULL;
+
+    if (enc != NULL) {
+        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
+        if (objstr == NULL) {
+            PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
+            goto err;
+        }
+    }
 
-	/* now for the fun part ... if we have a private key then 
-	 * we have to be able to handle a not-yet-decrypted key
-	 * being written out correctly ... if it is decrypted or
-	 * it is non-encrypted then we use the base code
-	 */
-	if (xi->x_pkey!=NULL)
-		{
-		if ( (xi->enc_data!=NULL) && (xi->enc_len>0) )
-			{
-			/* copy from weirdo names into more normal things */
-			iv=xi->enc_cipher.iv;
-			data=(unsigned char *)xi->enc_data;
-			i=xi->enc_len;
+    /*
+     * now for the fun part ... if we have a private key then we have to be
+     * able to handle a not-yet-decrypted key being written out correctly ...
+     * if it is decrypted or it is non-encrypted then we use the base code
+     */
+    if (xi->x_pkey != NULL) {
+        if ((xi->enc_data != NULL) && (xi->enc_len > 0)) {
+            /* copy from weirdo names into more normal things */
+            iv = xi->enc_cipher.iv;
+            data = (unsigned char *)xi->enc_data;
+            i = xi->enc_len;
 
-			/* we take the encryption data from the
-			 * internal stuff rather than what the
-			 * user has passed us ... as we have to 
-			 * match exactly for some strange reason
-			 */
-			objstr=OBJ_nid2sn(
-				EVP_CIPHER_nid(xi->enc_cipher.cipher));
-			if (objstr == NULL)
-				{
-				PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
-				goto err;
-				}
+            /*
+             * we take the encryption data from the internal stuff rather
+             * than what the user has passed us ... as we have to match
+             * exactly for some strange reason
+             */
+            objstr = OBJ_nid2sn(EVP_CIPHER_nid(xi->enc_cipher.cipher));
+            if (objstr == NULL) {
+                PEMerr(PEM_F_PEM_X509_INFO_WRITE_BIO,
+                       PEM_R_UNSUPPORTED_CIPHER);
+                goto err;
+            }
 
-			/* create the right magic header stuff */
-			OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
-			buf[0]='\0';
-			PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
-			PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
+            /* create the right magic header stuff */
+            OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <=
+                           sizeof buf);
+            buf[0] = '\0';
+            PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
+            PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
 
-			/* use the normal code to write things out */
-			i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
-			if (i <= 0) goto err;
-			}
-		else
-			{
-			/* Add DSA/DH */
+            /* use the normal code to write things out */
+            i = PEM_write_bio(bp, PEM_STRING_RSA, buf, data, i);
+            if (i <= 0)
+                goto err;
+        } else {
+            /* Add DSA/DH */
 #ifndef OPENSSL_NO_RSA
-			/* normal optionally encrypted stuff */
-			if (PEM_write_bio_RSAPrivateKey(bp,
-				xi->x_pkey->dec_pkey->pkey.rsa,
-				enc,kstr,klen,cb,u)<=0)
-				goto err;
+            /* normal optionally encrypted stuff */
+            if (PEM_write_bio_RSAPrivateKey(bp,
+                                            xi->x_pkey->dec_pkey->pkey.rsa,
+                                            enc, kstr, klen, cb, u) <= 0)
+                goto err;
 #endif
-			}
-		}
+        }
+    }
 
-	/* if we have a certificate then write it out now */
-	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
-		goto err;
+    /* if we have a certificate then write it out now */
+    if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp, xi->x509) <= 0))
+        goto err;
 
-	/* we are ignoring anything else that is loaded into the X509_INFO
-	 * structure for the moment ... as I don't need it so I'm not
-	 * coding it here and Eric can do it when this makes it into the
-	 * base library --tjh
-	 */
+    /*
+     * we are ignoring anything else that is loaded into the X509_INFO
+     * structure for the moment ... as I don't need it so I'm not coding it
+     * here and Eric can do it when this makes it into the base library --tjh
+     */
 
-	ret=1;
+    ret = 1;
 
-err:
-	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
-	OPENSSL_cleanse(buf,PEM_BUFSIZE);
-	return(ret);
-	}
+ err:
+    OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
+    OPENSSL_cleanse(buf, PEM_BUFSIZE);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c
index 22bb791b..8febf104 100644
--- a/Cryptlib/OpenSSL/crypto/pem/pem_lib.c
+++ b/Cryptlib/OpenSSL/crypto/pem/pem_lib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -66,717 +66,725 @@
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
 #ifndef OPENSSL_NO_DES
-#include <openssl/des.h>
+# include <openssl/des.h>
 #endif
 
-const char PEM_version[]="PEM" OPENSSL_VERSION_PTEXT;
+const char PEM_version[] = "PEM" OPENSSL_VERSION_PTEXT;
 
-#define MIN_LENGTH	4
+#define MIN_LENGTH      4
 
-static int load_iv(char **fromp,unsigned char *to, int num);
+static int load_iv(char **fromp, unsigned char *to, int num);
 static int check_pem(const char *nm, const char *name);
 
 int PEM_def_callback(char *buf, int num, int w, void *key)
-	{
+{
 #ifdef OPENSSL_NO_FP_API
-	/* We should not ever call the default callback routine from
-	 * windows. */
-	PEMerr(PEM_F_PEM_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-	return(-1);
+    /*
+     * We should not ever call the default callback routine from windows.
+     */
+    PEMerr(PEM_F_PEM_DEF_CALLBACK, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
+    return (-1);
 #else
-	int i,j;
-	const char *prompt;
-	if(key) {
-		i=strlen(key);
-		i=(i > num)?num:i;
-		memcpy(buf,key,i);
-		return(i);
-	}
-
-	prompt=EVP_get_pw_prompt();
-	if (prompt == NULL)
-		prompt="Enter PEM pass phrase:";
-
-	for (;;)
-		{
-		i=EVP_read_pw_string(buf,num,prompt,w);
-		if (i != 0)
-			{
-			PEMerr(PEM_F_PEM_DEF_CALLBACK,PEM_R_PROBLEMS_GETTING_PASSWORD);
-			memset(buf,0,(unsigned int)num);
-			return(-1);
-			}
-		j=strlen(buf);
-		if (j < MIN_LENGTH)
-			{
-			fprintf(stderr,"phrase is too short, needs to be at least %d chars\n",MIN_LENGTH);
-			}
-		else
-			break;
-		}
-	return(j);
+    int i, j;
+    const char *prompt;
+    if (key) {
+        i = strlen(key);
+        i = (i > num) ? num : i;
+        memcpy(buf, key, i);
+        return (i);
+    }
+
+    prompt = EVP_get_pw_prompt();
+    if (prompt == NULL)
+        prompt = "Enter PEM pass phrase:";
+
+    for (;;) {
+        i = EVP_read_pw_string(buf, num, prompt, w);
+        if (i != 0) {
+            PEMerr(PEM_F_PEM_DEF_CALLBACK, PEM_R_PROBLEMS_GETTING_PASSWORD);
+            memset(buf, 0, (unsigned int)num);
+            return (-1);
+        }
+        j = strlen(buf);
+        if (j < MIN_LENGTH) {
+            fprintf(stderr,
+                    "phrase is too short, needs to be at least %d chars\n",
+                    MIN_LENGTH);
+        } else
+            break;
+    }
+    return (j);
 #endif
-	}
+}
 
 void PEM_proc_type(char *buf, int type)
-	{
-	const char *str;
-
-	if (type == PEM_TYPE_ENCRYPTED)
-		str="ENCRYPTED";
-	else if (type == PEM_TYPE_MIC_CLEAR)
-		str="MIC-CLEAR";
-	else if (type == PEM_TYPE_MIC_ONLY)
-		str="MIC-ONLY";
-	else
-		str="BAD-TYPE";
-		
-	BUF_strlcat(buf,"Proc-Type: 4,",PEM_BUFSIZE);
-	BUF_strlcat(buf,str,PEM_BUFSIZE);
-	BUF_strlcat(buf,"\n",PEM_BUFSIZE);
-	}
+{
+    const char *str;
+
+    if (type == PEM_TYPE_ENCRYPTED)
+        str = "ENCRYPTED";
+    else if (type == PEM_TYPE_MIC_CLEAR)
+        str = "MIC-CLEAR";
+    else if (type == PEM_TYPE_MIC_ONLY)
+        str = "MIC-ONLY";
+    else
+        str = "BAD-TYPE";
+
+    BUF_strlcat(buf, "Proc-Type: 4,", PEM_BUFSIZE);
+    BUF_strlcat(buf, str, PEM_BUFSIZE);
+    BUF_strlcat(buf, "\n", PEM_BUFSIZE);
+}
 
 void PEM_dek_info(char *buf, const char *type, int len, char *str)
-	{
-	static const unsigned char map[17]="0123456789ABCDEF";
-	long i;
-	int j;
-
-	BUF_strlcat(buf,"DEK-Info: ",PEM_BUFSIZE);
-	BUF_strlcat(buf,type,PEM_BUFSIZE);
-	BUF_strlcat(buf,",",PEM_BUFSIZE);
-	j=strlen(buf);
-	if (j + (len * 2) + 1 > PEM_BUFSIZE)
-        	return;
-	for (i=0; i<len; i++)
-		{
-		buf[j+i*2]  =map[(str[i]>>4)&0x0f];
-		buf[j+i*2+1]=map[(str[i]   )&0x0f];
-		}
-	buf[j+i*2]='\n';
-	buf[j+i*2+1]='\0';
-	}
+{
+    static const unsigned char map[17] = "0123456789ABCDEF";
+    long i;
+    int j;
+
+    BUF_strlcat(buf, "DEK-Info: ", PEM_BUFSIZE);
+    BUF_strlcat(buf, type, PEM_BUFSIZE);
+    BUF_strlcat(buf, ",", PEM_BUFSIZE);
+    j = strlen(buf);
+    if (j + (len * 2) + 1 > PEM_BUFSIZE)
+        return;
+    for (i = 0; i < len; i++) {
+        buf[j + i * 2] = map[(str[i] >> 4) & 0x0f];
+        buf[j + i * 2 + 1] = map[(str[i]) & 0x0f];
+    }
+    buf[j + i * 2] = '\n';
+    buf[j + i * 2 + 1] = '\0';
+}
 
 #ifndef OPENSSL_NO_FP_API
 void *PEM_ASN1_read(d2i_of_void *d2i, const char *name, FILE *fp, void **x,
-		    pem_password_cb *cb, void *u)
-	{
-        BIO *b;
-        void *ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		PEMerr(PEM_F_PEM_ASN1_READ,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u);
-        BIO_free(b);
-        return(ret);
-	}
+                    pem_password_cb *cb, void *u)
+{
+    BIO *b;
+    void *ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_ASN1_READ, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_ASN1_read_bio(d2i, name, b, x, cb, u);
+    BIO_free(b);
+    return (ret);
+}
 #endif
 
 static int check_pem(const char *nm, const char *name)
 {
-	/* Normal matching nm and name */
-	if (!strcmp(nm,name)) return 1;
+    /* Normal matching nm and name */
+    if (!strcmp(nm, name))
+        return 1;
 
-	/* Make PEM_STRING_EVP_PKEY match any private key */
+    /* Make PEM_STRING_EVP_PKEY match any private key */
 
-	if(!strcmp(nm,PEM_STRING_PKCS8) &&
-		!strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+    if (!strcmp(nm, PEM_STRING_PKCS8) && !strcmp(name, PEM_STRING_EVP_PKEY))
+        return 1;
 
-	if(!strcmp(nm,PEM_STRING_PKCS8INF) &&
-		 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+    if (!strcmp(nm, PEM_STRING_PKCS8INF) &&
+        !strcmp(name, PEM_STRING_EVP_PKEY))
+        return 1;
 
-	if(!strcmp(nm,PEM_STRING_RSA) &&
-		!strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+    if (!strcmp(nm, PEM_STRING_RSA) && !strcmp(name, PEM_STRING_EVP_PKEY))
+        return 1;
 
-	if(!strcmp(nm,PEM_STRING_DSA) &&
-		 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
+    if (!strcmp(nm, PEM_STRING_DSA) && !strcmp(name, PEM_STRING_EVP_PKEY))
+        return 1;
 
- 	if(!strcmp(nm,PEM_STRING_ECPRIVATEKEY) &&
- 		 !strcmp(name,PEM_STRING_EVP_PKEY)) return 1;
-	/* Permit older strings */
+    if (!strcmp(nm, PEM_STRING_ECPRIVATEKEY) &&
+        !strcmp(name, PEM_STRING_EVP_PKEY))
+        return 1;
+    /* Permit older strings */
 
-	if(!strcmp(nm,PEM_STRING_X509_OLD) &&
-		!strcmp(name,PEM_STRING_X509)) return 1;
+    if (!strcmp(nm, PEM_STRING_X509_OLD) && !strcmp(name, PEM_STRING_X509))
+        return 1;
 
-	if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) &&
-		!strcmp(name,PEM_STRING_X509_REQ)) return 1;
+    if (!strcmp(nm, PEM_STRING_X509_REQ_OLD) &&
+        !strcmp(name, PEM_STRING_X509_REQ))
+        return 1;
 
-	/* Allow normal certs to be read as trusted certs */
-	if(!strcmp(nm,PEM_STRING_X509) &&
-		!strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
+    /* Allow normal certs to be read as trusted certs */
+    if (!strcmp(nm, PEM_STRING_X509) &&
+        !strcmp(name, PEM_STRING_X509_TRUSTED))
+        return 1;
 
-	if(!strcmp(nm,PEM_STRING_X509_OLD) &&
-		!strcmp(name,PEM_STRING_X509_TRUSTED)) return 1;
+    if (!strcmp(nm, PEM_STRING_X509_OLD) &&
+        !strcmp(name, PEM_STRING_X509_TRUSTED))
+        return 1;
 
-	/* Some CAs use PKCS#7 with CERTIFICATE headers */
-	if(!strcmp(nm, PEM_STRING_X509) &&
-		!strcmp(name, PEM_STRING_PKCS7)) return 1;
+    /* Some CAs use PKCS#7 with CERTIFICATE headers */
+    if (!strcmp(nm, PEM_STRING_X509) && !strcmp(name, PEM_STRING_PKCS7))
+        return 1;
 
-	if(!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
-		!strcmp(name, PEM_STRING_PKCS7)) return 1;
+    if (!strcmp(nm, PEM_STRING_PKCS7_SIGNED) &&
+        !strcmp(name, PEM_STRING_PKCS7))
+        return 1;
 
-	return 0;
+    return 0;
 }
 
-int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp,
-	     pem_password_cb *cb, void *u)
-	{
-	EVP_CIPHER_INFO cipher;
-	char *nm=NULL,*header=NULL;
-	unsigned char *data=NULL;
-	long len;
-	int ret = 0;
-
-	for (;;)
-		{
-		if (!PEM_read_bio(bp,&nm,&header,&data,&len)) {
-			if(ERR_GET_REASON(ERR_peek_error()) ==
-				PEM_R_NO_START_LINE)
-				ERR_add_error_data(2, "Expecting: ", name);
-			return 0;
-		}
-		if(check_pem(nm, name)) break;
-		OPENSSL_free(nm);
-		OPENSSL_free(header);
-		OPENSSL_free(data);
-		}
-	if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err;
-	if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err;
-
-	*pdata = data;
-	*plen = len;
-
-	if (pnm)
-		*pnm = nm;
-
-	ret = 1;
-
-err:
-	if (!ret || !pnm) OPENSSL_free(nm);
-	OPENSSL_free(header);
-	if (!ret) OPENSSL_free(data);
-	return ret;
-	}
+int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm,
+                       const char *name, BIO *bp, pem_password_cb *cb,
+                       void *u)
+{
+    EVP_CIPHER_INFO cipher;
+    char *nm = NULL, *header = NULL;
+    unsigned char *data = NULL;
+    long len;
+    int ret = 0;
+
+    for (;;) {
+        if (!PEM_read_bio(bp, &nm, &header, &data, &len)) {
+            if (ERR_GET_REASON(ERR_peek_error()) == PEM_R_NO_START_LINE)
+                ERR_add_error_data(2, "Expecting: ", name);
+            return 0;
+        }
+        if (check_pem(nm, name))
+            break;
+        OPENSSL_free(nm);
+        OPENSSL_free(header);
+        OPENSSL_free(data);
+    }
+    if (!PEM_get_EVP_CIPHER_INFO(header, &cipher))
+        goto err;
+    if (!PEM_do_header(&cipher, data, &len, cb, u))
+        goto err;
+
+    *pdata = data;
+    *plen = len;
+
+    if (pnm)
+        *pnm = nm;
+
+    ret = 1;
+
+ err:
+    if (!ret || !pnm)
+        OPENSSL_free(nm);
+    OPENSSL_free(header);
+    if (!ret)
+        OPENSSL_free(data);
+    return ret;
+}
 
 #ifndef OPENSSL_NO_FP_API
 int PEM_ASN1_write(i2d_of_void *i2d, const char *name, FILE *fp,
-		   char *x, const EVP_CIPHER *enc, unsigned char *kstr,
-		   int klen, pem_password_cb *callback, void *u)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		PEMerr(PEM_F_PEM_ASN1_WRITE,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u);
-        BIO_free(b);
-        return(ret);
-        }
+                   char *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                   int klen, pem_password_cb *callback, void *u)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_ASN1_WRITE, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_ASN1_write_bio(i2d, name, b, x, enc, kstr, klen, callback, u);
+    BIO_free(b);
+    return (ret);
+}
 #endif
 
 int PEM_ASN1_write_bio(i2d_of_void *i2d, const char *name, BIO *bp,
-		       char *x, const EVP_CIPHER *enc, unsigned char *kstr,
-		       int klen, pem_password_cb *callback, void *u)
-	{
-	EVP_CIPHER_CTX ctx;
-	int dsize=0,i,j,ret=0;
-	unsigned char *p,*data=NULL;
-	const char *objstr=NULL;
-	char buf[PEM_BUFSIZE];
-	unsigned char key[EVP_MAX_KEY_LENGTH];
-	unsigned char iv[EVP_MAX_IV_LENGTH];
-	
-	if (enc != NULL)
-		{
-		objstr=OBJ_nid2sn(EVP_CIPHER_nid(enc));
-		if (objstr == NULL)
-			{
-			PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_UNSUPPORTED_CIPHER);
-			goto err;
-			}
-		}
-
-	if ((dsize=i2d(x,NULL)) < 0)
-		{
-		PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_ASN1_LIB);
-		dsize=0;
-		goto err;
-		}
-	/* dzise + 8 bytes are needed */
-	/* actually it needs the cipher block size extra... */
-	data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20);
-	if (data == NULL)
-		{
-		PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	p=data;
-	i=i2d(x,&p);
-
-	if (enc != NULL)
-		{
-		if (kstr == NULL)
-			{
-			if (callback == NULL)
-				klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u);
-			else
-				klen=(*callback)(buf,PEM_BUFSIZE,1,u);
-			if (klen <= 0)
-				{
-				PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY);
-				goto err;
-				}
+                       char *x, const EVP_CIPHER *enc, unsigned char *kstr,
+                       int klen, pem_password_cb *callback, void *u)
+{
+    EVP_CIPHER_CTX ctx;
+    int dsize = 0, i, j, ret = 0;
+    unsigned char *p, *data = NULL;
+    const char *objstr = NULL;
+    char buf[PEM_BUFSIZE];
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    unsigned char iv[EVP_MAX_IV_LENGTH];
+
+    if (enc != NULL) {
+        objstr = OBJ_nid2sn(EVP_CIPHER_nid(enc));
+        if (objstr == NULL) {
+            PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_UNSUPPORTED_CIPHER);
+            goto err;
+        }
+    }
+
+    if ((dsize = i2d(x, NULL)) < 0) {
+        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_ASN1_LIB);
+        dsize = 0;
+        goto err;
+    }
+    /* dzise + 8 bytes are needed */
+    /* actually it needs the cipher block size extra... */
+    data = (unsigned char *)OPENSSL_malloc((unsigned int)dsize + 20);
+    if (data == NULL) {
+        PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    p = data;
+    i = i2d(x, &p);
+
+    if (enc != NULL) {
+        if (kstr == NULL) {
+            if (callback == NULL)
+                klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
+            else
+                klen = (*callback) (buf, PEM_BUFSIZE, 1, u);
+            if (klen <= 0) {
+                PEMerr(PEM_F_PEM_ASN1_WRITE_BIO, PEM_R_READ_KEY);
+                goto err;
+            }
 #ifdef CHARSET_EBCDIC
-			/* Convert the pass phrase from EBCDIC */
-			ebcdic2ascii(buf, buf, klen);
+            /* Convert the pass phrase from EBCDIC */
+            ebcdic2ascii(buf, buf, klen);
 #endif
-			kstr=(unsigned char *)buf;
-			}
-		RAND_add(data,i,0);/* put in the RSA key. */
-		OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
-		if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
-			goto err;
-		/* The 'iv' is used as the iv and as a salt.  It is
-		 * NOT taken from the BytesToKey function */
-		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
-
-		if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
-
-		OPENSSL_assert(strlen(objstr)+23+2*enc->iv_len+13 <= sizeof buf);
-
-		buf[0]='\0';
-		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
-		PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
-		/* k=strlen(buf); */
-
-		EVP_CIPHER_CTX_init(&ctx);
-		EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv);
-		EVP_EncryptUpdate(&ctx,data,&j,data,i);
-		EVP_EncryptFinal_ex(&ctx,&(data[j]),&i);
-		EVP_CIPHER_CTX_cleanup(&ctx);
-		i+=j;
-		ret=1;
-		}
-	else
-		{
-		ret=1;
-		buf[0]='\0';
-		}
-	i=PEM_write_bio(bp,name,buf,data,i);
-	if (i <= 0) ret=0;
-err:
-	OPENSSL_cleanse(key,sizeof(key));
-	OPENSSL_cleanse(iv,sizeof(iv));
-	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
-	OPENSSL_cleanse(buf,PEM_BUFSIZE);
-	if (data != NULL)
-		{
-		OPENSSL_cleanse(data,(unsigned int)dsize);
-		OPENSSL_free(data);
-		}
-	return(ret);
-	}
+            kstr = (unsigned char *)buf;
+        }
+        RAND_add(data, i, 0);   /* put in the RSA key. */
+        OPENSSL_assert(enc->iv_len <= (int)sizeof(iv));
+        if (RAND_pseudo_bytes(iv, enc->iv_len) < 0) /* Generate a salt */
+            goto err;
+        /*
+         * The 'iv' is used as the iv and as a salt.  It is NOT taken from
+         * the BytesToKey function
+         */
+        EVP_BytesToKey(enc, EVP_md5(), iv, kstr, klen, 1, key, NULL);
+
+        if (kstr == (unsigned char *)buf)
+            OPENSSL_cleanse(buf, PEM_BUFSIZE);
+
+        OPENSSL_assert(strlen(objstr) + 23 + 2 * enc->iv_len + 13 <=
+                       sizeof buf);
+
+        buf[0] = '\0';
+        PEM_proc_type(buf, PEM_TYPE_ENCRYPTED);
+        PEM_dek_info(buf, objstr, enc->iv_len, (char *)iv);
+        /* k=strlen(buf); */
+
+        EVP_CIPHER_CTX_init(&ctx);
+        EVP_EncryptInit_ex(&ctx, enc, NULL, key, iv);
+        EVP_EncryptUpdate(&ctx, data, &j, data, i);
+        EVP_EncryptFinal_ex(&ctx, &(data[j]), &i);
+        EVP_CIPHER_CTX_cleanup(&ctx);
+        i += j;
+        ret = 1;
+    } else {
+        ret = 1;
+        buf[0] = '\0';
+    }
+    i = PEM_write_bio(bp, name, buf, data, i);
+    if (i <= 0)
+        ret = 0;
+ err:
+    OPENSSL_cleanse(key, sizeof(key));
+    OPENSSL_cleanse(iv, sizeof(iv));
+    OPENSSL_cleanse((char *)&ctx, sizeof(ctx));
+    OPENSSL_cleanse(buf, PEM_BUFSIZE);
+    if (data != NULL) {
+        OPENSSL_cleanse(data, (unsigned int)dsize);
+        OPENSSL_free(data);
+    }
+    return (ret);
+}
 
 int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen,
-	     pem_password_cb *callback,void *u)
-	{
-	int i,j,o,klen;
-	long len;
-	EVP_CIPHER_CTX ctx;
-	unsigned char key[EVP_MAX_KEY_LENGTH];
-	char buf[PEM_BUFSIZE];
-
-	len= *plen;
-
-	if (cipher->cipher == NULL) return(1);
-	if (callback == NULL)
-		klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u);
-	else
-		klen=callback(buf,PEM_BUFSIZE,0,u);
-	if (klen <= 0)
-		{
-		PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ);
-		return(0);
-		}
+                  pem_password_cb *callback, void *u)
+{
+    int i, j, o, klen;
+    long len;
+    EVP_CIPHER_CTX ctx;
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    char buf[PEM_BUFSIZE];
+
+    len = *plen;
+
+    if (cipher->cipher == NULL)
+        return (1);
+    if (callback == NULL)
+        klen = PEM_def_callback(buf, PEM_BUFSIZE, 0, u);
+    else
+        klen = callback(buf, PEM_BUFSIZE, 0, u);
+    if (klen <= 0) {
+        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ);
+        return (0);
+    }
 #ifdef CHARSET_EBCDIC
-	/* Convert the pass phrase from EBCDIC */
-	ebcdic2ascii(buf, buf, klen);
+    /* Convert the pass phrase from EBCDIC */
+    ebcdic2ascii(buf, buf, klen);
 #endif
 
-	EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]),
-		(unsigned char *)buf,klen,1,key,NULL);
-
-	j=(int)len;
-	EVP_CIPHER_CTX_init(&ctx);
-	EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0]));
-	EVP_DecryptUpdate(&ctx,data,&i,data,j);
-	o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j);
-	EVP_CIPHER_CTX_cleanup(&ctx);
-	OPENSSL_cleanse((char *)buf,sizeof(buf));
-	OPENSSL_cleanse((char *)key,sizeof(key));
-	j+=i;
-	if (!o)
-		{
-		PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_DECRYPT);
-		return(0);
-		}
-	*plen=j;
-	return(1);
-	}
+    EVP_BytesToKey(cipher->cipher, EVP_md5(), &(cipher->iv[0]),
+                   (unsigned char *)buf, klen, 1, key, NULL);
+
+    j = (int)len;
+    EVP_CIPHER_CTX_init(&ctx);
+    EVP_DecryptInit_ex(&ctx, cipher->cipher, NULL, key, &(cipher->iv[0]));
+    EVP_DecryptUpdate(&ctx, data, &i, data, j);
+    o = EVP_DecryptFinal_ex(&ctx, &(data[i]), &j);
+    EVP_CIPHER_CTX_cleanup(&ctx);
+    OPENSSL_cleanse((char *)buf, sizeof(buf));
+    OPENSSL_cleanse((char *)key, sizeof(key));
+    j += i;
+    if (!o) {
+        PEMerr(PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT);
+        return (0);
+    }
+    *plen = j;
+    return (1);
+}
 
 int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher)
-	{
-	const EVP_CIPHER *enc=NULL;
-	char *p,c;
-	char **header_pp = &header;
-
-	cipher->cipher=NULL;
-	if ((header == NULL) || (*header == '\0') || (*header == '\n'))
-		return(1);
-	if (strncmp(header,"Proc-Type: ",11) != 0)
-		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_PROC_TYPE); return(0); }
-	header+=11;
-	if (*header != '4') return(0); header++;
-	if (*header != ',') return(0); header++;
-	if (strncmp(header,"ENCRYPTED",9) != 0)
-		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_ENCRYPTED); return(0); }
-	for (; (*header != '\n') && (*header != '\0'); header++)
-		;
-	if (*header == '\0')
-		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_SHORT_HEADER); return(0); }
-	header++;
-	if (strncmp(header,"DEK-Info: ",10) != 0)
-		{ PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_NOT_DEK_INFO); return(0); }
-	header+=10;
-
-	p=header;
-	for (;;)
-		{
-		c= *header;
+{
+    const EVP_CIPHER *enc = NULL;
+    char *p, c;
+    char **header_pp = &header;
+
+    cipher->cipher = NULL;
+    if ((header == NULL) || (*header == '\0') || (*header == '\n'))
+        return (1);
+    if (strncmp(header, "Proc-Type: ", 11) != 0) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_PROC_TYPE);
+        return (0);
+    }
+    header += 11;
+    if (*header != '4')
+        return (0);
+    header++;
+    if (*header != ',')
+        return (0);
+    header++;
+    if (strncmp(header, "ENCRYPTED", 9) != 0) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_ENCRYPTED);
+        return (0);
+    }
+    for (; (*header != '\n') && (*header != '\0'); header++) ;
+    if (*header == '\0') {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_SHORT_HEADER);
+        return (0);
+    }
+    header++;
+    if (strncmp(header, "DEK-Info: ", 10) != 0) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_NOT_DEK_INFO);
+        return (0);
+    }
+    header += 10;
+
+    p = header;
+    for (;;) {
+        c = *header;
 #ifndef CHARSET_EBCDIC
-		if (!(	((c >= 'A') && (c <= 'Z')) || (c == '-') ||
-			((c >= '0') && (c <= '9'))))
-			break;
+        if (!(((c >= 'A') && (c <= 'Z')) || (c == '-') ||
+              ((c >= '0') && (c <= '9'))))
+            break;
 #else
-		if (!(	isupper(c) || (c == '-') ||
-			isdigit(c)))
-			break;
+        if (!(isupper(c) || (c == '-') || isdigit(c)))
+            break;
 #endif
-		header++;
-		}
-	*header='\0';
-	cipher->cipher=enc=EVP_get_cipherbyname(p);
-	*header=c;
-	header++;
-
-	if (enc == NULL)
-		{
-		PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
-		return(0);
-		}
-	if (!load_iv(header_pp,&(cipher->iv[0]),enc->iv_len))
-		return(0);
-
-	return(1);
-	}
+        header++;
+    }
+    *header = '\0';
+    cipher->cipher = enc = EVP_get_cipherbyname(p);
+    *header = c;
+    header++;
+
+    if (enc == NULL) {
+        PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO, PEM_R_UNSUPPORTED_ENCRYPTION);
+        return (0);
+    }
+    if (!load_iv(header_pp, &(cipher->iv[0]), enc->iv_len))
+        return (0);
+
+    return (1);
+}
 
 static int load_iv(char **fromp, unsigned char *to, int num)
-	{
-	int v,i;
-	char *from;
-
-	from= *fromp;
-	for (i=0; i<num; i++) to[i]=0;
-	num*=2;
-	for (i=0; i<num; i++)
-		{
-		if ((*from >= '0') && (*from <= '9'))
-			v= *from-'0';
-		else if ((*from >= 'A') && (*from <= 'F'))
-			v= *from-'A'+10;
-		else if ((*from >= 'a') && (*from <= 'f'))
-			v= *from-'a'+10;
-		else
-			{
-			PEMerr(PEM_F_LOAD_IV,PEM_R_BAD_IV_CHARS);
-			return(0);
-			}
-		from++;
-		to[i/2]|=v<<(long)((!(i&1))*4);
-		}
-
-	*fromp=from;
-	return(1);
-	}
+{
+    int v, i;
+    char *from;
+
+    from = *fromp;
+    for (i = 0; i < num; i++)
+        to[i] = 0;
+    num *= 2;
+    for (i = 0; i < num; i++) {
+        if ((*from >= '0') && (*from <= '9'))
+            v = *from - '0';
+        else if ((*from >= 'A') && (*from <= 'F'))
+            v = *from - 'A' + 10;
+        else if ((*from >= 'a') && (*from <= 'f'))
+            v = *from - 'a' + 10;
+        else {
+            PEMerr(PEM_F_LOAD_IV, PEM_R_BAD_IV_CHARS);
+            return (0);
+        }
+        from++;
+        to[i / 2] |= v << (long)((!(i & 1)) * 4);
+    }
+
+    *fromp = from;
+    return (1);
+}
 
 #ifndef OPENSSL_NO_FP_API
 int PEM_write(FILE *fp, char *name, char *header, unsigned char *data,
-	     long len)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		PEMerr(PEM_F_PEM_WRITE,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_write_bio(b, name, header, data,len);
-        BIO_free(b);
-        return(ret);
-        }
+              long len)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_WRITE, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_write_bio(b, name, header, data, len);
+    BIO_free(b);
+    return (ret);
+}
 #endif
 
-int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data,
-	     long len)
-	{
-	int nlen,n,i,j,outl;
-	unsigned char *buf = NULL;
-	EVP_ENCODE_CTX ctx;
-	int reason=ERR_R_BUF_LIB;
-	
-	EVP_EncodeInit(&ctx);
-	nlen=strlen(name);
-
-	if (	(BIO_write(bp,"-----BEGIN ",11) != 11) ||
-		(BIO_write(bp,name,nlen) != nlen) ||
-		(BIO_write(bp,"-----\n",6) != 6))
-		goto err;
-		
-	i=strlen(header);
-	if (i > 0)
-		{
-		if (	(BIO_write(bp,header,i) != i) ||
-			(BIO_write(bp,"\n",1) != 1))
-			goto err;
-		}
-
-	buf = OPENSSL_malloc(PEM_BUFSIZE*8);
-	if (buf == NULL)
-		{
-		reason=ERR_R_MALLOC_FAILURE;
-		goto err;
-		}
-
-	i=j=0;
-	while (len > 0)
-		{
-		n=(int)((len>(PEM_BUFSIZE*5))?(PEM_BUFSIZE*5):len);
-		EVP_EncodeUpdate(&ctx,buf,&outl,&(data[j]),n);
-		if ((outl) && (BIO_write(bp,(char *)buf,outl) != outl))
-			goto err;
-		i+=outl;
-		len-=n;
-		j+=n;
-		}
-	EVP_EncodeFinal(&ctx,buf,&outl);
-	if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err;
-	OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
-	OPENSSL_free(buf);
-	buf = NULL;
-	if (	(BIO_write(bp,"-----END ",9) != 9) ||
-		(BIO_write(bp,name,nlen) != nlen) ||
-		(BIO_write(bp,"-----\n",6) != 6))
-		goto err;
-	return(i+outl);
-err:
-	if (buf) {
-		OPENSSL_cleanse(buf, PEM_BUFSIZE*8);
-		OPENSSL_free(buf);
-	}
-	PEMerr(PEM_F_PEM_WRITE_BIO,reason);
-	return(0);
-	}
+int PEM_write_bio(BIO *bp, const char *name, char *header,
+                  unsigned char *data, long len)
+{
+    int nlen, n, i, j, outl;
+    unsigned char *buf = NULL;
+    EVP_ENCODE_CTX ctx;
+    int reason = ERR_R_BUF_LIB;
+
+    EVP_EncodeInit(&ctx);
+    nlen = strlen(name);
+
+    if ((BIO_write(bp, "-----BEGIN ", 11) != 11) ||
+        (BIO_write(bp, name, nlen) != nlen) ||
+        (BIO_write(bp, "-----\n", 6) != 6))
+        goto err;
+
+    i = strlen(header);
+    if (i > 0) {
+        if ((BIO_write(bp, header, i) != i) || (BIO_write(bp, "\n", 1) != 1))
+            goto err;
+    }
+
+    buf = OPENSSL_malloc(PEM_BUFSIZE * 8);
+    if (buf == NULL) {
+        reason = ERR_R_MALLOC_FAILURE;
+        goto err;
+    }
+
+    i = j = 0;
+    while (len > 0) {
+        n = (int)((len > (PEM_BUFSIZE * 5)) ? (PEM_BUFSIZE * 5) : len);
+        EVP_EncodeUpdate(&ctx, buf, &outl, &(data[j]), n);
+        if ((outl) && (BIO_write(bp, (char *)buf, outl) != outl))
+            goto err;
+        i += outl;
+        len -= n;
+        j += n;
+    }
+    EVP_EncodeFinal(&ctx, buf, &outl);
+    if ((outl > 0) && (BIO_write(bp, (char *)buf, outl) != outl))
+        goto err;
+    OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
+    OPENSSL_free(buf);
+    buf = NULL;
+    if ((BIO_write(bp, "-----END ", 9) != 9) ||
+        (BIO_write(bp, name, nlen) != nlen) ||
+        (BIO_write(bp, "-----\n", 6) != 6))
+        goto err;
+    return (i + outl);
+ err:
+    if (buf) {
+        OPENSSL_cleanse(buf, PEM_BUFSIZE * 8);
+        OPENSSL_free(buf);
+    }
+    PEMerr(PEM_F_PEM_WRITE_BIO, reason);
+    return (0);
+}
 
 #ifndef OPENSSL_NO_FP_API
 int PEM_read(FILE *fp, char **name, char **header, unsigned char **data,
-	     long *len)
-        {
-        BIO *b;
-        int ret;
-
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		PEMerr(PEM_F_PEM_READ,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_read_bio(b, name, header, data,len);
-        BIO_free(b);
-        return(ret);
-        }
+             long *len)
+{
+    BIO *b;
+    int ret;
+
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_READ, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_read_bio(b, name, header, data, len);
+    BIO_free(b);
+    return (ret);
+}
 #endif
 
 int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data,
-	     long *len)
-	{
-	EVP_ENCODE_CTX ctx;
-	int end=0,i,k,bl=0,hl=0,nohead=0;
-	char buf[256];
-	BUF_MEM *nameB;
-	BUF_MEM *headerB;
-	BUF_MEM *dataB,*tmpB;
-	
-	nameB=BUF_MEM_new();
-	headerB=BUF_MEM_new();
-	dataB=BUF_MEM_new();
-	if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL))
-		{
-		BUF_MEM_free(nameB);
-		BUF_MEM_free(headerB);
-		BUF_MEM_free(dataB);
-		PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-
-	buf[254]='\0';
-	for (;;)
-		{
-		i=BIO_gets(bp,buf,254);
-
-		if (i <= 0)
-			{
-			PEMerr(PEM_F_PEM_READ_BIO,PEM_R_NO_START_LINE);
-			goto err;
-			}
-
-		while ((i >= 0) && (buf[i] <= ' ')) i--;
-		buf[++i]='\n'; buf[++i]='\0';
-
-		if (strncmp(buf,"-----BEGIN ",11) == 0)
-			{
-			i=strlen(&(buf[11]));
-
-			if (strncmp(&(buf[11+i-6]),"-----\n",6) != 0)
-				continue;
-			if (!BUF_MEM_grow(nameB,i+9))
-				{
-				PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			memcpy(nameB->data,&(buf[11]),i-6);
-			nameB->data[i-6]='\0';
-			break;
-			}
-		}
-	hl=0;
-	if (!BUF_MEM_grow(headerB,256))
-		{ PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
-	headerB->data[0]='\0';
-	for (;;)
-		{
-		i=BIO_gets(bp,buf,254);
-		if (i <= 0) break;
-
-		while ((i >= 0) && (buf[i] <= ' ')) i--;
-		buf[++i]='\n'; buf[++i]='\0';
-
-		if (buf[0] == '\n') break;
-		if (!BUF_MEM_grow(headerB,hl+i+9))
-			{ PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
-		if (strncmp(buf,"-----END ",9) == 0)
-			{
-			nohead=1;
-			break;
-			}
-		memcpy(&(headerB->data[hl]),buf,i);
-		headerB->data[hl+i]='\0';
-		hl+=i;
-		}
-
-	bl=0;
-	if (!BUF_MEM_grow(dataB,1024))
-		{ PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); goto err; }
-	dataB->data[0]='\0';
-	if (!nohead)
-		{
-		for (;;)
-			{
-			i=BIO_gets(bp,buf,254);
-			if (i <= 0) break;
-
-			while ((i >= 0) && (buf[i] <= ' ')) i--;
-			buf[++i]='\n'; buf[++i]='\0';
-
-			if (i != 65) end=1;
-			if (strncmp(buf,"-----END ",9) == 0)
-				break;
-			if (i > 65) break;
-			if (!BUF_MEM_grow_clean(dataB,i+bl+9))
-				{
-				PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			memcpy(&(dataB->data[bl]),buf,i);
-			dataB->data[bl+i]='\0';
-			bl+=i;
-			if (end)
-				{
-				buf[0]='\0';
-				i=BIO_gets(bp,buf,254);
-				if (i <= 0) break;
-
-				while ((i >= 0) && (buf[i] <= ' ')) i--;
-				buf[++i]='\n'; buf[++i]='\0';
-
-				break;
-				}
-			}
-		}
-	else
-		{
-		tmpB=headerB;
-		headerB=dataB;
-		dataB=tmpB;
-		bl=hl;
-		}
-	i=strlen(nameB->data);
-	if (	(strncmp(buf,"-----END ",9) != 0) ||
-		(strncmp(nameB->data,&(buf[9]),i) != 0) ||
-		(strncmp(&(buf[9+i]),"-----\n",6) != 0))
-		{
-		PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE);
-		goto err;
-		}
-
-	EVP_DecodeInit(&ctx);
-	i=EVP_DecodeUpdate(&ctx,
-		(unsigned char *)dataB->data,&bl,
-		(unsigned char *)dataB->data,bl);
-	if (i < 0)
-		{
-		PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
-		goto err;
-		}
-	i=EVP_DecodeFinal(&ctx,(unsigned char *)&(dataB->data[bl]),&k);
-	if (i < 0)
-		{
-		PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_BASE64_DECODE);
-		goto err;
-		}
-	bl+=k;
-
-	if (bl == 0) goto err;
-	*name=nameB->data;
-	*header=headerB->data;
-	*data=(unsigned char *)dataB->data;
-	*len=bl;
-	OPENSSL_free(nameB);
-	OPENSSL_free(headerB);
-	OPENSSL_free(dataB);
-	return(1);
-err:
-	BUF_MEM_free(nameB);
-	BUF_MEM_free(headerB);
-	BUF_MEM_free(dataB);
-	return(0);
-	}
+                 long *len)
+{
+    EVP_ENCODE_CTX ctx;
+    int end = 0, i, k, bl = 0, hl = 0, nohead = 0;
+    char buf[256];
+    BUF_MEM *nameB;
+    BUF_MEM *headerB;
+    BUF_MEM *dataB, *tmpB;
+
+    nameB = BUF_MEM_new();
+    headerB = BUF_MEM_new();
+    dataB = BUF_MEM_new();
+    if ((nameB == NULL) || (headerB == NULL) || (dataB == NULL)) {
+        BUF_MEM_free(nameB);
+        BUF_MEM_free(headerB);
+        BUF_MEM_free(dataB);
+        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+
+    buf[254] = '\0';
+    for (;;) {
+        i = BIO_gets(bp, buf, 254);
+
+        if (i <= 0) {
+            PEMerr(PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE);
+            goto err;
+        }
+
+        while ((i >= 0) && (buf[i] <= ' '))
+            i--;
+        buf[++i] = '\n';
+        buf[++i] = '\0';
+
+        if (strncmp(buf, "-----BEGIN ", 11) == 0) {
+            i = strlen(&(buf[11]));
+
+            if (strncmp(&(buf[11 + i - 6]), "-----\n", 6) != 0)
+                continue;
+            if (!BUF_MEM_grow(nameB, i + 9)) {
+                PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            memcpy(nameB->data, &(buf[11]), i - 6);
+            nameB->data[i - 6] = '\0';
+            break;
+        }
+    }
+    hl = 0;
+    if (!BUF_MEM_grow(headerB, 256)) {
+        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    headerB->data[0] = '\0';
+    for (;;) {
+        i = BIO_gets(bp, buf, 254);
+        if (i <= 0)
+            break;
+
+        while ((i >= 0) && (buf[i] <= ' '))
+            i--;
+        buf[++i] = '\n';
+        buf[++i] = '\0';
+
+        if (buf[0] == '\n')
+            break;
+        if (!BUF_MEM_grow(headerB, hl + i + 9)) {
+            PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (strncmp(buf, "-----END ", 9) == 0) {
+            nohead = 1;
+            break;
+        }
+        memcpy(&(headerB->data[hl]), buf, i);
+        headerB->data[hl + i] = '\0';
+        hl += i;
+    }
+
+    bl = 0;
+    if (!BUF_MEM_grow(dataB, 1024)) {
+        PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    dataB->data[0] = '\0';
+    if (!nohead) {
+        for (;;) {
+            i = BIO_gets(bp, buf, 254);
+            if (i <= 0)
+                break;
+
+            while ((i >= 0) && (buf[i] <= ' '))
+                i--;
+            buf[++i] = '\n';
+            buf[++i] = '\0';
+
+            if (i != 65)
+                end = 1;
+            if (strncmp(buf, "-----END ", 9) == 0)
+                break;
+            if (i > 65)
+                break;
+            if (!BUF_MEM_grow_clean(dataB, i + bl + 9)) {
+                PEMerr(PEM_F_PEM_READ_BIO, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            memcpy(&(dataB->data[bl]), buf, i);
+            dataB->data[bl + i] = '\0';
+            bl += i;
+            if (end) {
+                buf[0] = '\0';
+                i = BIO_gets(bp, buf, 254);
+                if (i <= 0)
+                    break;
+
+                while ((i >= 0) && (buf[i] <= ' '))
+                    i--;
+                buf[++i] = '\n';
+                buf[++i] = '\0';
+
+                break;
+            }
+        }
+    } else {
+        tmpB = headerB;
+        headerB = dataB;
+        dataB = tmpB;
+        bl = hl;
+    }
+    i = strlen(nameB->data);
+    if ((strncmp(buf, "-----END ", 9) != 0) ||
+        (strncmp(nameB->data, &(buf[9]), i) != 0) ||
+        (strncmp(&(buf[9 + i]), "-----\n", 6) != 0)) {
+        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_END_LINE);
+        goto err;
+    }
+
+    EVP_DecodeInit(&ctx);
+    i = EVP_DecodeUpdate(&ctx,
+                         (unsigned char *)dataB->data, &bl,
+                         (unsigned char *)dataB->data, bl);
+    if (i < 0) {
+        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
+        goto err;
+    }
+    i = EVP_DecodeFinal(&ctx, (unsigned char *)&(dataB->data[bl]), &k);
+    if (i < 0) {
+        PEMerr(PEM_F_PEM_READ_BIO, PEM_R_BAD_BASE64_DECODE);
+        goto err;
+    }
+    bl += k;
+
+    if (bl == 0)
+        goto err;
+    *name = nameB->data;
+    *header = headerB->data;
+    *data = (unsigned char *)dataB->data;
+    *len = bl;
+    OPENSSL_free(nameB);
+    OPENSSL_free(headerB);
+    OPENSSL_free(dataB);
+    return (1);
+ err:
+    BUF_MEM_free(nameB);
+    BUF_MEM_free(headerB);
+    BUF_MEM_free(dataB);
+    return (0);
+}
diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_oth.c b/Cryptlib/OpenSSL/crypto/pem/pem_oth.c
index b33868d2..1dd3bd7a 100644
--- a/Cryptlib/OpenSSL/crypto/pem/pem_oth.c
+++ b/Cryptlib/OpenSSL/crypto/pem/pem_oth.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -68,19 +68,19 @@
 /* Handle 'other' PEMs: not private keys */
 
 void *PEM_ASN1_read_bio(d2i_of_void *d2i, const char *name, BIO *bp, void **x,
-			pem_password_cb *cb, void *u)
-	{
-	const unsigned char *p=NULL;
-	unsigned char *data=NULL;
-	long len;
-	char *ret=NULL;
+                        pem_password_cb *cb, void *u)
+{
+    const unsigned char *p = NULL;
+    unsigned char *data = NULL;
+    long len;
+    char *ret = NULL;
 
-	if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
-		return NULL;
-	p = data;
-	ret=d2i(x,&p,len);
-	if (ret == NULL)
-		PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB);
-	OPENSSL_free(data);
-	return(ret);
-	}
+    if (!PEM_bytes_read_bio(&data, &len, NULL, name, bp, cb, u))
+        return NULL;
+    p = data;
+    ret = d2i(x, &p, len);
+    if (ret == NULL)
+        PEMerr(PEM_F_PEM_ASN1_READ_BIO, ERR_R_ASN1_LIB);
+    OPENSSL_free(data);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c
index 6deab8c3..b98c76c4 100644
--- a/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c
+++ b/Cryptlib/OpenSSL/crypto/pem/pem_pk8.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -67,176 +67,191 @@
 #include <openssl/pem.h>
 
 static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder,
-				int nid, const EVP_CIPHER *enc,
-				char *kstr, int klen,
-				pem_password_cb *cb, void *u);
+                      int nid, const EVP_CIPHER *enc,
+                      char *kstr, int klen, pem_password_cb *cb, void *u);
 static int do_pk8pkey_fp(FILE *bp, EVP_PKEY *x, int isder,
-				int nid, const EVP_CIPHER *enc,
-				char *kstr, int klen,
-				pem_password_cb *cb, void *u);
+                         int nid, const EVP_CIPHER *enc,
+                         char *kstr, int klen, pem_password_cb *cb, void *u);
 
-/* These functions write a private key in PKCS#8 format: it is a "drop in"
+/*
+ * These functions write a private key in PKCS#8 format: it is a "drop in"
  * replacement for PEM_write_bio_PrivateKey() and friends. As usual if 'enc'
  * is NULL then it uses the unencrypted private key form. The 'nid' versions
  * uses PKCS#5 v1.5 PBE algorithms whereas the others use PKCS#5 v2.0.
  */
 
 int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
+                                      char *kstr, int klen,
+                                      pem_password_cb *cb, void *u)
 {
-	return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
+    return do_pk8pkey(bp, x, 0, nid, NULL, kstr, klen, cb, u);
 }
 
 int PEM_write_bio_PKCS8PrivateKey(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
 {
-	return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
+    return do_pk8pkey(bp, x, 0, -1, enc, kstr, klen, cb, u);
 }
 
 int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
+                            char *kstr, int klen,
+                            pem_password_cb *cb, void *u)
 {
-	return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
+    return do_pk8pkey(bp, x, 1, -1, enc, kstr, klen, cb, u);
 }
 
 int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
+                                char *kstr, int klen,
+                                pem_password_cb *cb, void *u)
 {
-	return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
+    return do_pk8pkey(bp, x, 1, nid, NULL, kstr, klen, cb, u);
 }
 
-static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
+static int do_pk8pkey(BIO *bp, EVP_PKEY *x, int isder, int nid,
+                      const EVP_CIPHER *enc, char *kstr, int klen,
+                      pem_password_cb *cb, void *u)
 {
-	X509_SIG *p8;
-	PKCS8_PRIV_KEY_INFO *p8inf;
-	char buf[PEM_BUFSIZE];
-	int ret;
-	if(!(p8inf = EVP_PKEY2PKCS8(x))) {
-		PEMerr(PEM_F_DO_PK8PKEY,
-					PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
-		return 0;
-	}
-	if(enc || (nid != -1)) {
-		if(!kstr) {
-			if(!cb) klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
-			else klen = cb(buf, PEM_BUFSIZE, 1, u);
-			if(klen <= 0) {
-				PEMerr(PEM_F_DO_PK8PKEY,PEM_R_READ_KEY);
-				PKCS8_PRIV_KEY_INFO_free(p8inf);
-				return 0;
-			}
-				
-			kstr = buf;
-		}
-		p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
-		if(kstr == buf) OPENSSL_cleanse(buf, klen);
-		PKCS8_PRIV_KEY_INFO_free(p8inf);
-		if(isder) ret = i2d_PKCS8_bio(bp, p8);
-		else ret = PEM_write_bio_PKCS8(bp, p8);
-		X509_SIG_free(p8);
-		return ret;
-	} else {
-		if(isder) ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
-		else ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
-		PKCS8_PRIV_KEY_INFO_free(p8inf);
-		return ret;
-	}
+    X509_SIG *p8;
+    PKCS8_PRIV_KEY_INFO *p8inf;
+    char buf[PEM_BUFSIZE];
+    int ret;
+    if (!(p8inf = EVP_PKEY2PKCS8(x))) {
+        PEMerr(PEM_F_DO_PK8PKEY, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
+        return 0;
+    }
+    if (enc || (nid != -1)) {
+        if (!kstr) {
+            if (!cb)
+                klen = PEM_def_callback(buf, PEM_BUFSIZE, 1, u);
+            else
+                klen = cb(buf, PEM_BUFSIZE, 1, u);
+            if (klen <= 0) {
+                PEMerr(PEM_F_DO_PK8PKEY, PEM_R_READ_KEY);
+                PKCS8_PRIV_KEY_INFO_free(p8inf);
+                return 0;
+            }
+
+            kstr = buf;
+        }
+        p8 = PKCS8_encrypt(nid, enc, kstr, klen, NULL, 0, 0, p8inf);
+        if (kstr == buf)
+            OPENSSL_cleanse(buf, klen);
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+        if (isder)
+            ret = i2d_PKCS8_bio(bp, p8);
+        else
+            ret = PEM_write_bio_PKCS8(bp, p8);
+        X509_SIG_free(p8);
+        return ret;
+    } else {
+        if (isder)
+            ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+        else
+            ret = PEM_write_bio_PKCS8_PRIV_KEY_INFO(bp, p8inf);
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+        return ret;
+    }
 }
 
-EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
+EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+                                  void *u)
 {
-	PKCS8_PRIV_KEY_INFO *p8inf = NULL;
-	X509_SIG *p8 = NULL;
-	int klen;
-	EVP_PKEY *ret;
-	char psbuf[PEM_BUFSIZE];
-	p8 = d2i_PKCS8_bio(bp, NULL);
-	if(!p8) return NULL;
-	if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
-	else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
-	if (klen <= 0) {
-		PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
-		X509_SIG_free(p8);
-		return NULL;	
-	}
-	p8inf = PKCS8_decrypt(p8, psbuf, klen);
-	X509_SIG_free(p8);
-	if(!p8inf) return NULL;
-	ret = EVP_PKCS82PKEY(p8inf);
-	PKCS8_PRIV_KEY_INFO_free(p8inf);
-	if(!ret) return NULL;
-	if(x) {
-		if(*x) EVP_PKEY_free(*x);
-		*x = ret;
-	}
-	return ret;
+    PKCS8_PRIV_KEY_INFO *p8inf = NULL;
+    X509_SIG *p8 = NULL;
+    int klen;
+    EVP_PKEY *ret;
+    char psbuf[PEM_BUFSIZE];
+    p8 = d2i_PKCS8_bio(bp, NULL);
+    if (!p8)
+        return NULL;
+    if (cb)
+        klen = cb(psbuf, PEM_BUFSIZE, 0, u);
+    else
+        klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
+    if (klen <= 0) {
+        PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ);
+        X509_SIG_free(p8);
+        return NULL;
+    }
+    p8inf = PKCS8_decrypt(p8, psbuf, klen);
+    X509_SIG_free(p8);
+    if (!p8inf)
+        return NULL;
+    ret = EVP_PKCS82PKEY(p8inf);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    if (!ret)
+        return NULL;
+    if (x) {
+        if (*x)
+            EVP_PKEY_free(*x);
+        *x = ret;
+    }
+    return ret;
 }
 
 #ifndef OPENSSL_NO_FP_API
 
 int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
+                           char *kstr, int klen, pem_password_cb *cb, void *u)
 {
-	return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
+    return do_pk8pkey_fp(fp, x, 1, -1, enc, kstr, klen, cb, u);
 }
 
 int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
+                               char *kstr, int klen,
+                               pem_password_cb *cb, void *u)
 {
-	return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
+    return do_pk8pkey_fp(fp, x, 1, nid, NULL, kstr, klen, cb, u);
 }
 
 int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
+                                  char *kstr, int klen,
+                                  pem_password_cb *cb, void *u)
 {
-	return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
+    return do_pk8pkey_fp(fp, x, 0, nid, NULL, kstr, klen, cb, u);
 }
 
 int PEM_write_PKCS8PrivateKey(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc,
-			      char *kstr, int klen, pem_password_cb *cb, void *u)
+                              char *kstr, int klen, pem_password_cb *cb,
+                              void *u)
 {
-	return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
+    return do_pk8pkey_fp(fp, x, 0, -1, enc, kstr, klen, cb, u);
 }
 
-static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid, const EVP_CIPHER *enc,
-				  char *kstr, int klen,
-				  pem_password_cb *cb, void *u)
+static int do_pk8pkey_fp(FILE *fp, EVP_PKEY *x, int isder, int nid,
+                         const EVP_CIPHER *enc, char *kstr, int klen,
+                         pem_password_cb *cb, void *u)
 {
-	BIO *bp;
-	int ret;
-	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-		PEMerr(PEM_F_DO_PK8PKEY_FP,ERR_R_BUF_LIB);
-                return(0);
-	}
-	ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
-	BIO_free(bp);
-	return ret;
+    BIO *bp;
+    int ret;
+    if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+        PEMerr(PEM_F_DO_PK8PKEY_FP, ERR_R_BUF_LIB);
+        return (0);
+    }
+    ret = do_pk8pkey(bp, x, isder, nid, enc, kstr, klen, cb, u);
+    BIO_free(bp);
+    return ret;
 }
 
-EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
+EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+                                 void *u)
 {
-	BIO *bp;
-	EVP_PKEY *ret;
-	if(!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
-		PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP,ERR_R_BUF_LIB);
-                return NULL;
-	}
-	ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
-	BIO_free(bp);
-	return ret;
+    BIO *bp;
+    EVP_PKEY *ret;
+    if (!(bp = BIO_new_fp(fp, BIO_NOCLOSE))) {
+        PEMerr(PEM_F_D2I_PKCS8PRIVATEKEY_FP, ERR_R_BUF_LIB);
+        return NULL;
+    }
+    ret = d2i_PKCS8PrivateKey_bio(bp, x, cb, u);
+    BIO_free(bp);
+    return ret;
 }
 
 #endif
 
 IMPLEMENT_PEM_rw(PKCS8, X509_SIG, PEM_STRING_PKCS8, X509_SIG)
+
+
 IMPLEMENT_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO, PEM_STRING_PKCS8INF,
-							 PKCS8_PRIV_KEY_INFO)
+             PKCS8_PRIV_KEY_INFO)
diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c
index 4da4c31c..5f5c4fe1 100644
--- a/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c
+++ b/Cryptlib/OpenSSL/crypto/pem/pem_pkey.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -66,84 +66,90 @@
 #include <openssl/pkcs12.h>
 #include <openssl/pem.h>
 
+EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb,
+                                  void *u)
+{
+    char *nm = NULL;
+    const unsigned char *p = NULL;
+    unsigned char *data = NULL;
+    long len;
+    EVP_PKEY *ret = NULL;
 
-EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-	{
-	char *nm=NULL;
-	const unsigned char *p=NULL;
-	unsigned char *data=NULL;
-	long len;
-	EVP_PKEY *ret=NULL;
-
-	if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
-		return NULL;
-	p = data;
+    if (!PEM_bytes_read_bio(&data, &len, &nm, PEM_STRING_EVP_PKEY, bp, cb, u))
+        return NULL;
+    p = data;
 
-	if (strcmp(nm,PEM_STRING_RSA) == 0)
-		ret=d2i_PrivateKey(EVP_PKEY_RSA,x,&p,len);
-	else if (strcmp(nm,PEM_STRING_DSA) == 0)
-		ret=d2i_PrivateKey(EVP_PKEY_DSA,x,&p,len);
-	else if (strcmp(nm,PEM_STRING_ECPRIVATEKEY) == 0)
-		ret=d2i_PrivateKey(EVP_PKEY_EC,x,&p,len);
-	else if (strcmp(nm,PEM_STRING_PKCS8INF) == 0) {
-		PKCS8_PRIV_KEY_INFO *p8inf;
-		p8inf=d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
-		if(!p8inf) goto p8err;
-		ret = EVP_PKCS82PKEY(p8inf);
-		if(x) {
-			if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
-			*x = ret;
-		}
-		PKCS8_PRIV_KEY_INFO_free(p8inf);
-	} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
-		PKCS8_PRIV_KEY_INFO *p8inf;
-		X509_SIG *p8;
-		int klen;
-		char psbuf[PEM_BUFSIZE];
-		p8 = d2i_X509_SIG(NULL, &p, len);
-		if(!p8) goto p8err;
-		if (cb) klen=cb(psbuf,PEM_BUFSIZE,0,u);
-		else klen=PEM_def_callback(psbuf,PEM_BUFSIZE,0,u);
-		if (klen <= 0) {
-			PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,
-					PEM_R_BAD_PASSWORD_READ);
-			X509_SIG_free(p8);
-			goto err;
-		}
-		p8inf = PKCS8_decrypt(p8, psbuf, klen);
-		X509_SIG_free(p8);
-		if(!p8inf) goto p8err;
-		ret = EVP_PKCS82PKEY(p8inf);
-		if(x) {
-			if(*x) EVP_PKEY_free((EVP_PKEY *)*x);
-			*x = ret;
-		}
-		PKCS8_PRIV_KEY_INFO_free(p8inf);
-	}
-p8err:
-	if (ret == NULL)
-		PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY,ERR_R_ASN1_LIB);
-err:
-	OPENSSL_free(nm);
-	OPENSSL_cleanse(data, len);
-	OPENSSL_free(data);
-	return(ret);
-	}
+    if (strcmp(nm, PEM_STRING_RSA) == 0)
+        ret = d2i_PrivateKey(EVP_PKEY_RSA, x, &p, len);
+    else if (strcmp(nm, PEM_STRING_DSA) == 0)
+        ret = d2i_PrivateKey(EVP_PKEY_DSA, x, &p, len);
+    else if (strcmp(nm, PEM_STRING_ECPRIVATEKEY) == 0)
+        ret = d2i_PrivateKey(EVP_PKEY_EC, x, &p, len);
+    else if (strcmp(nm, PEM_STRING_PKCS8INF) == 0) {
+        PKCS8_PRIV_KEY_INFO *p8inf;
+        p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, len);
+        if (!p8inf)
+            goto p8err;
+        ret = EVP_PKCS82PKEY(p8inf);
+        if (x) {
+            if (*x)
+                EVP_PKEY_free((EVP_PKEY *)*x);
+            *x = ret;
+        }
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+    } else if (strcmp(nm, PEM_STRING_PKCS8) == 0) {
+        PKCS8_PRIV_KEY_INFO *p8inf;
+        X509_SIG *p8;
+        int klen;
+        char psbuf[PEM_BUFSIZE];
+        p8 = d2i_X509_SIG(NULL, &p, len);
+        if (!p8)
+            goto p8err;
+        if (cb)
+            klen = cb(psbuf, PEM_BUFSIZE, 0, u);
+        else
+            klen = PEM_def_callback(psbuf, PEM_BUFSIZE, 0, u);
+        if (klen <= 0) {
+            PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ);
+            X509_SIG_free(p8);
+            goto err;
+        }
+        p8inf = PKCS8_decrypt(p8, psbuf, klen);
+        X509_SIG_free(p8);
+        if (!p8inf)
+            goto p8err;
+        ret = EVP_PKCS82PKEY(p8inf);
+        if (x) {
+            if (*x)
+                EVP_PKEY_free((EVP_PKEY *)*x);
+            *x = ret;
+        }
+        PKCS8_PRIV_KEY_INFO_free(p8inf);
+    }
+ p8err:
+    if (ret == NULL)
+        PEMerr(PEM_F_PEM_READ_BIO_PRIVATEKEY, ERR_R_ASN1_LIB);
+ err:
+    OPENSSL_free(nm);
+    OPENSSL_cleanse(data, len);
+    OPENSSL_free(data);
+    return (ret);
+}
 
 #ifndef OPENSSL_NO_FP_API
-EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u)
-	{
-        BIO *b;
-        EVP_PKEY *ret;
+EVP_PKEY *PEM_read_PrivateKey(FILE *fp, EVP_PKEY **x, pem_password_cb *cb,
+                              void *u)
+{
+    BIO *b;
+    EVP_PKEY *ret;
 
-        if ((b=BIO_new(BIO_s_file())) == NULL)
-		{
-		PEMerr(PEM_F_PEM_READ_PRIVATEKEY,ERR_R_BUF_LIB);
-                return(0);
-		}
-        BIO_set_fp(b,fp,BIO_NOCLOSE);
-        ret=PEM_read_bio_PrivateKey(b,x,cb,u);
-        BIO_free(b);
-        return(ret);
-	}
+    if ((b = BIO_new(BIO_s_file())) == NULL) {
+        PEMerr(PEM_F_PEM_READ_PRIVATEKEY, ERR_R_BUF_LIB);
+        return (0);
+    }
+    BIO_set_fp(b, fp, BIO_NOCLOSE);
+    ret = PEM_read_bio_PrivateKey(b, x, cb, u);
+    BIO_free(b);
+    return (ret);
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_seal.c b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c
index 59690b56..a4a556a7 100644
--- a/Cryptlib/OpenSSL/crypto/pem/pem_seal.c
+++ b/Cryptlib/OpenSSL/crypto/pem/pem_seal.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,141 +49,141 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-#include <openssl/opensslconf.h>	/* for OPENSSL_NO_RSA */
+#include <openssl/opensslconf.h> /* for OPENSSL_NO_RSA */
 #ifndef OPENSSL_NO_RSA
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-#include <openssl/rsa.h>
+# include <stdio.h>
+# include "cryptlib.h"
+# include <openssl/evp.h>
+# include <openssl/rand.h>
+# include <openssl/objects.h>
+# include <openssl/x509.h>
+# include <openssl/pem.h>
+# include <openssl/rsa.h>
 
 int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type,
-	     unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk,
-	     int npubk)
-	{
-	unsigned char key[EVP_MAX_KEY_LENGTH];
-	int ret= -1;
-	int i,j,max=0;
-	char *s=NULL;
-
-	for (i=0; i<npubk; i++)
-		{
-		if (pubk[i]->type != EVP_PKEY_RSA)
-			{
-			PEMerr(PEM_F_PEM_SEALINIT,PEM_R_PUBLIC_KEY_NO_RSA);
-			goto err;
-			}
-		j=RSA_size(pubk[i]->pkey.rsa);
-		if (j > max) max=j;
-		}
-	s=(char *)OPENSSL_malloc(max*2);
-	if (s == NULL)
-		{
-		PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	EVP_EncodeInit(&ctx->encode);
-
-	EVP_MD_CTX_init(&ctx->md);
-	EVP_SignInit(&ctx->md,md_type);
-
-	EVP_CIPHER_CTX_init(&ctx->cipher);
-	ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk);
-	if (ret <= 0) goto err;
-
-	/* base64 encode the keys */
-	for (i=0; i<npubk; i++)
-		{
-		j=EVP_EncodeBlock((unsigned char *)s,ek[i],
-			RSA_size(pubk[i]->pkey.rsa));
-		ekl[i]=j;
-		memcpy(ek[i],s,j+1);
-		}
-
-	ret=npubk;
-err:
-	if (s != NULL) OPENSSL_free(s);
-	OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
-	return(ret);
-	}
+                 unsigned char **ek, int *ekl, unsigned char *iv,
+                 EVP_PKEY **pubk, int npubk)
+{
+    unsigned char key[EVP_MAX_KEY_LENGTH];
+    int ret = -1;
+    int i, j, max = 0;
+    char *s = NULL;
+
+    for (i = 0; i < npubk; i++) {
+        if (pubk[i]->type != EVP_PKEY_RSA) {
+            PEMerr(PEM_F_PEM_SEALINIT, PEM_R_PUBLIC_KEY_NO_RSA);
+            goto err;
+        }
+        j = RSA_size(pubk[i]->pkey.rsa);
+        if (j > max)
+            max = j;
+    }
+    s = (char *)OPENSSL_malloc(max * 2);
+    if (s == NULL) {
+        PEMerr(PEM_F_PEM_SEALINIT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    EVP_EncodeInit(&ctx->encode);
+
+    EVP_MD_CTX_init(&ctx->md);
+    EVP_SignInit(&ctx->md, md_type);
+
+    EVP_CIPHER_CTX_init(&ctx->cipher);
+    ret = EVP_SealInit(&ctx->cipher, type, ek, ekl, iv, pubk, npubk);
+    if (ret <= 0)
+        goto err;
+
+    /* base64 encode the keys */
+    for (i = 0; i < npubk; i++) {
+        j = EVP_EncodeBlock((unsigned char *)s, ek[i],
+                            RSA_size(pubk[i]->pkey.rsa));
+        ekl[i] = j;
+        memcpy(ek[i], s, j + 1);
+    }
+
+    ret = npubk;
+ err:
+    if (s != NULL)
+        OPENSSL_free(s);
+    OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+    return (ret);
+}
 
 void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl,
-	     unsigned char *in, int inl)
-	{
-	unsigned char buffer[1600];
-	int i,j;
-
-	*outl=0;
-	EVP_SignUpdate(&ctx->md,in,inl);
-	for (;;)
-		{
-		if (inl <= 0) break;
-		if (inl > 1200)
-			i=1200;
-		else
-			i=inl;
-		EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i);
-		EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j);
-		*outl+=j;
-		out+=j;
-		in+=i;
-		inl-=i;
-		}
-	}
+                    unsigned char *in, int inl)
+{
+    unsigned char buffer[1600];
+    int i, j;
+
+    *outl = 0;
+    EVP_SignUpdate(&ctx->md, in, inl);
+    for (;;) {
+        if (inl <= 0)
+            break;
+        if (inl > 1200)
+            i = 1200;
+        else
+            i = inl;
+        EVP_EncryptUpdate(&ctx->cipher, buffer, &j, in, i);
+        EVP_EncodeUpdate(&ctx->encode, out, &j, buffer, j);
+        *outl += j;
+        out += j;
+        in += i;
+        inl -= i;
+    }
+}
 
 int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl,
-	     unsigned char *out, int *outl, EVP_PKEY *priv)
-	{
-	unsigned char *s=NULL;
-	int ret=0,j;
-	unsigned int i;
-
-	if (priv->type != EVP_PKEY_RSA)
-		{
-		PEMerr(PEM_F_PEM_SEALFINAL,PEM_R_PUBLIC_KEY_NO_RSA);
-		goto err;
-		}
-	i=RSA_size(priv->pkey.rsa);
-	if (i < 100) i=100;
-	s=(unsigned char *)OPENSSL_malloc(i*2);
-	if (s == NULL)
-		{
-		PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i);
-	EVP_EncodeUpdate(&ctx->encode,out,&j,s,i);
-	*outl=j;
-	out+=j;
-	EVP_EncodeFinal(&ctx->encode,out,&j);
-	*outl+=j;
-
-	if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err;
-	*sigl=EVP_EncodeBlock(sig,s,i);
-
-	ret=1;
-err:
-	EVP_MD_CTX_cleanup(&ctx->md);
-	EVP_CIPHER_CTX_cleanup(&ctx->cipher);
-	if (s != NULL) OPENSSL_free(s);
-	return(ret);
-	}
-#else /* !OPENSSL_NO_RSA */
+                  unsigned char *out, int *outl, EVP_PKEY *priv)
+{
+    unsigned char *s = NULL;
+    int ret = 0, j;
+    unsigned int i;
+
+    if (priv->type != EVP_PKEY_RSA) {
+        PEMerr(PEM_F_PEM_SEALFINAL, PEM_R_PUBLIC_KEY_NO_RSA);
+        goto err;
+    }
+    i = RSA_size(priv->pkey.rsa);
+    if (i < 100)
+        i = 100;
+    s = (unsigned char *)OPENSSL_malloc(i * 2);
+    if (s == NULL) {
+        PEMerr(PEM_F_PEM_SEALFINAL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    EVP_EncryptFinal_ex(&ctx->cipher, s, (int *)&i);
+    EVP_EncodeUpdate(&ctx->encode, out, &j, s, i);
+    *outl = j;
+    out += j;
+    EVP_EncodeFinal(&ctx->encode, out, &j);
+    *outl += j;
+
+    if (!EVP_SignFinal(&ctx->md, s, &i, priv))
+        goto err;
+    *sigl = EVP_EncodeBlock(sig, s, i);
+
+    ret = 1;
+ err:
+    EVP_MD_CTX_cleanup(&ctx->md);
+    EVP_CIPHER_CTX_cleanup(&ctx->cipher);
+    if (s != NULL)
+        OPENSSL_free(s);
+    return (ret);
+}
+#else                           /* !OPENSSL_NO_RSA */
 
 # if PEDANTIC
-static void *dummy=&dummy;
+static void *dummy = &dummy;
 # endif
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_sign.c b/Cryptlib/OpenSSL/crypto/pem/pem_sign.c
index c3b9808c..b5e5c29b 100644
--- a/Cryptlib/OpenSSL/crypto/pem/pem_sign.c
+++ b/Cryptlib/OpenSSL/crypto/pem/pem_sign.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -65,38 +65,37 @@
 #include <openssl/pem.h>
 
 void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type)
-	{
-	EVP_DigestInit_ex(ctx, type, NULL);
-	}
-
-void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data,
-	     unsigned int count)
-	{
-	EVP_DigestUpdate(ctx,data,count);
-	}
+{
+    EVP_DigestInit_ex(ctx, type, NULL);
+}
 
-int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen,
-	     EVP_PKEY *pkey)
-	{
-	unsigned char *m;
-	int i,ret=0;
-	unsigned int m_len;
+void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, unsigned int count)
+{
+    EVP_DigestUpdate(ctx, data, count);
+}
 
-	m=(unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey)+2);
-	if (m == NULL)
-		{
-		PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
+int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+                  unsigned int *siglen, EVP_PKEY *pkey)
+{
+    unsigned char *m;
+    int i, ret = 0;
+    unsigned int m_len;
 
-	if (EVP_SignFinal(ctx,m,&m_len,pkey) <= 0) goto err;
+    m = (unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey) + 2);
+    if (m == NULL) {
+        PEMerr(PEM_F_PEM_SIGNFINAL, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
-	i=EVP_EncodeBlock(sigret,m,m_len);
-	*siglen=i;
-	ret=1;
-err:
-	/* ctx has been zeroed by EVP_SignFinal() */
-	if (m != NULL) OPENSSL_free(m);
-	return(ret);
-	}
+    if (EVP_SignFinal(ctx, m, &m_len, pkey) <= 0)
+        goto err;
 
+    i = EVP_EncodeBlock(sigret, m, m_len);
+    *siglen = i;
+    ret = 1;
+ err:
+    /* ctx has been zeroed by EVP_SignFinal() */
+    if (m != NULL)
+        OPENSSL_free(m);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c
index 3f709f13..9d75d206 100644
--- a/Cryptlib/OpenSSL/crypto/pem/pem_x509.c
+++ b/Cryptlib/OpenSSL/crypto/pem/pem_x509.c
@@ -1,6 +1,7 @@
 /* pem_x509.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -66,4 +67,3 @@
 #include <openssl/pem.h>
 
 IMPLEMENT_PEM_rw(X509, X509, PEM_STRING_X509, X509)
-
diff --git a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c
index 7cc74910..ebd1803d 100644
--- a/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c
+++ b/Cryptlib/OpenSSL/crypto/pem/pem_xaux.c
@@ -1,6 +1,7 @@
 /* pem_xaux.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -66,4 +67,5 @@
 #include <openssl/pem.h>
 
 IMPLEMENT_PEM_rw(X509_AUX, X509, PEM_STRING_X509_TRUSTED, X509_AUX)
-IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR, X509_CERT_PAIR)
+IMPLEMENT_PEM_rw(X509_CERT_PAIR, X509_CERT_PAIR, PEM_STRING_X509_PAIR,
+                 X509_CERT_PAIR)
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c
index 1f3e378f..54e4af50 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_add.c
@@ -1,6 +1,7 @@
 /* p12_add.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,163 +63,167 @@
 
 /* Pack an object into an OCTET STRING and turn into a safebag */
 
-PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1,
-	     int nid2)
+PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it,
+                                         int nid1, int nid2)
 {
-	PKCS12_BAGS *bag;
-	PKCS12_SAFEBAG *safebag;
-	if (!(bag = PKCS12_BAGS_new())) {
-		PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	bag->type = OBJ_nid2obj(nid1);
-	if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
-		PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	if (!(safebag = PKCS12_SAFEBAG_new())) {
-		PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	safebag->value.bag = bag;
-	safebag->type = OBJ_nid2obj(nid2);
-	return safebag;
+    PKCS12_BAGS *bag;
+    PKCS12_SAFEBAG *safebag;
+    if (!(bag = PKCS12_BAGS_new())) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    bag->type = OBJ_nid2obj(nid1);
+    if (!ASN1_item_pack(obj, it, &bag->value.octet)) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!(safebag = PKCS12_SAFEBAG_new())) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    safebag->value.bag = bag;
+    safebag->type = OBJ_nid2obj(nid2);
+    return safebag;
 }
 
 /* Turn PKCS8 object into a keybag */
 
 PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
 {
-	PKCS12_SAFEBAG *bag;
-	if (!(bag = PKCS12_SAFEBAG_new())) {
-		PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	bag->type = OBJ_nid2obj(NID_keyBag);
-	bag->value.keybag = p8;
-	return bag;
+    PKCS12_SAFEBAG *bag;
+    if (!(bag = PKCS12_SAFEBAG_new())) {
+        PKCS12err(PKCS12_F_PKCS12_MAKE_KEYBAG, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    bag->type = OBJ_nid2obj(NID_keyBag);
+    bag->value.keybag = p8;
+    return bag;
 }
 
 /* Turn PKCS8 object into a shrouded keybag */
 
 PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass,
-	     int passlen, unsigned char *salt, int saltlen, int iter,
-	     PKCS8_PRIV_KEY_INFO *p8)
+                                     int passlen, unsigned char *salt,
+                                     int saltlen, int iter,
+                                     PKCS8_PRIV_KEY_INFO *p8)
 {
-	PKCS12_SAFEBAG *bag;
-
-	/* Set up the safe bag */
-	if (!(bag = PKCS12_SAFEBAG_new())) {
-		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
-	if (!(bag->value.shkeybag = 
-	  PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
-									 p8))) {
-		PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	return bag;
+    PKCS12_SAFEBAG *bag;
+
+    /* Set up the safe bag */
+    if (!(bag = PKCS12_SAFEBAG_new())) {
+        PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    bag->type = OBJ_nid2obj(NID_pkcs8ShroudedKeyBag);
+    if (!(bag->value.shkeybag =
+          PKCS8_encrypt(pbe_nid, NULL, pass, passlen, salt, saltlen, iter,
+                        p8))) {
+        PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    return bag;
 }
 
 /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */
 PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk)
 {
-	PKCS7 *p7;
-	if (!(p7 = PKCS7_new())) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	p7->type = OBJ_nid2obj(NID_pkcs7_data);
-	if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	
-	if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
-		return NULL;
-	}
-	return p7;
+    PKCS7 *p7;
+    if (!(p7 = PKCS7_new())) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    p7->type = OBJ_nid2obj(NID_pkcs7_data);
+    if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE);
+        return NULL;
+    }
+    return p7;
 }
 
 /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */
 STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7)
 {
-	if(!PKCS7_type_is_data(p7))
-		{
-		PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,PKCS12_R_CONTENT_TYPE_NOT_DATA);
-		return NULL;
-		}
-	return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
+    if (!PKCS7_type_is_data(p7)) {
+        PKCS12err(PKCS12_F_PKCS12_UNPACK_P7DATA,
+                  PKCS12_R_CONTENT_TYPE_NOT_DATA);
+        return NULL;
+    }
+    return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS));
 }
 
 /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */
 
 PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen,
-			      unsigned char *salt, int saltlen, int iter,
-			      STACK_OF(PKCS12_SAFEBAG) *bags)
+                             unsigned char *salt, int saltlen, int iter,
+                             STACK_OF(PKCS12_SAFEBAG) *bags)
 {
-	PKCS7 *p7;
-	X509_ALGOR *pbe;
-	if (!(p7 = PKCS7_new())) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
-				PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
-		return NULL;
-	}
-	if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
-	p7->d.encrypted->enc_data->algorithm = pbe;
-	M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
-	if (!(p7->d.encrypted->enc_data->enc_data =
-	PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen,
-				 bags, 1))) {
-		PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
-		return NULL;
-	}
-
-	return p7;
+    PKCS7 *p7;
+    X509_ALGOR *pbe;
+    if (!(p7 = PKCS7_new())) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!PKCS7_set_type(p7, NID_pkcs7_encrypted)) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA,
+                  PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE);
+        return NULL;
+    }
+    if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm);
+    p7->d.encrypted->enc_data->algorithm = pbe;
+    M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data);
+    if (!(p7->d.encrypted->enc_data->enc_data =
+          PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass,
+                                  passlen, bags, 1))) {
+        PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR);
+        return NULL;
+    }
+
+    return p7;
 }
 
-STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen)
+STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass,
+                                                  int passlen)
 {
-	if(!PKCS7_type_is_encrypted(p7)) return NULL;
-	return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
-			           ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
-				   pass, passlen,
-			           p7->d.encrypted->enc_data->enc_data, 1);
+    if (!PKCS7_type_is_encrypted(p7))
+        return NULL;
+    return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm,
+                                   ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
+                                   pass, passlen,
+                                   p7->d.encrypted->enc_data->enc_data, 1);
 }
 
-PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass,
-								int passlen)
+PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag,
+                                         const char *pass, int passlen)
 {
-	return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
+    return PKCS8_decrypt(bag->value.shkeybag, pass, passlen);
 }
 
-int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) 
+int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes)
 {
-	if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
-		&p12->authsafes->d.data)) 
-			return 1;
-	return 0;
+    if (ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
+                       &p12->authsafes->d.data))
+        return 1;
+    return 0;
 }
 
 STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12)
 {
-	if (!PKCS7_type_is_data(p12->authsafes))
-		{
-		PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,PKCS12_R_CONTENT_TYPE_NOT_DATA);
-		return NULL;
-		}
-	return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
+    if (!PKCS7_type_is_data(p12->authsafes)) {
+        PKCS12err(PKCS12_F_PKCS12_UNPACK_AUTHSAFES,
+                  PKCS12_R_CONTENT_TYPE_NOT_DATA);
+        return NULL;
+    }
+    return ASN1_item_unpack(p12->authsafes->d.data,
+                            ASN1_ITEM_rptr(PKCS12_AUTHSAFES));
 }
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c
index 6e276338..370ddbd6 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_asn.c
@@ -1,6 +1,7 @@
 /* p12_asn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,17 +65,17 @@
 /* PKCS#12 ASN1 module */
 
 ASN1_SEQUENCE(PKCS12) = {
-	ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER),
-	ASN1_SIMPLE(PKCS12, authsafes, PKCS7),
-	ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
+        ASN1_SIMPLE(PKCS12, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS12, authsafes, PKCS7),
+        ASN1_OPT(PKCS12, mac, PKCS12_MAC_DATA)
 } ASN1_SEQUENCE_END(PKCS12)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS12)
 
 ASN1_SEQUENCE(PKCS12_MAC_DATA) = {
-	ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),
-	ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING),
-	ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER)
+        ASN1_SIMPLE(PKCS12_MAC_DATA, dinfo, X509_SIG),
+        ASN1_SIMPLE(PKCS12_MAC_DATA, salt, ASN1_OCTET_STRING),
+        ASN1_OPT(PKCS12_MAC_DATA, iter, ASN1_INTEGER)
 } ASN1_SEQUENCE_END(PKCS12_MAC_DATA)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
@@ -82,14 +83,14 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS12_MAC_DATA)
 ASN1_ADB_TEMPLATE(bag_default) = ASN1_EXP(PKCS12_BAGS, value.other, ASN1_ANY, 0);
 
 ASN1_ADB(PKCS12_BAGS) = {
-	ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
-	ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
-	ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
+        ADB_ENTRY(NID_x509Certificate, ASN1_EXP(PKCS12_BAGS, value.x509cert, ASN1_OCTET_STRING, 0)),
+        ADB_ENTRY(NID_x509Crl, ASN1_EXP(PKCS12_BAGS, value.x509crl, ASN1_OCTET_STRING, 0)),
+        ADB_ENTRY(NID_sdsiCertificate, ASN1_EXP(PKCS12_BAGS, value.sdsicert, ASN1_IA5STRING, 0)),
 } ASN1_ADB_END(PKCS12_BAGS, 0, type, 0, &bag_default_tt, NULL);
 
 ASN1_SEQUENCE(PKCS12_BAGS) = {
-	ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT),
-	ASN1_ADB_OBJECT(PKCS12_BAGS),
+        ASN1_SIMPLE(PKCS12_BAGS, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(PKCS12_BAGS),
 } ASN1_SEQUENCE_END(PKCS12_BAGS)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS)
@@ -97,29 +98,28 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS12_BAGS)
 ASN1_ADB_TEMPLATE(safebag_default) = ASN1_EXP(PKCS12_SAFEBAG, value.other, ASN1_ANY, 0);
 
 ASN1_ADB(PKCS12_SAFEBAG) = {
-	ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
-	ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
-	ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
-	ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
-	ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
-	ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
+        ADB_ENTRY(NID_keyBag, ASN1_EXP(PKCS12_SAFEBAG, value.keybag, PKCS8_PRIV_KEY_INFO, 0)),
+        ADB_ENTRY(NID_pkcs8ShroudedKeyBag, ASN1_EXP(PKCS12_SAFEBAG, value.shkeybag, X509_SIG, 0)),
+        ADB_ENTRY(NID_safeContentsBag, ASN1_EXP_SET_OF(PKCS12_SAFEBAG, value.safes, PKCS12_SAFEBAG, 0)),
+        ADB_ENTRY(NID_certBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+        ADB_ENTRY(NID_crlBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0)),
+        ADB_ENTRY(NID_secretBag, ASN1_EXP(PKCS12_SAFEBAG, value.bag, PKCS12_BAGS, 0))
 } ASN1_ADB_END(PKCS12_SAFEBAG, 0, type, 0, &safebag_default_tt, NULL);
 
 ASN1_SEQUENCE(PKCS12_SAFEBAG) = {
-	ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT),
-	ASN1_ADB_OBJECT(PKCS12_SAFEBAG),
-	ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE)
+        ASN1_SIMPLE(PKCS12_SAFEBAG, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(PKCS12_SAFEBAG),
+        ASN1_SET_OF_OPT(PKCS12_SAFEBAG, attrib, X509_ATTRIBUTE)
 } ASN1_SEQUENCE_END(PKCS12_SAFEBAG)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS12_SAFEBAG)
 
 /* SEQUENCE OF SafeBag */
-ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG)
+ASN1_ITEM_TEMPLATE(PKCS12_SAFEBAGS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_SAFEBAGS, PKCS12_SAFEBAG)
 ASN1_ITEM_TEMPLATE_END(PKCS12_SAFEBAGS)
 
 /* Authsafes: SEQUENCE OF PKCS7 */
-ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7)
+ASN1_ITEM_TEMPLATE(PKCS12_AUTHSAFES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, PKCS12_AUTHSAFES, PKCS7)
 ASN1_ITEM_TEMPLATE_END(PKCS12_AUTHSAFES)
-
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c
index 856933d9..1b57ac86 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_attr.c
@@ -1,6 +1,7 @@
 /* p12_attr.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,90 +63,91 @@
 
 #ifdef OPENSSL_SYS_NETWARE
 /* Rename these functions to avoid name clashes on NetWare OS */
-#define uni2asc OPENSSL_uni2asc
-#define asc2uni OPENSSL_asc2uni
+# define uni2asc OPENSSL_uni2asc
+# define asc2uni OPENSSL_asc2uni
 #endif
 
 /* Add a local keyid to a safebag */
 
 int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name,
-	     int namelen)
+                          int namelen)
 {
-	if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
-				V_ASN1_OCTET_STRING, name, namelen))
-		return 1;
-	else 
-		return 0;
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID,
+                                V_ASN1_OCTET_STRING, name, namelen))
+        return 1;
+    else
+        return 0;
 }
 
 /* Add key usage to PKCS#8 structure */
 
 int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
 {
-	unsigned char us_val;
-	us_val = (unsigned char) usage;
-	if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
-				V_ASN1_BIT_STRING, &us_val, 1))
-		return 1;
-	else
-		return 0;
+    unsigned char us_val;
+    us_val = (unsigned char)usage;
+    if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage,
+                                V_ASN1_BIT_STRING, &us_val, 1))
+        return 1;
+    else
+        return 0;
 }
 
 /* Add a friendlyname to a safebag */
 
 int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name,
-				 int namelen)
+                                int namelen)
 {
-	if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
-				MBSTRING_ASC, (unsigned char *)name, namelen))
-		return 1;
-	else
-		return 0;
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                                MBSTRING_ASC, (unsigned char *)name, namelen))
+        return 1;
+    else
+        return 0;
 }
 
-
 int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag,
-				 const unsigned char *name, int namelen)
+                                const unsigned char *name, int namelen)
 {
-	if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
-				MBSTRING_BMP, name, namelen))
-		return 1;
-	else
-		return 0;
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName,
+                                MBSTRING_BMP, name, namelen))
+        return 1;
+    else
+        return 0;
 }
 
-int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name,
-				 int namelen)
+int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, int namelen)
 {
-	if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
-				MBSTRING_ASC, (unsigned char *)name, namelen))
-		return 1;
-	else
-		return 0;
+    if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name,
+                                MBSTRING_ASC, (unsigned char *)name, namelen))
+        return 1;
+    else
+        return 0;
 }
 
 ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid)
 {
-	X509_ATTRIBUTE *attrib;
-	int i;
-	if (!attrs) return NULL;
-	for (i = 0; i < sk_X509_ATTRIBUTE_num (attrs); i++) {
-		attrib = sk_X509_ATTRIBUTE_value (attrs, i);
-		if (OBJ_obj2nid (attrib->object) == attr_nid) {
-			if (sk_ASN1_TYPE_num (attrib->value.set))
-			    return sk_ASN1_TYPE_value(attrib->value.set, 0);
-			else return NULL;
-		}
-	}
-	return NULL;
+    X509_ATTRIBUTE *attrib;
+    int i;
+    if (!attrs)
+        return NULL;
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(attrs); i++) {
+        attrib = sk_X509_ATTRIBUTE_value(attrs, i);
+        if (OBJ_obj2nid(attrib->object) == attr_nid) {
+            if (sk_ASN1_TYPE_num(attrib->value.set))
+                return sk_ASN1_TYPE_value(attrib->value.set, 0);
+            else
+                return NULL;
+        }
+    }
+    return NULL;
 }
 
 char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag)
 {
-	ASN1_TYPE *atype;
-	if (!(atype = PKCS12_get_attr(bag, NID_friendlyName))) return NULL;
-	if (atype->type != V_ASN1_BMPSTRING) return NULL;
-	return uni2asc(atype->value.bmpstring->data,
-				 atype->value.bmpstring->length);
+    ASN1_TYPE *atype;
+    if (!(atype = PKCS12_get_attr(bag, NID_friendlyName)))
+        return NULL;
+    if (atype->type != V_ASN1_BMPSTRING)
+        return NULL;
+    return uni2asc(atype->value.bmpstring->data,
+                   atype->value.bmpstring->length);
 }
-
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c
index f8b952e2..d75adf52 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crpt.c
@@ -1,6 +1,7 @@
 /* p12_crpt.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -65,66 +66,69 @@
 void PKCS12_PBE_add(void)
 {
 #ifndef OPENSSL_NO_RC4
-EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
-							 PKCS12_PBE_keyivgen);
-EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
-							 PKCS12_PBE_keyivgen);
+    EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(),
+                    PKCS12_PBE_keyivgen);
+    EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(),
+                    PKCS12_PBE_keyivgen);
 #endif
 #ifndef OPENSSL_NO_DES
-EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
-		 	EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
-EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, 
-			EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
+    EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
+                    EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
+    EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC,
+                    EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen);
 #endif
 #ifndef OPENSSL_NO_RC2
-EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
-					EVP_sha1(), PKCS12_PBE_keyivgen);
-EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
-					EVP_sha1(), PKCS12_PBE_keyivgen);
+    EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(),
+                    EVP_sha1(), PKCS12_PBE_keyivgen);
+    EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(),
+                    EVP_sha1(), PKCS12_PBE_keyivgen);
 #endif
 }
 
 int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
-		ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de)
+                        ASN1_TYPE *param, const EVP_CIPHER *cipher,
+                        const EVP_MD *md, int en_de)
 {
-	PBEPARAM *pbe;
-	int saltlen, iter, ret;
-	unsigned char *salt;
-	const unsigned char *pbuf;
-	unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
+    PBEPARAM *pbe;
+    int saltlen, iter, ret;
+    unsigned char *salt;
+    const unsigned char *pbuf;
+    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];
 
-	/* Extract useful info from parameter */
-	if (param == NULL || param->type != V_ASN1_SEQUENCE ||
-	    param->value.sequence == NULL) {
-		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
-		return 0;
-	}
+    /* Extract useful info from parameter */
+    if (param == NULL || param->type != V_ASN1_SEQUENCE ||
+        param->value.sequence == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
+        return 0;
+    }
 
-	pbuf = param->value.sequence->data;
-	if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
-		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_DECODE_ERROR);
-		return 0;
-	}
+    pbuf = param->value.sequence->data;
+    if (!(pbe = d2i_PBEPARAM(NULL, &pbuf, param->value.sequence->length))) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_DECODE_ERROR);
+        return 0;
+    }
 
-	if (!pbe->iter) iter = 1;
-	else iter = ASN1_INTEGER_get (pbe->iter);
-	salt = pbe->salt->data;
-	saltlen = pbe->salt->length;
-	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_KEY_ID,
-			     iter, EVP_CIPHER_key_length(cipher), key, md)) {
-		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_KEY_GEN_ERROR);
-		PBEPARAM_free(pbe);
-		return 0;
-	}
-	if (!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_IV_ID,
-				iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
-		PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN,PKCS12_R_IV_GEN_ERROR);
-		PBEPARAM_free(pbe);
-		return 0;
-	}
-	PBEPARAM_free(pbe);
-	ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
-	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
-	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
-	return ret;
+    if (!pbe->iter)
+        iter = 1;
+    else
+        iter = ASN1_INTEGER_get(pbe->iter);
+    salt = pbe->salt->data;
+    saltlen = pbe->salt->length;
+    if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_KEY_ID,
+                        iter, EVP_CIPHER_key_length(cipher), key, md)) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_KEY_GEN_ERROR);
+        PBEPARAM_free(pbe);
+        return 0;
+    }
+    if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_IV_ID,
+                        iter, EVP_CIPHER_iv_length(cipher), iv, md)) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_KEYIVGEN, PKCS12_R_IV_GEN_ERROR);
+        PBEPARAM_free(pbe);
+        return 0;
+    }
+    PBEPARAM_free(pbe);
+    ret = EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de);
+    OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+    OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+    return ret;
 }
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c
index 3ef3be1c..e9b150ca 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_crt.c
@@ -1,5 +1,6 @@
 /* p12_crt.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,319 +61,301 @@
 #include "cryptlib.h"
 #include <openssl/pkcs12.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
-
-
-static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag);
+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                          PKCS12_SAFEBAG *bag);
 
 static int copy_bag_attr(PKCS12_SAFEBAG *bag, EVP_PKEY *pkey, int nid)
-	{
-	int idx;
-	X509_ATTRIBUTE *attr;
-	idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
-	if (idx < 0)
-		return 1;
-	attr = EVP_PKEY_get_attr(pkey, idx);
-	if (!X509at_add1_attr(&bag->attrib, attr))
-		return 0;
-	return 1;
-	}
+{
+    int idx;
+    X509_ATTRIBUTE *attr;
+    idx = EVP_PKEY_get_attr_by_NID(pkey, nid, -1);
+    if (idx < 0)
+        return 1;
+    attr = EVP_PKEY_get_attr(pkey, idx);
+    if (!X509at_add1_attr(&bag->attrib, attr))
+        return 0;
+    return 1;
+}
 
 PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-	     STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter,
-	     int keytype)
+                      STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter,
+                      int mac_iter, int keytype)
 {
-	PKCS12 *p12 = NULL;
-	STACK_OF(PKCS7) *safes = NULL;
-	STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
-	PKCS12_SAFEBAG *bag = NULL;
-	int i;
-	unsigned char keyid[EVP_MAX_MD_SIZE];
-	unsigned int keyidlen = 0;
-
-	/* Set defaults */
-	if (!nid_cert)
-		{
+    PKCS12 *p12 = NULL;
+    STACK_OF(PKCS7) *safes = NULL;
+    STACK_OF(PKCS12_SAFEBAG) *bags = NULL;
+    PKCS12_SAFEBAG *bag = NULL;
+    int i;
+    unsigned char keyid[EVP_MAX_MD_SIZE];
+    unsigned int keyidlen = 0;
+
+    /* Set defaults */
+    if (!nid_cert) {
 #ifdef OPENSSL_FIPS
-		if (FIPS_mode())
-			nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-		else
+        if (FIPS_mode())
+            nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+        else
 #endif
 #ifdef OPENSSL_NO_RC2
-		nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+            nid_cert = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
 #else
-		nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
+            nid_cert = NID_pbe_WithSHA1And40BitRC2_CBC;
 #endif
-		}
-	if (!nid_key)
-		nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-	if (!iter)
-		iter = PKCS12_DEFAULT_ITER;
-	if (!mac_iter)
-		mac_iter = 1;
-
-	if(!pkey && !cert && !ca)
-		{
-		PKCS12err(PKCS12_F_PKCS12_CREATE,PKCS12_R_INVALID_NULL_ARGUMENT);
-		return NULL;
-		}
-
-	if (pkey && cert)
-		{
-		if(!X509_check_private_key(cert, pkey))
-			return NULL;
-		X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
-		}
-
-	if (cert)
-		{
-		bag = PKCS12_add_cert(&bags, cert);
-		if(name && !PKCS12_add_friendlyname(bag, name, -1))
-			goto err;
-		if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
-			goto err;
-		}
-
-	/* Add all other certificates */
-	for(i = 0; i < sk_X509_num(ca); i++)
-		{
-		if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
-			goto err;
-		}
-
-	if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
-			goto err;
-
-	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-	bags = NULL;
-
-	if (pkey)
-		{
-		bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
-
-		if (!bag)
-			goto err;
-
-		if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
-			goto err;
-		if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
-			goto err;
-
-		if(name && !PKCS12_add_friendlyname(bag, name, -1))
-			goto err;
-		if(keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
-			goto err;
-		}
-
-	if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
-			goto err;
-
-	sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-	bags = NULL;
-
-	p12 = PKCS12_add_safes(safes, 0);
-
-	if (!p12)
-		goto err;
-
-	sk_PKCS7_pop_free(safes, PKCS7_free);
-
-	safes = NULL;
-
-	if ((mac_iter != -1) &&
-		!PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
-	    goto err;
-
-	return p12;
-
-	err:
-
-	if (p12)
-		PKCS12_free(p12);
-	if (safes)
-		sk_PKCS7_pop_free(safes, PKCS7_free);
-	if (bags)
-		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-	return NULL;
+    }
+    if (!nid_key)
+        nid_key = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+    if (!iter)
+        iter = PKCS12_DEFAULT_ITER;
+    if (!mac_iter)
+        mac_iter = 1;
+
+    if (!pkey && !cert && !ca) {
+        PKCS12err(PKCS12_F_PKCS12_CREATE, PKCS12_R_INVALID_NULL_ARGUMENT);
+        return NULL;
+    }
+
+    if (pkey && cert) {
+        if (!X509_check_private_key(cert, pkey))
+            return NULL;
+        X509_digest(cert, EVP_sha1(), keyid, &keyidlen);
+    }
+
+    if (cert) {
+        bag = PKCS12_add_cert(&bags, cert);
+        if (name && !PKCS12_add_friendlyname(bag, name, -1))
+            goto err;
+        if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+            goto err;
+    }
+
+    /* Add all other certificates */
+    for (i = 0; i < sk_X509_num(ca); i++) {
+        if (!PKCS12_add_cert(&bags, sk_X509_value(ca, i)))
+            goto err;
+    }
+
+    if (bags && !PKCS12_add_safe(&safes, bags, nid_cert, iter, pass))
+        goto err;
+
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    bags = NULL;
+
+    if (pkey) {
+        bag = PKCS12_add_key(&bags, pkey, keytype, iter, nid_key, pass);
+
+        if (!bag)
+            goto err;
+
+        if (!copy_bag_attr(bag, pkey, NID_ms_csp_name))
+            goto err;
+        if (!copy_bag_attr(bag, pkey, NID_LocalKeySet))
+            goto err;
+
+        if (name && !PKCS12_add_friendlyname(bag, name, -1))
+            goto err;
+        if (keyidlen && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+            goto err;
+    }
+
+    if (bags && !PKCS12_add_safe(&safes, bags, -1, 0, NULL))
+        goto err;
+
+    sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    bags = NULL;
+
+    p12 = PKCS12_add_safes(safes, 0);
+
+    if (!p12)
+        goto err;
+
+    sk_PKCS7_pop_free(safes, PKCS7_free);
+
+    safes = NULL;
+
+    if ((mac_iter != -1) &&
+        !PKCS12_set_mac(p12, pass, -1, NULL, 0, mac_iter, NULL))
+        goto err;
+
+    return p12;
+
+ err:
+
+    if (p12)
+        PKCS12_free(p12);
+    if (safes)
+        sk_PKCS7_pop_free(safes, PKCS7_free);
+    if (bags)
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    return NULL;
 
 }
 
 PKCS12_SAFEBAG *PKCS12_add_cert(STACK_OF(PKCS12_SAFEBAG) **pbags, X509 *cert)
-	{
-	PKCS12_SAFEBAG *bag = NULL;
-	char *name;
-	int namelen = -1;
-	unsigned char *keyid;
-	int keyidlen = -1;
+{
+    PKCS12_SAFEBAG *bag = NULL;
+    char *name;
+    int namelen = -1;
+    unsigned char *keyid;
+    int keyidlen = -1;
 
-	/* Add user certificate */
-	if(!(bag = PKCS12_x5092certbag(cert)))
-		goto err;
+    /* Add user certificate */
+    if (!(bag = PKCS12_x5092certbag(cert)))
+        goto err;
 
-	/* Use friendlyName and localKeyID in certificate.
-	 * (if present)
-	 */
+    /*
+     * Use friendlyName and localKeyID in certificate. (if present)
+     */
 
-	name = (char *)X509_alias_get0(cert, &namelen);
+    name = (char *)X509_alias_get0(cert, &namelen);
 
-	if(name && !PKCS12_add_friendlyname(bag, name, namelen))
-		goto err;
+    if (name && !PKCS12_add_friendlyname(bag, name, namelen))
+        goto err;
 
-	keyid = X509_keyid_get0(cert, &keyidlen);
+    keyid = X509_keyid_get0(cert, &keyidlen);
 
-	if(keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
-		goto err;
+    if (keyid && !PKCS12_add_localkeyid(bag, keyid, keyidlen))
+        goto err;
 
-	if (!pkcs12_add_bag(pbags, bag))
-		goto err;
+    if (!pkcs12_add_bag(pbags, bag))
+        goto err;
 
-	return bag;
+    return bag;
 
-	err:
+ err:
 
-	if (bag)
-		PKCS12_SAFEBAG_free(bag);
+    if (bag)
+        PKCS12_SAFEBAG_free(bag);
 
-	return NULL;
+    return NULL;
 
-	}
+}
 
-PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags, EVP_PKEY *key,
-						int key_usage, int iter,
-						int nid_key, char *pass)
-	{
+PKCS12_SAFEBAG *PKCS12_add_key(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                               EVP_PKEY *key, int key_usage, int iter,
+                               int nid_key, char *pass)
+{
 
-	PKCS12_SAFEBAG *bag = NULL;
-	PKCS8_PRIV_KEY_INFO *p8 = NULL;
+    PKCS12_SAFEBAG *bag = NULL;
+    PKCS8_PRIV_KEY_INFO *p8 = NULL;
 
-	/* Make a PKCS#8 structure */
-	if(!(p8 = EVP_PKEY2PKCS8(key)))
-		goto err;
-	if(key_usage && !PKCS8_add_keyusage(p8, key_usage))
-		goto err;
-	if (nid_key != -1)
-		{
-		bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
-		PKCS8_PRIV_KEY_INFO_free(p8);
-		}
-	else
-		bag = PKCS12_MAKE_KEYBAG(p8);
+    /* Make a PKCS#8 structure */
+    if (!(p8 = EVP_PKEY2PKCS8(key)))
+        goto err;
+    if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
+        goto err;
+    if (nid_key != -1) {
+        bag = PKCS12_MAKE_SHKEYBAG(nid_key, pass, -1, NULL, 0, iter, p8);
+        PKCS8_PRIV_KEY_INFO_free(p8);
+    } else
+        bag = PKCS12_MAKE_KEYBAG(p8);
 
-	if(!bag)
-		goto err;
+    if (!bag)
+        goto err;
 
-	if (!pkcs12_add_bag(pbags, bag))
-		goto err;
+    if (!pkcs12_add_bag(pbags, bag))
+        goto err;
 
-	return bag;
+    return bag;
 
-	err:
+ err:
 
-	if (bag)
-		PKCS12_SAFEBAG_free(bag);
+    if (bag)
+        PKCS12_SAFEBAG_free(bag);
 
-	return NULL;
+    return NULL;
 
-	}
+}
 
 int PKCS12_add_safe(STACK_OF(PKCS7) **psafes, STACK_OF(PKCS12_SAFEBAG) *bags,
-						int nid_safe, int iter, char *pass)
-	{
-	PKCS7 *p7 = NULL;
-	int free_safes = 0;
-
-	if (!*psafes)
-		{
-		*psafes = sk_PKCS7_new_null();
-		if (!*psafes)
-			return 0;
-		free_safes = 1;
-		}
-	else
-		free_safes = 0;
-
-	if (nid_safe == 0)
+                    int nid_safe, int iter, char *pass)
+{
+    PKCS7 *p7 = NULL;
+    int free_safes = 0;
+
+    if (!*psafes) {
+        *psafes = sk_PKCS7_new_null();
+        if (!*psafes)
+            return 0;
+        free_safes = 1;
+    } else
+        free_safes = 0;
+
+    if (nid_safe == 0)
 #ifdef OPENSSL_NO_RC2
-		nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
+        nid_safe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
 #else
-		nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
+        nid_safe = NID_pbe_WithSHA1And40BitRC2_CBC;
 #endif
 
-	if (nid_safe == -1)
-		p7 = PKCS12_pack_p7data(bags);
-	else
-		p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0,
-					  iter, bags);
-	if (!p7)
-		goto err;
-
-	if (!sk_PKCS7_push(*psafes, p7))
-		goto err;
-
-	return 1;
-
-	err:
-	if (free_safes)
-		{
-		sk_PKCS7_free(*psafes);
-		*psafes = NULL;
-		}
-
-	if (p7)
-		PKCS7_free(p7);
-
-	return 0;
-
-	}
-
-static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags, PKCS12_SAFEBAG *bag)
-	{
-	int free_bags;
-	if (!pbags)
-		return 1;
-	if (!*pbags)
-		{
-		*pbags = sk_PKCS12_SAFEBAG_new_null();
-		if (!*pbags)
-			return 0;
-		free_bags = 1;
-		}
-	else 
-		free_bags = 0;
-
-	if (!sk_PKCS12_SAFEBAG_push(*pbags, bag))
-		{
-		if (free_bags)
-			{
-			sk_PKCS12_SAFEBAG_free(*pbags);
-			*pbags = NULL;
-			}
-		return 0;
-		}
-
-	return 1;
-
-	}
-		
+    if (nid_safe == -1)
+        p7 = PKCS12_pack_p7data(bags);
+    else
+        p7 = PKCS12_pack_p7encdata(nid_safe, pass, -1, NULL, 0, iter, bags);
+    if (!p7)
+        goto err;
+
+    if (!sk_PKCS7_push(*psafes, p7))
+        goto err;
+
+    return 1;
+
+ err:
+    if (free_safes) {
+        sk_PKCS7_free(*psafes);
+        *psafes = NULL;
+    }
+
+    if (p7)
+        PKCS7_free(p7);
+
+    return 0;
+
+}
+
+static int pkcs12_add_bag(STACK_OF(PKCS12_SAFEBAG) **pbags,
+                          PKCS12_SAFEBAG *bag)
+{
+    int free_bags;
+    if (!pbags)
+        return 1;
+    if (!*pbags) {
+        *pbags = sk_PKCS12_SAFEBAG_new_null();
+        if (!*pbags)
+            return 0;
+        free_bags = 1;
+    } else
+        free_bags = 0;
+
+    if (!sk_PKCS12_SAFEBAG_push(*pbags, bag)) {
+        if (free_bags) {
+            sk_PKCS12_SAFEBAG_free(*pbags);
+            *pbags = NULL;
+        }
+        return 0;
+    }
+
+    return 1;
+
+}
 
 PKCS12 *PKCS12_add_safes(STACK_OF(PKCS7) *safes, int nid_p7)
-	{
-	PKCS12 *p12;
-	if (nid_p7 <= 0)
-		nid_p7 = NID_pkcs7_data;
-	p12 = PKCS12_init(nid_p7);
+{
+    PKCS12 *p12;
+    if (nid_p7 <= 0)
+        nid_p7 = NID_pkcs7_data;
+    p12 = PKCS12_init(nid_p7);
 
-	if (!p12)
-		return NULL;
+    if (!p12)
+        return NULL;
 
-	if(!PKCS12_pack_authsafes(p12, safes))
-		{
-		PKCS12_free(p12);
-		return NULL;
-		}
+    if (!PKCS12_pack_authsafes(p12, safes)) {
+        PKCS12_free(p12);
+        return NULL;
+    }
 
-	return p12;
+    return p12;
 
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c
index ba77dbbe..af0b7f83 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_decr.c
@@ -1,6 +1,7 @@
 /* p12_decr.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,117 +62,131 @@
 #include <openssl/pkcs12.h>
 
 /* Define this to dump decrypted output to files called DERnnn */
-/*#define DEBUG_DECRYPT*/
-
+/*
+ * #define DEBUG_DECRYPT
+ */
 
-/* Encrypt/Decrypt a buffer based on password and algor, result in a
+/*
+ * Encrypt/Decrypt a buffer based on password and algor, result in a
  * OPENSSL_malloc'ed buffer
  */
 
-unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
-	     int passlen, unsigned char *in, int inlen, unsigned char **data,
-	     int *datalen, int en_de)
+unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass,
+                                int passlen, unsigned char *in, int inlen,
+                                unsigned char **data, int *datalen, int en_de)
 {
-	unsigned char *out;
-	int outlen, i;
-	EVP_CIPHER_CTX ctx;
-
-	EVP_CIPHER_CTX_init(&ctx);
-	/* Decrypt data */
-        if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
-					 algor->parameter, &ctx, en_de)) {
-		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
-		return NULL;
-	}
-
-	if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
-		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	EVP_CipherUpdate(&ctx, out, &i, in, inlen);
-	outlen = i;
-	if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
-		OPENSSL_free(out);
-		out = NULL;
-		PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
-		goto err;
-	}
-	outlen += i;
-	if (datalen) *datalen = outlen;
-	if (data) *data = out;
-	err:
-	EVP_CIPHER_CTX_cleanup(&ctx);
-	return out;
+    unsigned char *out;
+    int outlen, i;
+    EVP_CIPHER_CTX ctx;
+
+    EVP_CIPHER_CTX_init(&ctx);
+    /* Decrypt data */
+    if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen,
+                            algor->parameter, &ctx, en_de)) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
+                  PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR);
+        return NULL;
+    }
+
+    if (!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) {
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    EVP_CipherUpdate(&ctx, out, &i, in, inlen);
+    outlen = i;
+    if (!EVP_CipherFinal_ex(&ctx, out + i, &i)) {
+        OPENSSL_free(out);
+        out = NULL;
+        PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,
+                  PKCS12_R_PKCS12_CIPHERFINAL_ERROR);
+        goto err;
+    }
+    outlen += i;
+    if (datalen)
+        *datalen = outlen;
+    if (data)
+        *data = out;
+ err:
+    EVP_CIPHER_CTX_cleanup(&ctx);
+    return out;
 
 }
 
-/* Decrypt an OCTET STRING and decode ASN1 structure 
- * if zbuf set zero buffer after use.
+/*
+ * Decrypt an OCTET STRING and decode ASN1 structure if zbuf set zero buffer
+ * after use.
  */
 
-void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
-	     const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
+void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
+                              const char *pass, int passlen,
+                              ASN1_OCTET_STRING *oct, int zbuf)
 {
-	unsigned char *out;
-	const unsigned char *p;
-	void *ret;
-	int outlen;
-
-	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
-			       &out, &outlen, 0)) {
-		PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
-		return NULL;
-	}
-	p = out;
+    unsigned char *out;
+    const unsigned char *p;
+    void *ret;
+    int outlen;
+
+    if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
+                          &out, &outlen, 0)) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,
+                  PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
+        return NULL;
+    }
+    p = out;
 #ifdef DEBUG_DECRYPT
-	{
-		FILE *op;
-
-		char fname[30];
-		static int fnm = 1;
-		sprintf(fname, "DER%d", fnm++);
-		op = fopen(fname, "wb");
-		fwrite (p, 1, outlen, op);
-		fclose(op);
-	}
+    {
+        FILE *op;
+
+        char fname[30];
+        static int fnm = 1;
+        sprintf(fname, "DER%d", fnm++);
+        op = fopen(fname, "wb");
+        fwrite(p, 1, outlen, op);
+        fclose(op);
+    }
 #endif
-	ret = ASN1_item_d2i(NULL, &p, outlen, it);
-	if (zbuf) OPENSSL_cleanse(out, outlen);
-	if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
-	OPENSSL_free(out);
-	return ret;
+    ret = ASN1_item_d2i(NULL, &p, outlen, it);
+    if (zbuf)
+        OPENSSL_cleanse(out, outlen);
+    if (!ret)
+        PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR);
+    OPENSSL_free(out);
+    return ret;
 }
 
-/* Encode ASN1 structure and encrypt, return OCTET STRING 
- * if zbuf set zero encoding.
+/*
+ * Encode ASN1 structure and encrypt, return OCTET STRING if zbuf set zero
+ * encoding.
  */
 
-ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it,
-				       const char *pass, int passlen,
-				       void *obj, int zbuf)
+ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor,
+                                           const ASN1_ITEM *it,
+                                           const char *pass, int passlen,
+                                           void *obj, int zbuf)
 {
-	ASN1_OCTET_STRING *oct;
-	unsigned char *in = NULL;
-	int inlen;
-	if (!(oct = M_ASN1_OCTET_STRING_new ())) {
-		PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	inlen = ASN1_item_i2d(obj, &in, it);
-	if (!in) {
-		PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR);
-		return NULL;
-	}
-	if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
-				 &oct->length, 1)) {
-		PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR);
-		OPENSSL_free(in);
-		return NULL;
-	}
-	if (zbuf) OPENSSL_cleanse(in, inlen);
-	OPENSSL_free(in);
-	return oct;
+    ASN1_OCTET_STRING *oct;
+    unsigned char *in = NULL;
+    int inlen;
+    if (!(oct = M_ASN1_OCTET_STRING_new())) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    inlen = ASN1_item_i2d(obj, &in, it);
+    if (!in) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCODE_ERROR);
+        return NULL;
+    }
+    if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data,
+                          &oct->length, 1)) {
+        PKCS12err(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
+        OPENSSL_free(in);
+        return NULL;
+    }
+    if (zbuf)
+        OPENSSL_cleanse(in, inlen);
+    OPENSSL_free(in);
+    return oct;
 }
 
 IMPLEMENT_PKCS12_STACK_OF(PKCS7)
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c
index d4d84b05..0322df94 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_init.c
@@ -1,6 +1,7 @@
 /* p12_init.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,29 +65,28 @@
 
 PKCS12 *PKCS12_init(int mode)
 {
-	PKCS12 *pkcs12;
-	if (!(pkcs12 = PKCS12_new())) {
-		PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	ASN1_INTEGER_set(pkcs12->version, 3);
-	pkcs12->authsafes->type = OBJ_nid2obj(mode);
-	switch (mode) {
-		case NID_pkcs7_data:
-			if (!(pkcs12->authsafes->d.data =
-				 M_ASN1_OCTET_STRING_new())) {
-			PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		break;
-		default:
-			PKCS12err(PKCS12_F_PKCS12_INIT,
-				PKCS12_R_UNSUPPORTED_PKCS12_MODE);
-			goto err;
-	}
-		
-	return pkcs12;
-err:
-	if (pkcs12 != NULL) PKCS12_free(pkcs12);
-	return NULL;
+    PKCS12 *pkcs12;
+    if (!(pkcs12 = PKCS12_new())) {
+        PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    ASN1_INTEGER_set(pkcs12->version, 3);
+    pkcs12->authsafes->type = OBJ_nid2obj(mode);
+    switch (mode) {
+    case NID_pkcs7_data:
+        if (!(pkcs12->authsafes->d.data = M_ASN1_OCTET_STRING_new())) {
+            PKCS12err(PKCS12_F_PKCS12_INIT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        break;
+    default:
+        PKCS12err(PKCS12_F_PKCS12_INIT, PKCS12_R_UNSUPPORTED_PKCS12_MODE);
+        goto err;
+    }
+
+    return pkcs12;
+ err:
+    if (pkcs12 != NULL)
+        PKCS12_free(pkcs12);
+    return NULL;
 }
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c
index 03cbcd8a..dcccc105 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_key.c
@@ -1,6 +1,7 @@
 /* p12_key.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,157 +63,172 @@
 #include <openssl/bn.h>
 
 /* Uncomment out this line to get debugging info about key generation */
-/*#define DEBUG_KEYGEN*/
+/*
+ * #define DEBUG_KEYGEN
+ */
 #ifdef DEBUG_KEYGEN
-#include <openssl/bio.h>
+# include <openssl/bio.h>
 extern BIO *bio_err;
-void h__dump (unsigned char *p, int len);
+void h__dump(unsigned char *p, int len);
 #endif
 
 #ifdef OPENSSL_SYS_NETWARE
 /* Rename these functions to avoid name clashes on NetWare OS */
-#define uni2asc OPENSSL_uni2asc
-#define asc2uni OPENSSL_asc2uni
+# define uni2asc OPENSSL_uni2asc
+# define asc2uni OPENSSL_asc2uni
 #endif
 
 /* PKCS12 compatible key/IV generation */
 #ifndef min
-#define min(a,b) ((a) < (b) ? (a) : (b))
+# define min(a,b) ((a) < (b) ? (a) : (b))
 #endif
 
 int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt,
-	     int saltlen, int id, int iter, int n, unsigned char *out,
-	     const EVP_MD *md_type)
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type)
 {
-	int ret;
-	unsigned char *unipass;
-	int uniplen;
-	if(!pass) {
-		unipass = NULL;
-		uniplen = 0;
-	} else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
-		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
-						 id, iter, n, out, md_type);
-	if(unipass) {
-		OPENSSL_cleanse(unipass, uniplen);	/* Clear password from memory */
-		OPENSSL_free(unipass);
-	}
-	return ret;
+    int ret;
+    unsigned char *unipass;
+    int uniplen;
+    if (!pass) {
+        unipass = NULL;
+        uniplen = 0;
+    } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) {
+        PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+                             id, iter, n, out, md_type);
+    if (unipass) {
+        OPENSSL_cleanse(unipass, uniplen); /* Clear password from memory */
+        OPENSSL_free(unipass);
+    }
+    return ret;
 }
 
 int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt,
-	     int saltlen, int id, int iter, int n, unsigned char *out,
-	     const EVP_MD *md_type)
+                       int saltlen, int id, int iter, int n,
+                       unsigned char *out, const EVP_MD *md_type)
 {
-	unsigned char *B, *D, *I, *p, *Ai;
-	int Slen, Plen, Ilen, Ijlen;
-	int i, j, u, v;
-	int ret = 0;
-	BIGNUM *Ij, *Bpl1;	/* These hold Ij and B + 1 */
-	EVP_MD_CTX ctx;
+    unsigned char *B, *D, *I, *p, *Ai;
+    int Slen, Plen, Ilen, Ijlen;
+    int i, j, u, v;
+    int ret = 0;
+    BIGNUM *Ij, *Bpl1;          /* These hold Ij and B + 1 */
+    EVP_MD_CTX ctx;
 #ifdef  DEBUG_KEYGEN
-	unsigned char *tmpout = out;
-	int tmpn = n;
+    unsigned char *tmpout = out;
+    int tmpn = n;
 #endif
 
 #if 0
-	if (!pass) {
-		PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-	}
+    if (!pass) {
+        PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
 #endif
 
-	EVP_MD_CTX_init(&ctx);
+    EVP_MD_CTX_init(&ctx);
 #ifdef  DEBUG_KEYGEN
-	fprintf(stderr, "KEYGEN DEBUG\n");
-	fprintf(stderr, "ID %d, ITER %d\n", id, iter);
-	fprintf(stderr, "Password (length %d):\n", passlen);
-	h__dump(pass, passlen);
-	fprintf(stderr, "Salt (length %d):\n", saltlen);
-	h__dump(salt, saltlen);
+    fprintf(stderr, "KEYGEN DEBUG\n");
+    fprintf(stderr, "ID %d, ITER %d\n", id, iter);
+    fprintf(stderr, "Password (length %d):\n", passlen);
+    h__dump(pass, passlen);
+    fprintf(stderr, "Salt (length %d):\n", saltlen);
+    h__dump(salt, saltlen);
 #endif
-	v = EVP_MD_block_size (md_type);
-	u = EVP_MD_size (md_type);
-	D = OPENSSL_malloc (v);
-	Ai = OPENSSL_malloc (u);
-	B = OPENSSL_malloc (v + 1);
-	Slen = v * ((saltlen+v-1)/v);
-	if(passlen) Plen = v * ((passlen+v-1)/v);
-	else Plen = 0;
-	Ilen = Slen + Plen;
-	I = OPENSSL_malloc (Ilen);
-	Ij = BN_new();
-	Bpl1 = BN_new();
-	if (!D || !Ai || !B || !I || !Ij || !Bpl1)
-		goto err;
-	for (i = 0; i < v; i++) D[i] = id;
-	p = I;
-	for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen];
-	for (i = 0; i < Plen; i++) *p++ = pass[i % passlen];
-	for (;;) {
-		EVP_DigestInit_ex(&ctx, md_type, NULL);
-		EVP_DigestUpdate(&ctx, D, v);
-		EVP_DigestUpdate(&ctx, I, Ilen);
-		EVP_DigestFinal_ex(&ctx, Ai, NULL);
-		for (j = 1; j < iter; j++) {
-			EVP_DigestInit_ex(&ctx, md_type, NULL);
-			EVP_DigestUpdate(&ctx, Ai, u);
-			EVP_DigestFinal_ex(&ctx, Ai, NULL);
-		}
-		memcpy (out, Ai, min (n, u));
-		if (u >= n) {
+    v = EVP_MD_block_size(md_type);
+    u = EVP_MD_size(md_type);
+    D = OPENSSL_malloc(v);
+    Ai = OPENSSL_malloc(u);
+    B = OPENSSL_malloc(v + 1);
+    Slen = v * ((saltlen + v - 1) / v);
+    if (passlen)
+        Plen = v * ((passlen + v - 1) / v);
+    else
+        Plen = 0;
+    Ilen = Slen + Plen;
+    I = OPENSSL_malloc(Ilen);
+    Ij = BN_new();
+    Bpl1 = BN_new();
+    if (!D || !Ai || !B || !I || !Ij || !Bpl1)
+        goto err;
+    for (i = 0; i < v; i++)
+        D[i] = id;
+    p = I;
+    for (i = 0; i < Slen; i++)
+        *p++ = salt[i % saltlen];
+    for (i = 0; i < Plen; i++)
+        *p++ = pass[i % passlen];
+    for (;;) {
+        EVP_DigestInit_ex(&ctx, md_type, NULL);
+        EVP_DigestUpdate(&ctx, D, v);
+        EVP_DigestUpdate(&ctx, I, Ilen);
+        EVP_DigestFinal_ex(&ctx, Ai, NULL);
+        for (j = 1; j < iter; j++) {
+            EVP_DigestInit_ex(&ctx, md_type, NULL);
+            EVP_DigestUpdate(&ctx, Ai, u);
+            EVP_DigestFinal_ex(&ctx, Ai, NULL);
+        }
+        memcpy(out, Ai, min(n, u));
+        if (u >= n) {
 #ifdef DEBUG_KEYGEN
-			fprintf(stderr, "Output KEY (length %d)\n", tmpn);
-			h__dump(tmpout, tmpn);
+            fprintf(stderr, "Output KEY (length %d)\n", tmpn);
+            h__dump(tmpout, tmpn);
 #endif
-			ret = 1;
-			goto end;
-		}
-		n -= u;
-		out += u;
-		for (j = 0; j < v; j++) B[j] = Ai[j % u];
-		/* Work out B + 1 first then can use B as tmp space */
-		if (!BN_bin2bn (B, v, Bpl1)) goto err;
-		if (!BN_add_word (Bpl1, 1)) goto err;
-		for (j = 0; j < Ilen ; j+=v) {
-			if (!BN_bin2bn (I + j, v, Ij)) goto err;
-			if (!BN_add (Ij, Ij, Bpl1)) goto err;
-			BN_bn2bin (Ij, B);
-			Ijlen = BN_num_bytes (Ij);
-			/* If more than 2^(v*8) - 1 cut off MSB */
-			if (Ijlen > v) {
-				BN_bn2bin (Ij, B);
-				memcpy (I + j, B + 1, v);
+            ret = 1;
+            goto end;
+        }
+        n -= u;
+        out += u;
+        for (j = 0; j < v; j++)
+            B[j] = Ai[j % u];
+        /* Work out B + 1 first then can use B as tmp space */
+        if (!BN_bin2bn(B, v, Bpl1))
+            goto err;
+        if (!BN_add_word(Bpl1, 1))
+            goto err;
+        for (j = 0; j < Ilen; j += v) {
+            if (!BN_bin2bn(I + j, v, Ij))
+                goto err;
+            if (!BN_add(Ij, Ij, Bpl1))
+                goto err;
+            BN_bn2bin(Ij, B);
+            Ijlen = BN_num_bytes(Ij);
+            /* If more than 2^(v*8) - 1 cut off MSB */
+            if (Ijlen > v) {
+                BN_bn2bin(Ij, B);
+                memcpy(I + j, B + 1, v);
 #ifndef PKCS12_BROKEN_KEYGEN
-			/* If less than v bytes pad with zeroes */
-			} else if (Ijlen < v) {
-				memset(I + j, 0, v - Ijlen);
-				BN_bn2bin(Ij, I + j + v - Ijlen); 
+                /* If less than v bytes pad with zeroes */
+            } else if (Ijlen < v) {
+                memset(I + j, 0, v - Ijlen);
+                BN_bn2bin(Ij, I + j + v - Ijlen);
 #endif
-			} else BN_bn2bin (Ij, I + j);
-		}
-	}
+            } else
+                BN_bn2bin(Ij, I + j);
+        }
+    }
 
-err:
-	PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_MALLOC_FAILURE);
+ err:
+    PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI, ERR_R_MALLOC_FAILURE);
 
-end:
-	OPENSSL_free (Ai);
-	OPENSSL_free (B);
-	OPENSSL_free (D);
-	OPENSSL_free (I);
-	BN_free (Ij);
-	BN_free (Bpl1);
-	EVP_MD_CTX_cleanup(&ctx);
-	return ret;
+ end:
+    OPENSSL_free(Ai);
+    OPENSSL_free(B);
+    OPENSSL_free(D);
+    OPENSSL_free(I);
+    BN_free(Ij);
+    BN_free(Bpl1);
+    EVP_MD_CTX_cleanup(&ctx);
+    return ret;
 }
+
 #ifdef DEBUG_KEYGEN
-void h__dump (unsigned char *p, int len)
+void h__dump(unsigned char *p, int len)
 {
-	for (; len --; p++) fprintf(stderr, "%02X", *p);
-	fprintf(stderr, "\n");	
+    for (; len--; p++)
+        fprintf(stderr, "%02X", *p);
+    fprintf(stderr, "\n");
 }
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c
index bdbbbecf..819251c3 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_kiss.c
@@ -1,6 +1,7 @@
 /* p12_kiss.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,134 +63,145 @@
 
 /* Simplified PKCS#12 routines */
 
-static int parse_pk12( PKCS12 *p12, const char *pass, int passlen,
-		EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
-
-static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
-		       int passlen, EVP_PKEY **pkey, X509 **cert,
-		       STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
-		       char *keymatch);
+static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
+                      EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
 
-static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-			EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
-			ASN1_OCTET_STRING **keyid, char *keymatch);
+static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
+                      int passlen, EVP_PKEY **pkey, X509 **cert,
+                      STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
+                      char *keymatch);
 
-/* Parse and decrypt a PKCS#12 structure returning user key, user cert
- * and other (CA) certs. Note either ca should be NULL, *ca should be NULL,
- * or it should point to a valid STACK structure. pkey and cert can be
- * passed unitialised.
+static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
+                     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+                     ASN1_OCTET_STRING **keyid, char *keymatch);
+
+/*
+ * Parse and decrypt a PKCS#12 structure returning user key, user cert and
+ * other (CA) certs. Note either ca should be NULL, *ca should be NULL, or it
+ * should point to a valid STACK structure. pkey and cert can be passed
+ * unitialised.
  */
 
 int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
-	     STACK_OF(X509) **ca)
+                 STACK_OF(X509) **ca)
 {
 
-	/* Check for NULL PKCS12 structure */
-
-	if(!p12) {
-		PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
-		return 0;
-	}
-
-	/* Allocate stack for ca certificates if needed */
-	if ((ca != NULL) && (*ca == NULL)) {
-		if (!(*ca = sk_X509_new_null())) {
-			PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-	}
-
-	if(pkey) *pkey = NULL;
-	if(cert) *cert = NULL;
-
-	/* Check the mac */
-
-	/* If password is zero length or NULL then try verifying both cases
-	 * to determine which password is correct. The reason for this is that
-	 * under PKCS#12 password based encryption no password and a zero length
-	 * password are two different things...
-	 */
-
-	if(!pass || !*pass) {
-		if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL;
-		else if(PKCS12_verify_mac(p12, "", 0)) pass = "";
-		else {
-			PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
-			goto err;
-		}
-	} else if (!PKCS12_verify_mac(p12, pass, -1)) {
-		PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE);
-		goto err;
-	}
-
-	if (!parse_pk12 (p12, pass, -1, pkey, cert, ca))
-		{
-		PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR);
-		goto err;
-		}
-
-	return 1;
+    /* Check for NULL PKCS12 structure */
+
+    if (!p12) {
+        PKCS12err(PKCS12_F_PKCS12_PARSE,
+                  PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+        return 0;
+    }
+
+    /* Allocate stack for ca certificates if needed */
+    if ((ca != NULL) && (*ca == NULL)) {
+        if (!(*ca = sk_X509_new_null())) {
+            PKCS12err(PKCS12_F_PKCS12_PARSE, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    if (pkey)
+        *pkey = NULL;
+    if (cert)
+        *cert = NULL;
+
+    /* Check the mac */
+
+    /*
+     * If password is zero length or NULL then try verifying both cases to
+     * determine which password is correct. The reason for this is that under
+     * PKCS#12 password based encryption no password and a zero length
+     * password are two different things...
+     */
+
+    if (!pass || !*pass) {
+        if (PKCS12_verify_mac(p12, NULL, 0))
+            pass = NULL;
+        else if (PKCS12_verify_mac(p12, "", 0))
+            pass = "";
+        else {
+            PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
+            goto err;
+        }
+    } else if (!PKCS12_verify_mac(p12, pass, -1)) {
+        PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_MAC_VERIFY_FAILURE);
+        goto err;
+    }
+
+    if (!parse_pk12(p12, pass, -1, pkey, cert, ca)) {
+        PKCS12err(PKCS12_F_PKCS12_PARSE, PKCS12_R_PARSE_ERROR);
+        goto err;
+    }
+
+    return 1;
 
  err:
 
-	if (pkey && *pkey) EVP_PKEY_free(*pkey);
-	if (cert && *cert) X509_free(*cert);
-	if (ca) sk_X509_pop_free(*ca, X509_free);
-	return 0;
+    if (pkey && *pkey)
+        EVP_PKEY_free(*pkey);
+    if (cert && *cert)
+        X509_free(*cert);
+    if (ca)
+        sk_X509_pop_free(*ca, X509_free);
+    return 0;
 
 }
 
 /* Parse the outer PKCS#12 structure */
 
 static int parse_pk12(PKCS12 *p12, const char *pass, int passlen,
-	     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
+                      EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca)
 {
-	STACK_OF(PKCS7) *asafes;
-	STACK_OF(PKCS12_SAFEBAG) *bags;
-	int i, bagnid;
-	PKCS7 *p7;
-	ASN1_OCTET_STRING *keyid = NULL;
-
-	char keymatch = 0;
-	if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0;
-	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
-		p7 = sk_PKCS7_value (asafes, i);
-		bagnid = OBJ_obj2nid (p7->type);
-		if (bagnid == NID_pkcs7_data) {
-			bags = PKCS12_unpack_p7data(p7);
-		} else if (bagnid == NID_pkcs7_encrypted) {
-			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
-		} else continue;
-		if (!bags) {
-			sk_PKCS7_pop_free(asafes, PKCS7_free);
-			return 0;
-		}
-	    	if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
-							 &keyid, &keymatch)) {
-			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-			sk_PKCS7_pop_free(asafes, PKCS7_free);
-			return 0;
-		}
-		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-	}
-	sk_PKCS7_pop_free(asafes, PKCS7_free);
-	if (keyid) M_ASN1_OCTET_STRING_free(keyid);
-	return 1;
+    STACK_OF(PKCS7) *asafes;
+    STACK_OF(PKCS12_SAFEBAG) *bags;
+    int i, bagnid;
+    PKCS7 *p7;
+    ASN1_OCTET_STRING *keyid = NULL;
+
+    char keymatch = 0;
+    if (!(asafes = PKCS12_unpack_authsafes(p12)))
+        return 0;
+    for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+        p7 = sk_PKCS7_value(asafes, i);
+        bagnid = OBJ_obj2nid(p7->type);
+        if (bagnid == NID_pkcs7_data) {
+            bags = PKCS12_unpack_p7data(p7);
+        } else if (bagnid == NID_pkcs7_encrypted) {
+            bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
+        } else
+            continue;
+        if (!bags) {
+            sk_PKCS7_pop_free(asafes, PKCS7_free);
+            return 0;
+        }
+        if (!parse_bags(bags, pass, passlen, pkey, cert, ca,
+                        &keyid, &keymatch)) {
+            sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+            sk_PKCS7_pop_free(asafes, PKCS7_free);
+            return 0;
+        }
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+    }
+    sk_PKCS7_pop_free(asafes, PKCS7_free);
+    if (keyid)
+        M_ASN1_OCTET_STRING_free(keyid);
+    return 1;
 }
 
-
 static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
-		      int passlen, EVP_PKEY **pkey, X509 **cert,
-		      STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
-		      char *keymatch)
+                      int passlen, EVP_PKEY **pkey, X509 **cert,
+                      STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid,
+                      char *keymatch)
 {
-	int i;
-	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
-		if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i),
-			 pass, passlen, pkey, cert, ca, keyid,
-							 keymatch)) return 0;
-	}
-	return 1;
+    int i;
+    for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+        if (!parse_bag(sk_PKCS12_SAFEBAG_value(bags, i),
+                       pass, passlen, pkey, cert, ca, keyid, keymatch))
+            return 0;
+    }
+    return 1;
 }
 
 #define MATCH_KEY  0x1
@@ -197,101 +209,104 @@ static int parse_bags(STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass,
 #define MATCH_ALL  0x3
 
 static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen,
-		     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
-		     ASN1_OCTET_STRING **keyid,
-		     char *keymatch)
+                     EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca,
+                     ASN1_OCTET_STRING **keyid, char *keymatch)
 {
-	PKCS8_PRIV_KEY_INFO *p8;
-	X509 *x509;
-	ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
-	ASN1_TYPE *attrib;
-	ASN1_BMPSTRING *fname = NULL;
-
-	if ((attrib = PKCS12_get_attr (bag, NID_friendlyName)))
-		fname = attrib->value.bmpstring;
-
-	if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) {
-		lkey = attrib->value.octet_string;
-		ckid = lkey;
-	}
-
-	/* Check for any local key id matching (if needed) */
-	if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
-		if (*keyid) {
-			if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL;
-		} else {
-			if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
-				PKCS12err(PKCS12_F_PARSE_BAG,ERR_R_MALLOC_FAILURE);
-				return 0;
-		    }
-		}
-	}
-	
-	switch (M_PKCS12_bag_type(bag))
-	{
-	case NID_keyBag:
-		if (!lkey || !pkey) return 1;	
-		if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0;
-		*keymatch |= MATCH_KEY;
-	break;
-
-	case NID_pkcs8ShroudedKeyBag:
-		if (!lkey || !pkey) return 1;	
-		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
-				return 0;
-		*pkey = EVP_PKCS82PKEY(p8);
-		PKCS8_PRIV_KEY_INFO_free(p8);
-		if (!(*pkey)) return 0;
-		*keymatch |= MATCH_KEY;
-	break;
-
-	case NID_certBag:
-		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
-								 return 1;
-		if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
-		if(ckid)
-			{
-			if (!X509_keyid_set1(x509, ckid->data, ckid->length))
-				{
-				X509_free(x509);
-				return 0;
-				}
-			}
-		if(fname) {
-			int len, r;
-			unsigned char *data;
-			len = ASN1_STRING_to_UTF8(&data, fname);
-			if(len >= 0) {
-				r = X509_alias_set1(x509, data, len);
-				OPENSSL_free(data);
-				if (!r)
-					{
-					X509_free(x509);
-					return 0;
-					}
-			}
-		}
-
-
-		if (lkey) {
-			*keymatch |= MATCH_CERT;
-			if (cert) *cert = x509;
-			else X509_free(x509);
-		} else {
-			if(ca) sk_X509_push (*ca, x509);
-			else X509_free(x509);
-		}
-	break;
-
-	case NID_safeContentsBag:
-		return parse_bags(bag->value.safes, pass, passlen,
-			 		pkey, cert, ca, keyid, keymatch);
-	break;
-
-	default:
-		return 1;
-	break;
-	}
-	return 1;
+    PKCS8_PRIV_KEY_INFO *p8;
+    X509 *x509;
+    ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL;
+    ASN1_TYPE *attrib;
+    ASN1_BMPSTRING *fname = NULL;
+
+    if ((attrib = PKCS12_get_attr(bag, NID_friendlyName)))
+        fname = attrib->value.bmpstring;
+
+    if ((attrib = PKCS12_get_attr(bag, NID_localKeyID))) {
+        lkey = attrib->value.octet_string;
+        ckid = lkey;
+    }
+
+    /* Check for any local key id matching (if needed) */
+    if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) {
+        if (*keyid) {
+            if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey))
+                lkey = NULL;
+        } else {
+            if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) {
+                PKCS12err(PKCS12_F_PARSE_BAG, ERR_R_MALLOC_FAILURE);
+                return 0;
+            }
+        }
+    }
+
+    switch (M_PKCS12_bag_type(bag)) {
+    case NID_keyBag:
+        if (!lkey || !pkey)
+            return 1;
+        if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag)))
+            return 0;
+        *keymatch |= MATCH_KEY;
+        break;
+
+    case NID_pkcs8ShroudedKeyBag:
+        if (!lkey || !pkey)
+            return 1;
+        if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
+            return 0;
+        *pkey = EVP_PKCS82PKEY(p8);
+        PKCS8_PRIV_KEY_INFO_free(p8);
+        if (!(*pkey))
+            return 0;
+        *keymatch |= MATCH_KEY;
+        break;
+
+    case NID_certBag:
+        if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
+            return 1;
+        if (!(x509 = PKCS12_certbag2x509(bag)))
+            return 0;
+        if (ckid) {
+            if (!X509_keyid_set1(x509, ckid->data, ckid->length)) {
+                X509_free(x509);
+                return 0;
+            }
+        }
+        if (fname) {
+            int len, r;
+            unsigned char *data;
+            len = ASN1_STRING_to_UTF8(&data, fname);
+            if (len >= 0) {
+                r = X509_alias_set1(x509, data, len);
+                OPENSSL_free(data);
+                if (!r) {
+                    X509_free(x509);
+                    return 0;
+                }
+            }
+        }
+
+        if (lkey) {
+            *keymatch |= MATCH_CERT;
+            if (cert)
+                *cert = x509;
+            else
+                X509_free(x509);
+        } else {
+            if (ca)
+                sk_X509_push(*ca, x509);
+            else
+                X509_free(x509);
+        }
+        break;
+
+    case NID_safeContentsBag:
+        return parse_bags(bag->value.safes, pass, passlen,
+                          pkey, cert, ca, keyid, keymatch);
+        break;
+
+    default:
+        return 1;
+        break;
+    }
+    return 1;
 }
-
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
index 70bfef6e..b50f1b64 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_mutl.c
@@ -1,6 +1,7 @@
 /* p12_mutl.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -57,126 +58,130 @@
  */
 
 #ifndef OPENSSL_NO_HMAC
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/hmac.h>
-#include <openssl/rand.h>
-#include <openssl/pkcs12.h>
+# include <stdio.h>
+# include "cryptlib.h"
+# include <openssl/hmac.h>
+# include <openssl/rand.h>
+# include <openssl/pkcs12.h>
 
 /* Generate a MAC */
 int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
-		   unsigned char *mac, unsigned int *maclen)
+                   unsigned char *mac, unsigned int *maclen)
 {
-	const EVP_MD *md_type;
-	HMAC_CTX hmac;
-	unsigned char key[EVP_MAX_MD_SIZE], *salt;
-	int saltlen, iter;
+    const EVP_MD *md_type;
+    HMAC_CTX hmac;
+    unsigned char key[EVP_MAX_MD_SIZE], *salt;
+    int saltlen, iter;
 
-	if (!PKCS7_type_is_data(p12->authsafes))
-		{
-		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_CONTENT_TYPE_NOT_DATA);
-		return 0;
-		}
+    if (!PKCS7_type_is_data(p12->authsafes)) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_CONTENT_TYPE_NOT_DATA);
+        return 0;
+    }
 
-	salt = p12->mac->salt->data;
-	saltlen = p12->mac->salt->length;
-	if (!p12->mac->iter) iter = 1;
-	else iter = ASN1_INTEGER_get (p12->mac->iter);
-    	if(!(md_type =
-		 EVP_get_digestbyobj (p12->mac->dinfo->algor->algorithm))) {
-		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
-		return 0;
-	}
-	if(!PKCS12_key_gen (pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
-				 EVP_MD_size(md_type), key, md_type)) {
-		PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR);
-		return 0;
-	}
-	HMAC_CTX_init(&hmac);
-	HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL);
-    	HMAC_Update(&hmac, p12->authsafes->d.data->data,
-					 p12->authsafes->d.data->length);
-    	HMAC_Final(&hmac, mac, maclen);
-    	HMAC_CTX_cleanup(&hmac);
-	return 1;
+    salt = p12->mac->salt->data;
+    saltlen = p12->mac->salt->length;
+    if (!p12->mac->iter)
+        iter = 1;
+    else
+        iter = ASN1_INTEGER_get(p12->mac->iter);
+    if (!(md_type = EVP_get_digestbyobj(p12->mac->dinfo->algor->algorithm))) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
+        return 0;
+    }
+    if (!PKCS12_key_gen(pass, passlen, salt, saltlen, PKCS12_MAC_ID, iter,
+                        EVP_MD_size(md_type), key, md_type)) {
+        PKCS12err(PKCS12_F_PKCS12_GEN_MAC, PKCS12_R_KEY_GEN_ERROR);
+        return 0;
+    }
+    HMAC_CTX_init(&hmac);
+    HMAC_Init_ex(&hmac, key, EVP_MD_size(md_type), md_type, NULL);
+    HMAC_Update(&hmac, p12->authsafes->d.data->data,
+                p12->authsafes->d.data->length);
+    HMAC_Final(&hmac, mac, maclen);
+    HMAC_CTX_cleanup(&hmac);
+    return 1;
 }
 
 /* Verify the mac */
 int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
 {
-	unsigned char mac[EVP_MAX_MD_SIZE];
-	unsigned int maclen;
-	if(p12->mac == NULL) {
-		PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_ABSENT);
-		return 0;
-	}
-	if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
-		PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC,PKCS12_R_MAC_GENERATION_ERROR);
-		return 0;
-	}
-	if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
-	|| memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0;
-	return 1;
+    unsigned char mac[EVP_MAX_MD_SIZE];
+    unsigned int maclen;
+    if (p12->mac == NULL) {
+        PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_ABSENT);
+        return 0;
+    }
+    if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
+        PKCS12err(PKCS12_F_PKCS12_VERIFY_MAC, PKCS12_R_MAC_GENERATION_ERROR);
+        return 0;
+    }
+    if ((maclen != (unsigned int)p12->mac->dinfo->digest->length)
+        || memcmp(mac, p12->mac->dinfo->digest->data, maclen))
+        return 0;
+    return 1;
 }
 
 /* Set a mac */
 
 int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
-	     unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type)
+                   unsigned char *salt, int saltlen, int iter,
+                   const EVP_MD *md_type)
 {
-	unsigned char mac[EVP_MAX_MD_SIZE];
-	unsigned int maclen;
+    unsigned char mac[EVP_MAX_MD_SIZE];
+    unsigned int maclen;
 
-	if (!md_type) md_type = EVP_sha1();
-	if (PKCS12_setup_mac (p12, iter, salt, saltlen, md_type) ==
-				 	PKCS12_ERROR) {
-		PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_SETUP_ERROR);
-		return 0;
-	}
-	if (!PKCS12_gen_mac (p12, pass, passlen, mac, &maclen)) {
-		PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR);
-		return 0;
-	}
-	if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) {
-		PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR);
-						return 0;
-	}
-	return 1;
+    if (!md_type)
+        md_type = EVP_sha1();
+    if (PKCS12_setup_mac(p12, iter, salt, saltlen, md_type) == PKCS12_ERROR) {
+        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_SETUP_ERROR);
+        return 0;
+    }
+    if (!PKCS12_gen_mac(p12, pass, passlen, mac, &maclen)) {
+        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_GENERATION_ERROR);
+        return 0;
+    }
+    if (!(M_ASN1_OCTET_STRING_set(p12->mac->dinfo->digest, mac, maclen))) {
+        PKCS12err(PKCS12_F_PKCS12_SET_MAC, PKCS12_R_MAC_STRING_SET_ERROR);
+        return 0;
+    }
+    return 1;
 }
 
 /* Set up a mac structure */
 int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
-	     const EVP_MD *md_type)
+                     const EVP_MD *md_type)
 {
-	if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR;
-	if (iter > 1) {
-		if(!(p12->mac->iter = M_ASN1_INTEGER_new())) {
-			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
-			PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-	}
-	if (!saltlen) saltlen = PKCS12_SALT_LEN;
-	p12->mac->salt->length = saltlen;
-	if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) {
-		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	if (!salt) {
-		if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0)
-			return 0;
-	}
-	else memcpy (p12->mac->salt->data, salt, saltlen);
-	p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
-	if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
-		PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
-	
-	return 1;
+    if (!(p12->mac = PKCS12_MAC_DATA_new()))
+        return PKCS12_ERROR;
+    if (iter > 1) {
+        if (!(p12->mac->iter = M_ASN1_INTEGER_new())) {
+            PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!ASN1_INTEGER_set(p12->mac->iter, iter)) {
+            PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    if (!saltlen)
+        saltlen = PKCS12_SALT_LEN;
+    p12->mac->salt->length = saltlen;
+    if (!(p12->mac->salt->data = OPENSSL_malloc(saltlen))) {
+        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!salt) {
+        if (RAND_pseudo_bytes(p12->mac->salt->data, saltlen) < 0)
+            return 0;
+    } else
+        memcpy(p12->mac->salt->data, salt, saltlen);
+    p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type));
+    if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) {
+        PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p12->mac->dinfo->algor->parameter->type = V_ASN1_NULL;
+
+    return 1;
 }
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c
index 2f713551..a89b61ab 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_npas.c
@@ -1,6 +1,7 @@
 /* p12_npas.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -67,159 +68,168 @@
 
 static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass);
 static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
-			char *newpass);
+                        char *newpass);
 static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass);
 static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen);
 
-/* 
+/*
  * Change the password on a PKCS#12 structure.
  */
 
 int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass)
 {
-	/* Check for NULL PKCS12 structure */
-
-	if(!p12) {
-		PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_INVALID_NULL_PKCS12_POINTER);
-		return 0;
-	}
-
-	/* Check the mac */
-	
-	if (!PKCS12_verify_mac(p12, oldpass, -1)) {
-		PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_MAC_VERIFY_FAILURE);
-		return 0;
-	}
-
-	if (!newpass_p12(p12, oldpass, newpass)) {
-		PKCS12err(PKCS12_F_PKCS12_NEWPASS,PKCS12_R_PARSE_ERROR);
-		return 0;
-	}
-
-	return 1;
+    /* Check for NULL PKCS12 structure */
+
+    if (!p12) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS,
+                  PKCS12_R_INVALID_NULL_PKCS12_POINTER);
+        return 0;
+    }
+
+    /* Check the mac */
+
+    if (!PKCS12_verify_mac(p12, oldpass, -1)) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_MAC_VERIFY_FAILURE);
+        return 0;
+    }
+
+    if (!newpass_p12(p12, oldpass, newpass)) {
+        PKCS12err(PKCS12_F_PKCS12_NEWPASS, PKCS12_R_PARSE_ERROR);
+        return 0;
+    }
+
+    return 1;
 }
 
 /* Parse the outer PKCS#12 structure */
 
 static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass)
 {
-	STACK_OF(PKCS7) *asafes, *newsafes;
-	STACK_OF(PKCS12_SAFEBAG) *bags;
-	int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
-	PKCS7 *p7, *p7new;
-	ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
-	unsigned char mac[EVP_MAX_MD_SIZE];
-	unsigned int maclen;
-
-	if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0;
-	if(!(newsafes = sk_PKCS7_new_null())) return 0;
-	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
-		p7 = sk_PKCS7_value(asafes, i);
-		bagnid = OBJ_obj2nid(p7->type);
-		if (bagnid == NID_pkcs7_data) {
-			bags = PKCS12_unpack_p7data(p7);
-		} else if (bagnid == NID_pkcs7_encrypted) {
-			bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
-			if (!alg_get(p7->d.encrypted->enc_data->algorithm,
-				&pbe_nid, &pbe_iter, &pbe_saltlen))
-				{
-				sk_PKCS12_SAFEBAG_pop_free(bags,
-						PKCS12_SAFEBAG_free);
-				bags = NULL;
-				}
-		} else continue;
-		if (!bags) {
-			sk_PKCS7_pop_free(asafes, PKCS7_free);
-			return 0;
-		}
-	    	if (!newpass_bags(bags, oldpass, newpass)) {
-			sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-			sk_PKCS7_pop_free(asafes, PKCS7_free);
-			return 0;
-		}
-		/* Repack bag in same form with new password */
-		if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags);
-		else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
-						 pbe_saltlen, pbe_iter, bags);
-		sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
-		if(!p7new) {
-			sk_PKCS7_pop_free(asafes, PKCS7_free);
-			return 0;
-		}
-		sk_PKCS7_push(newsafes, p7new);
-	}
-	sk_PKCS7_pop_free(asafes, PKCS7_free);
-
-	/* Repack safe: save old safe in case of error */
-
-	p12_data_tmp = p12->authsafes->d.data;
-	if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr;
-	if(!PKCS12_pack_authsafes(p12, newsafes)) goto saferr;
-
-	if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr;
-	if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr;
-	if(!ASN1_OCTET_STRING_set(macnew, mac, maclen)) goto saferr;
-	ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
-	p12->mac->dinfo->digest = macnew;
-	ASN1_OCTET_STRING_free(p12_data_tmp);
-
-	return 1;
-
-	saferr:
-	/* Restore old safe */
-	ASN1_OCTET_STRING_free(p12->authsafes->d.data);
-	ASN1_OCTET_STRING_free(macnew);
-	p12->authsafes->d.data = p12_data_tmp;
-	return 0;
+    STACK_OF(PKCS7) *asafes, *newsafes;
+    STACK_OF(PKCS12_SAFEBAG) *bags;
+    int i, bagnid, pbe_nid = 0, pbe_iter = 0, pbe_saltlen = 0;
+    PKCS7 *p7, *p7new;
+    ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL;
+    unsigned char mac[EVP_MAX_MD_SIZE];
+    unsigned int maclen;
+
+    if (!(asafes = PKCS12_unpack_authsafes(p12)))
+        return 0;
+    if (!(newsafes = sk_PKCS7_new_null()))
+        return 0;
+    for (i = 0; i < sk_PKCS7_num(asafes); i++) {
+        p7 = sk_PKCS7_value(asafes, i);
+        bagnid = OBJ_obj2nid(p7->type);
+        if (bagnid == NID_pkcs7_data) {
+            bags = PKCS12_unpack_p7data(p7);
+        } else if (bagnid == NID_pkcs7_encrypted) {
+            bags = PKCS12_unpack_p7encdata(p7, oldpass, -1);
+            if (!alg_get(p7->d.encrypted->enc_data->algorithm,
+                         &pbe_nid, &pbe_iter, &pbe_saltlen)) {
+                sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+                bags = NULL;
+            }
+        } else
+            continue;
+        if (!bags) {
+            sk_PKCS7_pop_free(asafes, PKCS7_free);
+            return 0;
+        }
+        if (!newpass_bags(bags, oldpass, newpass)) {
+            sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+            sk_PKCS7_pop_free(asafes, PKCS7_free);
+            return 0;
+        }
+        /* Repack bag in same form with new password */
+        if (bagnid == NID_pkcs7_data)
+            p7new = PKCS12_pack_p7data(bags);
+        else
+            p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL,
+                                          pbe_saltlen, pbe_iter, bags);
+        sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+        if (!p7new) {
+            sk_PKCS7_pop_free(asafes, PKCS7_free);
+            return 0;
+        }
+        sk_PKCS7_push(newsafes, p7new);
+    }
+    sk_PKCS7_pop_free(asafes, PKCS7_free);
+
+    /* Repack safe: save old safe in case of error */
+
+    p12_data_tmp = p12->authsafes->d.data;
+    if (!(p12->authsafes->d.data = ASN1_OCTET_STRING_new()))
+        goto saferr;
+    if (!PKCS12_pack_authsafes(p12, newsafes))
+        goto saferr;
+
+    if (!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen))
+        goto saferr;
+    if (!(macnew = ASN1_OCTET_STRING_new()))
+        goto saferr;
+    if (!ASN1_OCTET_STRING_set(macnew, mac, maclen))
+        goto saferr;
+    ASN1_OCTET_STRING_free(p12->mac->dinfo->digest);
+    p12->mac->dinfo->digest = macnew;
+    ASN1_OCTET_STRING_free(p12_data_tmp);
+
+    return 1;
+
+ saferr:
+    /* Restore old safe */
+    ASN1_OCTET_STRING_free(p12->authsafes->d.data);
+    ASN1_OCTET_STRING_free(macnew);
+    p12->authsafes->d.data = p12_data_tmp;
+    return 0;
 
 }
 
-
 static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass,
-			char *newpass)
+                        char *newpass)
 {
-	int i;
-	for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
-		if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i),
-				 oldpass, newpass))
-		    return 0;
-	}
-	return 1;
+    int i;
+    for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) {
+        if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), oldpass, newpass))
+            return 0;
+    }
+    return 1;
 }
 
 /* Change password of safebag: only needs handle shrouded keybags */
 
 static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass)
 {
-	PKCS8_PRIV_KEY_INFO *p8;
-	X509_SIG *p8new;
-	int p8_nid, p8_saltlen, p8_iter;
-
-	if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1;
-
-	if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0;
-	if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter,
-							&p8_saltlen))
-		return 0;
-	if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
-						     p8_iter, p8))) return 0;
-	X509_SIG_free(bag->value.shkeybag);
-	bag->value.shkeybag = p8new;
-	return 1;
+    PKCS8_PRIV_KEY_INFO *p8;
+    X509_SIG *p8new;
+    int p8_nid, p8_saltlen, p8_iter;
+
+    if (M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag)
+        return 1;
+
+    if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1)))
+        return 0;
+    if (!alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen))
+        return 0;
+    if (!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen,
+                                p8_iter, p8)))
+        return 0;
+    X509_SIG_free(bag->value.shkeybag);
+    bag->value.shkeybag = p8new;
+    return 1;
 }
 
 static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen)
 {
-        PBEPARAM *pbe;
-        const unsigned char *p;
-
-        p = alg->parameter->value.sequence->data;
-        pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
-	if (!pbe)
-		return 0;
-        *pnid = OBJ_obj2nid(alg->algorithm);
-	*piter = ASN1_INTEGER_get(pbe->iter);
-	*psaltlen = pbe->salt->length;
-        PBEPARAM_free(pbe);
-        return 1;
+    PBEPARAM *pbe;
+    const unsigned char *p;
+
+    p = alg->parameter->value.sequence->data;
+    pbe = d2i_PBEPARAM(NULL, &p, alg->parameter->value.sequence->length);
+    if (!pbe)
+        return 0;
+    *pnid = OBJ_obj2nid(alg->algorithm);
+    *piter = ASN1_INTEGER_get(pbe->iter);
+    *psaltlen = pbe->salt->length;
+    PBEPARAM_free(pbe);
+    return 1;
 }
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c
index deba81e4..3cc7a9f4 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8d.c
@@ -1,6 +1,7 @@
 /* p12_p8d.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,9 +61,10 @@
 #include "cryptlib.h"
 #include <openssl/pkcs12.h>
 
-PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen)
+PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass,
+                                   int passlen)
 {
-	return PKCS12_item_decrypt_d2i(p8->algor, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
-					passlen, p8->digest, 1);
+    return PKCS12_item_decrypt_d2i(p8->algor,
+                                   ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO), pass,
+                                   passlen, p8->digest, 1);
 }
-
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c
index bf20a77b..d970f054 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_p8e.c
@@ -1,6 +1,7 @@
 /* p12_p8e.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,37 +62,40 @@
 #include <openssl/pkcs12.h>
 
 X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher,
-			 const char *pass, int passlen,
-			 unsigned char *salt, int saltlen, int iter,
-						PKCS8_PRIV_KEY_INFO *p8inf)
+                        const char *pass, int passlen,
+                        unsigned char *salt, int saltlen, int iter,
+                        PKCS8_PRIV_KEY_INFO *p8inf)
 {
-	X509_SIG *p8 = NULL;
-	X509_ALGOR *pbe;
+    X509_SIG *p8 = NULL;
+    X509_ALGOR *pbe;
 
-	if (!(p8 = X509_SIG_new())) {
-		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
+    if (!(p8 = X509_SIG_new())) {
+        PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
-	if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
-	else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
-	if(!pbe) {
-		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
-		goto err;
-	}
-	X509_ALGOR_free(p8->algor);
-	p8->algor = pbe;
-	M_ASN1_OCTET_STRING_free(p8->digest);
-	p8->digest = PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
-					pass, passlen, p8inf, 1);
-	if(!p8->digest) {
-		PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
-		goto err;
-	}
+    if (pbe_nid == -1)
+        pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen);
+    else
+        pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen);
+    if (!pbe) {
+        PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_ASN1_LIB);
+        goto err;
+    }
+    X509_ALGOR_free(p8->algor);
+    p8->algor = pbe;
+    M_ASN1_OCTET_STRING_free(p8->digest);
+    p8->digest =
+        PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS8_PRIV_KEY_INFO),
+                                pass, passlen, p8inf, 1);
+    if (!p8->digest) {
+        PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR);
+        goto err;
+    }
 
-	return p8;
+    return p8;
 
-	err:
-	X509_SIG_free(p8);
-	return NULL;
+ err:
+    X509_SIG_free(p8);
+    return NULL;
 }
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c
index 2edbf905..fc53cf04 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/p12_utl.c
@@ -1,6 +1,7 @@
 /* p12_utl.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,91 +63,105 @@
 
 #ifdef OPENSSL_SYS_NETWARE
 /* Rename these functions to avoid name clashes on NetWare OS */
-#define uni2asc OPENSSL_uni2asc
-#define asc2uni OPENSSL_asc2uni
+# define uni2asc OPENSSL_uni2asc
+# define asc2uni OPENSSL_asc2uni
 #endif
 
 /* Cheap and nasty Unicode stuff */
 
-unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen)
+unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni,
+                       int *unilen)
 {
-	int ulen, i;
-	unsigned char *unitmp;
-	if (asclen == -1) asclen = strlen(asc);
-	ulen = asclen*2  + 2;
-	if (!(unitmp = OPENSSL_malloc(ulen))) return NULL;
-	for (i = 0; i < ulen - 2; i+=2) {
-		unitmp[i] = 0;
-		unitmp[i + 1] = asc[i>>1];
-	}
-	/* Make result double null terminated */
-	unitmp[ulen - 2] = 0;
-	unitmp[ulen - 1] = 0;
-	if (unilen) *unilen = ulen;
-	if (uni) *uni = unitmp;
-	return unitmp;
+    int ulen, i;
+    unsigned char *unitmp;
+    if (asclen == -1)
+        asclen = strlen(asc);
+    ulen = asclen * 2 + 2;
+    if (!(unitmp = OPENSSL_malloc(ulen)))
+        return NULL;
+    for (i = 0; i < ulen - 2; i += 2) {
+        unitmp[i] = 0;
+        unitmp[i + 1] = asc[i >> 1];
+    }
+    /* Make result double null terminated */
+    unitmp[ulen - 2] = 0;
+    unitmp[ulen - 1] = 0;
+    if (unilen)
+        *unilen = ulen;
+    if (uni)
+        *uni = unitmp;
+    return unitmp;
 }
 
 char *uni2asc(unsigned char *uni, int unilen)
 {
-	int asclen, i;
-	char *asctmp;
-	asclen = unilen / 2;
-	/* If no terminating zero allow for one */
-	if (!unilen || uni[unilen - 1]) asclen++;
-	uni++;
-	if (!(asctmp = OPENSSL_malloc(asclen))) return NULL;
-	for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i];
-	asctmp[asclen - 1] = 0;
-	return asctmp;
+    int asclen, i;
+    char *asctmp;
+    asclen = unilen / 2;
+    /* If no terminating zero allow for one */
+    if (!unilen || uni[unilen - 1])
+        asclen++;
+    uni++;
+    if (!(asctmp = OPENSSL_malloc(asclen)))
+        return NULL;
+    for (i = 0; i < unilen; i += 2)
+        asctmp[i >> 1] = uni[i];
+    asctmp[asclen - 1] = 0;
+    return asctmp;
 }
 
 int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12)
 {
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
 }
 
 #ifndef OPENSSL_NO_FP_API
 int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12)
 {
-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
 }
 #endif
 
 PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12)
 {
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12);
 }
+
 #ifndef OPENSSL_NO_FP_API
 PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12)
 {
-        return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12);
 }
 #endif
 
 PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509)
 {
-	return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
-			NID_x509Certificate, NID_certBag);
+    return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509),
+                                    NID_x509Certificate, NID_certBag);
 }
 
 PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl)
 {
-	return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
-			NID_x509Crl, NID_crlBag);
+    return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL),
+                                    NID_x509Crl, NID_crlBag);
 }
 
 X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag)
 {
-	if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL;
-	if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL;
-	return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509));
+    if (M_PKCS12_bag_type(bag) != NID_certBag)
+        return NULL;
+    if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate)
+        return NULL;
+    return ASN1_item_unpack(bag->value.bag->value.octet,
+                            ASN1_ITEM_rptr(X509));
 }
 
 X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag)
 {
-	if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL;
-	if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL;
-	return ASN1_item_unpack(bag->value.bag->value.octet,
-							ASN1_ITEM_rptr(X509_CRL));
+    if (M_PKCS12_bag_type(bag) != NID_crlBag)
+        return NULL;
+    if (M_PKCS12_cert_bag_type(bag) != NID_x509Crl)
+        return NULL;
+    return ASN1_item_unpack(bag->value.bag->value.octet,
+                            ASN1_ITEM_rptr(X509_CRL));
 }
diff --git a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c
index 07a1fb69..799f8387 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs12/pk12err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,80 +66,84 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS12,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS12,0,reason)
 
-static ERR_STRING_DATA PKCS12_str_functs[]=
-	{
-{ERR_FUNC(PKCS12_F_PARSE_BAG),	"PARSE_BAG"},
-{ERR_FUNC(PKCS12_F_PARSE_BAGS),	"PARSE_BAGS"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME),	"PKCS12_ADD_FRIENDLYNAME"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC),	"PKCS12_add_friendlyname_asc"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI),	"PKCS12_add_friendlyname_uni"},
-{ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID),	"PKCS12_add_localkeyid"},
-{ERR_FUNC(PKCS12_F_PKCS12_CREATE),	"PKCS12_create"},
-{ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC),	"PKCS12_gen_mac"},
-{ERR_FUNC(PKCS12_F_PKCS12_INIT),	"PKCS12_init"},
-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I),	"PKCS12_item_decrypt_d2i"},
-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT),	"PKCS12_item_i2d_encrypt"},
-{ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG),	"PKCS12_item_pack_safebag"},
-{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC),	"PKCS12_key_gen_asc"},
-{ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI),	"PKCS12_key_gen_uni"},
-{ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG),	"PKCS12_MAKE_KEYBAG"},
-{ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG),	"PKCS12_MAKE_SHKEYBAG"},
-{ERR_FUNC(PKCS12_F_PKCS12_NEWPASS),	"PKCS12_newpass"},
-{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA),	"PKCS12_pack_p7data"},
-{ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA),	"PKCS12_pack_p7encdata"},
-{ERR_FUNC(PKCS12_F_PKCS12_PARSE),	"PKCS12_parse"},
-{ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT),	"PKCS12_pbe_crypt"},
-{ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN),	"PKCS12_PBE_keyivgen"},
-{ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC),	"PKCS12_setup_mac"},
-{ERR_FUNC(PKCS12_F_PKCS12_SET_MAC),	"PKCS12_set_mac"},
-{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES),	"PKCS12_unpack_authsafes"},
-{ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA),	"PKCS12_unpack_p7data"},
-{ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC),	"PKCS12_verify_mac"},
-{ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE),	"PKCS8_add_keyusage"},
-{ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT),	"PKCS8_encrypt"},
-{0,NULL}
-	};
+static ERR_STRING_DATA PKCS12_str_functs[] = {
+    {ERR_FUNC(PKCS12_F_PARSE_BAG), "PARSE_BAG"},
+    {ERR_FUNC(PKCS12_F_PARSE_BAGS), "PARSE_BAGS"},
+    {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME), "PKCS12_ADD_FRIENDLYNAME"},
+    {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC),
+     "PKCS12_add_friendlyname_asc"},
+    {ERR_FUNC(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI),
+     "PKCS12_add_friendlyname_uni"},
+    {ERR_FUNC(PKCS12_F_PKCS12_ADD_LOCALKEYID), "PKCS12_add_localkeyid"},
+    {ERR_FUNC(PKCS12_F_PKCS12_CREATE), "PKCS12_create"},
+    {ERR_FUNC(PKCS12_F_PKCS12_GEN_MAC), "PKCS12_gen_mac"},
+    {ERR_FUNC(PKCS12_F_PKCS12_INIT), "PKCS12_init"},
+    {ERR_FUNC(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I), "PKCS12_item_decrypt_d2i"},
+    {ERR_FUNC(PKCS12_F_PKCS12_ITEM_I2D_ENCRYPT), "PKCS12_item_i2d_encrypt"},
+    {ERR_FUNC(PKCS12_F_PKCS12_ITEM_PACK_SAFEBAG), "PKCS12_item_pack_safebag"},
+    {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_ASC), "PKCS12_key_gen_asc"},
+    {ERR_FUNC(PKCS12_F_PKCS12_KEY_GEN_UNI), "PKCS12_key_gen_uni"},
+    {ERR_FUNC(PKCS12_F_PKCS12_MAKE_KEYBAG), "PKCS12_MAKE_KEYBAG"},
+    {ERR_FUNC(PKCS12_F_PKCS12_MAKE_SHKEYBAG), "PKCS12_MAKE_SHKEYBAG"},
+    {ERR_FUNC(PKCS12_F_PKCS12_NEWPASS), "PKCS12_newpass"},
+    {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7DATA), "PKCS12_pack_p7data"},
+    {ERR_FUNC(PKCS12_F_PKCS12_PACK_P7ENCDATA), "PKCS12_pack_p7encdata"},
+    {ERR_FUNC(PKCS12_F_PKCS12_PARSE), "PKCS12_parse"},
+    {ERR_FUNC(PKCS12_F_PKCS12_PBE_CRYPT), "PKCS12_pbe_crypt"},
+    {ERR_FUNC(PKCS12_F_PKCS12_PBE_KEYIVGEN), "PKCS12_PBE_keyivgen"},
+    {ERR_FUNC(PKCS12_F_PKCS12_SETUP_MAC), "PKCS12_setup_mac"},
+    {ERR_FUNC(PKCS12_F_PKCS12_SET_MAC), "PKCS12_set_mac"},
+    {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_AUTHSAFES), "PKCS12_unpack_authsafes"},
+    {ERR_FUNC(PKCS12_F_PKCS12_UNPACK_P7DATA), "PKCS12_unpack_p7data"},
+    {ERR_FUNC(PKCS12_F_PKCS12_VERIFY_MAC), "PKCS12_verify_mac"},
+    {ERR_FUNC(PKCS12_F_PKCS8_ADD_KEYUSAGE), "PKCS8_add_keyusage"},
+    {ERR_FUNC(PKCS12_F_PKCS8_ENCRYPT), "PKCS8_encrypt"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA PKCS12_str_reasons[]=
-	{
-{ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE),"cant pack structure"},
-{ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA),"content type not data"},
-{ERR_REASON(PKCS12_R_DECODE_ERROR)       ,"decode error"},
-{ERR_REASON(PKCS12_R_ENCODE_ERROR)       ,"encode error"},
-{ERR_REASON(PKCS12_R_ENCRYPT_ERROR)      ,"encrypt error"},
-{ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),"error setting encrypted data type"},
-{ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
-{ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),"invalid null pkcs12 pointer"},
-{ERR_REASON(PKCS12_R_IV_GEN_ERROR)       ,"iv gen error"},
-{ERR_REASON(PKCS12_R_KEY_GEN_ERROR)      ,"key gen error"},
-{ERR_REASON(PKCS12_R_MAC_ABSENT)         ,"mac absent"},
-{ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR),"mac generation error"},
-{ERR_REASON(PKCS12_R_MAC_SETUP_ERROR)    ,"mac setup error"},
-{ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR),"mac string set error"},
-{ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR)   ,"mac verify error"},
-{ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE) ,"mac verify failure"},
-{ERR_REASON(PKCS12_R_PARSE_ERROR)        ,"parse error"},
-{ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),"pkcs12 algor cipherinit error"},
-{ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),"pkcs12 cipherfinal error"},
-{ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR),"pkcs12 pbe crypt error"},
-{ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),"unknown digest algorithm"},
-{ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE),"unsupported pkcs12 mode"},
-{0,NULL}
-	};
+static ERR_STRING_DATA PKCS12_str_reasons[] = {
+    {ERR_REASON(PKCS12_R_CANT_PACK_STRUCTURE), "cant pack structure"},
+    {ERR_REASON(PKCS12_R_CONTENT_TYPE_NOT_DATA), "content type not data"},
+    {ERR_REASON(PKCS12_R_DECODE_ERROR), "decode error"},
+    {ERR_REASON(PKCS12_R_ENCODE_ERROR), "encode error"},
+    {ERR_REASON(PKCS12_R_ENCRYPT_ERROR), "encrypt error"},
+    {ERR_REASON(PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE),
+     "error setting encrypted data type"},
+    {ERR_REASON(PKCS12_R_INVALID_NULL_ARGUMENT), "invalid null argument"},
+    {ERR_REASON(PKCS12_R_INVALID_NULL_PKCS12_POINTER),
+     "invalid null pkcs12 pointer"},
+    {ERR_REASON(PKCS12_R_IV_GEN_ERROR), "iv gen error"},
+    {ERR_REASON(PKCS12_R_KEY_GEN_ERROR), "key gen error"},
+    {ERR_REASON(PKCS12_R_MAC_ABSENT), "mac absent"},
+    {ERR_REASON(PKCS12_R_MAC_GENERATION_ERROR), "mac generation error"},
+    {ERR_REASON(PKCS12_R_MAC_SETUP_ERROR), "mac setup error"},
+    {ERR_REASON(PKCS12_R_MAC_STRING_SET_ERROR), "mac string set error"},
+    {ERR_REASON(PKCS12_R_MAC_VERIFY_ERROR), "mac verify error"},
+    {ERR_REASON(PKCS12_R_MAC_VERIFY_FAILURE), "mac verify failure"},
+    {ERR_REASON(PKCS12_R_PARSE_ERROR), "parse error"},
+    {ERR_REASON(PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR),
+     "pkcs12 algor cipherinit error"},
+    {ERR_REASON(PKCS12_R_PKCS12_CIPHERFINAL_ERROR),
+     "pkcs12 cipherfinal error"},
+    {ERR_REASON(PKCS12_R_PKCS12_PBE_CRYPT_ERROR), "pkcs12 pbe crypt error"},
+    {ERR_REASON(PKCS12_R_UNKNOWN_DIGEST_ALGORITHM),
+     "unknown digest algorithm"},
+    {ERR_REASON(PKCS12_R_UNSUPPORTED_PKCS12_MODE), "unsupported pkcs12 mode"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_PKCS12_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,PKCS12_str_functs);
-		ERR_load_strings(0,PKCS12_str_reasons);
-		}
+    if (ERR_func_error_string(PKCS12_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, PKCS12_str_functs);
+        ERR_load_strings(0, PKCS12_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c
index 1f70d313..0e4e69dc 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_asn1.c
@@ -1,6 +1,7 @@
 /* pk7_asn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -69,17 +70,17 @@
 ASN1_ADB_TEMPLATE(p7default) = ASN1_EXP_OPT(PKCS7, d.other, ASN1_ANY, 0);
 
 ASN1_ADB(PKCS7) = {
-	ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),
-	ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
-	ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
-	ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
-	ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
-	ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
+        ADB_ENTRY(NID_pkcs7_data, ASN1_NDEF_EXP_OPT(PKCS7, d.data, ASN1_OCTET_STRING_NDEF, 0)),
+        ADB_ENTRY(NID_pkcs7_signed, ASN1_NDEF_EXP_OPT(PKCS7, d.sign, PKCS7_SIGNED, 0)),
+        ADB_ENTRY(NID_pkcs7_enveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.enveloped, PKCS7_ENVELOPE, 0)),
+        ADB_ENTRY(NID_pkcs7_signedAndEnveloped, ASN1_NDEF_EXP_OPT(PKCS7, d.signed_and_enveloped, PKCS7_SIGN_ENVELOPE, 0)),
+        ADB_ENTRY(NID_pkcs7_digest, ASN1_NDEF_EXP_OPT(PKCS7, d.digest, PKCS7_DIGEST, 0)),
+        ADB_ENTRY(NID_pkcs7_encrypted, ASN1_NDEF_EXP_OPT(PKCS7, d.encrypted, PKCS7_ENCRYPT, 0))
 } ASN1_ADB_END(PKCS7, 0, type, 0, &p7default_tt, NULL);
 
 ASN1_NDEF_SEQUENCE(PKCS7) = {
-	ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
-	ASN1_ADB_OBJECT(PKCS7)
+        ASN1_SIMPLE(PKCS7, type, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(PKCS7)
 }ASN1_NDEF_SEQUENCE_END(PKCS7)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7)
@@ -87,12 +88,12 @@ IMPLEMENT_ASN1_NDEF_FUNCTION(PKCS7)
 IMPLEMENT_ASN1_DUP_FUNCTION(PKCS7)
 
 ASN1_NDEF_SEQUENCE(PKCS7_SIGNED) = {
-	ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
-	ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),
-	ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),
-	ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
-	ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),
-	ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)
+        ASN1_SIMPLE(PKCS7_SIGNED, version, ASN1_INTEGER),
+        ASN1_SET_OF(PKCS7_SIGNED, md_algs, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_SIGNED, contents, PKCS7),
+        ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNED, cert, X509, 0),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGNED, crl, X509_CRL, 1),
+        ASN1_SET_OF(PKCS7_SIGNED, signer_info, PKCS7_SIGNER_INFO)
 } ASN1_NDEF_SEQUENCE_END(PKCS7_SIGNED)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
@@ -100,41 +101,41 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNED)
 /* Minor tweak to operation: free up EVP_PKEY */
 static int si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	if(operation == ASN1_OP_FREE_POST) {
-		PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
-		EVP_PKEY_free(si->pkey);
-	}
-	return 1;
+    if (operation == ASN1_OP_FREE_POST) {
+        PKCS7_SIGNER_INFO *si = (PKCS7_SIGNER_INFO *)*pval;
+        EVP_PKEY_free(si->pkey);
+    }
+    return 1;
 }
 
 ASN1_SEQUENCE_cb(PKCS7_SIGNER_INFO, si_cb) = {
-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
-	/* NB this should be a SET OF but we use a SEQUENCE OF so the
-	 * original order * is retained when the structure is reencoded.
-	 * Since the attributes are implicitly tagged this will not affect
-	 * the encoding.
-	 */
-	ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0),
-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
-	ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
-	ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_alg, X509_ALGOR),
+        /* NB this should be a SET OF but we use a SEQUENCE OF so the
+         * original order * is retained when the structure is reencoded.
+         * Since the attributes are implicitly tagged this will not affect
+         * the encoding.
+         */
+        ASN1_IMP_SEQUENCE_OF_OPT(PKCS7_SIGNER_INFO, auth_attr, X509_ATTRIBUTE, 0),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, digest_enc_alg, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_SIGNER_INFO, enc_digest, ASN1_OCTET_STRING),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGNER_INFO, unauth_attr, X509_ATTRIBUTE, 1)
 } ASN1_SEQUENCE_END_cb(PKCS7_SIGNER_INFO, PKCS7_SIGNER_INFO)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO)
 
 ASN1_SEQUENCE(PKCS7_ISSUER_AND_SERIAL) = {
-	ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME),
-	ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER)
+        ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, issuer, X509_NAME),
+        ASN1_SIMPLE(PKCS7_ISSUER_AND_SERIAL, serial, ASN1_INTEGER)
 } ASN1_SEQUENCE_END(PKCS7_ISSUER_AND_SERIAL)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL)
 
 ASN1_NDEF_SEQUENCE(PKCS7_ENVELOPE) = {
-	ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),
-	ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
-	ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)
+        ASN1_SIMPLE(PKCS7_ENVELOPE, version, ASN1_INTEGER),
+        ASN1_SET_OF(PKCS7_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+        ASN1_SIMPLE(PKCS7_ENVELOPE, enc_data, PKCS7_ENC_CONTENT)
 } ASN1_NDEF_SEQUENCE_END(PKCS7_ENVELOPE)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
@@ -142,73 +143,75 @@ IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENVELOPE)
 /* Minor tweak to operation: free up X509 */
 static int ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	if(operation == ASN1_OP_FREE_POST) {
-		PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
-		X509_free(ri->cert);
-	}
-	return 1;
+    if (operation == ASN1_OP_FREE_POST) {
+        PKCS7_RECIP_INFO *ri = (PKCS7_RECIP_INFO *)*pval;
+        X509_free(ri->cert);
+    }
+    return 1;
 }
 
 ASN1_SEQUENCE_cb(PKCS7_RECIP_INFO, ri_cb) = {
-	ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
-	ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
-	ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
-	ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, issuer_and_serial, PKCS7_ISSUER_AND_SERIAL),
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, key_enc_algor, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_RECIP_INFO, enc_key, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END_cb(PKCS7_RECIP_INFO, PKCS7_RECIP_INFO)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_RECIP_INFO)
 
 ASN1_NDEF_SEQUENCE(PKCS7_ENC_CONTENT) = {
-	ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
-	ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
-	ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0)
+        ASN1_SIMPLE(PKCS7_ENC_CONTENT, content_type, ASN1_OBJECT),
+        ASN1_SIMPLE(PKCS7_ENC_CONTENT, algorithm, X509_ALGOR),
+        ASN1_IMP_OPT(PKCS7_ENC_CONTENT, enc_data, ASN1_OCTET_STRING, 0)
 } ASN1_NDEF_SEQUENCE_END(PKCS7_ENC_CONTENT)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT)
 
 ASN1_NDEF_SEQUENCE(PKCS7_SIGN_ENVELOPE) = {
-	ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),
-	ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
-	ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),
-	ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT),
-	ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),
-	ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),
-	ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)
+        ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, version, ASN1_INTEGER),
+        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, recipientinfo, PKCS7_RECIP_INFO),
+        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, md_algs, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_SIGN_ENVELOPE, enc_data, PKCS7_ENC_CONTENT),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, cert, X509, 0),
+        ASN1_IMP_SET_OF_OPT(PKCS7_SIGN_ENVELOPE, crl, X509_CRL, 1),
+        ASN1_SET_OF(PKCS7_SIGN_ENVELOPE, signer_info, PKCS7_SIGNER_INFO)
 } ASN1_NDEF_SEQUENCE_END(PKCS7_SIGN_ENVELOPE)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE)
 
 ASN1_NDEF_SEQUENCE(PKCS7_ENCRYPT) = {
-	ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),
-	ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)
+        ASN1_SIMPLE(PKCS7_ENCRYPT, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_ENCRYPT, enc_data, PKCS7_ENC_CONTENT)
 } ASN1_NDEF_SEQUENCE_END(PKCS7_ENCRYPT)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_ENCRYPT)
 
 ASN1_NDEF_SEQUENCE(PKCS7_DIGEST) = {
-	ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),
-	ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),
-	ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),
-	ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)
+        ASN1_SIMPLE(PKCS7_DIGEST, version, ASN1_INTEGER),
+        ASN1_SIMPLE(PKCS7_DIGEST, md, X509_ALGOR),
+        ASN1_SIMPLE(PKCS7_DIGEST, contents, PKCS7),
+        ASN1_SIMPLE(PKCS7_DIGEST, digest, ASN1_OCTET_STRING)
 } ASN1_NDEF_SEQUENCE_END(PKCS7_DIGEST)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKCS7_DIGEST)
 
 /* Specials for authenticated attributes */
 
-/* When signing attributes we want to reorder them to match the sorted
+/*
+ * When signing attributes we want to reorder them to match the sorted
  * encoding.
  */
 
-ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_SIGN) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_ORDER, 0, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
 ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_SIGN)
 
-/* When verifying attributes we need to use the received order. So 
- * we use SEQUENCE OF and tag it to SET OF
+/*
+ * When verifying attributes we need to use the received order. So we use
+ * SEQUENCE OF and tag it to SET OF
  */
 
-ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
-				V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
+ASN1_ITEM_TEMPLATE(PKCS7_ATTR_VERIFY) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_IMPTAG | ASN1_TFLG_UNIVERSAL,
+                                V_ASN1_SET, PKCS7_ATTRIBUTES, X509_ATTRIBUTE)
 ASN1_ITEM_TEMPLATE_END(PKCS7_ATTR_VERIFY)
diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c
index d5497171..1fd65b51 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_attr.c
@@ -1,6 +1,7 @@
 /* pk7_attr.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 2001-2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -65,77 +66,78 @@
 #include <openssl/x509.h>
 #include <openssl/err.h>
 
-int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap)
+int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
+                              STACK_OF(X509_ALGOR) *cap)
 {
-	ASN1_STRING *seq;
-	unsigned char *p, *pp;
-	int len;
-	len=i2d_ASN1_SET_OF_X509_ALGOR(cap,NULL,i2d_X509_ALGOR,
-				       V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL,
-				       IS_SEQUENCE);
-	if(!(pp=(unsigned char *)OPENSSL_malloc(len))) {
-		PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	p=pp;
-	i2d_ASN1_SET_OF_X509_ALGOR(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE,
-				   V_ASN1_UNIVERSAL, IS_SEQUENCE);
-	if(!(seq = ASN1_STRING_new())) {
-		PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	if(!ASN1_STRING_set (seq, pp, len)) {
-		PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	OPENSSL_free (pp);
-        return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
-							V_ASN1_SEQUENCE, seq);
+    ASN1_STRING *seq;
+    unsigned char *p, *pp;
+    int len;
+    len = i2d_ASN1_SET_OF_X509_ALGOR(cap, NULL, i2d_X509_ALGOR,
+                                     V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
+                                     IS_SEQUENCE);
+    if (!(pp = (unsigned char *)OPENSSL_malloc(len))) {
+        PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    p = pp;
+    i2d_ASN1_SET_OF_X509_ALGOR(cap, &p, i2d_X509_ALGOR, V_ASN1_SEQUENCE,
+                               V_ASN1_UNIVERSAL, IS_SEQUENCE);
+    if (!(seq = ASN1_STRING_new())) {
+        PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!ASN1_STRING_set(seq, pp, len)) {
+        PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    OPENSSL_free(pp);
+    return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities,
+                                      V_ASN1_SEQUENCE, seq);
 }
 
 STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si)
-	{
-	ASN1_TYPE *cap;
-	const unsigned char *p;
+{
+    ASN1_TYPE *cap;
+    const unsigned char *p;
 
-	cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
-	if (!cap || (cap->type != V_ASN1_SEQUENCE))
-		return NULL;
-	p = cap->value.sequence->data;
-	return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p,
-					  cap->value.sequence->length,
-					  d2i_X509_ALGOR, X509_ALGOR_free,
-					  V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
-	}
+    cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities);
+    if (!cap || (cap->type != V_ASN1_SEQUENCE))
+        return NULL;
+    p = cap->value.sequence->data;
+    return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p,
+                                      cap->value.sequence->length,
+                                      d2i_X509_ALGOR, X509_ALGOR_free,
+                                      V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
 
 /* Basic smime-capabilities OID and optional integer arg */
 int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg)
 {
-	X509_ALGOR *alg;
+    X509_ALGOR *alg;
 
-	if(!(alg = X509_ALGOR_new())) {
-		PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	ASN1_OBJECT_free(alg->algorithm);
-	alg->algorithm = OBJ_nid2obj (nid);
-	if (arg > 0) {
-		ASN1_INTEGER *nbit;
-		if(!(alg->parameter = ASN1_TYPE_new())) {
-			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		if(!(nbit = ASN1_INTEGER_new())) {
-			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		if(!ASN1_INTEGER_set (nbit, arg)) {
-			PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		alg->parameter->value.integer = nbit;
-		alg->parameter->type = V_ASN1_INTEGER;
-	}
-	sk_X509_ALGOR_push (sk, alg);
-	return 1;
+    if (!(alg = X509_ALGOR_new())) {
+        PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    ASN1_OBJECT_free(alg->algorithm);
+    alg->algorithm = OBJ_nid2obj(nid);
+    if (arg > 0) {
+        ASN1_INTEGER *nbit;
+        if (!(alg->parameter = ASN1_TYPE_new())) {
+            PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!(nbit = ASN1_INTEGER_new())) {
+            PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!ASN1_INTEGER_set(nbit, arg)) {
+            PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        alg->parameter->value.integer = nbit;
+        alg->parameter->type = V_ASN1_INTEGER;
+    }
+    sk_X509_ALGOR_push(sk, alg);
+    return 1;
 }
diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c
index 8b3024e7..db134ddc 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_doit.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -65,1113 +65,1104 @@
 #include <openssl/err.h>
 
 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
-			 void *value);
+                         void *value);
 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
 
-static int PKCS7_type_is_other(PKCS7* p7)
-	{
-	int isOther=1;
-	
-	int nid=OBJ_obj2nid(p7->type);
-
-	switch( nid )
-		{
-	case NID_pkcs7_data:
-	case NID_pkcs7_signed:
-	case NID_pkcs7_enveloped:
-	case NID_pkcs7_signedAndEnveloped:
-	case NID_pkcs7_digest:
-	case NID_pkcs7_encrypted:
-		isOther=0;
-		break;
-	default:
-		isOther=1;
-		}
-
-	return isOther;
-
-	}
+static int PKCS7_type_is_other(PKCS7 *p7)
+{
+    int isOther = 1;
+
+    int nid = OBJ_obj2nid(p7->type);
+
+    switch (nid) {
+    case NID_pkcs7_data:
+    case NID_pkcs7_signed:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_signedAndEnveloped:
+    case NID_pkcs7_digest:
+    case NID_pkcs7_encrypted:
+        isOther = 0;
+        break;
+    default:
+        isOther = 1;
+    }
+
+    return isOther;
+
+}
 
 static ASN1_OCTET_STRING *PKCS7_get_octet_string(PKCS7 *p7)
-	{
-	if ( PKCS7_type_is_data(p7))
-		return p7->d.data;
-	if ( PKCS7_type_is_other(p7) && p7->d.other
-		&& (p7->d.other->type == V_ASN1_OCTET_STRING))
-		return p7->d.other->value.octet_string;
-	return NULL;
-	}
+{
+    if (PKCS7_type_is_data(p7))
+        return p7->d.data;
+    if (PKCS7_type_is_other(p7) && p7->d.other
+        && (p7->d.other->type == V_ASN1_OCTET_STRING))
+        return p7->d.other->value.octet_string;
+    return NULL;
+}
 
 static int PKCS7_bio_add_digest(BIO **pbio, X509_ALGOR *alg)
-	{
-	BIO *btmp;
-	const EVP_MD *md;
-	if ((btmp=BIO_new(BIO_f_md())) == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
-		goto err;
-		}
-
-	md=EVP_get_digestbyobj(alg->algorithm);
-	if (md == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,PKCS7_R_UNKNOWN_DIGEST_TYPE);
-		goto err;
-		}
-
-	BIO_set_md(btmp,md);
-	if (*pbio == NULL)
-		*pbio=btmp;
-	else if (!BIO_push(*pbio,btmp))
-		{
-		PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST,ERR_R_BIO_LIB);
-		goto err;
-		}
-	btmp=NULL;
-
-	return 1;
-
-	err:
-	if (btmp)
-		BIO_free(btmp);
-	return 0;
-
-	}
+{
+    BIO *btmp;
+    const EVP_MD *md;
+    if ((btmp = BIO_new(BIO_f_md())) == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
+        goto err;
+    }
+
+    md = EVP_get_digestbyobj(alg->algorithm);
+    if (md == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, PKCS7_R_UNKNOWN_DIGEST_TYPE);
+        goto err;
+    }
+
+    BIO_set_md(btmp, md);
+    if (*pbio == NULL)
+        *pbio = btmp;
+    else if (!BIO_push(*pbio, btmp)) {
+        PKCS7err(PKCS7_F_PKCS7_BIO_ADD_DIGEST, ERR_R_BIO_LIB);
+        goto err;
+    }
+    btmp = NULL;
+
+    return 1;
+
+ err:
+    if (btmp)
+        BIO_free(btmp);
+    return 0;
+
+}
 
 BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
-	{
-	int i;
-	BIO *out=NULL,*btmp=NULL;
-	X509_ALGOR *xa = NULL;
-	const EVP_CIPHER *evp_cipher=NULL;
-	STACK_OF(X509_ALGOR) *md_sk=NULL;
-	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
-	X509_ALGOR *xalg=NULL;
-	PKCS7_RECIP_INFO *ri=NULL;
-	EVP_PKEY *pkey;
-	ASN1_OCTET_STRING *os=NULL;
-
-	i=OBJ_obj2nid(p7->type);
-	p7->state=PKCS7_S_HEADER;
-
-	switch (i)
-		{
-	case NID_pkcs7_signed:
-		md_sk=p7->d.sign->md_algs;
-		os = PKCS7_get_octet_string(p7->d.sign->contents);
-		break;
-	case NID_pkcs7_signedAndEnveloped:
-		rsk=p7->d.signed_and_enveloped->recipientinfo;
-		md_sk=p7->d.signed_and_enveloped->md_algs;
-		xalg=p7->d.signed_and_enveloped->enc_data->algorithm;
-		evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher;
-		if (evp_cipher == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATAINIT,
-						PKCS7_R_CIPHER_NOT_INITIALIZED);
-			goto err;
-			}
-		break;
-	case NID_pkcs7_enveloped:
-		rsk=p7->d.enveloped->recipientinfo;
-		xalg=p7->d.enveloped->enc_data->algorithm;
-		evp_cipher=p7->d.enveloped->enc_data->cipher;
-		if (evp_cipher == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATAINIT,
-						PKCS7_R_CIPHER_NOT_INITIALIZED);
-			goto err;
-			}
-		break;
-	case NID_pkcs7_digest:
-		xa = p7->d.digest->md;
-		os = PKCS7_get_octet_string(p7->d.digest->contents);
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-	        goto err;
-		}
-
-	for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
-		if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
-			goto err;
-
-	if (xa && !PKCS7_bio_add_digest(&out, xa))
-			goto err;
-
-	if (evp_cipher != NULL)
-		{
-		unsigned char key[EVP_MAX_KEY_LENGTH];
-		unsigned char iv[EVP_MAX_IV_LENGTH];
-		int keylen,ivlen;
-		int jj,max;
-		unsigned char *tmp;
-		EVP_CIPHER_CTX *ctx;
-
-		if ((btmp=BIO_new(BIO_f_cipher())) == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB);
-			goto err;
-			}
-		BIO_get_cipher_ctx(btmp, &ctx);
-		keylen=EVP_CIPHER_key_length(evp_cipher);
-		ivlen=EVP_CIPHER_iv_length(evp_cipher);
-		xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
-		if (ivlen > 0)
-			if (RAND_pseudo_bytes(iv,ivlen) <= 0)
-				goto err;
-		if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1)<=0)
-			goto err;
-		if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
-			goto err;
-		if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
-			goto err;
-
-		if (ivlen > 0) {
-			if (xalg->parameter == NULL) {
-				xalg->parameter = ASN1_TYPE_new();
-				if (xalg->parameter == NULL)
-					goto err;
-			}
-			if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
-			       goto err;
-		}
-
-		/* Lets do the pub key stuff :-) */
-		max=0;
-		for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
-			{
-			ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-			if (ri->cert == NULL)
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO);
-				goto err;
-				}
-			if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
-				goto err;
-			jj=EVP_PKEY_size(pkey);
-			EVP_PKEY_free(pkey);
-			if (max < jj) max=jj;
-			}
-		if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
-			{
-			ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-			if ((pkey=X509_get_pubkey(ri->cert)) == NULL)
-				goto err;
-			jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey);
-			EVP_PKEY_free(pkey);
-			if (jj <= 0)
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB);
-				OPENSSL_free(tmp);
-				goto err;
-				}
-			if (!M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj))
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATAINIT,
-					ERR_R_MALLOC_FAILURE);
-				OPENSSL_free(tmp);
-				goto err;
-				}
-			}
-		OPENSSL_free(tmp);
-		OPENSSL_cleanse(key, keylen);
-
-		if (out == NULL)
-			out=btmp;
-		else
-			BIO_push(out,btmp);
-		btmp=NULL;
-		}
-
-	if (bio == NULL)
-		{
-		if (PKCS7_is_detached(p7))
-			bio=BIO_new(BIO_s_null());
-		else if (os && os->length > 0)
-			bio = BIO_new_mem_buf(os->data, os->length);
-		if(bio == NULL)
-			{
-			bio=BIO_new(BIO_s_mem());
-			if (bio == NULL)
-				goto err;
-			BIO_set_mem_eof_return(bio,0);
-			}
-		}
-	BIO_push(out,bio);
-	bio=NULL;
-	if (0)
-		{
-err:
-		if (out != NULL)
-			BIO_free_all(out);
-		if (btmp != NULL)
-			BIO_free_all(btmp);
-		out=NULL;
-		}
-	return(out);
-	}
+{
+    int i;
+    BIO *out = NULL, *btmp = NULL;
+    X509_ALGOR *xa = NULL;
+    const EVP_CIPHER *evp_cipher = NULL;
+    STACK_OF(X509_ALGOR) *md_sk = NULL;
+    STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
+    X509_ALGOR *xalg = NULL;
+    PKCS7_RECIP_INFO *ri = NULL;
+    EVP_PKEY *pkey;
+    ASN1_OCTET_STRING *os = NULL;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+    /*
+     * The content field in the PKCS7 ContentInfo is optional, but that really
+     * only applies to inner content (precisely, detached signatures).
+     *
+     * When reading content, missing outer content is therefore treated as an
+     * error.
+     *
+     * When creating content, PKCS7_content_new() must be called before
+     * calling this method, so a NULL p7->d is always an error.
+     */
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_NO_CONTENT);
+        return NULL;
+    }
+
+    i = OBJ_obj2nid(p7->type);
+    p7->state = PKCS7_S_HEADER;
+
+    switch (i) {
+    case NID_pkcs7_signed:
+        md_sk = p7->d.sign->md_algs;
+        os = PKCS7_get_octet_string(p7->d.sign->contents);
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        rsk = p7->d.signed_and_enveloped->recipientinfo;
+        md_sk = p7->d.signed_and_enveloped->md_algs;
+        xalg = p7->d.signed_and_enveloped->enc_data->algorithm;
+        evp_cipher = p7->d.signed_and_enveloped->enc_data->cipher;
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
+            goto err;
+        }
+        break;
+    case NID_pkcs7_enveloped:
+        rsk = p7->d.enveloped->recipientinfo;
+        xalg = p7->d.enveloped->enc_data->algorithm;
+        evp_cipher = p7->d.enveloped->enc_data->cipher;
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_CIPHER_NOT_INITIALIZED);
+            goto err;
+        }
+        break;
+    case NID_pkcs7_digest:
+        xa = p7->d.digest->md;
+        os = PKCS7_get_octet_string(p7->d.digest->contents);
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_DATAINIT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+
+    for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++)
+        if (!PKCS7_bio_add_digest(&out, sk_X509_ALGOR_value(md_sk, i)))
+            goto err;
+
+    if (xa && !PKCS7_bio_add_digest(&out, xa))
+        goto err;
+
+    if (evp_cipher != NULL) {
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        int keylen, ivlen;
+        int jj, max;
+        unsigned char *tmp;
+        EVP_CIPHER_CTX *ctx;
+
+        if ((btmp = BIO_new(BIO_f_cipher())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_BIO_LIB);
+            goto err;
+        }
+        BIO_get_cipher_ctx(btmp, &ctx);
+        keylen = EVP_CIPHER_key_length(evp_cipher);
+        ivlen = EVP_CIPHER_iv_length(evp_cipher);
+        xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher));
+        if (ivlen > 0)
+            if (RAND_pseudo_bytes(iv, ivlen) <= 0)
+                goto err;
+        if (EVP_CipherInit_ex(ctx, evp_cipher, NULL, NULL, NULL, 1) <= 0)
+            goto err;
+        if (EVP_CIPHER_CTX_rand_key(ctx, key) <= 0)
+            goto err;
+        if (EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, 1) <= 0)
+            goto err;
+
+        if (ivlen > 0) {
+            if (xalg->parameter == NULL) {
+                xalg->parameter = ASN1_TYPE_new();
+                if (xalg->parameter == NULL)
+                    goto err;
+            }
+            if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0)
+                goto err;
+        }
+
+        /* Lets do the pub key stuff :-) */
+        max = 0;
+        for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+            ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+            if (ri->cert == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATAINIT,
+                         PKCS7_R_MISSING_CERIPEND_INFO);
+                goto err;
+            }
+            if ((pkey = X509_get_pubkey(ri->cert)) == NULL)
+                goto err;
+            jj = EVP_PKEY_size(pkey);
+            EVP_PKEY_free(pkey);
+            if (max < jj)
+                max = jj;
+        }
+        if ((tmp = (unsigned char *)OPENSSL_malloc(max)) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+            ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+            if ((pkey = X509_get_pubkey(ri->cert)) == NULL)
+                goto err;
+            jj = EVP_PKEY_encrypt(tmp, key, keylen, pkey);
+            EVP_PKEY_free(pkey);
+            if (jj <= 0) {
+                PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_EVP_LIB);
+                OPENSSL_free(tmp);
+                goto err;
+            }
+            if (!M_ASN1_OCTET_STRING_set(ri->enc_key, tmp, jj)) {
+                PKCS7err(PKCS7_F_PKCS7_DATAINIT, ERR_R_MALLOC_FAILURE);
+                OPENSSL_free(tmp);
+                goto err;
+            }
+        }
+        OPENSSL_free(tmp);
+        OPENSSL_cleanse(key, keylen);
+
+        if (out == NULL)
+            out = btmp;
+        else
+            BIO_push(out, btmp);
+        btmp = NULL;
+    }
+
+    if (bio == NULL) {
+        if (PKCS7_is_detached(p7))
+            bio = BIO_new(BIO_s_null());
+        else if (os && os->length > 0)
+            bio = BIO_new_mem_buf(os->data, os->length);
+        if (bio == NULL) {
+            bio = BIO_new(BIO_s_mem());
+            if (bio == NULL)
+                goto err;
+            BIO_set_mem_eof_return(bio, 0);
+        }
+    }
+    BIO_push(out, bio);
+    bio = NULL;
+    if (0) {
+ err:
+        if (out != NULL)
+            BIO_free_all(out);
+        if (btmp != NULL)
+            BIO_free_all(btmp);
+        out = NULL;
+    }
+    return (out);
+}
 
 static int pkcs7_cmp_ri(PKCS7_RECIP_INFO *ri, X509 *pcert)
-	{
-	int ret;
-	ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
-				pcert->cert_info->issuer);
-	if (ret)
-		return ret;
-	return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
-					ri->issuer_and_serial->serial);
-	}
+{
+    int ret;
+    ret = X509_NAME_cmp(ri->issuer_and_serial->issuer,
+                        pcert->cert_info->issuer);
+    if (ret)
+        return ret;
+    return M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber,
+                              ri->issuer_and_serial->serial);
+}
 
 /* int */
 BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert)
-	{
-	int i,j;
-	BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL;
-	unsigned char *tmp=NULL;
-	X509_ALGOR *xa;
-	ASN1_OCTET_STRING *data_body=NULL;
-	const EVP_MD *evp_md;
-	const EVP_CIPHER *evp_cipher=NULL;
-	EVP_CIPHER_CTX *evp_ctx=NULL;
-	X509_ALGOR *enc_alg=NULL;
-	STACK_OF(X509_ALGOR) *md_sk=NULL;
-	STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL;
-	PKCS7_RECIP_INFO *ri=NULL;
-
-	i=OBJ_obj2nid(p7->type);
-	p7->state=PKCS7_S_HEADER;
-
-	switch (i)
-		{
-	case NID_pkcs7_signed:
-		data_body=PKCS7_get_octet_string(p7->d.sign->contents);
-		md_sk=p7->d.sign->md_algs;
-		break;
-	case NID_pkcs7_signedAndEnveloped:
-		rsk=p7->d.signed_and_enveloped->recipientinfo;
-		md_sk=p7->d.signed_and_enveloped->md_algs;
-		data_body=p7->d.signed_and_enveloped->enc_data->enc_data;
-		enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm;
-		evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
-		if (evp_cipher == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
-			goto err;
-			}
-		break;
-	case NID_pkcs7_enveloped:
-		rsk=p7->d.enveloped->recipientinfo;
-		enc_alg=p7->d.enveloped->enc_data->algorithm;
-		data_body=p7->d.enveloped->enc_data->enc_data;
-		evp_cipher=EVP_get_cipherbyobj(enc_alg->algorithm);
-		if (evp_cipher == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
-			goto err;
-			}
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-	        goto err;
-		}
-
-	/* We will be checking the signature */
-	if (md_sk != NULL)
-		{
-		for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
-			{
-			xa=sk_X509_ALGOR_value(md_sk,i);
-			if ((btmp=BIO_new(BIO_f_md())) == NULL)
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
-				goto err;
-				}
-
-			j=OBJ_obj2nid(xa->algorithm);
-			evp_md=EVP_get_digestbynid(j);
-			if (evp_md == NULL)
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE);
-				goto err;
-				}
-
-			BIO_set_md(btmp,evp_md);
-			if (out == NULL)
-				out=btmp;
-			else
-				BIO_push(out,btmp);
-			btmp=NULL;
-			}
-		}
-
-	if (evp_cipher != NULL)
-		{
+{
+    int i, j;
+    BIO *out = NULL, *btmp = NULL, *etmp = NULL, *bio = NULL;
+    unsigned char *tmp = NULL;
+    X509_ALGOR *xa;
+    ASN1_OCTET_STRING *data_body = NULL;
+    const EVP_MD *evp_md;
+    const EVP_CIPHER *evp_cipher = NULL;
+    EVP_CIPHER_CTX *evp_ctx = NULL;
+    X509_ALGOR *enc_alg = NULL;
+    STACK_OF(X509_ALGOR) *md_sk = NULL;
+    STACK_OF(PKCS7_RECIP_INFO) *rsk = NULL;
+    PKCS7_RECIP_INFO *ri = NULL;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_NO_CONTENT);
+        return NULL;
+    }
+
+    i = OBJ_obj2nid(p7->type);
+    p7->state = PKCS7_S_HEADER;
+
+    switch (i) {
+    case NID_pkcs7_signed:
+        data_body = PKCS7_get_octet_string(p7->d.sign->contents);
+        md_sk = p7->d.sign->md_algs;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        rsk = p7->d.signed_and_enveloped->recipientinfo;
+        md_sk = p7->d.signed_and_enveloped->md_algs;
+        data_body = p7->d.signed_and_enveloped->enc_data->enc_data;
+        enc_alg = p7->d.signed_and_enveloped->enc_data->algorithm;
+        evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+            goto err;
+        }
+        break;
+    case NID_pkcs7_enveloped:
+        rsk = p7->d.enveloped->recipientinfo;
+        enc_alg = p7->d.enveloped->enc_data->algorithm;
+        data_body = p7->d.enveloped->enc_data->enc_data;
+        evp_cipher = EVP_get_cipherbyobj(enc_alg->algorithm);
+        if (evp_cipher == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                     PKCS7_R_UNSUPPORTED_CIPHER_TYPE);
+            goto err;
+        }
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_DATADECODE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+
+    /* We will be checking the signature */
+    if (md_sk != NULL) {
+        for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
+            xa = sk_X509_ALGOR_value(md_sk, i);
+            if ((btmp = BIO_new(BIO_f_md())) == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
+                goto err;
+            }
+
+            j = OBJ_obj2nid(xa->algorithm);
+            evp_md = EVP_get_digestbynid(j);
+            if (evp_md == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                         PKCS7_R_UNKNOWN_DIGEST_TYPE);
+                goto err;
+            }
+
+            BIO_set_md(btmp, evp_md);
+            if (out == NULL)
+                out = btmp;
+            else
+                BIO_push(out, btmp);
+            btmp = NULL;
+        }
+    }
+
+    if (evp_cipher != NULL) {
 #if 0
-		unsigned char key[EVP_MAX_KEY_LENGTH];
-		unsigned char iv[EVP_MAX_IV_LENGTH];
-		unsigned char *p;
-		int keylen,ivlen;
-		int max;
-		X509_OBJECT ret;
+        unsigned char key[EVP_MAX_KEY_LENGTH];
+        unsigned char iv[EVP_MAX_IV_LENGTH];
+        unsigned char *p;
+        int keylen, ivlen;
+        int max;
+        X509_OBJECT ret;
 #endif
-		unsigned char *tkey = NULL;
-		int tkeylen;
-		int jj;
-
-		if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB);
-			goto err;
-			}
-
-		/* It was encrypted, we need to decrypt the secret key
-		 * with the private key */
-
-		/* Find the recipientInfo which matches the passed certificate
-		 * (if any)
-		 */
-
-		if (pcert) {
-			for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) {
-				ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-				if (!pkcs7_cmp_ri(ri, pcert))
-					break;
-				ri=NULL;
-			}
-			if (ri == NULL) {
-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
-				      PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
-				goto err;
-			}
-		}
-
-		jj=EVP_PKEY_size(pkey);
-		tmp=(unsigned char *)OPENSSL_malloc(jj+10);
-		if (tmp == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-
-		/* If we haven't got a certificate try each ri in turn */
-
-		if (pcert == NULL)
-			{
-			/* Temporary storage in case EVP_PKEY_decrypt
-			 * overwrites output buffer on error.
-			 */
-			unsigned char *tmp2;
-			tmp2 = OPENSSL_malloc(jj);
-			if (!tmp2)
-				goto err;
-			jj = -1;
-			/* Always attempt to decrypt all cases to avoid
-			 * leaking timing information about a successful
-			 * decrypt.
-			 */
-			for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
-				{
-				int tret;
-				ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
-				tret=EVP_PKEY_decrypt(tmp2,
-					M_ASN1_STRING_data(ri->enc_key),
-					M_ASN1_STRING_length(ri->enc_key),
-						pkey);
-				if (tret > 0)
-					{
-					memcpy(tmp, tmp2, tret);
-					OPENSSL_cleanse(tmp2, tret);
-					jj = tret;
-					}
-				ERR_clear_error();
-				}
-			OPENSSL_free(tmp2);
-			}
-		else
-			{
-			jj=EVP_PKEY_decrypt(tmp,
-				M_ASN1_STRING_data(ri->enc_key),
-				M_ASN1_STRING_length(ri->enc_key), pkey);
-			ERR_clear_error();
-			}
-
-		evp_ctx=NULL;
-		BIO_get_cipher_ctx(etmp,&evp_ctx);
-		if (EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0) <= 0)
-			goto err;
-		if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
-			goto err;
-		/* Generate random key to counter MMA */
-		tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
-		tkey = OPENSSL_malloc(tkeylen);
-		if (!tkey)
-			goto err;
-		if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
-			goto err;
-		/* If we have no key use random key */
-		if (jj <= 0)
-			{
-			OPENSSL_free(tmp);
-			jj = tkeylen;
-			tmp = tkey;
-			tkey = NULL;
-			}
-
-		if (jj != tkeylen) {
-			/* Some S/MIME clients don't use the same key
-			 * and effective key length. The key length is
-			 * determined by the size of the decrypted RSA key.
-			 */
-			if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
-				{
-				/* As MMA defence use random key instead */
-				OPENSSL_cleanse(tmp, jj);
-				OPENSSL_free(tmp);
-				jj = tkeylen;
-				tmp = tkey;
-				tkey = NULL;
-				}
-		} 
-		ERR_clear_error();
-		if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0)
-			goto err;
-
-		OPENSSL_cleanse(tmp,jj);
-
-		if (tkey)
-			{
-			OPENSSL_cleanse(tkey, tkeylen);
-			OPENSSL_free(tkey);
-			}
-
-		if (out == NULL)
-			out=etmp;
-		else
-			BIO_push(out,etmp);
-		etmp=NULL;
-		}
-
+        unsigned char *tkey = NULL;
+        int tkeylen;
+        int jj;
+
+        if ((etmp = BIO_new(BIO_f_cipher())) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_BIO_LIB);
+            goto err;
+        }
+
+        /*
+         * It was encrypted, we need to decrypt the secret key with the
+         * private key
+         */
+
+        /*
+         * Find the recipientInfo which matches the passed certificate (if
+         * any)
+         */
+
+        if (pcert) {
+            for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+                if (!pkcs7_cmp_ri(ri, pcert))
+                    break;
+                ri = NULL;
+            }
+            if (ri == NULL) {
+                PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+                         PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE);
+                goto err;
+            }
+        }
+
+        jj = EVP_PKEY_size(pkey);
+        tmp = (unsigned char *)OPENSSL_malloc(jj + 10);
+        if (tmp == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATADECODE, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /* If we haven't got a certificate try each ri in turn */
+
+        if (pcert == NULL) {
+            /*
+             * Temporary storage in case EVP_PKEY_decrypt overwrites output
+             * buffer on error.
+             */
+            unsigned char *tmp2;
+            tmp2 = OPENSSL_malloc(jj);
+            if (!tmp2)
+                goto err;
+            jj = -1;
+            /*
+             * Always attempt to decrypt all cases to avoid leaking timing
+             * information about a successful decrypt.
+             */
+            for (i = 0; i < sk_PKCS7_RECIP_INFO_num(rsk); i++) {
+                int tret;
+                ri = sk_PKCS7_RECIP_INFO_value(rsk, i);
+                tret = EVP_PKEY_decrypt(tmp2,
+                                        M_ASN1_STRING_data(ri->enc_key),
+                                        M_ASN1_STRING_length(ri->enc_key),
+                                        pkey);
+                if (tret > 0) {
+                    memcpy(tmp, tmp2, tret);
+                    OPENSSL_cleanse(tmp2, tret);
+                    jj = tret;
+                }
+                ERR_clear_error();
+            }
+            OPENSSL_free(tmp2);
+        } else {
+            jj = EVP_PKEY_decrypt(tmp,
+                                  M_ASN1_STRING_data(ri->enc_key),
+                                  M_ASN1_STRING_length(ri->enc_key), pkey);
+            ERR_clear_error();
+        }
+
+        evp_ctx = NULL;
+        BIO_get_cipher_ctx(etmp, &evp_ctx);
+        if (EVP_CipherInit_ex(evp_ctx, evp_cipher, NULL, NULL, NULL, 0) <= 0)
+            goto err;
+        if (EVP_CIPHER_asn1_to_param(evp_ctx, enc_alg->parameter) < 0)
+            goto err;
+        /* Generate random key to counter MMA */
+        tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
+        tkey = OPENSSL_malloc(tkeylen);
+        if (!tkey)
+            goto err;
+        if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
+            goto err;
+        /* If we have no key use random key */
+        if (jj <= 0) {
+            OPENSSL_free(tmp);
+            jj = tkeylen;
+            tmp = tkey;
+            tkey = NULL;
+        }
+
+        if (jj != tkeylen) {
+            /*
+             * Some S/MIME clients don't use the same key and effective key
+             * length. The key length is determined by the size of the
+             * decrypted RSA key.
+             */
+            if (!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj)) {
+                /* As MMA defence use random key instead */
+                OPENSSL_cleanse(tmp, jj);
+                OPENSSL_free(tmp);
+                jj = tkeylen;
+                tmp = tkey;
+                tkey = NULL;
+            }
+        }
+        ERR_clear_error();
+        if (EVP_CipherInit_ex(evp_ctx, NULL, NULL, tmp, NULL, 0) <= 0)
+            goto err;
+
+        OPENSSL_cleanse(tmp, jj);
+
+        if (tkey) {
+            OPENSSL_cleanse(tkey, tkeylen);
+            OPENSSL_free(tkey);
+        }
+
+        if (out == NULL)
+            out = etmp;
+        else
+            BIO_push(out, etmp);
+        etmp = NULL;
+    }
 #if 1
-	if (PKCS7_is_detached(p7) || (in_bio != NULL))
-		{
-		bio=in_bio;
-		}
-	else 
-		{
-#if 0
-		bio=BIO_new(BIO_s_mem());
-		/* We need to set this so that when we have read all
-		 * the data, the encrypt BIO, if present, will read
-		 * EOF and encode the last few bytes */
-		BIO_set_mem_eof_return(bio,0);
-
-		if (data_body->length > 0)
-			BIO_write(bio,(char *)data_body->data,data_body->length);
-#else
-		if (data_body->length > 0)
-		      bio = BIO_new_mem_buf(data_body->data,data_body->length);
-		else {
-			bio=BIO_new(BIO_s_mem());
-			BIO_set_mem_eof_return(bio,0);
-		}
-		if (bio == NULL)
-			goto err;
-#endif
-		}
-	BIO_push(out,bio);
-	bio=NULL;
+    if (PKCS7_is_detached(p7) || (in_bio != NULL)) {
+        bio = in_bio;
+    } else {
+# if 0
+        bio = BIO_new(BIO_s_mem());
+        /*
+         * We need to set this so that when we have read all the data, the
+         * encrypt BIO, if present, will read EOF and encode the last few
+         * bytes
+         */
+        BIO_set_mem_eof_return(bio, 0);
+
+        if (data_body->length > 0)
+            BIO_write(bio, (char *)data_body->data, data_body->length);
+# else
+        if (data_body->length > 0)
+            bio = BIO_new_mem_buf(data_body->data, data_body->length);
+        else {
+            bio = BIO_new(BIO_s_mem());
+            BIO_set_mem_eof_return(bio, 0);
+        }
+        if (bio == NULL)
+            goto err;
+# endif
+    }
+    BIO_push(out, bio);
+    bio = NULL;
 #endif
-	if (0)
-		{
-err:
-		if (out != NULL) BIO_free_all(out);
-		if (btmp != NULL) BIO_free_all(btmp);
-		if (etmp != NULL) BIO_free_all(etmp);
-		if (bio != NULL) BIO_free_all(bio);
-		out=NULL;
-		}
-	if (tmp != NULL)
-		OPENSSL_free(tmp);
-	return(out);
-	}
+    if (0) {
+ err:
+        if (out != NULL)
+            BIO_free_all(out);
+        if (btmp != NULL)
+            BIO_free_all(btmp);
+        if (etmp != NULL)
+            BIO_free_all(etmp);
+        if (bio != NULL)
+            BIO_free_all(bio);
+        out = NULL;
+    }
+    if (tmp != NULL)
+        OPENSSL_free(tmp);
+    return (out);
+}
 
 static BIO *PKCS7_find_digest(EVP_MD_CTX **pmd, BIO *bio, int nid)
-	{
-	for (;;)
-		{
-		bio=BIO_find_type(bio,BIO_TYPE_MD);
-		if (bio == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
-			return NULL;	
-			}
-		BIO_get_md_ctx(bio,pmd);
-		if (*pmd == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,ERR_R_INTERNAL_ERROR);
-			return NULL;
-			}	
-		if (EVP_MD_CTX_type(*pmd) == nid)
-			return bio;
-		bio=BIO_next(bio);
-		}
-	return NULL;
-	}
+{
+    for (;;) {
+        bio = BIO_find_type(bio, BIO_TYPE_MD);
+        if (bio == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST,
+                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+            return NULL;
+        }
+        BIO_get_md_ctx(bio, pmd);
+        if (*pmd == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_FIND_DIGEST, ERR_R_INTERNAL_ERROR);
+            return NULL;
+        }
+        if (EVP_MD_CTX_type(*pmd) == nid)
+            return bio;
+        bio = BIO_next(bio);
+    }
+    return NULL;
+}
 
 int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
-	{
-	int ret=0;
-	int i,j;
-	BIO *btmp;
-	BUF_MEM *buf_mem=NULL;
-	BUF_MEM *buf=NULL;
-	PKCS7_SIGNER_INFO *si;
-	EVP_MD_CTX *mdc,ctx_tmp;
-	STACK_OF(X509_ATTRIBUTE) *sk;
-	STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL;
-	ASN1_OCTET_STRING *os=NULL;
-
-	EVP_MD_CTX_init(&ctx_tmp);
-	i=OBJ_obj2nid(p7->type);
-	p7->state=PKCS7_S_HEADER;
-
-	switch (i)
-		{
-	case NID_pkcs7_signedAndEnveloped:
-		/* XXXXXXXXXXXXXXXX */
-		si_sk=p7->d.signed_and_enveloped->signer_info;
-		if (!(os=M_ASN1_OCTET_STRING_new()))
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		p7->d.signed_and_enveloped->enc_data->enc_data=os;
-		break;
-	case NID_pkcs7_enveloped:
-		/* XXXXXXXXXXXXXXXX */
-		if (!(os=M_ASN1_OCTET_STRING_new()))
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		p7->d.enveloped->enc_data->enc_data=os;
-		break;
-	case NID_pkcs7_signed:
-		si_sk=p7->d.sign->signer_info;
-		os=PKCS7_get_octet_string(p7->d.sign->contents);
-		/* If detached data then the content is excluded */
-		if(PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
-			M_ASN1_OCTET_STRING_free(os);
-			p7->d.sign->contents->d.data = NULL;
-		}
-		break;
-
-	case NID_pkcs7_digest:
-		os=PKCS7_get_octet_string(p7->d.digest->contents);
-		/* If detached data then the content is excluded */
-		if(PKCS7_type_is_data(p7->d.digest->contents) && p7->detached)
-			{
-			M_ASN1_OCTET_STRING_free(os);
-			p7->d.digest->contents->d.data = NULL;
-			}
-		break;
-
-		}
-
-	if (si_sk != NULL)
-		{
-		if ((buf=BUF_MEM_new()) == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
-			goto err;
-			}
-		for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++)
-			{
-			si=sk_PKCS7_SIGNER_INFO_value(si_sk,i);
-			if (si->pkey == NULL) continue;
-
-			j=OBJ_obj2nid(si->digest_alg->algorithm);
-
-			btmp=bio;
-
-			btmp = PKCS7_find_digest(&mdc, btmp, j);
-
-			if (btmp == NULL)
-				goto err;
-
-			/* We now have the EVP_MD_CTX, lets do the
-			 * signing. */
-			EVP_MD_CTX_copy_ex(&ctx_tmp,mdc);
-			if (!BUF_MEM_grow_clean(buf,EVP_PKEY_size(si->pkey)))
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_BIO_LIB);
-				goto err;
-				}
-
-			sk=si->auth_attr;
-
-			/* If there are attributes, we add the digest
-			 * attribute and only sign the attributes */
-			if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
-				{
-				unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL;
-				unsigned int md_len, alen;
-				ASN1_OCTET_STRING *digest;
-				ASN1_UTCTIME *sign_time;
-				const EVP_MD *md_tmp;
-
-				/* Add signing time if not already present */
-				if (!PKCS7_get_signed_attribute(si,
-							NID_pkcs9_signingTime))
-					{
-					if (!(sign_time=X509_gmtime_adj(NULL,0)))
-						{
-						PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
-							ERR_R_MALLOC_FAILURE);
-						goto err;
-						}
-					if (!PKCS7_add_signed_attribute(si,
-						NID_pkcs9_signingTime,
-						V_ASN1_UTCTIME,sign_time))
-						{
-						M_ASN1_UTCTIME_free(sign_time);
-						goto err;
-						}
-					}
-
-				/* Add digest */
-				md_tmp=EVP_MD_CTX_md(&ctx_tmp);
-				EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len);
-				if (!(digest=M_ASN1_OCTET_STRING_new()))
-					{
-					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
-						ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-				if (!M_ASN1_OCTET_STRING_set(digest,md_data,
-								md_len))
-					{
-					PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
-						ERR_R_MALLOC_FAILURE);
-					M_ASN1_OCTET_STRING_free(digest);
-					goto err;
-					}
-				if (!PKCS7_add_signed_attribute(si,
-					NID_pkcs9_messageDigest,
-					V_ASN1_OCTET_STRING,digest))
-					{
-					M_ASN1_OCTET_STRING_free(digest);
-					goto err;
-					}
-
-				/* Now sign the attributes */
-				EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL);
-				alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf,
-							ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
-				if(!abuf) goto err;
-				EVP_SignUpdate(&ctx_tmp,abuf,alen);
-				OPENSSL_free(abuf);
-				}
-
+{
+    int ret = 0;
+    int i, j;
+    BIO *btmp;
+    BUF_MEM *buf_mem = NULL;
+    BUF_MEM *buf = NULL;
+    PKCS7_SIGNER_INFO *si;
+    EVP_MD_CTX *mdc, ctx_tmp;
+    STACK_OF(X509_ATTRIBUTE) *sk;
+    STACK_OF(PKCS7_SIGNER_INFO) *si_sk = NULL;
+    ASN1_OCTET_STRING *os = NULL;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
+
+    EVP_MD_CTX_init(&ctx_tmp);
+    i = OBJ_obj2nid(p7->type);
+    p7->state = PKCS7_S_HEADER;
+
+    switch (i) {
+    case NID_pkcs7_signedAndEnveloped:
+        /* XXXXXXXXXXXXXXXX */
+        si_sk = p7->d.signed_and_enveloped->signer_info;
+        if (!(os = M_ASN1_OCTET_STRING_new())) {
+            PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        p7->d.signed_and_enveloped->enc_data->enc_data = os;
+        break;
+    case NID_pkcs7_enveloped:
+        /* XXXXXXXXXXXXXXXX */
+        if (!(os = M_ASN1_OCTET_STRING_new())) {
+            PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        p7->d.enveloped->enc_data->enc_data = os;
+        break;
+    case NID_pkcs7_signed:
+        si_sk = p7->d.sign->signer_info;
+        os = PKCS7_get_octet_string(p7->d.sign->contents);
+        /* If detached data then the content is excluded */
+        if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
+            M_ASN1_OCTET_STRING_free(os);
+            os = NULL;
+            p7->d.sign->contents->d.data = NULL;
+        }
+        break;
+
+    case NID_pkcs7_digest:
+        os = PKCS7_get_octet_string(p7->d.digest->contents);
+        /* If detached data then the content is excluded */
+        if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
+            M_ASN1_OCTET_STRING_free(os);
+            os = NULL;
+            p7->d.digest->contents->d.data = NULL;
+        }
+        break;
+
+    }
+
+    if (si_sk != NULL) {
+        if ((buf = BUF_MEM_new()) == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_BIO_LIB);
+            goto err;
+        }
+        for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(si_sk); i++) {
+            si = sk_PKCS7_SIGNER_INFO_value(si_sk, i);
+            if (si->pkey == NULL)
+                continue;
+
+            j = OBJ_obj2nid(si->digest_alg->algorithm);
+
+            btmp = bio;
+
+            btmp = PKCS7_find_digest(&mdc, btmp, j);
+
+            if (btmp == NULL)
+                goto err;
+
+            /*
+             * We now have the EVP_MD_CTX, lets do the signing.
+             */
+            EVP_MD_CTX_copy_ex(&ctx_tmp, mdc);
+            if (!BUF_MEM_grow_clean(buf, EVP_PKEY_size(si->pkey))) {
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_BIO_LIB);
+                goto err;
+            }
+
+            sk = si->auth_attr;
+
+            /*
+             * If there are attributes, we add the digest attribute and only
+             * sign the attributes
+             */
+            if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
+                unsigned char md_data[EVP_MAX_MD_SIZE], *abuf = NULL;
+                unsigned int md_len, alen;
+                ASN1_OCTET_STRING *digest;
+                ASN1_UTCTIME *sign_time;
+                const EVP_MD *md_tmp;
+
+                /* Add signing time if not already present */
+                if (!PKCS7_get_signed_attribute(si, NID_pkcs9_signingTime)) {
+                    if (!(sign_time = X509_gmtime_adj(NULL, 0))) {
+                        PKCS7err(PKCS7_F_PKCS7_DATAFINAL,
+                                 ERR_R_MALLOC_FAILURE);
+                        goto err;
+                    }
+                    if (!PKCS7_add_signed_attribute(si,
+                                                    NID_pkcs9_signingTime,
+                                                    V_ASN1_UTCTIME,
+                                                    sign_time)) {
+                        M_ASN1_UTCTIME_free(sign_time);
+                        goto err;
+                    }
+                }
+
+                /* Add digest */
+                md_tmp = EVP_MD_CTX_md(&ctx_tmp);
+                EVP_DigestFinal_ex(&ctx_tmp, md_data, &md_len);
+                if (!(digest = M_ASN1_OCTET_STRING_new())) {
+                    PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
+                if (!M_ASN1_OCTET_STRING_set(digest, md_data, md_len)) {
+                    PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_MALLOC_FAILURE);
+                    M_ASN1_OCTET_STRING_free(digest);
+                    goto err;
+                }
+                if (!PKCS7_add_signed_attribute(si,
+                                                NID_pkcs9_messageDigest,
+                                                V_ASN1_OCTET_STRING, digest))
+                {
+                    M_ASN1_OCTET_STRING_free(digest);
+                    goto err;
+                }
+
+                /* Now sign the attributes */
+                EVP_SignInit_ex(&ctx_tmp, md_tmp, NULL);
+                alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
+                                     ASN1_ITEM_rptr(PKCS7_ATTR_SIGN));
+                if (!abuf)
+                    goto err;
+                EVP_SignUpdate(&ctx_tmp, abuf, alen);
+                OPENSSL_free(abuf);
+            }
 #ifndef OPENSSL_NO_DSA
-			if (si->pkey->type == EVP_PKEY_DSA)
-				ctx_tmp.digest=EVP_dss1();
+            if (si->pkey->type == EVP_PKEY_DSA)
+                ctx_tmp.digest = EVP_dss1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
- 			if (si->pkey->type == EVP_PKEY_EC)
- 				ctx_tmp.digest=EVP_ecdsa();
+            if (si->pkey->type == EVP_PKEY_EC)
+                ctx_tmp.digest = EVP_ecdsa();
 #endif
 
-			if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data,
-				(unsigned int *)&buf->length,si->pkey))
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_EVP_LIB);
-				goto err;
-				}
-			if (!ASN1_STRING_set(si->enc_digest,
-				(unsigned char *)buf->data,buf->length))
-				{
-				PKCS7err(PKCS7_F_PKCS7_DATAFINAL,ERR_R_ASN1_LIB);
-				goto err;
-				}
-			}
-		}
-	else if (i == NID_pkcs7_digest)
-		{
-		unsigned char md_data[EVP_MAX_MD_SIZE];
-		unsigned int md_len;
-		if (!PKCS7_find_digest(&mdc, bio,
-				OBJ_obj2nid(p7->d.digest->md->algorithm)))
-			goto err;
-		EVP_DigestFinal_ex(mdc,md_data,&md_len);
-		M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
-		}
-
-	if (!PKCS7_is_detached(p7))
-		{
-		btmp=BIO_find_type(bio,BIO_TYPE_MEM);
-		if (btmp == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_DATAFINAL,PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
-			goto err;
-			}
-		BIO_get_mem_ptr(btmp,&buf_mem);
-		/* Mark the BIO read only then we can use its copy of the data
-		 * instead of making an extra copy.
-		 */
-		BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
-		BIO_set_mem_eof_return(btmp, 0);
-		os->data = (unsigned char *)buf_mem->data;
-		os->length = buf_mem->length;
+            if (!EVP_SignFinal(&ctx_tmp, (unsigned char *)buf->data,
+                               (unsigned int *)&buf->length, si->pkey)) {
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_EVP_LIB);
+                goto err;
+            }
+            if (!ASN1_STRING_set(si->enc_digest,
+                                 (unsigned char *)buf->data, buf->length)) {
+                PKCS7err(PKCS7_F_PKCS7_DATAFINAL, ERR_R_ASN1_LIB);
+                goto err;
+            }
+        }
+    } else if (i == NID_pkcs7_digest) {
+        unsigned char md_data[EVP_MAX_MD_SIZE];
+        unsigned int md_len;
+        if (!PKCS7_find_digest(&mdc, bio,
+                               OBJ_obj2nid(p7->d.digest->md->algorithm)))
+            goto err;
+        EVP_DigestFinal_ex(mdc, md_data, &md_len);
+        M_ASN1_OCTET_STRING_set(p7->d.digest->digest, md_data, md_len);
+    }
+
+    if (!PKCS7_is_detached(p7)) {
+        /*
+         * NOTE(emilia): I think we only reach os == NULL here because detached
+         * digested data support is broken.
+         */
+        if (os == NULL)
+            goto err;
+        btmp = BIO_find_type(bio, BIO_TYPE_MEM);
+        if (btmp == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_DATAFINAL, PKCS7_R_UNABLE_TO_FIND_MEM_BIO);
+            goto err;
+        }
+        BIO_get_mem_ptr(btmp, &buf_mem);
+        /*
+         * Mark the BIO read only then we can use its copy of the data
+         * instead of making an extra copy.
+         */
+        BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY);
+        BIO_set_mem_eof_return(btmp, 0);
+        os->data = (unsigned char *)buf_mem->data;
+        os->length = buf_mem->length;
 #if 0
-		M_ASN1_OCTET_STRING_set(os,
-			(unsigned char *)buf_mem->data,buf_mem->length);
+        M_ASN1_OCTET_STRING_set(os,
+                                (unsigned char *)buf_mem->data,
+                                buf_mem->length);
 #endif
-		}
-	ret=1;
-err:
-	EVP_MD_CTX_cleanup(&ctx_tmp);
-	if (buf != NULL) BUF_MEM_free(buf);
-	return(ret);
-	}
+    }
+    ret = 1;
+ err:
+    EVP_MD_CTX_cleanup(&ctx_tmp);
+    if (buf != NULL)
+        BUF_MEM_free(buf);
+    return (ret);
+}
 
 int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio,
-	     PKCS7 *p7, PKCS7_SIGNER_INFO *si)
-	{
-	PKCS7_ISSUER_AND_SERIAL *ias;
-	int ret=0,i;
-	STACK_OF(X509) *cert;
-	X509 *x509;
-
-	if (PKCS7_type_is_signed(p7))
-		{
-		cert=p7->d.sign->cert;
-		}
-	else if (PKCS7_type_is_signedAndEnveloped(p7))
-		{
-		cert=p7->d.signed_and_enveloped->cert;
-		}
-	else
-		{
-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE);
-		goto err;
-		}
-	/* XXXXXXXXXXXXXXXXXXXXXXX */
-	ias=si->issuer_and_serial;
-
-	x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial);
-
-	/* were we able to find the cert in passed to us */
-	if (x509 == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
-		goto err;
-		}
-
-	/* Lets verify */
-	if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert))
-		{
-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
-		goto err;
-		}
-	X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
-	i=X509_verify_cert(ctx);
-	if (i <= 0) 
-		{
-		PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB);
-		X509_STORE_CTX_cleanup(ctx);
-		goto err;
-		}
-	X509_STORE_CTX_cleanup(ctx);
-
-	return PKCS7_signatureVerify(bio, p7, si, x509);
-	err:
-	return ret;
-	}
+                     PKCS7 *p7, PKCS7_SIGNER_INFO *si)
+{
+    PKCS7_ISSUER_AND_SERIAL *ias;
+    int ret = 0, i;
+    STACK_OF(X509) *cert;
+    X509 *x509;
+
+    if (p7 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (p7->d.ptr == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
+
+    if (PKCS7_type_is_signed(p7)) {
+        cert = p7->d.sign->cert;
+    } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+        cert = p7->d.signed_and_enveloped->cert;
+    } else {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
+        goto err;
+    }
+    /* XXXXXXXXXXXXXXXXXXXXXXX */
+    ias = si->issuer_and_serial;
+
+    x509 = X509_find_by_issuer_and_serial(cert, ias->issuer, ias->serial);
+
+    /* were we able to find the cert in passed to us */
+    if (x509 == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,
+                 PKCS7_R_UNABLE_TO_FIND_CERTIFICATE);
+        goto err;
+    }
+
+    /* Lets verify */
+    if (!X509_STORE_CTX_init(ctx, cert_store, x509, cert)) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
+        goto err;
+    }
+    X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN);
+    i = X509_verify_cert(ctx);
+    if (i <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_DATAVERIFY, ERR_R_X509_LIB);
+        X509_STORE_CTX_cleanup(ctx);
+        goto err;
+    }
+    X509_STORE_CTX_cleanup(ctx);
+
+    return PKCS7_signatureVerify(bio, p7, si, x509);
+ err:
+    return ret;
+}
 
 int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si,
-								X509 *x509)
-	{
-	ASN1_OCTET_STRING *os;
-	EVP_MD_CTX mdc_tmp,*mdc;
-	int ret=0,i;
-	int md_type;
-	STACK_OF(X509_ATTRIBUTE) *sk;
-	BIO *btmp;
-	EVP_PKEY *pkey;
-
-	EVP_MD_CTX_init(&mdc_tmp);
-
-	if (!PKCS7_type_is_signed(p7) && 
-				!PKCS7_type_is_signedAndEnveloped(p7)) {
-		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-						PKCS7_R_WRONG_PKCS7_TYPE);
-		goto err;
-	}
-
-	md_type=OBJ_obj2nid(si->digest_alg->algorithm);
-
-	btmp=bio;
-	for (;;)
-		{
-		if ((btmp == NULL) ||
-			((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL))
-			{
-			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-					PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
-			goto err;
-			}
-		BIO_get_md_ctx(btmp,&mdc);
-		if (mdc == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-							ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		if (EVP_MD_CTX_type(mdc) == md_type)
-			break;
-		/* Workaround for some broken clients that put the signature
-		 * OID instead of the digest OID in digest_alg->algorithm
-		 */
-		if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
-			break;
-		btmp=BIO_next(btmp);
-		}
-
-	/* mdc is the digest ctx that we want, unless there are attributes,
-	 * in which case the digest is the signed attributes */
-	EVP_MD_CTX_copy_ex(&mdc_tmp,mdc);
-
-	sk=si->auth_attr;
-	if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0))
-		{
-		unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
-                unsigned int md_len, alen;
-		ASN1_OCTET_STRING *message_digest;
-
-		EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len);
-		message_digest=PKCS7_digest_from_attributes(sk);
-		if (!message_digest)
-			{
-			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-					PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
-			goto err;
-			}
-		if ((message_digest->length != (int)md_len) ||
-			(memcmp(message_digest->data,md_dat,md_len)))
-			{
-#if 0
+                          X509 *x509)
 {
-int ii;
-for (ii=0; ii<message_digest->length; ii++)
-	printf("%02X",message_digest->data[ii]); printf(" sent\n");
-for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n");
-}
+    ASN1_OCTET_STRING *os;
+    EVP_MD_CTX mdc_tmp, *mdc;
+    int ret = 0, i;
+    int md_type;
+    STACK_OF(X509_ATTRIBUTE) *sk;
+    BIO *btmp;
+    EVP_PKEY *pkey;
+
+    EVP_MD_CTX_init(&mdc_tmp);
+
+    if (!PKCS7_type_is_signed(p7) && !PKCS7_type_is_signedAndEnveloped(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_WRONG_PKCS7_TYPE);
+        goto err;
+    }
+
+    md_type = OBJ_obj2nid(si->digest_alg->algorithm);
+
+    btmp = bio;
+    for (;;) {
+        if ((btmp == NULL) ||
+            ((btmp = BIO_find_type(btmp, BIO_TYPE_MD)) == NULL)) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+            goto err;
+        }
+        BIO_get_md_ctx(btmp, &mdc);
+        if (mdc == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+        if (EVP_MD_CTX_type(mdc) == md_type)
+            break;
+        /*
+         * Workaround for some broken clients that put the signature OID
+         * instead of the digest OID in digest_alg->algorithm
+         */
+        if (EVP_MD_pkey_type(EVP_MD_CTX_md(mdc)) == md_type)
+            break;
+        btmp = BIO_next(btmp);
+    }
+
+    /*
+     * mdc is the digest ctx that we want, unless there are attributes, in
+     * which case the digest is the signed attributes
+     */
+    EVP_MD_CTX_copy_ex(&mdc_tmp, mdc);
+
+    sk = si->auth_attr;
+    if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) {
+        unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL;
+        unsigned int md_len, alen;
+        ASN1_OCTET_STRING *message_digest;
+
+        EVP_DigestFinal_ex(&mdc_tmp, md_dat, &md_len);
+        message_digest = PKCS7_digest_from_attributes(sk);
+        if (!message_digest) {
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
+                     PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST);
+            goto err;
+        }
+        if ((message_digest->length != (int)md_len) ||
+            (memcmp(message_digest->data, md_dat, md_len))) {
+#if 0
+            {
+                int ii;
+                for (ii = 0; ii < message_digest->length; ii++)
+                    printf("%02X", message_digest->data[ii]);
+                printf(" sent\n");
+                for (ii = 0; ii < md_len; ii++)
+                    printf("%02X", md_dat[ii]);
+                printf(" calc\n");
+            }
 #endif
-			PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-							PKCS7_R_DIGEST_FAILURE);
-			ret= -1;
-			goto err;
-			}
-
-		EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL);
-
-		alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
-						ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
-		EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
-
-		OPENSSL_free(abuf);
-		}
-
-	os=si->enc_digest;
-	pkey = X509_get_pubkey(x509);
-	if (!pkey)
-		{
-		ret = -1;
-		goto err;
-		}
+            PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_DIGEST_FAILURE);
+            ret = -1;
+            goto err;
+        }
+
+        EVP_VerifyInit_ex(&mdc_tmp, EVP_get_digestbynid(md_type), NULL);
+
+        alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf,
+                             ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY));
+        EVP_VerifyUpdate(&mdc_tmp, abuf, alen);
+
+        OPENSSL_free(abuf);
+    }
+
+    os = si->enc_digest;
+    pkey = X509_get_pubkey(x509);
+    if (!pkey) {
+        ret = -1;
+        goto err;
+    }
 #ifndef OPENSSL_NO_DSA
-	if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1();
+    if (pkey->type == EVP_PKEY_DSA)
+        mdc_tmp.digest = EVP_dss1();
 #endif
 #ifndef OPENSSL_NO_ECDSA
-	if (pkey->type == EVP_PKEY_EC) mdc_tmp.digest=EVP_ecdsa();
+    if (pkey->type == EVP_PKEY_EC)
+        mdc_tmp.digest = EVP_ecdsa();
 #endif
 
-	i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey);
-	EVP_PKEY_free(pkey);
-	if (i <= 0)
-		{
-		PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY,
-						PKCS7_R_SIGNATURE_FAILURE);
-		ret= -1;
-		goto err;
-		}
-	else
-		ret=1;
-err:
-	EVP_MD_CTX_cleanup(&mdc_tmp);
-	return(ret);
-	}
+    i = EVP_VerifyFinal(&mdc_tmp, os->data, os->length, pkey);
+    EVP_PKEY_free(pkey);
+    if (i <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, PKCS7_R_SIGNATURE_FAILURE);
+        ret = -1;
+        goto err;
+    } else
+        ret = 1;
+ err:
+    EVP_MD_CTX_cleanup(&mdc_tmp);
+    return (ret);
+}
 
 PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx)
-	{
-	STACK_OF(PKCS7_RECIP_INFO) *rsk;
-	PKCS7_RECIP_INFO *ri;
-	int i;
-
-	i=OBJ_obj2nid(p7->type);
-	if (i != NID_pkcs7_signedAndEnveloped)
-		return NULL;
-	if (p7->d.signed_and_enveloped == NULL)
-		return NULL;
-	rsk=p7->d.signed_and_enveloped->recipientinfo;
-	if (rsk == NULL)
-		return NULL;
-	ri=sk_PKCS7_RECIP_INFO_value(rsk,0);
-	if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL);
-	ri=sk_PKCS7_RECIP_INFO_value(rsk,idx);
-	return(ri->issuer_and_serial);
-	}
+{
+    STACK_OF(PKCS7_RECIP_INFO) *rsk;
+    PKCS7_RECIP_INFO *ri;
+    int i;
+
+    i = OBJ_obj2nid(p7->type);
+    if (i != NID_pkcs7_signedAndEnveloped)
+        return NULL;
+    if (p7->d.signed_and_enveloped == NULL)
+        return NULL;
+    rsk = p7->d.signed_and_enveloped->recipientinfo;
+    if (rsk == NULL)
+        return NULL;
+    ri = sk_PKCS7_RECIP_INFO_value(rsk, 0);
+    if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx)
+        return (NULL);
+    ri = sk_PKCS7_RECIP_INFO_value(rsk, idx);
+    return (ri->issuer_and_serial);
+}
 
 ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid)
-	{
-	return(get_attribute(si->auth_attr,nid));
-	}
+{
+    return (get_attribute(si->auth_attr, nid));
+}
 
 ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid)
-	{
-	return(get_attribute(si->unauth_attr,nid));
-	}
+{
+    return (get_attribute(si->unauth_attr, nid));
+}
 
 static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid)
-	{
-	int i;
-	X509_ATTRIBUTE *xa;
-	ASN1_OBJECT *o;
-
-	o=OBJ_nid2obj(nid);
-	if (!o || !sk) return(NULL);
-	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
-		{
-		xa=sk_X509_ATTRIBUTE_value(sk,i);
-		if (OBJ_cmp(xa->object,o) == 0)
-			{
-			if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
-				return(sk_ASN1_TYPE_value(xa->value.set,0));
-			else
-				return(NULL);
-			}
-		}
-	return(NULL);
-	}
+{
+    int i;
+    X509_ATTRIBUTE *xa;
+    ASN1_OBJECT *o;
+
+    o = OBJ_nid2obj(nid);
+    if (!o || !sk)
+        return (NULL);
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+        xa = sk_X509_ATTRIBUTE_value(sk, i);
+        if (OBJ_cmp(xa->object, o) == 0) {
+            if (!xa->single && sk_ASN1_TYPE_num(xa->value.set))
+                return (sk_ASN1_TYPE_value(xa->value.set, 0));
+            else
+                return (NULL);
+        }
+    }
+    return (NULL);
+}
 
 ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk)
 {
-	ASN1_TYPE *astype;
-	if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL;
-	return astype->value.octet_string;
+    ASN1_TYPE *astype;
+    if (!(astype = get_attribute(sk, NID_pkcs9_messageDigest)))
+        return NULL;
+    return astype->value.octet_string;
 }
 
 int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si,
-				STACK_OF(X509_ATTRIBUTE) *sk)
-	{
-	int i;
-
-	if (p7si->auth_attr != NULL)
-		sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free);
-	p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk);
-	if (p7si->auth_attr == NULL)
-		return 0;
-	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
-		{
-		if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i,
-			X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
-		    == NULL)
-			return(0);
-		}
-	return(1);
-	}
-
-int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk)
-	{
-	int i;
-
-	if (p7si->unauth_attr != NULL)
-		sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr,
-					   X509_ATTRIBUTE_free);
-	p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk);
-	if (p7si->unauth_attr == NULL)
-		return 0;
-	for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++)
-		{
-		if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i,
-                        X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i))))
-		    == NULL)
-			return(0);
-		}
-	return(1);
-	}
+                                STACK_OF(X509_ATTRIBUTE) *sk)
+{
+    int i;
+
+    if (p7si->auth_attr != NULL)
+        sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr, X509_ATTRIBUTE_free);
+    p7si->auth_attr = sk_X509_ATTRIBUTE_dup(sk);
+    if (p7si->auth_attr == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+        if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr, i,
+                                   X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
+                                                      (sk, i))))
+            == NULL)
+            return (0);
+    }
+    return (1);
+}
+
+int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,
+                         STACK_OF(X509_ATTRIBUTE) *sk)
+{
+    int i;
+
+    if (p7si->unauth_attr != NULL)
+        sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, X509_ATTRIBUTE_free);
+    p7si->unauth_attr = sk_X509_ATTRIBUTE_dup(sk);
+    if (p7si->unauth_attr == NULL)
+        return 0;
+    for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
+        if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr, i,
+                                   X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value
+                                                      (sk, i))))
+            == NULL)
+            return (0);
+    }
+    return (1);
+}
 
 int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-	     void *value)
-	{
-	return(add_attribute(&(p7si->auth_attr),nid,atrtype,value));
-	}
+                               void *value)
+{
+    return (add_attribute(&(p7si->auth_attr), nid, atrtype, value));
+}
 
 int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype,
-	     void *value)
-	{
-	return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value));
-	}
+                        void *value)
+{
+    return (add_attribute(&(p7si->unauth_attr), nid, atrtype, value));
+}
 
 static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
-			 void *value)
-	{
-	X509_ATTRIBUTE *attr=NULL;
-
-	if (*sk == NULL)
-		{
-		if (!(*sk = sk_X509_ATTRIBUTE_new_null()))
-			return 0;
-new_attrib:
-		if (!(attr=X509_ATTRIBUTE_create(nid,atrtype,value)))
-			return 0;
-		if (!sk_X509_ATTRIBUTE_push(*sk,attr))
-			{
-			X509_ATTRIBUTE_free(attr);
-			return 0;
-			}
-		}
-	else
-		{
-		int i;
-
-		for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++)
-			{
-			attr=sk_X509_ATTRIBUTE_value(*sk,i);
-			if (OBJ_obj2nid(attr->object) == nid)
-				{
-				X509_ATTRIBUTE_free(attr);
-				attr=X509_ATTRIBUTE_create(nid,atrtype,value);
-				if (attr == NULL)
-					return 0;
-				if (!sk_X509_ATTRIBUTE_set(*sk,i,attr))
-					{
-					X509_ATTRIBUTE_free(attr);
-					return 0;
-					}
-				goto end;
-				}
-			}
-		goto new_attrib;
-		}
-end:
-	return(1);
-	}
-
+                         void *value)
+{
+    X509_ATTRIBUTE *attr = NULL;
+
+    if (*sk == NULL) {
+        if (!(*sk = sk_X509_ATTRIBUTE_new_null()))
+            return 0;
+ new_attrib:
+        if (!(attr = X509_ATTRIBUTE_create(nid, atrtype, value)))
+            return 0;
+        if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
+            X509_ATTRIBUTE_free(attr);
+            return 0;
+        }
+    } else {
+        int i;
+
+        for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
+            attr = sk_X509_ATTRIBUTE_value(*sk, i);
+            if (OBJ_obj2nid(attr->object) == nid) {
+                X509_ATTRIBUTE_free(attr);
+                attr = X509_ATTRIBUTE_create(nid, atrtype, value);
+                if (attr == NULL)
+                    return 0;
+                if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
+                    X509_ATTRIBUTE_free(attr);
+                    return 0;
+                }
+                goto end;
+            }
+        }
+        goto new_attrib;
+    }
+ end:
+    return (1);
+}
diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c
index 898cddad..c2ad3ec1 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_lib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,526 +62,519 @@
 #include <openssl/x509.h>
 
 long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
-	{
-	int nid;
-	long ret;
-
-	nid=OBJ_obj2nid(p7->type);
-
-	switch (cmd)
-		{
-	case PKCS7_OP_SET_DETACHED_SIGNATURE:
-		if (nid == NID_pkcs7_signed)
-			{
-			ret=p7->detached=(int)larg;
-			if (ret && PKCS7_type_is_data(p7->d.sign->contents))
-					{
-					ASN1_OCTET_STRING *os;
-					os=p7->d.sign->contents->d.data;
-					ASN1_OCTET_STRING_free(os);
-					p7->d.sign->contents->d.data = NULL;
-					}
-			}
-		else
-			{
-			PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
-			ret=0;
-			}
-		break;
-	case PKCS7_OP_GET_DETACHED_SIGNATURE:
-		if (nid == NID_pkcs7_signed)
-			{
-			if(!p7->d.sign  || !p7->d.sign->contents->d.ptr)
-				ret = 1;
-			else ret = 0;
-				
-			p7->detached = ret;
-			}
-		else
-			{
-			PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
-			ret=0;
-			}
-			
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION);
-		ret=0;
-		}
-	return(ret);
-	}
+{
+    int nid;
+    long ret;
+
+    nid = OBJ_obj2nid(p7->type);
+
+    switch (cmd) {
+    /* NOTE(emilia): does not support detached digested data. */
+    case PKCS7_OP_SET_DETACHED_SIGNATURE:
+        if (nid == NID_pkcs7_signed) {
+            ret = p7->detached = (int)larg;
+            if (ret && PKCS7_type_is_data(p7->d.sign->contents)) {
+                ASN1_OCTET_STRING *os;
+                os = p7->d.sign->contents->d.data;
+                ASN1_OCTET_STRING_free(os);
+                p7->d.sign->contents->d.data = NULL;
+            }
+        } else {
+            PKCS7err(PKCS7_F_PKCS7_CTRL,
+                     PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+            ret = 0;
+        }
+        break;
+    case PKCS7_OP_GET_DETACHED_SIGNATURE:
+        if (nid == NID_pkcs7_signed) {
+            if (!p7->d.sign || !p7->d.sign->contents->d.ptr)
+                ret = 1;
+            else
+                ret = 0;
+
+            p7->detached = ret;
+        } else {
+            PKCS7err(PKCS7_F_PKCS7_CTRL,
+                     PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE);
+            ret = 0;
+        }
+
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_CTRL, PKCS7_R_UNKNOWN_OPERATION);
+        ret = 0;
+    }
+    return (ret);
+}
 
 int PKCS7_content_new(PKCS7 *p7, int type)
-	{
-	PKCS7 *ret=NULL;
-
-	if ((ret=PKCS7_new()) == NULL) goto err;
-	if (!PKCS7_set_type(ret,type)) goto err;
-	if (!PKCS7_set_content(p7,ret)) goto err;
-
-	return(1);
-err:
-	if (ret != NULL) PKCS7_free(ret);
-	return(0);
-	}
+{
+    PKCS7 *ret = NULL;
+
+    if ((ret = PKCS7_new()) == NULL)
+        goto err;
+    if (!PKCS7_set_type(ret, type))
+        goto err;
+    if (!PKCS7_set_content(p7, ret))
+        goto err;
+
+    return (1);
+ err:
+    if (ret != NULL)
+        PKCS7_free(ret);
+    return (0);
+}
 
 int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data)
-	{
-	int i;
-
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
-	case NID_pkcs7_signed:
-		if (p7->d.sign->contents != NULL)
-			PKCS7_free(p7->d.sign->contents);
-		p7->d.sign->contents=p7_data;
-		break;
-	case NID_pkcs7_digest:
-		if (p7->d.digest->contents != NULL)
-			PKCS7_free(p7->d.digest->contents);
-		p7->d.digest->contents=p7_data;
-		break;
-	case NID_pkcs7_data:
-	case NID_pkcs7_enveloped:
-	case NID_pkcs7_signedAndEnveloped:
-	case NID_pkcs7_encrypted:
-	default:
-		PKCS7err(PKCS7_F_PKCS7_SET_CONTENT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-		goto err;
-		}
-	return(1);
-err:
-	return(0);
-	}
+{
+    int i;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        if (p7->d.sign->contents != NULL)
+            PKCS7_free(p7->d.sign->contents);
+        p7->d.sign->contents = p7_data;
+        break;
+    case NID_pkcs7_digest:
+        if (p7->d.digest->contents != NULL)
+            PKCS7_free(p7->d.digest->contents);
+        p7->d.digest->contents = p7_data;
+        break;
+    case NID_pkcs7_data:
+    case NID_pkcs7_enveloped:
+    case NID_pkcs7_signedAndEnveloped:
+    case NID_pkcs7_encrypted:
+    default:
+        PKCS7err(PKCS7_F_PKCS7_SET_CONTENT, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+    return (1);
+ err:
+    return (0);
+}
 
 int PKCS7_set_type(PKCS7 *p7, int type)
-	{
-	ASN1_OBJECT *obj;
-
-	/*PKCS7_content_free(p7);*/
-	obj=OBJ_nid2obj(type); /* will not fail */
-
-	switch (type)
-		{
-	case NID_pkcs7_signed:
-		p7->type=obj;
-		if ((p7->d.sign=PKCS7_SIGNED_new()) == NULL)
-			goto err;
-		if (!ASN1_INTEGER_set(p7->d.sign->version,1))
-			{
-			PKCS7_SIGNED_free(p7->d.sign);
-			p7->d.sign=NULL;
-			goto err;
-			}
-		break;
-	case NID_pkcs7_data:
-		p7->type=obj;
-		if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL)
-			goto err;
-		break;
-	case NID_pkcs7_signedAndEnveloped:
-		p7->type=obj;
-		if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new())
-			== NULL) goto err;
-		ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1);
-		if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1))
-			goto err;
-		p7->d.signed_and_enveloped->enc_data->content_type
-						= OBJ_nid2obj(NID_pkcs7_data);
-		break;
-	case NID_pkcs7_enveloped:
-		p7->type=obj;
-		if ((p7->d.enveloped=PKCS7_ENVELOPE_new())
-			== NULL) goto err;
-		if (!ASN1_INTEGER_set(p7->d.enveloped->version,0))
-			goto err;
-		p7->d.enveloped->enc_data->content_type
-						= OBJ_nid2obj(NID_pkcs7_data);
-		break;
-	case NID_pkcs7_encrypted:
-		p7->type=obj;
-		if ((p7->d.encrypted=PKCS7_ENCRYPT_new())
-			== NULL) goto err;
-		if (!ASN1_INTEGER_set(p7->d.encrypted->version,0))
-			goto err;
-		p7->d.encrypted->enc_data->content_type
-						= OBJ_nid2obj(NID_pkcs7_data);
-		break;
-
-	case NID_pkcs7_digest:
-		p7->type=obj;
-		if ((p7->d.digest=PKCS7_DIGEST_new())
-			== NULL) goto err;
-		if (!ASN1_INTEGER_set(p7->d.digest->version,0))
-			goto err;
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
-		goto err;
-		}
-	return(1);
-err:
-	return(0);
-	}
+{
+    ASN1_OBJECT *obj;
+
+    /*
+     * PKCS7_content_free(p7);
+     */
+    obj = OBJ_nid2obj(type);    /* will not fail */
+
+    switch (type) {
+    case NID_pkcs7_signed:
+        p7->type = obj;
+        if ((p7->d.sign = PKCS7_SIGNED_new()) == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.sign->version, 1)) {
+            PKCS7_SIGNED_free(p7->d.sign);
+            p7->d.sign = NULL;
+            goto err;
+        }
+        break;
+    case NID_pkcs7_data:
+        p7->type = obj;
+        if ((p7->d.data = M_ASN1_OCTET_STRING_new()) == NULL)
+            goto err;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        p7->type = obj;
+        if ((p7->d.signed_and_enveloped = PKCS7_SIGN_ENVELOPE_new())
+            == NULL)
+            goto err;
+        ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1);
+        if (!ASN1_INTEGER_set(p7->d.signed_and_enveloped->version, 1))
+            goto err;
+        p7->d.signed_and_enveloped->enc_data->content_type
+            = OBJ_nid2obj(NID_pkcs7_data);
+        break;
+    case NID_pkcs7_enveloped:
+        p7->type = obj;
+        if ((p7->d.enveloped = PKCS7_ENVELOPE_new())
+            == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.enveloped->version, 0))
+            goto err;
+        p7->d.enveloped->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
+        break;
+    case NID_pkcs7_encrypted:
+        p7->type = obj;
+        if ((p7->d.encrypted = PKCS7_ENCRYPT_new())
+            == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.encrypted->version, 0))
+            goto err;
+        p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data);
+        break;
+
+    case NID_pkcs7_digest:
+        p7->type = obj;
+        if ((p7->d.digest = PKCS7_DIGEST_new())
+            == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(p7->d.digest->version, 0))
+            goto err;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_SET_TYPE, PKCS7_R_UNSUPPORTED_CONTENT_TYPE);
+        goto err;
+    }
+    return (1);
+ err:
+    return (0);
+}
 
 int PKCS7_set0_type_other(PKCS7 *p7, int type, ASN1_TYPE *other)
-	{
-	p7->type = OBJ_nid2obj(type);
-	p7->d.other = other;
-	return 1;
-	}
+{
+    p7->type = OBJ_nid2obj(type);
+    p7->d.other = other;
+    return 1;
+}
 
 int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi)
-	{
-	int i,j,nid;
-	X509_ALGOR *alg;
-	STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
-	STACK_OF(X509_ALGOR) *md_sk;
-
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
-	case NID_pkcs7_signed:
-		signer_sk=	p7->d.sign->signer_info;
-		md_sk=		p7->d.sign->md_algs;
-		break;
-	case NID_pkcs7_signedAndEnveloped:
-		signer_sk=	p7->d.signed_and_enveloped->signer_info;
-		md_sk=		p7->d.signed_and_enveloped->md_algs;
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,PKCS7_R_WRONG_CONTENT_TYPE);
-		return(0);
-		}
-
-	nid=OBJ_obj2nid(psi->digest_alg->algorithm);
-
-	/* If the digest is not currently listed, add it */
-	j=0;
-	for (i=0; i<sk_X509_ALGOR_num(md_sk); i++)
-		{
-		alg=sk_X509_ALGOR_value(md_sk,i);
-		if (OBJ_obj2nid(alg->algorithm) == nid)
-			{
-			j=1;
-			break;
-			}
-		}
-	if (!j) /* we need to add another algorithm */
-		{
-		if(!(alg=X509_ALGOR_new())
-			|| !(alg->parameter = ASN1_TYPE_new()))
-			{
-			X509_ALGOR_free(alg);
-			PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		alg->algorithm=OBJ_nid2obj(nid);
-		alg->parameter->type = V_ASN1_NULL;
-		if (!sk_X509_ALGOR_push(md_sk,alg))
-			{
-			X509_ALGOR_free(alg);
-			return 0;
-			}
-		}
-
-	if (!sk_PKCS7_SIGNER_INFO_push(signer_sk,psi))
-		return 0;
-	return(1);
-	}
+{
+    int i, j, nid;
+    X509_ALGOR *alg;
+    STACK_OF(PKCS7_SIGNER_INFO) *signer_sk;
+    STACK_OF(X509_ALGOR) *md_sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        signer_sk = p7->d.sign->signer_info;
+        md_sk = p7->d.sign->md_algs;
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        signer_sk = p7->d.signed_and_enveloped->signer_info;
+        md_sk = p7->d.signed_and_enveloped->md_algs;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, PKCS7_R_WRONG_CONTENT_TYPE);
+        return (0);
+    }
+
+    nid = OBJ_obj2nid(psi->digest_alg->algorithm);
+
+    /* If the digest is not currently listed, add it */
+    j = 0;
+    for (i = 0; i < sk_X509_ALGOR_num(md_sk); i++) {
+        alg = sk_X509_ALGOR_value(md_sk, i);
+        if (OBJ_obj2nid(alg->algorithm) == nid) {
+            j = 1;
+            break;
+        }
+    }
+    if (!j) {                   /* we need to add another algorithm */
+        if (!(alg = X509_ALGOR_new())
+            || !(alg->parameter = ASN1_TYPE_new())) {
+            X509_ALGOR_free(alg);
+            PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER, ERR_R_MALLOC_FAILURE);
+            return (0);
+        }
+        alg->algorithm = OBJ_nid2obj(nid);
+        alg->parameter->type = V_ASN1_NULL;
+        if (!sk_X509_ALGOR_push(md_sk, alg)) {
+            X509_ALGOR_free(alg);
+            return 0;
+        }
+    }
+
+    if (!sk_PKCS7_SIGNER_INFO_push(signer_sk, psi))
+        return 0;
+    return (1);
+}
 
 int PKCS7_add_certificate(PKCS7 *p7, X509 *x509)
-	{
-	int i;
-	STACK_OF(X509) **sk;
-
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
-	case NID_pkcs7_signed:
-		sk= &(p7->d.sign->cert);
-		break;
-	case NID_pkcs7_signedAndEnveloped:
-		sk= &(p7->d.signed_and_enveloped->cert);
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,PKCS7_R_WRONG_CONTENT_TYPE);
-		return(0);
-		}
-
-	if (*sk == NULL)
-		*sk=sk_X509_new_null();
-	if (*sk == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-	if (!sk_X509_push(*sk,x509))
-		{
-		X509_free(x509);
-		return 0;
-		}
-	return(1);
-	}
+{
+    int i;
+    STACK_OF(X509) **sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        sk = &(p7->d.sign->cert);
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        sk = &(p7->d.signed_and_enveloped->cert);
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, PKCS7_R_WRONG_CONTENT_TYPE);
+        return (0);
+    }
+
+    if (*sk == NULL)
+        *sk = sk_X509_new_null();
+    if (*sk == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ADD_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
+    if (!sk_X509_push(*sk, x509)) {
+        X509_free(x509);
+        return 0;
+    }
+    return (1);
+}
 
 int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl)
-	{
-	int i;
-	STACK_OF(X509_CRL) **sk;
-
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
-	case NID_pkcs7_signed:
-		sk= &(p7->d.sign->crl);
-		break;
-	case NID_pkcs7_signedAndEnveloped:
-		sk= &(p7->d.signed_and_enveloped->crl);
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_ADD_CRL,PKCS7_R_WRONG_CONTENT_TYPE);
-		return(0);
-		}
-
-	if (*sk == NULL)
-		*sk=sk_X509_CRL_new_null();
-	if (*sk == NULL)
-		{
-		PKCS7err(PKCS7_F_PKCS7_ADD_CRL,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-
-	CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL);
-	if (!sk_X509_CRL_push(*sk,crl))
-		{
-		X509_CRL_free(crl);
-		return 0;
-		}
-	return(1);
-	}
+{
+    int i;
+    STACK_OF(X509_CRL) **sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signed:
+        sk = &(p7->d.sign->crl);
+        break;
+    case NID_pkcs7_signedAndEnveloped:
+        sk = &(p7->d.signed_and_enveloped->crl);
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_CRL, PKCS7_R_WRONG_CONTENT_TYPE);
+        return (0);
+    }
+
+    if (*sk == NULL)
+        *sk = sk_X509_CRL_new_null();
+    if (*sk == NULL) {
+        PKCS7err(PKCS7_F_PKCS7_ADD_CRL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
+    if (!sk_X509_CRL_push(*sk, crl)) {
+        X509_CRL_free(crl);
+        return 0;
+    }
+    return (1);
+}
 
 int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey,
-	     const EVP_MD *dgst)
-	{
-	int nid;
-	char is_dsa;
-
-	if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)
-		is_dsa = 1;
-	else
-		is_dsa = 0;
-	/* We now need to add another PKCS7_SIGNER_INFO entry */
-	if (!ASN1_INTEGER_set(p7i->version,1))
-		goto err;
-	if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
-			X509_get_issuer_name(x509)))
-		goto err;
-
-	/* because ASN1_INTEGER_set is used to set a 'long' we will do
-	 * things the ugly way. */
-	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
-	if (!(p7i->issuer_and_serial->serial=
-			M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
-		goto err;
-
-	/* lets keep the pkey around for a while */
-	CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY);
-	p7i->pkey=pkey;
-
-	/* Set the algorithms */
-	if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1);
-	else	
-		p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst));
-
-	if (p7i->digest_alg->parameter != NULL)
-		ASN1_TYPE_free(p7i->digest_alg->parameter);
-	if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL)
-		goto err;
-	p7i->digest_alg->parameter->type=V_ASN1_NULL;
-
-	if (p7i->digest_enc_alg->parameter != NULL)
-		ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
-	nid = EVP_PKEY_type(pkey->type);
-	if (nid == EVP_PKEY_RSA)
-		{
-		p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_rsaEncryption);
-		if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
-			goto err;
-		p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
-		}
-	else if (nid == EVP_PKEY_DSA)
-		{
+                          const EVP_MD *dgst)
+{
+    int nid;
+    char is_dsa;
+
+    if (pkey->type == EVP_PKEY_DSA || pkey->type == EVP_PKEY_EC)
+        is_dsa = 1;
+    else
+        is_dsa = 0;
+    /* We now need to add another PKCS7_SIGNER_INFO entry */
+    if (!ASN1_INTEGER_set(p7i->version, 1))
+        goto err;
+    if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                       X509_get_issuer_name(x509)))
+        goto err;
+
+    /*
+     * because ASN1_INTEGER_set is used to set a 'long' we will do things the
+     * ugly way.
+     */
+    M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+    if (!(p7i->issuer_and_serial->serial =
+          M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+        goto err;
+
+    /* lets keep the pkey around for a while */
+    CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    p7i->pkey = pkey;
+
+    /* Set the algorithms */
+    if (is_dsa)
+        p7i->digest_alg->algorithm = OBJ_nid2obj(NID_sha1);
+    else
+        p7i->digest_alg->algorithm = OBJ_nid2obj(EVP_MD_type(dgst));
+
+    if (p7i->digest_alg->parameter != NULL)
+        ASN1_TYPE_free(p7i->digest_alg->parameter);
+    if ((p7i->digest_alg->parameter = ASN1_TYPE_new()) == NULL)
+        goto err;
+    p7i->digest_alg->parameter->type = V_ASN1_NULL;
+
+    if (p7i->digest_enc_alg->parameter != NULL)
+        ASN1_TYPE_free(p7i->digest_enc_alg->parameter);
+    nid = EVP_PKEY_type(pkey->type);
+    if (nid == EVP_PKEY_RSA) {
+        p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_rsaEncryption);
+        if (!(p7i->digest_enc_alg->parameter = ASN1_TYPE_new()))
+            goto err;
+        p7i->digest_enc_alg->parameter->type = V_ASN1_NULL;
+    } else if (nid == EVP_PKEY_DSA) {
 #if 1
-		/* use 'dsaEncryption' OID for compatibility with other software
-		 * (PKCS #7 v1.5 does specify how to handle DSA) ... */
-		p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsa);
+        /*
+         * use 'dsaEncryption' OID for compatibility with other software
+         * (PKCS #7 v1.5 does specify how to handle DSA) ...
+         */
+        p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_dsa);
 #else
-		/* ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for CMS)
-		 * would make more sense. */
-		p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_dsaWithSHA1);
+        /*
+         * ... although the 'dsaWithSHA1' OID (as required by RFC 2630 for
+         * CMS) would make more sense.
+         */
+        p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_dsaWithSHA1);
 #endif
-		p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit 'parameter'! */
-		}
-	else if (nid == EVP_PKEY_EC)
-		{
-		p7i->digest_enc_alg->algorithm=OBJ_nid2obj(NID_ecdsa_with_SHA1);
-		if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new()))
-			goto err;
-		p7i->digest_enc_alg->parameter->type=V_ASN1_NULL;
-		}
-	else
-		return(0);
-
-	return(1);
-err:
-	return(0);
-	}
+        p7i->digest_enc_alg->parameter = NULL; /* special case for DSA: omit
+                                                * 'parameter'! */
+    } else if (nid == EVP_PKEY_EC) {
+        p7i->digest_enc_alg->algorithm = OBJ_nid2obj(NID_ecdsa_with_SHA1);
+        if (!(p7i->digest_enc_alg->parameter = ASN1_TYPE_new()))
+            goto err;
+        p7i->digest_enc_alg->parameter->type = V_ASN1_NULL;
+    } else
+        return (0);
+
+    return (1);
+ err:
+    return (0);
+}
 
 PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey,
-	     const EVP_MD *dgst)
-	{
-	PKCS7_SIGNER_INFO *si;
-
-	if ((si=PKCS7_SIGNER_INFO_new()) == NULL) goto err;
-	if (!PKCS7_SIGNER_INFO_set(si,x509,pkey,dgst)) goto err;
-	if (!PKCS7_add_signer(p7,si)) goto err;
-	return(si);
-err:
-	PKCS7_SIGNER_INFO_free(si);
-	return(NULL);
-	}
+                                       const EVP_MD *dgst)
+{
+    PKCS7_SIGNER_INFO *si;
+
+    if ((si = PKCS7_SIGNER_INFO_new()) == NULL)
+        goto err;
+    if (!PKCS7_SIGNER_INFO_set(si, x509, pkey, dgst))
+        goto err;
+    if (!PKCS7_add_signer(p7, si))
+        goto err;
+    return (si);
+ err:
+    PKCS7_SIGNER_INFO_free(si);
+    return (NULL);
+}
 
 int PKCS7_set_digest(PKCS7 *p7, const EVP_MD *md)
-	{
-	if (PKCS7_type_is_digest(p7))
-		{
-		if(!(p7->d.digest->md->parameter = ASN1_TYPE_new()))
-			{
-			PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		p7->d.digest->md->parameter->type = V_ASN1_NULL;
-		p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
-		return 1;
-		}
-		
-	PKCS7err(PKCS7_F_PKCS7_SET_DIGEST,PKCS7_R_WRONG_CONTENT_TYPE);
-	return 1;
-	}
+{
+    if (PKCS7_type_is_digest(p7)) {
+        if (!(p7->d.digest->md->parameter = ASN1_TYPE_new())) {
+            PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        p7->d.digest->md->parameter->type = V_ASN1_NULL;
+        p7->d.digest->md->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
+        return 1;
+    }
+
+    PKCS7err(PKCS7_F_PKCS7_SET_DIGEST, PKCS7_R_WRONG_CONTENT_TYPE);
+    return 1;
+}
 
 STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7)
-	{
-	if (PKCS7_type_is_signed(p7))
-		{
-		return(p7->d.sign->signer_info);
-		}
-	else if (PKCS7_type_is_signedAndEnveloped(p7))
-		{
-		return(p7->d.signed_and_enveloped->signer_info);
-		}
-	else
-		return(NULL);
-	}
+{
+    if (p7 == NULL || p7->d.ptr == NULL)
+        return NULL;
+    if (PKCS7_type_is_signed(p7)) {
+        return (p7->d.sign->signer_info);
+    } else if (PKCS7_type_is_signedAndEnveloped(p7)) {
+        return (p7->d.signed_and_enveloped->signer_info);
+    } else
+        return (NULL);
+}
 
 PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509)
-	{
-	PKCS7_RECIP_INFO *ri;
-
-	if ((ri=PKCS7_RECIP_INFO_new()) == NULL) goto err;
-	if (!PKCS7_RECIP_INFO_set(ri,x509)) goto err;
-	if (!PKCS7_add_recipient_info(p7,ri)) goto err;
-	return(ri);
-err:
-	PKCS7_RECIP_INFO_free(ri);
-	return(NULL);
-	}
+{
+    PKCS7_RECIP_INFO *ri;
+
+    if ((ri = PKCS7_RECIP_INFO_new()) == NULL)
+        goto err;
+    if (!PKCS7_RECIP_INFO_set(ri, x509))
+        goto err;
+    if (!PKCS7_add_recipient_info(p7, ri))
+        goto err;
+    return (ri);
+ err:
+    PKCS7_RECIP_INFO_free(ri);
+    return (NULL);
+}
 
 int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri)
-	{
-	int i;
-	STACK_OF(PKCS7_RECIP_INFO) *sk;
-
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
-	case NID_pkcs7_signedAndEnveloped:
-		sk=	p7->d.signed_and_enveloped->recipientinfo;
-		break;
-	case NID_pkcs7_enveloped:
-		sk=	p7->d.enveloped->recipientinfo;
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE);
-		return(0);
-		}
-
-	if (!sk_PKCS7_RECIP_INFO_push(sk,ri))
-		return 0;
-	return(1);
-	}
+{
+    int i;
+    STACK_OF(PKCS7_RECIP_INFO) *sk;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signedAndEnveloped:
+        sk = p7->d.signed_and_enveloped->recipientinfo;
+        break;
+    case NID_pkcs7_enveloped:
+        sk = p7->d.enveloped->recipientinfo;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,
+                 PKCS7_R_WRONG_CONTENT_TYPE);
+        return (0);
+    }
+
+    if (!sk_PKCS7_RECIP_INFO_push(sk, ri))
+        return 0;
+    return (1);
+}
 
 int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509)
-	{
-	if (!ASN1_INTEGER_set(p7i->version,0))
-		return 0;
-	if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
-		X509_get_issuer_name(x509)))
-		return 0;
+{
+    if (!ASN1_INTEGER_set(p7i->version, 0))
+        return 0;
+    if (!X509_NAME_set(&p7i->issuer_and_serial->issuer,
+                       X509_get_issuer_name(x509)))
+        return 0;
 
-	M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
-	if (!(p7i->issuer_and_serial->serial=
-		M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
-		return 0;
+    M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial);
+    if (!(p7i->issuer_and_serial->serial =
+          M_ASN1_INTEGER_dup(X509_get_serialNumber(x509))))
+        return 0;
 
-	X509_ALGOR_free(p7i->key_enc_algor);
-	if (!(p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor)))
-		return 0;
+    X509_ALGOR_free(p7i->key_enc_algor);
+    if (!(p7i->key_enc_algor = X509_ALGOR_dup(x509->cert_info->key->algor)))
+        return 0;
 
-	CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509);
-	p7i->cert=x509;
+    CRYPTO_add(&x509->references, 1, CRYPTO_LOCK_X509);
+    p7i->cert = x509;
 
-	return(1);
-	}
+    return (1);
+}
 
 X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si)
-	{
-	if (PKCS7_type_is_signed(p7))
-		return(X509_find_by_issuer_and_serial(p7->d.sign->cert,
-			si->issuer_and_serial->issuer,
-			si->issuer_and_serial->serial));
-	else
-		return(NULL);
-	}
+{
+    if (PKCS7_type_is_signed(p7))
+        return (X509_find_by_issuer_and_serial(p7->d.sign->cert,
+                                               si->issuer_and_serial->issuer,
+                                               si->
+                                               issuer_and_serial->serial));
+    else
+        return (NULL);
+}
 
 int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher)
-	{
-	int i;
-	PKCS7_ENC_CONTENT *ec;
-
-	i=OBJ_obj2nid(p7->type);
-	switch (i)
-		{
-	case NID_pkcs7_signedAndEnveloped:
-		ec=p7->d.signed_and_enveloped->enc_data;
-		break;
-	case NID_pkcs7_enveloped:
-		ec=p7->d.enveloped->enc_data;
-		break;
-	default:
-		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE);
-		return(0);
-		}
-
-	/* Check cipher OID exists and has data in it*/
-	i = EVP_CIPHER_type(cipher);
-	if(i == NID_undef) {
-		PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
-		return(0);
-	}
-
-	ec->cipher = cipher;
-	return 1;
-	}
-
+{
+    int i;
+    PKCS7_ENC_CONTENT *ec;
+
+    i = OBJ_obj2nid(p7->type);
+    switch (i) {
+    case NID_pkcs7_signedAndEnveloped:
+        ec = p7->d.signed_and_enveloped->enc_data;
+        break;
+    case NID_pkcs7_enveloped:
+        ec = p7->d.enveloped->enc_data;
+        break;
+    default:
+        PKCS7err(PKCS7_F_PKCS7_SET_CIPHER, PKCS7_R_WRONG_CONTENT_TYPE);
+        return (0);
+    }
+
+    /* Check cipher OID exists and has data in it */
+    i = EVP_CIPHER_type(cipher);
+    if (i == NID_undef) {
+        PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,
+                 PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
+        return (0);
+    }
+
+    ec->cipher = cipher;
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c
index 831b47d2..2eca5ea9 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_mime.c
@@ -1,5 +1,6 @@
 /* pk7_mime.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,64 +63,61 @@
 /* PKCS#7 wrappers round generalised MIME routines */
 
 PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont)
-	{
-	return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7));
-	}
+{
+    return (PKCS7 *)SMIME_read_ASN1(bio, bcont, ASN1_ITEM_rptr(PKCS7));
+}
 
 /* Callback for int_smime_write_ASN1 */
 
 static int pk7_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
-					const ASN1_ITEM *it)
-	{
-	PKCS7 *p7 = (PKCS7 *)val;
-	BIO *tmpbio, *p7bio;
+                           const ASN1_ITEM *it)
+{
+    PKCS7 *p7 = (PKCS7 *)val;
+    BIO *tmpbio, *p7bio;
 
-	if (!(flags & SMIME_DETACHED))
-		{
-		SMIME_crlf_copy(data, out, flags);
-		return 1;
-		}
+    if (!(flags & SMIME_DETACHED)) {
+        SMIME_crlf_copy(data, out, flags);
+        return 1;
+    }
 
-	/* Let PKCS7 code prepend any needed BIOs */
+    /* Let PKCS7 code prepend any needed BIOs */
 
-	p7bio = PKCS7_dataInit(p7, out);
+    p7bio = PKCS7_dataInit(p7, out);
 
-	if (!p7bio)
-		return 0;
+    if (!p7bio)
+        return 0;
 
-	/* Copy data across, passing through filter BIOs for processing */
-	SMIME_crlf_copy(data, p7bio, flags);
+    /* Copy data across, passing through filter BIOs for processing */
+    SMIME_crlf_copy(data, p7bio, flags);
 
-	/* Finalize structure */
-	if (PKCS7_dataFinal(p7, p7bio) <= 0)
-		goto err;
+    /* Finalize structure */
+    if (PKCS7_dataFinal(p7, p7bio) <= 0)
+        goto err;
 
-	err:
+ err:
 
-	/* Now remove any digests prepended to the BIO */
+    /* Now remove any digests prepended to the BIO */
 
-	while (p7bio != out)
-		{
-		tmpbio = BIO_pop(p7bio);
-		BIO_free(p7bio);
-		p7bio = tmpbio;
-		}
+    while (p7bio != out) {
+        tmpbio = BIO_pop(p7bio);
+        BIO_free(p7bio);
+        p7bio = tmpbio;
+    }
 
-	return 1;
+    return 1;
 
-	}
+}
 
 int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags)
-	{
-	STACK_OF(X509_ALGOR) *mdalgs;
-	int ctype_nid = OBJ_obj2nid(p7->type);
-	if (ctype_nid == NID_pkcs7_signed)
-		mdalgs = p7->d.sign->md_algs;
-	else
-		mdalgs = NULL;
-
-	return int_smime_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
-					ctype_nid, NID_undef, mdalgs,
-					pk7_output_data,
-					ASN1_ITEM_rptr(PKCS7));	
-	}
+{
+    STACK_OF(X509_ALGOR) *mdalgs;
+    int ctype_nid = OBJ_obj2nid(p7->type);
+    if (ctype_nid == NID_pkcs7_signed)
+        mdalgs = p7->d.sign->md_algs;
+    else
+        mdalgs = NULL;
+
+    return int_smime_write_ASN1(bio, (ASN1_VALUE *)p7, data, flags,
+                                ctype_nid, NID_undef, mdalgs,
+                                pk7_output_data, ASN1_ITEM_rptr(PKCS7));
+}
diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
index 49b450da..cd22c851 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pk7_smime.c
@@ -1,5 +1,6 @@
 /* pk7_smime.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,470 +65,472 @@
 #include <openssl/x509v3.h>
 
 PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs,
-		  BIO *data, int flags)
+                  BIO *data, int flags)
 {
-	PKCS7 *p7 = NULL;
-	PKCS7_SIGNER_INFO *si;
-	BIO *p7bio = NULL;
-	STACK_OF(X509_ALGOR) *smcap = NULL;
-	int i;
-
-	if(!X509_check_private_key(signcert, pkey)) {
-		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-                return NULL;
-	}
-
-	if(!(p7 = PKCS7_new())) {
-		PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	if (!PKCS7_set_type(p7, NID_pkcs7_signed))
-		goto err;
-
-	if (!PKCS7_content_new(p7, NID_pkcs7_data))
-		goto err;
-
-  /* 
-    NOTE: Update to SHA-256 digest algorithm for UEFI version.
-  */
-	if (!(si = PKCS7_add_signature(p7,signcert,pkey,EVP_sha256()))) {
-		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
-		goto err;
-	}
-
-	if(!(flags & PKCS7_NOCERTS)) {
-		if (!PKCS7_add_certificate(p7, signcert))
-			goto err;
-		if(certs) for(i = 0; i < sk_X509_num(certs); i++)
-			if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
-				goto err;
-	}
-
-	if(!(flags & PKCS7_NOATTR)) {
-		if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
-				V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)))
-			goto err;
-		/* Add SMIMECapabilities */
-		if(!(flags & PKCS7_NOSMIMECAP))
-		{
-		if(!(smcap = sk_X509_ALGOR_new_null())) {
-			PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
+    PKCS7 *p7 = NULL;
+    PKCS7_SIGNER_INFO *si;
+    BIO *p7bio = NULL;
+    STACK_OF(X509_ALGOR) *smcap = NULL;
+    int i;
+
+    if (!X509_check_private_key(signcert, pkey)) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN,
+                 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        return NULL;
+    }
+
+    if (!(p7 = PKCS7_new())) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!PKCS7_set_type(p7, NID_pkcs7_signed))
+        goto err;
+
+    if (!PKCS7_content_new(p7, NID_pkcs7_data))
+        goto err;
+
+#if defined(OPENSSL_SYS_UEFI)
+    /*
+     * NOTE: Update to SHA-256 digest algorithm for UEFI version.
+     */
+    if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha256()))) {
+#else
+    if (!(si = PKCS7_add_signature(p7, signcert, pkey, EVP_sha1()))) {
+#endif
+        PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR);
+        goto err;
+    }
+
+    if (!(flags & PKCS7_NOCERTS)) {
+        if (!PKCS7_add_certificate(p7, signcert))
+            goto err;
+        if (certs)
+            for (i = 0; i < sk_X509_num(certs); i++)
+                if (!PKCS7_add_certificate(p7, sk_X509_value(certs, i)))
+                    goto err;
+    }
+
+    if (!(flags & PKCS7_NOATTR)) {
+        if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType,
+                                        V_ASN1_OBJECT,
+                                        OBJ_nid2obj(NID_pkcs7_data)))
+            goto err;
+        /* Add SMIMECapabilities */
+        if (!(flags & PKCS7_NOSMIMECAP)) {
+            if (!(smcap = sk_X509_ALGOR_new_null())) {
+                PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
 #ifndef OPENSSL_NO_DES
-		if (!PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1))
-			goto err;
+            if (!PKCS7_simple_smimecap(smcap, NID_des_ede3_cbc, -1))
+                goto err;
 #endif
 #ifndef OPENSSL_NO_RC2
-		if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128))
-			goto err;
-		if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64))
-			goto err;
+            if (!PKCS7_simple_smimecap(smcap, NID_rc2_cbc, 128))
+                goto err;
+            if (!PKCS7_simple_smimecap(smcap, NID_rc2_cbc, 64))
+                goto err;
 #endif
 #ifndef OPENSSL_NO_DES
-		if (!PKCS7_simple_smimecap (smcap, NID_des_cbc, -1))
-			goto err;
+            if (!PKCS7_simple_smimecap(smcap, NID_des_cbc, -1))
+                goto err;
 #endif
 #ifndef OPENSSL_NO_RC2
-		if (!PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40))
-			goto err;
+            if (!PKCS7_simple_smimecap(smcap, NID_rc2_cbc, 40))
+                goto err;
 #endif
-		if (!PKCS7_add_attrib_smimecap (si, smcap))
-			goto err;
-		sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
-		smcap = NULL;
-		}
-	}
-
-	if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1);
-
-	if (flags & PKCS7_STREAM)
-		return p7;
-
-
-	if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
-		PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	SMIME_crlf_copy(data, p7bio, flags);
-
-
-	if (!PKCS7_dataFinal(p7,p7bio)) {
-		PKCS7err(PKCS7_F_PKCS7_SIGN,PKCS7_R_PKCS7_DATASIGN);
-		goto err;
-	}
-
-	BIO_free_all(p7bio);
-	return p7;
-err:
-	sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
-	BIO_free_all(p7bio);
-	PKCS7_free(p7);
-	return NULL;
+            if (!PKCS7_add_attrib_smimecap(si, smcap))
+                goto err;
+            sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+            smcap = NULL;
+        }
+    }
+
+    if (flags & PKCS7_DETACHED)
+        PKCS7_set_detached(p7, 1);
+
+    if (flags & PKCS7_STREAM)
+        return p7;
+
+    if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    SMIME_crlf_copy(data, p7bio, flags);
+
+    if (!PKCS7_dataFinal(p7, p7bio)) {
+        PKCS7err(PKCS7_F_PKCS7_SIGN, PKCS7_R_PKCS7_DATASIGN);
+        goto err;
+    }
+
+    BIO_free_all(p7bio);
+    return p7;
+ err:
+    sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free);
+    BIO_free_all(p7bio);
+    PKCS7_free(p7);
+    return NULL;
 }
 
 int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
-					BIO *indata, BIO *out, int flags)
+                 BIO *indata, BIO *out, int flags)
 {
-	STACK_OF(X509) *signers;
-	X509 *signer;
-	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
-	PKCS7_SIGNER_INFO *si;
-	X509_STORE_CTX cert_ctx;
-	char *buf = NULL;
-	int bufsiz;
-	int i, j=0, k, ret = 0;
-	BIO *p7bio;
-	BIO *tmpin, *tmpout;
-
-	if(!p7) {
-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_INVALID_NULL_POINTER);
-		return 0;
-	}
-
-	if(!PKCS7_type_is_signed(p7)) {
-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_WRONG_CONTENT_TYPE);
-		return 0;
-	}
-
-	/* Check for no data and no content: no data to verify signature */
-	if(PKCS7_get_detached(p7) && !indata) {
-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT);
-		return 0;
-	}
+    STACK_OF(X509) *signers;
+    X509 *signer;
+    STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+    PKCS7_SIGNER_INFO *si;
+    X509_STORE_CTX cert_ctx;
+    char *buf = NULL;
+    int bufsiz;
+    int i, j = 0, k, ret = 0;
+    BIO *p7bio;
+    BIO *tmpin, *tmpout;
+
+    if (!p7) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (!PKCS7_type_is_signed(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    /* Check for no data and no content: no data to verify signature */
+    if (PKCS7_get_detached(p7) && !indata) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_CONTENT);
+        return 0;
+    }
 #if 0
-	/* NB: this test commented out because some versions of Netscape
-	 * illegally include zero length content when signing data.
-	 */
-
-	/* Check for data and content: two sets of data */
-	if(!PKCS7_get_detached(p7) && indata) {
-				PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT);
-		return 0;
-	}
+    /*
+     * NB: this test commented out because some versions of Netscape
+     * illegally include zero length content when signing data.
+     */
+
+    /* Check for data and content: two sets of data */
+    if (!PKCS7_get_detached(p7) && indata) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_CONTENT_AND_DATA_PRESENT);
+        return 0;
+    }
 #endif
 
-	sinfos = PKCS7_get_signer_info(p7);
-
-	if(!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
-		PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_SIGNATURES_ON_DATA);
-		return 0;
-	}
-
-
-	signers = PKCS7_get0_signers(p7, certs, flags);
-
-	if(!signers) return 0;
-
-	/* Now verify the certificates */
-
-	if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) {
-		signer = sk_X509_value (signers, k);
-		if (!(flags & PKCS7_NOCHAIN)) {
-			if(!X509_STORE_CTX_init(&cert_ctx, store, signer,
-							p7->d.sign->cert))
-				{
-				PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
-				sk_X509_free(signers);
-				return 0;
-				}
-			X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
-		} else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) {
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB);
-			sk_X509_free(signers);
-			return 0;
-		}
-		if (!(flags & PKCS7_NOCRL))
-			X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
-		i = X509_verify_cert(&cert_ctx);
-		if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx);
-		X509_STORE_CTX_cleanup(&cert_ctx);
-		if (i <= 0) {
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CERTIFICATE_VERIFY_ERROR);
-			ERR_add_error_data(2, "Verify error:",
-					 X509_verify_cert_error_string(j));
-			sk_X509_free(signers);
-			return 0;
-		}
-		/* Check for revocation status here */
-	}
-
-	/* Performance optimization: if the content is a memory BIO then
-	 * store its contents in a temporary read only memory BIO. This
-	 * avoids potentially large numbers of slow copies of data which will
-	 * occur when reading from a read write memory BIO when signatures
-	 * are calculated.
-	 */
-
-	if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM))
-		{
-		char *ptr;
-		long len;
-		len = BIO_get_mem_data(indata, &ptr);
-		tmpin = BIO_new_mem_buf(ptr, len);
-		if (tmpin == NULL)
-			{
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		}
-	else
-		tmpin = indata;
-		
-
-	if (!(p7bio=PKCS7_dataInit(p7,tmpin)))
-		goto err;
-
-	if(flags & PKCS7_TEXT) {
-		if(!(tmpout = BIO_new(BIO_s_mem()))) {
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		BIO_set_mem_eof_return(tmpout, 0);
-	} else tmpout = out;
-
-	bufsiz = 4096;
-	buf = OPENSSL_malloc (bufsiz);
-		if (buf == NULL) {
-			goto err;
-	}
-
-	/* We now have to 'read' from p7bio to calculate digests etc. */
-	for (;;)
-	{
-		i=BIO_read(p7bio,buf,bufsiz);
-		if (i <= 0) break;
-		if (tmpout) BIO_write(tmpout, buf, i);
-	}
-
-	if(flags & PKCS7_TEXT) {
-		if(!SMIME_text(tmpout, out)) {
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SMIME_TEXT_ERROR);
-			BIO_free(tmpout);
-			goto err;
-		}
-		BIO_free(tmpout);
-	}
-
-	/* Now Verify All Signatures */
-	if (!(flags & PKCS7_NOSIGS))
-	    for (i=0; i<sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
-		{
-		si=sk_PKCS7_SIGNER_INFO_value(sinfos,i);
-		signer = sk_X509_value (signers, i);
-		j=PKCS7_signatureVerify(p7bio,p7,si, signer);
-		if (j <= 0) {
-			PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_SIGNATURE_FAILURE);
-			goto err;
-		}
-	}
-
-	ret = 1;
-
-	err:
-	
-	if (tmpin == indata)
-		{
-		if (indata) BIO_pop(p7bio);
-		}
-	BIO_free_all(p7bio);
-
-	sk_X509_free(signers);
-
-	if (buf != NULL) {
-		OPENSSL_free (buf);
-	}
-
-	return ret;
+    sinfos = PKCS7_get_signer_info(p7);
+
+    if (!sinfos || !sk_PKCS7_SIGNER_INFO_num(sinfos)) {
+        PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_NO_SIGNATURES_ON_DATA);
+        return 0;
+    }
+
+    signers = PKCS7_get0_signers(p7, certs, flags);
+
+    if (!signers)
+        return 0;
+
+    /* Now verify the certificates */
+
+    if (!(flags & PKCS7_NOVERIFY))
+        for (k = 0; k < sk_X509_num(signers); k++) {
+            signer = sk_X509_value(signers, k);
+            if (!(flags & PKCS7_NOCHAIN)) {
+                if (!X509_STORE_CTX_init(&cert_ctx, store, signer,
+                                         p7->d.sign->cert)) {
+                    PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
+                    sk_X509_free(signers);
+                    return 0;
+                }
+                X509_STORE_CTX_set_default(&cert_ctx, "smime_sign");
+            } else if (!X509_STORE_CTX_init(&cert_ctx, store, signer, NULL)) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_X509_LIB);
+                sk_X509_free(signers);
+                return 0;
+            }
+            if (!(flags & PKCS7_NOCRL))
+                X509_STORE_CTX_set0_crls(&cert_ctx, p7->d.sign->crl);
+            i = X509_verify_cert(&cert_ctx);
+            if (i <= 0)
+                j = X509_STORE_CTX_get_error(&cert_ctx);
+            X509_STORE_CTX_cleanup(&cert_ctx);
+            if (i <= 0) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY,
+                         PKCS7_R_CERTIFICATE_VERIFY_ERROR);
+                ERR_add_error_data(2, "Verify error:",
+                                   X509_verify_cert_error_string(j));
+                sk_X509_free(signers);
+                return 0;
+            }
+            /* Check for revocation status here */
+        }
+
+    /*
+     * Performance optimization: if the content is a memory BIO then store
+     * its contents in a temporary read only memory BIO. This avoids
+     * potentially large numbers of slow copies of data which will occur when
+     * reading from a read write memory BIO when signatures are calculated.
+     */
+
+    if (indata && (BIO_method_type(indata) == BIO_TYPE_MEM)) {
+        char *ptr;
+        long len;
+        len = BIO_get_mem_data(indata, &ptr);
+        tmpin = BIO_new_mem_buf(ptr, len);
+        if (tmpin == NULL) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    } else
+        tmpin = indata;
+
+    if (!(p7bio = PKCS7_dataInit(p7, tmpin)))
+        goto err;
+
+    if (flags & PKCS7_TEXT) {
+        if (!(tmpout = BIO_new(BIO_s_mem()))) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        BIO_set_mem_eof_return(tmpout, 0);
+    } else
+        tmpout = out;
+
+    bufsiz = 4096;
+    buf = OPENSSL_malloc (bufsiz);
+    if (buf == NULL) {
+      goto err;
+    }
+
+    /* We now have to 'read' from p7bio to calculate digests etc. */
+    for (;;) {
+        i = BIO_read(p7bio, buf, sizeof(buf));
+        if (i <= 0)
+            break;
+        if (tmpout)
+            BIO_write(tmpout, buf, i);
+    }
+
+    if (flags & PKCS7_TEXT) {
+        if (!SMIME_text(tmpout, out)) {
+            PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SMIME_TEXT_ERROR);
+            BIO_free(tmpout);
+            goto err;
+        }
+        BIO_free(tmpout);
+    }
+
+    /* Now Verify All Signatures */
+    if (!(flags & PKCS7_NOSIGS))
+        for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
+            si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+            signer = sk_X509_value(signers, i);
+            j = PKCS7_signatureVerify(p7bio, p7, si, signer);
+            if (j <= 0) {
+                PKCS7err(PKCS7_F_PKCS7_VERIFY, PKCS7_R_SIGNATURE_FAILURE);
+                goto err;
+            }
+        }
+
+    ret = 1;
+
+ err:
+
+    if (tmpin == indata) {
+        if (indata)
+            BIO_pop(p7bio);
+    }
+    BIO_free_all(p7bio);
+
+    sk_X509_free(signers);
+
+    if (buf != NULL) {
+      OPENSSL_free (buf);
+    }
+
+    return ret;
 }
 
-STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags)
+STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs,
+                                   int flags)
 {
-	STACK_OF(X509) *signers;
-	STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
-	PKCS7_SIGNER_INFO *si;
-	PKCS7_ISSUER_AND_SERIAL *ias;
-	X509 *signer;
-	int i;
-
-	if(!p7) {
-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_INVALID_NULL_POINTER);
-		return NULL;
-	}
-
-	if(!PKCS7_type_is_signed(p7)) {
-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE);
-		return NULL;
-	}
-
-	/* Collect all the signers together */
-
-	sinfos = PKCS7_get_signer_info(p7);
-
-	if(sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_NO_SIGNERS);
-		return NULL;
-	}
-
-	if(!(signers = sk_X509_new_null())) {
-		PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++)
-	{
-	    si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
-	    ias = si->issuer_and_serial;
-	    signer = NULL;
-		/* If any certificates passed they take priority */
-	    if (certs) signer = X509_find_by_issuer_and_serial (certs,
-					 	ias->issuer, ias->serial);
-	    if (!signer && !(flags & PKCS7_NOINTERN)
-			&& p7->d.sign->cert) signer =
-		              X509_find_by_issuer_and_serial (p7->d.sign->cert,
-					      	ias->issuer, ias->serial);
-	    if (!signer) {
-			PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
-			sk_X509_free(signers);
-			return NULL;
-	    }
-
-	    if (!sk_X509_push(signers, signer)) {
-			sk_X509_free(signers);
-			return NULL;
-	    }
-	}
-	return signers;
+    STACK_OF(X509) *signers;
+    STACK_OF(PKCS7_SIGNER_INFO) *sinfos;
+    PKCS7_SIGNER_INFO *si;
+    PKCS7_ISSUER_AND_SERIAL *ias;
+    X509 *signer;
+    int i;
+
+    if (!p7) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_INVALID_NULL_POINTER);
+        return NULL;
+    }
+
+    if (!PKCS7_type_is_signed(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_WRONG_CONTENT_TYPE);
+        return NULL;
+    }
+
+    /* Collect all the signers together */
+
+    sinfos = PKCS7_get_signer_info(p7);
+
+    if (sk_PKCS7_SIGNER_INFO_num(sinfos) <= 0) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, PKCS7_R_NO_SIGNERS);
+        return NULL;
+    }
+
+    if (!(signers = sk_X509_new_null())) {
+        PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    for (i = 0; i < sk_PKCS7_SIGNER_INFO_num(sinfos); i++) {
+        si = sk_PKCS7_SIGNER_INFO_value(sinfos, i);
+        ias = si->issuer_and_serial;
+        signer = NULL;
+        /* If any certificates passed they take priority */
+        if (certs)
+            signer = X509_find_by_issuer_and_serial(certs,
+                                                    ias->issuer, ias->serial);
+        if (!signer && !(flags & PKCS7_NOINTERN)
+            && p7->d.sign->cert)
+            signer =
+                X509_find_by_issuer_and_serial(p7->d.sign->cert,
+                                               ias->issuer, ias->serial);
+        if (!signer) {
+            PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,
+                     PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND);
+            sk_X509_free(signers);
+            return NULL;
+        }
+
+        if (!sk_X509_push(signers, signer)) {
+            sk_X509_free(signers);
+            return NULL;
+        }
+    }
+    return signers;
 }
 
-
 /* Build a complete PKCS#7 enveloped data */
 
 PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher,
-								int flags)
+                     int flags)
 {
-	PKCS7 *p7;
-	BIO *p7bio = NULL;
-	int i;
-	X509 *x509;
-	if(!(p7 = PKCS7_new())) {
-		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
-		goto err;
-	if(!PKCS7_set_cipher(p7, cipher)) {
-		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_ERROR_SETTING_CIPHER);
-		goto err;
-	}
-
-	for(i = 0; i < sk_X509_num(certs); i++) {
-		x509 = sk_X509_value(certs, i);
-		if(!PKCS7_add_recipient(p7, x509)) {
-			PKCS7err(PKCS7_F_PKCS7_ENCRYPT,
-					PKCS7_R_ERROR_ADDING_RECIPIENT);
-			goto err;
-		}
-	}
-
-	if(!(p7bio = PKCS7_dataInit(p7, NULL))) {
-		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	SMIME_crlf_copy(in, p7bio, flags);
-
-	(void)BIO_flush(p7bio);
-
-        if (!PKCS7_dataFinal(p7,p7bio)) {
-		PKCS7err(PKCS7_F_PKCS7_ENCRYPT,PKCS7_R_PKCS7_DATAFINAL_ERROR);
-		goto err;
-	}
-        BIO_free_all(p7bio);
-
-	return p7;
-
-	err:
-
-	BIO_free_all(p7bio);
-	PKCS7_free(p7);
-	return NULL;
+    PKCS7 *p7;
+    BIO *p7bio = NULL;
+    int i;
+    X509 *x509;
+    if (!(p7 = PKCS7_new())) {
+        PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (!PKCS7_set_type(p7, NID_pkcs7_enveloped))
+        goto err;
+    if (!PKCS7_set_cipher(p7, cipher)) {
+        PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_SETTING_CIPHER);
+        goto err;
+    }
+
+    for (i = 0; i < sk_X509_num(certs); i++) {
+        x509 = sk_X509_value(certs, i);
+        if (!PKCS7_add_recipient(p7, x509)) {
+            PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_ERROR_ADDING_RECIPIENT);
+            goto err;
+        }
+    }
+
+    if (!(p7bio = PKCS7_dataInit(p7, NULL))) {
+        PKCS7err(PKCS7_F_PKCS7_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    SMIME_crlf_copy(in, p7bio, flags);
+
+    (void)BIO_flush(p7bio);
+
+    if (!PKCS7_dataFinal(p7, p7bio)) {
+        PKCS7err(PKCS7_F_PKCS7_ENCRYPT, PKCS7_R_PKCS7_DATAFINAL_ERROR);
+        goto err;
+    }
+    BIO_free_all(p7bio);
+
+    return p7;
+
+ err:
+
+    BIO_free_all(p7bio);
+    PKCS7_free(p7);
+    return NULL;
 
 }
 
 int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags)
 {
-	BIO *tmpmem;
-	int ret, i;
-	char buf[4096];
-
-	if(!p7) {
-		PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_INVALID_NULL_POINTER);
-		return 0;
-	}
-
-	if(!PKCS7_type_is_enveloped(p7)) {
-		PKCS7err(PKCS7_F_PKCS7_DECRYPT,PKCS7_R_WRONG_CONTENT_TYPE);
-		return 0;
-	}
-
-	if(cert && !X509_check_private_key(cert, pkey)) {
-		PKCS7err(PKCS7_F_PKCS7_DECRYPT,
-				PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-		return 0;
-	}
-
-	if(!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
-		PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
-		return 0;
-	}
-
-	if (flags & PKCS7_TEXT) {
-		BIO *tmpbuf, *bread;
-		/* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
-		if(!(tmpbuf = BIO_new(BIO_f_buffer()))) {
-			PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
-			BIO_free_all(tmpmem);
-			return 0;
-		}
-		if(!(bread = BIO_push(tmpbuf, tmpmem))) {
-			PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
-			BIO_free_all(tmpbuf);
-			BIO_free_all(tmpmem);
-			return 0;
-		}
-		ret = SMIME_text(bread, data);
-		if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
-			{
-			if (!BIO_get_cipher_status(tmpmem))
-				ret = 0;
-			}
-		BIO_free_all(bread);
-		return ret;
-	} else {
-		for(;;) {
-			i = BIO_read(tmpmem, buf, sizeof(buf));
-			if(i <= 0)
-				{
-				ret = 1;
-				if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER)
-					{
-					if (!BIO_get_cipher_status(tmpmem))
-						ret = 0;
-					}
-					
-				break;
-				}
-			if (BIO_write(data, buf, i) != i)
-				{
-				ret = 0;
-				break;
-				}
-		}
-		BIO_free_all(tmpmem);
-		return ret;
-	}
+    BIO *tmpmem;
+    int ret, i;
+    char buf[4096];
+
+    if (!p7) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_INVALID_NULL_POINTER);
+        return 0;
+    }
+
+    if (!PKCS7_type_is_enveloped(p7)) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_WRONG_CONTENT_TYPE);
+        return 0;
+    }
+
+    if (cert && !X509_check_private_key(cert, pkey)) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT,
+                 PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+        return 0;
+    }
+
+    if (!(tmpmem = PKCS7_dataDecode(p7, pkey, NULL, cert))) {
+        PKCS7err(PKCS7_F_PKCS7_DECRYPT, PKCS7_R_DECRYPT_ERROR);
+        return 0;
+    }
+
+    if (flags & PKCS7_TEXT) {
+        BIO *tmpbuf, *bread;
+        /* Encrypt BIOs can't do BIO_gets() so add a buffer BIO */
+        if (!(tmpbuf = BIO_new(BIO_f_buffer()))) {
+            PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+            BIO_free_all(tmpmem);
+            return 0;
+        }
+        if (!(bread = BIO_push(tmpbuf, tmpmem))) {
+            PKCS7err(PKCS7_F_PKCS7_DECRYPT, ERR_R_MALLOC_FAILURE);
+            BIO_free_all(tmpbuf);
+            BIO_free_all(tmpmem);
+            return 0;
+        }
+        ret = SMIME_text(bread, data);
+        if (ret > 0 && BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
+            if (!BIO_get_cipher_status(tmpmem))
+                ret = 0;
+        }
+        BIO_free_all(bread);
+        return ret;
+    } else {
+        for (;;) {
+            i = BIO_read(tmpmem, buf, sizeof(buf));
+            if (i <= 0) {
+                ret = 1;
+                if (BIO_method_type(tmpmem) == BIO_TYPE_CIPHER) {
+                    if (!BIO_get_cipher_status(tmpmem))
+                        ret = 0;
+                }
+
+                break;
+            }
+            if (BIO_write(data, buf, i) != i) {
+                ret = 0;
+                break;
+            }
+        }
+        BIO_free_all(tmpmem);
+        return ret;
+    }
 }
diff --git a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c
index c0e3d4cd..7dc5e290 100644
--- a/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c
+++ b/Cryptlib/OpenSSL/crypto/pkcs7/pkcs7err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,103 +66,115 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_PKCS7,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_PKCS7,0,reason)
 
-static ERR_STRING_DATA PKCS7_str_functs[]=
-	{
-{ERR_FUNC(PKCS7_F_B64_READ_PKCS7),	"B64_READ_PKCS7"},
-{ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7),	"B64_WRITE_PKCS7"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP),	"PKCS7_add_attrib_smimecap"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE),	"PKCS7_add_certificate"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL),	"PKCS7_add_crl"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO),	"PKCS7_add_recipient_info"},
-{ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER),	"PKCS7_add_signer"},
-{ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST),	"PKCS7_BIO_ADD_DIGEST"},
-{ERR_FUNC(PKCS7_F_PKCS7_CTRL),	"PKCS7_ctrl"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATADECODE),	"PKCS7_dataDecode"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL),	"PKCS7_dataFinal"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATAINIT),	"PKCS7_dataInit"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATASIGN),	"PKCS7_DATASIGN"},
-{ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY),	"PKCS7_dataVerify"},
-{ERR_FUNC(PKCS7_F_PKCS7_DECRYPT),	"PKCS7_decrypt"},
-{ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT),	"PKCS7_encrypt"},
-{ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST),	"PKCS7_FIND_DIGEST"},
-{ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS),	"PKCS7_get0_signers"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER),	"PKCS7_set_cipher"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT),	"PKCS7_set_content"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST),	"PKCS7_set_digest"},
-{ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE),	"PKCS7_set_type"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGN),	"PKCS7_sign"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY),	"PKCS7_signatureVerify"},
-{ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP),	"PKCS7_simple_smimecap"},
-{ERR_FUNC(PKCS7_F_PKCS7_VERIFY),	"PKCS7_verify"},
-{ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7),	"SMIME_read_PKCS7"},
-{ERR_FUNC(PKCS7_F_SMIME_TEXT),	"SMIME_text"},
-{0,NULL}
-	};
+static ERR_STRING_DATA PKCS7_str_functs[] = {
+    {ERR_FUNC(PKCS7_F_B64_READ_PKCS7), "B64_READ_PKCS7"},
+    {ERR_FUNC(PKCS7_F_B64_WRITE_PKCS7), "B64_WRITE_PKCS7"},
+    {ERR_FUNC(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP),
+     "PKCS7_add_attrib_smimecap"},
+    {ERR_FUNC(PKCS7_F_PKCS7_ADD_CERTIFICATE), "PKCS7_add_certificate"},
+    {ERR_FUNC(PKCS7_F_PKCS7_ADD_CRL), "PKCS7_add_crl"},
+    {ERR_FUNC(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO), "PKCS7_add_recipient_info"},
+    {ERR_FUNC(PKCS7_F_PKCS7_ADD_SIGNER), "PKCS7_add_signer"},
+    {ERR_FUNC(PKCS7_F_PKCS7_BIO_ADD_DIGEST), "PKCS7_BIO_ADD_DIGEST"},
+    {ERR_FUNC(PKCS7_F_PKCS7_CTRL), "PKCS7_ctrl"},
+    {ERR_FUNC(PKCS7_F_PKCS7_DATADECODE), "PKCS7_dataDecode"},
+    {ERR_FUNC(PKCS7_F_PKCS7_DATAFINAL), "PKCS7_dataFinal"},
+    {ERR_FUNC(PKCS7_F_PKCS7_DATAINIT), "PKCS7_dataInit"},
+    {ERR_FUNC(PKCS7_F_PKCS7_DATASIGN), "PKCS7_DATASIGN"},
+    {ERR_FUNC(PKCS7_F_PKCS7_DATAVERIFY), "PKCS7_dataVerify"},
+    {ERR_FUNC(PKCS7_F_PKCS7_DECRYPT), "PKCS7_decrypt"},
+    {ERR_FUNC(PKCS7_F_PKCS7_ENCRYPT), "PKCS7_encrypt"},
+    {ERR_FUNC(PKCS7_F_PKCS7_FIND_DIGEST), "PKCS7_FIND_DIGEST"},
+    {ERR_FUNC(PKCS7_F_PKCS7_GET0_SIGNERS), "PKCS7_get0_signers"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SET_CIPHER), "PKCS7_set_cipher"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SET_CONTENT), "PKCS7_set_content"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SET_DIGEST), "PKCS7_set_digest"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SET_TYPE), "PKCS7_set_type"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SIGN), "PKCS7_sign"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SIGNATUREVERIFY), "PKCS7_signatureVerify"},
+    {ERR_FUNC(PKCS7_F_PKCS7_SIMPLE_SMIMECAP), "PKCS7_simple_smimecap"},
+    {ERR_FUNC(PKCS7_F_PKCS7_VERIFY), "PKCS7_verify"},
+    {ERR_FUNC(PKCS7_F_SMIME_READ_PKCS7), "SMIME_read_PKCS7"},
+    {ERR_FUNC(PKCS7_F_SMIME_TEXT), "SMIME_text"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA PKCS7_str_reasons[]=
-	{
-{ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"},
-{ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),"cipher has no object identifier"},
-{ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED),"cipher not initialized"},
-{ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),"content and data present"},
-{ERR_REASON(PKCS7_R_DECODE_ERROR)        ,"decode error"},
-{ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),"decrypted key is wrong length"},
-{ERR_REASON(PKCS7_R_DECRYPT_ERROR)       ,"decrypt error"},
-{ERR_REASON(PKCS7_R_DIGEST_FAILURE)      ,"digest failure"},
-{ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT),"error adding recipient"},
-{ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER),"error setting cipher"},
-{ERR_REASON(PKCS7_R_INVALID_MIME_TYPE)   ,"invalid mime type"},
-{ERR_REASON(PKCS7_R_INVALID_NULL_POINTER),"invalid null pointer"},
-{ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE),"mime no content type"},
-{ERR_REASON(PKCS7_R_MIME_PARSE_ERROR)    ,"mime parse error"},
-{ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR),"mime sig parse error"},
-{ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO),"missing ceripend info"},
-{ERR_REASON(PKCS7_R_NO_CONTENT)          ,"no content"},
-{ERR_REASON(PKCS7_R_NO_CONTENT_TYPE)     ,"no content type"},
-{ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),"no multipart body failure"},
-{ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY),"no multipart boundary"},
-{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),"no recipient matches certificate"},
-{ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),"no recipient matches key"},
-{ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA),"no signatures on data"},
-{ERR_REASON(PKCS7_R_NO_SIGNERS)          ,"no signers"},
-{ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE) ,"no sig content type"},
-{ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),"operation not supported on this type"},
-{ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),"pkcs7 add signature error"},
-{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL)     ,"pkcs7 datafinal"},
-{ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR),"pkcs7 datafinal error"},
-{ERR_REASON(PKCS7_R_PKCS7_DATASIGN)      ,"pkcs7 datasign"},
-{ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR)   ,"pkcs7 parse error"},
-{ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR),"pkcs7 sig parse error"},
-{ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"},
-{ERR_REASON(PKCS7_R_SIGNATURE_FAILURE)   ,"signature failure"},
-{ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"},
-{ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE),"sig invalid mime type"},
-{ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR)    ,"smime text error"},
-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),"unable to find certificate"},
-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO),"unable to find mem bio"},
-{ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),"unable to find message digest"},
-{ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE) ,"unknown digest type"},
-{ERR_REASON(PKCS7_R_UNKNOWN_OPERATION)   ,"unknown operation"},
-{ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE),"unsupported cipher type"},
-{ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),"unsupported content type"},
-{ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE)  ,"wrong content type"},
-{ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE)    ,"wrong pkcs7 type"},
-{0,NULL}
-	};
+static ERR_STRING_DATA PKCS7_str_reasons[] = {
+    {ERR_REASON(PKCS7_R_CERTIFICATE_VERIFY_ERROR),
+     "certificate verify error"},
+    {ERR_REASON(PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER),
+     "cipher has no object identifier"},
+    {ERR_REASON(PKCS7_R_CIPHER_NOT_INITIALIZED), "cipher not initialized"},
+    {ERR_REASON(PKCS7_R_CONTENT_AND_DATA_PRESENT),
+     "content and data present"},
+    {ERR_REASON(PKCS7_R_DECODE_ERROR), "decode error"},
+    {ERR_REASON(PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH),
+     "decrypted key is wrong length"},
+    {ERR_REASON(PKCS7_R_DECRYPT_ERROR), "decrypt error"},
+    {ERR_REASON(PKCS7_R_DIGEST_FAILURE), "digest failure"},
+    {ERR_REASON(PKCS7_R_ERROR_ADDING_RECIPIENT), "error adding recipient"},
+    {ERR_REASON(PKCS7_R_ERROR_SETTING_CIPHER), "error setting cipher"},
+    {ERR_REASON(PKCS7_R_INVALID_MIME_TYPE), "invalid mime type"},
+    {ERR_REASON(PKCS7_R_INVALID_NULL_POINTER), "invalid null pointer"},
+    {ERR_REASON(PKCS7_R_MIME_NO_CONTENT_TYPE), "mime no content type"},
+    {ERR_REASON(PKCS7_R_MIME_PARSE_ERROR), "mime parse error"},
+    {ERR_REASON(PKCS7_R_MIME_SIG_PARSE_ERROR), "mime sig parse error"},
+    {ERR_REASON(PKCS7_R_MISSING_CERIPEND_INFO), "missing ceripend info"},
+    {ERR_REASON(PKCS7_R_NO_CONTENT), "no content"},
+    {ERR_REASON(PKCS7_R_NO_CONTENT_TYPE), "no content type"},
+    {ERR_REASON(PKCS7_R_NO_MULTIPART_BODY_FAILURE),
+     "no multipart body failure"},
+    {ERR_REASON(PKCS7_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"},
+    {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE),
+     "no recipient matches certificate"},
+    {ERR_REASON(PKCS7_R_NO_RECIPIENT_MATCHES_KEY),
+     "no recipient matches key"},
+    {ERR_REASON(PKCS7_R_NO_SIGNATURES_ON_DATA), "no signatures on data"},
+    {ERR_REASON(PKCS7_R_NO_SIGNERS), "no signers"},
+    {ERR_REASON(PKCS7_R_NO_SIG_CONTENT_TYPE), "no sig content type"},
+    {ERR_REASON(PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE),
+     "operation not supported on this type"},
+    {ERR_REASON(PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR),
+     "pkcs7 add signature error"},
+    {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL), "pkcs7 datafinal"},
+    {ERR_REASON(PKCS7_R_PKCS7_DATAFINAL_ERROR), "pkcs7 datafinal error"},
+    {ERR_REASON(PKCS7_R_PKCS7_DATASIGN), "pkcs7 datasign"},
+    {ERR_REASON(PKCS7_R_PKCS7_PARSE_ERROR), "pkcs7 parse error"},
+    {ERR_REASON(PKCS7_R_PKCS7_SIG_PARSE_ERROR), "pkcs7 sig parse error"},
+    {ERR_REASON(PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),
+     "private key does not match certificate"},
+    {ERR_REASON(PKCS7_R_SIGNATURE_FAILURE), "signature failure"},
+    {ERR_REASON(PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND),
+     "signer certificate not found"},
+    {ERR_REASON(PKCS7_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"},
+    {ERR_REASON(PKCS7_R_SMIME_TEXT_ERROR), "smime text error"},
+    {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_CERTIFICATE),
+     "unable to find certificate"},
+    {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MEM_BIO), "unable to find mem bio"},
+    {ERR_REASON(PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST),
+     "unable to find message digest"},
+    {ERR_REASON(PKCS7_R_UNKNOWN_DIGEST_TYPE), "unknown digest type"},
+    {ERR_REASON(PKCS7_R_UNKNOWN_OPERATION), "unknown operation"},
+    {ERR_REASON(PKCS7_R_UNSUPPORTED_CIPHER_TYPE), "unsupported cipher type"},
+    {ERR_REASON(PKCS7_R_UNSUPPORTED_CONTENT_TYPE),
+     "unsupported content type"},
+    {ERR_REASON(PKCS7_R_WRONG_CONTENT_TYPE), "wrong content type"},
+    {ERR_REASON(PKCS7_R_WRONG_PKCS7_TYPE), "wrong pkcs7 type"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_PKCS7_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,PKCS7_str_functs);
-		ERR_load_strings(0,PKCS7_str_reasons);
-		}
+    if (ERR_func_error_string(PKCS7_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, PKCS7_str_functs);
+        ERR_load_strings(0, PKCS7_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c b/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c
index 8ebba8a8..69cfefd5 100644
--- a/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c
+++ b/Cryptlib/OpenSSL/crypto/pqueue/pqueue.c
@@ -1,7 +1,7 @@
 /* crypto/pqueue/pqueue.c */
-/* 
+/*
  * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  
+ * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
  */
 /* ====================================================================
  * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
@@ -11,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,182 +61,164 @@
 #include <openssl/bn.h>
 #include "pqueue.h"
 
-typedef struct _pqueue
-	{
-	pitem *items;
-	int count;
-	} pqueue_s;
-
-pitem *
-pitem_new(PQ_64BIT priority, void *data)
-	{
-	pitem *item = (pitem *) OPENSSL_malloc(sizeof(pitem));
-	if (item == NULL) return NULL;
-
-	pq_64bit_init(&(item->priority));
-	pq_64bit_assign(&item->priority, &priority);
-
-	item->data = data;
-	item->next = NULL;
-
-	return item;
-	}
-
-void
-pitem_free(pitem *item)
-	{
-	if (item == NULL) return;
-
-	pq_64bit_free(&(item->priority));
-	OPENSSL_free(item);
-	}
-
-pqueue_s *
-pqueue_new()
-	{
-	pqueue_s *pq = (pqueue_s *) OPENSSL_malloc(sizeof(pqueue_s));
-	if (pq == NULL) return NULL;
-
-	memset(pq, 0x00, sizeof(pqueue_s));
-	return pq;
-	}
-
-void
-pqueue_free(pqueue_s *pq)
-	{
-	if (pq == NULL) return;
-
-	OPENSSL_free(pq);
-	}
-
-pitem *
-pqueue_insert(pqueue_s *pq, pitem *item)
-	{
-	pitem *curr, *next;
-
-	if (pq->items == NULL)
-		{
-		pq->items = item;
-		return item;
-		}
-
-	for(curr = NULL, next = pq->items; 
-		next != NULL;
-		curr = next, next = next->next)
-		{
-		if (pq_64bit_gt(&(next->priority), &(item->priority)))
-			{
-			item->next = next;
-
-			if (curr == NULL) 
-				pq->items = item;
-			else  
-				curr->next = item;
-
-			return item;
-			}
-		/* duplicates not allowed */
-		if (pq_64bit_eq(&(item->priority), &(next->priority)))
-			return NULL;
-		}
-
-	item->next = NULL;
-	curr->next = item;
-
-	return item;
-	}
-
-pitem *
-pqueue_peek(pqueue_s *pq)
-	{
-	return pq->items;
-	}
-
-pitem *
-pqueue_pop(pqueue_s *pq)
-	{
-	pitem *item = pq->items;
-
-	if (pq->items != NULL)
-		pq->items = pq->items->next;
-
-	return item;
-	}
-
-pitem *
-pqueue_find(pqueue_s *pq, PQ_64BIT priority)
-	{
-	pitem *next;
-	pitem *found = NULL;
-
-	if ( pq->items == NULL)
-		return NULL;
-
-	for ( next = pq->items; next->next != NULL; next = next->next)
-		{
-		if ( pq_64bit_eq(&(next->priority), &priority))
-			{
-			found = next;
-			break;
-			}
-		}
-	
-	/* check the one last node */
-	if ( pq_64bit_eq(&(next->priority), &priority))
-		found = next;
-
-	if ( ! found)
-		return NULL;
-
-	return found;
-	}
+typedef struct _pqueue {
+    pitem *items;
+    int count;
+} pqueue_s;
+
+pitem *pitem_new(PQ_64BIT priority, void *data)
+{
+    pitem *item = (pitem *)OPENSSL_malloc(sizeof(pitem));
+    if (item == NULL)
+        return NULL;
+
+    pq_64bit_init(&(item->priority));
+    pq_64bit_assign(&item->priority, &priority);
+
+    item->data = data;
+    item->next = NULL;
+
+    return item;
+}
+
+void pitem_free(pitem *item)
+{
+    if (item == NULL)
+        return;
+
+    pq_64bit_free(&(item->priority));
+    OPENSSL_free(item);
+}
+
+pqueue_s *pqueue_new()
+{
+    pqueue_s *pq = (pqueue_s *)OPENSSL_malloc(sizeof(pqueue_s));
+    if (pq == NULL)
+        return NULL;
+
+    memset(pq, 0x00, sizeof(pqueue_s));
+    return pq;
+}
+
+void pqueue_free(pqueue_s *pq)
+{
+    if (pq == NULL)
+        return;
+
+    OPENSSL_free(pq);
+}
+
+pitem *pqueue_insert(pqueue_s *pq, pitem *item)
+{
+    pitem *curr, *next;
+
+    if (pq->items == NULL) {
+        pq->items = item;
+        return item;
+    }
+
+    for (curr = NULL, next = pq->items;
+         next != NULL; curr = next, next = next->next) {
+        if (pq_64bit_gt(&(next->priority), &(item->priority))) {
+            item->next = next;
+
+            if (curr == NULL)
+                pq->items = item;
+            else
+                curr->next = item;
+
+            return item;
+        }
+        /* duplicates not allowed */
+        if (pq_64bit_eq(&(item->priority), &(next->priority)))
+            return NULL;
+    }
+
+    item->next = NULL;
+    curr->next = item;
+
+    return item;
+}
+
+pitem *pqueue_peek(pqueue_s *pq)
+{
+    return pq->items;
+}
+
+pitem *pqueue_pop(pqueue_s *pq)
+{
+    pitem *item = pq->items;
+
+    if (pq->items != NULL)
+        pq->items = pq->items->next;
+
+    return item;
+}
+
+pitem *pqueue_find(pqueue_s *pq, PQ_64BIT priority)
+{
+    pitem *next;
+    pitem *found = NULL;
+
+    if (pq->items == NULL)
+        return NULL;
+
+    for (next = pq->items; next->next != NULL; next = next->next) {
+        if (pq_64bit_eq(&(next->priority), &priority)) {
+            found = next;
+            break;
+        }
+    }
+
+    /* check the one last node */
+    if (pq_64bit_eq(&(next->priority), &priority))
+        found = next;
+
+    if (!found)
+        return NULL;
+
+    return found;
+}
 
 #if PQ_64BIT_IS_INTEGER
-void
-pqueue_print(pqueue_s *pq)
-	{
-	pitem *item = pq->items;
-
-	while(item != NULL)
-		{
-		printf("item\t" PQ_64BIT_PRINT "\n", item->priority);
-		item = item->next;
-		}
-	}
-#endif
+void pqueue_print(pqueue_s *pq)
+{
+    pitem *item = pq->items;
 
-pitem *
-pqueue_iterator(pqueue_s *pq)
-	{
-	return pqueue_peek(pq);
-	}
+    while (item != NULL) {
+        printf("item\t" PQ_64BIT_PRINT "\n", item->priority);
+        item = item->next;
+    }
+}
+#endif
 
-pitem *
-pqueue_next(pitem **item)
-	{
-	pitem *ret;
+pitem *pqueue_iterator(pqueue_s *pq)
+{
+    return pqueue_peek(pq);
+}
 
-	if ( item == NULL || *item == NULL)
-		return NULL;
+pitem *pqueue_next(pitem **item)
+{
+    pitem *ret;
 
+    if (item == NULL || *item == NULL)
+        return NULL;
 
-	/* *item != NULL */
-	ret = *item;
-	*item = (*item)->next;
+    /* *item != NULL */
+    ret = *item;
+    *item = (*item)->next;
 
-	return ret;
-	}
+    return ret;
+}
 
-int
-pqueue_size(pqueue_s *pq)
+int pqueue_size(pqueue_s *pq)
 {
-	pitem *item = pq->items;
-	int count = 0;
-	
-	while(item != NULL)
-	{
-		count++;
-		item = item->next;
-	}
-	return count;
+    pitem *item = pq->items;
+    int count = 0;
+
+    while (item != NULL) {
+        count++;
+        item = item->next;
+    }
+    return count;
 }
diff --git a/Cryptlib/OpenSSL/crypto/rand/md_rand.c b/Cryptlib/OpenSSL/crypto/rand/md_rand.c
index 0f8dd3e0..6445c1b2 100644
--- a/Cryptlib/OpenSSL/crypto/rand/md_rand.c
+++ b/Cryptlib/OpenSSL/crypto/rand/md_rand.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -111,7 +111,7 @@
 
 #ifdef MD_RAND_DEBUG
 # ifndef NDEBUG
-#   define NDEBUG
+#  define NDEBUG
 # endif
 #endif
 
@@ -127,36 +127,36 @@
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
-
 #ifdef BN_DEBUG
 # define PREDICT
 #endif
 
-/* #define PREDICT	1 */
+/* #define PREDICT      1 */
 
-#define STATE_SIZE	1023
-static int state_num=0,state_index=0;
-static unsigned char state[STATE_SIZE+MD_DIGEST_LENGTH];
+#define STATE_SIZE      1023
+static int state_num = 0, state_index = 0;
+static unsigned char state[STATE_SIZE + MD_DIGEST_LENGTH];
 static unsigned char md[MD_DIGEST_LENGTH];
-static long md_count[2]={0,0};
-static double entropy=0;
-static int initialized=0;
+static long md_count[2] = { 0, 0 };
+
+static double entropy = 0;
+static int initialized = 0;
 
 static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
-                                           * holds CRYPTO_LOCK_RAND
-                                           * (to prevent double locking) */
+                                           * holds CRYPTO_LOCK_RAND (to
+                                           * prevent double locking) */
 /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
-static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
-
+/* valid iff crypto_lock_rand is set */
+static unsigned long locking_thread = 0;
 
 #ifdef PREDICT
-int rand_predictable=0;
+int rand_predictable = 0;
 #endif
 
-const char RAND_version[]="RAND" OPENSSL_VERSION_PTEXT;
+const char RAND_version[] = "RAND" OPENSSL_VERSION_PTEXT;
 
 static void ssleay_rand_cleanup(void);
 static void ssleay_rand_seed(const void *buf, int num);
@@ -165,420 +165,411 @@ static int ssleay_rand_bytes(unsigned char *buf, int num);
 static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num);
 static int ssleay_rand_status(void);
 
-RAND_METHOD rand_ssleay_meth={
-	ssleay_rand_seed,
-	ssleay_rand_bytes,
-	ssleay_rand_cleanup,
-	ssleay_rand_add,
-	ssleay_rand_pseudo_bytes,
-	ssleay_rand_status
-	}; 
+RAND_METHOD rand_ssleay_meth = {
+    ssleay_rand_seed,
+    ssleay_rand_bytes,
+    ssleay_rand_cleanup,
+    ssleay_rand_add,
+    ssleay_rand_pseudo_bytes,
+    ssleay_rand_status
+};
 
 RAND_METHOD *RAND_SSLeay(void)
-	{
-	return(&rand_ssleay_meth);
-	}
+{
+    return (&rand_ssleay_meth);
+}
 
 static void ssleay_rand_cleanup(void)
-	{
-	OPENSSL_cleanse(state,sizeof(state));
-	state_num=0;
-	state_index=0;
-	OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
-	md_count[0]=0;
-	md_count[1]=0;
-	entropy=0;
-	initialized=0;
-	}
+{
+    OPENSSL_cleanse(state, sizeof(state));
+    state_num = 0;
+    state_index = 0;
+    OPENSSL_cleanse(md, MD_DIGEST_LENGTH);
+    md_count[0] = 0;
+    md_count[1] = 0;
+    entropy = 0;
+    initialized = 0;
+}
 
 static void ssleay_rand_add(const void *buf, int num, double add)
-	{
-	int i,j,k,st_idx;
-	long md_c[2];
-	unsigned char local_md[MD_DIGEST_LENGTH];
-	EVP_MD_CTX m;
-	int do_not_lock;
-
-	/*
-	 * (Based on the rand(3) manpage)
-	 *
-	 * The input is chopped up into units of 20 bytes (or less for
-	 * the last block).  Each of these blocks is run through the hash
-	 * function as follows:  The data passed to the hash function
-	 * is the current 'md', the same number of bytes from the 'state'
-	 * (the location determined by in incremented looping index) as
-	 * the current 'block', the new key data 'block', and 'count'
-	 * (which is incremented after each use).
-	 * The result of this is kept in 'md' and also xored into the
-	 * 'state' at the same locations that were used as input into the
-         * hash function.
-	 */
-
-	/* check if we already have the lock */
-	if (crypto_lock_rand)
-		{
-		CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-		do_not_lock = (locking_thread == CRYPTO_thread_id());
-		CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
-		}
-	else
-		do_not_lock = 0;
-
-	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-	st_idx=state_index;
-
-	/* use our own copies of the counters so that even
-	 * if a concurrent thread seeds with exactly the
-	 * same data and uses the same subarray there's _some_
-	 * difference */
-	md_c[0] = md_count[0];
-	md_c[1] = md_count[1];
-
-	memcpy(local_md, md, sizeof md);
-
-	/* state_index <= state_num <= STATE_SIZE */
-	state_index += num;
-	if (state_index >= STATE_SIZE)
-		{
-		state_index%=STATE_SIZE;
-		state_num=STATE_SIZE;
-		}
-	else if (state_num < STATE_SIZE)	
-		{
-		if (state_index > state_num)
-			state_num=state_index;
-		}
-	/* state_index <= state_num <= STATE_SIZE */
-
-	/* state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE]
-	 * are what we will use now, but other threads may use them
-	 * as well */
-
-	md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
-
-	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-	EVP_MD_CTX_init(&m);
-	for (i=0; i<num; i+=MD_DIGEST_LENGTH)
-		{
-		j=(num-i);
-		j=(j > MD_DIGEST_LENGTH)?MD_DIGEST_LENGTH:j;
-
-		MD_Init(&m);
-		MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-		k=(st_idx+j)-STATE_SIZE;
-		if (k > 0)
-			{
-			MD_Update(&m,&(state[st_idx]),j-k);
-			MD_Update(&m,&(state[0]),k);
-			}
-		else
-			MD_Update(&m,&(state[st_idx]),j);
-			
-		MD_Update(&m,buf,j);
-		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-		MD_Final(&m,local_md);
-		md_c[1]++;
-
-		buf=(const char *)buf + j;
-
-		for (k=0; k<j; k++)
-			{
-			/* Parallel threads may interfere with this,
-			 * but always each byte of the new state is
-			 * the XOR of some previous value of its
-			 * and local_md (itermediate values may be lost).
-			 * Alway using locking could hurt performance more
-			 * than necessary given that conflicts occur only
-			 * when the total seeding is longer than the random
-			 * state. */
-			state[st_idx++]^=local_md[k];
-			if (st_idx >= STATE_SIZE)
-				st_idx=0;
-			}
-		}
-	EVP_MD_CTX_cleanup(&m);
-
-	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-	/* Don't just copy back local_md into md -- this could mean that
-	 * other thread's seeding remains without effect (except for
-	 * the incremented counter).  By XORing it we keep at least as
-	 * much entropy as fits into md. */
-	for (k = 0; k < (int)sizeof(md); k++)
-		{
-		md[k] ^= local_md[k];
-		}
-	if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
-	    entropy += add;
-	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-	
+{
+    int i, j, k, st_idx;
+    long md_c[2];
+    unsigned char local_md[MD_DIGEST_LENGTH];
+    EVP_MD_CTX m;
+    int do_not_lock;
+
+    /*
+     * (Based on the rand(3) manpage)
+     *
+     * The input is chopped up into units of 20 bytes (or less for
+     * the last block).  Each of these blocks is run through the hash
+     * function as follows:  The data passed to the hash function
+     * is the current 'md', the same number of bytes from the 'state'
+     * (the location determined by in incremented looping index) as
+     * the current 'block', the new key data 'block', and 'count'
+     * (which is incremented after each use).
+     * The result of this is kept in 'md' and also xored into the
+     * 'state' at the same locations that were used as input into the
+     * hash function.
+     */
+
+    /* check if we already have the lock */
+    if (crypto_lock_rand) {
+        CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+        do_not_lock = (locking_thread == CRYPTO_thread_id());
+        CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+    } else
+        do_not_lock = 0;
+
+    if (!do_not_lock)
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+    st_idx = state_index;
+
+    /*
+     * use our own copies of the counters so that even if a concurrent thread
+     * seeds with exactly the same data and uses the same subarray there's
+     * _some_ difference
+     */
+    md_c[0] = md_count[0];
+    md_c[1] = md_count[1];
+
+    memcpy(local_md, md, sizeof md);
+
+    /* state_index <= state_num <= STATE_SIZE */
+    state_index += num;
+    if (state_index >= STATE_SIZE) {
+        state_index %= STATE_SIZE;
+        state_num = STATE_SIZE;
+    } else if (state_num < STATE_SIZE) {
+        if (state_index > state_num)
+            state_num = state_index;
+    }
+    /* state_index <= state_num <= STATE_SIZE */
+
+    /*
+     * state[st_idx], ..., state[(st_idx + num - 1) % STATE_SIZE] are what we
+     * will use now, but other threads may use them as well
+     */
+
+    md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
+
+    if (!do_not_lock)
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+    EVP_MD_CTX_init(&m);
+    for (i = 0; i < num; i += MD_DIGEST_LENGTH) {
+        j = (num - i);
+        j = (j > MD_DIGEST_LENGTH) ? MD_DIGEST_LENGTH : j;
+
+        MD_Init(&m);
+        MD_Update(&m, local_md, MD_DIGEST_LENGTH);
+        k = (st_idx + j) - STATE_SIZE;
+        if (k > 0) {
+            MD_Update(&m, &(state[st_idx]), j - k);
+            MD_Update(&m, &(state[0]), k);
+        } else
+            MD_Update(&m, &(state[st_idx]), j);
+
+        MD_Update(&m, buf, j);
+        MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
+        MD_Final(&m, local_md);
+        md_c[1]++;
+
+        buf = (const char *)buf + j;
+
+        for (k = 0; k < j; k++) {
+            /*
+             * Parallel threads may interfere with this, but always each byte
+             * of the new state is the XOR of some previous value of its and
+             * local_md (itermediate values may be lost). Alway using locking
+             * could hurt performance more than necessary given that
+             * conflicts occur only when the total seeding is longer than the
+             * random state.
+             */
+            state[st_idx++] ^= local_md[k];
+            if (st_idx >= STATE_SIZE)
+                st_idx = 0;
+        }
+    }
+    EVP_MD_CTX_cleanup(&m);
+
+    if (!do_not_lock)
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+    /*
+     * Don't just copy back local_md into md -- this could mean that other
+     * thread's seeding remains without effect (except for the incremented
+     * counter).  By XORing it we keep at least as much entropy as fits into
+     * md.
+     */
+    for (k = 0; k < (int)sizeof(md); k++) {
+        md[k] ^= local_md[k];
+    }
+    if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
+        entropy += add;
+    if (!do_not_lock)
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
 #if !defined(OPENSSL_THREADS) && !defined(OPENSSL_SYS_WIN32)
-	assert(md_c[1] == md_count[1]);
+    assert(md_c[1] == md_count[1]);
 #endif
-	}
+}
 
 static void ssleay_rand_seed(const void *buf, int num)
-	{
-	ssleay_rand_add(buf, num, (double)num);
-	}
+{
+    ssleay_rand_add(buf, num, (double)num);
+}
 
 static int ssleay_rand_bytes(unsigned char *buf, int num)
-	{
-	static volatile int stirred_pool = 0;
-	int i,j,k,st_num,st_idx;
-	int num_ceil;
-	int ok;
-	long md_c[2];
-	unsigned char local_md[MD_DIGEST_LENGTH];
-	EVP_MD_CTX m;
+{
+    static volatile int stirred_pool = 0;
+    int i, j, k, st_num, st_idx;
+    int num_ceil;
+    int ok;
+    long md_c[2];
+    unsigned char local_md[MD_DIGEST_LENGTH];
+    EVP_MD_CTX m;
 #ifndef GETPID_IS_MEANINGLESS
-	pid_t curr_pid = getpid();
+    pid_t curr_pid = getpid();
 #endif
-	int do_stir_pool = 0;
+    int do_stir_pool = 0;
 
 #ifdef OPENSSL_FIPS
-	if(FIPS_mode())
-	    {
-	    FIPSerr(FIPS_F_SSLEAY_RAND_BYTES,FIPS_R_NON_FIPS_METHOD);
-	    return 0;
-	    }
+    if (FIPS_mode()) {
+        FIPSerr(FIPS_F_SSLEAY_RAND_BYTES, FIPS_R_NON_FIPS_METHOD);
+        return 0;
+    }
 #endif
 
 #ifdef PREDICT
-	if (rand_predictable)
-		{
-		static unsigned char val=0;
-
-		for (i=0; i<num; i++)
-			buf[i]=val++;
-		return(1);
-		}
+    if (rand_predictable) {
+        static unsigned char val = 0;
+
+        for (i = 0; i < num; i++)
+            buf[i] = val++;
+        return (1);
+    }
 #endif
 
-	if (num <= 0)
-		return 1;
-
-	EVP_MD_CTX_init(&m);
-	/* round upwards to multiple of MD_DIGEST_LENGTH/2 */
-	num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2);
-
-	/*
-	 * (Based on the rand(3) manpage:)
-	 *
-	 * For each group of 10 bytes (or less), we do the following:
-	 *
-	 * Input into the hash function the local 'md' (which is initialized from
-	 * the global 'md' before any bytes are generated), the bytes that are to
-	 * be overwritten by the random bytes, and bytes from the 'state'
-	 * (incrementing looping index). From this digest output (which is kept
-	 * in 'md'), the top (up to) 10 bytes are returned to the caller and the
-	 * bottom 10 bytes are xored into the 'state'.
-	 * 
-	 * Finally, after we have finished 'num' random bytes for the
-	 * caller, 'count' (which is incremented) and the local and global 'md'
-	 * are fed into the hash function and the results are kept in the
-	 * global 'md'.
-	 */
-
-	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-
-	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
-	CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-	locking_thread = CRYPTO_thread_id();
-	CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
-	crypto_lock_rand = 1;
-
-	if (!initialized)
-		{
-		RAND_poll();
-		initialized = 1;
-		}
-	
-	if (!stirred_pool)
-		do_stir_pool = 1;
-	
-	ok = (entropy >= ENTROPY_NEEDED);
-	if (!ok)
-		{
-		/* If the PRNG state is not yet unpredictable, then seeing
-		 * the PRNG output may help attackers to determine the new
-		 * state; thus we have to decrease the entropy estimate.
-		 * Once we've had enough initial seeding we don't bother to
-		 * adjust the entropy count, though, because we're not ambitious
-		 * to provide *information-theoretic* randomness.
-		 *
-		 * NOTE: This approach fails if the program forks before
-		 * we have enough entropy. Entropy should be collected
-		 * in a separate input pool and be transferred to the
-		 * output pool only when the entropy limit has been reached.
-		 */
-		entropy -= num;
-		if (entropy < 0)
-			entropy = 0;
-		}
-
-	if (do_stir_pool)
-		{
-		/* In the output function only half of 'md' remains secret,
-		 * so we better make sure that the required entropy gets
-		 * 'evenly distributed' through 'state', our randomness pool.
-		 * The input function (ssleay_rand_add) chains all of 'md',
-		 * which makes it more suitable for this purpose.
-		 */
-
-		int n = STATE_SIZE; /* so that the complete pool gets accessed */
-		while (n > 0)
-			{
+    if (num <= 0)
+        return 1;
+
+    EVP_MD_CTX_init(&m);
+    /* round upwards to multiple of MD_DIGEST_LENGTH/2 */
+    num_ceil =
+        (1 + (num - 1) / (MD_DIGEST_LENGTH / 2)) * (MD_DIGEST_LENGTH / 2);
+
+    /*
+     * (Based on the rand(3) manpage:)
+     *
+     * For each group of 10 bytes (or less), we do the following:
+     *
+     * Input into the hash function the local 'md' (which is initialized from
+     * the global 'md' before any bytes are generated), the bytes that are to
+     * be overwritten by the random bytes, and bytes from the 'state'
+     * (incrementing looping index). From this digest output (which is kept
+     * in 'md'), the top (up to) 10 bytes are returned to the caller and the
+     * bottom 10 bytes are xored into the 'state'.
+     *
+     * Finally, after we have finished 'num' random bytes for the
+     * caller, 'count' (which is incremented) and the local and global 'md'
+     * are fed into the hash function and the results are kept in the
+     * global 'md'.
+     */
+
+    CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+    /* prevent ssleay_rand_bytes() from trying to obtain the lock again */
+    CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+    locking_thread = CRYPTO_thread_id();
+    CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+    crypto_lock_rand = 1;
+
+    if (!initialized) {
+        RAND_poll();
+        initialized = 1;
+    }
+
+    if (!stirred_pool)
+        do_stir_pool = 1;
+
+    ok = (entropy >= ENTROPY_NEEDED);
+    if (!ok) {
+        /*
+         * If the PRNG state is not yet unpredictable, then seeing the PRNG
+         * output may help attackers to determine the new state; thus we have
+         * to decrease the entropy estimate. Once we've had enough initial
+         * seeding we don't bother to adjust the entropy count, though,
+         * because we're not ambitious to provide *information-theoretic*
+         * randomness. NOTE: This approach fails if the program forks before
+         * we have enough entropy. Entropy should be collected in a separate
+         * input pool and be transferred to the output pool only when the
+         * entropy limit has been reached.
+         */
+        entropy -= num;
+        if (entropy < 0)
+            entropy = 0;
+    }
+
+    if (do_stir_pool) {
+        /*
+         * In the output function only half of 'md' remains secret, so we
+         * better make sure that the required entropy gets 'evenly
+         * distributed' through 'state', our randomness pool. The input
+         * function (ssleay_rand_add) chains all of 'md', which makes it more
+         * suitable for this purpose.
+         */
+
+        int n = STATE_SIZE;     /* so that the complete pool gets accessed */
+        while (n > 0) {
 #if MD_DIGEST_LENGTH > 20
 # error "Please adjust DUMMY_SEED."
 #endif
 #define DUMMY_SEED "...................." /* at least MD_DIGEST_LENGTH */
-			/* Note that the seed does not matter, it's just that
-			 * ssleay_rand_add expects to have something to hash. */
-			ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
-			n -= MD_DIGEST_LENGTH;
-			}
-		if (ok)
-			stirred_pool = 1;
-		}
-
-	st_idx=state_index;
-	st_num=state_num;
-	md_c[0] = md_count[0];
-	md_c[1] = md_count[1];
-	memcpy(local_md, md, sizeof md);
-
-	state_index+=num_ceil;
-	if (state_index > state_num)
-		state_index %= state_num;
-
-	/* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num]
-	 * are now ours (but other threads may use them too) */
-
-	md_count[0] += 1;
-
-	/* before unlocking, we must clear 'crypto_lock_rand' */
-	crypto_lock_rand = 0;
-	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-	while (num > 0)
-		{
-		/* num_ceil -= MD_DIGEST_LENGTH/2 */
-		j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;
-		num-=j;
-		MD_Init(&m);
+            /*
+             * Note that the seed does not matter, it's just that
+             * ssleay_rand_add expects to have something to hash.
+             */
+            ssleay_rand_add(DUMMY_SEED, MD_DIGEST_LENGTH, 0.0);
+            n -= MD_DIGEST_LENGTH;
+        }
+        if (ok)
+            stirred_pool = 1;
+    }
+
+    st_idx = state_index;
+    st_num = state_num;
+    md_c[0] = md_count[0];
+    md_c[1] = md_count[1];
+    memcpy(local_md, md, sizeof md);
+
+    state_index += num_ceil;
+    if (state_index > state_num)
+        state_index %= state_num;
+
+    /*
+     * state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num] are now
+     * ours (but other threads may use them too)
+     */
+
+    md_count[0] += 1;
+
+    /* before unlocking, we must clear 'crypto_lock_rand' */
+    crypto_lock_rand = 0;
+    CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+    while (num > 0) {
+        /* num_ceil -= MD_DIGEST_LENGTH/2 */
+        j = (num >= MD_DIGEST_LENGTH / 2) ? MD_DIGEST_LENGTH / 2 : num;
+        num -= j;
+        MD_Init(&m);
 #ifndef GETPID_IS_MEANINGLESS
-		if (curr_pid) /* just in the first iteration to save time */
-			{
-			MD_Update(&m,(unsigned char*)&curr_pid,sizeof curr_pid);
-			curr_pid = 0;
-			}
+        if (curr_pid) {         /* just in the first iteration to save time */
+            MD_Update(&m, (unsigned char *)&curr_pid, sizeof curr_pid);
+            curr_pid = 0;
+        }
 #endif
-		MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
+        MD_Update(&m, local_md, MD_DIGEST_LENGTH);
+        MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
 #ifndef PURIFY
-		MD_Update(&m,buf,j); /* purify complains */
+        MD_Update(&m, buf, j);  /* purify complains */
 #endif
-		k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
-		if (k > 0)
-			{
-			MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k);
-			MD_Update(&m,&(state[0]),k);
-			}
-		else
-			MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2);
-		MD_Final(&m,local_md);
-
-		for (i=0; i<MD_DIGEST_LENGTH/2; i++)
-			{
-			state[st_idx++]^=local_md[i]; /* may compete with other threads */
-			if (st_idx >= st_num)
-				st_idx=0;
-			if (i < j)
-				*(buf++)=local_md[i+MD_DIGEST_LENGTH/2];
-			}
-		}
-
-	MD_Init(&m);
-	MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
-	MD_Update(&m,local_md,MD_DIGEST_LENGTH);
-	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-	MD_Update(&m,md,MD_DIGEST_LENGTH);
-	MD_Final(&m,md);
-	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-
-	EVP_MD_CTX_cleanup(&m);
-	if (ok)
-		return(1);
-	else
-		{
-		RANDerr(RAND_F_SSLEAY_RAND_BYTES,RAND_R_PRNG_NOT_SEEDED);
-		ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
-			"http://www.openssl.org/support/faq.html");
-		return(0);
-		}
-	}
-
-/* pseudo-random bytes that are guaranteed to be unique but not
-   unpredictable */
-static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 
-	{
-	int ret;
-	unsigned long err;
-
-	ret = RAND_bytes(buf, num);
-	if (ret == 0)
-		{
-		err = ERR_peek_error();
-		if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
-		    ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
-			ERR_clear_error();
-		}
-	return (ret);
-	}
+        k = (st_idx + MD_DIGEST_LENGTH / 2) - st_num;
+        if (k > 0) {
+            MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k);
+            MD_Update(&m, &(state[0]), k);
+        } else
+            MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2);
+        MD_Final(&m, local_md);
+
+        for (i = 0; i < MD_DIGEST_LENGTH / 2; i++) {
+            /* may compete with other threads */
+            state[st_idx++] ^= local_md[i];
+            if (st_idx >= st_num)
+                st_idx = 0;
+            if (i < j)
+                *(buf++) = local_md[i + MD_DIGEST_LENGTH / 2];
+        }
+    }
+
+    MD_Init(&m);
+    MD_Update(&m, (unsigned char *)&(md_c[0]), sizeof(md_c));
+    MD_Update(&m, local_md, MD_DIGEST_LENGTH);
+    CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+    MD_Update(&m, md, MD_DIGEST_LENGTH);
+    MD_Final(&m, md);
+    CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+
+    EVP_MD_CTX_cleanup(&m);
+    if (ok)
+        return (1);
+    else {
+        RANDerr(RAND_F_SSLEAY_RAND_BYTES, RAND_R_PRNG_NOT_SEEDED);
+        ERR_add_error_data(1, "You need to read the OpenSSL FAQ, "
+                           "http://www.openssl.org/support/faq.html");
+        return (0);
+    }
+}
+
+/*
+ * pseudo-random bytes that are guaranteed to be unique but not unpredictable
+ */
+static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num)
+{
+    int ret;
+    unsigned long err;
+
+    ret = RAND_bytes(buf, num);
+    if (ret == 0) {
+        err = ERR_peek_error();
+        if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
+            ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
+            ERR_clear_error();
+    }
+    return (ret);
+}
 
 static int ssleay_rand_status(void)
-	{
-	int ret;
-	int do_not_lock;
-
-	/* check if we already have the lock
-	 * (could happen if a RAND_poll() implementation calls RAND_status()) */
-	if (crypto_lock_rand)
-		{
-		CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
-		do_not_lock = (locking_thread == CRYPTO_thread_id());
-		CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
-		}
-	else
-		do_not_lock = 0;
-	
-	if (!do_not_lock)
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
-		
-		/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
-		CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
-		locking_thread = CRYPTO_thread_id();
-		CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
-		crypto_lock_rand = 1;
-		}
-	
-	if (!initialized)
-		{
-		RAND_poll();
-		initialized = 1;
-		}
-
-	ret = entropy >= ENTROPY_NEEDED;
-
-	if (!do_not_lock)
-		{
-		/* before unlocking, we must clear 'crypto_lock_rand' */
-		crypto_lock_rand = 0;
-		
-		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
-		}
-	
-	return ret;
-	}
+{
+    int ret;
+    int do_not_lock;
+
+    /*
+     * check if we already have the lock (could happen if a RAND_poll()
+     * implementation calls RAND_status())
+     */
+    if (crypto_lock_rand) {
+        CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+        do_not_lock = (locking_thread == CRYPTO_thread_id());
+        CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+    } else
+        do_not_lock = 0;
+
+    if (!do_not_lock) {
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+
+        /*
+         * prevent ssleay_rand_bytes() from trying to obtain the lock again
+         */
+        CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+        locking_thread = CRYPTO_thread_id();
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+        crypto_lock_rand = 1;
+    }
+
+    if (!initialized) {
+        RAND_poll();
+        initialized = 1;
+    }
+
+    ret = entropy >= ENTROPY_NEEDED;
+
+    if (!do_not_lock) {
+        /* before unlocking, we must clear 'crypto_lock_rand' */
+        crypto_lock_rand = 0;
+
+        CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+    }
+
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c
index 813a69e4..c0a9618d 100644
--- a/Cryptlib/OpenSSL/crypto/rand/rand_egd.c
+++ b/Cryptlib/OpenSSL/crypto/rand/rand_egd.c
@@ -8,7 +8,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,7 +58,7 @@
 #include <openssl/rand.h>
 #include <openssl/buffer.h>
 
-/*
+/*-
  * Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
  *
  * This module supplies three routines:
@@ -97,207 +97,195 @@
 
 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_VOS) || defined(OPENSSL_SYS_UEFI)
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
-	{
-	return(-1);
-	}
+{
+    return (-1);
+}
+
 int RAND_egd(const char *path)
-	{
-	return(-1);
-	}
+{
+    return (-1);
+}
 
-int RAND_egd_bytes(const char *path,int bytes)
-	{
-	return(-1);
-	}
+int RAND_egd_bytes(const char *path, int bytes)
+{
+    return (-1);
+}
 #else
-#include <openssl/opensslconf.h>
-#include OPENSSL_UNISTD
-#include <sys/types.h>
-#include <sys/socket.h>
-#ifndef NO_SYS_UN_H
-# ifdef OPENSSL_SYS_VXWORKS
+# include <openssl/opensslconf.h>
+# include OPENSSL_UNISTD
+# include <sys/types.h>
+# include <sys/socket.h>
+# ifndef NO_SYS_UN_H
+#  ifdef OPENSSL_SYS_VXWORKS
 #   include <streams/un.h>
-# else
+#  else
 #   include <sys/un.h>
-# endif
-#else
-struct	sockaddr_un {
-	short	sun_family;		/* AF_UNIX */
-	char	sun_path[108];		/* path name (gag) */
+#  endif
+# else
+struct sockaddr_un {
+    short sun_family;           /* AF_UNIX */
+    char sun_path[108];         /* path name (gag) */
 };
-#endif /* NO_SYS_UN_H */
-#include <string.h>
-#include <errno.h>
+# endif                         /* NO_SYS_UN_H */
+# include <string.h>
+# include <errno.h>
 
-#ifndef offsetof
+# ifndef offsetof
 #  define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)
-#endif
+# endif
 
 int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
-	{
-	int ret = 0;
-	struct sockaddr_un addr;
-	int len, num, numbytes;
-	int fd = -1;
-	int success;
-	unsigned char egdbuf[2], tempbuf[255], *retrievebuf;
+{
+    int ret = 0;
+    struct sockaddr_un addr;
+    int len, num, numbytes;
+    int fd = -1;
+    int success;
+    unsigned char egdbuf[2], tempbuf[255], *retrievebuf;
 
-	memset(&addr, 0, sizeof(addr));
-	addr.sun_family = AF_UNIX;
-	if (strlen(path) >= sizeof(addr.sun_path))
-		return (-1);
-	BUF_strlcpy(addr.sun_path,path,sizeof addr.sun_path);
-	len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
-	fd = socket(AF_UNIX, SOCK_STREAM, 0);
-	if (fd == -1) return (-1);
-	success = 0;
-	while (!success)
-	    {
-	    if (connect(fd, (struct sockaddr *)&addr, len) == 0)
-	       success = 1;
-	    else
-		{
-		switch (errno)
-		    {
-#ifdef EINTR
-		    case EINTR:
-#endif
-#ifdef EAGAIN
-		    case EAGAIN:
-#endif
-#ifdef EINPROGRESS
-		    case EINPROGRESS:
-#endif
-#ifdef EALREADY
-		    case EALREADY:
-#endif
-			/* No error, try again */
-			break;
-#ifdef EISCONN
-		    case EISCONN:
-			success = 1;
-			break;
-#endif
-		    default:
-			goto err;	/* failure */
-		    }
-		}
-	    }
+    memset(&addr, 0, sizeof(addr));
+    addr.sun_family = AF_UNIX;
+    if (strlen(path) >= sizeof(addr.sun_path))
+        return (-1);
+    BUF_strlcpy(addr.sun_path, path, sizeof addr.sun_path);
+    len = offsetof(struct sockaddr_un, sun_path) + strlen(path);
+    fd = socket(AF_UNIX, SOCK_STREAM, 0);
+    if (fd == -1)
+        return (-1);
+    success = 0;
+    while (!success) {
+        if (connect(fd, (struct sockaddr *)&addr, len) == 0)
+            success = 1;
+        else {
+            switch (errno) {
+# ifdef EINTR
+            case EINTR:
+# endif
+# ifdef EAGAIN
+            case EAGAIN:
+# endif
+# ifdef EINPROGRESS
+            case EINPROGRESS:
+# endif
+# ifdef EALREADY
+            case EALREADY:
+# endif
+                /* No error, try again */
+                break;
+# ifdef EISCONN
+            case EISCONN:
+                success = 1;
+                break;
+# endif
+            default:
+                goto err;       /* failure */
+            }
+        }
+    }
 
-	while(bytes > 0)
-	    {
-	    egdbuf[0] = 1;
-	    egdbuf[1] = bytes < 255 ? bytes : 255;
-	    numbytes = 0;
-	    while (numbytes != 2)
-		{
-	        num = write(fd, egdbuf + numbytes, 2 - numbytes);
-	        if (num >= 0)
-		    numbytes += num;
-	    	else
-		    {
-		    switch (errno)
-		    	{
-#ifdef EINTR
-		    	case EINTR:
-#endif
-#ifdef EAGAIN
-		    	case EAGAIN:
-#endif
-			    /* No error, try again */
-			    break;
-		    	default:
-			    ret = -1;
-			    goto err;	/* failure */
-			}
-		    }
-		}
-	    numbytes = 0;
-	    while (numbytes != 1)
-		{
-	        num = read(fd, egdbuf, 1);
-	        if (num == 0)
-			goto err;	/* descriptor closed */
-		else if (num > 0)
-		    numbytes += num;
-	    	else
-		    {
-		    switch (errno)
-		    	{
-#ifdef EINTR
-		    	case EINTR:
-#endif
-#ifdef EAGAIN
-		    	case EAGAIN:
-#endif
-			    /* No error, try again */
-			    break;
-		    	default:
-			    ret = -1;
-			    goto err;	/* failure */
-			}
-		    }
-		}
-	    if(egdbuf[0] == 0)
-		goto err;
-	    if (buf)
-		retrievebuf = buf + ret;
-	    else
-		retrievebuf = tempbuf;
-	    numbytes = 0;
-	    while (numbytes != egdbuf[0])
-		{
-	        num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
-		if (num == 0)
-			goto err;	/* descriptor closed */
-	        else if (num > 0)
-		    numbytes += num;
-	    	else
-		    {
-		    switch (errno)
-		    	{
-#ifdef EINTR
-		    	case EINTR:
-#endif
-#ifdef EAGAIN
-		    	case EAGAIN:
-#endif
-			    /* No error, try again */
-			    break;
-		    	default:
-			    ret = -1;
-			    goto err;	/* failure */
-			}
-		    }
-		}
-	    ret += egdbuf[0];
-	    bytes -= egdbuf[0];
-	    if (!buf)
-		RAND_seed(tempbuf, egdbuf[0]);
-	    }
+    while (bytes > 0) {
+        egdbuf[0] = 1;
+        egdbuf[1] = bytes < 255 ? bytes : 255;
+        numbytes = 0;
+        while (numbytes != 2) {
+            num = write(fd, egdbuf + numbytes, 2 - numbytes);
+            if (num >= 0)
+                numbytes += num;
+            else {
+                switch (errno) {
+# ifdef EINTR
+                case EINTR:
+# endif
+# ifdef EAGAIN
+                case EAGAIN:
+# endif
+                    /* No error, try again */
+                    break;
+                default:
+                    ret = -1;
+                    goto err;   /* failure */
+                }
+            }
+        }
+        numbytes = 0;
+        while (numbytes != 1) {
+            num = read(fd, egdbuf, 1);
+            if (num == 0)
+                goto err;       /* descriptor closed */
+            else if (num > 0)
+                numbytes += num;
+            else {
+                switch (errno) {
+# ifdef EINTR
+                case EINTR:
+# endif
+# ifdef EAGAIN
+                case EAGAIN:
+# endif
+                    /* No error, try again */
+                    break;
+                default:
+                    ret = -1;
+                    goto err;   /* failure */
+                }
+            }
+        }
+        if (egdbuf[0] == 0)
+            goto err;
+        if (buf)
+            retrievebuf = buf + ret;
+        else
+            retrievebuf = tempbuf;
+        numbytes = 0;
+        while (numbytes != egdbuf[0]) {
+            num = read(fd, retrievebuf + numbytes, egdbuf[0] - numbytes);
+            if (num == 0)
+                goto err;       /* descriptor closed */
+            else if (num > 0)
+                numbytes += num;
+            else {
+                switch (errno) {
+# ifdef EINTR
+                case EINTR:
+# endif
+# ifdef EAGAIN
+                case EAGAIN:
+# endif
+                    /* No error, try again */
+                    break;
+                default:
+                    ret = -1;
+                    goto err;   /* failure */
+                }
+            }
+        }
+        ret += egdbuf[0];
+        bytes -= egdbuf[0];
+        if (!buf)
+            RAND_seed(tempbuf, egdbuf[0]);
+    }
  err:
-	if (fd != -1) close(fd);
-	return(ret);
-	}
-
+    if (fd != -1)
+        close(fd);
+    return (ret);
+}
 
 int RAND_egd_bytes(const char *path, int bytes)
-	{
-	int num, ret = 0;
+{
+    int num, ret = 0;
 
-	num = RAND_query_egd_bytes(path, NULL, bytes);
-	if (num < 1) goto err;
-	if (RAND_status() == 1)
-	    ret = num;
+    num = RAND_query_egd_bytes(path, NULL, bytes);
+    if (num < 1)
+        goto err;
+    if (RAND_status() == 1)
+        ret = num;
  err:
-	return(ret);
-	}
-
+    return (ret);
+}
 
 int RAND_egd(const char *path)
-	{
-	return (RAND_egd_bytes(path, 255));
-	}
-
+{
+    return (RAND_egd_bytes(path, 255));
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_eng.c b/Cryptlib/OpenSSL/crypto/rand/rand_eng.c
index 1669cef4..c7fe2f0c 100644
--- a/Cryptlib/OpenSSL/crypto/rand/rand_eng.c
+++ b/Cryptlib/OpenSSL/crypto/rand/rand_eng.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,91 +62,84 @@
 #include "rand_lcl.h"
 #include <openssl/rand.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
+# include <openssl/fips.h>
+# include <openssl/fips_rand.h>
 #endif
 
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 
 #if defined(OPENSSL_FIPS) && !defined(OPENSSL_NO_ENGINE)
 
 /* non-NULL if default_RAND_meth is ENGINE-provided */
-static ENGINE *funct_ref =NULL;
+static ENGINE *funct_ref = NULL;
 
-int eng_RAND_set_rand_method(const RAND_METHOD *meth, const RAND_METHOD **pmeth)
-	{
-	if(funct_ref)
-		{
-		ENGINE_finish(funct_ref);
-		funct_ref = NULL;
-		}
-	*pmeth = meth;
-	return 1;
-	}
+int eng_RAND_set_rand_method(const RAND_METHOD *meth,
+                             const RAND_METHOD **pmeth)
+{
+    if (funct_ref) {
+        ENGINE_finish(funct_ref);
+        funct_ref = NULL;
+    }
+    *pmeth = meth;
+    return 1;
+}
 
 const RAND_METHOD *eng_RAND_get_rand_method(const RAND_METHOD **pmeth)
-	{
-	if (!*pmeth)
-		{
-		ENGINE *e = ENGINE_get_default_RAND();
-		if(e)
-			{
-			*pmeth = ENGINE_get_RAND(e);
-			if(!*pmeth)
-				{
-				ENGINE_finish(e);
-				e = NULL;
-				}
-			}
-		if(e)
-			funct_ref = e;
-		else
-			if(FIPS_mode())
-				*pmeth=FIPS_rand_method();
-			else
-			*pmeth = RAND_SSLeay();
-		}
+{
+    if (!*pmeth) {
+        ENGINE *e = ENGINE_get_default_RAND();
+        if (e) {
+            *pmeth = ENGINE_get_RAND(e);
+            if (!*pmeth) {
+                ENGINE_finish(e);
+                e = NULL;
+            }
+        }
+        if (e)
+            funct_ref = e;
+        else if (FIPS_mode())
+            *pmeth = FIPS_rand_method();
+        else
+            *pmeth = RAND_SSLeay();
+    }
 
-	if(FIPS_mode()
-		&& *pmeth != FIPS_rand_check())
-	    {
-	    RANDerr(RAND_F_ENG_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
-	    return 0;
-	    }
+    if (FIPS_mode()
+        && *pmeth != FIPS_rand_check()) {
+        RANDerr(RAND_F_ENG_RAND_GET_RAND_METHOD, RAND_R_NON_FIPS_METHOD);
+        return 0;
+    }
 
-	return *pmeth;
-	}
+    return *pmeth;
+}
 
 int RAND_set_rand_engine(ENGINE *engine)
-	{
-	const RAND_METHOD *tmp_meth = NULL;
-	if(engine)
-		{
-		if(!ENGINE_init(engine))
-			return 0;
-		tmp_meth = ENGINE_get_RAND(engine);
-		if(!tmp_meth)
-			{
-			ENGINE_finish(engine);
-			return 0;
-			}
-		}
-	/* This function releases any prior ENGINE so call it first */
-	RAND_set_rand_method(tmp_meth);
-	funct_ref = engine;
-	return 1;
-	}
+{
+    const RAND_METHOD *tmp_meth = NULL;
+    if (engine) {
+        if (!ENGINE_init(engine))
+            return 0;
+        tmp_meth = ENGINE_get_RAND(engine);
+        if (!tmp_meth) {
+            ENGINE_finish(engine);
+            return 0;
+        }
+    }
+    /* This function releases any prior ENGINE so call it first */
+    RAND_set_rand_method(tmp_meth);
+    funct_ref = engine;
+    return 1;
+}
 
 void int_RAND_init_engine_callbacks(void)
-	{
-	static int done = 0;
-	if (done)
-		return;
-	int_RAND_set_callbacks(eng_RAND_set_rand_method,
-				 eng_RAND_get_rand_method);
-	done = 1;
-	}
+{
+    static int done = 0;
+    if (done)
+        return;
+    int_RAND_set_callbacks(eng_RAND_set_rand_method,
+                           eng_RAND_get_rand_method);
+    done = 1;
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_err.c b/Cryptlib/OpenSSL/crypto/rand/rand_err.c
index 829fb44d..8ed247fd 100644
--- a/Cryptlib/OpenSSL/crypto/rand/rand_err.c
+++ b/Cryptlib/OpenSSL/crypto/rand/rand_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,50 +66,48 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RAND,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RAND,0,reason)
 
-static ERR_STRING_DATA RAND_str_functs[]=
-	{
-{ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD),	"ENG_RAND_GET_RAND_METHOD"},
-{ERR_FUNC(RAND_F_FIPS_RAND),	"FIPS_RAND"},
-{ERR_FUNC(RAND_F_FIPS_RAND_BYTES),	"FIPS_RAND_BYTES"},
-{ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD),	"FIPS_RAND_GET_RAND_METHOD"},
-{ERR_FUNC(RAND_F_FIPS_RAND_SET_DT),	"FIPS_RAND_SET_DT"},
-{ERR_FUNC(RAND_F_FIPS_SET_DT),	"FIPS_SET_DT"},
-{ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED),	"FIPS_SET_PRNG_SEED"},
-{ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE),	"FIPS_SET_TEST_MODE"},
-{ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD),	"RAND_get_rand_method"},
-{ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES),	"SSLEAY_RAND_BYTES"},
-{0,NULL}
-	};
+static ERR_STRING_DATA RAND_str_functs[] = {
+    {ERR_FUNC(RAND_F_ENG_RAND_GET_RAND_METHOD), "ENG_RAND_GET_RAND_METHOD"},
+    {ERR_FUNC(RAND_F_FIPS_RAND), "FIPS_RAND"},
+    {ERR_FUNC(RAND_F_FIPS_RAND_BYTES), "FIPS_RAND_BYTES"},
+    {ERR_FUNC(RAND_F_FIPS_RAND_GET_RAND_METHOD), "FIPS_RAND_GET_RAND_METHOD"},
+    {ERR_FUNC(RAND_F_FIPS_RAND_SET_DT), "FIPS_RAND_SET_DT"},
+    {ERR_FUNC(RAND_F_FIPS_SET_DT), "FIPS_SET_DT"},
+    {ERR_FUNC(RAND_F_FIPS_SET_PRNG_SEED), "FIPS_SET_PRNG_SEED"},
+    {ERR_FUNC(RAND_F_FIPS_SET_TEST_MODE), "FIPS_SET_TEST_MODE"},
+    {ERR_FUNC(RAND_F_RAND_GET_RAND_METHOD), "RAND_get_rand_method"},
+    {ERR_FUNC(RAND_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA RAND_str_reasons[]=
-	{
-{ERR_REASON(RAND_R_NON_FIPS_METHOD)      ,"non fips method"},
-{ERR_REASON(RAND_R_NOT_IN_TEST_MODE)     ,"not in test mode"},
-{ERR_REASON(RAND_R_NO_KEY_SET)           ,"no key set"},
-{ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH),"prng asking for too much"},
-{ERR_REASON(RAND_R_PRNG_ERROR)           ,"prng error"},
-{ERR_REASON(RAND_R_PRNG_KEYED)           ,"prng keyed"},
-{ERR_REASON(RAND_R_PRNG_NOT_REKEYED)     ,"prng not rekeyed"},
-{ERR_REASON(RAND_R_PRNG_NOT_RESEEDED)    ,"prng not reseeded"},
-{ERR_REASON(RAND_R_PRNG_NOT_SEEDED)      ,"PRNG not seeded"},
-{ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),"prng seed must not match key"},
-{ERR_REASON(RAND_R_PRNG_STUCK)           ,"prng stuck"},
-{0,NULL}
-	};
+static ERR_STRING_DATA RAND_str_reasons[] = {
+    {ERR_REASON(RAND_R_NON_FIPS_METHOD), "non fips method"},
+    {ERR_REASON(RAND_R_NOT_IN_TEST_MODE), "not in test mode"},
+    {ERR_REASON(RAND_R_NO_KEY_SET), "no key set"},
+    {ERR_REASON(RAND_R_PRNG_ASKING_FOR_TOO_MUCH), "prng asking for too much"},
+    {ERR_REASON(RAND_R_PRNG_ERROR), "prng error"},
+    {ERR_REASON(RAND_R_PRNG_KEYED), "prng keyed"},
+    {ERR_REASON(RAND_R_PRNG_NOT_REKEYED), "prng not rekeyed"},
+    {ERR_REASON(RAND_R_PRNG_NOT_RESEEDED), "prng not reseeded"},
+    {ERR_REASON(RAND_R_PRNG_NOT_SEEDED), "PRNG not seeded"},
+    {ERR_REASON(RAND_R_PRNG_SEED_MUST_NOT_MATCH_KEY),
+     "prng seed must not match key"},
+    {ERR_REASON(RAND_R_PRNG_STUCK), "prng stuck"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_RAND_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(RAND_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,RAND_str_functs);
-		ERR_load_strings(0,RAND_str_reasons);
-		}
+    if (ERR_func_error_string(RAND_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, RAND_str_functs);
+        ERR_load_strings(0, RAND_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c
index da6b4e0e..96997bd4 100644
--- a/Cryptlib/OpenSSL/crypto/rand/rand_lib.c
+++ b/Cryptlib/OpenSSL/crypto/rand/rand_lib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,12 +62,12 @@
 #include <openssl/rand.h>
 #include "rand_lcl.h"
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#include <openssl/fips_rand.h>
+# include <openssl/fips.h>
+# include <openssl/fips_rand.h>
 #endif
 
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 
 static const RAND_METHOD *default_RAND_meth = NULL;
@@ -75,171 +75,162 @@ static const RAND_METHOD *default_RAND_meth = NULL;
 #ifdef OPENSSL_FIPS
 
 static int fips_RAND_set_rand_method(const RAND_METHOD *meth,
-					const RAND_METHOD **pmeth)
-	{
-	*pmeth = meth;
-	return 1;
-	}
+                                     const RAND_METHOD **pmeth)
+{
+    *pmeth = meth;
+    return 1;
+}
 
 static const RAND_METHOD *fips_RAND_get_rand_method(const RAND_METHOD **pmeth)
-	{
-	if (!*pmeth)
-		{
-		if(FIPS_mode())
-			*pmeth=FIPS_rand_method();
-		else
-			*pmeth = RAND_SSLeay();
-		}
-
-	if(FIPS_mode()
-		&& *pmeth != FIPS_rand_check())
-	    {
-	    RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD,RAND_R_NON_FIPS_METHOD);
-	    return 0;
-	    }
-
-	return *pmeth;
-	}
-
-static int (*RAND_set_rand_method_func)(const RAND_METHOD *meth,
-						const RAND_METHOD **pmeth)
-	= fips_RAND_set_rand_method;
+{
+    if (!*pmeth) {
+        if (FIPS_mode())
+            *pmeth = FIPS_rand_method();
+        else
+            *pmeth = RAND_SSLeay();
+    }
+
+    if (FIPS_mode()
+        && *pmeth != FIPS_rand_check()) {
+        RANDerr(RAND_F_FIPS_RAND_GET_RAND_METHOD, RAND_R_NON_FIPS_METHOD);
+        return 0;
+    }
+
+    return *pmeth;
+}
+
+static int (*RAND_set_rand_method_func) (const RAND_METHOD *meth,
+                                         const RAND_METHOD **pmeth)
+    = fips_RAND_set_rand_method;
 static const RAND_METHOD *(*RAND_get_rand_method_func)
-						(const RAND_METHOD **pmeth)
-	= fips_RAND_get_rand_method;
-
-#ifndef OPENSSL_NO_ENGINE
-void int_RAND_set_callbacks(
-	int (*set_rand_func)(const RAND_METHOD *meth,
-						const RAND_METHOD **pmeth),
-	const RAND_METHOD *(*get_rand_func)
-						(const RAND_METHOD **pmeth))
-	{
-	RAND_set_rand_method_func = set_rand_func;
-	RAND_get_rand_method_func = get_rand_func;
-	}
-#endif
+ (const RAND_METHOD **pmeth)
+    = fips_RAND_get_rand_method;
+
+# ifndef OPENSSL_NO_ENGINE
+void int_RAND_set_callbacks(int (*set_rand_func) (const RAND_METHOD *meth,
+                                                  const RAND_METHOD **pmeth),
+                            const RAND_METHOD *(*get_rand_func)
+                             (const RAND_METHOD **pmeth))
+{
+    RAND_set_rand_method_func = set_rand_func;
+    RAND_get_rand_method_func = get_rand_func;
+}
+# endif
 
 int RAND_set_rand_method(const RAND_METHOD *meth)
-	{
-	return RAND_set_rand_method_func(meth, &default_RAND_meth);
-	}
+{
+    return RAND_set_rand_method_func(meth, &default_RAND_meth);
+}
 
 const RAND_METHOD *RAND_get_rand_method(void)
-	{
-	return RAND_get_rand_method_func(&default_RAND_meth);
-	}
+{
+    return RAND_get_rand_method_func(&default_RAND_meth);
+}
 
 #else
 
-#ifndef OPENSSL_NO_ENGINE
+# ifndef OPENSSL_NO_ENGINE
 /* non-NULL if default_RAND_meth is ENGINE-provided */
-static ENGINE *funct_ref =NULL;
-#endif
+static ENGINE *funct_ref = NULL;
+# endif
 
 int RAND_set_rand_method(const RAND_METHOD *meth)
-	{
-#ifndef OPENSSL_NO_ENGINE
-	if(funct_ref)
-		{
-		ENGINE_finish(funct_ref);
-		funct_ref = NULL;
-		}
-#endif
-	default_RAND_meth = meth;
-	return 1;
-	}
+{
+# ifndef OPENSSL_NO_ENGINE
+    if (funct_ref) {
+        ENGINE_finish(funct_ref);
+        funct_ref = NULL;
+    }
+# endif
+    default_RAND_meth = meth;
+    return 1;
+}
 
 const RAND_METHOD *RAND_get_rand_method(void)
-	{
-	if (!default_RAND_meth)
-		{
-#ifndef OPENSSL_NO_ENGINE
-		ENGINE *e = ENGINE_get_default_RAND();
-		if(e)
-			{
-			default_RAND_meth = ENGINE_get_RAND(e);
-			if(!default_RAND_meth)
-				{
-				ENGINE_finish(e);
-				e = NULL;
-				}
-			}
-		if(e)
-			funct_ref = e;
-		else
-#endif
-			default_RAND_meth = RAND_SSLeay();
-		}
-	return default_RAND_meth;
-	}
-
-#ifndef OPENSSL_NO_ENGINE
+{
+    if (!default_RAND_meth) {
+# ifndef OPENSSL_NO_ENGINE
+        ENGINE *e = ENGINE_get_default_RAND();
+        if (e) {
+            default_RAND_meth = ENGINE_get_RAND(e);
+            if (!default_RAND_meth) {
+                ENGINE_finish(e);
+                e = NULL;
+            }
+        }
+        if (e)
+            funct_ref = e;
+        else
+# endif
+            default_RAND_meth = RAND_SSLeay();
+    }
+    return default_RAND_meth;
+}
+
+# ifndef OPENSSL_NO_ENGINE
 int RAND_set_rand_engine(ENGINE *engine)
-	{
-	const RAND_METHOD *tmp_meth = NULL;
-	if(engine)
-		{
-		if(!ENGINE_init(engine))
-			return 0;
-		tmp_meth = ENGINE_get_RAND(engine);
-		if(!tmp_meth)
-			{
-			ENGINE_finish(engine);
-			return 0;
-			}
-		}
-	/* This function releases any prior ENGINE so call it first */
-	RAND_set_rand_method(tmp_meth);
-	funct_ref = engine;
-	return 1;
-	}
-#endif
+{
+    const RAND_METHOD *tmp_meth = NULL;
+    if (engine) {
+        if (!ENGINE_init(engine))
+            return 0;
+        tmp_meth = ENGINE_get_RAND(engine);
+        if (!tmp_meth) {
+            ENGINE_finish(engine);
+            return 0;
+        }
+    }
+    /* This function releases any prior ENGINE so call it first */
+    RAND_set_rand_method(tmp_meth);
+    funct_ref = engine;
+    return 1;
+}
+# endif
 
 #endif
 
 void RAND_cleanup(void)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->cleanup)
-		meth->cleanup();
-	RAND_set_rand_method(NULL);
-	}
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->cleanup)
+        meth->cleanup();
+    RAND_set_rand_method(NULL);
+}
 
 void RAND_seed(const void *buf, int num)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->seed)
-		meth->seed(buf,num);
-	}
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->seed)
+        meth->seed(buf, num);
+}
 
 void RAND_add(const void *buf, int num, double entropy)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->add)
-		meth->add(buf,num,entropy);
-	}
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->add)
+        meth->add(buf, num, entropy);
+}
 
 int RAND_bytes(unsigned char *buf, int num)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->bytes)
-		return meth->bytes(buf,num);
-	return(-1);
-	}
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->bytes)
+        return meth->bytes(buf, num);
+    return (-1);
+}
 
 int RAND_pseudo_bytes(unsigned char *buf, int num)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->pseudorand)
-		return meth->pseudorand(buf,num);
-	return(-1);
-	}
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->pseudorand)
+        return meth->pseudorand(buf, num);
+    return (-1);
+}
 
 int RAND_status(void)
-	{
-	const RAND_METHOD *meth = RAND_get_rand_method();
-	if (meth && meth->status)
-		return meth->status();
-	return 0;
-	}
+{
+    const RAND_METHOD *meth = RAND_get_rand_method();
+    if (meth && meth->status)
+        return meth->status();
+    return 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_nw.c b/Cryptlib/OpenSSL/crypto/rand/rand_nw.c
index 8d5b8d2e..55ffe9ad 100644
--- a/Cryptlib/OpenSSL/crypto/rand/rand_nw.c
+++ b/Cryptlib/OpenSSL/crypto/rand/rand_nw.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -115,69 +115,65 @@
 
 #if defined (OPENSSL_SYS_NETWARE)
 
-#if defined(NETWARE_LIBC)
-#include <nks/thread.h>
-#else
-#include <nwthread.h>
-#endif
+# if defined(NETWARE_LIBC)
+#  include <nks/thread.h>
+# else
+#  include <nwthread.h>
+# endif
 
 extern int GetProcessSwitchCount(void);
-#if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000)
-extern void *RunningProcess; /* declare here same as found in newer NDKs */
+# if !defined(NETWARE_LIBC) || (CURRENT_NDK_THRESHOLD < 509220000)
+extern void *RunningProcess;    /* declare here same as found in newer NDKs */
 extern unsigned long GetSuperHighResolutionTimer(void);
-#endif
+# endif
 
-   /* the FAQ indicates we need to provide at least 20 bytes (160 bits) of seed
-   */
+   /*
+    * the FAQ indicates we need to provide at least 20 bytes (160 bits) of
+    * seed
+    */
 int RAND_poll(void)
 {
-   unsigned long l;
-   unsigned long tsc;
-   int i; 
+    unsigned long l;
+    unsigned long tsc;
+    int i;
 
-      /* There are several options to gather miscellaneous data
-       * but for now we will loop checking the time stamp counter (rdtsc) and
-       * the SuperHighResolutionTimer.  Each iteration will collect 8 bytes
-       * of data but it is treated as only 1 byte of entropy.  The call to
-       * ThreadSwitchWithDelay() will introduce additional variability into
-       * the data returned by rdtsc.
-       *
-       * Applications can agument the seed material by adding additional
-       * stuff with RAND_add() and should probably do so.
-      */
-   l = GetProcessSwitchCount();
-   RAND_add(&l,sizeof(l),1);
-   
-   /* need to cast the void* to unsigned long here */
-   l = (unsigned long)RunningProcess;
-   RAND_add(&l,sizeof(l),1);
+    /*
+     * There are several options to gather miscellaneous data but for now we
+     * will loop checking the time stamp counter (rdtsc) and the
+     * SuperHighResolutionTimer.  Each iteration will collect 8 bytes of data
+     * but it is treated as only 1 byte of entropy.  The call to
+     * ThreadSwitchWithDelay() will introduce additional variability into the
+     * data returned by rdtsc. Applications can agument the seed material by
+     * adding additional stuff with RAND_add() and should probably do so.
+     */
+    l = GetProcessSwitchCount();
+    RAND_add(&l, sizeof(l), 1);
 
-   for( i=2; i<ENTROPY_NEEDED; i++)
-   {
-#ifdef __MWERKS__
-      asm 
-      {
-         rdtsc
-         mov tsc, eax        
-      }
-#elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-      asm volatile("rdtsc":"=a"(tsc)::"edx");
-#endif
+    /* need to cast the void* to unsigned long here */
+    l = (unsigned long)RunningProcess;
+    RAND_add(&l, sizeof(l), 1);
 
-      RAND_add(&tsc, sizeof(tsc), 1);
+    for (i = 2; i < ENTROPY_NEEDED; i++) {
+# ifdef __MWERKS__
+        asm {
+        rdtsc mov tsc, eax}
+# elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+        asm volatile ("rdtsc":"=a" (tsc)::"edx");
+# endif
+
+        RAND_add(&tsc, sizeof(tsc), 1);
 
-      l = GetSuperHighResolutionTimer();
-      RAND_add(&l, sizeof(l), 0);
+        l = GetSuperHighResolutionTimer();
+        RAND_add(&l, sizeof(l), 0);
 
 # if defined(NETWARE_LIBC)
-      NXThreadYield();
-# else /* NETWARE_CLIB */
-      ThreadSwitchWithDelay();
+        NXThreadYield();
+# else                          /* NETWARE_CLIB */
+        ThreadSwitchWithDelay();
 # endif
-   }
+    }
 
-   return 1;
+    return 1;
 }
 
-#endif 
-
+#endif
diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_os2.c b/Cryptlib/OpenSSL/crypto/rand/rand_os2.c
index c3e36d4e..4de2115f 100644
--- a/Cryptlib/OpenSSL/crypto/rand/rand_os2.c
+++ b/Cryptlib/OpenSSL/crypto/rand/rand_os2.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -59,27 +59,30 @@
 
 #ifdef OPENSSL_SYS_OS2
 
-#define INCL_DOSPROCESS
-#define INCL_DOSPROFILE
-#define INCL_DOSMISC
-#define INCL_DOSMODULEMGR
-#include <os2.h>
+# define INCL_DOSPROCESS
+# define INCL_DOSPROFILE
+# define INCL_DOSMISC
+# define INCL_DOSMODULEMGR
+# include <os2.h>
 
-#define   CMD_KI_RDCNT    (0x63)
+# define   CMD_KI_RDCNT    (0x63)
 
 typedef struct _CPUUTIL {
-    ULONG ulTimeLow;            /* Low 32 bits of time stamp      */
-    ULONG ulTimeHigh;           /* High 32 bits of time stamp     */
-    ULONG ulIdleLow;            /* Low 32 bits of idle time       */
-    ULONG ulIdleHigh;           /* High 32 bits of idle time      */
-    ULONG ulBusyLow;            /* Low 32 bits of busy time       */
-    ULONG ulBusyHigh;           /* High 32 bits of busy time      */
-    ULONG ulIntrLow;            /* Low 32 bits of interrupt time  */
+    ULONG ulTimeLow;            /* Low 32 bits of time stamp */
+    ULONG ulTimeHigh;           /* High 32 bits of time stamp */
+    ULONG ulIdleLow;            /* Low 32 bits of idle time */
+    ULONG ulIdleHigh;           /* High 32 bits of idle time */
+    ULONG ulBusyLow;            /* Low 32 bits of busy time */
+    ULONG ulBusyHigh;           /* High 32 bits of busy time */
+    ULONG ulIntrLow;            /* Low 32 bits of interrupt time */
     ULONG ulIntrHigh;           /* High 32 bits of interrupt time */
 } CPUUTIL;
 
-APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1, ULONG ulParm2, ULONG ulParm3) = NULL;
-APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid, ULONG _res_, PVOID buf, ULONG bufsz) = NULL;
+APIRET APIENTRY(*DosPerfSysCall) (ULONG ulCommand, ULONG ulParm1,
+                                  ULONG ulParm2, ULONG ulParm3) = NULL;
+APIRET APIENTRY(*DosQuerySysState) (ULONG func, ULONG arg1, ULONG pid,
+                                    ULONG _res_, PVOID buf, ULONG bufsz) =
+    NULL;
 HMODULE hDoscalls = 0;
 
 int RAND_poll(void)
@@ -89,15 +92,19 @@ int RAND_poll(void)
     ULONG SysVars[QSV_FOREGROUND_PROCESS];
 
     if (hDoscalls == 0) {
-        ULONG rc = DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS", &hDoscalls);
+        ULONG rc =
+            DosLoadModule(failed_module, sizeof(failed_module), "DOSCALLS",
+                          &hDoscalls);
 
         if (rc == 0) {
-            rc = DosQueryProcAddr(hDoscalls, 976, NULL, (PFN *)&DosPerfSysCall);
+            rc = DosQueryProcAddr(hDoscalls, 976, NULL,
+                                  (PFN *) & DosPerfSysCall);
 
             if (rc)
                 DosPerfSysCall = NULL;
 
-            rc = DosQueryProcAddr(hDoscalls, 368, NULL, (PFN *)&DosQuerySysState);
+            rc = DosQueryProcAddr(hDoscalls, 368, NULL,
+                                  (PFN *) & DosQuerySysState);
 
             if (rc)
                 DosQuerySysState = NULL;
@@ -108,33 +115,40 @@ int RAND_poll(void)
     DosTmrQueryTime(&qwTime);
     RAND_add(&qwTime, sizeof(qwTime), 2);
 
-    /* Sample a bunch of system variables, includes various process & memory statistics */
+    /*
+     * Sample a bunch of system variables, includes various process & memory
+     * statistics
+     */
     DosQuerySysInfo(1, QSV_FOREGROUND_PROCESS, SysVars, sizeof(SysVars));
     RAND_add(SysVars, sizeof(SysVars), 4);
 
-    /* If available, sample CPU registers that count at CPU MHz
-     * Only fairly new CPUs (PPro & K6 onwards) & OS/2 versions support this
+    /*
+     * If available, sample CPU registers that count at CPU MHz Only fairly
+     * new CPUs (PPro & K6 onwards) & OS/2 versions support this
      */
     if (DosPerfSysCall) {
         CPUUTIL util;
 
-        if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG)&util, 0, 0) == 0) {
+        if (DosPerfSysCall(CMD_KI_RDCNT, (ULONG) & util, 0, 0) == 0) {
             RAND_add(&util, sizeof(util), 10);
-        }
-        else {
+        } else {
             DosPerfSysCall = NULL;
         }
     }
 
-    /* DosQuerySysState() gives us a huge quantity of process, thread, memory & handle stats */
+    /*
+     * DosQuerySysState() gives us a huge quantity of process, thread, memory
+     * & handle stats
+     */
     if (DosQuerySysState) {
         char *buffer = OPENSSL_malloc(256 * 1024);
 
         if (DosQuerySysState(0x1F, 0, 0, 0, buffer, 256 * 1024) == 0) {
-            /* First 4 bytes in buffer is a pointer to the thread count
-             * there should be at least 1 byte of entropy per thread
+            /*
+             * First 4 bytes in buffer is a pointer to the thread count there
+             * should be at least 1 byte of entropy per thread
              */
-            RAND_add(buffer, 256 * 1024, **(ULONG **)buffer);
+            RAND_add(buffer, 256 * 1024, **(ULONG **) buffer);
         }
 
         OPENSSL_free(buffer);
@@ -144,4 +158,4 @@ int RAND_poll(void)
     return 0;
 }
 
-#endif /* OPENSSL_SYS_OS2 */
+#endif                          /* OPENSSL_SYS_OS2 */
diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c
index 8e2c4ca7..0a6893cc 100644
--- a/Cryptlib/OpenSSL/crypto/rand/rand_unix.c
+++ b/Cryptlib/OpenSSL/crypto/rand/rand_unix.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -118,213 +118,223 @@
 
 #if !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE) || defined(OPENSSL_SYS_UEFI))
 
-#include <sys/types.h>
-#include <sys/time.h>
-#include <sys/times.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <unistd.h>
-#include <time.h>
-#if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually everywhere */
-# include <poll.h>
-#endif
-#include <limits.h>
-#ifndef FD_SETSIZE
-# define FD_SETSIZE (8*sizeof(fd_set))
-#endif
+# include <sys/types.h>
+# include <sys/time.h>
+# include <sys/times.h>
+# include <sys/stat.h>
+# include <fcntl.h>
+# include <unistd.h>
+# include <time.h>
+# if defined(OPENSSL_SYS_LINUX) /* should actually be available virtually
+                                 * everywhere */
+#  include <poll.h>
+# endif
+# include <limits.h>
+# ifndef FD_SETSIZE
+#  define FD_SETSIZE (8*sizeof(fd_set))
+# endif
 
-#ifdef __OpenBSD__
+# ifdef __OpenBSD__
 int RAND_poll(void)
 {
-	u_int32_t rnd = 0, i;
-	unsigned char buf[ENTROPY_NEEDED];
+    u_int32_t rnd = 0, i;
+    unsigned char buf[ENTROPY_NEEDED];
 
-	for (i = 0; i < sizeof(buf); i++) {
-		if (i % 4 == 0)
-			rnd = arc4random();
-		buf[i] = rnd;
-		rnd >>= 8;
-	}
-	RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
-	memset(buf, 0, sizeof(buf));
+    for (i = 0; i < sizeof(buf); i++) {
+        if (i % 4 == 0)
+            rnd = arc4random();
+        buf[i] = rnd;
+        rnd >>= 8;
+    }
+    RAND_add(buf, sizeof(buf), ENTROPY_NEEDED);
+    memset(buf, 0, sizeof(buf));
 
-	return 1;
+    return 1;
 }
-#else /* !defined(__OpenBSD__) */
+# else                          /* !defined(__OpenBSD__) */
 int RAND_poll(void)
 {
-	unsigned long l;
-	pid_t curr_pid = getpid();
-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
-	unsigned char tmpbuf[ENTROPY_NEEDED];
-	int n = 0;
-#endif
-#ifdef DEVRANDOM
-	static const char *randomfiles[] = { DEVRANDOM };
-	struct stat randomstats[sizeof(randomfiles)/sizeof(randomfiles[0])];
-	int fd;
-	size_t i;
-#endif
-#ifdef DEVRANDOM_EGD
-	static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
-	const char **egdsocket = NULL;
-#endif
+    unsigned long l;
+    pid_t curr_pid = getpid();
+#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+    unsigned char tmpbuf[ENTROPY_NEEDED];
+    int n = 0;
+#  endif
+#  ifdef DEVRANDOM
+    static const char *randomfiles[] = { DEVRANDOM };
+    struct stat randomstats[sizeof(randomfiles) / sizeof(randomfiles[0])];
+    int fd;
+    size_t i;
+#  endif
+#  ifdef DEVRANDOM_EGD
+    static const char *egdsockets[] = { DEVRANDOM_EGD, NULL };
+    const char **egdsocket = NULL;
+#  endif
 
-#ifdef DEVRANDOM
-	memset(randomstats,0,sizeof(randomstats));
-	/* Use a random entropy pool device. Linux, FreeBSD and OpenBSD
-	 * have this. Use /dev/urandom if you can as /dev/random may block
-	 * if it runs out of random entries.  */
+#  ifdef DEVRANDOM
+    memset(randomstats, 0, sizeof(randomstats));
+    /*
+     * Use a random entropy pool device. Linux, FreeBSD and OpenBSD have
+     * this. Use /dev/urandom if you can as /dev/random may block if it runs
+     * out of random entries.
+     */
 
-	for (i=0; i<sizeof(randomfiles)/sizeof(randomfiles[0]) && n < ENTROPY_NEEDED; i++)
-		{
-		if ((fd = open(randomfiles[i], O_RDONLY
-#ifdef O_NONBLOCK
-			|O_NONBLOCK
-#endif
-#ifdef O_BINARY
-			|O_BINARY
-#endif
-#ifdef O_NOCTTY /* If it happens to be a TTY (god forbid), do not make it
-		   our controlling tty */
-			|O_NOCTTY
-#endif
-			)) >= 0)
-			{
-			int usec = 10*1000; /* spend 10ms on each file */
-			int r;
-			size_t j;
-			struct stat *st=&randomstats[i];
+    for (i = 0; i < sizeof(randomfiles) / sizeof(randomfiles[0])
+         && n < ENTROPY_NEEDED; i++) {
+        if ((fd = open(randomfiles[i], O_RDONLY
+#   ifdef O_NONBLOCK
+                       | O_NONBLOCK
+#   endif
+#   ifdef O_BINARY
+                       | O_BINARY
+#   endif
+#   ifdef O_NOCTTY              /* If it happens to be a TTY (god forbid), do
+                                 * not make it our controlling tty */
+                       | O_NOCTTY
+#   endif
+             )) >= 0) {
+            int usec = 10 * 1000; /* spend 10ms on each file */
+            int r;
+            size_t j;
+            struct stat *st = &randomstats[i];
 
-			/* Avoid using same input... Used to be O_NOFOLLOW
-			 * above, but it's not universally appropriate... */
-			if (fstat(fd,st) != 0)	{ close(fd); continue; }
-			for (j=0;j<i;j++)
-				{
-				if (randomstats[j].st_ino==st->st_ino &&
-				    randomstats[j].st_dev==st->st_dev)
-					break;
-				}
-			if (j<i)		{ close(fd); continue; }
+            /*
+             * Avoid using same input... Used to be O_NOFOLLOW above, but
+             * it's not universally appropriate...
+             */
+            if (fstat(fd, st) != 0) {
+                close(fd);
+                continue;
+            }
+            for (j = 0; j < i; j++) {
+                if (randomstats[j].st_ino == st->st_ino &&
+                    randomstats[j].st_dev == st->st_dev)
+                    break;
+            }
+            if (j < i) {
+                close(fd);
+                continue;
+            }
 
-			do
-				{
-				int try_read = 0;
+            do {
+                int try_read = 0;
 
-#if defined(OPENSSL_SYS_LINUX)
-				/* use poll() */
-				struct pollfd pset;
-				
-				pset.fd = fd;
-				pset.events = POLLIN;
-				pset.revents = 0;
+#   if defined(OPENSSL_SYS_LINUX)
+                /* use poll() */
+                struct pollfd pset;
 
-				if (poll(&pset, 1, usec / 1000) < 0)
-					usec = 0;
-				else
-					try_read = (pset.revents & POLLIN) != 0;
+                pset.fd = fd;
+                pset.events = POLLIN;
+                pset.revents = 0;
 
-#else
-				/* use select() */
-				fd_set fset;
-				struct timeval t;
-				
-				t.tv_sec = 0;
-				t.tv_usec = usec;
+                if (poll(&pset, 1, usec / 1000) < 0)
+                    usec = 0;
+                else
+                    try_read = (pset.revents & POLLIN) != 0;
 
-				if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE)
-					{
-					/* can't use select, so just try to read once anyway */
-					try_read = 1;
-					}
-				else
-					{
-					FD_ZERO(&fset);
-					FD_SET(fd, &fset);
-					
-					if (select(fd+1,&fset,NULL,NULL,&t) >= 0)
-						{
-						usec = t.tv_usec;
-						if (FD_ISSET(fd, &fset))
-							try_read = 1;
-						}
-					else
-						usec = 0;
-					}
-#endif
-				
-				if (try_read)
-					{
-					r = read(fd,(unsigned char *)tmpbuf+n, ENTROPY_NEEDED-n);
-					if (r > 0)
-						n += r;
-					}
-				else
-					r = -1;
-				
-				/* Some Unixen will update t in select(), some
-				   won't.  For those who won't, or if we
-				   didn't use select() in the first place,
-				   give up here, otherwise, we will do
-				   this once again for the remaining
-				   time. */
-				if (usec == 10*1000)
-					usec = 0;
-				}
-			while ((r > 0 ||
-			       (errno == EINTR || errno == EAGAIN)) && usec != 0 && n < ENTROPY_NEEDED);
+#   else
+                /* use select() */
+                fd_set fset;
+                struct timeval t;
 
-			close(fd);
-			}
-		}
-#endif /* defined(DEVRANDOM) */
+                t.tv_sec = 0;
+                t.tv_usec = usec;
 
-#ifdef DEVRANDOM_EGD
-	/* Use an EGD socket to read entropy from an EGD or PRNGD entropy
-	 * collecting daemon. */
+                if (FD_SETSIZE > 0 && (unsigned)fd >= FD_SETSIZE) {
+                    /*
+                     * can't use select, so just try to read once anyway
+                     */
+                    try_read = 1;
+                } else {
+                    FD_ZERO(&fset);
+                    FD_SET(fd, &fset);
 
-	for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED; egdsocket++)
-		{
-		int r;
+                    if (select(fd + 1, &fset, NULL, NULL, &t) >= 0) {
+                        usec = t.tv_usec;
+                        if (FD_ISSET(fd, &fset))
+                            try_read = 1;
+                    } else
+                        usec = 0;
+                }
+#   endif
 
-		r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf+n,
-					 ENTROPY_NEEDED-n);
-		if (r > 0)
-			n += r;
-		}
-#endif /* defined(DEVRANDOM_EGD) */
+                if (try_read) {
+                    r = read(fd, (unsigned char *)tmpbuf + n,
+                             ENTROPY_NEEDED - n);
+                    if (r > 0)
+                        n += r;
+                } else
+                    r = -1;
 
-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
-	if (n > 0)
-		{
-		RAND_add(tmpbuf,sizeof tmpbuf,(double)n);
-		OPENSSL_cleanse(tmpbuf,n);
-		}
-#endif
+                /*
+                 * Some Unixen will update t in select(), some won't.  For
+                 * those who won't, or if we didn't use select() in the first
+                 * place, give up here, otherwise, we will do this once again
+                 * for the remaining time.
+                 */
+                if (usec == 10 * 1000)
+                    usec = 0;
+            }
+            while ((r > 0 ||
+                    (errno == EINTR || errno == EAGAIN)) && usec != 0
+                   && n < ENTROPY_NEEDED);
 
-	/* put in some default random data, we need more than just this */
-	l=curr_pid;
-	RAND_add(&l,sizeof(l),0.0);
-	l=getuid();
-	RAND_add(&l,sizeof(l),0.0);
+            close(fd);
+        }
+    }
+#  endif                        /* defined(DEVRANDOM) */
 
-	l=time(NULL);
-	RAND_add(&l,sizeof(l),0.0);
+#  ifdef DEVRANDOM_EGD
+    /*
+     * Use an EGD socket to read entropy from an EGD or PRNGD entropy
+     * collecting daemon.
+     */
 
-#if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
-	return 1;
-#else
-	return 0;
-#endif
-}
+    for (egdsocket = egdsockets; *egdsocket && n < ENTROPY_NEEDED;
+         egdsocket++) {
+        int r;
+
+        r = RAND_query_egd_bytes(*egdsocket, (unsigned char *)tmpbuf + n,
+                                 ENTROPY_NEEDED - n);
+        if (r > 0)
+            n += r;
+    }
+#  endif                        /* defined(DEVRANDOM_EGD) */
 
-#endif /* defined(__OpenBSD__) */
-#endif /* !(defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VMS) || defined(OPENSSL_SYS_OS2) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)) */
+#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+    if (n > 0) {
+        RAND_add(tmpbuf, sizeof tmpbuf, (double)n);
+        OPENSSL_cleanse(tmpbuf, n);
+    }
+#  endif
 
+    /* put in some default random data, we need more than just this */
+    l = curr_pid;
+    RAND_add(&l, sizeof(l), 0.0);
+    l = getuid();
+    RAND_add(&l, sizeof(l), 0.0);
+
+    l = time(NULL);
+    RAND_add(&l, sizeof(l), 0.0);
+
+#  if defined(DEVRANDOM) || defined(DEVRANDOM_EGD)
+    return 1;
+#  else
+    return 0;
+#  endif
+}
+
+# endif                         /* defined(__OpenBSD__) */
+#endif                          /* !(defined(OPENSSL_SYS_WINDOWS) ||
+                                 * defined(OPENSSL_SYS_WIN32) ||
+                                 * defined(OPENSSL_SYS_VMS) ||
+                                 * defined(OPENSSL_SYS_OS2) ||
+                                 * defined(OPENSSL_SYS_VXWORKS) ||
+                                 * defined(OPENSSL_SYS_NETWARE)) */
 
 #if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
 int RAND_poll(void)
-	{
-	return 0;
-	}
+{
+    return 0;
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/rand/rand_win.c b/Cryptlib/OpenSSL/crypto/rand/rand_win.c
index 5d134e18..0c616c4c 100644
--- a/Cryptlib/OpenSSL/crypto/rand/rand_win.c
+++ b/Cryptlib/OpenSSL/crypto/rand/rand_win.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -114,607 +114,552 @@
 #include "rand_lcl.h"
 
 #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32)
-#include <windows.h>
-#ifndef _WIN32_WINNT
-# define _WIN32_WINNT 0x0400
-#endif
-#include <wincrypt.h>
-#include <tlhelp32.h>
+# include <windows.h>
+# ifndef _WIN32_WINNT
+#  define _WIN32_WINNT 0x0400
+# endif
+# include <wincrypt.h>
+# include <tlhelp32.h>
 
-/* Limit the time spent walking through the heap, processes, threads and modules to
-   a maximum of 1000 miliseconds each, unless CryptoGenRandom failed */
-#define MAXDELAY 1000
+/*
+ * Limit the time spent walking through the heap, processes, threads and
+ * modules to a maximum of 1000 miliseconds each, unless CryptoGenRandom
+ * failed
+ */
+# define MAXDELAY 1000
 
-/* Intel hardware RNG CSP -- available from
+/*
+ * Intel hardware RNG CSP -- available from
  * http://developer.intel.com/design/security/rng/redist_license.htm
  */
-#define PROV_INTEL_SEC 22
-#define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
+# define PROV_INTEL_SEC 22
+# define INTEL_DEF_PROV L"Intel Hardware Cryptographic Service Provider"
 
 static void readtimer(void);
 static void readscreen(void);
 
-/* It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined
-   when WINVER is 0x0500 and up, which currently only happens on Win2000.
-   Unfortunately, those are typedefs, so they're a little bit difficult to
-   detect properly.  On the other hand, the macro CURSOR_SHOWING is defined
-   within the same conditional, so it can be use to detect the absence of said
-   typedefs. */
+/*
+ * It appears like CURSORINFO, PCURSORINFO and LPCURSORINFO are only defined
+ * when WINVER is 0x0500 and up, which currently only happens on Win2000.
+ * Unfortunately, those are typedefs, so they're a little bit difficult to
+ * detect properly.  On the other hand, the macro CURSOR_SHOWING is defined
+ * within the same conditional, so it can be use to detect the absence of
+ * said typedefs.
+ */
 
-#ifndef CURSOR_SHOWING
+# ifndef CURSOR_SHOWING
 /*
  * Information about the global cursor.
  */
-typedef struct tagCURSORINFO
-{
-    DWORD   cbSize;
-    DWORD   flags;
+typedef struct tagCURSORINFO {
+    DWORD cbSize;
+    DWORD flags;
     HCURSOR hCursor;
-    POINT   ptScreenPos;
+    POINT ptScreenPos;
 } CURSORINFO, *PCURSORINFO, *LPCURSORINFO;
 
-#define CURSOR_SHOWING     0x00000001
-#endif /* CURSOR_SHOWING */
-
-#if !defined(OPENSSL_SYS_WINCE)
-typedef BOOL (WINAPI *CRYPTACQUIRECONTEXTW)(HCRYPTPROV *, LPCWSTR, LPCWSTR,
-				    DWORD, DWORD);
-typedef BOOL (WINAPI *CRYPTGENRANDOM)(HCRYPTPROV, DWORD, BYTE *);
-typedef BOOL (WINAPI *CRYPTRELEASECONTEXT)(HCRYPTPROV, DWORD);
-
-typedef HWND (WINAPI *GETFOREGROUNDWINDOW)(VOID);
-typedef BOOL (WINAPI *GETCURSORINFO)(PCURSORINFO);
-typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
-
-typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
-typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
-typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, size_t);
-typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
-typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
-typedef BOOL (WINAPI *PROCESS32)(HANDLE, LPPROCESSENTRY32);
-typedef BOOL (WINAPI *THREAD32)(HANDLE, LPTHREADENTRY32);
-typedef BOOL (WINAPI *MODULE32)(HANDLE, LPMODULEENTRY32);
-
-#include <lmcons.h>
-#include <lmstats.h>
-#if 1 /* The NET API is Unicode only.  It requires the use of the UNICODE
-       * macro.  When UNICODE is defined LPTSTR becomes LPWSTR.  LMSTR was
-       * was added to the Platform SDK to allow the NET API to be used in
-       * non-Unicode applications provided that Unicode strings were still
-       * used for input.  LMSTR is defined as LPWSTR.
-       */
-typedef NET_API_STATUS (NET_API_FUNCTION * NETSTATGET)
-        (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE*);
-typedef NET_API_STATUS (NET_API_FUNCTION * NETFREE)(LPBYTE);
-#endif /* 1 */
-#endif /* !OPENSSL_SYS_WINCE */
+#  define CURSOR_SHOWING     0x00000001
+# endif                         /* CURSOR_SHOWING */
+
+# if !defined(OPENSSL_SYS_WINCE)
+typedef BOOL(WINAPI *CRYPTACQUIRECONTEXTW) (HCRYPTPROV *, LPCWSTR, LPCWSTR,
+                                            DWORD, DWORD);
+typedef BOOL(WINAPI *CRYPTGENRANDOM) (HCRYPTPROV, DWORD, BYTE *);
+typedef BOOL(WINAPI *CRYPTRELEASECONTEXT) (HCRYPTPROV, DWORD);
+
+typedef HWND(WINAPI *GETFOREGROUNDWINDOW) (VOID);
+typedef BOOL(WINAPI *GETCURSORINFO) (PCURSORINFO);
+typedef DWORD(WINAPI *GETQUEUESTATUS) (UINT);
+
+typedef HANDLE(WINAPI *CREATETOOLHELP32SNAPSHOT) (DWORD, DWORD);
+typedef BOOL(WINAPI *CLOSETOOLHELP32SNAPSHOT) (HANDLE);
+typedef BOOL(WINAPI *HEAP32FIRST) (LPHEAPENTRY32, DWORD, size_t);
+typedef BOOL(WINAPI *HEAP32NEXT) (LPHEAPENTRY32);
+typedef BOOL(WINAPI *HEAP32LIST) (HANDLE, LPHEAPLIST32);
+typedef BOOL(WINAPI *PROCESS32) (HANDLE, LPPROCESSENTRY32);
+typedef BOOL(WINAPI *THREAD32) (HANDLE, LPTHREADENTRY32);
+typedef BOOL(WINAPI *MODULE32) (HANDLE, LPMODULEENTRY32);
+
+#  include <lmcons.h>
+#  include <lmstats.h>
+#  if 1
+/*
+ * The NET API is Unicode only.  It requires the use of the UNICODE macro.
+ * When UNICODE is defined LPTSTR becomes LPWSTR.  LMSTR was was added to the
+ * Platform SDK to allow the NET API to be used in non-Unicode applications
+ * provided that Unicode strings were still used for input.  LMSTR is defined
+ * as LPWSTR.
+ */
+typedef NET_API_STATUS(NET_API_FUNCTION *NETSTATGET)
+ (LPWSTR, LPWSTR, DWORD, DWORD, LPBYTE *);
+typedef NET_API_STATUS(NET_API_FUNCTION *NETFREE) (LPBYTE);
+#  endif                        /* 1 */
+# endif                         /* !OPENSSL_SYS_WINCE */
 
 int RAND_poll(void)
 {
-	MEMORYSTATUS m;
-	HCRYPTPROV hProvider = 0;
-	DWORD w;
-	int good = 0;
-
-	/* Determine the OS version we are on so we can turn off things 
-	 * that do not work properly.
-	 */
-        OSVERSIONINFO osverinfo ;
-        osverinfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO) ;
-        GetVersionEx( &osverinfo ) ;
-
-#if defined(OPENSSL_SYS_WINCE)
-# if defined(_WIN32_WCE) && _WIN32_WCE>=300
-/* Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available
- * in commonly available implementations prior 300... */
-	{
-	BYTE buf[64];
-	/* poll the CryptoAPI PRNG */
-	/* The CryptoAPI returns sizeof(buf) bytes of randomness */
-	if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
-				CRYPT_VERIFYCONTEXT))
-		{
-		if (CryptGenRandom(hProvider, sizeof(buf), buf))
-			RAND_add(buf, sizeof(buf), sizeof(buf));
-		CryptReleaseContext(hProvider, 0); 
-		}
-	}
-# endif
-#else	/* OPENSSL_SYS_WINCE */
-	/*
-	 * None of below libraries are present on Windows CE, which is
-	 * why we #ifndef the whole section. This also excuses us from
-	 * handling the GetProcAddress issue. The trouble is that in
-	 * real Win32 API GetProcAddress is available in ANSI flavor
-	 * only. In WinCE on the other hand GetProcAddress is a macro
-	 * most commonly defined as GetProcAddressW, which accepts
-	 * Unicode argument. If we were to call GetProcAddress under
-	 * WinCE, I'd recommend to either redefine GetProcAddress as
-	 * GetProcAddressA (there seem to be one in common CE spec) or
-	 * implement own shim routine, which would accept ANSI argument
-	 * and expand it to Unicode.
-	 */
-	{
-	/* load functions dynamically - not available on all systems */
-	HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
-	HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
-	HMODULE user = NULL;
-	HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
-	CRYPTACQUIRECONTEXTW acquire = NULL;
-	CRYPTGENRANDOM gen = NULL;
-	CRYPTRELEASECONTEXT release = NULL;
-	NETSTATGET netstatget = NULL;
-	NETFREE netfree = NULL;
-	BYTE buf[64];
-
-	if (netapi)
-		{
-		netstatget = (NETSTATGET) GetProcAddress(netapi,"NetStatisticsGet");
-		netfree = (NETFREE) GetProcAddress(netapi,"NetApiBufferFree");
-		}
-
-	if (netstatget && netfree)
-		{
-		LPBYTE outbuf;
-		/* NetStatisticsGet() is a Unicode only function
- 		 * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
-		 * contains 17 fields.  We treat each field as a source of
-		 * one byte of entropy.
-                 */
-
-		if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0)
-			{
-			RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
-			netfree(outbuf);
-			}
-		if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0)
-			{
-			RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
-			netfree(outbuf);
-			}
-		}
-
-	if (netapi)
-		FreeLibrary(netapi);
-
-        /* It appears like this can cause an exception deep within ADVAPI32.DLL
-         * at random times on Windows 2000.  Reported by Jeffrey Altman.  
-         * Only use it on NT.
-	 */
-	/* Wolfgang Marczy <WMarczy@topcall.co.at> reports that
-	 * the RegQueryValueEx call below can hang on NT4.0 (SP6).
-	 * So we don't use this at all for now. */
-#if 0
-        if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
-		osverinfo.dwMajorVersion < 5)
-		{
-		/* Read Performance Statistics from NT/2000 registry
-		 * The size of the performance data can vary from call
-		 * to call so we must guess the size of the buffer to use
-		 * and increase its size if we get an ERROR_MORE_DATA
-		 * return instead of ERROR_SUCCESS.
-		 */
-		LONG   rc=ERROR_MORE_DATA;
-		char * buf=NULL;
-		DWORD bufsz=0;
-		DWORD length;
-
-		while (rc == ERROR_MORE_DATA)
-			{
-			buf = realloc(buf,bufsz+8192);
-			if (!buf)
-				break;
-			bufsz += 8192;
-
-			length = bufsz;
-			rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, TEXT("Global"),
-				NULL, NULL, buf, &length);
-			}
-		if (rc == ERROR_SUCCESS)
-			{
-                        /* For entropy count assume only least significant
-			 * byte of each DWORD is random.
-			 */
-			RAND_add(&length, sizeof(length), 0);
-			RAND_add(buf, length, length / 4.0);
-
-			/* Close the Registry Key to allow Windows to cleanup/close
-			 * the open handle
-			 * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
-			 *       when the RegQueryValueEx above is done.  However, if
-			 *       it is not explicitly closed, it can cause disk
-			 *       partition manipulation problems.
-			 */
-			RegCloseKey(HKEY_PERFORMANCE_DATA);
-			}
-		if (buf)
-			free(buf);
-		}
-#endif
-
-	if (advapi)
-		{
-		/*
-		 * If it's available, then it's available in both ANSI
-		 * and UNICODE flavors even in Win9x, documentation says.
-		 * We favor Unicode...
-		 */
-		acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
-			"CryptAcquireContextW");
-		gen = (CRYPTGENRANDOM) GetProcAddress(advapi,
-			"CryptGenRandom");
-		release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
-			"CryptReleaseContext");
-		}
-
-	if (acquire && gen && release)
-		{
-		/* poll the CryptoAPI PRNG */
-                /* The CryptoAPI returns sizeof(buf) bytes of randomness */
-		if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,
-			CRYPT_VERIFYCONTEXT))
-			{
-			if (gen(hProvider, sizeof(buf), buf) != 0)
-				{
-				RAND_add(buf, sizeof(buf), 0);
-				good = 1;
-#if 0
-				printf("randomness from PROV_RSA_FULL\n");
-#endif
-				}
-			release(hProvider, 0); 
-			}
-		
-		/* poll the Pentium PRG with CryptoAPI */
-		if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0))
-			{
-			if (gen(hProvider, sizeof(buf), buf) != 0)
-				{
-				RAND_add(buf, sizeof(buf), sizeof(buf));
-				good = 1;
-#if 0
-				printf("randomness from PROV_INTEL_SEC\n");
-#endif
-				}
-			release(hProvider, 0);
-			}
-		}
+    MEMORYSTATUS m;
+    HCRYPTPROV hProvider = 0;
+    DWORD w;
+    int good = 0;
+
+# if defined(OPENSSL_SYS_WINCE)
+#  if defined(_WIN32_WCE) && _WIN32_WCE>=300
+    /*
+     * Even though MSDN says _WIN32_WCE>=210, it doesn't seem to be available
+     * in commonly available implementations prior 300...
+     */
+    {
+        BYTE buf[64];
+        /* poll the CryptoAPI PRNG */
+        /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+        if (CryptAcquireContextW(&hProvider, NULL, NULL, PROV_RSA_FULL,
+                                 CRYPT_VERIFYCONTEXT)) {
+            if (CryptGenRandom(hProvider, sizeof(buf), buf))
+                RAND_add(buf, sizeof(buf), sizeof(buf));
+            CryptReleaseContext(hProvider, 0);
+        }
+    }
+#  endif
+# else                          /* OPENSSL_SYS_WINCE */
+    /*
+     * None of below libraries are present on Windows CE, which is
+     * why we #ifndef the whole section. This also excuses us from
+     * handling the GetProcAddress issue. The trouble is that in
+     * real Win32 API GetProcAddress is available in ANSI flavor
+     * only. In WinCE on the other hand GetProcAddress is a macro
+     * most commonly defined as GetProcAddressW, which accepts
+     * Unicode argument. If we were to call GetProcAddress under
+     * WinCE, I'd recommend to either redefine GetProcAddress as
+     * GetProcAddressA (there seem to be one in common CE spec) or
+     * implement own shim routine, which would accept ANSI argument
+     * and expand it to Unicode.
+     */
+    {
+        /* load functions dynamically - not available on all systems */
+        HMODULE advapi = LoadLibrary(TEXT("ADVAPI32.DLL"));
+        HMODULE kernel = LoadLibrary(TEXT("KERNEL32.DLL"));
+        HMODULE user = NULL;
+        HMODULE netapi = LoadLibrary(TEXT("NETAPI32.DLL"));
+        CRYPTACQUIRECONTEXTW acquire = NULL;
+        CRYPTGENRANDOM gen = NULL;
+        CRYPTRELEASECONTEXT release = NULL;
+        NETSTATGET netstatget = NULL;
+        NETFREE netfree = NULL;
+        BYTE buf[64];
+
+        if (netapi) {
+            netstatget =
+                (NETSTATGET) GetProcAddress(netapi, "NetStatisticsGet");
+            netfree = (NETFREE) GetProcAddress(netapi, "NetApiBufferFree");
+        }
+
+        if (netstatget && netfree) {
+            LPBYTE outbuf;
+            /*
+             * NetStatisticsGet() is a Unicode only function
+             * STAT_WORKSTATION_0 contains 45 fields and STAT_SERVER_0
+             * contains 17 fields.  We treat each field as a source of one
+             * byte of entropy.
+             */
+
+            if (netstatget(NULL, L"LanmanWorkstation", 0, 0, &outbuf) == 0) {
+                RAND_add(outbuf, sizeof(STAT_WORKSTATION_0), 45);
+                netfree(outbuf);
+            }
+            if (netstatget(NULL, L"LanmanServer", 0, 0, &outbuf) == 0) {
+                RAND_add(outbuf, sizeof(STAT_SERVER_0), 17);
+                netfree(outbuf);
+            }
+        }
+
+        if (netapi)
+            FreeLibrary(netapi);
+
+        /*
+         * It appears like this can cause an exception deep within
+         * ADVAPI32.DLL at random times on Windows 2000.  Reported by Jeffrey
+         * Altman. Only use it on NT.
+         */
+
+        if (advapi) {
+            /*
+             * If it's available, then it's available in both ANSI
+             * and UNICODE flavors even in Win9x, documentation says.
+             * We favor Unicode...
+             */
+            acquire = (CRYPTACQUIRECONTEXTW) GetProcAddress(advapi,
+                                                            "CryptAcquireContextW");
+            gen = (CRYPTGENRANDOM) GetProcAddress(advapi, "CryptGenRandom");
+            release = (CRYPTRELEASECONTEXT) GetProcAddress(advapi,
+                                                           "CryptReleaseContext");
+        }
+
+        if (acquire && gen && release) {
+            /* poll the CryptoAPI PRNG */
+            /* The CryptoAPI returns sizeof(buf) bytes of randomness */
+            if (acquire(&hProvider, NULL, NULL, PROV_RSA_FULL,
+                        CRYPT_VERIFYCONTEXT)) {
+                if (gen(hProvider, sizeof(buf), buf) != 0) {
+                    RAND_add(buf, sizeof(buf), 0);
+                    good = 1;
+#  if 0
+                    printf("randomness from PROV_RSA_FULL\n");
+#  endif
+                }
+                release(hProvider, 0);
+            }
+
+            /* poll the Pentium PRG with CryptoAPI */
+            if (acquire(&hProvider, 0, INTEL_DEF_PROV, PROV_INTEL_SEC, 0)) {
+                if (gen(hProvider, sizeof(buf), buf) != 0) {
+                    RAND_add(buf, sizeof(buf), sizeof(buf));
+                    good = 1;
+#  if 0
+                    printf("randomness from PROV_INTEL_SEC\n");
+#  endif
+                }
+                release(hProvider, 0);
+            }
+        }
 
         if (advapi)
-		FreeLibrary(advapi);
-
-	if ((osverinfo.dwPlatformId != VER_PLATFORM_WIN32_NT ||
-	     !OPENSSL_isservice()) &&
-	    (user = LoadLibrary(TEXT("USER32.DLL"))))
-		{
-		GETCURSORINFO cursor;
-		GETFOREGROUNDWINDOW win;
-		GETQUEUESTATUS queue;
-
-		win = (GETFOREGROUNDWINDOW) GetProcAddress(user, "GetForegroundWindow");
-		cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
-		queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
-
-		if (win)
-			{
-			/* window handle */
-			HWND h = win();
-			RAND_add(&h, sizeof(h), 0);
-			}
-		if (cursor)
-			{
-			/* unfortunately, its not safe to call GetCursorInfo()
-			 * on NT4 even though it exists in SP3 (or SP6) and
-			 * higher.
-			 */
-			if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
-				osverinfo.dwMajorVersion < 5)
-				cursor = 0;
-			}
-		if (cursor)
-			{
-			/* cursor position */
-                        /* assume 2 bytes of entropy */
-			CURSORINFO ci;
-			ci.cbSize = sizeof(CURSORINFO);
-			if (cursor(&ci))
-				RAND_add(&ci, ci.cbSize, 2);
-			}
-
-		if (queue)
-			{
-			/* message queue status */
-                        /* assume 1 byte of entropy */
-			w = queue(QS_ALLEVENTS);
-			RAND_add(&w, sizeof(w), 1);
-			}
-
-		FreeLibrary(user);
-		}
-
-	/* Toolhelp32 snapshot: enumerate processes, threads, modules and heap
-	 * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
-	 * (Win 9x and 2000 only, not available on NT)
-	 *
-	 * This seeding method was proposed in Peter Gutmann, Software
-	 * Generation of Practically Strong Random Numbers,
-	 * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
-	 * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
-	 * (The assignment of entropy estimates below is arbitrary, but based
-	 * on Peter's analysis the full poll appears to be safe. Additional
-	 * interactive seeding is encouraged.)
-	 */
-
-	if (kernel)
-		{
-		CREATETOOLHELP32SNAPSHOT snap;
-		CLOSETOOLHELP32SNAPSHOT close_snap;
-		HANDLE handle;
-
-		HEAP32FIRST heap_first;
-		HEAP32NEXT heap_next;
-		HEAP32LIST heaplist_first, heaplist_next;
-		PROCESS32 process_first, process_next;
-		THREAD32 thread_first, thread_next;
-		MODULE32 module_first, module_next;
-
-		HEAPLIST32 hlist;
-		HEAPENTRY32 hentry;
-		PROCESSENTRY32 p;
-		THREADENTRY32 t;
-		MODULEENTRY32 m;
-		DWORD starttime = 0;
-
-		snap = (CREATETOOLHELP32SNAPSHOT)
-			GetProcAddress(kernel, "CreateToolhelp32Snapshot");
-		close_snap = (CLOSETOOLHELP32SNAPSHOT)
-			GetProcAddress(kernel, "CloseToolhelp32Snapshot");
-		heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
-		heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
-		heaplist_first = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
-		heaplist_next = (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
-		process_first = (PROCESS32) GetProcAddress(kernel, "Process32First");
-		process_next = (PROCESS32) GetProcAddress(kernel, "Process32Next");
-		thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
-		thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
-		module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
-		module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
-
-		if (snap && heap_first && heap_next && heaplist_first &&
-			heaplist_next && process_first && process_next &&
-			thread_first && thread_next && module_first &&
-			module_next && (handle = snap(TH32CS_SNAPALL,0))
-			!= INVALID_HANDLE_VALUE)
-			{
-			/* heap list and heap walking */
-                        /* HEAPLIST32 contains 3 fields that will change with
-                         * each entry.  Consider each field a source of 1 byte
-                         * of entropy.
-                         * HEAPENTRY32 contains 5 fields that will change with 
-                         * each entry.  Consider each field a source of 1 byte
-                         * of entropy.
-                         */
-			ZeroMemory(&hlist, sizeof(HEAPLIST32));
-			hlist.dwSize = sizeof(HEAPLIST32);		
-			if (good) starttime = GetTickCount();
-#ifdef _MSC_VER
-			if (heaplist_first(handle, &hlist))
-				{
-				/*
-				   following discussion on dev ML, exception on WinCE (or other Win
-				   platform) is theoretically of unknown origin; prevent infinite
-				   loop here when this theoretical case occurs; otherwise cope with
-				   the expected (MSDN documented) exception-throwing behaviour of
-				   Heap32Next() on WinCE.
-
-				   based on patch in original message by Tanguy Fautré (2009/03/02)
-			           Subject: RAND_poll() and CreateToolhelp32Snapshot() stability
-			     */
-				int ex_cnt_limit = 42; 
-				do
-					{
-					RAND_add(&hlist, hlist.dwSize, 3);
-					__try
-						{
-						ZeroMemory(&hentry, sizeof(HEAPENTRY32));
-					hentry.dwSize = sizeof(HEAPENTRY32);
-					if (heap_first(&hentry,
-						hlist.th32ProcessID,
-						hlist.th32HeapID))
-						{
-						int entrycnt = 80;
-						do
-							RAND_add(&hentry,
-								hentry.dwSize, 5);
-						while (heap_next(&hentry)
-						&& (!good || (GetTickCount()-starttime)<MAXDELAY)
-							&& --entrycnt > 0);
-						}
-						}
-					__except (EXCEPTION_EXECUTE_HANDLER)
-						{
-							/* ignore access violations when walking the heap list */
-							ex_cnt_limit--;
-						}
-					} while (heaplist_next(handle, &hlist) 
-						&& (!good || (GetTickCount()-starttime)<MAXDELAY)
-						&& ex_cnt_limit > 0);
-				}
-
-#else
-			if (heaplist_first(handle, &hlist))
-				{
-				do
-					{
-					RAND_add(&hlist, hlist.dwSize, 3);
-					hentry.dwSize = sizeof(HEAPENTRY32);
-					if (heap_first(&hentry,
-						hlist.th32ProcessID,
-						hlist.th32HeapID))
-						{
-						int entrycnt = 80;
-						do
-							RAND_add(&hentry,
-								hentry.dwSize, 5);
-						while (heap_next(&hentry)
-							&& --entrycnt > 0);
-						}
-					} while (heaplist_next(handle, &hlist) 
-						&& (!good || (GetTickCount()-starttime)<MAXDELAY));
-				}
-#endif
-
-			/* process walking */
-                        /* PROCESSENTRY32 contains 9 fields that will change
-                         * with each entry.  Consider each field a source of
-                         * 1 byte of entropy.
-                         */
-			p.dwSize = sizeof(PROCESSENTRY32);
-		
-			if (good) starttime = GetTickCount();
-			if (process_first(handle, &p))
-				do
-					RAND_add(&p, p.dwSize, 9);
-				while (process_next(handle, &p) && (!good || (GetTickCount()-starttime)<MAXDELAY));
-
-			/* thread walking */
-                        /* THREADENTRY32 contains 6 fields that will change
-                         * with each entry.  Consider each field a source of
-                         * 1 byte of entropy.
-                         */
-			t.dwSize = sizeof(THREADENTRY32);
-			if (good) starttime = GetTickCount();
-			if (thread_first(handle, &t))
-				do
-					RAND_add(&t, t.dwSize, 6);
-				while (thread_next(handle, &t) && (!good || (GetTickCount()-starttime)<MAXDELAY));
-
-			/* module walking */
-                        /* MODULEENTRY32 contains 9 fields that will change
-                         * with each entry.  Consider each field a source of
-                         * 1 byte of entropy.
-                         */
-			m.dwSize = sizeof(MODULEENTRY32);
-			if (good) starttime = GetTickCount();
-			if (module_first(handle, &m))
-				do
-					RAND_add(&m, m.dwSize, 9);
-				while (module_next(handle, &m)
-					       	&& (!good || (GetTickCount()-starttime)<MAXDELAY));
-			if (close_snap)
-				close_snap(handle);
-			else
-				CloseHandle(handle);
-
-			}
-
-		FreeLibrary(kernel);
-		}
-	}
-#endif /* !OPENSSL_SYS_WINCE */
-
-	/* timer data */
-	readtimer();
-	
-	/* memory usage statistics */
-	GlobalMemoryStatus(&m);
-	RAND_add(&m, sizeof(m), 1);
-
-	/* process ID */
-	w = GetCurrentProcessId();
-	RAND_add(&w, sizeof(w), 1);
-
-#if 0
-	printf("Exiting RAND_poll\n");
-#endif
-
-	return(1);
-}
-
-int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
-        {
-        double add_entropy=0;
-
-        switch (iMsg)
-                {
-        case WM_KEYDOWN:
-                        {
-                        static WPARAM key;
-                        if (key != wParam)
-                                add_entropy = 0.05;
-                        key = wParam;
+            FreeLibrary(advapi);
+
+        if ((!check_winnt() ||
+             !OPENSSL_isservice()) &&
+            (user = LoadLibrary(TEXT("USER32.DLL")))) {
+            GETCURSORINFO cursor;
+            GETFOREGROUNDWINDOW win;
+            GETQUEUESTATUS queue;
+
+            win =
+                (GETFOREGROUNDWINDOW) GetProcAddress(user,
+                                                     "GetForegroundWindow");
+            cursor = (GETCURSORINFO) GetProcAddress(user, "GetCursorInfo");
+            queue = (GETQUEUESTATUS) GetProcAddress(user, "GetQueueStatus");
+
+            if (win) {
+                /* window handle */
+                HWND h = win();
+                RAND_add(&h, sizeof(h), 0);
+            }
+            if (cursor) {
+                /*
+                 * unfortunately, its not safe to call GetCursorInfo() on NT4
+                 * even though it exists in SP3 (or SP6) and higher.
+                 */
+                if (check_winnt() && !check_win_minplat(5))
+                    cursor = 0;
+            }
+            if (cursor) {
+                /* cursor position */
+                /* assume 2 bytes of entropy */
+                CURSORINFO ci;
+                ci.cbSize = sizeof(CURSORINFO);
+                if (cursor(&ci))
+                    RAND_add(&ci, ci.cbSize, 2);
+            }
+
+            if (queue) {
+                /* message queue status */
+                /* assume 1 byte of entropy */
+                w = queue(QS_ALLEVENTS);
+                RAND_add(&w, sizeof(w), 1);
+            }
+
+            FreeLibrary(user);
+        }
+
+        /*-
+         * Toolhelp32 snapshot: enumerate processes, threads, modules and heap
+         * http://msdn.microsoft.com/library/psdk/winbase/toolhelp_5pfd.htm
+         * (Win 9x and 2000 only, not available on NT)
+         *
+         * This seeding method was proposed in Peter Gutmann, Software
+         * Generation of Practically Strong Random Numbers,
+         * http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
+         * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
+         * (The assignment of entropy estimates below is arbitrary, but based
+         * on Peter's analysis the full poll appears to be safe. Additional
+         * interactive seeding is encouraged.)
+         */
+
+        if (kernel) {
+            CREATETOOLHELP32SNAPSHOT snap;
+            CLOSETOOLHELP32SNAPSHOT close_snap;
+            HANDLE handle;
+
+            HEAP32FIRST heap_first;
+            HEAP32NEXT heap_next;
+            HEAP32LIST heaplist_first, heaplist_next;
+            PROCESS32 process_first, process_next;
+            THREAD32 thread_first, thread_next;
+            MODULE32 module_first, module_next;
+
+            HEAPLIST32 hlist;
+            HEAPENTRY32 hentry;
+            PROCESSENTRY32 p;
+            THREADENTRY32 t;
+            MODULEENTRY32 m;
+            DWORD starttime = 0;
+
+            snap = (CREATETOOLHELP32SNAPSHOT)
+                GetProcAddress(kernel, "CreateToolhelp32Snapshot");
+            close_snap = (CLOSETOOLHELP32SNAPSHOT)
+                GetProcAddress(kernel, "CloseToolhelp32Snapshot");
+            heap_first = (HEAP32FIRST) GetProcAddress(kernel, "Heap32First");
+            heap_next = (HEAP32NEXT) GetProcAddress(kernel, "Heap32Next");
+            heaplist_first =
+                (HEAP32LIST) GetProcAddress(kernel, "Heap32ListFirst");
+            heaplist_next =
+                (HEAP32LIST) GetProcAddress(kernel, "Heap32ListNext");
+            process_first =
+                (PROCESS32) GetProcAddress(kernel, "Process32First");
+            process_next =
+                (PROCESS32) GetProcAddress(kernel, "Process32Next");
+            thread_first = (THREAD32) GetProcAddress(kernel, "Thread32First");
+            thread_next = (THREAD32) GetProcAddress(kernel, "Thread32Next");
+            module_first = (MODULE32) GetProcAddress(kernel, "Module32First");
+            module_next = (MODULE32) GetProcAddress(kernel, "Module32Next");
+
+            if (snap && heap_first && heap_next && heaplist_first &&
+                heaplist_next && process_first && process_next &&
+                thread_first && thread_next && module_first &&
+                module_next && (handle = snap(TH32CS_SNAPALL, 0))
+                != INVALID_HANDLE_VALUE) {
+                /* heap list and heap walking */
+                /*
+                 * HEAPLIST32 contains 3 fields that will change with each
+                 * entry.  Consider each field a source of 1 byte of entropy.
+                 * HEAPENTRY32 contains 5 fields that will change with each
+                 * entry.  Consider each field a source of 1 byte of entropy.
+                 */
+                ZeroMemory(&hlist, sizeof(HEAPLIST32));
+                hlist.dwSize = sizeof(HEAPLIST32);
+                if (good)
+                    starttime = GetTickCount();
+#  ifdef _MSC_VER
+                if (heaplist_first(handle, &hlist)) {
+                    /*
+                     * following discussion on dev ML, exception on WinCE (or
+                     * other Win platform) is theoretically of unknown
+                     * origin; prevent infinite loop here when this
+                     * theoretical case occurs; otherwise cope with the
+                     * expected (MSDN documented) exception-throwing
+                     * behaviour of Heap32Next() on WinCE.
+                     *
+                     * based on patch in original message by Tanguy Fautré
+                     * (2009/03/02) Subject: RAND_poll() and
+                     * CreateToolhelp32Snapshot() stability
+                     */
+                    int ex_cnt_limit = 42;
+                    do {
+                        RAND_add(&hlist, hlist.dwSize, 3);
+                        __try {
+                            ZeroMemory(&hentry, sizeof(HEAPENTRY32));
+                            hentry.dwSize = sizeof(HEAPENTRY32);
+                            if (heap_first(&hentry,
+                                           hlist.th32ProcessID,
+                                           hlist.th32HeapID)) {
+                                int entrycnt = 80;
+                                do
+                                    RAND_add(&hentry, hentry.dwSize, 5);
+                                while (heap_next(&hentry)
+                                       && (!good
+                                           || (GetTickCount() - starttime) <
+                                           MAXDELAY)
+                                       && --entrycnt > 0);
+                            }
                         }
-                        break;
-	case WM_MOUSEMOVE:
-                        {
-                        static int lastx,lasty,lastdx,lastdy;
-                        int x,y,dx,dy;
-
-                        x=LOWORD(lParam);
-                        y=HIWORD(lParam);
-                        dx=lastx-x;
-                        dy=lasty-y;
-                        if (dx != 0 && dy != 0 && dx-lastdx != 0 && dy-lastdy != 0)
-                                add_entropy=.2;
-                        lastx=x, lasty=y;
-                        lastdx=dx, lastdy=dy;
+                        __except(EXCEPTION_EXECUTE_HANDLER) {
+                            /*
+                             * ignore access violations when walking the heap
+                             * list
+                             */
+                            ex_cnt_limit--;
                         }
-		break;
-		}
-
-	readtimer();
-        RAND_add(&iMsg, sizeof(iMsg), add_entropy);
-	RAND_add(&wParam, sizeof(wParam), 0);
-	RAND_add(&lParam, sizeof(lParam), 0);
- 
-	return (RAND_status());
-	}
+                    } while (heaplist_next(handle, &hlist)
+                             && (!good
+                                 || (GetTickCount() - starttime) < MAXDELAY)
+                             && ex_cnt_limit > 0);
+                }
+#  else
+                if (heaplist_first(handle, &hlist)) {
+                    do {
+                        RAND_add(&hlist, hlist.dwSize, 3);
+                        hentry.dwSize = sizeof(HEAPENTRY32);
+                        if (heap_first(&hentry,
+                                       hlist.th32ProcessID,
+                                       hlist.th32HeapID)) {
+                            int entrycnt = 80;
+                            do
+                                RAND_add(&hentry, hentry.dwSize, 5);
+                            while (heap_next(&hentry)
+                                   && --entrycnt > 0);
+                        }
+                    } while (heaplist_next(handle, &hlist)
+                             && (!good
+                                 || (GetTickCount() - starttime) < MAXDELAY));
+                }
+#  endif
+
+                /* process walking */
+                /*
+                 * PROCESSENTRY32 contains 9 fields that will change with
+                 * each entry.  Consider each field a source of 1 byte of
+                 * entropy.
+                 */
+                p.dwSize = sizeof(PROCESSENTRY32);
+
+                if (good)
+                    starttime = GetTickCount();
+                if (process_first(handle, &p))
+                    do
+                        RAND_add(&p, p.dwSize, 9);
+                    while (process_next(handle, &p)
+                           && (!good
+                               || (GetTickCount() - starttime) < MAXDELAY));
+
+                /* thread walking */
+                /*
+                 * THREADENTRY32 contains 6 fields that will change with each
+                 * entry.  Consider each field a source of 1 byte of entropy.
+                 */
+                t.dwSize = sizeof(THREADENTRY32);
+                if (good)
+                    starttime = GetTickCount();
+                if (thread_first(handle, &t))
+                    do
+                        RAND_add(&t, t.dwSize, 6);
+                    while (thread_next(handle, &t)
+                           && (!good
+                               || (GetTickCount() - starttime) < MAXDELAY));
+
+                /* module walking */
+                /*
+                 * MODULEENTRY32 contains 9 fields that will change with each
+                 * entry.  Consider each field a source of 1 byte of entropy.
+                 */
+                m.dwSize = sizeof(MODULEENTRY32);
+                if (good)
+                    starttime = GetTickCount();
+                if (module_first(handle, &m))
+                    do
+                        RAND_add(&m, m.dwSize, 9);
+                    while (module_next(handle, &m)
+                           && (!good
+                               || (GetTickCount() - starttime) < MAXDELAY));
+                if (close_snap)
+                    close_snap(handle);
+                else
+                    CloseHandle(handle);
+
+            }
+
+            FreeLibrary(kernel);
+        }
+    }
+# endif                         /* !OPENSSL_SYS_WINCE */
+
+    /* timer data */
+    readtimer();
+
+    /* memory usage statistics */
+    GlobalMemoryStatus(&m);
+    RAND_add(&m, sizeof(m), 1);
+
+    /* process ID */
+    w = GetCurrentProcessId();
+    RAND_add(&w, sizeof(w), 1);
+
+# if 0
+    printf("Exiting RAND_poll\n");
+# endif
 
+    return (1);
+}
 
-void RAND_screen(void) /* function available for backward compatibility */
+int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam)
 {
-	RAND_poll();
-	readscreen();
+    double add_entropy = 0;
+
+    switch (iMsg) {
+    case WM_KEYDOWN:
+        {
+            static WPARAM key;
+            if (key != wParam)
+                add_entropy = 0.05;
+            key = wParam;
+        }
+        break;
+    case WM_MOUSEMOVE:
+        {
+            static int lastx, lasty, lastdx, lastdy;
+            int x, y, dx, dy;
+
+            x = LOWORD(lParam);
+            y = HIWORD(lParam);
+            dx = lastx - x;
+            dy = lasty - y;
+            if (dx != 0 && dy != 0 && dx - lastdx != 0 && dy - lastdy != 0)
+                add_entropy = .2;
+            lastx = x, lasty = y;
+            lastdx = dx, lastdy = dy;
+        }
+        break;
+    }
+
+    readtimer();
+    RAND_add(&iMsg, sizeof(iMsg), add_entropy);
+    RAND_add(&wParam, sizeof(wParam), 0);
+    RAND_add(&lParam, sizeof(lParam), 0);
+
+    return (RAND_status());
 }
 
+void RAND_screen(void)
+{                               /* function available for backward
+                                 * compatibility */
+    RAND_poll();
+    readscreen();
+}
 
 /* feed timing information to the PRNG */
 static void readtimer(void)
 {
-	DWORD w;
-	LARGE_INTEGER l;
-	static int have_perfc = 1;
-#if defined(_MSC_VER) && defined(_M_X86)
-	static int have_tsc = 1;
-	DWORD cyclecount;
-
-	if (have_tsc) {
-	  __try {
-	    __asm {
-	      _emit 0x0f
-	      _emit 0x31
-	      mov cyclecount, eax
-	      }
-	    RAND_add(&cyclecount, sizeof(cyclecount), 1);
-	  } __except(EXCEPTION_EXECUTE_HANDLER) {
-	    have_tsc = 0;
-	  }
-	}
-#else
-# define have_tsc 0
-#endif
+    DWORD w;
+    LARGE_INTEGER l;
+    static int have_perfc = 1;
+# if defined(_MSC_VER) && defined(_M_X86)
+    static int have_tsc = 1;
+    DWORD cyclecount;
+
+    if (have_tsc) {
+        __try {
+            __asm {
+            _emit 0x0f _emit 0x31 mov cyclecount, eax}
+            RAND_add(&cyclecount, sizeof(cyclecount), 1);
+        }
+        __except(EXCEPTION_EXECUTE_HANDLER) {
+            have_tsc = 0;
+        }
+    }
+# else
+#  define have_tsc 0
+# endif
 
-	if (have_perfc) {
-	  if (QueryPerformanceCounter(&l) == 0)
-	    have_perfc = 0;
-	  else
-	    RAND_add(&l, sizeof(l), 0);
-	}
-
-	if (!have_tsc && !have_perfc) {
-	  w = GetTickCount();
-	  RAND_add(&w, sizeof(w), 0);
-	}
+    if (have_perfc) {
+        if (QueryPerformanceCounter(&l) == 0)
+            have_perfc = 0;
+        else
+            RAND_add(&l, sizeof(l), 0);
+    }
+
+    if (!have_tsc && !have_perfc) {
+        w = GetTickCount();
+        RAND_add(&w, sizeof(w), 0);
+    }
 }
 
 /* feed screen contents to PRNG */
@@ -737,71 +682,70 @@ static void readtimer(void)
 
 static void readscreen(void)
 {
-#if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN)
-  HDC		hScrDC;		/* screen DC */
-  HDC		hMemDC;		/* memory DC */
-  HBITMAP	hBitmap;	/* handle for our bitmap */
-  HBITMAP	hOldBitmap;	/* handle for previous bitmap */
-  BITMAP	bm;		/* bitmap properties */
-  unsigned int	size;		/* size of bitmap */
-  char		*bmbits;	/* contents of bitmap */
-  int		w;		/* screen width */
-  int		h;		/* screen height */
-  int		y;		/* y-coordinate of screen lines to grab */
-  int		n = 16;		/* number of screen lines to grab at a time */
-
-  if (GetVersion() < 0x80000000 && OPENSSL_isservice()>0)
-    return;
-
-  /* Create a screen DC and a memory DC compatible to screen DC */
-  hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);
-  hMemDC = CreateCompatibleDC(hScrDC);
-
-  /* Get screen resolution */
-  w = GetDeviceCaps(hScrDC, HORZRES);
-  h = GetDeviceCaps(hScrDC, VERTRES);
-
-  /* Create a bitmap compatible with the screen DC */
-  hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
-
-  /* Select new bitmap into memory DC */
-  hOldBitmap = SelectObject(hMemDC, hBitmap);
-
-  /* Get bitmap properties */
-  GetObject(hBitmap, sizeof(BITMAP), (LPSTR)&bm);
-  size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
-
-  bmbits = OPENSSL_malloc(size);
-  if (bmbits) {
-    /* Now go through the whole screen, repeatedly grabbing n lines */
-    for (y = 0; y < h-n; y += n)
-    	{
-	unsigned char md[MD_DIGEST_LENGTH];
-
-	/* Bitblt screen DC to memory DC */
-	BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);
-
-	/* Copy bitmap bits from memory DC to bmbits */
-	GetBitmapBits(hBitmap, size, bmbits);
-
-	/* Get the hash of the bitmap */
-	MD(bmbits,size,md);
-
-	/* Seed the random generator with the hash value */
-	RAND_add(md, MD_DIGEST_LENGTH, 0);
-	}
-
-    OPENSSL_free(bmbits);
-  }
-
-  /* Select old bitmap back into memory DC */
-  hBitmap = SelectObject(hMemDC, hOldBitmap);
-
-  /* Clean up */
-  DeleteObject(hBitmap);
-  DeleteDC(hMemDC);
-  DeleteDC(hScrDC);
-#endif /* !OPENSSL_SYS_WINCE */
+# if !defined(OPENSSL_SYS_WINCE) && !defined(OPENSSL_SYS_WIN32_CYGWIN)
+    HDC hScrDC;                 /* screen DC */
+    HDC hMemDC;                 /* memory DC */
+    HBITMAP hBitmap;            /* handle for our bitmap */
+    HBITMAP hOldBitmap;         /* handle for previous bitmap */
+    BITMAP bm;                  /* bitmap properties */
+    unsigned int size;          /* size of bitmap */
+    char *bmbits;               /* contents of bitmap */
+    int w;                      /* screen width */
+    int h;                      /* screen height */
+    int y;                      /* y-coordinate of screen lines to grab */
+    int n = 16;                 /* number of screen lines to grab at a time */
+
+    if (check_winnt() && OPENSSL_isservice() > 0)
+        return;
+
+    /* Create a screen DC and a memory DC compatible to screen DC */
+    hScrDC = CreateDC(TEXT("DISPLAY"), NULL, NULL, NULL);
+    hMemDC = CreateCompatibleDC(hScrDC);
+
+    /* Get screen resolution */
+    w = GetDeviceCaps(hScrDC, HORZRES);
+    h = GetDeviceCaps(hScrDC, VERTRES);
+
+    /* Create a bitmap compatible with the screen DC */
+    hBitmap = CreateCompatibleBitmap(hScrDC, w, n);
+
+    /* Select new bitmap into memory DC */
+    hOldBitmap = SelectObject(hMemDC, hBitmap);
+
+    /* Get bitmap properties */
+    GetObject(hBitmap, sizeof(BITMAP), (LPSTR) & bm);
+    size = (unsigned int)bm.bmWidthBytes * bm.bmHeight * bm.bmPlanes;
+
+    bmbits = OPENSSL_malloc(size);
+    if (bmbits) {
+        /* Now go through the whole screen, repeatedly grabbing n lines */
+        for (y = 0; y < h - n; y += n) {
+            unsigned char md[MD_DIGEST_LENGTH];
+
+            /* Bitblt screen DC to memory DC */
+            BitBlt(hMemDC, 0, 0, w, n, hScrDC, 0, y, SRCCOPY);
+
+            /* Copy bitmap bits from memory DC to bmbits */
+            GetBitmapBits(hBitmap, size, bmbits);
+
+            /* Get the hash of the bitmap */
+            MD(bmbits, size, md);
+
+            /* Seed the random generator with the hash value */
+            RAND_add(md, MD_DIGEST_LENGTH, 0);
+        }
+
+        OPENSSL_free(bmbits);
+    }
+
+    /* Select old bitmap back into memory DC */
+    hBitmap = SelectObject(hMemDC, hOldBitmap);
+
+    /* Clean up */
+    DeleteObject(hBitmap);
+    DeleteDC(hMemDC);
+    DeleteDC(hScrDC);
+# endif                         /* !OPENSSL_SYS_WINCE */
 }
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/rand/randfile.c b/Cryptlib/OpenSSL/crypto/rand/randfile.c
index 18105684..3feca3d5 100644
--- a/Cryptlib/OpenSSL/crypto/rand/randfile.c
+++ b/Cryptlib/OpenSSL/crypto/rand/randfile.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -70,7 +70,7 @@
 #include <openssl/buffer.h>
 
 #ifdef OPENSSL_SYS_VMS
-#include <unixio.h>
+# include <unixio.h>
 #endif
 #ifndef NO_SYS_TYPES_H
 # include <sys/types.h>
@@ -82,243 +82,250 @@
 #endif
 
 #ifdef _WIN32
-#define stat	_stat
-#define chmod	_chmod
-#define open	_open
-#define fdopen	_fdopen
+# define stat    _stat
+# define chmod   _chmod
+# define open    _open
+# define fdopen  _fdopen
 #endif
 
 #undef BUFSIZE
-#define BUFSIZE	1024
+#define BUFSIZE 1024
 #define RAND_DATA 1024
 
 #ifdef OPENSSL_SYS_VMS
-/* This declaration is a nasty hack to get around vms' extension to fopen
- * for passing in sharing options being disabled by our /STANDARD=ANSI89 */
+/*
+ * This declaration is a nasty hack to get around vms' extension to fopen for
+ * passing in sharing options being disabled by our /STANDARD=ANSI89
+ */
 static FILE *(*const vms_fopen)(const char *, const char *, ...) =
     (FILE *(*)(const char *, const char *, ...))fopen;
-#define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
+# define VMS_OPEN_ATTRS "shr=get,put,upd,del","ctx=bin,stm","rfm=stm","rat=none","mrs=0"
 #endif
 
 /* #define RFILE ".rnd" - defined in ../../e_os.h */
 
-/* Note that these functions are intended for seed files only.
- * Entropy devices and EGD sockets are handled in rand_unix.c */
+/*
+ * Note that these functions are intended for seed files only. Entropy
+ * devices and EGD sockets are handled in rand_unix.c
+ */
 
 int RAND_load_file(const char *file, long bytes)
-	{
-	/* If bytes >= 0, read up to 'bytes' bytes.
-	 * if bytes == -1, read complete file. */
+{
+    /*-
+     * If bytes >= 0, read up to 'bytes' bytes.
+     * if bytes == -1, read complete file.
+     */
 
-	MS_STATIC unsigned char buf[BUFSIZE];
-	struct stat sb;
-	int i,ret=0,n;
-	FILE *in;
+    MS_STATIC unsigned char buf[BUFSIZE];
+    struct stat sb;
+    int i, ret = 0, n;
+    FILE *in;
 
-	if (file == NULL) return(0);
+    if (file == NULL)
+        return (0);
 
 #ifdef PURIFY
-	/* struct stat can have padding and unused fields that may not be
-	 * initialized in the call to stat(). We need to clear the entire
-	 * structure before calling RAND_add() to avoid complaints from
-	 * applications such as Valgrind.
-	 */
-	memset(&sb, 0, sizeof(sb));
+    /*
+     * struct stat can have padding and unused fields that may not be
+     * initialized in the call to stat(). We need to clear the entire
+     * structure before calling RAND_add() to avoid complaints from
+     * applications such as Valgrind.
+     */
+    memset(&sb, 0, sizeof(sb));
 #endif
 
-	if (stat(file,&sb) < 0) return(0);
-	RAND_add(&sb,sizeof(sb),0.0);
-	if (bytes == 0) return(ret);
+    if (stat(file, &sb) < 0)
+        return (0);
+    RAND_add(&sb, sizeof(sb), 0.0);
+    if (bytes == 0)
+        return (ret);
 
 #ifdef OPENSSL_SYS_VMS
-	in=vms_fopen(file,"rb",VMS_OPEN_ATTRS);
+    in = vms_fopen(file, "rb", VMS_OPEN_ATTRS);
 #else
-	in=fopen(file,"rb");
+    in = fopen(file, "rb");
 #endif
-	if (in == NULL) goto err;
+    if (in == NULL)
+        goto err;
 #if defined(S_ISBLK) && defined(S_ISCHR)
-	if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
-	  /* this file is a device. we don't want read an infinite number
-	   * of bytes from a random device, nor do we want to use buffered
-	   * I/O because we will waste system entropy. 
-	   */
-	  bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
-	  setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
-	}
+    if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
+        /*
+         * this file is a device. we don't want read an infinite number of
+         * bytes from a random device, nor do we want to use buffered I/O
+         * because we will waste system entropy.
+         */
+        bytes = (bytes == -1) ? 2048 : bytes; /* ok, is 2048 enough? */
+        setvbuf(in, NULL, _IONBF, 0); /* don't do buffered reads */
+    }
 #endif
-	for (;;)
-		{
-		if (bytes > 0)
-			n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE;
-		else
-			n = BUFSIZE;
-		i=fread(buf,1,n,in);
-		if (i <= 0) break;
+    for (;;) {
+        if (bytes > 0)
+            n = (bytes < BUFSIZE) ? (int)bytes : BUFSIZE;
+        else
+            n = BUFSIZE;
+        i = fread(buf, 1, n, in);
+        if (i <= 0)
+            break;
 #ifdef PURIFY
-		RAND_add(buf,i,(double)i);
+        RAND_add(buf, i, (double)i);
 #else
-		/* even if n != i, use the full array */
-		RAND_add(buf,n,(double)i);
+        /* even if n != i, use the full array */
+        RAND_add(buf, n, (double)i);
 #endif
-		ret+=i;
-		if (bytes > 0)
-			{
-			bytes-=n;
-			if (bytes <= 0) break;
-			}
-		}
-	fclose(in);
-	OPENSSL_cleanse(buf,BUFSIZE);
-err:
-	return(ret);
-	}
+        ret += i;
+        if (bytes > 0) {
+            bytes -= n;
+            if (bytes <= 0)
+                break;
+        }
+    }
+    fclose(in);
+    OPENSSL_cleanse(buf, BUFSIZE);
+ err:
+    return (ret);
+}
 
 int RAND_write_file(const char *file)
-	{
-	unsigned char buf[BUFSIZE];
-	int i,ret=0,rand_err=0;
-	FILE *out = NULL;
-	int n;
-	struct stat sb;
-	
-	i=stat(file,&sb);
-	if (i != -1) { 
+{
+    unsigned char buf[BUFSIZE];
+    int i, ret = 0, rand_err = 0;
+    FILE *out = NULL;
+    int n;
+    struct stat sb;
+
+    i = stat(file, &sb);
+    if (i != -1) {
 #if defined(S_ISBLK) && defined(S_ISCHR)
-	  if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
-	    /* this file is a device. we don't write back to it. 
-	     * we "succeed" on the assumption this is some sort 
-	     * of random device. Otherwise attempting to write to 
-	     * and chmod the device causes problems.
-	     */
-	    return(1); 
-	  }
+        if (S_ISBLK(sb.st_mode) || S_ISCHR(sb.st_mode)) {
+            /*
+             * this file is a device. we don't write back to it. we
+             * "succeed" on the assumption this is some sort of random
+             * device. Otherwise attempting to write to and chmod the device
+             * causes problems.
+             */
+            return (1);
+        }
 #endif
-	}
-
+    }
 #if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS)
-	{
-	/* For some reason Win32 can't write to files created this way */
-	
-	/* chmod(..., 0600) is too late to protect the file,
-	 * permissions should be restrictive from the start */
-	int fd = open(file, O_CREAT, 0600);
-	if (fd != -1)
-		out = fdopen(fd, "wb");
-	}
+    {
+        /* For some reason Win32 can't write to files created this way */
+
+        /*
+         * chmod(..., 0600) is too late to protect the file, permissions
+         * should be restrictive from the start
+         */
+        int fd = open(file, O_CREAT, 0600);
+        if (fd != -1)
+            out = fdopen(fd, "wb");
+    }
 #endif
 
 #ifdef OPENSSL_SYS_VMS
-	/* VMS NOTE: Prior versions of this routine created a _new_
-	 * version of the rand file for each call into this routine, then
-	 * deleted all existing versions named ;-1, and finally renamed
-	 * the current version as ';1'. Under concurrent usage, this
-	 * resulted in an RMS race condition in rename() which could
-	 * orphan files (see vms message help for RMS$_REENT). With the
-	 * fopen() calls below, openssl/VMS now shares the top-level
-	 * version of the rand file. Note that there may still be
-	 * conditions where the top-level rand file is locked. If so, this
-	 * code will then create a new version of the rand file. Without
-	 * the delete and rename code, this can result in ascending file
-	 * versions that stop at version 32767, and this routine will then
-	 * return an error. The remedy for this is to recode the calling
-	 * application to avoid concurrent use of the rand file, or
-	 * synchronize usage at the application level. Also consider
-	 * whether or not you NEED a persistent rand file in a concurrent
-	 * use situation. 
-	 */
+    /*
+     * VMS NOTE: Prior versions of this routine created a _new_ version of
+     * the rand file for each call into this routine, then deleted all
+     * existing versions named ;-1, and finally renamed the current version
+     * as ';1'. Under concurrent usage, this resulted in an RMS race
+     * condition in rename() which could orphan files (see vms message help
+     * for RMS$_REENT). With the fopen() calls below, openssl/VMS now shares
+     * the top-level version of the rand file. Note that there may still be
+     * conditions where the top-level rand file is locked. If so, this code
+     * will then create a new version of the rand file. Without the delete
+     * and rename code, this can result in ascending file versions that stop
+     * at version 32767, and this routine will then return an error. The
+     * remedy for this is to recode the calling application to avoid
+     * concurrent use of the rand file, or synchronize usage at the
+     * application level. Also consider whether or not you NEED a persistent
+     * rand file in a concurrent use situation.
+     */
 
-	out = vms_fopen(file,"rb+",VMS_OPEN_ATTRS);
-	if (out == NULL)
-		out = vms_fopen(file,"wb",VMS_OPEN_ATTRS);
+    out = vms_fopen(file, "rb+", VMS_OPEN_ATTRS);
+    if (out == NULL)
+        out = vms_fopen(file, "wb", VMS_OPEN_ATTRS);
 #else
-	if (out == NULL)
-		out = fopen(file,"wb");
+    if (out == NULL)
+        out = fopen(file, "wb");
 #endif
-	if (out == NULL) goto err;
+    if (out == NULL)
+        goto err;
 
 #ifndef NO_CHMOD
-	chmod(file,0600);
+    chmod(file, 0600);
 #endif
-	n=RAND_DATA;
-	for (;;)
-		{
-		i=(n > BUFSIZE)?BUFSIZE:n;
-		n-=BUFSIZE;
-		if (RAND_bytes(buf,i) <= 0)
-			rand_err=1;
-		i=fwrite(buf,1,i,out);
-		if (i <= 0)
-			{
-			ret=0;
-			break;
-			}
-		ret+=i;
-		if (n <= 0) break;
-                }
+    n = RAND_DATA;
+    for (;;) {
+        i = (n > BUFSIZE) ? BUFSIZE : n;
+        n -= BUFSIZE;
+        if (RAND_bytes(buf, i) <= 0)
+            rand_err = 1;
+        i = fwrite(buf, 1, i, out);
+        if (i <= 0) {
+            ret = 0;
+            break;
+        }
+        ret += i;
+        if (n <= 0)
+            break;
+    }
 
-	fclose(out);
-	OPENSSL_cleanse(buf,BUFSIZE);
-err:
-	return (rand_err ? -1 : ret);
-	}
+    fclose(out);
+    OPENSSL_cleanse(buf, BUFSIZE);
+ err:
+    return (rand_err ? -1 : ret);
+}
 
 const char *RAND_file_name(char *buf, size_t size)
-	{
-	char *s=NULL;
+{
+    char *s = NULL;
 #ifdef __OpenBSD__
-	int ok = 0;
-	struct stat sb;
+    int ok = 0;
+    struct stat sb;
 #endif
 
-	if (OPENSSL_issetugid() == 0)
-		s=getenv("RANDFILE");
-	if (s != NULL && *s && strlen(s) + 1 < size)
-		{
-		if (BUF_strlcpy(buf,s,size) >= size)
-			return NULL;
-		}
-	else
-		{
-		if (OPENSSL_issetugid() == 0)
-			s=getenv("HOME");
+    if (OPENSSL_issetugid() == 0)
+        s = getenv("RANDFILE");
+    if (s != NULL && *s && strlen(s) + 1 < size) {
+        if (BUF_strlcpy(buf, s, size) >= size)
+            return NULL;
+    } else {
+        if (OPENSSL_issetugid() == 0)
+            s = getenv("HOME");
 #ifdef DEFAULT_HOME
-		if (s == NULL)
-			{
-			s = DEFAULT_HOME;
-			}
+        if (s == NULL) {
+            s = DEFAULT_HOME;
+        }
 #endif
-		if (s && *s && strlen(s)+strlen(RFILE)+2 < size)
-			{
-			BUF_strlcpy(buf,s,size);
+        if (s && *s && strlen(s) + strlen(RFILE) + 2 < size) {
+            BUF_strlcpy(buf, s, size);
 #ifndef OPENSSL_SYS_VMS
-			BUF_strlcat(buf,"/",size);
+            BUF_strlcat(buf, "/", size);
 #endif
-			BUF_strlcat(buf,RFILE,size);
+            BUF_strlcat(buf, RFILE, size);
 #ifdef __OpenBSD__
-			ok = 1;
+            ok = 1;
 #endif
-			}
-		else
-		  	buf[0] = '\0'; /* no file name */
-		}
+        } else
+            buf[0] = '\0';      /* no file name */
+    }
 
 #ifdef __OpenBSD__
-	/* given that all random loads just fail if the file can't be 
-	 * seen on a stat, we stat the file we're returning, if it
-	 * fails, use /dev/arandom instead. this allows the user to 
-	 * use their own source for good random data, but defaults
-	 * to something hopefully decent if that isn't available. 
-	 */
-
-	if (!ok)
-		if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
-			return(NULL);
-		}	
-	if (stat(buf,&sb) == -1)
-		if (BUF_strlcpy(buf,"/dev/arandom",size) >= size) {
-			return(NULL);
-		}	
+    /*
+     * given that all random loads just fail if the file can't be seen on a
+     * stat, we stat the file we're returning, if it fails, use /dev/arandom
+     * instead. this allows the user to use their own source for good random
+     * data, but defaults to something hopefully decent if that isn't
+     * available.
+     */
 
+    if (!ok)
+        if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) {
+            return (NULL);
+        }
+    if (stat(buf, &sb) == -1)
+        if (BUF_strlcpy(buf, "/dev/arandom", size) >= size) {
+            return (NULL);
+        }
 #endif
-	return(buf);
-	}
+    return (buf);
+}
diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c
index 74f48d3d..5eaf01d2 100644
--- a/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c
+++ b/Cryptlib/OpenSSL/crypto/rc2/rc2_cbc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,167 +60,169 @@
 #include "rc2_locl.h"
 
 void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length,
-	     RC2_KEY *ks, unsigned char *iv, int encrypt)
-	{
-	register unsigned long tin0,tin1;
-	register unsigned long tout0,tout1,xor0,xor1;
-	register long l=length;
-	unsigned long tin[2];
-
-	if (encrypt)
-		{
-		c2l(iv,tout0);
-		c2l(iv,tout1);
-		iv-=8;
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0);
-			c2l(in,tin1);
-			tin0^=tout0;
-			tin1^=tout1;
-			tin[0]=tin0;
-			tin[1]=tin1;
-			RC2_encrypt(tin,ks);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-		if (l != -8)
-			{
-			c2ln(in,tin0,tin1,l+8);
-			tin0^=tout0;
-			tin1^=tout1;
-			tin[0]=tin0;
-			tin[1]=tin1;
-			RC2_encrypt(tin,ks);
-			tout0=tin[0]; l2c(tout0,out);
-			tout1=tin[1]; l2c(tout1,out);
-			}
-		l2c(tout0,iv);
-		l2c(tout1,iv);
-		}
-	else
-		{
-		c2l(iv,xor0);
-		c2l(iv,xor1);
-		iv-=8;
-		for (l-=8; l>=0; l-=8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			RC2_decrypt(tin,ks);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2c(tout0,out);
-			l2c(tout1,out);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		if (l != -8)
-			{
-			c2l(in,tin0); tin[0]=tin0;
-			c2l(in,tin1); tin[1]=tin1;
-			RC2_decrypt(tin,ks);
-			tout0=tin[0]^xor0;
-			tout1=tin[1]^xor1;
-			l2cn(tout0,tout1,out,l+8);
-			xor0=tin0;
-			xor1=tin1;
-			}
-		l2c(xor0,iv);
-		l2c(xor1,iv);
-		}
-	tin0=tin1=tout0=tout1=xor0=xor1=0;
-	tin[0]=tin[1]=0;
-	}
+                     RC2_KEY *ks, unsigned char *iv, int encrypt)
+{
+    register unsigned long tin0, tin1;
+    register unsigned long tout0, tout1, xor0, xor1;
+    register long l = length;
+    unsigned long tin[2];
+
+    if (encrypt) {
+        c2l(iv, tout0);
+        c2l(iv, tout1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            c2l(in, tin1);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            RC2_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+        if (l != -8) {
+            c2ln(in, tin0, tin1, l + 8);
+            tin0 ^= tout0;
+            tin1 ^= tout1;
+            tin[0] = tin0;
+            tin[1] = tin1;
+            RC2_encrypt(tin, ks);
+            tout0 = tin[0];
+            l2c(tout0, out);
+            tout1 = tin[1];
+            l2c(tout1, out);
+        }
+        l2c(tout0, iv);
+        l2c(tout1, iv);
+    } else {
+        c2l(iv, xor0);
+        c2l(iv, xor1);
+        iv -= 8;
+        for (l -= 8; l >= 0; l -= 8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            RC2_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2c(tout0, out);
+            l2c(tout1, out);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        if (l != -8) {
+            c2l(in, tin0);
+            tin[0] = tin0;
+            c2l(in, tin1);
+            tin[1] = tin1;
+            RC2_decrypt(tin, ks);
+            tout0 = tin[0] ^ xor0;
+            tout1 = tin[1] ^ xor1;
+            l2cn(tout0, tout1, out, l + 8);
+            xor0 = tin0;
+            xor1 = tin1;
+        }
+        l2c(xor0, iv);
+        l2c(xor1, iv);
+    }
+    tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
+    tin[0] = tin[1] = 0;
+}
 
 void RC2_encrypt(unsigned long *d, RC2_KEY *key)
-	{
-	int i,n;
-	register RC2_INT *p0,*p1;
-	register RC2_INT x0,x1,x2,x3,t;
-	unsigned long l;
-
-	l=d[0];
-	x0=(RC2_INT)l&0xffff;
-	x1=(RC2_INT)(l>>16L);
-	l=d[1];
-	x2=(RC2_INT)l&0xffff;
-	x3=(RC2_INT)(l>>16L);
-
-	n=3;
-	i=5;
-
-	p0=p1= &(key->data[0]);
-	for (;;)
-		{
-		t=(x0+(x1& ~x3)+(x2&x3)+ *(p0++))&0xffff;
-		x0=(t<<1)|(t>>15);
-		t=(x1+(x2& ~x0)+(x3&x0)+ *(p0++))&0xffff;
-		x1=(t<<2)|(t>>14);
-		t=(x2+(x3& ~x1)+(x0&x1)+ *(p0++))&0xffff;
-		x2=(t<<3)|(t>>13);
-		t=(x3+(x0& ~x2)+(x1&x2)+ *(p0++))&0xffff;
-		x3=(t<<5)|(t>>11);
-
-		if (--i == 0)
-			{
-			if (--n == 0) break;
-			i=(n == 2)?6:5;
-
-			x0+=p1[x3&0x3f];
-			x1+=p1[x0&0x3f];
-			x2+=p1[x1&0x3f];
-			x3+=p1[x2&0x3f];
-			}
-		}
-
-	d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
-	d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
-	}
+{
+    int i, n;
+    register RC2_INT *p0, *p1;
+    register RC2_INT x0, x1, x2, x3, t;
+    unsigned long l;
+
+    l = d[0];
+    x0 = (RC2_INT) l & 0xffff;
+    x1 = (RC2_INT) (l >> 16L);
+    l = d[1];
+    x2 = (RC2_INT) l & 0xffff;
+    x3 = (RC2_INT) (l >> 16L);
+
+    n = 3;
+    i = 5;
+
+    p0 = p1 = &(key->data[0]);
+    for (;;) {
+        t = (x0 + (x1 & ~x3) + (x2 & x3) + *(p0++)) & 0xffff;
+        x0 = (t << 1) | (t >> 15);
+        t = (x1 + (x2 & ~x0) + (x3 & x0) + *(p0++)) & 0xffff;
+        x1 = (t << 2) | (t >> 14);
+        t = (x2 + (x3 & ~x1) + (x0 & x1) + *(p0++)) & 0xffff;
+        x2 = (t << 3) | (t >> 13);
+        t = (x3 + (x0 & ~x2) + (x1 & x2) + *(p0++)) & 0xffff;
+        x3 = (t << 5) | (t >> 11);
+
+        if (--i == 0) {
+            if (--n == 0)
+                break;
+            i = (n == 2) ? 6 : 5;
+
+            x0 += p1[x3 & 0x3f];
+            x1 += p1[x0 & 0x3f];
+            x2 += p1[x1 & 0x3f];
+            x3 += p1[x2 & 0x3f];
+        }
+    }
+
+    d[0] =
+        (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L);
+    d[1] =
+        (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L);
+}
 
 void RC2_decrypt(unsigned long *d, RC2_KEY *key)
-	{
-	int i,n;
-	register RC2_INT *p0,*p1;
-	register RC2_INT x0,x1,x2,x3,t;
-	unsigned long l;
-
-	l=d[0];
-	x0=(RC2_INT)l&0xffff;
-	x1=(RC2_INT)(l>>16L);
-	l=d[1];
-	x2=(RC2_INT)l&0xffff;
-	x3=(RC2_INT)(l>>16L);
-
-	n=3;
-	i=5;
-
-	p0= &(key->data[63]);
-	p1= &(key->data[0]);
-	for (;;)
-		{
-		t=((x3<<11)|(x3>>5))&0xffff;
-		x3=(t-(x0& ~x2)-(x1&x2)- *(p0--))&0xffff;
-		t=((x2<<13)|(x2>>3))&0xffff;
-		x2=(t-(x3& ~x1)-(x0&x1)- *(p0--))&0xffff;
-		t=((x1<<14)|(x1>>2))&0xffff;
-		x1=(t-(x2& ~x0)-(x3&x0)- *(p0--))&0xffff;
-		t=((x0<<15)|(x0>>1))&0xffff;
-		x0=(t-(x1& ~x3)-(x2&x3)- *(p0--))&0xffff;
-
-		if (--i == 0)
-			{
-			if (--n == 0) break;
-			i=(n == 2)?6:5;
-
-			x3=(x3-p1[x2&0x3f])&0xffff;
-			x2=(x2-p1[x1&0x3f])&0xffff;
-			x1=(x1-p1[x0&0x3f])&0xffff;
-			x0=(x0-p1[x3&0x3f])&0xffff;
-			}
-		}
-
-	d[0]=(unsigned long)(x0&0xffff)|((unsigned long)(x1&0xffff)<<16L);
-	d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L);
-	}
-
+{
+    int i, n;
+    register RC2_INT *p0, *p1;
+    register RC2_INT x0, x1, x2, x3, t;
+    unsigned long l;
+
+    l = d[0];
+    x0 = (RC2_INT) l & 0xffff;
+    x1 = (RC2_INT) (l >> 16L);
+    l = d[1];
+    x2 = (RC2_INT) l & 0xffff;
+    x3 = (RC2_INT) (l >> 16L);
+
+    n = 3;
+    i = 5;
+
+    p0 = &(key->data[63]);
+    p1 = &(key->data[0]);
+    for (;;) {
+        t = ((x3 << 11) | (x3 >> 5)) & 0xffff;
+        x3 = (t - (x0 & ~x2) - (x1 & x2) - *(p0--)) & 0xffff;
+        t = ((x2 << 13) | (x2 >> 3)) & 0xffff;
+        x2 = (t - (x3 & ~x1) - (x0 & x1) - *(p0--)) & 0xffff;
+        t = ((x1 << 14) | (x1 >> 2)) & 0xffff;
+        x1 = (t - (x2 & ~x0) - (x3 & x0) - *(p0--)) & 0xffff;
+        t = ((x0 << 15) | (x0 >> 1)) & 0xffff;
+        x0 = (t - (x1 & ~x3) - (x2 & x3) - *(p0--)) & 0xffff;
+
+        if (--i == 0) {
+            if (--n == 0)
+                break;
+            i = (n == 2) ? 6 : 5;
+
+            x3 = (x3 - p1[x2 & 0x3f]) & 0xffff;
+            x2 = (x2 - p1[x1 & 0x3f]) & 0xffff;
+            x1 = (x1 - p1[x0 & 0x3f]) & 0xffff;
+            x0 = (x0 - p1[x3 & 0x3f]) & 0xffff;
+        }
+    }
+
+    d[0] =
+        (unsigned long)(x0 & 0xffff) | ((unsigned long)(x1 & 0xffff) << 16L);
+    d[1] =
+        (unsigned long)(x2 & 0xffff) | ((unsigned long)(x3 & 0xffff) << 16L);
+}
diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c
index fff86c7a..48442a3f 100644
--- a/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c
+++ b/Cryptlib/OpenSSL/crypto/rc2/rc2_ecb.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -60,9 +60,10 @@
 #include "rc2_locl.h"
 #include <openssl/opensslv.h>
 
-const char RC2_version[]="RC2" OPENSSL_VERSION_PTEXT;
+const char RC2_version[] = "RC2" OPENSSL_VERSION_PTEXT;
 
-/* RC2 as implemented frm a posting from
+/*-
+ * RC2 as implemented frm a posting from
  * Newsgroups: sci.crypt
  * Sender: pgut01@cs.auckland.ac.nz (Peter Gutmann)
  * Subject: Specification for Ron Rivests Cipher No.2
@@ -71,18 +72,21 @@ const char RC2_version[]="RC2" OPENSSL_VERSION_PTEXT;
  */
 
 void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks,
-		     int encrypt)
-	{
-	unsigned long l,d[2];
-
-	c2l(in,l); d[0]=l;
-	c2l(in,l); d[1]=l;
-	if (encrypt)
-		RC2_encrypt(d,ks);
-	else
-		RC2_decrypt(d,ks);
-	l=d[0]; l2c(l,out);
-	l=d[1]; l2c(l,out);
-	l=d[0]=d[1]=0;
-	}
+                     int encrypt)
+{
+    unsigned long l, d[2];
 
+    c2l(in, l);
+    d[0] = l;
+    c2l(in, l);
+    d[1] = l;
+    if (encrypt)
+        RC2_encrypt(d, ks);
+    else
+        RC2_decrypt(d, ks);
+    l = d[0];
+    l2c(l, out);
+    l = d[1];
+    l2c(l, out);
+    l = d[0] = d[1] = 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c b/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c
index 4e000e5b..53633045 100644
--- a/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c
+++ b/Cryptlib/OpenSSL/crypto/rc2/rc2_skey.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,104 +59,107 @@
 #include <openssl/rc2.h>
 #include <openssl/crypto.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
 #include "rc2_locl.h"
 
-static unsigned char key_table[256]={
-	0xd9,0x78,0xf9,0xc4,0x19,0xdd,0xb5,0xed,0x28,0xe9,0xfd,0x79,
-	0x4a,0xa0,0xd8,0x9d,0xc6,0x7e,0x37,0x83,0x2b,0x76,0x53,0x8e,
-	0x62,0x4c,0x64,0x88,0x44,0x8b,0xfb,0xa2,0x17,0x9a,0x59,0xf5,
-	0x87,0xb3,0x4f,0x13,0x61,0x45,0x6d,0x8d,0x09,0x81,0x7d,0x32,
-	0xbd,0x8f,0x40,0xeb,0x86,0xb7,0x7b,0x0b,0xf0,0x95,0x21,0x22,
-	0x5c,0x6b,0x4e,0x82,0x54,0xd6,0x65,0x93,0xce,0x60,0xb2,0x1c,
-	0x73,0x56,0xc0,0x14,0xa7,0x8c,0xf1,0xdc,0x12,0x75,0xca,0x1f,
-	0x3b,0xbe,0xe4,0xd1,0x42,0x3d,0xd4,0x30,0xa3,0x3c,0xb6,0x26,
-	0x6f,0xbf,0x0e,0xda,0x46,0x69,0x07,0x57,0x27,0xf2,0x1d,0x9b,
-	0xbc,0x94,0x43,0x03,0xf8,0x11,0xc7,0xf6,0x90,0xef,0x3e,0xe7,
-	0x06,0xc3,0xd5,0x2f,0xc8,0x66,0x1e,0xd7,0x08,0xe8,0xea,0xde,
-	0x80,0x52,0xee,0xf7,0x84,0xaa,0x72,0xac,0x35,0x4d,0x6a,0x2a,
-	0x96,0x1a,0xd2,0x71,0x5a,0x15,0x49,0x74,0x4b,0x9f,0xd0,0x5e,
-	0x04,0x18,0xa4,0xec,0xc2,0xe0,0x41,0x6e,0x0f,0x51,0xcb,0xcc,
-	0x24,0x91,0xaf,0x50,0xa1,0xf4,0x70,0x39,0x99,0x7c,0x3a,0x85,
-	0x23,0xb8,0xb4,0x7a,0xfc,0x02,0x36,0x5b,0x25,0x55,0x97,0x31,
-	0x2d,0x5d,0xfa,0x98,0xe3,0x8a,0x92,0xae,0x05,0xdf,0x29,0x10,
-	0x67,0x6c,0xba,0xc9,0xd3,0x00,0xe6,0xcf,0xe1,0x9e,0xa8,0x2c,
-	0x63,0x16,0x01,0x3f,0x58,0xe2,0x89,0xa9,0x0d,0x38,0x34,0x1b,
-	0xab,0x33,0xff,0xb0,0xbb,0x48,0x0c,0x5f,0xb9,0xb1,0xcd,0x2e,
-	0xc5,0xf3,0xdb,0x47,0xe5,0xa5,0x9c,0x77,0x0a,0xa6,0x20,0x68,
-	0xfe,0x7f,0xc1,0xad,
-	};
+static unsigned char key_table[256] = {
+    0xd9, 0x78, 0xf9, 0xc4, 0x19, 0xdd, 0xb5, 0xed, 0x28, 0xe9, 0xfd, 0x79,
+    0x4a, 0xa0, 0xd8, 0x9d, 0xc6, 0x7e, 0x37, 0x83, 0x2b, 0x76, 0x53, 0x8e,
+    0x62, 0x4c, 0x64, 0x88, 0x44, 0x8b, 0xfb, 0xa2, 0x17, 0x9a, 0x59, 0xf5,
+    0x87, 0xb3, 0x4f, 0x13, 0x61, 0x45, 0x6d, 0x8d, 0x09, 0x81, 0x7d, 0x32,
+    0xbd, 0x8f, 0x40, 0xeb, 0x86, 0xb7, 0x7b, 0x0b, 0xf0, 0x95, 0x21, 0x22,
+    0x5c, 0x6b, 0x4e, 0x82, 0x54, 0xd6, 0x65, 0x93, 0xce, 0x60, 0xb2, 0x1c,
+    0x73, 0x56, 0xc0, 0x14, 0xa7, 0x8c, 0xf1, 0xdc, 0x12, 0x75, 0xca, 0x1f,
+    0x3b, 0xbe, 0xe4, 0xd1, 0x42, 0x3d, 0xd4, 0x30, 0xa3, 0x3c, 0xb6, 0x26,
+    0x6f, 0xbf, 0x0e, 0xda, 0x46, 0x69, 0x07, 0x57, 0x27, 0xf2, 0x1d, 0x9b,
+    0xbc, 0x94, 0x43, 0x03, 0xf8, 0x11, 0xc7, 0xf6, 0x90, 0xef, 0x3e, 0xe7,
+    0x06, 0xc3, 0xd5, 0x2f, 0xc8, 0x66, 0x1e, 0xd7, 0x08, 0xe8, 0xea, 0xde,
+    0x80, 0x52, 0xee, 0xf7, 0x84, 0xaa, 0x72, 0xac, 0x35, 0x4d, 0x6a, 0x2a,
+    0x96, 0x1a, 0xd2, 0x71, 0x5a, 0x15, 0x49, 0x74, 0x4b, 0x9f, 0xd0, 0x5e,
+    0x04, 0x18, 0xa4, 0xec, 0xc2, 0xe0, 0x41, 0x6e, 0x0f, 0x51, 0xcb, 0xcc,
+    0x24, 0x91, 0xaf, 0x50, 0xa1, 0xf4, 0x70, 0x39, 0x99, 0x7c, 0x3a, 0x85,
+    0x23, 0xb8, 0xb4, 0x7a, 0xfc, 0x02, 0x36, 0x5b, 0x25, 0x55, 0x97, 0x31,
+    0x2d, 0x5d, 0xfa, 0x98, 0xe3, 0x8a, 0x92, 0xae, 0x05, 0xdf, 0x29, 0x10,
+    0x67, 0x6c, 0xba, 0xc9, 0xd3, 0x00, 0xe6, 0xcf, 0xe1, 0x9e, 0xa8, 0x2c,
+    0x63, 0x16, 0x01, 0x3f, 0x58, 0xe2, 0x89, 0xa9, 0x0d, 0x38, 0x34, 0x1b,
+    0xab, 0x33, 0xff, 0xb0, 0xbb, 0x48, 0x0c, 0x5f, 0xb9, 0xb1, 0xcd, 0x2e,
+    0xc5, 0xf3, 0xdb, 0x47, 0xe5, 0xa5, 0x9c, 0x77, 0x0a, 0xa6, 0x20, 0x68,
+    0xfe, 0x7f, 0xc1, 0xad,
+};
 
 #if defined(_MSC_VER) && defined(_ARM_)
-#pragma optimize("g",off)
+# pragma optimize("g",off)
 #endif
 
-/* It has come to my attention that there are 2 versions of the RC2
- * key schedule.  One which is normal, and anther which has a hook to
- * use a reduced key length.
- * BSAFE uses the 'retarded' version.  What I previously shipped is
- * the same as specifying 1024 for the 'bits' parameter.  Bsafe uses
- * a version where the bits parameter is the same as len*8 */
+/*
+ * It has come to my attention that there are 2 versions of the RC2 key
+ * schedule.  One which is normal, and anther which has a hook to use a
+ * reduced key length. BSAFE uses the 'retarded' version.  What I previously
+ * shipped is the same as specifying 1024 for the 'bits' parameter.  Bsafe
+ * uses a version where the bits parameter is the same as len*8
+ */
 
 #ifdef OPENSSL_FIPS
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
-	{
-	if (FIPS_mode())
-		FIPS_BAD_ABORT(RC2)
-	private_RC2_set_key(key, len, data, bits);
-	}
+{
+    if (FIPS_mode())
+        FIPS_BAD_ABORT(RC2)
+            private_RC2_set_key(key, len, data, bits);
+}
+
 void private_RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,
-								int bits)
+                         int bits)
 #else
 void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits)
 #endif
-	{
-	int i,j;
-	unsigned char *k;
-	RC2_INT *ki;
-	unsigned int c,d;
-
-	k= (unsigned char *)&(key->data[0]);
-	*k=0; /* for if there is a zero length key */
-
-	if (len > 128) len=128;
-	if (bits <= 0) bits=1024;
-	if (bits > 1024) bits=1024;
-
-	for (i=0; i<len; i++)
-		k[i]=data[i];
-
-	/* expand table */
-	d=k[len-1];
-	j=0;
-	for (i=len; i < 128; i++,j++)
-		{
-		d=key_table[(k[j]+d)&0xff];
-		k[i]=d;
-		}
-
-	/* hmm.... key reduction to 'bits' bits */
-
-	j=(bits+7)>>3;
-	i=128-j;
-	c= (0xff>>(-bits & 0x07));
-
-	d=key_table[k[i]&c];
-	k[i]=d;
-	while (i--)
-		{
-		d=key_table[k[i+j]^d];
-		k[i]=d;
-		}
-
-	/* copy from bytes into RC2_INT's */
-	ki= &(key->data[63]);
-	for (i=127; i>=0; i-=2)
-		*(ki--)=((k[i]<<8)|k[i-1])&0xffff;
-	}
+{
+    int i, j;
+    unsigned char *k;
+    RC2_INT *ki;
+    unsigned int c, d;
+
+    k = (unsigned char *)&(key->data[0]);
+    *k = 0;                     /* for if there is a zero length key */
+
+    if (len > 128)
+        len = 128;
+    if (bits <= 0)
+        bits = 1024;
+    if (bits > 1024)
+        bits = 1024;
+
+    for (i = 0; i < len; i++)
+        k[i] = data[i];
+
+    /* expand table */
+    d = k[len - 1];
+    j = 0;
+    for (i = len; i < 128; i++, j++) {
+        d = key_table[(k[j] + d) & 0xff];
+        k[i] = d;
+    }
+
+    /* hmm.... key reduction to 'bits' bits */
+
+    j = (bits + 7) >> 3;
+    i = 128 - j;
+    c = (0xff >> (-bits & 0x07));
+
+    d = key_table[k[i] & c];
+    k[i] = d;
+    while (i--) {
+        d = key_table[k[i + j] ^ d];
+        k[i] = d;
+    }
+
+    /* copy from bytes into RC2_INT's */
+    ki = &(key->data[63]);
+    for (i = 127; i >= 0; i -= 2)
+        *(ki--) = ((k[i] << 8) | k[i - 1]) & 0xffff;
+}
 
 #if defined(_MSC_VER)
-#pragma optimize("",on)
+# pragma optimize("",on)
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c
index b3a0158a..8b5929fd 100644
--- a/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c
+++ b/Cryptlib/OpenSSL/crypto/rc2/rc2cfb64.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,64 +59,65 @@
 #include <openssl/rc2.h>
 #include "rc2_locl.h"
 
-/* The input and output encrypted as though 64bit cfb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
+/*
+ * The input and output encrypted as though 64bit cfb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
  */
 
 void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
-		       long length, RC2_KEY *schedule, unsigned char *ivec,
-		       int *num, int encrypt)
-	{
-	register unsigned long v0,v1,t;
-	register int n= *num;
-	register long l=length;
-	unsigned long ti[2];
-	unsigned char *iv,c,cc;
-
-	iv=(unsigned char *)ivec;
-	if (encrypt)
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0); ti[0]=v0;
-				c2l(iv,v1); ti[1]=v1;
-				RC2_encrypt((unsigned long *)ti,schedule);
-				iv=(unsigned char *)ivec;
-				t=ti[0]; l2c(t,iv);
-				t=ti[1]; l2c(t,iv);
-				iv=(unsigned char *)ivec;
-				}
-			c= *(in++)^iv[n];
-			*(out++)=c;
-			iv[n]=c;
-			n=(n+1)&0x07;
-			}
-		}
-	else
-		{
-		while (l--)
-			{
-			if (n == 0)
-				{
-				c2l(iv,v0); ti[0]=v0;
-				c2l(iv,v1); ti[1]=v1;
-				RC2_encrypt((unsigned long *)ti,schedule);
-				iv=(unsigned char *)ivec;
-				t=ti[0]; l2c(t,iv);
-				t=ti[1]; l2c(t,iv);
-				iv=(unsigned char *)ivec;
-				}
-			cc= *(in++);
-			c=iv[n];
-			iv[n]=cc;
-			*(out++)=c^cc;
-			n=(n+1)&0x07;
-			}
-		}
-	v0=v1=ti[0]=ti[1]=t=c=cc=0;
-	*num=n;
-	}
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num, int encrypt)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned long ti[2];
+    unsigned char *iv, c, cc;
 
+    iv = (unsigned char *)ivec;
+    if (encrypt) {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                RC2_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2c(t, iv);
+                t = ti[1];
+                l2c(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            c = *(in++) ^ iv[n];
+            *(out++) = c;
+            iv[n] = c;
+            n = (n + 1) & 0x07;
+        }
+    } else {
+        while (l--) {
+            if (n == 0) {
+                c2l(iv, v0);
+                ti[0] = v0;
+                c2l(iv, v1);
+                ti[1] = v1;
+                RC2_encrypt((unsigned long *)ti, schedule);
+                iv = (unsigned char *)ivec;
+                t = ti[0];
+                l2c(t, iv);
+                t = ti[1];
+                l2c(t, iv);
+                iv = (unsigned char *)ivec;
+            }
+            cc = *(in++);
+            c = iv[n];
+            iv[n] = cc;
+            *(out++) = c ^ cc;
+            n = (n + 1) & 0x07;
+        }
+    }
+    v0 = v1 = ti[0] = ti[1] = t = c = cc = 0;
+    *num = n;
+}
diff --git a/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c b/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c
index 9e297867..b9f4d8c3 100644
--- a/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c
+++ b/Cryptlib/OpenSSL/crypto/rc2/rc2ofb64.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,53 +59,52 @@
 #include <openssl/rc2.h>
 #include "rc2_locl.h"
 
-/* The input and output encrypted as though 64bit ofb mode is being
- * used.  The extra state information to record how much of the
- * 64bit block we have used is contained in *num;
+/*
+ * The input and output encrypted as though 64bit ofb mode is being used.
+ * The extra state information to record how much of the 64bit block we have
+ * used is contained in *num;
  */
 void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
-		       long length, RC2_KEY *schedule, unsigned char *ivec,
-		       int *num)
-	{
-	register unsigned long v0,v1,t;
-	register int n= *num;
-	register long l=length;
-	unsigned char d[8];
-	register char *dp;
-	unsigned long ti[2];
-	unsigned char *iv;
-	int save=0;
-
-	iv=(unsigned char *)ivec;
-	c2l(iv,v0);
-	c2l(iv,v1);
-	ti[0]=v0;
-	ti[1]=v1;
-	dp=(char *)d;
-	l2c(v0,dp);
-	l2c(v1,dp);
-	while (l--)
-		{
-		if (n == 0)
-			{
-			RC2_encrypt((unsigned long *)ti,schedule);
-			dp=(char *)d;
-			t=ti[0]; l2c(t,dp);
-			t=ti[1]; l2c(t,dp);
-			save++;
-			}
-		*(out++)= *(in++)^d[n];
-		n=(n+1)&0x07;
-		}
-	if (save)
-		{
-		v0=ti[0];
-		v1=ti[1];
-		iv=(unsigned char *)ivec;
-		l2c(v0,iv);
-		l2c(v1,iv);
-		}
-	t=v0=v1=ti[0]=ti[1]=0;
-	*num=n;
-	}
+                       long length, RC2_KEY *schedule, unsigned char *ivec,
+                       int *num)
+{
+    register unsigned long v0, v1, t;
+    register int n = *num;
+    register long l = length;
+    unsigned char d[8];
+    register char *dp;
+    unsigned long ti[2];
+    unsigned char *iv;
+    int save = 0;
 
+    iv = (unsigned char *)ivec;
+    c2l(iv, v0);
+    c2l(iv, v1);
+    ti[0] = v0;
+    ti[1] = v1;
+    dp = (char *)d;
+    l2c(v0, dp);
+    l2c(v1, dp);
+    while (l--) {
+        if (n == 0) {
+            RC2_encrypt((unsigned long *)ti, schedule);
+            dp = (char *)d;
+            t = ti[0];
+            l2c(t, dp);
+            t = ti[1];
+            l2c(t, dp);
+            save++;
+        }
+        *(out++) = *(in++) ^ d[n];
+        n = (n + 1) & 0x07;
+    }
+    if (save) {
+        v0 = ti[0];
+        v1 = ti[1];
+        iv = (unsigned char *)ivec;
+        l2c(v0, iv);
+        l2c(v1, iv);
+    }
+    t = v0 = v1 = ti[0] = ti[1] = 0;
+    *num = n;
+}
diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c
index 0660ea60..72cc8f65 100644
--- a/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c
+++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_enc.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,7 +59,8 @@
 #include <openssl/rc4.h>
 #include "rc4_locl.h"
 
-/* RC4 as implemented from a posting from
+/*-
+ * RC4 as implemented from a posting from
  * Newsgroups: sci.crypt
  * From: sterndark@netcom.com (David Sterndark)
  * Subject: RC4 Algorithm revealed.
@@ -68,248 +69,266 @@
  */
 
 void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
-	     unsigned char *outdata)
-	{
-        register RC4_INT *d;
-        register RC4_INT x,y,tx,ty;
-	int i;
-        
-        x=key->x;     
-        y=key->y;     
-        d=key->data; 
+         unsigned char *outdata)
+{
+    register RC4_INT *d;
+    register RC4_INT x, y, tx, ty;
+    int i;
+
+    x = key->x;
+    y = key->y;
+    d = key->data;
 
 #if defined(RC4_CHUNK)
-	/*
-	 * The original reason for implementing this(*) was the fact that
-	 * pre-21164a Alpha CPUs don't have byte load/store instructions
-	 * and e.g. a byte store has to be done with 64-bit load, shift,
-	 * and, or and finally 64-bit store. Peaking data and operating
-	 * at natural word size made it possible to reduce amount of
-	 * instructions as well as to perform early read-ahead without
-	 * suffering from RAW (read-after-write) hazard. This resulted
-	 * in ~40%(**) performance improvement on 21064 box with gcc.
-	 * But it's not only Alpha users who win here:-) Thanks to the
-	 * early-n-wide read-ahead this implementation also exhibits
-	 * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending
-	 * on sizeof(RC4_INT)).
-	 *
-	 * (*)	"this" means code which recognizes the case when input
-	 *	and output pointers appear to be aligned at natural CPU
-	 *	word boundary
-	 * (**)	i.e. according to 'apps/openssl speed rc4' benchmark,
-	 *	crypto/rc4/rc4speed.c exhibits almost 70% speed-up...
-	 *
-	 * Cavets.
-	 *
-	 * - RC4_CHUNK="unsigned long long" should be a #1 choice for
-	 *   UltraSPARC. Unfortunately gcc generates very slow code
-	 *   (2.5-3 times slower than one generated by Sun's WorkShop
-	 *   C) and therefore gcc (at least 2.95 and earlier) should
-	 *   always be told that RC4_CHUNK="unsigned long".
-	 *
-	 *					<appro@fy.chalmers.se>
-	 */
+    /*-
+     * The original reason for implementing this(*) was the fact that
+     * pre-21164a Alpha CPUs don't have byte load/store instructions
+     * and e.g. a byte store has to be done with 64-bit load, shift,
+     * and, or and finally 64-bit store. Peaking data and operating
+     * at natural word size made it possible to reduce amount of
+     * instructions as well as to perform early read-ahead without
+     * suffering from RAW (read-after-write) hazard. This resulted
+     * in ~40%(**) performance improvement on 21064 box with gcc.
+     * But it's not only Alpha users who win here:-) Thanks to the
+     * early-n-wide read-ahead this implementation also exhibits
+     * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending
+     * on sizeof(RC4_INT)).
+     *
+     * (*)  "this" means code which recognizes the case when input
+     *      and output pointers appear to be aligned at natural CPU
+     *      word boundary
+     * (**) i.e. according to 'apps/openssl speed rc4' benchmark,
+     *      crypto/rc4/rc4speed.c exhibits almost 70% speed-up...
+     *
+     * Cavets.
+     *
+     * - RC4_CHUNK="unsigned long long" should be a #1 choice for
+     *   UltraSPARC. Unfortunately gcc generates very slow code
+     *   (2.5-3 times slower than one generated by Sun's WorkShop
+     *   C) and therefore gcc (at least 2.95 and earlier) should
+     *   always be told that RC4_CHUNK="unsigned long".
+     *
+     *                                      <appro@fy.chalmers.se>
+     */
 
-# define RC4_STEP	( \
-			x=(x+1) &0xff,	\
-			tx=d[x],	\
-			y=(tx+y)&0xff,	\
-			ty=d[y],	\
-			d[y]=tx,	\
-			d[x]=ty,	\
-			(RC4_CHUNK)d[(tx+ty)&0xff]\
-			)
+# define RC4_STEP       ( \
+                        x=(x+1) &0xff,  \
+                        tx=d[x],        \
+                        y=(tx+y)&0xff,  \
+                        ty=d[y],        \
+                        d[y]=tx,        \
+                        d[x]=ty,        \
+                        (RC4_CHUNK)d[(tx+ty)&0xff]\
+                        )
 
-	if ( ( ((unsigned long)indata  & (sizeof(RC4_CHUNK)-1)) | 
-	       ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 )
-		{
-		RC4_CHUNK ichunk,otp;
-		const union { long one; char little; } is_endian = {1};
+    if ((((unsigned long)indata & (sizeof(RC4_CHUNK) - 1)) |
+         ((unsigned long)outdata & (sizeof(RC4_CHUNK) - 1))) == 0) {
+        RC4_CHUNK ichunk, otp;
+        const union {
+            long one;
+            char little;
+        } is_endian = {
+            1
+        };
 
-		/*
-		 * I reckon we can afford to implement both endian
-		 * cases and to decide which way to take at run-time
-		 * because the machine code appears to be very compact
-		 * and redundant 1-2KB is perfectly tolerable (i.e.
-		 * in case the compiler fails to eliminate it:-). By
-		 * suggestion from Terrel Larson <terr@terralogic.net>
-		 * who also stands for the is_endian union:-)
-		 *
-		 * Special notes.
-		 *
-		 * - is_endian is declared automatic as doing otherwise
-		 *   (declaring static) prevents gcc from eliminating
-		 *   the redundant code;
-		 * - compilers (those I've tried) don't seem to have
-		 *   problems eliminating either the operators guarded
-		 *   by "if (sizeof(RC4_CHUNK)==8)" or the condition
-		 *   expressions themselves so I've got 'em to replace
-		 *   corresponding #ifdefs from the previous version;
-		 * - I chose to let the redundant switch cases when
-		 *   sizeof(RC4_CHUNK)!=8 be (were also #ifdefed
-		 *   before);
-		 * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in
-		 *   [LB]ESHFT guards against "shift is out of range"
-		 *   warnings when sizeof(RC4_CHUNK)!=8 
-		 *
-		 *			<appro@fy.chalmers.se>
-		 */
-		if (!is_endian.little)
-			{	/* BIG-ENDIAN CASE */
-# define BESHFT(c)	(((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))
-			for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))
-				{
-				ichunk  = *(RC4_CHUNK *)indata;
-				otp  = RC4_STEP<<BESHFT(0);
-				otp |= RC4_STEP<<BESHFT(1);
-				otp |= RC4_STEP<<BESHFT(2);
-				otp |= RC4_STEP<<BESHFT(3);
-				if (sizeof(RC4_CHUNK)==8)
-					{
-					otp |= RC4_STEP<<BESHFT(4);
-					otp |= RC4_STEP<<BESHFT(5);
-					otp |= RC4_STEP<<BESHFT(6);
-					otp |= RC4_STEP<<BESHFT(7);
-					}
-				*(RC4_CHUNK *)outdata = otp^ichunk;
-				indata  += sizeof(RC4_CHUNK);
-				outdata += sizeof(RC4_CHUNK);
-				}
-			if (len)
-				{
-				RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;
+        /*-
+         * I reckon we can afford to implement both endian
+         * cases and to decide which way to take at run-time
+         * because the machine code appears to be very compact
+         * and redundant 1-2KB is perfectly tolerable (i.e.
+         * in case the compiler fails to eliminate it:-). By
+         * suggestion from Terrel Larson <terr@terralogic.net>
+         * who also stands for the is_endian union:-)
+         *
+         * Special notes.
+         *
+         * - is_endian is declared automatic as doing otherwise
+         *   (declaring static) prevents gcc from eliminating
+         *   the redundant code;
+         * - compilers (those I've tried) don't seem to have
+         *   problems eliminating either the operators guarded
+         *   by "if (sizeof(RC4_CHUNK)==8)" or the condition
+         *   expressions themselves so I've got 'em to replace
+         *   corresponding #ifdefs from the previous version;
+         * - I chose to let the redundant switch cases when
+         *   sizeof(RC4_CHUNK)!=8 be (were also #ifdefed
+         *   before);
+         * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in
+         *   [LB]ESHFT guards against "shift is out of range"
+         *   warnings when sizeof(RC4_CHUNK)!=8
+         *
+         *                      <appro@fy.chalmers.se>
+         */
+        if (!is_endian.little) { /* BIG-ENDIAN CASE */
+# define BESHFT(c)      (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1))
+            for (; len & ~(sizeof(RC4_CHUNK) - 1); len -= sizeof(RC4_CHUNK)) {
+                ichunk = *(RC4_CHUNK *) indata;
+                otp = RC4_STEP << BESHFT(0);
+                otp |= RC4_STEP << BESHFT(1);
+                otp |= RC4_STEP << BESHFT(2);
+                otp |= RC4_STEP << BESHFT(3);
+                if (sizeof(RC4_CHUNK) == 8) {
+                    otp |= RC4_STEP << BESHFT(4);
+                    otp |= RC4_STEP << BESHFT(5);
+                    otp |= RC4_STEP << BESHFT(6);
+                    otp |= RC4_STEP << BESHFT(7);
+                }
+                *(RC4_CHUNK *) outdata = otp ^ ichunk;
+                indata += sizeof(RC4_CHUNK);
+                outdata += sizeof(RC4_CHUNK);
+            }
+            if (len) {
+                RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk;
 
-				ichunk = *(RC4_CHUNK *)indata;
-				ochunk = *(RC4_CHUNK *)outdata;
-				otp = 0;
-				i = BESHFT(0);
-				mask <<= (sizeof(RC4_CHUNK)-len)<<3;
-				switch (len&(sizeof(RC4_CHUNK)-1))
-					{
-					case 7:	otp  = RC4_STEP<<i, i-=8;
-					case 6:	otp |= RC4_STEP<<i, i-=8;
-					case 5:	otp |= RC4_STEP<<i, i-=8;
-					case 4:	otp |= RC4_STEP<<i, i-=8;
-					case 3:	otp |= RC4_STEP<<i, i-=8;
-					case 2:	otp |= RC4_STEP<<i, i-=8;
-					case 1:	otp |= RC4_STEP<<i, i-=8;
-					case 0: ; /*
-						   * it's never the case,
-						   * but it has to be here
-						   * for ultrix?
-						   */
-					}
-				ochunk &= ~mask;
-				ochunk |= (otp^ichunk) & mask;
-				*(RC4_CHUNK *)outdata = ochunk;
-				}
-			key->x=x;     
-			key->y=y;
-			return;
-			}
-		else
-			{	/* LITTLE-ENDIAN CASE */
-# define LESHFT(c)	(((c)*8)&(sizeof(RC4_CHUNK)*8-1))
-			for (;len&~(sizeof(RC4_CHUNK)-1);len-=sizeof(RC4_CHUNK))
-				{
-				ichunk  = *(RC4_CHUNK *)indata;
-				otp  = RC4_STEP;
-				otp |= RC4_STEP<<8;
-				otp |= RC4_STEP<<16;
-				otp |= RC4_STEP<<24;
-				if (sizeof(RC4_CHUNK)==8)
-					{
-					otp |= RC4_STEP<<LESHFT(4);
-					otp |= RC4_STEP<<LESHFT(5);
-					otp |= RC4_STEP<<LESHFT(6);
-					otp |= RC4_STEP<<LESHFT(7);
-					}
-				*(RC4_CHUNK *)outdata = otp^ichunk;
-				indata  += sizeof(RC4_CHUNK);
-				outdata += sizeof(RC4_CHUNK);
-				}
-			if (len)
-				{
-				RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk;
+                ichunk = *(RC4_CHUNK *) indata;
+                ochunk = *(RC4_CHUNK *) outdata;
+                otp = 0;
+                i = BESHFT(0);
+                mask <<= (sizeof(RC4_CHUNK) - len) << 3;
+                switch (len & (sizeof(RC4_CHUNK) - 1)) {
+                case 7:
+                    otp = RC4_STEP << i, i -= 8;
+                case 6:
+                    otp |= RC4_STEP << i, i -= 8;
+                case 5:
+                    otp |= RC4_STEP << i, i -= 8;
+                case 4:
+                    otp |= RC4_STEP << i, i -= 8;
+                case 3:
+                    otp |= RC4_STEP << i, i -= 8;
+                case 2:
+                    otp |= RC4_STEP << i, i -= 8;
+                case 1:
+                    otp |= RC4_STEP << i, i -= 8;
+                case 0:;       /*
+                                 * it's never the case,
+                                 * but it has to be here
+                                 * for ultrix?
+                                 */
+                }
+                ochunk &= ~mask;
+                ochunk |= (otp ^ ichunk) & mask;
+                *(RC4_CHUNK *) outdata = ochunk;
+            }
+            key->x = x;
+            key->y = y;
+            return;
+        } else {                /* LITTLE-ENDIAN CASE */
+# define LESHFT(c)      (((c)*8)&(sizeof(RC4_CHUNK)*8-1))
+            for (; len & ~(sizeof(RC4_CHUNK) - 1); len -= sizeof(RC4_CHUNK)) {
+                ichunk = *(RC4_CHUNK *) indata;
+                otp = RC4_STEP;
+                otp |= RC4_STEP << 8;
+                otp |= RC4_STEP << 16;
+                otp |= RC4_STEP << 24;
+                if (sizeof(RC4_CHUNK) == 8) {
+                    otp |= RC4_STEP << LESHFT(4);
+                    otp |= RC4_STEP << LESHFT(5);
+                    otp |= RC4_STEP << LESHFT(6);
+                    otp |= RC4_STEP << LESHFT(7);
+                }
+                *(RC4_CHUNK *) outdata = otp ^ ichunk;
+                indata += sizeof(RC4_CHUNK);
+                outdata += sizeof(RC4_CHUNK);
+            }
+            if (len) {
+                RC4_CHUNK mask = (RC4_CHUNK) - 1, ochunk;
 
-				ichunk = *(RC4_CHUNK *)indata;
-				ochunk = *(RC4_CHUNK *)outdata;
-				otp = 0;
-				i   = 0;
-				mask >>= (sizeof(RC4_CHUNK)-len)<<3;
-				switch (len&(sizeof(RC4_CHUNK)-1))
-					{
-					case 7:	otp  = RC4_STEP,    i+=8;
-					case 6:	otp |= RC4_STEP<<i, i+=8;
-					case 5:	otp |= RC4_STEP<<i, i+=8;
-					case 4:	otp |= RC4_STEP<<i, i+=8;
-					case 3:	otp |= RC4_STEP<<i, i+=8;
-					case 2:	otp |= RC4_STEP<<i, i+=8;
-					case 1:	otp |= RC4_STEP<<i, i+=8;
-					case 0: ; /*
-						   * it's never the case,
-						   * but it has to be here
-						   * for ultrix?
-						   */
-					}
-				ochunk &= ~mask;
-				ochunk |= (otp^ichunk) & mask;
-				*(RC4_CHUNK *)outdata = ochunk;
-				}
-			key->x=x;     
-			key->y=y;
-			return;
-			}
-		}
+                ichunk = *(RC4_CHUNK *) indata;
+                ochunk = *(RC4_CHUNK *) outdata;
+                otp = 0;
+                i = 0;
+                mask >>= (sizeof(RC4_CHUNK) - len) << 3;
+                switch (len & (sizeof(RC4_CHUNK) - 1)) {
+                case 7:
+                    otp = RC4_STEP, i += 8;
+                case 6:
+                    otp |= RC4_STEP << i, i += 8;
+                case 5:
+                    otp |= RC4_STEP << i, i += 8;
+                case 4:
+                    otp |= RC4_STEP << i, i += 8;
+                case 3:
+                    otp |= RC4_STEP << i, i += 8;
+                case 2:
+                    otp |= RC4_STEP << i, i += 8;
+                case 1:
+                    otp |= RC4_STEP << i, i += 8;
+                case 0:;       /*
+                                 * it's never the case,
+                                 * but it has to be here
+                                 * for ultrix?
+                                 */
+                }
+                ochunk &= ~mask;
+                ochunk |= (otp ^ ichunk) & mask;
+                *(RC4_CHUNK *) outdata = ochunk;
+            }
+            key->x = x;
+            key->y = y;
+            return;
+        }
+    }
 #endif
 #define LOOP(in,out) \
-		x=((x+1)&0xff); \
-		tx=d[x]; \
-		y=(tx+y)&0xff; \
-		d[x]=ty=d[y]; \
-		d[y]=tx; \
-		(out) = d[(tx+ty)&0xff]^ (in);
+                x=((x+1)&0xff); \
+                tx=d[x]; \
+                y=(tx+y)&0xff; \
+                d[x]=ty=d[y]; \
+                d[y]=tx; \
+                (out) = d[(tx+ty)&0xff]^ (in);
 
 #ifndef RC4_INDEX
-#define RC4_LOOP(a,b,i)	LOOP(*((a)++),*((b)++))
+# define RC4_LOOP(a,b,i) LOOP(*((a)++),*((b)++))
 #else
-#define RC4_LOOP(a,b,i)	LOOP(a[i],b[i])
+# define RC4_LOOP(a,b,i) LOOP(a[i],b[i])
 #endif
 
-	i=(int)(len>>3L);
-	if (i)
-		{
-		for (;;)
-			{
-			RC4_LOOP(indata,outdata,0);
-			RC4_LOOP(indata,outdata,1);
-			RC4_LOOP(indata,outdata,2);
-			RC4_LOOP(indata,outdata,3);
-			RC4_LOOP(indata,outdata,4);
-			RC4_LOOP(indata,outdata,5);
-			RC4_LOOP(indata,outdata,6);
-			RC4_LOOP(indata,outdata,7);
+    i = (int)(len >> 3L);
+    if (i) {
+        for (;;) {
+            RC4_LOOP(indata, outdata, 0);
+            RC4_LOOP(indata, outdata, 1);
+            RC4_LOOP(indata, outdata, 2);
+            RC4_LOOP(indata, outdata, 3);
+            RC4_LOOP(indata, outdata, 4);
+            RC4_LOOP(indata, outdata, 5);
+            RC4_LOOP(indata, outdata, 6);
+            RC4_LOOP(indata, outdata, 7);
 #ifdef RC4_INDEX
-			indata+=8;
-			outdata+=8;
+            indata += 8;
+            outdata += 8;
 #endif
-			if (--i == 0) break;
-			}
-		}
-	i=(int)len&0x07;
-	if (i)
-		{
-		for (;;)
-			{
-			RC4_LOOP(indata,outdata,0); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,1); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,2); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,3); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,4); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,5); if (--i == 0) break;
-			RC4_LOOP(indata,outdata,6); if (--i == 0) break;
-			}
-		}               
-	key->x=x;     
-	key->y=y;
-	}
+            if (--i == 0)
+                break;
+        }
+    }
+    i = (int)len & 0x07;
+    if (i) {
+        for (;;) {
+            RC4_LOOP(indata, outdata, 0);
+            if (--i == 0)
+                break;
+            RC4_LOOP(indata, outdata, 1);
+            if (--i == 0)
+                break;
+            RC4_LOOP(indata, outdata, 2);
+            if (--i == 0)
+                break;
+            RC4_LOOP(indata, outdata, 3);
+            if (--i == 0)
+                break;
+            RC4_LOOP(indata, outdata, 4);
+            if (--i == 0)
+                break;
+            RC4_LOOP(indata, outdata, 5);
+            if (--i == 0)
+                break;
+            RC4_LOOP(indata, outdata, 6);
+            if (--i == 0)
+                break;
+        }
+    }
+    key->x = x;
+    key->y = y;
+}
diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c
index 1b2a4297..f2366851 100644
--- a/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c
+++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_fblk.c
@@ -1,5 +1,6 @@
 /* crypto/rc4/rc4_fblk.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -51,25 +52,24 @@
  * ====================================================================
  */
 
-
 #include <openssl/rc4.h>
 #include "rc4_locl.h"
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
-/* FIPS mode blocking for RC4 has to be done separately since RC4_set_key
- * may be implemented in an assembly language file.
+/*
+ * FIPS mode blocking for RC4 has to be done separately since RC4_set_key may
+ * be implemented in an assembly language file.
  */
 
 #ifdef OPENSSL_FIPS
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
-	{
-	if (FIPS_mode())
-		FIPS_BAD_ABORT(RC4)
-	private_RC4_set_key(key, len, data);
-	}
+{
+    if (FIPS_mode())
+        FIPS_BAD_ABORT(RC4)
+            private_RC4_set_key(key, len, data);
+}
 #endif
-
diff --git a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c
index d1dc912b..62121d90 100644
--- a/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c
+++ b/Cryptlib/OpenSSL/crypto/rc4/rc4_skey.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,28 +61,28 @@
 #include <openssl/opensslv.h>
 #include <openssl/crypto.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
-
-const char RC4_version[]="RC4" OPENSSL_VERSION_PTEXT;
+const char RC4_version[] = "RC4" OPENSSL_VERSION_PTEXT;
 
 const char *RC4_options(void)
-	{
+{
 #ifdef RC4_INDEX
-	if (sizeof(RC4_INT) == 1)
-		return("rc4(idx,char)");
-	else
-		return("rc4(idx,int)");
+    if (sizeof(RC4_INT) == 1)
+        return ("rc4(idx,char)");
+    else
+        return ("rc4(idx,int)");
 #else
-	if (sizeof(RC4_INT) == 1)
-		return("rc4(ptr,char)");
-	else
-		return("rc4(ptr,int)");
+    if (sizeof(RC4_INT) == 1)
+        return ("rc4(ptr,char)");
+    else
+        return ("rc4(ptr,int)");
 #endif
-	}
+}
 
-/* RC4 as implemented from a posting from
+/*-
+ * RC4 as implemented from a posting from
  * Newsgroups: sci.crypt
  * From: sterndark@netcom.com (David Sterndark)
  * Subject: RC4 Algorithm revealed.
@@ -95,71 +95,72 @@ void private_RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
 #else
 void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data)
 #endif
-	{
-        register RC4_INT tmp;
-        register int id1,id2;
-        register RC4_INT *d;
-        unsigned int i;
-        
-        d= &(key->data[0]);
-        key->x = 0;     
-        key->y = 0;     
-        id1=id2=0;     
+{
+    register RC4_INT tmp;
+    register int id1, id2;
+    register RC4_INT *d;
+    unsigned int i;
+
+    d = &(key->data[0]);
+    key->x = 0;
+    key->y = 0;
+    id1 = id2 = 0;
 
 #define SK_LOOP(d,n) { \
-		tmp=d[(n)]; \
-		id2 = (data[id1] + tmp + id2) & 0xff; \
-		if (++id1 == len) id1=0; \
-		d[(n)]=d[id2]; \
-		d[id2]=tmp; }
+                tmp=d[(n)]; \
+                id2 = (data[id1] + tmp + id2) & 0xff; \
+                if (++id1 == len) id1=0; \
+                d[(n)]=d[id2]; \
+                d[id2]=tmp; }
 
 #if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM)
-# if	defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
-	defined(__INTEL__) || \
-	defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64)
-	if (sizeof(RC4_INT) > 1) {
-		/*
-		 * Unlike all other x86 [and x86_64] implementations,
-		 * Intel P4 core [including EM64T] was found to perform
-		 * poorly with wider RC4_INT. Performance improvement
-		 * for IA-32 hand-coded assembler turned out to be 2.8x
-		 * if re-coded for RC4_CHAR! It's however inappropriate
-		 * to just switch to RC4_CHAR for x86[_64], as non-P4
-		 * implementations suffer from significant performance
-		 * losses then, e.g. PIII exhibits >2x deterioration,
-		 * and so does Opteron. In order to assure optimal
-		 * all-round performance, we detect P4 at run-time by
-		 * checking upon reserved bit 20 in CPU capability
-		 * vector and set up compressed key schedule, which is
-		 * recognized by correspondingly updated assembler
-		 * module... Bit 20 is set up by OPENSSL_ia32_cpuid.
-		 *
-		 *				<appro@fy.chalmers.se>
-		 */
-#ifdef OPENSSL_FIPS
-		unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc();
-		if (ia32cap_ptr && (*ia32cap_ptr & (1<<20))) {
-#else
-		if (OPENSSL_ia32cap_P & (1<<20)) {
-#endif
-			unsigned char *cp=(unsigned char *)d;
+# if    defined(__i386)   || defined(__i386__)   || defined(_M_IX86) || \
+        defined(__INTEL__) || \
+        defined(__x86_64) || defined(__x86_64__) || defined(_M_AMD64)
+    if (sizeof(RC4_INT) > 1) {
+        /*
+         * Unlike all other x86 [and x86_64] implementations,
+         * Intel P4 core [including EM64T] was found to perform
+         * poorly with wider RC4_INT. Performance improvement
+         * for IA-32 hand-coded assembler turned out to be 2.8x
+         * if re-coded for RC4_CHAR! It's however inappropriate
+         * to just switch to RC4_CHAR for x86[_64], as non-P4
+         * implementations suffer from significant performance
+         * losses then, e.g. PIII exhibits >2x deterioration,
+         * and so does Opteron. In order to assure optimal
+         * all-round performance, we detect P4 at run-time by
+         * checking upon reserved bit 20 in CPU capability
+         * vector and set up compressed key schedule, which is
+         * recognized by correspondingly updated assembler
+         * module... Bit 20 is set up by OPENSSL_ia32_cpuid.
+         *
+         *                              <appro@fy.chalmers.se>
+         */
+#  ifdef OPENSSL_FIPS
+        unsigned long *ia32cap_ptr = OPENSSL_ia32cap_loc();
+        if (ia32cap_ptr && (*ia32cap_ptr & (1 << 20))) {
+#  else
+        if (OPENSSL_ia32cap_P & (1 << 20)) {
+#  endif
+            unsigned char *cp = (unsigned char *)d;
 
-			for (i=0;i<256;i++) cp[i]=i;
-			for (i=0;i<256;i++) SK_LOOP(cp,i);
-			/* mark schedule as compressed! */
-			d[256/sizeof(RC4_INT)]=-1;
-			return;
-		}
-	}
+            for (i = 0; i < 256; i++)
+                cp[i] = i;
+            for (i = 0; i < 256; i++)
+                SK_LOOP(cp, i);
+            /* mark schedule as compressed! */
+            d[256 / sizeof(RC4_INT)] = -1;
+            return;
+        }
+    }
 # endif
 #endif
-	for (i=0; i < 256; i++) d[i]=i;
-	for (i=0; i < 256; i+=4)
-		{
-		SK_LOOP(d,i+0);
-		SK_LOOP(d,i+1);
-		SK_LOOP(d,i+2);
-		SK_LOOP(d,i+3);
-		}
-	}
-    
+    for (i = 0; i < 256; i++)
+        d[i] = i;
+    for (i = 0; i < 256; i += 4) {
+        SK_LOOP(d, i + 0);
+        SK_LOOP(d, i + 1);
+        SK_LOOP(d, i + 2);
+        SK_LOOP(d, i + 3);
+    }
+}
diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c
index ead11d07..236a5ed8 100644
--- a/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c
+++ b/Cryptlib/OpenSSL/crypto/ripemd/rmd_dgst.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,238 +61,279 @@
 #include <openssl/opensslv.h>
 #include <openssl/err.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
+const char RMD160_version[] = "RIPE-MD160" OPENSSL_VERSION_PTEXT;
 
-const char RMD160_version[]="RIPE-MD160" OPENSSL_VERSION_PTEXT;
-
-#  ifdef RMD160_ASM
-     void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,size_t num);
-#    define ripemd160_block ripemd160_block_x86
-#  else
-     void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,size_t num);
-#  endif
+#ifdef RMD160_ASM
+void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p, size_t num);
+# define ripemd160_block ripemd160_block_x86
+#else
+void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p, size_t num);
+#endif
 
 FIPS_NON_FIPS_MD_Init(RIPEMD160)
-	{
-	c->A=RIPEMD160_A;
-	c->B=RIPEMD160_B;
-	c->C=RIPEMD160_C;
-	c->D=RIPEMD160_D;
-	c->E=RIPEMD160_E;
-	c->Nl=0;
-	c->Nh=0;
-	c->num=0;
-	return 1;
-	}
+{
+    c->A = RIPEMD160_A;
+    c->B = RIPEMD160_B;
+    c->C = RIPEMD160_C;
+    c->D = RIPEMD160_D;
+    c->E = RIPEMD160_E;
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    return 1;
+}
 
 #ifndef ripemd160_block_data_order
-#ifdef X
-#undef X
-#endif
-void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, size_t num)
-	{
-	const unsigned char *data=p;
-	register unsigned MD32_REG_T A,B,C,D,E;
-	unsigned MD32_REG_T a,b,c,d,e,l;
-#ifndef MD32_XARRAY
-	/* See comment in crypto/sha/sha_locl.h for details. */
-	unsigned MD32_REG_T	XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
-				XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15;
-# define X(i)	XX##i
-#else
-	RIPEMD160_LONG	XX[16];
-# define X(i)	XX[i]
-#endif
+# ifdef X
+#  undef X
+# endif
+void ripemd160_block_data_order(RIPEMD160_CTX *ctx, const void *p, size_t num)
+{
+    const unsigned char *data = p;
+    register unsigned MD32_REG_T A, B, C, D, E;
+    unsigned MD32_REG_T a, b, c, d, e, l;
+# ifndef MD32_XARRAY
+    /* See comment in crypto/sha/sha_locl.h for details. */
+    unsigned MD32_REG_T XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7,
+        XX8, XX9, XX10, XX11, XX12, XX13, XX14, XX15;
+#  define X(i)   XX##i
+# else
+    RIPEMD160_LONG XX[16];
+#  define X(i)   XX[i]
+# endif
 
-	for (;num--;)
-		{
+    for (; num--;) {
 
-	A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
+        A = ctx->A;
+        B = ctx->B;
+        C = ctx->C;
+        D = ctx->D;
+        E = ctx->E;
 
-	HOST_c2l(data,l); X( 0)=l;	HOST_c2l(data,l); X( 1)=l;
-	RIP1(A,B,C,D,E,WL00,SL00);	HOST_c2l(data,l); X( 2)=l;
-	RIP1(E,A,B,C,D,WL01,SL01);	HOST_c2l(data,l); X( 3)=l;
-	RIP1(D,E,A,B,C,WL02,SL02);	HOST_c2l(data,l); X( 4)=l;
-	RIP1(C,D,E,A,B,WL03,SL03);	HOST_c2l(data,l); X( 5)=l;
-	RIP1(B,C,D,E,A,WL04,SL04);	HOST_c2l(data,l); X( 6)=l;
-	RIP1(A,B,C,D,E,WL05,SL05);	HOST_c2l(data,l); X( 7)=l;
-	RIP1(E,A,B,C,D,WL06,SL06);	HOST_c2l(data,l); X( 8)=l;
-	RIP1(D,E,A,B,C,WL07,SL07);	HOST_c2l(data,l); X( 9)=l;
-	RIP1(C,D,E,A,B,WL08,SL08);	HOST_c2l(data,l); X(10)=l;
-	RIP1(B,C,D,E,A,WL09,SL09);	HOST_c2l(data,l); X(11)=l;
-	RIP1(A,B,C,D,E,WL10,SL10);	HOST_c2l(data,l); X(12)=l;
-	RIP1(E,A,B,C,D,WL11,SL11);	HOST_c2l(data,l); X(13)=l;
-	RIP1(D,E,A,B,C,WL12,SL12);	HOST_c2l(data,l); X(14)=l;
-	RIP1(C,D,E,A,B,WL13,SL13);	HOST_c2l(data,l); X(15)=l;
-	RIP1(B,C,D,E,A,WL14,SL14);
-	RIP1(A,B,C,D,E,WL15,SL15);
+        HOST_c2l(data, l);
+        X(0) = l;
+        HOST_c2l(data, l);
+        X(1) = l;
+        RIP1(A, B, C, D, E, WL00, SL00);
+        HOST_c2l(data, l);
+        X(2) = l;
+        RIP1(E, A, B, C, D, WL01, SL01);
+        HOST_c2l(data, l);
+        X(3) = l;
+        RIP1(D, E, A, B, C, WL02, SL02);
+        HOST_c2l(data, l);
+        X(4) = l;
+        RIP1(C, D, E, A, B, WL03, SL03);
+        HOST_c2l(data, l);
+        X(5) = l;
+        RIP1(B, C, D, E, A, WL04, SL04);
+        HOST_c2l(data, l);
+        X(6) = l;
+        RIP1(A, B, C, D, E, WL05, SL05);
+        HOST_c2l(data, l);
+        X(7) = l;
+        RIP1(E, A, B, C, D, WL06, SL06);
+        HOST_c2l(data, l);
+        X(8) = l;
+        RIP1(D, E, A, B, C, WL07, SL07);
+        HOST_c2l(data, l);
+        X(9) = l;
+        RIP1(C, D, E, A, B, WL08, SL08);
+        HOST_c2l(data, l);
+        X(10) = l;
+        RIP1(B, C, D, E, A, WL09, SL09);
+        HOST_c2l(data, l);
+        X(11) = l;
+        RIP1(A, B, C, D, E, WL10, SL10);
+        HOST_c2l(data, l);
+        X(12) = l;
+        RIP1(E, A, B, C, D, WL11, SL11);
+        HOST_c2l(data, l);
+        X(13) = l;
+        RIP1(D, E, A, B, C, WL12, SL12);
+        HOST_c2l(data, l);
+        X(14) = l;
+        RIP1(C, D, E, A, B, WL13, SL13);
+        HOST_c2l(data, l);
+        X(15) = l;
+        RIP1(B, C, D, E, A, WL14, SL14);
+        RIP1(A, B, C, D, E, WL15, SL15);
 
-	RIP2(E,A,B,C,D,WL16,SL16,KL1);
-	RIP2(D,E,A,B,C,WL17,SL17,KL1);
-	RIP2(C,D,E,A,B,WL18,SL18,KL1);
-	RIP2(B,C,D,E,A,WL19,SL19,KL1);
-	RIP2(A,B,C,D,E,WL20,SL20,KL1);
-	RIP2(E,A,B,C,D,WL21,SL21,KL1);
-	RIP2(D,E,A,B,C,WL22,SL22,KL1);
-	RIP2(C,D,E,A,B,WL23,SL23,KL1);
-	RIP2(B,C,D,E,A,WL24,SL24,KL1);
-	RIP2(A,B,C,D,E,WL25,SL25,KL1);
-	RIP2(E,A,B,C,D,WL26,SL26,KL1);
-	RIP2(D,E,A,B,C,WL27,SL27,KL1);
-	RIP2(C,D,E,A,B,WL28,SL28,KL1);
-	RIP2(B,C,D,E,A,WL29,SL29,KL1);
-	RIP2(A,B,C,D,E,WL30,SL30,KL1);
-	RIP2(E,A,B,C,D,WL31,SL31,KL1);
+        RIP2(E, A, B, C, D, WL16, SL16, KL1);
+        RIP2(D, E, A, B, C, WL17, SL17, KL1);
+        RIP2(C, D, E, A, B, WL18, SL18, KL1);
+        RIP2(B, C, D, E, A, WL19, SL19, KL1);
+        RIP2(A, B, C, D, E, WL20, SL20, KL1);
+        RIP2(E, A, B, C, D, WL21, SL21, KL1);
+        RIP2(D, E, A, B, C, WL22, SL22, KL1);
+        RIP2(C, D, E, A, B, WL23, SL23, KL1);
+        RIP2(B, C, D, E, A, WL24, SL24, KL1);
+        RIP2(A, B, C, D, E, WL25, SL25, KL1);
+        RIP2(E, A, B, C, D, WL26, SL26, KL1);
+        RIP2(D, E, A, B, C, WL27, SL27, KL1);
+        RIP2(C, D, E, A, B, WL28, SL28, KL1);
+        RIP2(B, C, D, E, A, WL29, SL29, KL1);
+        RIP2(A, B, C, D, E, WL30, SL30, KL1);
+        RIP2(E, A, B, C, D, WL31, SL31, KL1);
 
-	RIP3(D,E,A,B,C,WL32,SL32,KL2);
-	RIP3(C,D,E,A,B,WL33,SL33,KL2);
-	RIP3(B,C,D,E,A,WL34,SL34,KL2);
-	RIP3(A,B,C,D,E,WL35,SL35,KL2);
-	RIP3(E,A,B,C,D,WL36,SL36,KL2);
-	RIP3(D,E,A,B,C,WL37,SL37,KL2);
-	RIP3(C,D,E,A,B,WL38,SL38,KL2);
-	RIP3(B,C,D,E,A,WL39,SL39,KL2);
-	RIP3(A,B,C,D,E,WL40,SL40,KL2);
-	RIP3(E,A,B,C,D,WL41,SL41,KL2);
-	RIP3(D,E,A,B,C,WL42,SL42,KL2);
-	RIP3(C,D,E,A,B,WL43,SL43,KL2);
-	RIP3(B,C,D,E,A,WL44,SL44,KL2);
-	RIP3(A,B,C,D,E,WL45,SL45,KL2);
-	RIP3(E,A,B,C,D,WL46,SL46,KL2);
-	RIP3(D,E,A,B,C,WL47,SL47,KL2);
+        RIP3(D, E, A, B, C, WL32, SL32, KL2);
+        RIP3(C, D, E, A, B, WL33, SL33, KL2);
+        RIP3(B, C, D, E, A, WL34, SL34, KL2);
+        RIP3(A, B, C, D, E, WL35, SL35, KL2);
+        RIP3(E, A, B, C, D, WL36, SL36, KL2);
+        RIP3(D, E, A, B, C, WL37, SL37, KL2);
+        RIP3(C, D, E, A, B, WL38, SL38, KL2);
+        RIP3(B, C, D, E, A, WL39, SL39, KL2);
+        RIP3(A, B, C, D, E, WL40, SL40, KL2);
+        RIP3(E, A, B, C, D, WL41, SL41, KL2);
+        RIP3(D, E, A, B, C, WL42, SL42, KL2);
+        RIP3(C, D, E, A, B, WL43, SL43, KL2);
+        RIP3(B, C, D, E, A, WL44, SL44, KL2);
+        RIP3(A, B, C, D, E, WL45, SL45, KL2);
+        RIP3(E, A, B, C, D, WL46, SL46, KL2);
+        RIP3(D, E, A, B, C, WL47, SL47, KL2);
 
-	RIP4(C,D,E,A,B,WL48,SL48,KL3);
-	RIP4(B,C,D,E,A,WL49,SL49,KL3);
-	RIP4(A,B,C,D,E,WL50,SL50,KL3);
-	RIP4(E,A,B,C,D,WL51,SL51,KL3);
-	RIP4(D,E,A,B,C,WL52,SL52,KL3);
-	RIP4(C,D,E,A,B,WL53,SL53,KL3);
-	RIP4(B,C,D,E,A,WL54,SL54,KL3);
-	RIP4(A,B,C,D,E,WL55,SL55,KL3);
-	RIP4(E,A,B,C,D,WL56,SL56,KL3);
-	RIP4(D,E,A,B,C,WL57,SL57,KL3);
-	RIP4(C,D,E,A,B,WL58,SL58,KL3);
-	RIP4(B,C,D,E,A,WL59,SL59,KL3);
-	RIP4(A,B,C,D,E,WL60,SL60,KL3);
-	RIP4(E,A,B,C,D,WL61,SL61,KL3);
-	RIP4(D,E,A,B,C,WL62,SL62,KL3);
-	RIP4(C,D,E,A,B,WL63,SL63,KL3);
+        RIP4(C, D, E, A, B, WL48, SL48, KL3);
+        RIP4(B, C, D, E, A, WL49, SL49, KL3);
+        RIP4(A, B, C, D, E, WL50, SL50, KL3);
+        RIP4(E, A, B, C, D, WL51, SL51, KL3);
+        RIP4(D, E, A, B, C, WL52, SL52, KL3);
+        RIP4(C, D, E, A, B, WL53, SL53, KL3);
+        RIP4(B, C, D, E, A, WL54, SL54, KL3);
+        RIP4(A, B, C, D, E, WL55, SL55, KL3);
+        RIP4(E, A, B, C, D, WL56, SL56, KL3);
+        RIP4(D, E, A, B, C, WL57, SL57, KL3);
+        RIP4(C, D, E, A, B, WL58, SL58, KL3);
+        RIP4(B, C, D, E, A, WL59, SL59, KL3);
+        RIP4(A, B, C, D, E, WL60, SL60, KL3);
+        RIP4(E, A, B, C, D, WL61, SL61, KL3);
+        RIP4(D, E, A, B, C, WL62, SL62, KL3);
+        RIP4(C, D, E, A, B, WL63, SL63, KL3);
 
-	RIP5(B,C,D,E,A,WL64,SL64,KL4);
-	RIP5(A,B,C,D,E,WL65,SL65,KL4);
-	RIP5(E,A,B,C,D,WL66,SL66,KL4);
-	RIP5(D,E,A,B,C,WL67,SL67,KL4);
-	RIP5(C,D,E,A,B,WL68,SL68,KL4);
-	RIP5(B,C,D,E,A,WL69,SL69,KL4);
-	RIP5(A,B,C,D,E,WL70,SL70,KL4);
-	RIP5(E,A,B,C,D,WL71,SL71,KL4);
-	RIP5(D,E,A,B,C,WL72,SL72,KL4);
-	RIP5(C,D,E,A,B,WL73,SL73,KL4);
-	RIP5(B,C,D,E,A,WL74,SL74,KL4);
-	RIP5(A,B,C,D,E,WL75,SL75,KL4);
-	RIP5(E,A,B,C,D,WL76,SL76,KL4);
-	RIP5(D,E,A,B,C,WL77,SL77,KL4);
-	RIP5(C,D,E,A,B,WL78,SL78,KL4);
-	RIP5(B,C,D,E,A,WL79,SL79,KL4);
+        RIP5(B, C, D, E, A, WL64, SL64, KL4);
+        RIP5(A, B, C, D, E, WL65, SL65, KL4);
+        RIP5(E, A, B, C, D, WL66, SL66, KL4);
+        RIP5(D, E, A, B, C, WL67, SL67, KL4);
+        RIP5(C, D, E, A, B, WL68, SL68, KL4);
+        RIP5(B, C, D, E, A, WL69, SL69, KL4);
+        RIP5(A, B, C, D, E, WL70, SL70, KL4);
+        RIP5(E, A, B, C, D, WL71, SL71, KL4);
+        RIP5(D, E, A, B, C, WL72, SL72, KL4);
+        RIP5(C, D, E, A, B, WL73, SL73, KL4);
+        RIP5(B, C, D, E, A, WL74, SL74, KL4);
+        RIP5(A, B, C, D, E, WL75, SL75, KL4);
+        RIP5(E, A, B, C, D, WL76, SL76, KL4);
+        RIP5(D, E, A, B, C, WL77, SL77, KL4);
+        RIP5(C, D, E, A, B, WL78, SL78, KL4);
+        RIP5(B, C, D, E, A, WL79, SL79, KL4);
 
-	a=A; b=B; c=C; d=D; e=E;
-	/* Do other half */
-	A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E;
+        a = A;
+        b = B;
+        c = C;
+        d = D;
+        e = E;
+        /* Do other half */
+        A = ctx->A;
+        B = ctx->B;
+        C = ctx->C;
+        D = ctx->D;
+        E = ctx->E;
 
-	RIP5(A,B,C,D,E,WR00,SR00,KR0);
-	RIP5(E,A,B,C,D,WR01,SR01,KR0);
-	RIP5(D,E,A,B,C,WR02,SR02,KR0);
-	RIP5(C,D,E,A,B,WR03,SR03,KR0);
-	RIP5(B,C,D,E,A,WR04,SR04,KR0);
-	RIP5(A,B,C,D,E,WR05,SR05,KR0);
-	RIP5(E,A,B,C,D,WR06,SR06,KR0);
-	RIP5(D,E,A,B,C,WR07,SR07,KR0);
-	RIP5(C,D,E,A,B,WR08,SR08,KR0);
-	RIP5(B,C,D,E,A,WR09,SR09,KR0);
-	RIP5(A,B,C,D,E,WR10,SR10,KR0);
-	RIP5(E,A,B,C,D,WR11,SR11,KR0);
-	RIP5(D,E,A,B,C,WR12,SR12,KR0);
-	RIP5(C,D,E,A,B,WR13,SR13,KR0);
-	RIP5(B,C,D,E,A,WR14,SR14,KR0);
-	RIP5(A,B,C,D,E,WR15,SR15,KR0);
+        RIP5(A, B, C, D, E, WR00, SR00, KR0);
+        RIP5(E, A, B, C, D, WR01, SR01, KR0);
+        RIP5(D, E, A, B, C, WR02, SR02, KR0);
+        RIP5(C, D, E, A, B, WR03, SR03, KR0);
+        RIP5(B, C, D, E, A, WR04, SR04, KR0);
+        RIP5(A, B, C, D, E, WR05, SR05, KR0);
+        RIP5(E, A, B, C, D, WR06, SR06, KR0);
+        RIP5(D, E, A, B, C, WR07, SR07, KR0);
+        RIP5(C, D, E, A, B, WR08, SR08, KR0);
+        RIP5(B, C, D, E, A, WR09, SR09, KR0);
+        RIP5(A, B, C, D, E, WR10, SR10, KR0);
+        RIP5(E, A, B, C, D, WR11, SR11, KR0);
+        RIP5(D, E, A, B, C, WR12, SR12, KR0);
+        RIP5(C, D, E, A, B, WR13, SR13, KR0);
+        RIP5(B, C, D, E, A, WR14, SR14, KR0);
+        RIP5(A, B, C, D, E, WR15, SR15, KR0);
 
-	RIP4(E,A,B,C,D,WR16,SR16,KR1);
-	RIP4(D,E,A,B,C,WR17,SR17,KR1);
-	RIP4(C,D,E,A,B,WR18,SR18,KR1);
-	RIP4(B,C,D,E,A,WR19,SR19,KR1);
-	RIP4(A,B,C,D,E,WR20,SR20,KR1);
-	RIP4(E,A,B,C,D,WR21,SR21,KR1);
-	RIP4(D,E,A,B,C,WR22,SR22,KR1);
-	RIP4(C,D,E,A,B,WR23,SR23,KR1);
-	RIP4(B,C,D,E,A,WR24,SR24,KR1);
-	RIP4(A,B,C,D,E,WR25,SR25,KR1);
-	RIP4(E,A,B,C,D,WR26,SR26,KR1);
-	RIP4(D,E,A,B,C,WR27,SR27,KR1);
-	RIP4(C,D,E,A,B,WR28,SR28,KR1);
-	RIP4(B,C,D,E,A,WR29,SR29,KR1);
-	RIP4(A,B,C,D,E,WR30,SR30,KR1);
-	RIP4(E,A,B,C,D,WR31,SR31,KR1);
+        RIP4(E, A, B, C, D, WR16, SR16, KR1);
+        RIP4(D, E, A, B, C, WR17, SR17, KR1);
+        RIP4(C, D, E, A, B, WR18, SR18, KR1);
+        RIP4(B, C, D, E, A, WR19, SR19, KR1);
+        RIP4(A, B, C, D, E, WR20, SR20, KR1);
+        RIP4(E, A, B, C, D, WR21, SR21, KR1);
+        RIP4(D, E, A, B, C, WR22, SR22, KR1);
+        RIP4(C, D, E, A, B, WR23, SR23, KR1);
+        RIP4(B, C, D, E, A, WR24, SR24, KR1);
+        RIP4(A, B, C, D, E, WR25, SR25, KR1);
+        RIP4(E, A, B, C, D, WR26, SR26, KR1);
+        RIP4(D, E, A, B, C, WR27, SR27, KR1);
+        RIP4(C, D, E, A, B, WR28, SR28, KR1);
+        RIP4(B, C, D, E, A, WR29, SR29, KR1);
+        RIP4(A, B, C, D, E, WR30, SR30, KR1);
+        RIP4(E, A, B, C, D, WR31, SR31, KR1);
 
-	RIP3(D,E,A,B,C,WR32,SR32,KR2);
-	RIP3(C,D,E,A,B,WR33,SR33,KR2);
-	RIP3(B,C,D,E,A,WR34,SR34,KR2);
-	RIP3(A,B,C,D,E,WR35,SR35,KR2);
-	RIP3(E,A,B,C,D,WR36,SR36,KR2);
-	RIP3(D,E,A,B,C,WR37,SR37,KR2);
-	RIP3(C,D,E,A,B,WR38,SR38,KR2);
-	RIP3(B,C,D,E,A,WR39,SR39,KR2);
-	RIP3(A,B,C,D,E,WR40,SR40,KR2);
-	RIP3(E,A,B,C,D,WR41,SR41,KR2);
-	RIP3(D,E,A,B,C,WR42,SR42,KR2);
-	RIP3(C,D,E,A,B,WR43,SR43,KR2);
-	RIP3(B,C,D,E,A,WR44,SR44,KR2);
-	RIP3(A,B,C,D,E,WR45,SR45,KR2);
-	RIP3(E,A,B,C,D,WR46,SR46,KR2);
-	RIP3(D,E,A,B,C,WR47,SR47,KR2);
+        RIP3(D, E, A, B, C, WR32, SR32, KR2);
+        RIP3(C, D, E, A, B, WR33, SR33, KR2);
+        RIP3(B, C, D, E, A, WR34, SR34, KR2);
+        RIP3(A, B, C, D, E, WR35, SR35, KR2);
+        RIP3(E, A, B, C, D, WR36, SR36, KR2);
+        RIP3(D, E, A, B, C, WR37, SR37, KR2);
+        RIP3(C, D, E, A, B, WR38, SR38, KR2);
+        RIP3(B, C, D, E, A, WR39, SR39, KR2);
+        RIP3(A, B, C, D, E, WR40, SR40, KR2);
+        RIP3(E, A, B, C, D, WR41, SR41, KR2);
+        RIP3(D, E, A, B, C, WR42, SR42, KR2);
+        RIP3(C, D, E, A, B, WR43, SR43, KR2);
+        RIP3(B, C, D, E, A, WR44, SR44, KR2);
+        RIP3(A, B, C, D, E, WR45, SR45, KR2);
+        RIP3(E, A, B, C, D, WR46, SR46, KR2);
+        RIP3(D, E, A, B, C, WR47, SR47, KR2);
 
-	RIP2(C,D,E,A,B,WR48,SR48,KR3);
-	RIP2(B,C,D,E,A,WR49,SR49,KR3);
-	RIP2(A,B,C,D,E,WR50,SR50,KR3);
-	RIP2(E,A,B,C,D,WR51,SR51,KR3);
-	RIP2(D,E,A,B,C,WR52,SR52,KR3);
-	RIP2(C,D,E,A,B,WR53,SR53,KR3);
-	RIP2(B,C,D,E,A,WR54,SR54,KR3);
-	RIP2(A,B,C,D,E,WR55,SR55,KR3);
-	RIP2(E,A,B,C,D,WR56,SR56,KR3);
-	RIP2(D,E,A,B,C,WR57,SR57,KR3);
-	RIP2(C,D,E,A,B,WR58,SR58,KR3);
-	RIP2(B,C,D,E,A,WR59,SR59,KR3);
-	RIP2(A,B,C,D,E,WR60,SR60,KR3);
-	RIP2(E,A,B,C,D,WR61,SR61,KR3);
-	RIP2(D,E,A,B,C,WR62,SR62,KR3);
-	RIP2(C,D,E,A,B,WR63,SR63,KR3);
+        RIP2(C, D, E, A, B, WR48, SR48, KR3);
+        RIP2(B, C, D, E, A, WR49, SR49, KR3);
+        RIP2(A, B, C, D, E, WR50, SR50, KR3);
+        RIP2(E, A, B, C, D, WR51, SR51, KR3);
+        RIP2(D, E, A, B, C, WR52, SR52, KR3);
+        RIP2(C, D, E, A, B, WR53, SR53, KR3);
+        RIP2(B, C, D, E, A, WR54, SR54, KR3);
+        RIP2(A, B, C, D, E, WR55, SR55, KR3);
+        RIP2(E, A, B, C, D, WR56, SR56, KR3);
+        RIP2(D, E, A, B, C, WR57, SR57, KR3);
+        RIP2(C, D, E, A, B, WR58, SR58, KR3);
+        RIP2(B, C, D, E, A, WR59, SR59, KR3);
+        RIP2(A, B, C, D, E, WR60, SR60, KR3);
+        RIP2(E, A, B, C, D, WR61, SR61, KR3);
+        RIP2(D, E, A, B, C, WR62, SR62, KR3);
+        RIP2(C, D, E, A, B, WR63, SR63, KR3);
 
-	RIP1(B,C,D,E,A,WR64,SR64);
-	RIP1(A,B,C,D,E,WR65,SR65);
-	RIP1(E,A,B,C,D,WR66,SR66);
-	RIP1(D,E,A,B,C,WR67,SR67);
-	RIP1(C,D,E,A,B,WR68,SR68);
-	RIP1(B,C,D,E,A,WR69,SR69);
-	RIP1(A,B,C,D,E,WR70,SR70);
-	RIP1(E,A,B,C,D,WR71,SR71);
-	RIP1(D,E,A,B,C,WR72,SR72);
-	RIP1(C,D,E,A,B,WR73,SR73);
-	RIP1(B,C,D,E,A,WR74,SR74);
-	RIP1(A,B,C,D,E,WR75,SR75);
-	RIP1(E,A,B,C,D,WR76,SR76);
-	RIP1(D,E,A,B,C,WR77,SR77);
-	RIP1(C,D,E,A,B,WR78,SR78);
-	RIP1(B,C,D,E,A,WR79,SR79);
+        RIP1(B, C, D, E, A, WR64, SR64);
+        RIP1(A, B, C, D, E, WR65, SR65);
+        RIP1(E, A, B, C, D, WR66, SR66);
+        RIP1(D, E, A, B, C, WR67, SR67);
+        RIP1(C, D, E, A, B, WR68, SR68);
+        RIP1(B, C, D, E, A, WR69, SR69);
+        RIP1(A, B, C, D, E, WR70, SR70);
+        RIP1(E, A, B, C, D, WR71, SR71);
+        RIP1(D, E, A, B, C, WR72, SR72);
+        RIP1(C, D, E, A, B, WR73, SR73);
+        RIP1(B, C, D, E, A, WR74, SR74);
+        RIP1(A, B, C, D, E, WR75, SR75);
+        RIP1(E, A, B, C, D, WR76, SR76);
+        RIP1(D, E, A, B, C, WR77, SR77);
+        RIP1(C, D, E, A, B, WR78, SR78);
+        RIP1(B, C, D, E, A, WR79, SR79);
 
-	D     =ctx->B+c+D;
-	ctx->B=ctx->C+d+E;
-	ctx->C=ctx->D+e+A;
-	ctx->D=ctx->E+a+B;
-	ctx->E=ctx->A+b+C;
-	ctx->A=D;
+        D = ctx->B + c + D;
+        ctx->B = ctx->C + d + E;
+        ctx->C = ctx->D + e + A;
+        ctx->D = ctx->E + a + B;
+        ctx->E = ctx->A + b + C;
+        ctx->A = D;
 
-		}
-	}
+    }
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c b/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c
index 3efb1375..666e01a4 100644
--- a/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c
+++ b/Cryptlib/OpenSSL/crypto/ripemd/rmd_one.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -61,18 +61,17 @@
 #include <openssl/ripemd.h>
 #include <openssl/crypto.h>
 
-unsigned char *RIPEMD160(const unsigned char *d, size_t n,
-	     unsigned char *md)
-	{
-	RIPEMD160_CTX c;
-	static unsigned char m[RIPEMD160_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	if (!RIPEMD160_Init(&c))
-		return NULL;
-	RIPEMD160_Update(&c,d,n);
-	RIPEMD160_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
-	return(md);
-	}
+unsigned char *RIPEMD160(const unsigned char *d, size_t n, unsigned char *md)
+{
+    RIPEMD160_CTX c;
+    static unsigned char m[RIPEMD160_DIGEST_LENGTH];
 
+    if (md == NULL)
+        md = m;
+    if (!RIPEMD160_Init(&c))
+        return NULL;
+    RIPEMD160_Update(&c, d, n);
+    RIPEMD160_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c)); /* security consideration */
+    return (md);
+}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c
index 6e8a803e..5286321d 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c
@@ -1,6 +1,7 @@
 /* rsa_asn1.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2000.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
  */
 /* ====================================================================
  * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,48 +63,50 @@
 #include <openssl/rsa.h>
 #include <openssl/asn1t.h>
 
-static ASN1_METHOD method={
-        (I2D_OF(void))     i2d_RSAPrivateKey,
-        (D2I_OF(void))     d2i_RSAPrivateKey,
-        (void *(*)(void))  RSA_new,
-        (void (*)(void *)) RSA_free};
+static ASN1_METHOD method = {
+    (I2D_OF(void)) i2d_RSAPrivateKey,
+    (D2I_OF(void)) d2i_RSAPrivateKey,
+    (void *(*)(void))RSA_new,
+    (void (*)(void *))RSA_free
+};
 
 ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
-	{
-	return(&method);
-	}
+{
+    return (&method);
+}
 
 /* Override the default free and new methods */
 static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
 {
-	if(operation == ASN1_OP_NEW_PRE) {
-		*pval = (ASN1_VALUE *)RSA_new();
-		if(*pval) return 2;
-		return 0;
-	} else if(operation == ASN1_OP_FREE_PRE) {
-		RSA_free((RSA *)*pval);
-		*pval = NULL;
-		return 2;
-	}
-	return 1;
+    if (operation == ASN1_OP_NEW_PRE) {
+        *pval = (ASN1_VALUE *)RSA_new();
+        if (*pval)
+            return 2;
+        return 0;
+    } else if (operation == ASN1_OP_FREE_PRE) {
+        RSA_free((RSA *)*pval);
+        *pval = NULL;
+        return 2;
+    }
+    return 1;
 }
 
 ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
-	ASN1_SIMPLE(RSA, version, LONG),
-	ASN1_SIMPLE(RSA, n, BIGNUM),
-	ASN1_SIMPLE(RSA, e, BIGNUM),
-	ASN1_SIMPLE(RSA, d, BIGNUM),
-	ASN1_SIMPLE(RSA, p, BIGNUM),
-	ASN1_SIMPLE(RSA, q, BIGNUM),
-	ASN1_SIMPLE(RSA, dmp1, BIGNUM),
-	ASN1_SIMPLE(RSA, dmq1, BIGNUM),
-	ASN1_SIMPLE(RSA, iqmp, BIGNUM)
+        ASN1_SIMPLE(RSA, version, LONG),
+        ASN1_SIMPLE(RSA, n, BIGNUM),
+        ASN1_SIMPLE(RSA, e, BIGNUM),
+        ASN1_SIMPLE(RSA, d, BIGNUM),
+        ASN1_SIMPLE(RSA, p, BIGNUM),
+        ASN1_SIMPLE(RSA, q, BIGNUM),
+        ASN1_SIMPLE(RSA, dmp1, BIGNUM),
+        ASN1_SIMPLE(RSA, dmq1, BIGNUM),
+        ASN1_SIMPLE(RSA, iqmp, BIGNUM)
 } ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey)
 
 
 ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
-	ASN1_SIMPLE(RSA, n, BIGNUM),
-	ASN1_SIMPLE(RSA, e, BIGNUM),
+        ASN1_SIMPLE(RSA, n, BIGNUM),
+        ASN1_SIMPLE(RSA, e, BIGNUM),
 } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)
@@ -111,11 +114,11 @@ IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey)
 
 RSA *RSAPublicKey_dup(RSA *rsa)
-	{
-	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);
-	}
+{
+    return ASN1_item_dup(ASN1_ITEM_rptr(RSAPublicKey), rsa);
+}
 
 RSA *RSAPrivateKey_dup(RSA *rsa)
-	{
-	return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);
-	}
+{
+    return ASN1_item_dup(ASN1_ITEM_rptr(RSAPrivateKey), rsa);
+}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c
index 9d848db8..67724f85 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -52,133 +52,158 @@
 #include <openssl/err.h>
 #include <openssl/rsa.h>
 
-
 int RSA_check_key(const RSA *key)
-	{
-	BIGNUM *i, *j, *k, *l, *m;
-	BN_CTX *ctx;
-	int r;
-	int ret=1;
-	
-	i = BN_new();
-	j = BN_new();
-	k = BN_new();
-	l = BN_new();
-	m = BN_new();
-	ctx = BN_CTX_new();
-	if (i == NULL || j == NULL || k == NULL || l == NULL ||
-		m == NULL || ctx == NULL)
-		{
-		ret = -1;
-		RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	
-	/* p prime? */
-	r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
-	if (r != 1)
-		{
-		ret = r;
-		if (r != 0)
-			goto err;
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
-		}
-	
-	/* q prime? */
-	r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
-	if (r != 1)
-		{
-		ret = r;
-		if (r != 0)
-			goto err;
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
-		}
-	
-	/* n = p*q? */
-	r = BN_mul(i, key->p, key->q, ctx);
-	if (!r) { ret = -1; goto err; }
-	
-	if (BN_cmp(i, key->n) != 0)
-		{
-		ret = 0;
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
-		}
-	
-	/* d*e = 1  mod lcm(p-1,q-1)? */
-
-	r = BN_sub(i, key->p, BN_value_one());
-	if (!r) { ret = -1; goto err; }
-	r = BN_sub(j, key->q, BN_value_one());
-	if (!r) { ret = -1; goto err; }
-
-	/* now compute k = lcm(i,j) */
-	r = BN_mul(l, i, j, ctx);
-	if (!r) { ret = -1; goto err; }
-	r = BN_gcd(m, i, j, ctx);
-	if (!r) { ret = -1; goto err; }
-	r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
-	if (!r) { ret = -1; goto err; }
-
-	r = BN_mod_mul(i, key->d, key->e, k, ctx);
-	if (!r) { ret = -1; goto err; }
-
-	if (!BN_is_one(i))
-		{
-		ret = 0;
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
-		}
-	
-	if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL)
-		{
-		/* dmp1 = d mod (p-1)? */
-		r = BN_sub(i, key->p, BN_value_one());
-		if (!r) { ret = -1; goto err; }
-
-		r = BN_mod(j, key->d, i, ctx);
-		if (!r) { ret = -1; goto err; }
-
-		if (BN_cmp(j, key->dmp1) != 0)
-			{
-			ret = 0;
-			RSAerr(RSA_F_RSA_CHECK_KEY,
-				RSA_R_DMP1_NOT_CONGRUENT_TO_D);
-			}
-	
-		/* dmq1 = d mod (q-1)? */    
-		r = BN_sub(i, key->q, BN_value_one());
-		if (!r) { ret = -1; goto err; }
-	
-		r = BN_mod(j, key->d, i, ctx);
-		if (!r) { ret = -1; goto err; }
-
-		if (BN_cmp(j, key->dmq1) != 0)
-			{
-			ret = 0;
-			RSAerr(RSA_F_RSA_CHECK_KEY,
-				RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
-			}
-	
-		/* iqmp = q^-1 mod p? */
-		if(!BN_mod_inverse(i, key->q, key->p, ctx))
-			{
-			ret = -1;
-			goto err;
-			}
-
-		if (BN_cmp(i, key->iqmp) != 0)
-			{
-			ret = 0;
-			RSAerr(RSA_F_RSA_CHECK_KEY,
-				RSA_R_IQMP_NOT_INVERSE_OF_Q);
-			}
-		}
+{
+    BIGNUM *i, *j, *k, *l, *m;
+    BN_CTX *ctx;
+    int r;
+    int ret = 1;
+
+    i = BN_new();
+    j = BN_new();
+    k = BN_new();
+    l = BN_new();
+    m = BN_new();
+    ctx = BN_CTX_new();
+    if (i == NULL || j == NULL || k == NULL || l == NULL ||
+        m == NULL || ctx == NULL) {
+        ret = -1;
+        RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /* p prime? */
+    r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL);
+    if (r != 1) {
+        ret = r;
+        if (r != 0)
+            goto err;
+        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
+    }
+
+    /* q prime? */
+    r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL);
+    if (r != 1) {
+        ret = r;
+        if (r != 0)
+            goto err;
+        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
+    }
+
+    /* n = p*q? */
+    r = BN_mul(i, key->p, key->q, ctx);
+    if (!r) {
+        ret = -1;
+        goto err;
+    }
+
+    if (BN_cmp(i, key->n) != 0) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
+    }
+
+    /* d*e = 1  mod lcm(p-1,q-1)? */
+
+    r = BN_sub(i, key->p, BN_value_one());
+    if (!r) {
+        ret = -1;
+        goto err;
+    }
+    r = BN_sub(j, key->q, BN_value_one());
+    if (!r) {
+        ret = -1;
+        goto err;
+    }
+
+    /* now compute k = lcm(i,j) */
+    r = BN_mul(l, i, j, ctx);
+    if (!r) {
+        ret = -1;
+        goto err;
+    }
+    r = BN_gcd(m, i, j, ctx);
+    if (!r) {
+        ret = -1;
+        goto err;
+    }
+    r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
+    if (!r) {
+        ret = -1;
+        goto err;
+    }
+
+    r = BN_mod_mul(i, key->d, key->e, k, ctx);
+    if (!r) {
+        ret = -1;
+        goto err;
+    }
+
+    if (!BN_is_one(i)) {
+        ret = 0;
+        RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
+    }
+
+    if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
+        /* dmp1 = d mod (p-1)? */
+        r = BN_sub(i, key->p, BN_value_one());
+        if (!r) {
+            ret = -1;
+            goto err;
+        }
+
+        r = BN_mod(j, key->d, i, ctx);
+        if (!r) {
+            ret = -1;
+            goto err;
+        }
+
+        if (BN_cmp(j, key->dmp1) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMP1_NOT_CONGRUENT_TO_D);
+        }
+
+        /* dmq1 = d mod (q-1)? */
+        r = BN_sub(i, key->q, BN_value_one());
+        if (!r) {
+            ret = -1;
+            goto err;
+        }
+
+        r = BN_mod(j, key->d, i, ctx);
+        if (!r) {
+            ret = -1;
+            goto err;
+        }
+
+        if (BN_cmp(j, key->dmq1) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
+        }
+
+        /* iqmp = q^-1 mod p? */
+        if (!BN_mod_inverse(i, key->q, key->p, ctx)) {
+            ret = -1;
+            goto err;
+        }
+
+        if (BN_cmp(i, key->iqmp) != 0) {
+            ret = 0;
+            RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_IQMP_NOT_INVERSE_OF_Q);
+        }
+    }
 
  err:
-	if (i != NULL) BN_free(i);
-	if (j != NULL) BN_free(j);
-	if (k != NULL) BN_free(k);
-	if (l != NULL) BN_free(l);
-	if (m != NULL) BN_free(m);
-	if (ctx != NULL) BN_CTX_free(ctx);
-	return (ret);
-	}
+    if (i != NULL)
+        BN_free(i);
+    if (j != NULL)
+        BN_free(j);
+    if (k != NULL)
+        BN_free(k);
+    if (l != NULL)
+        BN_free(l);
+    if (m != NULL)
+        BN_free(m);
+    if (ctx != NULL)
+        BN_CTX_free(ctx);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c
index a859ded9..32f0c888 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,8 +53,10 @@
  *
  */
 
-/* NB: This file contains deprecated functions (compatibility wrappers to the
- * "new" versions). */
+/*
+ * NB: This file contains deprecated functions (compatibility wrappers to the
+ * "new" versions).
+ */
 
 #include <stdio.h>
 #include <time.h>
@@ -64,38 +66,42 @@
 
 #ifdef OPENSSL_NO_DEPRECATED
 
-static void *dummy=&dummy;
+static void *dummy = &dummy;
 
 #else
 
 RSA *RSA_generate_key(int bits, unsigned long e_value,
-	     void (*callback)(int,int,void *), void *cb_arg)
-	{
-	BN_GENCB cb;
-	int i;
-	RSA *rsa = RSA_new();
-	BIGNUM *e = BN_new();
+                      void (*callback) (int, int, void *), void *cb_arg)
+{
+    BN_GENCB cb;
+    int i;
+    RSA *rsa = RSA_new();
+    BIGNUM *e = BN_new();
 
-	if(!rsa || !e) goto err;
+    if (!rsa || !e)
+        goto err;
 
-	/* The problem is when building with 8, 16, or 32 BN_ULONG,
-	 * unsigned long can be larger */
-	for (i=0; i<(int)sizeof(unsigned long)*8; i++)
-		{
-		if (e_value & (1UL<<i))
-			if (BN_set_bit(e,i) == 0)
-				goto err;
-		}
+    /*
+     * The problem is when building with 8, 16, or 32 BN_ULONG, unsigned long
+     * can be larger
+     */
+    for (i = 0; i < (int)sizeof(unsigned long) * 8; i++) {
+        if (e_value & (1UL << i))
+            if (BN_set_bit(e, i) == 0)
+                goto err;
+    }
 
-	BN_GENCB_set_old(&cb, callback, cb_arg);
+    BN_GENCB_set_old(&cb, callback, cb_arg);
 
-	if(RSA_generate_key_ex(rsa, bits, e, &cb)) {
-		BN_free(e);
-		return rsa;
-	}
-err:
-	if(e) BN_free(e);
-	if(rsa) RSA_free(rsa);
-	return 0;
-	}
+    if (RSA_generate_key_ex(rsa, bits, e, &cb)) {
+        BN_free(e);
+        return rsa;
+    }
+ err:
+    if (e)
+        BN_free(e);
+    if (rsa)
+        RSA_free(rsa);
+    return 0;
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c
index 203d7023..57b5d25c 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,7 +63,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -118,796 +118,785 @@
 #if !defined(RSA_NULL) && !defined(OPENSSL_FIPS)
 
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
+                                  unsigned char *to, RSA *rsa, int padding);
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
+                                   unsigned char *to, RSA *rsa, int padding);
 static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
+                                  unsigned char *to, RSA *rsa, int padding);
 static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
+                                   unsigned char *to, RSA *rsa, int padding);
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+                           BN_CTX *ctx);
 static int RSA_eay_init(RSA *rsa);
 static int RSA_eay_finish(RSA *rsa);
-static RSA_METHOD rsa_pkcs1_eay_meth={
-	"Eric Young's PKCS#1 RSA",
-	RSA_eay_public_encrypt,
-	RSA_eay_public_decrypt, /* signature verification */
-	RSA_eay_private_encrypt, /* signing */
-	RSA_eay_private_decrypt,
-	RSA_eay_mod_exp,
-	BN_mod_exp_mont, /* XXX probably we should not use Montgomery if  e == 3 */
-	RSA_eay_init,
-	RSA_eay_finish,
-	0, /* flags */
-	NULL,
-	0, /* rsa_sign */
-	0, /* rsa_verify */
-	NULL /* rsa_keygen */
-	};
+static RSA_METHOD rsa_pkcs1_eay_meth = {
+    "Eric Young's PKCS#1 RSA",
+    RSA_eay_public_encrypt,
+    RSA_eay_public_decrypt,     /* signature verification */
+    RSA_eay_private_encrypt,    /* signing */
+    RSA_eay_private_decrypt,
+    RSA_eay_mod_exp,
+    BN_mod_exp_mont,            /* XXX probably we should not use Montgomery
+                                 * if e == 3 */
+    RSA_eay_init,
+    RSA_eay_finish,
+    0,                          /* flags */
+    NULL,
+    0,                          /* rsa_sign */
+    0,                          /* rsa_verify */
+    NULL                        /* rsa_keygen */
+};
 
 const RSA_METHOD *RSA_PKCS1_SSLeay(void)
-	{
-	return(&rsa_pkcs1_eay_meth);
-	}
+{
+    return (&rsa_pkcs1_eay_meth);
+}
 
 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	BIGNUM *f,*ret;
-	int i,j,k,num=0,r= -1;
-	unsigned char *buf=NULL;
-	BN_CTX *ctx=NULL;
-
-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
-		return -1;
-		}
-
-	if (BN_ucmp(rsa->n, rsa->e) <= 0)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
-		return -1;
-		}
-
-	/* for large moduli, enforce exponent limit */
-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
-		{
-		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
-			{
-			RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
-			return -1;
-			}
-		}
-	
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
-	BN_CTX_start(ctx);
-	f = BN_CTX_get(ctx);
-	ret = BN_CTX_get(ctx);
-	num=BN_num_bytes(rsa->n);
-	buf = OPENSSL_malloc(num);
-	if (!f || !ret || !buf)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	switch (padding)
-		{
-	case RSA_PKCS1_PADDING:
-		i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
-		break;
-#ifndef OPENSSL_NO_SHA
-	case RSA_PKCS1_OAEP_PADDING:
-	        i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
-		break;
-#endif
-	case RSA_SSLV23_PADDING:
-		i=RSA_padding_add_SSLv23(buf,num,from,flen);
-		break;
-	case RSA_NO_PADDING:
-		i=RSA_padding_add_none(buf,num,from,flen);
-		break;
-	default:
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-		}
-	if (i <= 0) goto err;
-
-	if (BN_bin2bn(buf,num,f) == NULL) goto err;
-	
-	if (BN_ucmp(f, rsa->n) >= 0)
-		{
-		/* usually the padding functions would catch this */
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-		goto err;
-		}
-
-	if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
-			goto err;
-
-	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
-		rsa->_method_mod_n)) goto err;
-
-	/* put in leading 0 bytes if the number is less than the
-	 * length of the modulus */
-	j=BN_num_bytes(ret);
-	i=BN_bn2bin(ret,&(to[num-j]));
-	for (k=0; k<(num-i); k++)
-		to[k]=0;
-
-	r=num;
-err:
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	if (buf != NULL) 
-		{
-		OPENSSL_cleanse(buf,num);
-		OPENSSL_free(buf);
-		}
-	return(r);
-	}
+                                  unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret;
+    int i, j, k, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
+        RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
+        return -1;
+    }
+
+    if (BN_ucmp(rsa->n, rsa->e) <= 0) {
+        RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+        return -1;
+    }
+
+    /* for large moduli, enforce exponent limit */
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
+        if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
+            RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+            return -1;
+        }
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (!f || !ret || !buf) {
+        RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
+        break;
+# ifndef OPENSSL_NO_SHA
+    case RSA_PKCS1_OAEP_PADDING:
+        i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
+        break;
+# endif
+    case RSA_SSLV23_PADDING:
+        i = RSA_padding_add_SSLv23(buf, num, from, flen);
+        break;
+    case RSA_NO_PADDING:
+        i = RSA_padding_add_none(buf, num, from, flen);
+        break;
+    default:
+        RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (i <= 0)
+        goto err;
+
+    if (BN_bin2bn(buf, num, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        /* usually the padding functions would catch this */
+        RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked
+            (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+            goto err;
+
+    if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
+                               rsa->_method_mod_n))
+        goto err;
+
+    /*
+     * put in leading 0 bytes if the number is less than the length of the
+     * modulus
+     */
+    j = BN_num_bytes(ret);
+    i = BN_bn2bin(ret, &(to[num - j]));
+    for (k = 0; k < (num - i); k++)
+        to[k] = 0;
+
+    r = num;
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    if (buf != NULL) {
+        OPENSSL_cleanse(buf, num);
+        OPENSSL_free(buf);
+    }
+    return (r);
+}
 
 static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
 {
-	BN_BLINDING *ret;
-	int got_write_lock = 0;
-
-	CRYPTO_r_lock(CRYPTO_LOCK_RSA);
-
-	if (rsa->blinding == NULL)
-		{
-		CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
-		CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-		got_write_lock = 1;
-
-		if (rsa->blinding == NULL)
-			rsa->blinding = RSA_setup_blinding(rsa, ctx);
-		}
-
-	ret = rsa->blinding;
-	if (ret == NULL)
-		goto err;
-
-	if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id())
-		{
-		/* rsa->blinding is ours! */
-
-		*local = 1;
-		}
-	else
-		{
-		/* resort to rsa->mt_blinding instead */
-
-		*local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert()
-		             * that the BN_BLINDING is shared, meaning that accesses
-		             * require locks, and that the blinding factor must be
-		             * stored outside the BN_BLINDING
-		             */
-
-		if (rsa->mt_blinding == NULL)
-			{
-			if (!got_write_lock)
-				{
-				CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
-				CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-				got_write_lock = 1;
-				}
-			
-			if (rsa->mt_blinding == NULL)
-				rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
-			}
-		ret = rsa->mt_blinding;
-		}
+    BN_BLINDING *ret;
+    int got_write_lock = 0;
+
+    CRYPTO_r_lock(CRYPTO_LOCK_RSA);
+
+    if (rsa->blinding == NULL) {
+        CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+        got_write_lock = 1;
+
+        if (rsa->blinding == NULL)
+            rsa->blinding = RSA_setup_blinding(rsa, ctx);
+    }
+
+    ret = rsa->blinding;
+    if (ret == NULL)
+        goto err;
+
+    if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) {
+        /* rsa->blinding is ours! */
+
+        *local = 1;
+    } else {
+        /* resort to rsa->mt_blinding instead */
+
+        /*
+         * instructs rsa_blinding_convert(), rsa_blinding_invert() that the
+         * BN_BLINDING is shared, meaning that accesses require locks, and
+         * that the blinding factor must be stored outside the BN_BLINDING
+         */
+        *local = 0;
+
+        if (rsa->mt_blinding == NULL) {
+            if (!got_write_lock) {
+                CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+                CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+                got_write_lock = 1;
+            }
+
+            if (rsa->mt_blinding == NULL)
+                rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
+        }
+        ret = rsa->mt_blinding;
+    }
 
  err:
-	if (got_write_lock)
-		CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-	else
-		CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
-	return ret;
+    if (got_write_lock)
+        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+    else
+        CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+    return ret;
 }
 
 static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
-	BN_CTX *ctx)
-	{
-	if (unblind == NULL)
-		/* Local blinding: store the unblinding factor
-		 * in BN_BLINDING. */
-		return BN_BLINDING_convert_ex(f, NULL, b, ctx);
-	else
-		{
-		/* Shared blinding: store the unblinding factor
-		 * outside BN_BLINDING. */
-		int ret;
-		CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
-		ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
-		CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
-		return ret;
-		}
-	}
+                                BN_CTX *ctx)
+{
+    if (unblind == NULL)
+        /*
+         * Local blinding: store the unblinding factor in BN_BLINDING.
+         */
+        return BN_BLINDING_convert_ex(f, NULL, b, ctx);
+    else {
+        /*
+         * Shared blinding: store the unblinding factor outside BN_BLINDING.
+         */
+        int ret;
+        CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
+        ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
+        CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
+        return ret;
+    }
+}
 
 static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
-	BN_CTX *ctx)
-	{
-	/* For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
-	 * will use the unblinding factor stored in BN_BLINDING.
-	 * If BN_BLINDING is shared between threads, unblind must be non-null:
-	 * BN_BLINDING_invert_ex will then use the local unblinding factor,
-	 * and will only read the modulus from BN_BLINDING.
-	 * In both cases it's safe to access the blinding without a lock.
-	 */
-	return BN_BLINDING_invert_ex(f, unblind, b, ctx);
-	}
+                               BN_CTX *ctx)
+{
+    /*
+     * For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
+     * will use the unblinding factor stored in BN_BLINDING. If BN_BLINDING
+     * is shared between threads, unblind must be non-null:
+     * BN_BLINDING_invert_ex will then use the local unblinding factor, and
+     * will only read the modulus from BN_BLINDING. In both cases it's safe
+     * to access the blinding without a lock.
+     */
+    return BN_BLINDING_invert_ex(f, unblind, b, ctx);
+}
 
 /* signing */
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	BIGNUM *f, *ret, *res;
-	int i,j,k,num=0,r= -1;
-	unsigned char *buf=NULL;
-	BN_CTX *ctx=NULL;
-	int local_blinding = 0;
-	/* Used only if the blinding structure is shared. A non-NULL unblind
-	 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
-	 * the unblinding factor outside the blinding structure. */
-	BIGNUM *unblind = NULL;
-	BN_BLINDING *blinding = NULL;
-
-	if ((ctx=BN_CTX_new()) == NULL) goto err;
-	BN_CTX_start(ctx);
-	f   = BN_CTX_get(ctx);
-	ret = BN_CTX_get(ctx);
-	num = BN_num_bytes(rsa->n);
-	buf = OPENSSL_malloc(num);
-	if(!f || !ret || !buf)
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	switch (padding)
-		{
-	case RSA_PKCS1_PADDING:
-		i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
-		break;
-	case RSA_X931_PADDING:
-		i=RSA_padding_add_X931(buf,num,from,flen);
-		break;
-	case RSA_NO_PADDING:
-		i=RSA_padding_add_none(buf,num,from,flen);
-		break;
-	case RSA_SSLV23_PADDING:
-	default:
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-		}
-	if (i <= 0) goto err;
-
-	if (BN_bin2bn(buf,num,f) == NULL) goto err;
-	
-	if (BN_ucmp(f, rsa->n) >= 0)
-		{	
-		/* usually the padding functions would catch this */
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-		goto err;
-		}
-
-	if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
-		{
-		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
-		if (blinding == NULL)
-			{
-			RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		}
-	
-	if (blinding != NULL)
-		{
-		if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
-			{
-			RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if (!rsa_blinding_convert(blinding, f, unblind, ctx))
-			goto err;
-		}
-
-	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
-		((rsa->p != NULL) &&
-		(rsa->q != NULL) &&
-		(rsa->dmp1 != NULL) &&
-		(rsa->dmq1 != NULL) &&
-		(rsa->iqmp != NULL)) )
-		{ 
-		if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
-		}
-	else
-		{
-		BIGNUM local_d;
-		BIGNUM *d = NULL;
-		
-		if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-			{
-			BN_init(&local_d);
-			d = &local_d;
-			BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-			}
-		else
-			d= rsa->d;
-
-		if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-			if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
-				goto err;
-
-		if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
-				rsa->_method_mod_n)) goto err;
-		}
-
-	if (blinding)
-		if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
-			goto err;
-
-	if (padding == RSA_X931_PADDING)
-		{
-		BN_sub(f, rsa->n, ret);
-		if (BN_cmp(ret, f) > 0)
-			res = f;
-		else
-			res = ret;
-		}
-	else
-		res = ret;
-
-	/* put in leading 0 bytes if the number is less than the
-	 * length of the modulus */
-	j=BN_num_bytes(res);
-	i=BN_bn2bin(res,&(to[num-j]));
-	for (k=0; k<(num-i); k++)
-		to[k]=0;
-
-	r=num;
-err:
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	if (buf != NULL)
-		{
-		OPENSSL_cleanse(buf,num);
-		OPENSSL_free(buf);
-		}
-	return(r);
-	}
+                                   unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret, *res;
+    int i, j, k, num = 0, r = -1;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+    int local_blinding = 0;
+    /*
+     * Used only if the blinding structure is shared. A non-NULL unblind
+     * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+     * the unblinding factor outside the blinding structure.
+     */
+    BIGNUM *unblind = NULL;
+    BN_BLINDING *blinding = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (!f || !ret || !buf) {
+        RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
+        break;
+    case RSA_X931_PADDING:
+        i = RSA_padding_add_X931(buf, num, from, flen);
+        break;
+    case RSA_NO_PADDING:
+        i = RSA_padding_add_none(buf, num, from, flen);
+        break;
+    case RSA_SSLV23_PADDING:
+    default:
+        RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (i <= 0)
+        goto err;
+
+    if (BN_bin2bn(buf, num, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        /* usually the padding functions would catch this */
+        RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
+        blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
+        if (blinding == NULL) {
+            RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (blinding != NULL) {
+        if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
+            RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!rsa_blinding_convert(blinding, f, unblind, ctx))
+            goto err;
+    }
+
+    if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+        ((rsa->p != NULL) &&
+         (rsa->q != NULL) &&
+         (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
+        if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+            goto err;
+    } else {
+        BIGNUM local_d;
+        BIGNUM *d = NULL;
+
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+            BN_init(&local_d);
+            d = &local_d;
+            BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+        } else
+            d = rsa->d;
+
+        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+            if (!BN_MONT_CTX_set_locked
+                (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+                goto err;
+
+        if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+                                   rsa->_method_mod_n))
+            goto err;
+    }
+
+    if (blinding)
+        if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+            goto err;
+
+    if (padding == RSA_X931_PADDING) {
+        BN_sub(f, rsa->n, ret);
+        if (BN_cmp(ret, f) > 0)
+            res = f;
+        else
+            res = ret;
+    } else
+        res = ret;
+
+    /*
+     * put in leading 0 bytes if the number is less than the length of the
+     * modulus
+     */
+    j = BN_num_bytes(res);
+    i = BN_bn2bin(res, &(to[num - j]));
+    for (k = 0; k < (num - i); k++)
+        to[k] = 0;
+
+    r = num;
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    if (buf != NULL) {
+        OPENSSL_cleanse(buf, num);
+        OPENSSL_free(buf);
+    }
+    return (r);
+}
 
 static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	BIGNUM *f, *ret;
-	int j,num=0,r= -1;
-	unsigned char *p;
-	unsigned char *buf=NULL;
-	BN_CTX *ctx=NULL;
-	int local_blinding = 0;
-	/* Used only if the blinding structure is shared. A non-NULL unblind
-	 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
-	 * the unblinding factor outside the blinding structure. */
-	BIGNUM *unblind = NULL;
-	BN_BLINDING *blinding = NULL;
-
-	if((ctx = BN_CTX_new()) == NULL) goto err;
-	BN_CTX_start(ctx);
-	f   = BN_CTX_get(ctx);
-	ret = BN_CTX_get(ctx);
-	num = BN_num_bytes(rsa->n);
-	buf = OPENSSL_malloc(num);
-	if(!f || !ret || !buf)
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	/* This check was for equality but PGP does evil things
-	 * and chops off the top '0' bytes */
-	if (flen > num)
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
-		goto err;
-		}
-
-	/* make data into a big number */
-	if (BN_bin2bn(from,(int)flen,f) == NULL) goto err;
-
-	if (BN_ucmp(f, rsa->n) >= 0)
-		{
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-		goto err;
-		}
-
-	if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
-		{
-		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
-		if (blinding == NULL)
-			{
-			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
-			goto err;
-			}
-		}
-	
-	if (blinding != NULL)
-		{
-		if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
-			{
-			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if (!rsa_blinding_convert(blinding, f, unblind, ctx))
-			goto err;
-		}
-
-	/* do the decrypt */
-	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
-		((rsa->p != NULL) &&
-		(rsa->q != NULL) &&
-		(rsa->dmp1 != NULL) &&
-		(rsa->dmq1 != NULL) &&
-		(rsa->iqmp != NULL)) )
-		{
-		if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
-		}
-	else
-		{
-		BIGNUM local_d;
-		BIGNUM *d = NULL;
-		
-		if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-			{
-			d = &local_d;
-			BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-			}
-		else
-			d = rsa->d;
-
-		if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-			if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
-				goto err;
-		if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
-				rsa->_method_mod_n))
-		  goto err;
-		}
-
-	if (blinding)
-		if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
-			goto err;
-
-	p=buf;
-	j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */
-
-	switch (padding)
-		{
-	case RSA_PKCS1_PADDING:
-		r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
-		break;
-#ifndef OPENSSL_NO_SHA
-        case RSA_PKCS1_OAEP_PADDING:
-	        r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
-                break;
-#endif
- 	case RSA_SSLV23_PADDING:
-		r=RSA_padding_check_SSLv23(to,num,buf,j,num);
-		break;
-	case RSA_NO_PADDING:
-		r=RSA_padding_check_none(to,num,buf,j,num);
-		break;
-	default:
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-		}
-	if (r < 0)
-		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-
-err:
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	if (buf != NULL)
-		{
-		OPENSSL_cleanse(buf,num);
-		OPENSSL_free(buf);
-		}
-	return(r);
-	}
+                                   unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret;
+    int j, num = 0, r = -1;
+    unsigned char *p;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+    int local_blinding = 0;
+    /*
+     * Used only if the blinding structure is shared. A non-NULL unblind
+     * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
+     * the unblinding factor outside the blinding structure.
+     */
+    BIGNUM *unblind = NULL;
+    BN_BLINDING *blinding = NULL;
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (!f || !ret || !buf) {
+        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * This check was for equality but PGP does evil things and chops off the
+     * top '0' bytes
+     */
+    if (flen > num) {
+        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
+               RSA_R_DATA_GREATER_THAN_MOD_LEN);
+        goto err;
+    }
+
+    /* make data into a big number */
+    if (BN_bin2bn(from, (int)flen, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
+        blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
+        if (blinding == NULL) {
+            RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
+            goto err;
+        }
+    }
+
+    if (blinding != NULL) {
+        if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
+            RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (!rsa_blinding_convert(blinding, f, unblind, ctx))
+            goto err;
+    }
+
+    /* do the decrypt */
+    if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
+        ((rsa->p != NULL) &&
+         (rsa->q != NULL) &&
+         (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
+        if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
+            goto err;
+    } else {
+        BIGNUM local_d;
+        BIGNUM *d = NULL;
+
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+            d = &local_d;
+            BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+        } else
+            d = rsa->d;
+
+        if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+            if (!BN_MONT_CTX_set_locked
+                (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+                goto err;
+        if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
+                                   rsa->_method_mod_n))
+            goto err;
+    }
+
+    if (blinding)
+        if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
+            goto err;
+
+    p = buf;
+    j = BN_bn2bin(ret, p);      /* j is only used with no-padding mode */
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
+        break;
+# ifndef OPENSSL_NO_SHA
+    case RSA_PKCS1_OAEP_PADDING:
+        r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
+        break;
+# endif
+    case RSA_SSLV23_PADDING:
+        r = RSA_padding_check_SSLv23(to, num, buf, j, num);
+        break;
+    case RSA_NO_PADDING:
+        r = RSA_padding_check_none(to, num, buf, j, num);
+        break;
+    default:
+        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (r < 0)
+        RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    if (buf != NULL) {
+        OPENSSL_cleanse(buf, num);
+        OPENSSL_free(buf);
+    }
+    return (r);
+}
 
 /* signature verification */
 static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	BIGNUM *f,*ret;
-	int i,num=0,r= -1;
-	unsigned char *p;
-	unsigned char *buf=NULL;
-	BN_CTX *ctx=NULL;
-
-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
-		return -1;
-		}
-
-	if (BN_ucmp(rsa->n, rsa->e) <= 0)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
-		return -1;
-		}
-
-	/* for large moduli, enforce exponent limit */
-	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
-		{
-		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
-			{
-			RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
-			return -1;
-			}
-		}
-	
-	if((ctx = BN_CTX_new()) == NULL) goto err;
-	BN_CTX_start(ctx);
-	f = BN_CTX_get(ctx);
-	ret = BN_CTX_get(ctx);
-	num=BN_num_bytes(rsa->n);
-	buf = OPENSSL_malloc(num);
-	if(!f || !ret || !buf)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	/* This check was for equality but PGP does evil things
-	 * and chops off the top '0' bytes */
-	if (flen > num)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
-		goto err;
-		}
-
-	if (BN_bin2bn(from,flen,f) == NULL) goto err;
-
-	if (BN_ucmp(f, rsa->n) >= 0)
-		{
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
-		goto err;
-		}
-
-	if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
-			goto err;
-
-	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
-		rsa->_method_mod_n)) goto err;
-
-	if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
-		if (!BN_sub(ret, rsa->n, ret)) goto err;
-
-	p=buf;
-	i=BN_bn2bin(ret,p);
-
-	switch (padding)
-		{
-	case RSA_PKCS1_PADDING:
-		r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
-		break;
-	case RSA_X931_PADDING:
-		r=RSA_padding_check_X931(to,num,buf,i,num);
-		break;
-	case RSA_NO_PADDING:
-		r=RSA_padding_check_none(to,num,buf,i,num);
-		break;
-	default:
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-		goto err;
-		}
-	if (r < 0)
-		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-
-err:
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	if (buf != NULL)
-		{
-		OPENSSL_cleanse(buf,num);
-		OPENSSL_free(buf);
-		}
-	return(r);
-	}
+                                  unsigned char *to, RSA *rsa, int padding)
+{
+    BIGNUM *f, *ret;
+    int i, num = 0, r = -1;
+    unsigned char *p;
+    unsigned char *buf = NULL;
+    BN_CTX *ctx = NULL;
+
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
+        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
+        return -1;
+    }
+
+    if (BN_ucmp(rsa->n, rsa->e) <= 0) {
+        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+        return -1;
+    }
+
+    /* for large moduli, enforce exponent limit */
+    if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
+        if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
+            RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+            return -1;
+        }
+    }
+
+    if ((ctx = BN_CTX_new()) == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    f = BN_CTX_get(ctx);
+    ret = BN_CTX_get(ctx);
+    num = BN_num_bytes(rsa->n);
+    buf = OPENSSL_malloc(num);
+    if (!f || !ret || !buf) {
+        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    /*
+     * This check was for equality but PGP does evil things and chops off the
+     * top '0' bytes
+     */
+    if (flen > num) {
+        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN);
+        goto err;
+    }
+
+    if (BN_bin2bn(from, flen, f) == NULL)
+        goto err;
+
+    if (BN_ucmp(f, rsa->n) >= 0) {
+        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
+               RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
+        goto err;
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked
+            (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+            goto err;
+
+    if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
+                               rsa->_method_mod_n))
+        goto err;
+
+    if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
+        if (!BN_sub(ret, rsa->n, ret))
+            goto err;
+
+    p = buf;
+    i = BN_bn2bin(ret, p);
+
+    switch (padding) {
+    case RSA_PKCS1_PADDING:
+        r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num);
+        break;
+    case RSA_X931_PADDING:
+        r = RSA_padding_check_X931(to, num, buf, i, num);
+        break;
+    case RSA_NO_PADDING:
+        r = RSA_padding_check_none(to, num, buf, i, num);
+        break;
+    default:
+        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+        goto err;
+    }
+    if (r < 0)
+        RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+
+ err:
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    if (buf != NULL) {
+        OPENSSL_cleanse(buf, num);
+        OPENSSL_free(buf);
+    }
+    return (r);
+}
 
 static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
-	{
-	BIGNUM *r1,*m1,*vrfy;
-	BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
-	BIGNUM *dmp1,*dmq1,*c,*pr1;
-	int ret=0;
-
-	BN_CTX_start(ctx);
-	r1 = BN_CTX_get(ctx);
-	m1 = BN_CTX_get(ctx);
-	vrfy = BN_CTX_get(ctx);
-
-	{
-		BIGNUM local_p, local_q;
-		BIGNUM *p = NULL, *q = NULL;
-
-		/* Make sure BN_mod_inverse in Montgomery intialization uses the
-		 * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
-		 */
-		if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-			{
-			BN_init(&local_p);
-			p = &local_p;
-			BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-
-			BN_init(&local_q);
-			q = &local_q;
-			BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
-			}
-		else
-			{
-			p = rsa->p;
-			q = rsa->q;
-			}
-
-		if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
-			{
-			if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx))
-				goto err;
-			if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
-				goto err;
-			}
-	}
-
-	if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
-		if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
-			goto err;
-
-	/* compute I mod q */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		c = &local_c;
-		BN_with_flags(c, I, BN_FLG_CONSTTIME);
-		if (!BN_mod(r1,c,rsa->q,ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
-		}
-
-	/* compute r1^dmq1 mod q */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		dmq1 = &local_dmq1;
-		BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
-		}
-	else
-		dmq1 = rsa->dmq1;
-	if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx,
-		rsa->_method_mod_q)) goto err;
-
-	/* compute I mod p */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		c = &local_c;
-		BN_with_flags(c, I, BN_FLG_CONSTTIME);
-		if (!BN_mod(r1,c,rsa->p,ctx)) goto err;
-		}
-	else
-		{
-		if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
-		}
-
-	/* compute r1^dmp1 mod p */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		dmp1 = &local_dmp1;
-		BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
-		}
-	else
-		dmp1 = rsa->dmp1;
-	if (!rsa->meth->bn_mod_exp(r0,r1,dmp1,rsa->p,ctx,
-		rsa->_method_mod_p)) goto err;
-
-	if (!BN_sub(r0,r0,m1)) goto err;
-	/* This will help stop the size of r0 increasing, which does
-	 * affect the multiply if it optimised for a power of 2 size */
-	if (BN_is_negative(r0))
-		if (!BN_add(r0,r0,rsa->p)) goto err;
-
-	if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err;
-
-	/* Turn BN_FLG_CONSTTIME flag on before division operation */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		pr1 = &local_r1;
-		BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
-		}
-	else
-		pr1 = r1;
-	if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
-
-	/* If p < q it is occasionally possible for the correction of
-         * adding 'p' if r0 is negative above to leave the result still
-	 * negative. This can break the private key operations: the following
-	 * second correction should *always* correct this rare occurrence.
-	 * This will *never* happen with OpenSSL generated keys because
-         * they ensure p > q [steve]
+{
+    BIGNUM *r1, *m1, *vrfy;
+    BIGNUM local_dmp1, local_dmq1, local_c, local_r1;
+    BIGNUM *dmp1, *dmq1, *c, *pr1;
+    int ret = 0;
+
+    BN_CTX_start(ctx);
+    r1 = BN_CTX_get(ctx);
+    m1 = BN_CTX_get(ctx);
+    vrfy = BN_CTX_get(ctx);
+
+    {
+        BIGNUM local_p, local_q;
+        BIGNUM *p = NULL, *q = NULL;
+
+        /*
+         * Make sure BN_mod_inverse in Montgomery intialization uses the
+         * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
+         */
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+            BN_init(&local_p);
+            p = &local_p;
+            BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+
+            BN_init(&local_q);
+            q = &local_q;
+            BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
+        } else {
+            p = rsa->p;
+            q = rsa->q;
+        }
+
+        if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
+            if (!BN_MONT_CTX_set_locked
+                (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx))
+                goto err;
+            if (!BN_MONT_CTX_set_locked
+                (&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
+                goto err;
+        }
+    }
+
+    if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
+        if (!BN_MONT_CTX_set_locked
+            (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
+            goto err;
+
+    /* compute I mod q */
+    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+        c = &local_c;
+        BN_with_flags(c, I, BN_FLG_CONSTTIME);
+        if (!BN_mod(r1, c, rsa->q, ctx))
+            goto err;
+    } else {
+        if (!BN_mod(r1, I, rsa->q, ctx))
+            goto err;
+    }
+
+    /* compute r1^dmq1 mod q */
+    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+        dmq1 = &local_dmq1;
+        BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
+    } else
+        dmq1 = rsa->dmq1;
+    if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, rsa->_method_mod_q))
+        goto err;
+
+    /* compute I mod p */
+    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+        c = &local_c;
+        BN_with_flags(c, I, BN_FLG_CONSTTIME);
+        if (!BN_mod(r1, c, rsa->p, ctx))
+            goto err;
+    } else {
+        if (!BN_mod(r1, I, rsa->p, ctx))
+            goto err;
+    }
+
+    /* compute r1^dmp1 mod p */
+    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+        dmp1 = &local_dmp1;
+        BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
+    } else
+        dmp1 = rsa->dmp1;
+    if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, rsa->_method_mod_p))
+        goto err;
+
+    if (!BN_sub(r0, r0, m1))
+        goto err;
+    /*
+     * This will help stop the size of r0 increasing, which does affect the
+     * multiply if it optimised for a power of 2 size
+     */
+    if (BN_is_negative(r0))
+        if (!BN_add(r0, r0, rsa->p))
+            goto err;
+
+    if (!BN_mul(r1, r0, rsa->iqmp, ctx))
+        goto err;
+
+    /* Turn BN_FLG_CONSTTIME flag on before division operation */
+    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+        pr1 = &local_r1;
+        BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
+    } else
+        pr1 = r1;
+    if (!BN_mod(r0, pr1, rsa->p, ctx))
+        goto err;
+
+    /*
+     * If p < q it is occasionally possible for the correction of adding 'p'
+     * if r0 is negative above to leave the result still negative. This can
+     * break the private key operations: the following second correction
+     * should *always* correct this rare occurrence. This will *never* happen
+     * with OpenSSL generated keys because they ensure p > q [steve]
+     */
+    if (BN_is_negative(r0))
+        if (!BN_add(r0, r0, rsa->p))
+            goto err;
+    if (!BN_mul(r1, r0, rsa->q, ctx))
+        goto err;
+    if (!BN_add(r0, r1, m1))
+        goto err;
+
+    if (rsa->e && rsa->n) {
+        if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx,
+                                   rsa->_method_mod_n))
+            goto err;
+        /*
+         * If 'I' was greater than (or equal to) rsa->n, the operation will
+         * be equivalent to using 'I mod n'. However, the result of the
+         * verify will *always* be less than 'n' so we don't check for
+         * absolute equality, just congruency.
          */
-	if (BN_is_negative(r0))
-		if (!BN_add(r0,r0,rsa->p)) goto err;
-	if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
-	if (!BN_add(r0,r1,m1)) goto err;
-
-	if (rsa->e && rsa->n)
-		{
-		if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err;
-		/* If 'I' was greater than (or equal to) rsa->n, the operation
-		 * will be equivalent to using 'I mod n'. However, the result of
-		 * the verify will *always* be less than 'n' so we don't check
-		 * for absolute equality, just congruency. */
-		if (!BN_sub(vrfy, vrfy, I)) goto err;
-		if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err;
-		if (BN_is_negative(vrfy))
-			if (!BN_add(vrfy, vrfy, rsa->n)) goto err;
-		if (!BN_is_zero(vrfy))
-			{
-			/* 'I' and 'vrfy' aren't congruent mod n. Don't leak
-			 * miscalculated CRT output, just do a raw (slower)
-			 * mod_exp and return that instead. */
-
-			BIGNUM local_d;
-			BIGNUM *d = NULL;
-		
-			if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-				{
-				d = &local_d;
-				BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-				}
-			else
-				d = rsa->d;
-			if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,
-						   rsa->_method_mod_n)) goto err;
-			}
-		}
-	ret=1;
-err:
-	BN_CTX_end(ctx);
-	return(ret);
-	}
+        if (!BN_sub(vrfy, vrfy, I))
+            goto err;
+        if (!BN_mod(vrfy, vrfy, rsa->n, ctx))
+            goto err;
+        if (BN_is_negative(vrfy))
+            if (!BN_add(vrfy, vrfy, rsa->n))
+                goto err;
+        if (!BN_is_zero(vrfy)) {
+            /*
+             * 'I' and 'vrfy' aren't congruent mod n. Don't leak
+             * miscalculated CRT output, just do a raw (slower) mod_exp and
+             * return that instead.
+             */
+
+            BIGNUM local_d;
+            BIGNUM *d = NULL;
+
+            if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+                d = &local_d;
+                BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+            } else
+                d = rsa->d;
+            if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx,
+                                       rsa->_method_mod_n))
+                goto err;
+        }
+    }
+    ret = 1;
+ err:
+    BN_CTX_end(ctx);
+    return (ret);
+}
 
 static int RSA_eay_init(RSA *rsa)
-	{
-	rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
-	return(1);
-	}
+{
+    rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
+    return (1);
+}
 
 static int RSA_eay_finish(RSA *rsa)
-	{
-	if (rsa->_method_mod_n != NULL)
-		BN_MONT_CTX_free(rsa->_method_mod_n);
-	if (rsa->_method_mod_p != NULL)
-		BN_MONT_CTX_free(rsa->_method_mod_p);
-	if (rsa->_method_mod_q != NULL)
-		BN_MONT_CTX_free(rsa->_method_mod_q);
-	return(1);
-	}
+{
+    if (rsa->_method_mod_n != NULL)
+        BN_MONT_CTX_free(rsa->_method_mod_n);
+    if (rsa->_method_mod_p != NULL)
+        BN_MONT_CTX_free(rsa->_method_mod_p);
+    if (rsa->_method_mod_q != NULL)
+        BN_MONT_CTX_free(rsa->_method_mod_q);
+    return (1);
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c
index 2f21ddbe..e1f8a52f 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_eng.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,294 +64,294 @@
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 
-const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
+const char RSA_version[] = "RSA" OPENSSL_VERSION_PTEXT;
 
-static const RSA_METHOD *default_RSA_meth=NULL;
+static const RSA_METHOD *default_RSA_meth = NULL;
 
 RSA *RSA_new(void)
-	{
-	RSA *r=RSA_new_method(NULL);
+{
+    RSA *r = RSA_new_method(NULL);
 
-	return r;
-	}
+    return r;
+}
 
 void RSA_set_default_method(const RSA_METHOD *meth)
-	{
+{
 #ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
-		{
-		RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
-		return;
-		}
+    if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) {
+        RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
+        return;
+    }
 #endif
-	default_RSA_meth = meth;
-	}
+    default_RSA_meth = meth;
+}
 
 const RSA_METHOD *RSA_get_default_method(void)
-	{
-	if (default_RSA_meth == NULL)
-		{
+{
+    if (default_RSA_meth == NULL) {
 #ifdef RSA_NULL
-		default_RSA_meth=RSA_null_method();
-#else
-#if 0 /* was: #ifdef RSAref */
-		default_RSA_meth=RSA_PKCS1_RSAref();
+        default_RSA_meth = RSA_null_method();
 #else
-		default_RSA_meth=RSA_PKCS1_SSLeay();
-#endif
+# if 0                          /* was: #ifdef RSAref */
+        default_RSA_meth = RSA_PKCS1_RSAref();
+# else
+        default_RSA_meth = RSA_PKCS1_SSLeay();
+# endif
 #endif
-		}
+    }
 
-	return default_RSA_meth;
-	}
+    return default_RSA_meth;
+}
 
 const RSA_METHOD *RSA_get_method(const RSA *rsa)
-	{
-	return rsa->meth;
-	}
+{
+    return rsa->meth;
+}
 
 int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
-	{
-	/* NB: The caller is specifically setting a method, so it's not up to us
-	 * to deal with which ENGINE it comes from. */
-	const RSA_METHOD *mtmp;
+{
+    /*
+     * NB: The caller is specifically setting a method, so it's not up to us
+     * to deal with which ENGINE it comes from.
+     */
+    const RSA_METHOD *mtmp;
 #ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
-		{
-		RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
-		return 0;
-		}
+    if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD)) {
+        RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
+        return 0;
+    }
 #endif
-	mtmp = rsa->meth;
-	if (mtmp->finish) mtmp->finish(rsa);
+    mtmp = rsa->meth;
+    if (mtmp->finish)
+        mtmp->finish(rsa);
 #ifndef OPENSSL_NO_ENGINE
-	if (rsa->engine)
-		{
-		ENGINE_finish(rsa->engine);
-		rsa->engine = NULL;
-		}
+    if (rsa->engine) {
+        ENGINE_finish(rsa->engine);
+        rsa->engine = NULL;
+    }
 #endif
-	rsa->meth = meth;
-	if (meth->init) meth->init(rsa);
-	return 1;
-	}
+    rsa->meth = meth;
+    if (meth->init)
+        meth->init(rsa);
+    return 1;
+}
 
 RSA *RSA_new_method(ENGINE *engine)
-	{
-	RSA *ret;
+{
+    RSA *ret;
 
-	ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
-	if (ret == NULL)
-		{
-		RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
+    ret = (RSA *)OPENSSL_malloc(sizeof(RSA));
+    if (ret == NULL) {
+        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
 
-	ret->meth = RSA_get_default_method();
+    ret->meth = RSA_get_default_method();
 #ifndef OPENSSL_NO_ENGINE
-	if (engine)
-		{
-		if (!ENGINE_init(engine))
-			{
-			RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		ret->engine = engine;
-		}
-	else
-		ret->engine = ENGINE_get_default_RSA();
-	if(ret->engine)
-		{
-		ret->meth = ENGINE_get_RSA(ret->engine);
-		if(!ret->meth)
-			{
-			RSAerr(RSA_F_RSA_NEW_METHOD,
-				ERR_R_ENGINE_LIB);
-			ENGINE_finish(ret->engine);
-			OPENSSL_free(ret);
-			return NULL;
-			}
-		}
+    if (engine) {
+        if (!ENGINE_init(engine)) {
+            RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            OPENSSL_free(ret);
+            return NULL;
+        }
+        ret->engine = engine;
+    } else
+        ret->engine = ENGINE_get_default_RSA();
+    if (ret->engine) {
+        ret->meth = ENGINE_get_RSA(ret->engine);
+        if (!ret->meth) {
+            RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+            ENGINE_finish(ret->engine);
+            OPENSSL_free(ret);
+            return NULL;
+        }
+    }
 #endif
 #ifdef OPENSSL_FIPS
-	if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
-		{
-		RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
-#ifndef OPENSSL_NO_ENGINE
-		if (ret->engine)
-			ENGINE_finish(ret->engine);
-#endif
-		OPENSSL_free(ret);
-		return NULL;
-		}
+    if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD)) {
+        RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
+# ifndef OPENSSL_NO_ENGINE
+        if (ret->engine)
+            ENGINE_finish(ret->engine);
+# endif
+        OPENSSL_free(ret);
+        return NULL;
+    }
 #endif
 
-	ret->pad=0;
-	ret->version=0;
-	ret->n=NULL;
-	ret->e=NULL;
-	ret->d=NULL;
-	ret->p=NULL;
-	ret->q=NULL;
-	ret->dmp1=NULL;
-	ret->dmq1=NULL;
-	ret->iqmp=NULL;
-	ret->references=1;
-	ret->_method_mod_n=NULL;
-	ret->_method_mod_p=NULL;
-	ret->_method_mod_q=NULL;
-	ret->blinding=NULL;
-	ret->mt_blinding=NULL;
-	ret->bignum_data=NULL;
-	ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
-	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
-		{
+    ret->pad = 0;
+    ret->version = 0;
+    ret->n = NULL;
+    ret->e = NULL;
+    ret->d = NULL;
+    ret->p = NULL;
+    ret->q = NULL;
+    ret->dmp1 = NULL;
+    ret->dmq1 = NULL;
+    ret->iqmp = NULL;
+    ret->references = 1;
+    ret->_method_mod_n = NULL;
+    ret->_method_mod_p = NULL;
+    ret->_method_mod_q = NULL;
+    ret->blinding = NULL;
+    ret->mt_blinding = NULL;
+    ret->bignum_data = NULL;
+    ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
 #ifndef OPENSSL_NO_ENGINE
-	if (ret->engine)
-		ENGINE_finish(ret->engine);
+        if (ret->engine)
+            ENGINE_finish(ret->engine);
 #endif
-		OPENSSL_free(ret);
-		return(NULL);
-		}
+        OPENSSL_free(ret);
+        return (NULL);
+    }
 
-	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
-		{
+    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
 #ifndef OPENSSL_NO_ENGINE
-		if (ret->engine)
-			ENGINE_finish(ret->engine);
+        if (ret->engine)
+            ENGINE_finish(ret->engine);
 #endif
-		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
-		OPENSSL_free(ret);
-		ret=NULL;
-		}
-	return(ret);
-	}
+        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+        OPENSSL_free(ret);
+        ret = NULL;
+    }
+    return (ret);
+}
 
 void RSA_free(RSA *r)
-	{
-	int i;
+{
+    int i;
 
-	if (r == NULL) return;
+    if (r == NULL)
+        return;
 
-	i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
+    i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA);
 #ifdef REF_PRINT
-	REF_PRINT("RSA",r);
+    REF_PRINT("RSA", r);
 #endif
-	if (i > 0) return;
+    if (i > 0)
+        return;
 #ifdef REF_CHECK
-	if (i < 0)
-		{
-		fprintf(stderr,"RSA_free, bad reference count\n");
-		abort();
-		}
+    if (i < 0) {
+        fprintf(stderr, "RSA_free, bad reference count\n");
+        abort();
+    }
 #endif
 
-	if (r->meth->finish)
-		r->meth->finish(r);
+    if (r->meth->finish)
+        r->meth->finish(r);
 #ifndef OPENSSL_NO_ENGINE
-	if (r->engine)
-		ENGINE_finish(r->engine);
+    if (r->engine)
+        ENGINE_finish(r->engine);
 #endif
 
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
 
-	if (r->n != NULL) BN_clear_free(r->n);
-	if (r->e != NULL) BN_clear_free(r->e);
-	if (r->d != NULL) BN_clear_free(r->d);
-	if (r->p != NULL) BN_clear_free(r->p);
-	if (r->q != NULL) BN_clear_free(r->q);
-	if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
-	if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
-	if (r->iqmp != NULL) BN_clear_free(r->iqmp);
-	if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
-	if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
-	if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
-	OPENSSL_free(r);
-	}
+    if (r->n != NULL)
+        BN_clear_free(r->n);
+    if (r->e != NULL)
+        BN_clear_free(r->e);
+    if (r->d != NULL)
+        BN_clear_free(r->d);
+    if (r->p != NULL)
+        BN_clear_free(r->p);
+    if (r->q != NULL)
+        BN_clear_free(r->q);
+    if (r->dmp1 != NULL)
+        BN_clear_free(r->dmp1);
+    if (r->dmq1 != NULL)
+        BN_clear_free(r->dmq1);
+    if (r->iqmp != NULL)
+        BN_clear_free(r->iqmp);
+    if (r->blinding != NULL)
+        BN_BLINDING_free(r->blinding);
+    if (r->mt_blinding != NULL)
+        BN_BLINDING_free(r->mt_blinding);
+    if (r->bignum_data != NULL)
+        OPENSSL_free_locked(r->bignum_data);
+    OPENSSL_free(r);
+}
 
 int RSA_up_ref(RSA *r)
-	{
-	int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
+{
+    int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
 #ifdef REF_PRINT
-	REF_PRINT("RSA",r);
+    REF_PRINT("RSA", r);
 #endif
 #ifdef REF_CHECK
-	if (i < 2)
-		{
-		fprintf(stderr, "RSA_up_ref, bad reference count\n");
-		abort();
-		}
+    if (i < 2) {
+        fprintf(stderr, "RSA_up_ref, bad reference count\n");
+        abort();
+    }
 #endif
-	return ((i > 1) ? 1 : 0);
-	}
+    return ((i > 1) ? 1 : 0);
+}
 
 int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
-				new_func, dup_func, free_func);
-        }
+                         CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
+                                   new_func, dup_func, free_func);
+}
 
 int RSA_set_ex_data(RSA *r, int idx, void *arg)
-	{
-	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
-	}
+{
+    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+}
 
 void *RSA_get_ex_data(const RSA *r, int idx)
-	{
-	return(CRYPTO_get_ex_data(&r->ex_data,idx));
-	}
+{
+    return (CRYPTO_get_ex_data(&r->ex_data, idx));
+}
 
 int RSA_flags(const RSA *r)
-	{
-	return((r == NULL)?0:r->meth->flags);
-	}
+{
+    return ((r == NULL) ? 0 : r->meth->flags);
+}
 
 int RSA_memory_lock(RSA *r)
-	{
-	int i,j,k,off;
-	char *p;
-	BIGNUM *bn,**t[6],*b;
-	BN_ULONG *ul;
+{
+    int i, j, k, off;
+    char *p;
+    BIGNUM *bn, **t[6], *b;
+    BN_ULONG *ul;
+
+    if (r->d == NULL)
+        return (1);
+    t[0] = &r->d;
+    t[1] = &r->p;
+    t[2] = &r->q;
+    t[3] = &r->dmp1;
+    t[4] = &r->dmq1;
+    t[5] = &r->iqmp;
+    k = sizeof(BIGNUM) * 6;
+    off = k / sizeof(BN_ULONG) + 1;
+    j = 1;
+    for (i = 0; i < 6; i++)
+        j += (*t[i])->top;
+    if ((p = OPENSSL_malloc_locked((off + j) * sizeof(BN_ULONG))) == NULL) {
+        RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    bn = (BIGNUM *)p;
+    ul = (BN_ULONG *)&(p[off]);
+    for (i = 0; i < 6; i++) {
+        b = *(t[i]);
+        *(t[i]) = &(bn[i]);
+        memcpy((char *)&(bn[i]), (char *)b, sizeof(BIGNUM));
+        bn[i].flags = BN_FLG_STATIC_DATA;
+        bn[i].d = ul;
+        memcpy((char *)ul, b->d, sizeof(BN_ULONG) * b->top);
+        ul += b->top;
+        BN_clear_free(b);
+    }
 
-	if (r->d == NULL) return(1);
-	t[0]= &r->d;
-	t[1]= &r->p;
-	t[2]= &r->q;
-	t[3]= &r->dmp1;
-	t[4]= &r->dmq1;
-	t[5]= &r->iqmp;
-	k=sizeof(BIGNUM)*6;
-	off=k/sizeof(BN_ULONG)+1;
-	j=1;
-	for (i=0; i<6; i++)
-		j+= (*t[i])->top;
-	if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
-		{
-		RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	bn=(BIGNUM *)p;
-	ul=(BN_ULONG *)&(p[off]);
-	for (i=0; i<6; i++)
-		{
-		b= *(t[i]);
-		*(t[i])= &(bn[i]);
-		memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
-		bn[i].flags=BN_FLG_STATIC_DATA;
-		bn[i].d=ul;
-		memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
-		ul+=b->top;
-		BN_clear_free(b);
-		}
-	
-	/* I should fix this so it can still be done */
-	r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
+    /* I should fix this so it can still be done */
+    r->flags &= ~(RSA_FLAG_CACHE_PRIVATE | RSA_FLAG_CACHE_PUBLIC);
 
-	r->bignum_data=p;
-	return(1);
-	}
+    r->bignum_data = p;
+    return (1);
+}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c
index 501f5ea3..4457c424 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,115 +66,130 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_RSA,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
 
-static ERR_STRING_DATA RSA_str_functs[]=
-	{
-{ERR_FUNC(RSA_F_FIPS_RSA_SIGN),	"FIPS_RSA_SIGN"},
-{ERR_FUNC(RSA_F_FIPS_RSA_VERIFY),	"FIPS_RSA_VERIFY"},
-{ERR_FUNC(RSA_F_MEMORY_LOCK),	"MEMORY_LOCK"},
-{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),	"RSA_BUILTIN_KEYGEN"},
-{ERR_FUNC(RSA_F_RSA_CHECK_KEY),	"RSA_check_key"},
-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT),	"RSA_EAY_PRIVATE_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT),	"RSA_EAY_PRIVATE_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT),	"RSA_EAY_PUBLIC_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT),	"RSA_EAY_PUBLIC_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_GENERATE_KEY),	"RSA_generate_key"},
-{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK),	"RSA_memory_lock"},
-{ERR_FUNC(RSA_F_RSA_NEW_METHOD),	"RSA_new_method"},
-{ERR_FUNC(RSA_F_RSA_NULL),	"RSA_NULL"},
-{ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP),	"RSA_NULL_MOD_EXP"},
-{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT),	"RSA_NULL_PRIVATE_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT),	"RSA_NULL_PRIVATE_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT),	"RSA_NULL_PUBLIC_DECRYPT"},
-{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT),	"RSA_NULL_PUBLIC_ENCRYPT"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE),	"RSA_padding_add_none"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),	"RSA_padding_add_PKCS1_OAEP"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS),	"RSA_padding_add_PKCS1_PSS"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1),	"RSA_padding_add_PKCS1_type_1"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2),	"RSA_padding_add_PKCS1_type_2"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23),	"RSA_padding_add_SSLv23"},
-{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931),	"RSA_padding_add_X931"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE),	"RSA_padding_check_none"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP),	"RSA_padding_check_PKCS1_OAEP"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),	"RSA_padding_check_PKCS1_type_1"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),	"RSA_padding_check_PKCS1_type_2"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23),	"RSA_padding_check_SSLv23"},
-{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931),	"RSA_padding_check_X931"},
-{ERR_FUNC(RSA_F_RSA_PRINT),	"RSA_print"},
-{ERR_FUNC(RSA_F_RSA_PRINT_FP),	"RSA_print_fp"},
-{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT),	"RSA_private_encrypt"},
-{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT),	"RSA_public_decrypt"},
-{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING),	"RSA_setup_blinding"},
-{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD),	"RSA_set_default_method"},
-{ERR_FUNC(RSA_F_RSA_SET_METHOD),	"RSA_set_method"},
-{ERR_FUNC(RSA_F_RSA_SIGN),	"RSA_sign"},
-{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),	"RSA_sign_ASN1_OCTET_STRING"},
-{ERR_FUNC(RSA_F_RSA_VERIFY),	"RSA_verify"},
-{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),	"RSA_verify_ASN1_OCTET_STRING"},
-{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS),	"RSA_verify_PKCS1_PSS"},
-{0,NULL}
-	};
+static ERR_STRING_DATA RSA_str_functs[] = {
+    {ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"},
+    {ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"},
+    {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
+    {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
+    {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
+    {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
+    {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
+    {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
+    {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
+    {ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
+    {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"},
+    {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
+    {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
+    {ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"},
+    {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"},
+    {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"},
+    {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"},
+    {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),
+     "RSA_padding_add_PKCS1_OAEP"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1),
+     "RSA_padding_add_PKCS1_type_1"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2),
+     "RSA_padding_add_PKCS1_type_2"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP),
+     "RSA_padding_check_PKCS1_OAEP"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),
+     "RSA_padding_check_PKCS1_type_1"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),
+     "RSA_padding_check_PKCS1_type_2"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"},
+    {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
+    {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
+    {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
+    {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"},
+    {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"},
+    {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
+    {ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"},
+    {ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"},
+    {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
+    {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),
+     "RSA_sign_ASN1_OCTET_STRING"},
+    {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
+    {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),
+     "RSA_verify_ASN1_OCTET_STRING"},
+    {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA RSA_str_reasons[]=
-	{
-{ERR_REASON(RSA_R_ALGORITHM_MISMATCH)    ,"algorithm mismatch"},
-{ERR_REASON(RSA_R_BAD_E_VALUE)           ,"bad e value"},
-{ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT),"bad fixed header decrypt"},
-{ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT)    ,"bad pad byte count"},
-{ERR_REASON(RSA_R_BAD_SIGNATURE)         ,"bad signature"},
-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01)  ,"block type is not 01"},
-{ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02)  ,"block type is not 02"},
-{ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),"data greater than mod len"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE)        ,"data too large"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
-{ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),"data too large for modulus"},
-{ERR_REASON(RSA_R_DATA_TOO_SMALL)        ,"data too small"},
-{ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),"data too small for key size"},
-{ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),"digest too big for rsa key"},
-{ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"},
-{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
-{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
-{ERR_REASON(RSA_R_FIRST_OCTET_INVALID)   ,"first octet invalid"},
-{ERR_REASON(RSA_R_INVALID_HEADER)        ,"invalid header"},
-{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
-{ERR_REASON(RSA_R_INVALID_PADDING)       ,"invalid padding"},
-{ERR_REASON(RSA_R_INVALID_TRAILER)       ,"invalid trailer"},
-{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
-{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
-{ERR_REASON(RSA_R_LAST_OCTET_INVALID)    ,"last octet invalid"},
-{ERR_REASON(RSA_R_MODULUS_TOO_LARGE)     ,"modulus too large"},
-{ERR_REASON(RSA_R_NON_FIPS_METHOD)       ,"non fips method"},
-{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT)    ,"no public exponent"},
-{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
-{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
-{ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
-{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
-{ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
-{ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
-{ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},
-{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
-{ERR_REASON(RSA_R_SLEN_CHECK_FAILED)     ,"salt length check failed"},
-{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED)  ,"salt length recovery failed"},
-{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"},
-{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
-{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
-{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  ,"unknown padding type"},
-{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
-{0,NULL}
-	};
+static ERR_STRING_DATA RSA_str_reasons[] = {
+    {ERR_REASON(RSA_R_ALGORITHM_MISMATCH), "algorithm mismatch"},
+    {ERR_REASON(RSA_R_BAD_E_VALUE), "bad e value"},
+    {ERR_REASON(RSA_R_BAD_FIXED_HEADER_DECRYPT), "bad fixed header decrypt"},
+    {ERR_REASON(RSA_R_BAD_PAD_BYTE_COUNT), "bad pad byte count"},
+    {ERR_REASON(RSA_R_BAD_SIGNATURE), "bad signature"},
+    {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_01), "block type is not 01"},
+    {ERR_REASON(RSA_R_BLOCK_TYPE_IS_NOT_02), "block type is not 02"},
+    {ERR_REASON(RSA_R_DATA_GREATER_THAN_MOD_LEN),
+     "data greater than mod len"},
+    {ERR_REASON(RSA_R_DATA_TOO_LARGE), "data too large"},
+    {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),
+     "data too large for key size"},
+    {ERR_REASON(RSA_R_DATA_TOO_LARGE_FOR_MODULUS),
+     "data too large for modulus"},
+    {ERR_REASON(RSA_R_DATA_TOO_SMALL), "data too small"},
+    {ERR_REASON(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE),
+     "data too small for key size"},
+    {ERR_REASON(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY),
+     "digest too big for rsa key"},
+    {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D), "dmp1 not congruent to d"},
+    {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D), "dmq1 not congruent to d"},
+    {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1), "d e not congruent to 1"},
+    {ERR_REASON(RSA_R_FIRST_OCTET_INVALID), "first octet invalid"},
+    {ERR_REASON(RSA_R_INVALID_HEADER), "invalid header"},
+    {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"},
+    {ERR_REASON(RSA_R_INVALID_PADDING), "invalid padding"},
+    {ERR_REASON(RSA_R_INVALID_TRAILER), "invalid trailer"},
+    {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q), "iqmp not inverse of q"},
+    {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
+    {ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"},
+    {ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+    {ERR_REASON(RSA_R_NON_FIPS_METHOD), "non fips method"},
+    {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
+    {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),
+     "null before block missing"},
+    {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"},
+    {ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"},
+    {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),
+     "operation not allowed in fips mode"},
+    {ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"},
+    {ERR_REASON(RSA_R_PKCS_DECODING_ERROR), "pkcs decoding error"},
+    {ERR_REASON(RSA_R_P_NOT_PRIME), "p not prime"},
+    {ERR_REASON(RSA_R_Q_NOT_PRIME), "q not prime"},
+    {ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),
+     "rsa operations not supported"},
+    {ERR_REASON(RSA_R_SLEN_CHECK_FAILED), "salt length check failed"},
+    {ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED), "salt length recovery failed"},
+    {ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK), "sslv3 rollback attack"},
+    {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),
+     "the asn1 object identifier is not known for this md"},
+    {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE), "unknown algorithm type"},
+    {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE), "unknown padding type"},
+    {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_RSA_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(RSA_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,RSA_str_functs);
-		ERR_load_strings(0,RSA_str_reasons);
-		}
+    if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, RSA_str_functs);
+        ERR_load_strings(0, RSA_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c
index 41278f83..55228272 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,17 +49,17 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-
-/* NB: these functions have been "upgraded", the deprecated versions (which are
- * compatibility wrappers using these functions) are in rsa_depr.c.
- * - Geoff
+/*
+ * NB: these functions have been "upgraded", the deprecated versions (which
+ * are compatibility wrappers using these functions) are in rsa_depr.c. -
+ * Geoff
  */
 
 #include <stdio.h>
@@ -70,153 +70,169 @@
 
 #ifndef OPENSSL_FIPS
 
-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
+static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+                              BN_GENCB *cb);
 
-/* NB: this wrapper would normally be placed in rsa_lib.c and the static
- * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so
- * that we don't introduce a new linker dependency. Eg. any application that
- * wasn't previously linking object code related to key-generation won't have to
- * now just because key-generation is part of RSA_METHOD. */
+/*
+ * NB: this wrapper would normally be placed in rsa_lib.c and the static
+ * implementation would probably be in rsa_eay.c. Nonetheless, is kept here
+ * so that we don't introduce a new linker dependency. Eg. any application
+ * that wasn't previously linking object code related to key-generation won't
+ * have to now just because key-generation is part of RSA_METHOD.
+ */
 int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
-	{
-	if(rsa->meth->rsa_keygen)
-		return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
-	return rsa_builtin_keygen(rsa, bits, e_value, cb);
-	}
-
-static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
-	{
-	BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
-	BIGNUM local_r0,local_d,local_p;
-	BIGNUM *pr0,*d,*p;
-	int bitsp,bitsq,ok= -1,n=0;
-	BN_CTX *ctx=NULL;
-
-	ctx=BN_CTX_new();
-	if (ctx == NULL) goto err;
-	BN_CTX_start(ctx);
-	r0 = BN_CTX_get(ctx);
-	r1 = BN_CTX_get(ctx);
-	r2 = BN_CTX_get(ctx);
-	r3 = BN_CTX_get(ctx);
-	if (r3 == NULL) goto err;
-
-	bitsp=(bits+1)/2;
-	bitsq=bits-bitsp;
-
-	/* We need the RSA components non-NULL */
-	if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err;
-	if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err;
-	if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
-	if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
-	if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
-	if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
-	if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
-	if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
-
-	BN_copy(rsa->e, e_value);
-
-	/* generate p and q */
-	for (;;)
-		{
-		if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
-			goto err;
-		if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
-		if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
-		if (BN_is_one(r1)) break;
-		if(!BN_GENCB_call(cb, 2, n++))
-			goto err;
-		}
-	if(!BN_GENCB_call(cb, 3, 0))
-		goto err;
-	for (;;)
-		{
-		/* When generating ridiculously small keys, we can get stuck
-		 * continually regenerating the same prime values. Check for
-		 * this and bail if it happens 3 times. */
-		unsigned int degenerate = 0;
-		do
-			{
-			if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
-				goto err;
-			} while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
-		if(degenerate == 3)
-			{
-			ok = 0; /* we set our own err */
-			RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_KEY_SIZE_TOO_SMALL);
-			goto err;
-			}
-		if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
-		if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
-		if (BN_is_one(r1))
-			break;
-		if(!BN_GENCB_call(cb, 2, n++))
-			goto err;
-		}
-	if(!BN_GENCB_call(cb, 3, 1))
-		goto err;
-	if (BN_cmp(rsa->p,rsa->q) < 0)
-		{
-		tmp=rsa->p;
-		rsa->p=rsa->q;
-		rsa->q=tmp;
-		}
-
-	/* calculate n */
-	if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
-
-	/* calculate d */
-	if (!BN_sub(r1,rsa->p,BN_value_one())) goto err;	/* p-1 */
-	if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;	/* q-1 */
-	if (!BN_mul(r0,r1,r2,ctx)) goto err;	/* (p-1)(q-1) */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		  pr0 = &local_r0;
-		  BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
-		}
-	else
-	  pr0 = r0;
-	if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err;	/* d */
-
-	/* set up d for correct BN_FLG_CONSTTIME flag */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		d = &local_d;
-		BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
-		}
-	else
-		d = rsa->d;
-
-	/* calculate d mod (p-1) */
-	if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err;
-
-	/* calculate d mod (q-1) */
-	if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err;
-
-	/* calculate inverse of q mod p */
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		p = &local_p;
-		BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-		}
-	else
-		p = rsa->p;
-	if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
-
-	ok=1;
-err:
-	if (ok == -1)
-		{
-		RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN);
-		ok=0;
-		}
-	if (ctx != NULL)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-
-	return ok;
-	}
+{
+    if (rsa->meth->rsa_keygen)
+        return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+    return rsa_builtin_keygen(rsa, bits, e_value, cb);
+}
+
+static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
+                              BN_GENCB *cb)
+{
+    BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
+    BIGNUM local_r0, local_d, local_p;
+    BIGNUM *pr0, *d, *p;
+    int bitsp, bitsq, ok = -1, n = 0;
+    BN_CTX *ctx = NULL;
+
+    ctx = BN_CTX_new();
+    if (ctx == NULL)
+        goto err;
+    BN_CTX_start(ctx);
+    r0 = BN_CTX_get(ctx);
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    r3 = BN_CTX_get(ctx);
+    if (r3 == NULL)
+        goto err;
+
+    bitsp = (bits + 1) / 2;
+    bitsq = bits - bitsp;
+
+    /* We need the RSA components non-NULL */
+    if (!rsa->n && ((rsa->n = BN_new()) == NULL))
+        goto err;
+    if (!rsa->d && ((rsa->d = BN_new()) == NULL))
+        goto err;
+    if (!rsa->e && ((rsa->e = BN_new()) == NULL))
+        goto err;
+    if (!rsa->p && ((rsa->p = BN_new()) == NULL))
+        goto err;
+    if (!rsa->q && ((rsa->q = BN_new()) == NULL))
+        goto err;
+    if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL))
+        goto err;
+    if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL))
+        goto err;
+    if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
+        goto err;
+
+    BN_copy(rsa->e, e_value);
+
+    /* generate p and q */
+    for (;;) {
+        if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
+            goto err;
+        if (!BN_sub(r2, rsa->p, BN_value_one()))
+            goto err;
+        if (!BN_gcd(r1, r2, rsa->e, ctx))
+            goto err;
+        if (BN_is_one(r1))
+            break;
+        if (!BN_GENCB_call(cb, 2, n++))
+            goto err;
+    }
+    if (!BN_GENCB_call(cb, 3, 0))
+        goto err;
+    for (;;) {
+        /*
+         * When generating ridiculously small keys, we can get stuck
+         * continually regenerating the same prime values. Check for this and
+         * bail if it happens 3 times.
+         */
+        unsigned int degenerate = 0;
+        do {
+            if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
+                goto err;
+        } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
+        if (degenerate == 3) {
+            ok = 0;             /* we set our own err */
+            RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
+            goto err;
+        }
+        if (!BN_sub(r2, rsa->q, BN_value_one()))
+            goto err;
+        if (!BN_gcd(r1, r2, rsa->e, ctx))
+            goto err;
+        if (BN_is_one(r1))
+            break;
+        if (!BN_GENCB_call(cb, 2, n++))
+            goto err;
+    }
+    if (!BN_GENCB_call(cb, 3, 1))
+        goto err;
+    if (BN_cmp(rsa->p, rsa->q) < 0) {
+        tmp = rsa->p;
+        rsa->p = rsa->q;
+        rsa->q = tmp;
+    }
+
+    /* calculate n */
+    if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
+        goto err;
+
+    /* calculate d */
+    if (!BN_sub(r1, rsa->p, BN_value_one()))
+        goto err;               /* p-1 */
+    if (!BN_sub(r2, rsa->q, BN_value_one()))
+        goto err;               /* q-1 */
+    if (!BN_mul(r0, r1, r2, ctx))
+        goto err;               /* (p-1)(q-1) */
+    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+        pr0 = &local_r0;
+        BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
+    } else
+        pr0 = r0;
+    if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx))
+        goto err;               /* d */
+
+    /* set up d for correct BN_FLG_CONSTTIME flag */
+    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+        d = &local_d;
+        BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+    } else
+        d = rsa->d;
+
+    /* calculate d mod (p-1) */
+    if (!BN_mod(rsa->dmp1, d, r1, ctx))
+        goto err;
+
+    /* calculate d mod (q-1) */
+    if (!BN_mod(rsa->dmq1, d, r2, ctx))
+        goto err;
+
+    /* calculate inverse of q mod p */
+    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+        p = &local_p;
+        BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+    } else
+        p = rsa->p;
+    if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx))
+        goto err;
+
+    ok = 1;
+ err:
+    if (ok == -1) {
+        RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
+        ok = 0;
+    }
+    if (ctx != NULL) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+
+    return ok;
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c
index 5714841f..6638728a 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,171 +64,165 @@
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 
 int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
-	     RSA *rsa, int padding)
-	{
-	return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
-	}
-
-int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
-	     RSA *rsa, int padding)
-	{
+                       RSA *rsa, int padding)
+{
+    return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
+}
+
+int RSA_private_encrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding)
+{
 #ifdef OPENSSL_FIPS
-	if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-		{
-		RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-		return 0;
-		}
+    if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+        RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT,
+               RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+        return 0;
+    }
 #endif
-	return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
-	}
+    return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
+}
 
-int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
-	     RSA *rsa, int padding)
-	{
-	return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
-	}
+int RSA_private_decrypt(int flen, const unsigned char *from,
+                        unsigned char *to, RSA *rsa, int padding)
+{
+    return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
+}
 
 int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
-	     RSA *rsa, int padding)
-	{
+                       RSA *rsa, int padding)
+{
 #ifdef OPENSSL_FIPS
-	if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-		{
-		RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-		return 0;
-		}
+    if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+        RSAerr(RSA_F_RSA_PUBLIC_DECRYPT,
+               RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+        return 0;
+    }
 #endif
-	return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
-	}
+    return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
+}
 
 int RSA_size(const RSA *r)
-	{
-	return(BN_num_bytes(r->n));
-	}
+{
+    return (BN_num_bytes(r->n));
+}
 
 void RSA_blinding_off(RSA *rsa)
-	{
-	if (rsa->blinding != NULL)
-		{
-		BN_BLINDING_free(rsa->blinding);
-		rsa->blinding=NULL;
-		}
-	rsa->flags &= ~RSA_FLAG_BLINDING;
-	rsa->flags |= RSA_FLAG_NO_BLINDING;
-	}
+{
+    if (rsa->blinding != NULL) {
+        BN_BLINDING_free(rsa->blinding);
+        rsa->blinding = NULL;
+    }
+    rsa->flags &= ~RSA_FLAG_BLINDING;
+    rsa->flags |= RSA_FLAG_NO_BLINDING;
+}
 
 int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
-	{
-	int ret=0;
+{
+    int ret = 0;
 
-	if (rsa->blinding != NULL)
-		RSA_blinding_off(rsa);
+    if (rsa->blinding != NULL)
+        RSA_blinding_off(rsa);
 
-	rsa->blinding = RSA_setup_blinding(rsa, ctx);
-	if (rsa->blinding == NULL)
-		goto err;
+    rsa->blinding = RSA_setup_blinding(rsa, ctx);
+    if (rsa->blinding == NULL)
+        goto err;
 
-	rsa->flags |= RSA_FLAG_BLINDING;
-	rsa->flags &= ~RSA_FLAG_NO_BLINDING;
-	ret=1;
-err:
-	return(ret);
-	}
+    rsa->flags |= RSA_FLAG_BLINDING;
+    rsa->flags &= ~RSA_FLAG_NO_BLINDING;
+    ret = 1;
+ err:
+    return (ret);
+}
 
 static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
-	const BIGNUM *q, BN_CTX *ctx)
+                                  const BIGNUM *q, BN_CTX *ctx)
 {
-	BIGNUM *ret = NULL, *r0, *r1, *r2;
-
-	if (d == NULL || p == NULL || q == NULL)
-		return NULL;
-
-	BN_CTX_start(ctx);
-	r0 = BN_CTX_get(ctx);
-	r1 = BN_CTX_get(ctx);
-	r2 = BN_CTX_get(ctx);
-	if (r2 == NULL)
-		goto err;
-
-	if (!BN_sub(r1, p, BN_value_one())) goto err;
-	if (!BN_sub(r2, q, BN_value_one())) goto err;
-	if (!BN_mul(r0, r1, r2, ctx)) goto err;
-
-	ret = BN_mod_inverse(NULL, d, r0, ctx);
-err:
-	BN_CTX_end(ctx);
-	return ret;
+    BIGNUM *ret = NULL, *r0, *r1, *r2;
+
+    if (d == NULL || p == NULL || q == NULL)
+        return NULL;
+
+    BN_CTX_start(ctx);
+    r0 = BN_CTX_get(ctx);
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    if (r2 == NULL)
+        goto err;
+
+    if (!BN_sub(r1, p, BN_value_one()))
+        goto err;
+    if (!BN_sub(r2, q, BN_value_one()))
+        goto err;
+    if (!BN_mul(r0, r1, r2, ctx))
+        goto err;
+
+    ret = BN_mod_inverse(NULL, d, r0, ctx);
+ err:
+    BN_CTX_end(ctx);
+    return ret;
 }
 
 BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
 {
-	BIGNUM local_n;
-	BIGNUM *e,*n;
-	BN_CTX *ctx;
-	BN_BLINDING *ret = NULL;
-
-	if (in_ctx == NULL)
-		{
-		if ((ctx = BN_CTX_new()) == NULL) return 0;
-		}
-	else
-		ctx = in_ctx;
-
-	BN_CTX_start(ctx);
-	e  = BN_CTX_get(ctx);
-	if (e == NULL)
-		{
-		RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	if (rsa->e == NULL)
-		{
-		e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
-		if (e == NULL)
-			{
-			RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
-			goto err;
-			}
-		}
-	else
-		e = rsa->e;
-
-	
-	if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
-		{
-		/* if PRNG is not properly seeded, resort to secret
-		 * exponent as unpredictable seed */
-		RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
-		}
-
-	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
-		{
-		/* Set BN_FLG_CONSTTIME flag */
-		n = &local_n;
-		BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
-		}
-	else
-		n = rsa->n;
-
-	ret = BN_BLINDING_create_param(NULL, e, n, ctx,
-			rsa->meth->bn_mod_exp, rsa->_method_mod_n);
-	if (ret == NULL)
-		{
-		RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
-		goto err;
-		}
-	BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id());
-err:
-	BN_CTX_end(ctx);
-	if (in_ctx == NULL)
-		BN_CTX_free(ctx);
-	if(rsa->e == NULL)
-		BN_free(e);
-
-	return ret;
+    BIGNUM local_n;
+    BIGNUM *e, *n;
+    BN_CTX *ctx;
+    BN_BLINDING *ret = NULL;
+
+    if (in_ctx == NULL) {
+        if ((ctx = BN_CTX_new()) == NULL)
+            return 0;
+    } else
+        ctx = in_ctx;
+
+    BN_CTX_start(ctx);
+    e = BN_CTX_get(ctx);
+    if (e == NULL) {
+        RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    if (rsa->e == NULL) {
+        e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
+        if (e == NULL) {
+            RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
+            goto err;
+        }
+    } else
+        e = rsa->e;
+
+    if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) {
+        /*
+         * if PRNG is not properly seeded, resort to secret exponent as
+         * unpredictable seed
+         */
+        RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
+    }
+
+    if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+        /* Set BN_FLG_CONSTTIME flag */
+        n = &local_n;
+        BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
+    } else
+        n = rsa->n;
+
+    ret = BN_BLINDING_create_param(NULL, e, n, ctx,
+                                   rsa->meth->bn_mod_exp, rsa->_method_mod_n);
+    if (ret == NULL) {
+        RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
+        goto err;
+    }
+    BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id());
+ err:
+    BN_CTX_end(ctx);
+    if (in_ctx == NULL)
+        BN_CTX_free(ctx);
+    if (rsa->e == NULL)
+        BN_free(e);
+
+    return ret;
 }
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c
index e6f3e627..982b31f2 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,36 +63,32 @@
 #include <openssl/rand.h>
 
 int RSA_padding_add_none(unsigned char *to, int tlen,
-	const unsigned char *from, int flen)
-	{
-	if (flen > tlen)
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return(0);
-		}
+                         const unsigned char *from, int flen)
+{
+    if (flen > tlen) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return (0);
+    }
 
-	if (flen < tlen)
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
-		return(0);
-		}
-	
-	memcpy(to,from,(unsigned int)flen);
-	return(1);
-	}
+    if (flen < tlen) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_NONE, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
+        return (0);
+    }
 
-int RSA_padding_check_none(unsigned char *to, int tlen,
-	const unsigned char *from, int flen, int num)
-	{
+    memcpy(to, from, (unsigned int)flen);
+    return (1);
+}
 
-	if (flen > tlen)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE);
-		return(-1);
-		}
+int RSA_padding_check_none(unsigned char *to, int tlen,
+                           const unsigned char *from, int flen, int num)
+{
 
-	memset(to,0,tlen-flen);
-	memcpy(to+tlen-flen,from,flen);
-	return(tlen);
-	}
+    if (flen > tlen) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_NONE, RSA_R_DATA_TOO_LARGE);
+        return (-1);
+    }
 
+    memset(to, 0, tlen - flen);
+    memcpy(to + tlen - flen, from, flen);
+    return (tlen);
+}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c
index 2f2202f1..241b431a 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c
@@ -1,6 +1,7 @@
 /* rsa_null.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,7 +63,8 @@
 #include <openssl/rsa.h>
 #include <openssl/rand.h>
 
-/* This is a dummy RSA implementation that just returns errors when called.
+/*
+ * This is a dummy RSA implementation that just returns errors when called.
  * It is designed to allow some RSA functions to work while stopping those
  * covered by the RSA patent. That is RSA, encryption, decryption, signing
  * and verify is not allowed but RSA key generation, key checking and other
@@ -70,82 +72,84 @@
  */
 
 static int RSA_null_public_encrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
+                                   unsigned char *to, RSA *rsa, int padding);
 static int RSA_null_private_encrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
+                                    unsigned char *to, RSA *rsa, int padding);
 static int RSA_null_public_decrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
+                                   unsigned char *to, RSA *rsa, int padding);
 static int RSA_null_private_decrypt(int flen, const unsigned char *from,
-		unsigned char *to, RSA *rsa,int padding);
-#if 0 /* not currently used */
+                                    unsigned char *to, RSA *rsa, int padding);
+#if 0                           /* not currently used */
 static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa);
 #endif
 static int RSA_null_init(RSA *rsa);
 static int RSA_null_finish(RSA *rsa);
-static RSA_METHOD rsa_null_meth={
-	"Null RSA",
-	RSA_null_public_encrypt,
-	RSA_null_public_decrypt,
-	RSA_null_private_encrypt,
-	RSA_null_private_decrypt,
-	NULL,
-	NULL,
-	RSA_null_init,
-	RSA_null_finish,
-	0,
-	NULL,
-	NULL,
-	NULL,
-	NULL
-	};
+static RSA_METHOD rsa_null_meth = {
+    "Null RSA",
+    RSA_null_public_encrypt,
+    RSA_null_public_decrypt,
+    RSA_null_private_encrypt,
+    RSA_null_private_decrypt,
+    NULL,
+    NULL,
+    RSA_null_init,
+    RSA_null_finish,
+    0,
+    NULL,
+    NULL,
+    NULL,
+    NULL
+};
 
 const RSA_METHOD *RSA_null_method(void)
-	{
-	return(&rsa_null_meth);
-	}
+{
+    return (&rsa_null_meth);
+}
 
 static int RSA_null_public_encrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-	return -1;
-	}
+                                   unsigned char *to, RSA *rsa, int padding)
+{
+    RSAerr(RSA_F_RSA_NULL_PUBLIC_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+    return -1;
+}
 
 static int RSA_null_private_encrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-	return -1;
-	}
+                                    unsigned char *to, RSA *rsa, int padding)
+{
+    RSAerr(RSA_F_RSA_NULL_PRIVATE_ENCRYPT,
+           RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+    return -1;
+}
 
 static int RSA_null_private_decrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-	return -1;
-	}
+                                    unsigned char *to, RSA *rsa, int padding)
+{
+    RSAerr(RSA_F_RSA_NULL_PRIVATE_DECRYPT,
+           RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+    return -1;
+}
 
 static int RSA_null_public_decrypt(int flen, const unsigned char *from,
-	     unsigned char *to, RSA *rsa, int padding)
-	{
-	RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-	return -1;
-	}
+                                   unsigned char *to, RSA *rsa, int padding)
+{
+    RSAerr(RSA_F_RSA_NULL_PUBLIC_DECRYPT, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+    return -1;
+}
 
-#if 0 /* not currently used */
+#if 0                           /* not currently used */
 static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
-	{
-	...err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
-	return -1;
-	}
+{
+    ... err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+    return -1;
+}
 #endif
 
 static int RSA_null_init(RSA *rsa)
-	{
-	return(1);
-	}
+{
+    return (1);
+}
 
 static int RSA_null_finish(RSA *rsa)
-	{
-	return(1);
-	}
+{
+    return (1);
+}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c
index b8e3edc0..c2d4955f 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c
@@ -1,220 +1,243 @@
 /* crypto/rsa/rsa_oaep.c */
-/* Written by Ulf Moeller. This software is distributed on an "AS IS"
-   basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
+/*
+ * Written by Ulf Moeller. This software is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied.
+ */
 
 /* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
 
-/* See Victor Shoup, "OAEP reconsidered," Nov. 2000,
- * <URL: http://www.shoup.net/papers/oaep.ps.Z>
- * for problems with the security proof for the
- * original OAEP scheme, which EME-OAEP is based on.
- * 
- * A new proof can be found in E. Fujisaki, T. Okamoto,
- * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!",
- * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>.
- * The new proof has stronger requirements for the
- * underlying permutation: "partial-one-wayness" instead
- * of one-wayness.  For the RSA function, this is
- * an equivalent notion.
+/*
+ * See Victor Shoup, "OAEP reconsidered," Nov. 2000, <URL:
+ * http://www.shoup.net/papers/oaep.ps.Z> for problems with the security
+ * proof for the original OAEP scheme, which EME-OAEP is based on. A new
+ * proof can be found in E. Fujisaki, T. Okamoto, D. Pointcheval, J. Stern,
+ * "RSA-OEAP is Still Alive!", Dec. 2000, <URL:
+ * http://eprint.iacr.org/2000/061/>. The new proof has stronger requirements
+ * for the underlying permutation: "partial-one-wayness" instead of
+ * one-wayness.  For the RSA function, this is an equivalent notion.
  */
 
+#include "constant_time_locl.h"
 
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
+# include <stdio.h>
+# include "cryptlib.h"
+# include <openssl/bn.h>
+# include <openssl/rsa.h>
+# include <openssl/evp.h>
+# include <openssl/rand.h>
+# include <openssl/sha.h>
 
 int MGF1(unsigned char *mask, long len,
-	const unsigned char *seed, long seedlen);
+         const unsigned char *seed, long seedlen);
 
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
-	const unsigned char *from, int flen,
-	const unsigned char *param, int plen)
-	{
-	int i, emlen = tlen - 1;
-	unsigned char *db, *seed;
-	unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
-
-	if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
-		   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return 0;
-		}
-
-	if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
-		return 0;
-		}
-
-	to[0] = 0;
-	seed = to + 1;
-	db = to + SHA_DIGEST_LENGTH + 1;
-
-	EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL);
-	memset(db + SHA_DIGEST_LENGTH, 0,
-		emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
-	db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
-	memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
-	if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
-		return 0;
-#ifdef PKCS_TESTVECT
-	memcpy(seed,
-	   "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
-	   20);
-#endif
-
-	dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
-	if (dbmask == NULL)
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-
-	MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
-	for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
-		db[i] ^= dbmask[i];
-
-	MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
-	for (i = 0; i < SHA_DIGEST_LENGTH; i++)
-		seed[i] ^= seedmask[i];
-
-	OPENSSL_free(dbmask);
-	return 1;
-	}
+                               const unsigned char *from, int flen,
+                               const unsigned char *param, int plen)
+{
+    int i, emlen = tlen - 1;
+    unsigned char *db, *seed;
+    unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
+
+    if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return 0;
+    }
+
+    if (emlen < 2 * SHA_DIGEST_LENGTH + 1) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
+        return 0;
+    }
+
+    to[0] = 0;
+    seed = to + 1;
+    db = to + SHA_DIGEST_LENGTH + 1;
+
+    EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL);
+    memset(db + SHA_DIGEST_LENGTH, 0,
+           emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
+    db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
+    memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int)flen);
+    if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
+        return 0;
+# ifdef PKCS_TESTVECT
+    memcpy(seed,
+           "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
+           20);
+# endif
+
+    dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
+    if (dbmask == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+    for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
+        db[i] ^= dbmask[i];
+
+    MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+        seed[i] ^= seedmask[i];
+
+    OPENSSL_free(dbmask);
+    return 1;
+}
 
 int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
-	const unsigned char *from, int flen, int num,
-	const unsigned char *param, int plen)
-	{
-	int i, dblen, mlen = -1;
-	const unsigned char *maskeddb;
-	int lzero;
-	unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
-	unsigned char *padded_from;
-	int bad = 0;
-
-	if (--num < 2 * SHA_DIGEST_LENGTH + 1)
-		/* 'num' is the length of the modulus, i.e. does not depend on the
-		 * particular ciphertext. */
-		goto decoding_err;
-
-	lzero = num - flen;
-	if (lzero < 0)
-		{
-		/* signalling this error immediately after detection might allow
-		 * for side-channel attacks (e.g. timing if 'plen' is huge
-		 * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal
-		 * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001),
-		 * so we use a 'bad' flag */
-		bad = 1;
-		lzero = 0;
-		flen = num; /* don't overflow the memcpy to padded_from */
-		}
-
-	dblen = num - SHA_DIGEST_LENGTH;
-	db = OPENSSL_malloc(dblen + num);
-	if (db == NULL)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
-		return -1;
-		}
-
-	/* Always do this zero-padding copy (even when lzero == 0)
-	 * to avoid leaking timing info about the value of lzero. */
-	padded_from = db + dblen;
-	memset(padded_from, 0, lzero);
-	memcpy(padded_from + lzero, from, flen);
-
-	maskeddb = padded_from + SHA_DIGEST_LENGTH;
-
-	MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
-	for (i = 0; i < SHA_DIGEST_LENGTH; i++)
-		seed[i] ^= padded_from[i];
-  
-	MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
-	for (i = 0; i < dblen; i++)
-		db[i] ^= maskeddb[i];
-
-	EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
-
-	if (CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
-		goto decoding_err;
-	else
-		{
-		for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
-			if (db[i] != 0x00)
-				break;
-		if (i == dblen || db[i] != 0x01)
-			goto decoding_err;
-		else
-			{
-			/* everything looks OK */
-
-			mlen = dblen - ++i;
-			if (tlen < mlen)
-				{
-				RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
-				mlen = -1;
-				}
-			else
-				memcpy(to, db + i, mlen);
-			}
-		}
-	OPENSSL_free(db);
-	return mlen;
-
-decoding_err:
-	/* to avoid chosen ciphertext attacks, the error message should not reveal
-	 * which kind of decoding error happened */
-	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
-	if (db != NULL) OPENSSL_free(db);
-	return -1;
-	}
+                                 const unsigned char *from, int flen, int num,
+                                 const unsigned char *param, int plen)
+{
+    int i, dblen, mlen = -1, one_index = 0, msg_index;
+    unsigned int good, found_one_byte;
+    const unsigned char *maskedseed, *maskeddb;
+    /*
+     * |em| is the encoded message, zero-padded to exactly |num| bytes: em =
+     * Y || maskedSeed || maskedDB
+     */
+    unsigned char *db = NULL, *em = NULL, seed[EVP_MAX_MD_SIZE],
+        phash[EVP_MAX_MD_SIZE];
+
+    if (tlen <= 0 || flen <= 0)
+        return -1;
+
+    /*
+     * |num| is the length of the modulus; |flen| is the length of the
+     * encoded message. Therefore, for any |from| that was obtained by
+     * decrypting a ciphertext, we must have |flen| <= |num|. Similarly,
+     * num < 2 * SHA_DIGEST_LENGTH + 2 must hold for the modulus
+     * irrespective of the ciphertext, see PKCS #1 v2.2, section 7.1.2.
+     * This does not leak any side-channel information.
+     */
+    if (num < flen || num < 2 * SHA_DIGEST_LENGTH + 2)
+        goto decoding_err;
+
+    dblen = num - SHA_DIGEST_LENGTH - 1;
+    db = OPENSSL_malloc(dblen);
+    em = OPENSSL_malloc(num);
+    if (db == NULL || em == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+        goto cleanup;
+    }
+
+    /*
+     * Always do this zero-padding copy (even when num == flen) to avoid
+     * leaking that information. The copy still leaks some side-channel
+     * information, but it's impossible to have a fixed  memory access
+     * pattern since we can't read out of the bounds of |from|.
+     *
+     * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
+     */
+    memset(em, 0, num);
+    memcpy(em + num - flen, from, flen);
+
+    /*
+     * The first byte must be zero, however we must not leak if this is
+     * true. See James H. Manger, "A Chosen Ciphertext  Attack on RSA
+     * Optimal Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001).
+     */
+    good = constant_time_is_zero(em[0]);
+
+    maskedseed = em + 1;
+    maskeddb = em + 1 + SHA_DIGEST_LENGTH;
+
+    MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+    for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+        seed[i] ^= maskedseed[i];
+
+    MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+    for (i = 0; i < dblen; i++)
+        db[i] ^= maskeddb[i];
+
+    EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL);
+
+    good &=
+        constant_time_is_zero(CRYPTO_memcmp(db, phash, SHA_DIGEST_LENGTH));
+
+    found_one_byte = 0;
+    for (i = SHA_DIGEST_LENGTH; i < dblen; i++) {
+        /*
+         * Padding consists of a number of 0-bytes, followed by a 1.
+         */
+        unsigned int equals1 = constant_time_eq(db[i], 1);
+        unsigned int equals0 = constant_time_is_zero(db[i]);
+        one_index = constant_time_select_int(~found_one_byte & equals1,
+                                             i, one_index);
+        found_one_byte |= equals1;
+        good &= (found_one_byte | equals0);
+    }
+
+    good &= found_one_byte;
+
+    /*
+     * At this point |good| is zero unless the plaintext was valid,
+     * so plaintext-awareness ensures timing side-channels are no longer a
+     * concern.
+     */
+    if (!good)
+        goto decoding_err;
+
+    msg_index = one_index + 1;
+    mlen = dblen - msg_index;
+
+    if (tlen < mlen) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
+        mlen = -1;
+    } else {
+        memcpy(to, db + msg_index, mlen);
+        goto cleanup;
+    }
+
+ decoding_err:
+    /*
+     * To avoid chosen ciphertext attacks, the error message should not
+     * reveal which kind of decoding error happened.
+     */
+    RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+ cleanup:
+    if (db != NULL)
+        OPENSSL_free(db);
+    if (em != NULL)
+        OPENSSL_free(em);
+    return mlen;
+}
 
 int PKCS1_MGF1(unsigned char *mask, long len,
-	const unsigned char *seed, long seedlen, const EVP_MD *dgst)
-	{
-	long i, outlen = 0;
-	unsigned char cnt[4];
-	EVP_MD_CTX c;
-	unsigned char md[EVP_MAX_MD_SIZE];
-	int mdlen;
-
-	EVP_MD_CTX_init(&c);
-	mdlen = M_EVP_MD_size(dgst);
-	for (i = 0; outlen < len; i++)
-		{
-		cnt[0] = (unsigned char)((i >> 24) & 255);
-		cnt[1] = (unsigned char)((i >> 16) & 255);
-		cnt[2] = (unsigned char)((i >> 8)) & 255;
-		cnt[3] = (unsigned char)(i & 255);
-		EVP_DigestInit_ex(&c,dgst, NULL);
-		EVP_DigestUpdate(&c, seed, seedlen);
-		EVP_DigestUpdate(&c, cnt, 4);
-		if (outlen + mdlen <= len)
-			{
-			EVP_DigestFinal_ex(&c, mask + outlen, NULL);
-			outlen += mdlen;
-			}
-		else
-			{
-			EVP_DigestFinal_ex(&c, md, NULL);
-			memcpy(mask + outlen, md, len - outlen);
-			outlen = len;
-			}
-		}
-	EVP_MD_CTX_cleanup(&c);
-	return 0;
-	}
-
-int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
-	{
-	return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
-	}
+               const unsigned char *seed, long seedlen, const EVP_MD *dgst)
+{
+    long i, outlen = 0;
+    unsigned char cnt[4];
+    EVP_MD_CTX c;
+    unsigned char md[EVP_MAX_MD_SIZE];
+    int mdlen;
+
+    EVP_MD_CTX_init(&c);
+    mdlen = M_EVP_MD_size(dgst);
+    for (i = 0; outlen < len; i++) {
+        cnt[0] = (unsigned char)((i >> 24) & 255);
+        cnt[1] = (unsigned char)((i >> 16) & 255);
+        cnt[2] = (unsigned char)((i >> 8)) & 255;
+        cnt[3] = (unsigned char)(i & 255);
+        EVP_DigestInit_ex(&c, dgst, NULL);
+        EVP_DigestUpdate(&c, seed, seedlen);
+        EVP_DigestUpdate(&c, cnt, 4);
+        if (outlen + mdlen <= len) {
+            EVP_DigestFinal_ex(&c, mask + outlen, NULL);
+            outlen += mdlen;
+        } else {
+            EVP_DigestFinal_ex(&c, md, NULL);
+            memcpy(mask + outlen, md, len - outlen);
+            outlen = len;
+        }
+    }
+    EVP_MD_CTX_cleanup(&c);
+    return 0;
+}
+
+int MGF1(unsigned char *mask, long len, const unsigned char *seed,
+         long seedlen)
+{
+    return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c
index 8560755f..efa1fd3e 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,13 +49,15 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
+#include "constant_time_locl.h"
+
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/bn.h>
@@ -63,162 +65,211 @@
 #include <openssl/rand.h>
 
 int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
-	     const unsigned char *from, int flen)
-	{
-	int j;
-	unsigned char *p;
-
-	if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return(0);
-		}
-	
-	p=(unsigned char *)to;
-
-	*(p++)=0;
-	*(p++)=1; /* Private Key BT (Block Type) */
-
-	/* pad out with 0xff data */
-	j=tlen-3-flen;
-	memset(p,0xff,j);
-	p+=j;
-	*(p++)='\0';
-	memcpy(p,from,(unsigned int)flen);
-	return(1);
-	}
+                                 const unsigned char *from, int flen)
+{
+    int j;
+    unsigned char *p;
+
+    if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return (0);
+    }
+
+    p = (unsigned char *)to;
+
+    *(p++) = 0;
+    *(p++) = 1;                 /* Private Key BT (Block Type) */
+
+    /* pad out with 0xff data */
+    j = tlen - 3 - flen;
+    memset(p, 0xff, j);
+    p += j;
+    *(p++) = '\0';
+    memcpy(p, from, (unsigned int)flen);
+    return (1);
+}
 
 int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
-	     const unsigned char *from, int flen, int num)
-	{
-	int i,j;
-	const unsigned char *p;
-
-	p=from;
-	if ((num != (flen+1)) || (*(p++) != 01))
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);
-		return(-1);
-		}
-
-	/* scan over padding data */
-	j=flen-1; /* one for type. */
-	for (i=0; i<j; i++)
-		{
-		if (*p != 0xff) /* should decrypt to 0xff */
-			{
-			if (*p == 0)
-				{ p++; break; }
-			else	{
-				RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_FIXED_HEADER_DECRYPT);
-				return(-1);
-				}
-			}
-		p++;
-		}
-
-	if (i == j)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_NULL_BEFORE_BLOCK_MISSING);
-		return(-1);
-		}
-
-	if (i < 8)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_PAD_BYTE_COUNT);
-		return(-1);
-		}
-	i++; /* Skip over the '\0' */
-	j-=i;
-	if (j > tlen)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE);
-		return(-1);
-		}
-	memcpy(to,p,(unsigned int)j);
-
-	return(j);
-	}
+                                   const unsigned char *from, int flen,
+                                   int num)
+{
+    int i, j;
+    const unsigned char *p;
+
+    p = from;
+    if ((num != (flen + 1)) || (*(p++) != 01)) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+               RSA_R_BLOCK_TYPE_IS_NOT_01);
+        return (-1);
+    }
+
+    /* scan over padding data */
+    j = flen - 1;               /* one for type. */
+    for (i = 0; i < j; i++) {
+        if (*p != 0xff) {       /* should decrypt to 0xff */
+            if (*p == 0) {
+                p++;
+                break;
+            } else {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+                       RSA_R_BAD_FIXED_HEADER_DECRYPT);
+                return (-1);
+            }
+        }
+        p++;
+    }
+
+    if (i == j) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+               RSA_R_NULL_BEFORE_BLOCK_MISSING);
+        return (-1);
+    }
+
+    if (i < 8) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
+               RSA_R_BAD_PAD_BYTE_COUNT);
+        return (-1);
+    }
+    i++;                        /* Skip over the '\0' */
+    j -= i;
+    if (j > tlen) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, RSA_R_DATA_TOO_LARGE);
+        return (-1);
+    }
+    memcpy(to, p, (unsigned int)j);
+
+    return (j);
+}
 
 int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
-	     const unsigned char *from, int flen)
-	{
-	int i,j;
-	unsigned char *p;
-	
-	if (flen > (tlen-11))
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return(0);
-		}
-	
-	p=(unsigned char *)to;
-
-	*(p++)=0;
-	*(p++)=2; /* Public Key BT (Block Type) */
-
-	/* pad out with non-zero random data */
-	j=tlen-3-flen;
-
-	if (RAND_bytes(p,j) <= 0)
-		return(0);
-	for (i=0; i<j; i++)
-		{
-		if (*p == '\0')
-			do	{
-				if (RAND_bytes(p,1) <= 0)
-					return(0);
-				} while (*p == '\0');
-		p++;
-		}
-
-	*(p++)='\0';
-
-	memcpy(p,from,(unsigned int)flen);
-	return(1);
-	}
+                                 const unsigned char *from, int flen)
+{
+    int i, j;
+    unsigned char *p;
+
+    if (flen > (tlen - 11)) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return (0);
+    }
+
+    p = (unsigned char *)to;
+
+    *(p++) = 0;
+    *(p++) = 2;                 /* Public Key BT (Block Type) */
+
+    /* pad out with non-zero random data */
+    j = tlen - 3 - flen;
+
+    if (RAND_bytes(p, j) <= 0)
+        return (0);
+    for (i = 0; i < j; i++) {
+        if (*p == '\0')
+            do {
+                if (RAND_bytes(p, 1) <= 0)
+                    return (0);
+            } while (*p == '\0');
+        p++;
+    }
+
+    *(p++) = '\0';
+
+    memcpy(p, from, (unsigned int)flen);
+    return (1);
+}
 
 int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
-	     const unsigned char *from, int flen, int num)
-	{
-	int i,j;
-	const unsigned char *p;
-
-	p=from;
-	if ((num != (flen+1)) || (*(p++) != 02))
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);
-		return(-1);
-		}
-#ifdef PKCS1_CHECK
-	return(num-11);
-#endif
-
-	/* scan over padding data */
-	j=flen-1; /* one for type. */
-	for (i=0; i<j; i++)
-		if (*(p++) == 0) break;
-
-	if (i == j)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_NULL_BEFORE_BLOCK_MISSING);
-		return(-1);
-		}
-
-	if (i < 8)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BAD_PAD_BYTE_COUNT);
-		return(-1);
-		}
-	i++; /* Skip over the '\0' */
-	j-=i;
-	if (j > tlen)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE);
-		return(-1);
-		}
-	memcpy(to,p,(unsigned int)j);
-
-	return(j);
-	}
+                                   const unsigned char *from, int flen,
+                                   int num)
+{
+    int i;
+    /* |em| is the encoded message, zero-padded to exactly |num| bytes */
+    unsigned char *em = NULL;
+    unsigned int good, found_zero_byte;
+    int zero_index = 0, msg_index, mlen = -1;
+
+    if (tlen < 0 || flen < 0)
+        return -1;
+
+    /*
+     * PKCS#1 v1.5 decryption. See "PKCS #1 v2.2: RSA Cryptography Standard",
+     * section 7.2.2.
+     */
+
+    if (flen > num)
+        goto err;
+
+    if (num < 11)
+        goto err;
+
+    em = OPENSSL_malloc(num);
+    if (em == NULL) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
+        return -1;
+    }
+    memset(em, 0, num);
+    /*
+     * Always do this zero-padding copy (even when num == flen) to avoid
+     * leaking that information. The copy still leaks some side-channel
+     * information, but it's impossible to have a fixed  memory access
+     * pattern since we can't read out of the bounds of |from|.
+     *
+     * TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
+     */
+    memcpy(em + num - flen, from, flen);
+
+    good = constant_time_is_zero(em[0]);
+    good &= constant_time_eq(em[1], 2);
+
+    found_zero_byte = 0;
+    for (i = 2; i < num; i++) {
+        unsigned int equals0 = constant_time_is_zero(em[i]);
+        zero_index =
+            constant_time_select_int(~found_zero_byte & equals0, i,
+                                     zero_index);
+        found_zero_byte |= equals0;
+    }
+
+    /*
+     * PS must be at least 8 bytes long, and it starts two bytes into |em|.
+     * If we never found a 0-byte, then |zero_index| is 0 and the check
+     * also fails.
+     */
+    good &= constant_time_ge((unsigned int)(zero_index), 2 + 8);
+
+    /*
+     * Skip the zero byte. This is incorrect if we never found a zero-byte
+     * but in this case we also do not copy the message out.
+     */
+    msg_index = zero_index + 1;
+    mlen = num - msg_index;
+
+    /*
+     * For good measure, do this check in constant time as well; it could
+     * leak something if |tlen| was assuming valid padding.
+     */
+    good &= constant_time_ge((unsigned int)(tlen), (unsigned int)(mlen));
+
+    /*
+     * We can't continue in constant-time because we need to copy the result
+     * and we cannot fake its length. This unavoidably leaks timing
+     * information at the API boundary.
+     * TODO(emilia): this could be addressed at the call site,
+     * see BoringSSL commit 0aa0767340baf925bda4804882aab0cb974b2d26.
+     */
+    if (!good) {
+        mlen = -1;
+        goto err;
+    }
+
+    memcpy(to, em + msg_index, mlen);
 
+ err:
+    if (em != NULL)
+        OPENSSL_free(em);
+    if (mlen == -1)
+        RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
+               RSA_R_PKCS_DECODING_ERROR);
+    return mlen;
+}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c
index 2bda491a..c405425d 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c
@@ -1,6 +1,7 @@
 /* rsa_pss.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2005.
  */
 /* ====================================================================
  * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,206 +65,192 @@
 #include <openssl/rand.h>
 #include <openssl/sha.h>
 
-static const unsigned char zeroes[] = {0,0,0,0,0,0,0,0};
+static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
 
 #if defined(_MSC_VER) && defined(_ARM_)
-#pragma optimize("g", off)
+# pragma optimize("g", off)
 #endif
 
 int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
-			const EVP_MD *Hash, const unsigned char *EM, int sLen)
-	{
-	int i;
-	int ret = 0;
-	int hLen, maskedDBLen, MSBits, emLen;
-	const unsigned char *H;
-	unsigned char *DB = NULL;
-	EVP_MD_CTX ctx;
-	unsigned char H_[EVP_MAX_MD_SIZE];
+                         const EVP_MD *Hash, const unsigned char *EM,
+                         int sLen)
+{
+    int i;
+    int ret = 0;
+    int hLen, maskedDBLen, MSBits, emLen;
+    const unsigned char *H;
+    unsigned char *DB = NULL;
+    EVP_MD_CTX ctx;
+    unsigned char H_[EVP_MAX_MD_SIZE];
 
-	hLen = M_EVP_MD_size(Hash);
-	/*
-	 * Negative sLen has special meanings:
-	 *	-1	sLen == hLen
-	 *	-2	salt length is autorecovered from signature
-	 *	-N	reserved
-	 */
-	if      (sLen == -1)	sLen = hLen;
-	else if (sLen == -2)	sLen = -2;
-	else if (sLen < -2)
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
-		goto err;
-		}
+    hLen = M_EVP_MD_size(Hash);
+    /*-
+     * Negative sLen has special meanings:
+     *      -1      sLen == hLen
+     *      -2      salt length is autorecovered from signature
+     *      -N      reserved
+     */
+    if (sLen == -1)
+        sLen = hLen;
+    else if (sLen == -2)
+        sLen = -2;
+    else if (sLen < -2) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+        goto err;
+    }
 
-	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
-	emLen = RSA_size(rsa);
-	if (EM[0] & (0xFF << MSBits))
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID);
-		goto err;
-		}
-	if (MSBits == 0)
-		{
-		EM++;
-		emLen--;
-		}
-	if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE);
-		goto err;
-		}
-	if (EM[emLen - 1] != 0xbc)
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
-		goto err;
-		}
-	maskedDBLen = emLen - hLen - 1;
-	H = EM + maskedDBLen;
-	DB = OPENSSL_malloc(maskedDBLen);
-	if (!DB)
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);
-	for (i = 0; i < maskedDBLen; i++)
-		DB[i] ^= EM[i];
-	if (MSBits)
-		DB[0] &= 0xFF >> (8 - MSBits);
-	for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ;
-	if (DB[i++] != 0x1)
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED);
-		goto err;
-		}
-	if (sLen >= 0 && (maskedDBLen - i) != sLen)
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
-		goto err;
-		}
-	EVP_MD_CTX_init(&ctx);
-	EVP_DigestInit_ex(&ctx, Hash, NULL);
-	EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
-	EVP_DigestUpdate(&ctx, mHash, hLen);
-	if (maskedDBLen - i)
-		EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i);
-	EVP_DigestFinal(&ctx, H_, NULL);
-	EVP_MD_CTX_cleanup(&ctx);
-	if (memcmp(H_, H, hLen))
-		{
-		RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE);
-		ret = 0;
-		}
-	else 
-		ret = 1;
+    MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+    emLen = RSA_size(rsa);
+    if (EM[0] & (0xFF << MSBits)) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_FIRST_OCTET_INVALID);
+        goto err;
+    }
+    if (MSBits == 0) {
+        EM++;
+        emLen--;
+    }
+    if (emLen < (hLen + sLen + 2)) { /* sLen can be small negative */
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_DATA_TOO_LARGE);
+        goto err;
+    }
+    if (EM[emLen - 1] != 0xbc) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_LAST_OCTET_INVALID);
+        goto err;
+    }
+    maskedDBLen = emLen - hLen - 1;
+    H = EM + maskedDBLen;
+    DB = OPENSSL_malloc(maskedDBLen);
+    if (!DB) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);
+    for (i = 0; i < maskedDBLen; i++)
+        DB[i] ^= EM[i];
+    if (MSBits)
+        DB[0] &= 0xFF >> (8 - MSBits);
+    for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) ;
+    if (DB[i++] != 0x1) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_RECOVERY_FAILED);
+        goto err;
+    }
+    if (sLen >= 0 && (maskedDBLen - i) != sLen) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+        goto err;
+    }
+    EVP_MD_CTX_init(&ctx);
+    EVP_DigestInit_ex(&ctx, Hash, NULL);
+    EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
+    EVP_DigestUpdate(&ctx, mHash, hLen);
+    if (maskedDBLen - i)
+        EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i);
+    EVP_DigestFinal(&ctx, H_, NULL);
+    EVP_MD_CTX_cleanup(&ctx);
+    if (memcmp(H_, H, hLen)) {
+        RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, RSA_R_BAD_SIGNATURE);
+        ret = 0;
+    } else
+        ret = 1;
 
-	err:
-	if (DB)
-		OPENSSL_free(DB);
+ err:
+    if (DB)
+        OPENSSL_free(DB);
 
-	return ret;
+    return ret;
 
-	}
+}
 
 int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
-			const unsigned char *mHash,
-			const EVP_MD *Hash, int sLen)
-	{
-	int i;
-	int ret = 0;
-	int hLen, maskedDBLen, MSBits, emLen;
-	unsigned char *H, *salt = NULL, *p;
-	EVP_MD_CTX ctx;
+                              const unsigned char *mHash,
+                              const EVP_MD *Hash, int sLen)
+{
+    int i;
+    int ret = 0;
+    int hLen, maskedDBLen, MSBits, emLen;
+    unsigned char *H, *salt = NULL, *p;
+    EVP_MD_CTX ctx;
 
-	hLen = M_EVP_MD_size(Hash);
-	/*
-	 * Negative sLen has special meanings:
-	 *	-1	sLen == hLen
-	 *	-2	salt length is maximized
-	 *	-N	reserved
-	 */
-	if      (sLen == -1)	sLen = hLen;
-	else if (sLen == -2)	sLen = -2;
-	else if (sLen < -2)
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
-		goto err;
-		}
+    hLen = M_EVP_MD_size(Hash);
+    /*-
+     * Negative sLen has special meanings:
+     *      -1      sLen == hLen
+     *      -2      salt length is maximized
+     *      -N      reserved
+     */
+    if (sLen == -1)
+        sLen = hLen;
+    else if (sLen == -2)
+        sLen = -2;
+    else if (sLen < -2) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, RSA_R_SLEN_CHECK_FAILED);
+        goto err;
+    }
 
-	MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
-	emLen = RSA_size(rsa);
-	if (MSBits == 0)
-		{
-		*EM++ = 0;
-		emLen--;
-		}
-	if (sLen == -2)
-		{
-		sLen = emLen - hLen - 2;
-		}
-	else if (emLen < (hLen + sLen + 2))
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
-		   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		goto err;
-		}
-	if (sLen > 0)
-		{
-		salt = OPENSSL_malloc(sLen);
-		if (!salt)
-			{
-			RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
-		   		ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		if (RAND_bytes(salt, sLen) <= 0)
-			goto err;
-		}
-	maskedDBLen = emLen - hLen - 1;
-	H = EM + maskedDBLen;
-	EVP_MD_CTX_init(&ctx);
-	EVP_DigestInit_ex(&ctx, Hash, NULL);
-	EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
-	EVP_DigestUpdate(&ctx, mHash, hLen);
-	if (sLen)
-		EVP_DigestUpdate(&ctx, salt, sLen);
-	EVP_DigestFinal(&ctx, H, NULL);
-	EVP_MD_CTX_cleanup(&ctx);
+    MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
+    emLen = RSA_size(rsa);
+    if (MSBits == 0) {
+        *EM++ = 0;
+        emLen--;
+    }
+    if (sLen == -2) {
+        sLen = emLen - hLen - 2;
+    } else if (emLen < (hLen + sLen + 2)) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        goto err;
+    }
+    if (sLen > 0) {
+        salt = OPENSSL_malloc(sLen);
+        if (!salt) {
+            RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        if (RAND_bytes(salt, sLen) <= 0)
+            goto err;
+    }
+    maskedDBLen = emLen - hLen - 1;
+    H = EM + maskedDBLen;
+    EVP_MD_CTX_init(&ctx);
+    EVP_DigestInit_ex(&ctx, Hash, NULL);
+    EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes);
+    EVP_DigestUpdate(&ctx, mHash, hLen);
+    if (sLen)
+        EVP_DigestUpdate(&ctx, salt, sLen);
+    EVP_DigestFinal(&ctx, H, NULL);
+    EVP_MD_CTX_cleanup(&ctx);
 
-	/* Generate dbMask in place then perform XOR on it */
-	PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash);
+    /* Generate dbMask in place then perform XOR on it */
+    PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash);
 
-	p = EM;
+    p = EM;
 
-	/* Initial PS XORs with all zeroes which is a NOP so just update
-	 * pointer. Note from a test above this value is guaranteed to
-	 * be non-negative.
-	 */
-	p += emLen - sLen - hLen - 2;
-	*p++ ^= 0x1;
-	if (sLen > 0)
-		{
-		for (i = 0; i < sLen; i++)
-			*p++ ^= salt[i];
-		}
-	if (MSBits)
-		EM[0] &= 0xFF >> (8 - MSBits);
+    /*
+     * Initial PS XORs with all zeroes which is a NOP so just update pointer.
+     * Note from a test above this value is guaranteed to be non-negative.
+     */
+    p += emLen - sLen - hLen - 2;
+    *p++ ^= 0x1;
+    if (sLen > 0) {
+        for (i = 0; i < sLen; i++)
+            *p++ ^= salt[i];
+    }
+    if (MSBits)
+        EM[0] &= 0xFF >> (8 - MSBits);
 
-	/* H is already in place so just set final 0xbc */
+    /* H is already in place so just set final 0xbc */
 
-	EM[emLen - 1] = 0xbc;
+    EM[emLen - 1] = 0xbc;
 
-	ret = 1;
+    ret = 1;
 
-	err:
-	if (salt)
-		OPENSSL_free(salt);
+ err:
+    if (salt)
+        OPENSSL_free(salt);
 
-	return ret;
+    return ret;
 
-	}
+}
 
 #if defined(_MSC_VER)
-#pragma optimize("",on)
+# pragma optimize("",on)
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c
index f98e0a80..e4002360 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,87 +64,85 @@
 #include <openssl/x509.h>
 
 int RSA_sign_ASN1_OCTET_STRING(int type,
-	const unsigned char *m, unsigned int m_len,
-	unsigned char *sigret, unsigned int *siglen, RSA *rsa)
-	{
-	ASN1_OCTET_STRING sig;
-	int i,j,ret=1;
-	unsigned char *p,*s;
+                               const unsigned char *m, unsigned int m_len,
+                               unsigned char *sigret, unsigned int *siglen,
+                               RSA *rsa)
+{
+    ASN1_OCTET_STRING sig;
+    int i, j, ret = 1;
+    unsigned char *p, *s;
 
-	sig.type=V_ASN1_OCTET_STRING;
-	sig.length=m_len;
-	sig.data=(unsigned char *)m;
+    sig.type = V_ASN1_OCTET_STRING;
+    sig.length = m_len;
+    sig.data = (unsigned char *)m;
 
-	i=i2d_ASN1_OCTET_STRING(&sig,NULL);
-	j=RSA_size(rsa);
-	if (i > (j-RSA_PKCS1_PADDING_SIZE))
-		{
-		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
-		return(0);
-		}
-	s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
-	if (s == NULL)
-		{
-		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
-		return(0);
-		}
-	p=s;
-	i2d_ASN1_OCTET_STRING(&sig,&p);
-	i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
-	if (i <= 0)
-		ret=0;
-	else
-		*siglen=i;
+    i = i2d_ASN1_OCTET_STRING(&sig, NULL);
+    j = RSA_size(rsa);
+    if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
+        RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,
+               RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+        return (0);
+    }
+    s = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1);
+    if (s == NULL) {
+        RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+        return (0);
+    }
+    p = s;
+    i2d_ASN1_OCTET_STRING(&sig, &p);
+    i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
+    if (i <= 0)
+        ret = 0;
+    else
+        *siglen = i;
 
-	OPENSSL_cleanse(s,(unsigned int)j+1);
-	OPENSSL_free(s);
-	return(ret);
-	}
+    OPENSSL_cleanse(s, (unsigned int)j + 1);
+    OPENSSL_free(s);
+    return (ret);
+}
 
 int RSA_verify_ASN1_OCTET_STRING(int dtype,
-	const unsigned char *m,
-	unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
-	RSA *rsa)
-	{
-	int i,ret=0;
-	unsigned char *s;
-	const unsigned char *p;
-	ASN1_OCTET_STRING *sig=NULL;
-
-	if (siglen != (unsigned int)RSA_size(rsa))
-		{
-		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_WRONG_SIGNATURE_LENGTH);
-		return(0);
-		}
+                                 const unsigned char *m,
+                                 unsigned int m_len, unsigned char *sigbuf,
+                                 unsigned int siglen, RSA *rsa)
+{
+    int i, ret = 0;
+    unsigned char *s;
+    const unsigned char *p;
+    ASN1_OCTET_STRING *sig = NULL;
 
-	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
-	if (s == NULL)
-		{
-		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
+    if (siglen != (unsigned int)RSA_size(rsa)) {
+        RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,
+               RSA_R_WRONG_SIGNATURE_LENGTH);
+        return (0);
+    }
 
-	if (i <= 0) goto err;
+    s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen);
+    if (s == NULL) {
+        RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
 
-	p=s;
-	sig=d2i_ASN1_OCTET_STRING(NULL,&p,(long)i);
-	if (sig == NULL) goto err;
+    if (i <= 0)
+        goto err;
 
-	if (	((unsigned int)sig->length != m_len) ||
-		(memcmp(m,sig->data,m_len) != 0))
-		{
-		RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,RSA_R_BAD_SIGNATURE);
-		}
-	else
-		ret=1;
-err:
-	if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
-	if (s != NULL)
-		{
-		OPENSSL_cleanse(s,(unsigned int)siglen);
-		OPENSSL_free(s);
-		}
-	return(ret);
-	}
+    p = s;
+    sig = d2i_ASN1_OCTET_STRING(NULL, &p, (long)i);
+    if (sig == NULL)
+        goto err;
 
+    if (((unsigned int)sig->length != m_len) ||
+        (memcmp(m, sig->data, m_len) != 0)) {
+        RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, RSA_R_BAD_SIGNATURE);
+    } else
+        ret = 1;
+ err:
+    if (sig != NULL)
+        M_ASN1_OCTET_STRING_free(sig);
+    if (s != NULL) {
+        OPENSSL_cleanse(s, (unsigned int)siglen);
+        OPENSSL_free(s);
+    }
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c
index 743dfd76..b58c0ec1 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,214 +64,217 @@
 #include <openssl/x509.h>
 
 /* Size of an SSL signature: MD5+SHA1 */
-#define SSL_SIG_LENGTH	36
+#define SSL_SIG_LENGTH  36
 
 int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-	     unsigned char *sigret, unsigned int *siglen, RSA *rsa)
-	{
-	X509_SIG sig;
-	ASN1_TYPE parameter;
-	int i,j,ret=1;
-	unsigned char *p, *tmps = NULL;
-	const unsigned char *s = NULL;
-	X509_ALGOR algor;
-	ASN1_OCTET_STRING digest;
-	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
-		{
-		return rsa->meth->rsa_sign(type, m, m_len,
-			sigret, siglen, rsa);
-		}
-	/* Special case: SSL signature, just check the length */
-	if(type == NID_md5_sha1) {
-		if(m_len != SSL_SIG_LENGTH) {
-			RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);
-			return(0);
-		}
-		i = SSL_SIG_LENGTH;
-		s = m;
-	} else {
-	/* NB: in FIPS mode block anything that isn't a TLS signature */
+             unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+{
+    X509_SIG sig;
+    ASN1_TYPE parameter;
+    int i, j, ret = 1;
+    unsigned char *p, *tmps = NULL;
+    const unsigned char *s = NULL;
+    X509_ALGOR algor;
+    ASN1_OCTET_STRING digest;
+    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
+        return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
+    }
+    /* Special case: SSL signature, just check the length */
+    if (type == NID_md5_sha1) {
+        if (m_len != SSL_SIG_LENGTH) {
+            RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH);
+            return (0);
+        }
+        i = SSL_SIG_LENGTH;
+        s = m;
+    } else {
+        /* NB: in FIPS mode block anything that isn't a TLS signature */
 #ifdef OPENSSL_FIPS
-		if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-			{
-			RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-			return 0;
-			}
+        if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+            RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+            return 0;
+        }
 #endif
-		sig.algor= &algor;
-		sig.algor->algorithm=OBJ_nid2obj(type);
-		if (sig.algor->algorithm == NULL)
-			{
-			RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
-			return(0);
-			}
-		if (sig.algor->algorithm->length == 0)
-			{
-			RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-			return(0);
-			}
-		parameter.type=V_ASN1_NULL;
-		parameter.value.ptr=NULL;
-		sig.algor->parameter= &parameter;
+        sig.algor = &algor;
+        sig.algor->algorithm = OBJ_nid2obj(type);
+        if (sig.algor->algorithm == NULL) {
+            RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+            return (0);
+        }
+        if (sig.algor->algorithm->length == 0) {
+            RSAerr(RSA_F_RSA_SIGN,
+                   RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+            return (0);
+        }
+        parameter.type = V_ASN1_NULL;
+        parameter.value.ptr = NULL;
+        sig.algor->parameter = &parameter;
 
-		sig.digest= &digest;
-		sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */
-		sig.digest->length=m_len;
+        sig.digest = &digest;
+        sig.digest->data = (unsigned char *)m; /* TMP UGLY CAST */
+        sig.digest->length = m_len;
 
-		i=i2d_X509_SIG(&sig,NULL);
-	}
-	j=RSA_size(rsa);
-	if (i > (j-RSA_PKCS1_PADDING_SIZE))
-		{
-		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
-		return(0);
-		}
-	if(type != NID_md5_sha1) {
-		tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
-		if (tmps == NULL)
-			{
-			RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		p=tmps;
-		i2d_X509_SIG(&sig,&p);
-		s=tmps;
-	}
+        i = i2d_X509_SIG(&sig, NULL);
+    }
+    j = RSA_size(rsa);
+    if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
+        RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+        return (0);
+    }
+    if (type != NID_md5_sha1) {
+        tmps = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1);
+        if (tmps == NULL) {
+            RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE);
+            return (0);
+        }
+        p = tmps;
+        i2d_X509_SIG(&sig, &p);
+        s = tmps;
+    }
 #ifdef OPENSSL_FIPS
-	/* Bypass algorithm blocking: this is allowed if we get this far */
-	i=rsa->meth->rsa_priv_enc(i,s,sigret,rsa,RSA_PKCS1_PADDING);
+    /* Bypass algorithm blocking: this is allowed if we get this far */
+    i = rsa->meth->rsa_priv_enc(i, s, sigret, rsa, RSA_PKCS1_PADDING);
 #else
-	i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
+    i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
 #endif
-	if (i <= 0)
-		ret=0;
-	else
-		*siglen=i;
+    if (i <= 0)
+        ret = 0;
+    else
+        *siglen = i;
 
-	if(type != NID_md5_sha1) {
-		OPENSSL_cleanse(tmps,(unsigned int)j+1);
-		OPENSSL_free(tmps);
-	}
-	return(ret);
-	}
+    if (type != NID_md5_sha1) {
+        OPENSSL_cleanse(tmps, (unsigned int)j + 1);
+        OPENSSL_free(tmps);
+    }
+    return (ret);
+}
+
+/*
+ * Check DigestInfo structure does not contain extraneous data by reencoding
+ * using DER and checking encoding against original.
+ */
+static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo,
+                                int dinfolen)
+{
+    unsigned char *der = NULL;
+    int derlen;
+    int ret = 0;
+    derlen = i2d_X509_SIG(sig, &der);
+    if (derlen <= 0)
+        return 0;
+    if (derlen == dinfolen && !memcmp(dinfo, der, derlen))
+        ret = 1;
+    OPENSSL_cleanse(der, derlen);
+    OPENSSL_free(der);
+    return ret;
+}
 
 int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
-	     unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
-	{
-	int i,ret=0,sigtype;
-	unsigned char *s;
-	X509_SIG *sig=NULL;
+               unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
+{
+    int i, ret = 0, sigtype;
+    unsigned char *s;
+    X509_SIG *sig = NULL;
 
-	if (siglen != (unsigned int)RSA_size(rsa))
-		{
-		RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
-		return(0);
-		}
+    if (siglen != (unsigned int)RSA_size(rsa)) {
+        RSAerr(RSA_F_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
+        return (0);
+    }
 
-	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
-		{
-		return rsa->meth->rsa_verify(dtype, m, m_len,
-			sigbuf, siglen, rsa);
-		}
+    if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+        return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
+    }
 
-	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
-	if (s == NULL)
-		{
-		RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	if(dtype == NID_md5_sha1)
-		{
-		if (m_len != SSL_SIG_LENGTH)
-			{
-			RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
-			goto err;
-			}
-		}
-	/* NB: in FIPS mode block anything that isn't a TLS signature */
+    s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen);
+    if (s == NULL) {
+        RSAerr(RSA_F_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (dtype == NID_md5_sha1) {
+        if (m_len != SSL_SIG_LENGTH) {
+            RSAerr(RSA_F_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
+            goto err;
+        }
+    }
+    /* NB: in FIPS mode block anything that isn't a TLS signature */
 #ifdef OPENSSL_FIPS
-	else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
-		{
-		RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
-		return 0;
-		}
-	/* Bypass algorithm blocking: this is allowed */
-	i=rsa->meth->rsa_pub_dec((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
+    else if (FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+        RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+        return 0;
+    }
+    /* Bypass algorithm blocking: this is allowed */
+    i = rsa->meth->rsa_pub_dec((int)siglen, sigbuf, s, rsa,
+                               RSA_PKCS1_PADDING);
 #else
-	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
+    i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
 #endif
 
-	if (i <= 0) goto err;
-
-	/* Special case: SSL signature */
-	if(dtype == NID_md5_sha1) {
-		if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
-				RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-		else ret = 1;
-	} else {
-		const unsigned char *p=s;
-		sig=d2i_X509_SIG(NULL,&p,(long)i);
+    if (i <= 0)
+        goto err;
 
-		if (sig == NULL) goto err;
+    /* Special case: SSL signature */
+    if (dtype == NID_md5_sha1) {
+        if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
+            RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+        else
+            ret = 1;
+    } else {
+        const unsigned char *p = s;
+        sig = d2i_X509_SIG(NULL, &p, (long)i);
 
-		/* Excess data can be used to create forgeries */
-		if(p != s+i)
-			{
-			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-			goto err;
-			}
+        if (sig == NULL)
+            goto err;
 
-		/* Parameters to the signature algorithm can also be used to
-		   create forgeries */
-		if(sig->algor->parameter
-		   && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
-			{
-			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-			goto err;
-			}
+        /* Excess data can be used to create forgeries */
+        if (p != s + i || !rsa_check_digestinfo(sig, s, i)) {
+            RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+            goto err;
+        }
 
-		sigtype=OBJ_obj2nid(sig->algor->algorithm);
+        /*
+         * Parameters to the signature algorithm can also be used to create
+         * forgeries
+         */
+        if (sig->algor->parameter
+            && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
+            RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+            goto err;
+        }
 
+        sigtype = OBJ_obj2nid(sig->algor->algorithm);
 
-	#ifdef RSA_DEBUG
-		/* put a backward compatibility flag in EAY */
-		fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
-			OBJ_nid2ln(dtype));
-	#endif
-		if (sigtype != dtype)
-			{
-			if (((dtype == NID_md5) &&
-				(sigtype == NID_md5WithRSAEncryption)) ||
-				((dtype == NID_md2) &&
-				(sigtype == NID_md2WithRSAEncryption)))
-				{
-				/* ok, we will let it through */
+#ifdef RSA_DEBUG
+        /* put a backward compatibility flag in EAY */
+        fprintf(stderr, "in(%s) expect(%s)\n", OBJ_nid2ln(sigtype),
+                OBJ_nid2ln(dtype));
+#endif
+        if (sigtype != dtype) {
+            if (((dtype == NID_md5) &&
+                 (sigtype == NID_md5WithRSAEncryption)) ||
+                ((dtype == NID_md2) &&
+                 (sigtype == NID_md2WithRSAEncryption))) {
+                /* ok, we will let it through */
 #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
-				fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
+                fprintf(stderr,
+                        "signature has problems, re-make with post SSLeay045\n");
 #endif
-				}
-			else
-				{
-				RSAerr(RSA_F_RSA_VERIFY,
-						RSA_R_ALGORITHM_MISMATCH);
-				goto err;
-				}
-			}
-		if (	((unsigned int)sig->digest->length != m_len) ||
-			(memcmp(m,sig->digest->data,m_len) != 0))
-			{
-			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-			}
-		else
-			ret=1;
-	}
-err:
-	if (sig != NULL) X509_SIG_free(sig);
-	if (s != NULL)
-		{
-		OPENSSL_cleanse(s,(unsigned int)siglen);
-		OPENSSL_free(s);
-		}
-	return(ret);
-	}
-
+            } else {
+                RSAerr(RSA_F_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
+                goto err;
+            }
+        }
+        if (((unsigned int)sig->digest->length != m_len) ||
+            (memcmp(m, sig->digest->data, m_len) != 0)) {
+            RSAerr(RSA_F_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+        } else
+            ret = 1;
+    }
+ err:
+    if (sig != NULL)
+        X509_SIG_free(sig);
+    if (s != NULL) {
+        OPENSSL_cleanse(s, (unsigned int)siglen);
+        OPENSSL_free(s);
+    }
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c
index cfeff15b..746e01f6 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,92 +63,87 @@
 #include <openssl/rand.h>
 
 int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
-	const unsigned char *from, int flen)
-	{
-	int i,j;
-	unsigned char *p;
-	
-	if (flen > (tlen-11))
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return(0);
-		}
-	
-	p=(unsigned char *)to;
+                           const unsigned char *from, int flen)
+{
+    int i, j;
+    unsigned char *p;
 
-	*(p++)=0;
-	*(p++)=2; /* Public Key BT (Block Type) */
+    if (flen > (tlen - 11)) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,
+               RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return (0);
+    }
 
-	/* pad out with non-zero random data */
-	j=tlen-3-8-flen;
+    p = (unsigned char *)to;
 
-	if (RAND_bytes(p,j) <= 0)
-		return(0);
-	for (i=0; i<j; i++)
-		{
-		if (*p == '\0')
-			do	{
-				if (RAND_bytes(p,1) <= 0)
-					return(0);
-				} while (*p == '\0');
-		p++;
-		}
+    *(p++) = 0;
+    *(p++) = 2;                 /* Public Key BT (Block Type) */
 
-	memset(p,3,8);
-	p+=8;
-	*(p++)='\0';
+    /* pad out with non-zero random data */
+    j = tlen - 3 - 8 - flen;
 
-	memcpy(p,from,(unsigned int)flen);
-	return(1);
-	}
+    if (RAND_bytes(p, j) <= 0)
+        return (0);
+    for (i = 0; i < j; i++) {
+        if (*p == '\0')
+            do {
+                if (RAND_bytes(p, 1) <= 0)
+                    return (0);
+            } while (*p == '\0');
+        p++;
+    }
 
-int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
-	const unsigned char *from, int flen, int num)
-	{
-	int i,j,k;
-	const unsigned char *p;
+    memset(p, 3, 8);
+    p += 8;
+    *(p++) = '\0';
 
-	p=from;
-	if (flen < 10)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL);
-		return(-1);
-		}
-	if ((num != (flen+1)) || (*(p++) != 02))
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02);
-		return(-1);
-		}
+    memcpy(p, from, (unsigned int)flen);
+    return (1);
+}
+
+int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
+                             const unsigned char *from, int flen, int num)
+{
+    int i, j, k;
+    const unsigned char *p;
 
-	/* scan over padding data */
-	j=flen-1; /* one for type */
-	for (i=0; i<j; i++)
-		if (*(p++) == 0) break;
+    p = from;
+    if (flen < 10) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL);
+        return (-1);
+    }
+    if ((num != (flen + 1)) || (*(p++) != 02)) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_BLOCK_TYPE_IS_NOT_02);
+        return (-1);
+    }
 
-	if ((i == j) || (i < 8))
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING);
-		return(-1);
-		}
-	for (k = -9; k<-1; k++)
-		{
-		if (p[k] !=  0x03) break;
-		}
-	if (k == -1)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
-		return(-1);
-		}
+    /* scan over padding data */
+    j = flen - 1;               /* one for type */
+    for (i = 0; i < j; i++)
+        if (*(p++) == 0)
+            break;
 
-	i++; /* Skip over the '\0' */
-	j-=i;
-	if (j > tlen)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE);
-		return(-1);
-		}
-	memcpy(to,p,(unsigned int)j);
+    if ((i == j) || (i < 8)) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,
+               RSA_R_NULL_BEFORE_BLOCK_MISSING);
+        return (-1);
+    }
+    for (k = -9; k < -1; k++) {
+        if (p[k] != 0x03)
+            break;
+    }
+    if (k == -1) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_SSLV3_ROLLBACK_ATTACK);
+        return (-1);
+    }
 
-	return(j);
-	}
+    i++;                        /* Skip over the '\0' */
+    j -= i;
+    if (j > tlen) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE);
+        return (-1);
+    }
+    memcpy(to, p, (unsigned int)j);
 
+    return (j);
+}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c
index 21548e37..725ead04 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c
@@ -1,6 +1,7 @@
 /* rsa_x931.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2005.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2005.
  */
 /* ====================================================================
  * Copyright (c) 2005 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,114 +65,103 @@
 #include <openssl/objects.h>
 
 int RSA_padding_add_X931(unsigned char *to, int tlen,
-	     const unsigned char *from, int flen)
-	{
-	int j;
-	unsigned char *p;
-
-	/* Absolute minimum amount of padding is 1 header nibble, 1 padding
-	 * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
-	 */
-
-	j = tlen - flen - 2;
-
-	if (j < 0)
-		{
-		RSAerr(RSA_F_RSA_PADDING_ADD_X931,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
-		return -1;
-		}
-	
-	p=(unsigned char *)to;
-
-	/* If no padding start and end nibbles are in one byte */
-	if (j == 0)
-		*p++ = 0x6A;
-	else
-		{
-		*p++ = 0x6B;
-		if (j > 1)
-			{
-			memset(p, 0xBB, j - 1);
-			p += j - 1;
-			}
-		*p++ = 0xBA;
-		}
-	memcpy(p,from,(unsigned int)flen);
-	p += flen;
-	*p = 0xCC;
-	return(1);
-	}
+                         const unsigned char *from, int flen)
+{
+    int j;
+    unsigned char *p;
+
+    /*
+     * Absolute minimum amount of padding is 1 header nibble, 1 padding
+     * nibble and 2 trailer bytes: but 1 hash if is already in 'from'.
+     */
+
+    j = tlen - flen - 2;
+
+    if (j < 0) {
+        RSAerr(RSA_F_RSA_PADDING_ADD_X931, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+        return -1;
+    }
+
+    p = (unsigned char *)to;
+
+    /* If no padding start and end nibbles are in one byte */
+    if (j == 0)
+        *p++ = 0x6A;
+    else {
+        *p++ = 0x6B;
+        if (j > 1) {
+            memset(p, 0xBB, j - 1);
+            p += j - 1;
+        }
+        *p++ = 0xBA;
+    }
+    memcpy(p, from, (unsigned int)flen);
+    p += flen;
+    *p = 0xCC;
+    return (1);
+}
 
 int RSA_padding_check_X931(unsigned char *to, int tlen,
-	     const unsigned char *from, int flen, int num)
-	{
-	int i = 0,j;
-	const unsigned char *p;
-
-	p=from;
-	if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B)))
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_X931,RSA_R_INVALID_HEADER);
-		return -1;
-		}
-
-	if (*p++ == 0x6B)
-		{
-		j=flen-3;
-		for (i = 0; i < j; i++)
-			{
-			unsigned char c = *p++;
-			if (c == 0xBA)
-				break;
-			if (c != 0xBB)
-				{
-				RSAerr(RSA_F_RSA_PADDING_CHECK_X931,
-					RSA_R_INVALID_PADDING);
-				return -1;
-				}
-			}
-
-		j -= i;
-
-		if (i == 0)
-			{
-			RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
-			return -1;
-			}
-
-		}
-	else j = flen - 2;
-
-	if (p[j] != 0xCC)
-		{
-		RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
-		return -1;
-		}
-
-	memcpy(to,p,(unsigned int)j);
-
-	return(j);
-	}
+                           const unsigned char *from, int flen, int num)
+{
+    int i = 0, j;
+    const unsigned char *p;
+
+    p = from;
+    if ((num != flen) || ((*p != 0x6A) && (*p != 0x6B))) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_HEADER);
+        return -1;
+    }
+
+    if (*p++ == 0x6B) {
+        j = flen - 3;
+        for (i = 0; i < j; i++) {
+            unsigned char c = *p++;
+            if (c == 0xBA)
+                break;
+            if (c != 0xBB) {
+                RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+                return -1;
+            }
+        }
+
+        j -= i;
+
+        if (i == 0) {
+            RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_PADDING);
+            return -1;
+        }
+
+    } else
+        j = flen - 2;
+
+    if (p[j] != 0xCC) {
+        RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER);
+        return -1;
+    }
+
+    memcpy(to, p, (unsigned int)j);
+
+    return (j);
+}
 
 /* Translate between X931 hash ids and NIDs */
 
 int RSA_X931_hash_id(int nid)
-	{
-	switch (nid)
-		{
-		case NID_sha1:
-		return 0x33;
+{
+    switch (nid) {
+    case NID_sha1:
+        return 0x33;
 
-		case NID_sha256:
-		return 0x34;
+    case NID_sha256:
+        return 0x34;
 
-		case NID_sha384:
-		return 0x36;
+    case NID_sha384:
+        return 0x36;
 
-		case NID_sha512:
-		return 0x35;
-
-		}
-	return -1;
-	}
+    case NID_sha512:
+        return 0x35;
 
+    }
+    return -1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c
index bf94f8be..f29c501e 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -67,189 +67,186 @@
 
 /* X9.31 RSA key derivation and generation */
 
-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
-			const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
-			const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
-			const BIGNUM *e, BN_GENCB *cb)
-	{
-	BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL;
-	BN_CTX *ctx=NULL,*ctx2=NULL;
-
-	if (!rsa) 
-		goto err;
-
-	ctx = BN_CTX_new();
-	if (!ctx) 
-		goto err;
-	BN_CTX_start(ctx);
-
-	r0 = BN_CTX_get(ctx);
-	r1 = BN_CTX_get(ctx);
-	r2 = BN_CTX_get(ctx);
-	r3 = BN_CTX_get(ctx);
-
-	if (r3 == NULL)
-		goto err;
-	if (!rsa->e)
-		{
-		rsa->e = BN_dup(e);
-		if (!rsa->e)
-			goto err;
-		}
-	else
-		e = rsa->e;
-
-	/* If not all parameters present only calculate what we can.
-	 * This allows test programs to output selective parameters.
-	 */
-
-	if (Xp && !rsa->p)
-		{
-		rsa->p = BN_new();
-		if (!rsa->p)
-			goto err;
-
-		if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
-					Xp, Xp1, Xp2, e, ctx, cb))
-			goto err;
-		}
-
-	if (Xq && !rsa->q)
-		{
-		rsa->q = BN_new();
-		if (!rsa->q)
-			goto err;
-		if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
-					Xq, Xq1, Xq2, e, ctx, cb))
-			goto err;
-		}
-
-	if (!rsa->p || !rsa->q)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		return 2;
-		}
-
-	/* Since both primes are set we can now calculate all remaining 
-	 * components.
-	 */
-
-	/* calculate n */
-	rsa->n=BN_new();
-	if (rsa->n == NULL)
-		goto err;
-	if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx))
-		goto err;
-
-	/* calculate d */
-	if (!BN_sub(r1,rsa->p,BN_value_one()))
-		goto err;	/* p-1 */
-	if (!BN_sub(r2,rsa->q,BN_value_one()))
-		goto err;	/* q-1 */
-	if (!BN_mul(r0,r1,r2,ctx))
-		goto err;	/* (p-1)(q-1) */
-
-	if (!BN_gcd(r3, r1, r2, ctx))
-		goto err;
-
-	if (!BN_div(r0, NULL, r0, r3, ctx))
-		goto err;	/* LCM((p-1)(q-1)) */
-
-	ctx2 = BN_CTX_new();
-	if (!ctx2)
-		goto err;
-
-	rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2);	/* d */
-	if (rsa->d == NULL)
-		goto err;
-
-	/* calculate d mod (p-1) */
-	rsa->dmp1=BN_new();
-	if (rsa->dmp1 == NULL)
-		goto err;
-	if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx))
-		goto err;
-
-	/* calculate d mod (q-1) */
-	rsa->dmq1=BN_new();
-	if (rsa->dmq1 == NULL)
-		goto err;
-	if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx))
-		goto err;
-
-	/* calculate inverse of q mod p */
-	rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
-
-	err:
-	if (ctx)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-	if (ctx2)
-		BN_CTX_free(ctx2);
-	/* If this is set all calls successful */
-	if (rsa && rsa->iqmp != NULL)
-		return 1;
-
-	return 0;
-
-	}
-
-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
-	{
-	int ok = 0;
-	BIGNUM *Xp = NULL, *Xq = NULL;
-	BN_CTX *ctx = NULL;
-	
-	ctx = BN_CTX_new();
-	if (!ctx)
-		goto error;
-
-	BN_CTX_start(ctx);
-	Xp = BN_CTX_get(ctx);
-	Xq = BN_CTX_get(ctx);
-	if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
-		goto error;
-
-	rsa->p = BN_new();
-	rsa->q = BN_new();
-	if (!rsa->p || !rsa->q)
-		goto error;
-
-	/* Generate two primes from Xp, Xq */
-
-	if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
-					e, ctx, cb))
-		goto error;
-
-	if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
-					e, ctx, cb))
-		goto error;
-
-	/* Since rsa->p and rsa->q are valid this call will just derive
-	 * remaining RSA components.
-	 */
-
-	if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
-				NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
-		goto error;
-
-	ok = 1;
-
-	error:
-	if (ctx)
-		{
-		BN_CTX_end(ctx);
-		BN_CTX_free(ctx);
-		}
-
-	if (ok)
-		return 1;
-
-	return 0;
-
-	}
+int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
+                       BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
+                       const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
+                       const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb)
+{
+    BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL;
+    BN_CTX *ctx = NULL, *ctx2 = NULL;
+
+    if (!rsa)
+        goto err;
+
+    ctx = BN_CTX_new();
+    if (!ctx)
+        goto err;
+    BN_CTX_start(ctx);
+
+    r0 = BN_CTX_get(ctx);
+    r1 = BN_CTX_get(ctx);
+    r2 = BN_CTX_get(ctx);
+    r3 = BN_CTX_get(ctx);
+
+    if (r3 == NULL)
+        goto err;
+    if (!rsa->e) {
+        rsa->e = BN_dup(e);
+        if (!rsa->e)
+            goto err;
+    } else
+        e = rsa->e;
+
+    /*
+     * If not all parameters present only calculate what we can. This allows
+     * test programs to output selective parameters.
+     */
+
+    if (Xp && !rsa->p) {
+        rsa->p = BN_new();
+        if (!rsa->p)
+            goto err;
+
+        if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
+                                     Xp, Xp1, Xp2, e, ctx, cb))
+            goto err;
+    }
+
+    if (Xq && !rsa->q) {
+        rsa->q = BN_new();
+        if (!rsa->q)
+            goto err;
+        if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
+                                     Xq, Xq1, Xq2, e, ctx, cb))
+            goto err;
+    }
+
+    if (!rsa->p || !rsa->q) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+        return 2;
+    }
+
+    /*
+     * Since both primes are set we can now calculate all remaining
+     * components.
+     */
+
+    /* calculate n */
+    rsa->n = BN_new();
+    if (rsa->n == NULL)
+        goto err;
+    if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
+        goto err;
+
+    /* calculate d */
+    if (!BN_sub(r1, rsa->p, BN_value_one()))
+        goto err;               /* p-1 */
+    if (!BN_sub(r2, rsa->q, BN_value_one()))
+        goto err;               /* q-1 */
+    if (!BN_mul(r0, r1, r2, ctx))
+        goto err;               /* (p-1)(q-1) */
+
+    if (!BN_gcd(r3, r1, r2, ctx))
+        goto err;
+
+    if (!BN_div(r0, NULL, r0, r3, ctx))
+        goto err;               /* LCM((p-1)(q-1)) */
+
+    ctx2 = BN_CTX_new();
+    if (!ctx2)
+        goto err;
+
+    rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */
+    if (rsa->d == NULL)
+        goto err;
+
+    /* calculate d mod (p-1) */
+    rsa->dmp1 = BN_new();
+    if (rsa->dmp1 == NULL)
+        goto err;
+    if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx))
+        goto err;
+
+    /* calculate d mod (q-1) */
+    rsa->dmq1 = BN_new();
+    if (rsa->dmq1 == NULL)
+        goto err;
+    if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx))
+        goto err;
+
+    /* calculate inverse of q mod p */
+    rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2);
+
+ err:
+    if (ctx) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+    if (ctx2)
+        BN_CTX_free(ctx2);
+    /* If this is set all calls successful */
+    if (rsa && rsa->iqmp != NULL)
+        return 1;
+
+    return 0;
+
+}
+
+int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
+                             BN_GENCB *cb)
+{
+    int ok = 0;
+    BIGNUM *Xp = NULL, *Xq = NULL;
+    BN_CTX *ctx = NULL;
+
+    ctx = BN_CTX_new();
+    if (!ctx)
+        goto error;
+
+    BN_CTX_start(ctx);
+    Xp = BN_CTX_get(ctx);
+    Xq = BN_CTX_get(ctx);
+    if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
+        goto error;
+
+    rsa->p = BN_new();
+    rsa->q = BN_new();
+    if (!rsa->p || !rsa->q)
+        goto error;
+
+    /* Generate two primes from Xp, Xq */
+
+    if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
+                                   e, ctx, cb))
+        goto error;
+
+    if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
+                                   e, ctx, cb))
+        goto error;
+
+    /*
+     * Since rsa->p and rsa->q are valid this call will just derive remaining
+     * RSA components.
+     */
+
+    if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
+                            NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
+        goto error;
+
+    ok = 1;
+
+ error:
+    if (ctx) {
+        BN_CTX_end(ctx);
+        BN_CTX_free(ctx);
+    }
+
+    if (ok)
+        return 1;
+
+    return 0;
+
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c
index 48311741..cf68f10a 100644
--- a/Cryptlib/OpenSSL/crypto/sha/sha1_one.c
+++ b/Cryptlib/OpenSSL/crypto/sha/sha1_one.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,16 +63,17 @@
 
 #if !defined(OPENSSL_NO_SHA1)
 unsigned char *SHA1(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	SHA_CTX c;
-	static unsigned char m[SHA_DIGEST_LENGTH];
+{
+    SHA_CTX c;
+    static unsigned char m[SHA_DIGEST_LENGTH];
 
-	if (md == NULL) md=m;
-	if (!SHA1_Init(&c))
-		return NULL;
-	SHA1_Update(&c,d,n);
-	SHA1_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c));
-	return(md);
-	}
+    if (md == NULL)
+        md = m;
+    if (!SHA1_Init(&c))
+        return NULL;
+    SHA1_Update(&c, d, n);
+    SHA1_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return (md);
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c
index d31f0781..16aa0ef6 100644
--- a/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c
+++ b/Cryptlib/OpenSSL/crypto/sha/sha1dgst.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,20 +59,18 @@
 #include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA)
 
-#undef  SHA_0
-#define SHA_1
-
-#include <openssl/opensslv.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
+# undef  SHA_0
+# define SHA_1
 
+# include <openssl/opensslv.h>
+# ifdef OPENSSL_FIPS
+#  include <openssl/fips.h>
+# endif
 
-const char SHA1_version[]="SHA1" OPENSSL_VERSION_PTEXT;
+const char SHA1_version[] = "SHA1" OPENSSL_VERSION_PTEXT;
 
 /* The implementation is in ../md32_common.h */
 
-#include "sha_locl.h"
+# include "sha_locl.h"
 
 #endif
-
diff --git a/Cryptlib/OpenSSL/crypto/sha/sha256.c b/Cryptlib/OpenSSL/crypto/sha/sha256.c
index 3256a83e..980cc298 100644
--- a/Cryptlib/OpenSSL/crypto/sha/sha256.c
+++ b/Cryptlib/OpenSSL/crypto/sha/sha256.c
@@ -7,83 +7,102 @@
 #include <openssl/opensslconf.h>
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA256)
 
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/crypto.h>
-#include <openssl/sha.h>
-#ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
-#endif
-
-#include <openssl/opensslv.h>
-
-const char SHA256_version[]="SHA-256" OPENSSL_VERSION_PTEXT;
-
-int SHA224_Init (SHA256_CTX *c)
-	{
-#ifdef OPENSSL_FIPS
-	FIPS_selftest_check();
-#endif
-	c->h[0]=0xc1059ed8UL;	c->h[1]=0x367cd507UL;
-	c->h[2]=0x3070dd17UL;	c->h[3]=0xf70e5939UL;
-	c->h[4]=0xffc00b31UL;	c->h[5]=0x68581511UL;
-	c->h[6]=0x64f98fa7UL;	c->h[7]=0xbefa4fa4UL;
-	c->Nl=0;	c->Nh=0;
-	c->num=0;	c->md_len=SHA224_DIGEST_LENGTH;
-	return 1;
-	}
-
-int SHA256_Init (SHA256_CTX *c)
-	{
-#ifdef OPENSSL_FIPS
-	FIPS_selftest_check();
-#endif
-	c->h[0]=0x6a09e667UL;	c->h[1]=0xbb67ae85UL;
-	c->h[2]=0x3c6ef372UL;	c->h[3]=0xa54ff53aUL;
-	c->h[4]=0x510e527fUL;	c->h[5]=0x9b05688cUL;
-	c->h[6]=0x1f83d9abUL;	c->h[7]=0x5be0cd19UL;
-	c->Nl=0;	c->Nh=0;
-	c->num=0;	c->md_len=SHA256_DIGEST_LENGTH;
-	return 1;
-	}
+# include <stdlib.h>
+# include <string.h>
+
+# include <openssl/crypto.h>
+# include <openssl/sha.h>
+# ifdef OPENSSL_FIPS
+#  include <openssl/fips.h>
+# endif
+
+# include <openssl/opensslv.h>
+
+const char SHA256_version[] = "SHA-256" OPENSSL_VERSION_PTEXT;
+
+int SHA224_Init(SHA256_CTX *c)
+{
+# ifdef OPENSSL_FIPS
+    FIPS_selftest_check();
+# endif
+    c->h[0] = 0xc1059ed8UL;
+    c->h[1] = 0x367cd507UL;
+    c->h[2] = 0x3070dd17UL;
+    c->h[3] = 0xf70e5939UL;
+    c->h[4] = 0xffc00b31UL;
+    c->h[5] = 0x68581511UL;
+    c->h[6] = 0x64f98fa7UL;
+    c->h[7] = 0xbefa4fa4UL;
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA224_DIGEST_LENGTH;
+    return 1;
+}
+
+int SHA256_Init(SHA256_CTX *c)
+{
+# ifdef OPENSSL_FIPS
+    FIPS_selftest_check();
+# endif
+    c->h[0] = 0x6a09e667UL;
+    c->h[1] = 0xbb67ae85UL;
+    c->h[2] = 0x3c6ef372UL;
+    c->h[3] = 0xa54ff53aUL;
+    c->h[4] = 0x510e527fUL;
+    c->h[5] = 0x9b05688cUL;
+    c->h[6] = 0x1f83d9abUL;
+    c->h[7] = 0x5be0cd19UL;
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA256_DIGEST_LENGTH;
+    return 1;
+}
 
 unsigned char *SHA224(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	SHA256_CTX c;
-	static unsigned char m[SHA224_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	SHA224_Init(&c);
-	SHA256_Update(&c,d,n);
-	SHA256_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c));
-	return(md);
-	}
+{
+    SHA256_CTX c;
+    static unsigned char m[SHA224_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA224_Init(&c);
+    SHA256_Update(&c, d, n);
+    SHA256_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return (md);
+}
 
 unsigned char *SHA256(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	SHA256_CTX c;
-	static unsigned char m[SHA256_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	SHA256_Init(&c);
-	SHA256_Update(&c,d,n);
-	SHA256_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c));
-	return(md);
-	}
+{
+    SHA256_CTX c;
+    static unsigned char m[SHA256_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA256_Init(&c);
+    SHA256_Update(&c, d, n);
+    SHA256_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return (md);
+}
 
 int SHA224_Update(SHA256_CTX *c, const void *data, size_t len)
-{   return SHA256_Update (c,data,len);   }
-int SHA224_Final (unsigned char *md, SHA256_CTX *c)
-{   return SHA256_Final (md,c);   }
+{
+    return SHA256_Update(c, data, len);
+}
 
-#define	DATA_ORDER_IS_BIG_ENDIAN
+int SHA224_Final(unsigned char *md, SHA256_CTX *c)
+{
+    return SHA256_Final(md, c);
+}
+
+# define DATA_ORDER_IS_BIG_ENDIAN
 
-#define	HASH_LONG		SHA_LONG
-#define	HASH_CTX		SHA256_CTX
-#define	HASH_CBLOCK		SHA_CBLOCK
+# define HASH_LONG               SHA_LONG
+# define HASH_CTX                SHA256_CTX
+# define HASH_CBLOCK             SHA_CBLOCK
 /*
  * Note that FIPS180-2 discusses "Truncation of the Hash Function Output."
  * default: case below covers for it. It's not clear however if it's
@@ -92,201 +111,291 @@ int SHA224_Final (unsigned char *md, SHA256_CTX *c)
  * Idea behind separate cases for pre-defined lenghts is to let the
  * compiler decide if it's appropriate to unroll small loops.
  */
-#define	HASH_MAKE_STRING(c,s)	do {	\
-	unsigned long ll;		\
-	unsigned int  xn;		\
-	switch ((c)->md_len)		\
-	{   case SHA224_DIGEST_LENGTH:	\
-		for (xn=0;xn<SHA224_DIGEST_LENGTH/4;xn++)	\
-		{   ll=(c)->h[xn]; HOST_l2c(ll,(s));   }	\
-		break;			\
-	    case SHA256_DIGEST_LENGTH:	\
-		for (xn=0;xn<SHA256_DIGEST_LENGTH/4;xn++)	\
-		{   ll=(c)->h[xn]; HOST_l2c(ll,(s));   }	\
-		break;			\
-	    default:			\
-		if ((c)->md_len > SHA256_DIGEST_LENGTH)	\
-		    return 0;				\
-		for (xn=0;xn<(c)->md_len/4;xn++)		\
-		{   ll=(c)->h[xn]; HOST_l2c(ll,(s));   }	\
-		break;			\
-	}				\
-	} while (0)
-
-#define	HASH_UPDATE		SHA256_Update
-#define	HASH_TRANSFORM		SHA256_Transform
-#define	HASH_FINAL		SHA256_Final
-#define	HASH_BLOCK_DATA_ORDER	sha256_block_data_order
-#ifndef SHA256_ASM
+# define HASH_MAKE_STRING(c,s)   do {    \
+        unsigned long ll;               \
+        unsigned int  xn;               \
+        switch ((c)->md_len)            \
+        {   case SHA224_DIGEST_LENGTH:  \
+                for (xn=0;xn<SHA224_DIGEST_LENGTH/4;xn++)       \
+                {   ll=(c)->h[xn]; HOST_l2c(ll,(s));   }        \
+                break;                  \
+            case SHA256_DIGEST_LENGTH:  \
+                for (xn=0;xn<SHA256_DIGEST_LENGTH/4;xn++)       \
+                {   ll=(c)->h[xn]; HOST_l2c(ll,(s));   }        \
+                break;                  \
+            default:                    \
+                if ((c)->md_len > SHA256_DIGEST_LENGTH) \
+                    return 0;                           \
+                for (xn=0;xn<(c)->md_len/4;xn++)                \
+                {   ll=(c)->h[xn]; HOST_l2c(ll,(s));   }        \
+                break;                  \
+        }                               \
+        } while (0)
+
+# define HASH_UPDATE             SHA256_Update
+# define HASH_TRANSFORM          SHA256_Transform
+# define HASH_FINAL              SHA256_Final
+# define HASH_BLOCK_DATA_ORDER   sha256_block_data_order
+# ifndef SHA256_ASM
 static
-#endif
-void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num);
+# endif
+void sha256_block_data_order(SHA256_CTX *ctx, const void *in, size_t num);
 
-#include "md32_common.h"
+# include "md32_common.h"
 
-#ifndef SHA256_ASM
+# ifndef SHA256_ASM
 static const SHA_LONG K256[64] = {
-	0x428a2f98UL,0x71374491UL,0xb5c0fbcfUL,0xe9b5dba5UL,
-	0x3956c25bUL,0x59f111f1UL,0x923f82a4UL,0xab1c5ed5UL,
-	0xd807aa98UL,0x12835b01UL,0x243185beUL,0x550c7dc3UL,
-	0x72be5d74UL,0x80deb1feUL,0x9bdc06a7UL,0xc19bf174UL,
-	0xe49b69c1UL,0xefbe4786UL,0x0fc19dc6UL,0x240ca1ccUL,
-	0x2de92c6fUL,0x4a7484aaUL,0x5cb0a9dcUL,0x76f988daUL,
-	0x983e5152UL,0xa831c66dUL,0xb00327c8UL,0xbf597fc7UL,
-	0xc6e00bf3UL,0xd5a79147UL,0x06ca6351UL,0x14292967UL,
-	0x27b70a85UL,0x2e1b2138UL,0x4d2c6dfcUL,0x53380d13UL,
-	0x650a7354UL,0x766a0abbUL,0x81c2c92eUL,0x92722c85UL,
-	0xa2bfe8a1UL,0xa81a664bUL,0xc24b8b70UL,0xc76c51a3UL,
-	0xd192e819UL,0xd6990624UL,0xf40e3585UL,0x106aa070UL,
-	0x19a4c116UL,0x1e376c08UL,0x2748774cUL,0x34b0bcb5UL,
-	0x391c0cb3UL,0x4ed8aa4aUL,0x5b9cca4fUL,0x682e6ff3UL,
-	0x748f82eeUL,0x78a5636fUL,0x84c87814UL,0x8cc70208UL,
-	0x90befffaUL,0xa4506cebUL,0xbef9a3f7UL,0xc67178f2UL };
+    0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
+    0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
+    0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
+    0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
+    0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
+    0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
+    0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
+    0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
+    0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
+    0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
+    0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
+    0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
+    0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
+    0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
+    0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
+    0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
+};
 
 /*
  * FIPS specification refers to right rotations, while our ROTATE macro
  * is left one. This is why you might notice that rotation coefficients
  * differ from those observed in FIPS document by 32-N...
  */
-#define Sigma0(x)	(ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
-#define Sigma1(x)	(ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
-#define sigma0(x)	(ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
-#define sigma1(x)	(ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
-
-#define Ch(x,y,z)	(((x) & (y)) ^ ((~(x)) & (z)))
-#define Maj(x,y,z)	(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-
-#ifdef OPENSSL_SMALL_FOOTPRINT
-
-static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num)
-	{
-	unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1,T2;
-	SHA_LONG	X[16],l;
-	int i;
-	const unsigned char *data=in;
-
-			while (num--) {
-
-	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];
-	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];
-
-	for (i=0;i<16;i++)
-		{
-		HOST_c2l(data,l); T1 = X[i] = l;
-		T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
-		T2 = Sigma0(a) + Maj(a,b,c);
-		h = g;	g = f;	f = e;	e = d + T1;
-		d = c;	c = b;	b = a;	a = T1 + T2;
-		}
-
-	for (;i<64;i++)
-		{
-		s0 = X[(i+1)&0x0f];	s0 = sigma0(s0);
-		s1 = X[(i+14)&0x0f];	s1 = sigma1(s1);
-
-		T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
-		T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];
-		T2 = Sigma0(a) + Maj(a,b,c);
-		h = g;	g = f;	f = e;	e = d + T1;
-		d = c;	c = b;	b = a;	a = T1 + T2;
-		}
-
-	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;
-	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;
-
-			}
+#  define Sigma0(x)       (ROTATE((x),30) ^ ROTATE((x),19) ^ ROTATE((x),10))
+#  define Sigma1(x)       (ROTATE((x),26) ^ ROTATE((x),21) ^ ROTATE((x),7))
+#  define sigma0(x)       (ROTATE((x),25) ^ ROTATE((x),14) ^ ((x)>>3))
+#  define sigma1(x)       (ROTATE((x),15) ^ ROTATE((x),13) ^ ((x)>>10))
+
+#  define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
+#  define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+
+#  ifdef OPENSSL_SMALL_FOOTPRINT
+
+static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1, T2;
+    SHA_LONG X[16], l;
+    int i;
+    const unsigned char *data = in;
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+        for (i = 0; i < 16; i++) {
+            HOST_c2l(data, l);
+            T1 = X[i] = l;
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        for (; i < 64; i++) {
+            s0 = X[(i + 1) & 0x0f];
+            s0 = sigma0(s0);
+            s1 = X[(i + 14) & 0x0f];
+            s1 = sigma1(s1);
+
+            T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf];
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K256[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+    }
 }
 
-#else
-
-#define	ROUND_00_15(i,a,b,c,d,e,f,g,h)		do {	\
-	T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];	\
-	h = Sigma0(a) + Maj(a,b,c);			\
-	d += T1;	h += T1;		} while (0)
-
-#define	ROUND_16_63(i,a,b,c,d,e,f,g,h,X)	do {	\
-	s0 = X[(i+1)&0x0f];	s0 = sigma0(s0);	\
-	s1 = X[(i+14)&0x0f];	s1 = sigma1(s1);	\
-	T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];	\
-	ROUND_00_15(i,a,b,c,d,e,f,g,h);		} while (0)
-
-static void sha256_block_data_order (SHA256_CTX *ctx, const void *in, size_t num)
-	{
-	unsigned MD32_REG_T a,b,c,d,e,f,g,h,s0,s1,T1;
-	SHA_LONG	X[16];
-	int i;
-	const unsigned char *data=in;
-	const union { long one; char little; } is_endian = {1};
-
-			while (num--) {
-
-	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];
-	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];
-
-	if (!is_endian.little && sizeof(SHA_LONG)==4 && ((size_t)in%4)==0)
-		{
-		const SHA_LONG *W=(const SHA_LONG *)data;
-
-		T1 = X[0] = W[0];	ROUND_00_15(0,a,b,c,d,e,f,g,h);
-		T1 = X[1] = W[1];	ROUND_00_15(1,h,a,b,c,d,e,f,g);
-		T1 = X[2] = W[2];	ROUND_00_15(2,g,h,a,b,c,d,e,f);
-		T1 = X[3] = W[3];	ROUND_00_15(3,f,g,h,a,b,c,d,e);
-		T1 = X[4] = W[4];	ROUND_00_15(4,e,f,g,h,a,b,c,d);
-		T1 = X[5] = W[5];	ROUND_00_15(5,d,e,f,g,h,a,b,c);
-		T1 = X[6] = W[6];	ROUND_00_15(6,c,d,e,f,g,h,a,b);
-		T1 = X[7] = W[7];	ROUND_00_15(7,b,c,d,e,f,g,h,a);
-		T1 = X[8] = W[8];	ROUND_00_15(8,a,b,c,d,e,f,g,h);
-		T1 = X[9] = W[9];	ROUND_00_15(9,h,a,b,c,d,e,f,g);
-		T1 = X[10] = W[10];	ROUND_00_15(10,g,h,a,b,c,d,e,f);
-		T1 = X[11] = W[11];	ROUND_00_15(11,f,g,h,a,b,c,d,e);
-		T1 = X[12] = W[12];	ROUND_00_15(12,e,f,g,h,a,b,c,d);
-		T1 = X[13] = W[13];	ROUND_00_15(13,d,e,f,g,h,a,b,c);
-		T1 = X[14] = W[14];	ROUND_00_15(14,c,d,e,f,g,h,a,b);
-		T1 = X[15] = W[15];	ROUND_00_15(15,b,c,d,e,f,g,h,a);
-
-		data += SHA256_CBLOCK;
-		}
-	else
-		{
-		SHA_LONG l;
-
-		HOST_c2l(data,l); T1 = X[0] = l;  ROUND_00_15(0,a,b,c,d,e,f,g,h);
-		HOST_c2l(data,l); T1 = X[1] = l;  ROUND_00_15(1,h,a,b,c,d,e,f,g);
-		HOST_c2l(data,l); T1 = X[2] = l;  ROUND_00_15(2,g,h,a,b,c,d,e,f);
-		HOST_c2l(data,l); T1 = X[3] = l;  ROUND_00_15(3,f,g,h,a,b,c,d,e);
-		HOST_c2l(data,l); T1 = X[4] = l;  ROUND_00_15(4,e,f,g,h,a,b,c,d);
-		HOST_c2l(data,l); T1 = X[5] = l;  ROUND_00_15(5,d,e,f,g,h,a,b,c);
-		HOST_c2l(data,l); T1 = X[6] = l;  ROUND_00_15(6,c,d,e,f,g,h,a,b);
-		HOST_c2l(data,l); T1 = X[7] = l;  ROUND_00_15(7,b,c,d,e,f,g,h,a);
-		HOST_c2l(data,l); T1 = X[8] = l;  ROUND_00_15(8,a,b,c,d,e,f,g,h);
-		HOST_c2l(data,l); T1 = X[9] = l;  ROUND_00_15(9,h,a,b,c,d,e,f,g);
-		HOST_c2l(data,l); T1 = X[10] = l; ROUND_00_15(10,g,h,a,b,c,d,e,f);
-		HOST_c2l(data,l); T1 = X[11] = l; ROUND_00_15(11,f,g,h,a,b,c,d,e);
-		HOST_c2l(data,l); T1 = X[12] = l; ROUND_00_15(12,e,f,g,h,a,b,c,d);
-		HOST_c2l(data,l); T1 = X[13] = l; ROUND_00_15(13,d,e,f,g,h,a,b,c);
-		HOST_c2l(data,l); T1 = X[14] = l; ROUND_00_15(14,c,d,e,f,g,h,a,b);
-		HOST_c2l(data,l); T1 = X[15] = l; ROUND_00_15(15,b,c,d,e,f,g,h,a);
-		}
-
-	for (i=16;i<64;i+=8)
-		{
-		ROUND_16_63(i+0,a,b,c,d,e,f,g,h,X);
-		ROUND_16_63(i+1,h,a,b,c,d,e,f,g,X);
-		ROUND_16_63(i+2,g,h,a,b,c,d,e,f,X);
-		ROUND_16_63(i+3,f,g,h,a,b,c,d,e,X);
-		ROUND_16_63(i+4,e,f,g,h,a,b,c,d,X);
-		ROUND_16_63(i+5,d,e,f,g,h,a,b,c,X);
-		ROUND_16_63(i+6,c,d,e,f,g,h,a,b,X);
-		ROUND_16_63(i+7,b,c,d,e,f,g,h,a,X);
-		}
-
-	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;
-	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;
-
-			}
-	}
-
-#endif
-#endif /* SHA256_ASM */
-
-#endif /* OPENSSL_NO_SHA256 */
+#  else
+
+#   define ROUND_00_15(i,a,b,c,d,e,f,g,h)          do {    \
+        T1 += h + Sigma1(e) + Ch(e,f,g) + K256[i];      \
+        h = Sigma0(a) + Maj(a,b,c);                     \
+        d += T1;        h += T1;                } while (0)
+
+#   define ROUND_16_63(i,a,b,c,d,e,f,g,h,X)        do {    \
+        s0 = X[(i+1)&0x0f];     s0 = sigma0(s0);        \
+        s1 = X[(i+14)&0x0f];    s1 = sigma1(s1);        \
+        T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];    \
+        ROUND_00_15(i,a,b,c,d,e,f,g,h);         } while (0)
+
+static void sha256_block_data_order(SHA256_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    unsigned MD32_REG_T a, b, c, d, e, f, g, h, s0, s1, T1;
+    SHA_LONG X[16];
+    int i;
+    const unsigned char *data = in;
+    const union {
+        long one;
+        char little;
+    } is_endian = {
+        1
+    };
+
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+        if (!is_endian.little && sizeof(SHA_LONG) == 4
+            && ((size_t)in % 4) == 0) {
+            const SHA_LONG *W = (const SHA_LONG *)data;
+
+            T1 = X[0] = W[0];
+            ROUND_00_15(0, a, b, c, d, e, f, g, h);
+            T1 = X[1] = W[1];
+            ROUND_00_15(1, h, a, b, c, d, e, f, g);
+            T1 = X[2] = W[2];
+            ROUND_00_15(2, g, h, a, b, c, d, e, f);
+            T1 = X[3] = W[3];
+            ROUND_00_15(3, f, g, h, a, b, c, d, e);
+            T1 = X[4] = W[4];
+            ROUND_00_15(4, e, f, g, h, a, b, c, d);
+            T1 = X[5] = W[5];
+            ROUND_00_15(5, d, e, f, g, h, a, b, c);
+            T1 = X[6] = W[6];
+            ROUND_00_15(6, c, d, e, f, g, h, a, b);
+            T1 = X[7] = W[7];
+            ROUND_00_15(7, b, c, d, e, f, g, h, a);
+            T1 = X[8] = W[8];
+            ROUND_00_15(8, a, b, c, d, e, f, g, h);
+            T1 = X[9] = W[9];
+            ROUND_00_15(9, h, a, b, c, d, e, f, g);
+            T1 = X[10] = W[10];
+            ROUND_00_15(10, g, h, a, b, c, d, e, f);
+            T1 = X[11] = W[11];
+            ROUND_00_15(11, f, g, h, a, b, c, d, e);
+            T1 = X[12] = W[12];
+            ROUND_00_15(12, e, f, g, h, a, b, c, d);
+            T1 = X[13] = W[13];
+            ROUND_00_15(13, d, e, f, g, h, a, b, c);
+            T1 = X[14] = W[14];
+            ROUND_00_15(14, c, d, e, f, g, h, a, b);
+            T1 = X[15] = W[15];
+            ROUND_00_15(15, b, c, d, e, f, g, h, a);
+
+            data += SHA256_CBLOCK;
+        } else {
+            SHA_LONG l;
+
+            HOST_c2l(data, l);
+            T1 = X[0] = l;
+            ROUND_00_15(0, a, b, c, d, e, f, g, h);
+            HOST_c2l(data, l);
+            T1 = X[1] = l;
+            ROUND_00_15(1, h, a, b, c, d, e, f, g);
+            HOST_c2l(data, l);
+            T1 = X[2] = l;
+            ROUND_00_15(2, g, h, a, b, c, d, e, f);
+            HOST_c2l(data, l);
+            T1 = X[3] = l;
+            ROUND_00_15(3, f, g, h, a, b, c, d, e);
+            HOST_c2l(data, l);
+            T1 = X[4] = l;
+            ROUND_00_15(4, e, f, g, h, a, b, c, d);
+            HOST_c2l(data, l);
+            T1 = X[5] = l;
+            ROUND_00_15(5, d, e, f, g, h, a, b, c);
+            HOST_c2l(data, l);
+            T1 = X[6] = l;
+            ROUND_00_15(6, c, d, e, f, g, h, a, b);
+            HOST_c2l(data, l);
+            T1 = X[7] = l;
+            ROUND_00_15(7, b, c, d, e, f, g, h, a);
+            HOST_c2l(data, l);
+            T1 = X[8] = l;
+            ROUND_00_15(8, a, b, c, d, e, f, g, h);
+            HOST_c2l(data, l);
+            T1 = X[9] = l;
+            ROUND_00_15(9, h, a, b, c, d, e, f, g);
+            HOST_c2l(data, l);
+            T1 = X[10] = l;
+            ROUND_00_15(10, g, h, a, b, c, d, e, f);
+            HOST_c2l(data, l);
+            T1 = X[11] = l;
+            ROUND_00_15(11, f, g, h, a, b, c, d, e);
+            HOST_c2l(data, l);
+            T1 = X[12] = l;
+            ROUND_00_15(12, e, f, g, h, a, b, c, d);
+            HOST_c2l(data, l);
+            T1 = X[13] = l;
+            ROUND_00_15(13, d, e, f, g, h, a, b, c);
+            HOST_c2l(data, l);
+            T1 = X[14] = l;
+            ROUND_00_15(14, c, d, e, f, g, h, a, b);
+            HOST_c2l(data, l);
+            T1 = X[15] = l;
+            ROUND_00_15(15, b, c, d, e, f, g, h, a);
+        }
+
+        for (i = 16; i < 64; i += 8) {
+            ROUND_16_63(i + 0, a, b, c, d, e, f, g, h, X);
+            ROUND_16_63(i + 1, h, a, b, c, d, e, f, g, X);
+            ROUND_16_63(i + 2, g, h, a, b, c, d, e, f, X);
+            ROUND_16_63(i + 3, f, g, h, a, b, c, d, e, X);
+            ROUND_16_63(i + 4, e, f, g, h, a, b, c, d, X);
+            ROUND_16_63(i + 5, d, e, f, g, h, a, b, c, X);
+            ROUND_16_63(i + 6, c, d, e, f, g, h, a, b, X);
+            ROUND_16_63(i + 7, b, c, d, e, f, g, h, a, X);
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+    }
+}
+
+#  endif
+# endif                         /* SHA256_ASM */
+
+#endif                          /* OPENSSL_NO_SHA256 */
diff --git a/Cryptlib/OpenSSL/crypto/sha/sha512.c b/Cryptlib/OpenSSL/crypto/sha/sha512.c
index 9e91bcad..abcbe53f 100644
--- a/Cryptlib/OpenSSL/crypto/sha/sha512.c
+++ b/Cryptlib/OpenSSL/crypto/sha/sha512.c
@@ -6,11 +6,11 @@
  */
 #include <openssl/opensslconf.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
 #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA512)
-/*
+/*-
  * IMPLEMENTATION NOTES.
  *
  * As you might have noticed 32-bit hash algorithms:
@@ -43,514 +43,579 @@
  * As this implementation relies on 64-bit integer type, it's totally
  * inappropriate for platforms which don't support it, most notably
  * 16-bit platforms.
- *					<appro@fy.chalmers.se>
+ *                                      <appro@fy.chalmers.se>
  */
-#include <stdlib.h>
-#include <string.h>
+# include <stdlib.h>
+# include <string.h>
 
-#include <openssl/crypto.h>
-#include <openssl/sha.h>
-#include <openssl/opensslv.h>
+# include <openssl/crypto.h>
+# include <openssl/sha.h>
+# include <openssl/opensslv.h>
 
-#include "cryptlib.h"
+# include "cryptlib.h"
 
-const char SHA512_version[]="SHA-512" OPENSSL_VERSION_PTEXT;
+const char SHA512_version[] = "SHA-512" OPENSSL_VERSION_PTEXT;
 
-#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
+# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \
     defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) || \
     defined(__s390__) || defined(__s390x__) || \
     defined(SHA512_ASM)
-#define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
-#endif
+#  define SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+# endif
 
-int SHA384_Init (SHA512_CTX *c)
-	{
-#ifdef OPENSSL_FIPS
-	FIPS_selftest_check();
-#endif
-	c->h[0]=U64(0xcbbb9d5dc1059ed8);
-	c->h[1]=U64(0x629a292a367cd507);
-	c->h[2]=U64(0x9159015a3070dd17);
-	c->h[3]=U64(0x152fecd8f70e5939);
-	c->h[4]=U64(0x67332667ffc00b31);
-	c->h[5]=U64(0x8eb44a8768581511);
-	c->h[6]=U64(0xdb0c2e0d64f98fa7);
-	c->h[7]=U64(0x47b5481dbefa4fa4);
-        c->Nl=0;        c->Nh=0;
-        c->num=0;       c->md_len=SHA384_DIGEST_LENGTH;
-        return 1;
-	}
+int SHA384_Init(SHA512_CTX *c)
+{
+# ifdef OPENSSL_FIPS
+    FIPS_selftest_check();
+# endif
+    c->h[0] = U64(0xcbbb9d5dc1059ed8);
+    c->h[1] = U64(0x629a292a367cd507);
+    c->h[2] = U64(0x9159015a3070dd17);
+    c->h[3] = U64(0x152fecd8f70e5939);
+    c->h[4] = U64(0x67332667ffc00b31);
+    c->h[5] = U64(0x8eb44a8768581511);
+    c->h[6] = U64(0xdb0c2e0d64f98fa7);
+    c->h[7] = U64(0x47b5481dbefa4fa4);
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA384_DIGEST_LENGTH;
+    return 1;
+}
+
+int SHA512_Init(SHA512_CTX *c)
+{
+# ifdef OPENSSL_FIPS
+    FIPS_selftest_check();
+# endif
+    c->h[0] = U64(0x6a09e667f3bcc908);
+    c->h[1] = U64(0xbb67ae8584caa73b);
+    c->h[2] = U64(0x3c6ef372fe94f82b);
+    c->h[3] = U64(0xa54ff53a5f1d36f1);
+    c->h[4] = U64(0x510e527fade682d1);
+    c->h[5] = U64(0x9b05688c2b3e6c1f);
+    c->h[6] = U64(0x1f83d9abfb41bd6b);
+    c->h[7] = U64(0x5be0cd19137e2179);
+    c->Nl = 0;
+    c->Nh = 0;
+    c->num = 0;
+    c->md_len = SHA512_DIGEST_LENGTH;
+    return 1;
+}
+
+# ifndef SHA512_ASM
+static
+# endif
+void sha512_block_data_order(SHA512_CTX *ctx, const void *in, size_t num);
+
+int SHA512_Final(unsigned char *md, SHA512_CTX *c)
+{
+    unsigned char *p = (unsigned char *)c->u.p;
+    size_t n = c->num;
+
+    p[n] = 0x80;                /* There always is a room for one */
+    n++;
+    if (n > (sizeof(c->u) - 16))
+        memset(p + n, 0, sizeof(c->u) - n), n = 0,
+            sha512_block_data_order(c, p, 1);
+
+    memset(p + n, 0, sizeof(c->u) - 16 - n);
+# ifdef  B_ENDIAN
+    c->u.d[SHA_LBLOCK - 2] = c->Nh;
+    c->u.d[SHA_LBLOCK - 1] = c->Nl;
+# else
+    p[sizeof(c->u) - 1] = (unsigned char)(c->Nl);
+    p[sizeof(c->u) - 2] = (unsigned char)(c->Nl >> 8);
+    p[sizeof(c->u) - 3] = (unsigned char)(c->Nl >> 16);
+    p[sizeof(c->u) - 4] = (unsigned char)(c->Nl >> 24);
+    p[sizeof(c->u) - 5] = (unsigned char)(c->Nl >> 32);
+    p[sizeof(c->u) - 6] = (unsigned char)(c->Nl >> 40);
+    p[sizeof(c->u) - 7] = (unsigned char)(c->Nl >> 48);
+    p[sizeof(c->u) - 8] = (unsigned char)(c->Nl >> 56);
+    p[sizeof(c->u) - 9] = (unsigned char)(c->Nh);
+    p[sizeof(c->u) - 10] = (unsigned char)(c->Nh >> 8);
+    p[sizeof(c->u) - 11] = (unsigned char)(c->Nh >> 16);
+    p[sizeof(c->u) - 12] = (unsigned char)(c->Nh >> 24);
+    p[sizeof(c->u) - 13] = (unsigned char)(c->Nh >> 32);
+    p[sizeof(c->u) - 14] = (unsigned char)(c->Nh >> 40);
+    p[sizeof(c->u) - 15] = (unsigned char)(c->Nh >> 48);
+    p[sizeof(c->u) - 16] = (unsigned char)(c->Nh >> 56);
+# endif
 
-int SHA512_Init (SHA512_CTX *c)
-	{
-#ifdef OPENSSL_FIPS
-	FIPS_selftest_check();
-#endif
-	c->h[0]=U64(0x6a09e667f3bcc908);
-	c->h[1]=U64(0xbb67ae8584caa73b);
-	c->h[2]=U64(0x3c6ef372fe94f82b);
-	c->h[3]=U64(0xa54ff53a5f1d36f1);
-	c->h[4]=U64(0x510e527fade682d1);
-	c->h[5]=U64(0x9b05688c2b3e6c1f);
-	c->h[6]=U64(0x1f83d9abfb41bd6b);
-	c->h[7]=U64(0x5be0cd19137e2179);
-        c->Nl=0;        c->Nh=0;
-        c->num=0;       c->md_len=SHA512_DIGEST_LENGTH;
+    sha512_block_data_order(c, p, 1);
+
+    if (md == 0)
+        return 0;
+
+    switch (c->md_len) {
+        /* Let compiler decide if it's appropriate to unroll... */
+    case SHA384_DIGEST_LENGTH:
+        for (n = 0; n < SHA384_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        break;
+    case SHA512_DIGEST_LENGTH:
+        for (n = 0; n < SHA512_DIGEST_LENGTH / 8; n++) {
+            SHA_LONG64 t = c->h[n];
+
+            *(md++) = (unsigned char)(t >> 56);
+            *(md++) = (unsigned char)(t >> 48);
+            *(md++) = (unsigned char)(t >> 40);
+            *(md++) = (unsigned char)(t >> 32);
+            *(md++) = (unsigned char)(t >> 24);
+            *(md++) = (unsigned char)(t >> 16);
+            *(md++) = (unsigned char)(t >> 8);
+            *(md++) = (unsigned char)(t);
+        }
+        break;
+        /* ... as well as make sure md_len is not abused. */
+    default:
+        return 0;
+    }
+
+    return 1;
+}
+
+int SHA384_Final(unsigned char *md, SHA512_CTX *c)
+{
+    return SHA512_Final(md, c);
+}
+
+int SHA512_Update(SHA512_CTX *c, const void *_data, size_t len)
+{
+    SHA_LONG64 l;
+    unsigned char *p = c->u.p;
+    const unsigned char *data = (const unsigned char *)_data;
+
+    if (len == 0)
         return 1;
-	}
 
-#ifndef SHA512_ASM
-static
-#endif
-void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num);
-
-int SHA512_Final (unsigned char *md, SHA512_CTX *c)
-	{
-	unsigned char *p=(unsigned char *)c->u.p;
-	size_t n=c->num;
-
-	p[n]=0x80;	/* There always is a room for one */
-	n++;
-	if (n > (sizeof(c->u)-16))
-		memset (p+n,0,sizeof(c->u)-n), n=0,
-		sha512_block_data_order (c,p,1);
-
-	memset (p+n,0,sizeof(c->u)-16-n);
-#ifdef	B_ENDIAN
-	c->u.d[SHA_LBLOCK-2] = c->Nh;
-	c->u.d[SHA_LBLOCK-1] = c->Nl;
-#else
-	p[sizeof(c->u)-1]  = (unsigned char)(c->Nl);
-	p[sizeof(c->u)-2]  = (unsigned char)(c->Nl>>8);
-	p[sizeof(c->u)-3]  = (unsigned char)(c->Nl>>16);
-	p[sizeof(c->u)-4]  = (unsigned char)(c->Nl>>24);
-	p[sizeof(c->u)-5]  = (unsigned char)(c->Nl>>32);
-	p[sizeof(c->u)-6]  = (unsigned char)(c->Nl>>40);
-	p[sizeof(c->u)-7]  = (unsigned char)(c->Nl>>48);
-	p[sizeof(c->u)-8]  = (unsigned char)(c->Nl>>56);
-	p[sizeof(c->u)-9]  = (unsigned char)(c->Nh);
-	p[sizeof(c->u)-10] = (unsigned char)(c->Nh>>8);
-	p[sizeof(c->u)-11] = (unsigned char)(c->Nh>>16);
-	p[sizeof(c->u)-12] = (unsigned char)(c->Nh>>24);
-	p[sizeof(c->u)-13] = (unsigned char)(c->Nh>>32);
-	p[sizeof(c->u)-14] = (unsigned char)(c->Nh>>40);
-	p[sizeof(c->u)-15] = (unsigned char)(c->Nh>>48);
-	p[sizeof(c->u)-16] = (unsigned char)(c->Nh>>56);
-#endif
+    l = (c->Nl + (((SHA_LONG64) len) << 3)) & U64(0xffffffffffffffff);
+    if (l < c->Nl)
+        c->Nh++;
+    if (sizeof(len) >= 8)
+        c->Nh += (((SHA_LONG64) len) >> 61);
+    c->Nl = l;
+
+    if (c->num != 0) {
+        size_t n = sizeof(c->u) - c->num;
+
+        if (len < n) {
+            memcpy(p + c->num, data, len), c->num += len;
+            return 1;
+        } else {
+            memcpy(p + c->num, data, n), c->num = 0;
+            len -= n, data += n;
+            sha512_block_data_order(c, p, 1);
+        }
+    }
 
-	sha512_block_data_order (c,p,1);
-
-	if (md==0) return 0;
-
-	switch (c->md_len)
-		{
-		/* Let compiler decide if it's appropriate to unroll... */
-		case SHA384_DIGEST_LENGTH:
-			for (n=0;n<SHA384_DIGEST_LENGTH/8;n++)
-				{
-				SHA_LONG64 t = c->h[n];
-
-				*(md++)	= (unsigned char)(t>>56);
-				*(md++)	= (unsigned char)(t>>48);
-				*(md++)	= (unsigned char)(t>>40);
-				*(md++)	= (unsigned char)(t>>32);
-				*(md++)	= (unsigned char)(t>>24);
-				*(md++)	= (unsigned char)(t>>16);
-				*(md++)	= (unsigned char)(t>>8);
-				*(md++)	= (unsigned char)(t);
-				}
-			break;
-		case SHA512_DIGEST_LENGTH:
-			for (n=0;n<SHA512_DIGEST_LENGTH/8;n++)
-				{
-				SHA_LONG64 t = c->h[n];
-
-				*(md++)	= (unsigned char)(t>>56);
-				*(md++)	= (unsigned char)(t>>48);
-				*(md++)	= (unsigned char)(t>>40);
-				*(md++)	= (unsigned char)(t>>32);
-				*(md++)	= (unsigned char)(t>>24);
-				*(md++)	= (unsigned char)(t>>16);
-				*(md++)	= (unsigned char)(t>>8);
-				*(md++)	= (unsigned char)(t);
-				}
-			break;
-		/* ... as well as make sure md_len is not abused. */
-		default:	return 0;
-		}
-
-	return 1;
-	}
-
-int SHA384_Final (unsigned char *md,SHA512_CTX *c)
-{   return SHA512_Final (md,c);   }
-
-int SHA512_Update (SHA512_CTX *c, const void *_data, size_t len)
-	{
-	SHA_LONG64	l;
-	unsigned char  *p=c->u.p;
-	const unsigned char *data=(const unsigned char *)_data;
-
-	if (len==0) return  1;
-
-	l = (c->Nl+(((SHA_LONG64)len)<<3))&U64(0xffffffffffffffff);
-	if (l < c->Nl)		c->Nh++;
-	if (sizeof(len)>=8)	c->Nh+=(((SHA_LONG64)len)>>61);
-	c->Nl=l;
-
-	if (c->num != 0)
-		{
-		size_t n = sizeof(c->u) - c->num;
-
-		if (len < n)
-			{
-			memcpy (p+c->num,data,len), c->num += len;
-			return 1;
-			}
-		else	{
-			memcpy (p+c->num,data,n), c->num = 0;
-			len-=n, data+=n;
-			sha512_block_data_order (c,p,1);
-			}
-		}
-
-	if (len >= sizeof(c->u))
-		{
-#ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
-		if ((size_t)data%sizeof(c->u.d[0]) != 0)
-			while (len >= sizeof(c->u))
-				memcpy (p,data,sizeof(c->u)),
-				sha512_block_data_order (c,p,1),
-				len  -= sizeof(c->u),
-				data += sizeof(c->u);
-		else
-#endif
-			sha512_block_data_order (c,data,len/sizeof(c->u)),
-			data += len,
-			len  %= sizeof(c->u),
-			data -= len;
-		}
+    if (len >= sizeof(c->u)) {
+# ifndef SHA512_BLOCK_CAN_MANAGE_UNALIGNED_DATA
+        if ((size_t)data % sizeof(c->u.d[0]) != 0)
+            while (len >= sizeof(c->u))
+                memcpy(p, data, sizeof(c->u)),
+                    sha512_block_data_order(c, p, 1),
+                    len -= sizeof(c->u), data += sizeof(c->u);
+        else
+# endif
+            sha512_block_data_order(c, data, len / sizeof(c->u)),
+                data += len, len %= sizeof(c->u), data -= len;
+    }
 
-	if (len != 0)	memcpy (p,data,len), c->num = (int)len;
+    if (len != 0)
+        memcpy(p, data, len), c->num = (int)len;
 
-	return 1;
-	}
+    return 1;
+}
 
-int SHA384_Update (SHA512_CTX *c, const void *data, size_t len)
-{   return SHA512_Update (c,data,len);   }
+int SHA384_Update(SHA512_CTX *c, const void *data, size_t len)
+{
+    return SHA512_Update(c, data, len);
+}
 
-void SHA512_Transform (SHA512_CTX *c, const unsigned char *data)
-{   sha512_block_data_order (c,data,1);  }
+void SHA512_Transform(SHA512_CTX *c, const unsigned char *data)
+{
+    sha512_block_data_order(c, data, 1);
+}
 
 unsigned char *SHA384(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	SHA512_CTX c;
-	static unsigned char m[SHA384_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	SHA384_Init(&c);
-	SHA512_Update(&c,d,n);
-	SHA512_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c));
-	return(md);
-	}
+{
+    SHA512_CTX c;
+    static unsigned char m[SHA384_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA384_Init(&c);
+    SHA512_Update(&c, d, n);
+    SHA512_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return (md);
+}
 
 unsigned char *SHA512(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	SHA512_CTX c;
-	static unsigned char m[SHA512_DIGEST_LENGTH];
-
-	if (md == NULL) md=m;
-	SHA512_Init(&c);
-	SHA512_Update(&c,d,n);
-	SHA512_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c));
-	return(md);
-	}
-
-#ifndef SHA512_ASM
+{
+    SHA512_CTX c;
+    static unsigned char m[SHA512_DIGEST_LENGTH];
+
+    if (md == NULL)
+        md = m;
+    SHA512_Init(&c);
+    SHA512_Update(&c, d, n);
+    SHA512_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return (md);
+}
+
+# ifndef SHA512_ASM
 static const SHA_LONG64 K512[80] = {
-        U64(0x428a2f98d728ae22),U64(0x7137449123ef65cd),
-        U64(0xb5c0fbcfec4d3b2f),U64(0xe9b5dba58189dbbc),
-        U64(0x3956c25bf348b538),U64(0x59f111f1b605d019),
-        U64(0x923f82a4af194f9b),U64(0xab1c5ed5da6d8118),
-        U64(0xd807aa98a3030242),U64(0x12835b0145706fbe),
-        U64(0x243185be4ee4b28c),U64(0x550c7dc3d5ffb4e2),
-        U64(0x72be5d74f27b896f),U64(0x80deb1fe3b1696b1),
-        U64(0x9bdc06a725c71235),U64(0xc19bf174cf692694),
-        U64(0xe49b69c19ef14ad2),U64(0xefbe4786384f25e3),
-        U64(0x0fc19dc68b8cd5b5),U64(0x240ca1cc77ac9c65),
-        U64(0x2de92c6f592b0275),U64(0x4a7484aa6ea6e483),
-        U64(0x5cb0a9dcbd41fbd4),U64(0x76f988da831153b5),
-        U64(0x983e5152ee66dfab),U64(0xa831c66d2db43210),
-        U64(0xb00327c898fb213f),U64(0xbf597fc7beef0ee4),
-        U64(0xc6e00bf33da88fc2),U64(0xd5a79147930aa725),
-        U64(0x06ca6351e003826f),U64(0x142929670a0e6e70),
-        U64(0x27b70a8546d22ffc),U64(0x2e1b21385c26c926),
-        U64(0x4d2c6dfc5ac42aed),U64(0x53380d139d95b3df),
-        U64(0x650a73548baf63de),U64(0x766a0abb3c77b2a8),
-        U64(0x81c2c92e47edaee6),U64(0x92722c851482353b),
-        U64(0xa2bfe8a14cf10364),U64(0xa81a664bbc423001),
-        U64(0xc24b8b70d0f89791),U64(0xc76c51a30654be30),
-        U64(0xd192e819d6ef5218),U64(0xd69906245565a910),
-        U64(0xf40e35855771202a),U64(0x106aa07032bbd1b8),
-        U64(0x19a4c116b8d2d0c8),U64(0x1e376c085141ab53),
-        U64(0x2748774cdf8eeb99),U64(0x34b0bcb5e19b48a8),
-        U64(0x391c0cb3c5c95a63),U64(0x4ed8aa4ae3418acb),
-        U64(0x5b9cca4f7763e373),U64(0x682e6ff3d6b2b8a3),
-        U64(0x748f82ee5defb2fc),U64(0x78a5636f43172f60),
-        U64(0x84c87814a1f0ab72),U64(0x8cc702081a6439ec),
-        U64(0x90befffa23631e28),U64(0xa4506cebde82bde9),
-        U64(0xbef9a3f7b2c67915),U64(0xc67178f2e372532b),
-        U64(0xca273eceea26619c),U64(0xd186b8c721c0c207),
-        U64(0xeada7dd6cde0eb1e),U64(0xf57d4f7fee6ed178),
-        U64(0x06f067aa72176fba),U64(0x0a637dc5a2c898a6),
-        U64(0x113f9804bef90dae),U64(0x1b710b35131c471b),
-        U64(0x28db77f523047d84),U64(0x32caab7b40c72493),
-        U64(0x3c9ebe0a15c9bebc),U64(0x431d67c49c100d4c),
-        U64(0x4cc5d4becb3e42b6),U64(0x597f299cfc657e2a),
-        U64(0x5fcb6fab3ad6faec),U64(0x6c44198c4a475817) };
-
-#ifndef PEDANTIC
-# if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#  if defined(__x86_64) || defined(__x86_64__)
-#   define ROTR(a,n)	({ unsigned long ret;		\
-				asm ("rorq %1,%0"	\
-				: "=r"(ret)		\
-				: "J"(n),"0"(a)		\
-				: "cc"); ret;		})
-#   if !defined(B_ENDIAN)
-#    define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x)));	\
-				asm ("bswapq	%0"		\
-				: "=r"(ret)			\
-				: "0"(ret)); ret;		})
-#   endif
-#  elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
-#   if defined(I386_ONLY)
-#    define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
-			 unsigned int hi=p[0],lo=p[1];		\
-				asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
-				    "roll $16,%%eax; roll $16,%%edx; "\
-				    "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \
-				: "=a"(lo),"=d"(hi)		\
-				: "0"(lo),"1"(hi) : "cc");	\
-				((SHA_LONG64)hi)<<32|lo;	})
-#   else
-#    define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
-			 unsigned int hi=p[0],lo=p[1];			\
-				asm ("bswapl %0; bswapl %1;"	\
-				: "=r"(lo),"=r"(hi)		\
-				: "0"(lo),"1"(hi));		\
-				((SHA_LONG64)hi)<<32|lo;	})
+    U64(0x428a2f98d728ae22), U64(0x7137449123ef65cd),
+    U64(0xb5c0fbcfec4d3b2f), U64(0xe9b5dba58189dbbc),
+    U64(0x3956c25bf348b538), U64(0x59f111f1b605d019),
+    U64(0x923f82a4af194f9b), U64(0xab1c5ed5da6d8118),
+    U64(0xd807aa98a3030242), U64(0x12835b0145706fbe),
+    U64(0x243185be4ee4b28c), U64(0x550c7dc3d5ffb4e2),
+    U64(0x72be5d74f27b896f), U64(0x80deb1fe3b1696b1),
+    U64(0x9bdc06a725c71235), U64(0xc19bf174cf692694),
+    U64(0xe49b69c19ef14ad2), U64(0xefbe4786384f25e3),
+    U64(0x0fc19dc68b8cd5b5), U64(0x240ca1cc77ac9c65),
+    U64(0x2de92c6f592b0275), U64(0x4a7484aa6ea6e483),
+    U64(0x5cb0a9dcbd41fbd4), U64(0x76f988da831153b5),
+    U64(0x983e5152ee66dfab), U64(0xa831c66d2db43210),
+    U64(0xb00327c898fb213f), U64(0xbf597fc7beef0ee4),
+    U64(0xc6e00bf33da88fc2), U64(0xd5a79147930aa725),
+    U64(0x06ca6351e003826f), U64(0x142929670a0e6e70),
+    U64(0x27b70a8546d22ffc), U64(0x2e1b21385c26c926),
+    U64(0x4d2c6dfc5ac42aed), U64(0x53380d139d95b3df),
+    U64(0x650a73548baf63de), U64(0x766a0abb3c77b2a8),
+    U64(0x81c2c92e47edaee6), U64(0x92722c851482353b),
+    U64(0xa2bfe8a14cf10364), U64(0xa81a664bbc423001),
+    U64(0xc24b8b70d0f89791), U64(0xc76c51a30654be30),
+    U64(0xd192e819d6ef5218), U64(0xd69906245565a910),
+    U64(0xf40e35855771202a), U64(0x106aa07032bbd1b8),
+    U64(0x19a4c116b8d2d0c8), U64(0x1e376c085141ab53),
+    U64(0x2748774cdf8eeb99), U64(0x34b0bcb5e19b48a8),
+    U64(0x391c0cb3c5c95a63), U64(0x4ed8aa4ae3418acb),
+    U64(0x5b9cca4f7763e373), U64(0x682e6ff3d6b2b8a3),
+    U64(0x748f82ee5defb2fc), U64(0x78a5636f43172f60),
+    U64(0x84c87814a1f0ab72), U64(0x8cc702081a6439ec),
+    U64(0x90befffa23631e28), U64(0xa4506cebde82bde9),
+    U64(0xbef9a3f7b2c67915), U64(0xc67178f2e372532b),
+    U64(0xca273eceea26619c), U64(0xd186b8c721c0c207),
+    U64(0xeada7dd6cde0eb1e), U64(0xf57d4f7fee6ed178),
+    U64(0x06f067aa72176fba), U64(0x0a637dc5a2c898a6),
+    U64(0x113f9804bef90dae), U64(0x1b710b35131c471b),
+    U64(0x28db77f523047d84), U64(0x32caab7b40c72493),
+    U64(0x3c9ebe0a15c9bebc), U64(0x431d67c49c100d4c),
+    U64(0x4cc5d4becb3e42b6), U64(0x597f299cfc657e2a),
+    U64(0x5fcb6fab3ad6faec), U64(0x6c44198c4a475817)
+};
+
+#  ifndef PEDANTIC
+#   if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+#    if defined(__x86_64) || defined(__x86_64__)
+#     define ROTR(a,n)    ({ unsigned long ret;           \
+                                asm ("rorq %1,%0"       \
+                                : "=r"(ret)             \
+                                : "J"(n),"0"(a)         \
+                                : "cc"); ret;           })
+#     if !defined(B_ENDIAN)
+#      define PULL64(x) ({ SHA_LONG64 ret=*((const SHA_LONG64 *)(&(x)));  \
+                                asm ("bswapq    %0"             \
+                                : "=r"(ret)                     \
+                                : "0"(ret)); ret;               })
+#     endif
+#    elif (defined(__i386) || defined(__i386__)) && !defined(B_ENDIAN)
+#     if defined(I386_ONLY)
+#      define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+                         unsigned int hi=p[0],lo=p[1];          \
+                                asm("xchgb %%ah,%%al;xchgb %%dh,%%dl;"\
+                                    "roll $16,%%eax; roll $16,%%edx; "\
+                                    "xchgb %%ah,%%al;xchgb %%dh,%%dl;" \
+                                : "=a"(lo),"=d"(hi)             \
+                                : "0"(lo),"1"(hi) : "cc");      \
+                                ((SHA_LONG64)hi)<<32|lo;        })
+#     else
+#      define PULL64(x) ({ const unsigned int *p=(const unsigned int *)(&(x));\
+                         unsigned int hi=p[0],lo=p[1];                  \
+                                asm ("bswapl %0; bswapl %1;"    \
+                                : "=r"(lo),"=r"(hi)             \
+                                : "0"(lo),"1"(hi));             \
+                                ((SHA_LONG64)hi)<<32|lo;        })
+#     endif
+#    elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
+#     define ROTR(a,n)    ({ unsigned long ret;           \
+                                asm ("rotrdi %0,%1,%2"  \
+                                : "=r"(ret)             \
+                                : "r"(a),"K"(n)); ret;  })
+#    endif
+#   elif defined(_MSC_VER)
+#    if defined(_WIN64)         /* applies to both IA-64 and AMD64 */
+#     define ROTR(a,n)    _rotr64((a),n)
+#    endif
+#    if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
+#     if defined(I386_ONLY)
+static SHA_LONG64 __fastcall __pull64be(const void *x)
+{
+    _asm mov edx,[ecx + 0]
+    _asm mov eax,[ecx + 4]
+_asm xchg dh, dl
+        _asm xchg ah, al
+        _asm rol edx, 16 _asm rol eax, 16 _asm xchg dh, dl _asm xchg ah, al}
+#     else
+static SHA_LONG64 __fastcall __pull64be(const void *x)
+{
+    _asm mov edx,[ecx + 0]
+    _asm mov eax,[ecx + 4]
+_asm bswap edx _asm bswap eax}
+#     endif
+#     define PULL64(x) __pull64be(&(x))
+#     if _MSC_VER<=1200
+#      pragma inline_depth(0)
+#     endif
+#    endif
 #   endif
-#  elif (defined(_ARCH_PPC) && defined(__64BIT__)) || defined(_ARCH_PPC64)
-#   define ROTR(a,n)	({ unsigned long ret;		\
-				asm ("rotrdi %0,%1,%2"	\
-				: "=r"(ret)		\
-				: "r"(a),"K"(n)); ret;	})
 #  endif
-# elif defined(_MSC_VER)
-#  if defined(_WIN64)	/* applies to both IA-64 and AMD64 */
-#   define ROTR(a,n)	_rotr64((a),n)
+#  ifndef PULL64
+#   define B(x,j)    (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
+#   define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
 #  endif
-#  if defined(_M_IX86) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM)
-#   if defined(I386_ONLY)
-    static SHA_LONG64 __fastcall __pull64be(const void *x)
-    {	_asm	mov	edx, [ecx + 0]
-	_asm	mov	eax, [ecx + 4]
-	_asm	xchg	dh,dl
-	_asm	xchg	ah,al
-	_asm	rol	edx,16
-	_asm	rol	eax,16
-	_asm	xchg	dh,dl
-	_asm	xchg	ah,al
-    }
-#   else
-    static SHA_LONG64 __fastcall __pull64be(const void *x)
-    {	_asm	mov	edx, [ecx + 0]
-	_asm	mov	eax, [ecx + 4]
-	_asm	bswap	edx
-	_asm	bswap	eax
-    }
-#   endif
-#   define PULL64(x) __pull64be(&(x))
-#   if _MSC_VER<=1200
-#    pragma inline_depth(0)
-#   endif
+#  ifndef ROTR
+#   define ROTR(x,s)       (((x)>>s) | (x)<<(64-s))
 #  endif
-# endif
-#endif
-
-#ifndef PULL64
-#define B(x,j)    (((SHA_LONG64)(*(((const unsigned char *)(&x))+j)))<<((7-j)*8))
-#define PULL64(x) (B(x,0)|B(x,1)|B(x,2)|B(x,3)|B(x,4)|B(x,5)|B(x,6)|B(x,7))
-#endif
-
-#ifndef ROTR
-#define ROTR(x,s)	(((x)>>s) | (x)<<(64-s))
-#endif
-
-#define Sigma0(x)	(ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
-#define Sigma1(x)	(ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
-#define sigma0(x)	(ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
-#define sigma1(x)	(ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
-
-#define Ch(x,y,z)	(((x) & (y)) ^ ((~(x)) & (z)))
-#define Maj(x,y,z)	(((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
-
-#if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
-#define	GO_FOR_SSE2(ctx,in,num)		do {		\
-	void	sha512_block_sse2(void *,const void *,size_t);	\
-	if (!(OPENSSL_ia32cap_P & (1<<26))) break;	\
-	sha512_block_sse2(ctx->h,in,num); return;	\
-					} while (0)
-#endif
-
-#ifdef OPENSSL_SMALL_FOOTPRINT
-
-static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
-	{
-	const SHA_LONG64 *W=in;
-	SHA_LONG64	a,b,c,d,e,f,g,h,s0,s1,T1,T2;
-	SHA_LONG64	X[16];
-	int i;
-
-#ifdef GO_FOR_SSE2
-	GO_FOR_SSE2(ctx,in,num);
-#endif
+#  define Sigma0(x)       (ROTR((x),28) ^ ROTR((x),34) ^ ROTR((x),39))
+#  define Sigma1(x)       (ROTR((x),14) ^ ROTR((x),18) ^ ROTR((x),41))
+#  define sigma0(x)       (ROTR((x),1)  ^ ROTR((x),8)  ^ ((x)>>7))
+#  define sigma1(x)       (ROTR((x),19) ^ ROTR((x),61) ^ ((x)>>6))
+#  define Ch(x,y,z)       (((x) & (y)) ^ ((~(x)) & (z)))
+#  define Maj(x,y,z)      (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
+#  if defined(OPENSSL_IA32_SSE2) && !defined(OPENSSL_NO_ASM) && !defined(I386_ONLY)
+#   define GO_FOR_SSE2(ctx,in,num)         do {            \
+        void    sha512_block_sse2(void *,const void *,size_t);  \
+        if (!(OPENSSL_ia32cap_P & (1<<26))) break;      \
+        sha512_block_sse2(ctx->h,in,num); return;       \
+                                        } while (0)
+#  endif
+#  ifdef OPENSSL_SMALL_FOOTPRINT
+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    const SHA_LONG64 *W = in;
+    SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1, T2;
+    SHA_LONG64 X[16];
+    int i;
+
+#   ifdef GO_FOR_SSE2
+    GO_FOR_SSE2(ctx, in, num);
+#   endif
 
-			while (num--) {
+    while (num--) {
 
-	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];
-	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
 
-	for (i=0;i<16;i++)
-		{
-#ifdef B_ENDIAN
-		T1 = X[i] = W[i];
-#else
-		T1 = X[i] = PULL64(W[i]);
-#endif
-		T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
-		T2 = Sigma0(a) + Maj(a,b,c);
-		h = g;	g = f;	f = e;	e = d + T1;
-		d = c;	c = b;	b = a;	a = T1 + T2;
-		}
-
-	for (;i<80;i++)
-		{
-		s0 = X[(i+1)&0x0f];	s0 = sigma0(s0);
-		s1 = X[(i+14)&0x0f];	s1 = sigma1(s1);
-
-		T1 = X[i&0xf] += s0 + s1 + X[(i+9)&0xf];
-		T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];
-		T2 = Sigma0(a) + Maj(a,b,c);
-		h = g;	g = f;	f = e;	e = d + T1;
-		d = c;	c = b;	b = a;	a = T1 + T2;
-		}
-
-	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;
-	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;
-
-			W+=SHA_LBLOCK;
-			}
-	}
-
-#else
-
-#define	ROUND_00_15(i,a,b,c,d,e,f,g,h)		do {	\
-	T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];	\
-	h = Sigma0(a) + Maj(a,b,c);			\
-	d += T1;	h += T1;		} while (0)
-
-#define	ROUND_16_80(i,a,b,c,d,e,f,g,h,X)	do {	\
-	s0 = X[(i+1)&0x0f];	s0 = sigma0(s0);	\
-	s1 = X[(i+14)&0x0f];	s1 = sigma1(s1);	\
-	T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];	\
-	ROUND_00_15(i,a,b,c,d,e,f,g,h);		} while (0)
-
-static void sha512_block_data_order (SHA512_CTX *ctx, const void *in, size_t num)
-	{
-	const SHA_LONG64 *W=in;
-	SHA_LONG64	a,b,c,d,e,f,g,h,s0,s1,T1;
-	SHA_LONG64	X[16];
-	int i;
-
-#ifdef GO_FOR_SSE2
-	GO_FOR_SSE2(ctx,in,num);
-#endif
+        for (i = 0; i < 16; i++) {
+#   ifdef B_ENDIAN
+            T1 = X[i] = W[i];
+#   else
+            T1 = X[i] = PULL64(W[i]);
+#   endif
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        for (; i < 80; i++) {
+            s0 = X[(i + 1) & 0x0f];
+            s0 = sigma0(s0);
+            s1 = X[(i + 14) & 0x0f];
+            s1 = sigma1(s1);
+
+            T1 = X[i & 0xf] += s0 + s1 + X[(i + 9) & 0xf];
+            T1 += h + Sigma1(e) + Ch(e, f, g) + K512[i];
+            T2 = Sigma0(a) + Maj(a, b, c);
+            h = g;
+            g = f;
+            f = e;
+            e = d + T1;
+            d = c;
+            c = b;
+            b = a;
+            a = T1 + T2;
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+        W += SHA_LBLOCK;
+    }
+}
+
+#  else
+#   define ROUND_00_15(i,a,b,c,d,e,f,g,h)          do {    \
+        T1 += h + Sigma1(e) + Ch(e,f,g) + K512[i];      \
+        h = Sigma0(a) + Maj(a,b,c);                     \
+        d += T1;        h += T1;                } while (0)
+#   define ROUND_16_80(i,a,b,c,d,e,f,g,h,X)        do {    \
+        s0 = X[(i+1)&0x0f];     s0 = sigma0(s0);        \
+        s1 = X[(i+14)&0x0f];    s1 = sigma1(s1);        \
+        T1 = X[(i)&0x0f] += s0 + s1 + X[(i+9)&0x0f];    \
+        ROUND_00_15(i,a,b,c,d,e,f,g,h);         } while (0)
+static void sha512_block_data_order(SHA512_CTX *ctx, const void *in,
+                                    size_t num)
+{
+    const SHA_LONG64 *W = in;
+    SHA_LONG64 a, b, c, d, e, f, g, h, s0, s1, T1;
+    SHA_LONG64 X[16];
+    int i;
+
+#   ifdef GO_FOR_SSE2
+    GO_FOR_SSE2(ctx, in, num);
+#   endif
 
-			while (num--) {
-
-	a = ctx->h[0];	b = ctx->h[1];	c = ctx->h[2];	d = ctx->h[3];
-	e = ctx->h[4];	f = ctx->h[5];	g = ctx->h[6];	h = ctx->h[7];
-
-#ifdef B_ENDIAN
-	T1 = X[0] = W[0];	ROUND_00_15(0,a,b,c,d,e,f,g,h);
-	T1 = X[1] = W[1];	ROUND_00_15(1,h,a,b,c,d,e,f,g);
-	T1 = X[2] = W[2];	ROUND_00_15(2,g,h,a,b,c,d,e,f);
-	T1 = X[3] = W[3];	ROUND_00_15(3,f,g,h,a,b,c,d,e);
-	T1 = X[4] = W[4];	ROUND_00_15(4,e,f,g,h,a,b,c,d);
-	T1 = X[5] = W[5];	ROUND_00_15(5,d,e,f,g,h,a,b,c);
-	T1 = X[6] = W[6];	ROUND_00_15(6,c,d,e,f,g,h,a,b);
-	T1 = X[7] = W[7];	ROUND_00_15(7,b,c,d,e,f,g,h,a);
-	T1 = X[8] = W[8];	ROUND_00_15(8,a,b,c,d,e,f,g,h);
-	T1 = X[9] = W[9];	ROUND_00_15(9,h,a,b,c,d,e,f,g);
-	T1 = X[10] = W[10];	ROUND_00_15(10,g,h,a,b,c,d,e,f);
-	T1 = X[11] = W[11];	ROUND_00_15(11,f,g,h,a,b,c,d,e);
-	T1 = X[12] = W[12];	ROUND_00_15(12,e,f,g,h,a,b,c,d);
-	T1 = X[13] = W[13];	ROUND_00_15(13,d,e,f,g,h,a,b,c);
-	T1 = X[14] = W[14];	ROUND_00_15(14,c,d,e,f,g,h,a,b);
-	T1 = X[15] = W[15];	ROUND_00_15(15,b,c,d,e,f,g,h,a);
-#else
-	T1 = X[0]  = PULL64(W[0]);	ROUND_00_15(0,a,b,c,d,e,f,g,h);
-	T1 = X[1]  = PULL64(W[1]);	ROUND_00_15(1,h,a,b,c,d,e,f,g);
-	T1 = X[2]  = PULL64(W[2]);	ROUND_00_15(2,g,h,a,b,c,d,e,f);
-	T1 = X[3]  = PULL64(W[3]);	ROUND_00_15(3,f,g,h,a,b,c,d,e);
-	T1 = X[4]  = PULL64(W[4]);	ROUND_00_15(4,e,f,g,h,a,b,c,d);
-	T1 = X[5]  = PULL64(W[5]);	ROUND_00_15(5,d,e,f,g,h,a,b,c);
-	T1 = X[6]  = PULL64(W[6]);	ROUND_00_15(6,c,d,e,f,g,h,a,b);
-	T1 = X[7]  = PULL64(W[7]);	ROUND_00_15(7,b,c,d,e,f,g,h,a);
-	T1 = X[8]  = PULL64(W[8]);	ROUND_00_15(8,a,b,c,d,e,f,g,h);
-	T1 = X[9]  = PULL64(W[9]);	ROUND_00_15(9,h,a,b,c,d,e,f,g);
-	T1 = X[10] = PULL64(W[10]);	ROUND_00_15(10,g,h,a,b,c,d,e,f);
-	T1 = X[11] = PULL64(W[11]);	ROUND_00_15(11,f,g,h,a,b,c,d,e);
-	T1 = X[12] = PULL64(W[12]);	ROUND_00_15(12,e,f,g,h,a,b,c,d);
-	T1 = X[13] = PULL64(W[13]);	ROUND_00_15(13,d,e,f,g,h,a,b,c);
-	T1 = X[14] = PULL64(W[14]);	ROUND_00_15(14,c,d,e,f,g,h,a,b);
-	T1 = X[15] = PULL64(W[15]);	ROUND_00_15(15,b,c,d,e,f,g,h,a);
-#endif
+    while (num--) {
+
+        a = ctx->h[0];
+        b = ctx->h[1];
+        c = ctx->h[2];
+        d = ctx->h[3];
+        e = ctx->h[4];
+        f = ctx->h[5];
+        g = ctx->h[6];
+        h = ctx->h[7];
+
+#   ifdef B_ENDIAN
+        T1 = X[0] = W[0];
+        ROUND_00_15(0, a, b, c, d, e, f, g, h);
+        T1 = X[1] = W[1];
+        ROUND_00_15(1, h, a, b, c, d, e, f, g);
+        T1 = X[2] = W[2];
+        ROUND_00_15(2, g, h, a, b, c, d, e, f);
+        T1 = X[3] = W[3];
+        ROUND_00_15(3, f, g, h, a, b, c, d, e);
+        T1 = X[4] = W[4];
+        ROUND_00_15(4, e, f, g, h, a, b, c, d);
+        T1 = X[5] = W[5];
+        ROUND_00_15(5, d, e, f, g, h, a, b, c);
+        T1 = X[6] = W[6];
+        ROUND_00_15(6, c, d, e, f, g, h, a, b);
+        T1 = X[7] = W[7];
+        ROUND_00_15(7, b, c, d, e, f, g, h, a);
+        T1 = X[8] = W[8];
+        ROUND_00_15(8, a, b, c, d, e, f, g, h);
+        T1 = X[9] = W[9];
+        ROUND_00_15(9, h, a, b, c, d, e, f, g);
+        T1 = X[10] = W[10];
+        ROUND_00_15(10, g, h, a, b, c, d, e, f);
+        T1 = X[11] = W[11];
+        ROUND_00_15(11, f, g, h, a, b, c, d, e);
+        T1 = X[12] = W[12];
+        ROUND_00_15(12, e, f, g, h, a, b, c, d);
+        T1 = X[13] = W[13];
+        ROUND_00_15(13, d, e, f, g, h, a, b, c);
+        T1 = X[14] = W[14];
+        ROUND_00_15(14, c, d, e, f, g, h, a, b);
+        T1 = X[15] = W[15];
+        ROUND_00_15(15, b, c, d, e, f, g, h, a);
+#   else
+        T1 = X[0] = PULL64(W[0]);
+        ROUND_00_15(0, a, b, c, d, e, f, g, h);
+        T1 = X[1] = PULL64(W[1]);
+        ROUND_00_15(1, h, a, b, c, d, e, f, g);
+        T1 = X[2] = PULL64(W[2]);
+        ROUND_00_15(2, g, h, a, b, c, d, e, f);
+        T1 = X[3] = PULL64(W[3]);
+        ROUND_00_15(3, f, g, h, a, b, c, d, e);
+        T1 = X[4] = PULL64(W[4]);
+        ROUND_00_15(4, e, f, g, h, a, b, c, d);
+        T1 = X[5] = PULL64(W[5]);
+        ROUND_00_15(5, d, e, f, g, h, a, b, c);
+        T1 = X[6] = PULL64(W[6]);
+        ROUND_00_15(6, c, d, e, f, g, h, a, b);
+        T1 = X[7] = PULL64(W[7]);
+        ROUND_00_15(7, b, c, d, e, f, g, h, a);
+        T1 = X[8] = PULL64(W[8]);
+        ROUND_00_15(8, a, b, c, d, e, f, g, h);
+        T1 = X[9] = PULL64(W[9]);
+        ROUND_00_15(9, h, a, b, c, d, e, f, g);
+        T1 = X[10] = PULL64(W[10]);
+        ROUND_00_15(10, g, h, a, b, c, d, e, f);
+        T1 = X[11] = PULL64(W[11]);
+        ROUND_00_15(11, f, g, h, a, b, c, d, e);
+        T1 = X[12] = PULL64(W[12]);
+        ROUND_00_15(12, e, f, g, h, a, b, c, d);
+        T1 = X[13] = PULL64(W[13]);
+        ROUND_00_15(13, d, e, f, g, h, a, b, c);
+        T1 = X[14] = PULL64(W[14]);
+        ROUND_00_15(14, c, d, e, f, g, h, a, b);
+        T1 = X[15] = PULL64(W[15]);
+        ROUND_00_15(15, b, c, d, e, f, g, h, a);
+#   endif
 
-	for (i=16;i<80;i+=8)
-		{
-		ROUND_16_80(i+0,a,b,c,d,e,f,g,h,X);
-		ROUND_16_80(i+1,h,a,b,c,d,e,f,g,X);
-		ROUND_16_80(i+2,g,h,a,b,c,d,e,f,X);
-		ROUND_16_80(i+3,f,g,h,a,b,c,d,e,X);
-		ROUND_16_80(i+4,e,f,g,h,a,b,c,d,X);
-		ROUND_16_80(i+5,d,e,f,g,h,a,b,c,X);
-		ROUND_16_80(i+6,c,d,e,f,g,h,a,b,X);
-		ROUND_16_80(i+7,b,c,d,e,f,g,h,a,X);
-		}
-
-	ctx->h[0] += a;	ctx->h[1] += b;	ctx->h[2] += c;	ctx->h[3] += d;
-	ctx->h[4] += e;	ctx->h[5] += f;	ctx->h[6] += g;	ctx->h[7] += h;
-
-			W+=SHA_LBLOCK;
-			}
-	}
+        for (i = 16; i < 80; i += 8) {
+            ROUND_16_80(i + 0, a, b, c, d, e, f, g, h, X);
+            ROUND_16_80(i + 1, h, a, b, c, d, e, f, g, X);
+            ROUND_16_80(i + 2, g, h, a, b, c, d, e, f, X);
+            ROUND_16_80(i + 3, f, g, h, a, b, c, d, e, X);
+            ROUND_16_80(i + 4, e, f, g, h, a, b, c, d, X);
+            ROUND_16_80(i + 5, d, e, f, g, h, a, b, c, X);
+            ROUND_16_80(i + 6, c, d, e, f, g, h, a, b, X);
+            ROUND_16_80(i + 7, b, c, d, e, f, g, h, a, X);
+        }
+
+        ctx->h[0] += a;
+        ctx->h[1] += b;
+        ctx->h[2] += c;
+        ctx->h[3] += d;
+        ctx->h[4] += e;
+        ctx->h[5] += f;
+        ctx->h[6] += g;
+        ctx->h[7] += h;
+
+        W += SHA_LBLOCK;
+    }
+}
 
-#endif
+#  endif
 
-#endif /* SHA512_ASM */
+# endif                         /* SHA512_ASM */
 
-#else /* OPENSSL_NO_SHA512 */
+#else                           /* OPENSSL_NO_SHA512 */
 
-/* Sensitive compilers ("Compaq C V6.4-005 on OpenVMS VAX V7.3", for
- * example) dislike a statement-free file, complaining:
- * "%CC-W-EMPTYFILE, Source file does not contain any declarations."
+/*
+ * Sensitive compilers ("Compaq C V6.4-005 on OpenVMS VAX V7.3", for example)
+ * dislike a statement-free file, complaining: "%CC-W-EMPTYFILE, Source file
+ * does not contain any declarations."
  */
 
 int sha512_dummy();
 
-#endif /* OPENSSL_NO_SHA512 */
+#endif                          /* OPENSSL_NO_SHA512 */
diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c
index 598f4d72..41ed7e96 100644
--- a/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c
+++ b/Cryptlib/OpenSSL/crypto/sha/sha_dgst.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -59,22 +59,21 @@
 #include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
 #ifdef OPENSSL_FIPS
-#include <openssl/fips.h>
+# include <openssl/fips.h>
 #endif
 
 #include <openssl/err.h>
 #if !defined(OPENSSL_NO_SHA0) && !defined(OPENSSL_NO_SHA)
 
-#undef  SHA_1
-#define SHA_0
+# undef  SHA_1
+# define SHA_0
 
-#include <openssl/opensslv.h>
+# include <openssl/opensslv.h>
 
-const char SHA_version[]="SHA" OPENSSL_VERSION_PTEXT;
+const char SHA_version[] = "SHA" OPENSSL_VERSION_PTEXT;
 
 /* The implementation is in ../md32_common.h */
 
-#include "sha_locl.h"
+# include "sha_locl.h"
 
 #endif
-
diff --git a/Cryptlib/OpenSSL/crypto/sha/sha_one.c b/Cryptlib/OpenSSL/crypto/sha/sha_one.c
index 3bae623c..0930b98a 100644
--- a/Cryptlib/OpenSSL/crypto/sha/sha_one.c
+++ b/Cryptlib/OpenSSL/crypto/sha/sha_one.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,16 +63,17 @@
 
 #ifndef OPENSSL_NO_SHA0
 unsigned char *SHA(const unsigned char *d, size_t n, unsigned char *md)
-	{
-	SHA_CTX c;
-	static unsigned char m[SHA_DIGEST_LENGTH];
+{
+    SHA_CTX c;
+    static unsigned char m[SHA_DIGEST_LENGTH];
 
-	if (md == NULL) md=m;
-	if (!SHA_Init(&c))
-		return NULL;
-	SHA_Update(&c,d,n);
-	SHA_Final(md,&c);
-	OPENSSL_cleanse(&c,sizeof(c));
-	return(md);
-	}
+    if (md == NULL)
+        md = m;
+    if (!SHA_Init(&c))
+        return NULL;
+    SHA_Update(&c, d, n);
+    SHA_Final(md, &c);
+    OPENSSL_cleanse(&c, sizeof(c));
+    return (md);
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/stack/stack.c b/Cryptlib/OpenSSL/crypto/stack/stack.c
index 378bd7c7..c59f0bb2 100644
--- a/Cryptlib/OpenSSL/crypto/stack/stack.c
+++ b/Cryptlib/OpenSSL/crypto/stack/stack.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,17 +49,18 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
  * [including the GNU Public Licence.]
  */
 
-/* Code for stacks
+/*-
+ * Code for stacks
  * Author - Eric Young v 1.0
- * 1.2 eay 12-Mar-97 -	Modified sk_find so that it _DOES_ return the
- *			lowest index for the searched item.
+ * 1.2 eay 12-Mar-97 -  Modified sk_find so that it _DOES_ return the
+ *                      lowest index for the searched item.
  *
  * 1.1 eay - Take from netdb and added to SSLeay
  *
@@ -71,271 +72,292 @@
 #include <openssl/objects.h>
 
 #undef MIN_NODES
-#define MIN_NODES	4
+#define MIN_NODES       4
 
-const char STACK_version[]="Stack" OPENSSL_VERSION_PTEXT;
+const char STACK_version[] = "Stack" OPENSSL_VERSION_PTEXT;
 
 #include <errno.h>
 
-int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * const *)))
-		(const char * const *, const char * const *)
-	{
-	int (*old)(const char * const *,const char * const *)=sk->comp;
-
-	if (sk->comp != c)
-		sk->sorted=0;
-	sk->comp=c;
-
-	return old;
-	}
-
-STACK *sk_dup(STACK *sk)
-	{
-	STACK *ret;
-	char **s;
-
-	if ((ret=sk_new(sk->comp)) == NULL) goto err;
-	s=(char **)OPENSSL_realloc((char *)ret->data,
-		(unsigned int)sizeof(char *)*sk->num_alloc);
-	if (s == NULL) goto err;
-	ret->data=s;
-
-	ret->num=sk->num;
-	memcpy(ret->data,sk->data,sizeof(char *)*sk->num);
-	ret->sorted=sk->sorted;
-	ret->num_alloc=sk->num_alloc;
-	ret->comp=sk->comp;
-	return(ret);
-err:
-	if(ret)
-		sk_free(ret);
-	return(NULL);
-	}
+int (*sk_set_cmp_func
+     (STACK * sk, int (*c) (const char *const *, const char *const *)))
+ (const char *const *, const char *const *) {
+    int (*old) (const char *const *, const char *const *) = sk->comp;
+
+    if (sk->comp != c)
+        sk->sorted = 0;
+    sk->comp = c;
+
+    return old;
+}
+
+STACK *sk_dup(STACK * sk)
+{
+    STACK *ret;
+    char **s;
+
+    if ((ret = sk_new(sk->comp)) == NULL)
+        goto err;
+    s = (char **)OPENSSL_realloc((char *)ret->data,
+                                 (unsigned int)sizeof(char *) *
+                                 sk->num_alloc);
+    if (s == NULL)
+        goto err;
+    ret->data = s;
+
+    ret->num = sk->num;
+    memcpy(ret->data, sk->data, sizeof(char *) * sk->num);
+    ret->sorted = sk->sorted;
+    ret->num_alloc = sk->num_alloc;
+    ret->comp = sk->comp;
+    return (ret);
+ err:
+    if (ret)
+        sk_free(ret);
+    return (NULL);
+}
 
 STACK *sk_new_null(void)
-	{
-	return sk_new((int (*)(const char * const *, const char * const *))0);
-	}
-
-STACK *sk_new(int (*c)(const char * const *, const char * const *))
-	{
-	STACK *ret;
-	int i;
-
-	if ((ret=(STACK *)OPENSSL_malloc(sizeof(STACK))) == NULL)
-		goto err;
-	if ((ret->data=(char **)OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL)
-		goto err;
-	for (i=0; i<MIN_NODES; i++)
-		ret->data[i]=NULL;
-	ret->comp=c;
-	ret->num_alloc=MIN_NODES;
-	ret->num=0;
-	ret->sorted=0;
-	return(ret);
-err:
-	if(ret)
-		OPENSSL_free(ret);
-	return(NULL);
-	}
-
-int sk_insert(STACK *st, char *data, int loc)
-	{
-	char **s;
-
-	if(st == NULL) return 0;
-	if (st->num_alloc <= st->num+1)
-		{
-		s=(char **)OPENSSL_realloc((char *)st->data,
-			(unsigned int)sizeof(char *)*st->num_alloc*2);
-		if (s == NULL)
-			return(0);
-		st->data=s;
-		st->num_alloc*=2;
-		}
-	if ((loc >= (int)st->num) || (loc < 0))
-		st->data[st->num]=data;
-	else
-		{
-		int i;
-		char **f,**t;
-
-		f=(char **)st->data;
-		t=(char **)&(st->data[1]);
-		for (i=st->num; i>=loc; i--)
-			t[i]=f[i];
-			
-#ifdef undef /* no memmove on sunos :-( */
-		memmove( (char *)&(st->data[loc+1]),
-			(char *)&(st->data[loc]),
-			sizeof(char *)*(st->num-loc));
+{
+    return sk_new((int (*)(const char *const *, const char *const *))0);
+}
+
+STACK *sk_new(int (*c) (const char *const *, const char *const *))
+{
+    STACK *ret;
+    int i;
+
+    if ((ret = (STACK *) OPENSSL_malloc(sizeof(STACK))) == NULL)
+        goto err;
+    if ((ret->data =
+         (char **)OPENSSL_malloc(sizeof(char *) * MIN_NODES)) == NULL)
+        goto err;
+    for (i = 0; i < MIN_NODES; i++)
+        ret->data[i] = NULL;
+    ret->comp = c;
+    ret->num_alloc = MIN_NODES;
+    ret->num = 0;
+    ret->sorted = 0;
+    return (ret);
+ err:
+    if (ret)
+        OPENSSL_free(ret);
+    return (NULL);
+}
+
+int sk_insert(STACK * st, char *data, int loc)
+{
+    char **s;
+
+    if (st == NULL)
+        return 0;
+    if (st->num_alloc <= st->num + 1) {
+        s = (char **)OPENSSL_realloc((char *)st->data,
+                                     (unsigned int)sizeof(char *) *
+                                     st->num_alloc * 2);
+        if (s == NULL)
+            return (0);
+        st->data = s;
+        st->num_alloc *= 2;
+    }
+    if ((loc >= (int)st->num) || (loc < 0))
+        st->data[st->num] = data;
+    else {
+        int i;
+        char **f, **t;
+
+        f = (char **)st->data;
+        t = (char **)&(st->data[1]);
+        for (i = st->num; i >= loc; i--)
+            t[i] = f[i];
+
+#ifdef undef                    /* no memmove on sunos :-( */
+        memmove((char *)&(st->data[loc + 1]),
+                (char *)&(st->data[loc]), sizeof(char *) * (st->num - loc));
 #endif
-		st->data[loc]=data;
-		}
-	st->num++;
-	st->sorted=0;
-	return(st->num);
-	}
-
-char *sk_delete_ptr(STACK *st, char *p)
-	{
-	int i;
-
-	for (i=0; i<st->num; i++)
-		if (st->data[i] == p)
-			return(sk_delete(st,i));
-	return(NULL);
-	}
-
-char *sk_delete(STACK *st, int loc)
-	{
-	char *ret;
-	int i,j;
-
-	if(!st || (loc < 0) || (loc >= st->num)) return NULL;
-
-	ret=st->data[loc];
-	if (loc != st->num-1)
-		{
-		j=st->num-1;
-		for (i=loc; i<j; i++)
-			st->data[i]=st->data[i+1];
-		/* In theory memcpy is not safe for this
-		 * memcpy( &(st->data[loc]),
-		 *	&(st->data[loc+1]),
-		 *	sizeof(char *)*(st->num-loc-1));
-		 */
-		}
-	st->num--;
-	return(ret);
-	}
-
-static int internal_find(STACK *st, char *data, int ret_val_options)
-	{
-	char **r;
-	int i;
-	int (*comp_func)(const void *,const void *);
-	if(st == NULL) return -1;
-
-	if (st->comp == NULL)
-		{
-		for (i=0; i<st->num; i++)
-			if (st->data[i] == data)
-				return(i);
-		return(-1);
-		}
-	sk_sort(st);
-	if (data == NULL) return(-1);
-	/* This (and the "qsort" below) are the two places in OpenSSL
-	 * where we need to convert from our standard (type **,type **)
-	 * compare callback type to the (void *,void *) type required by
-	 * bsearch. However, the "data" it is being called(back) with are
-	 * not (type *) pointers, but the *pointers* to (type *) pointers,
-	 * so we get our extra level of pointer dereferencing that way. */
-	comp_func=(int (*)(const void *,const void *))(st->comp);
-	r=(char **)OBJ_bsearch_ex((char *)&data,(char *)st->data,
-		st->num,sizeof(char *),comp_func,ret_val_options);
-	if (r == NULL) return(-1);
-	return((int)(r-st->data));
-	}
-
-int sk_find(STACK *st, char *data)
-	{
-	return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);
-	}
-int sk_find_ex(STACK *st, char *data)
-	{
-	return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH);
-	}
-
-int sk_push(STACK *st, char *data)
-	{
-	return(sk_insert(st,data,st->num));
-	}
-
-int sk_unshift(STACK *st, char *data)
-	{
-	return(sk_insert(st,data,0));
-	}
-
-char *sk_shift(STACK *st)
-	{
-	if (st == NULL) return(NULL);
-	if (st->num <= 0) return(NULL);
-	return(sk_delete(st,0));
-	}
-
-char *sk_pop(STACK *st)
-	{
-	if (st == NULL) return(NULL);
-	if (st->num <= 0) return(NULL);
-	return(sk_delete(st,st->num-1));
-	}
-
-void sk_zero(STACK *st)
-	{
-	if (st == NULL) return;
-	if (st->num <= 0) return;
-	memset((char *)st->data,0,sizeof(st->data)*st->num);
-	st->num=0;
-	}
-
-void sk_pop_free(STACK *st, void (*func)(void *))
-	{
-	int i;
-
-	if (st == NULL) return;
-	for (i=0; i<st->num; i++)
-		if (st->data[i] != NULL)
-			func(st->data[i]);
-	sk_free(st);
-	}
-
-void sk_free(STACK *st)
-	{
-	if (st == NULL) return;
-	if (st->data != NULL) OPENSSL_free(st->data);
-	OPENSSL_free(st);
-	}
-
-int sk_num(const STACK *st)
+        st->data[loc] = data;
+    }
+    st->num++;
+    st->sorted = 0;
+    return (st->num);
+}
+
+char *sk_delete_ptr(STACK * st, char *p)
+{
+    int i;
+
+    for (i = 0; i < st->num; i++)
+        if (st->data[i] == p)
+            return (sk_delete(st, i));
+    return (NULL);
+}
+
+char *sk_delete(STACK * st, int loc)
+{
+    char *ret;
+    int i, j;
+
+    if (!st || (loc < 0) || (loc >= st->num))
+        return NULL;
+
+    ret = st->data[loc];
+    if (loc != st->num - 1) {
+        j = st->num - 1;
+        for (i = loc; i < j; i++)
+            st->data[i] = st->data[i + 1];
+        /*
+         * In theory memcpy is not safe for this memcpy( &(st->data[loc]),
+         * &(st->data[loc+1]), sizeof(char *)*(st->num-loc-1));
+         */
+    }
+    st->num--;
+    return (ret);
+}
+
+static int internal_find(STACK * st, char *data, int ret_val_options)
+{
+    char **r;
+    int i;
+    int (*comp_func) (const void *, const void *);
+    if (st == NULL)
+        return -1;
+
+    if (st->comp == NULL) {
+        for (i = 0; i < st->num; i++)
+            if (st->data[i] == data)
+                return (i);
+        return (-1);
+    }
+    sk_sort(st);
+    if (data == NULL)
+        return (-1);
+    /*
+     * This (and the "qsort" below) are the two places in OpenSSL where we
+     * need to convert from our standard (type **,type **) compare callback
+     * type to the (void *,void *) type required by bsearch. However, the
+     * "data" it is being called(back) with are not (type *) pointers, but
+     * the *pointers* to (type *) pointers, so we get our extra level of
+     * pointer dereferencing that way.
+     */
+    comp_func = (int (*)(const void *, const void *))(st->comp);
+    r = (char **)OBJ_bsearch_ex((char *)&data, (char *)st->data,
+                                st->num, sizeof(char *), comp_func,
+                                ret_val_options);
+    if (r == NULL)
+        return (-1);
+    return ((int)(r - st->data));
+}
+
+int sk_find(STACK * st, char *data)
+{
+    return internal_find(st, data, OBJ_BSEARCH_FIRST_VALUE_ON_MATCH);
+}
+
+int sk_find_ex(STACK * st, char *data)
+{
+    return internal_find(st, data, OBJ_BSEARCH_VALUE_ON_NOMATCH);
+}
+
+int sk_push(STACK * st, char *data)
+{
+    return (sk_insert(st, data, st->num));
+}
+
+int sk_unshift(STACK * st, char *data)
 {
-	if(st == NULL) return -1;
-	return st->num;
+    return (sk_insert(st, data, 0));
 }
 
-char *sk_value(const STACK *st, int i)
+char *sk_shift(STACK * st)
 {
-	if(!st || (i < 0) || (i >= st->num)) return NULL;
-	return st->data[i];
+    if (st == NULL)
+        return (NULL);
+    if (st->num <= 0)
+        return (NULL);
+    return (sk_delete(st, 0));
 }
 
-char *sk_set(STACK *st, int i, char *value)
+char *sk_pop(STACK * st)
 {
-	if(!st || (i < 0) || (i >= st->num)) return NULL;
-	return (st->data[i] = value);
+    if (st == NULL)
+        return (NULL);
+    if (st->num <= 0)
+        return (NULL);
+    return (sk_delete(st, st->num - 1));
 }
 
-void sk_sort(STACK *st)
-	{
-	if (st && !st->sorted)
-		{
-		int (*comp_func)(const void *,const void *);
-
-		/* same comment as in sk_find ... previously st->comp was declared
-		 * as a (void*,void*) callback type, but this made the population
-		 * of the callback pointer illogical - our callbacks compare
-		 * type** with type**, so we leave the casting until absolutely
-		 * necessary (ie. "now"). */
-		comp_func=(int (*)(const void *,const void *))(st->comp);
-		qsort(st->data,st->num,sizeof(char *), comp_func);
-		st->sorted=1;
-		}
-	}
-
-int sk_is_sorted(const STACK *st)
-	{
-	if (!st)
-		return 1;
-	return st->sorted;
-	}
+void sk_zero(STACK * st)
+{
+    if (st == NULL)
+        return;
+    if (st->num <= 0)
+        return;
+    memset((char *)st->data, 0, sizeof(st->data) * st->num);
+    st->num = 0;
+}
+
+void sk_pop_free(STACK * st, void (*func) (void *))
+{
+    int i;
+
+    if (st == NULL)
+        return;
+    for (i = 0; i < st->num; i++)
+        if (st->data[i] != NULL)
+            func(st->data[i]);
+    sk_free(st);
+}
+
+void sk_free(STACK * st)
+{
+    if (st == NULL)
+        return;
+    if (st->data != NULL)
+        OPENSSL_free(st->data);
+    OPENSSL_free(st);
+}
+
+int sk_num(const STACK * st)
+{
+    if (st == NULL)
+        return -1;
+    return st->num;
+}
+
+char *sk_value(const STACK * st, int i)
+{
+    if (!st || (i < 0) || (i >= st->num))
+        return NULL;
+    return st->data[i];
+}
+
+char *sk_set(STACK * st, int i, char *value)
+{
+    if (!st || (i < 0) || (i >= st->num))
+        return NULL;
+    return (st->data[i] = value);
+}
+
+void sk_sort(STACK * st)
+{
+    if (st && !st->sorted) {
+        int (*comp_func) (const void *, const void *);
+
+        /*
+         * same comment as in sk_find ... previously st->comp was declared as
+         * a (void*,void*) callback type, but this made the population of the
+         * callback pointer illogical - our callbacks compare type** with
+         * type**, so we leave the casting until absolutely necessary (ie.
+         * "now").
+         */
+        comp_func = (int (*)(const void *, const void *))(st->comp);
+        qsort(st->data, st->num, sizeof(char *), comp_func);
+        st->sorted = 1;
+    }
+}
+
+int sk_is_sorted(const STACK * st)
+{
+    if (!st)
+        return 1;
+    return st->sorted;
+}
diff --git a/Cryptlib/OpenSSL/crypto/store/str_err.c b/Cryptlib/OpenSSL/crypto/store/str_err.c
index 6fee6498..fb03c535 100644
--- a/Cryptlib/OpenSSL/crypto/store/str_err.c
+++ b/Cryptlib/OpenSSL/crypto/store/str_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,147 +66,193 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_STORE,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_STORE,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_STORE,0,reason)
 
-static ERR_STRING_DATA STORE_str_functs[]=
-	{
-{ERR_FUNC(STORE_F_MEM_DELETE),	"MEM_DELETE"},
-{ERR_FUNC(STORE_F_MEM_GENERATE),	"MEM_GENERATE"},
-{ERR_FUNC(STORE_F_MEM_LIST_END),	"MEM_LIST_END"},
-{ERR_FUNC(STORE_F_MEM_LIST_NEXT),	"MEM_LIST_NEXT"},
-{ERR_FUNC(STORE_F_MEM_LIST_START),	"MEM_LIST_START"},
-{ERR_FUNC(STORE_F_MEM_MODIFY),	"MEM_MODIFY"},
-{ERR_FUNC(STORE_F_MEM_STORE),	"MEM_STORE"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR),	"STORE_ATTR_INFO_get0_cstr"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN),	"STORE_ATTR_INFO_get0_dn"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_NUMBER),	"STORE_ATTR_INFO_get0_number"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR),	"STORE_ATTR_INFO_get0_sha1str"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR),	"STORE_ATTR_INFO_modify_cstr"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_DN),	"STORE_ATTR_INFO_modify_dn"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER),	"STORE_ATTR_INFO_modify_number"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR),	"STORE_ATTR_INFO_modify_sha1str"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_CSTR),	"STORE_ATTR_INFO_set_cstr"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_DN),	"STORE_ATTR_INFO_set_dn"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_NUMBER),	"STORE_ATTR_INFO_set_number"},
-{ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR),	"STORE_ATTR_INFO_set_sha1str"},
-{ERR_FUNC(STORE_F_STORE_CERTIFICATE),	"STORE_CERTIFICATE"},
-{ERR_FUNC(STORE_F_STORE_CTRL),	"STORE_ctrl"},
-{ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY),	"STORE_delete_arbitrary"},
-{ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE),	"STORE_delete_certificate"},
-{ERR_FUNC(STORE_F_STORE_DELETE_CRL),	"STORE_delete_crl"},
-{ERR_FUNC(STORE_F_STORE_DELETE_NUMBER),	"STORE_delete_number"},
-{ERR_FUNC(STORE_F_STORE_DELETE_PRIVATE_KEY),	"STORE_delete_private_key"},
-{ERR_FUNC(STORE_F_STORE_DELETE_PUBLIC_KEY),	"STORE_delete_public_key"},
-{ERR_FUNC(STORE_F_STORE_GENERATE_CRL),	"STORE_generate_crl"},
-{ERR_FUNC(STORE_F_STORE_GENERATE_KEY),	"STORE_generate_key"},
-{ERR_FUNC(STORE_F_STORE_GET_ARBITRARY),	"STORE_get_arbitrary"},
-{ERR_FUNC(STORE_F_STORE_GET_CERTIFICATE),	"STORE_get_certificate"},
-{ERR_FUNC(STORE_F_STORE_GET_CRL),	"STORE_get_crl"},
-{ERR_FUNC(STORE_F_STORE_GET_NUMBER),	"STORE_get_number"},
-{ERR_FUNC(STORE_F_STORE_GET_PRIVATE_KEY),	"STORE_get_private_key"},
-{ERR_FUNC(STORE_F_STORE_GET_PUBLIC_KEY),	"STORE_get_public_key"},
-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_END),	"STORE_list_certificate_end"},
-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_ENDP),	"STORE_list_certificate_endp"},
-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_NEXT),	"STORE_list_certificate_next"},
-{ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_START),	"STORE_list_certificate_start"},
-{ERR_FUNC(STORE_F_STORE_LIST_CRL_END),	"STORE_list_crl_end"},
-{ERR_FUNC(STORE_F_STORE_LIST_CRL_ENDP),	"STORE_list_crl_endp"},
-{ERR_FUNC(STORE_F_STORE_LIST_CRL_NEXT),	"STORE_list_crl_next"},
-{ERR_FUNC(STORE_F_STORE_LIST_CRL_START),	"STORE_list_crl_start"},
-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_END),	"STORE_list_private_key_end"},
-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP),	"STORE_list_private_key_endp"},
-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT),	"STORE_list_private_key_next"},
-{ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_START),	"STORE_list_private_key_start"},
-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_END),	"STORE_list_public_key_end"},
-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP),	"STORE_list_public_key_endp"},
-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT),	"STORE_list_public_key_next"},
-{ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_START),	"STORE_list_public_key_start"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_ARBITRARY),	"STORE_modify_arbitrary"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_CERTIFICATE),	"STORE_modify_certificate"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_CRL),	"STORE_modify_crl"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_NUMBER),	"STORE_modify_number"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_PRIVATE_KEY),	"STORE_modify_private_key"},
-{ERR_FUNC(STORE_F_STORE_MODIFY_PUBLIC_KEY),	"STORE_modify_public_key"},
-{ERR_FUNC(STORE_F_STORE_NEW_ENGINE),	"STORE_new_engine"},
-{ERR_FUNC(STORE_F_STORE_NEW_METHOD),	"STORE_new_method"},
-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_END),	"STORE_parse_attrs_end"},
-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_ENDP),	"STORE_parse_attrs_endp"},
-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_NEXT),	"STORE_parse_attrs_next"},
-{ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_START),	"STORE_parse_attrs_start"},
-{ERR_FUNC(STORE_F_STORE_REVOKE_CERTIFICATE),	"STORE_revoke_certificate"},
-{ERR_FUNC(STORE_F_STORE_REVOKE_PRIVATE_KEY),	"STORE_revoke_private_key"},
-{ERR_FUNC(STORE_F_STORE_REVOKE_PUBLIC_KEY),	"STORE_revoke_public_key"},
-{ERR_FUNC(STORE_F_STORE_STORE_ARBITRARY),	"STORE_store_arbitrary"},
-{ERR_FUNC(STORE_F_STORE_STORE_CERTIFICATE),	"STORE_store_certificate"},
-{ERR_FUNC(STORE_F_STORE_STORE_CRL),	"STORE_store_crl"},
-{ERR_FUNC(STORE_F_STORE_STORE_NUMBER),	"STORE_store_number"},
-{ERR_FUNC(STORE_F_STORE_STORE_PRIVATE_KEY),	"STORE_store_private_key"},
-{ERR_FUNC(STORE_F_STORE_STORE_PUBLIC_KEY),	"STORE_store_public_key"},
-{0,NULL}
-	};
+static ERR_STRING_DATA STORE_str_functs[] = {
+    {ERR_FUNC(STORE_F_MEM_DELETE), "MEM_DELETE"},
+    {ERR_FUNC(STORE_F_MEM_GENERATE), "MEM_GENERATE"},
+    {ERR_FUNC(STORE_F_MEM_LIST_END), "MEM_LIST_END"},
+    {ERR_FUNC(STORE_F_MEM_LIST_NEXT), "MEM_LIST_NEXT"},
+    {ERR_FUNC(STORE_F_MEM_LIST_START), "MEM_LIST_START"},
+    {ERR_FUNC(STORE_F_MEM_MODIFY), "MEM_MODIFY"},
+    {ERR_FUNC(STORE_F_MEM_STORE), "MEM_STORE"},
+    {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_CSTR),
+     "STORE_ATTR_INFO_get0_cstr"},
+    {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_DN), "STORE_ATTR_INFO_get0_dn"},
+    {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_NUMBER),
+     "STORE_ATTR_INFO_get0_number"},
+    {ERR_FUNC(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR),
+     "STORE_ATTR_INFO_get0_sha1str"},
+    {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR),
+     "STORE_ATTR_INFO_modify_cstr"},
+    {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_DN),
+     "STORE_ATTR_INFO_modify_dn"},
+    {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER),
+     "STORE_ATTR_INFO_modify_number"},
+    {ERR_FUNC(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR),
+     "STORE_ATTR_INFO_modify_sha1str"},
+    {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_CSTR), "STORE_ATTR_INFO_set_cstr"},
+    {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_DN), "STORE_ATTR_INFO_set_dn"},
+    {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_NUMBER),
+     "STORE_ATTR_INFO_set_number"},
+    {ERR_FUNC(STORE_F_STORE_ATTR_INFO_SET_SHA1STR),
+     "STORE_ATTR_INFO_set_sha1str"},
+    {ERR_FUNC(STORE_F_STORE_CERTIFICATE), "STORE_CERTIFICATE"},
+    {ERR_FUNC(STORE_F_STORE_CTRL), "STORE_ctrl"},
+    {ERR_FUNC(STORE_F_STORE_DELETE_ARBITRARY), "STORE_delete_arbitrary"},
+    {ERR_FUNC(STORE_F_STORE_DELETE_CERTIFICATE), "STORE_delete_certificate"},
+    {ERR_FUNC(STORE_F_STORE_DELETE_CRL), "STORE_delete_crl"},
+    {ERR_FUNC(STORE_F_STORE_DELETE_NUMBER), "STORE_delete_number"},
+    {ERR_FUNC(STORE_F_STORE_DELETE_PRIVATE_KEY), "STORE_delete_private_key"},
+    {ERR_FUNC(STORE_F_STORE_DELETE_PUBLIC_KEY), "STORE_delete_public_key"},
+    {ERR_FUNC(STORE_F_STORE_GENERATE_CRL), "STORE_generate_crl"},
+    {ERR_FUNC(STORE_F_STORE_GENERATE_KEY), "STORE_generate_key"},
+    {ERR_FUNC(STORE_F_STORE_GET_ARBITRARY), "STORE_get_arbitrary"},
+    {ERR_FUNC(STORE_F_STORE_GET_CERTIFICATE), "STORE_get_certificate"},
+    {ERR_FUNC(STORE_F_STORE_GET_CRL), "STORE_get_crl"},
+    {ERR_FUNC(STORE_F_STORE_GET_NUMBER), "STORE_get_number"},
+    {ERR_FUNC(STORE_F_STORE_GET_PRIVATE_KEY), "STORE_get_private_key"},
+    {ERR_FUNC(STORE_F_STORE_GET_PUBLIC_KEY), "STORE_get_public_key"},
+    {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_END),
+     "STORE_list_certificate_end"},
+    {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_ENDP),
+     "STORE_list_certificate_endp"},
+    {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_NEXT),
+     "STORE_list_certificate_next"},
+    {ERR_FUNC(STORE_F_STORE_LIST_CERTIFICATE_START),
+     "STORE_list_certificate_start"},
+    {ERR_FUNC(STORE_F_STORE_LIST_CRL_END), "STORE_list_crl_end"},
+    {ERR_FUNC(STORE_F_STORE_LIST_CRL_ENDP), "STORE_list_crl_endp"},
+    {ERR_FUNC(STORE_F_STORE_LIST_CRL_NEXT), "STORE_list_crl_next"},
+    {ERR_FUNC(STORE_F_STORE_LIST_CRL_START), "STORE_list_crl_start"},
+    {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_END),
+     "STORE_list_private_key_end"},
+    {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP),
+     "STORE_list_private_key_endp"},
+    {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT),
+     "STORE_list_private_key_next"},
+    {ERR_FUNC(STORE_F_STORE_LIST_PRIVATE_KEY_START),
+     "STORE_list_private_key_start"},
+    {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_END),
+     "STORE_list_public_key_end"},
+    {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP),
+     "STORE_list_public_key_endp"},
+    {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT),
+     "STORE_list_public_key_next"},
+    {ERR_FUNC(STORE_F_STORE_LIST_PUBLIC_KEY_START),
+     "STORE_list_public_key_start"},
+    {ERR_FUNC(STORE_F_STORE_MODIFY_ARBITRARY), "STORE_modify_arbitrary"},
+    {ERR_FUNC(STORE_F_STORE_MODIFY_CERTIFICATE), "STORE_modify_certificate"},
+    {ERR_FUNC(STORE_F_STORE_MODIFY_CRL), "STORE_modify_crl"},
+    {ERR_FUNC(STORE_F_STORE_MODIFY_NUMBER), "STORE_modify_number"},
+    {ERR_FUNC(STORE_F_STORE_MODIFY_PRIVATE_KEY), "STORE_modify_private_key"},
+    {ERR_FUNC(STORE_F_STORE_MODIFY_PUBLIC_KEY), "STORE_modify_public_key"},
+    {ERR_FUNC(STORE_F_STORE_NEW_ENGINE), "STORE_new_engine"},
+    {ERR_FUNC(STORE_F_STORE_NEW_METHOD), "STORE_new_method"},
+    {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_END), "STORE_parse_attrs_end"},
+    {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_ENDP), "STORE_parse_attrs_endp"},
+    {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_NEXT), "STORE_parse_attrs_next"},
+    {ERR_FUNC(STORE_F_STORE_PARSE_ATTRS_START), "STORE_parse_attrs_start"},
+    {ERR_FUNC(STORE_F_STORE_REVOKE_CERTIFICATE), "STORE_revoke_certificate"},
+    {ERR_FUNC(STORE_F_STORE_REVOKE_PRIVATE_KEY), "STORE_revoke_private_key"},
+    {ERR_FUNC(STORE_F_STORE_REVOKE_PUBLIC_KEY), "STORE_revoke_public_key"},
+    {ERR_FUNC(STORE_F_STORE_STORE_ARBITRARY), "STORE_store_arbitrary"},
+    {ERR_FUNC(STORE_F_STORE_STORE_CERTIFICATE), "STORE_store_certificate"},
+    {ERR_FUNC(STORE_F_STORE_STORE_CRL), "STORE_store_crl"},
+    {ERR_FUNC(STORE_F_STORE_STORE_NUMBER), "STORE_store_number"},
+    {ERR_FUNC(STORE_F_STORE_STORE_PRIVATE_KEY), "STORE_store_private_key"},
+    {ERR_FUNC(STORE_F_STORE_STORE_PUBLIC_KEY), "STORE_store_public_key"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA STORE_str_reasons[]=
-	{
-{ERR_REASON(STORE_R_ALREADY_HAS_A_VALUE) ,"already has a value"},
-{ERR_REASON(STORE_R_FAILED_DELETING_ARBITRARY),"failed deleting arbitrary"},
-{ERR_REASON(STORE_R_FAILED_DELETING_CERTIFICATE),"failed deleting certificate"},
-{ERR_REASON(STORE_R_FAILED_DELETING_KEY) ,"failed deleting key"},
-{ERR_REASON(STORE_R_FAILED_DELETING_NUMBER),"failed deleting number"},
-{ERR_REASON(STORE_R_FAILED_GENERATING_CRL),"failed generating crl"},
-{ERR_REASON(STORE_R_FAILED_GENERATING_KEY),"failed generating key"},
-{ERR_REASON(STORE_R_FAILED_GETTING_ARBITRARY),"failed getting arbitrary"},
-{ERR_REASON(STORE_R_FAILED_GETTING_CERTIFICATE),"failed getting certificate"},
-{ERR_REASON(STORE_R_FAILED_GETTING_KEY)  ,"failed getting key"},
-{ERR_REASON(STORE_R_FAILED_GETTING_NUMBER),"failed getting number"},
-{ERR_REASON(STORE_R_FAILED_LISTING_CERTIFICATES),"failed listing certificates"},
-{ERR_REASON(STORE_R_FAILED_LISTING_KEYS) ,"failed listing keys"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_ARBITRARY),"failed modifying arbitrary"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_CERTIFICATE),"failed modifying certificate"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_CRL),"failed modifying crl"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_NUMBER),"failed modifying number"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_PRIVATE_KEY),"failed modifying private key"},
-{ERR_REASON(STORE_R_FAILED_MODIFYING_PUBLIC_KEY),"failed modifying public key"},
-{ERR_REASON(STORE_R_FAILED_REVOKING_CERTIFICATE),"failed revoking certificate"},
-{ERR_REASON(STORE_R_FAILED_REVOKING_KEY) ,"failed revoking key"},
-{ERR_REASON(STORE_R_FAILED_STORING_ARBITRARY),"failed storing arbitrary"},
-{ERR_REASON(STORE_R_FAILED_STORING_CERTIFICATE),"failed storing certificate"},
-{ERR_REASON(STORE_R_FAILED_STORING_KEY)  ,"failed storing key"},
-{ERR_REASON(STORE_R_FAILED_STORING_NUMBER),"failed storing number"},
-{ERR_REASON(STORE_R_NOT_IMPLEMENTED)     ,"not implemented"},
-{ERR_REASON(STORE_R_NO_CONTROL_FUNCTION) ,"no control function"},
-{ERR_REASON(STORE_R_NO_DELETE_ARBITRARY_FUNCTION),"no delete arbitrary function"},
-{ERR_REASON(STORE_R_NO_DELETE_NUMBER_FUNCTION),"no delete number function"},
-{ERR_REASON(STORE_R_NO_DELETE_OBJECT_FUNCTION),"no delete object function"},
-{ERR_REASON(STORE_R_NO_GENERATE_CRL_FUNCTION),"no generate crl function"},
-{ERR_REASON(STORE_R_NO_GENERATE_OBJECT_FUNCTION),"no generate object function"},
-{ERR_REASON(STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION),"no get object arbitrary function"},
-{ERR_REASON(STORE_R_NO_GET_OBJECT_FUNCTION),"no get object function"},
-{ERR_REASON(STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION),"no get object number function"},
-{ERR_REASON(STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION),"no list object endp function"},
-{ERR_REASON(STORE_R_NO_LIST_OBJECT_END_FUNCTION),"no list object end function"},
-{ERR_REASON(STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION),"no list object next function"},
-{ERR_REASON(STORE_R_NO_LIST_OBJECT_START_FUNCTION),"no list object start function"},
-{ERR_REASON(STORE_R_NO_MODIFY_OBJECT_FUNCTION),"no modify object function"},
-{ERR_REASON(STORE_R_NO_REVOKE_OBJECT_FUNCTION),"no revoke object function"},
-{ERR_REASON(STORE_R_NO_STORE)            ,"no store"},
-{ERR_REASON(STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION),"no store object arbitrary function"},
-{ERR_REASON(STORE_R_NO_STORE_OBJECT_FUNCTION),"no store object function"},
-{ERR_REASON(STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION),"no store object number function"},
-{ERR_REASON(STORE_R_NO_VALUE)            ,"no value"},
-{0,NULL}
-	};
+static ERR_STRING_DATA STORE_str_reasons[] = {
+    {ERR_REASON(STORE_R_ALREADY_HAS_A_VALUE), "already has a value"},
+    {ERR_REASON(STORE_R_FAILED_DELETING_ARBITRARY),
+     "failed deleting arbitrary"},
+    {ERR_REASON(STORE_R_FAILED_DELETING_CERTIFICATE),
+     "failed deleting certificate"},
+    {ERR_REASON(STORE_R_FAILED_DELETING_KEY), "failed deleting key"},
+    {ERR_REASON(STORE_R_FAILED_DELETING_NUMBER), "failed deleting number"},
+    {ERR_REASON(STORE_R_FAILED_GENERATING_CRL), "failed generating crl"},
+    {ERR_REASON(STORE_R_FAILED_GENERATING_KEY), "failed generating key"},
+    {ERR_REASON(STORE_R_FAILED_GETTING_ARBITRARY),
+     "failed getting arbitrary"},
+    {ERR_REASON(STORE_R_FAILED_GETTING_CERTIFICATE),
+     "failed getting certificate"},
+    {ERR_REASON(STORE_R_FAILED_GETTING_KEY), "failed getting key"},
+    {ERR_REASON(STORE_R_FAILED_GETTING_NUMBER), "failed getting number"},
+    {ERR_REASON(STORE_R_FAILED_LISTING_CERTIFICATES),
+     "failed listing certificates"},
+    {ERR_REASON(STORE_R_FAILED_LISTING_KEYS), "failed listing keys"},
+    {ERR_REASON(STORE_R_FAILED_MODIFYING_ARBITRARY),
+     "failed modifying arbitrary"},
+    {ERR_REASON(STORE_R_FAILED_MODIFYING_CERTIFICATE),
+     "failed modifying certificate"},
+    {ERR_REASON(STORE_R_FAILED_MODIFYING_CRL), "failed modifying crl"},
+    {ERR_REASON(STORE_R_FAILED_MODIFYING_NUMBER), "failed modifying number"},
+    {ERR_REASON(STORE_R_FAILED_MODIFYING_PRIVATE_KEY),
+     "failed modifying private key"},
+    {ERR_REASON(STORE_R_FAILED_MODIFYING_PUBLIC_KEY),
+     "failed modifying public key"},
+    {ERR_REASON(STORE_R_FAILED_REVOKING_CERTIFICATE),
+     "failed revoking certificate"},
+    {ERR_REASON(STORE_R_FAILED_REVOKING_KEY), "failed revoking key"},
+    {ERR_REASON(STORE_R_FAILED_STORING_ARBITRARY),
+     "failed storing arbitrary"},
+    {ERR_REASON(STORE_R_FAILED_STORING_CERTIFICATE),
+     "failed storing certificate"},
+    {ERR_REASON(STORE_R_FAILED_STORING_KEY), "failed storing key"},
+    {ERR_REASON(STORE_R_FAILED_STORING_NUMBER), "failed storing number"},
+    {ERR_REASON(STORE_R_NOT_IMPLEMENTED), "not implemented"},
+    {ERR_REASON(STORE_R_NO_CONTROL_FUNCTION), "no control function"},
+    {ERR_REASON(STORE_R_NO_DELETE_ARBITRARY_FUNCTION),
+     "no delete arbitrary function"},
+    {ERR_REASON(STORE_R_NO_DELETE_NUMBER_FUNCTION),
+     "no delete number function"},
+    {ERR_REASON(STORE_R_NO_DELETE_OBJECT_FUNCTION),
+     "no delete object function"},
+    {ERR_REASON(STORE_R_NO_GENERATE_CRL_FUNCTION),
+     "no generate crl function"},
+    {ERR_REASON(STORE_R_NO_GENERATE_OBJECT_FUNCTION),
+     "no generate object function"},
+    {ERR_REASON(STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION),
+     "no get object arbitrary function"},
+    {ERR_REASON(STORE_R_NO_GET_OBJECT_FUNCTION), "no get object function"},
+    {ERR_REASON(STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION),
+     "no get object number function"},
+    {ERR_REASON(STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION),
+     "no list object endp function"},
+    {ERR_REASON(STORE_R_NO_LIST_OBJECT_END_FUNCTION),
+     "no list object end function"},
+    {ERR_REASON(STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION),
+     "no list object next function"},
+    {ERR_REASON(STORE_R_NO_LIST_OBJECT_START_FUNCTION),
+     "no list object start function"},
+    {ERR_REASON(STORE_R_NO_MODIFY_OBJECT_FUNCTION),
+     "no modify object function"},
+    {ERR_REASON(STORE_R_NO_REVOKE_OBJECT_FUNCTION),
+     "no revoke object function"},
+    {ERR_REASON(STORE_R_NO_STORE), "no store"},
+    {ERR_REASON(STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION),
+     "no store object arbitrary function"},
+    {ERR_REASON(STORE_R_NO_STORE_OBJECT_FUNCTION),
+     "no store object function"},
+    {ERR_REASON(STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION),
+     "no store object number function"},
+    {ERR_REASON(STORE_R_NO_VALUE), "no value"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_STORE_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(STORE_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,STORE_str_functs);
-		ERR_load_strings(0,STORE_str_reasons);
-		}
+    if (ERR_func_error_string(STORE_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, STORE_str_functs);
+        ERR_load_strings(0, STORE_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/store/str_lib.c b/Cryptlib/OpenSSL/crypto/store/str_lib.c
index 32ae5bd3..c9683197 100644
--- a/Cryptlib/OpenSSL/crypto/store/str_lib.c
+++ b/Cryptlib/OpenSSL/crypto/store/str_lib.c
@@ -1,6 +1,7 @@
 /* crypto/store/str_lib.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2003.
+/*
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
+ * 2003.
  */
 /* ====================================================================
  * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,1765 +61,1711 @@
 #include <openssl/bn.h>
 #include <openssl/err.h>
 #ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
+# include <openssl/engine.h>
 #endif
 #include <openssl/sha.h>
 #include <openssl/x509.h>
 #include "str_locl.h"
 
-const char * const STORE_object_type_string[STORE_OBJECT_TYPE_NUM+1] =
-	{
-	0,
-	"X.509 Certificate",
-	"X.509 CRL",
-	"Private Key",
-	"Public Key",
-	"Number",
-	"Arbitrary Data"
-	};
-
-const int STORE_param_sizes[STORE_PARAM_TYPE_NUM+1] =
-	{
-	0,
-	sizeof(int),		/* EVP_TYPE */
-	sizeof(size_t),		/* BITS */
-	-1,			/* KEY_PARAMETERS */
-	0			/* KEY_NO_PARAMETERS */
-	};	
-
-const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM+1] =
-	{
-	0,
-	-1,			/* FRIENDLYNAME:	C string */
-	SHA_DIGEST_LENGTH,	/* KEYID:		SHA1 digest, 160 bits */
-	SHA_DIGEST_LENGTH,	/* ISSUERKEYID:		SHA1 digest, 160 bits */
-	SHA_DIGEST_LENGTH,	/* SUBJECTKEYID:	SHA1 digest, 160 bits */
-	SHA_DIGEST_LENGTH,	/* ISSUERSERIALHASH:	SHA1 digest, 160 bits */
-	sizeof(X509_NAME *),	/* ISSUER:		X509_NAME * */
-	sizeof(BIGNUM *),	/* SERIAL:		BIGNUM * */
-	sizeof(X509_NAME *),	/* SUBJECT:		X509_NAME * */
-	SHA_DIGEST_LENGTH,	/* CERTHASH:		SHA1 digest, 160 bits */
-	-1,			/* EMAIL:		C string */
-	-1,			/* FILENAME:		C string */
-	};	
+const char *const STORE_object_type_string[STORE_OBJECT_TYPE_NUM + 1] = {
+    0,
+    "X.509 Certificate",
+    "X.509 CRL",
+    "Private Key",
+    "Public Key",
+    "Number",
+    "Arbitrary Data"
+};
+
+const int STORE_param_sizes[STORE_PARAM_TYPE_NUM + 1] = {
+    0,
+    sizeof(int),                /* EVP_TYPE */
+    sizeof(size_t),             /* BITS */
+    -1,                         /* KEY_PARAMETERS */
+    0                           /* KEY_NO_PARAMETERS */
+};
+
+const int STORE_attr_sizes[STORE_ATTR_TYPE_NUM + 1] = {
+    0,
+    -1,                         /* FRIENDLYNAME: C string */
+    SHA_DIGEST_LENGTH,          /* KEYID: SHA1 digest, 160 bits */
+    SHA_DIGEST_LENGTH,          /* ISSUERKEYID: SHA1 digest, 160 bits */
+    SHA_DIGEST_LENGTH,          /* SUBJECTKEYID: SHA1 digest, 160 bits */
+    SHA_DIGEST_LENGTH,          /* ISSUERSERIALHASH: SHA1 digest, 160 bits */
+    sizeof(X509_NAME *),        /* ISSUER: X509_NAME * */
+    sizeof(BIGNUM *),           /* SERIAL: BIGNUM * */
+    sizeof(X509_NAME *),        /* SUBJECT: X509_NAME * */
+    SHA_DIGEST_LENGTH,          /* CERTHASH: SHA1 digest, 160 bits */
+    -1,                         /* EMAIL: C string */
+    -1,                         /* FILENAME: C string */
+};
 
 STORE *STORE_new_method(const STORE_METHOD *method)
-	{
-	STORE *ret;
-
-	if (method == NULL)
-		{
-		STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-
-	ret=(STORE *)OPENSSL_malloc(sizeof(STORE));
-	if (ret == NULL)
-		{
-		STOREerr(STORE_F_STORE_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-
-	ret->meth=method;
-
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data);
-	if (ret->meth->init && !ret->meth->init(ret))
-		{
-		STORE_free(ret);
-		ret = NULL;
-		}
-	return ret;
-	}
+{
+    STORE *ret;
+
+    if (method == NULL) {
+        STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+
+    ret = (STORE *)OPENSSL_malloc(sizeof(STORE));
+    if (ret == NULL) {
+        STOREerr(STORE_F_STORE_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    ret->meth = method;
+
+    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_STORE, ret, &ret->ex_data);
+    if (ret->meth->init && !ret->meth->init(ret)) {
+        STORE_free(ret);
+        ret = NULL;
+    }
+    return ret;
+}
 
 STORE *STORE_new_engine(ENGINE *engine)
-	{
-	STORE *ret = NULL;
-	ENGINE *e = engine;
-	const STORE_METHOD *meth = 0;
+{
+    STORE *ret = NULL;
+    ENGINE *e = engine;
+    const STORE_METHOD *meth = 0;
 
 #ifdef OPENSSL_NO_ENGINE
-	e = NULL;
+    e = NULL;
 #else
-	if (engine)
-		{
-		if (!ENGINE_init(engine))
-			{
-			STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
-			return NULL;
-			}
-		e = engine;
-		}
-	else
-		{
-		STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	if(e)
-		{
-		meth = ENGINE_get_STORE(e);
-		if(!meth)
-			{
-			STOREerr(STORE_F_STORE_NEW_ENGINE,
-				ERR_R_ENGINE_LIB);
-			ENGINE_finish(e);
-			return NULL;
-			}
-		}
+    if (engine) {
+        if (!ENGINE_init(engine)) {
+            STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
+            return NULL;
+        }
+        e = engine;
+    } else {
+        STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (e) {
+        meth = ENGINE_get_STORE(e);
+        if (!meth) {
+            STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_ENGINE_LIB);
+            ENGINE_finish(e);
+            return NULL;
+        }
+    }
 #endif
 
-	ret = STORE_new_method(meth);
-	if (ret == NULL)
-		{
-		STOREerr(STORE_F_STORE_NEW_ENGINE,ERR_R_STORE_LIB);
-		return NULL;
-		}
+    ret = STORE_new_method(meth);
+    if (ret == NULL) {
+        STOREerr(STORE_F_STORE_NEW_ENGINE, ERR_R_STORE_LIB);
+        return NULL;
+    }
 
-	ret->engine = e;
+    ret->engine = e;
 
-	return(ret);
-	}
+    return (ret);
+}
 
 void STORE_free(STORE *store)
-	{
-	if (store == NULL)
-		return;
-	if (store->meth->clean)
-		store->meth->clean(store);
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data);
-	OPENSSL_free(store);
-	}
-
-int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f)(void))
-	{
-	if (store == NULL)
-		{
-		STOREerr(STORE_F_STORE_CTRL,ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (store->meth->ctrl)
-		return store->meth->ctrl(store, cmd, i, p, f);
-	STOREerr(STORE_F_STORE_CTRL,STORE_R_NO_CONTROL_FUNCTION);
-	return 0;
-	}
-
+{
+    if (store == NULL)
+        return;
+    if (store->meth->clean)
+        store->meth->clean(store);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_STORE, store, &store->ex_data);
+    OPENSSL_free(store);
+}
+
+int STORE_ctrl(STORE *store, int cmd, long i, void *p, void (*f) (void))
+{
+    if (store == NULL) {
+        STOREerr(STORE_F_STORE_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (store->meth->ctrl)
+        return store->meth->ctrl(store, cmd, i, p, f);
+    STOREerr(STORE_F_STORE_CTRL, STORE_R_NO_CONTROL_FUNCTION);
+    return 0;
+}
 
 int STORE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-        {
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp,
-				new_func, dup_func, free_func);
-        }
+                           CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_STORE, argl, argp,
+                                   new_func, dup_func, free_func);
+}
 
 int STORE_set_ex_data(STORE *r, int idx, void *arg)
-	{
-	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
-	}
+{
+    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+}
 
 void *STORE_get_ex_data(STORE *r, int idx)
-	{
-	return(CRYPTO_get_ex_data(&r->ex_data,idx));
-	}
+{
+    return (CRYPTO_get_ex_data(&r->ex_data, idx));
+}
 
 const STORE_METHOD *STORE_get_method(STORE *store)
-	{
-	return store->meth;
-	}
+{
+    return store->meth;
+}
 
 const STORE_METHOD *STORE_set_method(STORE *store, const STORE_METHOD *meth)
-	{
-	store->meth=meth;
-	return store->meth;
-	}
-
+{
+    store->meth = meth;
+    return store->meth;
+}
 
 /* API helpers */
 
 #define check_store(s,fncode,fnname,fnerrcode) \
-	do \
-		{ \
-		if ((s) == NULL || (s)->meth == NULL) \
-			{ \
-			STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \
-			return 0; \
-			} \
-		if ((s)->meth->fnname == NULL) \
-			{ \
-			STOREerr((fncode), (fnerrcode)); \
-			return 0; \
-			} \
-		} \
-	while(0)
+        do \
+                { \
+                if ((s) == NULL || (s)->meth == NULL) \
+                        { \
+                        STOREerr((fncode), ERR_R_PASSED_NULL_PARAMETER); \
+                        return 0; \
+                        } \
+                if ((s)->meth->fnname == NULL) \
+                        { \
+                        STOREerr((fncode), (fnerrcode)); \
+                        return 0; \
+                        } \
+                } \
+        while(0)
 
 /* API functions */
 
 X509 *STORE_get_certificate(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	X509 *x;
-
-	check_store(s,STORE_F_STORE_GET_CERTIFICATE,
-		get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
-
-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
-		attributes, parameters);
-	if (!object || !object->data.x509.certificate)
-		{
-		STOREerr(STORE_F_STORE_GET_CERTIFICATE,
-			STORE_R_FAILED_GETTING_CERTIFICATE);
-		return 0;
-		}
-	CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509);
+                            OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    X509 *x;
+
+    check_store(s, STORE_F_STORE_GET_CERTIFICATE,
+                get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
+
+    object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                                 attributes, parameters);
+    if (!object || !object->data.x509.certificate) {
+        STOREerr(STORE_F_STORE_GET_CERTIFICATE,
+                 STORE_R_FAILED_GETTING_CERTIFICATE);
+        return 0;
+    }
+    CRYPTO_add(&object->data.x509.certificate->references, 1,
+               CRYPTO_LOCK_X509);
 #ifdef REF_PRINT
-	REF_PRINT("X509",data);
+    REF_PRINT("X509", data);
 #endif
-	x = object->data.x509.certificate;
-	STORE_OBJECT_free(object);
-	return x;
-	}
+    x = object->data.x509.certificate;
+    STORE_OBJECT_free(object);
+    return x;
+}
 
 int STORE_store_certificate(STORE *s, X509 *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	int i;
-
-	check_store(s,STORE_F_STORE_CERTIFICATE,
-		store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
-
-	object = STORE_OBJECT_new();
-	if (!object)
-		{
-		STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	
-	CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509);
+                            OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    int i;
+
+    check_store(s, STORE_F_STORE_CERTIFICATE,
+                store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+    object = STORE_OBJECT_new();
+    if (!object) {
+        STOREerr(STORE_F_STORE_STORE_CERTIFICATE, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509);
 #ifdef REF_PRINT
-	REF_PRINT("X509",data);
+    REF_PRINT("X509", data);
 #endif
-	object->data.x509.certificate = data;
+    object->data.x509.certificate = data;
 
-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
-		object, attributes, parameters);
+    i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                              object, attributes, parameters);
 
-	STORE_OBJECT_free(object);
+    STORE_OBJECT_free(object);
 
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
-			STORE_R_FAILED_STORING_CERTIFICATE);
-		return 0;
-		}
-	return 1;
-	}
+    if (!i) {
+        STOREerr(STORE_F_STORE_STORE_CERTIFICATE,
+                 STORE_R_FAILED_STORING_CERTIFICATE);
+        return 0;
+    }
+    return 1;
+}
 
 int STORE_modify_certificate(STORE *s, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_MODIFY_CERTIFICATE,
-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
-		    search_attributes, add_attributes, modify_attributes,
-		    delete_attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE,
-			STORE_R_FAILED_MODIFYING_CERTIFICATE);
-		return 0;
-		}
-	return 1;
-	}
+                             OPENSSL_ITEM add_attributes[],
+                             OPENSSL_ITEM modify_attributes[],
+                             OPENSSL_ITEM delete_attributes[],
+                             OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_MODIFY_CERTIFICATE,
+                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                                search_attributes, add_attributes,
+                                modify_attributes, delete_attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_MODIFY_CERTIFICATE,
+                 STORE_R_FAILED_MODIFYING_CERTIFICATE);
+        return 0;
+    }
+    return 1;
+}
 
 int STORE_revoke_certificate(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_REVOKE_CERTIFICATE,
-		revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
-
-	if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
-		    attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE,
-			STORE_R_FAILED_REVOKING_CERTIFICATE);
-		return 0;
-		}
-	return 1;
-	}
+                             OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_REVOKE_CERTIFICATE,
+                revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+
+    if (!s->meth->revoke_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                                attributes, parameters)) {
+        STOREerr(STORE_F_STORE_REVOKE_CERTIFICATE,
+                 STORE_R_FAILED_REVOKING_CERTIFICATE);
+        return 0;
+    }
+    return 1;
+}
 
 int STORE_delete_certificate(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_DELETE_CERTIFICATE,
-		delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
-
-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
-		    attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_DELETE_CERTIFICATE,
-			STORE_R_FAILED_DELETING_CERTIFICATE);
-		return 0;
-		}
-	return 1;
-	}
+                             OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_DELETE_CERTIFICATE,
+                delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
+
+    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                                attributes, parameters)) {
+        STOREerr(STORE_F_STORE_DELETE_CERTIFICATE,
+                 STORE_R_FAILED_DELETING_CERTIFICATE);
+        return 0;
+    }
+    return 1;
+}
 
 void *STORE_list_certificate_start(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	void *handle;
-
-	check_store(s,STORE_F_STORE_LIST_CERTIFICATE_START,
-		list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
-	handle = s->meth->list_object_start(s,
-		STORE_OBJECT_TYPE_X509_CERTIFICATE, attributes, parameters);
-	if (!handle)
-		{
-		STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START,
-			STORE_R_FAILED_LISTING_CERTIFICATES);
-		return 0;
-		}
-	return handle;
-	}
+                                   OPENSSL_ITEM parameters[])
+{
+    void *handle;
+
+    check_store(s, STORE_F_STORE_LIST_CERTIFICATE_START,
+                list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+    handle = s->meth->list_object_start(s,
+                                        STORE_OBJECT_TYPE_X509_CERTIFICATE,
+                                        attributes, parameters);
+    if (!handle) {
+        STOREerr(STORE_F_STORE_LIST_CERTIFICATE_START,
+                 STORE_R_FAILED_LISTING_CERTIFICATES);
+        return 0;
+    }
+    return handle;
+}
 
 X509 *STORE_list_certificate_next(STORE *s, void *handle)
-	{
-	STORE_OBJECT *object;
-	X509 *x;
-
-	check_store(s,STORE_F_STORE_LIST_CERTIFICATE_NEXT,
-		list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
-	object = s->meth->list_object_next(s, handle);
-	if (!object || !object->data.x509.certificate)
-		{
-		STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT,
-			STORE_R_FAILED_LISTING_CERTIFICATES);
-		return 0;
-		}
-	CRYPTO_add(&object->data.x509.certificate->references,1,CRYPTO_LOCK_X509);
+{
+    STORE_OBJECT *object;
+    X509 *x;
+
+    check_store(s, STORE_F_STORE_LIST_CERTIFICATE_NEXT,
+                list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+    object = s->meth->list_object_next(s, handle);
+    if (!object || !object->data.x509.certificate) {
+        STOREerr(STORE_F_STORE_LIST_CERTIFICATE_NEXT,
+                 STORE_R_FAILED_LISTING_CERTIFICATES);
+        return 0;
+    }
+    CRYPTO_add(&object->data.x509.certificate->references, 1,
+               CRYPTO_LOCK_X509);
 #ifdef REF_PRINT
-	REF_PRINT("X509",data);
+    REF_PRINT("X509", data);
 #endif
-	x = object->data.x509.certificate;
-	STORE_OBJECT_free(object);
-	return x;
-	}
+    x = object->data.x509.certificate;
+    STORE_OBJECT_free(object);
+    return x;
+}
 
 int STORE_list_certificate_end(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_CERTIFICATE_END,
-		list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
-	if (!s->meth->list_object_end(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END,
-			STORE_R_FAILED_LISTING_CERTIFICATES);
-		return 0;
-		}
-	return 1;
-	}
+{
+    check_store(s, STORE_F_STORE_LIST_CERTIFICATE_END,
+                list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+    if (!s->meth->list_object_end(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_CERTIFICATE_END,
+                 STORE_R_FAILED_LISTING_CERTIFICATES);
+        return 0;
+    }
+    return 1;
+}
 
 int STORE_list_certificate_endp(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_CERTIFICATE_ENDP,
-		list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
-	if (!s->meth->list_object_endp(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP,
-			STORE_R_FAILED_LISTING_CERTIFICATES);
-		return 0;
-		}
-	return 1;
-	}
+{
+    check_store(s, STORE_F_STORE_LIST_CERTIFICATE_ENDP,
+                list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+    if (!s->meth->list_object_endp(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_CERTIFICATE_ENDP,
+                 STORE_R_FAILED_LISTING_CERTIFICATES);
+        return 0;
+    }
+    return 1;
+}
 
 EVP_PKEY *STORE_generate_key(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	EVP_PKEY *pkey;
-
-	check_store(s,STORE_F_STORE_GENERATE_KEY,
-		generate_object,STORE_R_NO_GENERATE_OBJECT_FUNCTION);
-
-	object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-		attributes, parameters);
-	if (!object || !object->data.key)
-		{
-		STOREerr(STORE_F_STORE_GENERATE_KEY,
-			STORE_R_FAILED_GENERATING_KEY);
-		return 0;
-		}
-	CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+                             OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    EVP_PKEY *pkey;
+
+    check_store(s, STORE_F_STORE_GENERATE_KEY,
+                generate_object, STORE_R_NO_GENERATE_OBJECT_FUNCTION);
+
+    object = s->meth->generate_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                                      attributes, parameters);
+    if (!object || !object->data.key) {
+        STOREerr(STORE_F_STORE_GENERATE_KEY, STORE_R_FAILED_GENERATING_KEY);
+        return 0;
+    }
+    CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
 #ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",data);
+    REF_PRINT("EVP_PKEY", data);
 #endif
-	pkey = object->data.key;
-	STORE_OBJECT_free(object);
-	return pkey;
-	}
+    pkey = object->data.key;
+    STORE_OBJECT_free(object);
+    return pkey;
+}
 
 EVP_PKEY *STORE_get_private_key(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	EVP_PKEY *pkey;
-
-	check_store(s,STORE_F_STORE_GET_PRIVATE_KEY,
-		get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
-
-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-		attributes, parameters);
-	if (!object || !object->data.key || !object->data.key)
-		{
-		STOREerr(STORE_F_STORE_GET_PRIVATE_KEY,
-			STORE_R_FAILED_GETTING_KEY);
-		return 0;
-		}
-	CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+                                OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    EVP_PKEY *pkey;
+
+    check_store(s, STORE_F_STORE_GET_PRIVATE_KEY,
+                get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
+
+    object = s->meth->get_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                                 attributes, parameters);
+    if (!object || !object->data.key || !object->data.key) {
+        STOREerr(STORE_F_STORE_GET_PRIVATE_KEY, STORE_R_FAILED_GETTING_KEY);
+        return 0;
+    }
+    CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
 #ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",data);
+    REF_PRINT("EVP_PKEY", data);
 #endif
-	pkey = object->data.key;
-	STORE_OBJECT_free(object);
-	return pkey;
-	}
-
-int STORE_store_private_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	int i;
-
-	check_store(s,STORE_F_STORE_STORE_PRIVATE_KEY,
-		store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
-
-	object = STORE_OBJECT_new();
-	if (!object)
-		{
-		STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	object->data.key = EVP_PKEY_new();
-	if (!object->data.key)
-		{
-		STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	
-	CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);
+    pkey = object->data.key;
+    STORE_OBJECT_free(object);
+    return pkey;
+}
+
+int STORE_store_private_key(STORE *s, EVP_PKEY *data,
+                            OPENSSL_ITEM attributes[],
+                            OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    int i;
+
+    check_store(s, STORE_F_STORE_STORE_PRIVATE_KEY,
+                store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+    object = STORE_OBJECT_new();
+    if (!object) {
+        STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    object->data.key = EVP_PKEY_new();
+    if (!object->data.key) {
+        STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY);
 #ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",data);
+    REF_PRINT("EVP_PKEY", data);
 #endif
-	object->data.key = data;
+    object->data.key = data;
 
-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object,
-		attributes, parameters);
+    i = s->meth->store_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY, object,
+                              attributes, parameters);
 
-	STORE_OBJECT_free(object);
+    STORE_OBJECT_free(object);
 
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY,
-			STORE_R_FAILED_STORING_KEY);
-		return 0;
-		}
-	return i;
-	}
+    if (!i) {
+        STOREerr(STORE_F_STORE_STORE_PRIVATE_KEY, STORE_R_FAILED_STORING_KEY);
+        return 0;
+    }
+    return i;
+}
 
 int STORE_modify_private_key(STORE *s, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_MODIFY_PRIVATE_KEY,
-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-		    search_attributes, add_attributes, modify_attributes,
-		    delete_attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY,
-			STORE_R_FAILED_MODIFYING_PRIVATE_KEY);
-		return 0;
-		}
-	return 1;
-	}
+                             OPENSSL_ITEM add_attributes[],
+                             OPENSSL_ITEM modify_attributes[],
+                             OPENSSL_ITEM delete_attributes[],
+                             OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_MODIFY_PRIVATE_KEY,
+                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                                search_attributes, add_attributes,
+                                modify_attributes, delete_attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_MODIFY_PRIVATE_KEY,
+                 STORE_R_FAILED_MODIFYING_PRIVATE_KEY);
+        return 0;
+    }
+    return 1;
+}
 
 int STORE_revoke_private_key(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	int i;
+                             OPENSSL_ITEM parameters[])
+{
+    int i;
 
-	check_store(s,STORE_F_STORE_REVOKE_PRIVATE_KEY,
-		revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+    check_store(s, STORE_F_STORE_REVOKE_PRIVATE_KEY,
+                revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
 
-	i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-		attributes, parameters);
+    i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                               attributes, parameters);
 
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY,
-			STORE_R_FAILED_REVOKING_KEY);
-		return 0;
-		}
-	return i;
-	}
+    if (!i) {
+        STOREerr(STORE_F_STORE_REVOKE_PRIVATE_KEY,
+                 STORE_R_FAILED_REVOKING_KEY);
+        return 0;
+    }
+    return i;
+}
 
 int STORE_delete_private_key(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_DELETE_PRIVATE_KEY,
-		delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
-	
-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-		    attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY,
-			STORE_R_FAILED_DELETING_KEY);
-		return 0;
-		}
-	return 1;
-	}
+                             OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_DELETE_PRIVATE_KEY,
+                delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
+
+    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                                attributes, parameters)) {
+        STOREerr(STORE_F_STORE_DELETE_PRIVATE_KEY,
+                 STORE_R_FAILED_DELETING_KEY);
+        return 0;
+    }
+    return 1;
+}
 
 void *STORE_list_private_key_start(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	void *handle;
-
-	check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_START,
-		list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
-	handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
-		attributes, parameters);
-	if (!handle)
-		{
-		STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return handle;
-	}
+                                   OPENSSL_ITEM parameters[])
+{
+    void *handle;
+
+    check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_START,
+                list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+    handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PRIVATE_KEY,
+                                        attributes, parameters);
+    if (!handle) {
+        STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_START,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return handle;
+}
 
 EVP_PKEY *STORE_list_private_key_next(STORE *s, void *handle)
-	{
-	STORE_OBJECT *object;
-	EVP_PKEY *pkey;
-
-	check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
-		list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
-	object = s->meth->list_object_next(s, handle);
-	if (!object || !object->data.key || !object->data.key)
-		{
-		STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+{
+    STORE_OBJECT *object;
+    EVP_PKEY *pkey;
+
+    check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
+                list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+    object = s->meth->list_object_next(s, handle);
+    if (!object || !object->data.key || !object->data.key) {
+        STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_NEXT,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
 #ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",data);
+    REF_PRINT("EVP_PKEY", data);
 #endif
-	pkey = object->data.key;
-	STORE_OBJECT_free(object);
-	return pkey;
-	}
+    pkey = object->data.key;
+    STORE_OBJECT_free(object);
+    return pkey;
+}
 
 int STORE_list_private_key_end(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_END,
-		list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
-	if (!s->meth->list_object_end(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return 1;
-	}
+{
+    check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_END,
+                list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+    if (!s->meth->list_object_end(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_END,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return 1;
+}
 
 int STORE_list_private_key_endp(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
-		list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
-	if (!s->meth->list_object_endp(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return 1;
-	}
+{
+    check_store(s, STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
+                list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+    if (!s->meth->list_object_endp(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_PRIVATE_KEY_ENDP,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return 1;
+}
 
 EVP_PKEY *STORE_get_public_key(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	EVP_PKEY *pkey;
-
-	check_store(s,STORE_F_STORE_GET_PUBLIC_KEY,
-		get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
-
-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
-		attributes, parameters);
-	if (!object || !object->data.key || !object->data.key)
-		{
-		STOREerr(STORE_F_STORE_GET_PUBLIC_KEY,
-			STORE_R_FAILED_GETTING_KEY);
-		return 0;
-		}
-	CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+                               OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    EVP_PKEY *pkey;
+
+    check_store(s, STORE_F_STORE_GET_PUBLIC_KEY,
+                get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
+
+    object = s->meth->get_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                                 attributes, parameters);
+    if (!object || !object->data.key || !object->data.key) {
+        STOREerr(STORE_F_STORE_GET_PUBLIC_KEY, STORE_R_FAILED_GETTING_KEY);
+        return 0;
+    }
+    CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
 #ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",data);
+    REF_PRINT("EVP_PKEY", data);
 #endif
-	pkey = object->data.key;
-	STORE_OBJECT_free(object);
-	return pkey;
-	}
-
-int STORE_store_public_key(STORE *s, EVP_PKEY *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	int i;
-
-	check_store(s,STORE_F_STORE_STORE_PUBLIC_KEY,
-		store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
-
-	object = STORE_OBJECT_new();
-	if (!object)
-		{
-		STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	object->data.key = EVP_PKEY_new();
-	if (!object->data.key)
-		{
-		STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	
-	CRYPTO_add(&data->references,1,CRYPTO_LOCK_EVP_PKEY);
+    pkey = object->data.key;
+    STORE_OBJECT_free(object);
+    return pkey;
+}
+
+int STORE_store_public_key(STORE *s, EVP_PKEY *data,
+                           OPENSSL_ITEM attributes[],
+                           OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    int i;
+
+    check_store(s, STORE_F_STORE_STORE_PUBLIC_KEY,
+                store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+    object = STORE_OBJECT_new();
+    if (!object) {
+        STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    object->data.key = EVP_PKEY_new();
+    if (!object->data.key) {
+        STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    CRYPTO_add(&data->references, 1, CRYPTO_LOCK_EVP_PKEY);
 #ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",data);
+    REF_PRINT("EVP_PKEY", data);
 #endif
-	object->data.key = data;
+    object->data.key = data;
 
-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,
-		attributes, parameters);
+    i = s->meth->store_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY, object,
+                              attributes, parameters);
 
-	STORE_OBJECT_free(object);
+    STORE_OBJECT_free(object);
 
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY,
-			STORE_R_FAILED_STORING_KEY);
-		return 0;
-		}
-	return i;
-	}
+    if (!i) {
+        STOREerr(STORE_F_STORE_STORE_PUBLIC_KEY, STORE_R_FAILED_STORING_KEY);
+        return 0;
+    }
+    return i;
+}
 
 int STORE_modify_public_key(STORE *s, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_MODIFY_PUBLIC_KEY,
-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
-		    search_attributes, add_attributes, modify_attributes,
-		    delete_attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY,
-			STORE_R_FAILED_MODIFYING_PUBLIC_KEY);
-		return 0;
-		}
-	return 1;
-	}
+                            OPENSSL_ITEM add_attributes[],
+                            OPENSSL_ITEM modify_attributes[],
+                            OPENSSL_ITEM delete_attributes[],
+                            OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_MODIFY_PUBLIC_KEY,
+                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                                search_attributes, add_attributes,
+                                modify_attributes, delete_attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_MODIFY_PUBLIC_KEY,
+                 STORE_R_FAILED_MODIFYING_PUBLIC_KEY);
+        return 0;
+    }
+    return 1;
+}
 
 int STORE_revoke_public_key(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	int i;
+                            OPENSSL_ITEM parameters[])
+{
+    int i;
 
-	check_store(s,STORE_F_STORE_REVOKE_PUBLIC_KEY,
-		revoke_object,STORE_R_NO_REVOKE_OBJECT_FUNCTION);
+    check_store(s, STORE_F_STORE_REVOKE_PUBLIC_KEY,
+                revoke_object, STORE_R_NO_REVOKE_OBJECT_FUNCTION);
 
-	i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
-		attributes, parameters);
+    i = s->meth->revoke_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                               attributes, parameters);
 
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY,
-			STORE_R_FAILED_REVOKING_KEY);
-		return 0;
-		}
-	return i;
-	}
+    if (!i) {
+        STOREerr(STORE_F_STORE_REVOKE_PUBLIC_KEY,
+                 STORE_R_FAILED_REVOKING_KEY);
+        return 0;
+    }
+    return i;
+}
 
 int STORE_delete_public_key(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_DELETE_PUBLIC_KEY,
-		delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
-	
-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
-		    attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY,
-			STORE_R_FAILED_DELETING_KEY);
-		return 0;
-		}
-	return 1;
-	}
+                            OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_DELETE_PUBLIC_KEY,
+                delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
+
+    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                                attributes, parameters)) {
+        STOREerr(STORE_F_STORE_DELETE_PUBLIC_KEY,
+                 STORE_R_FAILED_DELETING_KEY);
+        return 0;
+    }
+    return 1;
+}
 
 void *STORE_list_public_key_start(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	void *handle;
-
-	check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_START,
-		list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
-	handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
-		attributes, parameters);
-	if (!handle)
-		{
-		STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return handle;
-	}
+                                  OPENSSL_ITEM parameters[])
+{
+    void *handle;
+
+    check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_START,
+                list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+    handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_PUBLIC_KEY,
+                                        attributes, parameters);
+    if (!handle) {
+        STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_START,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return handle;
+}
 
 EVP_PKEY *STORE_list_public_key_next(STORE *s, void *handle)
-	{
-	STORE_OBJECT *object;
-	EVP_PKEY *pkey;
-
-	check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
-		list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
-	object = s->meth->list_object_next(s, handle);
-	if (!object || !object->data.key || !object->data.key)
-		{
-		STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	CRYPTO_add(&object->data.key->references,1,CRYPTO_LOCK_EVP_PKEY);
+{
+    STORE_OBJECT *object;
+    EVP_PKEY *pkey;
+
+    check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
+                list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+    object = s->meth->list_object_next(s, handle);
+    if (!object || !object->data.key || !object->data.key) {
+        STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_NEXT,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    CRYPTO_add(&object->data.key->references, 1, CRYPTO_LOCK_EVP_PKEY);
 #ifdef REF_PRINT
-	REF_PRINT("EVP_PKEY",data);
+    REF_PRINT("EVP_PKEY", data);
 #endif
-	pkey = object->data.key;
-	STORE_OBJECT_free(object);
-	return pkey;
-	}
+    pkey = object->data.key;
+    STORE_OBJECT_free(object);
+    return pkey;
+}
 
 int STORE_list_public_key_end(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_END,
-		list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
-	if (!s->meth->list_object_end(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return 1;
-	}
+{
+    check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_END,
+                list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+    if (!s->meth->list_object_end(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_END,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return 1;
+}
 
 int STORE_list_public_key_endp(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
-		list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
-	if (!s->meth->list_object_endp(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return 1;
-	}
+{
+    check_store(s, STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
+                list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+    if (!s->meth->list_object_endp(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_PUBLIC_KEY_ENDP,
+                 STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return 1;
+}
 
 X509_CRL *STORE_generate_crl(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	X509_CRL *crl;
-
-	check_store(s,STORE_F_STORE_GENERATE_CRL,
-		generate_object,STORE_R_NO_GENERATE_CRL_FUNCTION);
-
-	object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL,
-		attributes, parameters);
-	if (!object || !object->data.crl)
-		{
-		STOREerr(STORE_F_STORE_GENERATE_CRL,
-			STORE_R_FAILED_GENERATING_CRL);
-		return 0;
-		}
-	CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+                             OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    X509_CRL *crl;
+
+    check_store(s, STORE_F_STORE_GENERATE_CRL,
+                generate_object, STORE_R_NO_GENERATE_CRL_FUNCTION);
+
+    object = s->meth->generate_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                                      attributes, parameters);
+    if (!object || !object->data.crl) {
+        STOREerr(STORE_F_STORE_GENERATE_CRL, STORE_R_FAILED_GENERATING_CRL);
+        return 0;
+    }
+    CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
 #ifdef REF_PRINT
-	REF_PRINT("X509_CRL",data);
+    REF_PRINT("X509_CRL", data);
 #endif
-	crl = object->data.crl;
-	STORE_OBJECT_free(object);
-	return crl;
-	}
+    crl = object->data.crl;
+    STORE_OBJECT_free(object);
+    return crl;
+}
 
 X509_CRL *STORE_get_crl(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	X509_CRL *crl;
-
-	check_store(s,STORE_F_STORE_GET_CRL,
-		get_object,STORE_R_NO_GET_OBJECT_FUNCTION);
-
-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL,
-		attributes, parameters);
-	if (!object || !object->data.crl)
-		{
-		STOREerr(STORE_F_STORE_GET_CRL,
-			STORE_R_FAILED_GETTING_KEY);
-		return 0;
-		}
-	CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+                        OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    X509_CRL *crl;
+
+    check_store(s, STORE_F_STORE_GET_CRL,
+                get_object, STORE_R_NO_GET_OBJECT_FUNCTION);
+
+    object = s->meth->get_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                                 attributes, parameters);
+    if (!object || !object->data.crl) {
+        STOREerr(STORE_F_STORE_GET_CRL, STORE_R_FAILED_GETTING_KEY);
+        return 0;
+    }
+    CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
 #ifdef REF_PRINT
-	REF_PRINT("X509_CRL",data);
+    REF_PRINT("X509_CRL", data);
 #endif
-	crl = object->data.crl;
-	STORE_OBJECT_free(object);
-	return crl;
-	}
+    crl = object->data.crl;
+    STORE_OBJECT_free(object);
+    return crl;
+}
 
 int STORE_store_crl(STORE *s, X509_CRL *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	int i;
-
-	check_store(s,STORE_F_STORE_STORE_CRL,
-		store_object,STORE_R_NO_STORE_OBJECT_FUNCTION);
-
-	object = STORE_OBJECT_new();
-	if (!object)
-		{
-		STOREerr(STORE_F_STORE_STORE_CRL,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	
-	CRYPTO_add(&data->references,1,CRYPTO_LOCK_X509_CRL);
+                    OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    int i;
+
+    check_store(s, STORE_F_STORE_STORE_CRL,
+                store_object, STORE_R_NO_STORE_OBJECT_FUNCTION);
+
+    object = STORE_OBJECT_new();
+    if (!object) {
+        STOREerr(STORE_F_STORE_STORE_CRL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    CRYPTO_add(&data->references, 1, CRYPTO_LOCK_X509_CRL);
 #ifdef REF_PRINT
-	REF_PRINT("X509_CRL",data);
+    REF_PRINT("X509_CRL", data);
 #endif
-	object->data.crl = data;
+    object->data.crl = data;
 
-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object,
-		attributes, parameters);
+    i = s->meth->store_object(s, STORE_OBJECT_TYPE_X509_CRL, object,
+                              attributes, parameters);
 
-	STORE_OBJECT_free(object);
+    STORE_OBJECT_free(object);
 
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_STORE_CRL,
-			STORE_R_FAILED_STORING_KEY);
-		return 0;
-		}
-	return i;
-	}
+    if (!i) {
+        STOREerr(STORE_F_STORE_STORE_CRL, STORE_R_FAILED_STORING_KEY);
+        return 0;
+    }
+    return i;
+}
 
 int STORE_modify_crl(STORE *s, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_MODIFY_CRL,
-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL,
-		    search_attributes, add_attributes, modify_attributes,
-		    delete_attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_MODIFY_CRL,
-			STORE_R_FAILED_MODIFYING_CRL);
-		return 0;
-		}
-	return 1;
-	}
+                     OPENSSL_ITEM add_attributes[],
+                     OPENSSL_ITEM modify_attributes[],
+                     OPENSSL_ITEM delete_attributes[],
+                     OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_MODIFY_CRL,
+                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                                search_attributes, add_attributes,
+                                modify_attributes, delete_attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_MODIFY_CRL, STORE_R_FAILED_MODIFYING_CRL);
+        return 0;
+    }
+    return 1;
+}
 
 int STORE_delete_crl(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_DELETE_CRL,
-		delete_object,STORE_R_NO_DELETE_OBJECT_FUNCTION);
-	
-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL,
-		    attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_DELETE_CRL,
-			STORE_R_FAILED_DELETING_KEY);
-		return 0;
-		}
-	return 1;
-	}
+                     OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_DELETE_CRL,
+                delete_object, STORE_R_NO_DELETE_OBJECT_FUNCTION);
+
+    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_X509_CRL,
+                                attributes, parameters)) {
+        STOREerr(STORE_F_STORE_DELETE_CRL, STORE_R_FAILED_DELETING_KEY);
+        return 0;
+    }
+    return 1;
+}
 
 void *STORE_list_crl_start(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	void *handle;
-
-	check_store(s,STORE_F_STORE_LIST_CRL_START,
-		list_object_start,STORE_R_NO_LIST_OBJECT_START_FUNCTION);
-
-	handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL,
-		attributes, parameters);
-	if (!handle)
-		{
-		STOREerr(STORE_F_STORE_LIST_CRL_START,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return handle;
-	}
+                           OPENSSL_ITEM parameters[])
+{
+    void *handle;
+
+    check_store(s, STORE_F_STORE_LIST_CRL_START,
+                list_object_start, STORE_R_NO_LIST_OBJECT_START_FUNCTION);
+
+    handle = s->meth->list_object_start(s, STORE_OBJECT_TYPE_X509_CRL,
+                                        attributes, parameters);
+    if (!handle) {
+        STOREerr(STORE_F_STORE_LIST_CRL_START, STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return handle;
+}
 
 X509_CRL *STORE_list_crl_next(STORE *s, void *handle)
-	{
-	STORE_OBJECT *object;
-	X509_CRL *crl;
-
-	check_store(s,STORE_F_STORE_LIST_CRL_NEXT,
-		list_object_next,STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
-
-	object = s->meth->list_object_next(s, handle);
-	if (!object || !object->data.crl)
-		{
-		STOREerr(STORE_F_STORE_LIST_CRL_NEXT,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	CRYPTO_add(&object->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
+{
+    STORE_OBJECT *object;
+    X509_CRL *crl;
+
+    check_store(s, STORE_F_STORE_LIST_CRL_NEXT,
+                list_object_next, STORE_R_NO_LIST_OBJECT_NEXT_FUNCTION);
+
+    object = s->meth->list_object_next(s, handle);
+    if (!object || !object->data.crl) {
+        STOREerr(STORE_F_STORE_LIST_CRL_NEXT, STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    CRYPTO_add(&object->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
 #ifdef REF_PRINT
-	REF_PRINT("X509_CRL",data);
+    REF_PRINT("X509_CRL", data);
 #endif
-	crl = object->data.crl;
-	STORE_OBJECT_free(object);
-	return crl;
-	}
+    crl = object->data.crl;
+    STORE_OBJECT_free(object);
+    return crl;
+}
 
 int STORE_list_crl_end(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_CRL_END,
-		list_object_end,STORE_R_NO_LIST_OBJECT_END_FUNCTION);
-
-	if (!s->meth->list_object_end(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_CRL_END,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return 1;
-	}
+{
+    check_store(s, STORE_F_STORE_LIST_CRL_END,
+                list_object_end, STORE_R_NO_LIST_OBJECT_END_FUNCTION);
+
+    if (!s->meth->list_object_end(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_CRL_END, STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return 1;
+}
 
 int STORE_list_crl_endp(STORE *s, void *handle)
-	{
-	check_store(s,STORE_F_STORE_LIST_CRL_ENDP,
-		list_object_endp,STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
-
-	if (!s->meth->list_object_endp(s, handle))
-		{
-		STOREerr(STORE_F_STORE_LIST_CRL_ENDP,
-			STORE_R_FAILED_LISTING_KEYS);
-		return 0;
-		}
-	return 1;
-	}
+{
+    check_store(s, STORE_F_STORE_LIST_CRL_ENDP,
+                list_object_endp, STORE_R_NO_LIST_OBJECT_ENDP_FUNCTION);
+
+    if (!s->meth->list_object_endp(s, handle)) {
+        STOREerr(STORE_F_STORE_LIST_CRL_ENDP, STORE_R_FAILED_LISTING_KEYS);
+        return 0;
+    }
+    return 1;
+}
 
 int STORE_store_number(STORE *s, BIGNUM *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	int i;
-
-	check_store(s,STORE_F_STORE_STORE_NUMBER,
-		store_object,STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION);
-
-	object = STORE_OBJECT_new();
-	if (!object)
-		{
-		STOREerr(STORE_F_STORE_STORE_NUMBER,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	
-	object->data.number = data;
-
-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object,
-		attributes, parameters);
-
-	STORE_OBJECT_free(object);
-
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_STORE_NUMBER,
-			STORE_R_FAILED_STORING_NUMBER);
-		return 0;
-		}
-	return 1;
-	}
+                       OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    int i;
+
+    check_store(s, STORE_F_STORE_STORE_NUMBER,
+                store_object, STORE_R_NO_STORE_OBJECT_NUMBER_FUNCTION);
+
+    object = STORE_OBJECT_new();
+    if (!object) {
+        STOREerr(STORE_F_STORE_STORE_NUMBER, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    object->data.number = data;
+
+    i = s->meth->store_object(s, STORE_OBJECT_TYPE_NUMBER, object,
+                              attributes, parameters);
+
+    STORE_OBJECT_free(object);
+
+    if (!i) {
+        STOREerr(STORE_F_STORE_STORE_NUMBER, STORE_R_FAILED_STORING_NUMBER);
+        return 0;
+    }
+    return 1;
+}
 
 int STORE_modify_number(STORE *s, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_MODIFY_NUMBER,
-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER,
-		    search_attributes, add_attributes, modify_attributes,
-		    delete_attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_MODIFY_NUMBER,
-			STORE_R_FAILED_MODIFYING_NUMBER);
-		return 0;
-		}
-	return 1;
-	}
+                        OPENSSL_ITEM add_attributes[],
+                        OPENSSL_ITEM modify_attributes[],
+                        OPENSSL_ITEM delete_attributes[],
+                        OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_MODIFY_NUMBER,
+                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_NUMBER,
+                                search_attributes, add_attributes,
+                                modify_attributes, delete_attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_MODIFY_NUMBER,
+                 STORE_R_FAILED_MODIFYING_NUMBER);
+        return 0;
+    }
+    return 1;
+}
 
 BIGNUM *STORE_get_number(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	BIGNUM *n;
-
-	check_store(s,STORE_F_STORE_GET_NUMBER,
-		get_object,STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION);
-
-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
-		parameters);
-	if (!object || !object->data.number)
-		{
-		STOREerr(STORE_F_STORE_GET_NUMBER,
-			STORE_R_FAILED_GETTING_NUMBER);
-		return 0;
-		}
-	n = object->data.number;
-	object->data.number = NULL;
-	STORE_OBJECT_free(object);
-	return n;
-	}
+                         OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    BIGNUM *n;
+
+    check_store(s, STORE_F_STORE_GET_NUMBER,
+                get_object, STORE_R_NO_GET_OBJECT_NUMBER_FUNCTION);
+
+    object = s->meth->get_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
+                                 parameters);
+    if (!object || !object->data.number) {
+        STOREerr(STORE_F_STORE_GET_NUMBER, STORE_R_FAILED_GETTING_NUMBER);
+        return 0;
+    }
+    n = object->data.number;
+    object->data.number = NULL;
+    STORE_OBJECT_free(object);
+    return n;
+}
 
 int STORE_delete_number(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_DELETE_NUMBER,
-		delete_object,STORE_R_NO_DELETE_NUMBER_FUNCTION);
-
-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
-		    parameters))
-		{
-		STOREerr(STORE_F_STORE_DELETE_NUMBER,
-			STORE_R_FAILED_DELETING_NUMBER);
-		return 0;
-		}
-	return 1;
-	}
+                        OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_DELETE_NUMBER,
+                delete_object, STORE_R_NO_DELETE_NUMBER_FUNCTION);
+
+    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_NUMBER, attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_DELETE_NUMBER, STORE_R_FAILED_DELETING_NUMBER);
+        return 0;
+    }
+    return 1;
+}
 
 int STORE_store_arbitrary(STORE *s, BUF_MEM *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	int i;
-
-	check_store(s,STORE_F_STORE_STORE_ARBITRARY,
-		store_object,STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION);
-
-	object = STORE_OBJECT_new();
-	if (!object)
-		{
-		STOREerr(STORE_F_STORE_STORE_ARBITRARY,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	
-	object->data.arbitrary = data;
-
-	i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object,
-		attributes, parameters);
-
-	STORE_OBJECT_free(object);
-
-	if (!i)
-		{
-		STOREerr(STORE_F_STORE_STORE_ARBITRARY,
-			STORE_R_FAILED_STORING_ARBITRARY);
-		return 0;
-		}
-	return 1;
-	}
+                          OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    int i;
+
+    check_store(s, STORE_F_STORE_STORE_ARBITRARY,
+                store_object, STORE_R_NO_STORE_OBJECT_ARBITRARY_FUNCTION);
+
+    object = STORE_OBJECT_new();
+    if (!object) {
+        STOREerr(STORE_F_STORE_STORE_ARBITRARY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    object->data.arbitrary = data;
+
+    i = s->meth->store_object(s, STORE_OBJECT_TYPE_ARBITRARY, object,
+                              attributes, parameters);
+
+    STORE_OBJECT_free(object);
+
+    if (!i) {
+        STOREerr(STORE_F_STORE_STORE_ARBITRARY,
+                 STORE_R_FAILED_STORING_ARBITRARY);
+        return 0;
+    }
+    return 1;
+}
 
 int STORE_modify_arbitrary(STORE *s, OPENSSL_ITEM search_attributes[],
-	OPENSSL_ITEM add_attributes[], OPENSSL_ITEM modify_attributes[],
-	OPENSSL_ITEM delete_attributes[], OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_MODIFY_ARBITRARY,
-		modify_object,STORE_R_NO_MODIFY_OBJECT_FUNCTION);
-
-	if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY,
-		    search_attributes, add_attributes, modify_attributes,
-		    delete_attributes, parameters))
-		{
-		STOREerr(STORE_F_STORE_MODIFY_ARBITRARY,
-			STORE_R_FAILED_MODIFYING_ARBITRARY);
-		return 0;
-		}
-	return 1;
-	}
+                           OPENSSL_ITEM add_attributes[],
+                           OPENSSL_ITEM modify_attributes[],
+                           OPENSSL_ITEM delete_attributes[],
+                           OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_MODIFY_ARBITRARY,
+                modify_object, STORE_R_NO_MODIFY_OBJECT_FUNCTION);
+
+    if (!s->meth->modify_object(s, STORE_OBJECT_TYPE_ARBITRARY,
+                                search_attributes, add_attributes,
+                                modify_attributes, delete_attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_MODIFY_ARBITRARY,
+                 STORE_R_FAILED_MODIFYING_ARBITRARY);
+        return 0;
+    }
+    return 1;
+}
 
 BUF_MEM *STORE_get_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STORE_OBJECT *object;
-	BUF_MEM *b;
-
-	check_store(s,STORE_F_STORE_GET_ARBITRARY,
-		get_object,STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION);
-
-	object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY,
-		attributes, parameters);
-	if (!object || !object->data.arbitrary)
-		{
-		STOREerr(STORE_F_STORE_GET_ARBITRARY,
-			STORE_R_FAILED_GETTING_ARBITRARY);
-		return 0;
-		}
-	b = object->data.arbitrary;
-	object->data.arbitrary = NULL;
-	STORE_OBJECT_free(object);
-	return b;
-	}
+                             OPENSSL_ITEM parameters[])
+{
+    STORE_OBJECT *object;
+    BUF_MEM *b;
+
+    check_store(s, STORE_F_STORE_GET_ARBITRARY,
+                get_object, STORE_R_NO_GET_OBJECT_ARBITRARY_FUNCTION);
+
+    object = s->meth->get_object(s, STORE_OBJECT_TYPE_ARBITRARY,
+                                 attributes, parameters);
+    if (!object || !object->data.arbitrary) {
+        STOREerr(STORE_F_STORE_GET_ARBITRARY,
+                 STORE_R_FAILED_GETTING_ARBITRARY);
+        return 0;
+    }
+    b = object->data.arbitrary;
+    object->data.arbitrary = NULL;
+    STORE_OBJECT_free(object);
+    return b;
+}
 
 int STORE_delete_arbitrary(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	check_store(s,STORE_F_STORE_DELETE_ARBITRARY,
-		delete_object,STORE_R_NO_DELETE_ARBITRARY_FUNCTION);
-
-	if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes,
-		    parameters))
-		{
-		STOREerr(STORE_F_STORE_DELETE_ARBITRARY,
-			STORE_R_FAILED_DELETING_ARBITRARY);
-		return 0;
-		}
-	return 1;
-	}
+                           OPENSSL_ITEM parameters[])
+{
+    check_store(s, STORE_F_STORE_DELETE_ARBITRARY,
+                delete_object, STORE_R_NO_DELETE_ARBITRARY_FUNCTION);
+
+    if (!s->meth->delete_object(s, STORE_OBJECT_TYPE_ARBITRARY, attributes,
+                                parameters)) {
+        STOREerr(STORE_F_STORE_DELETE_ARBITRARY,
+                 STORE_R_FAILED_DELETING_ARBITRARY);
+        return 0;
+    }
+    return 1;
+}
 
 STORE_OBJECT *STORE_OBJECT_new(void)
-	{
-	STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT));
-	if (object) memset(object, 0, sizeof(STORE_OBJECT));
-	return object;
-	}
+{
+    STORE_OBJECT *object = OPENSSL_malloc(sizeof(STORE_OBJECT));
+    if (object)
+        memset(object, 0, sizeof(STORE_OBJECT));
+    return object;
+}
+
 void STORE_OBJECT_free(STORE_OBJECT *data)
-	{
-	if (!data) return;
-	switch (data->type)
-		{
-	case STORE_OBJECT_TYPE_X509_CERTIFICATE:
-		X509_free(data->data.x509.certificate);
-		break;
-	case STORE_OBJECT_TYPE_X509_CRL:
-		X509_CRL_free(data->data.crl);
-		break;
-	case STORE_OBJECT_TYPE_PRIVATE_KEY:
-	case STORE_OBJECT_TYPE_PUBLIC_KEY:
-		EVP_PKEY_free(data->data.key);
-		break;
-	case STORE_OBJECT_TYPE_NUMBER:
-		BN_free(data->data.number);
-		break;
-	case STORE_OBJECT_TYPE_ARBITRARY:
-		BUF_MEM_free(data->data.arbitrary);
-		break;
-		}
-	OPENSSL_free(data);
-	}
+{
+    if (!data)
+        return;
+    switch (data->type) {
+    case STORE_OBJECT_TYPE_X509_CERTIFICATE:
+        X509_free(data->data.x509.certificate);
+        break;
+    case STORE_OBJECT_TYPE_X509_CRL:
+        X509_CRL_free(data->data.crl);
+        break;
+    case STORE_OBJECT_TYPE_PRIVATE_KEY:
+    case STORE_OBJECT_TYPE_PUBLIC_KEY:
+        EVP_PKEY_free(data->data.key);
+        break;
+    case STORE_OBJECT_TYPE_NUMBER:
+        BN_free(data->data.number);
+        break;
+    case STORE_OBJECT_TYPE_ARBITRARY:
+        BUF_MEM_free(data->data.arbitrary);
+        break;
+    }
+    OPENSSL_free(data);
+}
 
 IMPLEMENT_STACK_OF(STORE_OBJECT*)
 
-
-struct STORE_attr_info_st
-	{
-	unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8];
-	union
-		{
-		char *cstring;
-		unsigned char *sha1string;
-		X509_NAME *dn;
-		BIGNUM *number;
-		void *any;
-		} values[STORE_ATTR_TYPE_NUM+1];
-	size_t value_sizes[STORE_ATTR_TYPE_NUM+1];
-	};
-
-#define ATTR_IS_SET(a,i)	((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \
-				&& ((a)->set[(i) / 8] & (1 << ((i) % 8))))
-#define SET_ATTRBIT(a,i)	((a)->set[(i) / 8] |= (1 << ((i) % 8)))
-#define CLEAR_ATTRBIT(a,i)	((a)->set[(i) / 8] &= ~(1 << ((i) % 8)))
+struct STORE_attr_info_st {
+    unsigned char set[(STORE_ATTR_TYPE_NUM + 8) / 8];
+    union {
+        char *cstring;
+        unsigned char *sha1string;
+        X509_NAME *dn;
+        BIGNUM *number;
+        void *any;
+    } values[STORE_ATTR_TYPE_NUM + 1];
+    size_t value_sizes[STORE_ATTR_TYPE_NUM + 1];
+};
+
+#define ATTR_IS_SET(a,i)        ((i) > 0 && (i) < STORE_ATTR_TYPE_NUM \
+                                && ((a)->set[(i) / 8] & (1 << ((i) % 8))))
+#define SET_ATTRBIT(a,i)        ((a)->set[(i) / 8] |= (1 << ((i) % 8)))
+#define CLEAR_ATTRBIT(a,i)      ((a)->set[(i) / 8] &= ~(1 << ((i) % 8)))
 
 STORE_ATTR_INFO *STORE_ATTR_INFO_new(void)
-	{
-	return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO));
-	}
+{
+    return (STORE_ATTR_INFO *)OPENSSL_malloc(sizeof(STORE_ATTR_INFO));
+}
+
 static void STORE_ATTR_INFO_attr_free(STORE_ATTR_INFO *attrs,
-	STORE_ATTR_TYPES code)
-	{
-	if (ATTR_IS_SET(attrs,code))
-		{
-		switch(code)
-			{
-		case STORE_ATTR_FRIENDLYNAME:
-		case STORE_ATTR_EMAIL:
-		case STORE_ATTR_FILENAME:
-			STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0);
-			break;
-		case STORE_ATTR_KEYID:
-		case STORE_ATTR_ISSUERKEYID:
-		case STORE_ATTR_SUBJECTKEYID:
-		case STORE_ATTR_ISSUERSERIALHASH:
-		case STORE_ATTR_CERTHASH:
-			STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0);
-			break;
-		case STORE_ATTR_ISSUER:
-		case STORE_ATTR_SUBJECT:
-			STORE_ATTR_INFO_modify_dn(attrs, code, NULL);
-			break;
-		case STORE_ATTR_SERIAL:
-			STORE_ATTR_INFO_modify_number(attrs, code, NULL);
-			break;
-		default:
-			break;
-			}
-		}
-	}
+                                      STORE_ATTR_TYPES code)
+{
+    if (ATTR_IS_SET(attrs, code)) {
+        switch (code) {
+        case STORE_ATTR_FRIENDLYNAME:
+        case STORE_ATTR_EMAIL:
+        case STORE_ATTR_FILENAME:
+            STORE_ATTR_INFO_modify_cstr(attrs, code, NULL, 0);
+            break;
+        case STORE_ATTR_KEYID:
+        case STORE_ATTR_ISSUERKEYID:
+        case STORE_ATTR_SUBJECTKEYID:
+        case STORE_ATTR_ISSUERSERIALHASH:
+        case STORE_ATTR_CERTHASH:
+            STORE_ATTR_INFO_modify_sha1str(attrs, code, NULL, 0);
+            break;
+        case STORE_ATTR_ISSUER:
+        case STORE_ATTR_SUBJECT:
+            STORE_ATTR_INFO_modify_dn(attrs, code, NULL);
+            break;
+        case STORE_ATTR_SERIAL:
+            STORE_ATTR_INFO_modify_number(attrs, code, NULL);
+            break;
+        default:
+            break;
+        }
+    }
+}
+
 int STORE_ATTR_INFO_free(STORE_ATTR_INFO *attrs)
-	{
-	if (attrs)
-		{
-		STORE_ATTR_TYPES i;
-		for(i = 0; i++ < STORE_ATTR_TYPE_NUM;)
-			STORE_ATTR_INFO_attr_free(attrs, i);
-		OPENSSL_free(attrs);
-		}
-	return 1;
-	}
+{
+    if (attrs) {
+        STORE_ATTR_TYPES i;
+        for (i = 0; i++ < STORE_ATTR_TYPE_NUM;)
+            STORE_ATTR_INFO_attr_free(attrs, i);
+        OPENSSL_free(attrs);
+    }
+    return 1;
+}
+
 char *STORE_ATTR_INFO_get0_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		return attrs->values[code].cstring;
-	STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
-		STORE_R_NO_VALUE);
-	return NULL;
-	}
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (ATTR_IS_SET(attrs, code))
+        return attrs->values[code].cstring;
+    STOREerr(STORE_F_STORE_ATTR_INFO_GET0_CSTR, STORE_R_NO_VALUE);
+    return NULL;
+}
+
 unsigned char *STORE_ATTR_INFO_get0_sha1str(STORE_ATTR_INFO *attrs,
-	STORE_ATTR_TYPES code)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		return attrs->values[code].sha1string;
-	STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
-		STORE_R_NO_VALUE);
-	return NULL;
-	}
-X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		return attrs->values[code].dn;
-	STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
-		STORE_R_NO_VALUE);
-	return NULL;
-	}
-BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		return attrs->values[code].number;
-	STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
-		STORE_R_NO_VALUE);
-	return NULL;
-	}
+                                            STORE_ATTR_TYPES code)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (ATTR_IS_SET(attrs, code))
+        return attrs->values[code].sha1string;
+    STOREerr(STORE_F_STORE_ATTR_INFO_GET0_SHA1STR, STORE_R_NO_VALUE);
+    return NULL;
+}
+
+X509_NAME *STORE_ATTR_INFO_get0_dn(STORE_ATTR_INFO *attrs,
+                                   STORE_ATTR_TYPES code)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (ATTR_IS_SET(attrs, code))
+        return attrs->values[code].dn;
+    STOREerr(STORE_F_STORE_ATTR_INFO_GET0_DN, STORE_R_NO_VALUE);
+    return NULL;
+}
+
+BIGNUM *STORE_ATTR_INFO_get0_number(STORE_ATTR_INFO *attrs,
+                                    STORE_ATTR_TYPES code)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (ATTR_IS_SET(attrs, code))
+        return attrs->values[code].number;
+    STOREerr(STORE_F_STORE_ATTR_INFO_GET0_NUMBER, STORE_R_NO_VALUE);
+    return NULL;
+}
+
 int STORE_ATTR_INFO_set_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	char *cstr, size_t cstr_size)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (!ATTR_IS_SET(attrs,code))
-		{
-		if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size)))
-			return 1;
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE);
-	return 0;
-	}
+                             char *cstr, size_t cstr_size)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (!ATTR_IS_SET(attrs, code)) {
+        if ((attrs->values[code].cstring = BUF_strndup(cstr, cstr_size)))
+            return 1;
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    STOREerr(STORE_F_STORE_ATTR_INFO_SET_CSTR, STORE_R_ALREADY_HAS_A_VALUE);
+    return 0;
+}
+
 int STORE_ATTR_INFO_set_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	unsigned char *sha1str, size_t sha1str_size)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (!ATTR_IS_SET(attrs,code))
-		{
-		if ((attrs->values[code].sha1string =
-			    (unsigned char *)BUF_memdup(sha1str,
-				    sha1str_size)))
-			return 1;
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, STORE_R_ALREADY_HAS_A_VALUE);
-	return 0;
-	}
+                                unsigned char *sha1str, size_t sha1str_size)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (!ATTR_IS_SET(attrs, code)) {
+        if ((attrs->values[code].sha1string =
+             (unsigned char *)BUF_memdup(sha1str, sha1str_size)))
+            return 1;
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    STOREerr(STORE_F_STORE_ATTR_INFO_SET_SHA1STR,
+             STORE_R_ALREADY_HAS_A_VALUE);
+    return 0;
+}
+
 int STORE_ATTR_INFO_set_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	X509_NAME *dn)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (!ATTR_IS_SET(attrs,code))
-		{
-		if ((attrs->values[code].dn = X509_NAME_dup(dn)))
-			return 1;
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE);
-	return 0;
-	}
+                           X509_NAME *dn)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (!ATTR_IS_SET(attrs, code)) {
+        if ((attrs->values[code].dn = X509_NAME_dup(dn)))
+            return 1;
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    STOREerr(STORE_F_STORE_ATTR_INFO_SET_DN, STORE_R_ALREADY_HAS_A_VALUE);
+    return 0;
+}
+
 int STORE_ATTR_INFO_set_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	BIGNUM *number)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (!ATTR_IS_SET(attrs,code))
-		{
-		if ((attrs->values[code].number = BN_dup(number)))
-			return 1;
-		STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
-			ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE);
-	return 0;
-	}
+                               BIGNUM *number)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (!ATTR_IS_SET(attrs, code)) {
+        if ((attrs->values[code].number = BN_dup(number)))
+            return 1;
+        STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    STOREerr(STORE_F_STORE_ATTR_INFO_SET_NUMBER, STORE_R_ALREADY_HAS_A_VALUE);
+    return 0;
+}
+
 int STORE_ATTR_INFO_modify_cstr(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	char *cstr, size_t cstr_size)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		{
-		OPENSSL_free(attrs->values[code].cstring);
-		attrs->values[code].cstring = NULL;
-		CLEAR_ATTRBIT(attrs, code);
-		}
-	return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size);
-	}
-int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	unsigned char *sha1str, size_t sha1str_size)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		{
-		OPENSSL_free(attrs->values[code].sha1string);
-		attrs->values[code].sha1string = NULL;
-		CLEAR_ATTRBIT(attrs, code);
-		}
-	return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size);
-	}
+                                char *cstr, size_t cstr_size)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_CSTR,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (ATTR_IS_SET(attrs, code)) {
+        OPENSSL_free(attrs->values[code].cstring);
+        attrs->values[code].cstring = NULL;
+        CLEAR_ATTRBIT(attrs, code);
+    }
+    return STORE_ATTR_INFO_set_cstr(attrs, code, cstr, cstr_size);
+}
+
+int STORE_ATTR_INFO_modify_sha1str(STORE_ATTR_INFO *attrs,
+                                   STORE_ATTR_TYPES code,
+                                   unsigned char *sha1str,
+                                   size_t sha1str_size)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_SHA1STR,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (ATTR_IS_SET(attrs, code)) {
+        OPENSSL_free(attrs->values[code].sha1string);
+        attrs->values[code].sha1string = NULL;
+        CLEAR_ATTRBIT(attrs, code);
+    }
+    return STORE_ATTR_INFO_set_sha1str(attrs, code, sha1str, sha1str_size);
+}
+
 int STORE_ATTR_INFO_modify_dn(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	X509_NAME *dn)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		{
-		OPENSSL_free(attrs->values[code].dn);
-		attrs->values[code].dn = NULL;
-		CLEAR_ATTRBIT(attrs, code);
-		}
-	return STORE_ATTR_INFO_set_dn(attrs, code, dn);
-	}
-int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs, STORE_ATTR_TYPES code,
-	BIGNUM *number)
-	{
-	if (!attrs)
-		{
-		STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,
-			ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (ATTR_IS_SET(attrs,code))
-		{
-		OPENSSL_free(attrs->values[code].number);
-		attrs->values[code].number = NULL;
-		CLEAR_ATTRBIT(attrs, code);
-		}
-	return STORE_ATTR_INFO_set_number(attrs, code, number);
-	}
-
-struct attr_list_ctx_st
-	{
-	OPENSSL_ITEM *attributes;
-	};
+                              X509_NAME *dn)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_DN,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (ATTR_IS_SET(attrs, code)) {
+        OPENSSL_free(attrs->values[code].dn);
+        attrs->values[code].dn = NULL;
+        CLEAR_ATTRBIT(attrs, code);
+    }
+    return STORE_ATTR_INFO_set_dn(attrs, code, dn);
+}
+
+int STORE_ATTR_INFO_modify_number(STORE_ATTR_INFO *attrs,
+                                  STORE_ATTR_TYPES code, BIGNUM *number)
+{
+    if (!attrs) {
+        STOREerr(STORE_F_STORE_ATTR_INFO_MODIFY_NUMBER,
+                 ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (ATTR_IS_SET(attrs, code)) {
+        OPENSSL_free(attrs->values[code].number);
+        attrs->values[code].number = NULL;
+        CLEAR_ATTRBIT(attrs, code);
+    }
+    return STORE_ATTR_INFO_set_number(attrs, code, number);
+}
+
+struct attr_list_ctx_st {
+    OPENSSL_ITEM *attributes;
+};
 void *STORE_parse_attrs_start(OPENSSL_ITEM *attributes)
-	{
-	if (attributes)
-		{
-		struct attr_list_ctx_st *context =
-			(struct attr_list_ctx_st *)OPENSSL_malloc(sizeof(struct attr_list_ctx_st));
-		if (context)
-			context->attributes = attributes;
-		else
-			STOREerr(STORE_F_STORE_PARSE_ATTRS_START,
-				ERR_R_MALLOC_FAILURE);
-		return context;
-		}
-	STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER);
-	return 0;
-	}
+{
+    if (attributes) {
+        struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)
+            OPENSSL_malloc(sizeof(struct attr_list_ctx_st));
+        if (context)
+            context->attributes = attributes;
+        else
+            STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_MALLOC_FAILURE);
+        return context;
+    }
+    STOREerr(STORE_F_STORE_PARSE_ATTRS_START, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+}
+
 STORE_ATTR_INFO *STORE_parse_attrs_next(void *handle)
-	{
-	struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
-
-	if (context && context->attributes)
-		{
-		STORE_ATTR_INFO *attrs = NULL;
-
-		while(context->attributes
-			&& context->attributes->code != STORE_ATTR_OR
-			&& context->attributes->code != STORE_ATTR_END)
-			{
-			switch(context->attributes->code)
-				{
-			case STORE_ATTR_FRIENDLYNAME:
-			case STORE_ATTR_EMAIL:
-			case STORE_ATTR_FILENAME:
-				if (!attrs) attrs = STORE_ATTR_INFO_new();
-				if (attrs == NULL)
-					{
-					STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
-						ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-				STORE_ATTR_INFO_set_cstr(attrs,
-					context->attributes->code,
-					context->attributes->value,
-					context->attributes->value_size);
-				break;
-			case STORE_ATTR_KEYID:
-			case STORE_ATTR_ISSUERKEYID:
-			case STORE_ATTR_SUBJECTKEYID:
-			case STORE_ATTR_ISSUERSERIALHASH:
-			case STORE_ATTR_CERTHASH:
-				if (!attrs) attrs = STORE_ATTR_INFO_new();
-				if (attrs == NULL)
-					{
-					STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
-						ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-				STORE_ATTR_INFO_set_sha1str(attrs,
-					context->attributes->code,
-					context->attributes->value,
-					context->attributes->value_size);
-				break;
-			case STORE_ATTR_ISSUER:
-			case STORE_ATTR_SUBJECT:
-				if (!attrs) attrs = STORE_ATTR_INFO_new();
-				if (attrs == NULL)
-					{
-					STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
-						ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-				STORE_ATTR_INFO_modify_dn(attrs,
-					context->attributes->code,
-					context->attributes->value);
-				break;
-			case STORE_ATTR_SERIAL:
-				if (!attrs) attrs = STORE_ATTR_INFO_new();
-				if (attrs == NULL)
-					{
-					STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
-						ERR_R_MALLOC_FAILURE);
-					goto err;
-					}
-				STORE_ATTR_INFO_modify_number(attrs,
-					context->attributes->code,
-					context->attributes->value);
-				break;
-				}
-			context->attributes++;
-			}
-		if (context->attributes->code == STORE_ATTR_OR)
-			context->attributes++;
-		return attrs;
-	err:
-		while(context->attributes
-			&& context->attributes->code != STORE_ATTR_OR
-			&& context->attributes->code != STORE_ATTR_END)
-			context->attributes++;
-		if (context->attributes->code == STORE_ATTR_OR)
-			context->attributes++;
-		return NULL;
-		}
-	STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER);
-	return NULL;
-	}
+{
+    struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+
+    if (context && context->attributes) {
+        STORE_ATTR_INFO *attrs = NULL;
+
+        while (context->attributes
+               && context->attributes->code != STORE_ATTR_OR
+               && context->attributes->code != STORE_ATTR_END) {
+            switch (context->attributes->code) {
+            case STORE_ATTR_FRIENDLYNAME:
+            case STORE_ATTR_EMAIL:
+            case STORE_ATTR_FILENAME:
+                if (!attrs)
+                    attrs = STORE_ATTR_INFO_new();
+                if (attrs == NULL) {
+                    STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                             ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
+                STORE_ATTR_INFO_set_cstr(attrs,
+                                         context->attributes->code,
+                                         context->attributes->value,
+                                         context->attributes->value_size);
+                break;
+            case STORE_ATTR_KEYID:
+            case STORE_ATTR_ISSUERKEYID:
+            case STORE_ATTR_SUBJECTKEYID:
+            case STORE_ATTR_ISSUERSERIALHASH:
+            case STORE_ATTR_CERTHASH:
+                if (!attrs)
+                    attrs = STORE_ATTR_INFO_new();
+                if (attrs == NULL) {
+                    STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                             ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
+                STORE_ATTR_INFO_set_sha1str(attrs,
+                                            context->attributes->code,
+                                            context->attributes->value,
+                                            context->attributes->value_size);
+                break;
+            case STORE_ATTR_ISSUER:
+            case STORE_ATTR_SUBJECT:
+                if (!attrs)
+                    attrs = STORE_ATTR_INFO_new();
+                if (attrs == NULL) {
+                    STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                             ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
+                STORE_ATTR_INFO_modify_dn(attrs,
+                                          context->attributes->code,
+                                          context->attributes->value);
+                break;
+            case STORE_ATTR_SERIAL:
+                if (!attrs)
+                    attrs = STORE_ATTR_INFO_new();
+                if (attrs == NULL) {
+                    STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT,
+                             ERR_R_MALLOC_FAILURE);
+                    goto err;
+                }
+                STORE_ATTR_INFO_modify_number(attrs,
+                                              context->attributes->code,
+                                              context->attributes->value);
+                break;
+            }
+            context->attributes++;
+        }
+        if (context->attributes->code == STORE_ATTR_OR)
+            context->attributes++;
+        return attrs;
+ err:
+        while (context->attributes
+               && context->attributes->code != STORE_ATTR_OR
+               && context->attributes->code != STORE_ATTR_END)
+            context->attributes++;
+        if (context->attributes->code == STORE_ATTR_OR)
+            context->attributes++;
+        return NULL;
+    }
+    STOREerr(STORE_F_STORE_PARSE_ATTRS_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+    return NULL;
+}
+
 int STORE_parse_attrs_end(void *handle)
-	{
-	struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+{
+    struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
 
-	if (context && context->attributes)
-		{
+    if (context && context->attributes) {
 #if 0
-		OPENSSL_ITEM *attributes = context->attributes;
+        OPENSSL_ITEM *attributes = context->attributes;
 #endif
-		OPENSSL_free(context);
-		return 1;
-		}
-	STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER);
-	return 0;
-	}
+        OPENSSL_free(context);
+        return 1;
+    }
+    STOREerr(STORE_F_STORE_PARSE_ATTRS_END, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+}
 
 int STORE_parse_attrs_endp(void *handle)
-	{
-	struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
-
-	if (context && context->attributes)
-		{
-		return context->attributes->code == STORE_ATTR_END;
-		}
-	STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER);
-	return 0;
-	}
-
-static int attr_info_compare_compute_range(
-	unsigned char *abits, unsigned char *bbits,
-	unsigned int *alowp, unsigned int *ahighp,
-	unsigned int *blowp, unsigned int *bhighp)
-	{
-	unsigned int alow = (unsigned int)-1, ahigh = 0;
-	unsigned int blow = (unsigned int)-1, bhigh = 0;
-	int i, res = 0;
-
-	for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++)
-		{
-		if (res == 0)
-			{
-			if (*abits < *bbits) res = -1;
-			if (*abits > *bbits) res = 1;
-			}
-		if (*abits)
-			{
-			if (alow == (unsigned int)-1)
-				{
-				alow = i * 8;
-				if (!(*abits & 0x01)) alow++;
-				if (!(*abits & 0x02)) alow++;
-				if (!(*abits & 0x04)) alow++;
-				if (!(*abits & 0x08)) alow++;
-				if (!(*abits & 0x10)) alow++;
-				if (!(*abits & 0x20)) alow++;
-				if (!(*abits & 0x40)) alow++;
-				}
-			ahigh = i * 8 + 7;
-			if (!(*abits & 0x80)) ahigh++;
-			if (!(*abits & 0x40)) ahigh++;
-			if (!(*abits & 0x20)) ahigh++;
-			if (!(*abits & 0x10)) ahigh++;
-			if (!(*abits & 0x08)) ahigh++;
-			if (!(*abits & 0x04)) ahigh++;
-			if (!(*abits & 0x02)) ahigh++;
-			}
-		if (*bbits)
-			{
-			if (blow == (unsigned int)-1)
-				{
-				blow = i * 8;
-				if (!(*bbits & 0x01)) blow++;
-				if (!(*bbits & 0x02)) blow++;
-				if (!(*bbits & 0x04)) blow++;
-				if (!(*bbits & 0x08)) blow++;
-				if (!(*bbits & 0x10)) blow++;
-				if (!(*bbits & 0x20)) blow++;
-				if (!(*bbits & 0x40)) blow++;
-				}
-			bhigh = i * 8 + 7;
-			if (!(*bbits & 0x80)) bhigh++;
-			if (!(*bbits & 0x40)) bhigh++;
-			if (!(*bbits & 0x20)) bhigh++;
-			if (!(*bbits & 0x10)) bhigh++;
-			if (!(*bbits & 0x08)) bhigh++;
-			if (!(*bbits & 0x04)) bhigh++;
-			if (!(*bbits & 0x02)) bhigh++;
-			}
-		}
-	if (ahigh + alow < bhigh + blow) res = -1;
-	if (ahigh + alow > bhigh + blow) res = 1;
-	if (alowp) *alowp = alow;
-	if (ahighp) *ahighp = ahigh;
-	if (blowp) *blowp = blow;
-	if (bhighp) *bhighp = bhigh;
-	return res;
-	}
+{
+    struct attr_list_ctx_st *context = (struct attr_list_ctx_st *)handle;
+
+    if (context && context->attributes) {
+        return context->attributes->code == STORE_ATTR_END;
+    }
+    STOREerr(STORE_F_STORE_PARSE_ATTRS_ENDP, ERR_R_PASSED_NULL_PARAMETER);
+    return 0;
+}
+
+static int attr_info_compare_compute_range(unsigned char *abits,
+                                           unsigned char *bbits,
+                                           unsigned int *alowp,
+                                           unsigned int *ahighp,
+                                           unsigned int *blowp,
+                                           unsigned int *bhighp)
+{
+    unsigned int alow = (unsigned int)-1, ahigh = 0;
+    unsigned int blow = (unsigned int)-1, bhigh = 0;
+    int i, res = 0;
+
+    for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) {
+        if (res == 0) {
+            if (*abits < *bbits)
+                res = -1;
+            if (*abits > *bbits)
+                res = 1;
+        }
+        if (*abits) {
+            if (alow == (unsigned int)-1) {
+                alow = i * 8;
+                if (!(*abits & 0x01))
+                    alow++;
+                if (!(*abits & 0x02))
+                    alow++;
+                if (!(*abits & 0x04))
+                    alow++;
+                if (!(*abits & 0x08))
+                    alow++;
+                if (!(*abits & 0x10))
+                    alow++;
+                if (!(*abits & 0x20))
+                    alow++;
+                if (!(*abits & 0x40))
+                    alow++;
+            }
+            ahigh = i * 8 + 7;
+            if (!(*abits & 0x80))
+                ahigh++;
+            if (!(*abits & 0x40))
+                ahigh++;
+            if (!(*abits & 0x20))
+                ahigh++;
+            if (!(*abits & 0x10))
+                ahigh++;
+            if (!(*abits & 0x08))
+                ahigh++;
+            if (!(*abits & 0x04))
+                ahigh++;
+            if (!(*abits & 0x02))
+                ahigh++;
+        }
+        if (*bbits) {
+            if (blow == (unsigned int)-1) {
+                blow = i * 8;
+                if (!(*bbits & 0x01))
+                    blow++;
+                if (!(*bbits & 0x02))
+                    blow++;
+                if (!(*bbits & 0x04))
+                    blow++;
+                if (!(*bbits & 0x08))
+                    blow++;
+                if (!(*bbits & 0x10))
+                    blow++;
+                if (!(*bbits & 0x20))
+                    blow++;
+                if (!(*bbits & 0x40))
+                    blow++;
+            }
+            bhigh = i * 8 + 7;
+            if (!(*bbits & 0x80))
+                bhigh++;
+            if (!(*bbits & 0x40))
+                bhigh++;
+            if (!(*bbits & 0x20))
+                bhigh++;
+            if (!(*bbits & 0x10))
+                bhigh++;
+            if (!(*bbits & 0x08))
+                bhigh++;
+            if (!(*bbits & 0x04))
+                bhigh++;
+            if (!(*bbits & 0x02))
+                bhigh++;
+        }
+    }
+    if (ahigh + alow < bhigh + blow)
+        res = -1;
+    if (ahigh + alow > bhigh + blow)
+        res = 1;
+    if (alowp)
+        *alowp = alow;
+    if (ahighp)
+        *ahighp = ahigh;
+    if (blowp)
+        *blowp = blow;
+    if (bhighp)
+        *bhighp = bhigh;
+    return res;
+}
 
 int STORE_ATTR_INFO_compare(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
-	{
-	if (a == b) return 0;
-	if (!a) return -1;
-	if (!b) return 1;
-	return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0);
-	}
+{
+    if (a == b)
+        return 0;
+    if (!a)
+        return -1;
+    if (!b)
+        return 1;
+    return attr_info_compare_compute_range(a->set, b->set, 0, 0, 0, 0);
+}
+
 int STORE_ATTR_INFO_in_range(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
-	{
-	unsigned int alow, ahigh, blow, bhigh;
-
-	if (a == b) return 1;
-	if (!a) return 0;
-	if (!b) return 0;
-	attr_info_compare_compute_range(a->set, b->set,
-		&alow, &ahigh, &blow, &bhigh);
-	if (alow >= blow && ahigh <= bhigh)
-		return 1;
-	return 0;
-	}
+{
+    unsigned int alow, ahigh, blow, bhigh;
+
+    if (a == b)
+        return 1;
+    if (!a)
+        return 0;
+    if (!b)
+        return 0;
+    attr_info_compare_compute_range(a->set, b->set,
+                                    &alow, &ahigh, &blow, &bhigh);
+    if (alow >= blow && ahigh <= bhigh)
+        return 1;
+    return 0;
+}
+
 int STORE_ATTR_INFO_in(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
-	{
-	unsigned char *abits, *bbits;
-	int i;
-
-	if (a == b) return 1;
-	if (!a) return 0;
-	if (!b) return 0;
-	abits = a->set;
-	bbits = b->set;
-	for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++)
-		{
-		if (*abits && (*bbits & *abits) != *abits)
-			return 0;
-		}
-	return 1;
-	}
+{
+    unsigned char *abits, *bbits;
+    int i;
+
+    if (a == b)
+        return 1;
+    if (!a)
+        return 0;
+    if (!b)
+        return 0;
+    abits = a->set;
+    bbits = b->set;
+    for (i = 0; i < (STORE_ATTR_TYPE_NUM + 8) / 8; i++, abits++, bbits++) {
+        if (*abits && (*bbits & *abits) != *abits)
+            return 0;
+    }
+    return 1;
+}
+
 int STORE_ATTR_INFO_in_ex(STORE_ATTR_INFO *a, STORE_ATTR_INFO *b)
-	{
-	STORE_ATTR_TYPES i;
-
-	if (a == b) return 1;
-	if (!STORE_ATTR_INFO_in(a, b)) return 0;
-	for (i = 1; i < STORE_ATTR_TYPE_NUM; i++)
-		if (ATTR_IS_SET(a, i))
-			{
-			switch(i)
-				{
-			case STORE_ATTR_FRIENDLYNAME:
-			case STORE_ATTR_EMAIL:
-			case STORE_ATTR_FILENAME:
-				if (strcmp(a->values[i].cstring,
-					    b->values[i].cstring))
-					return 0;
-				break;
-			case STORE_ATTR_KEYID:
-			case STORE_ATTR_ISSUERKEYID:
-			case STORE_ATTR_SUBJECTKEYID:
-			case STORE_ATTR_ISSUERSERIALHASH:
-			case STORE_ATTR_CERTHASH:
-				if (memcmp(a->values[i].sha1string,
-					    b->values[i].sha1string,
-					    a->value_sizes[i]))
-					return 0;
-				break;
-			case STORE_ATTR_ISSUER:
-			case STORE_ATTR_SUBJECT:
-				if (X509_NAME_cmp(a->values[i].dn,
-					    b->values[i].dn))
-					return 0;
-				break;
-			case STORE_ATTR_SERIAL:
-				if (BN_cmp(a->values[i].number,
-					    b->values[i].number))
-					return 0;
-				break;
-			default:
-				break;
-				}
-			}
-
-	return 1;
-	}
+{
+    STORE_ATTR_TYPES i;
+
+    if (a == b)
+        return 1;
+    if (!STORE_ATTR_INFO_in(a, b))
+        return 0;
+    for (i = 1; i < STORE_ATTR_TYPE_NUM; i++)
+        if (ATTR_IS_SET(a, i)) {
+            switch (i) {
+            case STORE_ATTR_FRIENDLYNAME:
+            case STORE_ATTR_EMAIL:
+            case STORE_ATTR_FILENAME:
+                if (strcmp(a->values[i].cstring, b->values[i].cstring))
+                    return 0;
+                break;
+            case STORE_ATTR_KEYID:
+            case STORE_ATTR_ISSUERKEYID:
+            case STORE_ATTR_SUBJECTKEYID:
+            case STORE_ATTR_ISSUERSERIALHASH:
+            case STORE_ATTR_CERTHASH:
+                if (memcmp(a->values[i].sha1string,
+                           b->values[i].sha1string, a->value_sizes[i]))
+                    return 0;
+                break;
+            case STORE_ATTR_ISSUER:
+            case STORE_ATTR_SUBJECT:
+                if (X509_NAME_cmp(a->values[i].dn, b->values[i].dn))
+                    return 0;
+                break;
+            case STORE_ATTR_SERIAL:
+                if (BN_cmp(a->values[i].number, b->values[i].number))
+                    return 0;
+                break;
+            default:
+                break;
+            }
+        }
+
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/store/str_mem.c b/Cryptlib/OpenSSL/crypto/store/str_mem.c
index 527757ae..99e5a219 100644
--- a/Cryptlib/OpenSSL/crypto/store/str_mem.c
+++ b/Cryptlib/OpenSSL/crypto/store/str_mem.c
@@ -1,6 +1,7 @@
 /* crypto/store/str_mem.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2003.
+/*
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
+ * 2003.
  */
 /* ====================================================================
  * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,298 +61,317 @@
 #include <openssl/err.h>
 #include "str_locl.h"
 
-/* The memory store is currently highly experimental.  It's meant to become
-   a base store used by other stores for internal caching (for full caching
-   support, aging needs to be added).
-
-   The database use is meant to support as much attribute association as
-   possible, while providing for as small search ranges as possible.
-   This is currently provided for by sorting the entries by numbers that
-   are composed of bits set at the positions indicated by attribute type
-   codes.  This provides for ranges determined by the highest attribute
-   type code value.  A better idea might be to sort by values computed
-   from the range of attributes associated with the object (basically,
-   the difference between the highest and lowest attribute type code)
-   and it's distance from a base (basically, the lowest associated
-   attribute type code).
-*/
-
-struct mem_object_data_st
-	{
-	STORE_OBJECT *object;
-	STORE_ATTR_INFO *attr_info;
-	int references;
-	};
-
-struct mem_data_st
-	{
-	STACK *data;		/* A stack of mem_object_data_st,
-				   sorted with STORE_ATTR_INFO_compare(). */
-	unsigned int compute_components : 1; /* Currently unused, but can
-						be used to add attributes
-						from parts of the data. */
-	};
-
-struct mem_ctx_st
-	{
-	int type;		/* The type we're searching for */
-	STACK *search_attributes; /* Sets of attributes to search for.
-				     Each element is a STORE_ATTR_INFO. */
-	int search_index;	/* which of the search attributes we found a match
-				   for, -1 when we still haven't found any */
-	int index;		/* -1 as long as we're searching for the first */
-	};
+/*
+ * The memory store is currently highly experimental.  It's meant to become a
+ * base store used by other stores for internal caching (for full caching
+ * support, aging needs to be added).
+ *
+ * The database use is meant to support as much attribute association as
+ * possible, while providing for as small search ranges as possible. This is
+ * currently provided for by sorting the entries by numbers that are composed
+ * of bits set at the positions indicated by attribute type codes.  This
+ * provides for ranges determined by the highest attribute type code value.
+ * A better idea might be to sort by values computed from the range of
+ * attributes associated with the object (basically, the difference between
+ * the highest and lowest attribute type code) and it's distance from a base
+ * (basically, the lowest associated attribute type code).
+ */
+
+struct mem_object_data_st {
+    STORE_OBJECT *object;
+    STORE_ATTR_INFO *attr_info;
+    int references;
+};
+
+struct mem_data_st {
+    /*
+     * A stack of mem_object_data_st,
+     * sorted with STORE_ATTR_INFO_compare().
+     */
+    STACK *data;
+    /*
+     * Currently unused, but can be used to add attributes from parts of the
+     * data.
+     */
+    unsigned int compute_components:1;
+};
+
+struct mem_ctx_st {
+    /* The type we're searching for */
+    int type;
+    /*
+     * Sets of attributes to search for.
+     * Each element is a STORE_ATTR_INFO.
+     */
+    STACK *search_attributes;
+    /*
+     *  which of the search attributes we found a match
+     * for, -1 when we still haven't found any
+     */
+    int search_index;
+    /* -1 as long as we're searching for the first */
+    int index;
+};
 
 static int mem_init(STORE *s);
 static void mem_clean(STORE *s);
 static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+                                  OPENSSL_ITEM attributes[],
+                                  OPENSSL_ITEM parameters[]);
 static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
-static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
-	STORE_OBJECT *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
+                             OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[]);
+static int mem_store(STORE *s, STORE_OBJECT_TYPES type, STORE_OBJECT *data,
+                     OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
 static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],
-	OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[],
-	OPENSSL_ITEM parameters[]);
+                      OPENSSL_ITEM search_attributes[],
+                      OPENSSL_ITEM add_attributes[],
+                      OPENSSL_ITEM modify_attributes[],
+                      OPENSSL_ITEM delete_attributes[],
+                      OPENSSL_ITEM parameters[]);
 static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+                      OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
 static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[]);
+                            OPENSSL_ITEM attributes[],
+                            OPENSSL_ITEM parameters[]);
 static STORE_OBJECT *mem_list_next(STORE *s, void *handle);
 static int mem_list_end(STORE *s, void *handle);
 static int mem_list_endp(STORE *s, void *handle);
 static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
+                    OPENSSL_ITEM parameters[]);
 static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[]);
-static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void));
-
-static STORE_METHOD store_memory =
-	{
-	"OpenSSL memory store interface",
-	mem_init,
-	mem_clean,
-	mem_generate,
-	mem_get,
-	mem_store,
-	mem_modify,
-	NULL, /* revoke */
-	mem_delete,
-	mem_list_start,
-	mem_list_next,
-	mem_list_end,
-	mem_list_endp,
-	NULL, /* update */
-	mem_lock,
-	mem_unlock,
-	mem_ctrl
-	};
+                      OPENSSL_ITEM parameters[]);
+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f) (void));
+
+static STORE_METHOD store_memory = {
+    "OpenSSL memory store interface",
+    mem_init,
+    mem_clean,
+    mem_generate,
+    mem_get,
+    mem_store,
+    mem_modify,
+    NULL,                       /* revoke */
+    mem_delete,
+    mem_list_start,
+    mem_list_next,
+    mem_list_end,
+    mem_list_endp,
+    NULL,                       /* update */
+    mem_lock,
+    mem_unlock,
+    mem_ctrl
+};
 
 const STORE_METHOD *STORE_Memory(void)
-	{
-	return &store_memory;
-	}
+{
+    return &store_memory;
+}
 
 static int mem_init(STORE *s)
-	{
-	return 1;
-	}
+{
+    return 1;
+}
 
 static void mem_clean(STORE *s)
-	{
-	return;
-	}
+{
+    return;
+}
 
 static STORE_OBJECT *mem_generate(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
-	{
-	STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED);
-	return 0;
-	}
+                                  OPENSSL_ITEM attributes[],
+                                  OPENSSL_ITEM parameters[])
+{
+    STOREerr(STORE_F_MEM_GENERATE, STORE_R_NOT_IMPLEMENTED);
+    return 0;
+}
+
 static STORE_OBJECT *mem_get(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
-	{
-	void *context = mem_list_start(s, type, attributes, parameters);
-	
-	if (context)
-		{
-		STORE_OBJECT *object = mem_list_next(s, context);
-
-		if (mem_list_end(s, context))
-			return object;
-		}
-	return NULL;
-	}
+                             OPENSSL_ITEM attributes[],
+                             OPENSSL_ITEM parameters[])
+{
+    void *context = mem_list_start(s, type, attributes, parameters);
+
+    if (context) {
+        STORE_OBJECT *object = mem_list_next(s, context);
+
+        if (mem_list_end(s, context))
+            return object;
+    }
+    return NULL;
+}
+
 static int mem_store(STORE *s, STORE_OBJECT_TYPES type,
-	STORE_OBJECT *data, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED);
-	return 0;
-	}
+                     STORE_OBJECT *data, OPENSSL_ITEM attributes[],
+                     OPENSSL_ITEM parameters[])
+{
+    STOREerr(STORE_F_MEM_STORE, STORE_R_NOT_IMPLEMENTED);
+    return 0;
+}
+
 static int mem_modify(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM search_attributes[], OPENSSL_ITEM add_attributes[],
-	OPENSSL_ITEM modify_attributes[], OPENSSL_ITEM delete_attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED);
-	return 0;
-	}
+                      OPENSSL_ITEM search_attributes[],
+                      OPENSSL_ITEM add_attributes[],
+                      OPENSSL_ITEM modify_attributes[],
+                      OPENSSL_ITEM delete_attributes[],
+                      OPENSSL_ITEM parameters[])
+{
+    STOREerr(STORE_F_MEM_MODIFY, STORE_R_NOT_IMPLEMENTED);
+    return 0;
+}
+
 static int mem_delete(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
-	{
-	STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED);
-	return 0;
-	}
-
-/* The list functions may be the hardest to understand.  Basically,
-   mem_list_start compiles a stack of attribute info elements, and
-   puts that stack into the context to be returned.  mem_list_next
-   will then find the first matching element in the store, and then
-   walk all the way to the end of the store (since any combination
-   of attribute bits above the starting point may match the searched
-   for bit pattern...). */
+                      OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
+{
+    STOREerr(STORE_F_MEM_DELETE, STORE_R_NOT_IMPLEMENTED);
+    return 0;
+}
+
+/*
+ * The list functions may be the hardest to understand.  Basically,
+ * mem_list_start compiles a stack of attribute info elements, and puts that
+ * stack into the context to be returned.  mem_list_next will then find the
+ * first matching element in the store, and then walk all the way to the end
+ * of the store (since any combination of attribute bits above the starting
+ * point may match the searched for bit pattern...).
+ */
 static void *mem_list_start(STORE *s, STORE_OBJECT_TYPES type,
-	OPENSSL_ITEM attributes[], OPENSSL_ITEM parameters[])
-	{
-	struct mem_ctx_st *context =
-		(struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st));
-	void *attribute_context = NULL;
-	STORE_ATTR_INFO *attrs = NULL;
-
-	if (!context)
-		{
-		STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	memset(context, 0, sizeof(struct mem_ctx_st));
-
-	attribute_context = STORE_parse_attrs_start(attributes);
-	if (!attribute_context)
-		{
-		STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB);
-		goto err;
-		}
-
-	while((attrs = STORE_parse_attrs_next(attribute_context)))
-		{
-		if (context->search_attributes == NULL)
-			{
-			context->search_attributes =
-				sk_new((int (*)(const char * const *, const char * const *))STORE_ATTR_INFO_compare);
-			if (!context->search_attributes)
-				{
-				STOREerr(STORE_F_MEM_LIST_START,
-					ERR_R_MALLOC_FAILURE);
-				goto err;
-				}
-			}
-		sk_push(context->search_attributes,(char *)attrs);
-		}
-	if (!STORE_parse_attrs_endp(attribute_context))
-		goto err;
-	STORE_parse_attrs_end(attribute_context);
-	context->search_index = -1;
-	context->index = -1;
-	return context;
+                            OPENSSL_ITEM attributes[],
+                            OPENSSL_ITEM parameters[])
+{
+    struct mem_ctx_st *context =
+        (struct mem_ctx_st *)OPENSSL_malloc(sizeof(struct mem_ctx_st));
+    void *attribute_context = NULL;
+    STORE_ATTR_INFO *attrs = NULL;
+
+    if (!context) {
+        STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    memset(context, 0, sizeof(struct mem_ctx_st));
+
+    attribute_context = STORE_parse_attrs_start(attributes);
+    if (!attribute_context) {
+        STOREerr(STORE_F_MEM_LIST_START, ERR_R_STORE_LIB);
+        goto err;
+    }
+
+    while ((attrs = STORE_parse_attrs_next(attribute_context))) {
+        if (context->search_attributes == NULL) {
+            context->search_attributes =
+                sk_new((int (*)(const char *const *, const char *const *))
+                       STORE_ATTR_INFO_compare);
+            if (!context->search_attributes) {
+                STOREerr(STORE_F_MEM_LIST_START, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        }
+        sk_push(context->search_attributes, (char *)attrs);
+    }
+    if (!STORE_parse_attrs_endp(attribute_context))
+        goto err;
+    STORE_parse_attrs_end(attribute_context);
+    context->search_index = -1;
+    context->index = -1;
+    return context;
  err:
-	if (attribute_context) STORE_parse_attrs_end(attribute_context);
-	mem_list_end(s, context);
-	return NULL;
-	}
+    if (attribute_context)
+        STORE_parse_attrs_end(attribute_context);
+    mem_list_end(s, context);
+    return NULL;
+}
+
 static STORE_OBJECT *mem_list_next(STORE *s, void *handle)
-	{
-	int i;
-	struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
-	struct mem_object_data_st key = { 0, 0, 1 };
-	struct mem_data_st *store =
-		(struct mem_data_st *)STORE_get_ex_data(s, 1);
-	int srch;
-	int cres = 0;
-
-	if (!context)
-		{
-		STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER);
-		return NULL;
-		}
-	if (!store)
-		{
-		STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE);
-		return NULL;
-		}
-
-	if (context->search_index == -1)
-		{
-		for (i = 0; i < sk_num(context->search_attributes); i++)
-			{
-			key.attr_info =
-				(STORE_ATTR_INFO *)sk_value(context->search_attributes, i);
-			srch = sk_find_ex(store->data, (char *)&key);
-
-			if (srch >= 0)
-				{
-				context->search_index = srch;
-				break;
-				}
-			}
-		}
-	if (context->search_index < 0)
-		return NULL;
-	
-	key.attr_info =
-		(STORE_ATTR_INFO *)sk_value(context->search_attributes,
-			context->search_index);
-	for(srch = context->search_index;
-	    srch < sk_num(store->data)
-		    && STORE_ATTR_INFO_in_range(key.attr_info,
-			    (STORE_ATTR_INFO *)sk_value(store->data, srch))
-		    && !(cres = STORE_ATTR_INFO_in_ex(key.attr_info,
-				 (STORE_ATTR_INFO *)sk_value(store->data, srch)));
-	    srch++)
-		;
-
-	context->search_index = srch;
-	if (cres)
-		return ((struct mem_object_data_st *)sk_value(store->data,
-				srch))->object;
-	return NULL;
-	}
+{
+    int i;
+    struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+    struct mem_object_data_st key = { 0, 0, 1 };
+    struct mem_data_st *store = (struct mem_data_st *)STORE_get_ex_data(s, 1);
+    int srch;
+    int cres = 0;
+
+    if (!context) {
+        STOREerr(STORE_F_MEM_LIST_NEXT, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if (!store) {
+        STOREerr(STORE_F_MEM_LIST_NEXT, STORE_R_NO_STORE);
+        return NULL;
+    }
+
+    if (context->search_index == -1) {
+        for (i = 0; i < sk_num(context->search_attributes); i++) {
+            key.attr_info =
+                (STORE_ATTR_INFO *)sk_value(context->search_attributes, i);
+            srch = sk_find_ex(store->data, (char *)&key);
+
+            if (srch >= 0) {
+                context->search_index = srch;
+                break;
+            }
+        }
+    }
+    if (context->search_index < 0)
+        return NULL;
+
+    key.attr_info =
+        (STORE_ATTR_INFO *)sk_value(context->search_attributes,
+                                    context->search_index);
+    for (srch = context->search_index; srch < sk_num(store->data)
+         && STORE_ATTR_INFO_in_range(key.attr_info,
+                                     (STORE_ATTR_INFO *)sk_value(store->data,
+                                                                 srch))
+         && !(cres =
+              STORE_ATTR_INFO_in_ex(key.attr_info,
+                                    (STORE_ATTR_INFO *)sk_value(store->data,
+                                                                srch)));
+         srch++) ;
+
+    context->search_index = srch;
+    if (cres)
+        return ((struct mem_object_data_st *)sk_value(store->data,
+                                                      srch))->object;
+    return NULL;
+}
+
 static int mem_list_end(STORE *s, void *handle)
-	{
-	struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
-
-	if (!context)
-		{
-		STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER);
-		return 0;
-		}
-	if (context && context->search_attributes)
-		sk_free(context->search_attributes);
-	if (context) OPENSSL_free(context);
-	return 1;
-	}
+{
+    struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+
+    if (!context) {
+        STOREerr(STORE_F_MEM_LIST_END, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+    if (context && context->search_attributes)
+        sk_free(context->search_attributes);
+    if (context)
+        OPENSSL_free(context);
+    return 1;
+}
+
 static int mem_list_endp(STORE *s, void *handle)
-	{
-	struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
-
-	if (!context
-		|| context->search_index == sk_num(context->search_attributes))
-		return 1;
-	return 0;
-	}
+{
+    struct mem_ctx_st *context = (struct mem_ctx_st *)handle;
+
+    if (!context
+        || context->search_index == sk_num(context->search_attributes))
+        return 1;
+    return 0;
+}
+
 static int mem_lock(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	return 1;
-	}
+                    OPENSSL_ITEM parameters[])
+{
+    return 1;
+}
+
 static int mem_unlock(STORE *s, OPENSSL_ITEM attributes[],
-	OPENSSL_ITEM parameters[])
-	{
-	return 1;
-	}
-static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f)(void))
-	{
-	return 1;
-	}
+                      OPENSSL_ITEM parameters[])
+{
+    return 1;
+}
+
+static int mem_ctrl(STORE *s, int cmd, long l, void *p, void (*f) (void))
+{
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/store/str_meth.c b/Cryptlib/OpenSSL/crypto/store/str_meth.c
index a46de03a..d83a6de0 100644
--- a/Cryptlib/OpenSSL/crypto/store/str_meth.c
+++ b/Cryptlib/OpenSSL/crypto/store/str_meth.c
@@ -1,6 +1,7 @@
 /* crypto/store/str_meth.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2003.
+/*
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
+ * 2003.
  */
 /* ====================================================================
  * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,190 +62,219 @@
 #include "str_locl.h"
 
 STORE_METHOD *STORE_create_method(char *name)
-	{
-	STORE_METHOD *store_method = (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD));
-
-	if (store_method)
-		{
-		memset(store_method, 0, sizeof(*store_method));
-		store_method->name = BUF_strdup(name);
-		}
-	return store_method;
-	}
-
-/* BIG FSCKING WARNING!!!!  If you use this on a statically allocated method
-   (that is, it hasn't been allocated using STORE_create_method(), you deserve
-   anything Murphy can throw at you and more!  You have been warned. */
+{
+    STORE_METHOD *store_method =
+        (STORE_METHOD *)OPENSSL_malloc(sizeof(STORE_METHOD));
+
+    if (store_method) {
+        memset(store_method, 0, sizeof(*store_method));
+        store_method->name = BUF_strdup(name);
+    }
+    return store_method;
+}
+
+/*
+ * BIG FSCKING WARNING!!!! If you use this on a statically allocated method
+ * (that is, it hasn't been allocated using STORE_create_method(), you
+ * deserve anything Murphy can throw at you and more! You have been warned.
+ */
 void STORE_destroy_method(STORE_METHOD *store_method)
-	{
-	if (!store_method) return;
-	OPENSSL_free(store_method->name);
-	store_method->name = NULL;
-	OPENSSL_free(store_method);
-	}
-
-int STORE_method_set_initialise_function(STORE_METHOD *sm, STORE_INITIALISE_FUNC_PTR init_f)
-	{
-	sm->init = init_f;
-	return 1;
-	}
-
-int STORE_method_set_cleanup_function(STORE_METHOD *sm, STORE_CLEANUP_FUNC_PTR clean_f)
-	{
-	sm->clean = clean_f;
-	return 1;
-	}
-
-int STORE_method_set_generate_function(STORE_METHOD *sm, STORE_GENERATE_OBJECT_FUNC_PTR generate_f)
-	{
-	sm->generate_object = generate_f;
-	return 1;
-	}
-
-int STORE_method_set_get_function(STORE_METHOD *sm, STORE_GET_OBJECT_FUNC_PTR get_f)
-	{
-	sm->get_object = get_f;
-	return 1;
-	}
-
-int STORE_method_set_store_function(STORE_METHOD *sm, STORE_STORE_OBJECT_FUNC_PTR store_f)
-	{
-	sm->store_object = store_f;
-	return 1;
-	}
-
-int STORE_method_set_modify_function(STORE_METHOD *sm, STORE_MODIFY_OBJECT_FUNC_PTR modify_f)
-	{
-	sm->modify_object = modify_f;
-	return 1;
-	}
-
-int STORE_method_set_revoke_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR revoke_f)
-	{
-	sm->revoke_object = revoke_f;
-	return 1;
-	}
-
-int STORE_method_set_delete_function(STORE_METHOD *sm, STORE_HANDLE_OBJECT_FUNC_PTR delete_f)
-	{
-	sm->delete_object = delete_f;
-	return 1;
-	}
-
-int STORE_method_set_list_start_function(STORE_METHOD *sm, STORE_START_OBJECT_FUNC_PTR list_start_f)
-	{
-	sm->list_object_start = list_start_f;
-	return 1;
-	}
-
-int STORE_method_set_list_next_function(STORE_METHOD *sm, STORE_NEXT_OBJECT_FUNC_PTR list_next_f)
-	{
-	sm->list_object_next = list_next_f;
-	return 1;
-	}
-
-int STORE_method_set_list_end_function(STORE_METHOD *sm, STORE_END_OBJECT_FUNC_PTR list_end_f)
-	{
-	sm->list_object_end = list_end_f;
-	return 1;
-	}
-
-int STORE_method_set_update_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR update_f)
-	{
-	sm->update_store = update_f;
-	return 1;
-	}
-
-int STORE_method_set_lock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR lock_f)
-	{
-	sm->lock_store = lock_f;
-	return 1;
-	}
-
-int STORE_method_set_unlock_store_function(STORE_METHOD *sm, STORE_GENERIC_FUNC_PTR unlock_f)
-	{
-	sm->unlock_store = unlock_f;
-	return 1;
-	}
-
-int STORE_method_set_ctrl_function(STORE_METHOD *sm, STORE_CTRL_FUNC_PTR ctrl_f)
-	{
-	sm->ctrl = ctrl_f;
-	return 1;
-	}
-
-STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD *sm)
-	{
-	return sm->init;
-	}
+{
+    if (!store_method)
+        return;
+    OPENSSL_free(store_method->name);
+    store_method->name = NULL;
+    OPENSSL_free(store_method);
+}
+
+int STORE_method_set_initialise_function(STORE_METHOD *sm,
+                                         STORE_INITIALISE_FUNC_PTR init_f)
+{
+    sm->init = init_f;
+    return 1;
+}
+
+int STORE_method_set_cleanup_function(STORE_METHOD *sm,
+                                      STORE_CLEANUP_FUNC_PTR clean_f)
+{
+    sm->clean = clean_f;
+    return 1;
+}
+
+int STORE_method_set_generate_function(STORE_METHOD *sm,
+                                       STORE_GENERATE_OBJECT_FUNC_PTR
+                                       generate_f)
+{
+    sm->generate_object = generate_f;
+    return 1;
+}
+
+int STORE_method_set_get_function(STORE_METHOD *sm,
+                                  STORE_GET_OBJECT_FUNC_PTR get_f)
+{
+    sm->get_object = get_f;
+    return 1;
+}
+
+int STORE_method_set_store_function(STORE_METHOD *sm,
+                                    STORE_STORE_OBJECT_FUNC_PTR store_f)
+{
+    sm->store_object = store_f;
+    return 1;
+}
+
+int STORE_method_set_modify_function(STORE_METHOD *sm,
+                                     STORE_MODIFY_OBJECT_FUNC_PTR modify_f)
+{
+    sm->modify_object = modify_f;
+    return 1;
+}
+
+int STORE_method_set_revoke_function(STORE_METHOD *sm,
+                                     STORE_HANDLE_OBJECT_FUNC_PTR revoke_f)
+{
+    sm->revoke_object = revoke_f;
+    return 1;
+}
+
+int STORE_method_set_delete_function(STORE_METHOD *sm,
+                                     STORE_HANDLE_OBJECT_FUNC_PTR delete_f)
+{
+    sm->delete_object = delete_f;
+    return 1;
+}
+
+int STORE_method_set_list_start_function(STORE_METHOD *sm,
+                                         STORE_START_OBJECT_FUNC_PTR
+                                         list_start_f)
+{
+    sm->list_object_start = list_start_f;
+    return 1;
+}
+
+int STORE_method_set_list_next_function(STORE_METHOD *sm,
+                                        STORE_NEXT_OBJECT_FUNC_PTR
+                                        list_next_f)
+{
+    sm->list_object_next = list_next_f;
+    return 1;
+}
+
+int STORE_method_set_list_end_function(STORE_METHOD *sm,
+                                       STORE_END_OBJECT_FUNC_PTR list_end_f)
+{
+    sm->list_object_end = list_end_f;
+    return 1;
+}
+
+int STORE_method_set_update_store_function(STORE_METHOD *sm,
+                                           STORE_GENERIC_FUNC_PTR update_f)
+{
+    sm->update_store = update_f;
+    return 1;
+}
+
+int STORE_method_set_lock_store_function(STORE_METHOD *sm,
+                                         STORE_GENERIC_FUNC_PTR lock_f)
+{
+    sm->lock_store = lock_f;
+    return 1;
+}
+
+int STORE_method_set_unlock_store_function(STORE_METHOD *sm,
+                                           STORE_GENERIC_FUNC_PTR unlock_f)
+{
+    sm->unlock_store = unlock_f;
+    return 1;
+}
+
+int STORE_method_set_ctrl_function(STORE_METHOD *sm,
+                                   STORE_CTRL_FUNC_PTR ctrl_f)
+{
+    sm->ctrl = ctrl_f;
+    return 1;
+}
+
+STORE_INITIALISE_FUNC_PTR STORE_method_get_initialise_function(STORE_METHOD
+                                                               *sm)
+{
+    return sm->init;
+}
 
 STORE_CLEANUP_FUNC_PTR STORE_method_get_cleanup_function(STORE_METHOD *sm)
-	{
-	return sm->clean;
-	}
+{
+    return sm->clean;
+}
 
-STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD *sm)
-	{
-	return sm->generate_object;
-	}
+STORE_GENERATE_OBJECT_FUNC_PTR STORE_method_get_generate_function(STORE_METHOD
+                                                                  *sm)
+{
+    return sm->generate_object;
+}
 
 STORE_GET_OBJECT_FUNC_PTR STORE_method_get_get_function(STORE_METHOD *sm)
-	{
-	return sm->get_object;
-	}
+{
+    return sm->get_object;
+}
 
 STORE_STORE_OBJECT_FUNC_PTR STORE_method_get_store_function(STORE_METHOD *sm)
-	{
-	return sm->store_object;
-	}
-
-STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD *sm)
-	{
-	return sm->modify_object;
-	}
-
-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD *sm)
-	{
-	return sm->revoke_object;
-	}
-
-STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD *sm)
-	{
-	return sm->delete_object;
-	}
-
-STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD *sm)
-	{
-	return sm->list_object_start;
-	}
-
-STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD *sm)
-	{
-	return sm->list_object_next;
-	}
+{
+    return sm->store_object;
+}
+
+STORE_MODIFY_OBJECT_FUNC_PTR STORE_method_get_modify_function(STORE_METHOD
+                                                              *sm)
+{
+    return sm->modify_object;
+}
+
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_revoke_function(STORE_METHOD
+                                                              *sm)
+{
+    return sm->revoke_object;
+}
+
+STORE_HANDLE_OBJECT_FUNC_PTR STORE_method_get_delete_function(STORE_METHOD
+                                                              *sm)
+{
+    return sm->delete_object;
+}
+
+STORE_START_OBJECT_FUNC_PTR STORE_method_get_list_start_function(STORE_METHOD
+                                                                 *sm)
+{
+    return sm->list_object_start;
+}
+
+STORE_NEXT_OBJECT_FUNC_PTR STORE_method_get_list_next_function(STORE_METHOD
+                                                               *sm)
+{
+    return sm->list_object_next;
+}
 
 STORE_END_OBJECT_FUNC_PTR STORE_method_get_list_end_function(STORE_METHOD *sm)
-	{
-	return sm->list_object_end;
-	}
+{
+    return sm->list_object_end;
+}
 
-STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD *sm)
-	{
-	return sm->update_store;
-	}
+STORE_GENERIC_FUNC_PTR STORE_method_get_update_store_function(STORE_METHOD
+                                                              *sm)
+{
+    return sm->update_store;
+}
 
 STORE_GENERIC_FUNC_PTR STORE_method_get_lock_store_function(STORE_METHOD *sm)
-	{
-	return sm->lock_store;
-	}
+{
+    return sm->lock_store;
+}
 
-STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD *sm)
-	{
-	return sm->unlock_store;
-	}
+STORE_GENERIC_FUNC_PTR STORE_method_get_unlock_store_function(STORE_METHOD
+                                                              *sm)
+{
+    return sm->unlock_store;
+}
 
 STORE_CTRL_FUNC_PTR STORE_method_get_ctrl_function(STORE_METHOD *sm)
-	{
-	return sm->ctrl;
-	}
-
+{
+    return sm->ctrl;
+}
diff --git a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c
index 3ed5f72e..a81eaae5 100644
--- a/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c
+++ b/Cryptlib/OpenSSL/crypto/txt_db/txt_db.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,323 +64,318 @@
 #include <openssl/txt_db.h>
 
 #undef BUFSIZE
-#define BUFSIZE	512
+#define BUFSIZE 512
 
-const char TXT_DB_version[]="TXT_DB" OPENSSL_VERSION_PTEXT;
+const char TXT_DB_version[] = "TXT_DB" OPENSSL_VERSION_PTEXT;
 
 TXT_DB *TXT_DB_read(BIO *in, int num)
-	{
-	TXT_DB *ret=NULL;
-	int er=1;
-	int esc=0;
-	long ln=0;
-	int i,add,n;
-	int size=BUFSIZE;
-	int offset=0;
-	char *p,**pp,*f;
-	BUF_MEM *buf=NULL;
+{
+    TXT_DB *ret = NULL;
+    int er = 1;
+    int esc = 0;
+    long ln = 0;
+    int i, add, n;
+    int size = BUFSIZE;
+    int offset = 0;
+    char *p, **pp, *f;
+    BUF_MEM *buf = NULL;
 
-	if ((buf=BUF_MEM_new()) == NULL) goto err;
-	if (!BUF_MEM_grow(buf,size)) goto err;
+    if ((buf = BUF_MEM_new()) == NULL)
+        goto err;
+    if (!BUF_MEM_grow(buf, size))
+        goto err;
 
-	if ((ret=(TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL)
-		goto err;
-	ret->num_fields=num;
-	ret->index=NULL;
-	ret->qual=NULL;
-	if ((ret->data=sk_new_null()) == NULL)
-		goto err;
-	if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL)
-		goto err;
-	if ((ret->qual=(int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **))*num)) == NULL)
-		goto err;
-	for (i=0; i<num; i++)
-		{
-		ret->index[i]=NULL;
-		ret->qual[i]=NULL;
-		}
+    if ((ret = (TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL)
+        goto err;
+    ret->num_fields = num;
+    ret->index = NULL;
+    ret->qual = NULL;
+    if ((ret->data = sk_new_null()) == NULL)
+        goto err;
+    if ((ret->index =
+         (LHASH **)OPENSSL_malloc(sizeof(LHASH *) * num)) == NULL)
+        goto err;
+    if ((ret->qual =
+         (int (**)(char **))OPENSSL_malloc(sizeof(int (**)(char **)) *
+                                           num)) == NULL)
+        goto err;
+    for (i = 0; i < num; i++) {
+        ret->index[i] = NULL;
+        ret->qual[i] = NULL;
+    }
 
-	add=(num+1)*sizeof(char *);
-	buf->data[size-1]='\0';
-	offset=0;
-	for (;;)
-		{
-		if (offset != 0)
-			{
-			size+=BUFSIZE;
-			if (!BUF_MEM_grow_clean(buf,size)) goto err;
-			}
-		buf->data[offset]='\0';
-		BIO_gets(in,&(buf->data[offset]),size-offset);
-		ln++;
-		if (buf->data[offset] == '\0') break;
-		if ((offset == 0) && (buf->data[0] == '#')) continue;
-		i=strlen(&(buf->data[offset]));
-		offset+=i;
-		if (buf->data[offset-1] != '\n')
-			continue;
-		else
-			{
-			buf->data[offset-1]='\0'; /* blat the '\n' */
-			if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err;
-			offset=0;
-			}
-		pp=(char **)p;
-		p+=add;
-		n=0;
-		pp[n++]=p;
-		i=0;
-		f=buf->data;
+    add = (num + 1) * sizeof(char *);
+    buf->data[size - 1] = '\0';
+    offset = 0;
+    for (;;) {
+        if (offset != 0) {
+            size += BUFSIZE;
+            if (!BUF_MEM_grow_clean(buf, size))
+                goto err;
+        }
+        buf->data[offset] = '\0';
+        BIO_gets(in, &(buf->data[offset]), size - offset);
+        ln++;
+        if (buf->data[offset] == '\0')
+            break;
+        if ((offset == 0) && (buf->data[0] == '#'))
+            continue;
+        i = strlen(&(buf->data[offset]));
+        offset += i;
+        if (buf->data[offset - 1] != '\n')
+            continue;
+        else {
+            buf->data[offset - 1] = '\0'; /* blat the '\n' */
+            if (!(p = (char *)OPENSSL_malloc(add + offset)))
+                goto err;
+            offset = 0;
+        }
+        pp = (char **)p;
+        p += add;
+        n = 0;
+        pp[n++] = p;
+        i = 0;
+        f = buf->data;
 
-		esc=0;
-		for (;;)
-			{
-			if (*f == '\0') break;
-			if (*f == '\t')
-				{
-				if (esc)
-					p--;
-				else
-					{	
-					*(p++)='\0';
-					f++;
-					if (n >=  num) break;
-					pp[n++]=p;
-					continue;
-					}
-				}
-			esc=(*f == '\\');
-			*(p++)= *(f++);
-			}
-		*(p++)='\0';
-		if ((n != num) || (*f != '\0'))
-			{
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)	/* temporaty fix :-( */
-			fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f);
+        esc = 0;
+        for (;;) {
+            if (*f == '\0')
+                break;
+            if (*f == '\t') {
+                if (esc)
+                    p--;
+                else {
+                    *(p++) = '\0';
+                    f++;
+                    if (n >= num)
+                        break;
+                    pp[n++] = p;
+                    continue;
+                }
+            }
+            esc = (*f == '\\');
+            *(p++) = *(f++);
+        }
+        *(p++) = '\0';
+        if ((n != num) || (*f != '\0')) {
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty
+                                                               * fix :-( */
+            fprintf(stderr,
+                    "wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",
+                    ln, num, n, f);
 #endif
-			er=2;
-			goto err;
-			}
-		pp[n]=p;
-		if (!sk_push(ret->data,(char *)pp))
-			{
-#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)	/* temporaty fix :-( */
-			fprintf(stderr,"failure in sk_push\n");
+            er = 2;
+            goto err;
+        }
+        pp[n] = p;
+        if (!sk_push(ret->data, (char *)pp)) {
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty
+                                                               * fix :-( */
+            fprintf(stderr, "failure in sk_push\n");
 #endif
-			er=2;
-			goto err;
-			}
-		}
-	er=0;
-err:
-	BUF_MEM_free(buf);
-	if (er)
-		{
+            er = 2;
+            goto err;
+        }
+    }
+    er = 0;
+ err:
+    BUF_MEM_free(buf);
+    if (er) {
 #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
-		if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n");
+        if (er == 1)
+            fprintf(stderr, "OPENSSL_malloc failure\n");
 #endif
-		if (ret != NULL)
-			{
-			if (ret->data != NULL) sk_free(ret->data);
-			if (ret->index != NULL) OPENSSL_free(ret->index);
-			if (ret->qual != NULL) OPENSSL_free(ret->qual);
-			if (ret != NULL) OPENSSL_free(ret);
-			}
-		return(NULL);
-		}
-	else
-		return(ret);
-	}
+        if (ret != NULL) {
+            if (ret->data != NULL)
+                sk_free(ret->data);
+            if (ret->index != NULL)
+                OPENSSL_free(ret->index);
+            if (ret->qual != NULL)
+                OPENSSL_free(ret->qual);
+            if (ret != NULL)
+                OPENSSL_free(ret);
+        }
+        return (NULL);
+    } else
+        return (ret);
+}
 
 char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value)
-	{
-	char **ret;
-	LHASH *lh;
+{
+    char **ret;
+    LHASH *lh;
 
-	if (idx >= db->num_fields)
-		{
-		db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
-		return(NULL);
-		}
-	lh=db->index[idx];
-	if (lh == NULL)
-		{
-		db->error=DB_ERROR_NO_INDEX;
-		return(NULL);
-		}
-	ret=(char **)lh_retrieve(lh,value);
-	db->error=DB_ERROR_OK;
-	return(ret);
-	}
+    if (idx >= db->num_fields) {
+        db->error = DB_ERROR_INDEX_OUT_OF_RANGE;
+        return (NULL);
+    }
+    lh = db->index[idx];
+    if (lh == NULL) {
+        db->error = DB_ERROR_NO_INDEX;
+        return (NULL);
+    }
+    ret = (char **)lh_retrieve(lh, value);
+    db->error = DB_ERROR_OK;
+    return (ret);
+}
 
-int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(char **),
-		LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
-	{
-	LHASH *idx;
-	char **r;
-	int i,n;
+int TXT_DB_create_index(TXT_DB *db, int field, int (*qual) (char **),
+                        LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp)
+{
+    LHASH *idx;
+    char **r;
+    int i, n;
 
-	if (field >= db->num_fields)
-		{
-		db->error=DB_ERROR_INDEX_OUT_OF_RANGE;
-		return(0);
-		}
-	if ((idx=lh_new(hash,cmp)) == NULL)
-		{
-		db->error=DB_ERROR_MALLOC;
-		return(0);
-		}
-	n=sk_num(db->data);
-	for (i=0; i<n; i++)
-		{
-		r=(char **)sk_value(db->data,i);
-		if ((qual != NULL) && (qual(r) == 0)) continue;
-		if ((r=lh_insert(idx,r)) != NULL)
-			{
-			db->error=DB_ERROR_INDEX_CLASH;
-			db->arg1=sk_find(db->data,(char *)r);
-			db->arg2=i;
-			lh_free(idx);
-			return(0);
-			}
-		}
-	if (db->index[field] != NULL) lh_free(db->index[field]);
-	db->index[field]=idx;
-	db->qual[field]=qual;
-	return(1);
-	}
+    if (field >= db->num_fields) {
+        db->error = DB_ERROR_INDEX_OUT_OF_RANGE;
+        return (0);
+    }
+    if ((idx = lh_new(hash, cmp)) == NULL) {
+        db->error = DB_ERROR_MALLOC;
+        return (0);
+    }
+    n = sk_num(db->data);
+    for (i = 0; i < n; i++) {
+        r = (char **)sk_value(db->data, i);
+        if ((qual != NULL) && (qual(r) == 0))
+            continue;
+        if ((r = lh_insert(idx, r)) != NULL) {
+            db->error = DB_ERROR_INDEX_CLASH;
+            db->arg1 = sk_find(db->data, (char *)r);
+            db->arg2 = i;
+            lh_free(idx);
+            return (0);
+        }
+    }
+    if (db->index[field] != NULL)
+        lh_free(db->index[field]);
+    db->index[field] = idx;
+    db->qual[field] = qual;
+    return (1);
+}
 
 long TXT_DB_write(BIO *out, TXT_DB *db)
-	{
-	long i,j,n,nn,l,tot=0;
-	char *p,**pp,*f;
-	BUF_MEM *buf=NULL;
-	long ret= -1;
+{
+    long i, j, n, nn, l, tot = 0;
+    char *p, **pp, *f;
+    BUF_MEM *buf = NULL;
+    long ret = -1;
 
-	if ((buf=BUF_MEM_new()) == NULL)
-		goto err;
-	n=sk_num(db->data);
-	nn=db->num_fields;
-	for (i=0; i<n; i++)
-		{
-		pp=(char **)sk_value(db->data,i);
+    if ((buf = BUF_MEM_new()) == NULL)
+        goto err;
+    n = sk_num(db->data);
+    nn = db->num_fields;
+    for (i = 0; i < n; i++) {
+        pp = (char **)sk_value(db->data, i);
 
-		l=0;
-		for (j=0; j<nn; j++)
-			{
-			if (pp[j] != NULL)
-				l+=strlen(pp[j]);
-			}
-		if (!BUF_MEM_grow_clean(buf,(int)(l*2+nn))) goto err;
+        l = 0;
+        for (j = 0; j < nn; j++) {
+            if (pp[j] != NULL)
+                l += strlen(pp[j]);
+        }
+        if (!BUF_MEM_grow_clean(buf, (int)(l * 2 + nn)))
+            goto err;
 
-		p=buf->data;
-		for (j=0; j<nn; j++)
-			{
-			f=pp[j];
-			if (f != NULL)
-				for (;;) 
-					{
-					if (*f == '\0') break;
-					if (*f == '\t') *(p++)='\\';
-					*(p++)= *(f++);
-					}
-			*(p++)='\t';
-			}
-		p[-1]='\n';
-		j=p-buf->data;
-		if (BIO_write(out,buf->data,(int)j) != j)
-			goto err;
-		tot+=j;
-		}
-	ret=tot;
-err:
-	if (buf != NULL) BUF_MEM_free(buf);
-	return(ret);
-	}
+        p = buf->data;
+        for (j = 0; j < nn; j++) {
+            f = pp[j];
+            if (f != NULL)
+                for (;;) {
+                    if (*f == '\0')
+                        break;
+                    if (*f == '\t')
+                        *(p++) = '\\';
+                    *(p++) = *(f++);
+                }
+            *(p++) = '\t';
+        }
+        p[-1] = '\n';
+        j = p - buf->data;
+        if (BIO_write(out, buf->data, (int)j) != j)
+            goto err;
+        tot += j;
+    }
+    ret = tot;
+ err:
+    if (buf != NULL)
+        BUF_MEM_free(buf);
+    return (ret);
+}
 
 int TXT_DB_insert(TXT_DB *db, char **row)
-	{
-	int i;
-	char **r;
+{
+    int i;
+    char **r;
 
-	for (i=0; i<db->num_fields; i++)
-		{
-		if (db->index[i] != NULL)
-			{
-			if ((db->qual[i] != NULL) &&
-				(db->qual[i](row) == 0)) continue;
-			r=(char **)lh_retrieve(db->index[i],row);
-			if (r != NULL)
-				{
-				db->error=DB_ERROR_INDEX_CLASH;
-				db->arg1=i;
-				db->arg_row=r;
-				goto err;
-				}
-			}
-		}
-	/* We have passed the index checks, now just append and insert */
-	if (!sk_push(db->data,(char *)row))
-		{
-		db->error=DB_ERROR_MALLOC;
-		goto err;
-		}
+    for (i = 0; i < db->num_fields; i++) {
+        if (db->index[i] != NULL) {
+            if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0))
+                continue;
+            r = (char **)lh_retrieve(db->index[i], row);
+            if (r != NULL) {
+                db->error = DB_ERROR_INDEX_CLASH;
+                db->arg1 = i;
+                db->arg_row = r;
+                goto err;
+            }
+        }
+    }
+    /* We have passed the index checks, now just append and insert */
+    if (!sk_push(db->data, (char *)row)) {
+        db->error = DB_ERROR_MALLOC;
+        goto err;
+    }
 
-	for (i=0; i<db->num_fields; i++)
-		{
-		if (db->index[i] != NULL)
-			{
-			if ((db->qual[i] != NULL) &&
-				(db->qual[i](row) == 0)) continue;
-			lh_insert(db->index[i],row);
-			}
-		}
-	return(1);
-err:
-	return(0);
-	}
+    for (i = 0; i < db->num_fields; i++) {
+        if (db->index[i] != NULL) {
+            if ((db->qual[i] != NULL) && (db->qual[i] (row) == 0))
+                continue;
+            lh_insert(db->index[i], row);
+        }
+    }
+    return (1);
+ err:
+    return (0);
+}
 
 void TXT_DB_free(TXT_DB *db)
-	{
-	int i,n;
-	char **p,*max;
+{
+    int i, n;
+    char **p, *max;
 
-	if(db == NULL)
-	    return;
+    if (db == NULL)
+        return;
 
-	if (db->index != NULL)
-		{
-		for (i=db->num_fields-1; i>=0; i--)
-			if (db->index[i] != NULL) lh_free(db->index[i]);
-		OPENSSL_free(db->index);
-		}
-	if (db->qual != NULL)
-		OPENSSL_free(db->qual);
-	if (db->data != NULL)
-		{
-		for (i=sk_num(db->data)-1; i>=0; i--)
-			{
-			/* check if any 'fields' have been allocated
-			 * from outside of the initial block */
-			p=(char **)sk_value(db->data,i);
-			max=p[db->num_fields]; /* last address */
-			if (max == NULL) /* new row */
-				{
-				for (n=0; n<db->num_fields; n++)
-					if (p[n] != NULL) OPENSSL_free(p[n]);
-				}
-			else
-				{
-				for (n=0; n<db->num_fields; n++)
-					{
-					if (((p[n] < (char *)p) || (p[n] > max))
-						&& (p[n] != NULL))
-						OPENSSL_free(p[n]);
-					}
-				}
-			OPENSSL_free(sk_value(db->data,i));
-			}
-		sk_free(db->data);
-		}
-	OPENSSL_free(db);
-	}
+    if (db->index != NULL) {
+        for (i = db->num_fields - 1; i >= 0; i--)
+            if (db->index[i] != NULL)
+                lh_free(db->index[i]);
+        OPENSSL_free(db->index);
+    }
+    if (db->qual != NULL)
+        OPENSSL_free(db->qual);
+    if (db->data != NULL) {
+        for (i = sk_num(db->data) - 1; i >= 0; i--) {
+            /*
+             * check if any 'fields' have been allocated from outside of the
+             * initial block
+             */
+            p = (char **)sk_value(db->data, i);
+            max = p[db->num_fields]; /* last address */
+            if (max == NULL) {  /* new row */
+                for (n = 0; n < db->num_fields; n++)
+                    if (p[n] != NULL)
+                        OPENSSL_free(p[n]);
+            } else {
+                for (n = 0; n < db->num_fields; n++) {
+                    if (((p[n] < (char *)p) || (p[n] > max))
+                        && (p[n] != NULL))
+                        OPENSSL_free(p[n]);
+                }
+            }
+            OPENSSL_free(sk_value(db->data, i));
+        }
+        sk_free(db->data);
+    }
+    OPENSSL_free(db);
+}
diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_compat.c b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c
index 13e0f70d..0ca5284f 100644
--- a/Cryptlib/OpenSSL/crypto/ui/ui_compat.c
+++ b/Cryptlib/OpenSSL/crypto/ui/ui_compat.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,12 +56,14 @@
 #include <string.h>
 #include <openssl/ui_compat.h>
 
-int _ossl_old_des_read_pw_string(char *buf,int length,const char *prompt,int verify)
-	{
-	return UI_UTIL_read_pw_string(buf, length, prompt, verify);
-	}
+int _ossl_old_des_read_pw_string(char *buf, int length, const char *prompt,
+                                 int verify)
+{
+    return UI_UTIL_read_pw_string(buf, length, prompt, verify);
+}
 
-int _ossl_old_des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
-	{
-	return UI_UTIL_read_pw(buf, buff, size, prompt, verify);
-	}
+int _ossl_old_des_read_pw(char *buf, char *buff, int size, const char *prompt,
+                          int verify)
+{
+    return UI_UTIL_read_pw(buf, buff, size, prompt, verify);
+}
diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_err.c b/Cryptlib/OpenSSL/crypto/ui/ui_err.c
index 786bd0db..ffeb0039 100644
--- a/Cryptlib/OpenSSL/crypto/ui/ui_err.c
+++ b/Cryptlib/OpenSSL/crypto/ui/ui_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,48 +66,46 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_UI,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_UI,0,reason)
 
-static ERR_STRING_DATA UI_str_functs[]=
-	{
-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN),	"GENERAL_ALLOCATE_BOOLEAN"},
-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT),	"GENERAL_ALLOCATE_PROMPT"},
-{ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING),	"GENERAL_ALLOCATE_STRING"},
-{ERR_FUNC(UI_F_UI_CTRL),	"UI_ctrl"},
-{ERR_FUNC(UI_F_UI_DUP_ERROR_STRING),	"UI_dup_error_string"},
-{ERR_FUNC(UI_F_UI_DUP_INFO_STRING),	"UI_dup_info_string"},
-{ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN),	"UI_dup_input_boolean"},
-{ERR_FUNC(UI_F_UI_DUP_INPUT_STRING),	"UI_dup_input_string"},
-{ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING),	"UI_dup_verify_string"},
-{ERR_FUNC(UI_F_UI_GET0_RESULT),	"UI_get0_result"},
-{ERR_FUNC(UI_F_UI_NEW_METHOD),	"UI_new_method"},
-{ERR_FUNC(UI_F_UI_SET_RESULT),	"UI_set_result"},
-{0,NULL}
-	};
+static ERR_STRING_DATA UI_str_functs[] = {
+    {ERR_FUNC(UI_F_GENERAL_ALLOCATE_BOOLEAN), "GENERAL_ALLOCATE_BOOLEAN"},
+    {ERR_FUNC(UI_F_GENERAL_ALLOCATE_PROMPT), "GENERAL_ALLOCATE_PROMPT"},
+    {ERR_FUNC(UI_F_GENERAL_ALLOCATE_STRING), "GENERAL_ALLOCATE_STRING"},
+    {ERR_FUNC(UI_F_UI_CTRL), "UI_ctrl"},
+    {ERR_FUNC(UI_F_UI_DUP_ERROR_STRING), "UI_dup_error_string"},
+    {ERR_FUNC(UI_F_UI_DUP_INFO_STRING), "UI_dup_info_string"},
+    {ERR_FUNC(UI_F_UI_DUP_INPUT_BOOLEAN), "UI_dup_input_boolean"},
+    {ERR_FUNC(UI_F_UI_DUP_INPUT_STRING), "UI_dup_input_string"},
+    {ERR_FUNC(UI_F_UI_DUP_VERIFY_STRING), "UI_dup_verify_string"},
+    {ERR_FUNC(UI_F_UI_GET0_RESULT), "UI_get0_result"},
+    {ERR_FUNC(UI_F_UI_NEW_METHOD), "UI_new_method"},
+    {ERR_FUNC(UI_F_UI_SET_RESULT), "UI_set_result"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA UI_str_reasons[]=
-	{
-{ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),"common ok and cancel characters"},
-{ERR_REASON(UI_R_INDEX_TOO_LARGE)        ,"index too large"},
-{ERR_REASON(UI_R_INDEX_TOO_SMALL)        ,"index too small"},
-{ERR_REASON(UI_R_NO_RESULT_BUFFER)       ,"no result buffer"},
-{ERR_REASON(UI_R_RESULT_TOO_LARGE)       ,"result too large"},
-{ERR_REASON(UI_R_RESULT_TOO_SMALL)       ,"result too small"},
-{ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND),"unknown control command"},
-{0,NULL}
-	};
+static ERR_STRING_DATA UI_str_reasons[] = {
+    {ERR_REASON(UI_R_COMMON_OK_AND_CANCEL_CHARACTERS),
+     "common ok and cancel characters"},
+    {ERR_REASON(UI_R_INDEX_TOO_LARGE), "index too large"},
+    {ERR_REASON(UI_R_INDEX_TOO_SMALL), "index too small"},
+    {ERR_REASON(UI_R_NO_RESULT_BUFFER), "no result buffer"},
+    {ERR_REASON(UI_R_RESULT_TOO_LARGE), "result too large"},
+    {ERR_REASON(UI_R_RESULT_TOO_SMALL), "result too small"},
+    {ERR_REASON(UI_R_UNKNOWN_CONTROL_COMMAND), "unknown control command"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_UI_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(UI_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,UI_str_functs);
-		ERR_load_strings(0,UI_str_reasons);
-		}
+    if (ERR_func_error_string(UI_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, UI_str_functs);
+        ERR_load_strings(0, UI_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c
index 67013f8c..84d65cb3 100644
--- a/Cryptlib/OpenSSL/crypto/ui/ui_lib.c
+++ b/Cryptlib/OpenSSL/crypto/ui/ui_lib.c
@@ -1,6 +1,7 @@
 /* crypto/ui/ui_lib.c -*- mode:C; c-file-style: "eay" -*- */
-/* Written by Richard Levitte (richard@levitte.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Richard Levitte (richard@levitte.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -66,840 +67,781 @@
 
 IMPLEMENT_STACK_OF(UI_STRING_ST)
 
-static const UI_METHOD *default_UI_meth=NULL;
+static const UI_METHOD *default_UI_meth = NULL;
 
 UI *UI_new(void)
-	{
-	return(UI_new_method(NULL));
-	}
+{
+    return (UI_new_method(NULL));
+}
 
 UI *UI_new_method(const UI_METHOD *method)
-	{
-	UI *ret;
-
-	ret=(UI *)OPENSSL_malloc(sizeof(UI));
-	if (ret == NULL)
-		{
-		UIerr(UI_F_UI_NEW_METHOD,ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-	if (method == NULL)
-		ret->meth=UI_get_default_method();
-	else
-		ret->meth=method;
-
-	ret->strings=NULL;
-	ret->user_data=NULL;
-	ret->flags=0;
-	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
-	return ret;
-	}
+{
+    UI *ret;
+
+    ret = (UI *)OPENSSL_malloc(sizeof(UI));
+    if (ret == NULL) {
+        UIerr(UI_F_UI_NEW_METHOD, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (method == NULL)
+        ret->meth = UI_get_default_method();
+    else
+        ret->meth = method;
+
+    ret->strings = NULL;
+    ret->user_data = NULL;
+    ret->flags = 0;
+    CRYPTO_new_ex_data(CRYPTO_EX_INDEX_UI, ret, &ret->ex_data);
+    return ret;
+}
 
 static void free_string(UI_STRING *uis)
-	{
-	if (uis->flags & OUT_STRING_FREEABLE)
-		{
-		OPENSSL_free((char *)uis->out_string);
-		switch(uis->type)
-			{
-		case UIT_BOOLEAN:
-			OPENSSL_free((char *)uis->_.boolean_data.action_desc);
-			OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
-			OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
-			break;
-		default:
-			break;
-			}
-		}
-	OPENSSL_free(uis);
-	}
+{
+    if (uis->flags & OUT_STRING_FREEABLE) {
+        OPENSSL_free((char *)uis->out_string);
+        switch (uis->type) {
+        case UIT_BOOLEAN:
+            OPENSSL_free((char *)uis->_.boolean_data.action_desc);
+            OPENSSL_free((char *)uis->_.boolean_data.ok_chars);
+            OPENSSL_free((char *)uis->_.boolean_data.cancel_chars);
+            break;
+        default:
+            break;
+        }
+    }
+    OPENSSL_free(uis);
+}
 
 void UI_free(UI *ui)
-	{
-	if (ui == NULL)
-		return;
-	sk_UI_STRING_pop_free(ui->strings,free_string);
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
-	OPENSSL_free(ui);
-	}
+{
+    if (ui == NULL)
+        return;
+    sk_UI_STRING_pop_free(ui->strings, free_string);
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_UI, ui, &ui->ex_data);
+    OPENSSL_free(ui);
+}
 
 static int allocate_string_stack(UI *ui)
-	{
-	if (ui->strings == NULL)
-		{
-		ui->strings=sk_UI_STRING_new_null();
-		if (ui->strings == NULL)
-			{
-			return -1;
-			}
-		}
-	return 0;
-	}
+{
+    if (ui->strings == NULL) {
+        ui->strings = sk_UI_STRING_new_null();
+        if (ui->strings == NULL) {
+            return -1;
+        }
+    }
+    return 0;
+}
 
 static UI_STRING *general_allocate_prompt(UI *ui, const char *prompt,
-	int prompt_freeable, enum UI_string_types type, int input_flags,
-	char *result_buf)
-	{
-	UI_STRING *ret = NULL;
-
-	if (prompt == NULL)
-		{
-		UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,ERR_R_PASSED_NULL_PARAMETER);
-		}
-	else if ((type == UIT_PROMPT || type == UIT_VERIFY
-			 || type == UIT_BOOLEAN) && result_buf == NULL)
-		{
-		UIerr(UI_F_GENERAL_ALLOCATE_PROMPT,UI_R_NO_RESULT_BUFFER);
-		}
-	else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING))))
-		{
-		ret->out_string=prompt;
-		ret->flags=prompt_freeable ? OUT_STRING_FREEABLE : 0;
-		ret->input_flags=input_flags;
-		ret->type=type;
-		ret->result_buf=result_buf;
-		}
-	return ret;
-	}
+                                          int prompt_freeable,
+                                          enum UI_string_types type,
+                                          int input_flags, char *result_buf)
+{
+    UI_STRING *ret = NULL;
+
+    if (prompt == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, ERR_R_PASSED_NULL_PARAMETER);
+    } else if ((type == UIT_PROMPT || type == UIT_VERIFY
+                || type == UIT_BOOLEAN) && result_buf == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_PROMPT, UI_R_NO_RESULT_BUFFER);
+    } else if ((ret = (UI_STRING *)OPENSSL_malloc(sizeof(UI_STRING)))) {
+        ret->out_string = prompt;
+        ret->flags = prompt_freeable ? OUT_STRING_FREEABLE : 0;
+        ret->input_flags = input_flags;
+        ret->type = type;
+        ret->result_buf = result_buf;
+    }
+    return ret;
+}
 
 static int general_allocate_string(UI *ui, const char *prompt,
-	int prompt_freeable, enum UI_string_types type, int input_flags,
-	char *result_buf, int minsize, int maxsize, const char *test_buf)
-	{
-	int ret = -1;
-	UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
-		type, input_flags, result_buf);
-
-	if (s)
-		{
-		if (allocate_string_stack(ui) >= 0)
-			{
-			s->_.string_data.result_minsize=minsize;
-			s->_.string_data.result_maxsize=maxsize;
-			s->_.string_data.test_buf=test_buf;
-			ret=sk_UI_STRING_push(ui->strings, s);
-			/* sk_push() returns 0 on error.  Let's addapt that */
-			if (ret <= 0) ret--;
-			}
-		else
-			free_string(s);
-		}
-	return ret;
-	}
+                                   int prompt_freeable,
+                                   enum UI_string_types type, int input_flags,
+                                   char *result_buf, int minsize, int maxsize,
+                                   const char *test_buf)
+{
+    int ret = -1;
+    UI_STRING *s = general_allocate_prompt(ui, prompt, prompt_freeable,
+                                           type, input_flags, result_buf);
+
+    if (s) {
+        if (allocate_string_stack(ui) >= 0) {
+            s->_.string_data.result_minsize = minsize;
+            s->_.string_data.result_maxsize = maxsize;
+            s->_.string_data.test_buf = test_buf;
+            ret = sk_UI_STRING_push(ui->strings, s);
+            /* sk_push() returns 0 on error.  Let's addapt that */
+            if (ret <= 0)
+                ret--;
+        } else
+            free_string(s);
+    }
+    return ret;
+}
 
 static int general_allocate_boolean(UI *ui,
-	const char *prompt, const char *action_desc,
-	const char *ok_chars, const char *cancel_chars,
-	int prompt_freeable, enum UI_string_types type, int input_flags,
-	char *result_buf)
-	{
-	int ret = -1;
-	UI_STRING *s;
-	const char *p;
-
-	if (ok_chars == NULL)
-		{
-		UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);
-		}
-	else if (cancel_chars == NULL)
-		{
-		UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,ERR_R_PASSED_NULL_PARAMETER);
-		}
-	else
-		{
-		for(p = ok_chars; *p; p++)
-			{
-			if (strchr(cancel_chars, *p))
-				{
-				UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
-					UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
-				}
-			}
-
-		s = general_allocate_prompt(ui, prompt, prompt_freeable,
-			type, input_flags, result_buf);
-
-		if (s)
-			{
-			if (allocate_string_stack(ui) >= 0)
-				{
-				s->_.boolean_data.action_desc = action_desc;
-				s->_.boolean_data.ok_chars = ok_chars;
-				s->_.boolean_data.cancel_chars = cancel_chars;
-				ret=sk_UI_STRING_push(ui->strings, s);
-				/* sk_push() returns 0 on error.
-				   Let's addapt that */
-				if (ret <= 0) ret--;
-				}
-			else
-				free_string(s);
-			}
-		}
-	return ret;
-	}
-
-/* Returns the index to the place in the stack or -1 for error.  Uses a
-   direct reference to the prompt.  */
+                                    const char *prompt,
+                                    const char *action_desc,
+                                    const char *ok_chars,
+                                    const char *cancel_chars,
+                                    int prompt_freeable,
+                                    enum UI_string_types type,
+                                    int input_flags, char *result_buf)
+{
+    int ret = -1;
+    UI_STRING *s;
+    const char *p;
+
+    if (ok_chars == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
+    } else if (cancel_chars == NULL) {
+        UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN, ERR_R_PASSED_NULL_PARAMETER);
+    } else {
+        for (p = ok_chars; *p; p++) {
+            if (strchr(cancel_chars, *p)) {
+                UIerr(UI_F_GENERAL_ALLOCATE_BOOLEAN,
+                      UI_R_COMMON_OK_AND_CANCEL_CHARACTERS);
+            }
+        }
+
+        s = general_allocate_prompt(ui, prompt, prompt_freeable,
+                                    type, input_flags, result_buf);
+
+        if (s) {
+            if (allocate_string_stack(ui) >= 0) {
+                s->_.boolean_data.action_desc = action_desc;
+                s->_.boolean_data.ok_chars = ok_chars;
+                s->_.boolean_data.cancel_chars = cancel_chars;
+                ret = sk_UI_STRING_push(ui->strings, s);
+                /*
+                 * sk_push() returns 0 on error. Let's addapt that
+                 */
+                if (ret <= 0)
+                    ret--;
+            } else
+                free_string(s);
+        }
+    }
+    return ret;
+}
+
+/*
+ * Returns the index to the place in the stack or -1 for error.  Uses a
+ * direct reference to the prompt.
+ */
 int UI_add_input_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize)
-	{
-	return general_allocate_string(ui, prompt, 0,
-		UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);
-	}
+                        char *result_buf, int minsize, int maxsize)
+{
+    return general_allocate_string(ui, prompt, 0,
+                                   UIT_PROMPT, flags, result_buf, minsize,
+                                   maxsize, NULL);
+}
 
 /* Same as UI_add_input_string(), excepts it takes a copy of the prompt */
 int UI_dup_input_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize)
-	{
-	char *prompt_copy=NULL;
-
-	if (prompt)
-		{
-		prompt_copy=BUF_strdup(prompt);
-		if (prompt_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_INPUT_STRING,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		}
-	
-	return general_allocate_string(ui, prompt_copy, 1,
-		UIT_PROMPT, flags, result_buf, minsize, maxsize, NULL);
-	}
+                        char *result_buf, int minsize, int maxsize)
+{
+    char *prompt_copy = NULL;
+
+    if (prompt) {
+        prompt_copy = BUF_strdup(prompt);
+        if (prompt_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_STRING, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+
+    return general_allocate_string(ui, prompt_copy, 1,
+                                   UIT_PROMPT, flags, result_buf, minsize,
+                                   maxsize, NULL);
+}
 
 int UI_add_verify_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize, const char *test_buf)
-	{
-	return general_allocate_string(ui, prompt, 0,
-		UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);
-	}
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf)
+{
+    return general_allocate_string(ui, prompt, 0,
+                                   UIT_VERIFY, flags, result_buf, minsize,
+                                   maxsize, test_buf);
+}
 
 int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
-	char *result_buf, int minsize, int maxsize, const char *test_buf)
-	{
-	char *prompt_copy=NULL;
-
-	if (prompt)
-		{
-		prompt_copy=BUF_strdup(prompt);
-		if (prompt_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_VERIFY_STRING,ERR_R_MALLOC_FAILURE);
-			return -1;
-			}
-		}
-	
-	return general_allocate_string(ui, prompt_copy, 1,
-		UIT_VERIFY, flags, result_buf, minsize, maxsize, test_buf);
-	}
+                         char *result_buf, int minsize, int maxsize,
+                         const char *test_buf)
+{
+    char *prompt_copy = NULL;
+
+    if (prompt) {
+        prompt_copy = BUF_strdup(prompt);
+        if (prompt_copy == NULL) {
+            UIerr(UI_F_UI_DUP_VERIFY_STRING, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+
+    return general_allocate_string(ui, prompt_copy, 1,
+                                   UIT_VERIFY, flags, result_buf, minsize,
+                                   maxsize, test_buf);
+}
 
 int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-	const char *ok_chars, const char *cancel_chars,
-	int flags, char *result_buf)
-	{
-	return general_allocate_boolean(ui, prompt, action_desc,
-		ok_chars, cancel_chars, 0, UIT_BOOLEAN, flags, result_buf);
-	}
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf)
+{
+    return general_allocate_boolean(ui, prompt, action_desc,
+                                    ok_chars, cancel_chars, 0, UIT_BOOLEAN,
+                                    flags, result_buf);
+}
 
 int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
-	const char *ok_chars, const char *cancel_chars,
-	int flags, char *result_buf)
-	{
-	char *prompt_copy = NULL;
-	char *action_desc_copy = NULL;
-	char *ok_chars_copy = NULL;
-	char *cancel_chars_copy = NULL;
-
-	if (prompt)
-		{
-		prompt_copy=BUF_strdup(prompt);
-		if (prompt_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	
-	if (action_desc)
-		{
-		action_desc_copy=BUF_strdup(action_desc);
-		if (action_desc_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	
-	if (ok_chars)
-		{
-		ok_chars_copy=BUF_strdup(ok_chars);
-		if (ok_chars_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	
-	if (cancel_chars)
-		{
-		cancel_chars_copy=BUF_strdup(cancel_chars);
-		if (cancel_chars_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_INPUT_BOOLEAN,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-	
-	return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
-		ok_chars_copy, cancel_chars_copy, 1, UIT_BOOLEAN, flags,
-		result_buf);
+                         const char *ok_chars, const char *cancel_chars,
+                         int flags, char *result_buf)
+{
+    char *prompt_copy = NULL;
+    char *action_desc_copy = NULL;
+    char *ok_chars_copy = NULL;
+    char *cancel_chars_copy = NULL;
+
+    if (prompt) {
+        prompt_copy = BUF_strdup(prompt);
+        if (prompt_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (action_desc) {
+        action_desc_copy = BUF_strdup(action_desc);
+        if (action_desc_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (ok_chars) {
+        ok_chars_copy = BUF_strdup(ok_chars);
+        if (ok_chars_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    if (cancel_chars) {
+        cancel_chars_copy = BUF_strdup(cancel_chars);
+        if (cancel_chars_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INPUT_BOOLEAN, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
+                                    ok_chars_copy, cancel_chars_copy, 1,
+                                    UIT_BOOLEAN, flags, result_buf);
  err:
-	if (prompt_copy) OPENSSL_free(prompt_copy);
-	if (action_desc_copy) OPENSSL_free(action_desc_copy);
-	if (ok_chars_copy) OPENSSL_free(ok_chars_copy);
-	if (cancel_chars_copy) OPENSSL_free(cancel_chars_copy);
-	return -1;
-	}
+    if (prompt_copy)
+        OPENSSL_free(prompt_copy);
+    if (action_desc_copy)
+        OPENSSL_free(action_desc_copy);
+    if (ok_chars_copy)
+        OPENSSL_free(ok_chars_copy);
+    if (cancel_chars_copy)
+        OPENSSL_free(cancel_chars_copy);
+    return -1;
+}
 
 int UI_add_info_string(UI *ui, const char *text)
-	{
-	return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0,
-		NULL);
-	}
+{
+    return general_allocate_string(ui, text, 0, UIT_INFO, 0, NULL, 0, 0,
+                                   NULL);
+}
 
 int UI_dup_info_string(UI *ui, const char *text)
-	{
-	char *text_copy=NULL;
-
-	if (text)
-		{
-		text_copy=BUF_strdup(text);
-		if (text_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_INFO_STRING,ERR_R_MALLOC_FAILURE);
-			return -1;
-			}
-		}
-
-	return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
-		0, 0, NULL);
-	}
+{
+    char *text_copy = NULL;
+
+    if (text) {
+        text_copy = BUF_strdup(text);
+        if (text_copy == NULL) {
+            UIerr(UI_F_UI_DUP_INFO_STRING, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+
+    return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
+                                   0, 0, NULL);
+}
 
 int UI_add_error_string(UI *ui, const char *text)
-	{
-	return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0,
-		NULL);
-	}
+{
+    return general_allocate_string(ui, text, 0, UIT_ERROR, 0, NULL, 0, 0,
+                                   NULL);
+}
 
 int UI_dup_error_string(UI *ui, const char *text)
-	{
-	char *text_copy=NULL;
-
-	if (text)
-		{
-		text_copy=BUF_strdup(text);
-		if (text_copy == NULL)
-			{
-			UIerr(UI_F_UI_DUP_ERROR_STRING,ERR_R_MALLOC_FAILURE);
-			return -1;
-			}
-		}
-	return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
-		0, 0, NULL);
-	}
+{
+    char *text_copy = NULL;
+
+    if (text) {
+        text_copy = BUF_strdup(text);
+        if (text_copy == NULL) {
+            UIerr(UI_F_UI_DUP_ERROR_STRING, ERR_R_MALLOC_FAILURE);
+            return -1;
+        }
+    }
+    return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
+                                   0, 0, NULL);
+}
 
 char *UI_construct_prompt(UI *ui, const char *object_desc,
-	const char *object_name)
-	{
-	char *prompt = NULL;
-
-	if (ui->meth->ui_construct_prompt)
-		prompt = ui->meth->ui_construct_prompt(ui,
-			object_desc, object_name);
-	else
-		{
-		char prompt1[] = "Enter ";
-		char prompt2[] = " for ";
-		char prompt3[] = ":";
-		int len = 0;
-
-		if (object_desc == NULL)
-			return NULL;
-		len = sizeof(prompt1) - 1 + strlen(object_desc);
-		if (object_name)
-			len += sizeof(prompt2) - 1 + strlen(object_name);
-		len += sizeof(prompt3) - 1;
-
-		prompt = (char *)OPENSSL_malloc(len + 1);
-		BUF_strlcpy(prompt, prompt1, len + 1);
-		BUF_strlcat(prompt, object_desc, len + 1);
-		if (object_name)
-			{
-			BUF_strlcat(prompt, prompt2, len + 1);
-			BUF_strlcat(prompt, object_name, len + 1);
-			}
-		BUF_strlcat(prompt, prompt3, len + 1);
-		}
-	return prompt;
-	}
+                          const char *object_name)
+{
+    char *prompt = NULL;
+
+    if (ui->meth->ui_construct_prompt)
+        prompt = ui->meth->ui_construct_prompt(ui, object_desc, object_name);
+    else {
+        char prompt1[] = "Enter ";
+        char prompt2[] = " for ";
+        char prompt3[] = ":";
+        int len = 0;
+
+        if (object_desc == NULL)
+            return NULL;
+        len = sizeof(prompt1) - 1 + strlen(object_desc);
+        if (object_name)
+            len += sizeof(prompt2) - 1 + strlen(object_name);
+        len += sizeof(prompt3) - 1;
+
+        prompt = (char *)OPENSSL_malloc(len + 1);
+        BUF_strlcpy(prompt, prompt1, len + 1);
+        BUF_strlcat(prompt, object_desc, len + 1);
+        if (object_name) {
+            BUF_strlcat(prompt, prompt2, len + 1);
+            BUF_strlcat(prompt, object_name, len + 1);
+        }
+        BUF_strlcat(prompt, prompt3, len + 1);
+    }
+    return prompt;
+}
 
 void *UI_add_user_data(UI *ui, void *user_data)
-	{
-	void *old_data = ui->user_data;
-	ui->user_data = user_data;
-	return old_data;
-	}
+{
+    void *old_data = ui->user_data;
+    ui->user_data = user_data;
+    return old_data;
+}
 
 void *UI_get0_user_data(UI *ui)
-	{
-	return ui->user_data;
-	}
+{
+    return ui->user_data;
+}
 
 const char *UI_get0_result(UI *ui, int i)
-	{
-	if (i < 0)
-		{
-		UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_SMALL);
-		return NULL;
-		}
-	if (i >= sk_UI_STRING_num(ui->strings))
-		{
-		UIerr(UI_F_UI_GET0_RESULT,UI_R_INDEX_TOO_LARGE);
-		return NULL;
-		}
-	return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
-	}
+{
+    if (i < 0) {
+        UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_SMALL);
+        return NULL;
+    }
+    if (i >= sk_UI_STRING_num(ui->strings)) {
+        UIerr(UI_F_UI_GET0_RESULT, UI_R_INDEX_TOO_LARGE);
+        return NULL;
+    }
+    return UI_get0_result_string(sk_UI_STRING_value(ui->strings, i));
+}
 
 static int print_error(const char *str, size_t len, UI *ui)
-	{
-	UI_STRING uis;
+{
+    UI_STRING uis;
 
-	memset(&uis, 0, sizeof(uis));
-	uis.type = UIT_ERROR;
-	uis.out_string = str;
+    memset(&uis, 0, sizeof(uis));
+    uis.type = UIT_ERROR;
+    uis.out_string = str;
 
-	if (ui->meth->ui_write_string
-		&& !ui->meth->ui_write_string(ui, &uis))
-		return -1;
-	return 0;
-	}
+    if (ui->meth->ui_write_string && !ui->meth->ui_write_string(ui, &uis))
+        return -1;
+    return 0;
+}
 
 int UI_process(UI *ui)
-	{
-	int i, ok=0;
-
-	if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui))
-		return -1;
-
-	if (ui->flags & UI_FLAG_PRINT_ERRORS)
-		ERR_print_errors_cb(
-			(int (*)(const char *, size_t, void *))print_error,
-			(void *)ui);
-
-	for(i=0; i<sk_UI_STRING_num(ui->strings); i++)
-		{
-		if (ui->meth->ui_write_string
-			&& !ui->meth->ui_write_string(ui,
-				sk_UI_STRING_value(ui->strings, i)))
-			{
-			ok=-1;
-			goto err;
-			}
-		}
-
-	if (ui->meth->ui_flush)
-		switch(ui->meth->ui_flush(ui))
-			{
-		case -1: /* Interrupt/Cancel/something... */
-			ok = -2;
-			goto err;
-		case 0: /* Errors */
-			ok = -1;
-			goto err;
-		default: /* Success */
-			ok = 0;
-			break;
-			}
-
-	for(i=0; i<sk_UI_STRING_num(ui->strings); i++)
-		{
-		if (ui->meth->ui_read_string)
-			{
-			switch(ui->meth->ui_read_string(ui,
-				sk_UI_STRING_value(ui->strings, i)))
-				{
-			case -1: /* Interrupt/Cancel/something... */
-				ok = -2;
-				goto err;
-			case 0: /* Errors */
-				ok = -1;
-				goto err;
-			default: /* Success */
-				ok = 0;
-				break;
-				}
-			}
-		}
- err:
-	if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui))
-		return -1;
-	return ok;
-	}
-
-int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f)(void))
-	{
-	if (ui == NULL)
-		{
-		UIerr(UI_F_UI_CTRL,ERR_R_PASSED_NULL_PARAMETER);
-		return -1;
-		}
-	switch(cmd)
-		{
-	case UI_CTRL_PRINT_ERRORS:
-		{
-		int save_flag = !!(ui->flags & UI_FLAG_PRINT_ERRORS);
-		if (i)
-			ui->flags |= UI_FLAG_PRINT_ERRORS;
-		else
-			ui->flags &= ~UI_FLAG_PRINT_ERRORS;
-		return save_flag;
-		}
-	case UI_CTRL_IS_REDOABLE:
-		return !!(ui->flags & UI_FLAG_REDOABLE);
-	default:
-		break;
-		}
-	UIerr(UI_F_UI_CTRL,UI_R_UNKNOWN_CONTROL_COMMAND);
-	return -1;
-	}
+{
+    int i, ok = 0;
 
-int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+    if (ui->meth->ui_open_session && !ui->meth->ui_open_session(ui))
+        return -1;
+
+    if (ui->flags & UI_FLAG_PRINT_ERRORS)
+        ERR_print_errors_cb((int (*)(const char *, size_t, void *))
+                            print_error, (void *)ui);
+
+    for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
+        if (ui->meth->ui_write_string
+            && !ui->meth->ui_write_string(ui,
+                                          sk_UI_STRING_value(ui->strings, i)))
+        {
+            ok = -1;
+            goto err;
+        }
+    }
+
+    if (ui->meth->ui_flush)
+        switch (ui->meth->ui_flush(ui)) {
+        case -1:               /* Interrupt/Cancel/something... */
+            ok = -2;
+            goto err;
+        case 0:                /* Errors */
+            ok = -1;
+            goto err;
+        default:               /* Success */
+            ok = 0;
+            break;
+        }
+
+    for (i = 0; i < sk_UI_STRING_num(ui->strings); i++) {
+        if (ui->meth->ui_read_string) {
+            switch (ui->meth->ui_read_string(ui,
+                                             sk_UI_STRING_value(ui->strings,
+                                                                i))) {
+            case -1:           /* Interrupt/Cancel/something... */
+                ok = -2;
+                goto err;
+            case 0:            /* Errors */
+                ok = -1;
+                goto err;
+            default:           /* Success */
+                ok = 0;
+                break;
+            }
+        }
+    }
+ err:
+    if (ui->meth->ui_close_session && !ui->meth->ui_close_session(ui))
+        return -1;
+    return ok;
+}
+
+int UI_ctrl(UI *ui, int cmd, long i, void *p, void (*f) (void))
+{
+    if (ui == NULL) {
+        UIerr(UI_F_UI_CTRL, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
+    }
+    switch (cmd) {
+    case UI_CTRL_PRINT_ERRORS:
         {
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp,
-				new_func, dup_func, free_func);
+            int save_flag = ! !(ui->flags & UI_FLAG_PRINT_ERRORS);
+            if (i)
+                ui->flags |= UI_FLAG_PRINT_ERRORS;
+            else
+                ui->flags &= ~UI_FLAG_PRINT_ERRORS;
+            return save_flag;
         }
+    case UI_CTRL_IS_REDOABLE:
+        return ! !(ui->flags & UI_FLAG_REDOABLE);
+    default:
+        break;
+    }
+    UIerr(UI_F_UI_CTRL, UI_R_UNKNOWN_CONTROL_COMMAND);
+    return -1;
+}
+
+int UI_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+                        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_UI, argl, argp,
+                                   new_func, dup_func, free_func);
+}
 
 int UI_set_ex_data(UI *r, int idx, void *arg)
-	{
-	return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
-	}
+{
+    return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
+}
 
 void *UI_get_ex_data(UI *r, int idx)
-	{
-	return(CRYPTO_get_ex_data(&r->ex_data,idx));
-	}
+{
+    return (CRYPTO_get_ex_data(&r->ex_data, idx));
+}
 
 void UI_set_default_method(const UI_METHOD *meth)
-	{
-	default_UI_meth=meth;
-	}
+{
+    default_UI_meth = meth;
+}
 
 const UI_METHOD *UI_get_default_method(void)
-	{
-	if (default_UI_meth == NULL)
-		{
-		default_UI_meth=UI_OpenSSL();
-		}
-	return default_UI_meth;
-	}
+{
+    if (default_UI_meth == NULL) {
+        default_UI_meth = UI_OpenSSL();
+    }
+    return default_UI_meth;
+}
 
 const UI_METHOD *UI_get_method(UI *ui)
-	{
-	return ui->meth;
-	}
+{
+    return ui->meth;
+}
 
 const UI_METHOD *UI_set_method(UI *ui, const UI_METHOD *meth)
-	{
-	ui->meth=meth;
-	return ui->meth;
-	}
-
+{
+    ui->meth = meth;
+    return ui->meth;
+}
 
 UI_METHOD *UI_create_method(char *name)
-	{
-	UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD));
-
-	if (ui_method)
-		{
-		memset(ui_method, 0, sizeof(*ui_method));
-		ui_method->name = BUF_strdup(name);
-		}
-	return ui_method;
-	}
-
-/* BIG FSCKING WARNING!!!!  If you use this on a statically allocated method
-   (that is, it hasn't been allocated using UI_create_method(), you deserve
-   anything Murphy can throw at you and more!  You have been warned. */
+{
+    UI_METHOD *ui_method = (UI_METHOD *)OPENSSL_malloc(sizeof(UI_METHOD));
+
+    if (ui_method) {
+        memset(ui_method, 0, sizeof(*ui_method));
+        ui_method->name = BUF_strdup(name);
+    }
+    return ui_method;
+}
+
+/*
+ * BIG FSCKING WARNING!!!! If you use this on a statically allocated method
+ * (that is, it hasn't been allocated using UI_create_method(), you deserve
+ * anything Murphy can throw at you and more! You have been warned.
+ */
 void UI_destroy_method(UI_METHOD *ui_method)
-	{
-	OPENSSL_free(ui_method->name);
-	ui_method->name = NULL;
-	OPENSSL_free(ui_method);
-	}
-
-int UI_method_set_opener(UI_METHOD *method, int (*opener)(UI *ui))
-	{
-	if (method)
-		{
-		method->ui_open_session = opener;
-		return 0;
-		}
-	else
-		return -1;
-	}
-
-int UI_method_set_writer(UI_METHOD *method, int (*writer)(UI *ui, UI_STRING *uis))
-	{
-	if (method)
-		{
-		method->ui_write_string = writer;
-		return 0;
-		}
-	else
-		return -1;
-	}
-
-int UI_method_set_flusher(UI_METHOD *method, int (*flusher)(UI *ui))
-	{
-	if (method)
-		{
-		method->ui_flush = flusher;
-		return 0;
-		}
-	else
-		return -1;
-	}
-
-int UI_method_set_reader(UI_METHOD *method, int (*reader)(UI *ui, UI_STRING *uis))
-	{
-	if (method)
-		{
-		method->ui_read_string = reader;
-		return 0;
-		}
-	else
-		return -1;
-	}
-
-int UI_method_set_closer(UI_METHOD *method, int (*closer)(UI *ui))
-	{
-	if (method)
-		{
-		method->ui_close_session = closer;
-		return 0;
-		}
-	else
-		return -1;
-	}
-
-int (*UI_method_get_opener(UI_METHOD *method))(UI*)
-	{
-	if (method)
-		return method->ui_open_session;
-	else
-		return NULL;
-	}
-
-int (*UI_method_get_writer(UI_METHOD *method))(UI*,UI_STRING*)
-	{
-	if (method)
-		return method->ui_write_string;
-	else
-		return NULL;
-	}
-
-int (*UI_method_get_flusher(UI_METHOD *method))(UI*)
-	{
-	if (method)
-		return method->ui_flush;
-	else
-		return NULL;
-	}
-
-int (*UI_method_get_reader(UI_METHOD *method))(UI*,UI_STRING*)
-	{
-	if (method)
-		return method->ui_read_string;
-	else
-		return NULL;
-	}
-
-int (*UI_method_get_closer(UI_METHOD *method))(UI*)
-	{
-	if (method)
-		return method->ui_close_session;
-	else
-		return NULL;
-	}
+{
+    OPENSSL_free(ui_method->name);
+    ui_method->name = NULL;
+    OPENSSL_free(ui_method);
+}
+
+int UI_method_set_opener(UI_METHOD *method, int (*opener) (UI *ui))
+{
+    if (method) {
+        method->ui_open_session = opener;
+        return 0;
+    } else
+        return -1;
+}
+
+int UI_method_set_writer(UI_METHOD *method,
+                         int (*writer) (UI *ui, UI_STRING *uis))
+{
+    if (method) {
+        method->ui_write_string = writer;
+        return 0;
+    } else
+        return -1;
+}
+
+int UI_method_set_flusher(UI_METHOD *method, int (*flusher) (UI *ui))
+{
+    if (method) {
+        method->ui_flush = flusher;
+        return 0;
+    } else
+        return -1;
+}
+
+int UI_method_set_reader(UI_METHOD *method,
+                         int (*reader) (UI *ui, UI_STRING *uis))
+{
+    if (method) {
+        method->ui_read_string = reader;
+        return 0;
+    } else
+        return -1;
+}
+
+int UI_method_set_closer(UI_METHOD *method, int (*closer) (UI *ui))
+{
+    if (method) {
+        method->ui_close_session = closer;
+        return 0;
+    } else
+        return -1;
+}
+
+int (*UI_method_get_opener(UI_METHOD *method)) (UI *) {
+    if (method)
+        return method->ui_open_session;
+    else
+        return NULL;
+}
+
+int (*UI_method_get_writer(UI_METHOD *method)) (UI *, UI_STRING *) {
+    if (method)
+        return method->ui_write_string;
+    else
+        return NULL;
+}
+
+int (*UI_method_get_flusher(UI_METHOD *method)) (UI *) {
+    if (method)
+        return method->ui_flush;
+    else
+        return NULL;
+}
+
+int (*UI_method_get_reader(UI_METHOD *method)) (UI *, UI_STRING *) {
+    if (method)
+        return method->ui_read_string;
+    else
+        return NULL;
+}
+
+int (*UI_method_get_closer(UI_METHOD *method)) (UI *) {
+    if (method)
+        return method->ui_close_session;
+    else
+        return NULL;
+}
 
 enum UI_string_types UI_get_string_type(UI_STRING *uis)
-	{
-	if (!uis)
-		return UIT_NONE;
-	return uis->type;
-	}
+{
+    if (!uis)
+        return UIT_NONE;
+    return uis->type;
+}
 
 int UI_get_input_flags(UI_STRING *uis)
-	{
-	if (!uis)
-		return 0;
-	return uis->input_flags;
-	}
+{
+    if (!uis)
+        return 0;
+    return uis->input_flags;
+}
 
 const char *UI_get0_output_string(UI_STRING *uis)
-	{
-	if (!uis)
-		return NULL;
-	return uis->out_string;
-	}
+{
+    if (!uis)
+        return NULL;
+    return uis->out_string;
+}
 
 const char *UI_get0_action_string(UI_STRING *uis)
-	{
-	if (!uis)
-		return NULL;
-	switch(uis->type)
-		{
-	case UIT_PROMPT:
-	case UIT_BOOLEAN:
-		return uis->_.boolean_data.action_desc;
-	default:
-		return NULL;
-		}
-	}
+{
+    if (!uis)
+        return NULL;
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_BOOLEAN:
+        return uis->_.boolean_data.action_desc;
+    default:
+        return NULL;
+    }
+}
 
 const char *UI_get0_result_string(UI_STRING *uis)
-	{
-	if (!uis)
-		return NULL;
-	switch(uis->type)
-		{
-	case UIT_PROMPT:
-	case UIT_VERIFY:
-		return uis->result_buf;
-	default:
-		return NULL;
-		}
-	}
+{
+    if (!uis)
+        return NULL;
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->result_buf;
+    default:
+        return NULL;
+    }
+}
 
 const char *UI_get0_test_string(UI_STRING *uis)
-	{
-	if (!uis)
-		return NULL;
-	switch(uis->type)
-		{
-	case UIT_VERIFY:
-		return uis->_.string_data.test_buf;
-	default:
-		return NULL;
-		}
-	}
+{
+    if (!uis)
+        return NULL;
+    switch (uis->type) {
+    case UIT_VERIFY:
+        return uis->_.string_data.test_buf;
+    default:
+        return NULL;
+    }
+}
 
 int UI_get_result_minsize(UI_STRING *uis)
-	{
-	if (!uis)
-		return -1;
-	switch(uis->type)
-		{
-	case UIT_PROMPT:
-	case UIT_VERIFY:
-		return uis->_.string_data.result_minsize;
-	default:
-		return -1;
-		}
-	}
+{
+    if (!uis)
+        return -1;
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->_.string_data.result_minsize;
+    default:
+        return -1;
+    }
+}
 
 int UI_get_result_maxsize(UI_STRING *uis)
-	{
-	if (!uis)
-		return -1;
-	switch(uis->type)
-		{
-	case UIT_PROMPT:
-	case UIT_VERIFY:
-		return uis->_.string_data.result_maxsize;
-	default:
-		return -1;
-		}
-	}
+{
+    if (!uis)
+        return -1;
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        return uis->_.string_data.result_maxsize;
+    default:
+        return -1;
+    }
+}
 
 int UI_set_result(UI *ui, UI_STRING *uis, const char *result)
-	{
-	int l = strlen(result);
-
-	ui->flags &= ~UI_FLAG_REDOABLE;
-
-	if (!uis)
-		return -1;
-	switch (uis->type)
-		{
-	case UIT_PROMPT:
-	case UIT_VERIFY:
-		{
-		char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize)+1];
-		char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize)+1];
-
-		BIO_snprintf(number1, sizeof(number1), "%d",
-			uis->_.string_data.result_minsize);
-		BIO_snprintf(number2, sizeof(number2), "%d",
-			uis->_.string_data.result_maxsize);
-
-		if (l < uis->_.string_data.result_minsize)
-			{
-			ui->flags |= UI_FLAG_REDOABLE;
-			UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_SMALL);
-			ERR_add_error_data(5,"You must type in ",
-				number1," to ",number2," characters");
-			return -1;
-			}
-		if (l > uis->_.string_data.result_maxsize)
-			{
-			ui->flags |= UI_FLAG_REDOABLE;
-			UIerr(UI_F_UI_SET_RESULT,UI_R_RESULT_TOO_LARGE);
-			ERR_add_error_data(5,"You must type in ",
-				number1," to ",number2," characters");
-			return -1;
-			}
-		}
-
-		if (!uis->result_buf)
-			{
-			UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);
-			return -1;
-			}
-
-		BUF_strlcpy(uis->result_buf, result,
-			    uis->_.string_data.result_maxsize + 1);
-		break;
-	case UIT_BOOLEAN:
-		{
-		const char *p;
-
-		if (!uis->result_buf)
-			{
-			UIerr(UI_F_UI_SET_RESULT,UI_R_NO_RESULT_BUFFER);
-			return -1;
-			}
-
-		uis->result_buf[0] = '\0';
-		for(p = result; *p; p++)
-			{
-			if (strchr(uis->_.boolean_data.ok_chars, *p))
-				{
-				uis->result_buf[0] =
-					uis->_.boolean_data.ok_chars[0];
-				break;
-				}
-			if (strchr(uis->_.boolean_data.cancel_chars, *p))
-				{
-				uis->result_buf[0] =
-					uis->_.boolean_data.cancel_chars[0];
-				break;
-				}
-			}
-		}
-	default:
-		break;
-		}
-	return 0;
-	}
+{
+    int l = strlen(result);
+
+    ui->flags &= ~UI_FLAG_REDOABLE;
+
+    if (!uis)
+        return -1;
+    switch (uis->type) {
+    case UIT_PROMPT:
+    case UIT_VERIFY:
+        {
+            char number1[DECIMAL_SIZE(uis->_.string_data.result_minsize) + 1];
+            char number2[DECIMAL_SIZE(uis->_.string_data.result_maxsize) + 1];
+
+            BIO_snprintf(number1, sizeof(number1), "%d",
+                         uis->_.string_data.result_minsize);
+            BIO_snprintf(number2, sizeof(number2), "%d",
+                         uis->_.string_data.result_maxsize);
+
+            if (l < uis->_.string_data.result_minsize) {
+                ui->flags |= UI_FLAG_REDOABLE;
+                UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_SMALL);
+                ERR_add_error_data(5, "You must type in ",
+                                   number1, " to ", number2, " characters");
+                return -1;
+            }
+            if (l > uis->_.string_data.result_maxsize) {
+                ui->flags |= UI_FLAG_REDOABLE;
+                UIerr(UI_F_UI_SET_RESULT, UI_R_RESULT_TOO_LARGE);
+                ERR_add_error_data(5, "You must type in ",
+                                   number1, " to ", number2, " characters");
+                return -1;
+            }
+        }
+
+        if (!uis->result_buf) {
+            UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
+            return -1;
+        }
+
+        BUF_strlcpy(uis->result_buf, result,
+                    uis->_.string_data.result_maxsize + 1);
+        break;
+    case UIT_BOOLEAN:
+        {
+            const char *p;
+
+            if (!uis->result_buf) {
+                UIerr(UI_F_UI_SET_RESULT, UI_R_NO_RESULT_BUFFER);
+                return -1;
+            }
+
+            uis->result_buf[0] = '\0';
+            for (p = result; *p; p++) {
+                if (strchr(uis->_.boolean_data.ok_chars, *p)) {
+                    uis->result_buf[0] = uis->_.boolean_data.ok_chars[0];
+                    break;
+                }
+                if (strchr(uis->_.boolean_data.cancel_chars, *p)) {
+                    uis->result_buf[0] = uis->_.boolean_data.cancel_chars[0];
+                    break;
+                }
+            }
+        }
+    default:
+        break;
+    }
+    return 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/ui/ui_util.c b/Cryptlib/OpenSSL/crypto/ui/ui_util.c
index 5d9760bb..f65f80d7 100644
--- a/Cryptlib/OpenSSL/crypto/ui/ui_util.c
+++ b/Cryptlib/OpenSSL/crypto/ui/ui_util.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,36 +56,38 @@
 #include <string.h>
 #include "ui_locl.h"
 
-int UI_UTIL_read_pw_string(char *buf,int length,const char *prompt,int verify)
-	{
-	char buff[BUFSIZ];
-	int ret;
+int UI_UTIL_read_pw_string(char *buf, int length, const char *prompt,
+                           int verify)
+{
+    char buff[BUFSIZ];
+    int ret;
 
-	ret=UI_UTIL_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
-	OPENSSL_cleanse(buff,BUFSIZ);
-	return(ret);
-	}
+    ret =
+        UI_UTIL_read_pw(buf, buff, (length > BUFSIZ) ? BUFSIZ : length,
+                        prompt, verify);
+    OPENSSL_cleanse(buff, BUFSIZ);
+    return (ret);
+}
 
-int UI_UTIL_read_pw(char *buf,char *buff,int size,const char *prompt,int verify)
-	{
-	int ok = 0;
-	UI *ui;
+int UI_UTIL_read_pw(char *buf, char *buff, int size, const char *prompt,
+                    int verify)
+{
+    int ok = 0;
+    UI *ui;
 
-	if (size < 1)
-		return -1;
+    if (size < 1)
+        return -1;
 
-	ui = UI_new();
-	if (ui)
-		{
-		ok = UI_add_input_string(ui,prompt,0,buf,0,size-1);
-		if (ok >= 0 && verify)
-			ok = UI_add_verify_string(ui,prompt,0,buff,0,size-1,
-				buf);
-		if (ok >= 0)
-			ok=UI_process(ui);
-		UI_free(ui);
-		}
-	if (ok > 0)
-		ok = 0;
-	return(ok);
-	}
+    ui = UI_new();
+    if (ui) {
+        ok = UI_add_input_string(ui, prompt, 0, buf, 0, size - 1);
+        if (ok >= 0 && verify)
+            ok = UI_add_verify_string(ui, prompt, 0, buff, 0, size - 1, buf);
+        if (ok >= 0)
+            ok = UI_process(ui);
+        UI_free(ui);
+    }
+    if (ok > 0)
+        ok = 0;
+    return (ok);
+}
diff --git a/Cryptlib/OpenSSL/crypto/uid.c b/Cryptlib/OpenSSL/crypto/uid.c
index b1fd52ba..90694c67 100644
--- a/Cryptlib/OpenSSL/crypto/uid.c
+++ b/Cryptlib/OpenSSL/crypto/uid.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,32 +58,31 @@
 
 #if defined(__OpenBSD__) || (defined(__FreeBSD__) && __FreeBSD__ > 2)
 
-#include OPENSSL_UNISTD
+# include OPENSSL_UNISTD
 
 int OPENSSL_issetugid(void)
-	{
-	return issetugid();
-	}
+{
+    return issetugid();
+}
 
 #elif defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_NETWARE)
 
 int OPENSSL_issetugid(void)
-	{
-	return 0;
-	}
+{
+    return 0;
+}
 
 #else
 
-#include OPENSSL_UNISTD
-#include <sys/types.h>
+# include OPENSSL_UNISTD
+# include <sys/types.h>
 
 int OPENSSL_issetugid(void)
-	{
-	if (getuid() != geteuid()) return 1;
-	if (getgid() != getegid()) return 1;
-	return 0;
-	}
+{
+    if (getuid() != geteuid())
+        return 1;
+    if (getgid() != getegid())
+        return 1;
+    return 0;
+}
 #endif
-
-
-
diff --git a/Cryptlib/OpenSSL/crypto/x509/by_dir.c b/Cryptlib/OpenSSL/crypto/x509/by_dir.c
index b3acd80f..5a127430 100644
--- a/Cryptlib/OpenSSL/crypto/x509/by_dir.c
+++ b/Cryptlib/OpenSSL/crypto/x509/by_dir.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -75,311 +75,294 @@
 #include <openssl/x509.h>
 
 #ifdef _WIN32
-#define stat	_stat
+# define stat    _stat
 #endif
 
-typedef struct lookup_dir_st
-	{
-	BUF_MEM *buffer;
-	int num_dirs;
-	char **dirs;
-	int *dirs_type;
-	int num_dirs_alloced;
-	} BY_DIR;
+typedef struct lookup_dir_st {
+    BUF_MEM *buffer;
+    int num_dirs;
+    char **dirs;
+    int *dirs_type;
+    int num_dirs_alloced;
+} BY_DIR;
 
 static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
-	char **ret);
+                    char **ret);
 static int new_dir(X509_LOOKUP *lu);
 static void free_dir(X509_LOOKUP *lu);
-static int add_cert_dir(BY_DIR *ctx,const char *dir,int type);
-static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name,
-	X509_OBJECT *ret);
-X509_LOOKUP_METHOD x509_dir_lookup=
-	{
-	"Load certs from files in a directory",
-	new_dir,		/* new */
-	free_dir,		/* free */
-	NULL, 			/* init */
-	NULL,			/* shutdown */
-	dir_ctrl,		/* ctrl */
-	get_cert_by_subject,	/* get_by_subject */
-	NULL,			/* get_by_issuer_serial */
-	NULL,			/* get_by_fingerprint */
-	NULL,			/* get_by_alias */
-	};
+static int add_cert_dir(BY_DIR *ctx, const char *dir, int type);
+static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
+                               X509_OBJECT *ret);
+X509_LOOKUP_METHOD x509_dir_lookup = {
+    "Load certs from files in a directory",
+    new_dir,                    /* new */
+    free_dir,                   /* free */
+    NULL,                       /* init */
+    NULL,                       /* shutdown */
+    dir_ctrl,                   /* ctrl */
+    get_cert_by_subject,        /* get_by_subject */
+    NULL,                       /* get_by_issuer_serial */
+    NULL,                       /* get_by_fingerprint */
+    NULL,                       /* get_by_alias */
+};
 
 X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void)
-	{
-	return(&x509_dir_lookup);
-	}
+{
+    return (&x509_dir_lookup);
+}
 
 static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
-	     char **retp)
-	{
-	int ret=0;
-	BY_DIR *ld;
-	char *dir = NULL;
+                    char **retp)
+{
+    int ret = 0;
+    BY_DIR *ld;
+    char *dir = NULL;
 
-	ld=(BY_DIR *)ctx->method_data;
+    ld = (BY_DIR *)ctx->method_data;
 
-	switch (cmd)
-		{
-	case X509_L_ADD_DIR:
-		if (argl == X509_FILETYPE_DEFAULT)
-			{
-			dir=(char *)Getenv(X509_get_default_cert_dir_env());
-			if (dir)
-				ret=add_cert_dir(ld,dir,X509_FILETYPE_PEM);
-			else
-				ret=add_cert_dir(ld,X509_get_default_cert_dir(),
-					X509_FILETYPE_PEM);
-			if (!ret)
-				{
-				X509err(X509_F_DIR_CTRL,X509_R_LOADING_CERT_DIR);
-				}
-			}
-		else
-			ret=add_cert_dir(ld,argp,(int)argl);
-		break;
-		}
-	return(ret);
-	}
+    switch (cmd) {
+    case X509_L_ADD_DIR:
+        if (argl == X509_FILETYPE_DEFAULT) {
+            dir = (char *)Getenv(X509_get_default_cert_dir_env());
+            if (dir)
+                ret = add_cert_dir(ld, dir, X509_FILETYPE_PEM);
+            else
+                ret = add_cert_dir(ld, X509_get_default_cert_dir(),
+                                   X509_FILETYPE_PEM);
+            if (!ret) {
+                X509err(X509_F_DIR_CTRL, X509_R_LOADING_CERT_DIR);
+            }
+        } else
+            ret = add_cert_dir(ld, argp, (int)argl);
+        break;
+    }
+    return (ret);
+}
 
 static int new_dir(X509_LOOKUP *lu)
-	{
-	BY_DIR *a;
+{
+    BY_DIR *a;
 
-	if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
-		return(0);
-	if ((a->buffer=BUF_MEM_new()) == NULL)
-		{
-		OPENSSL_free(a);
-		return(0);
-		}
-	a->num_dirs=0;
-	a->dirs=NULL;
-	a->dirs_type=NULL;
-	a->num_dirs_alloced=0;
-	lu->method_data=(char *)a;
-	return(1);
-	}
+    if ((a = (BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL)
+        return (0);
+    if ((a->buffer = BUF_MEM_new()) == NULL) {
+        OPENSSL_free(a);
+        return (0);
+    }
+    a->num_dirs = 0;
+    a->dirs = NULL;
+    a->dirs_type = NULL;
+    a->num_dirs_alloced = 0;
+    lu->method_data = (char *)a;
+    return (1);
+}
 
 static void free_dir(X509_LOOKUP *lu)
-	{
-	BY_DIR *a;
-	int i;
+{
+    BY_DIR *a;
+    int i;
 
-	a=(BY_DIR *)lu->method_data;
-	for (i=0; i<a->num_dirs; i++)
-		if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]);
-	if (a->dirs != NULL) OPENSSL_free(a->dirs);
-	if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type);
-	if (a->buffer != NULL) BUF_MEM_free(a->buffer);
-	OPENSSL_free(a);
-	}
+    a = (BY_DIR *)lu->method_data;
+    for (i = 0; i < a->num_dirs; i++)
+        if (a->dirs[i] != NULL)
+            OPENSSL_free(a->dirs[i]);
+    if (a->dirs != NULL)
+        OPENSSL_free(a->dirs);
+    if (a->dirs_type != NULL)
+        OPENSSL_free(a->dirs_type);
+    if (a->buffer != NULL)
+        BUF_MEM_free(a->buffer);
+    OPENSSL_free(a);
+}
 
 static int add_cert_dir(BY_DIR *ctx, const char *dir, int type)
-	{
-	int j,len;
-	int *ip;
-	const char *s,*ss,*p;
-	char **pp;
+{
+    int j, len;
+    int *ip;
+    const char *s, *ss, *p;
+    char **pp;
 
-	if (dir == NULL || !*dir)
-	    {
-	    X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY);
-	    return 0;
-	    }
+    if (dir == NULL || !*dir) {
+        X509err(X509_F_ADD_CERT_DIR, X509_R_INVALID_DIRECTORY);
+        return 0;
+    }
 
-	s=dir;
-	p=s;
-	for (;;p++)
-		{
-		if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0'))
-			{
-			ss=s;
-			s=p+1;
-			len=(int)(p-ss);
-			if (len == 0) continue;
-			for (j=0; j<ctx->num_dirs; j++)
-				if (strlen(ctx->dirs[j]) == (size_t)len &&
-				    strncmp(ctx->dirs[j],ss,(unsigned int)len) == 0)
-					break;
-			if (j<ctx->num_dirs)
-				continue;
-			if (ctx->num_dirs_alloced < (ctx->num_dirs+1))
-				{
-				ctx->num_dirs_alloced+=10;
-				pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced*
-					sizeof(char *));
-				ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced*
-					sizeof(int));
-				if ((pp == NULL) || (ip == NULL))
-					{
-					X509err(X509_F_ADD_CERT_DIR,ERR_R_MALLOC_FAILURE);
-					return(0);
-					}
-				memcpy(pp,ctx->dirs,(ctx->num_dirs_alloced-10)*
-					sizeof(char *));
-				memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)*
-					sizeof(int));
-				if (ctx->dirs != NULL)
-					OPENSSL_free(ctx->dirs);
-				if (ctx->dirs_type != NULL)
-					OPENSSL_free(ctx->dirs_type);
-				ctx->dirs=pp;
-				ctx->dirs_type=ip;
-				}
-			ctx->dirs_type[ctx->num_dirs]=type;
-			ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1);
-			if (ctx->dirs[ctx->num_dirs] == NULL) return(0);
-			strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len);
-			ctx->dirs[ctx->num_dirs][len]='\0';
-			ctx->num_dirs++;
-			}
-		if (*p == '\0') break;
-		}
-	return(1);
-	}
+    s = dir;
+    p = s;
+    for (;; p++) {
+        if ((*p == LIST_SEPARATOR_CHAR) || (*p == '\0')) {
+            ss = s;
+            s = p + 1;
+            len = (int)(p - ss);
+            if (len == 0)
+                continue;
+            for (j = 0; j < ctx->num_dirs; j++)
+                if (strlen(ctx->dirs[j]) == (size_t)len &&
+                    strncmp(ctx->dirs[j], ss, (unsigned int)len) == 0)
+                    break;
+            if (j < ctx->num_dirs)
+                continue;
+            if (ctx->num_dirs_alloced < (ctx->num_dirs + 1)) {
+                ctx->num_dirs_alloced += 10;
+                pp = (char **)OPENSSL_malloc(ctx->num_dirs_alloced *
+                                             sizeof(char *));
+                ip = (int *)OPENSSL_malloc(ctx->num_dirs_alloced *
+                                           sizeof(int));
+                if ((pp == NULL) || (ip == NULL)) {
+                    X509err(X509_F_ADD_CERT_DIR, ERR_R_MALLOC_FAILURE);
+                    return (0);
+                }
+                memcpy(pp, ctx->dirs, (ctx->num_dirs_alloced - 10) *
+                       sizeof(char *));
+                memcpy(ip, ctx->dirs_type, (ctx->num_dirs_alloced - 10) *
+                       sizeof(int));
+                if (ctx->dirs != NULL)
+                    OPENSSL_free(ctx->dirs);
+                if (ctx->dirs_type != NULL)
+                    OPENSSL_free(ctx->dirs_type);
+                ctx->dirs = pp;
+                ctx->dirs_type = ip;
+            }
+            ctx->dirs_type[ctx->num_dirs] = type;
+            ctx->dirs[ctx->num_dirs] =
+                (char *)OPENSSL_malloc((unsigned int)len + 1);
+            if (ctx->dirs[ctx->num_dirs] == NULL)
+                return (0);
+            strncpy(ctx->dirs[ctx->num_dirs], ss, (unsigned int)len);
+            ctx->dirs[ctx->num_dirs][len] = '\0';
+            ctx->num_dirs++;
+        }
+        if (*p == '\0')
+            break;
+    }
+    return (1);
+}
 
 static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name,
-	     X509_OBJECT *ret)
-	{
-	BY_DIR *ctx;
-	union	{
-		struct	{
-			X509 st_x509;
-			X509_CINF st_x509_cinf;
-			} x509;
-		struct	{
-			X509_CRL st_crl;
-			X509_CRL_INFO st_crl_info;
-			} crl;
-		} data;
-	int ok=0;
-	int i,j,k;
-	unsigned long h;
-	BUF_MEM *b=NULL;
-	struct stat st;
-	X509_OBJECT stmp,*tmp;
-	const char *postfix="";
+                               X509_OBJECT *ret)
+{
+    BY_DIR *ctx;
+    union {
+        struct {
+            X509 st_x509;
+            X509_CINF st_x509_cinf;
+        } x509;
+        struct {
+            X509_CRL st_crl;
+            X509_CRL_INFO st_crl_info;
+        } crl;
+    } data;
+    int ok = 0;
+    int i, j, k;
+    unsigned long h;
+    BUF_MEM *b = NULL;
+    struct stat st;
+    X509_OBJECT stmp, *tmp;
+    const char *postfix = "";
+
+    if (name == NULL)
+        return (0);
 
-	if (name == NULL) return(0);
+    stmp.type = type;
+    if (type == X509_LU_X509) {
+        data.x509.st_x509.cert_info = &data.x509.st_x509_cinf;
+        data.x509.st_x509_cinf.subject = name;
+        stmp.data.x509 = &data.x509.st_x509;
+        postfix = "";
+    } else if (type == X509_LU_CRL) {
+        data.crl.st_crl.crl = &data.crl.st_crl_info;
+        data.crl.st_crl_info.issuer = name;
+        stmp.data.crl = &data.crl.st_crl;
+        postfix = "r";
+    } else {
+        X509err(X509_F_GET_CERT_BY_SUBJECT, X509_R_WRONG_LOOKUP_TYPE);
+        goto finish;
+    }
 
-	stmp.type=type;
-	if (type == X509_LU_X509)
-		{
-		data.x509.st_x509.cert_info= &data.x509.st_x509_cinf;
-		data.x509.st_x509_cinf.subject=name;
-		stmp.data.x509= &data.x509.st_x509;
-		postfix="";
-		}
-	else if (type == X509_LU_CRL)
-		{
-		data.crl.st_crl.crl= &data.crl.st_crl_info;
-		data.crl.st_crl_info.issuer=name;
-		stmp.data.crl= &data.crl.st_crl;
-		postfix="r";
-		}
-	else
-		{
-		X509err(X509_F_GET_CERT_BY_SUBJECT,X509_R_WRONG_LOOKUP_TYPE);
-		goto finish;
-		}
+    if ((b = BUF_MEM_new()) == NULL) {
+        X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_BUF_LIB);
+        goto finish;
+    }
 
-	if ((b=BUF_MEM_new()) == NULL)
-		{
-		X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_BUF_LIB);
-		goto finish;
-		}
-	
-	ctx=(BY_DIR *)xl->method_data;
+    ctx = (BY_DIR *)xl->method_data;
 
-	h=X509_NAME_hash(name);
-	for (i=0; i<ctx->num_dirs; i++)
-		{
-		j=strlen(ctx->dirs[i])+1+8+6+1+1;
-		if (!BUF_MEM_grow(b,j))
-			{
-			X509err(X509_F_GET_CERT_BY_SUBJECT,ERR_R_MALLOC_FAILURE);
-			goto finish;
-			}
-		k=0;
-		for (;;)
-			{
-			char c = '/';
+    h = X509_NAME_hash(name);
+    for (i = 0; i < ctx->num_dirs; i++) {
+        j = strlen(ctx->dirs[i]) + 1 + 8 + 6 + 1 + 1;
+        if (!BUF_MEM_grow(b, j)) {
+            X509err(X509_F_GET_CERT_BY_SUBJECT, ERR_R_MALLOC_FAILURE);
+            goto finish;
+        }
+        k = 0;
+        for (;;) {
+            char c = '/';
 #ifdef OPENSSL_SYS_VMS
-			c = ctx->dirs[i][strlen(ctx->dirs[i])-1];
-			if (c != ':' && c != '>' && c != ']')
-				{
-				/* If no separator is present, we assume the
-				   directory specifier is a logical name, and
-				   add a colon.  We really should use better
-				   VMS routines for merging things like this,
-				   but this will do for now...
-				   -- Richard Levitte */
-				c = ':';
-				}
-			else
-				{
-				c = '\0';
-				}
+            c = ctx->dirs[i][strlen(ctx->dirs[i]) - 1];
+            if (c != ':' && c != '>' && c != ']') {
+                /*
+                 * If no separator is present, we assume the directory
+                 * specifier is a logical name, and add a colon.  We really
+                 * should use better VMS routines for merging things like
+                 * this, but this will do for now... -- Richard Levitte
+                 */
+                c = ':';
+            } else {
+                c = '\0';
+            }
 #endif
-			if (c == '\0')
-				{
-				/* This is special.  When c == '\0', no
-				   directory separator should be added. */
-				BIO_snprintf(b->data,b->max,
-					"%s%08lx.%s%d",ctx->dirs[i],h,
-					postfix,k);
-				}
-			else
-				{
-				BIO_snprintf(b->data,b->max,
-					"%s%c%08lx.%s%d",ctx->dirs[i],c,h,
-					postfix,k);
-				}
-			k++;
-			if (stat(b->data,&st) < 0)
-				break;
-			/* found one. */
-			if (type == X509_LU_X509)
-				{
-				if ((X509_load_cert_file(xl,b->data,
-					ctx->dirs_type[i])) == 0)
-					break;
-				}
-			else if (type == X509_LU_CRL)
-				{
-				if ((X509_load_crl_file(xl,b->data,
-					ctx->dirs_type[i])) == 0)
-					break;
-				}
-			/* else case will caught higher up */
-			}
+            if (c == '\0') {
+                /*
+                 * This is special.  When c == '\0', no directory separator
+                 * should be added.
+                 */
+                BIO_snprintf(b->data, b->max,
+                             "%s%08lx.%s%d", ctx->dirs[i], h, postfix, k);
+            } else {
+                BIO_snprintf(b->data, b->max,
+                             "%s%c%08lx.%s%d", ctx->dirs[i], c, h,
+                             postfix, k);
+            }
+            k++;
+            if (stat(b->data, &st) < 0)
+                break;
+            /* found one. */
+            if (type == X509_LU_X509) {
+                if ((X509_load_cert_file(xl, b->data,
+                                         ctx->dirs_type[i])) == 0)
+                    break;
+            } else if (type == X509_LU_CRL) {
+                if ((X509_load_crl_file(xl, b->data, ctx->dirs_type[i])) == 0)
+                    break;
+            }
+            /* else case will caught higher up */
+        }
 
-		/* we have added it to the cache so now pull
-		 * it out again */
-		CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-		j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp);
-		if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j);
-		else tmp = NULL;
-		CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+        /*
+         * we have added it to the cache so now pull it out again
+         */
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+        j = sk_X509_OBJECT_find(xl->store_ctx->objs, &stmp);
+        if (j != -1)
+            tmp = sk_X509_OBJECT_value(xl->store_ctx->objs, j);
+        else
+            tmp = NULL;
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
 
-		if (tmp != NULL)
-			{
-			ok=1;
-			ret->type=tmp->type;
-			memcpy(&ret->data,&tmp->data,sizeof(ret->data));
-			/* If we were going to up the reference count,
-			 * we would need to do it on a perl 'type'
-			 * basis */
-	/*		CRYPTO_add(&tmp->data.x509->references,1,
-				CRYPTO_LOCK_X509);*/
-			goto finish;
-			}
-		}
-finish:
-	if (b != NULL) BUF_MEM_free(b);
-	return(ok);
-	}
+        if (tmp != NULL) {
+            ok = 1;
+            ret->type = tmp->type;
+            memcpy(&ret->data, &tmp->data, sizeof(ret->data));
+            /*
+             * If we were going to up the reference count, we would need to
+             * do it on a perl 'type' basis
+             */
+        /*- CRYPTO_add(&tmp->data.x509->references,1,
+                    CRYPTO_LOCK_X509);*/
+            goto finish;
+        }
+    }
+ finish:
+    if (b != NULL)
+        BUF_MEM_free(b);
+    return (ok);
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509/by_file.c b/Cryptlib/OpenSSL/crypto/x509/by_file.c
index a5e0d4ae..737a8259 100644
--- a/Cryptlib/OpenSSL/crypto/x509/by_file.c
+++ b/Cryptlib/OpenSSL/crypto/x509/by_file.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -69,232 +69,209 @@
 #ifndef OPENSSL_NO_STDIO
 
 static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
-	long argl, char **ret);
-X509_LOOKUP_METHOD x509_file_lookup=
-	{
-	"Load file into cache",
-	NULL,		/* new */
-	NULL,		/* free */
-	NULL, 		/* init */
-	NULL,		/* shutdown */
-	by_file_ctrl,	/* ctrl */
-	NULL,		/* get_by_subject */
-	NULL,		/* get_by_issuer_serial */
-	NULL,		/* get_by_fingerprint */
-	NULL,		/* get_by_alias */
-	};
+                        long argl, char **ret);
+X509_LOOKUP_METHOD x509_file_lookup = {
+    "Load file into cache",
+    NULL,                       /* new */
+    NULL,                       /* free */
+    NULL,                       /* init */
+    NULL,                       /* shutdown */
+    by_file_ctrl,               /* ctrl */
+    NULL,                       /* get_by_subject */
+    NULL,                       /* get_by_issuer_serial */
+    NULL,                       /* get_by_fingerprint */
+    NULL,                       /* get_by_alias */
+};
 
 X509_LOOKUP_METHOD *X509_LOOKUP_file(void)
-	{
-	return(&x509_file_lookup);
-	}
+{
+    return (&x509_file_lookup);
+}
 
-static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl,
-	     char **ret)
-	{
-	int ok=0;
-	char *file;
+static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
+                        long argl, char **ret)
+{
+    int ok = 0;
+    char *file;
 
-	switch (cmd)
-		{
-	case X509_L_FILE_LOAD:
-		if (argl == X509_FILETYPE_DEFAULT)
-			{
-			file = (char *)Getenv(X509_get_default_cert_file_env());
-			if (file)
-				ok = (X509_load_cert_crl_file(ctx,file,
-					      X509_FILETYPE_PEM) != 0);
+    switch (cmd) {
+    case X509_L_FILE_LOAD:
+        if (argl == X509_FILETYPE_DEFAULT) {
+            file = (char *)Getenv(X509_get_default_cert_file_env());
+            if (file)
+                ok = (X509_load_cert_crl_file(ctx, file,
+                                              X509_FILETYPE_PEM) != 0);
 
-			else
-				ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
-					      X509_FILETYPE_PEM) != 0);
+            else
+                ok = (X509_load_cert_crl_file
+                      (ctx, X509_get_default_cert_file(),
+                       X509_FILETYPE_PEM) != 0);
 
-			if (!ok)
-				{
-				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
-				}
-			}
-		else
-			{
-			if(argl == X509_FILETYPE_PEM)
-				ok = (X509_load_cert_crl_file(ctx,argp,
-					X509_FILETYPE_PEM) != 0);
-			else
-				ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0);
-			}
-		break;
-		}
-	return(ok);
-	}
+            if (!ok) {
+                X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS);
+            }
+        } else {
+            if (argl == X509_FILETYPE_PEM)
+                ok = (X509_load_cert_crl_file(ctx, argp,
+                                              X509_FILETYPE_PEM) != 0);
+            else
+                ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0);
+        }
+        break;
+    }
+    return (ok);
+}
 
 int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type)
-	{
-	int ret=0;
-	BIO *in=NULL;
-	int i,count=0;
-	X509 *x=NULL;
+{
+    int ret = 0;
+    BIO *in = NULL;
+    int i, count = 0;
+    X509 *x = NULL;
 
-	if (file == NULL) return(1);
-	in=BIO_new(BIO_s_file_internal());
+    if (file == NULL)
+        return (1);
+    in = BIO_new(BIO_s_file_internal());
 
-	if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
-		{
-		X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_SYS_LIB);
-		goto err;
-		}
+    if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
+        X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_SYS_LIB);
+        goto err;
+    }
 
-	if (type == X509_FILETYPE_PEM)
-		{
-		for (;;)
-			{
-			x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL);
-			if (x == NULL)
-				{
-				if ((ERR_GET_REASON(ERR_peek_last_error()) ==
-					PEM_R_NO_START_LINE) && (count > 0))
-					{
-					ERR_clear_error();
-					break;
-					}
-				else
-					{
-					X509err(X509_F_X509_LOAD_CERT_FILE,
-						ERR_R_PEM_LIB);
-					goto err;
-					}
-				}
-			i=X509_STORE_add_cert(ctx->store_ctx,x);
-			if (!i) goto err;
-			count++;
-			X509_free(x);
-			x=NULL;
-			}
-		ret=count;
-		}
-	else if (type == X509_FILETYPE_ASN1)
-		{
-		x=d2i_X509_bio(in,NULL);
-		if (x == NULL)
-			{
-			X509err(X509_F_X509_LOAD_CERT_FILE,ERR_R_ASN1_LIB);
-			goto err;
-			}
-		i=X509_STORE_add_cert(ctx->store_ctx,x);
-		if (!i) goto err;
-		ret=i;
-		}
-	else
-		{
-		X509err(X509_F_X509_LOAD_CERT_FILE,X509_R_BAD_X509_FILETYPE);
-		goto err;
-		}
-err:
-	if (x != NULL) X509_free(x);
-	if (in != NULL) BIO_free(in);
-	return(ret);
-	}
+    if (type == X509_FILETYPE_PEM) {
+        for (;;) {
+            x = PEM_read_bio_X509_AUX(in, NULL, NULL, NULL);
+            if (x == NULL) {
+                if ((ERR_GET_REASON(ERR_peek_last_error()) ==
+                     PEM_R_NO_START_LINE) && (count > 0)) {
+                    ERR_clear_error();
+                    break;
+                } else {
+                    X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_PEM_LIB);
+                    goto err;
+                }
+            }
+            i = X509_STORE_add_cert(ctx->store_ctx, x);
+            if (!i)
+                goto err;
+            count++;
+            X509_free(x);
+            x = NULL;
+        }
+        ret = count;
+    } else if (type == X509_FILETYPE_ASN1) {
+        x = d2i_X509_bio(in, NULL);
+        if (x == NULL) {
+            X509err(X509_F_X509_LOAD_CERT_FILE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        i = X509_STORE_add_cert(ctx->store_ctx, x);
+        if (!i)
+            goto err;
+        ret = i;
+    } else {
+        X509err(X509_F_X509_LOAD_CERT_FILE, X509_R_BAD_X509_FILETYPE);
+        goto err;
+    }
+ err:
+    if (x != NULL)
+        X509_free(x);
+    if (in != NULL)
+        BIO_free(in);
+    return (ret);
+}
 
 int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type)
-	{
-	int ret=0;
-	BIO *in=NULL;
-	int i,count=0;
-	X509_CRL *x=NULL;
+{
+    int ret = 0;
+    BIO *in = NULL;
+    int i, count = 0;
+    X509_CRL *x = NULL;
 
-	if (file == NULL) return(1);
-	in=BIO_new(BIO_s_file_internal());
+    if (file == NULL)
+        return (1);
+    in = BIO_new(BIO_s_file_internal());
 
-	if ((in == NULL) || (BIO_read_filename(in,file) <= 0))
-		{
-		X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_SYS_LIB);
-		goto err;
-		}
+    if ((in == NULL) || (BIO_read_filename(in, file) <= 0)) {
+        X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_SYS_LIB);
+        goto err;
+    }
 
-	if (type == X509_FILETYPE_PEM)
-		{
-		for (;;)
-			{
-			x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL);
-			if (x == NULL)
-				{
-				if ((ERR_GET_REASON(ERR_peek_last_error()) ==
-					PEM_R_NO_START_LINE) && (count > 0))
-					{
-					ERR_clear_error();
-					break;
-					}
-				else
-					{
-					X509err(X509_F_X509_LOAD_CRL_FILE,
-						ERR_R_PEM_LIB);
-					goto err;
-					}
-				}
-			i=X509_STORE_add_crl(ctx->store_ctx,x);
-			if (!i) goto err;
-			count++;
-			X509_CRL_free(x);
-			x=NULL;
-			}
-		ret=count;
-		}
-	else if (type == X509_FILETYPE_ASN1)
-		{
-		x=d2i_X509_CRL_bio(in,NULL);
-		if (x == NULL)
-			{
-			X509err(X509_F_X509_LOAD_CRL_FILE,ERR_R_ASN1_LIB);
-			goto err;
-			}
-		i=X509_STORE_add_crl(ctx->store_ctx,x);
-		if (!i) goto err;
-		ret=i;
-		}
-	else
-		{
-		X509err(X509_F_X509_LOAD_CRL_FILE,X509_R_BAD_X509_FILETYPE);
-		goto err;
-		}
-err:
-	if (x != NULL) X509_CRL_free(x);
-	if (in != NULL) BIO_free(in);
-	return(ret);
-	}
+    if (type == X509_FILETYPE_PEM) {
+        for (;;) {
+            x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
+            if (x == NULL) {
+                if ((ERR_GET_REASON(ERR_peek_last_error()) ==
+                     PEM_R_NO_START_LINE) && (count > 0)) {
+                    ERR_clear_error();
+                    break;
+                } else {
+                    X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_PEM_LIB);
+                    goto err;
+                }
+            }
+            i = X509_STORE_add_crl(ctx->store_ctx, x);
+            if (!i)
+                goto err;
+            count++;
+            X509_CRL_free(x);
+            x = NULL;
+        }
+        ret = count;
+    } else if (type == X509_FILETYPE_ASN1) {
+        x = d2i_X509_CRL_bio(in, NULL);
+        if (x == NULL) {
+            X509err(X509_F_X509_LOAD_CRL_FILE, ERR_R_ASN1_LIB);
+            goto err;
+        }
+        i = X509_STORE_add_crl(ctx->store_ctx, x);
+        if (!i)
+            goto err;
+        ret = i;
+    } else {
+        X509err(X509_F_X509_LOAD_CRL_FILE, X509_R_BAD_X509_FILETYPE);
+        goto err;
+    }
+ err:
+    if (x != NULL)
+        X509_CRL_free(x);
+    if (in != NULL)
+        BIO_free(in);
+    return (ret);
+}
 
 int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type)
 {
-	STACK_OF(X509_INFO) *inf;
-	X509_INFO *itmp;
-	BIO *in;
-	int i, count = 0;
-	if(type != X509_FILETYPE_PEM)
-		return X509_load_cert_file(ctx, file, type);
-	in = BIO_new_file(file, "r");
-	if(!in) {
-		X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB);
-		return 0;
-	}
-	inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
-	BIO_free(in);
-	if(!inf) {
-		X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB);
-		return 0;
-	}
-	for(i = 0; i < sk_X509_INFO_num(inf); i++) {
-		itmp = sk_X509_INFO_value(inf, i);
-		if(itmp->x509) {
-			X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
-			count++;
-		}
-		if(itmp->crl) {
-			X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
-			count++;
-		}
-	}
-	sk_X509_INFO_pop_free(inf, X509_INFO_free);
-	return count;
+    STACK_OF(X509_INFO) *inf;
+    X509_INFO *itmp;
+    BIO *in;
+    int i, count = 0;
+    if (type != X509_FILETYPE_PEM)
+        return X509_load_cert_file(ctx, file, type);
+    in = BIO_new_file(file, "r");
+    if (!in) {
+        X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_SYS_LIB);
+        return 0;
+    }
+    inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL);
+    BIO_free(in);
+    if (!inf) {
+        X509err(X509_F_X509_LOAD_CERT_CRL_FILE, ERR_R_PEM_LIB);
+        return 0;
+    }
+    for (i = 0; i < sk_X509_INFO_num(inf); i++) {
+        itmp = sk_X509_INFO_value(inf, i);
+        if (itmp->x509) {
+            X509_STORE_add_cert(ctx->store_ctx, itmp->x509);
+            count++;
+        }
+        if (itmp->crl) {
+            X509_STORE_add_crl(ctx->store_ctx, itmp->crl);
+            count++;
+        }
+    }
+    sk_X509_INFO_pop_free(inf, X509_INFO_free);
+    return count;
 }
 
-
-#endif /* OPENSSL_NO_STDIO */
-
+#endif                          /* OPENSSL_NO_STDIO */
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_att.c b/Cryptlib/OpenSSL/crypto/x509/x509_att.c
index 98460e89..bd59281f 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_att.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_att.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -67,293 +67,318 @@
 
 int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x)
 {
-	return sk_X509_ATTRIBUTE_num(x);
+    return sk_X509_ATTRIBUTE_num(x);
 }
 
 int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid,
-			  int lastpos)
+                           int lastpos)
 {
-	ASN1_OBJECT *obj;
+    ASN1_OBJECT *obj;
 
-	obj=OBJ_nid2obj(nid);
-	if (obj == NULL) return(-2);
-	return(X509at_get_attr_by_OBJ(x,obj,lastpos));
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL)
+        return (-2);
+    return (X509at_get_attr_by_OBJ(x, obj, lastpos));
 }
 
-int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj,
-			  int lastpos)
+int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk,
+                           ASN1_OBJECT *obj, int lastpos)
 {
-	int n;
-	X509_ATTRIBUTE *ex;
+    int n;
+    X509_ATTRIBUTE *ex;
 
-	if (sk == NULL) return(-1);
-	lastpos++;
-	if (lastpos < 0)
-		lastpos=0;
-	n=sk_X509_ATTRIBUTE_num(sk);
-	for ( ; lastpos < n; lastpos++)
-		{
-		ex=sk_X509_ATTRIBUTE_value(sk,lastpos);
-		if (OBJ_cmp(ex->object,obj) == 0)
-			return(lastpos);
-		}
-	return(-1);
+    if (sk == NULL)
+        return (-1);
+    lastpos++;
+    if (lastpos < 0)
+        lastpos = 0;
+    n = sk_X509_ATTRIBUTE_num(sk);
+    for (; lastpos < n; lastpos++) {
+        ex = sk_X509_ATTRIBUTE_value(sk, lastpos);
+        if (OBJ_cmp(ex->object, obj) == 0)
+            return (lastpos);
+    }
+    return (-1);
 }
 
 X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc)
 {
-	if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
-		return NULL;
-	else
-		return sk_X509_ATTRIBUTE_value(x,loc);
+    if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+        return NULL;
+    else
+        return sk_X509_ATTRIBUTE_value(x, loc);
 }
 
 X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc)
 {
-	X509_ATTRIBUTE *ret;
+    X509_ATTRIBUTE *ret;
 
-	if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
-		return(NULL);
-	ret=sk_X509_ATTRIBUTE_delete(x,loc);
-	return(ret);
+    if (x == NULL || sk_X509_ATTRIBUTE_num(x) <= loc || loc < 0)
+        return (NULL);
+    ret = sk_X509_ATTRIBUTE_delete(x, loc);
+    return (ret);
 }
 
 STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x,
-					 X509_ATTRIBUTE *attr)
+                                           X509_ATTRIBUTE *attr)
 {
-	X509_ATTRIBUTE *new_attr=NULL;
-	STACK_OF(X509_ATTRIBUTE) *sk=NULL;
+    X509_ATTRIBUTE *new_attr = NULL;
+    STACK_OF(X509_ATTRIBUTE) *sk = NULL;
 
-	if (x == NULL)
-		{
-		X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
-		goto err2;
-		} 
+    if (x == NULL) {
+        X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_PASSED_NULL_PARAMETER);
+        goto err2;
+    }
 
-	if (*x == NULL)
-		{
-		if ((sk=sk_X509_ATTRIBUTE_new_null()) == NULL)
-			goto err;
-		}
-	else
-		sk= *x;
+    if (*x == NULL) {
+        if ((sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
+            goto err;
+    } else
+        sk = *x;
 
-	if ((new_attr=X509_ATTRIBUTE_dup(attr)) == NULL)
-		goto err2;
-	if (!sk_X509_ATTRIBUTE_push(sk,new_attr))
-		goto err;
-	if (*x == NULL)
-		*x=sk;
-	return(sk);
-err:
-	X509err(X509_F_X509AT_ADD1_ATTR,ERR_R_MALLOC_FAILURE);
-err2:
-	if (new_attr != NULL) X509_ATTRIBUTE_free(new_attr);
-	if (sk != NULL) sk_X509_ATTRIBUTE_free(sk);
-	return(NULL);
+    if ((new_attr = X509_ATTRIBUTE_dup(attr)) == NULL)
+        goto err2;
+    if (!sk_X509_ATTRIBUTE_push(sk, new_attr))
+        goto err;
+    if (*x == NULL)
+        *x = sk;
+    return (sk);
+ err:
+    X509err(X509_F_X509AT_ADD1_ATTR, ERR_R_MALLOC_FAILURE);
+ err2:
+    if (new_attr != NULL)
+        X509_ATTRIBUTE_free(new_attr);
+    if (sk != NULL)
+        sk_X509_ATTRIBUTE_free(sk);
+    return (NULL);
 }
 
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x,
-			const ASN1_OBJECT *obj, int type,
-			const unsigned char *bytes, int len)
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const ASN1_OBJECT *obj,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len)
 {
-	X509_ATTRIBUTE *attr;
-	STACK_OF(X509_ATTRIBUTE) *ret;
-	attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
-	if(!attr) return 0;
-	ret = X509at_add1_attr(x, attr);
-	X509_ATTRIBUTE_free(attr);
-	return ret;
+    X509_ATTRIBUTE *attr;
+    STACK_OF(X509_ATTRIBUTE) *ret;
+    attr = X509_ATTRIBUTE_create_by_OBJ(NULL, obj, type, bytes, len);
+    if (!attr)
+        return 0;
+    ret = X509at_add1_attr(x, attr);
+    X509_ATTRIBUTE_free(attr);
+    return ret;
 }
 
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x,
-			int nid, int type,
-			const unsigned char *bytes, int len)
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, int nid, int type,
+                                                  const unsigned char *bytes,
+                                                  int len)
 {
-	X509_ATTRIBUTE *attr;
-	STACK_OF(X509_ATTRIBUTE) *ret;
-	attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
-	if(!attr) return 0;
-	ret = X509at_add1_attr(x, attr);
-	X509_ATTRIBUTE_free(attr);
-	return ret;
+    X509_ATTRIBUTE *attr;
+    STACK_OF(X509_ATTRIBUTE) *ret;
+    attr = X509_ATTRIBUTE_create_by_NID(NULL, nid, type, bytes, len);
+    if (!attr)
+        return 0;
+    ret = X509at_add1_attr(x, attr);
+    X509_ATTRIBUTE_free(attr);
+    return ret;
 }
 
-STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x,
-			const char *attrname, int type,
-			const unsigned char *bytes, int len)
+STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE)
+                                                  **x, const char *attrname,
+                                                  int type,
+                                                  const unsigned char *bytes,
+                                                  int len)
 {
-	X509_ATTRIBUTE *attr;
-	STACK_OF(X509_ATTRIBUTE) *ret;
-	attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
-	if(!attr) return 0;
-	ret = X509at_add1_attr(x, attr);
-	X509_ATTRIBUTE_free(attr);
-	return ret;
+    X509_ATTRIBUTE *attr;
+    STACK_OF(X509_ATTRIBUTE) *ret;
+    attr = X509_ATTRIBUTE_create_by_txt(NULL, attrname, type, bytes, len);
+    if (!attr)
+        return 0;
+    ret = X509at_add1_attr(x, attr);
+    X509_ATTRIBUTE_free(attr);
+    return ret;
 }
 
 void *X509at_get0_data_by_OBJ(STACK_OF(X509_ATTRIBUTE) *x,
-				ASN1_OBJECT *obj, int lastpos, int type)
+                              ASN1_OBJECT *obj, int lastpos, int type)
 {
-	int i;
-	X509_ATTRIBUTE *at;
-	i = X509at_get_attr_by_OBJ(x, obj, lastpos);
-	if (i == -1)
-		return NULL;
-	if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1))
-		return NULL;
-	at = X509at_get_attr(x, i);
-	if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1))
-		return NULL;
-	return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
+    int i;
+    X509_ATTRIBUTE *at;
+    i = X509at_get_attr_by_OBJ(x, obj, lastpos);
+    if (i == -1)
+        return NULL;
+    if ((lastpos <= -2) && (X509at_get_attr_by_OBJ(x, obj, i) != -1))
+        return NULL;
+    at = X509at_get_attr(x, i);
+    if (lastpos <= -3 && (X509_ATTRIBUTE_count(at) != 1))
+        return NULL;
+    return X509_ATTRIBUTE_get0_data(at, 0, type, NULL);
 }
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid,
-	     int atrtype, const void *data, int len)
+                                             int atrtype, const void *data,
+                                             int len)
 {
-	ASN1_OBJECT *obj;
-	X509_ATTRIBUTE *ret;
+    ASN1_OBJECT *obj;
+    X509_ATTRIBUTE *ret;
 
-	obj=OBJ_nid2obj(nid);
-	if (obj == NULL)
-		{
-		X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID,X509_R_UNKNOWN_NID);
-		return(NULL);
-		}
-	ret=X509_ATTRIBUTE_create_by_OBJ(attr,obj,atrtype,data,len);
-	if (ret == NULL) ASN1_OBJECT_free(obj);
-	return(ret);
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL) {
+        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_NID, X509_R_UNKNOWN_NID);
+        return (NULL);
+    }
+    ret = X509_ATTRIBUTE_create_by_OBJ(attr, obj, atrtype, data, len);
+    if (ret == NULL)
+        ASN1_OBJECT_free(obj);
+    return (ret);
 }
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr,
-	     const ASN1_OBJECT *obj, int atrtype, const void *data, int len)
+                                             const ASN1_OBJECT *obj,
+                                             int atrtype, const void *data,
+                                             int len)
 {
-	X509_ATTRIBUTE *ret;
+    X509_ATTRIBUTE *ret;
 
-	if ((attr == NULL) || (*attr == NULL))
-		{
-		if ((ret=X509_ATTRIBUTE_new()) == NULL)
-			{
-			X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		}
-	else
-		ret= *attr;
+    if ((attr == NULL) || (*attr == NULL)) {
+        if ((ret = X509_ATTRIBUTE_new()) == NULL) {
+            X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,
+                    ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+    } else
+        ret = *attr;
 
-	if (!X509_ATTRIBUTE_set1_object(ret,obj))
-		goto err;
-	if (!X509_ATTRIBUTE_set1_data(ret,atrtype,data,len))
-		goto err;
+    if (!X509_ATTRIBUTE_set1_object(ret, obj))
+        goto err;
+    if (!X509_ATTRIBUTE_set1_data(ret, atrtype, data, len))
+        goto err;
 
-	if ((attr != NULL) && (*attr == NULL)) *attr=ret;
-	return(ret);
-err:
-	if ((attr == NULL) || (ret != *attr))
-		X509_ATTRIBUTE_free(ret);
-	return(NULL);
+    if ((attr != NULL) && (*attr == NULL))
+        *attr = ret;
+    return (ret);
+ err:
+    if ((attr == NULL) || (ret != *attr))
+        X509_ATTRIBUTE_free(ret);
+    return (NULL);
 }
 
 X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr,
-		const char *atrname, int type, const unsigned char *bytes, int len)
-	{
-	ASN1_OBJECT *obj;
-	X509_ATTRIBUTE *nattr;
+                                             const char *atrname, int type,
+                                             const unsigned char *bytes,
+                                             int len)
+{
+    ASN1_OBJECT *obj;
+    X509_ATTRIBUTE *nattr;
 
-	obj=OBJ_txt2obj(atrname, 0);
-	if (obj == NULL)
-		{
-		X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
-						X509_R_INVALID_FIELD_NAME);
-		ERR_add_error_data(2, "name=", atrname);
-		return(NULL);
-		}
-	nattr = X509_ATTRIBUTE_create_by_OBJ(attr,obj,type,bytes,len);
-	ASN1_OBJECT_free(obj);
-	return nattr;
-	}
+    obj = OBJ_txt2obj(atrname, 0);
+    if (obj == NULL) {
+        X509err(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,
+                X509_R_INVALID_FIELD_NAME);
+        ERR_add_error_data(2, "name=", atrname);
+        return (NULL);
+    }
+    nattr = X509_ATTRIBUTE_create_by_OBJ(attr, obj, type, bytes, len);
+    ASN1_OBJECT_free(obj);
+    return nattr;
+}
 
 int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj)
 {
-	if ((attr == NULL) || (obj == NULL))
-		return(0);
-	ASN1_OBJECT_free(attr->object);
-	attr->object=OBJ_dup(obj);
-	return(1);
+    if ((attr == NULL) || (obj == NULL))
+        return (0);
+    ASN1_OBJECT_free(attr->object);
+    attr->object = OBJ_dup(obj);
+    return (1);
 }
 
-int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len)
+int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype,
+                             const void *data, int len)
 {
-	ASN1_TYPE *ttmp;
-	ASN1_STRING *stmp = NULL;
-	int atype = 0;
-	if (!attr) return 0;
-	if(attrtype & MBSTRING_FLAG) {
-		stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
-						OBJ_obj2nid(attr->object));
-		if(!stmp) {
-			X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
-			return 0;
-		}
-		atype = stmp->type;
-	} else if (len != -1){
-		if(!(stmp = ASN1_STRING_type_new(attrtype))) goto err;
-		if(!ASN1_STRING_set(stmp, data, len)) goto err;
-		atype = attrtype;
-	}
-	if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
-	attr->single = 0;
-	/* This is a bit naughty because the attribute should really have
-	 * at least one value but some types use and zero length SET and
-	 * require this.
-	 */
-	if (attrtype == 0)
-		return 1;
-	if(!(ttmp = ASN1_TYPE_new())) goto err;
-	if ((len == -1) && !(attrtype & MBSTRING_FLAG))
-		{
-		if (!ASN1_TYPE_set1(ttmp, attrtype, data))
-			goto err;
-		}
-	else
-		ASN1_TYPE_set(ttmp, atype, stmp);
-	if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err;
-	return 1;
-	err:
-	X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
-	return 0;
+    ASN1_TYPE *ttmp;
+    ASN1_STRING *stmp = NULL;
+    int atype = 0;
+    if (!attr)
+        return 0;
+    if (attrtype & MBSTRING_FLAG) {
+        stmp = ASN1_STRING_set_by_NID(NULL, data, len, attrtype,
+                                      OBJ_obj2nid(attr->object));
+        if (!stmp) {
+            X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_ASN1_LIB);
+            return 0;
+        }
+        atype = stmp->type;
+    } else if (len != -1) {
+        if (!(stmp = ASN1_STRING_type_new(attrtype)))
+            goto err;
+        if (!ASN1_STRING_set(stmp, data, len))
+            goto err;
+        atype = attrtype;
+    }
+    if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
+        goto err;
+    attr->single = 0;
+    /*
+     * This is a bit naughty because the attribute should really have at
+     * least one value but some types use and zero length SET and require
+     * this.
+     */
+    if (attrtype == 0)
+        return 1;
+    if (!(ttmp = ASN1_TYPE_new()))
+        goto err;
+    if ((len == -1) && !(attrtype & MBSTRING_FLAG)) {
+        if (!ASN1_TYPE_set1(ttmp, attrtype, data))
+            goto err;
+    } else
+        ASN1_TYPE_set(ttmp, atype, stmp);
+    if (!sk_ASN1_TYPE_push(attr->value.set, ttmp))
+        goto err;
+    return 1;
+ err:
+    X509err(X509_F_X509_ATTRIBUTE_SET1_DATA, ERR_R_MALLOC_FAILURE);
+    return 0;
 }
 
 int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr)
 {
-	if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set);
-	if(attr->value.single) return 1;
-	return 0;
+    if (!attr->single)
+        return sk_ASN1_TYPE_num(attr->value.set);
+    if (attr->value.single)
+        return 1;
+    return 0;
 }
 
 ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr)
 {
-	if (attr == NULL) return(NULL);
-	return(attr->object);
+    if (attr == NULL)
+        return (NULL);
+    return (attr->object);
 }
 
 void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx,
-					int atrtype, void *data)
+                               int atrtype, void *data)
 {
-	ASN1_TYPE *ttmp;
-	ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
-	if(!ttmp) return NULL;
-	if(atrtype != ASN1_TYPE_get(ttmp)){
-		X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
-		return NULL;
-	}
-	return ttmp->value.ptr;
+    ASN1_TYPE *ttmp;
+    ttmp = X509_ATTRIBUTE_get0_type(attr, idx);
+    if (!ttmp)
+        return NULL;
+    if (atrtype != ASN1_TYPE_get(ttmp)) {
+        X509err(X509_F_X509_ATTRIBUTE_GET0_DATA, X509_R_WRONG_TYPE);
+        return NULL;
+    }
+    return ttmp->value.ptr;
 }
 
 ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)
 {
-	if (attr == NULL) return(NULL);
-	if(idx >= X509_ATTRIBUTE_count(attr)) return NULL;
-	if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx);
-	else return attr->value.single;
+    if (attr == NULL)
+        return (NULL);
+    if (idx >= X509_ATTRIBUTE_count(attr))
+        return NULL;
+    if (!attr->single)
+        return sk_ASN1_TYPE_value(attr->value.set, idx);
+    else
+        return attr->value.single;
 }
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c
index 2faf9251..de66d378 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_cmp.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -65,368 +65,361 @@
 #include <openssl/x509v3.h>
 
 int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b)
-	{
-	int i;
-	X509_CINF *ai,*bi;
-
-	ai=a->cert_info;
-	bi=b->cert_info;
-	i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber);
-	if (i) return(i);
-	return(X509_NAME_cmp(ai->issuer,bi->issuer));
-	}
+{
+    int i;
+    X509_CINF *ai, *bi;
+
+    ai = a->cert_info;
+    bi = b->cert_info;
+    i = M_ASN1_INTEGER_cmp(ai->serialNumber, bi->serialNumber);
+    if (i)
+        return (i);
+    return (X509_NAME_cmp(ai->issuer, bi->issuer));
+}
 
 #ifndef OPENSSL_NO_MD5
 unsigned long X509_issuer_and_serial_hash(X509 *a)
-	{
-	unsigned long ret=0;
-	EVP_MD_CTX ctx;
-	unsigned char md[16];
-	char *f;
-
-	EVP_MD_CTX_init(&ctx);
-	f=X509_NAME_oneline(a->cert_info->issuer,NULL,0);
-	ret=strlen(f);
-	EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
-	EVP_DigestUpdate(&ctx,(unsigned char *)f,ret);
-	OPENSSL_free(f);
-	EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data,
-		(unsigned long)a->cert_info->serialNumber->length);
-	EVP_DigestFinal_ex(&ctx,&(md[0]),NULL);
-	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-		)&0xffffffffL;
-	EVP_MD_CTX_cleanup(&ctx);
-	return(ret);
-	}
+{
+    unsigned long ret = 0;
+    EVP_MD_CTX ctx;
+    unsigned char md[16];
+    char *f;
+
+    EVP_MD_CTX_init(&ctx);
+    f = X509_NAME_oneline(a->cert_info->issuer, NULL, 0);
+    ret = strlen(f);
+    EVP_DigestInit_ex(&ctx, EVP_md5(), NULL);
+    EVP_DigestUpdate(&ctx, (unsigned char *)f, ret);
+    OPENSSL_free(f);
+    EVP_DigestUpdate(&ctx, (unsigned char *)a->cert_info->serialNumber->data,
+                     (unsigned long)a->cert_info->serialNumber->length);
+    EVP_DigestFinal_ex(&ctx, &(md[0]), NULL);
+    ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
+           ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
+        ) & 0xffffffffL;
+    EVP_MD_CTX_cleanup(&ctx);
+    return (ret);
+}
 #endif
-	
+
 int X509_issuer_name_cmp(const X509 *a, const X509 *b)
-	{
-	return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer));
-	}
+{
+    return (X509_NAME_cmp(a->cert_info->issuer, b->cert_info->issuer));
+}
 
 int X509_subject_name_cmp(const X509 *a, const X509 *b)
-	{
-	return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject));
-	}
+{
+    return (X509_NAME_cmp(a->cert_info->subject, b->cert_info->subject));
+}
 
 int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b)
-	{
-	return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer));
-	}
+{
+    return (X509_NAME_cmp(a->crl->issuer, b->crl->issuer));
+}
 
 X509_NAME *X509_get_issuer_name(X509 *a)
-	{
-	return(a->cert_info->issuer);
-	}
+{
+    return (a->cert_info->issuer);
+}
 
 unsigned long X509_issuer_name_hash(X509 *x)
-	{
-	return(X509_NAME_hash(x->cert_info->issuer));
-	}
+{
+    return (X509_NAME_hash(x->cert_info->issuer));
+}
 
 X509_NAME *X509_get_subject_name(X509 *a)
-	{
-	return(a->cert_info->subject);
-	}
+{
+    return (a->cert_info->subject);
+}
 
 ASN1_INTEGER *X509_get_serialNumber(X509 *a)
-	{
-	return(a->cert_info->serialNumber);
-	}
+{
+    return (a->cert_info->serialNumber);
+}
 
 unsigned long X509_subject_name_hash(X509 *x)
-	{
-	return(X509_NAME_hash(x->cert_info->subject));
-	}
+{
+    return (X509_NAME_hash(x->cert_info->subject));
+}
 
 #ifndef OPENSSL_NO_SHA
-/* Compare two certificates: they must be identical for
- * this to work. NB: Although "cmp" operations are generally
- * prototyped to take "const" arguments (eg. for use in
- * STACKs), the way X509 handling is - these operations may
- * involve ensuring the hashes are up-to-date and ensuring
- * certain cert information is cached. So this is the point
- * where the "depth-first" constification tree has to halt
- * with an evil cast.
+/*
+ * Compare two certificates: they must be identical for this to work. NB:
+ * Although "cmp" operations are generally prototyped to take "const"
+ * arguments (eg. for use in STACKs), the way X509 handling is - these
+ * operations may involve ensuring the hashes are up-to-date and ensuring
+ * certain cert information is cached. So this is the point where the
+ * "depth-first" constification tree has to halt with an evil cast.
  */
 int X509_cmp(const X509 *a, const X509 *b)
 {
-	/* ensure hash is valid */
-	X509_check_purpose((X509 *)a, -1, 0);
-	X509_check_purpose((X509 *)b, -1, 0);
+    /* ensure hash is valid */
+    X509_check_purpose((X509 *)a, -1, 0);
+    X509_check_purpose((X509 *)b, -1, 0);
 
-	return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
+    return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH);
 }
 #endif
 
-
 /* Case insensitive string comparision */
 static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
 {
-	int i;
+    int i;
 
-	if (a->length != b->length)
-		return (a->length - b->length);
+    if (a->length != b->length)
+        return (a->length - b->length);
 
-	for (i=0; i<a->length; i++)
-	{
-		int ca, cb;
+    for (i = 0; i < a->length; i++) {
+        int ca, cb;
 
-		ca = tolower(a->data[i]);
-		cb = tolower(b->data[i]);
+        ca = tolower(a->data[i]);
+        cb = tolower(b->data[i]);
 
-		if (ca != cb)
-			return(ca-cb);
-	}
-	return 0;
+        if (ca != cb)
+            return (ca - cb);
+    }
+    return 0;
 }
 
-/* Case insensitive string comparision with space normalization 
- * Space normalization - ignore leading, trailing spaces, 
- *       multiple spaces between characters are replaced by single space  
+/*
+ * Case insensitive string comparision with space normalization Space
+ * normalization - ignore leading, trailing spaces, multiple spaces between
+ * characters are replaced by single space
  */
 static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
 {
-	unsigned char *pa = NULL, *pb = NULL;
-	int la, lb;
-	
-	la = a->length;
-	lb = b->length;
-	pa = a->data;
-	pb = b->data;
-
-	/* skip leading spaces */
-	while (la > 0 && isspace(*pa))
-	{
-		la--;
-		pa++;
-	}
-	while (lb > 0 && isspace(*pb))
-	{
-		lb--;
-		pb++;
-	}
-
-	/* skip trailing spaces */
-	while (la > 0 && isspace(pa[la-1]))
-		la--;
-	while (lb > 0 && isspace(pb[lb-1]))
-		lb--;
-
-	/* compare strings with space normalization */
-	while (la > 0 && lb > 0)
-	{
-		int ca, cb;
-
-		/* compare character */
-		ca = tolower(*pa);
-		cb = tolower(*pb);
-		if (ca != cb)
-			return (ca - cb);
-
-		pa++; pb++;
-		la--; lb--;
-
-		if (la <= 0 || lb <= 0)
-			break;
-
-		/* is white space next character ? */
-		if (isspace(*pa) && isspace(*pb))
-		{
-			/* skip remaining white spaces */
-			while (la > 0 && isspace(*pa))
-			{
-				la--;
-				pa++;
-			}
-			while (lb > 0 && isspace(*pb))
-			{
-				lb--;
-				pb++;
-			}
-		}
-	}
-	if (la > 0 || lb > 0)
-		return la - lb;
-
-	return 0;
+    unsigned char *pa = NULL, *pb = NULL;
+    int la, lb;
+
+    la = a->length;
+    lb = b->length;
+    pa = a->data;
+    pb = b->data;
+
+    /* skip leading spaces */
+    while (la > 0 && isspace(*pa)) {
+        la--;
+        pa++;
+    }
+    while (lb > 0 && isspace(*pb)) {
+        lb--;
+        pb++;
+    }
+
+    /* skip trailing spaces */
+    while (la > 0 && isspace(pa[la - 1]))
+        la--;
+    while (lb > 0 && isspace(pb[lb - 1]))
+        lb--;
+
+    /* compare strings with space normalization */
+    while (la > 0 && lb > 0) {
+        int ca, cb;
+
+        /* compare character */
+        ca = tolower(*pa);
+        cb = tolower(*pb);
+        if (ca != cb)
+            return (ca - cb);
+
+        pa++;
+        pb++;
+        la--;
+        lb--;
+
+        if (la <= 0 || lb <= 0)
+            break;
+
+        /* is white space next character ? */
+        if (isspace(*pa) && isspace(*pb)) {
+            /* skip remaining white spaces */
+            while (la > 0 && isspace(*pa)) {
+                la--;
+                pa++;
+            }
+            while (lb > 0 && isspace(*pb)) {
+                lb--;
+                pb++;
+            }
+        }
+    }
+    if (la > 0 || lb > 0)
+        return la - lb;
+
+    return 0;
 }
 
 static int asn1_string_memcmp(ASN1_STRING *a, ASN1_STRING *b)
-	{
-	int j;
-	j = a->length - b->length;
-	if (j)
-		return j;
-	return memcmp(a->data, b->data, a->length);
-	}
+{
+    int j;
+    j = a->length - b->length;
+    if (j)
+        return j;
+    return memcmp(a->data, b->data, a->length);
+}
 
 #define STR_TYPE_CMP (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_UTF8STRING)
 
 int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
-	{
-	int i,j;
-	X509_NAME_ENTRY *na,*nb;
-
-	unsigned long nabit, nbbit;
-
-	j = sk_X509_NAME_ENTRY_num(a->entries)
-		  - sk_X509_NAME_ENTRY_num(b->entries);
-	if (j)
-		return j;
-	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
-		{
-		na=sk_X509_NAME_ENTRY_value(a->entries,i);
-		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
-		j=na->value->type-nb->value->type;
-		if (j)
-			{
-			nabit = ASN1_tag2bit(na->value->type);
-			nbbit = ASN1_tag2bit(nb->value->type);
-			if (!(nabit & STR_TYPE_CMP) ||
-				!(nbbit & STR_TYPE_CMP))
-				return j;
-			if (!asn1_string_memcmp(na->value, nb->value))
-				j = 0;
-			}
-		else if (na->value->type == V_ASN1_PRINTABLESTRING)
-			j=nocase_spacenorm_cmp(na->value, nb->value);
-		else if (na->value->type == V_ASN1_IA5STRING
-			&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
-			j=nocase_cmp(na->value, nb->value);
-		else
-			j = asn1_string_memcmp(na->value, nb->value);
-		if (j) return(j);
-		j=na->set-nb->set;
-		if (j) return(j);
-		}
-
-	/* We will check the object types after checking the values
-	 * since the values will more often be different than the object
-	 * types. */
-	for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
-		{
-		na=sk_X509_NAME_ENTRY_value(a->entries,i);
-		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
-		j=OBJ_cmp(na->object,nb->object);
-		if (j) return(j);
-		}
-	return(0);
-	}
+{
+    int i, j;
+    X509_NAME_ENTRY *na, *nb;
+
+    unsigned long nabit, nbbit;
+
+    j = sk_X509_NAME_ENTRY_num(a->entries)
+        - sk_X509_NAME_ENTRY_num(b->entries);
+    if (j)
+        return j;
+    for (i = sk_X509_NAME_ENTRY_num(a->entries) - 1; i >= 0; i--) {
+        na = sk_X509_NAME_ENTRY_value(a->entries, i);
+        nb = sk_X509_NAME_ENTRY_value(b->entries, i);
+        j = na->value->type - nb->value->type;
+        if (j) {
+            nabit = ASN1_tag2bit(na->value->type);
+            nbbit = ASN1_tag2bit(nb->value->type);
+            if (!(nabit & STR_TYPE_CMP) || !(nbbit & STR_TYPE_CMP))
+                return j;
+            if (!asn1_string_memcmp(na->value, nb->value))
+                j = 0;
+        } else if (na->value->type == V_ASN1_PRINTABLESTRING)
+            j = nocase_spacenorm_cmp(na->value, nb->value);
+        else if (na->value->type == V_ASN1_IA5STRING
+                 && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
+            j = nocase_cmp(na->value, nb->value);
+        else
+            j = asn1_string_memcmp(na->value, nb->value);
+        if (j)
+            return (j);
+        j = na->set - nb->set;
+        if (j)
+            return (j);
+    }
+
+    /*
+     * We will check the object types after checking the values since the
+     * values will more often be different than the object types.
+     */
+    for (i = sk_X509_NAME_ENTRY_num(a->entries) - 1; i >= 0; i--) {
+        na = sk_X509_NAME_ENTRY_value(a->entries, i);
+        nb = sk_X509_NAME_ENTRY_value(b->entries, i);
+        j = OBJ_cmp(na->object, nb->object);
+        if (j)
+            return (j);
+    }
+    return (0);
+}
 
 #ifndef OPENSSL_NO_MD5
-/* I now DER encode the name and hash it.  Since I cache the DER encoding,
- * this is reasonably efficient. */
+/*
+ * I now DER encode the name and hash it.  Since I cache the DER encoding,
+ * this is reasonably efficient.
+ */
 unsigned long X509_NAME_hash(X509_NAME *x)
-	{
-	unsigned long ret=0;
-	unsigned char md[16];
-	EVP_MD_CTX md_ctx;
-
-	/* Make sure X509_NAME structure contains valid cached encoding */
-	i2d_X509_NAME(x,NULL);
-	EVP_MD_CTX_init(&md_ctx);
-	EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-	EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
-	EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
-	EVP_DigestFinal_ex(&md_ctx,md,NULL);
-	EVP_MD_CTX_cleanup(&md_ctx);
-
-	ret=(	((unsigned long)md[0]     )|((unsigned long)md[1]<<8L)|
-		((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L)
-		)&0xffffffffL;
-	return(ret);
-	}
+{
+    unsigned long ret = 0;
+    unsigned char md[16];
+    EVP_MD_CTX md_ctx;
+
+    /* Make sure X509_NAME structure contains valid cached encoding */
+    i2d_X509_NAME(x, NULL);
+    EVP_MD_CTX_init(&md_ctx);
+    EVP_MD_CTX_set_flags(&md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
+    EVP_DigestInit_ex(&md_ctx, EVP_md5(), NULL);
+    EVP_DigestUpdate(&md_ctx, x->bytes->data, x->bytes->length);
+    EVP_DigestFinal_ex(&md_ctx, md, NULL);
+    EVP_MD_CTX_cleanup(&md_ctx);
+
+    ret = (((unsigned long)md[0]) | ((unsigned long)md[1] << 8L) |
+           ((unsigned long)md[2] << 16L) | ((unsigned long)md[3] << 24L)
+        ) & 0xffffffffL;
+    return (ret);
+}
 #endif
 
 /* Search a stack of X509 for a match */
 X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name,
-		ASN1_INTEGER *serial)
-	{
-	int i;
-	X509_CINF cinf;
-	X509 x,*x509=NULL;
-
-	if(!sk) return NULL;
-
-	x.cert_info= &cinf;
-	cinf.serialNumber=serial;
-	cinf.issuer=name;
-
-	for (i=0; i<sk_X509_num(sk); i++)
-		{
-		x509=sk_X509_value(sk,i);
-		if (X509_issuer_and_serial_cmp(x509,&x) == 0)
-			return(x509);
-		}
-	return(NULL);
-	}
+                                     ASN1_INTEGER *serial)
+{
+    int i;
+    X509_CINF cinf;
+    X509 x, *x509 = NULL;
+
+    if (!sk)
+        return NULL;
+
+    x.cert_info = &cinf;
+    cinf.serialNumber = serial;
+    cinf.issuer = name;
+
+    for (i = 0; i < sk_X509_num(sk); i++) {
+        x509 = sk_X509_value(sk, i);
+        if (X509_issuer_and_serial_cmp(x509, &x) == 0)
+            return (x509);
+    }
+    return (NULL);
+}
 
 X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name)
-	{
-	X509 *x509;
-	int i;
-
-	for (i=0; i<sk_X509_num(sk); i++)
-		{
-		x509=sk_X509_value(sk,i);
-		if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0)
-			return(x509);
-		}
-	return(NULL);
-	}
+{
+    X509 *x509;
+    int i;
+
+    for (i = 0; i < sk_X509_num(sk); i++) {
+        x509 = sk_X509_value(sk, i);
+        if (X509_NAME_cmp(X509_get_subject_name(x509), name) == 0)
+            return (x509);
+    }
+    return (NULL);
+}
 
 EVP_PKEY *X509_get_pubkey(X509 *x)
-	{
-	if ((x == NULL) || (x->cert_info == NULL))
-		return(NULL);
-	return(X509_PUBKEY_get(x->cert_info->key));
-	}
+{
+    if ((x == NULL) || (x->cert_info == NULL))
+        return (NULL);
+    return (X509_PUBKEY_get(x->cert_info->key));
+}
 
 ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x)
-	{
-	if(!x) return NULL;
-	return x->cert_info->key->public_key;
-	}
+{
+    if (!x)
+        return NULL;
+    return x->cert_info->key->public_key;
+}
 
 int X509_check_private_key(X509 *x, EVP_PKEY *k)
-	{
-	EVP_PKEY *xk=NULL;
-	int ok=0;
-
-	xk=X509_get_pubkey(x);
-	switch (EVP_PKEY_cmp(xk, k))
-		{
-	case 1:
-		ok=1;
-		break;
-	case 0:
-		X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
-		break;
-	case -1:
-		X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
-		break;
-	case -2:
+{
+    EVP_PKEY *xk = NULL;
+    int ok = 0;
+
+    xk = X509_get_pubkey(x);
+    switch (EVP_PKEY_cmp(xk, k)) {
+    case 1:
+        ok = 1;
+        break;
+    case 0:
+        X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_VALUES_MISMATCH);
+        break;
+    case -1:
+        X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH);
+        break;
+    case -2:
 #ifndef OPENSSL_NO_EC
-		if (k->type == EVP_PKEY_EC)
-			{
-			X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
-			break;
-			}
+        if (k->type == EVP_PKEY_EC) {
+            X509err(X509_F_X509_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
+            break;
+        }
 #endif
 #ifndef OPENSSL_NO_DH
-		if (k->type == EVP_PKEY_DH)
-			{
-			/* No idea */
-			X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
-			break;
-			}
+        if (k->type == EVP_PKEY_DH) {
+            /* No idea */
+            X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_CANT_CHECK_DH_KEY);
+            break;
+        }
 #endif
-	        X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
-		}
+        X509err(X509_F_X509_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE);
+    }
 
-	EVP_PKEY_free(xk);
-	return(ok);
-	}
+    EVP_PKEY_free(xk);
+    return (ok);
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_d2.c b/Cryptlib/OpenSSL/crypto/x509/x509_d2.c
index 51410cfd..50ca2a6d 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_d2.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_d2.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,45 +63,47 @@
 
 #ifndef OPENSSL_NO_STDIO
 int X509_STORE_set_default_paths(X509_STORE *ctx)
-	{
-	X509_LOOKUP *lookup;
+{
+    X509_LOOKUP *lookup;
+
+    lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
+    if (lookup == NULL)
+        return (0);
+    X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
 
-	lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
-	if (lookup == NULL) return(0);
-	X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
+    lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
+    if (lookup == NULL)
+        return (0);
+    X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
 
-	lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
-	if (lookup == NULL) return(0);
-	X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
-	
-	/* clear any errors */
-	ERR_clear_error();
+    /* clear any errors */
+    ERR_clear_error();
 
-	return(1);
-	}
+    return (1);
+}
 
 int X509_STORE_load_locations(X509_STORE *ctx, const char *file,
-		const char *path)
-	{
-	X509_LOOKUP *lookup;
+                              const char *path)
+{
+    X509_LOOKUP *lookup;
 
-	if (file != NULL)
-		{
-		lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file());
-		if (lookup == NULL) return(0);
-		if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1)
-		    return(0);
-		}
-	if (path != NULL)
-		{
-		lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir());
-		if (lookup == NULL) return(0);
-		if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1)
-		    return(0);
-		}
-	if ((path == NULL) && (file == NULL))
-		return(0);
-	return(1);
-	}
+    if (file != NULL) {
+        lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_file());
+        if (lookup == NULL)
+            return (0);
+        if (X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM) != 1)
+            return (0);
+    }
+    if (path != NULL) {
+        lookup = X509_STORE_add_lookup(ctx, X509_LOOKUP_hash_dir());
+        if (lookup == NULL)
+            return (0);
+        if (X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM) != 1)
+            return (0);
+    }
+    if ((path == NULL) && (file == NULL))
+        return (0);
+    return (1);
+}
 
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_def.c b/Cryptlib/OpenSSL/crypto/x509/x509_def.c
index e0ac151a..25c55375 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_def.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_def.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -62,20 +62,31 @@
 #include <openssl/x509.h>
 
 const char *X509_get_default_private_dir(void)
-	{ return(X509_PRIVATE_DIR); }
-	
+{
+    return (X509_PRIVATE_DIR);
+}
+
 const char *X509_get_default_cert_area(void)
-	{ return(X509_CERT_AREA); }
+{
+    return (X509_CERT_AREA);
+}
 
 const char *X509_get_default_cert_dir(void)
-	{ return(X509_CERT_DIR); }
+{
+    return (X509_CERT_DIR);
+}
 
 const char *X509_get_default_cert_file(void)
-	{ return(X509_CERT_FILE); }
+{
+    return (X509_CERT_FILE);
+}
 
 const char *X509_get_default_cert_dir_env(void)
-	{ return(X509_CERT_DIR_EVP); }
+{
+    return (X509_CERT_DIR_EVP);
+}
 
 const char *X509_get_default_cert_file_env(void)
-	{ return(X509_CERT_FILE_EVP); }
-
+{
+    return (X509_CERT_FILE_EVP);
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_err.c b/Cryptlib/OpenSSL/crypto/x509/x509_err.c
index fb377292..ea149205 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_err.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,97 +66,110 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509,0,reason)
 
-static ERR_STRING_DATA X509_str_functs[]=
-	{
-{ERR_FUNC(X509_F_ADD_CERT_DIR),	"ADD_CERT_DIR"},
-{ERR_FUNC(X509_F_BY_FILE_CTRL),	"BY_FILE_CTRL"},
-{ERR_FUNC(X509_F_CHECK_POLICY),	"CHECK_POLICY"},
-{ERR_FUNC(X509_F_DIR_CTRL),	"DIR_CTRL"},
-{ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT),	"GET_CERT_BY_SUBJECT"},
-{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE),	"NETSCAPE_SPKI_b64_decode"},
-{ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE),	"NETSCAPE_SPKI_b64_encode"},
-{ERR_FUNC(X509_F_X509AT_ADD1_ATTR),	"X509at_add1_attr"},
-{ERR_FUNC(X509_F_X509V3_ADD_EXT),	"X509v3_add_ext"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID),	"X509_ATTRIBUTE_create_by_NID"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ),	"X509_ATTRIBUTE_create_by_OBJ"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT),	"X509_ATTRIBUTE_create_by_txt"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA),	"X509_ATTRIBUTE_get0_data"},
-{ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA),	"X509_ATTRIBUTE_set1_data"},
-{ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY),	"X509_check_private_key"},
-{ERR_FUNC(X509_F_X509_CRL_PRINT_FP),	"X509_CRL_print_fp"},
-{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID),	"X509_EXTENSION_create_by_NID"},
-{ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ),	"X509_EXTENSION_create_by_OBJ"},
-{ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS),	"X509_get_pubkey_parameters"},
-{ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE),	"X509_load_cert_crl_file"},
-{ERR_FUNC(X509_F_X509_LOAD_CERT_FILE),	"X509_load_cert_file"},
-{ERR_FUNC(X509_F_X509_LOAD_CRL_FILE),	"X509_load_crl_file"},
-{ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY),	"X509_NAME_add_entry"},
-{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID),	"X509_NAME_ENTRY_create_by_NID"},
-{ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT),	"X509_NAME_ENTRY_create_by_txt"},
-{ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT),	"X509_NAME_ENTRY_set_object"},
-{ERR_FUNC(X509_F_X509_NAME_ONELINE),	"X509_NAME_oneline"},
-{ERR_FUNC(X509_F_X509_NAME_PRINT),	"X509_NAME_print"},
-{ERR_FUNC(X509_F_X509_PRINT_EX_FP),	"X509_print_ex_fp"},
-{ERR_FUNC(X509_F_X509_PUBKEY_GET),	"X509_PUBKEY_get"},
-{ERR_FUNC(X509_F_X509_PUBKEY_SET),	"X509_PUBKEY_set"},
-{ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY),	"X509_REQ_check_private_key"},
-{ERR_FUNC(X509_F_X509_REQ_PRINT_EX),	"X509_REQ_print_ex"},
-{ERR_FUNC(X509_F_X509_REQ_PRINT_FP),	"X509_REQ_print_fp"},
-{ERR_FUNC(X509_F_X509_REQ_TO_X509),	"X509_REQ_to_X509"},
-{ERR_FUNC(X509_F_X509_STORE_ADD_CERT),	"X509_STORE_add_cert"},
-{ERR_FUNC(X509_F_X509_STORE_ADD_CRL),	"X509_STORE_add_crl"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER),	"X509_STORE_CTX_get1_issuer"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_INIT),	"X509_STORE_CTX_init"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_NEW),	"X509_STORE_CTX_new"},
-{ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),	"X509_STORE_CTX_purpose_inherit"},
-{ERR_FUNC(X509_F_X509_TO_X509_REQ),	"X509_to_X509_REQ"},
-{ERR_FUNC(X509_F_X509_TRUST_ADD),	"X509_TRUST_add"},
-{ERR_FUNC(X509_F_X509_TRUST_SET),	"X509_TRUST_set"},
-{ERR_FUNC(X509_F_X509_VERIFY_CERT),	"X509_verify_cert"},
-{0,NULL}
-	};
+static ERR_STRING_DATA X509_str_functs[] = {
+    {ERR_FUNC(X509_F_ADD_CERT_DIR), "ADD_CERT_DIR"},
+    {ERR_FUNC(X509_F_BY_FILE_CTRL), "BY_FILE_CTRL"},
+    {ERR_FUNC(X509_F_CHECK_POLICY), "CHECK_POLICY"},
+    {ERR_FUNC(X509_F_DIR_CTRL), "DIR_CTRL"},
+    {ERR_FUNC(X509_F_GET_CERT_BY_SUBJECT), "GET_CERT_BY_SUBJECT"},
+    {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_DECODE), "NETSCAPE_SPKI_b64_decode"},
+    {ERR_FUNC(X509_F_NETSCAPE_SPKI_B64_ENCODE), "NETSCAPE_SPKI_b64_encode"},
+    {ERR_FUNC(X509_F_X509AT_ADD1_ATTR), "X509at_add1_attr"},
+    {ERR_FUNC(X509_F_X509V3_ADD_EXT), "X509v3_add_ext"},
+    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_NID),
+     "X509_ATTRIBUTE_create_by_NID"},
+    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ),
+     "X509_ATTRIBUTE_create_by_OBJ"},
+    {ERR_FUNC(X509_F_X509_ATTRIBUTE_CREATE_BY_TXT),
+     "X509_ATTRIBUTE_create_by_txt"},
+    {ERR_FUNC(X509_F_X509_ATTRIBUTE_GET0_DATA), "X509_ATTRIBUTE_get0_data"},
+    {ERR_FUNC(X509_F_X509_ATTRIBUTE_SET1_DATA), "X509_ATTRIBUTE_set1_data"},
+    {ERR_FUNC(X509_F_X509_CHECK_PRIVATE_KEY), "X509_check_private_key"},
+    {ERR_FUNC(X509_F_X509_CRL_PRINT_FP), "X509_CRL_print_fp"},
+    {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_NID),
+     "X509_EXTENSION_create_by_NID"},
+    {ERR_FUNC(X509_F_X509_EXTENSION_CREATE_BY_OBJ),
+     "X509_EXTENSION_create_by_OBJ"},
+    {ERR_FUNC(X509_F_X509_GET_PUBKEY_PARAMETERS),
+     "X509_get_pubkey_parameters"},
+    {ERR_FUNC(X509_F_X509_LOAD_CERT_CRL_FILE), "X509_load_cert_crl_file"},
+    {ERR_FUNC(X509_F_X509_LOAD_CERT_FILE), "X509_load_cert_file"},
+    {ERR_FUNC(X509_F_X509_LOAD_CRL_FILE), "X509_load_crl_file"},
+    {ERR_FUNC(X509_F_X509_NAME_ADD_ENTRY), "X509_NAME_add_entry"},
+    {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_NID),
+     "X509_NAME_ENTRY_create_by_NID"},
+    {ERR_FUNC(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT),
+     "X509_NAME_ENTRY_create_by_txt"},
+    {ERR_FUNC(X509_F_X509_NAME_ENTRY_SET_OBJECT),
+     "X509_NAME_ENTRY_set_object"},
+    {ERR_FUNC(X509_F_X509_NAME_ONELINE), "X509_NAME_oneline"},
+    {ERR_FUNC(X509_F_X509_NAME_PRINT), "X509_NAME_print"},
+    {ERR_FUNC(X509_F_X509_PRINT_EX_FP), "X509_print_ex_fp"},
+    {ERR_FUNC(X509_F_X509_PUBKEY_GET), "X509_PUBKEY_get"},
+    {ERR_FUNC(X509_F_X509_PUBKEY_SET), "X509_PUBKEY_set"},
+    {ERR_FUNC(X509_F_X509_REQ_CHECK_PRIVATE_KEY),
+     "X509_REQ_check_private_key"},
+    {ERR_FUNC(X509_F_X509_REQ_PRINT_EX), "X509_REQ_print_ex"},
+    {ERR_FUNC(X509_F_X509_REQ_PRINT_FP), "X509_REQ_print_fp"},
+    {ERR_FUNC(X509_F_X509_REQ_TO_X509), "X509_REQ_to_X509"},
+    {ERR_FUNC(X509_F_X509_STORE_ADD_CERT), "X509_STORE_add_cert"},
+    {ERR_FUNC(X509_F_X509_STORE_ADD_CRL), "X509_STORE_add_crl"},
+    {ERR_FUNC(X509_F_X509_STORE_CTX_GET1_ISSUER),
+     "X509_STORE_CTX_get1_issuer"},
+    {ERR_FUNC(X509_F_X509_STORE_CTX_INIT), "X509_STORE_CTX_init"},
+    {ERR_FUNC(X509_F_X509_STORE_CTX_NEW), "X509_STORE_CTX_new"},
+    {ERR_FUNC(X509_F_X509_STORE_CTX_PURPOSE_INHERIT),
+     "X509_STORE_CTX_purpose_inherit"},
+    {ERR_FUNC(X509_F_X509_TO_X509_REQ), "X509_to_X509_REQ"},
+    {ERR_FUNC(X509_F_X509_TRUST_ADD), "X509_TRUST_add"},
+    {ERR_FUNC(X509_F_X509_TRUST_SET), "X509_TRUST_set"},
+    {ERR_FUNC(X509_F_X509_VERIFY_CERT), "X509_verify_cert"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA X509_str_reasons[]=
-	{
-{ERR_REASON(X509_R_BAD_X509_FILETYPE)    ,"bad x509 filetype"},
-{ERR_REASON(X509_R_BASE64_DECODE_ERROR)  ,"base64 decode error"},
-{ERR_REASON(X509_R_CANT_CHECK_DH_KEY)    ,"cant check dh key"},
-{ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),"cert already in hash table"},
-{ERR_REASON(X509_R_ERR_ASN1_LIB)         ,"err asn1 lib"},
-{ERR_REASON(X509_R_INVALID_DIRECTORY)    ,"invalid directory"},
-{ERR_REASON(X509_R_INVALID_FIELD_NAME)   ,"invalid field name"},
-{ERR_REASON(X509_R_INVALID_TRUST)        ,"invalid trust"},
-{ERR_REASON(X509_R_KEY_TYPE_MISMATCH)    ,"key type mismatch"},
-{ERR_REASON(X509_R_KEY_VALUES_MISMATCH)  ,"key values mismatch"},
-{ERR_REASON(X509_R_LOADING_CERT_DIR)     ,"loading cert dir"},
-{ERR_REASON(X509_R_LOADING_DEFAULTS)     ,"loading defaults"},
-{ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),"no cert set for us to verify"},
-{ERR_REASON(X509_R_SHOULD_RETRY)         ,"should retry"},
-{ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),"unable to find parameters in chain"},
-{ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),"unable to get certs public key"},
-{ERR_REASON(X509_R_UNKNOWN_KEY_TYPE)     ,"unknown key type"},
-{ERR_REASON(X509_R_UNKNOWN_NID)          ,"unknown nid"},
-{ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID)   ,"unknown purpose id"},
-{ERR_REASON(X509_R_UNKNOWN_TRUST_ID)     ,"unknown trust id"},
-{ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM),"unsupported algorithm"},
-{ERR_REASON(X509_R_WRONG_LOOKUP_TYPE)    ,"wrong lookup type"},
-{ERR_REASON(X509_R_WRONG_TYPE)           ,"wrong type"},
-{0,NULL}
-	};
+static ERR_STRING_DATA X509_str_reasons[] = {
+    {ERR_REASON(X509_R_BAD_X509_FILETYPE), "bad x509 filetype"},
+    {ERR_REASON(X509_R_BASE64_DECODE_ERROR), "base64 decode error"},
+    {ERR_REASON(X509_R_CANT_CHECK_DH_KEY), "cant check dh key"},
+    {ERR_REASON(X509_R_CERT_ALREADY_IN_HASH_TABLE),
+     "cert already in hash table"},
+    {ERR_REASON(X509_R_ERR_ASN1_LIB), "err asn1 lib"},
+    {ERR_REASON(X509_R_INVALID_DIRECTORY), "invalid directory"},
+    {ERR_REASON(X509_R_INVALID_FIELD_NAME), "invalid field name"},
+    {ERR_REASON(X509_R_INVALID_TRUST), "invalid trust"},
+    {ERR_REASON(X509_R_KEY_TYPE_MISMATCH), "key type mismatch"},
+    {ERR_REASON(X509_R_KEY_VALUES_MISMATCH), "key values mismatch"},
+    {ERR_REASON(X509_R_LOADING_CERT_DIR), "loading cert dir"},
+    {ERR_REASON(X509_R_LOADING_DEFAULTS), "loading defaults"},
+    {ERR_REASON(X509_R_NO_CERT_SET_FOR_US_TO_VERIFY),
+     "no cert set for us to verify"},
+    {ERR_REASON(X509_R_SHOULD_RETRY), "should retry"},
+    {ERR_REASON(X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN),
+     "unable to find parameters in chain"},
+    {ERR_REASON(X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY),
+     "unable to get certs public key"},
+    {ERR_REASON(X509_R_UNKNOWN_KEY_TYPE), "unknown key type"},
+    {ERR_REASON(X509_R_UNKNOWN_NID), "unknown nid"},
+    {ERR_REASON(X509_R_UNKNOWN_PURPOSE_ID), "unknown purpose id"},
+    {ERR_REASON(X509_R_UNKNOWN_TRUST_ID), "unknown trust id"},
+    {ERR_REASON(X509_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
+    {ERR_REASON(X509_R_WRONG_LOOKUP_TYPE), "wrong lookup type"},
+    {ERR_REASON(X509_R_WRONG_TYPE), "wrong type"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_X509_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(X509_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,X509_str_functs);
-		ERR_load_strings(0,X509_str_reasons);
-		}
+    if (ERR_func_error_string(X509_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, X509_str_functs);
+        ERR_load_strings(0, X509_str_reasons);
+    }
 #endif
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_ext.c b/Cryptlib/OpenSSL/crypto/x509/x509_ext.c
index e7fdacb5..fb4e311d 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_ext.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_ext.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -65,146 +65,147 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-
 int X509_CRL_get_ext_count(X509_CRL *x)
-	{
-	return(X509v3_get_ext_count(x->crl->extensions));
-	}
+{
+    return (X509v3_get_ext_count(x->crl->extensions));
+}
 
 int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos)
-	{
-	return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos));
-	}
+{
+    return (X509v3_get_ext_by_NID(x->crl->extensions, nid, lastpos));
+}
 
 int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos)
-	{
-	return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos));
-	}
+{
+    return (X509v3_get_ext_by_OBJ(x->crl->extensions, obj, lastpos));
+}
 
 int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos)
-	{
-	return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos));
-	}
+{
+    return (X509v3_get_ext_by_critical(x->crl->extensions, crit, lastpos));
+}
 
 X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc)
-	{
-	return(X509v3_get_ext(x->crl->extensions,loc));
-	}
+{
+    return (X509v3_get_ext(x->crl->extensions, loc));
+}
 
 X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
-	{
-	return(X509v3_delete_ext(x->crl->extensions,loc));
-	}
+{
+    return (X509v3_delete_ext(x->crl->extensions, loc));
+}
 
 void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx)
 {
-	return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
+    return X509V3_get_d2i(x->crl->extensions, nid, crit, idx);
 }
 
 int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit,
-							unsigned long flags)
+                          unsigned long flags)
 {
-	return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
+    return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags);
 }
 
 int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc)
-	{
-	return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL);
-	}
+{
+    return (X509v3_add_ext(&(x->crl->extensions), ex, loc) != NULL);
+}
 
 int X509_get_ext_count(X509 *x)
-	{
-	return(X509v3_get_ext_count(x->cert_info->extensions));
-	}
+{
+    return (X509v3_get_ext_count(x->cert_info->extensions));
+}
 
 int X509_get_ext_by_NID(X509 *x, int nid, int lastpos)
-	{
-	return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos));
-	}
+{
+    return (X509v3_get_ext_by_NID(x->cert_info->extensions, nid, lastpos));
+}
 
 int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos)
-	{
-	return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos));
-	}
+{
+    return (X509v3_get_ext_by_OBJ(x->cert_info->extensions, obj, lastpos));
+}
 
 int X509_get_ext_by_critical(X509 *x, int crit, int lastpos)
-	{
-	return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos));
-	}
+{
+    return (X509v3_get_ext_by_critical
+            (x->cert_info->extensions, crit, lastpos));
+}
 
 X509_EXTENSION *X509_get_ext(X509 *x, int loc)
-	{
-	return(X509v3_get_ext(x->cert_info->extensions,loc));
-	}
+{
+    return (X509v3_get_ext(x->cert_info->extensions, loc));
+}
 
 X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
-	{
-	return(X509v3_delete_ext(x->cert_info->extensions,loc));
-	}
+{
+    return (X509v3_delete_ext(x->cert_info->extensions, loc));
+}
 
 int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
-	{
-	return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL);
-	}
+{
+    return (X509v3_add_ext(&(x->cert_info->extensions), ex, loc) != NULL);
+}
 
 void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx)
 {
-	return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
+    return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx);
 }
 
 int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
-							unsigned long flags)
+                      unsigned long flags)
 {
-	return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
-							flags);
+    return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit,
+                           flags);
 }
 
 int X509_REVOKED_get_ext_count(X509_REVOKED *x)
-	{
-	return(X509v3_get_ext_count(x->extensions));
-	}
+{
+    return (X509v3_get_ext_count(x->extensions));
+}
 
 int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos)
-	{
-	return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos));
-	}
+{
+    return (X509v3_get_ext_by_NID(x->extensions, nid, lastpos));
+}
 
 int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj,
-	     int lastpos)
-	{
-	return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos));
-	}
+                                int lastpos)
+{
+    return (X509v3_get_ext_by_OBJ(x->extensions, obj, lastpos));
+}
 
 int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos)
-	{
-	return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos));
-	}
+{
+    return (X509v3_get_ext_by_critical(x->extensions, crit, lastpos));
+}
 
 X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc)
-	{
-	return(X509v3_get_ext(x->extensions,loc));
-	}
+{
+    return (X509v3_get_ext(x->extensions, loc));
+}
 
 X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
-	{
-	return(X509v3_delete_ext(x->extensions,loc));
-	}
+{
+    return (X509v3_delete_ext(x->extensions, loc));
+}
 
 int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)
-	{
-	return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL);
-	}
+{
+    return (X509v3_add_ext(&(x->extensions), ex, loc) != NULL);
+}
 
 void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx)
 {
-	return X509V3_get_d2i(x->extensions, nid, crit, idx);
+    return X509V3_get_d2i(x->extensions, nid, crit, idx);
 }
 
 int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit,
-							unsigned long flags)
+                              unsigned long flags)
 {
-	return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
+    return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags);
 }
 
 IMPLEMENT_STACK_OF(X509_EXTENSION)
+
 IMPLEMENT_ASN1_SET_OF(X509_EXTENSION)
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c
index b4861718..684ef5f2 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_lu.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_lu.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,423 +63,413 @@
 #include <openssl/x509v3.h>
 
 X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method)
-	{
-	X509_LOOKUP *ret;
-
-	ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
-	if (ret == NULL) return NULL;
-
-	ret->init=0;
-	ret->skip=0;
-	ret->method=method;
-	ret->method_data=NULL;
-	ret->store_ctx=NULL;
-	if ((method->new_item != NULL) && !method->new_item(ret))
-		{
-		OPENSSL_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
+{
+    X509_LOOKUP *ret;
+
+    ret = (X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP));
+    if (ret == NULL)
+        return NULL;
+
+    ret->init = 0;
+    ret->skip = 0;
+    ret->method = method;
+    ret->method_data = NULL;
+    ret->store_ctx = NULL;
+    if ((method->new_item != NULL) && !method->new_item(ret)) {
+        OPENSSL_free(ret);
+        return NULL;
+    }
+    return ret;
+}
 
 void X509_LOOKUP_free(X509_LOOKUP *ctx)
-	{
-	if (ctx == NULL) return;
-	if (	(ctx->method != NULL) &&
-		(ctx->method->free != NULL))
-		ctx->method->free(ctx);
-	OPENSSL_free(ctx);
-	}
+{
+    if (ctx == NULL)
+        return;
+    if ((ctx->method != NULL) && (ctx->method->free != NULL))
+        ctx->method->free(ctx);
+    OPENSSL_free(ctx);
+}
 
 int X509_LOOKUP_init(X509_LOOKUP *ctx)
-	{
-	if (ctx->method == NULL) return 0;
-	if (ctx->method->init != NULL)
-		return ctx->method->init(ctx);
-	else
-		return 1;
-	}
+{
+    if (ctx->method == NULL)
+        return 0;
+    if (ctx->method->init != NULL)
+        return ctx->method->init(ctx);
+    else
+        return 1;
+}
 
 int X509_LOOKUP_shutdown(X509_LOOKUP *ctx)
-	{
-	if (ctx->method == NULL) return 0;
-	if (ctx->method->shutdown != NULL)
-		return ctx->method->shutdown(ctx);
-	else
-		return 1;
-	}
+{
+    if (ctx->method == NULL)
+        return 0;
+    if (ctx->method->shutdown != NULL)
+        return ctx->method->shutdown(ctx);
+    else
+        return 1;
+}
 
 int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl,
-	     char **ret)
-	{
-	if (ctx->method == NULL) return -1;
-	if (ctx->method->ctrl != NULL)
-		return ctx->method->ctrl(ctx,cmd,argc,argl,ret);
-	else
-		return 1;
-	}
+                     char **ret)
+{
+    if (ctx->method == NULL)
+        return -1;
+    if (ctx->method->ctrl != NULL)
+        return ctx->method->ctrl(ctx, cmd, argc, argl, ret);
+    else
+        return 1;
+}
 
 int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name,
-	     X509_OBJECT *ret)
-	{
-	if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
-		return X509_LU_FAIL;
-	if (ctx->skip) return 0;
-	return ctx->method->get_by_subject(ctx,type,name,ret);
-	}
+                           X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL))
+        return X509_LU_FAIL;
+    if (ctx->skip)
+        return 0;
+    return ctx->method->get_by_subject(ctx, type, name, ret);
+}
 
 int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name,
-	     ASN1_INTEGER *serial, X509_OBJECT *ret)
-	{
-	if ((ctx->method == NULL) ||
-		(ctx->method->get_by_issuer_serial == NULL))
-		return X509_LU_FAIL;
-	return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret);
-	}
+                                 ASN1_INTEGER *serial, X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_issuer_serial == NULL))
+        return X509_LU_FAIL;
+    return ctx->method->get_by_issuer_serial(ctx, type, name, serial, ret);
+}
 
 int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type,
-	     unsigned char *bytes, int len, X509_OBJECT *ret)
-	{
-	if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
-		return X509_LU_FAIL;
-	return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret);
-	}
+                               unsigned char *bytes, int len,
+                               X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL))
+        return X509_LU_FAIL;
+    return ctx->method->get_by_fingerprint(ctx, type, bytes, len, ret);
+}
 
 int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len,
-	     X509_OBJECT *ret)
-	{
-	if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
-		return X509_LU_FAIL;
-	return ctx->method->get_by_alias(ctx,type,str,len,ret);
-	}
-
-  
-static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
-  	{
- 	int ret;
-
- 	ret=((*a)->type - (*b)->type);
- 	if (ret) return ret;
- 	switch ((*a)->type)
- 		{
- 	case X509_LU_X509:
- 		ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
- 		break;
- 	case X509_LU_CRL:
- 		ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
- 		break;
-	default:
-		/* abort(); */
-		return 0;
-		}
-	return ret;
-	}
+                         X509_OBJECT *ret)
+{
+    if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL))
+        return X509_LU_FAIL;
+    return ctx->method->get_by_alias(ctx, type, str, len, ret);
+}
+
+static int x509_object_cmp(const X509_OBJECT *const *a,
+                           const X509_OBJECT *const *b)
+{
+    int ret;
+
+    ret = ((*a)->type - (*b)->type);
+    if (ret)
+        return ret;
+    switch ((*a)->type) {
+    case X509_LU_X509:
+        ret = X509_subject_name_cmp((*a)->data.x509, (*b)->data.x509);
+        break;
+    case X509_LU_CRL:
+        ret = X509_CRL_cmp((*a)->data.crl, (*b)->data.crl);
+        break;
+    default:
+        /* abort(); */
+        return 0;
+    }
+    return ret;
+}
 
 X509_STORE *X509_STORE_new(void)
-	{
-	X509_STORE *ret;
-
-	if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
-		return NULL;
-	ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
-	ret->cache=1;
-	ret->get_cert_methods=sk_X509_LOOKUP_new_null();
-	ret->verify=0;
-	ret->verify_cb=0;
-
-	if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
-		return NULL;
-
-	ret->get_issuer = 0;
-	ret->check_issued = 0;
-	ret->check_revocation = 0;
-	ret->get_crl = 0;
-	ret->check_crl = 0;
-	ret->cert_crl = 0;
-	ret->cleanup = 0;
-
-	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data))
-		{
-		sk_X509_OBJECT_free(ret->objs);
-		OPENSSL_free(ret);
-		return NULL;
-		}
-
-	ret->references=1;
-	return ret;
-	}
+{
+    X509_STORE *ret;
+
+    if ((ret = (X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL)
+        return NULL;
+    ret->objs = sk_X509_OBJECT_new(x509_object_cmp);
+    ret->cache = 1;
+    ret->get_cert_methods = sk_X509_LOOKUP_new_null();
+    ret->verify = 0;
+    ret->verify_cb = 0;
+
+    if ((ret->param = X509_VERIFY_PARAM_new()) == NULL)
+        return NULL;
+
+    ret->get_issuer = 0;
+    ret->check_issued = 0;
+    ret->check_revocation = 0;
+    ret->get_crl = 0;
+    ret->check_crl = 0;
+    ret->cert_crl = 0;
+    ret->cleanup = 0;
+
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data)) {
+        sk_X509_OBJECT_free(ret->objs);
+        OPENSSL_free(ret);
+        return NULL;
+    }
+
+    ret->references = 1;
+    return ret;
+}
 
 static void cleanup(X509_OBJECT *a)
-	{
-	if (a->type == X509_LU_X509)
-		{
-		X509_free(a->data.x509);
-		}
-	else if (a->type == X509_LU_CRL)
-		{
-		X509_CRL_free(a->data.crl);
-		}
-	else
-		{
-		/* abort(); */
-		}
-
-	OPENSSL_free(a);
-	}
+{
+    if (a->type == X509_LU_X509) {
+        X509_free(a->data.x509);
+    } else if (a->type == X509_LU_CRL) {
+        X509_CRL_free(a->data.crl);
+    } else {
+        /* abort(); */
+    }
+
+    OPENSSL_free(a);
+}
 
 void X509_STORE_free(X509_STORE *vfy)
-	{
-	int i;
-	STACK_OF(X509_LOOKUP) *sk;
-	X509_LOOKUP *lu;
-
-	if (vfy == NULL)
-	    return;
-
-	sk=vfy->get_cert_methods;
-	for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
-		{
-		lu=sk_X509_LOOKUP_value(sk,i);
-		X509_LOOKUP_shutdown(lu);
-		X509_LOOKUP_free(lu);
-		}
-	sk_X509_LOOKUP_free(sk);
-	sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
-
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
-	if (vfy->param)
-		X509_VERIFY_PARAM_free(vfy->param);
-	OPENSSL_free(vfy);
-	}
+{
+    int i;
+    STACK_OF(X509_LOOKUP) *sk;
+    X509_LOOKUP *lu;
+
+    if (vfy == NULL)
+        return;
+
+    sk = vfy->get_cert_methods;
+    for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
+        lu = sk_X509_LOOKUP_value(sk, i);
+        X509_LOOKUP_shutdown(lu);
+        X509_LOOKUP_free(lu);
+    }
+    sk_X509_LOOKUP_free(sk);
+    sk_X509_OBJECT_pop_free(vfy->objs, cleanup);
+
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data);
+    if (vfy->param)
+        X509_VERIFY_PARAM_free(vfy->param);
+    OPENSSL_free(vfy);
+}
 
 X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m)
-	{
-	int i;
-	STACK_OF(X509_LOOKUP) *sk;
-	X509_LOOKUP *lu;
-
-	sk=v->get_cert_methods;
-	for (i=0; i<sk_X509_LOOKUP_num(sk); i++)
-		{
-		lu=sk_X509_LOOKUP_value(sk,i);
-		if (m == lu->method)
-			{
-			return lu;
-			}
-		}
-	/* a new one */
-	lu=X509_LOOKUP_new(m);
-	if (lu == NULL)
-		return NULL;
-	else
-		{
-		lu->store_ctx=v;
-		if (sk_X509_LOOKUP_push(v->get_cert_methods,lu))
-			return lu;
-		else
-			{
-			X509_LOOKUP_free(lu);
-			return NULL;
-			}
-		}
-	}
+{
+    int i;
+    STACK_OF(X509_LOOKUP) *sk;
+    X509_LOOKUP *lu;
+
+    sk = v->get_cert_methods;
+    for (i = 0; i < sk_X509_LOOKUP_num(sk); i++) {
+        lu = sk_X509_LOOKUP_value(sk, i);
+        if (m == lu->method) {
+            return lu;
+        }
+    }
+    /* a new one */
+    lu = X509_LOOKUP_new(m);
+    if (lu == NULL)
+        return NULL;
+    else {
+        lu->store_ctx = v;
+        if (sk_X509_LOOKUP_push(v->get_cert_methods, lu))
+            return lu;
+        else {
+            X509_LOOKUP_free(lu);
+            return NULL;
+        }
+    }
+}
 
 int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name,
-	     X509_OBJECT *ret)
-	{
-	X509_STORE *ctx=vs->ctx;
-	X509_LOOKUP *lu;
-	X509_OBJECT stmp,*tmp;
-	int i,j;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-	tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name);
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
-	if (tmp == NULL)
-		{
-		for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++)
-			{
-			lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i);
-			j=X509_LOOKUP_by_subject(lu,type,name,&stmp);
-			if (j < 0)
-				{
-				vs->current_method=j;
-				return j;
-				}
-			else if (j)
-				{
-				tmp= &stmp;
-				break;
-				}
-			}
-		vs->current_method=0;
-		if (tmp == NULL)
-			return 0;
-		}
-
-/*	if (ret->data.ptr != NULL)
-		X509_OBJECT_free_contents(ret); */
-
-	ret->type=tmp->type;
-	ret->data.ptr=tmp->data.ptr;
-
-	X509_OBJECT_up_ref_count(ret);
-
-	return 1;
-	}
+                              X509_OBJECT *ret)
+{
+    X509_STORE *ctx = vs->ctx;
+    X509_LOOKUP *lu;
+    X509_OBJECT stmp, *tmp;
+    int i, j;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+    tmp = X509_OBJECT_retrieve_by_subject(ctx->objs, type, name);
+    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+    if (tmp == NULL) {
+        for (i = vs->current_method;
+             i < sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) {
+            lu = sk_X509_LOOKUP_value(ctx->get_cert_methods, i);
+            j = X509_LOOKUP_by_subject(lu, type, name, &stmp);
+            if (j < 0) {
+                vs->current_method = j;
+                return j;
+            } else if (j) {
+                tmp = &stmp;
+                break;
+            }
+        }
+        vs->current_method = 0;
+        if (tmp == NULL)
+            return 0;
+    }
+
+/*- if (ret->data.ptr != NULL)
+            X509_OBJECT_free_contents(ret); */
+
+    ret->type = tmp->type;
+    ret->data.ptr = tmp->data.ptr;
+
+    X509_OBJECT_up_ref_count(ret);
+
+    return 1;
+}
 
 int X509_STORE_add_cert(X509_STORE *ctx, X509 *x)
-	{
-	X509_OBJECT *obj;
-	int ret=1;
-
-	if (x == NULL) return 0;
-	obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
-	if (obj == NULL)
-		{
-		X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	obj->type=X509_LU_X509;
-	obj->data.x509=x;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
-	X509_OBJECT_up_ref_count(obj);
-
-	if (X509_OBJECT_retrieve_match(ctx->objs, obj))
-		{
-		X509_OBJECT_free_contents(obj);
-		OPENSSL_free(obj);
-		X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE);
-		ret=0;
-		} 
-	else sk_X509_OBJECT_push(ctx->objs, obj);
-
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
-	return ret;
-	}
+{
+    X509_OBJECT *obj;
+    int ret = 1;
+
+    if (x == NULL)
+        return 0;
+    obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
+    if (obj == NULL) {
+        X509err(X509_F_X509_STORE_ADD_CERT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    obj->type = X509_LU_X509;
+    obj->data.x509 = x;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
+    X509_OBJECT_up_ref_count(obj);
+
+    if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
+        X509_OBJECT_free_contents(obj);
+        OPENSSL_free(obj);
+        X509err(X509_F_X509_STORE_ADD_CERT,
+                X509_R_CERT_ALREADY_IN_HASH_TABLE);
+        ret = 0;
+    } else
+        sk_X509_OBJECT_push(ctx->objs, obj);
+
+    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+    return ret;
+}
 
 int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x)
-	{
-	X509_OBJECT *obj;
-	int ret=1;
-
-	if (x == NULL) return 0;
-	obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
-	if (obj == NULL)
-		{
-		X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	obj->type=X509_LU_CRL;
-	obj->data.crl=x;
-
-	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-
-	X509_OBJECT_up_ref_count(obj);
-
-	if (X509_OBJECT_retrieve_match(ctx->objs, obj))
-		{
-		X509_OBJECT_free_contents(obj);
-		OPENSSL_free(obj);
-		X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE);
-		ret=0;
-		}
-	else sk_X509_OBJECT_push(ctx->objs, obj);
-
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-
-	return ret;
-	}
+{
+    X509_OBJECT *obj;
+    int ret = 1;
+
+    if (x == NULL)
+        return 0;
+    obj = (X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT));
+    if (obj == NULL) {
+        X509err(X509_F_X509_STORE_ADD_CRL, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    obj->type = X509_LU_CRL;
+    obj->data.crl = x;
+
+    CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+
+    X509_OBJECT_up_ref_count(obj);
+
+    if (X509_OBJECT_retrieve_match(ctx->objs, obj)) {
+        X509_OBJECT_free_contents(obj);
+        OPENSSL_free(obj);
+        X509err(X509_F_X509_STORE_ADD_CRL, X509_R_CERT_ALREADY_IN_HASH_TABLE);
+        ret = 0;
+    } else
+        sk_X509_OBJECT_push(ctx->objs, obj);
+
+    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+
+    return ret;
+}
 
 void X509_OBJECT_up_ref_count(X509_OBJECT *a)
-	{
-	switch (a->type)
-		{
-	case X509_LU_X509:
-		CRYPTO_add(&a->data.x509->references,1,CRYPTO_LOCK_X509);
-		break;
-	case X509_LU_CRL:
-		CRYPTO_add(&a->data.crl->references,1,CRYPTO_LOCK_X509_CRL);
-		break;
-		}
-	}
+{
+    switch (a->type) {
+    case X509_LU_X509:
+        CRYPTO_add(&a->data.x509->references, 1, CRYPTO_LOCK_X509);
+        break;
+    case X509_LU_CRL:
+        CRYPTO_add(&a->data.crl->references, 1, CRYPTO_LOCK_X509_CRL);
+        break;
+    }
+}
 
 void X509_OBJECT_free_contents(X509_OBJECT *a)
-	{
-	switch (a->type)
-		{
-	case X509_LU_X509:
-		X509_free(a->data.x509);
-		break;
-	case X509_LU_CRL:
-		X509_CRL_free(a->data.crl);
-		break;
-		}
-	}
+{
+    switch (a->type) {
+    case X509_LU_X509:
+        X509_free(a->data.x509);
+        break;
+    case X509_LU_CRL:
+        X509_CRL_free(a->data.crl);
+        break;
+    }
+}
 
 int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type,
-	     X509_NAME *name)
-	{
-	X509_OBJECT stmp;
-	X509 x509_s;
-	X509_CINF cinf_s;
-	X509_CRL crl_s;
-	X509_CRL_INFO crl_info_s;
-
-	stmp.type=type;
-	switch (type)
-		{
-	case X509_LU_X509:
-		stmp.data.x509= &x509_s;
-		x509_s.cert_info= &cinf_s;
-		cinf_s.subject=name;
-		break;
-	case X509_LU_CRL:
-		stmp.data.crl= &crl_s;
-		crl_s.crl= &crl_info_s;
-		crl_info_s.issuer=name;
-		break;
-	default:
-		/* abort(); */
-		return -1;
-		}
-
-	return sk_X509_OBJECT_find(h,&stmp);
-	}
-
-X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type,
-	     X509_NAME *name)
-	{
-	int idx;
-	idx = X509_OBJECT_idx_by_subject(h, type, name);
-	if (idx==-1) return NULL;
-	return sk_X509_OBJECT_value(h, idx);
-	}
-
-X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x)
-	{
-	int idx, i;
-	X509_OBJECT *obj;
-	idx = sk_X509_OBJECT_find(h, x);
-	if (idx == -1) return NULL;
-	if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx);
-	for (i = idx; i < sk_X509_OBJECT_num(h); i++)
-		{
-		obj = sk_X509_OBJECT_value(h, i);
-		if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
-			return NULL;
-		if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509))
-			return obj;
-		}
-	return NULL;
-	}
-
-
-/* Try to get issuer certificate from store. Due to limitations
+                               X509_NAME *name)
+{
+    X509_OBJECT stmp;
+    X509 x509_s;
+    X509_CINF cinf_s;
+    X509_CRL crl_s;
+    X509_CRL_INFO crl_info_s;
+
+    stmp.type = type;
+    switch (type) {
+    case X509_LU_X509:
+        stmp.data.x509 = &x509_s;
+        x509_s.cert_info = &cinf_s;
+        cinf_s.subject = name;
+        break;
+    case X509_LU_CRL:
+        stmp.data.crl = &crl_s;
+        crl_s.crl = &crl_info_s;
+        crl_info_s.issuer = name;
+        break;
+    default:
+        /* abort(); */
+        return -1;
+    }
+
+    return sk_X509_OBJECT_find(h, &stmp);
+}
+
+X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,
+                                             int type, X509_NAME *name)
+{
+    int idx;
+    idx = X509_OBJECT_idx_by_subject(h, type, name);
+    if (idx == -1)
+        return NULL;
+    return sk_X509_OBJECT_value(h, idx);
+}
+
+X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h,
+                                        X509_OBJECT *x)
+{
+    int idx, i;
+    X509_OBJECT *obj;
+    idx = sk_X509_OBJECT_find(h, x);
+    if (idx == -1)
+        return NULL;
+    if (x->type != X509_LU_X509)
+        return sk_X509_OBJECT_value(h, idx);
+    for (i = idx; i < sk_X509_OBJECT_num(h); i++) {
+        obj = sk_X509_OBJECT_value(h, i);
+        if (x509_object_cmp
+            ((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x))
+            return NULL;
+        if ((x->type != X509_LU_X509)
+            || !X509_cmp(obj->data.x509, x->data.x509))
+            return obj;
+    }
+    return NULL;
+}
+
+/*-
+ * Try to get issuer certificate from store. Due to limitations
  * of the API this can only retrieve a single certificate matching
  * a given subject name. However it will fill the cache with all
  * matching certificates, so we can examine the cache for all
@@ -491,89 +481,83 @@ X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x
  * -1 some other error.
  */
 int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
-	{
-	X509_NAME *xn;
-	X509_OBJECT obj, *pobj;
-	int i, ok, idx, ret;
-	xn=X509_get_issuer_name(x);
-	ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj);
-	if (ok != X509_LU_X509)
-		{
-		if (ok == X509_LU_RETRY)
-			{
-			X509_OBJECT_free_contents(&obj);
-			X509err(X509_F_X509_STORE_CTX_GET1_ISSUER,X509_R_SHOULD_RETRY);
-			return -1;
-			}
-		else if (ok != X509_LU_FAIL)
-			{
-			X509_OBJECT_free_contents(&obj);
-			/* not good :-(, break anyway */
-			return -1;
-			}
-		return 0;
-		}
-	/* If certificate matches all OK */
-	if (ctx->check_issued(ctx, x, obj.data.x509))
-		{
-		*issuer = obj.data.x509;
-		return 1;
-		}
-	X509_OBJECT_free_contents(&obj);
-
-	/* Else find index of first cert accepted by 'check_issued' */
-	ret = 0;
-	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
-	idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
-	if (idx != -1) /* should be true as we've had at least one match */
-		{
-		/* Look through all matching certs for suitable issuer */
-		for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++)
-			{
-			pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
-			/* See if we've run past the matches */
-			if (pobj->type != X509_LU_X509)
-				break;
-			if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))
-				break;
-			if (ctx->check_issued(ctx, x, pobj->data.x509))
-				{
-				*issuer = pobj->data.x509;
-				X509_OBJECT_up_ref_count(pobj);
-				ret = 1;
-				break;
-				}
-			}
-		}
-	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
-	return ret;
-	}
+{
+    X509_NAME *xn;
+    X509_OBJECT obj, *pobj;
+    int i, ok, idx, ret;
+    xn = X509_get_issuer_name(x);
+    ok = X509_STORE_get_by_subject(ctx, X509_LU_X509, xn, &obj);
+    if (ok != X509_LU_X509) {
+        if (ok == X509_LU_RETRY) {
+            X509_OBJECT_free_contents(&obj);
+            X509err(X509_F_X509_STORE_CTX_GET1_ISSUER, X509_R_SHOULD_RETRY);
+            return -1;
+        } else if (ok != X509_LU_FAIL) {
+            X509_OBJECT_free_contents(&obj);
+            /* not good :-(, break anyway */
+            return -1;
+        }
+        return 0;
+    }
+    /* If certificate matches all OK */
+    if (ctx->check_issued(ctx, x, obj.data.x509)) {
+        *issuer = obj.data.x509;
+        return 1;
+    }
+    X509_OBJECT_free_contents(&obj);
+
+    /* Else find index of first cert accepted by 'check_issued' */
+    ret = 0;
+    CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
+    idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn);
+    if (idx != -1) {            /* should be true as we've had at least one
+                                 * match */
+        /* Look through all matching certs for suitable issuer */
+        for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) {
+            pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i);
+            /* See if we've run past the matches */
+            if (pobj->type != X509_LU_X509)
+                break;
+            if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509)))
+                break;
+            if (ctx->check_issued(ctx, x, pobj->data.x509)) {
+                *issuer = pobj->data.x509;
+                X509_OBJECT_up_ref_count(pobj);
+                ret = 1;
+                break;
+            }
+        }
+    }
+    CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
+    return ret;
+}
 
 int X509_STORE_set_flags(X509_STORE *ctx, unsigned long flags)
-	{
-	return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
-	}
+{
+    return X509_VERIFY_PARAM_set_flags(ctx->param, flags);
+}
 
 int X509_STORE_set_depth(X509_STORE *ctx, int depth)
-	{
-	X509_VERIFY_PARAM_set_depth(ctx->param, depth);
-	return 1;
-	}
+{
+    X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+    return 1;
+}
 
 int X509_STORE_set_purpose(X509_STORE *ctx, int purpose)
-	{
-	return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
-	}
+{
+    return X509_VERIFY_PARAM_set_purpose(ctx->param, purpose);
+}
 
 int X509_STORE_set_trust(X509_STORE *ctx, int trust)
-	{
-	return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
-	}
+{
+    return X509_VERIFY_PARAM_set_trust(ctx->param, trust);
+}
 
 int X509_STORE_set1_param(X509_STORE *ctx, X509_VERIFY_PARAM *param)
-	{
-	return X509_VERIFY_PARAM_set1(ctx->param, param);
-	}
+{
+    return X509_VERIFY_PARAM_set1(ctx->param, param);
+}
 
 IMPLEMENT_STACK_OF(X509_LOOKUP)
+
 IMPLEMENT_STACK_OF(X509_OBJECT)
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c
index 1e718f76..c334d3b0 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_obj.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_obj.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,163 +64,149 @@
 #include <openssl/buffer.h>
 
 char *X509_NAME_oneline(X509_NAME *a, char *buf, int len)
-	{
-	X509_NAME_ENTRY *ne;
-int i;
-	int n,lold,l,l1,l2,num,j,type;
-	const char *s;
-	char *p;
-	unsigned char *q;
-	BUF_MEM *b=NULL;
-	static char hex[17]="0123456789ABCDEF";
-	int gs_doit[4];
-	char tmp_buf[80];
+{
+    X509_NAME_ENTRY *ne;
+    int i;
+    int n, lold, l, l1, l2, num, j, type;
+    const char *s;
+    char *p;
+    unsigned char *q;
+    BUF_MEM *b = NULL;
+    static char hex[17] = "0123456789ABCDEF";
+    int gs_doit[4];
+    char tmp_buf[80];
 #ifdef CHARSET_EBCDIC
-	char ebcdic_buf[1024];
+    char ebcdic_buf[1024];
 #endif
 
-	if (buf == NULL)
-		{
-		if ((b=BUF_MEM_new()) == NULL) goto err;
-		if (!BUF_MEM_grow(b,200)) goto err;
-		b->data[0]='\0';
-		len=200;
-		}
-	if (a == NULL)
-	    {
-	    if(b)
-		{
-		buf=b->data;
-		OPENSSL_free(b);
-		}
-	    strncpy(buf,"NO X509_NAME",len);
-	    buf[len-1]='\0';
-	    return buf;
-	    }
+    if (buf == NULL) {
+        if ((b = BUF_MEM_new()) == NULL)
+            goto err;
+        if (!BUF_MEM_grow(b, 200))
+            goto err;
+        b->data[0] = '\0';
+        len = 200;
+    }
+    if (a == NULL) {
+        if (b) {
+            buf = b->data;
+            OPENSSL_free(b);
+        }
+        strncpy(buf, "NO X509_NAME", len);
+        buf[len - 1] = '\0';
+        return buf;
+    }
 
-	len--; /* space for '\0' */
-	l=0;
-	for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++)
-		{
-		ne=sk_X509_NAME_ENTRY_value(a->entries,i);
-		n=OBJ_obj2nid(ne->object);
-		if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL))
-			{
-			i2t_ASN1_OBJECT(tmp_buf,sizeof(tmp_buf),ne->object);
-			s=tmp_buf;
-			}
-		l1=strlen(s);
+    len--;                      /* space for '\0' */
+    l = 0;
+    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
+        ne = sk_X509_NAME_ENTRY_value(a->entries, i);
+        n = OBJ_obj2nid(ne->object);
+        if ((n == NID_undef) || ((s = OBJ_nid2sn(n)) == NULL)) {
+            i2t_ASN1_OBJECT(tmp_buf, sizeof(tmp_buf), ne->object);
+            s = tmp_buf;
+        }
+        l1 = strlen(s);
 
-		type=ne->value->type;
-		num=ne->value->length;
-		q=ne->value->data;
+        type = ne->value->type;
+        num = ne->value->length;
+        q = ne->value->data;
 #ifdef CHARSET_EBCDIC
-                if (type == V_ASN1_GENERALSTRING ||
-		    type == V_ASN1_VISIBLESTRING ||
-		    type == V_ASN1_PRINTABLESTRING ||
-		    type == V_ASN1_TELETEXSTRING ||
-		    type == V_ASN1_VISIBLESTRING ||
-		    type == V_ASN1_IA5STRING) {
-                        ascii2ebcdic(ebcdic_buf, q,
-				     (num > sizeof ebcdic_buf)
-				     ? sizeof ebcdic_buf : num);
-                        q=ebcdic_buf;
-		}
+        if (type == V_ASN1_GENERALSTRING ||
+            type == V_ASN1_VISIBLESTRING ||
+            type == V_ASN1_PRINTABLESTRING ||
+            type == V_ASN1_TELETEXSTRING ||
+            type == V_ASN1_VISIBLESTRING || type == V_ASN1_IA5STRING) {
+            ascii2ebcdic(ebcdic_buf, q, (num > sizeof ebcdic_buf)
+                         ? sizeof ebcdic_buf : num);
+            q = ebcdic_buf;
+        }
 #endif
 
-		if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0))
-			{
-			gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=0;
-			for (j=0; j<num; j++)
-				if (q[j] != 0) gs_doit[j&3]=1;
+        if ((type == V_ASN1_GENERALSTRING) && ((num % 4) == 0)) {
+            gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 0;
+            for (j = 0; j < num; j++)
+                if (q[j] != 0)
+                    gs_doit[j & 3] = 1;
 
-			if (gs_doit[0]|gs_doit[1]|gs_doit[2])
-				gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
-			else
-				{
-				gs_doit[0]=gs_doit[1]=gs_doit[2]=0;
-				gs_doit[3]=1;
-				}
-			}
-		else
-			gs_doit[0]=gs_doit[1]=gs_doit[2]=gs_doit[3]=1;
+            if (gs_doit[0] | gs_doit[1] | gs_doit[2])
+                gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
+            else {
+                gs_doit[0] = gs_doit[1] = gs_doit[2] = 0;
+                gs_doit[3] = 1;
+            }
+        } else
+            gs_doit[0] = gs_doit[1] = gs_doit[2] = gs_doit[3] = 1;
 
-		for (l2=j=0; j<num; j++)
-			{
-			if (!gs_doit[j&3]) continue;
-			l2++;
+        for (l2 = j = 0; j < num; j++) {
+            if (!gs_doit[j & 3])
+                continue;
+            l2++;
 #ifndef CHARSET_EBCDIC
-			if ((q[j] < ' ') || (q[j] > '~')) l2+=3;
+            if ((q[j] < ' ') || (q[j] > '~'))
+                l2 += 3;
 #else
-			if ((os_toascii[q[j]] < os_toascii[' ']) ||
-			    (os_toascii[q[j]] > os_toascii['~'])) l2+=3;
+            if ((os_toascii[q[j]] < os_toascii[' ']) ||
+                (os_toascii[q[j]] > os_toascii['~']))
+                l2 += 3;
 #endif
-			}
+        }
 
-		lold=l;
-		l+=1+l1+1+l2;
-		if (b != NULL)
-			{
-			if (!BUF_MEM_grow(b,l+1)) goto err;
-			p= &(b->data[lold]);
-			}
-		else if (l > len)
-			{
-			break;
-			}
-		else
-			p= &(buf[lold]);
-		*(p++)='/';
-		memcpy(p,s,(unsigned int)l1); p+=l1;
-		*(p++)='=';
+        lold = l;
+        l += 1 + l1 + 1 + l2;
+        if (b != NULL) {
+            if (!BUF_MEM_grow(b, l + 1))
+                goto err;
+            p = &(b->data[lold]);
+        } else if (l > len) {
+            break;
+        } else
+            p = &(buf[lold]);
+        *(p++) = '/';
+        memcpy(p, s, (unsigned int)l1);
+        p += l1;
+        *(p++) = '=';
 
-#ifndef CHARSET_EBCDIC /* q was assigned above already. */
-		q=ne->value->data;
+#ifndef CHARSET_EBCDIC          /* q was assigned above already. */
+        q = ne->value->data;
 #endif
 
-		for (j=0; j<num; j++)
-			{
-			if (!gs_doit[j&3]) continue;
+        for (j = 0; j < num; j++) {
+            if (!gs_doit[j & 3])
+                continue;
 #ifndef CHARSET_EBCDIC
-			n=q[j];
-			if ((n < ' ') || (n > '~'))
-				{
-				*(p++)='\\';
-				*(p++)='x';
-				*(p++)=hex[(n>>4)&0x0f];
-				*(p++)=hex[n&0x0f];
-				}
-			else
-				*(p++)=n;
+            n = q[j];
+            if ((n < ' ') || (n > '~')) {
+                *(p++) = '\\';
+                *(p++) = 'x';
+                *(p++) = hex[(n >> 4) & 0x0f];
+                *(p++) = hex[n & 0x0f];
+            } else
+                *(p++) = n;
 #else
-			n=os_toascii[q[j]];
-			if ((n < os_toascii[' ']) ||
-			    (n > os_toascii['~']))
-				{
-				*(p++)='\\';
-				*(p++)='x';
-				*(p++)=hex[(n>>4)&0x0f];
-				*(p++)=hex[n&0x0f];
-				}
-			else
-				*(p++)=q[j];
+            n = os_toascii[q[j]];
+            if ((n < os_toascii[' ']) || (n > os_toascii['~'])) {
+                *(p++) = '\\';
+                *(p++) = 'x';
+                *(p++) = hex[(n >> 4) & 0x0f];
+                *(p++) = hex[n & 0x0f];
+            } else
+                *(p++) = q[j];
 #endif
-			}
-		*p='\0';
-		}
-	if (b != NULL)
-		{
-		p=b->data;
-		OPENSSL_free(b);
-		}
-	else
-		p=buf;
-	if (i == 0)
-		*p = '\0';
-	return(p);
-err:
-	X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
-	if (b != NULL) BUF_MEM_free(b);
-	return(NULL);
-	}
-
+        }
+        *p = '\0';
+    }
+    if (b != NULL) {
+        p = b->data;
+        OPENSSL_free(b);
+    } else
+        p = buf;
+    if (i == 0)
+        *p = '\0';
+    return (p);
+ err:
+    X509err(X509_F_X509_NAME_ONELINE, ERR_R_MALLOC_FAILURE);
+    if (b != NULL)
+        BUF_MEM_free(b);
+    return (NULL);
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c b/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c
index 254a1469..0ff439c9 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_r2x.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -66,49 +66,48 @@
 #include <openssl/buffer.h>
 
 X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey)
-	{
-	X509 *ret=NULL;
-	X509_CINF *xi=NULL;
-	X509_NAME *xn;
-
-	if ((ret=X509_new()) == NULL)
-		{
-		X509err(X509_F_X509_REQ_TO_X509,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
+{
+    X509 *ret = NULL;
+    X509_CINF *xi = NULL;
+    X509_NAME *xn;
 
-	/* duplicate the request */
-	xi=ret->cert_info;
+    if ((ret = X509_new()) == NULL) {
+        X509err(X509_F_X509_REQ_TO_X509, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
-	if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0)
-		{
-		if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err;
-		if (!ASN1_INTEGER_set(xi->version,2)) goto err;
-/*		xi->extensions=ri->attributes; <- bad, should not ever be done
-		ri->attributes=NULL; */
-		}
+    /* duplicate the request */
+    xi = ret->cert_info;
 
-	xn=X509_REQ_get_subject_name(r);
-	if (X509_set_subject_name(ret,X509_NAME_dup(xn)) == 0)
-		goto err;
-	if (X509_set_issuer_name(ret,X509_NAME_dup(xn)) == 0)
-		goto err;
+    if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) {
+        if ((xi->version = M_ASN1_INTEGER_new()) == NULL)
+            goto err;
+        if (!ASN1_INTEGER_set(xi->version, 2))
+            goto err;
+/*-     xi->extensions=ri->attributes; <- bad, should not ever be done
+        ri->attributes=NULL; */
+    }
 
-	if (X509_gmtime_adj(xi->validity->notBefore,0) == NULL)
-		goto err;
-	if (X509_gmtime_adj(xi->validity->notAfter,(long)60*60*24*days) == NULL)
-		goto err;
+    xn = X509_REQ_get_subject_name(r);
+    if (X509_set_subject_name(ret, X509_NAME_dup(xn)) == 0)
+        goto err;
+    if (X509_set_issuer_name(ret, X509_NAME_dup(xn)) == 0)
+        goto err;
 
-	X509_set_pubkey(ret,X509_REQ_get_pubkey(r));
+    if (X509_gmtime_adj(xi->validity->notBefore, 0) == NULL)
+        goto err;
+    if (X509_gmtime_adj(xi->validity->notAfter, (long)60 * 60 * 24 * days) ==
+        NULL)
+        goto err;
 
-	if (!X509_sign(ret,pkey,EVP_md5()))
-		goto err;
-	if (0)
-		{
-err:
-		X509_free(ret);
-		ret=NULL;
-		}
-	return(ret);
-	}
+    X509_set_pubkey(ret, X509_REQ_get_pubkey(r));
 
+    if (!X509_sign(ret, pkey, EVP_md5()))
+        goto err;
+    if (0) {
+ err:
+        X509_free(ret);
+        ret = NULL;
+    }
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_req.c b/Cryptlib/OpenSSL/crypto/x509/x509_req.c
index 3872e1fb..31e59c49 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_req.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_req.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -67,258 +67,275 @@
 #include <openssl/pem.h>
 
 X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
-	{
-	X509_REQ *ret;
-	X509_REQ_INFO *ri;
-	int i;
-	EVP_PKEY *pktmp;
-
-	ret=X509_REQ_new();
-	if (ret == NULL)
-		{
-		X509err(X509_F_X509_TO_X509_REQ,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	ri=ret->req_info;
-
-	ri->version->length=1;
-	ri->version->data=(unsigned char *)OPENSSL_malloc(1);
-	if (ri->version->data == NULL) goto err;
-	ri->version->data[0]=0; /* version == 0 */
-
-	if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x)))
-		goto err;
-
-	pktmp = X509_get_pubkey(x);
-	i=X509_REQ_set_pubkey(ret,pktmp);
-	EVP_PKEY_free(pktmp);
-	if (!i) goto err;
-
-	if (pkey != NULL)
-		{
-		if (!X509_REQ_sign(ret,pkey,md))
-			goto err;
-		}
-	return(ret);
-err:
-	X509_REQ_free(ret);
-	return(NULL);
-	}
+{
+    X509_REQ *ret;
+    X509_REQ_INFO *ri;
+    int i;
+    EVP_PKEY *pktmp;
+
+    ret = X509_REQ_new();
+    if (ret == NULL) {
+        X509err(X509_F_X509_TO_X509_REQ, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    ri = ret->req_info;
+
+    ri->version->length = 1;
+    ri->version->data = (unsigned char *)OPENSSL_malloc(1);
+    if (ri->version->data == NULL)
+        goto err;
+    ri->version->data[0] = 0;   /* version == 0 */
+
+    if (!X509_REQ_set_subject_name(ret, X509_get_subject_name(x)))
+        goto err;
+
+    pktmp = X509_get_pubkey(x);
+    if (pktmp == NULL)
+        goto err;
+    i = X509_REQ_set_pubkey(ret, pktmp);
+    EVP_PKEY_free(pktmp);
+    if (!i)
+        goto err;
+
+    if (pkey != NULL) {
+        if (!X509_REQ_sign(ret, pkey, md))
+            goto err;
+    }
+    return (ret);
+ err:
+    X509_REQ_free(ret);
+    return (NULL);
+}
 
 EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req)
-	{
-	if ((req == NULL) || (req->req_info == NULL))
-		return(NULL);
-	return(X509_PUBKEY_get(req->req_info->pubkey));
-	}
+{
+    if ((req == NULL) || (req->req_info == NULL))
+        return (NULL);
+    return (X509_PUBKEY_get(req->req_info->pubkey));
+}
 
 int X509_REQ_check_private_key(X509_REQ *x, EVP_PKEY *k)
-	{
-	EVP_PKEY *xk=NULL;
-	int ok=0;
-
-	xk=X509_REQ_get_pubkey(x);
-	switch (EVP_PKEY_cmp(xk, k))
-		{
-	case 1:
-		ok=1;
-		break;
-	case 0:
-		X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH);
-		break;
-	case -1:
-		X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH);
-		break;
-	case -2:
+{
+    EVP_PKEY *xk = NULL;
+    int ok = 0;
+
+    xk = X509_REQ_get_pubkey(x);
+    switch (EVP_PKEY_cmp(xk, k)) {
+    case 1:
+        ok = 1;
+        break;
+    case 0:
+        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
+                X509_R_KEY_VALUES_MISMATCH);
+        break;
+    case -1:
+        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_KEY_TYPE_MISMATCH);
+        break;
+    case -2:
 #ifndef OPENSSL_NO_EC
-		if (k->type == EVP_PKEY_EC)
-			{
-			X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
-			break;
-			}
+        if (k->type == EVP_PKEY_EC) {
+            X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, ERR_R_EC_LIB);
+            break;
+        }
 #endif
 #ifndef OPENSSL_NO_DH
-		if (k->type == EVP_PKEY_DH)
-			{
-			/* No idea */
-			X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY);
-			break;
-			}
+        if (k->type == EVP_PKEY_DH) {
+            /* No idea */
+            X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,
+                    X509_R_CANT_CHECK_DH_KEY);
+            break;
+        }
 #endif
-	        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE);
-		}
+        X509err(X509_F_X509_REQ_CHECK_PRIVATE_KEY, X509_R_UNKNOWN_KEY_TYPE);
+    }
 
-	EVP_PKEY_free(xk);
-	return(ok);
-	}
+    EVP_PKEY_free(xk);
+    return (ok);
+}
 
-/* It seems several organisations had the same idea of including a list of
+/*
+ * It seems several organisations had the same idea of including a list of
  * extensions in a certificate request. There are at least two OIDs that are
  * used and there may be more: so the list is configurable.
  */
 
-static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef};
+static int ext_nid_list[] = { NID_ext_req, NID_ms_ext_req, NID_undef };
 
 static int *ext_nids = ext_nid_list;
 
 int X509_REQ_extension_nid(int req_nid)
 {
-	int i, nid;
-	for(i = 0; ; i++) {
-		nid = ext_nids[i];
-		if(nid == NID_undef) return 0;
-		else if (req_nid == nid) return 1;
-	}
+    int i, nid;
+    for (i = 0;; i++) {
+        nid = ext_nids[i];
+        if (nid == NID_undef)
+            return 0;
+        else if (req_nid == nid)
+            return 1;
+    }
 }
 
 int *X509_REQ_get_extension_nids(void)
 {
-	return ext_nids;
+    return ext_nids;
 }
-	
+
 void X509_REQ_set_extension_nids(int *nids)
 {
-	ext_nids = nids;
+    ext_nids = nids;
 }
 
 STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req)
-	{
-	X509_ATTRIBUTE *attr;
-	ASN1_TYPE *ext = NULL;
-	int idx, *pnid;
-	const unsigned char *p;
-
-	if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
-		return(NULL);
-	for (pnid = ext_nids; *pnid != NID_undef; pnid++)
-		{
-		idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
-		if (idx == -1)
-			continue;
-		attr = X509_REQ_get_attr(req, idx);
-		if(attr->single) ext = attr->value.single;
-		else if(sk_ASN1_TYPE_num(attr->value.set))
-			ext = sk_ASN1_TYPE_value(attr->value.set, 0);
-		break;
-		}
-	if(!ext || (ext->type != V_ASN1_SEQUENCE))
-		return NULL;
-	p = ext->value.sequence->data;
-	return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
-			ext->value.sequence->length,
-			d2i_X509_EXTENSION, X509_EXTENSION_free,
-			V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+{
+    X509_ATTRIBUTE *attr;
+    ASN1_TYPE *ext = NULL;
+    int idx, *pnid;
+    const unsigned char *p;
+
+    if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
+        return (NULL);
+    for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
+        idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
+        if (idx == -1)
+            continue;
+        attr = X509_REQ_get_attr(req, idx);
+        if (attr->single)
+            ext = attr->value.single;
+        else if (sk_ASN1_TYPE_num(attr->value.set))
+            ext = sk_ASN1_TYPE_value(attr->value.set, 0);
+        break;
+    }
+    if (!ext || (ext->type != V_ASN1_SEQUENCE))
+        return NULL;
+    p = ext->value.sequence->data;
+    return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p,
+                                          ext->value.sequence->length,
+                                          d2i_X509_EXTENSION,
+                                          X509_EXTENSION_free,
+                                          V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
 }
 
-/* Add a STACK_OF extensions to a certificate request: allow alternative OIDs
+/*
+ * Add a STACK_OF extensions to a certificate request: allow alternative OIDs
  * in case we want to create a non standard one.
  */
 
 int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts,
-				int nid)
+                                int nid)
 {
-	unsigned char *p = NULL, *q;
-	long len;
-	ASN1_TYPE *at = NULL;
-	X509_ATTRIBUTE *attr = NULL;
-	if(!(at = ASN1_TYPE_new()) ||
-		!(at->value.sequence = ASN1_STRING_new())) goto err;
-
-	at->type = V_ASN1_SEQUENCE;
-	/* Generate encoding of extensions */
-	len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
-			V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
-	if(!(p = OPENSSL_malloc(len))) goto err;
-	q = p;
-	i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
-			V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE);
-	at->value.sequence->data = p;
-	p = NULL;
-	at->value.sequence->length = len;
-	if(!(attr = X509_ATTRIBUTE_new())) goto err;
-	if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err;
-	if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err;
-	at = NULL;
-	attr->single = 0;
-	attr->object = OBJ_nid2obj(nid);
-	if (!req->req_info->attributes)
-		{
-		if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
-			goto err;
-		}
-	if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err;
-	return 1;
-	err:
-	if(p) OPENSSL_free(p);
-	X509_ATTRIBUTE_free(attr);
-	ASN1_TYPE_free(at);
-	return 0;
+    unsigned char *p = NULL, *q;
+    long len;
+    ASN1_TYPE *at = NULL;
+    X509_ATTRIBUTE *attr = NULL;
+    if (!(at = ASN1_TYPE_new()) || !(at->value.sequence = ASN1_STRING_new()))
+        goto err;
+
+    at->type = V_ASN1_SEQUENCE;
+    /* Generate encoding of extensions */
+    len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION,
+                                         V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
+                                         IS_SEQUENCE);
+    if (!(p = OPENSSL_malloc(len)))
+        goto err;
+    q = p;
+    i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION,
+                                   V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
+                                   IS_SEQUENCE);
+    at->value.sequence->data = p;
+    p = NULL;
+    at->value.sequence->length = len;
+    if (!(attr = X509_ATTRIBUTE_new()))
+        goto err;
+    if (!(attr->value.set = sk_ASN1_TYPE_new_null()))
+        goto err;
+    if (!sk_ASN1_TYPE_push(attr->value.set, at))
+        goto err;
+    at = NULL;
+    attr->single = 0;
+    attr->object = OBJ_nid2obj(nid);
+    if (!req->req_info->attributes) {
+        if (!(req->req_info->attributes = sk_X509_ATTRIBUTE_new_null()))
+            goto err;
+    }
+    if (!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr))
+        goto err;
+    return 1;
+ err:
+    if (p)
+        OPENSSL_free(p);
+    X509_ATTRIBUTE_free(attr);
+    ASN1_TYPE_free(at);
+    return 0;
 }
+
 /* This is the normal usage: use the "official" OID */
 int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts)
 {
-	return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
+    return X509_REQ_add_extensions_nid(req, exts, NID_ext_req);
 }
 
 /* Request attribute functions */
 
 int X509_REQ_get_attr_count(const X509_REQ *req)
 {
-	return X509at_get_attr_count(req->req_info->attributes);
+    return X509at_get_attr_count(req->req_info->attributes);
 }
 
-int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid,
-			  int lastpos)
+int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, int lastpos)
 {
-	return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
+    return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos);
 }
 
 int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj,
-			  int lastpos)
+                             int lastpos)
 {
-	return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
+    return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos);
 }
 
 X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc)
 {
-	return X509at_get_attr(req->req_info->attributes, loc);
+    return X509at_get_attr(req->req_info->attributes, loc);
 }
 
 X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc)
 {
-	return X509at_delete_attr(req->req_info->attributes, loc);
+    return X509at_delete_attr(req->req_info->attributes, loc);
 }
 
 int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr)
 {
-	if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1;
-	return 0;
+    if (X509at_add1_attr(&req->req_info->attributes, attr))
+        return 1;
+    return 0;
 }
 
 int X509_REQ_add1_attr_by_OBJ(X509_REQ *req,
-			const ASN1_OBJECT *obj, int type,
-			const unsigned char *bytes, int len)
+                              const ASN1_OBJECT *obj, int type,
+                              const unsigned char *bytes, int len)
 {
-	if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
-				type, bytes, len)) return 1;
-	return 0;
+    if (X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj,
+                                type, bytes, len))
+        return 1;
+    return 0;
 }
 
 int X509_REQ_add1_attr_by_NID(X509_REQ *req,
-			int nid, int type,
-			const unsigned char *bytes, int len)
+                              int nid, int type,
+                              const unsigned char *bytes, int len)
 {
-	if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
-				type, bytes, len)) return 1;
-	return 0;
+    if (X509at_add1_attr_by_NID(&req->req_info->attributes, nid,
+                                type, bytes, len))
+        return 1;
+    return 0;
 }
 
 int X509_REQ_add1_attr_by_txt(X509_REQ *req,
-			const char *attrname, int type,
-			const unsigned char *bytes, int len)
+                              const char *attrname, int type,
+                              const unsigned char *bytes, int len)
 {
-	if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
-				type, bytes, len)) return 1;
-	return 0;
+    if (X509at_add1_attr_by_txt(&req->req_info->attributes, attrname,
+                                type, bytes, len))
+        return 1;
+    return 0;
 }
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_set.c b/Cryptlib/OpenSSL/crypto/x509/x509_set.c
index aaf61ca0..4eec1da8 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_set.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_set.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,87 +64,84 @@
 #include <openssl/x509.h>
 
 int X509_set_version(X509 *x, long version)
-	{
-	if (x == NULL) return(0);
-	if (x->cert_info->version == NULL)
-		{
-		if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL)
-			return(0);
-		}
-	return(ASN1_INTEGER_set(x->cert_info->version,version));
-	}
+{
+    if (x == NULL)
+        return (0);
+    if (x->cert_info->version == NULL) {
+        if ((x->cert_info->version = M_ASN1_INTEGER_new()) == NULL)
+            return (0);
+    }
+    return (ASN1_INTEGER_set(x->cert_info->version, version));
+}
 
 int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial)
-	{
-	ASN1_INTEGER *in;
+{
+    ASN1_INTEGER *in;
 
-	if (x == NULL) return(0);
-	in=x->cert_info->serialNumber;
-	if (in != serial)
-		{
-		in=M_ASN1_INTEGER_dup(serial);
-		if (in != NULL)
-			{
-			M_ASN1_INTEGER_free(x->cert_info->serialNumber);
-			x->cert_info->serialNumber=in;
-			}
-		}
-	return(in != NULL);
-	}
+    if (x == NULL)
+        return (0);
+    in = x->cert_info->serialNumber;
+    if (in != serial) {
+        in = M_ASN1_INTEGER_dup(serial);
+        if (in != NULL) {
+            M_ASN1_INTEGER_free(x->cert_info->serialNumber);
+            x->cert_info->serialNumber = in;
+        }
+    }
+    return (in != NULL);
+}
 
 int X509_set_issuer_name(X509 *x, X509_NAME *name)
-	{
-	if ((x == NULL) || (x->cert_info == NULL)) return(0);
-	return(X509_NAME_set(&x->cert_info->issuer,name));
-	}
+{
+    if ((x == NULL) || (x->cert_info == NULL))
+        return (0);
+    return (X509_NAME_set(&x->cert_info->issuer, name));
+}
 
 int X509_set_subject_name(X509 *x, X509_NAME *name)
-	{
-	if ((x == NULL) || (x->cert_info == NULL)) return(0);
-	return(X509_NAME_set(&x->cert_info->subject,name));
-	}
+{
+    if ((x == NULL) || (x->cert_info == NULL))
+        return (0);
+    return (X509_NAME_set(&x->cert_info->subject, name));
+}
 
 int X509_set_notBefore(X509 *x, ASN1_TIME *tm)
-	{
-	ASN1_TIME *in;
+{
+    ASN1_TIME *in;
 
-	if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
-	in=x->cert_info->validity->notBefore;
-	if (in != tm)
-		{
-		in=M_ASN1_TIME_dup(tm);
-		if (in != NULL)
-			{
-			M_ASN1_TIME_free(x->cert_info->validity->notBefore);
-			x->cert_info->validity->notBefore=in;
-			}
-		}
-	return(in != NULL);
-	}
+    if ((x == NULL) || (x->cert_info->validity == NULL))
+        return (0);
+    in = x->cert_info->validity->notBefore;
+    if (in != tm) {
+        in = M_ASN1_TIME_dup(tm);
+        if (in != NULL) {
+            M_ASN1_TIME_free(x->cert_info->validity->notBefore);
+            x->cert_info->validity->notBefore = in;
+        }
+    }
+    return (in != NULL);
+}
 
 int X509_set_notAfter(X509 *x, ASN1_TIME *tm)
-	{
-	ASN1_TIME *in;
+{
+    ASN1_TIME *in;
 
-	if ((x == NULL) || (x->cert_info->validity == NULL)) return(0);
-	in=x->cert_info->validity->notAfter;
-	if (in != tm)
-		{
-		in=M_ASN1_TIME_dup(tm);
-		if (in != NULL)
-			{
-			M_ASN1_TIME_free(x->cert_info->validity->notAfter);
-			x->cert_info->validity->notAfter=in;
-			}
-		}
-	return(in != NULL);
-	}
+    if ((x == NULL) || (x->cert_info->validity == NULL))
+        return (0);
+    in = x->cert_info->validity->notAfter;
+    if (in != tm) {
+        in = M_ASN1_TIME_dup(tm);
+        if (in != NULL) {
+            M_ASN1_TIME_free(x->cert_info->validity->notAfter);
+            x->cert_info->validity->notAfter = in;
+        }
+    }
+    return (in != NULL);
+}
 
 int X509_set_pubkey(X509 *x, EVP_PKEY *pkey)
-	{
-	if ((x == NULL) || (x->cert_info == NULL)) return(0);
-	return(X509_PUBKEY_set(&(x->cert_info->key),pkey));
-	}
-
-
-
+{
+    if ((x == NULL) || (x->cert_info == NULL))
+        return (0);
+    return (X509_PUBKEY_set(&(x->cert_info->key), pkey));
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c
index ed187005..11f2532f 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_trs.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_trs.c
@@ -1,6 +1,7 @@
 /* x509_trs.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,9 +61,7 @@
 #include "cryptlib.h"
 #include <openssl/x509v3.h>
 
-
-static int tr_cmp(const X509_TRUST * const *a,
-		const X509_TRUST * const *b);
+static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b);
 static void trtable_free(X509_TRUST *p);
 
 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags);
@@ -70,218 +69,240 @@ static int trust_1oid(X509_TRUST *trust, X509 *x, int flags);
 static int trust_compat(X509_TRUST *trust, X509 *x, int flags);
 
 static int obj_trust(int id, X509 *x, int flags);
-static int (*default_trust)(int id, X509 *x, int flags) = obj_trust;
+static int (*default_trust) (int id, X509 *x, int flags) = obj_trust;
 
-/* WARNING: the following table should be kept in order of trust
- * and without any gaps so we can just subtract the minimum trust
- * value to get an index into the table
+/*
+ * WARNING: the following table should be kept in order of trust and without
+ * any gaps so we can just subtract the minimum trust value to get an index
+ * into the table
  */
 
 static X509_TRUST trstandard[] = {
-{X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
-{X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
-{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
-{X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
-{X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign, NULL},
-{X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL},
-{X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
+    {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
+    {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth,
+     NULL},
+    {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth,
+     NULL},
+    {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect,
+     NULL},
+    {X509_TRUST_OBJECT_SIGN, 0, trust_1oidany, "Object Signer", NID_code_sign,
+     NULL},
+    {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign,
+     NULL},
+    {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL}
 };
 
-#define X509_TRUST_COUNT	(sizeof(trstandard)/sizeof(X509_TRUST))
+#define X509_TRUST_COUNT        (sizeof(trstandard)/sizeof(X509_TRUST))
 
 IMPLEMENT_STACK_OF(X509_TRUST)
 
 static STACK_OF(X509_TRUST) *trtable = NULL;
 
-static int tr_cmp(const X509_TRUST * const *a,
-		const X509_TRUST * const *b)
+static int tr_cmp(const X509_TRUST *const *a, const X509_TRUST *const *b)
 {
-	return (*a)->trust - (*b)->trust;
+    return (*a)->trust - (*b)->trust;
 }
 
-int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int)
-{
-	int (*oldtrust)(int , X509 *, int);
-	oldtrust = default_trust;
-	default_trust = trust;
-	return oldtrust;
+int (*X509_TRUST_set_default(int (*trust) (int, X509 *, int))) (int, X509 *,
+                                                                int) {
+    int (*oldtrust) (int, X509 *, int);
+    oldtrust = default_trust;
+    default_trust = trust;
+    return oldtrust;
 }
 
-
 int X509_check_trust(X509 *x, int id, int flags)
 {
-	X509_TRUST *pt;
-	int idx;
-	if(id == -1) return 1;
-	idx = X509_TRUST_get_by_id(id);
-	if(idx == -1) return default_trust(id, x, flags);
-	pt = X509_TRUST_get0(idx);
-	return pt->check_trust(pt, x, flags);
+    X509_TRUST *pt;
+    int idx;
+    if (id == -1)
+        return 1;
+    idx = X509_TRUST_get_by_id(id);
+    if (idx == -1)
+        return default_trust(id, x, flags);
+    pt = X509_TRUST_get0(idx);
+    return pt->check_trust(pt, x, flags);
 }
 
 int X509_TRUST_get_count(void)
 {
-	if(!trtable) return X509_TRUST_COUNT;
-	return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
+    if (!trtable)
+        return X509_TRUST_COUNT;
+    return sk_X509_TRUST_num(trtable) + X509_TRUST_COUNT;
 }
 
-X509_TRUST * X509_TRUST_get0(int idx)
+X509_TRUST *X509_TRUST_get0(int idx)
 {
-	if(idx < 0) return NULL;
-	if(idx < (int)X509_TRUST_COUNT) return trstandard + idx;
-	return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
+    if (idx < 0)
+        return NULL;
+    if (idx < (int)X509_TRUST_COUNT)
+        return trstandard + idx;
+    return sk_X509_TRUST_value(trtable, idx - X509_TRUST_COUNT);
 }
 
 int X509_TRUST_get_by_id(int id)
 {
-	X509_TRUST tmp;
-	int idx;
-	if((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
-				 return id - X509_TRUST_MIN;
-	tmp.trust = id;
-	if(!trtable) return -1;
-	idx = sk_X509_TRUST_find(trtable, &tmp);
-	if(idx == -1) return -1;
-	return idx + X509_TRUST_COUNT;
+    X509_TRUST tmp;
+    int idx;
+    if ((id >= X509_TRUST_MIN) && (id <= X509_TRUST_MAX))
+        return id - X509_TRUST_MIN;
+    tmp.trust = id;
+    if (!trtable)
+        return -1;
+    idx = sk_X509_TRUST_find(trtable, &tmp);
+    if (idx == -1)
+        return -1;
+    return idx + X509_TRUST_COUNT;
 }
 
 int X509_TRUST_set(int *t, int trust)
 {
-	if(X509_TRUST_get_by_id(trust) == -1) {
-		X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
-		return 0;
-	}
-	*t = trust;
-	return 1;
+    if (X509_TRUST_get_by_id(trust) == -1) {
+        X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST);
+        return 0;
+    }
+    *t = trust;
+    return 1;
 }
 
-int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int),
-					char *name, int arg1, void *arg2)
+int X509_TRUST_add(int id, int flags, int (*ck) (X509_TRUST *, X509 *, int),
+                   char *name, int arg1, void *arg2)
 {
-	int idx;
-	X509_TRUST *trtmp;
-	/* This is set according to what we change: application can't set it */
-	flags &= ~X509_TRUST_DYNAMIC;
-	/* This will always be set for application modified trust entries */
-	flags |= X509_TRUST_DYNAMIC_NAME;
-	/* Get existing entry if any */
-	idx = X509_TRUST_get_by_id(id);
-	/* Need a new entry */
-	if(idx == -1) {
-		if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
-			X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		trtmp->flags = X509_TRUST_DYNAMIC;
-	} else trtmp = X509_TRUST_get0(idx);
-
-	/* OPENSSL_free existing name if dynamic */
-	if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name);
-	/* dup supplied name */
-	if(!(trtmp->name = BUF_strdup(name))) {
-		X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	/* Keep the dynamic flag of existing entry */
-	trtmp->flags &= X509_TRUST_DYNAMIC;
-	/* Set all other flags */
-	trtmp->flags |= flags;
-
-	trtmp->trust = id;
-	trtmp->check_trust = ck;
-	trtmp->arg1 = arg1;
-	trtmp->arg2 = arg2;
-
-	/* If its a new entry manage the dynamic table */
-	if(idx == -1) {
-		if(!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
-			X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		if (!sk_X509_TRUST_push(trtable, trtmp)) {
-			X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-	}
-	return 1;
+    int idx;
+    X509_TRUST *trtmp;
+    /*
+     * This is set according to what we change: application can't set it
+     */
+    flags &= ~X509_TRUST_DYNAMIC;
+    /* This will always be set for application modified trust entries */
+    flags |= X509_TRUST_DYNAMIC_NAME;
+    /* Get existing entry if any */
+    idx = X509_TRUST_get_by_id(id);
+    /* Need a new entry */
+    if (idx == -1) {
+        if (!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) {
+            X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        trtmp->flags = X509_TRUST_DYNAMIC;
+    } else
+        trtmp = X509_TRUST_get0(idx);
+
+    /* OPENSSL_free existing name if dynamic */
+    if (trtmp->flags & X509_TRUST_DYNAMIC_NAME)
+        OPENSSL_free(trtmp->name);
+    /* dup supplied name */
+    if (!(trtmp->name = BUF_strdup(name))) {
+        X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /* Keep the dynamic flag of existing entry */
+    trtmp->flags &= X509_TRUST_DYNAMIC;
+    /* Set all other flags */
+    trtmp->flags |= flags;
+
+    trtmp->trust = id;
+    trtmp->check_trust = ck;
+    trtmp->arg1 = arg1;
+    trtmp->arg2 = arg2;
+
+    /* If its a new entry manage the dynamic table */
+    if (idx == -1) {
+        if (!trtable && !(trtable = sk_X509_TRUST_new(tr_cmp))) {
+            X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!sk_X509_TRUST_push(trtable, trtmp)) {
+            X509err(X509_F_X509_TRUST_ADD, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    return 1;
 }
 
 static void trtable_free(X509_TRUST *p)
-	{
-	if(!p) return;
-	if (p->flags & X509_TRUST_DYNAMIC) 
-		{
-		if (p->flags & X509_TRUST_DYNAMIC_NAME)
-			OPENSSL_free(p->name);
-		OPENSSL_free(p);
-		}
-	}
+{
+    if (!p)
+        return;
+    if (p->flags & X509_TRUST_DYNAMIC) {
+        if (p->flags & X509_TRUST_DYNAMIC_NAME)
+            OPENSSL_free(p->name);
+        OPENSSL_free(p);
+    }
+}
 
 void X509_TRUST_cleanup(void)
 {
-	unsigned int i;
-	for(i = 0; i < X509_TRUST_COUNT; i++) trtable_free(trstandard + i);
-	sk_X509_TRUST_pop_free(trtable, trtable_free);
-	trtable = NULL;
+    unsigned int i;
+    for (i = 0; i < X509_TRUST_COUNT; i++)
+        trtable_free(trstandard + i);
+    sk_X509_TRUST_pop_free(trtable, trtable_free);
+    trtable = NULL;
 }
 
 int X509_TRUST_get_flags(X509_TRUST *xp)
 {
-	return xp->flags;
+    return xp->flags;
 }
 
 char *X509_TRUST_get0_name(X509_TRUST *xp)
 {
-	return xp->name;
+    return xp->name;
 }
 
 int X509_TRUST_get_trust(X509_TRUST *xp)
 {
-	return xp->trust;
+    return xp->trust;
 }
 
 static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
 {
-	if(x->aux && (x->aux->trust || x->aux->reject))
-		return obj_trust(trust->arg1, x, flags);
-	/* we don't have any trust settings: for compatibility
-	 * we return trusted if it is self signed
-	 */
-	return trust_compat(trust, x, flags);
+    if (x->aux && (x->aux->trust || x->aux->reject))
+        return obj_trust(trust->arg1, x, flags);
+    /*
+     * we don't have any trust settings: for compatibility we return trusted
+     * if it is self signed
+     */
+    return trust_compat(trust, x, flags);
 }
 
 static int trust_1oid(X509_TRUST *trust, X509 *x, int flags)
 {
-	if(x->aux) return obj_trust(trust->arg1, x, flags);
-	return X509_TRUST_UNTRUSTED;
+    if (x->aux)
+        return obj_trust(trust->arg1, x, flags);
+    return X509_TRUST_UNTRUSTED;
 }
 
 static int trust_compat(X509_TRUST *trust, X509 *x, int flags)
 {
-	X509_check_purpose(x, -1, 0);
-	if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED;
-	else return X509_TRUST_UNTRUSTED;
+    X509_check_purpose(x, -1, 0);
+    if (x->ex_flags & EXFLAG_SS)
+        return X509_TRUST_TRUSTED;
+    else
+        return X509_TRUST_UNTRUSTED;
 }
 
 static int obj_trust(int id, X509 *x, int flags)
 {
-	ASN1_OBJECT *obj;
-	int i;
-	X509_CERT_AUX *ax;
-	ax = x->aux;
-	if(!ax) return X509_TRUST_UNTRUSTED;
-	if(ax->reject) {
-		for(i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
-			obj = sk_ASN1_OBJECT_value(ax->reject, i);
-			if(OBJ_obj2nid(obj) == id) return X509_TRUST_REJECTED;
-		}
-	}	
-	if(ax->trust) {
-		for(i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
-			obj = sk_ASN1_OBJECT_value(ax->trust, i);
-			if(OBJ_obj2nid(obj) == id) return X509_TRUST_TRUSTED;
-		}
-	}
-	return X509_TRUST_UNTRUSTED;
+    ASN1_OBJECT *obj;
+    int i;
+    X509_CERT_AUX *ax;
+    ax = x->aux;
+    if (!ax)
+        return X509_TRUST_UNTRUSTED;
+    if (ax->reject) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(ax->reject); i++) {
+            obj = sk_ASN1_OBJECT_value(ax->reject, i);
+            if (OBJ_obj2nid(obj) == id)
+                return X509_TRUST_REJECTED;
+        }
+    }
+    if (ax->trust) {
+        for (i = 0; i < sk_ASN1_OBJECT_num(ax->trust); i++) {
+            obj = sk_ASN1_OBJECT_value(ax->trust, i);
+            if (OBJ_obj2nid(obj) == id)
+                return X509_TRUST_TRUSTED;
+        }
+    }
+    return X509_TRUST_UNTRUSTED;
 }
-
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c
index 73a8ec72..1cadbf98 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_txt.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_txt.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -69,105 +69,103 @@
 #include <openssl/objects.h>
 
 const char *X509_verify_cert_error_string(long n)
-	{
-	static char buf[100];
-
-	switch ((int)n)
-		{
-	case X509_V_OK:
-		return("ok");
-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-		return("unable to get issuer certificate");
-	case X509_V_ERR_UNABLE_TO_GET_CRL:
-		return("unable to get certificate CRL");
-	case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
-		return("unable to decrypt certificate's signature");
-	case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-		return("unable to decrypt CRL's signature");
-	case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
-		return("unable to decode issuer public key");
-	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-		return("certificate signature failure");
-	case X509_V_ERR_CRL_SIGNATURE_FAILURE:
-		return("CRL signature failure");
-	case X509_V_ERR_CERT_NOT_YET_VALID:
-		return("certificate is not yet valid");
-	case X509_V_ERR_CRL_NOT_YET_VALID:
-		return("CRL is not yet valid");
-	case X509_V_ERR_CERT_HAS_EXPIRED:
-		return("certificate has expired");
-	case X509_V_ERR_CRL_HAS_EXPIRED:
-		return("CRL has expired");
-	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-		return("format error in certificate's notBefore field");
-	case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-		return("format error in certificate's notAfter field");
-	case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
-		return("format error in CRL's lastUpdate field");
-	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
-		return("format error in CRL's nextUpdate field");
-	case X509_V_ERR_OUT_OF_MEM:
-		return("out of memory");
-	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-		return("self signed certificate");
-	case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-		return("self signed certificate in certificate chain");
-	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-		return("unable to get local issuer certificate");
-	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-		return("unable to verify the first certificate");
-	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
-		return("certificate chain too long");
-	case X509_V_ERR_CERT_REVOKED:
-		return("certificate revoked");
-	case X509_V_ERR_INVALID_CA:
-		return ("invalid CA certificate");
-	case X509_V_ERR_INVALID_NON_CA:
-		return ("invalid non-CA certificate (has CA markings)");
-	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-		return ("path length constraint exceeded");
-	case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
-		return("proxy path length constraint exceeded");
-	case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
-		return("proxy certificates not allowed, please set the appropriate flag");
-	case X509_V_ERR_INVALID_PURPOSE:
-		return ("unsupported certificate purpose");
-	case X509_V_ERR_CERT_UNTRUSTED:
-		return ("certificate not trusted");
-	case X509_V_ERR_CERT_REJECTED:
-		return ("certificate rejected");
-	case X509_V_ERR_APPLICATION_VERIFICATION:
-		return("application verification failure");
-	case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
-		return("subject issuer mismatch");
-	case X509_V_ERR_AKID_SKID_MISMATCH:
-		return("authority and subject key identifier mismatch");
-	case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
-		return("authority and issuer serial number mismatch");
-	case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
-		return("key usage does not include certificate signing");
-	case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
-		return("unable to get CRL issuer certificate");
-	case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
-		return("unhandled critical extension");
-	case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
-		return("key usage does not include CRL signing");
-	case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
-		return("key usage does not include digital signature");
-	case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
-		return("unhandled critical CRL extension");
-	case X509_V_ERR_INVALID_EXTENSION:
-		return("invalid or inconsistent certificate extension");
-	case X509_V_ERR_INVALID_POLICY_EXTENSION:
-		return("invalid or inconsistent certificate policy extension");
-	case X509_V_ERR_NO_EXPLICIT_POLICY:
-		return("no explicit policy");
-	case X509_V_ERR_UNNESTED_RESOURCE:
-		return("RFC 3779 resource not subset of parent's resources");
-	default:
-		BIO_snprintf(buf,sizeof buf,"error number %ld",n);
-		return(buf);
-		}
-	}
-
+{
+    static char buf[100];
 
+    switch ((int)n) {
+    case X509_V_OK:
+        return ("ok");
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
+        return ("unable to get issuer certificate");
+    case X509_V_ERR_UNABLE_TO_GET_CRL:
+        return ("unable to get certificate CRL");
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
+        return ("unable to decrypt certificate's signature");
+    case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
+        return ("unable to decrypt CRL's signature");
+    case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
+        return ("unable to decode issuer public key");
+    case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+        return ("certificate signature failure");
+    case X509_V_ERR_CRL_SIGNATURE_FAILURE:
+        return ("CRL signature failure");
+    case X509_V_ERR_CERT_NOT_YET_VALID:
+        return ("certificate is not yet valid");
+    case X509_V_ERR_CRL_NOT_YET_VALID:
+        return ("CRL is not yet valid");
+    case X509_V_ERR_CERT_HAS_EXPIRED:
+        return ("certificate has expired");
+    case X509_V_ERR_CRL_HAS_EXPIRED:
+        return ("CRL has expired");
+    case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+        return ("format error in certificate's notBefore field");
+    case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
+        return ("format error in certificate's notAfter field");
+    case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
+        return ("format error in CRL's lastUpdate field");
+    case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+        return ("format error in CRL's nextUpdate field");
+    case X509_V_ERR_OUT_OF_MEM:
+        return ("out of memory");
+    case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+        return ("self signed certificate");
+    case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
+        return ("self signed certificate in certificate chain");
+    case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+        return ("unable to get local issuer certificate");
+    case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+        return ("unable to verify the first certificate");
+    case X509_V_ERR_CERT_CHAIN_TOO_LONG:
+        return ("certificate chain too long");
+    case X509_V_ERR_CERT_REVOKED:
+        return ("certificate revoked");
+    case X509_V_ERR_INVALID_CA:
+        return ("invalid CA certificate");
+    case X509_V_ERR_INVALID_NON_CA:
+        return ("invalid non-CA certificate (has CA markings)");
+    case X509_V_ERR_PATH_LENGTH_EXCEEDED:
+        return ("path length constraint exceeded");
+    case X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED:
+        return ("proxy path length constraint exceeded");
+    case X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED:
+        return
+            ("proxy certificates not allowed, please set the appropriate flag");
+    case X509_V_ERR_INVALID_PURPOSE:
+        return ("unsupported certificate purpose");
+    case X509_V_ERR_CERT_UNTRUSTED:
+        return ("certificate not trusted");
+    case X509_V_ERR_CERT_REJECTED:
+        return ("certificate rejected");
+    case X509_V_ERR_APPLICATION_VERIFICATION:
+        return ("application verification failure");
+    case X509_V_ERR_SUBJECT_ISSUER_MISMATCH:
+        return ("subject issuer mismatch");
+    case X509_V_ERR_AKID_SKID_MISMATCH:
+        return ("authority and subject key identifier mismatch");
+    case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH:
+        return ("authority and issuer serial number mismatch");
+    case X509_V_ERR_KEYUSAGE_NO_CERTSIGN:
+        return ("key usage does not include certificate signing");
+    case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
+        return ("unable to get CRL issuer certificate");
+    case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION:
+        return ("unhandled critical extension");
+    case X509_V_ERR_KEYUSAGE_NO_CRL_SIGN:
+        return ("key usage does not include CRL signing");
+    case X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE:
+        return ("key usage does not include digital signature");
+    case X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION:
+        return ("unhandled critical CRL extension");
+    case X509_V_ERR_INVALID_EXTENSION:
+        return ("invalid or inconsistent certificate extension");
+    case X509_V_ERR_INVALID_POLICY_EXTENSION:
+        return ("invalid or inconsistent certificate policy extension");
+    case X509_V_ERR_NO_EXPLICIT_POLICY:
+        return ("no explicit policy");
+    case X509_V_ERR_UNNESTED_RESOURCE:
+        return ("RFC 3779 resource not subset of parent's resources");
+    default:
+        BIO_snprintf(buf, sizeof buf, "error number %ld", n);
+        return (buf);
+    }
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_v3.c b/Cryptlib/OpenSSL/crypto/x509/x509_v3.c
index 42e6f0ab..4a03445a 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_v3.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_v3.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -66,209 +66,219 @@
 #include <openssl/x509v3.h>
 
 int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
-	{
-	if (x == NULL) return(0);
-	return(sk_X509_EXTENSION_num(x));
-	}
+{
+    if (x == NULL)
+        return (0);
+    return (sk_X509_EXTENSION_num(x));
+}
 
 int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
-			  int lastpos)
-	{
-	ASN1_OBJECT *obj;
+                          int lastpos)
+{
+    ASN1_OBJECT *obj;
 
-	obj=OBJ_nid2obj(nid);
-	if (obj == NULL) return(-2);
-	return(X509v3_get_ext_by_OBJ(x,obj,lastpos));
-	}
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL)
+        return (-2);
+    return (X509v3_get_ext_by_OBJ(x, obj, lastpos));
+}
 
-int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj,
-			  int lastpos)
-	{
-	int n;
-	X509_EXTENSION *ex;
+int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk,
+                          ASN1_OBJECT *obj, int lastpos)
+{
+    int n;
+    X509_EXTENSION *ex;
 
-	if (sk == NULL) return(-1);
-	lastpos++;
-	if (lastpos < 0)
-		lastpos=0;
-	n=sk_X509_EXTENSION_num(sk);
-	for ( ; lastpos < n; lastpos++)
-		{
-		ex=sk_X509_EXTENSION_value(sk,lastpos);
-		if (OBJ_cmp(ex->object,obj) == 0)
-			return(lastpos);
-		}
-	return(-1);
-	}
+    if (sk == NULL)
+        return (-1);
+    lastpos++;
+    if (lastpos < 0)
+        lastpos = 0;
+    n = sk_X509_EXTENSION_num(sk);
+    for (; lastpos < n; lastpos++) {
+        ex = sk_X509_EXTENSION_value(sk, lastpos);
+        if (OBJ_cmp(ex->object, obj) == 0)
+            return (lastpos);
+    }
+    return (-1);
+}
 
 int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit,
-			       int lastpos)
-	{
-	int n;
-	X509_EXTENSION *ex;
+                               int lastpos)
+{
+    int n;
+    X509_EXTENSION *ex;
 
-	if (sk == NULL) return(-1);
-	lastpos++;
-	if (lastpos < 0)
-		lastpos=0;
-	n=sk_X509_EXTENSION_num(sk);
-	for ( ; lastpos < n; lastpos++)
-		{
-		ex=sk_X509_EXTENSION_value(sk,lastpos);
-		if (	((ex->critical > 0) && crit) ||
-			((ex->critical <= 0) && !crit))
-			return(lastpos);
-		}
-	return(-1);
-	}
+    if (sk == NULL)
+        return (-1);
+    lastpos++;
+    if (lastpos < 0)
+        lastpos = 0;
+    n = sk_X509_EXTENSION_num(sk);
+    for (; lastpos < n; lastpos++) {
+        ex = sk_X509_EXTENSION_value(sk, lastpos);
+        if (((ex->critical > 0) && crit) || ((ex->critical <= 0) && !crit))
+            return (lastpos);
+    }
+    return (-1);
+}
 
 X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc)
-	{
-	if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
-		return NULL;
-	else
-		return sk_X509_EXTENSION_value(x,loc);
-	}
+{
+    if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+        return NULL;
+    else
+        return sk_X509_EXTENSION_value(x, loc);
+}
 
 X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc)
-	{
-	X509_EXTENSION *ret;
+{
+    X509_EXTENSION *ret;
 
-	if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
-		return(NULL);
-	ret=sk_X509_EXTENSION_delete(x,loc);
-	return(ret);
-	}
+    if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0)
+        return (NULL);
+    ret = sk_X509_EXTENSION_delete(x, loc);
+    return (ret);
+}
 
 STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x,
-					 X509_EXTENSION *ex, int loc)
-	{
-	X509_EXTENSION *new_ex=NULL;
-	int n;
-	STACK_OF(X509_EXTENSION) *sk=NULL;
+                                         X509_EXTENSION *ex, int loc)
+{
+    X509_EXTENSION *new_ex = NULL;
+    int n;
+    STACK_OF(X509_EXTENSION) *sk = NULL;
 
-	if (x == NULL)
-		{
-		X509err(X509_F_X509V3_ADD_EXT,ERR_R_PASSED_NULL_PARAMETER);
-		goto err2;
-		}
+    if (x == NULL) {
+        X509err(X509_F_X509V3_ADD_EXT, ERR_R_PASSED_NULL_PARAMETER);
+        goto err2;
+    }
 
-	if (*x == NULL)
-		{
-		if ((sk=sk_X509_EXTENSION_new_null()) == NULL)
-			goto err;
-		}
-	else
-		sk= *x;
+    if (*x == NULL) {
+        if ((sk = sk_X509_EXTENSION_new_null()) == NULL)
+            goto err;
+    } else
+        sk = *x;
 
-	n=sk_X509_EXTENSION_num(sk);
-	if (loc > n) loc=n;
-	else if (loc < 0) loc=n;
+    n = sk_X509_EXTENSION_num(sk);
+    if (loc > n)
+        loc = n;
+    else if (loc < 0)
+        loc = n;
 
-	if ((new_ex=X509_EXTENSION_dup(ex)) == NULL)
-		goto err2;
-	if (!sk_X509_EXTENSION_insert(sk,new_ex,loc))
-		goto err;
-	if (*x == NULL)
-		*x=sk;
-	return(sk);
-err:
-	X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE);
-err2:
-	if (new_ex != NULL) X509_EXTENSION_free(new_ex);
-	if (sk != NULL) sk_X509_EXTENSION_free(sk);
-	return(NULL);
-	}
+    if ((new_ex = X509_EXTENSION_dup(ex)) == NULL)
+        goto err2;
+    if (!sk_X509_EXTENSION_insert(sk, new_ex, loc))
+        goto err;
+    if (*x == NULL)
+        *x = sk;
+    return (sk);
+ err:
+    X509err(X509_F_X509V3_ADD_EXT, ERR_R_MALLOC_FAILURE);
+ err2:
+    if (new_ex != NULL)
+        X509_EXTENSION_free(new_ex);
+    if (sk != NULL)
+        sk_X509_EXTENSION_free(sk);
+    return (NULL);
+}
 
 X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid,
-	     int crit, ASN1_OCTET_STRING *data)
-	{
-	ASN1_OBJECT *obj;
-	X509_EXTENSION *ret;
+                                             int crit,
+                                             ASN1_OCTET_STRING *data)
+{
+    ASN1_OBJECT *obj;
+    X509_EXTENSION *ret;
 
-	obj=OBJ_nid2obj(nid);
-	if (obj == NULL)
-		{
-		X509err(X509_F_X509_EXTENSION_CREATE_BY_NID,X509_R_UNKNOWN_NID);
-		return(NULL);
-		}
-	ret=X509_EXTENSION_create_by_OBJ(ex,obj,crit,data);
-	if (ret == NULL) ASN1_OBJECT_free(obj);
-	return(ret);
-	}
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL) {
+        X509err(X509_F_X509_EXTENSION_CREATE_BY_NID, X509_R_UNKNOWN_NID);
+        return (NULL);
+    }
+    ret = X509_EXTENSION_create_by_OBJ(ex, obj, crit, data);
+    if (ret == NULL)
+        ASN1_OBJECT_free(obj);
+    return (ret);
+}
 
 X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex,
-	     ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data)
-	{
-	X509_EXTENSION *ret;
+                                             ASN1_OBJECT *obj, int crit,
+                                             ASN1_OCTET_STRING *data)
+{
+    X509_EXTENSION *ret;
+
+    if ((ex == NULL) || (*ex == NULL)) {
+        if ((ret = X509_EXTENSION_new()) == NULL) {
+            X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,
+                    ERR_R_MALLOC_FAILURE);
+            return (NULL);
+        }
+    } else
+        ret = *ex;
 
-	if ((ex == NULL) || (*ex == NULL))
-		{
-		if ((ret=X509_EXTENSION_new()) == NULL)
-			{
-			X509err(X509_F_X509_EXTENSION_CREATE_BY_OBJ,ERR_R_MALLOC_FAILURE);
-			return(NULL);
-			}
-		}
-	else
-		ret= *ex;
+    if (!X509_EXTENSION_set_object(ret, obj))
+        goto err;
+    if (!X509_EXTENSION_set_critical(ret, crit))
+        goto err;
+    if (!X509_EXTENSION_set_data(ret, data))
+        goto err;
 
-	if (!X509_EXTENSION_set_object(ret,obj))
-		goto err;
-	if (!X509_EXTENSION_set_critical(ret,crit))
-		goto err;
-	if (!X509_EXTENSION_set_data(ret,data))
-		goto err;
-	
-	if ((ex != NULL) && (*ex == NULL)) *ex=ret;
-	return(ret);
-err:
-	if ((ex == NULL) || (ret != *ex))
-		X509_EXTENSION_free(ret);
-	return(NULL);
-	}
+    if ((ex != NULL) && (*ex == NULL))
+        *ex = ret;
+    return (ret);
+ err:
+    if ((ex == NULL) || (ret != *ex))
+        X509_EXTENSION_free(ret);
+    return (NULL);
+}
 
 int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj)
-	{
-	if ((ex == NULL) || (obj == NULL))
-		return(0);
-	ASN1_OBJECT_free(ex->object);
-	ex->object=OBJ_dup(obj);
-	return(1);
-	}
+{
+    if ((ex == NULL) || (obj == NULL))
+        return (0);
+    ASN1_OBJECT_free(ex->object);
+    ex->object = OBJ_dup(obj);
+    return (1);
+}
 
 int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit)
-	{
-	if (ex == NULL) return(0);
-	ex->critical=(crit)?0xFF:-1;
-	return(1);
-	}
+{
+    if (ex == NULL)
+        return (0);
+    ex->critical = (crit) ? 0xFF : -1;
+    return (1);
+}
 
 int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data)
-	{
-	int i;
+{
+    int i;
 
-	if (ex == NULL) return(0);
-	i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length);
-	if (!i) return(0);
-	return(1);
-	}
+    if (ex == NULL)
+        return (0);
+    i = M_ASN1_OCTET_STRING_set(ex->value, data->data, data->length);
+    if (!i)
+        return (0);
+    return (1);
+}
 
 ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex)
-	{
-	if (ex == NULL) return(NULL);
-	return(ex->object);
-	}
+{
+    if (ex == NULL)
+        return (NULL);
+    return (ex->object);
+}
 
 ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex)
-	{
-	if (ex == NULL) return(NULL);
-	return(ex->value);
-	}
+{
+    if (ex == NULL)
+        return (NULL);
+    return (ex->value);
+}
 
 int X509_EXTENSION_get_critical(X509_EXTENSION *ex)
-	{
-	if (ex == NULL) return(0);
-	if(ex->critical > 0) return 1;
-	return 0;
-	}
+{
+    if (ex == NULL)
+        return (0);
+    if (ex->critical > 0)
+        return 1;
+    return 0;
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
index b87617ac..3249ff82 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_vfy.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -70,7 +70,7 @@
 #include <openssl/x509v3.h>
 #include <openssl/objects.h>
 
-static int null_callback(int ok,X509_STORE_CTX *e);
+static int null_callback(int ok, X509_STORE_CTX *e);
 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer);
 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x);
 static int check_chain_extensions(X509_STORE_CTX *ctx);
@@ -79,1472 +79,1438 @@ static int check_revocation(X509_STORE_CTX *ctx);
 static int check_cert(X509_STORE_CTX *ctx);
 static int check_policy(X509_STORE_CTX *ctx);
 static int internal_verify(X509_STORE_CTX *ctx);
-const char X509_version[]="X.509" OPENSSL_VERSION_PTEXT;
-
+const char X509_version[] = "X.509" OPENSSL_VERSION_PTEXT;
 
 static int null_callback(int ok, X509_STORE_CTX *e)
-	{
-	return ok;
-	}
+{
+    return ok;
+}
 
 #if 0
 static int x509_subject_cmp(X509 **a, X509 **b)
-	{
-	return X509_subject_name_cmp(*a,*b);
-	}
+{
+    return X509_subject_name_cmp(*a, *b);
+}
 #endif
 
 int X509_verify_cert(X509_STORE_CTX *ctx)
-	{
-	X509 *x,*xtmp,*chain_ss=NULL;
-	int bad_chain = 0;
-	X509_VERIFY_PARAM *param = ctx->param;
-	int depth,i,ok=0;
-	int num;
-	int (*cb)(int xok,X509_STORE_CTX *xctx);
-	STACK_OF(X509) *sktmp=NULL;
-	if (ctx->cert == NULL)
-		{
-		X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
-		return -1;
-		}
-
-	cb=ctx->verify_cb;
-
-	/* first we make sure the chain we are going to build is
-	 * present and that the first entry is in place */
-	if (ctx->chain == NULL)
-		{
-		if (	((ctx->chain=sk_X509_new_null()) == NULL) ||
-			(!sk_X509_push(ctx->chain,ctx->cert)))
-			{
-			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
-			goto end;
-			}
-		CRYPTO_add(&ctx->cert->references,1,CRYPTO_LOCK_X509);
-		ctx->last_untrusted=1;
-		}
-
-	/* We use a temporary STACK so we can chop and hack at it */
-	if (ctx->untrusted != NULL
-	    && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL)
-		{
-		X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
-		goto end;
-		}
-
-	num=sk_X509_num(ctx->chain);
-	x=sk_X509_value(ctx->chain,num-1);
-	depth=param->depth;
-
-
-	for (;;)
-		{
-		/* If we have enough, we break */
-		if (depth < num) break; /* FIXME: If this happens, we should take
-		                         * note of it and, if appropriate, use the
-		                         * X509_V_ERR_CERT_CHAIN_TOO_LONG error
-		                         * code later.
-		                         */
-
-		/* If we are self signed, we break */
-		if (ctx->check_issued(ctx, x,x)) break;
-
-		/* If we were passed a cert chain, use it first */
-		if (ctx->untrusted != NULL)
-			{
-			xtmp=find_issuer(ctx, sktmp,x);
-			if (xtmp != NULL)
-				{
-				if (!sk_X509_push(ctx->chain,xtmp))
-					{
-					X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
-					goto end;
-					}
-				CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509);
-				(void)sk_X509_delete_ptr(sktmp,xtmp);
-				ctx->last_untrusted++;
-				x=xtmp;
-				num++;
-				/* reparse the full chain for
-				 * the next one */
-				continue;
-				}
-			}
-		break;
-		}
-
-	/* at this point, chain should contain a list of untrusted
-	 * certificates.  We now need to add at least one trusted one,
-	 * if possible, otherwise we complain. */
-
-	/* Examine last certificate in chain and see if it
- 	 * is self signed.
- 	 */
-
-	i=sk_X509_num(ctx->chain);
-	x=sk_X509_value(ctx->chain,i-1);
-	if (ctx->check_issued(ctx, x, x))
-		{
-		/* we have a self signed certificate */
-		if (sk_X509_num(ctx->chain) == 1)
-			{
-			/* We have a single self signed certificate: see if
-			 * we can find it in the store. We must have an exact
-			 * match to avoid possible impersonation.
-			 */
-			ok = ctx->get_issuer(&xtmp, ctx, x);
-			if ((ok <= 0) || X509_cmp(x, xtmp)) 
-				{
-				ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
-				ctx->current_cert=x;
-				ctx->error_depth=i-1;
-				if (ok == 1) X509_free(xtmp);
-				bad_chain = 1;
-				ok=cb(0,ctx);
-				if (!ok) goto end;
-				}
-			else 
-				{
-				/* We have a match: replace certificate with store version
-				 * so we get any trust settings.
-				 */
-				X509_free(x);
-				x = xtmp;
-				(void)sk_X509_set(ctx->chain, i - 1, x);
-				ctx->last_untrusted=0;
-				}
-			}
-		else
-			{
-			/* extract and save self signed certificate for later use */
-			chain_ss=sk_X509_pop(ctx->chain);
-			ctx->last_untrusted--;
-			num--;
-			x=sk_X509_value(ctx->chain,num-1);
-			}
-		}
-
-	/* We now lookup certs from the certificate store */
-	for (;;)
-		{
-		/* If we have enough, we break */
-		if (depth < num) break;
-
-		/* If we are self signed, we break */
-		if (ctx->check_issued(ctx,x,x)) break;
-
-		ok = ctx->get_issuer(&xtmp, ctx, x);
-
-		if (ok < 0) return ok;
-		if (ok == 0) break;
-
-		x = xtmp;
-		if (!sk_X509_push(ctx->chain,x))
-			{
-			X509_free(xtmp);
-			X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
-			return 0;
-			}
-		num++;
-		}
-
-	/* we now have our chain, lets check it... */
-
-	/* Is last certificate looked up self signed? */
-	if (!ctx->check_issued(ctx,x,x))
-		{
-		if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss))
-			{
-			if (ctx->last_untrusted >= num)
-				ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
-			else
-				ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
-			ctx->current_cert=x;
-			}
-		else
-			{
-
-			sk_X509_push(ctx->chain,chain_ss);
-			num++;
-			ctx->last_untrusted=num;
-			ctx->current_cert=chain_ss;
-			ctx->error=X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
-			chain_ss=NULL;
-			}
-
-		ctx->error_depth=num-1;
-		bad_chain = 1;
-		ok=cb(0,ctx);
-		if (!ok) goto end;
-		}
-
-	/* We have the chain complete: now we need to check its purpose */
-	ok = check_chain_extensions(ctx);
-
-	if (!ok) goto end;
-
-	/* The chain extensions are OK: check trust */
-
-	if (param->trust > 0) ok = check_trust(ctx);
-
-	if (!ok) goto end;
-
-	/* We may as well copy down any DSA parameters that are required */
-	X509_get_pubkey_parameters(NULL,ctx->chain);
-
-	/* Check revocation status: we do this after copying parameters
-	 * because they may be needed for CRL signature verification.
-	 */
-
-	ok = ctx->check_revocation(ctx);
-	if(!ok) goto end;
-
-	/* At this point, we have a chain and need to verify it */
-	if (ctx->verify != NULL)
-		ok=ctx->verify(ctx);
-	else
-		ok=internal_verify(ctx);
-	if(!ok) goto end;
+{
+    X509 *x, *xtmp, *chain_ss = NULL;
+    int bad_chain = 0;
+    X509_VERIFY_PARAM *param = ctx->param;
+    int depth, i, ok = 0;
+    int num;
+    int (*cb) (int xok, X509_STORE_CTX *xctx);
+    STACK_OF(X509) *sktmp = NULL;
+    if (ctx->cert == NULL) {
+        X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
+        return -1;
+    }
+
+    cb = ctx->verify_cb;
+
+    /*
+     * first we make sure the chain we are going to build is present and that
+     * the first entry is in place
+     */
+    if (ctx->chain == NULL) {
+        if (((ctx->chain = sk_X509_new_null()) == NULL) ||
+            (!sk_X509_push(ctx->chain, ctx->cert))) {
+            X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+            goto end;
+        }
+        CRYPTO_add(&ctx->cert->references, 1, CRYPTO_LOCK_X509);
+        ctx->last_untrusted = 1;
+    }
+
+    /* We use a temporary STACK so we can chop and hack at it */
+    if (ctx->untrusted != NULL
+        && (sktmp = sk_X509_dup(ctx->untrusted)) == NULL) {
+        X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+        goto end;
+    }
+
+    num = sk_X509_num(ctx->chain);
+    x = sk_X509_value(ctx->chain, num - 1);
+    depth = param->depth;
+
+    for (;;) {
+        /* If we have enough, we break */
+        if (depth < num)
+            break;              /* FIXME: If this happens, we should take
+                                 * note of it and, if appropriate, use the
+                                 * X509_V_ERR_CERT_CHAIN_TOO_LONG error code
+                                 * later. */
+
+        /* If we are self signed, we break */
+        if (ctx->check_issued(ctx, x, x))
+            break;
+
+        /* If we were passed a cert chain, use it first */
+        if (ctx->untrusted != NULL) {
+            xtmp = find_issuer(ctx, sktmp, x);
+            if (xtmp != NULL) {
+                if (!sk_X509_push(ctx->chain, xtmp)) {
+                    X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+                    goto end;
+                }
+                CRYPTO_add(&xtmp->references, 1, CRYPTO_LOCK_X509);
+                (void)sk_X509_delete_ptr(sktmp, xtmp);
+                ctx->last_untrusted++;
+                x = xtmp;
+                num++;
+                /*
+                 * reparse the full chain for the next one
+                 */
+                continue;
+            }
+        }
+        break;
+    }
+
+    /*
+     * at this point, chain should contain a list of untrusted certificates.
+     * We now need to add at least one trusted one, if possible, otherwise we
+     * complain.
+     */
+
+    /*
+     * Examine last certificate in chain and see if it is self signed.
+     */
+
+    i = sk_X509_num(ctx->chain);
+    x = sk_X509_value(ctx->chain, i - 1);
+    if (ctx->check_issued(ctx, x, x)) {
+        /* we have a self signed certificate */
+        if (sk_X509_num(ctx->chain) == 1) {
+            /*
+             * We have a single self signed certificate: see if we can find
+             * it in the store. We must have an exact match to avoid possible
+             * impersonation.
+             */
+            ok = ctx->get_issuer(&xtmp, ctx, x);
+            if ((ok <= 0) || X509_cmp(x, xtmp)) {
+                ctx->error = X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
+                ctx->current_cert = x;
+                ctx->error_depth = i - 1;
+                if (ok == 1)
+                    X509_free(xtmp);
+                bad_chain = 1;
+                ok = cb(0, ctx);
+                if (!ok)
+                    goto end;
+            } else {
+                /*
+                 * We have a match: replace certificate with store version so
+                 * we get any trust settings.
+                 */
+                X509_free(x);
+                x = xtmp;
+                (void)sk_X509_set(ctx->chain, i - 1, x);
+                ctx->last_untrusted = 0;
+            }
+        } else {
+            /*
+             * extract and save self signed certificate for later use
+             */
+            chain_ss = sk_X509_pop(ctx->chain);
+            ctx->last_untrusted--;
+            num--;
+            x = sk_X509_value(ctx->chain, num - 1);
+        }
+    }
+
+    /* We now lookup certs from the certificate store */
+    for (;;) {
+        /* If we have enough, we break */
+        if (depth < num)
+            break;
+
+        /* If we are self signed, we break */
+        if (ctx->check_issued(ctx, x, x))
+            break;
+
+        ok = ctx->get_issuer(&xtmp, ctx, x);
+
+        if (ok < 0)
+            return ok;
+        if (ok == 0)
+            break;
+
+        x = xtmp;
+        if (!sk_X509_push(ctx->chain, x)) {
+            X509_free(xtmp);
+            X509err(X509_F_X509_VERIFY_CERT, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        num++;
+    }
+
+    /* we now have our chain, lets check it... */
+
+    /* Is last certificate looked up self signed? */
+    if (!ctx->check_issued(ctx, x, x)) {
+        if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) {
+            if (ctx->last_untrusted >= num)
+                ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY;
+            else
+                ctx->error = X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT;
+            ctx->current_cert = x;
+        } else {
+
+            sk_X509_push(ctx->chain, chain_ss);
+            num++;
+            ctx->last_untrusted = num;
+            ctx->current_cert = chain_ss;
+            ctx->error = X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN;
+            chain_ss = NULL;
+        }
+
+        ctx->error_depth = num - 1;
+        bad_chain = 1;
+        ok = cb(0, ctx);
+        if (!ok)
+            goto end;
+    }
+
+    /* We have the chain complete: now we need to check its purpose */
+    ok = check_chain_extensions(ctx);
+
+    if (!ok)
+        goto end;
+
+    /* The chain extensions are OK: check trust */
+
+    if (param->trust > 0)
+        ok = check_trust(ctx);
+
+    if (!ok)
+        goto end;
+
+    /* We may as well copy down any DSA parameters that are required */
+    X509_get_pubkey_parameters(NULL, ctx->chain);
+
+    /*
+     * Check revocation status: we do this after copying parameters because
+     * they may be needed for CRL signature verification.
+     */
+
+    ok = ctx->check_revocation(ctx);
+    if (!ok)
+        goto end;
+
+    /* At this point, we have a chain and need to verify it */
+    if (ctx->verify != NULL)
+        ok = ctx->verify(ctx);
+    else
+        ok = internal_verify(ctx);
+    if (!ok)
+        goto end;
 
 #ifndef OPENSSL_NO_RFC3779
-	/* RFC 3779 path validation, now that CRL check has been done */
-	ok = v3_asid_validate_path(ctx);
-	if (!ok) goto end;
-	ok = v3_addr_validate_path(ctx);
-	if (!ok) goto end;
+    /* RFC 3779 path validation, now that CRL check has been done */
+    ok = v3_asid_validate_path(ctx);
+    if (!ok)
+        goto end;
+    ok = v3_addr_validate_path(ctx);
+    if (!ok)
+        goto end;
 #endif
 
-	/* If we get this far evaluate policies */
-	if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
-		ok = ctx->check_policy(ctx);
-	if(!ok) goto end;
-	if (0)
-		{
-end:
-		X509_get_pubkey_parameters(NULL,ctx->chain);
-		}
-	if (sktmp != NULL) sk_X509_free(sktmp);
-	if (chain_ss != NULL) X509_free(chain_ss);
-	return ok;
-	}
-
-
-/* Given a STACK_OF(X509) find the issuer of cert (if any)
+    /* If we get this far evaluate policies */
+    if (!bad_chain && (ctx->param->flags & X509_V_FLAG_POLICY_CHECK))
+        ok = ctx->check_policy(ctx);
+    if (!ok)
+        goto end;
+    if (0) {
+ end:
+        X509_get_pubkey_parameters(NULL, ctx->chain);
+    }
+    if (sktmp != NULL)
+        sk_X509_free(sktmp);
+    if (chain_ss != NULL)
+        X509_free(chain_ss);
+    return ok;
+}
+
+/*
+ * Given a STACK_OF(X509) find the issuer of cert (if any)
  */
 
 static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
 {
-	int i;
-	X509 *issuer;
-	for (i = 0; i < sk_X509_num(sk); i++)
-		{
-		issuer = sk_X509_value(sk, i);
-		if (ctx->check_issued(ctx, x, issuer))
-			return issuer;
-		}
-	return NULL;
+    int i;
+    X509 *issuer;
+    for (i = 0; i < sk_X509_num(sk); i++) {
+        issuer = sk_X509_value(sk, i);
+        if (ctx->check_issued(ctx, x, issuer))
+            return issuer;
+    }
+    return NULL;
 }
 
 /* Given a possible certificate and issuer check them */
 
 static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
 {
-	int ret;
-	ret = X509_check_issued(issuer, x);
-	if (ret == X509_V_OK)
-		return 1;
-	/* If we haven't asked for issuer errors don't set ctx */
-	if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
-		return 0;
-
-	ctx->error = ret;
-	ctx->current_cert = x;
-	ctx->current_issuer = issuer;
-	return ctx->verify_cb(0, ctx);
-	return 0;
+    int ret;
+    ret = X509_check_issued(issuer, x);
+    if (ret == X509_V_OK)
+        return 1;
+    /* If we haven't asked for issuer errors don't set ctx */
+    if (!(ctx->param->flags & X509_V_FLAG_CB_ISSUER_CHECK))
+        return 0;
+
+    ctx->error = ret;
+    ctx->current_cert = x;
+    ctx->current_issuer = issuer;
+    return ctx->verify_cb(0, ctx);
+    return 0;
 }
 
 /* Alternative lookup method: look from a STACK stored in other_ctx */
 
 static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 {
-	*issuer = find_issuer(ctx, ctx->other_ctx, x);
-	if (*issuer)
-		{
-		CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
-		return 1;
-		}
-	else
-		return 0;
+    *issuer = find_issuer(ctx, ctx->other_ctx, x);
+    if (*issuer) {
+        CRYPTO_add(&(*issuer)->references, 1, CRYPTO_LOCK_X509);
+        return 1;
+    } else
+        return 0;
 }
-	
 
-/* Check a certificate chains extensions for consistency
- * with the supplied purpose
+/*
+ * Check a certificate chains extensions for consistency with the supplied
+ * purpose
  */
 
 static int check_chain_extensions(X509_STORE_CTX *ctx)
 {
 #ifdef OPENSSL_NO_CHAIN_VERIFY
-	return 1;
+    return 1;
 #else
-	int i, ok=0, must_be_ca, plen = 0;
-	X509 *x;
-	int (*cb)(int xok,X509_STORE_CTX *xctx);
-	int proxy_path_length = 0;
-	int allow_proxy_certs =
-		!!(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
-	cb=ctx->verify_cb;
-
-	/* must_be_ca can have 1 of 3 values:
-	   -1: we accept both CA and non-CA certificates, to allow direct
-	       use of self-signed certificates (which are marked as CA).
-	   0:  we only accept non-CA certificates.  This is currently not
-	       used, but the possibility is present for future extensions.
-	   1:  we only accept CA certificates.  This is currently used for
-	       all certificates in the chain except the leaf certificate.
-	*/
-	must_be_ca = -1;
-
-	/* A hack to keep people who don't want to modify their software
-	   happy */
-	if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
-		allow_proxy_certs = 1;
-
-	/* Check all untrusted certificates */
-	for (i = 0; i < ctx->last_untrusted; i++)
-		{
-		int ret;
-		x = sk_X509_value(ctx->chain, i);
-		if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-			&& (x->ex_flags & EXFLAG_CRITICAL))
-			{
-			ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
-			ctx->error_depth = i;
-			ctx->current_cert = x;
-			ok=cb(0,ctx);
-			if (!ok) goto end;
-			}
-		if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY))
-			{
-			ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
-			ctx->error_depth = i;
-			ctx->current_cert = x;
-			ok=cb(0,ctx);
-			if (!ok) goto end;
-			}
-		ret = X509_check_ca(x);
-		switch(must_be_ca)
-			{
-		case -1:
-			if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
-				&& (ret != 1) && (ret != 0))
-				{
-				ret = 0;
-				ctx->error = X509_V_ERR_INVALID_CA;
-				}
-			else
-				ret = 1;
-			break;
-		case 0:
-			if (ret != 0)
-				{
-				ret = 0;
-				ctx->error = X509_V_ERR_INVALID_NON_CA;
-				}
-			else
-				ret = 1;
-			break;
-		default:
-			if ((ret == 0)
-				|| ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
-					&& (ret != 1)))
-				{
-				ret = 0;
-				ctx->error = X509_V_ERR_INVALID_CA;
-				}
-			else
-				ret = 1;
-			break;
-			}
-		if (ret == 0)
-			{
-			ctx->error_depth = i;
-			ctx->current_cert = x;
-			ok=cb(0,ctx);
-			if (!ok) goto end;
-			}
-		if (ctx->param->purpose > 0)
-			{
-			ret = X509_check_purpose(x, ctx->param->purpose,
-				must_be_ca > 0);
-			if ((ret == 0)
-				|| ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
-					&& (ret != 1)))
-				{
-				ctx->error = X509_V_ERR_INVALID_PURPOSE;
-				ctx->error_depth = i;
-				ctx->current_cert = x;
-				ok=cb(0,ctx);
-				if (!ok) goto end;
-				}
-			}
-		/* Check pathlen if not self issued */
-		if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
-			   && (x->ex_pathlen != -1)
-			   && (plen > (x->ex_pathlen + proxy_path_length + 1)))
-			{
-			ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
-			ctx->error_depth = i;
-			ctx->current_cert = x;
-			ok=cb(0,ctx);
-			if (!ok) goto end;
-			}
-		/* Increment path length if not self issued */
-		if (!(x->ex_flags & EXFLAG_SI))
-			plen++;
-		/* If this certificate is a proxy certificate, the next
-		   certificate must be another proxy certificate or a EE
-		   certificate.  If not, the next certificate must be a
-		   CA certificate.  */
-		if (x->ex_flags & EXFLAG_PROXY)
-			{
-			if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen)
-				{
-				ctx->error =
-					X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
-				ctx->error_depth = i;
-				ctx->current_cert = x;
-				ok=cb(0,ctx);
-				if (!ok) goto end;
-				}
-			proxy_path_length++;
-			must_be_ca = 0;
-			}
-		else
-			must_be_ca = 1;
-		}
-	ok = 1;
+    int i, ok = 0, must_be_ca, plen = 0;
+    X509 *x;
+    int (*cb) (int xok, X509_STORE_CTX *xctx);
+    int proxy_path_length = 0;
+    int allow_proxy_certs =
+        ! !(ctx->param->flags & X509_V_FLAG_ALLOW_PROXY_CERTS);
+    cb = ctx->verify_cb;
+
+    /*-
+     *  must_be_ca can have 1 of 3 values:
+     * -1: we accept both CA and non-CA certificates, to allow direct
+     *     use of self-signed certificates (which are marked as CA).
+     * 0:  we only accept non-CA certificates.  This is currently not
+     *     used, but the possibility is present for future extensions.
+     * 1:  we only accept CA certificates.  This is currently used for
+     *     all certificates in the chain except the leaf certificate.
+     */
+    must_be_ca = -1;
+
+    /*
+     * A hack to keep people who don't want to modify their software happy
+     */
+    if (getenv("OPENSSL_ALLOW_PROXY_CERTS"))
+        allow_proxy_certs = 1;
+
+    /* Check all untrusted certificates */
+    for (i = 0; i < ctx->last_untrusted; i++) {
+        int ret;
+        x = sk_X509_value(ctx->chain, i);
+        if (!(ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+            && (x->ex_flags & EXFLAG_CRITICAL)) {
+            ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION;
+            ctx->error_depth = i;
+            ctx->current_cert = x;
+            ok = cb(0, ctx);
+            if (!ok)
+                goto end;
+        }
+        if (!allow_proxy_certs && (x->ex_flags & EXFLAG_PROXY)) {
+            ctx->error = X509_V_ERR_PROXY_CERTIFICATES_NOT_ALLOWED;
+            ctx->error_depth = i;
+            ctx->current_cert = x;
+            ok = cb(0, ctx);
+            if (!ok)
+                goto end;
+        }
+        ret = X509_check_ca(x);
+        switch (must_be_ca) {
+        case -1:
+            if ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                && (ret != 1) && (ret != 0)) {
+                ret = 0;
+                ctx->error = X509_V_ERR_INVALID_CA;
+            } else
+                ret = 1;
+            break;
+        case 0:
+            if (ret != 0) {
+                ret = 0;
+                ctx->error = X509_V_ERR_INVALID_NON_CA;
+            } else
+                ret = 1;
+            break;
+        default:
+            if ((ret == 0)
+                || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                    && (ret != 1))) {
+                ret = 0;
+                ctx->error = X509_V_ERR_INVALID_CA;
+            } else
+                ret = 1;
+            break;
+        }
+        if (ret == 0) {
+            ctx->error_depth = i;
+            ctx->current_cert = x;
+            ok = cb(0, ctx);
+            if (!ok)
+                goto end;
+        }
+        if (ctx->param->purpose > 0) {
+            ret = X509_check_purpose(x, ctx->param->purpose, must_be_ca > 0);
+            if ((ret == 0)
+                || ((ctx->param->flags & X509_V_FLAG_X509_STRICT)
+                    && (ret != 1))) {
+                ctx->error = X509_V_ERR_INVALID_PURPOSE;
+                ctx->error_depth = i;
+                ctx->current_cert = x;
+                ok = cb(0, ctx);
+                if (!ok)
+                    goto end;
+            }
+        }
+        /* Check pathlen if not self issued */
+        if ((i > 1) && !(x->ex_flags & EXFLAG_SI)
+            && (x->ex_pathlen != -1)
+            && (plen > (x->ex_pathlen + proxy_path_length + 1))) {
+            ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
+            ctx->error_depth = i;
+            ctx->current_cert = x;
+            ok = cb(0, ctx);
+            if (!ok)
+                goto end;
+        }
+        /* Increment path length if not self issued */
+        if (!(x->ex_flags & EXFLAG_SI))
+            plen++;
+        /*
+         * If this certificate is a proxy certificate, the next certificate
+         * must be another proxy certificate or a EE certificate.  If not,
+         * the next certificate must be a CA certificate.
+         */
+        if (x->ex_flags & EXFLAG_PROXY) {
+            if (x->ex_pcpathlen != -1 && i > x->ex_pcpathlen) {
+                ctx->error = X509_V_ERR_PROXY_PATH_LENGTH_EXCEEDED;
+                ctx->error_depth = i;
+                ctx->current_cert = x;
+                ok = cb(0, ctx);
+                if (!ok)
+                    goto end;
+            }
+            proxy_path_length++;
+            must_be_ca = 0;
+        } else
+            must_be_ca = 1;
+    }
+    ok = 1;
  end:
-	return ok;
+    return ok;
 #endif
 }
 
 static int check_trust(X509_STORE_CTX *ctx)
 {
 #ifdef OPENSSL_NO_CHAIN_VERIFY
-	return 1;
+    return 1;
 #else
-	int i, ok;
-	X509 *x;
-	int (*cb)(int xok,X509_STORE_CTX *xctx);
-	cb=ctx->verify_cb;
+    int i, ok;
+    X509 *x;
+    int (*cb) (int xok, X509_STORE_CTX *xctx);
+    cb = ctx->verify_cb;
 /* For now just check the last certificate in the chain */
-	i = sk_X509_num(ctx->chain) - 1;
-	x = sk_X509_value(ctx->chain, i);
-	ok = X509_check_trust(x, ctx->param->trust, 0);
-	if (ok == X509_TRUST_TRUSTED)
-		return 1;
-	ctx->error_depth = i;
-	ctx->current_cert = x;
-	if (ok == X509_TRUST_REJECTED)
-		ctx->error = X509_V_ERR_CERT_REJECTED;
-	else
-		ctx->error = X509_V_ERR_CERT_UNTRUSTED;
-	ok = cb(0, ctx);
-	return ok;
+    i = sk_X509_num(ctx->chain) - 1;
+    x = sk_X509_value(ctx->chain, i);
+    ok = X509_check_trust(x, ctx->param->trust, 0);
+    if (ok == X509_TRUST_TRUSTED)
+        return 1;
+    ctx->error_depth = i;
+    ctx->current_cert = x;
+    if (ok == X509_TRUST_REJECTED)
+        ctx->error = X509_V_ERR_CERT_REJECTED;
+    else
+        ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+    ok = cb(0, ctx);
+    return ok;
 #endif
 }
 
 static int check_revocation(X509_STORE_CTX *ctx)
-	{
-	int i, last, ok;
-	if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
-		return 1;
-	if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
-		last = sk_X509_num(ctx->chain) - 1;
-	else
-		last = 0;
-	for(i = 0; i <= last; i++)
-		{
-		ctx->error_depth = i;
-		ok = check_cert(ctx);
-		if (!ok) return ok;
-		}
-	return 1;
-	}
+{
+    int i, last, ok;
+    if (!(ctx->param->flags & X509_V_FLAG_CRL_CHECK))
+        return 1;
+    if (ctx->param->flags & X509_V_FLAG_CRL_CHECK_ALL)
+        last = sk_X509_num(ctx->chain) - 1;
+    else
+        last = 0;
+    for (i = 0; i <= last; i++) {
+        ctx->error_depth = i;
+        ok = check_cert(ctx);
+        if (!ok)
+            return ok;
+    }
+    return 1;
+}
 
 static int check_cert(X509_STORE_CTX *ctx)
-	{
-	X509_CRL *crl = NULL;
-	X509 *x;
-	int ok, cnum;
-	cnum = ctx->error_depth;
-	x = sk_X509_value(ctx->chain, cnum);
-	ctx->current_cert = x;
-	/* Try to retrieve relevant CRL */
-	ok = ctx->get_crl(ctx, &crl, x);
-	/* If error looking up CRL, nothing we can do except
-	 * notify callback
-	 */
-	if(!ok)
-		{
-		ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
-		ok = ctx->verify_cb(0, ctx);
-		goto err;
-		}
-	ctx->current_crl = crl;
-	ok = ctx->check_crl(ctx, crl);
-	if (!ok) goto err;
-	ok = ctx->cert_crl(ctx, crl, x);
-	err:
-	ctx->current_crl = NULL;
-	X509_CRL_free(crl);
-	return ok;
-
-	}
+{
+    X509_CRL *crl = NULL;
+    X509 *x;
+    int ok, cnum;
+    cnum = ctx->error_depth;
+    x = sk_X509_value(ctx->chain, cnum);
+    ctx->current_cert = x;
+    /* Try to retrieve relevant CRL */
+    ok = ctx->get_crl(ctx, &crl, x);
+    /*
+     * If error looking up CRL, nothing we can do except notify callback
+     */
+    if (!ok) {
+        ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL;
+        ok = ctx->verify_cb(0, ctx);
+        goto err;
+    }
+    ctx->current_crl = crl;
+    ok = ctx->check_crl(ctx, crl);
+    if (!ok)
+        goto err;
+    ok = ctx->cert_crl(ctx, crl, x);
+ err:
+    ctx->current_crl = NULL;
+    X509_CRL_free(crl);
+    return ok;
+
+}
 
 /* Check CRL times against values in X509_STORE_CTX */
 
 static int check_crl_time(X509_STORE_CTX *ctx, X509_CRL *crl, int notify)
-	{
-	time_t *ptime;
-	int i;
-	ctx->current_crl = crl;
-	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
-		ptime = &ctx->param->check_time;
-	else
-		ptime = NULL;
-
-	i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
-	if (i == 0)
-		{
-		ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
-		if (!notify || !ctx->verify_cb(0, ctx))
-			return 0;
-		}
-
-	if (i > 0)
-		{
-		ctx->error=X509_V_ERR_CRL_NOT_YET_VALID;
-		if (!notify || !ctx->verify_cb(0, ctx))
-			return 0;
-		}
-
-	if(X509_CRL_get_nextUpdate(crl))
-		{
-		i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
-
-		if (i == 0)
-			{
-			ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
-			if (!notify || !ctx->verify_cb(0, ctx))
-				return 0;
-			}
-
-		if (i < 0)
-			{
-			ctx->error=X509_V_ERR_CRL_HAS_EXPIRED;
-			if (!notify || !ctx->verify_cb(0, ctx))
-				return 0;
-			}
-		}
-
-	ctx->current_crl = NULL;
-
-	return 1;
-	}
-
-/* Lookup CRLs from the supplied list. Look for matching isser name
- * and validity. If we can't find a valid CRL return the last one
- * with matching name. This gives more meaningful error codes. Otherwise
- * we'd get a CRL not found error if a CRL existed with matching name but
- * was invalid.
+{
+    time_t *ptime;
+    int i;
+    ctx->current_crl = crl;
+    if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
+        ptime = &ctx->param->check_time;
+    else
+        ptime = NULL;
+
+    i = X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime);
+    if (i == 0) {
+        ctx->error = X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD;
+        if (!notify || !ctx->verify_cb(0, ctx))
+            return 0;
+    }
+
+    if (i > 0) {
+        ctx->error = X509_V_ERR_CRL_NOT_YET_VALID;
+        if (!notify || !ctx->verify_cb(0, ctx))
+            return 0;
+    }
+
+    if (X509_CRL_get_nextUpdate(crl)) {
+        i = X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime);
+
+        if (i == 0) {
+            ctx->error = X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD;
+            if (!notify || !ctx->verify_cb(0, ctx))
+                return 0;
+        }
+
+        if (i < 0) {
+            ctx->error = X509_V_ERR_CRL_HAS_EXPIRED;
+            if (!notify || !ctx->verify_cb(0, ctx))
+                return 0;
+        }
+    }
+
+    ctx->current_crl = NULL;
+
+    return 1;
+}
+
+/*
+ * Lookup CRLs from the supplied list. Look for matching isser name and
+ * validity. If we can't find a valid CRL return the last one with matching
+ * name. This gives more meaningful error codes. Otherwise we'd get a CRL not
+ * found error if a CRL existed with matching name but was invalid.
  */
 
 static int get_crl_sk(X509_STORE_CTX *ctx, X509_CRL **pcrl,
-			X509_NAME *nm, STACK_OF(X509_CRL) *crls)
-	{
-	int i;
-	X509_CRL *crl, *best_crl = NULL;
-	for (i = 0; i < sk_X509_CRL_num(crls); i++)
-		{
-		crl = sk_X509_CRL_value(crls, i);
-		if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
-			continue;
-		if (check_crl_time(ctx, crl, 0))
-			{
-			*pcrl = crl;
-			CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509);
-			return 1;
-			}
-		best_crl = crl;
-		}
-	if (best_crl)
-		{
-		*pcrl = best_crl;
-		CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509);
-		}
-		
-	return 0;
-	}
-
-/* Retrieve CRL corresponding to certificate: currently just a
- * subject lookup: maybe use AKID later...
+                      X509_NAME *nm, STACK_OF(X509_CRL) *crls)
+{
+    int i;
+    X509_CRL *crl, *best_crl = NULL;
+    for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+        crl = sk_X509_CRL_value(crls, i);
+        if (X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
+            continue;
+        if (check_crl_time(ctx, crl, 0)) {
+            *pcrl = crl;
+            CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509);
+            return 1;
+        }
+        best_crl = crl;
+    }
+    if (best_crl) {
+        *pcrl = best_crl;
+        CRYPTO_add(&best_crl->references, 1, CRYPTO_LOCK_X509);
+    }
+
+    return 0;
+}
+
+/*
+ * Retrieve CRL corresponding to certificate: currently just a subject
+ * lookup: maybe use AKID later...
  */
 static int get_crl(X509_STORE_CTX *ctx, X509_CRL **pcrl, X509 *x)
-	{
-	int ok;
-	X509_CRL *crl = NULL;
-	X509_OBJECT xobj;
-	X509_NAME *nm;
-	nm = X509_get_issuer_name(x);
-	ok = get_crl_sk(ctx, &crl, nm, ctx->crls);
-	if (ok)
-		{
-		*pcrl = crl;
-		return 1;
-		}
-
-	ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj);
-
-	if (!ok)
-		{
-		/* If we got a near match from get_crl_sk use that */
-		if (crl)
-			{
-			*pcrl = crl;
-			return 1;
-			}
-		return 0;
-		}
-
-	*pcrl = xobj.data.crl;
-	if (crl)
-		X509_CRL_free(crl);
-	return 1;
-	}
+{
+    int ok;
+    X509_CRL *crl = NULL;
+    X509_OBJECT xobj;
+    X509_NAME *nm;
+    nm = X509_get_issuer_name(x);
+    ok = get_crl_sk(ctx, &crl, nm, ctx->crls);
+    if (ok) {
+        *pcrl = crl;
+        return 1;
+    }
+
+    ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, nm, &xobj);
+
+    if (!ok) {
+        /* If we got a near match from get_crl_sk use that */
+        if (crl) {
+            *pcrl = crl;
+            return 1;
+        }
+        return 0;
+    }
+
+    *pcrl = xobj.data.crl;
+    if (crl)
+        X509_CRL_free(crl);
+    return 1;
+}
 
 /* Check CRL validity */
 static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl)
-	{
-	X509 *issuer = NULL;
-	EVP_PKEY *ikey = NULL;
-	int ok = 0, chnum, cnum;
-	cnum = ctx->error_depth;
-	chnum = sk_X509_num(ctx->chain) - 1;
-	/* Find CRL issuer: if not last certificate then issuer
-	 * is next certificate in chain.
-	 */
-	if(cnum < chnum)
-		issuer = sk_X509_value(ctx->chain, cnum + 1);
-	else
-		{
-		issuer = sk_X509_value(ctx->chain, chnum);
-		/* If not self signed, can't check signature */
-		if(!ctx->check_issued(ctx, issuer, issuer))
-			{
-			ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
-			ok = ctx->verify_cb(0, ctx);
-			if(!ok) goto err;
-			}
-		}
-
-	if(issuer)
-		{
-		/* Check for cRLSign bit if keyUsage present */
-		if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
-			!(issuer->ex_kusage & KU_CRL_SIGN))
-			{
-			ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
-			ok = ctx->verify_cb(0, ctx);
-			if(!ok) goto err;
-			}
-
-		/* Attempt to get issuer certificate public key */
-		ikey = X509_get_pubkey(issuer);
-
-		if(!ikey)
-			{
-			ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
-			ok = ctx->verify_cb(0, ctx);
-			if (!ok) goto err;
-			}
-		else
-			{
-			/* Verify CRL signature */
-			if(X509_CRL_verify(crl, ikey) <= 0)
-				{
-				ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE;
-				ok = ctx->verify_cb(0, ctx);
-				if (!ok) goto err;
-				}
-			}
-		}
-
-	ok = check_crl_time(ctx, crl, 1);
-	if (!ok)
-		goto err;
-
-	ok = 1;
-
-	err:
-	EVP_PKEY_free(ikey);
-	return ok;
-	}
+{
+    X509 *issuer = NULL;
+    EVP_PKEY *ikey = NULL;
+    int ok = 0, chnum, cnum;
+    cnum = ctx->error_depth;
+    chnum = sk_X509_num(ctx->chain) - 1;
+    /*
+     * Find CRL issuer: if not last certificate then issuer is next
+     * certificate in chain.
+     */
+    if (cnum < chnum)
+        issuer = sk_X509_value(ctx->chain, cnum + 1);
+    else {
+        issuer = sk_X509_value(ctx->chain, chnum);
+        /* If not self signed, can't check signature */
+        if (!ctx->check_issued(ctx, issuer, issuer)) {
+            ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER;
+            ok = ctx->verify_cb(0, ctx);
+            if (!ok)
+                goto err;
+        }
+    }
+
+    if (issuer) {
+        /* Check for cRLSign bit if keyUsage present */
+        if ((issuer->ex_flags & EXFLAG_KUSAGE) &&
+            !(issuer->ex_kusage & KU_CRL_SIGN)) {
+            ctx->error = X509_V_ERR_KEYUSAGE_NO_CRL_SIGN;
+            ok = ctx->verify_cb(0, ctx);
+            if (!ok)
+                goto err;
+        }
+
+        /* Attempt to get issuer certificate public key */
+        ikey = X509_get_pubkey(issuer);
+
+        if (!ikey) {
+            ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
+            ok = ctx->verify_cb(0, ctx);
+            if (!ok)
+                goto err;
+        } else {
+            /* Verify CRL signature */
+            if (X509_CRL_verify(crl, ikey) <= 0) {
+                ctx->error = X509_V_ERR_CRL_SIGNATURE_FAILURE;
+                ok = ctx->verify_cb(0, ctx);
+                if (!ok)
+                    goto err;
+            }
+        }
+    }
+
+    ok = check_crl_time(ctx, crl, 1);
+    if (!ok)
+        goto err;
+
+    ok = 1;
+
+ err:
+    EVP_PKEY_free(ikey);
+    return ok;
+}
 
 /* Check certificate against CRL */
 static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x)
-	{
-	int idx, ok;
-	X509_REVOKED rtmp;
-	STACK_OF(X509_EXTENSION) *exts;
-	X509_EXTENSION *ext;
-	/* Look for serial number of certificate in CRL */
-	rtmp.serialNumber = X509_get_serialNumber(x);
-	/* Sort revoked into serial number order if not already sorted.
-	 * Do this under a lock to avoid race condition.
- 	 */
-	if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked))
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
-		sk_X509_REVOKED_sort(crl->crl->revoked);
-		CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
-		}
-	idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
-	/* If found assume revoked: want something cleverer than
-	 * this to handle entry extensions in V2 CRLs.
-	 */
-	if(idx >= 0)
-		{
-		ctx->error = X509_V_ERR_CERT_REVOKED;
-		ok = ctx->verify_cb(0, ctx);
-		if (!ok) return 0;
-		}
-
-	if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
-		return 1;
-
-	/* See if we have any critical CRL extensions: since we
-	 * currently don't handle any CRL extensions the CRL must be
-	 * rejected. 
-	 * This code accesses the X509_CRL structure directly: applications
-	 * shouldn't do this.
-	 */
-
-	exts = crl->crl->extensions;
-
-	for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++)
-		{
-		ext = sk_X509_EXTENSION_value(exts, idx);
-		if (ext->critical > 0)
-			{
-			ctx->error =
-				X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
-			ok = ctx->verify_cb(0, ctx);
-			if(!ok) return 0;
-			break;
-			}
-		}
-	return 1;
-	}
+{
+    int idx, ok;
+    X509_REVOKED rtmp;
+    STACK_OF(X509_EXTENSION) *exts;
+    X509_EXTENSION *ext;
+    /* Look for serial number of certificate in CRL */
+    rtmp.serialNumber = X509_get_serialNumber(x);
+    /*
+     * Sort revoked into serial number order if not already sorted. Do this
+     * under a lock to avoid race condition.
+     */
+    if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) {
+        CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
+        sk_X509_REVOKED_sort(crl->crl->revoked);
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
+    }
+    idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
+    /*
+     * If found assume revoked: want something cleverer than this to handle
+     * entry extensions in V2 CRLs.
+     */
+    if (idx >= 0) {
+        ctx->error = X509_V_ERR_CERT_REVOKED;
+        ok = ctx->verify_cb(0, ctx);
+        if (!ok)
+            return 0;
+    }
+
+    if (ctx->param->flags & X509_V_FLAG_IGNORE_CRITICAL)
+        return 1;
+
+    /*
+     * See if we have any critical CRL extensions: since we currently don't
+     * handle any CRL extensions the CRL must be rejected. This code
+     * accesses the X509_CRL structure directly: applications shouldn't do
+     * this.
+     */
+
+    exts = crl->crl->extensions;
+
+    for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
+        ext = sk_X509_EXTENSION_value(exts, idx);
+        if (ext->critical > 0) {
+            ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION;
+            ok = ctx->verify_cb(0, ctx);
+            if (!ok)
+                return 0;
+            break;
+        }
+    }
+    return 1;
+}
 
 static int check_policy(X509_STORE_CTX *ctx)
-	{
-	int ret;
-	ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
-				ctx->param->policies, ctx->param->flags);
-	if (ret == 0)
-		{
-		X509err(X509_F_CHECK_POLICY,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	/* Invalid or inconsistent extensions */
-	if (ret == -1)
-		{
-		/* Locate certificates with bad extensions and notify
-		 * callback.
-		 */
-		X509 *x;
-		int i;
-		for (i = 1; i < sk_X509_num(ctx->chain); i++)
-			{
-			x = sk_X509_value(ctx->chain, i);
-			if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
-				continue;
-			ctx->current_cert = x;
-			ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
-			ret = ctx->verify_cb(0, ctx);
-			}
-		return 1;
-		}
-	if (ret == -2)
-		{
-		ctx->current_cert = NULL;
-		ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
-		return ctx->verify_cb(0, ctx);
-		}
-
-	if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY)
-		{
-		ctx->current_cert = NULL;
-		ctx->error = X509_V_OK;
-		if (!ctx->verify_cb(2, ctx))
-			return 0;
-		}
-
-	return 1;
-	}
+{
+    int ret;
+    ret = X509_policy_check(&ctx->tree, &ctx->explicit_policy, ctx->chain,
+                            ctx->param->policies, ctx->param->flags);
+    if (ret == 0) {
+        X509err(X509_F_CHECK_POLICY, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /* Invalid or inconsistent extensions */
+    if (ret == -1) {
+        /*
+         * Locate certificates with bad extensions and notify callback.
+         */
+        X509 *x;
+        int i;
+        for (i = 1; i < sk_X509_num(ctx->chain); i++) {
+            x = sk_X509_value(ctx->chain, i);
+            if (!(x->ex_flags & EXFLAG_INVALID_POLICY))
+                continue;
+            ctx->current_cert = x;
+            ctx->error = X509_V_ERR_INVALID_POLICY_EXTENSION;
+            ret = ctx->verify_cb(0, ctx);
+        }
+        return 1;
+    }
+    if (ret == -2) {
+        ctx->current_cert = NULL;
+        ctx->error = X509_V_ERR_NO_EXPLICIT_POLICY;
+        return ctx->verify_cb(0, ctx);
+    }
+
+    if (ctx->param->flags & X509_V_FLAG_NOTIFY_POLICY) {
+        ctx->current_cert = NULL;
+        ctx->error = X509_V_OK;
+        if (!ctx->verify_cb(2, ctx))
+            return 0;
+    }
+
+    return 1;
+}
 
 static int check_cert_time(X509_STORE_CTX *ctx, X509 *x)
-	{
+{
 #if defined(OPENSSL_SYS_UEFI)
   /* Bypass Certificate Time Checking for UEFI version. */
   return 1;
 #else
-	time_t *ptime;
-	int i;
-
-	if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
-		ptime = &ctx->param->check_time;
-	else
-		ptime = NULL;
-
-	i=X509_cmp_time(X509_get_notBefore(x), ptime);
-	if (i == 0)
-		{
-		ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
-		ctx->current_cert=x;
-		if (!ctx->verify_cb(0, ctx))
-			return 0;
-		}
-
-	if (i > 0)
-		{
-		ctx->error=X509_V_ERR_CERT_NOT_YET_VALID;
-		ctx->current_cert=x;
-		if (!ctx->verify_cb(0, ctx))
-			return 0;
-		}
-
-	i=X509_cmp_time(X509_get_notAfter(x), ptime);
-	if (i == 0)
-		{
-		ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
-		ctx->current_cert=x;
-		if (!ctx->verify_cb(0, ctx))
-			return 0;
-		}
-
-	if (i < 0)
-		{
-		ctx->error=X509_V_ERR_CERT_HAS_EXPIRED;
-		ctx->current_cert=x;
-		if (!ctx->verify_cb(0, ctx))
-			return 0;
-		}
-
-	return 1;
-#endif	
-	}
+    time_t *ptime;
+    int i;
+
+    if (ctx->param->flags & X509_V_FLAG_USE_CHECK_TIME)
+        ptime = &ctx->param->check_time;
+    else
+        ptime = NULL;
+
+    i = X509_cmp_time(X509_get_notBefore(x), ptime);
+    if (i == 0) {
+        ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
+        ctx->current_cert = x;
+        if (!ctx->verify_cb(0, ctx))
+            return 0;
+    }
+
+    if (i > 0) {
+        ctx->error = X509_V_ERR_CERT_NOT_YET_VALID;
+        ctx->current_cert = x;
+        if (!ctx->verify_cb(0, ctx))
+            return 0;
+    }
+
+    i = X509_cmp_time(X509_get_notAfter(x), ptime);
+    if (i == 0) {
+        ctx->error = X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
+        ctx->current_cert = x;
+        if (!ctx->verify_cb(0, ctx))
+            return 0;
+    }
+
+    if (i < 0) {
+        ctx->error = X509_V_ERR_CERT_HAS_EXPIRED;
+        ctx->current_cert = x;
+        if (!ctx->verify_cb(0, ctx))
+            return 0;
+    }
+
+    return 1;
+#endif
+}
 
 static int internal_verify(X509_STORE_CTX *ctx)
-	{
-	int ok=0,n;
-	X509 *xs,*xi;
-	EVP_PKEY *pkey=NULL;
-	int (*cb)(int xok,X509_STORE_CTX *xctx);
-
-	cb=ctx->verify_cb;
-
-	n=sk_X509_num(ctx->chain);
-	ctx->error_depth=n-1;
-	n--;
-	xi=sk_X509_value(ctx->chain,n);
-
-	if (ctx->check_issued(ctx, xi, xi))
-		xs=xi;
-	else
-		{
-		if (n <= 0)
-			{
-			ctx->error=X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
-			ctx->current_cert=xi;
-			ok=cb(0,ctx);
-			goto end;
-			}
-		else
-			{
-			n--;
-			ctx->error_depth=n;
-			xs=sk_X509_value(ctx->chain,n);
-			}
-		}
-
-/*	ctx->error=0;  not needed */
-	while (n >= 0)
-		{
-		ctx->error_depth=n;
-
-		/* Skip signature check for self signed certificates unless
-		 * explicitly asked for. It doesn't add any security and
-		 * just wastes time.
-		 */
-		if (!xs->valid && (xs != xi || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE)))
-			{
-			if ((pkey=X509_get_pubkey(xi)) == NULL)
-				{
-				ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
-				ctx->current_cert=xi;
-				ok=(*cb)(0,ctx);
-				if (!ok) goto end;
-				}
-			else if (X509_verify(xs,pkey) <= 0)
-				{
-				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
-				ctx->current_cert=xs;
-				ok=(*cb)(0,ctx);
-				if (!ok)
-					{
-					EVP_PKEY_free(pkey);
-					goto end;
-					}
-				}
-			EVP_PKEY_free(pkey);
-			pkey=NULL;
-			}
-
-		xs->valid = 1;
-
-		ok = check_cert_time(ctx, xs);
-		if (!ok)
-			goto end;
-
-		/* The last error (if any) is still in the error value */
-		ctx->current_issuer=xi;
-		ctx->current_cert=xs;
-		ok=(*cb)(1,ctx);
-		if (!ok) goto end;
-
-		n--;
-		if (n >= 0)
-			{
-			xi=xs;
-			xs=sk_X509_value(ctx->chain,n);
-			}
-		}
-	ok=1;
-end:
-	return ok;
-	}
+{
+    int ok = 0, n;
+    X509 *xs, *xi;
+    EVP_PKEY *pkey = NULL;
+    int (*cb) (int xok, X509_STORE_CTX *xctx);
+
+    cb = ctx->verify_cb;
+
+    n = sk_X509_num(ctx->chain);
+    ctx->error_depth = n - 1;
+    n--;
+    xi = sk_X509_value(ctx->chain, n);
+
+    if (ctx->check_issued(ctx, xi, xi))
+        xs = xi;
+    else {
+        if (n <= 0) {
+            ctx->error = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
+            ctx->current_cert = xi;
+            ok = cb(0, ctx);
+            goto end;
+        } else {
+            n--;
+            ctx->error_depth = n;
+            xs = sk_X509_value(ctx->chain, n);
+        }
+    }
+
+/*      ctx->error=0;  not needed */
+    while (n >= 0) {
+        ctx->error_depth = n;
+
+        /*
+         * Skip signature check for self signed certificates unless
+         * explicitly asked for. It doesn't add any security and just wastes
+         * time.
+         */
+        if (!xs->valid
+            && (xs != xi
+                || (ctx->param->flags & X509_V_FLAG_CHECK_SS_SIGNATURE))) {
+            if ((pkey = X509_get_pubkey(xi)) == NULL) {
+                ctx->error = X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY;
+                ctx->current_cert = xi;
+                ok = (*cb) (0, ctx);
+                if (!ok)
+                    goto end;
+            } else if (X509_verify(xs, pkey) <= 0) {
+                ctx->error = X509_V_ERR_CERT_SIGNATURE_FAILURE;
+                ctx->current_cert = xs;
+                ok = (*cb) (0, ctx);
+                if (!ok) {
+                    EVP_PKEY_free(pkey);
+                    goto end;
+                }
+            }
+            EVP_PKEY_free(pkey);
+            pkey = NULL;
+        }
+
+        xs->valid = 1;
+
+        ok = check_cert_time(ctx, xs);
+        if (!ok)
+            goto end;
+
+        /* The last error (if any) is still in the error value */
+        ctx->current_issuer = xi;
+        ctx->current_cert = xs;
+        ok = (*cb) (1, ctx);
+        if (!ok)
+            goto end;
+
+        n--;
+        if (n >= 0) {
+            xi = xs;
+            xs = sk_X509_value(ctx->chain, n);
+        }
+    }
+    ok = 1;
+ end:
+    return ok;
+}
 
 int X509_cmp_current_time(ASN1_TIME *ctm)
 {
-	return X509_cmp_time(ctm, NULL);
+    return X509_cmp_time(ctm, NULL);
 }
 
 int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
-	{
-	char *str;
-	ASN1_TIME atm;
-	long offset;
-	char buff1[24],buff2[24],*p;
-	int i,j;
-
-	p=buff1;
-	i=ctm->length;
-	str=(char *)ctm->data;
-	if (ctm->type == V_ASN1_UTCTIME)
-		{
-		if ((i < 11) || (i > 17)) return 0;
-		memcpy(p,str,10);
-		p+=10;
-		str+=10;
-		}
-	else
-		{
-		if (i < 13) return 0;
-		memcpy(p,str,12);
-		p+=12;
-		str+=12;
-		}
-
-	if ((*str == 'Z') || (*str == '-') || (*str == '+'))
-		{ *(p++)='0'; *(p++)='0'; }
-	else
-		{ 
-		*(p++)= *(str++);
-		*(p++)= *(str++);
-		/* Skip any fractional seconds... */
-		if (*str == '.')
-			{
-			str++;
-			while ((*str >= '0') && (*str <= '9')) str++;
-			}
-		
-		}
-	*(p++)='Z';
-	*(p++)='\0';
-
-	if (*str == 'Z')
-		offset=0;
-	else
-		{
-		if ((*str != '+') && (*str != '-'))
-			return 0;
-		offset=((str[1]-'0')*10+(str[2]-'0'))*60;
-		offset+=(str[3]-'0')*10+(str[4]-'0');
-		if (*str == '-')
-			offset= -offset;
-		}
-	atm.type=ctm->type;
-	atm.length=sizeof(buff2);
-	atm.data=(unsigned char *)buff2;
-
-	if (X509_time_adj(&atm, offset*60, cmp_time) == NULL)
-		return 0;
-
-	if (ctm->type == V_ASN1_UTCTIME)
-		{
-		i=(buff1[0]-'0')*10+(buff1[1]-'0');
-		if (i < 50) i+=100; /* cf. RFC 2459 */
-		j=(buff2[0]-'0')*10+(buff2[1]-'0');
-		if (j < 50) j+=100;
-
-		if (i < j) return -1;
-		if (i > j) return 1;
-		}
-	i=strcmp(buff1,buff2);
-	if (i == 0) /* wait a second then return younger :-) */
-		return -1;
-	else
-		return i;
-	}
+{
+    char *str;
+    ASN1_TIME atm;
+    long offset;
+    char buff1[24], buff2[24], *p;
+    int i, j;
+
+    p = buff1;
+    i = ctm->length;
+    str = (char *)ctm->data;
+    if (ctm->type == V_ASN1_UTCTIME) {
+        if ((i < 11) || (i > 17))
+            return 0;
+        memcpy(p, str, 10);
+        p += 10;
+        str += 10;
+    } else {
+        if (i < 13)
+            return 0;
+        memcpy(p, str, 12);
+        p += 12;
+        str += 12;
+    }
+
+    if ((*str == 'Z') || (*str == '-') || (*str == '+')) {
+        *(p++) = '0';
+        *(p++) = '0';
+    } else {
+        *(p++) = *(str++);
+        *(p++) = *(str++);
+        /* Skip any fractional seconds... */
+        if (*str == '.') {
+            str++;
+            while ((*str >= '0') && (*str <= '9'))
+                str++;
+        }
+
+    }
+    *(p++) = 'Z';
+    *(p++) = '\0';
+
+    if (*str == 'Z')
+        offset = 0;
+    else {
+        if ((*str != '+') && (*str != '-'))
+            return 0;
+        offset = ((str[1] - '0') * 10 + (str[2] - '0')) * 60;
+        offset += (str[3] - '0') * 10 + (str[4] - '0');
+        if (*str == '-')
+            offset = -offset;
+    }
+    atm.type = ctm->type;
+    atm.length = sizeof(buff2);
+    atm.data = (unsigned char *)buff2;
+
+    if (X509_time_adj(&atm, offset * 60, cmp_time) == NULL)
+        return 0;
+
+    if (ctm->type == V_ASN1_UTCTIME) {
+        i = (buff1[0] - '0') * 10 + (buff1[1] - '0');
+        if (i < 50)
+            i += 100;           /* cf. RFC 2459 */
+        j = (buff2[0] - '0') * 10 + (buff2[1] - '0');
+        if (j < 50)
+            j += 100;
+
+        if (i < j)
+            return -1;
+        if (i > j)
+            return 1;
+    }
+    i = strcmp(buff1, buff2);
+    if (i == 0)                 /* wait a second then return younger :-) */
+        return -1;
+    else
+        return i;
+}
 
 ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
 {
-	return X509_time_adj(s, adj, NULL);
+    return X509_time_adj(s, adj, NULL);
 }
 
 ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
-	{
-	time_t t;
-	int type = -1;
-
-	if (in_tm) t = *in_tm;
-	else time(&t);
-
-	t+=adj;
-	if (s) type = s->type;
-	if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t);
-	if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t);
-	return ASN1_TIME_set(s, t);
-	}
+{
+    time_t t;
+    int type = -1;
+
+    if (in_tm)
+        t = *in_tm;
+    else
+        time(&t);
+
+    t += adj;
+    if (s)
+        type = s->type;
+    if (type == V_ASN1_UTCTIME)
+        return ASN1_UTCTIME_set(s, t);
+    if (type == V_ASN1_GENERALIZEDTIME)
+        return ASN1_GENERALIZEDTIME_set(s, t);
+    return ASN1_TIME_set(s, t);
+}
 
 int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
-	{
-	EVP_PKEY *ktmp=NULL,*ktmp2;
-	int i,j;
-
-	if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1;
-
-	for (i=0; i<sk_X509_num(chain); i++)
-		{
-		ktmp=X509_get_pubkey(sk_X509_value(chain,i));
-		if (ktmp == NULL)
-			{
-			X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
-			return 0;
-			}
-		if (!EVP_PKEY_missing_parameters(ktmp))
-			break;
-		else
-			{
-			EVP_PKEY_free(ktmp);
-			ktmp=NULL;
-			}
-		}
-	if (ktmp == NULL)
-		{
-		X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
-		return 0;
-		}
-
-	/* first, populate the other certs */
-	for (j=i-1; j >= 0; j--)
-		{
-		ktmp2=X509_get_pubkey(sk_X509_value(chain,j));
-		EVP_PKEY_copy_parameters(ktmp2,ktmp);
-		EVP_PKEY_free(ktmp2);
-		}
-	
-	if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
-	EVP_PKEY_free(ktmp);
-	return 1;
-	}
-
-int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-	     CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-	{
-	/* This function is (usually) called only once, by
-	 * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */
-	return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
-			new_func, dup_func, free_func);
-	}
+{
+    EVP_PKEY *ktmp = NULL, *ktmp2;
+    int i, j;
+
+    if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey))
+        return 1;
+
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        ktmp = X509_get_pubkey(sk_X509_value(chain, i));
+        if (ktmp == NULL) {
+            X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
+                    X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
+            return 0;
+        }
+        if (!EVP_PKEY_missing_parameters(ktmp))
+            break;
+        else {
+            EVP_PKEY_free(ktmp);
+            ktmp = NULL;
+        }
+    }
+    if (ktmp == NULL) {
+        X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,
+                X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
+        return 0;
+    }
+
+    /* first, populate the other certs */
+    for (j = i - 1; j >= 0; j--) {
+        ktmp2 = X509_get_pubkey(sk_X509_value(chain, j));
+        EVP_PKEY_copy_parameters(ktmp2, ktmp);
+        EVP_PKEY_free(ktmp2);
+    }
+
+    if (pkey != NULL)
+        EVP_PKEY_copy_parameters(pkey, ktmp);
+    EVP_PKEY_free(ktmp);
+    return 1;
+}
+
+int X509_STORE_CTX_get_ex_new_index(long argl, void *argp,
+                                    CRYPTO_EX_new *new_func,
+                                    CRYPTO_EX_dup *dup_func,
+                                    CRYPTO_EX_free *free_func)
+{
+    /*
+     * This function is (usually) called only once, by
+     * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c).
+     */
+    return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp,
+                                   new_func, dup_func, free_func);
+}
 
 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
-	{
-	return CRYPTO_set_ex_data(&ctx->ex_data,idx,data);
-	}
+{
+    return CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
+}
 
 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
-	{
-	return CRYPTO_get_ex_data(&ctx->ex_data,idx);
-	}
+{
+    return CRYPTO_get_ex_data(&ctx->ex_data, idx);
+}
 
 int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
-	{
-	return ctx->error;
-	}
+{
+    return ctx->error;
+}
 
 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
-	{
-	ctx->error=err;
-	}
+{
+    ctx->error = err;
+}
 
 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
-	{
-	return ctx->error_depth;
-	}
+{
+    return ctx->error_depth;
+}
 
 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
-	{
-	return ctx->current_cert;
-	}
+{
+    return ctx->current_cert;
+}
 
 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
-	{
-	return ctx->chain;
-	}
+{
+    return ctx->chain;
+}
 
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
-	{
-	int i;
-	X509 *x;
-	STACK_OF(X509) *chain;
-	if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
-	for (i = 0; i < sk_X509_num(chain); i++)
-		{
-		x = sk_X509_value(chain, i);
-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-		}
-	return chain;
-	}
+{
+    int i;
+    X509 *x;
+    STACK_OF(X509) *chain;
+    if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain)))
+        return NULL;
+    for (i = 0; i < sk_X509_num(chain); i++) {
+        x = sk_X509_value(chain, i);
+        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+    }
+    return chain;
+}
 
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
-	{
-	ctx->cert=x;
-	}
+{
+    ctx->cert = x;
+}
 
 void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
-	{
-	ctx->untrusted=sk;
-	}
+{
+    ctx->untrusted = sk;
+}
 
 void X509_STORE_CTX_set0_crls(X509_STORE_CTX *ctx, STACK_OF(X509_CRL) *sk)
-	{
-	ctx->crls=sk;
-	}
+{
+    ctx->crls = sk;
+}
 
 int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose)
-	{
-	return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
-	}
+{
+    return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0);
+}
 
 int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust)
-	{
-	return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
-	}
-
-/* This function is used to set the X509_STORE_CTX purpose and trust
- * values. This is intended to be used when another structure has its
- * own trust and purpose values which (if set) will be inherited by
- * the ctx. If they aren't set then we will usually have a default
- * purpose in mind which should then be used to set the trust value.
- * An example of this is SSL use: an SSL structure will have its own
- * purpose and trust settings which the application can set: if they
- * aren't set then we use the default of SSL client/server.
+{
+    return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust);
+}
+
+/*
+ * This function is used to set the X509_STORE_CTX purpose and trust values.
+ * This is intended to be used when another structure has its own trust and
+ * purpose values which (if set) will be inherited by the ctx. If they aren't
+ * set then we will usually have a default purpose in mind which should then
+ * be used to set the trust value. An example of this is SSL use: an SSL
+ * structure will have its own purpose and trust settings which the
+ * application can set: if they aren't set then we use the default of SSL
+ * client/server.
  */
 
 int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
-				int purpose, int trust)
+                                   int purpose, int trust)
 {
-	int idx;
-	/* If purpose not set use default */
-	if (!purpose) purpose = def_purpose;
-	/* If we have a purpose then check it is valid */
-	if (purpose)
-		{
-		X509_PURPOSE *ptmp;
-		idx = X509_PURPOSE_get_by_id(purpose);
-		if (idx == -1)
-			{
-			X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
-						X509_R_UNKNOWN_PURPOSE_ID);
-			return 0;
-			}
-		ptmp = X509_PURPOSE_get0(idx);
-		if (ptmp->trust == X509_TRUST_DEFAULT)
-			{
-			idx = X509_PURPOSE_get_by_id(def_purpose);
-			if (idx == -1)
-				{
-				X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
-						X509_R_UNKNOWN_PURPOSE_ID);
-				return 0;
-				}
-			ptmp = X509_PURPOSE_get0(idx);
-			}
-		/* If trust not set then get from purpose default */
-		if (!trust) trust = ptmp->trust;
-		}
-	if (trust)
-		{
-		idx = X509_TRUST_get_by_id(trust);
-		if (idx == -1)
-			{
-			X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
-						X509_R_UNKNOWN_TRUST_ID);
-			return 0;
-			}
-		}
-
-	if (purpose && !ctx->param->purpose) ctx->param->purpose = purpose;
-	if (trust && !ctx->param->trust) ctx->param->trust = trust;
-	return 1;
+    int idx;
+    /* If purpose not set use default */
+    if (!purpose)
+        purpose = def_purpose;
+    /* If we have a purpose then check it is valid */
+    if (purpose) {
+        X509_PURPOSE *ptmp;
+        idx = X509_PURPOSE_get_by_id(purpose);
+        if (idx == -1) {
+            X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                    X509_R_UNKNOWN_PURPOSE_ID);
+            return 0;
+        }
+        ptmp = X509_PURPOSE_get0(idx);
+        if (ptmp->trust == X509_TRUST_DEFAULT) {
+            idx = X509_PURPOSE_get_by_id(def_purpose);
+            if (idx == -1) {
+                X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                        X509_R_UNKNOWN_PURPOSE_ID);
+                return 0;
+            }
+            ptmp = X509_PURPOSE_get0(idx);
+        }
+        /* If trust not set then get from purpose default */
+        if (!trust)
+            trust = ptmp->trust;
+    }
+    if (trust) {
+        idx = X509_TRUST_get_by_id(trust);
+        if (idx == -1) {
+            X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
+                    X509_R_UNKNOWN_TRUST_ID);
+            return 0;
+        }
+    }
+
+    if (purpose && !ctx->param->purpose)
+        ctx->param->purpose = purpose;
+    if (trust && !ctx->param->trust)
+        ctx->param->trust = trust;
+    return 1;
 }
 
 X509_STORE_CTX *X509_STORE_CTX_new(void)
 {
-	X509_STORE_CTX *ctx;
-	ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
-	if (!ctx)
-		{
-		X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE);
-		return NULL;
-		}
-	memset(ctx, 0, sizeof(X509_STORE_CTX));
-	return ctx;
+    X509_STORE_CTX *ctx;
+    ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
+    if (!ctx) {
+        X509err(X509_F_X509_STORE_CTX_NEW, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    memset(ctx, 0, sizeof(X509_STORE_CTX));
+    return ctx;
 }
 
 void X509_STORE_CTX_free(X509_STORE_CTX *ctx)
 {
-	X509_STORE_CTX_cleanup(ctx);
-	OPENSSL_free(ctx);
+    X509_STORE_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
 }
 
 int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
-	     STACK_OF(X509) *chain)
-	{
-	int ret = 1;
-	ctx->ctx=store;
-	ctx->current_method=0;
-	ctx->cert=x509;
-	ctx->untrusted=chain;
-	ctx->crls = NULL;
-	ctx->last_untrusted=0;
-	ctx->other_ctx=NULL;
-	ctx->valid=0;
-	ctx->chain=NULL;
-	ctx->error=0;
-	ctx->explicit_policy=0;
-	ctx->error_depth=0;
-	ctx->current_cert=NULL;
-	ctx->current_issuer=NULL;
-	ctx->tree = NULL;
-
-	ctx->param = X509_VERIFY_PARAM_new();
-
-	if (!ctx->param)
-		{
-		X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-
-	/* Inherit callbacks and flags from X509_STORE if not set
-	 * use defaults.
-	 */
-
-
-	if (store)
-		ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
-	else
-		ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT|X509_VP_FLAG_ONCE;
-
-	if (store)
-		{
-		ctx->verify_cb = store->verify_cb;
-		ctx->cleanup = store->cleanup;
-		}
-	else
-		ctx->cleanup = 0;
-
-	if (ret)
-		ret = X509_VERIFY_PARAM_inherit(ctx->param,
-					X509_VERIFY_PARAM_lookup("default"));
-
-	if (ret == 0)
-		{
-		X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-
-	if (store && store->check_issued)
-		ctx->check_issued = store->check_issued;
-	else
-		ctx->check_issued = check_issued;
-
-	if (store && store->get_issuer)
-		ctx->get_issuer = store->get_issuer;
-	else
-		ctx->get_issuer = X509_STORE_CTX_get1_issuer;
-
-	if (store && store->verify_cb)
-		ctx->verify_cb = store->verify_cb;
-	else
-		ctx->verify_cb = null_callback;
-
-	if (store && store->verify)
-		ctx->verify = store->verify;
-	else
-		ctx->verify = internal_verify;
-
-	if (store && store->check_revocation)
-		ctx->check_revocation = store->check_revocation;
-	else
-		ctx->check_revocation = check_revocation;
-
-	if (store && store->get_crl)
-		ctx->get_crl = store->get_crl;
-	else
-		ctx->get_crl = get_crl;
-
-	if (store && store->check_crl)
-		ctx->check_crl = store->check_crl;
-	else
-		ctx->check_crl = check_crl;
-
-	if (store && store->cert_crl)
-		ctx->cert_crl = store->cert_crl;
-	else
-		ctx->cert_crl = cert_crl;
-
-	ctx->check_policy = check_policy;
-
-
-	/* This memset() can't make any sense anyway, so it's removed. As
-	 * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
-	 * corresponding "new" here and remove this bogus initialisation. */
-	/* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
-	if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
-				&(ctx->ex_data)))
-		{
-		OPENSSL_free(ctx);
-		X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE);
-		return 0;
-		}
-	return 1;
-	}
-
-/* Set alternative lookup method: just a STACK of trusted certificates.
- * This avoids X509_STORE nastiness where it isn't needed.
+                        STACK_OF(X509) *chain)
+{
+    int ret = 1;
+    ctx->ctx = store;
+    ctx->current_method = 0;
+    ctx->cert = x509;
+    ctx->untrusted = chain;
+    ctx->crls = NULL;
+    ctx->last_untrusted = 0;
+    ctx->other_ctx = NULL;
+    ctx->valid = 0;
+    ctx->chain = NULL;
+    ctx->error = 0;
+    ctx->explicit_policy = 0;
+    ctx->error_depth = 0;
+    ctx->current_cert = NULL;
+    ctx->current_issuer = NULL;
+    ctx->tree = NULL;
+
+    ctx->param = X509_VERIFY_PARAM_new();
+
+    if (!ctx->param) {
+        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    /*
+     * Inherit callbacks and flags from X509_STORE if not set use defaults.
+     */
+
+    if (store)
+        ret = X509_VERIFY_PARAM_inherit(ctx->param, store->param);
+    else
+        ctx->param->inh_flags |= X509_VP_FLAG_DEFAULT | X509_VP_FLAG_ONCE;
+
+    if (store) {
+        ctx->verify_cb = store->verify_cb;
+        ctx->cleanup = store->cleanup;
+    } else
+        ctx->cleanup = 0;
+
+    if (ret)
+        ret = X509_VERIFY_PARAM_inherit(ctx->param,
+                                        X509_VERIFY_PARAM_lookup("default"));
+
+    if (ret == 0) {
+        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+
+    if (store && store->check_issued)
+        ctx->check_issued = store->check_issued;
+    else
+        ctx->check_issued = check_issued;
+
+    if (store && store->get_issuer)
+        ctx->get_issuer = store->get_issuer;
+    else
+        ctx->get_issuer = X509_STORE_CTX_get1_issuer;
+
+    if (store && store->verify_cb)
+        ctx->verify_cb = store->verify_cb;
+    else
+        ctx->verify_cb = null_callback;
+
+    if (store && store->verify)
+        ctx->verify = store->verify;
+    else
+        ctx->verify = internal_verify;
+
+    if (store && store->check_revocation)
+        ctx->check_revocation = store->check_revocation;
+    else
+        ctx->check_revocation = check_revocation;
+
+    if (store && store->get_crl)
+        ctx->get_crl = store->get_crl;
+    else
+        ctx->get_crl = get_crl;
+
+    if (store && store->check_crl)
+        ctx->check_crl = store->check_crl;
+    else
+        ctx->check_crl = check_crl;
+
+    if (store && store->cert_crl)
+        ctx->cert_crl = store->cert_crl;
+    else
+        ctx->cert_crl = cert_crl;
+
+    ctx->check_policy = check_policy;
+
+    /*
+     * This memset() can't make any sense anyway, so it's removed. As
+     * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a
+     * corresponding "new" here and remove this bogus initialisation.
+     */
+    /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */
+    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
+                            &(ctx->ex_data))) {
+        OPENSSL_free(ctx);
+        X509err(X509_F_X509_STORE_CTX_INIT, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
+}
+
+/*
+ * Set alternative lookup method: just a STACK of trusted certificates. This
+ * avoids X509_STORE nastiness where it isn't needed.
  */
 
 void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
 {
-	ctx->other_ctx = sk;
-	ctx->get_issuer = get_issuer_sk;
+    ctx->other_ctx = sk;
+    ctx->get_issuer = get_issuer_sk;
 }
 
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
-	{
-	if (ctx->cleanup) ctx->cleanup(ctx);
-	if (ctx->param != NULL)
-		{
-		X509_VERIFY_PARAM_free(ctx->param);
-		ctx->param=NULL;
-		}
-	if (ctx->tree != NULL)
-		{
-		X509_policy_tree_free(ctx->tree);
-		ctx->tree=NULL;
-		}
-	if (ctx->chain != NULL)
-		{
-		sk_X509_pop_free(ctx->chain,X509_free);
-		ctx->chain=NULL;
-		}
-	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
-	memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
-	}
+{
+    if (ctx->cleanup)
+        ctx->cleanup(ctx);
+    if (ctx->param != NULL) {
+        X509_VERIFY_PARAM_free(ctx->param);
+        ctx->param = NULL;
+    }
+    if (ctx->tree != NULL) {
+        X509_policy_tree_free(ctx->tree);
+        ctx->tree = NULL;
+    }
+    if (ctx->chain != NULL) {
+        sk_X509_pop_free(ctx->chain, X509_free);
+        ctx->chain = NULL;
+    }
+    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data));
+    memset(&ctx->ex_data, 0, sizeof(CRYPTO_EX_DATA));
+}
 
 void X509_STORE_CTX_set_depth(X509_STORE_CTX *ctx, int depth)
-	{
-	X509_VERIFY_PARAM_set_depth(ctx->param, depth);
-	}
+{
+    X509_VERIFY_PARAM_set_depth(ctx->param, depth);
+}
 
 void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, unsigned long flags)
-	{
-	X509_VERIFY_PARAM_set_flags(ctx->param, flags);
-	}
+{
+    X509_VERIFY_PARAM_set_flags(ctx->param, flags);
+}
 
-void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags, time_t t)
-	{
-	X509_VERIFY_PARAM_set_time(ctx->param, t);
-	}
+void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, unsigned long flags,
+                             time_t t)
+{
+    X509_VERIFY_PARAM_set_time(ctx->param, t);
+}
 
 void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
-				  int (*verify_cb)(int, X509_STORE_CTX *))
-	{
-	ctx->verify_cb=verify_cb;
-	}
+                                  int (*verify_cb) (int, X509_STORE_CTX *))
+{
+    ctx->verify_cb = verify_cb;
+}
 
 X509_POLICY_TREE *X509_STORE_CTX_get0_policy_tree(X509_STORE_CTX *ctx)
-	{
-	return ctx->tree;
-	}
+{
+    return ctx->tree;
+}
 
 int X509_STORE_CTX_get_explicit_policy(X509_STORE_CTX *ctx)
-	{
-	return ctx->explicit_policy;
-	}
+{
+    return ctx->explicit_policy;
+}
 
 int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name)
-	{
-	const X509_VERIFY_PARAM *param;
-	param = X509_VERIFY_PARAM_lookup(name);
-	if (!param)
-		return 0;
-	return X509_VERIFY_PARAM_inherit(ctx->param, param);
-	}
+{
+    const X509_VERIFY_PARAM *param;
+    param = X509_VERIFY_PARAM_lookup(name);
+    if (!param)
+        return 0;
+    return X509_VERIFY_PARAM_inherit(ctx->param, param);
+}
 
 X509_VERIFY_PARAM *X509_STORE_CTX_get0_param(X509_STORE_CTX *ctx)
-	{
-	return ctx->param;
-	}
+{
+    return ctx->param;
+}
 
 void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
-	{
-	if (ctx->param)
-		X509_VERIFY_PARAM_free(ctx->param);
-	ctx->param = param;
-	}
+{
+    if (ctx->param)
+        X509_VERIFY_PARAM_free(ctx->param);
+    ctx->param = param;
+}
 
 IMPLEMENT_STACK_OF(X509)
+
 IMPLEMENT_ASN1_SET_OF(X509)
 
 IMPLEMENT_STACK_OF(X509_NAME)
 
 IMPLEMENT_STACK_OF(X509_ATTRIBUTE)
+
 IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE)
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c
index 01c5541e..955ece24 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509_vpm.c
@@ -1,6 +1,7 @@
 /* x509_vpm.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2004.
  */
 /* ====================================================================
  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -68,38 +69,38 @@
 /* X509_VERIFY_PARAM functions */
 
 static void x509_verify_param_zero(X509_VERIFY_PARAM *param)
-	{
-	if (!param)
-		return;
-	param->name = NULL;
-	param->purpose = 0;
-	param->trust = 0;
-	param->inh_flags = 0;
-	param->flags = 0;
-	param->depth = -1;
-	if (param->policies)
-		{
-		sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
-		param->policies = NULL;
-		}
-	}
+{
+    if (!param)
+        return;
+    param->name = NULL;
+    param->purpose = 0;
+    param->trust = 0;
+    param->inh_flags = 0;
+    param->flags = 0;
+    param->depth = -1;
+    if (param->policies) {
+        sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+        param->policies = NULL;
+    }
+}
 
 X509_VERIFY_PARAM *X509_VERIFY_PARAM_new(void)
-	{
-	X509_VERIFY_PARAM *param;
-	param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
-	memset(param, 0, sizeof(X509_VERIFY_PARAM));
-	x509_verify_param_zero(param);
-	return param;
-	}
+{
+    X509_VERIFY_PARAM *param;
+    param = OPENSSL_malloc(sizeof(X509_VERIFY_PARAM));
+    memset(param, 0, sizeof(X509_VERIFY_PARAM));
+    x509_verify_param_zero(param);
+    return param;
+}
 
 void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
-	{
-	x509_verify_param_zero(param);
-	OPENSSL_free(param);
-	}
+{
+    x509_verify_param_zero(param);
+    OPENSSL_free(param);
+}
 
-/* This function determines how parameters are "inherited" from one structure
+/*-
+ * This function determines how parameters are "inherited" from one structure
  * to another. There are several different ways this can happen.
  *
  * 1. If a child structure needs to have its values initialized from a parent
@@ -109,7 +110,7 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
  *    for SSL servers or clients but only if the application has not set new
  *    ones.
  *
- * The "inh_flags" field determines how this function behaves. 
+ * The "inh_flags" field determines how this function behaves.
  *
  * Normally any values which are set in the default are not copied from the
  * destination and verify flags are ORed together.
@@ -133,302 +134,293 @@ void X509_VERIFY_PARAM_free(X509_VERIFY_PARAM *param)
 /* Macro to test if a field should be copied from src to dest */
 
 #define test_x509_verify_param_copy(field, def) \
-	(to_overwrite || \
-		((src->field != def) && (to_default || (dest->field == def))))
+        (to_overwrite || \
+                ((src->field != def) && (to_default || (dest->field == def))))
 
 /* Macro to test and copy a field if necessary */
 
 #define x509_verify_param_copy(field, def) \
-	if (test_x509_verify_param_copy(field, def)) \
-		dest->field = src->field
-		
+        if (test_x509_verify_param_copy(field, def)) \
+                dest->field = src->field
 
 int X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest,
-						const X509_VERIFY_PARAM *src)
-	{
-	unsigned long inh_flags;
-	int to_default, to_overwrite;
-	if (!src)
-		return 1;
-	inh_flags = dest->inh_flags | src->inh_flags;
+                              const X509_VERIFY_PARAM *src)
+{
+    unsigned long inh_flags;
+    int to_default, to_overwrite;
+    if (!src)
+        return 1;
+    inh_flags = dest->inh_flags | src->inh_flags;
 
-	if (inh_flags & X509_VP_FLAG_ONCE)
-		dest->inh_flags = 0;
+    if (inh_flags & X509_VP_FLAG_ONCE)
+        dest->inh_flags = 0;
 
-	if (inh_flags & X509_VP_FLAG_LOCKED)
-		return 1;
+    if (inh_flags & X509_VP_FLAG_LOCKED)
+        return 1;
 
-	if (inh_flags & X509_VP_FLAG_DEFAULT)
-		to_default = 1;
-	else
-		to_default = 0;
+    if (inh_flags & X509_VP_FLAG_DEFAULT)
+        to_default = 1;
+    else
+        to_default = 0;
 
-	if (inh_flags & X509_VP_FLAG_OVERWRITE)
-		to_overwrite = 1;
-	else
-		to_overwrite = 0;
+    if (inh_flags & X509_VP_FLAG_OVERWRITE)
+        to_overwrite = 1;
+    else
+        to_overwrite = 0;
 
-	x509_verify_param_copy(purpose, 0);
-	x509_verify_param_copy(trust, 0);
-	x509_verify_param_copy(depth, -1);
+    x509_verify_param_copy(purpose, 0);
+    x509_verify_param_copy(trust, 0);
+    x509_verify_param_copy(depth, -1);
 
-	/* If overwrite or check time not set, copy across */
+    /* If overwrite or check time not set, copy across */
 
-	if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME))
-		{
-		dest->check_time = src->check_time;
-		dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
-		/* Don't need to copy flag: that is done below */
-		}
+    if (to_overwrite || !(dest->flags & X509_V_FLAG_USE_CHECK_TIME)) {
+        dest->check_time = src->check_time;
+        dest->flags &= ~X509_V_FLAG_USE_CHECK_TIME;
+        /* Don't need to copy flag: that is done below */
+    }
 
-	if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
-		dest->flags = 0;
+    if (inh_flags & X509_VP_FLAG_RESET_FLAGS)
+        dest->flags = 0;
 
-	dest->flags |= src->flags;
+    dest->flags |= src->flags;
 
-	if (test_x509_verify_param_copy(policies, NULL))
-		{
-		if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
-			return 0;
-		}
+    if (test_x509_verify_param_copy(policies, NULL)) {
+        if (!X509_VERIFY_PARAM_set1_policies(dest, src->policies))
+            return 0;
+    }
 
-	return 1;
-	}
+    return 1;
+}
 
 int X509_VERIFY_PARAM_set1(X509_VERIFY_PARAM *to,
-						const X509_VERIFY_PARAM *from)
-	{
-	unsigned long save_flags = to->inh_flags;
-	int ret;
-	to->inh_flags |= X509_VP_FLAG_DEFAULT;
-	ret = X509_VERIFY_PARAM_inherit(to, from);
-	to->inh_flags = save_flags;
-	return ret;
-	}
+                           const X509_VERIFY_PARAM *from)
+{
+    unsigned long save_flags = to->inh_flags;
+    int ret;
+    to->inh_flags |= X509_VP_FLAG_DEFAULT;
+    ret = X509_VERIFY_PARAM_inherit(to, from);
+    to->inh_flags = save_flags;
+    return ret;
+}
 
 int X509_VERIFY_PARAM_set1_name(X509_VERIFY_PARAM *param, const char *name)
-	{
-	if (param->name)
-		OPENSSL_free(param->name);
-	param->name = BUF_strdup(name);
-	if (param->name)
-		return 1;
-	return 0;
-	}
+{
+    if (param->name)
+        OPENSSL_free(param->name);
+    param->name = BUF_strdup(name);
+    if (param->name)
+        return 1;
+    return 0;
+}
 
 int X509_VERIFY_PARAM_set_flags(X509_VERIFY_PARAM *param, unsigned long flags)
-	{
-	param->flags |= flags;
-	if (flags & X509_V_FLAG_POLICY_MASK)
-		param->flags |= X509_V_FLAG_POLICY_CHECK;
-	return 1;
-	}
-
-int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param, unsigned long flags)
-	{
-	param->flags &= ~flags;
-	return 1;
-	}
+{
+    param->flags |= flags;
+    if (flags & X509_V_FLAG_POLICY_MASK)
+        param->flags |= X509_V_FLAG_POLICY_CHECK;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_clear_flags(X509_VERIFY_PARAM *param,
+                                  unsigned long flags)
+{
+    param->flags &= ~flags;
+    return 1;
+}
 
 unsigned long X509_VERIFY_PARAM_get_flags(X509_VERIFY_PARAM *param)
-	{
-	return param->flags;
-	}
+{
+    return param->flags;
+}
 
 int X509_VERIFY_PARAM_set_purpose(X509_VERIFY_PARAM *param, int purpose)
-	{
-	return X509_PURPOSE_set(&param->purpose, purpose);
-	}
+{
+    return X509_PURPOSE_set(&param->purpose, purpose);
+}
 
 int X509_VERIFY_PARAM_set_trust(X509_VERIFY_PARAM *param, int trust)
-	{
-	return X509_TRUST_set(&param->trust, trust);
-	}
+{
+    return X509_TRUST_set(&param->trust, trust);
+}
 
 void X509_VERIFY_PARAM_set_depth(X509_VERIFY_PARAM *param, int depth)
-	{
-	param->depth = depth;
-	}
+{
+    param->depth = depth;
+}
 
 void X509_VERIFY_PARAM_set_time(X509_VERIFY_PARAM *param, time_t t)
-	{
-	param->check_time = t;
-	param->flags |= X509_V_FLAG_USE_CHECK_TIME;
-	}
-
-int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param, ASN1_OBJECT *policy)
-	{
-	if (!param->policies)
-		{
-		param->policies = sk_ASN1_OBJECT_new_null();
-		if (!param->policies)
-			return 0;
-		}
-	if (!sk_ASN1_OBJECT_push(param->policies, policy))
-		return 0;
-	return 1;
-	}
-
-int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param, 
-					STACK_OF(ASN1_OBJECT) *policies)
-	{
-	int i;
-	ASN1_OBJECT *oid, *doid;
-	if (!param)
-		return 0;
-	if (param->policies)
-		sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
-
-	if (!policies)
-		{
-		param->policies = NULL;
-		return 1;
-		}
-
-	param->policies = sk_ASN1_OBJECT_new_null();
-	if (!param->policies)
-		return 0;
-
-	for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++)
-		{
-		oid = sk_ASN1_OBJECT_value(policies, i);
-		doid = OBJ_dup(oid);
-		if (!doid)
-			return 0;
-		if (!sk_ASN1_OBJECT_push(param->policies, doid))
-			{
-			ASN1_OBJECT_free(doid);
-			return 0;
-			}
-		}
-	param->flags |= X509_V_FLAG_POLICY_CHECK;
-	return 1;
-	}
+{
+    param->check_time = t;
+    param->flags |= X509_V_FLAG_USE_CHECK_TIME;
+}
+
+int X509_VERIFY_PARAM_add0_policy(X509_VERIFY_PARAM *param,
+                                  ASN1_OBJECT *policy)
+{
+    if (!param->policies) {
+        param->policies = sk_ASN1_OBJECT_new_null();
+        if (!param->policies)
+            return 0;
+    }
+    if (!sk_ASN1_OBJECT_push(param->policies, policy))
+        return 0;
+    return 1;
+}
+
+int X509_VERIFY_PARAM_set1_policies(X509_VERIFY_PARAM *param,
+                                    STACK_OF(ASN1_OBJECT) *policies)
+{
+    int i;
+    ASN1_OBJECT *oid, *doid;
+    if (!param)
+        return 0;
+    if (param->policies)
+        sk_ASN1_OBJECT_pop_free(param->policies, ASN1_OBJECT_free);
+
+    if (!policies) {
+        param->policies = NULL;
+        return 1;
+    }
+
+    param->policies = sk_ASN1_OBJECT_new_null();
+    if (!param->policies)
+        return 0;
+
+    for (i = 0; i < sk_ASN1_OBJECT_num(policies); i++) {
+        oid = sk_ASN1_OBJECT_value(policies, i);
+        doid = OBJ_dup(oid);
+        if (!doid)
+            return 0;
+        if (!sk_ASN1_OBJECT_push(param->policies, doid)) {
+            ASN1_OBJECT_free(doid);
+            return 0;
+        }
+    }
+    param->flags |= X509_V_FLAG_POLICY_CHECK;
+    return 1;
+}
 
 int X509_VERIFY_PARAM_get_depth(const X509_VERIFY_PARAM *param)
-	{
-	return param->depth;
-	}
-
-/* Default verify parameters: these are used for various
- * applications and can be overridden by the user specified table.
- * NB: the 'name' field *must* be in alphabetical order because it
- * will be searched using OBJ_search.
+{
+    return param->depth;
+}
+
+/*
+ * Default verify parameters: these are used for various applications and can
+ * be overridden by the user specified table. NB: the 'name' field *must* be
+ * in alphabetical order because it will be searched using OBJ_search.
  */
 
 static const X509_VERIFY_PARAM default_table[] = {
-	{
-	"default",	/* X509 default parameters */
-	0,		/* Check time */
-	0,		/* internal flags */
-	0,		/* flags */
-	0,		/* purpose */
-	0,		/* trust */
-	100,		/* depth */
-	NULL		/* policies */
-	},
-	{
-	"pkcs7",			/* S/MIME signing parameters */
-	0,				/* Check time */
-	0,				/* internal flags */
-	0,				/* flags */
-	X509_PURPOSE_SMIME_SIGN,	/* purpose */
-	X509_TRUST_EMAIL,		/* trust */
-	-1,				/* depth */
-	NULL				/* policies */
-	},
-	{
-	"smime_sign",			/* S/MIME signing parameters */
-	0,				/* Check time */
-	0,				/* internal flags */
-	0,				/* flags */
-	X509_PURPOSE_SMIME_SIGN,	/* purpose */
-	X509_TRUST_EMAIL,		/* trust */
-	-1,				/* depth */
-	NULL				/* policies */
-	},
-	{
-	"ssl_client",			/* SSL/TLS client parameters */
-	0,				/* Check time */
-	0,				/* internal flags */
-	0,				/* flags */
-	X509_PURPOSE_SSL_CLIENT,	/* purpose */
-	X509_TRUST_SSL_CLIENT,		/* trust */
-	-1,				/* depth */
-	NULL				/* policies */
-	},
-	{
-	"ssl_server",			/* SSL/TLS server parameters */
-	0,				/* Check time */
-	0,				/* internal flags */
-	0,				/* flags */
-	X509_PURPOSE_SSL_SERVER,	/* purpose */
-	X509_TRUST_SSL_SERVER,		/* trust */
-	-1,				/* depth */
-	NULL				/* policies */
-	}};
+    {
+     "default",                 /* X509 default parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     0,                         /* purpose */
+     0,                         /* trust */
+     100,                       /* depth */
+     NULL                       /* policies */
+     },
+    {
+     "pkcs7",                   /* S/MIME signing parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SMIME_SIGN,   /* purpose */
+     X509_TRUST_EMAIL,          /* trust */
+     -1,                        /* depth */
+     NULL                       /* policies */
+     },
+    {
+     "smime_sign",              /* S/MIME signing parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SMIME_SIGN,   /* purpose */
+     X509_TRUST_EMAIL,          /* trust */
+     -1,                        /* depth */
+     NULL                       /* policies */
+     },
+    {
+     "ssl_client",              /* SSL/TLS client parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SSL_CLIENT,   /* purpose */
+     X509_TRUST_SSL_CLIENT,     /* trust */
+     -1,                        /* depth */
+     NULL                       /* policies */
+     },
+    {
+     "ssl_server",              /* SSL/TLS server parameters */
+     0,                         /* Check time */
+     0,                         /* internal flags */
+     0,                         /* flags */
+     X509_PURPOSE_SSL_SERVER,   /* purpose */
+     X509_TRUST_SSL_SERVER,     /* trust */
+     -1,                        /* depth */
+     NULL                       /* policies */
+     }
+};
 
 static STACK_OF(X509_VERIFY_PARAM) *param_table = NULL;
 
 static int table_cmp(const void *pa, const void *pb)
-	{
-	const X509_VERIFY_PARAM *a = pa, *b = pb;
-	return strcmp(a->name, b->name);
-	}
+{
+    const X509_VERIFY_PARAM *a = pa, *b = pb;
+    return strcmp(a->name, b->name);
+}
 
-static int param_cmp(const X509_VERIFY_PARAM * const *a,
-			const X509_VERIFY_PARAM * const *b)
-	{
-	return strcmp((*a)->name, (*b)->name);
-	}
+static int param_cmp(const X509_VERIFY_PARAM *const *a,
+                     const X509_VERIFY_PARAM *const *b)
+{
+    return strcmp((*a)->name, (*b)->name);
+}
 
 int X509_VERIFY_PARAM_add0_table(X509_VERIFY_PARAM *param)
-	{
-	int idx;
-	X509_VERIFY_PARAM *ptmp;
-	if (!param_table)
-		{
-		param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
-		if (!param_table)
-			return 0;
-		}
-	else
-		{
-		idx = sk_X509_VERIFY_PARAM_find(param_table, param);
-		if (idx != -1)
-			{
-			ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
-			X509_VERIFY_PARAM_free(ptmp);
-			(void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
-			}
-		}
-	if (!sk_X509_VERIFY_PARAM_push(param_table, param))
-		return 0;
-	return 1;
-	}
+{
+    int idx;
+    X509_VERIFY_PARAM *ptmp;
+    if (!param_table) {
+        param_table = sk_X509_VERIFY_PARAM_new(param_cmp);
+        if (!param_table)
+            return 0;
+    } else {
+        idx = sk_X509_VERIFY_PARAM_find(param_table, param);
+        if (idx != -1) {
+            ptmp = sk_X509_VERIFY_PARAM_value(param_table, idx);
+            X509_VERIFY_PARAM_free(ptmp);
+            (void)sk_X509_VERIFY_PARAM_delete(param_table, idx);
+        }
+    }
+    if (!sk_X509_VERIFY_PARAM_push(param_table, param))
+        return 0;
+    return 1;
+}
 
 const X509_VERIFY_PARAM *X509_VERIFY_PARAM_lookup(const char *name)
-	{
-	int idx;
-	X509_VERIFY_PARAM pm;
-	pm.name = (char *)name;
-	if (param_table)
-		{
-		idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
-		if (idx != -1)
-			return sk_X509_VERIFY_PARAM_value(param_table, idx);
-		}
-	return (const X509_VERIFY_PARAM *) OBJ_bsearch((char *)&pm,
-				(char *)&default_table,
-				sizeof(default_table)/sizeof(X509_VERIFY_PARAM),
-				sizeof(X509_VERIFY_PARAM),
-				table_cmp);
-	}
+{
+    int idx;
+    X509_VERIFY_PARAM pm;
+    pm.name = (char *)name;
+    if (param_table) {
+        idx = sk_X509_VERIFY_PARAM_find(param_table, &pm);
+        if (idx != -1)
+            return sk_X509_VERIFY_PARAM_value(param_table, idx);
+    }
+    return (const X509_VERIFY_PARAM *)OBJ_bsearch((char *)&pm,
+                                                  (char *)&default_table,
+                                                  sizeof(default_table) /
+                                                  sizeof(X509_VERIFY_PARAM),
+                                                  sizeof(X509_VERIFY_PARAM),
+                                                  table_cmp);
+}
 
 void X509_VERIFY_PARAM_table_cleanup(void)
-	{
-	if (param_table)
-		sk_X509_VERIFY_PARAM_pop_free(param_table,
-						X509_VERIFY_PARAM_free);
-	param_table = NULL;
-	}
+{
+    if (param_table)
+        sk_X509_VERIFY_PARAM_pop_free(param_table, X509_VERIFY_PARAM_free);
+    param_table = NULL;
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509cset.c b/Cryptlib/OpenSSL/crypto/x509/x509cset.c
index 7f4004b2..4ef88081 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509cset.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509cset.c
@@ -1,6 +1,7 @@
 /* crypto/x509/x509cset.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,107 +65,103 @@
 #include <openssl/x509.h>
 
 int X509_CRL_set_version(X509_CRL *x, long version)
-	{
-	if (x == NULL) return(0);
-	if (x->crl->version == NULL)
-		{
-		if ((x->crl->version=M_ASN1_INTEGER_new()) == NULL)
-			return(0);
-		}
-	return(ASN1_INTEGER_set(x->crl->version,version));
-	}
+{
+    if (x == NULL)
+        return (0);
+    if (x->crl->version == NULL) {
+        if ((x->crl->version = M_ASN1_INTEGER_new()) == NULL)
+            return (0);
+    }
+    return (ASN1_INTEGER_set(x->crl->version, version));
+}
 
 int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name)
-	{
-	if ((x == NULL) || (x->crl == NULL)) return(0);
-	return(X509_NAME_set(&x->crl->issuer,name));
-	}
-
+{
+    if ((x == NULL) || (x->crl == NULL))
+        return (0);
+    return (X509_NAME_set(&x->crl->issuer, name));
+}
 
 int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm)
-	{
-	ASN1_TIME *in;
+{
+    ASN1_TIME *in;
 
-	if (x == NULL) return(0);
-	in=x->crl->lastUpdate;
-	if (in != tm)
-		{
-		in=M_ASN1_TIME_dup(tm);
-		if (in != NULL)
-			{
-			M_ASN1_TIME_free(x->crl->lastUpdate);
-			x->crl->lastUpdate=in;
-			}
-		}
-	return(in != NULL);
-	}
+    if (x == NULL)
+        return (0);
+    in = x->crl->lastUpdate;
+    if (in != tm) {
+        in = M_ASN1_TIME_dup(tm);
+        if (in != NULL) {
+            M_ASN1_TIME_free(x->crl->lastUpdate);
+            x->crl->lastUpdate = in;
+        }
+    }
+    return (in != NULL);
+}
 
 int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm)
-	{
-	ASN1_TIME *in;
+{
+    ASN1_TIME *in;
 
-	if (x == NULL) return(0);
-	in=x->crl->nextUpdate;
-	if (in != tm)
-		{
-		in=M_ASN1_TIME_dup(tm);
-		if (in != NULL)
-			{
-			M_ASN1_TIME_free(x->crl->nextUpdate);
-			x->crl->nextUpdate=in;
-			}
-		}
-	return(in != NULL);
-	}
+    if (x == NULL)
+        return (0);
+    in = x->crl->nextUpdate;
+    if (in != tm) {
+        in = M_ASN1_TIME_dup(tm);
+        if (in != NULL) {
+            M_ASN1_TIME_free(x->crl->nextUpdate);
+            x->crl->nextUpdate = in;
+        }
+    }
+    return (in != NULL);
+}
 
 int X509_CRL_sort(X509_CRL *c)
-	{
-	int i;
-	X509_REVOKED *r;
-	/* sort the data so it will be written in serial
-	 * number order */
-	sk_X509_REVOKED_sort(c->crl->revoked);
-	for (i=0; i<sk_X509_REVOKED_num(c->crl->revoked); i++)
-		{
-		r=sk_X509_REVOKED_value(c->crl->revoked,i);
-		r->sequence=i;
-		}
-	c->crl->enc.modified = 1;
-	return 1;
-	}
+{
+    int i;
+    X509_REVOKED *r;
+    /*
+     * sort the data so it will be written in serial number order
+     */
+    sk_X509_REVOKED_sort(c->crl->revoked);
+    for (i = 0; i < sk_X509_REVOKED_num(c->crl->revoked); i++) {
+        r = sk_X509_REVOKED_value(c->crl->revoked, i);
+        r->sequence = i;
+    }
+    c->crl->enc.modified = 1;
+    return 1;
+}
 
 int X509_REVOKED_set_revocationDate(X509_REVOKED *x, ASN1_TIME *tm)
-	{
-	ASN1_TIME *in;
+{
+    ASN1_TIME *in;
 
-	if (x == NULL) return(0);
-	in=x->revocationDate;
-	if (in != tm)
-		{
-		in=M_ASN1_TIME_dup(tm);
-		if (in != NULL)
-			{
-			M_ASN1_TIME_free(x->revocationDate);
-			x->revocationDate=in;
-			}
-		}
-	return(in != NULL);
-	}
+    if (x == NULL)
+        return (0);
+    in = x->revocationDate;
+    if (in != tm) {
+        in = M_ASN1_TIME_dup(tm);
+        if (in != NULL) {
+            M_ASN1_TIME_free(x->revocationDate);
+            x->revocationDate = in;
+        }
+    }
+    return (in != NULL);
+}
 
 int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial)
-	{
-	ASN1_INTEGER *in;
+{
+    ASN1_INTEGER *in;
 
-	if (x == NULL) return(0);
-	in=x->serialNumber;
-	if (in != serial)
-		{
-		in=M_ASN1_INTEGER_dup(serial);
-		if (in != NULL)
-			{
-			M_ASN1_INTEGER_free(x->serialNumber);
-			x->serialNumber=in;
-			}
-		}
-	return(in != NULL);
-	}
+    if (x == NULL)
+        return (0);
+    in = x->serialNumber;
+    if (in != serial) {
+        in = M_ASN1_INTEGER_dup(serial);
+        if (in != NULL) {
+            M_ASN1_INTEGER_free(x->serialNumber);
+            x->serialNumber = in;
+        }
+    }
+    return (in != NULL);
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509name.c b/Cryptlib/OpenSSL/crypto/x509/x509name.c
index 068abfe5..4e7b64f6 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509name.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509name.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -65,319 +65,333 @@
 #include <openssl/x509.h>
 
 int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len)
-	{
-	ASN1_OBJECT *obj;
+{
+    ASN1_OBJECT *obj;
 
-	obj=OBJ_nid2obj(nid);
-	if (obj == NULL) return(-1);
-	return(X509_NAME_get_text_by_OBJ(name,obj,buf,len));
-	}
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL)
+        return (-1);
+    return (X509_NAME_get_text_by_OBJ(name, obj, buf, len));
+}
 
 int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf,
-	     int len)
-	{
-	int i;
-	ASN1_STRING *data;
-
-	i=X509_NAME_get_index_by_OBJ(name,obj,-1);
-	if (i < 0) return(-1);
-	data=X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name,i));
-	i=(data->length > (len-1))?(len-1):data->length;
-	if (buf == NULL) return(data->length);
-	memcpy(buf,data->data,i);
-	buf[i]='\0';
-	return(i);
-	}
+                              int len)
+{
+    int i;
+    ASN1_STRING *data;
+
+    i = X509_NAME_get_index_by_OBJ(name, obj, -1);
+    if (i < 0)
+        return (-1);
+    data = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, i));
+    i = (data->length > (len - 1)) ? (len - 1) : data->length;
+    if (buf == NULL)
+        return (data->length);
+    memcpy(buf, data->data, i);
+    buf[i] = '\0';
+    return (i);
+}
 
 int X509_NAME_entry_count(X509_NAME *name)
-	{
-	if (name == NULL) return(0);
-	return(sk_X509_NAME_ENTRY_num(name->entries));
-	}
+{
+    if (name == NULL)
+        return (0);
+    return (sk_X509_NAME_ENTRY_num(name->entries));
+}
 
 int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos)
-	{
-	ASN1_OBJECT *obj;
+{
+    ASN1_OBJECT *obj;
 
-	obj=OBJ_nid2obj(nid);
-	if (obj == NULL) return(-2);
-	return(X509_NAME_get_index_by_OBJ(name,obj,lastpos));
-	}
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL)
+        return (-2);
+    return (X509_NAME_get_index_by_OBJ(name, obj, lastpos));
+}
 
 /* NOTE: you should be passsing -1, not 0 as lastpos */
-int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj,
-	     int lastpos)
-	{
-	int n;
-	X509_NAME_ENTRY *ne;
-	STACK_OF(X509_NAME_ENTRY) *sk;
-
-	if (name == NULL) return(-1);
-	if (lastpos < 0)
-		lastpos= -1;
-	sk=name->entries;
-	n=sk_X509_NAME_ENTRY_num(sk);
-	for (lastpos++; lastpos < n; lastpos++)
-		{
-		ne=sk_X509_NAME_ENTRY_value(sk,lastpos);
-		if (OBJ_cmp(ne->object,obj) == 0)
-			return(lastpos);
-		}
-	return(-1);
-	}
+int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int lastpos)
+{
+    int n;
+    X509_NAME_ENTRY *ne;
+    STACK_OF(X509_NAME_ENTRY) *sk;
+
+    if (name == NULL)
+        return (-1);
+    if (lastpos < 0)
+        lastpos = -1;
+    sk = name->entries;
+    n = sk_X509_NAME_ENTRY_num(sk);
+    for (lastpos++; lastpos < n; lastpos++) {
+        ne = sk_X509_NAME_ENTRY_value(sk, lastpos);
+        if (OBJ_cmp(ne->object, obj) == 0)
+            return (lastpos);
+    }
+    return (-1);
+}
 
 X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc)
-	{
-	if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
-	   || loc < 0)
-		return(NULL);
-	else
-		return(sk_X509_NAME_ENTRY_value(name->entries,loc));
-	}
+{
+    if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+        || loc < 0)
+        return (NULL);
+    else
+        return (sk_X509_NAME_ENTRY_value(name->entries, loc));
+}
 
 X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc)
-	{
-	X509_NAME_ENTRY *ret;
-	int i,n,set_prev,set_next;
-	STACK_OF(X509_NAME_ENTRY) *sk;
-
-	if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
-	    || loc < 0)
-		return(NULL);
-	sk=name->entries;
-	ret=sk_X509_NAME_ENTRY_delete(sk,loc);
-	n=sk_X509_NAME_ENTRY_num(sk);
-	name->modified=1;
-	if (loc == n) return(ret);
-
-	/* else we need to fixup the set field */
-	if (loc != 0)
-		set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set;
-	else
-		set_prev=ret->set-1;
-	set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set;
-
-	/* set_prev is the previous set
-	 * set is the current set
-	 * set_next is the following
-	 * prev  1 1	1 1	1 1	1 1
-	 * set   1	1	2	2
-	 * next  1 1	2 2	2 2	3 2
-	 * so basically only if prev and next differ by 2, then
-	 * re-number down by 1 */
-	if (set_prev+1 < set_next)
-		for (i=loc; i<n; i++)
-			sk_X509_NAME_ENTRY_value(sk,i)->set--;
-	return(ret);
-	}
+{
+    X509_NAME_ENTRY *ret;
+    int i, n, set_prev, set_next;
+    STACK_OF(X509_NAME_ENTRY) *sk;
+
+    if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc
+        || loc < 0)
+        return (NULL);
+    sk = name->entries;
+    ret = sk_X509_NAME_ENTRY_delete(sk, loc);
+    n = sk_X509_NAME_ENTRY_num(sk);
+    name->modified = 1;
+    if (loc == n)
+        return (ret);
+
+    /* else we need to fixup the set field */
+    if (loc != 0)
+        set_prev = (sk_X509_NAME_ENTRY_value(sk, loc - 1))->set;
+    else
+        set_prev = ret->set - 1;
+    set_next = sk_X509_NAME_ENTRY_value(sk, loc)->set;
+
+    /*-
+     * set_prev is the previous set
+     * set is the current set
+     * set_next is the following
+     * prev  1 1    1 1     1 1     1 1
+     * set   1      1       2       2
+     * next  1 1    2 2     2 2     3 2
+     * so basically only if prev and next differ by 2, then
+     * re-number down by 1
+     */
+    if (set_prev + 1 < set_next)
+        for (i = loc; i < n; i++)
+            sk_X509_NAME_ENTRY_value(sk, i)->set--;
+    return (ret);
+}
 
 int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type,
-			unsigned char *bytes, int len, int loc, int set)
+                               unsigned char *bytes, int len, int loc,
+                               int set)
 {
-	X509_NAME_ENTRY *ne;
-	int ret;
-	ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
-	if(!ne) return 0;
-	ret = X509_NAME_add_entry(name, ne, loc, set);
-	X509_NAME_ENTRY_free(ne);
-	return ret;
+    X509_NAME_ENTRY *ne;
+    int ret;
+    ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len);
+    if (!ne)
+        return 0;
+    ret = X509_NAME_add_entry(name, ne, loc, set);
+    X509_NAME_ENTRY_free(ne);
+    return ret;
 }
 
 int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type,
-			unsigned char *bytes, int len, int loc, int set)
+                               unsigned char *bytes, int len, int loc,
+                               int set)
 {
-	X509_NAME_ENTRY *ne;
-	int ret;
-	ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
-	if(!ne) return 0;
-	ret = X509_NAME_add_entry(name, ne, loc, set);
-	X509_NAME_ENTRY_free(ne);
-	return ret;
+    X509_NAME_ENTRY *ne;
+    int ret;
+    ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
+    if (!ne)
+        return 0;
+    ret = X509_NAME_add_entry(name, ne, loc, set);
+    X509_NAME_ENTRY_free(ne);
+    return ret;
 }
 
 int X509_NAME_add_entry_by_txt(X509_NAME *name, const char *field, int type,
-			const unsigned char *bytes, int len, int loc, int set)
+                               const unsigned char *bytes, int len, int loc,
+                               int set)
 {
-	X509_NAME_ENTRY *ne;
-	int ret;
-	ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
-	if(!ne) return 0;
-	ret = X509_NAME_add_entry(name, ne, loc, set);
-	X509_NAME_ENTRY_free(ne);
-	return ret;
+    X509_NAME_ENTRY *ne;
+    int ret;
+    ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len);
+    if (!ne)
+        return 0;
+    ret = X509_NAME_add_entry(name, ne, loc, set);
+    X509_NAME_ENTRY_free(ne);
+    return ret;
 }
 
-/* if set is -1, append to previous set, 0 'a new one', and 1,
- * prepend to the guy we are about to stomp on. */
+/*
+ * if set is -1, append to previous set, 0 'a new one', and 1, prepend to the
+ * guy we are about to stomp on.
+ */
 int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc,
-	     int set)
-	{
-	X509_NAME_ENTRY *new_name=NULL;
-	int n,i,inc;
-	STACK_OF(X509_NAME_ENTRY) *sk;
-
-	if (name == NULL) return(0);
-	sk=name->entries;
-	n=sk_X509_NAME_ENTRY_num(sk);
-	if (loc > n) loc=n;
-	else if (loc < 0) loc=n;
-
-	name->modified=1;
-
-	if (set == -1)
-		{
-		if (loc == 0)
-			{
-			set=0;
-			inc=1;
-			}
-		else
-			{
-			set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set;
-			inc=0;
-			}
-		}
-	else /* if (set >= 0) */
-		{
-		if (loc >= n)
-			{
-			if (loc != 0)
-				set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1;
-			else
-				set=0;
-			}
-		else
-			set=sk_X509_NAME_ENTRY_value(sk,loc)->set;
-		inc=(set == 0)?1:0;
-		}
-
-	if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL)
-		goto err;
-	new_name->set=set;
-	if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc))
-		{
-		X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-	if (inc)
-		{
-		n=sk_X509_NAME_ENTRY_num(sk);
-		for (i=loc+1; i<n; i++)
-			sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1;
-		}	
-	return(1);
-err:
-	if (new_name != NULL)
-		X509_NAME_ENTRY_free(new_name);
-	return(0);
-	}
+                        int set)
+{
+    X509_NAME_ENTRY *new_name = NULL;
+    int n, i, inc;
+    STACK_OF(X509_NAME_ENTRY) *sk;
+
+    if (name == NULL)
+        return (0);
+    sk = name->entries;
+    n = sk_X509_NAME_ENTRY_num(sk);
+    if (loc > n)
+        loc = n;
+    else if (loc < 0)
+        loc = n;
+
+    name->modified = 1;
+
+    if (set == -1) {
+        if (loc == 0) {
+            set = 0;
+            inc = 1;
+        } else {
+            set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set;
+            inc = 0;
+        }
+    } else {                    /* if (set >= 0) */
+
+        if (loc >= n) {
+            if (loc != 0)
+                set = sk_X509_NAME_ENTRY_value(sk, loc - 1)->set + 1;
+            else
+                set = 0;
+        } else
+            set = sk_X509_NAME_ENTRY_value(sk, loc)->set;
+        inc = (set == 0) ? 1 : 0;
+    }
+
+    if ((new_name = X509_NAME_ENTRY_dup(ne)) == NULL)
+        goto err;
+    new_name->set = set;
+    if (!sk_X509_NAME_ENTRY_insert(sk, new_name, loc)) {
+        X509err(X509_F_X509_NAME_ADD_ENTRY, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+    if (inc) {
+        n = sk_X509_NAME_ENTRY_num(sk);
+        for (i = loc + 1; i < n; i++)
+            sk_X509_NAME_ENTRY_value(sk, i - 1)->set += 1;
+    }
+    return (1);
+ err:
+    if (new_name != NULL)
+        X509_NAME_ENTRY_free(new_name);
+    return (0);
+}
 
 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne,
-		const char *field, int type, const unsigned char *bytes, int len)
-	{
-	ASN1_OBJECT *obj;
-	X509_NAME_ENTRY *nentry;
-
-	obj=OBJ_txt2obj(field, 0);
-	if (obj == NULL)
-		{
-		X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
-						X509_R_INVALID_FIELD_NAME);
-		ERR_add_error_data(2, "name=", field);
-		return(NULL);
-		}
-	nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
-	ASN1_OBJECT_free(obj);
-	return nentry;
-	}
+                                               const char *field, int type,
+                                               const unsigned char *bytes,
+                                               int len)
+{
+    ASN1_OBJECT *obj;
+    X509_NAME_ENTRY *nentry;
+
+    obj = OBJ_txt2obj(field, 0);
+    if (obj == NULL) {
+        X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,
+                X509_R_INVALID_FIELD_NAME);
+        ERR_add_error_data(2, "name=", field);
+        return (NULL);
+    }
+    nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
+    ASN1_OBJECT_free(obj);
+    return nentry;
+}
 
 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid,
-	     int type, unsigned char *bytes, int len)
-	{
-	ASN1_OBJECT *obj;
-	X509_NAME_ENTRY *nentry;
-
-	obj=OBJ_nid2obj(nid);
-	if (obj == NULL)
-		{
-		X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID);
-		return(NULL);
-		}
-	nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len);
-	ASN1_OBJECT_free(obj);
-	return nentry;
-	}
+                                               int type, unsigned char *bytes,
+                                               int len)
+{
+    ASN1_OBJECT *obj;
+    X509_NAME_ENTRY *nentry;
+
+    obj = OBJ_nid2obj(nid);
+    if (obj == NULL) {
+        X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID, X509_R_UNKNOWN_NID);
+        return (NULL);
+    }
+    nentry = X509_NAME_ENTRY_create_by_OBJ(ne, obj, type, bytes, len);
+    ASN1_OBJECT_free(obj);
+    return nentry;
+}
 
 X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne,
-	     ASN1_OBJECT *obj, int type, const unsigned char *bytes, int len)
-	{
-	X509_NAME_ENTRY *ret;
-
-	if ((ne == NULL) || (*ne == NULL))
-		{
-		if ((ret=X509_NAME_ENTRY_new()) == NULL)
-			return(NULL);
-		}
-	else
-		ret= *ne;
-
-	if (!X509_NAME_ENTRY_set_object(ret,obj))
-		goto err;
-	if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len))
-		goto err;
-
-	if ((ne != NULL) && (*ne == NULL)) *ne=ret;
-	return(ret);
-err:
-	if ((ne == NULL) || (ret != *ne))
-		X509_NAME_ENTRY_free(ret);
-	return(NULL);
-	}
+                                               ASN1_OBJECT *obj, int type,
+                                               const unsigned char *bytes,
+                                               int len)
+{
+    X509_NAME_ENTRY *ret;
+
+    if ((ne == NULL) || (*ne == NULL)) {
+        if ((ret = X509_NAME_ENTRY_new()) == NULL)
+            return (NULL);
+    } else
+        ret = *ne;
+
+    if (!X509_NAME_ENTRY_set_object(ret, obj))
+        goto err;
+    if (!X509_NAME_ENTRY_set_data(ret, type, bytes, len))
+        goto err;
+
+    if ((ne != NULL) && (*ne == NULL))
+        *ne = ret;
+    return (ret);
+ err:
+    if ((ne == NULL) || (ret != *ne))
+        X509_NAME_ENTRY_free(ret);
+    return (NULL);
+}
 
 int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj)
-	{
-	if ((ne == NULL) || (obj == NULL))
-		{
-		X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,ERR_R_PASSED_NULL_PARAMETER);
-		return(0);
-		}
-	ASN1_OBJECT_free(ne->object);
-	ne->object=OBJ_dup(obj);
-	return((ne->object == NULL)?0:1);
-	}
+{
+    if ((ne == NULL) || (obj == NULL)) {
+        X509err(X509_F_X509_NAME_ENTRY_SET_OBJECT,
+                ERR_R_PASSED_NULL_PARAMETER);
+        return (0);
+    }
+    ASN1_OBJECT_free(ne->object);
+    ne->object = OBJ_dup(obj);
+    return ((ne->object == NULL) ? 0 : 1);
+}
 
 int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type,
-	     const unsigned char *bytes, int len)
-	{
-	int i;
-
-	if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0);
-	if((type > 0) && (type & MBSTRING_FLAG)) 
-		return ASN1_STRING_set_by_NID(&ne->value, bytes,
-						len, type,
-					OBJ_obj2nid(ne->object)) ? 1 : 0;
-	if (len < 0) len=strlen((char *)bytes);
-	i=ASN1_STRING_set(ne->value,bytes,len);
-	if (!i) return(0);
-	if (type != V_ASN1_UNDEF)
-		{
-		if (type == V_ASN1_APP_CHOOSE)
-			ne->value->type=ASN1_PRINTABLE_type(bytes,len);
-		else
-			ne->value->type=type;
-		}
-	return(1);
-	}
+                             const unsigned char *bytes, int len)
+{
+    int i;
+
+    if ((ne == NULL) || ((bytes == NULL) && (len != 0)))
+        return (0);
+    if ((type > 0) && (type & MBSTRING_FLAG))
+        return ASN1_STRING_set_by_NID(&ne->value, bytes,
+                                      len, type,
+                                      OBJ_obj2nid(ne->object)) ? 1 : 0;
+    if (len < 0)
+        len = strlen((char *)bytes);
+    i = ASN1_STRING_set(ne->value, bytes, len);
+    if (!i)
+        return (0);
+    if (type != V_ASN1_UNDEF) {
+        if (type == V_ASN1_APP_CHOOSE)
+            ne->value->type = ASN1_PRINTABLE_type(bytes, len);
+        else
+            ne->value->type = type;
+    }
+    return (1);
+}
 
 ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne)
-	{
-	if (ne == NULL) return(NULL);
-	return(ne->object);
-	}
+{
+    if (ne == NULL)
+        return (NULL);
+    return (ne->object);
+}
 
 ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne)
-	{
-	if (ne == NULL) return(NULL);
-	return(ne->value);
-	}
-
+{
+    if (ne == NULL)
+        return (NULL);
+    return (ne->value);
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509rset.c b/Cryptlib/OpenSSL/crypto/x509/x509rset.c
index d9f6b573..80e273e6 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509rset.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509rset.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -64,20 +64,22 @@
 #include <openssl/x509.h>
 
 int X509_REQ_set_version(X509_REQ *x, long version)
-	{
-	if (x == NULL) return(0);
-	return(ASN1_INTEGER_set(x->req_info->version,version));
-	}
+{
+    if (x == NULL)
+        return (0);
+    return (ASN1_INTEGER_set(x->req_info->version, version));
+}
 
 int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name)
-	{
-	if ((x == NULL) || (x->req_info == NULL)) return(0);
-	return(X509_NAME_set(&x->req_info->subject,name));
-	}
+{
+    if ((x == NULL) || (x->req_info == NULL))
+        return (0);
+    return (X509_NAME_set(&x->req_info->subject, name));
+}
 
 int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey)
-	{
-	if ((x == NULL) || (x->req_info == NULL)) return(0);
-	return(X509_PUBKEY_set(&x->req_info->pubkey,pkey));
-	}
-
+{
+    if ((x == NULL) || (x->req_info == NULL))
+        return (0);
+    return (X509_PUBKEY_set(&x->req_info->pubkey, pkey));
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509spki.c b/Cryptlib/OpenSSL/crypto/x509/x509spki.c
index 02a203d7..2df84ead 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509spki.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509spki.c
@@ -1,6 +1,7 @@
 /* x509spki.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,60 +63,61 @@
 
 int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey)
 {
-	if ((x == NULL) || (x->spkac == NULL)) return(0);
-	return(X509_PUBKEY_set(&(x->spkac->pubkey),pkey));
+    if ((x == NULL) || (x->spkac == NULL))
+        return (0);
+    return (X509_PUBKEY_set(&(x->spkac->pubkey), pkey));
 }
 
 EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x)
 {
-	if ((x == NULL) || (x->spkac == NULL))
-		return(NULL);
-	return(X509_PUBKEY_get(x->spkac->pubkey));
+    if ((x == NULL) || (x->spkac == NULL))
+        return (NULL);
+    return (X509_PUBKEY_get(x->spkac->pubkey));
 }
 
 /* Load a Netscape SPKI from a base64 encoded string */
 
-NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len)
+NETSCAPE_SPKI *NETSCAPE_SPKI_b64_decode(const char *str, int len)
 {
-	unsigned char *spki_der;
-	const unsigned char *p;
-	int spki_len;
-	NETSCAPE_SPKI *spki;
-	if(len <= 0) len = strlen(str);
-	if (!(spki_der = OPENSSL_malloc(len + 1))) {
-		X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
-	if(spki_len < 0) {
-		X509err(X509_F_NETSCAPE_SPKI_B64_DECODE,
-						X509_R_BASE64_DECODE_ERROR);
-		OPENSSL_free(spki_der);
-		return NULL;
-	}
-	p = spki_der;
-	spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
-	OPENSSL_free(spki_der);
-	return spki;
+    unsigned char *spki_der;
+    const unsigned char *p;
+    int spki_len;
+    NETSCAPE_SPKI *spki;
+    if (len <= 0)
+        len = strlen(str);
+    if (!(spki_der = OPENSSL_malloc(len + 1))) {
+        X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    spki_len = EVP_DecodeBlock(spki_der, (const unsigned char *)str, len);
+    if (spki_len < 0) {
+        X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, X509_R_BASE64_DECODE_ERROR);
+        OPENSSL_free(spki_der);
+        return NULL;
+    }
+    p = spki_der;
+    spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len);
+    OPENSSL_free(spki_der);
+    return spki;
 }
 
 /* Generate a base64 encoded string from an SPKI */
 
-char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
+char *NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki)
 {
-	unsigned char *der_spki, *p;
-	char *b64_str;
-	int der_len;
-	der_len = i2d_NETSCAPE_SPKI(spki, NULL);
-	der_spki = OPENSSL_malloc(der_len);
-	b64_str = OPENSSL_malloc(der_len * 2);
-	if(!der_spki || !b64_str) {
-		X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	p = der_spki;
-	i2d_NETSCAPE_SPKI(spki, &p);
-	EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
-	OPENSSL_free(der_spki);
-	return b64_str;
+    unsigned char *der_spki, *p;
+    char *b64_str;
+    int der_len;
+    der_len = i2d_NETSCAPE_SPKI(spki, NULL);
+    der_spki = OPENSSL_malloc(der_len);
+    b64_str = OPENSSL_malloc(der_len * 2);
+    if (!der_spki || !b64_str) {
+        X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    p = der_spki;
+    i2d_NETSCAPE_SPKI(spki, &p);
+    EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len);
+    OPENSSL_free(der_spki);
+    return b64_str;
 }
diff --git a/Cryptlib/OpenSSL/crypto/x509/x509type.c b/Cryptlib/OpenSSL/crypto/x509/x509type.c
index 2cd994c5..eb177fc5 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x509type.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x509type.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -63,59 +63,59 @@
 #include <openssl/x509.h>
 
 int X509_certificate_type(X509 *x, EVP_PKEY *pkey)
-	{
-	EVP_PKEY *pk;
-	int ret=0,i;
-
-	if (x == NULL) return(0);
+{
+    EVP_PKEY *pk;
+    int ret = 0, i;
 
-	if (pkey == NULL)
-		pk=X509_get_pubkey(x);
-	else
-		pk=pkey;
+    if (x == NULL)
+        return (0);
 
-	if (pk == NULL) return(0);
+    if (pkey == NULL)
+        pk = X509_get_pubkey(x);
+    else
+        pk = pkey;
 
-	switch (pk->type)
-		{
-	case EVP_PKEY_RSA:
-		ret=EVP_PK_RSA|EVP_PKT_SIGN;
-/*		if (!sign only extension) */
-			ret|=EVP_PKT_ENC;
-	break;
-	case EVP_PKEY_DSA:
-		ret=EVP_PK_DSA|EVP_PKT_SIGN;
-		break;
-	case EVP_PKEY_EC:
-		ret=EVP_PK_EC|EVP_PKT_SIGN|EVP_PKT_EXCH;
-		break;
-	case EVP_PKEY_DH:
-		ret=EVP_PK_DH|EVP_PKT_EXCH;
-		break;
-	default:
-		break;
-		}
+    if (pk == NULL)
+        return (0);
 
-	i=X509_get_signature_type(x);
-	switch (i)
-		{
-	case EVP_PKEY_RSA:
-		ret|=EVP_PKS_RSA;
-		break;
-	case EVP_PKEY_DSA:
-		ret|=EVP_PKS_DSA;
-		break;
-	case EVP_PKEY_EC:
-		ret|=EVP_PKS_EC;
-		break;
-	default:
-		break;
-		}
+    switch (pk->type) {
+    case EVP_PKEY_RSA:
+        ret = EVP_PK_RSA | EVP_PKT_SIGN;
+/*              if (!sign only extension) */
+        ret |= EVP_PKT_ENC;
+        break;
+    case EVP_PKEY_DSA:
+        ret = EVP_PK_DSA | EVP_PKT_SIGN;
+        break;
+    case EVP_PKEY_EC:
+        ret = EVP_PK_EC | EVP_PKT_SIGN | EVP_PKT_EXCH;
+        break;
+    case EVP_PKEY_DH:
+        ret = EVP_PK_DH | EVP_PKT_EXCH;
+        break;
+    default:
+        break;
+    }
 
-	if (EVP_PKEY_size(pk) <= 1024/8)/* /8 because it's 1024 bits we look
-					   for, not bytes */
-		ret|=EVP_PKT_EXP;
-	if(pkey==NULL) EVP_PKEY_free(pk);
-	return(ret);
-	}
+    i = X509_get_signature_type(x);
+    switch (i) {
+    case EVP_PKEY_RSA:
+        ret |= EVP_PKS_RSA;
+        break;
+    case EVP_PKEY_DSA:
+        ret |= EVP_PKS_DSA;
+        break;
+    case EVP_PKEY_EC:
+        ret |= EVP_PKS_EC;
+        break;
+    default:
+        break;
+    }
 
+    /* /8 because it's 1024 bits we look for, not bytes */
+    if (EVP_PKEY_size(pk) <= 1024 / 8)
+        ret |= EVP_PKT_EXP;
+    if (pkey == NULL)
+        EVP_PKEY_free(pk);
+    return (ret);
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509/x_all.c b/Cryptlib/OpenSSL/crypto/x509/x_all.c
index c7b07f7c..3140cead 100644
--- a/Cryptlib/OpenSSL/crypto/x509/x_all.c
+++ b/Cryptlib/OpenSSL/crypto/x509/x_all.c
@@ -5,21 +5,21 @@
  * This package is an SSL implementation written
  * by Eric Young (eay@cryptsoft.com).
  * The implementation was written so as to conform with Netscapes SSL.
- * 
+ *
  * This library is free for commercial and non-commercial use as long as
  * the following conditions are aheared to.  The following conditions
  * apply to all code found in this distribution, be it the RC4, RSA,
  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
  * included with this distribution is covered by the same copyright terms
  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
+ *
  * Copyright remains Eric Young's, and as such any Copyright notices in
  * the code are not to be removed.
  * If this package is used in a product, Eric Young should be given attribution
  * as the author of the parts of the library used.
  * This can be in the form of a textual message at program startup or
  * in documentation (online or textual) provided with the package.
- * 
+ *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
@@ -34,10 +34,10 @@
  *     Eric Young (eay@cryptsoft.com)"
  *    The word 'cryptographic' can be left out if the rouines from the library
  *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
+ * 4. If you include any Windows specific code (or a derivative thereof) from
  *    the apps directory (application code) you must include an acknowledgement:
  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
+ *
  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
- * 
+ *
  * The licence and distribution terms for any publically available version or
  * derivative of this code cannot be changed.  i.e. this code cannot simply be
  * copied and put under another distribution licence
@@ -65,459 +65,464 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 #ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
+# include <openssl/rsa.h>
 #endif
 #ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
+# include <openssl/dsa.h>
 #endif
 
 int X509_verify(X509 *a, EVP_PKEY *r)
-	{
-	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg,
-		a->signature,a->cert_info,r));
-	}
+{
+    if (X509_ALGOR_cmp(a->sig_alg, a->cert_info->signature))
+        return 0;
+    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF), a->sig_alg,
+                             a->signature, a->cert_info, r));
+}
 
 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
-	{
-	return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
-		a->sig_alg,a->signature,a->req_info,r));
-	}
+{
+    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO),
+                             a->sig_alg, a->signature, a->req_info, r));
+}
 
 int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
-	{
-	return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
-		a->sig_alg, a->signature,a->crl,r));
-	}
+{
+    return (ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO),
+                             a->sig_alg, a->signature, a->crl, r));
+}
 
 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
-	{
-	return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
-		a->sig_algor,a->signature,a->spkac,r));
-	}
+{
+    return (ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC),
+                             a->sig_algor, a->signature, a->spkac, r));
+}
 
 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
-	{
-	x->cert_info->enc.modified = 1;
-	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
-		x->sig_alg, x->signature, x->cert_info,pkey,md));
-	}
+{
+    x->cert_info->enc.modified = 1;
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature,
+                           x->sig_alg, x->signature, x->cert_info, pkey, md));
+}
 
 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
-	{
-	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL,
-		x->signature, x->req_info,pkey,md));
-	}
+{
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO), x->sig_alg, NULL,
+                           x->signature, x->req_info, pkey, md));
+}
 
 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
-	{
-	x->crl->enc.modified = 1;
-	return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg,
-		x->sig_alg, x->signature, x->crl,pkey,md));
-	}
+{
+    x->crl->enc.modified = 1;
+    return (ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO), x->crl->sig_alg,
+                           x->sig_alg, x->signature, x->crl, pkey, md));
+}
 
 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
-	{
-	return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL,
-		x->signature, x->spkac,pkey,md));
-	}
+{
+    return (ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor, NULL,
+                           x->signature, x->spkac, pkey, md));
+}
 
 #ifndef OPENSSL_NO_FP_API
 X509 *d2i_X509_fp(FILE *fp, X509 **x509)
-	{
-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
-	}
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509);
+}
 
 int i2d_X509_fp(FILE *fp, X509 *x509)
-	{
-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
-	}
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509);
+}
 #endif
 
 X509 *d2i_X509_bio(BIO *bp, X509 **x509)
-	{
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
-	}
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509);
+}
 
 int i2d_X509_bio(BIO *bp, X509 *x509)
-	{
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
-	}
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509);
+}
 
 #ifndef OPENSSL_NO_FP_API
 X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl)
-	{
-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
-	}
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
+}
 
 int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl)
-	{
-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
-	}
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl);
+}
 #endif
 
 X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl)
-	{
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
-	}
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
+}
 
 int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl)
-	{
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
-	}
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl);
+}
 
 #ifndef OPENSSL_NO_FP_API
 PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7)
-	{
-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
-	}
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
+}
 
 int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7)
-	{
-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
-	}
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7);
+}
 #endif
 
 PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7)
-	{
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
-	}
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
+}
 
 int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7)
-	{
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
-	}
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7);
+}
 
 #ifndef OPENSSL_NO_FP_API
 X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req)
-	{
-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
-	}
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
+}
 
 int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req)
-	{
-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
-	}
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req);
+}
 #endif
 
 X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req)
-	{
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
-	}
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
+}
 
 int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req)
-	{
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
-	}
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req);
+}
 
 #ifndef OPENSSL_NO_RSA
 
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa)
-	{
-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
-	}
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
+}
 
 int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa)
-	{
-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
-	}
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa);
+}
 
 RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa)
-	{
-	return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
-	}
-
+{
+    return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
+}
 
 RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
-	{
-	return ASN1_d2i_fp((void *(*)(void))
-			   RSA_new,(D2I_OF(void))d2i_RSA_PUBKEY, fp,
-			   (void **)rsa);
-	}
+{
+    return ASN1_d2i_fp((void *(*)(void))
+                       RSA_new, (D2I_OF(void)) d2i_RSA_PUBKEY, fp,
+                       (void **)rsa);
+}
 
 int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa)
-	{
-	return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
-	}
+{
+    return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa);
+}
 
 int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
-	{
-	return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY,fp,rsa);
-	}
-#endif
+{
+    return ASN1_i2d_fp((I2D_OF(void))i2d_RSA_PUBKEY, fp, rsa);
+}
+# endif
 
 RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa)
-	{
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
-	}
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
+}
 
 int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa)
-	{
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
-	}
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa);
+}
 
 RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa)
-	{
-	return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
-	}
-
+{
+    return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
+}
 
 RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
-	{
-	return ASN1_d2i_bio_of(RSA,RSA_new,d2i_RSA_PUBKEY,bp,rsa);
-	}
+{
+    return ASN1_d2i_bio_of(RSA, RSA_new, d2i_RSA_PUBKEY, bp, rsa);
+}
 
 int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa)
-	{
-	return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
-	}
+{
+    return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa);
+}
 
 int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
-	{
-	return ASN1_i2d_bio_of(RSA,i2d_RSA_PUBKEY,bp,rsa);
-	}
+{
+    return ASN1_i2d_bio_of(RSA, i2d_RSA_PUBKEY, bp, rsa);
+}
 #endif
 
 #ifndef OPENSSL_NO_DSA
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa)
-	{
-	return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSAPrivateKey,fp,dsa);
-	}
+{
+    return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSAPrivateKey, fp, dsa);
+}
 
 int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa)
-	{
-	return ASN1_i2d_fp_of_const(DSA,i2d_DSAPrivateKey,fp,dsa);
-	}
+{
+    return ASN1_i2d_fp_of_const(DSA, i2d_DSAPrivateKey, fp, dsa);
+}
 
 DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
-	{
-	return ASN1_d2i_fp_of(DSA,DSA_new,d2i_DSA_PUBKEY,fp,dsa);
-	}
+{
+    return ASN1_d2i_fp_of(DSA, DSA_new, d2i_DSA_PUBKEY, fp, dsa);
+}
 
 int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
-	{
-	return ASN1_i2d_fp_of(DSA,i2d_DSA_PUBKEY,fp,dsa);
-	}
-#endif
+{
+    return ASN1_i2d_fp_of(DSA, i2d_DSA_PUBKEY, fp, dsa);
+}
+# endif
 
 DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa)
-	{
-	return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSAPrivateKey,bp,dsa
-);
-	}
+{
+    return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSAPrivateKey, bp, dsa);
+}
 
 int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa)
-	{
-	return ASN1_i2d_bio_of_const(DSA,i2d_DSAPrivateKey,bp,dsa);
-	}
+{
+    return ASN1_i2d_bio_of_const(DSA, i2d_DSAPrivateKey, bp, dsa);
+}
 
 DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
-	{
-	return ASN1_d2i_bio_of(DSA,DSA_new,d2i_DSA_PUBKEY,bp,dsa);
-	}
+{
+    return ASN1_d2i_bio_of(DSA, DSA_new, d2i_DSA_PUBKEY, bp, dsa);
+}
 
 int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
-	{
-	return ASN1_i2d_bio_of(DSA,i2d_DSA_PUBKEY,bp,dsa);
-	}
+{
+    return ASN1_i2d_bio_of(DSA, i2d_DSA_PUBKEY, bp, dsa);
+}
 
 #endif
 
 #ifndef OPENSSL_NO_EC
-#ifndef OPENSSL_NO_FP_API
+# ifndef OPENSSL_NO_FP_API
 EC_KEY *d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **eckey)
-	{
-	return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,fp,eckey);
-	}
-  
+{
+    return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, fp, eckey);
+}
+
 int i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *eckey)
-	{
-	return ASN1_i2d_fp_of(EC_KEY,i2d_EC_PUBKEY,fp,eckey);
-	}
+{
+    return ASN1_i2d_fp_of(EC_KEY, i2d_EC_PUBKEY, fp, eckey);
+}
 
 EC_KEY *d2i_ECPrivateKey_fp(FILE *fp, EC_KEY **eckey)
-	{
-	return ASN1_d2i_fp_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,fp,eckey);
-	}
-  
+{
+    return ASN1_d2i_fp_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, fp, eckey);
+}
+
 int i2d_ECPrivateKey_fp(FILE *fp, EC_KEY *eckey)
-	{
-	return ASN1_i2d_fp_of(EC_KEY,i2d_ECPrivateKey,fp,eckey);
-	}
-#endif
+{
+    return ASN1_i2d_fp_of(EC_KEY, i2d_ECPrivateKey, fp, eckey);
+}
+# endif
 EC_KEY *d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **eckey)
-	{
-	return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_EC_PUBKEY,bp,eckey);
-	}
-  
+{
+    return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_EC_PUBKEY, bp, eckey);
+}
+
 int i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ecdsa)
-	{
-	return ASN1_i2d_bio_of(EC_KEY,i2d_EC_PUBKEY,bp,ecdsa);
-	}
+{
+    return ASN1_i2d_bio_of(EC_KEY, i2d_EC_PUBKEY, bp, ecdsa);
+}
 
 EC_KEY *d2i_ECPrivateKey_bio(BIO *bp, EC_KEY **eckey)
-	{
-	return ASN1_d2i_bio_of(EC_KEY,EC_KEY_new,d2i_ECPrivateKey,bp,eckey);
-	}
-  
+{
+    return ASN1_d2i_bio_of(EC_KEY, EC_KEY_new, d2i_ECPrivateKey, bp, eckey);
+}
+
 int i2d_ECPrivateKey_bio(BIO *bp, EC_KEY *eckey)
-	{
-	return ASN1_i2d_bio_of(EC_KEY,i2d_ECPrivateKey,bp,eckey);
-	}
+{
+    return ASN1_i2d_bio_of(EC_KEY, i2d_ECPrivateKey, bp, eckey);
+}
 #endif
 
-
-int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
-	     unsigned int *len)
-	{
-	ASN1_BIT_STRING *key;
-	key = X509_get0_pubkey_bitstr(data);
-	if(!key) return 0;
-	return EVP_Digest(key->data, key->length, md, len, type, NULL);
-	}
+int X509_pubkey_digest(const X509 *data, const EVP_MD *type,
+                       unsigned char *md, unsigned int *len)
+{
+    ASN1_BIT_STRING *key;
+    key = X509_get0_pubkey_bitstr(data);
+    if (!key)
+        return 0;
+    return EVP_Digest(key->data, key->length, md, len, type, NULL);
+}
 
 int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
-	     unsigned int *len)
-	{
-	return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len));
-	}
-
-int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
-	     unsigned int *len)
-	{
-	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len));
-	}
-
-int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
-	     unsigned int *len)
-	{
-	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len));
-	}
-
-int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
-	     unsigned int *len)
-	{
-	return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len));
-	}
-
-int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
-	     unsigned char *md, unsigned int *len)
-	{
-	return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type,
-		(char *)data,md,len));
-	}
+                unsigned int *len)
+{
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509), type, (char *)data, md, len));
+}
+
+int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len)
+{
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509_CRL), type, (char *)data, md, len));
+}
 
+int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type,
+                    unsigned char *md, unsigned int *len)
+{
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509_REQ), type, (char *)data, md, len));
+}
+
+int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type,
+                     unsigned char *md, unsigned int *len)
+{
+    return (ASN1_item_digest
+            (ASN1_ITEM_rptr(X509_NAME), type, (char *)data, md, len));
+}
+
+int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,
+                                   const EVP_MD *type, unsigned char *md,
+                                   unsigned int *len)
+{
+    return (ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL), type,
+                             (char *)data, md, len));
+}
 
 #ifndef OPENSSL_NO_FP_API
 X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8)
-	{
-	return ASN1_d2i_fp_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,fp,p8);
-	}
+{
+    return ASN1_d2i_fp_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, fp, p8);
+}
 
 int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8)
-	{
-	return ASN1_i2d_fp_of(X509_SIG,i2d_X509_SIG,fp,p8);
-	}
+{
+    return ASN1_i2d_fp_of(X509_SIG, i2d_X509_SIG, fp, p8);
+}
 #endif
 
 X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8)
-	{
-	return ASN1_d2i_bio_of(X509_SIG,X509_SIG_new,d2i_X509_SIG,bp,p8);
-	}
+{
+    return ASN1_d2i_bio_of(X509_SIG, X509_SIG_new, d2i_X509_SIG, bp, p8);
+}
 
 int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8)
-	{
-	return ASN1_i2d_bio_of(X509_SIG,i2d_X509_SIG,bp,p8);
-	}
+{
+    return ASN1_i2d_bio_of(X509_SIG, i2d_X509_SIG, bp, p8);
+}
 
 #ifndef OPENSSL_NO_FP_API
 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,
-						 PKCS8_PRIV_KEY_INFO **p8inf)
-	{
-	return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,
-			      d2i_PKCS8_PRIV_KEY_INFO,fp,p8inf);
-	}
+                                                PKCS8_PRIV_KEY_INFO **p8inf)
+{
+    return ASN1_d2i_fp_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
+                          d2i_PKCS8_PRIV_KEY_INFO, fp, p8inf);
+}
 
 int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf)
-	{
-	return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,fp,
-			      p8inf);
-	}
+{
+    return ASN1_i2d_fp_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, fp,
+                          p8inf);
+}
 
 int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key)
-	{
-	PKCS8_PRIV_KEY_INFO *p8inf;
-	int ret;
-	p8inf = EVP_PKEY2PKCS8(key);
-	if(!p8inf) return 0;
-	ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
-	PKCS8_PRIV_KEY_INFO_free(p8inf);
-	return ret;
-	}
+{
+    PKCS8_PRIV_KEY_INFO *p8inf;
+    int ret;
+    p8inf = EVP_PKEY2PKCS8(key);
+    if (!p8inf)
+        return 0;
+    ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    return ret;
+}
 
 int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey)
-	{
-	return ASN1_i2d_fp_of(EVP_PKEY,i2d_PrivateKey,fp,pkey);
-	}
+{
+    return ASN1_i2d_fp_of(EVP_PKEY, i2d_PrivateKey, fp, pkey);
+}
 
 EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a)
 {
-	return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,fp,a);
+    return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, fp, a);
 }
 
 int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
-	{
-	return ASN1_i2d_fp_of(EVP_PKEY,i2d_PUBKEY,fp,pkey);
-	}
+{
+    return ASN1_i2d_fp_of(EVP_PKEY, i2d_PUBKEY, fp, pkey);
+}
 
 EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a)
 {
-	return ASN1_d2i_fp_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,fp,a);
+    return ASN1_d2i_fp_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, fp, a);
 }
 
 #endif
 
 PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,
-						 PKCS8_PRIV_KEY_INFO **p8inf)
-	{
-	return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO,PKCS8_PRIV_KEY_INFO_new,
-			    d2i_PKCS8_PRIV_KEY_INFO,bp,p8inf);
-	}
+                                                 PKCS8_PRIV_KEY_INFO **p8inf)
+{
+    return ASN1_d2i_bio_of(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_new,
+                           d2i_PKCS8_PRIV_KEY_INFO, bp, p8inf);
+}
 
 int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf)
-	{
-	return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO,i2d_PKCS8_PRIV_KEY_INFO,bp,
-			       p8inf);
-	}
+{
+    return ASN1_i2d_bio_of(PKCS8_PRIV_KEY_INFO, i2d_PKCS8_PRIV_KEY_INFO, bp,
+                           p8inf);
+}
 
 int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key)
-	{
-	PKCS8_PRIV_KEY_INFO *p8inf;
-	int ret;
-	p8inf = EVP_PKEY2PKCS8(key);
-	if(!p8inf) return 0;
-	ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
-	PKCS8_PRIV_KEY_INFO_free(p8inf);
-	return ret;
-	}
+{
+    PKCS8_PRIV_KEY_INFO *p8inf;
+    int ret;
+    p8inf = EVP_PKEY2PKCS8(key);
+    if (!p8inf)
+        return 0;
+    ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf);
+    PKCS8_PRIV_KEY_INFO_free(p8inf);
+    return ret;
+}
 
 int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey)
-	{
-	return ASN1_i2d_bio_of(EVP_PKEY,i2d_PrivateKey,bp,pkey);
-	}
+{
+    return ASN1_i2d_bio_of(EVP_PKEY, i2d_PrivateKey, bp, pkey);
+}
 
 EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a)
-	{
-	return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_AutoPrivateKey,bp,a);
-	}
+{
+    return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_AutoPrivateKey, bp, a);
+}
 
 int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
-	{
-	return ASN1_i2d_bio_of(EVP_PKEY,i2d_PUBKEY,bp,pkey);
-	}
+{
+    return ASN1_i2d_bio_of(EVP_PKEY, i2d_PUBKEY, bp, pkey);
+}
 
 EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a)
-	{
-	return ASN1_d2i_bio_of(EVP_PKEY,EVP_PKEY_new,d2i_PUBKEY,bp,a);
-	}
+{
+    return ASN1_d2i_bio_of(EVP_PKEY, EVP_PKEY_new, d2i_PUBKEY, bp, a);
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c
index 1030931b..1530cc85 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_cache.c
@@ -1,6 +1,7 @@
 /* pcy_cache.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2004.
  */
 /* ====================================================================
  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,226 +63,208 @@
 
 #include "pcy_int.h"
 
-static int policy_data_cmp(const X509_POLICY_DATA * const *a,
-				const X509_POLICY_DATA * const *b);
+static int policy_data_cmp(const X509_POLICY_DATA *const *a,
+                           const X509_POLICY_DATA *const *b);
 static int policy_cache_set_int(long *out, ASN1_INTEGER *value);
 
-/* Set cache entry according to CertificatePolicies extension.
- * Note: this destroys the passed CERTIFICATEPOLICIES structure.
+/*
+ * Set cache entry according to CertificatePolicies extension. Note: this
+ * destroys the passed CERTIFICATEPOLICIES structure.
  */
 
 static int policy_cache_create(X509 *x,
-			CERTIFICATEPOLICIES *policies, int crit)
-	{
-	int i;
-	int ret = 0;
-	X509_POLICY_CACHE *cache = x->policy_cache;
-	X509_POLICY_DATA *data = NULL;
-	POLICYINFO *policy;
-	if (sk_POLICYINFO_num(policies) == 0)
-		goto bad_policy;
-	cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
-	if (!cache->data)
-		goto bad_policy;
-	for (i = 0; i < sk_POLICYINFO_num(policies); i++)
-		{
-		policy = sk_POLICYINFO_value(policies, i);
-		data = policy_data_new(policy, NULL, crit);
-		if (!data)
-			goto bad_policy;
-		/* Duplicate policy OIDs are illegal: reject if matches
-		 * found.
-		 */
-		if (OBJ_obj2nid(data->valid_policy) == NID_any_policy)
-			{
-			if (cache->anyPolicy)
-				{
-				ret = -1;
-				goto bad_policy;
-				}
-			cache->anyPolicy = data;
-			}
-		else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1)
-			{
-			ret = -1;
-			goto bad_policy;
-			}
-		else if (!sk_X509_POLICY_DATA_push(cache->data, data))
-			goto bad_policy;
-		data = NULL;
-		}
-	ret = 1;
-	bad_policy:
-	if (ret == -1)
-		x->ex_flags |= EXFLAG_INVALID_POLICY;
-	if (data)
-		policy_data_free(data);
-	sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
-	if (ret <= 0)
-		{
-		sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
-		cache->data = NULL;
-		}
-	return ret;
-	}
+                               CERTIFICATEPOLICIES *policies, int crit)
+{
+    int i;
+    int ret = 0;
+    X509_POLICY_CACHE *cache = x->policy_cache;
+    X509_POLICY_DATA *data = NULL;
+    POLICYINFO *policy;
+    if (sk_POLICYINFO_num(policies) == 0)
+        goto bad_policy;
+    cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp);
+    if (!cache->data)
+        goto bad_policy;
+    for (i = 0; i < sk_POLICYINFO_num(policies); i++) {
+        policy = sk_POLICYINFO_value(policies, i);
+        data = policy_data_new(policy, NULL, crit);
+        if (!data)
+            goto bad_policy;
+        /*
+         * Duplicate policy OIDs are illegal: reject if matches found.
+         */
+        if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+            if (cache->anyPolicy) {
+                ret = -1;
+                goto bad_policy;
+            }
+            cache->anyPolicy = data;
+        } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) {
+            ret = -1;
+            goto bad_policy;
+        } else if (!sk_X509_POLICY_DATA_push(cache->data, data))
+            goto bad_policy;
+        data = NULL;
+    }
+    ret = 1;
+ bad_policy:
+    if (ret == -1)
+        x->ex_flags |= EXFLAG_INVALID_POLICY;
+    if (data)
+        policy_data_free(data);
+    sk_POLICYINFO_pop_free(policies, POLICYINFO_free);
+    if (ret <= 0) {
+        sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+        cache->data = NULL;
+    }
+    return ret;
+}
 
-	
 static int policy_cache_new(X509 *x)
-	{
-	X509_POLICY_CACHE *cache;
-	ASN1_INTEGER *ext_any = NULL;
-	POLICY_CONSTRAINTS *ext_pcons = NULL;
-	CERTIFICATEPOLICIES *ext_cpols = NULL;
-	POLICY_MAPPINGS *ext_pmaps = NULL;
-	int i;
-	cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE));
-	if (!cache)
-		return 0;
-	cache->anyPolicy = NULL;
-	cache->data = NULL;
-	cache->maps = NULL;
-	cache->any_skip = -1;
-	cache->explicit_skip = -1;
-	cache->map_skip = -1;
+{
+    X509_POLICY_CACHE *cache;
+    ASN1_INTEGER *ext_any = NULL;
+    POLICY_CONSTRAINTS *ext_pcons = NULL;
+    CERTIFICATEPOLICIES *ext_cpols = NULL;
+    POLICY_MAPPINGS *ext_pmaps = NULL;
+    int i;
+    cache = OPENSSL_malloc(sizeof(X509_POLICY_CACHE));
+    if (!cache)
+        return 0;
+    cache->anyPolicy = NULL;
+    cache->data = NULL;
+    cache->maps = NULL;
+    cache->any_skip = -1;
+    cache->explicit_skip = -1;
+    cache->map_skip = -1;
 
-	x->policy_cache = cache;
+    x->policy_cache = cache;
 
-	/* Handle requireExplicitPolicy *first*. Need to process this
-	 * even if we don't have any policies.
-	 */
-	ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);
+    /*
+     * Handle requireExplicitPolicy *first*. Need to process this even if we
+     * don't have any policies.
+     */
+    ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL);
 
-	if (!ext_pcons)
-		{
-		if (i != -1)
-			goto bad_cache;
-		}
-	else
-		{
-		if (!ext_pcons->requireExplicitPolicy
-			&& !ext_pcons->inhibitPolicyMapping)
-			goto bad_cache;
-		if (!policy_cache_set_int(&cache->explicit_skip,
-			ext_pcons->requireExplicitPolicy))
-			goto bad_cache;
-		if (!policy_cache_set_int(&cache->map_skip,
-			ext_pcons->inhibitPolicyMapping))
-			goto bad_cache;
-		}
+    if (!ext_pcons) {
+        if (i != -1)
+            goto bad_cache;
+    } else {
+        if (!ext_pcons->requireExplicitPolicy
+            && !ext_pcons->inhibitPolicyMapping)
+            goto bad_cache;
+        if (!policy_cache_set_int(&cache->explicit_skip,
+                                  ext_pcons->requireExplicitPolicy))
+            goto bad_cache;
+        if (!policy_cache_set_int(&cache->map_skip,
+                                  ext_pcons->inhibitPolicyMapping))
+            goto bad_cache;
+    }
 
-	/* Process CertificatePolicies */
+    /* Process CertificatePolicies */
 
-	ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL);
-	/* If no CertificatePolicies extension or problem decoding then
-	 * there is no point continuing because the valid policies will be
-	 * NULL.
-	 */
-	if (!ext_cpols)
-		{
-		/* If not absent some problem with extension */
-		if (i != -1)
-			goto bad_cache;
-		return 1;
-		}
+    ext_cpols = X509_get_ext_d2i(x, NID_certificate_policies, &i, NULL);
+    /*
+     * If no CertificatePolicies extension or problem decoding then there is
+     * no point continuing because the valid policies will be NULL.
+     */
+    if (!ext_cpols) {
+        /* If not absent some problem with extension */
+        if (i != -1)
+            goto bad_cache;
+        return 1;
+    }
 
-	i = policy_cache_create(x, ext_cpols, i);
+    i = policy_cache_create(x, ext_cpols, i);
 
-	/* NB: ext_cpols freed by policy_cache_set_policies */
+    /* NB: ext_cpols freed by policy_cache_set_policies */
 
-	if (i <= 0)
-		return i;
+    if (i <= 0)
+        return i;
 
-	ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);
+    ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL);
 
-	if (!ext_pmaps)
-		{
-		/* If not absent some problem with extension */
-		if (i != -1)
-			goto bad_cache;
-		}
-	else
-		{
-		i = policy_cache_set_mapping(x, ext_pmaps);
-		if (i <= 0)
-			goto bad_cache;
-		}
+    if (!ext_pmaps) {
+        /* If not absent some problem with extension */
+        if (i != -1)
+            goto bad_cache;
+    } else {
+        i = policy_cache_set_mapping(x, ext_pmaps);
+        if (i <= 0)
+            goto bad_cache;
+    }
 
-	ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);
+    ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL);
 
-	if (!ext_any)
-		{
-		if (i != -1)
-			goto bad_cache;
-		}
-	else if (!policy_cache_set_int(&cache->any_skip, ext_any))
-			goto bad_cache;
+    if (!ext_any) {
+        if (i != -1)
+            goto bad_cache;
+    } else if (!policy_cache_set_int(&cache->any_skip, ext_any))
+        goto bad_cache;
 
-	if (0)
-		{
-		bad_cache:
-		x->ex_flags |= EXFLAG_INVALID_POLICY;
-		}
+    if (0) {
+ bad_cache:
+        x->ex_flags |= EXFLAG_INVALID_POLICY;
+    }
 
-	if(ext_pcons)
-		POLICY_CONSTRAINTS_free(ext_pcons);
+    if (ext_pcons)
+        POLICY_CONSTRAINTS_free(ext_pcons);
 
-	if (ext_any)
-		ASN1_INTEGER_free(ext_any);
+    if (ext_any)
+        ASN1_INTEGER_free(ext_any);
 
-	return 1;
+    return 1;
 
-	
 }
 
 void policy_cache_free(X509_POLICY_CACHE *cache)
-	{
-	if (!cache)
-		return;
-	if (cache->anyPolicy)
-		policy_data_free(cache->anyPolicy);
-	if (cache->data)
-		sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
-	OPENSSL_free(cache);
-	}
+{
+    if (!cache)
+        return;
+    if (cache->anyPolicy)
+        policy_data_free(cache->anyPolicy);
+    if (cache->data)
+        sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free);
+    OPENSSL_free(cache);
+}
 
 const X509_POLICY_CACHE *policy_cache_set(X509 *x)
-	{
+{
 
-	if (x->policy_cache == NULL)
-		{
-		CRYPTO_w_lock(CRYPTO_LOCK_X509);
-			policy_cache_new(x);
-		CRYPTO_w_unlock(CRYPTO_LOCK_X509);
-		}
+    if (x->policy_cache == NULL) {
+        CRYPTO_w_lock(CRYPTO_LOCK_X509);
+        policy_cache_new(x);
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+    }
 
-	return x->policy_cache;
+    return x->policy_cache;
 
-	}
+}
 
 X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache,
-						const ASN1_OBJECT *id)
-	{
-	int idx;
-	X509_POLICY_DATA tmp;
-	tmp.valid_policy = (ASN1_OBJECT *)id;
-	idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
-	if (idx == -1)
-		return NULL;
-	return sk_X509_POLICY_DATA_value(cache->data, idx);
-	}
+                                         const ASN1_OBJECT *id)
+{
+    int idx;
+    X509_POLICY_DATA tmp;
+    tmp.valid_policy = (ASN1_OBJECT *)id;
+    idx = sk_X509_POLICY_DATA_find(cache->data, &tmp);
+    if (idx == -1)
+        return NULL;
+    return sk_X509_POLICY_DATA_value(cache->data, idx);
+}
 
-static int policy_data_cmp(const X509_POLICY_DATA * const *a,
-				const X509_POLICY_DATA * const *b)
-	{
-	return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy);
-	}
+static int policy_data_cmp(const X509_POLICY_DATA *const *a,
+                           const X509_POLICY_DATA *const *b)
+{
+    return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy);
+}
 
 static int policy_cache_set_int(long *out, ASN1_INTEGER *value)
-	{
-	if (value == NULL)
-		return 1;
-	if (value->type == V_ASN1_NEG_INTEGER)
-		return 0;
-	*out = ASN1_INTEGER_get(value);
-	return 1;
-	}
+{
+    if (value == NULL)
+        return 1;
+    if (value->type == V_ASN1_NEG_INTEGER)
+        return 0;
+    *out = ASN1_INTEGER_get(value);
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c
index fb392b90..0a6b83bb 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_data.c
@@ -1,6 +1,7 @@
 /* pcy_data.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2004.
  */
 /* ====================================================================
  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -65,67 +66,62 @@
 /* Policy Node routines */
 
 void policy_data_free(X509_POLICY_DATA *data)
-	{
-	ASN1_OBJECT_free(data->valid_policy);
-	/* Don't free qualifiers if shared */
-	if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS))
-		sk_POLICYQUALINFO_pop_free(data->qualifier_set,
-					POLICYQUALINFO_free);
-	sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free);
-	OPENSSL_free(data);
-	}
+{
+    ASN1_OBJECT_free(data->valid_policy);
+    /* Don't free qualifiers if shared */
+    if (!(data->flags & POLICY_DATA_FLAG_SHARED_QUALIFIERS))
+        sk_POLICYQUALINFO_pop_free(data->qualifier_set, POLICYQUALINFO_free);
+    sk_ASN1_OBJECT_pop_free(data->expected_policy_set, ASN1_OBJECT_free);
+    OPENSSL_free(data);
+}
 
-/* Create a data based on an existing policy. If 'id' is NULL use the
- * oid in the policy, otherwise use 'id'. This behaviour covers the two
- * types of data in RFC3280: data with from a CertificatePolcies extension
- * and additional data with just the qualifiers of anyPolicy and ID from
- * another source.
+/*
+ * Create a data based on an existing policy. If 'id' is NULL use the oid in
+ * the policy, otherwise use 'id'. This behaviour covers the two types of
+ * data in RFC3280: data with from a CertificatePolcies extension and
+ * additional data with just the qualifiers of anyPolicy and ID from another
+ * source.
  */
 
-X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id, int crit)
-	{
-	X509_POLICY_DATA *ret;
-	if (!policy && !id)
-		return NULL;
-	if (id)
-		{
-		id = OBJ_dup(id);
-		if (!id)
-			return NULL;
-		}
-	ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA));
-	if (!ret)
-		return NULL;
-	ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
-	if (!ret->expected_policy_set)
-		{
-		OPENSSL_free(ret);
-		if (id)
-			ASN1_OBJECT_free(id);
-		return NULL;
-		}
+X509_POLICY_DATA *policy_data_new(POLICYINFO *policy, ASN1_OBJECT *id,
+                                  int crit)
+{
+    X509_POLICY_DATA *ret;
+    if (!policy && !id)
+        return NULL;
+    if (id) {
+        id = OBJ_dup(id);
+        if (!id)
+            return NULL;
+    }
+    ret = OPENSSL_malloc(sizeof(X509_POLICY_DATA));
+    if (!ret)
+        return NULL;
+    ret->expected_policy_set = sk_ASN1_OBJECT_new_null();
+    if (!ret->expected_policy_set) {
+        OPENSSL_free(ret);
+        if (id)
+            ASN1_OBJECT_free(id);
+        return NULL;
+    }
 
-	if (crit)
-		ret->flags = POLICY_DATA_FLAG_CRITICAL;
-	else
-		ret->flags = 0;
+    if (crit)
+        ret->flags = POLICY_DATA_FLAG_CRITICAL;
+    else
+        ret->flags = 0;
 
-	if (id)
-		ret->valid_policy = id;
-	else
-		{
-		ret->valid_policy = policy->policyid;
-		policy->policyid = NULL;
-		}
+    if (id)
+        ret->valid_policy = id;
+    else {
+        ret->valid_policy = policy->policyid;
+        policy->policyid = NULL;
+    }
 
-	if (policy)
-		{
-		ret->qualifier_set = policy->qualifiers;
-		policy->qualifiers = NULL;
-		}
-	else
-		ret->qualifier_set = NULL;
-
-	return ret;
-	}
+    if (policy) {
+        ret->qualifier_set = policy->qualifiers;
+        policy->qualifiers = NULL;
+    } else
+        ret->qualifier_set = NULL;
 
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c
index 93bfd927..dbb29835 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_lib.c
@@ -1,6 +1,7 @@
 /* pcy_lib.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2004.
  */
 /* ====================================================================
  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,7 +57,6 @@
  *
  */
 
-
 #include "cryptlib.h"
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
@@ -68,100 +68,100 @@
 /* X509_POLICY_TREE stuff */
 
 int X509_policy_tree_level_count(const X509_POLICY_TREE *tree)
-	{
-	if (!tree)
-		return 0;
-	return tree->nlevel;
-	}
-
-X509_POLICY_LEVEL *
-	X509_policy_tree_get0_level(const X509_POLICY_TREE *tree, int i)
-	{
-	if (!tree || (i < 0) || (i >= tree->nlevel))
-		return NULL;
-	return tree->levels + i;
-	}
-
-STACK_OF(X509_POLICY_NODE) *
-		X509_policy_tree_get0_policies(const X509_POLICY_TREE *tree)
-	{
-	if (!tree)
-		return NULL;
-	return tree->auth_policies;
-	}
-
-STACK_OF(X509_POLICY_NODE) *
-	X509_policy_tree_get0_user_policies(const X509_POLICY_TREE *tree)
-	{
-	if (!tree)
-		return NULL;
-	if (tree->flags & POLICY_FLAG_ANY_POLICY)
-		return tree->auth_policies;
-	else
-		return tree->user_policies;
-	}
+{
+    if (!tree)
+        return 0;
+    return tree->nlevel;
+}
+
+X509_POLICY_LEVEL *X509_policy_tree_get0_level(const X509_POLICY_TREE *tree,
+                                               int i)
+{
+    if (!tree || (i < 0) || (i >= tree->nlevel))
+        return NULL;
+    return tree->levels + i;
+}
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_policies(const
+                                                           X509_POLICY_TREE
+                                                           *tree)
+{
+    if (!tree)
+        return NULL;
+    return tree->auth_policies;
+}
+
+STACK_OF(X509_POLICY_NODE) *X509_policy_tree_get0_user_policies(const
+                                                                X509_POLICY_TREE
+                                                                *tree)
+{
+    if (!tree)
+        return NULL;
+    if (tree->flags & POLICY_FLAG_ANY_POLICY)
+        return tree->auth_policies;
+    else
+        return tree->user_policies;
+}
 
 /* X509_POLICY_LEVEL stuff */
 
 int X509_policy_level_node_count(X509_POLICY_LEVEL *level)
-	{
-	int n;
-	if (!level)
-		return 0;
-	if (level->anyPolicy)
-		n = 1;
-	else
-		n = 0;
-	if (level->nodes)
-		n += sk_X509_POLICY_NODE_num(level->nodes);
-	return n;
-	}
+{
+    int n;
+    if (!level)
+        return 0;
+    if (level->anyPolicy)
+        n = 1;
+    else
+        n = 0;
+    if (level->nodes)
+        n += sk_X509_POLICY_NODE_num(level->nodes);
+    return n;
+}
 
 X509_POLICY_NODE *X509_policy_level_get0_node(X509_POLICY_LEVEL *level, int i)
-	{
-	if (!level)
-		return NULL;
-	if (level->anyPolicy)
-		{
-		if (i == 0)
-			return level->anyPolicy;
-		i--;
-		}
-	return sk_X509_POLICY_NODE_value(level->nodes, i);
-	}
+{
+    if (!level)
+        return NULL;
+    if (level->anyPolicy) {
+        if (i == 0)
+            return level->anyPolicy;
+        i--;
+    }
+    return sk_X509_POLICY_NODE_value(level->nodes, i);
+}
 
 /* X509_POLICY_NODE stuff */
 
 const ASN1_OBJECT *X509_policy_node_get0_policy(const X509_POLICY_NODE *node)
-	{
-	if (!node)
-		return NULL;
-	return node->data->valid_policy;
-	}
+{
+    if (!node)
+        return NULL;
+    return node->data->valid_policy;
+}
 
 #if 0
 int X509_policy_node_get_critical(const X509_POLICY_NODE *node)
-	{
-	if (node_critical(node))
-		return 1;
-	return 0;
-	}
+{
+    if (node_critical(node))
+        return 1;
+    return 0;
+}
 #endif
 
-STACK_OF(POLICYQUALINFO) *
-		X509_policy_node_get0_qualifiers(const X509_POLICY_NODE *node)
-	{
-	if (!node)
-		return NULL;
-	return node->data->qualifier_set;
-	}
-
-const X509_POLICY_NODE *
-		X509_policy_node_get0_parent(const X509_POLICY_NODE *node)
-	{
-	if (!node)
-		return NULL;
-	return node->parent;
-	}
-
-
+STACK_OF(POLICYQUALINFO) *X509_policy_node_get0_qualifiers(const
+                                                           X509_POLICY_NODE
+                                                           *node)
+{
+    if (!node)
+        return NULL;
+    return node->data->qualifier_set;
+}
+
+const X509_POLICY_NODE *X509_policy_node_get0_parent(const X509_POLICY_NODE
+                                                     *node)
+{
+    if (!node)
+        return NULL;
+    return node->parent;
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c
index acd2ede6..0067c3d1 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_map.c
@@ -1,6 +1,7 @@
 /* pcy_map.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2004.
  */
 /* ====================================================================
  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -63,126 +64,122 @@
 #include "pcy_int.h"
 
 static int ref_cmp(const X509_POLICY_REF * const *a,
-			const X509_POLICY_REF * const *b)
-	{
-	return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy);
-	}
-
-static void policy_map_free(X509_POLICY_REF *map)
-	{
-	OPENSSL_free(map);
-	}
-
-static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache, ASN1_OBJECT *id)
-	{
-	X509_POLICY_REF tmp;
-	int idx;
-	tmp.subjectDomainPolicy = id;
-
-	idx = sk_X509_POLICY_REF_find(cache->maps, &tmp);
-	if (idx == -1)
-		return NULL;
-	return sk_X509_POLICY_REF_value(cache->maps, idx);
-	}
-
-/* Set policy mapping entries in cache.
- * Note: this modifies the passed POLICY_MAPPINGS structure
+                   const X509_POLICY_REF * const *b)
+{
+    return OBJ_cmp((*a)->subjectDomainPolicy, (*b)->subjectDomainPolicy);
+}
+
+static void policy_map_free(X509_POLICY_REF * map)
+{
+    OPENSSL_free(map);
+}
+
+static X509_POLICY_REF *policy_map_find(X509_POLICY_CACHE *cache,
+                                        ASN1_OBJECT *id)
+{
+    X509_POLICY_REF tmp;
+    int idx;
+    tmp.subjectDomainPolicy = id;
+
+    idx = sk_X509_POLICY_REF_find(cache->maps, &tmp);
+    if (idx == -1)
+        return NULL;
+    return sk_X509_POLICY_REF_value(cache->maps, idx);
+}
+
+/*
+ * Set policy mapping entries in cache. Note: this modifies the passed
+ * POLICY_MAPPINGS structure
  */
 
 int policy_cache_set_mapping(X509 *x, POLICY_MAPPINGS *maps)
-	{
-	POLICY_MAPPING *map;
-	X509_POLICY_REF *ref = NULL;
-	ASN1_OBJECT *subjectDomainPolicyRef;
-	X509_POLICY_DATA *data;
-	X509_POLICY_CACHE *cache = x->policy_cache;
-	int i;
-	int ret = 0;
-	if (sk_POLICY_MAPPING_num(maps) == 0)
-		{
-		ret = -1;
-		goto bad_mapping;
-		}
-	cache->maps = sk_X509_POLICY_REF_new(ref_cmp);
-	for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++)
-		{
-		map = sk_POLICY_MAPPING_value(maps, i);
-		/* Reject if map to or from anyPolicy */
-		if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)
-		   || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy))
-			{
-			ret = -1;
-			goto bad_mapping;
-			}
-
-		/* If we've already mapped from this OID bad mapping */
-		if (policy_map_find(cache, map->subjectDomainPolicy) != NULL)
-			{
-			ret = -1;
-			goto bad_mapping;
-			}
-
-		/* Attempt to find matching policy data */
-		data = policy_cache_find_data(cache, map->issuerDomainPolicy);
-		/* If we don't have anyPolicy can't map */
-		if (!data && !cache->anyPolicy)
-			continue;
-
-		/* Create a NODE from anyPolicy */
-		if (!data)
-			{
-			data = policy_data_new(NULL, map->issuerDomainPolicy,
-					cache->anyPolicy->flags
-						& POLICY_DATA_FLAG_CRITICAL);
-			if (!data)
-				goto bad_mapping;
-			data->qualifier_set = cache->anyPolicy->qualifier_set;
-			map->issuerDomainPolicy = NULL;
-			data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
-			data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
-			if (!sk_X509_POLICY_DATA_push(cache->data, data))
-				{
-				policy_data_free(data);
-				goto bad_mapping;
-				}
-			}
-		else
-			data->flags |= POLICY_DATA_FLAG_MAPPED;
-
-		if (!sk_ASN1_OBJECT_push(data->expected_policy_set, 
-						map->subjectDomainPolicy))
-			goto bad_mapping;
-                /* map->subjectDomainPolicy will be freed when
-                 * cache->data is freed. Set it to NULL to avoid double-free. */
-                subjectDomainPolicyRef = map->subjectDomainPolicy;
-                map->subjectDomainPolicy = NULL;
-		
-		ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));
-		if (!ref)
-			goto bad_mapping;
-
-		ref->subjectDomainPolicy = subjectDomainPolicyRef;
-		ref->data = data;
-
-		if (!sk_X509_POLICY_REF_push(cache->maps, ref))
-			goto bad_mapping;
-
-		ref = NULL;
-
-		}
-
-	ret = 1;
-	bad_mapping:
-	if (ret == -1)
-		x->ex_flags |= EXFLAG_INVALID_POLICY;
-	if (ref)
-		policy_map_free(ref);
-	if (ret <= 0)
-		{
-		sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free);
-		cache->maps = NULL;
-		}
-	sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
-	return ret;
-
-	}
+{
+    POLICY_MAPPING *map;
+    X509_POLICY_REF *ref = NULL;
+    ASN1_OBJECT *subjectDomainPolicyRef;
+    X509_POLICY_DATA *data;
+    X509_POLICY_CACHE *cache = x->policy_cache;
+    int i;
+    int ret = 0;
+    if (sk_POLICY_MAPPING_num(maps) == 0) {
+        ret = -1;
+        goto bad_mapping;
+    }
+    cache->maps = sk_X509_POLICY_REF_new(ref_cmp);
+    for (i = 0; i < sk_POLICY_MAPPING_num(maps); i++) {
+        map = sk_POLICY_MAPPING_value(maps, i);
+        /* Reject if map to or from anyPolicy */
+        if ((OBJ_obj2nid(map->subjectDomainPolicy) == NID_any_policy)
+            || (OBJ_obj2nid(map->issuerDomainPolicy) == NID_any_policy)) {
+            ret = -1;
+            goto bad_mapping;
+        }
+
+        /* If we've already mapped from this OID bad mapping */
+        if (policy_map_find(cache, map->subjectDomainPolicy) != NULL) {
+            ret = -1;
+            goto bad_mapping;
+        }
+
+        /* Attempt to find matching policy data */
+        data = policy_cache_find_data(cache, map->issuerDomainPolicy);
+        /* If we don't have anyPolicy can't map */
+        if (!data && !cache->anyPolicy)
+            continue;
+
+        /* Create a NODE from anyPolicy */
+        if (!data) {
+            data = policy_data_new(NULL, map->issuerDomainPolicy,
+                                   cache->anyPolicy->flags
+                                   & POLICY_DATA_FLAG_CRITICAL);
+            if (!data)
+                goto bad_mapping;
+            data->qualifier_set = cache->anyPolicy->qualifier_set;
+            map->issuerDomainPolicy = NULL;
+            data->flags |= POLICY_DATA_FLAG_MAPPED_ANY;
+            data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+            if (!sk_X509_POLICY_DATA_push(cache->data, data)) {
+                policy_data_free(data);
+                goto bad_mapping;
+            }
+        } else
+            data->flags |= POLICY_DATA_FLAG_MAPPED;
+
+        if (!sk_ASN1_OBJECT_push(data->expected_policy_set,
+                                 map->subjectDomainPolicy))
+            goto bad_mapping;
+        /*
+         * map->subjectDomainPolicy will be freed when cache->data is freed.
+         * Set it to NULL to avoid double-free.
+         */
+        subjectDomainPolicyRef = map->subjectDomainPolicy;
+        map->subjectDomainPolicy = NULL;
+
+        ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));
+        if (!ref)
+            goto bad_mapping;
+
+        ref->subjectDomainPolicy = subjectDomainPolicyRef;
+        ref->data = data;
+
+        if (!sk_X509_POLICY_REF_push(cache->maps, ref))
+            goto bad_mapping;
+
+        ref = NULL;
+
+    }
+
+    ret = 1;
+ bad_mapping:
+    if (ret == -1)
+        x->ex_flags |= EXFLAG_INVALID_POLICY;
+    if (ref)
+        policy_map_free(ref);
+    if (ret <= 0) {
+        sk_X509_POLICY_REF_pop_free(cache->maps, policy_map_free);
+        cache->maps = NULL;
+    }
+    sk_POLICY_MAPPING_pop_free(maps, POLICY_MAPPING_free);
+    return ret;
+
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c
index 6587cb05..438b49bb 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_node.c
@@ -1,6 +1,7 @@
 /* pcy_node.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2004.
  */
 /* ====================================================================
  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,97 +63,90 @@
 
 #include "pcy_int.h"
 
-static int node_cmp(const X509_POLICY_NODE * const *a,
-			const X509_POLICY_NODE * const *b)
-	{
-	return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);
-	}
+static int node_cmp(const X509_POLICY_NODE *const *a,
+                    const X509_POLICY_NODE *const *b)
+{
+    return OBJ_cmp((*a)->data->valid_policy, (*b)->data->valid_policy);
+}
 
 STACK_OF(X509_POLICY_NODE) *policy_node_cmp_new(void)
-	{
-	return sk_X509_POLICY_NODE_new(node_cmp);
-	}
+{
+    return sk_X509_POLICY_NODE_new(node_cmp);
+}
 
 X509_POLICY_NODE *tree_find_sk(STACK_OF(X509_POLICY_NODE) *nodes,
-					const ASN1_OBJECT *id)
-	{
-	X509_POLICY_DATA n;
-	X509_POLICY_NODE l;
-	int idx;
+                               const ASN1_OBJECT *id)
+{
+    X509_POLICY_DATA n;
+    X509_POLICY_NODE l;
+    int idx;
 
-	n.valid_policy = (ASN1_OBJECT *)id;
-	l.data = &n;
+    n.valid_policy = (ASN1_OBJECT *)id;
+    l.data = &n;
 
-	idx = sk_X509_POLICY_NODE_find(nodes, &l);
-	if (idx == -1)
-		return NULL;
+    idx = sk_X509_POLICY_NODE_find(nodes, &l);
+    if (idx == -1)
+        return NULL;
 
-	return sk_X509_POLICY_NODE_value(nodes, idx);
+    return sk_X509_POLICY_NODE_value(nodes, idx);
 
-	}
+}
 
 X509_POLICY_NODE *level_find_node(const X509_POLICY_LEVEL *level,
-					const ASN1_OBJECT *id)
-	{
-	return tree_find_sk(level->nodes, id);
-	}
+                                  const ASN1_OBJECT *id)
+{
+    return tree_find_sk(level->nodes, id);
+}
 
 X509_POLICY_NODE *level_add_node(X509_POLICY_LEVEL *level,
-			X509_POLICY_DATA *data,
-			X509_POLICY_NODE *parent,
-			X509_POLICY_TREE *tree)
-	{
-	X509_POLICY_NODE *node;
-	node = OPENSSL_malloc(sizeof(X509_POLICY_NODE));
-	if (!node)
-		return NULL;
-	node->data = data;
-	node->parent = parent;
-	node->nchild = 0;
-	if (level)
-		{
-		if (OBJ_obj2nid(data->valid_policy) == NID_any_policy)
-			{
-			if (level->anyPolicy)
-				goto node_error;
-			level->anyPolicy = node;
-			}
-		else
-			{
-
-			if (!level->nodes)
-				level->nodes = policy_node_cmp_new();
-			if (!level->nodes)
-				goto node_error;
-			if (!sk_X509_POLICY_NODE_push(level->nodes, node))
-				goto node_error;
-			}
-		}
-
-	if (tree)
-		{
-		if (!tree->extra_data)
-			 tree->extra_data = sk_X509_POLICY_DATA_new_null();
-		if (!tree->extra_data)
-			goto node_error;
-		if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
-			goto node_error;
-		}
-
-	if (parent)
-		parent->nchild++;
-
-	return node;
-
-	node_error:
-	policy_node_free(node);
-	return 0;
-
-	}
+                                 X509_POLICY_DATA *data,
+                                 X509_POLICY_NODE *parent,
+                                 X509_POLICY_TREE *tree)
+{
+    X509_POLICY_NODE *node;
+    node = OPENSSL_malloc(sizeof(X509_POLICY_NODE));
+    if (!node)
+        return NULL;
+    node->data = data;
+    node->parent = parent;
+    node->nchild = 0;
+    if (level) {
+        if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) {
+            if (level->anyPolicy)
+                goto node_error;
+            level->anyPolicy = node;
+        } else {
+
+            if (!level->nodes)
+                level->nodes = policy_node_cmp_new();
+            if (!level->nodes)
+                goto node_error;
+            if (!sk_X509_POLICY_NODE_push(level->nodes, node))
+                goto node_error;
+        }
+    }
+
+    if (tree) {
+        if (!tree->extra_data)
+            tree->extra_data = sk_X509_POLICY_DATA_new_null();
+        if (!tree->extra_data)
+            goto node_error;
+        if (!sk_X509_POLICY_DATA_push(tree->extra_data, data))
+            goto node_error;
+    }
+
+    if (parent)
+        parent->nchild++;
+
+    return node;
+
+ node_error:
+    policy_node_free(node);
+    return 0;
+
+}
 
 void policy_node_free(X509_POLICY_NODE *node)
-	{
-	OPENSSL_free(node);
-	}
-
-
+{
+    OPENSSL_free(node);
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c
index 92ad0a2b..9e506e91 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/pcy_tree.c
@@ -1,6 +1,7 @@
 /* pcy_tree.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2004.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2004.
  */
 /* ====================================================================
  * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,7 +63,8 @@
 
 #include "pcy_int.h"
 
-/* Initialize policy tree. Return values:
+/*-
+ * Initialize policy tree. Return values:
  *  0 Some internal error occured.
  * -1 Inconsistent or invalid extensions in certificates.
  *  1 Tree initialized OK.
@@ -72,626 +74,592 @@
  */
 
 static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
-			unsigned int flags)
-	{
-	X509_POLICY_TREE *tree;
-	X509_POLICY_LEVEL *level;
-	const X509_POLICY_CACHE *cache;
-	X509_POLICY_DATA *data = NULL;
-	X509 *x;
-	int ret = 1;
-	int i, n;
-	int explicit_policy;
-	int any_skip;
-	int map_skip;
-	*ptree = NULL;
-	n = sk_X509_num(certs);
-
-	/* Disable policy mapping for now... */
-	flags |= X509_V_FLAG_INHIBIT_MAP;
-
-	if (flags & X509_V_FLAG_EXPLICIT_POLICY)
-		explicit_policy = 0;
-	else
-		explicit_policy = n + 1;
-
-	if (flags & X509_V_FLAG_INHIBIT_ANY)
-		any_skip = 0;
-	else
-		any_skip = n + 1;
-
-	if (flags & X509_V_FLAG_INHIBIT_MAP)
-		map_skip = 0;
-	else
-		map_skip = n + 1;
-
-	/* Can't do anything with just a trust anchor */
-	if (n == 1)
-		return 1;
-	/* First setup policy cache in all certificates apart from the
-	 * trust anchor. Note any bad cache results on the way. Also can
-	 * calculate explicit_policy value at this point.
-	 */
-	for (i = n - 2; i >= 0; i--)
-		{
-		x = sk_X509_value(certs, i);
-		X509_check_purpose(x, -1, -1);
-		cache = policy_cache_set(x);
-		/* If cache NULL something bad happened: return immediately */
-		if (cache == NULL)
-			return 0;
-		/* If inconsistent extensions keep a note of it but continue */
-		if (x->ex_flags & EXFLAG_INVALID_POLICY)
-			ret = -1;
-		/* Otherwise if we have no data (hence no CertificatePolicies)
-		 * and haven't already set an inconsistent code note it.
-		 */
-		else if ((ret == 1) && !cache->data)
-			ret = 2;
-		if (explicit_policy > 0)
-			{
-			if (!(x->ex_flags & EXFLAG_SI))
-				explicit_policy--;
-			if ((cache->explicit_skip != -1)
-				&& (cache->explicit_skip < explicit_policy))
-				explicit_policy = cache->explicit_skip;
-			}
-		}
-
-	if (ret != 1)
-		{
-		if (ret == 2 && !explicit_policy)
-			return 6;
-		return ret;
-		}
-
-
-	/* If we get this far initialize the tree */
-
-	tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE));
-
-	if (!tree)
-		return 0;
-
-	tree->flags = 0;
-	tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n);
-	tree->nlevel = 0;
-	tree->extra_data = NULL;
-	tree->auth_policies = NULL;
-	tree->user_policies = NULL;
-
-	if (!tree->levels)
-		{
-		OPENSSL_free(tree);
-		return 0;
-		}
-
-	memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL));
-
-	tree->nlevel = n;
-
-	level = tree->levels;
-
-	/* Root data: initialize to anyPolicy */
-
-	data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0);
-
-	if (!data || !level_add_node(level, data, NULL, tree))
-		goto bad_tree;
-
-	for (i = n - 2; i >= 0; i--)
-		{
-		level++;
-		x = sk_X509_value(certs, i);
-		cache = policy_cache_set(x);
-
-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-		level->cert = x;
-
-		if (!cache->anyPolicy)
-				level->flags |= X509_V_FLAG_INHIBIT_ANY;
-
-		/* Determine inhibit any and inhibit map flags */
-		if (any_skip == 0)
-			{
-			/* Any matching allowed if certificate is self
-			 * issued and not the last in the chain.
-			 */
-			if (!(x->ex_flags & EXFLAG_SI) || (i == 0))
-				level->flags |= X509_V_FLAG_INHIBIT_ANY;
-			}
-		else
-			{
-			if (!(x->ex_flags & EXFLAG_SI))
-				any_skip--;
-			if ((cache->any_skip >= 0)
-				&& (cache->any_skip < any_skip))
-				any_skip = cache->any_skip;
-			}
-
-		if (map_skip == 0)
-			level->flags |= X509_V_FLAG_INHIBIT_MAP;
-		else
-			{
-			map_skip--;
-			if ((cache->map_skip >= 0)
-				&& (cache->map_skip < map_skip))
-				map_skip = cache->map_skip;
-			}
-
-
-		}
-
-	*ptree = tree;
-
-	if (explicit_policy)
-		return 1;
-	else
-		return 5;
-
-	bad_tree:
-
-	X509_policy_tree_free(tree);
-
-	return 0;
-
-	}
-
-/* This corresponds to RFC3280 XXXX XXXXX:
- * link any data from CertificatePolicies onto matching parent
- * or anyPolicy if no match.
+                     unsigned int flags)
+{
+    X509_POLICY_TREE *tree;
+    X509_POLICY_LEVEL *level;
+    const X509_POLICY_CACHE *cache;
+    X509_POLICY_DATA *data = NULL;
+    X509 *x;
+    int ret = 1;
+    int i, n;
+    int explicit_policy;
+    int any_skip;
+    int map_skip;
+    *ptree = NULL;
+    n = sk_X509_num(certs);
+
+    /* Disable policy mapping for now... */
+    flags |= X509_V_FLAG_INHIBIT_MAP;
+
+    if (flags & X509_V_FLAG_EXPLICIT_POLICY)
+        explicit_policy = 0;
+    else
+        explicit_policy = n + 1;
+
+    if (flags & X509_V_FLAG_INHIBIT_ANY)
+        any_skip = 0;
+    else
+        any_skip = n + 1;
+
+    if (flags & X509_V_FLAG_INHIBIT_MAP)
+        map_skip = 0;
+    else
+        map_skip = n + 1;
+
+    /* Can't do anything with just a trust anchor */
+    if (n == 1)
+        return 1;
+    /*
+     * First setup policy cache in all certificates apart from the trust
+     * anchor. Note any bad cache results on the way. Also can calculate
+     * explicit_policy value at this point.
+     */
+    for (i = n - 2; i >= 0; i--) {
+        x = sk_X509_value(certs, i);
+        X509_check_purpose(x, -1, -1);
+        cache = policy_cache_set(x);
+        /* If cache NULL something bad happened: return immediately */
+        if (cache == NULL)
+            return 0;
+        /*
+         * If inconsistent extensions keep a note of it but continue
+         */
+        if (x->ex_flags & EXFLAG_INVALID_POLICY)
+            ret = -1;
+        /*
+         * Otherwise if we have no data (hence no CertificatePolicies) and
+         * haven't already set an inconsistent code note it.
+         */
+        else if ((ret == 1) && !cache->data)
+            ret = 2;
+        if (explicit_policy > 0) {
+            if (!(x->ex_flags & EXFLAG_SI))
+                explicit_policy--;
+            if ((cache->explicit_skip != -1)
+                && (cache->explicit_skip < explicit_policy))
+                explicit_policy = cache->explicit_skip;
+        }
+    }
+
+    if (ret != 1) {
+        if (ret == 2 && !explicit_policy)
+            return 6;
+        return ret;
+    }
+
+    /* If we get this far initialize the tree */
+
+    tree = OPENSSL_malloc(sizeof(X509_POLICY_TREE));
+
+    if (!tree)
+        return 0;
+
+    tree->flags = 0;
+    tree->levels = OPENSSL_malloc(sizeof(X509_POLICY_LEVEL) * n);
+    tree->nlevel = 0;
+    tree->extra_data = NULL;
+    tree->auth_policies = NULL;
+    tree->user_policies = NULL;
+
+    if (!tree->levels) {
+        OPENSSL_free(tree);
+        return 0;
+    }
+
+    memset(tree->levels, 0, n * sizeof(X509_POLICY_LEVEL));
+
+    tree->nlevel = n;
+
+    level = tree->levels;
+
+    /* Root data: initialize to anyPolicy */
+
+    data = policy_data_new(NULL, OBJ_nid2obj(NID_any_policy), 0);
+
+    if (!data || !level_add_node(level, data, NULL, tree))
+        goto bad_tree;
+
+    for (i = n - 2; i >= 0; i--) {
+        level++;
+        x = sk_X509_value(certs, i);
+        cache = policy_cache_set(x);
+
+        CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
+        level->cert = x;
+
+        if (!cache->anyPolicy)
+            level->flags |= X509_V_FLAG_INHIBIT_ANY;
+
+        /* Determine inhibit any and inhibit map flags */
+        if (any_skip == 0) {
+            /*
+             * Any matching allowed if certificate is self issued and not the
+             * last in the chain.
+             */
+            if (!(x->ex_flags & EXFLAG_SI) || (i == 0))
+                level->flags |= X509_V_FLAG_INHIBIT_ANY;
+        } else {
+            if (!(x->ex_flags & EXFLAG_SI))
+                any_skip--;
+            if ((cache->any_skip >= 0)
+                && (cache->any_skip < any_skip))
+                any_skip = cache->any_skip;
+        }
+
+        if (map_skip == 0)
+            level->flags |= X509_V_FLAG_INHIBIT_MAP;
+        else {
+            map_skip--;
+            if ((cache->map_skip >= 0)
+                && (cache->map_skip < map_skip))
+                map_skip = cache->map_skip;
+        }
+
+    }
+
+    *ptree = tree;
+
+    if (explicit_policy)
+        return 1;
+    else
+        return 5;
+
+ bad_tree:
+
+    X509_policy_tree_free(tree);
+
+    return 0;
+
+}
+
+/*
+ * This corresponds to RFC3280 XXXX XXXXX: link any data from
+ * CertificatePolicies onto matching parent or anyPolicy if no match.
  */
 
 static int tree_link_nodes(X509_POLICY_LEVEL *curr,
-				const X509_POLICY_CACHE *cache)
-	{
-	int i;
-	X509_POLICY_LEVEL *last;
-	X509_POLICY_DATA *data;
-	X509_POLICY_NODE *parent;
-	last = curr - 1;
-	for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++)
-		{
-		data = sk_X509_POLICY_DATA_value(cache->data, i);
-		/* If a node is mapped any it doesn't have a corresponding
-		 * CertificatePolicies entry. 
-		 * However such an identical node would be created
-		 * if anyPolicy matching is enabled because there would be
-		 * no match with the parent valid_policy_set. So we create
-		 * link because then it will have the mapping flags
-		 * right and we can prune it later.
-		 */
-		if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY)
-			&& !(curr->flags & X509_V_FLAG_INHIBIT_ANY))
-			continue;
-		/* Look for matching node in parent */
-		parent = level_find_node(last, data->valid_policy);
-		/* If no match link to anyPolicy */
-		if (!parent)
-			parent = last->anyPolicy;
-		if (parent && !level_add_node(curr, data, parent, NULL))
-				return 0;
-		}
-	return 1;
-	}
-
-/* This corresponds to RFC3280 XXXX XXXXX:
- * Create new data for any unmatched policies in the parent and link
- * to anyPolicy.
+                           const X509_POLICY_CACHE *cache)
+{
+    int i;
+    X509_POLICY_LEVEL *last;
+    X509_POLICY_DATA *data;
+    X509_POLICY_NODE *parent;
+    last = curr - 1;
+    for (i = 0; i < sk_X509_POLICY_DATA_num(cache->data); i++) {
+        data = sk_X509_POLICY_DATA_value(cache->data, i);
+        /*
+         * If a node is mapped any it doesn't have a corresponding
+         * CertificatePolicies entry. However such an identical node would
+         * be created if anyPolicy matching is enabled because there would be
+         * no match with the parent valid_policy_set. So we create link
+         * because then it will have the mapping flags right and we can prune
+         * it later.
+         */
+        if ((data->flags & POLICY_DATA_FLAG_MAPPED_ANY)
+            && !(curr->flags & X509_V_FLAG_INHIBIT_ANY))
+            continue;
+        /* Look for matching node in parent */
+        parent = level_find_node(last, data->valid_policy);
+        /* If no match link to anyPolicy */
+        if (!parent)
+            parent = last->anyPolicy;
+        if (parent && !level_add_node(curr, data, parent, NULL))
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * This corresponds to RFC3280 XXXX XXXXX: Create new data for any unmatched
+ * policies in the parent and link to anyPolicy.
  */
 
 static int tree_link_any(X509_POLICY_LEVEL *curr,
-			const X509_POLICY_CACHE *cache,
-			X509_POLICY_TREE *tree)
-	{
-	int i;
-	X509_POLICY_DATA *data;
-	X509_POLICY_NODE *node;
-	X509_POLICY_LEVEL *last;
-
-	last = curr - 1;
-
-	for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++)
-		{
-		node = sk_X509_POLICY_NODE_value(last->nodes, i);
-
-		/* Skip any node with any children: we only want unmathced
-		 * nodes.
-		 *
-		 * Note: need something better for policy mapping
-		 * because each node may have multiple children 
-		 */
-		if (node->nchild)
-			continue;
-		/* Create a new node with qualifiers from anyPolicy and
-		 * id from unmatched node.
-		 */
-		data = policy_data_new(NULL, node->data->valid_policy, 
-						node_critical(node));
-
-		if (data == NULL)
-			return 0;
-		/* Curr may not have anyPolicy */
-		data->qualifier_set = cache->anyPolicy->qualifier_set;
-		data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
-		if (!level_add_node(curr, data, node, tree))
-			{
-			policy_data_free(data);
-			return 0;
-			}
-		}
-	/* Finally add link to anyPolicy */
-	if (last->anyPolicy)
-		{
-		if (!level_add_node(curr, cache->anyPolicy,
-						last->anyPolicy, NULL))
-			return 0;
-		}
-	return 1;
-	}
-
-/* Prune the tree: delete any child mapped child data on the current level
+                         const X509_POLICY_CACHE *cache,
+                         X509_POLICY_TREE *tree)
+{
+    int i;
+    X509_POLICY_DATA *data;
+    X509_POLICY_NODE *node;
+    X509_POLICY_LEVEL *last;
+
+    last = curr - 1;
+
+    for (i = 0; i < sk_X509_POLICY_NODE_num(last->nodes); i++) {
+        node = sk_X509_POLICY_NODE_value(last->nodes, i);
+
+        /*
+         * Skip any node with any children: we only want unmathced nodes.
+         * Note: need something better for policy mapping because each node
+         * may have multiple children
+         */
+        if (node->nchild)
+            continue;
+        /*
+         * Create a new node with qualifiers from anyPolicy and id from
+         * unmatched node.
+         */
+        data = policy_data_new(NULL, node->data->valid_policy,
+                               node_critical(node));
+
+        if (data == NULL)
+            return 0;
+        /* Curr may not have anyPolicy */
+        data->qualifier_set = cache->anyPolicy->qualifier_set;
+        data->flags |= POLICY_DATA_FLAG_SHARED_QUALIFIERS;
+        if (!level_add_node(curr, data, node, tree)) {
+            policy_data_free(data);
+            return 0;
+        }
+    }
+    /* Finally add link to anyPolicy */
+    if (last->anyPolicy) {
+        if (!level_add_node(curr, cache->anyPolicy, last->anyPolicy, NULL))
+            return 0;
+    }
+    return 1;
+}
+
+/*
+ * Prune the tree: delete any child mapped child data on the current level
  * then proceed up the tree deleting any data with no children. If we ever
  * have no data on a level we can halt because the tree will be empty.
  */
 
 static int tree_prune(X509_POLICY_TREE *tree, X509_POLICY_LEVEL *curr)
-	{
-	X509_POLICY_NODE *node;
-	int i;
-	for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--)
-		{
-		node = sk_X509_POLICY_NODE_value(curr->nodes, i);
-		/* Delete any mapped data: see RFC3280 XXXX */
-		if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK)
-			{
-			node->parent->nchild--;
-			OPENSSL_free(node);
-			(void)sk_X509_POLICY_NODE_delete(curr->nodes, i);
-			}
-		}
-
-	for(;;)	{
-		--curr;
-		for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--)
-			{
-			node = sk_X509_POLICY_NODE_value(curr->nodes, i);
-			if (node->nchild == 0)
-				{
-				node->parent->nchild--;
-				OPENSSL_free(node);
-				(void)sk_X509_POLICY_NODE_delete(curr->nodes, i);
-				}
-			}
-		if (curr->anyPolicy && !curr->anyPolicy->nchild)
-			{
-			if (curr->anyPolicy->parent)
-				curr->anyPolicy->parent->nchild--;
-			OPENSSL_free(curr->anyPolicy);
-			curr->anyPolicy = NULL;
-			}
-		if (curr == tree->levels)
-			{
-			/* If we zapped anyPolicy at top then tree is empty */
-			if (!curr->anyPolicy)
-					return 2;
-			return 1;
-			}
-		}
-
-	return 1;
-
-	}
+{
+    X509_POLICY_NODE *node;
+    int i;
+    for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) {
+        node = sk_X509_POLICY_NODE_value(curr->nodes, i);
+        /* Delete any mapped data: see RFC3280 XXXX */
+        if (node->data->flags & POLICY_DATA_FLAG_MAP_MASK) {
+            node->parent->nchild--;
+            OPENSSL_free(node);
+            (void)sk_X509_POLICY_NODE_delete(curr->nodes, i);
+        }
+    }
+
+    for (;;) {
+        --curr;
+        for (i = sk_X509_POLICY_NODE_num(curr->nodes) - 1; i >= 0; i--) {
+            node = sk_X509_POLICY_NODE_value(curr->nodes, i);
+            if (node->nchild == 0) {
+                node->parent->nchild--;
+                OPENSSL_free(node);
+                (void)sk_X509_POLICY_NODE_delete(curr->nodes, i);
+            }
+        }
+        if (curr->anyPolicy && !curr->anyPolicy->nchild) {
+            if (curr->anyPolicy->parent)
+                curr->anyPolicy->parent->nchild--;
+            OPENSSL_free(curr->anyPolicy);
+            curr->anyPolicy = NULL;
+        }
+        if (curr == tree->levels) {
+            /* If we zapped anyPolicy at top then tree is empty */
+            if (!curr->anyPolicy)
+                return 2;
+            return 1;
+        }
+    }
+
+    return 1;
+
+}
 
 static int tree_add_auth_node(STACK_OF(X509_POLICY_NODE) **pnodes,
-						 X509_POLICY_NODE *pcy)
-	{
-	if (!*pnodes)
-		{
-		*pnodes = policy_node_cmp_new();
-		if (!*pnodes)
-			return 0;
-		}
-	else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1)
-		return 1;
-
-	if (!sk_X509_POLICY_NODE_push(*pnodes, pcy))
-		return 0;
-
-	return 1;
-
-	}
-
-/* Calculate the authority set based on policy tree.
- * The 'pnodes' parameter is used as a store for the set of policy nodes
- * used to calculate the user set. If the authority set is not anyPolicy
- * then pnodes will just point to the authority set. If however the authority
- * set is anyPolicy then the set of valid policies (other than anyPolicy)
- * is store in pnodes. The return value of '2' is used in this case to indicate
- * that pnodes should be freed.
+                              X509_POLICY_NODE *pcy)
+{
+    if (!*pnodes) {
+        *pnodes = policy_node_cmp_new();
+        if (!*pnodes)
+            return 0;
+    } else if (sk_X509_POLICY_NODE_find(*pnodes, pcy) != -1)
+        return 1;
+
+    if (!sk_X509_POLICY_NODE_push(*pnodes, pcy))
+        return 0;
+
+    return 1;
+
+}
+
+/*
+ * Calculate the authority set based on policy tree. The 'pnodes' parameter
+ * is used as a store for the set of policy nodes used to calculate the user
+ * set. If the authority set is not anyPolicy then pnodes will just point to
+ * the authority set. If however the authority set is anyPolicy then the set
+ * of valid policies (other than anyPolicy) is store in pnodes. The return
+ * value of '2' is used in this case to indicate that pnodes should be freed.
  */
 
 static int tree_calculate_authority_set(X509_POLICY_TREE *tree,
-					STACK_OF(X509_POLICY_NODE) **pnodes)
-	{
-	X509_POLICY_LEVEL *curr;
-	X509_POLICY_NODE *node, *anyptr;
-	STACK_OF(X509_POLICY_NODE) **addnodes;
-	int i, j;
-	curr = tree->levels + tree->nlevel - 1;
-
-	/* If last level contains anyPolicy set is anyPolicy */
-	if (curr->anyPolicy)
-		{
-		if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy))
-			return 0;
-		addnodes = pnodes;
-		}
-	else
-		/* Add policies to authority set */
-		addnodes = &tree->auth_policies;
-
-	curr = tree->levels;
-	for (i = 1; i < tree->nlevel; i++)
-		{
-		/* If no anyPolicy node on this this level it can't
-		 * appear on lower levels so end search.
-		 */
-		if (!(anyptr = curr->anyPolicy))
-			break;
-		curr++;
-		for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++)
-			{
-			node = sk_X509_POLICY_NODE_value(curr->nodes, j);
-			if ((node->parent == anyptr)
-				&& !tree_add_auth_node(addnodes, node))
-					return 0;
-			}
-		}
-
-	if (addnodes == pnodes)
-		return 2;
-
-	*pnodes = tree->auth_policies;
-
-	return 1;
-	}
+                                        STACK_OF(X509_POLICY_NODE) **pnodes)
+{
+    X509_POLICY_LEVEL *curr;
+    X509_POLICY_NODE *node, *anyptr;
+    STACK_OF(X509_POLICY_NODE) **addnodes;
+    int i, j;
+    curr = tree->levels + tree->nlevel - 1;
+
+    /* If last level contains anyPolicy set is anyPolicy */
+    if (curr->anyPolicy) {
+        if (!tree_add_auth_node(&tree->auth_policies, curr->anyPolicy))
+            return 0;
+        addnodes = pnodes;
+    } else
+        /* Add policies to authority set */
+        addnodes = &tree->auth_policies;
+
+    curr = tree->levels;
+    for (i = 1; i < tree->nlevel; i++) {
+        /*
+         * If no anyPolicy node on this this level it can't appear on lower
+         * levels so end search.
+         */
+        if (!(anyptr = curr->anyPolicy))
+            break;
+        curr++;
+        for (j = 0; j < sk_X509_POLICY_NODE_num(curr->nodes); j++) {
+            node = sk_X509_POLICY_NODE_value(curr->nodes, j);
+            if ((node->parent == anyptr)
+                && !tree_add_auth_node(addnodes, node))
+                return 0;
+        }
+    }
+
+    if (addnodes == pnodes)
+        return 2;
+
+    *pnodes = tree->auth_policies;
+
+    return 1;
+}
 
 static int tree_calculate_user_set(X509_POLICY_TREE *tree,
-				STACK_OF(ASN1_OBJECT) *policy_oids,
-				STACK_OF(X509_POLICY_NODE) *auth_nodes)
-	{
-	int i;
-	X509_POLICY_NODE *node;
-	ASN1_OBJECT *oid;
-
-	X509_POLICY_NODE *anyPolicy;
-	X509_POLICY_DATA *extra;
-
-	/* Check if anyPolicy present in authority constrained policy set:
-	 * this will happen if it is a leaf node.
-	 */
-
-	if (sk_ASN1_OBJECT_num(policy_oids) <= 0)
-		return 1;
-
-	anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy;
-
-	for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++)
-		{
-		oid = sk_ASN1_OBJECT_value(policy_oids, i);
-		if (OBJ_obj2nid(oid) == NID_any_policy)
-			{
-			tree->flags |= POLICY_FLAG_ANY_POLICY;
-			return 1;
-			}
-		}
-
-	for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++)
-		{
-		oid = sk_ASN1_OBJECT_value(policy_oids, i);
-		node = tree_find_sk(auth_nodes, oid);
-		if (!node)
-			{
-			if (!anyPolicy)
-				continue;
-			/* Create a new node with policy ID from user set
-			 * and qualifiers from anyPolicy.
-			 */
-			extra = policy_data_new(NULL, oid,
-						node_critical(anyPolicy));
-			if (!extra)
-				return 0;
-			extra->qualifier_set = anyPolicy->data->qualifier_set;
-			extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
-						| POLICY_DATA_FLAG_EXTRA_NODE;
-			node = level_add_node(NULL, extra, anyPolicy->parent,
-						tree);
-			}
-		if (!tree->user_policies)
-			{
-			tree->user_policies = sk_X509_POLICY_NODE_new_null();
-			if (!tree->user_policies)
-				return 1;
-			}
-		if (!sk_X509_POLICY_NODE_push(tree->user_policies, node))
-			return 0;
-		}
-	return 1;
-
-	}
+                                   STACK_OF(ASN1_OBJECT) *policy_oids,
+                                   STACK_OF(X509_POLICY_NODE) *auth_nodes)
+{
+    int i;
+    X509_POLICY_NODE *node;
+    ASN1_OBJECT *oid;
+
+    X509_POLICY_NODE *anyPolicy;
+    X509_POLICY_DATA *extra;
+
+    /*
+     * Check if anyPolicy present in authority constrained policy set: this
+     * will happen if it is a leaf node.
+     */
+
+    if (sk_ASN1_OBJECT_num(policy_oids) <= 0)
+        return 1;
+
+    anyPolicy = tree->levels[tree->nlevel - 1].anyPolicy;
+
+    for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) {
+        oid = sk_ASN1_OBJECT_value(policy_oids, i);
+        if (OBJ_obj2nid(oid) == NID_any_policy) {
+            tree->flags |= POLICY_FLAG_ANY_POLICY;
+            return 1;
+        }
+    }
+
+    for (i = 0; i < sk_ASN1_OBJECT_num(policy_oids); i++) {
+        oid = sk_ASN1_OBJECT_value(policy_oids, i);
+        node = tree_find_sk(auth_nodes, oid);
+        if (!node) {
+            if (!anyPolicy)
+                continue;
+            /*
+             * Create a new node with policy ID from user set and qualifiers
+             * from anyPolicy.
+             */
+            extra = policy_data_new(NULL, oid, node_critical(anyPolicy));
+            if (!extra)
+                return 0;
+            extra->qualifier_set = anyPolicy->data->qualifier_set;
+            extra->flags = POLICY_DATA_FLAG_SHARED_QUALIFIERS
+                | POLICY_DATA_FLAG_EXTRA_NODE;
+            node = level_add_node(NULL, extra, anyPolicy->parent, tree);
+        }
+        if (!tree->user_policies) {
+            tree->user_policies = sk_X509_POLICY_NODE_new_null();
+            if (!tree->user_policies)
+                return 1;
+        }
+        if (!sk_X509_POLICY_NODE_push(tree->user_policies, node))
+            return 0;
+    }
+    return 1;
+
+}
 
 static int tree_evaluate(X509_POLICY_TREE *tree)
-	{
-	int ret, i;
-	X509_POLICY_LEVEL *curr = tree->levels + 1;
-	const X509_POLICY_CACHE *cache;
+{
+    int ret, i;
+    X509_POLICY_LEVEL *curr = tree->levels + 1;
+    const X509_POLICY_CACHE *cache;
 
-	for(i = 1; i < tree->nlevel; i++, curr++)
-		{
-		cache = policy_cache_set(curr->cert);
-		if (!tree_link_nodes(curr, cache))
-			return 0;
+    for (i = 1; i < tree->nlevel; i++, curr++) {
+        cache = policy_cache_set(curr->cert);
+        if (!tree_link_nodes(curr, cache))
+            return 0;
 
-		if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
-			&& !tree_link_any(curr, cache, tree))
-			return 0;
-		ret = tree_prune(tree, curr);
-		if (ret != 1)
-			return ret;
-		}
+        if (!(curr->flags & X509_V_FLAG_INHIBIT_ANY)
+            && !tree_link_any(curr, cache, tree))
+            return 0;
+        ret = tree_prune(tree, curr);
+        if (ret != 1)
+            return ret;
+    }
 
-	return 1;
+    return 1;
 
-	}
+}
 
 static void exnode_free(X509_POLICY_NODE *node)
-	{
-	if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE))
-		OPENSSL_free(node);
-	}
-
+{
+    if (node->data && (node->data->flags & POLICY_DATA_FLAG_EXTRA_NODE))
+        OPENSSL_free(node);
+}
 
 void X509_policy_tree_free(X509_POLICY_TREE *tree)
-	{
-	X509_POLICY_LEVEL *curr;
-	int i;
+{
+    X509_POLICY_LEVEL *curr;
+    int i;
 
-	if (!tree)
-		return;
+    if (!tree)
+        return;
 
-	sk_X509_POLICY_NODE_free(tree->auth_policies);
-	sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
+    sk_X509_POLICY_NODE_free(tree->auth_policies);
+    sk_X509_POLICY_NODE_pop_free(tree->user_policies, exnode_free);
 
-	for(i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++)
-		{
-		if (curr->cert)
-			X509_free(curr->cert);
-		if (curr->nodes)
-			sk_X509_POLICY_NODE_pop_free(curr->nodes,
-						policy_node_free);
-		if (curr->anyPolicy)
-			policy_node_free(curr->anyPolicy);
-		}
+    for (i = 0, curr = tree->levels; i < tree->nlevel; i++, curr++) {
+        if (curr->cert)
+            X509_free(curr->cert);
+        if (curr->nodes)
+            sk_X509_POLICY_NODE_pop_free(curr->nodes, policy_node_free);
+        if (curr->anyPolicy)
+            policy_node_free(curr->anyPolicy);
+    }
 
-	if (tree->extra_data)
-		sk_X509_POLICY_DATA_pop_free(tree->extra_data,
-						policy_data_free);
+    if (tree->extra_data)
+        sk_X509_POLICY_DATA_pop_free(tree->extra_data, policy_data_free);
 
-	OPENSSL_free(tree->levels);
-	OPENSSL_free(tree);
+    OPENSSL_free(tree->levels);
+    OPENSSL_free(tree);
 
-	}
+}
 
-/* Application policy checking function.
+/*-
+ * Application policy checking function.
  * Return codes:
- *  0 	Internal Error.
+ *  0   Internal Error.
  *  1   Successful.
  * -1   One or more certificates contain invalid or inconsistent extensions
- * -2	User constrained policy set empty and requireExplicit true.
+ * -2   User constrained policy set empty and requireExplicit true.
  */
 
 int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
-			STACK_OF(X509) *certs,
-			STACK_OF(ASN1_OBJECT) *policy_oids,
-			unsigned int flags)
-	{
-	int ret;
-	X509_POLICY_TREE *tree = NULL;
-	STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
-	*ptree = NULL;
+                      STACK_OF(X509) *certs,
+                      STACK_OF(ASN1_OBJECT) *policy_oids, unsigned int flags)
+{
+    int ret;
+    X509_POLICY_TREE *tree = NULL;
+    STACK_OF(X509_POLICY_NODE) *nodes, *auth_nodes = NULL;
+    *ptree = NULL;
 
-	*pexplicit_policy = 0;
-	ret = tree_init(&tree, certs, flags);
+    *pexplicit_policy = 0;
+    ret = tree_init(&tree, certs, flags);
 
+    switch (ret) {
 
-	switch (ret)
-		{
+        /* Tree empty requireExplicit False: OK */
+    case 2:
+        return 1;
 
-		/* Tree empty requireExplicit False: OK */
-		case 2:
-		return 1;
+        /* Some internal error */
+    case -1:
+        return -1;
 
-                /* Some internal error */
-		case -1:
-		return -1;
+        /* Some internal error */
+    case 0:
+        return 0;
 
-		/* Some internal error */
-		case 0:
-		return 0;
+        /* Tree empty requireExplicit True: Error */
 
-		/* Tree empty requireExplicit True: Error */
+    case 6:
+        *pexplicit_policy = 1;
+        return -2;
 
-		case 6:
-		*pexplicit_policy = 1;
-		return -2;
+        /* Tree OK requireExplicit True: OK and continue */
+    case 5:
+        *pexplicit_policy = 1;
+        break;
 
-		/* Tree OK requireExplicit True: OK and continue */
-		case 5:
-		*pexplicit_policy = 1;
-		break;
+        /* Tree OK: continue */
 
-		/* Tree OK: continue */
+    case 1:
+        if (!tree)
+            /*
+             * tree_init() returns success and a null tree
+             * if it's just looking at a trust anchor.
+             * I'm not sure that returning success here is
+             * correct, but I'm sure that reporting this
+             * as an internal error which our caller
+             * interprets as a malloc failure is wrong.
+             */
+            return 1;
+        break;
+    }
 
-		case 1:
-		if (!tree)
-			/*
-			 * tree_init() returns success and a null tree
-			 * if it's just looking at a trust anchor.
-			 * I'm not sure that returning success here is
-			 * correct, but I'm sure that reporting this
-			 * as an internal error which our caller
-			 * interprets as a malloc failure is wrong.
-			 */
-			return 1;
-		break;
-		}
+    if (!tree)
+        goto error;
+    ret = tree_evaluate(tree);
 
-	if (!tree) goto error;
-	ret = tree_evaluate(tree);
+    if (ret <= 0)
+        goto error;
 
-	if (ret <= 0)
-		goto error;
+    /* Return value 2 means tree empty */
+    if (ret == 2) {
+        X509_policy_tree_free(tree);
+        if (*pexplicit_policy)
+            return -2;
+        else
+            return 1;
+    }
 
-	/* Return value 2 means tree empty */
-	if (ret == 2)
-		{
-		X509_policy_tree_free(tree);
-		if (*pexplicit_policy)
-			return -2;
-		else
-			return 1;
-		}
+    /* Tree is not empty: continue */
 
-	/* Tree is not empty: continue */
+    ret = tree_calculate_authority_set(tree, &auth_nodes);
 
-	ret = tree_calculate_authority_set(tree, &auth_nodes);
+    if (!ret)
+        goto error;
 
-	if (!ret)
-		goto error;
+    if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))
+        goto error;
 
-	if (!tree_calculate_user_set(tree, policy_oids, auth_nodes))
-		goto error;
-	
-	if (ret == 2)
-		sk_X509_POLICY_NODE_free(auth_nodes);
+    if (ret == 2)
+        sk_X509_POLICY_NODE_free(auth_nodes);
 
-	if (tree)
-		*ptree = tree;
+    if (tree)
+        *ptree = tree;
 
-	if (*pexplicit_policy)
-		{
-		nodes = X509_policy_tree_get0_user_policies(tree);
-		if (sk_X509_POLICY_NODE_num(nodes) <= 0)
-			return -2;
-		}
+    if (*pexplicit_policy) {
+        nodes = X509_policy_tree_get0_user_policies(tree);
+        if (sk_X509_POLICY_NODE_num(nodes) <= 0)
+            return -2;
+    }
 
-	return 1;
+    return 1;
 
-	error:
+ error:
 
-	X509_policy_tree_free(tree);
+    X509_policy_tree_free(tree);
 
-	return 0;
+    return 0;
 
-	}
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c
index c0e1d2d1..e1911f24 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_addr.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -95,9 +95,9 @@ ASN1_SEQUENCE(IPAddressFamily) = {
   ASN1_SIMPLE(IPAddressFamily, ipAddressChoice, IPAddressChoice)
 } ASN1_SEQUENCE_END(IPAddressFamily)
 
-ASN1_ITEM_TEMPLATE(IPAddrBlocks) = 
+ASN1_ITEM_TEMPLATE(IPAddrBlocks) =
   ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
-			IPAddrBlocks, IPAddressFamily)
+                        IPAddrBlocks, IPAddressFamily)
 ASN1_ITEM_TEMPLATE_END(IPAddrBlocks)
 
 IMPLEMENT_ASN1_FUNCTIONS(IPAddressRange)
@@ -108,21 +108,21 @@ IMPLEMENT_ASN1_FUNCTIONS(IPAddressFamily)
 /*
  * How much buffer space do we need for a raw address?
  */
-#define ADDR_RAW_BUF_LEN	16
+# define ADDR_RAW_BUF_LEN        16
 
 /*
  * What's the address length associated with this AFI?
  */
 static int length_from_afi(const unsigned afi)
 {
-  switch (afi) {
-  case IANA_AFI_IPV4:
-    return 4;
-  case IANA_AFI_IPV6:
-    return 16;
-  default:
-    return 0;
-  }
+    switch (afi) {
+    case IANA_AFI_IPV4:
+        return 4;
+    case IANA_AFI_IPV6:
+        return 16;
+    default:
+        return 0;
+    }
 }
 
 /*
@@ -130,12 +130,10 @@ static int length_from_afi(const unsigned afi)
  */
 unsigned int v3_addr_get_afi(const IPAddressFamily *f)
 {
-  return ((f != NULL &&
-	   f->addressFamily != NULL &&
-	   f->addressFamily->data != NULL)
-	  ? ((f->addressFamily->data[0] << 8) |
-	     (f->addressFamily->data[1]))
-	  : 0);
+    return ((f != NULL &&
+             f->addressFamily != NULL && f->addressFamily->data != NULL)
+            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
+            : 0);
 }
 
 /*
@@ -143,173 +141,170 @@ unsigned int v3_addr_get_afi(const IPAddressFamily *f)
  * At the moment this is coded for simplicity, not speed.
  */
 static int addr_expand(unsigned char *addr,
-			const ASN1_BIT_STRING *bs,
-			const int length,
-			const unsigned char fill)
+                       const ASN1_BIT_STRING *bs,
+                       const int length, const unsigned char fill)
 {
-  if (bs->length < 0 || bs->length > length)
-    return 0;
-  if (bs->length > 0) {
-    memcpy(addr, bs->data, bs->length);
-    if ((bs->flags & 7) != 0) {
-      unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
-      if (fill == 0)
-	addr[bs->length - 1] &= ~mask;
-      else
-	addr[bs->length - 1] |= mask;
+    if (bs->length < 0 || bs->length > length)
+        return 0;
+    if (bs->length > 0) {
+        memcpy(addr, bs->data, bs->length);
+        if ((bs->flags & 7) != 0) {
+            unsigned char mask = 0xFF >> (8 - (bs->flags & 7));
+            if (fill == 0)
+                addr[bs->length - 1] &= ~mask;
+            else
+                addr[bs->length - 1] |= mask;
+        }
     }
-  }
-  memset(addr + bs->length, fill, length - bs->length);
-  return 1;
+    memset(addr + bs->length, fill, length - bs->length);
+    return 1;
 }
 
 /*
  * Extract the prefix length from a bitstring.
  */
-#define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
+# define addr_prefixlen(bs) ((int) ((bs)->length * 8 - ((bs)->flags & 7)))
 
 /*
  * i2r handler for one address bitstring.
  */
 static int i2r_address(BIO *out,
-		       const unsigned afi,
-		       const unsigned char fill,
-		       const ASN1_BIT_STRING *bs)
+                       const unsigned afi,
+                       const unsigned char fill, const ASN1_BIT_STRING *bs)
 {
-  unsigned char addr[ADDR_RAW_BUF_LEN];
-  int i, n;
+    unsigned char addr[ADDR_RAW_BUF_LEN];
+    int i, n;
 
-  if (bs->length < 0)
-    return 0;
-  switch (afi) {
-  case IANA_AFI_IPV4:
-    if (!addr_expand(addr, bs, 4, fill))
-      return 0;
-    BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
-    break;
-  case IANA_AFI_IPV6:
-    if (!addr_expand(addr, bs, 16, fill))
-      return 0;
-    for (n = 16; n > 1 && addr[n-1] == 0x00 && addr[n-2] == 0x00; n -= 2)
-      ;
-    for (i = 0; i < n; i += 2)
-      BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i+1], (i < 14 ? ":" : ""));
-    if (i < 16)
-      BIO_puts(out, ":");
-    if (i == 0)
-      BIO_puts(out, ":");
-    break;
-  default:
-    for (i = 0; i < bs->length; i++)
-      BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]);
-    BIO_printf(out, "[%d]", (int) (bs->flags & 7));
-    break;
-  }
-  return 1;
+    if (bs->length < 0)
+        return 0;
+    switch (afi) {
+    case IANA_AFI_IPV4:
+        if (!addr_expand(addr, bs, 4, fill))
+            return 0;
+        BIO_printf(out, "%d.%d.%d.%d", addr[0], addr[1], addr[2], addr[3]);
+        break;
+    case IANA_AFI_IPV6:
+        if (!addr_expand(addr, bs, 16, fill))
+            return 0;
+        for (n = 16; n > 1 && addr[n - 1] == 0x00 && addr[n - 2] == 0x00;
+             n -= 2) ;
+        for (i = 0; i < n; i += 2)
+            BIO_printf(out, "%x%s", (addr[i] << 8) | addr[i + 1],
+                       (i < 14 ? ":" : ""));
+        if (i < 16)
+            BIO_puts(out, ":");
+        if (i == 0)
+            BIO_puts(out, ":");
+        break;
+    default:
+        for (i = 0; i < bs->length; i++)
+            BIO_printf(out, "%s%02x", (i > 0 ? ":" : ""), bs->data[i]);
+        BIO_printf(out, "[%d]", (int)(bs->flags & 7));
+        break;
+    }
+    return 1;
 }
 
 /*
  * i2r handler for a sequence of addresses and ranges.
  */
 static int i2r_IPAddressOrRanges(BIO *out,
-				 const int indent,
-				 const IPAddressOrRanges *aors,
-				 const unsigned afi)
+                                 const int indent,
+                                 const IPAddressOrRanges *aors,
+                                 const unsigned afi)
 {
-  int i;
-  for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {
-    const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);
-    BIO_printf(out, "%*s", indent, "");
-    switch (aor->type) {
-    case IPAddressOrRange_addressPrefix:
-      if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix))
-	return 0;
-      BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix));
-      continue;
-    case IPAddressOrRange_addressRange:
-      if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min))
-	return 0;
-      BIO_puts(out, "-");
-      if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max))
-	return 0;
-      BIO_puts(out, "\n");
-      continue;
+    int i;
+    for (i = 0; i < sk_IPAddressOrRange_num(aors); i++) {
+        const IPAddressOrRange *aor = sk_IPAddressOrRange_value(aors, i);
+        BIO_printf(out, "%*s", indent, "");
+        switch (aor->type) {
+        case IPAddressOrRange_addressPrefix:
+            if (!i2r_address(out, afi, 0x00, aor->u.addressPrefix))
+                return 0;
+            BIO_printf(out, "/%d\n", addr_prefixlen(aor->u.addressPrefix));
+            continue;
+        case IPAddressOrRange_addressRange:
+            if (!i2r_address(out, afi, 0x00, aor->u.addressRange->min))
+                return 0;
+            BIO_puts(out, "-");
+            if (!i2r_address(out, afi, 0xFF, aor->u.addressRange->max))
+                return 0;
+            BIO_puts(out, "\n");
+            continue;
+        }
     }
-  }
-  return 1;
+    return 1;
 }
 
 /*
  * i2r handler for an IPAddrBlocks extension.
  */
 static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,
-			    void *ext,
-			    BIO *out,
-			    int indent)
+                            void *ext, BIO *out, int indent)
 {
-  const IPAddrBlocks *addr = ext;
-  int i;
-  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
-    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-    const unsigned int afi = v3_addr_get_afi(f);
-    switch (afi) {
-    case IANA_AFI_IPV4:
-      BIO_printf(out, "%*sIPv4", indent, "");
-      break;
-    case IANA_AFI_IPV6:
-      BIO_printf(out, "%*sIPv6", indent, "");
-      break;
-    default:
-      BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi);
-      break;
+    const IPAddrBlocks *addr = ext;
+    int i;
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        const unsigned int afi = v3_addr_get_afi(f);
+        switch (afi) {
+        case IANA_AFI_IPV4:
+            BIO_printf(out, "%*sIPv4", indent, "");
+            break;
+        case IANA_AFI_IPV6:
+            BIO_printf(out, "%*sIPv6", indent, "");
+            break;
+        default:
+            BIO_printf(out, "%*sUnknown AFI %u", indent, "", afi);
+            break;
+        }
+        if (f->addressFamily->length > 2) {
+            switch (f->addressFamily->data[2]) {
+            case 1:
+                BIO_puts(out, " (Unicast)");
+                break;
+            case 2:
+                BIO_puts(out, " (Multicast)");
+                break;
+            case 3:
+                BIO_puts(out, " (Unicast/Multicast)");
+                break;
+            case 4:
+                BIO_puts(out, " (MPLS)");
+                break;
+            case 64:
+                BIO_puts(out, " (Tunnel)");
+                break;
+            case 65:
+                BIO_puts(out, " (VPLS)");
+                break;
+            case 66:
+                BIO_puts(out, " (BGP MDT)");
+                break;
+            case 128:
+                BIO_puts(out, " (MPLS-labeled VPN)");
+                break;
+            default:
+                BIO_printf(out, " (Unknown SAFI %u)",
+                           (unsigned)f->addressFamily->data[2]);
+                break;
+            }
+        }
+        switch (f->ipAddressChoice->type) {
+        case IPAddressChoice_inherit:
+            BIO_puts(out, ": inherit\n");
+            break;
+        case IPAddressChoice_addressesOrRanges:
+            BIO_puts(out, ":\n");
+            if (!i2r_IPAddressOrRanges(out,
+                                       indent + 2,
+                                       f->ipAddressChoice->
+                                       u.addressesOrRanges, afi))
+                return 0;
+            break;
+        }
     }
-    if (f->addressFamily->length > 2) {
-      switch (f->addressFamily->data[2]) {
-      case   1:
-	BIO_puts(out, " (Unicast)");
-	break;
-      case   2:
-	BIO_puts(out, " (Multicast)");
-	break;
-      case   3:
-	BIO_puts(out, " (Unicast/Multicast)");
-	break;
-      case   4:
-	BIO_puts(out, " (MPLS)");
-	break;
-      case  64:
-	BIO_puts(out, " (Tunnel)");
-	break;
-      case  65:
-	BIO_puts(out, " (VPLS)");
-	break;
-      case  66:
-	BIO_puts(out, " (BGP MDT)");
-	break;
-      case 128:
-	BIO_puts(out, " (MPLS-labeled VPN)");
-	break;
-      default:  
-	BIO_printf(out, " (Unknown SAFI %u)",
-		   (unsigned) f->addressFamily->data[2]);
-	break;
-      }
-    }
-    switch (f->ipAddressChoice->type) {
-    case IPAddressChoice_inherit:
-      BIO_puts(out, ": inherit\n");
-      break;
-    case IPAddressChoice_addressesOrRanges:
-      BIO_puts(out, ":\n");
-      if (!i2r_IPAddressOrRanges(out,
-				 indent + 2,
-				 f->ipAddressChoice->u.addressesOrRanges,
-				 afi))
-	return 0;
-      break;
-    }
-  }
-  return 1;
+    return 1;
 }
 
 /*
@@ -323,64 +318,63 @@ static int i2r_IPAddrBlocks(X509V3_EXT_METHOD *method,
  * for garbage input, tough noogies.
  */
 static int IPAddressOrRange_cmp(const IPAddressOrRange *a,
-				const IPAddressOrRange *b,
-				const int length)
+                                const IPAddressOrRange *b, const int length)
 {
-  unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];
-  int prefixlen_a = 0;
-  int prefixlen_b = 0;
-  int r;
-
-  switch (a->type) {
-  case IPAddressOrRange_addressPrefix:
-    if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
-      return -1;
-    prefixlen_a = addr_prefixlen(a->u.addressPrefix);
-    break;
-  case IPAddressOrRange_addressRange:
-    if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
-      return -1;
-    prefixlen_a = length * 8;
-    break;
-  }
-
-  switch (b->type) {
-  case IPAddressOrRange_addressPrefix:
-    if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
-      return -1;
-    prefixlen_b = addr_prefixlen(b->u.addressPrefix);
-    break;
-  case IPAddressOrRange_addressRange:
-    if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
-      return -1;
-    prefixlen_b = length * 8;
-    break;
-  }
-
-  if ((r = memcmp(addr_a, addr_b, length)) != 0)
-    return r;
-  else
-    return prefixlen_a - prefixlen_b;
+    unsigned char addr_a[ADDR_RAW_BUF_LEN], addr_b[ADDR_RAW_BUF_LEN];
+    int prefixlen_a = 0;
+    int prefixlen_b = 0;
+    int r;
+
+    switch (a->type) {
+    case IPAddressOrRange_addressPrefix:
+        if (!addr_expand(addr_a, a->u.addressPrefix, length, 0x00))
+            return -1;
+        prefixlen_a = addr_prefixlen(a->u.addressPrefix);
+        break;
+    case IPAddressOrRange_addressRange:
+        if (!addr_expand(addr_a, a->u.addressRange->min, length, 0x00))
+            return -1;
+        prefixlen_a = length * 8;
+        break;
+    }
+
+    switch (b->type) {
+    case IPAddressOrRange_addressPrefix:
+        if (!addr_expand(addr_b, b->u.addressPrefix, length, 0x00))
+            return -1;
+        prefixlen_b = addr_prefixlen(b->u.addressPrefix);
+        break;
+    case IPAddressOrRange_addressRange:
+        if (!addr_expand(addr_b, b->u.addressRange->min, length, 0x00))
+            return -1;
+        prefixlen_b = length * 8;
+        break;
+    }
+
+    if ((r = memcmp(addr_a, addr_b, length)) != 0)
+        return r;
+    else
+        return prefixlen_a - prefixlen_b;
 }
 
 /*
  * IPv4-specific closure over IPAddressOrRange_cmp, since sk_sort()
  * comparision routines are only allowed two arguments.
  */
-static int v4IPAddressOrRange_cmp(const IPAddressOrRange * const *a,
-				  const IPAddressOrRange * const *b)
+static int v4IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
+                                  const IPAddressOrRange *const *b)
 {
-  return IPAddressOrRange_cmp(*a, *b, 4);
+    return IPAddressOrRange_cmp(*a, *b, 4);
 }
 
 /*
  * IPv6-specific closure over IPAddressOrRange_cmp, since sk_sort()
  * comparision routines are only allowed two arguments.
  */
-static int v6IPAddressOrRange_cmp(const IPAddressOrRange * const *a,
-				  const IPAddressOrRange * const *b)
+static int v6IPAddressOrRange_cmp(const IPAddressOrRange *const *a,
+                                  const IPAddressOrRange *const *b)
 {
-  return IPAddressOrRange_cmp(*a, *b, 16);
+    return IPAddressOrRange_cmp(*a, *b, 16);
 }
 
 /*
@@ -388,69 +382,80 @@ static int v6IPAddressOrRange_cmp(const IPAddressOrRange * const *a,
  * See last paragraph of RFC 3779 2.2.3.7.
  */
 static int range_should_be_prefix(const unsigned char *min,
-				  const unsigned char *max,
-				  const int length)
+                                  const unsigned char *max, const int length)
 {
-  unsigned char mask;
-  int i, j;
-
-  OPENSSL_assert(memcmp(min, max, length) <= 0);
-  for (i = 0; i < length && min[i] == max[i]; i++)
-    ;
-  for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--)
-    ;
-  if (i < j)
-    return -1;
-  if (i > j)
-    return i * 8;
-  mask = min[i] ^ max[i];
-  switch (mask) {
-  case 0x01: j = 7; break;
-  case 0x03: j = 6; break;
-  case 0x07: j = 5; break;
-  case 0x0F: j = 4; break;
-  case 0x1F: j = 3; break;
-  case 0x3F: j = 2; break;
-  case 0x7F: j = 1; break;
-  default:   return -1;
-  }
-  if ((min[i] & mask) != 0 || (max[i] & mask) != mask)
-    return -1;
-  else
-    return i * 8 + j;
+    unsigned char mask;
+    int i, j;
+
+    OPENSSL_assert(memcmp(min, max, length) <= 0);
+    for (i = 0; i < length && min[i] == max[i]; i++) ;
+    for (j = length - 1; j >= 0 && min[j] == 0x00 && max[j] == 0xFF; j--) ;
+    if (i < j)
+        return -1;
+    if (i > j)
+        return i * 8;
+    mask = min[i] ^ max[i];
+    switch (mask) {
+    case 0x01:
+        j = 7;
+        break;
+    case 0x03:
+        j = 6;
+        break;
+    case 0x07:
+        j = 5;
+        break;
+    case 0x0F:
+        j = 4;
+        break;
+    case 0x1F:
+        j = 3;
+        break;
+    case 0x3F:
+        j = 2;
+        break;
+    case 0x7F:
+        j = 1;
+        break;
+    default:
+        return -1;
+    }
+    if ((min[i] & mask) != 0 || (max[i] & mask) != mask)
+        return -1;
+    else
+        return i * 8 + j;
 }
 
 /*
  * Construct a prefix.
  */
 static int make_addressPrefix(IPAddressOrRange **result,
-			      unsigned char *addr,
-			      const int prefixlen)
+                              unsigned char *addr, const int prefixlen)
 {
-  int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
-  IPAddressOrRange *aor = IPAddressOrRange_new();
+    int bytelen = (prefixlen + 7) / 8, bitlen = prefixlen % 8;
+    IPAddressOrRange *aor = IPAddressOrRange_new();
+
+    if (aor == NULL)
+        return 0;
+    aor->type = IPAddressOrRange_addressPrefix;
+    if (aor->u.addressPrefix == NULL &&
+        (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
+        goto err;
+    aor->u.addressPrefix->flags &= ~7;
+    aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    if (bitlen > 0) {
+        aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
+        aor->u.addressPrefix->flags |= 8 - bitlen;
+    }
 
-  if (aor == NULL)
-    return 0;
-  aor->type = IPAddressOrRange_addressPrefix;
-  if (aor->u.addressPrefix == NULL &&
-      (aor->u.addressPrefix = ASN1_BIT_STRING_new()) == NULL)
-    goto err;
-  if (!ASN1_BIT_STRING_set(aor->u.addressPrefix, addr, bytelen))
-    goto err;
-  aor->u.addressPrefix->flags &= ~7;
-  aor->u.addressPrefix->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-  if (bitlen > 0) {
-    aor->u.addressPrefix->data[bytelen - 1] &= ~(0xFF >> bitlen);
-    aor->u.addressPrefix->flags |= 8 - bitlen;
-  }
-  
-  *result = aor;
-  return 1;
+    *result = aor;
+    return 1;
 
  err:
-  IPAddressOrRange_free(aor);
-  return 0;
+    IPAddressOrRange_free(aor);
+    return 0;
 }
 
 /*
@@ -459,251 +464,242 @@ static int make_addressPrefix(IPAddressOrRange **result,
  * the rest of the code considerably.
  */
 static int make_addressRange(IPAddressOrRange **result,
-			     unsigned char *min,
-			     unsigned char *max,
-			     const int length)
+                             unsigned char *min,
+                             unsigned char *max, const int length)
 {
-  IPAddressOrRange *aor;
-  int i, prefixlen;
+    IPAddressOrRange *aor;
+    int i, prefixlen;
+
+    if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
+        return make_addressPrefix(result, min, prefixlen);
+
+    if ((aor = IPAddressOrRange_new()) == NULL)
+        return 0;
+    aor->type = IPAddressOrRange_addressRange;
+    OPENSSL_assert(aor->u.addressRange == NULL);
+    if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
+        goto err;
+    if (aor->u.addressRange->min == NULL &&
+        (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+    if (aor->u.addressRange->max == NULL &&
+        (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL)
+        goto err;
+
+    for (i = length; i > 0 && min[i - 1] == 0x00; --i) ;
+    if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))
+        goto err;
+    aor->u.addressRange->min->flags &= ~7;
+    aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    if (i > 0) {
+        unsigned char b = min[i - 1];
+        int j = 1;
+        while ((b & (0xFFU >> j)) != 0)
+            ++j;
+        aor->u.addressRange->min->flags |= 8 - j;
+    }
 
-  if ((prefixlen = range_should_be_prefix(min, max, length)) >= 0)
-    return make_addressPrefix(result, min, prefixlen);
+    for (i = length; i > 0 && max[i - 1] == 0xFF; --i) ;
+    if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))
+        goto err;
+    aor->u.addressRange->max->flags &= ~7;
+    aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+    if (i > 0) {
+        unsigned char b = max[i - 1];
+        int j = 1;
+        while ((b & (0xFFU >> j)) != (0xFFU >> j))
+            ++j;
+        aor->u.addressRange->max->flags |= 8 - j;
+    }
 
-  if ((aor = IPAddressOrRange_new()) == NULL)
-    return 0;
-  aor->type = IPAddressOrRange_addressRange;
-  OPENSSL_assert(aor->u.addressRange == NULL);
-  if ((aor->u.addressRange = IPAddressRange_new()) == NULL)
-    goto err;
-  if (aor->u.addressRange->min == NULL &&
-      (aor->u.addressRange->min = ASN1_BIT_STRING_new()) == NULL)
-    goto err;
-  if (aor->u.addressRange->max == NULL &&
-      (aor->u.addressRange->max = ASN1_BIT_STRING_new()) == NULL)
-    goto err;
-
-  for (i = length; i > 0 && min[i - 1] == 0x00; --i)
-    ;
-  if (!ASN1_BIT_STRING_set(aor->u.addressRange->min, min, i))
-    goto err;
-  aor->u.addressRange->min->flags &= ~7;
-  aor->u.addressRange->min->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-  if (i > 0) {
-    unsigned char b = min[i - 1];
-    int j = 1;
-    while ((b & (0xFFU >> j)) != 0) 
-      ++j;
-    aor->u.addressRange->min->flags |= 8 - j;
-  }
-
-  for (i = length; i > 0 && max[i - 1] == 0xFF; --i)
-    ;
-  if (!ASN1_BIT_STRING_set(aor->u.addressRange->max, max, i))
-    goto err;
-  aor->u.addressRange->max->flags &= ~7;
-  aor->u.addressRange->max->flags |= ASN1_STRING_FLAG_BITS_LEFT;
-  if (i > 0) {
-    unsigned char b = max[i - 1];
-    int j = 1;
-    while ((b & (0xFFU >> j)) != (0xFFU >> j))
-      ++j;
-    aor->u.addressRange->max->flags |= 8 - j;
-  }
-
-  *result = aor;
-  return 1;
+    *result = aor;
+    return 1;
 
  err:
-  IPAddressOrRange_free(aor);
-  return 0;
+    IPAddressOrRange_free(aor);
+    return 0;
 }
 
 /*
  * Construct a new address family or find an existing one.
  */
 static IPAddressFamily *make_IPAddressFamily(IPAddrBlocks *addr,
-					     const unsigned afi,
-					     const unsigned *safi)
+                                             const unsigned afi,
+                                             const unsigned *safi)
 {
-  IPAddressFamily *f;
-  unsigned char key[3];
-  unsigned keylen;
-  int i;
-
-  key[0] = (afi >> 8) & 0xFF;
-  key[1] = afi & 0xFF;
-  if (safi != NULL) {
-    key[2] = *safi & 0xFF;
-    keylen = 3;
-  } else {
-    keylen = 2;
-  }
-
-  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
-    f = sk_IPAddressFamily_value(addr, i);
-    OPENSSL_assert(f->addressFamily->data != NULL);
-    if (f->addressFamily->length == keylen &&
-	!memcmp(f->addressFamily->data, key, keylen))
-      return f;
-  }
-
-  if ((f = IPAddressFamily_new()) == NULL)
-    goto err;
-  if (f->ipAddressChoice == NULL &&
-      (f->ipAddressChoice = IPAddressChoice_new()) == NULL)
-    goto err;
-  if (f->addressFamily == NULL && 
-      (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL)
-    goto err;
-  if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen))
-    goto err;
-  if (!sk_IPAddressFamily_push(addr, f))
-    goto err;
-
-  return f;
+    IPAddressFamily *f;
+    unsigned char key[3];
+    unsigned keylen;
+    int i;
+
+    key[0] = (afi >> 8) & 0xFF;
+    key[1] = afi & 0xFF;
+    if (safi != NULL) {
+        key[2] = *safi & 0xFF;
+        keylen = 3;
+    } else {
+        keylen = 2;
+    }
+
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        f = sk_IPAddressFamily_value(addr, i);
+        OPENSSL_assert(f->addressFamily->data != NULL);
+        if (f->addressFamily->length == keylen &&
+            !memcmp(f->addressFamily->data, key, keylen))
+            return f;
+    }
+
+    if ((f = IPAddressFamily_new()) == NULL)
+        goto err;
+    if (f->ipAddressChoice == NULL &&
+        (f->ipAddressChoice = IPAddressChoice_new()) == NULL)
+        goto err;
+    if (f->addressFamily == NULL &&
+        (f->addressFamily = ASN1_OCTET_STRING_new()) == NULL)
+        goto err;
+    if (!ASN1_OCTET_STRING_set(f->addressFamily, key, keylen))
+        goto err;
+    if (!sk_IPAddressFamily_push(addr, f))
+        goto err;
+
+    return f;
 
  err:
-  IPAddressFamily_free(f);
-  return NULL;
+    IPAddressFamily_free(f);
+    return NULL;
 }
 
 /*
  * Add an inheritance element.
  */
 int v3_addr_add_inherit(IPAddrBlocks *addr,
-			const unsigned afi,
-			const unsigned *safi)
+                        const unsigned afi, const unsigned *safi)
 {
-  IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
-  if (f == NULL ||
-      f->ipAddressChoice == NULL ||
-      (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
-       f->ipAddressChoice->u.addressesOrRanges != NULL))
-    return 0;
-  if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
-      f->ipAddressChoice->u.inherit != NULL)
+    IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+    if (f == NULL ||
+        f->ipAddressChoice == NULL ||
+        (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+         f->ipAddressChoice->u.addressesOrRanges != NULL))
+        return 0;
+    if (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+        f->ipAddressChoice->u.inherit != NULL)
+        return 1;
+    if (f->ipAddressChoice->u.inherit == NULL &&
+        (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
+        return 0;
+    f->ipAddressChoice->type = IPAddressChoice_inherit;
     return 1;
-  if (f->ipAddressChoice->u.inherit == NULL &&
-      (f->ipAddressChoice->u.inherit = ASN1_NULL_new()) == NULL)
-    return 0;
-  f->ipAddressChoice->type = IPAddressChoice_inherit;
-  return 1;
 }
 
 /*
  * Construct an IPAddressOrRange sequence, or return an existing one.
  */
 static IPAddressOrRanges *make_prefix_or_range(IPAddrBlocks *addr,
-					       const unsigned afi,
-					       const unsigned *safi)
+                                               const unsigned afi,
+                                               const unsigned *safi)
 {
-  IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
-  IPAddressOrRanges *aors = NULL;
-
-  if (f == NULL ||
-      f->ipAddressChoice == NULL ||
-      (f->ipAddressChoice->type == IPAddressChoice_inherit &&
-       f->ipAddressChoice->u.inherit != NULL))
-    return NULL;
-  if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)
-    aors = f->ipAddressChoice->u.addressesOrRanges;
-  if (aors != NULL)
+    IPAddressFamily *f = make_IPAddressFamily(addr, afi, safi);
+    IPAddressOrRanges *aors = NULL;
+
+    if (f == NULL ||
+        f->ipAddressChoice == NULL ||
+        (f->ipAddressChoice->type == IPAddressChoice_inherit &&
+         f->ipAddressChoice->u.inherit != NULL))
+        return NULL;
+    if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges)
+        aors = f->ipAddressChoice->u.addressesOrRanges;
+    if (aors != NULL)
+        return aors;
+    if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
+        return NULL;
+    switch (afi) {
+    case IANA_AFI_IPV4:
+        (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
+        break;
+    case IANA_AFI_IPV6:
+        (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
+        break;
+    }
+    f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
+    f->ipAddressChoice->u.addressesOrRanges = aors;
     return aors;
-  if ((aors = sk_IPAddressOrRange_new_null()) == NULL)
-    return NULL;
-  switch (afi) {
-  case IANA_AFI_IPV4:
-    (void)sk_IPAddressOrRange_set_cmp_func(aors, v4IPAddressOrRange_cmp);
-    break;
-  case IANA_AFI_IPV6:
-    (void)sk_IPAddressOrRange_set_cmp_func(aors, v6IPAddressOrRange_cmp);
-    break;
-  }
-  f->ipAddressChoice->type = IPAddressChoice_addressesOrRanges;
-  f->ipAddressChoice->u.addressesOrRanges = aors;
-  return aors;
 }
 
 /*
  * Add a prefix.
  */
 int v3_addr_add_prefix(IPAddrBlocks *addr,
-		       const unsigned afi,
-		       const unsigned *safi,
-		       unsigned char *a,
-		       const int prefixlen)
+                       const unsigned afi,
+                       const unsigned *safi,
+                       unsigned char *a, const int prefixlen)
 {
-  IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
-  IPAddressOrRange *aor;
-  if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
+    IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+    IPAddressOrRange *aor;
+    if (aors == NULL || !make_addressPrefix(&aor, a, prefixlen))
+        return 0;
+    if (sk_IPAddressOrRange_push(aors, aor))
+        return 1;
+    IPAddressOrRange_free(aor);
     return 0;
-  if (sk_IPAddressOrRange_push(aors, aor))
-    return 1;
-  IPAddressOrRange_free(aor);
-  return 0;
 }
 
 /*
  * Add a range.
  */
 int v3_addr_add_range(IPAddrBlocks *addr,
-		      const unsigned afi,
-		      const unsigned *safi,
-		      unsigned char *min,
-		      unsigned char *max)
+                      const unsigned afi,
+                      const unsigned *safi,
+                      unsigned char *min, unsigned char *max)
 {
-  IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
-  IPAddressOrRange *aor;
-  int length = length_from_afi(afi);
-  if (aors == NULL)
-    return 0;
-  if (!make_addressRange(&aor, min, max, length))
+    IPAddressOrRanges *aors = make_prefix_or_range(addr, afi, safi);
+    IPAddressOrRange *aor;
+    int length = length_from_afi(afi);
+    if (aors == NULL)
+        return 0;
+    if (!make_addressRange(&aor, min, max, length))
+        return 0;
+    if (sk_IPAddressOrRange_push(aors, aor))
+        return 1;
+    IPAddressOrRange_free(aor);
     return 0;
-  if (sk_IPAddressOrRange_push(aors, aor))
-    return 1;
-  IPAddressOrRange_free(aor);
-  return 0;
 }
 
 /*
  * Extract min and max values from an IPAddressOrRange.
  */
 static int extract_min_max(IPAddressOrRange *aor,
-			    unsigned char *min,
-			    unsigned char *max,
-			    int length)
+                           unsigned char *min, unsigned char *max, int length)
 {
-  if (aor == NULL || min == NULL || max == NULL)
+    if (aor == NULL || min == NULL || max == NULL)
+        return 0;
+    switch (aor->type) {
+    case IPAddressOrRange_addressPrefix:
+        return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
+                addr_expand(max, aor->u.addressPrefix, length, 0xFF));
+    case IPAddressOrRange_addressRange:
+        return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
+                addr_expand(max, aor->u.addressRange->max, length, 0xFF));
+    }
     return 0;
-  switch (aor->type) {
-  case IPAddressOrRange_addressPrefix:
-    return (addr_expand(min, aor->u.addressPrefix, length, 0x00) &&
-	    addr_expand(max, aor->u.addressPrefix, length, 0xFF));
-  case IPAddressOrRange_addressRange:
-    return (addr_expand(min, aor->u.addressRange->min, length, 0x00) &&
-	    addr_expand(max, aor->u.addressRange->max, length, 0xFF));
-  }
-  return 0;
 }
 
 /*
  * Public wrapper for extract_min_max().
  */
 int v3_addr_get_range(IPAddressOrRange *aor,
-		      const unsigned afi,
-		      unsigned char *min,
-		      unsigned char *max,
-		      const int length)
+                      const unsigned afi,
+                      unsigned char *min,
+                      unsigned char *max, const int length)
 {
-  int afi_length = length_from_afi(afi);
-  if (aor == NULL || min == NULL || max == NULL ||
-      afi_length == 0 || length < afi_length ||
-      (aor->type != IPAddressOrRange_addressPrefix &&
-       aor->type != IPAddressOrRange_addressRange) ||
-      !extract_min_max(aor, min, max, afi_length))
-    return 0;
-
-  return afi_length;
+    int afi_length = length_from_afi(afi);
+    if (aor == NULL || min == NULL || max == NULL ||
+        afi_length == 0 || length < afi_length ||
+        (aor->type != IPAddressOrRange_addressPrefix &&
+         aor->type != IPAddressOrRange_addressRange) ||
+        !extract_min_max(aor, min, max, afi_length))
+        return 0;
+
+    return afi_length;
 }
 
 /*
@@ -716,14 +712,14 @@ int v3_addr_get_range(IPAddressOrRange *aor,
  * null-SAFI rule to apply only within a single AFI, which is what I
  * would have expected and is what the following code implements.
  */
-static int IPAddressFamily_cmp(const IPAddressFamily * const *a_,
-			       const IPAddressFamily * const *b_)
+static int IPAddressFamily_cmp(const IPAddressFamily *const *a_,
+                               const IPAddressFamily *const *b_)
 {
-  const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
-  const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
-  int len = ((a->length <= b->length) ? a->length : b->length);
-  int cmp = memcmp(a->data, b->data, len);
-  return cmp ? cmp : a->length - b->length;
+    const ASN1_OCTET_STRING *a = (*a_)->addressFamily;
+    const ASN1_OCTET_STRING *b = (*b_)->addressFamily;
+    int len = ((a->length <= b->length) ? a->length : b->length);
+    int cmp = memcmp(a->data, b->data, len);
+    return cmp ? cmp : a->length - b->length;
 }
 
 /*
@@ -731,184 +727,182 @@ static int IPAddressFamily_cmp(const IPAddressFamily * const *a_,
  */
 int v3_addr_is_canonical(IPAddrBlocks *addr)
 {
-  unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
-  unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
-  IPAddressOrRanges *aors;
-  int i, j, k;
-
-  /*
-   * Empty extension is cannonical.
-   */
-  if (addr == NULL)
-    return 1;
-
-  /*
-   * Check whether the top-level list is in order.
-   */
-  for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {
-    const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);
-    const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);
-    if (IPAddressFamily_cmp(&a, &b) >= 0)
-      return 0;
-  }
-
-  /*
-   * Top level's ok, now check each address family.
-   */
-  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
-    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-    int length = length_from_afi(v3_addr_get_afi(f));
+    unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+    unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+    IPAddressOrRanges *aors;
+    int i, j, k;
 
     /*
-     * Inheritance is canonical.  Anything other than inheritance or
-     * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something.
+     * Empty extension is cannonical.
      */
-    if (f == NULL || f->ipAddressChoice == NULL)
-      return 0;
-    switch (f->ipAddressChoice->type) {
-    case IPAddressChoice_inherit:
-      continue;
-    case IPAddressChoice_addressesOrRanges:
-      break;
-    default:
-      return 0;
-    }
+    if (addr == NULL)
+        return 1;
 
     /*
-     * It's an IPAddressOrRanges sequence, check it.
+     * Check whether the top-level list is in order.
      */
-    aors = f->ipAddressChoice->u.addressesOrRanges;
-    if (sk_IPAddressOrRange_num(aors) == 0)
-      return 0;
-    for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) {
-      IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
-      IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
-
-      if (!extract_min_max(a, a_min, a_max, length) ||
-	  !extract_min_max(b, b_min, b_max, length))
-	return 0;
-
-      /*
-       * Punt misordered list, overlapping start, or inverted range.
-       */
-      if (memcmp(a_min, b_min, length) >= 0 ||
-	  memcmp(a_min, a_max, length) > 0 ||
-	  memcmp(b_min, b_max, length) > 0)
-	return 0;
-
-      /*
-       * Punt if adjacent or overlapping.  Check for adjacency by
-       * subtracting one from b_min first.
-       */
-      for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--)
-	;
-      if (memcmp(a_max, b_min, length) >= 0)
-	return 0;
-
-      /*
-       * Check for range that should be expressed as a prefix.
-       */
-      if (a->type == IPAddressOrRange_addressRange &&
-	  range_should_be_prefix(a_min, a_max, length) >= 0)
-	return 0;
+    for (i = 0; i < sk_IPAddressFamily_num(addr) - 1; i++) {
+        const IPAddressFamily *a = sk_IPAddressFamily_value(addr, i);
+        const IPAddressFamily *b = sk_IPAddressFamily_value(addr, i + 1);
+        if (IPAddressFamily_cmp(&a, &b) >= 0)
+            return 0;
     }
 
     /*
-     * Check range to see if it's inverted or should be a
-     * prefix.
+     * Top level's ok, now check each address family.
      */
-    j = sk_IPAddressOrRange_num(aors) - 1;
-    {
-      IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
-      if (a != NULL && a->type == IPAddressOrRange_addressRange) {
-	if (!extract_min_max(a, a_min, a_max, length))
-	  return 0;
-	if (memcmp(a_min, a_max, length) > 0 ||
-	    range_should_be_prefix(a_min, a_max, length) >= 0)
-	  return 0;
-      }
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        int length = length_from_afi(v3_addr_get_afi(f));
+
+        /*
+         * Inheritance is canonical.  Anything other than inheritance or
+         * a SEQUENCE OF IPAddressOrRange is an ASN.1 error or something.
+         */
+        if (f == NULL || f->ipAddressChoice == NULL)
+            return 0;
+        switch (f->ipAddressChoice->type) {
+        case IPAddressChoice_inherit:
+            continue;
+        case IPAddressChoice_addressesOrRanges:
+            break;
+        default:
+            return 0;
+        }
+
+        /*
+         * It's an IPAddressOrRanges sequence, check it.
+         */
+        aors = f->ipAddressChoice->u.addressesOrRanges;
+        if (sk_IPAddressOrRange_num(aors) == 0)
+            return 0;
+        for (j = 0; j < sk_IPAddressOrRange_num(aors) - 1; j++) {
+            IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+            IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, j + 1);
+
+            if (!extract_min_max(a, a_min, a_max, length) ||
+                !extract_min_max(b, b_min, b_max, length))
+                return 0;
+
+            /*
+             * Punt misordered list, overlapping start, or inverted range.
+             */
+            if (memcmp(a_min, b_min, length) >= 0 ||
+                memcmp(a_min, a_max, length) > 0 ||
+                memcmp(b_min, b_max, length) > 0)
+                return 0;
+
+            /*
+             * Punt if adjacent or overlapping.  Check for adjacency by
+             * subtracting one from b_min first.
+             */
+            for (k = length - 1; k >= 0 && b_min[k]-- == 0x00; k--) ;
+            if (memcmp(a_max, b_min, length) >= 0)
+                return 0;
+
+            /*
+             * Check for range that should be expressed as a prefix.
+             */
+            if (a->type == IPAddressOrRange_addressRange &&
+                range_should_be_prefix(a_min, a_max, length) >= 0)
+                return 0;
+        }
+
+        /*
+         * Check range to see if it's inverted or should be a
+         * prefix.
+         */
+        j = sk_IPAddressOrRange_num(aors) - 1;
+        {
+            IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+            if (a != NULL && a->type == IPAddressOrRange_addressRange) {
+                if (!extract_min_max(a, a_min, a_max, length))
+                    return 0;
+                if (memcmp(a_min, a_max, length) > 0 ||
+                    range_should_be_prefix(a_min, a_max, length) >= 0)
+                    return 0;
+            }
+        }
     }
-  }
 
-  /*
-   * If we made it through all that, we're happy.
-   */
-  return 1;
+    /*
+     * If we made it through all that, we're happy.
+     */
+    return 1;
 }
 
 /*
  * Whack an IPAddressOrRanges into canonical form.
  */
 static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
-				      const unsigned afi)
+                                      const unsigned afi)
 {
-  int i, j, length = length_from_afi(afi);
-
-  /*
-   * Sort the IPAddressOrRanges sequence.
-   */
-  sk_IPAddressOrRange_sort(aors);
-
-  /*
-   * Clean up representation issues, punt on duplicates or overlaps.
-   */
-  for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) {
-    IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i);
-    IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1);
-    unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
-    unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
-
-    if (!extract_min_max(a, a_min, a_max, length) ||
-	!extract_min_max(b, b_min, b_max, length))
-      return 0;
+    int i, j, length = length_from_afi(afi);
 
     /*
-     * Punt inverted ranges.
+     * Sort the IPAddressOrRanges sequence.
      */
-    if (memcmp(a_min, a_max, length) > 0 ||
-	memcmp(b_min, b_max, length) > 0)
-      return 0;
+    sk_IPAddressOrRange_sort(aors);
 
     /*
-     * Punt overlaps.
+     * Clean up representation issues, punt on duplicates or overlaps.
      */
-    if (memcmp(a_max, b_min, length) >= 0)
-      return 0;
+    for (i = 0; i < sk_IPAddressOrRange_num(aors) - 1; i++) {
+        IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, i);
+        IPAddressOrRange *b = sk_IPAddressOrRange_value(aors, i + 1);
+        unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+        unsigned char b_min[ADDR_RAW_BUF_LEN], b_max[ADDR_RAW_BUF_LEN];
+
+        if (!extract_min_max(a, a_min, a_max, length) ||
+            !extract_min_max(b, b_min, b_max, length))
+            return 0;
+
+        /*
+         * Punt inverted ranges.
+         */
+        if (memcmp(a_min, a_max, length) > 0 ||
+            memcmp(b_min, b_max, length) > 0)
+            return 0;
+
+        /*
+         * Punt overlaps.
+         */
+        if (memcmp(a_max, b_min, length) >= 0)
+            return 0;
+
+        /*
+         * Merge if a and b are adjacent.  We check for
+         * adjacency by subtracting one from b_min first.
+         */
+        for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--) ;
+        if (memcmp(a_max, b_min, length) == 0) {
+            IPAddressOrRange *merged;
+            if (!make_addressRange(&merged, a_min, b_max, length))
+                return 0;
+            sk_IPAddressOrRange_set(aors, i, merged);
+            (void)sk_IPAddressOrRange_delete(aors, i + 1);
+            IPAddressOrRange_free(a);
+            IPAddressOrRange_free(b);
+            --i;
+            continue;
+        }
+    }
 
     /*
-     * Merge if a and b are adjacent.  We check for
-     * adjacency by subtracting one from b_min first.
+     * Check for inverted final range.
      */
-    for (j = length - 1; j >= 0 && b_min[j]-- == 0x00; j--)
-      ;
-    if (memcmp(a_max, b_min, length) == 0) {
-      IPAddressOrRange *merged;
-      if (!make_addressRange(&merged, a_min, b_max, length))
-	return 0;
-      sk_IPAddressOrRange_set(aors, i, merged);
-      (void)sk_IPAddressOrRange_delete(aors, i + 1);
-      IPAddressOrRange_free(a);
-      IPAddressOrRange_free(b);
-      --i;
-      continue;
-    }
-  }
-
-  /*
-   * Check for inverted final range.
-   */
-  j = sk_IPAddressOrRange_num(aors) - 1;
-  {
-    IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
-    if (a != NULL && a->type == IPAddressOrRange_addressRange) {
-      unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
-      extract_min_max(a, a_min, a_max, length);
-      if (memcmp(a_min, a_max, length) > 0)
-	return 0;
+    j = sk_IPAddressOrRange_num(aors) - 1;
+    {
+        IPAddressOrRange *a = sk_IPAddressOrRange_value(aors, j);
+        if (a != NULL && a->type == IPAddressOrRange_addressRange) {
+            unsigned char a_min[ADDR_RAW_BUF_LEN], a_max[ADDR_RAW_BUF_LEN];
+            extract_min_max(a, a_min, a_max, length);
+            if (memcmp(a_min, a_max, length) > 0)
+                return 0;
+        }
     }
-  }
 
-  return 1;
+    return 1;
 }
 
 /*
@@ -916,200 +910,208 @@ static int IPAddressOrRanges_canonize(IPAddressOrRanges *aors,
  */
 int v3_addr_canonize(IPAddrBlocks *addr)
 {
-  int i;
-  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
-    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-    if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
-	!IPAddressOrRanges_canonize(f->ipAddressChoice->u.addressesOrRanges,
-				    v3_addr_get_afi(f)))
-      return 0;
-  }
-  (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
-  sk_IPAddressFamily_sort(addr);
-  OPENSSL_assert(v3_addr_is_canonical(addr));
-  return 1;
+    int i;
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        if (f->ipAddressChoice->type == IPAddressChoice_addressesOrRanges &&
+            !IPAddressOrRanges_canonize(f->ipAddressChoice->
+                                        u.addressesOrRanges,
+                                        v3_addr_get_afi(f)))
+            return 0;
+    }
+    (void)sk_IPAddressFamily_set_cmp_func(addr, IPAddressFamily_cmp);
+    sk_IPAddressFamily_sort(addr);
+    OPENSSL_assert(v3_addr_is_canonical(addr));
+    return 1;
 }
 
 /*
  * v2i handler for the IPAddrBlocks extension.
  */
 static void *v2i_IPAddrBlocks(struct v3_ext_method *method,
-			      struct v3_ext_ctx *ctx,
-			      STACK_OF(CONF_VALUE) *values)
+                              struct v3_ext_ctx *ctx,
+                              STACK_OF(CONF_VALUE) *values)
 {
-  static const char v4addr_chars[] = "0123456789.";
-  static const char v6addr_chars[] = "0123456789.:abcdefABCDEF";
-  IPAddrBlocks *addr = NULL;
-  char *s = NULL, *t;
-  int i;
-  
-  if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) {
-    X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
-    return NULL;
-  }
-
-  for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
-    CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
-    unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];
-    unsigned afi, *safi = NULL, safi_;
-    const char *addr_chars;
-    int prefixlen, i1, i2, delim, length;
-
-    if (       !name_cmp(val->name, "IPv4")) {
-      afi = IANA_AFI_IPV4;
-    } else if (!name_cmp(val->name, "IPv6")) {
-      afi = IANA_AFI_IPV6;
-    } else if (!name_cmp(val->name, "IPv4-SAFI")) {
-      afi = IANA_AFI_IPV4;
-      safi = &safi_;
-    } else if (!name_cmp(val->name, "IPv6-SAFI")) {
-      afi = IANA_AFI_IPV6;
-      safi = &safi_;
-    } else {
-      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_NAME_ERROR);
-      X509V3_conf_err(val);
-      goto err;
+    static const char v4addr_chars[] = "0123456789.";
+    static const char v6addr_chars[] = "0123456789.:abcdefABCDEF";
+    IPAddrBlocks *addr = NULL;
+    char *s = NULL, *t;
+    int i;
+
+    if ((addr = sk_IPAddressFamily_new(IPAddressFamily_cmp)) == NULL) {
+        X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+        return NULL;
     }
 
-    switch (afi) {
-    case IANA_AFI_IPV4:
-      addr_chars = v4addr_chars;
-      break;
-    case IANA_AFI_IPV6:
-      addr_chars = v6addr_chars;
-      break;
-    }
-
-    length = length_from_afi(afi);
-
-    /*
-     * Handle SAFI, if any, and BUF_strdup() so we can null-terminate
-     * the other input values.
-     */
-    if (safi != NULL) {
-      *safi = strtoul(val->value, &t, 0);
-      t += strspn(t, " \t");
-      if (*safi > 0xFF || *t++ != ':') {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI);
-	X509V3_conf_err(val);
-	goto err;
-      }
-      t += strspn(t, " \t");
-      s = BUF_strdup(t);
-    } else {
-      s = BUF_strdup(val->value);
-    }
-    if (s == NULL) {
-      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
-      goto err;
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+        unsigned char min[ADDR_RAW_BUF_LEN], max[ADDR_RAW_BUF_LEN];
+        unsigned afi, *safi = NULL, safi_;
+        const char *addr_chars;
+        int prefixlen, i1, i2, delim, length;
+
+        if (!name_cmp(val->name, "IPv4")) {
+            afi = IANA_AFI_IPV4;
+        } else if (!name_cmp(val->name, "IPv6")) {
+            afi = IANA_AFI_IPV6;
+        } else if (!name_cmp(val->name, "IPv4-SAFI")) {
+            afi = IANA_AFI_IPV4;
+            safi = &safi_;
+        } else if (!name_cmp(val->name, "IPv6-SAFI")) {
+            afi = IANA_AFI_IPV6;
+            safi = &safi_;
+        } else {
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                      X509V3_R_EXTENSION_NAME_ERROR);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        switch (afi) {
+        case IANA_AFI_IPV4:
+            addr_chars = v4addr_chars;
+            break;
+        case IANA_AFI_IPV6:
+            addr_chars = v6addr_chars;
+            break;
+        }
+
+        length = length_from_afi(afi);
+
+        /*
+         * Handle SAFI, if any, and BUF_strdup() so we can null-terminate
+         * the other input values.
+         */
+        if (safi != NULL) {
+            *safi = strtoul(val->value, &t, 0);
+            t += strspn(t, " \t");
+            if (*safi > 0xFF || *t++ != ':') {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_SAFI);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            t += strspn(t, " \t");
+            s = BUF_strdup(t);
+        } else {
+            s = BUF_strdup(val->value);
+        }
+        if (s == NULL) {
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+
+        /*
+         * Check for inheritance.  Not worth additional complexity to
+         * optimize this (seldom-used) case.
+         */
+        if (!strcmp(s, "inherit")) {
+            if (!v3_addr_add_inherit(addr, afi, safi)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_INVALID_INHERITANCE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            OPENSSL_free(s);
+            s = NULL;
+            continue;
+        }
+
+        i1 = strspn(s, addr_chars);
+        i2 = i1 + strspn(s + i1, " \t");
+        delim = s[i2++];
+        s[i1] = '\0';
+
+        if (a2i_ipadd(min, s) != length) {
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        switch (delim) {
+        case '/':
+            prefixlen = (int)strtoul(s + i2, &t, 10);
+            if (t == s + i2 || *t != '\0') {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            break;
+        case '-':
+            i1 = i2 + strspn(s + i2, " \t");
+            i2 = i1 + strspn(s + i1, addr_chars);
+            if (i1 == i2 || s[i2] != '\0') {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (a2i_ipadd(max, s + i1) != length) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_INVALID_IPADDRESS);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (memcmp(min, max, length_from_afi(afi)) > 0) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            if (!v3_addr_add_range(addr, afi, safi, min, max)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            break;
+        case '\0':
+            if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
+                X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            break;
+        default:
+            X509V3err(X509V3_F_V2I_IPADDRBLOCKS,
+                      X509V3_R_EXTENSION_VALUE_ERROR);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        OPENSSL_free(s);
+        s = NULL;
     }
 
     /*
-     * Check for inheritance.  Not worth additional complexity to
-     * optimize this (seldom-used) case.
+     * Canonize the result, then we're done.
      */
-    if (!strcmp(s, "inherit")) {
-      if (!v3_addr_add_inherit(addr, afi, safi)) {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_INHERITANCE);
-	X509V3_conf_err(val);
-	goto err;
-      }
-      OPENSSL_free(s);
-      s = NULL;
-      continue;
-    }
-
-    i1 = strspn(s, addr_chars);
-    i2 = i1 + strspn(s + i1, " \t");
-    delim = s[i2++];
-    s[i1] = '\0';
-
-    if (a2i_ipadd(min, s) != length) {
-      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
-      X509V3_conf_err(val);
-      goto err;
-    }
-
-    switch (delim) {
-    case '/':
-      prefixlen = (int) strtoul(s + i2, &t, 10);
-      if (t == s + i2 || *t != '\0') {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
-	X509V3_conf_err(val);
-	goto err;
-      }
-      if (!v3_addr_add_prefix(addr, afi, safi, min, prefixlen)) {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
-	goto err;
-      }
-      break;
-    case '-':
-      i1 = i2 + strspn(s + i2, " \t");
-      i2 = i1 + strspn(s + i1, addr_chars);
-      if (i1 == i2 || s[i2] != '\0') {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
-	X509V3_conf_err(val);
-	goto err;
-      }
-      if (a2i_ipadd(max, s + i1) != length) {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_INVALID_IPADDRESS);
-	X509V3_conf_err(val);
-	goto err;
-      }
-      if (memcmp(min, max, length_from_afi(afi)) > 0) {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
-	X509V3_conf_err(val);
-	goto err;
-      }
-      if (!v3_addr_add_range(addr, afi, safi, min, max)) {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
-	goto err;
-      }
-      break;
-    case '\0':
-      if (!v3_addr_add_prefix(addr, afi, safi, min, length * 8)) {
-	X509V3err(X509V3_F_V2I_IPADDRBLOCKS, ERR_R_MALLOC_FAILURE);
-	goto err;
-      }
-      break;
-    default:
-      X509V3err(X509V3_F_V2I_IPADDRBLOCKS, X509V3_R_EXTENSION_VALUE_ERROR);
-      X509V3_conf_err(val);
-      goto err;
-    }
-
-    OPENSSL_free(s);
-    s = NULL;
-  }
-
-  /*
-   * Canonize the result, then we're done.
-   */
-  if (!v3_addr_canonize(addr))
-    goto err;    
-  return addr;
+    if (!v3_addr_canonize(addr))
+        goto err;
+    return addr;
 
  err:
-  OPENSSL_free(s);
-  sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
-  return NULL;
+    OPENSSL_free(s);
+    sk_IPAddressFamily_pop_free(addr, IPAddressFamily_free);
+    return NULL;
 }
 
 /*
  * OpenSSL dispatch
  */
 const X509V3_EXT_METHOD v3_addr = {
-  NID_sbgp_ipAddrBlock,		/* nid */
-  0,				/* flags */
-  ASN1_ITEM_ref(IPAddrBlocks),	/* template */
-  0, 0, 0, 0,			/* old functions, ignored */
-  0,				/* i2s */
-  0,				/* s2i */
-  0,				/* i2v */
-  v2i_IPAddrBlocks,		/* v2i */
-  i2r_IPAddrBlocks,		/* i2r */
-  0,				/* r2i */
-  NULL				/* extension-specific data */
+    NID_sbgp_ipAddrBlock,       /* nid */
+    0,                          /* flags */
+    ASN1_ITEM_ref(IPAddrBlocks), /* template */
+    0, 0, 0, 0,                 /* old functions, ignored */
+    0,                          /* i2s */
+    0,                          /* s2i */
+    0,                          /* i2v */
+    v2i_IPAddrBlocks,           /* v2i */
+    i2r_IPAddrBlocks,           /* i2r */
+    0,                          /* r2i */
+    NULL                        /* extension-specific data */
 };
 
 /*
@@ -1117,53 +1119,52 @@ const X509V3_EXT_METHOD v3_addr = {
  */
 int v3_addr_inherits(IPAddrBlocks *addr)
 {
-  int i;
-  if (addr == NULL)
+    int i;
+    if (addr == NULL)
+        return 0;
+    for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
+        IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
+        if (f->ipAddressChoice->type == IPAddressChoice_inherit)
+            return 1;
+    }
     return 0;
-  for (i = 0; i < sk_IPAddressFamily_num(addr); i++) {
-    IPAddressFamily *f = sk_IPAddressFamily_value(addr, i);
-    if (f->ipAddressChoice->type == IPAddressChoice_inherit)
-      return 1;
-  }
-  return 0;
 }
 
 /*
  * Figure out whether parent contains child.
  */
 static int addr_contains(IPAddressOrRanges *parent,
-			 IPAddressOrRanges *child,
-			 int length)
+                         IPAddressOrRanges *child, int length)
 {
-  unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
-  unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
-  int p, c;
-
-  if (child == NULL || parent == child)
-    return 1;
-  if (parent == NULL)
-    return 0;
-
-  p = 0;
-  for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
-    if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
-			 c_min, c_max, length))
-      return -1;
-    for (;; p++) {
-      if (p >= sk_IPAddressOrRange_num(parent))
-	return 0;
-      if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
-			   p_min, p_max, length))
-	return 0;
-      if (memcmp(p_max, c_max, length) < 0)
-	continue;
-      if (memcmp(p_min, c_min, length) > 0)
-	return 0;
-      break;
+    unsigned char p_min[ADDR_RAW_BUF_LEN], p_max[ADDR_RAW_BUF_LEN];
+    unsigned char c_min[ADDR_RAW_BUF_LEN], c_max[ADDR_RAW_BUF_LEN];
+    int p, c;
+
+    if (child == NULL || parent == child)
+        return 1;
+    if (parent == NULL)
+        return 0;
+
+    p = 0;
+    for (c = 0; c < sk_IPAddressOrRange_num(child); c++) {
+        if (!extract_min_max(sk_IPAddressOrRange_value(child, c),
+                             c_min, c_max, length))
+            return -1;
+        for (;; p++) {
+            if (p >= sk_IPAddressOrRange_num(parent))
+                return 0;
+            if (!extract_min_max(sk_IPAddressOrRange_value(parent, p),
+                                 p_min, p_max, length))
+                return 0;
+            if (memcmp(p_max, c_max, length) < 0)
+                continue;
+            if (memcmp(p_min, c_min, length) > 0)
+                return 0;
+            break;
+        }
     }
-  }
 
-  return 1;
+    return 1;
 }
 
 /*
@@ -1171,150 +1172,156 @@ static int addr_contains(IPAddressOrRanges *parent,
  */
 int v3_addr_subset(IPAddrBlocks *a, IPAddrBlocks *b)
 {
-  int i;
-  if (a == NULL || a == b)
+    int i;
+    if (a == NULL || a == b)
+        return 1;
+    if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
+        return 0;
+    (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
+    for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
+        IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
+        int j = sk_IPAddressFamily_find(b, fa);
+        IPAddressFamily *fb;
+        fb = sk_IPAddressFamily_value(b, j);
+        if (fb == NULL)
+            return 0;
+        if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges,
+                           fa->ipAddressChoice->u.addressesOrRanges,
+                           length_from_afi(v3_addr_get_afi(fb))))
+            return 0;
+    }
     return 1;
-  if (b == NULL || v3_addr_inherits(a) || v3_addr_inherits(b))
-    return 0;
-  (void)sk_IPAddressFamily_set_cmp_func(b, IPAddressFamily_cmp);
-  for (i = 0; i < sk_IPAddressFamily_num(a); i++) {
-    IPAddressFamily *fa = sk_IPAddressFamily_value(a, i);
-    int j = sk_IPAddressFamily_find(b, fa);
-    IPAddressFamily *fb;
-    fb = sk_IPAddressFamily_value(b, j);
-    if (fb == NULL)
-       return 0;
-    if (!addr_contains(fb->ipAddressChoice->u.addressesOrRanges, 
-		       fa->ipAddressChoice->u.addressesOrRanges,
-		       length_from_afi(v3_addr_get_afi(fb))))
-      return 0;
-  }
-  return 1;
 }
 
 /*
  * Validation error handling via callback.
  */
-#define validation_err(_err_)		\
-  do {					\
-    if (ctx != NULL) {			\
-      ctx->error = _err_;		\
-      ctx->error_depth = i;		\
-      ctx->current_cert = x;		\
-      ret = ctx->verify_cb(0, ctx);	\
-    } else {				\
-      ret = 0;				\
-    }					\
-    if (!ret)				\
-      goto done;			\
+# define validation_err(_err_)           \
+  do {                                  \
+    if (ctx != NULL) {                  \
+      ctx->error = _err_;               \
+      ctx->error_depth = i;             \
+      ctx->current_cert = x;            \
+      ret = ctx->verify_cb(0, ctx);     \
+    } else {                            \
+      ret = 0;                          \
+    }                                   \
+    if (!ret)                           \
+      goto done;                        \
   } while (0)
 
 /*
  * Core code for RFC 3779 2.3 path validation.
  */
 static int v3_addr_validate_path_internal(X509_STORE_CTX *ctx,
-					  STACK_OF(X509) *chain,
-					  IPAddrBlocks *ext)
+                                          STACK_OF(X509) *chain,
+                                          IPAddrBlocks *ext)
 {
-  IPAddrBlocks *child = NULL;
-  int i, j, ret = 1;
-  X509 *x = NULL;
-
-  OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
-  OPENSSL_assert(ctx != NULL || ext != NULL);
-  OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
-
-  /*
-   * Figure out where to start.  If we don't have an extension to
-   * check, we're done.  Otherwise, check canonical form and
-   * set up for walking up the chain.
-   */
-  if (ext != NULL) {
-    i = -1;
-  } else {
-    i = 0;
-    x = sk_X509_value(chain, i);
-    OPENSSL_assert(x != NULL);
-    if ((ext = x->rfc3779_addr) == NULL)
-      goto done;
-  }
-  if (!v3_addr_is_canonical(ext))
-    validation_err(X509_V_ERR_INVALID_EXTENSION);
-  (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
-  if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
-    X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL, ERR_R_MALLOC_FAILURE);
-    ret = 0;
-    goto done;
-  }
-
-  /*
-   * Now walk up the chain.  No cert may list resources that its
-   * parent doesn't list.
-   */
-  for (i++; i < sk_X509_num(chain); i++) {
-    x = sk_X509_value(chain, i);
-    OPENSSL_assert(x != NULL);
-    if (!v3_addr_is_canonical(x->rfc3779_addr))
-      validation_err(X509_V_ERR_INVALID_EXTENSION);
-    if (x->rfc3779_addr == NULL) {
-      for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
-	IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
-	if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
-	  validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-	  break;
-	}
-      }
-      continue;
+    IPAddrBlocks *child = NULL;
+    int i, j, ret = 1;
+    X509 *x = NULL;
+
+    OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+    OPENSSL_assert(ctx != NULL || ext != NULL);
+    OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+
+    /*
+     * Figure out where to start.  If we don't have an extension to
+     * check, we're done.  Otherwise, check canonical form and
+     * set up for walking up the chain.
+     */
+    if (ext != NULL) {
+        i = -1;
+    } else {
+        i = 0;
+        x = sk_X509_value(chain, i);
+        OPENSSL_assert(x != NULL);
+        if ((ext = x->rfc3779_addr) == NULL)
+            goto done;
     }
-    (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr, IPAddressFamily_cmp);
-    for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
-      IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
-      int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
-      IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, k);
-      if (fp == NULL) {
-	if (fc->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
-	  validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-	  break;
-	}
-	continue;
-      }
-      if (fp->ipAddressChoice->type == IPAddressChoice_addressesOrRanges) {
-	if (fc->ipAddressChoice->type == IPAddressChoice_inherit ||
-	    addr_contains(fp->ipAddressChoice->u.addressesOrRanges, 
-			  fc->ipAddressChoice->u.addressesOrRanges,
-			  length_from_afi(v3_addr_get_afi(fc))))
-	  sk_IPAddressFamily_set(child, j, fp);
-	else
-	  validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-      }
+    if (!v3_addr_is_canonical(ext))
+        validation_err(X509_V_ERR_INVALID_EXTENSION);
+    (void)sk_IPAddressFamily_set_cmp_func(ext, IPAddressFamily_cmp);
+    if ((child = sk_IPAddressFamily_dup(ext)) == NULL) {
+        X509V3err(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL,
+                  ERR_R_MALLOC_FAILURE);
+        ret = 0;
+        goto done;
     }
-  }
-
-  /*
-   * Trust anchor can't inherit.
-   */
-  if (x->rfc3779_addr != NULL) {
-    for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
-      IPAddressFamily *fp = sk_IPAddressFamily_value(x->rfc3779_addr, j);
-      if (fp->ipAddressChoice->type == IPAddressChoice_inherit &&
-	  sk_IPAddressFamily_find(child, fp) >= 0)
-	validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+
+    /*
+     * Now walk up the chain.  No cert may list resources that its
+     * parent doesn't list.
+     */
+    for (i++; i < sk_X509_num(chain); i++) {
+        x = sk_X509_value(chain, i);
+        OPENSSL_assert(x != NULL);
+        if (!v3_addr_is_canonical(x->rfc3779_addr))
+            validation_err(X509_V_ERR_INVALID_EXTENSION);
+        if (x->rfc3779_addr == NULL) {
+            for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+                IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+                if (fc->ipAddressChoice->type != IPAddressChoice_inherit) {
+                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+                    break;
+                }
+            }
+            continue;
+        }
+        (void)sk_IPAddressFamily_set_cmp_func(x->rfc3779_addr,
+                                              IPAddressFamily_cmp);
+        for (j = 0; j < sk_IPAddressFamily_num(child); j++) {
+            IPAddressFamily *fc = sk_IPAddressFamily_value(child, j);
+            int k = sk_IPAddressFamily_find(x->rfc3779_addr, fc);
+            IPAddressFamily *fp =
+                sk_IPAddressFamily_value(x->rfc3779_addr, k);
+            if (fp == NULL) {
+                if (fc->ipAddressChoice->type ==
+                    IPAddressChoice_addressesOrRanges) {
+                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+                    break;
+                }
+                continue;
+            }
+            if (fp->ipAddressChoice->type ==
+                IPAddressChoice_addressesOrRanges) {
+                if (fc->ipAddressChoice->type == IPAddressChoice_inherit
+                    || addr_contains(fp->ipAddressChoice->u.addressesOrRanges,
+                                     fc->ipAddressChoice->u.addressesOrRanges,
+                                     length_from_afi(v3_addr_get_afi(fc))))
+                    sk_IPAddressFamily_set(child, j, fp);
+                else
+                    validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            }
+        }
+    }
+
+    /*
+     * Trust anchor can't inherit.
+     */
+    if (x->rfc3779_addr != NULL) {
+        for (j = 0; j < sk_IPAddressFamily_num(x->rfc3779_addr); j++) {
+            IPAddressFamily *fp =
+                sk_IPAddressFamily_value(x->rfc3779_addr, j);
+            if (fp->ipAddressChoice->type == IPAddressChoice_inherit
+                && sk_IPAddressFamily_find(child, fp) >= 0)
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+        }
     }
-  }
 
  done:
-  sk_IPAddressFamily_free(child);
-  return ret;
+    sk_IPAddressFamily_free(child);
+    return ret;
 }
 
-#undef validation_err
+# undef validation_err
 
 /*
  * RFC 3779 2.3 path validation -- called from X509_verify_cert().
  */
 int v3_addr_validate_path(X509_STORE_CTX *ctx)
 {
-  return v3_addr_validate_path_internal(ctx, ctx->chain, NULL);
+    return v3_addr_validate_path_internal(ctx, ctx->chain, NULL);
 }
 
 /*
@@ -1322,16 +1329,15 @@ int v3_addr_validate_path(X509_STORE_CTX *ctx)
  * Test whether chain covers extension.
  */
 int v3_addr_validate_resource_set(STACK_OF(X509) *chain,
-				  IPAddrBlocks *ext,
-				  int allow_inheritance)
+                                  IPAddrBlocks *ext, int allow_inheritance)
 {
-  if (ext == NULL)
-    return 1;
-  if (chain == NULL || sk_X509_num(chain) == 0)
-    return 0;
-  if (!allow_inheritance && v3_addr_inherits(ext))
-    return 0;
-  return v3_addr_validate_path_internal(NULL, chain, ext);
+    if (ext == NULL)
+        return 1;
+    if (chain == NULL || sk_X509_num(chain) == 0)
+        return 0;
+    if (!allow_inheritance && v3_addr_inherits(ext))
+        return 0;
+    return v3_addr_validate_path_internal(NULL, chain, ext);
 }
 
-#endif /* OPENSSL_NO_RFC3779 */
+#endif                          /* OPENSSL_NO_RFC3779 */
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c
index c6b68ee2..e920270e 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akey.c
@@ -1,6 +1,7 @@
 /* v3_akey.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,43 +65,47 @@
 #include <openssl/x509v3.h>
 
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
-			AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist);
+                                                 AUTHORITY_KEYID *akeyid,
+                                                 STACK_OF(CONF_VALUE)
+                                                 *extlist);
 static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
-			X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-
-const X509V3_EXT_METHOD v3_akey_id =
-	{
-	NID_authority_key_identifier,
-	X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
-	0,0,0,0,
-	0,0,
-	(X509V3_EXT_I2V)i2v_AUTHORITY_KEYID,
-	(X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
-	0,0,
-	NULL
-	};
+                                            X509V3_CTX *ctx,
+                                            STACK_OF(CONF_VALUE) *values);
+
+const X509V3_EXT_METHOD v3_akey_id = {
+    NID_authority_key_identifier,
+    X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_AUTHORITY_KEYID,
+    (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID,
+    0, 0,
+    NULL
+};
 
 static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
-	     AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist)
+                                                 AUTHORITY_KEYID *akeyid,
+                                                 STACK_OF(CONF_VALUE)
+                                                 *extlist)
 {
-	char *tmp;
-	if(akeyid->keyid) {
-		tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
-		X509V3_add_value("keyid", tmp, &extlist);
-		OPENSSL_free(tmp);
-	}
-	if(akeyid->issuer) 
-		extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
-	if(akeyid->serial) {
-		tmp = hex_to_string(akeyid->serial->data,
-						 akeyid->serial->length);
-		X509V3_add_value("serial", tmp, &extlist);
-		OPENSSL_free(tmp);
-	}
-	return extlist;
+    char *tmp;
+    if (akeyid->keyid) {
+        tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length);
+        X509V3_add_value("keyid", tmp, &extlist);
+        OPENSSL_free(tmp);
+    }
+    if (akeyid->issuer)
+        extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist);
+    if (akeyid->serial) {
+        tmp = hex_to_string(akeyid->serial->data, akeyid->serial->length);
+        X509V3_add_value("serial", tmp, &extlist);
+        OPENSSL_free(tmp);
+    }
+    return extlist;
 }
 
-/* Currently two options:
+/*-
+ * Currently two options:
  * keyid: use the issuers subject keyid, the value 'always' means its is
  * an error if the issuer certificate doesn't have a key id.
  * issuer: use the issuers cert issuer and serial number. The default is
@@ -109,100 +114,92 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
  */
 
 static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
-	{
-	char keyid=0, issuer=0;
-	int i;
-	CONF_VALUE *cnf;
-	ASN1_OCTET_STRING *ikeyid = NULL;
-	X509_NAME *isname = NULL;
-	GENERAL_NAMES * gens = NULL;
-	GENERAL_NAME *gen = NULL;
-	ASN1_INTEGER *serial = NULL;
-	X509_EXTENSION *ext;
-	X509 *cert;
-	AUTHORITY_KEYID *akeyid;
-
-	for(i = 0; i < sk_CONF_VALUE_num(values); i++)
-		{
-		cnf = sk_CONF_VALUE_value(values, i);
-		if(!strcmp(cnf->name, "keyid"))
-			{
-			keyid = 1;
-			if(cnf->value && !strcmp(cnf->value, "always"))
-				keyid = 2;
-			}
-		else if(!strcmp(cnf->name, "issuer"))
-			{
-			issuer = 1;
-			if(cnf->value && !strcmp(cnf->value, "always"))
-				issuer = 2;
-			}
-		else
-			{
-			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNKNOWN_OPTION);
-			ERR_add_error_data(2, "name=", cnf->name);
-			return NULL;
-			}
-		}
-
-	if(!ctx || !ctx->issuer_cert)
-		{
-		if(ctx && (ctx->flags==CTX_TEST))
-			return AUTHORITY_KEYID_new();
-		X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE);
-		return NULL;
-		}
-
-	cert = ctx->issuer_cert;
-
-	if(keyid)
-		{
-		i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
-		if((i >= 0)  && (ext = X509_get_ext(cert, i)))
-			ikeyid = X509V3_EXT_d2i(ext);
-		if(keyid==2 && !ikeyid)
-			{
-			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
-			return NULL;
-			}
-		}
-
-	if((issuer && !ikeyid) || (issuer == 2))
-		{
-		isname = X509_NAME_dup(X509_get_issuer_name(cert));
-		serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
-		if(!isname || !serial)
-			{
-			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
-			goto err;
-			}
-		}
-
-	if(!(akeyid = AUTHORITY_KEYID_new())) goto err;
-
-	if(isname)
-		{
-		if(!(gens = sk_GENERAL_NAME_new_null())
-			|| !(gen = GENERAL_NAME_new())
-			|| !sk_GENERAL_NAME_push(gens, gen))
-			{
-			X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		gen->type = GEN_DIRNAME;
-		gen->d.dirn = isname;
-		}
-
-	akeyid->issuer = gens;
-	akeyid->serial = serial;
-	akeyid->keyid = ikeyid;
-
-	return akeyid;
+                                            X509V3_CTX *ctx,
+                                            STACK_OF(CONF_VALUE) *values)
+{
+    char keyid = 0, issuer = 0;
+    int i;
+    CONF_VALUE *cnf;
+    ASN1_OCTET_STRING *ikeyid = NULL;
+    X509_NAME *isname = NULL;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gen = NULL;
+    ASN1_INTEGER *serial = NULL;
+    X509_EXTENSION *ext;
+    X509 *cert;
+    AUTHORITY_KEYID *akeyid;
+
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        cnf = sk_CONF_VALUE_value(values, i);
+        if (!strcmp(cnf->name, "keyid")) {
+            keyid = 1;
+            if (cnf->value && !strcmp(cnf->value, "always"))
+                keyid = 2;
+        } else if (!strcmp(cnf->name, "issuer")) {
+            issuer = 1;
+            if (cnf->value && !strcmp(cnf->value, "always"))
+                issuer = 2;
+        } else {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, X509V3_R_UNKNOWN_OPTION);
+            ERR_add_error_data(2, "name=", cnf->name);
+            return NULL;
+        }
+    }
+
+    if (!ctx || !ctx->issuer_cert) {
+        if (ctx && (ctx->flags == CTX_TEST))
+            return AUTHORITY_KEYID_new();
+        X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+                  X509V3_R_NO_ISSUER_CERTIFICATE);
+        return NULL;
+    }
+
+    cert = ctx->issuer_cert;
+
+    if (keyid) {
+        i = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+        if ((i >= 0) && (ext = X509_get_ext(cert, i)))
+            ikeyid = X509V3_EXT_d2i(ext);
+        if (keyid == 2 && !ikeyid) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+                      X509V3_R_UNABLE_TO_GET_ISSUER_KEYID);
+            return NULL;
+        }
+    }
+
+    if ((issuer && !ikeyid) || (issuer == 2)) {
+        isname = X509_NAME_dup(X509_get_issuer_name(cert));
+        serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert));
+        if (!isname || !serial) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,
+                      X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS);
+            goto err;
+        }
+    }
+
+    if (!(akeyid = AUTHORITY_KEYID_new()))
+        goto err;
+
+    if (isname) {
+        if (!(gens = sk_GENERAL_NAME_new_null())
+            || !(gen = GENERAL_NAME_new())
+            || !sk_GENERAL_NAME_push(gens, gen)) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_KEYID, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        gen->type = GEN_DIRNAME;
+        gen->d.dirn = isname;
+    }
+
+    akeyid->issuer = gens;
+    akeyid->serial = serial;
+    akeyid->keyid = ikeyid;
+
+    return akeyid;
 
  err:
-	X509_NAME_free(isname);
-	M_ASN1_INTEGER_free(serial);
-	M_ASN1_OCTET_STRING_free(ikeyid);
-	return NULL;
-	}
+    X509_NAME_free(isname);
+    M_ASN1_INTEGER_free(serial);
+    M_ASN1_OCTET_STRING_free(ikeyid);
+    return NULL;
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c
index 2c50f736..2cc85b76 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_akeya.c
@@ -1,6 +1,7 @@
 /* v3_akey_asn1.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,9 +65,9 @@
 #include <openssl/x509v3.h>
 
 ASN1_SEQUENCE(AUTHORITY_KEYID) = {
-	ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
-	ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
-	ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
+        ASN1_IMP_OPT(AUTHORITY_KEYID, keyid, ASN1_OCTET_STRING, 0),
+        ASN1_IMP_SEQUENCE_OF_OPT(AUTHORITY_KEYID, issuer, GENERAL_NAME, 1),
+        ASN1_IMP_OPT(AUTHORITY_KEYID, serial, ASN1_INTEGER, 2)
 } ASN1_SEQUENCE_END(AUTHORITY_KEYID)
 
 IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_KEYID)
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c
index 69244e49..ea0e6bea 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c
@@ -1,5 +1,6 @@
 /* v3_alt.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,525 +62,504 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
+                                      X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *nval);
+static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
+                                     X509V3_CTX *ctx,
+                                     STACK_OF(CONF_VALUE) *nval);
 static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
 static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
 static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
 static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
 
 const X509V3_EXT_METHOD v3_alt[] = {
-{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
-(X509V3_EXT_V2I)v2i_subject_alt,
-NULL, NULL, NULL},
-
-{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
-(X509V3_EXT_V2I)v2i_issuer_alt,
-NULL, NULL, NULL},
+    {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+     0, 0, 0, 0,
+     0, 0,
+     (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
+     (X509V3_EXT_V2I)v2i_subject_alt,
+     NULL, NULL, NULL},
+
+    {NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
+     0, 0, 0, 0,
+     0, 0,
+     (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
+     (X509V3_EXT_V2I)v2i_issuer_alt,
+     NULL, NULL, NULL},
 };
 
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-		GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret)
+                                        GENERAL_NAMES *gens,
+                                        STACK_OF(CONF_VALUE) *ret)
 {
-	int i;
-	GENERAL_NAME *gen;
-	for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
-		gen = sk_GENERAL_NAME_value(gens, i);
-		ret = i2v_GENERAL_NAME(method, gen, ret);
-	}
-	if(!ret) return sk_CONF_VALUE_new_null();
-	return ret;
+    int i;
+    GENERAL_NAME *gen;
+    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+        gen = sk_GENERAL_NAME_value(gens, i);
+        ret = i2v_GENERAL_NAME(method, gen, ret);
+    }
+    if (!ret)
+        return sk_CONF_VALUE_new_null();
+    return ret;
 }
 
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
-				GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
+                                       GENERAL_NAME *gen,
+                                       STACK_OF(CONF_VALUE) *ret)
 {
-	unsigned char *p;
-	char oline[256], htmp[5];
-	int i;
-	switch (gen->type)
-	{
-		case GEN_OTHERNAME:
-		X509V3_add_value("othername","<unsupported>", &ret);
-		break;
-
-		case GEN_X400:
-		X509V3_add_value("X400Name","<unsupported>", &ret);
-		break;
-
-		case GEN_EDIPARTY:
-		X509V3_add_value("EdiPartyName","<unsupported>", &ret);
-		break;
-
-		case GEN_EMAIL:
-		X509V3_add_value_uchar("email",gen->d.ia5->data, &ret);
-		break;
-
-		case GEN_DNS:
-		X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret);
-		break;
-
-		case GEN_URI:
-		X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret);
-		break;
-
-		case GEN_DIRNAME:
-		X509_NAME_oneline(gen->d.dirn, oline, 256);
-		X509V3_add_value("DirName",oline, &ret);
-		break;
-
-		case GEN_IPADD:
-		p = gen->d.ip->data;
-		if(gen->d.ip->length == 4)
-			BIO_snprintf(oline, sizeof oline,
-				     "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
-		else if(gen->d.ip->length == 16)
-			{
-			oline[0] = 0;
-			for (i = 0; i < 8; i++)
-				{
-				BIO_snprintf(htmp, sizeof htmp,
-					     "%X", p[0] << 8 | p[1]);
-				p += 2;
-				strcat(oline, htmp);
-				if (i != 7)
-					strcat(oline, ":");
-				}
-			}
-		else
-			{
-			X509V3_add_value("IP Address","<invalid>", &ret);
-			break;
-			}
-		X509V3_add_value("IP Address",oline, &ret);
-		break;
-
-		case GEN_RID:
-		i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
-		X509V3_add_value("Registered ID",oline, &ret);
-		break;
-	}
-	return ret;
+    unsigned char *p;
+    char oline[256], htmp[5];
+    int i;
+    switch (gen->type) {
+    case GEN_OTHERNAME:
+        X509V3_add_value("othername", "<unsupported>", &ret);
+        break;
+
+    case GEN_X400:
+        X509V3_add_value("X400Name", "<unsupported>", &ret);
+        break;
+
+    case GEN_EDIPARTY:
+        X509V3_add_value("EdiPartyName", "<unsupported>", &ret);
+        break;
+
+    case GEN_EMAIL:
+        X509V3_add_value_uchar("email", gen->d.ia5->data, &ret);
+        break;
+
+    case GEN_DNS:
+        X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret);
+        break;
+
+    case GEN_URI:
+        X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret);
+        break;
+
+    case GEN_DIRNAME:
+        X509_NAME_oneline(gen->d.dirn, oline, 256);
+        X509V3_add_value("DirName", oline, &ret);
+        break;
+
+    case GEN_IPADD:
+        p = gen->d.ip->data;
+        if (gen->d.ip->length == 4)
+            BIO_snprintf(oline, sizeof oline,
+                         "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+        else if (gen->d.ip->length == 16) {
+            oline[0] = 0;
+            for (i = 0; i < 8; i++) {
+                BIO_snprintf(htmp, sizeof htmp, "%X", p[0] << 8 | p[1]);
+                p += 2;
+                strcat(oline, htmp);
+                if (i != 7)
+                    strcat(oline, ":");
+            }
+        } else {
+            X509V3_add_value("IP Address", "<invalid>", &ret);
+            break;
+        }
+        X509V3_add_value("IP Address", oline, &ret);
+        break;
+
+    case GEN_RID:
+        i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
+        X509V3_add_value("Registered ID", oline, &ret);
+        break;
+    }
+    return ret;
 }
 
 int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
 {
-	unsigned char *p;
-	int i;
-	switch (gen->type)
-	{
-		case GEN_OTHERNAME:
-		BIO_printf(out, "othername:<unsupported>");
-		break;
-
-		case GEN_X400:
-		BIO_printf(out, "X400Name:<unsupported>");
-		break;
-
-		case GEN_EDIPARTY:
-		/* Maybe fix this: it is supported now */
-		BIO_printf(out, "EdiPartyName:<unsupported>");
-		break;
-
-		case GEN_EMAIL:
-		BIO_printf(out, "email:%s",gen->d.ia5->data);
-		break;
-
-		case GEN_DNS:
-		BIO_printf(out, "DNS:%s",gen->d.ia5->data);
-		break;
-
-		case GEN_URI:
-		BIO_printf(out, "URI:%s",gen->d.ia5->data);
-		break;
-
-		case GEN_DIRNAME:
-		BIO_printf(out, "DirName: ");
-		X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
-		break;
-
-		case GEN_IPADD:
-		p = gen->d.ip->data;
-		if(gen->d.ip->length == 4)
-			BIO_printf(out, "IP Address:%d.%d.%d.%d",
-						p[0], p[1], p[2], p[3]);
-		else if(gen->d.ip->length == 16)
-			{
-			BIO_printf(out, "IP Address");
-			for (i = 0; i < 8; i++)
-				{
-				BIO_printf(out, ":%X", p[0] << 8 | p[1]);
-				p += 2;
-				}
-			BIO_puts(out, "\n");
-			}
-		else
-			{
-			BIO_printf(out,"IP Address:<invalid>");
-			break;
-			}
-		break;
-
-		case GEN_RID:
-		BIO_printf(out, "Registered ID");
-		i2a_ASN1_OBJECT(out, gen->d.rid);
-		break;
-	}
-	return 1;
+    unsigned char *p;
+    int i;
+    switch (gen->type) {
+    case GEN_OTHERNAME:
+        BIO_printf(out, "othername:<unsupported>");
+        break;
+
+    case GEN_X400:
+        BIO_printf(out, "X400Name:<unsupported>");
+        break;
+
+    case GEN_EDIPARTY:
+        /* Maybe fix this: it is supported now */
+        BIO_printf(out, "EdiPartyName:<unsupported>");
+        break;
+
+    case GEN_EMAIL:
+        BIO_printf(out, "email:%s", gen->d.ia5->data);
+        break;
+
+    case GEN_DNS:
+        BIO_printf(out, "DNS:%s", gen->d.ia5->data);
+        break;
+
+    case GEN_URI:
+        BIO_printf(out, "URI:%s", gen->d.ia5->data);
+        break;
+
+    case GEN_DIRNAME:
+        BIO_printf(out, "DirName: ");
+        X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
+        break;
+
+    case GEN_IPADD:
+        p = gen->d.ip->data;
+        if (gen->d.ip->length == 4)
+            BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
+        else if (gen->d.ip->length == 16) {
+            BIO_printf(out, "IP Address");
+            for (i = 0; i < 8; i++) {
+                BIO_printf(out, ":%X", p[0] << 8 | p[1]);
+                p += 2;
+            }
+            BIO_puts(out, "\n");
+        } else {
+            BIO_printf(out, "IP Address:<invalid>");
+            break;
+        }
+        break;
+
+    case GEN_RID:
+        BIO_printf(out, "Registered ID");
+        i2a_ASN1_OBJECT(out, gen->d.rid);
+        break;
+    }
+    return 1;
 }
 
 static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                                     X509V3_CTX *ctx,
+                                     STACK_OF(CONF_VALUE) *nval)
 {
-	GENERAL_NAMES *gens = NULL;
-	CONF_VALUE *cnf;
-	int i;
-	if(!(gens = sk_GENERAL_NAME_new_null())) {
-		X509V3err(X509V3_F_V2I_ISSUER_ALT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		cnf = sk_CONF_VALUE_value(nval, i);
-		if(!name_cmp(cnf->name, "issuer") && cnf->value &&
-						!strcmp(cnf->value, "copy")) {
-			if(!copy_issuer(ctx, gens)) goto err;
-		} else {
-			GENERAL_NAME *gen;
-			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
-								 goto err; 
-			sk_GENERAL_NAME_push(gens, gen);
-		}
-	}
-	return gens;
-	err:
-	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
-	return NULL;
+    GENERAL_NAMES *gens = NULL;
+    CONF_VALUE *cnf;
+    int i;
+    if (!(gens = sk_GENERAL_NAME_new_null())) {
+        X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!name_cmp(cnf->name, "issuer") && cnf->value &&
+            !strcmp(cnf->value, "copy")) {
+            if (!copy_issuer(ctx, gens))
+                goto err;
+        } else {
+            GENERAL_NAME *gen;
+            if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+                goto err;
+            sk_GENERAL_NAME_push(gens, gen);
+        }
+    }
+    return gens;
+ err:
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return NULL;
 }
 
 /* Append subject altname of issuer to issuer alt name of subject */
 
 static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
 {
-	GENERAL_NAMES *ialt;
-	GENERAL_NAME *gen;
-	X509_EXTENSION *ext;
-	int i;
-	if(ctx && (ctx->flags == CTX_TEST)) return 1;
-	if(!ctx || !ctx->issuer_cert) {
-		X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS);
-		goto err;
-	}
-        i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
-	if(i < 0) return 1;
-        if(!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
-                        !(ialt = X509V3_EXT_d2i(ext)) ) {
-		X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR);
-		goto err;
-	}
-
-	for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
-		gen = sk_GENERAL_NAME_value(ialt, i);
-		if(!sk_GENERAL_NAME_push(gens, gen)) {
-			X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-	}
-	sk_GENERAL_NAME_free(ialt);
-
-	return 1;
-		
-	err:
-	return 0;
-	
+    GENERAL_NAMES *ialt;
+    GENERAL_NAME *gen;
+    X509_EXTENSION *ext;
+    int i;
+    if (ctx && (ctx->flags == CTX_TEST))
+        return 1;
+    if (!ctx || !ctx->issuer_cert) {
+        X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_NO_ISSUER_DETAILS);
+        goto err;
+    }
+    i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
+    if (i < 0)
+        return 1;
+    if (!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
+        !(ialt = X509V3_EXT_d2i(ext))) {
+        X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR);
+        goto err;
+    }
+
+    for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
+        gen = sk_GENERAL_NAME_value(ialt, i);
+        if (!sk_GENERAL_NAME_push(gens, gen)) {
+            X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    sk_GENERAL_NAME_free(ialt);
+
+    return 1;
+
+ err:
+    return 0;
+
 }
 
 static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                                      X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *nval)
 {
-	GENERAL_NAMES *gens = NULL;
-	CONF_VALUE *cnf;
-	int i;
-	if(!(gens = sk_GENERAL_NAME_new_null())) {
-		X509V3err(X509V3_F_V2I_SUBJECT_ALT,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		cnf = sk_CONF_VALUE_value(nval, i);
-		if(!name_cmp(cnf->name, "email") && cnf->value &&
-						!strcmp(cnf->value, "copy")) {
-			if(!copy_email(ctx, gens, 0)) goto err;
-		} else if(!name_cmp(cnf->name, "email") && cnf->value &&
-						!strcmp(cnf->value, "move")) {
-			if(!copy_email(ctx, gens, 1)) goto err;
-		} else {
-			GENERAL_NAME *gen;
-			if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
-								 goto err; 
-			sk_GENERAL_NAME_push(gens, gen);
-		}
-	}
-	return gens;
-	err:
-	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
-	return NULL;
+    GENERAL_NAMES *gens = NULL;
+    CONF_VALUE *cnf;
+    int i;
+    if (!(gens = sk_GENERAL_NAME_new_null())) {
+        X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!name_cmp(cnf->name, "email") && cnf->value &&
+            !strcmp(cnf->value, "copy")) {
+            if (!copy_email(ctx, gens, 0))
+                goto err;
+        } else if (!name_cmp(cnf->name, "email") && cnf->value &&
+                   !strcmp(cnf->value, "move")) {
+            if (!copy_email(ctx, gens, 1))
+                goto err;
+        } else {
+            GENERAL_NAME *gen;
+            if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+                goto err;
+            sk_GENERAL_NAME_push(gens, gen);
+        }
+    }
+    return gens;
+ err:
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return NULL;
 }
 
-/* Copy any email addresses in a certificate or request to 
- * GENERAL_NAMES
+/*
+ * Copy any email addresses in a certificate or request to GENERAL_NAMES
  */
 
 static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
 {
-	X509_NAME *nm;
-	ASN1_IA5STRING *email = NULL;
-	X509_NAME_ENTRY *ne;
-	GENERAL_NAME *gen = NULL;
-	int i;
-	if(ctx != NULL && ctx->flags == CTX_TEST)
-		return 1;
-	if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
-		X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
-		goto err;
-	}
-	/* Find the subject name */
-	if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert);
-	else nm = X509_REQ_get_subject_name(ctx->subject_req);
-
-	/* Now add any email address(es) to STACK */
-	i = -1;
-	while((i = X509_NAME_get_index_by_NID(nm,
-					 NID_pkcs9_emailAddress, i)) >= 0) {
-		ne = X509_NAME_get_entry(nm, i);
-		email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
-                if (move_p)
-                        {
-                        X509_NAME_delete_entry(nm, i);
-			X509_NAME_ENTRY_free(ne);
-                        i--;
-                        }
-		if(!email || !(gen = GENERAL_NAME_new())) {
-			X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		gen->d.ia5 = email;
-		email = NULL;
-		gen->type = GEN_EMAIL;
-		if(!sk_GENERAL_NAME_push(gens, gen)) {
-			X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		gen = NULL;
-	}
-
-	
-	return 1;
-		
-	err:
-	GENERAL_NAME_free(gen);
-	M_ASN1_IA5STRING_free(email);
-	return 0;
-	
+    X509_NAME *nm;
+    ASN1_IA5STRING *email = NULL;
+    X509_NAME_ENTRY *ne;
+    GENERAL_NAME *gen = NULL;
+    int i;
+    if (ctx != NULL && ctx->flags == CTX_TEST)
+        return 1;
+    if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
+        X509V3err(X509V3_F_COPY_EMAIL, X509V3_R_NO_SUBJECT_DETAILS);
+        goto err;
+    }
+    /* Find the subject name */
+    if (ctx->subject_cert)
+        nm = X509_get_subject_name(ctx->subject_cert);
+    else
+        nm = X509_REQ_get_subject_name(ctx->subject_req);
+
+    /* Now add any email address(es) to STACK */
+    i = -1;
+    while ((i = X509_NAME_get_index_by_NID(nm,
+                                           NID_pkcs9_emailAddress, i)) >= 0) {
+        ne = X509_NAME_get_entry(nm, i);
+        email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
+        if (move_p) {
+            X509_NAME_delete_entry(nm, i);
+            X509_NAME_ENTRY_free(ne);
+            i--;
+        }
+        if (!email || !(gen = GENERAL_NAME_new())) {
+            X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        gen->d.ia5 = email;
+        email = NULL;
+        gen->type = GEN_EMAIL;
+        if (!sk_GENERAL_NAME_push(gens, gen)) {
+            X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        gen = NULL;
+    }
+
+    return 1;
+
+ err:
+    GENERAL_NAME_free(gen);
+    M_ASN1_IA5STRING_free(email);
+    return 0;
+
 }
 
 GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
-	GENERAL_NAME *gen;
-	GENERAL_NAMES *gens = NULL;
-	CONF_VALUE *cnf;
-	int i;
-	if(!(gens = sk_GENERAL_NAME_new_null())) {
-		X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		cnf = sk_CONF_VALUE_value(nval, i);
-		if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
-		sk_GENERAL_NAME_push(gens, gen);
-	}
-	return gens;
-	err:
-	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
-	return NULL;
+    GENERAL_NAME *gen;
+    GENERAL_NAMES *gens = NULL;
+    CONF_VALUE *cnf;
+    int i;
+    if (!(gens = sk_GENERAL_NAME_new_null())) {
+        X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+            goto err;
+        sk_GENERAL_NAME_push(gens, gen);
+    }
+    return gens;
+ err:
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return NULL;
 }
 
 GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-							 CONF_VALUE *cnf)
-	{
-	return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
-	}
+                               CONF_VALUE *cnf)
+{
+    return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
+}
 
 GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
-				X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-						 CONF_VALUE *cnf, int is_nc)
-	{
-	char is_string = 0;
-	int type;
-	GENERAL_NAME *gen = NULL;
-
-	char *name, *value;
-
-	name = cnf->name;
-	value = cnf->value;
-
-	if(!value)
-		{
-		X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
-		return NULL;
-		}
-
-	if (out)
-		gen = out;
-	else
-		{
-		gen = GENERAL_NAME_new();
-		if(gen == NULL)
-			{
-			X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
-			return NULL;
-			}
-		}
-
-	if(!name_cmp(name, "email"))
-		{
-		is_string = 1;
-		type = GEN_EMAIL;
-		}
-	else if(!name_cmp(name, "URI"))
-		{
-		is_string = 1;
-		type = GEN_URI;
-		}
-	else if(!name_cmp(name, "DNS"))
-		{
-		is_string = 1;
-		type = GEN_DNS;
-		}
-	else if(!name_cmp(name, "RID"))
-		{
-		ASN1_OBJECT *obj;
-		if(!(obj = OBJ_txt2obj(value,0)))
-			{
-			X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT);
-			ERR_add_error_data(2, "value=", value);
-			goto err;
-			}
-		gen->d.rid = obj;
-		type = GEN_RID;
-		}
-	else if(!name_cmp(name, "IP"))
-		{
-		if (is_nc)
-			gen->d.ip = a2i_IPADDRESS_NC(value);
-		else
-			gen->d.ip = a2i_IPADDRESS(value);
-		if(gen->d.ip == NULL)
-			{
-			X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS);
-			ERR_add_error_data(2, "value=", value);
-			goto err;
-			}
-		type = GEN_IPADD;
-		}
-	else if(!name_cmp(name, "dirName"))
-		{
-		type = GEN_DIRNAME;
-		if (!do_dirname(gen, value, ctx))
-			{
-			X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR);
-			goto err;
-			}
-		}
-	else if(!name_cmp(name, "otherName"))
-		{
-		if (!do_othername(gen, value, ctx))
-			{
-			X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR);
-			goto err;
-			}
-		type = GEN_OTHERNAME;
-		}
-	else
-		{
-		X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
-		ERR_add_error_data(2, "name=", name);
-		goto err;
-		}
-
-	if(is_string)
-		{
-		if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
-			      !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
-					       strlen(value)))
-			{
-			X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
-			goto err;
-			}
-		}
-
-	gen->type = type;
-
-	return gen;
-
-	err:
-	if (!out)
-		GENERAL_NAME_free(gen);
-	return NULL;
-	}
+                                  X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                                  CONF_VALUE *cnf, int is_nc)
+{
+    char is_string = 0;
+    int type;
+    GENERAL_NAME *gen = NULL;
+
+    char *name, *value;
+
+    name = cnf->name;
+    value = cnf->value;
+
+    if (!value) {
+        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_MISSING_VALUE);
+        return NULL;
+    }
+
+    if (out)
+        gen = out;
+    else {
+        gen = GENERAL_NAME_new();
+        if (gen == NULL) {
+            X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+    }
+
+    if (!name_cmp(name, "email")) {
+        is_string = 1;
+        type = GEN_EMAIL;
+    } else if (!name_cmp(name, "URI")) {
+        is_string = 1;
+        type = GEN_URI;
+    } else if (!name_cmp(name, "DNS")) {
+        is_string = 1;
+        type = GEN_DNS;
+    } else if (!name_cmp(name, "RID")) {
+        ASN1_OBJECT *obj;
+        if (!(obj = OBJ_txt2obj(value, 0))) {
+            X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_BAD_OBJECT);
+            ERR_add_error_data(2, "value=", value);
+            goto err;
+        }
+        gen->d.rid = obj;
+        type = GEN_RID;
+    } else if (!name_cmp(name, "IP")) {
+        if (is_nc)
+            gen->d.ip = a2i_IPADDRESS_NC(value);
+        else
+            gen->d.ip = a2i_IPADDRESS(value);
+        if (gen->d.ip == NULL) {
+            X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_BAD_IP_ADDRESS);
+            ERR_add_error_data(2, "value=", value);
+            goto err;
+        }
+        type = GEN_IPADD;
+    } else if (!name_cmp(name, "dirName")) {
+        type = GEN_DIRNAME;
+        if (!do_dirname(gen, value, ctx)) {
+            X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_DIRNAME_ERROR);
+            goto err;
+        }
+    } else if (!name_cmp(name, "otherName")) {
+        if (!do_othername(gen, value, ctx)) {
+            X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_OTHERNAME_ERROR);
+            goto err;
+        }
+        type = GEN_OTHERNAME;
+    } else {
+        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_UNSUPPORTED_OPTION);
+        ERR_add_error_data(2, "name=", name);
+        goto err;
+    }
+
+    if (is_string) {
+        if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
+            !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value,
+                             strlen(value))) {
+            X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+
+    gen->type = type;
+
+    return gen;
+
+ err:
+    if (!out)
+        GENERAL_NAME_free(gen);
+    return NULL;
+}
 
 static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
-	{
-	char *objtmp = NULL, *p;
-	int objlen;
-	if (!(p = strchr(value, ';')))
-		return 0;
-	if (!(gen->d.otherName = OTHERNAME_new()))
-		return 0;
-	/* Free this up because we will overwrite it.
-	 * no need to free type_id because it is static
-	 */
-	ASN1_TYPE_free(gen->d.otherName->value);
-	if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)))
-		return 0;
-	objlen = p - value;
-	objtmp = OPENSSL_malloc(objlen + 1);
-	strncpy(objtmp, value, objlen);
-	objtmp[objlen] = 0;
-	gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
-	OPENSSL_free(objtmp);	
-	if (!gen->d.otherName->type_id)
-		return 0;
-	return 1;
-	}
+{
+    char *objtmp = NULL, *p;
+    int objlen;
+    if (!(p = strchr(value, ';')))
+        return 0;
+    if (!(gen->d.otherName = OTHERNAME_new()))
+        return 0;
+    /*
+     * Free this up because we will overwrite it. no need to free type_id
+     * because it is static
+     */
+    ASN1_TYPE_free(gen->d.otherName->value);
+    if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)))
+        return 0;
+    objlen = p - value;
+    objtmp = OPENSSL_malloc(objlen + 1);
+    strncpy(objtmp, value, objlen);
+    objtmp[objlen] = 0;
+    gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
+    OPENSSL_free(objtmp);
+    if (!gen->d.otherName->type_id)
+        return 0;
+    return 1;
+}
 
 static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
-	{
-	int ret;
-	STACK_OF(CONF_VALUE) *sk;
-	X509_NAME *nm;
-	if (!(nm = X509_NAME_new()))
-		return 0;
-	sk = X509V3_get_section(ctx, value);
-	if (!sk)
-		{
-		X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND);
-		ERR_add_error_data(2, "section=", value);
-		X509_NAME_free(nm);
-		return 0;
-		}
-	/* FIXME: should allow other character types... */
-	ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
-	if (!ret)
-		X509_NAME_free(nm);
-	gen->d.dirn = nm;
-
-	X509V3_section_free(ctx, sk);
-		
-	return ret;
-	}
+{
+    int ret;
+    STACK_OF(CONF_VALUE) *sk;
+    X509_NAME *nm;
+    if (!(nm = X509_NAME_new()))
+        return 0;
+    sk = X509V3_get_section(ctx, value);
+    if (!sk) {
+        X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND);
+        ERR_add_error_data(2, "section=", value);
+        X509_NAME_free(nm);
+        return 0;
+    }
+    /* FIXME: should allow other character types... */
+    ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
+    if (!ret)
+        X509_NAME_free(nm);
+    gen->d.dirn = nm;
+
+    X509V3_section_free(ctx, sk);
+
+    return ret;
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c
index 11aad0b8..c2a8393f 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_asid.c
@@ -10,7 +10,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -104,93 +104,92 @@ IMPLEMENT_ASN1_FUNCTIONS(ASIdentifiers)
  * i2r method for an ASIdentifierChoice.
  */
 static int i2r_ASIdentifierChoice(BIO *out,
-				  ASIdentifierChoice *choice,
-				  int indent,
-				  const char *msg)
+                                  ASIdentifierChoice *choice,
+                                  int indent, const char *msg)
 {
-  int i;
-  char *s;
-  if (choice == NULL)
-    return 1;
-  BIO_printf(out, "%*s%s:\n", indent, "", msg);
-  switch (choice->type) {
-  case ASIdentifierChoice_inherit:
-    BIO_printf(out, "%*sinherit\n", indent + 2, "");
-    break;
-  case ASIdentifierChoice_asIdsOrRanges:
-    for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) {
-      ASIdOrRange *aor = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
-      switch (aor->type) {
-      case ASIdOrRange_id:
-	if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL)
-	  return 0;
-	BIO_printf(out, "%*s%s\n", indent + 2, "", s);
-	OPENSSL_free(s);
-	break;
-      case ASIdOrRange_range:
-	if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL)
-	  return 0;
-	BIO_printf(out, "%*s%s-", indent + 2, "", s);
-	OPENSSL_free(s);
-	if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL)
-	  return 0;
-	BIO_printf(out, "%s\n", s);
-	OPENSSL_free(s);
-	break;
-      default:
-	return 0;
-      }
+    int i;
+    char *s;
+    if (choice == NULL)
+        return 1;
+    BIO_printf(out, "%*s%s:\n", indent, "", msg);
+    switch (choice->type) {
+    case ASIdentifierChoice_inherit:
+        BIO_printf(out, "%*sinherit\n", indent + 2, "");
+        break;
+    case ASIdentifierChoice_asIdsOrRanges:
+        for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges); i++) {
+            ASIdOrRange *aor =
+                sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+            switch (aor->type) {
+            case ASIdOrRange_id:
+                if ((s = i2s_ASN1_INTEGER(NULL, aor->u.id)) == NULL)
+                    return 0;
+                BIO_printf(out, "%*s%s\n", indent + 2, "", s);
+                OPENSSL_free(s);
+                break;
+            case ASIdOrRange_range:
+                if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->min)) == NULL)
+                    return 0;
+                BIO_printf(out, "%*s%s-", indent + 2, "", s);
+                OPENSSL_free(s);
+                if ((s = i2s_ASN1_INTEGER(NULL, aor->u.range->max)) == NULL)
+                    return 0;
+                BIO_printf(out, "%s\n", s);
+                OPENSSL_free(s);
+                break;
+            default:
+                return 0;
+            }
+        }
+        break;
+    default:
+        return 0;
     }
-    break;
-  default:
-    return 0;
-  }
-  return 1;
+    return 1;
 }
 
 /*
  * i2r method for an ASIdentifier extension.
  */
 static int i2r_ASIdentifiers(X509V3_EXT_METHOD *method,
-			     void *ext,
-			     BIO *out,
-			     int indent)
+                             void *ext, BIO *out, int indent)
 {
-  ASIdentifiers *asid = ext;
-  return (i2r_ASIdentifierChoice(out, asid->asnum, indent,
-				 "Autonomous System Numbers") &&
-	  i2r_ASIdentifierChoice(out, asid->rdi, indent,
-				 "Routing Domain Identifiers"));
+    ASIdentifiers *asid = ext;
+    return (i2r_ASIdentifierChoice(out, asid->asnum, indent,
+                                   "Autonomous System Numbers") &&
+            i2r_ASIdentifierChoice(out, asid->rdi, indent,
+                                   "Routing Domain Identifiers"));
 }
 
 /*
  * Sort comparision function for a sequence of ASIdOrRange elements.
  */
-static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
-			   const ASIdOrRange * const *b_)
+static int ASIdOrRange_cmp(const ASIdOrRange *const *a_,
+                           const ASIdOrRange *const *b_)
 {
-  const ASIdOrRange *a = *a_, *b = *b_;
+    const ASIdOrRange *a = *a_, *b = *b_;
 
-  OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
-	 (a->type == ASIdOrRange_range && a->u.range != NULL &&
-	  a->u.range->min != NULL && a->u.range->max != NULL));
+    OPENSSL_assert((a->type == ASIdOrRange_id && a->u.id != NULL) ||
+                   (a->type == ASIdOrRange_range && a->u.range != NULL &&
+                    a->u.range->min != NULL && a->u.range->max != NULL));
 
-  OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
-	 (b->type == ASIdOrRange_range && b->u.range != NULL &&
-	  b->u.range->min != NULL && b->u.range->max != NULL));
+    OPENSSL_assert((b->type == ASIdOrRange_id && b->u.id != NULL) ||
+                   (b->type == ASIdOrRange_range && b->u.range != NULL &&
+                    b->u.range->min != NULL && b->u.range->max != NULL));
 
-  if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id)
-    return ASN1_INTEGER_cmp(a->u.id, b->u.id);
+    if (a->type == ASIdOrRange_id && b->type == ASIdOrRange_id)
+        return ASN1_INTEGER_cmp(a->u.id, b->u.id);
 
-  if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) {
-    int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min);
-    return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max, b->u.range->max);
-  }
+    if (a->type == ASIdOrRange_range && b->type == ASIdOrRange_range) {
+        int r = ASN1_INTEGER_cmp(a->u.range->min, b->u.range->min);
+        return r != 0 ? r : ASN1_INTEGER_cmp(a->u.range->max,
+                                             b->u.range->max);
+    }
 
-  if (a->type == ASIdOrRange_id)
-    return ASN1_INTEGER_cmp(a->u.id, b->u.range->min);
-  else
-    return ASN1_INTEGER_cmp(a->u.range->min, b->u.id);
+    if (a->type == ASIdOrRange_id)
+        return ASN1_INTEGER_cmp(a->u.id, b->u.range->min);
+    else
+        return ASN1_INTEGER_cmp(a->u.range->min, b->u.id);
 }
 
 /*
@@ -198,104 +197,101 @@ static int ASIdOrRange_cmp(const ASIdOrRange * const *a_,
  */
 int v3_asid_add_inherit(ASIdentifiers *asid, int which)
 {
-  ASIdentifierChoice **choice;
-  if (asid == NULL)
-    return 0;
-  switch (which) {
-  case V3_ASID_ASNUM:
-    choice = &asid->asnum;
-    break;
-  case V3_ASID_RDI:
-    choice = &asid->rdi;
-    break;
-  default:
-    return 0;
-  }
-  if (*choice == NULL) {
-    if ((*choice = ASIdentifierChoice_new()) == NULL)
-      return 0;
-    OPENSSL_assert((*choice)->u.inherit == NULL);
-    if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
-      return 0;
-    (*choice)->type = ASIdentifierChoice_inherit;
-  }
-  return (*choice)->type == ASIdentifierChoice_inherit;
+    ASIdentifierChoice **choice;
+    if (asid == NULL)
+        return 0;
+    switch (which) {
+    case V3_ASID_ASNUM:
+        choice = &asid->asnum;
+        break;
+    case V3_ASID_RDI:
+        choice = &asid->rdi;
+        break;
+    default:
+        return 0;
+    }
+    if (*choice == NULL) {
+        if ((*choice = ASIdentifierChoice_new()) == NULL)
+            return 0;
+        OPENSSL_assert((*choice)->u.inherit == NULL);
+        if (((*choice)->u.inherit = ASN1_NULL_new()) == NULL)
+            return 0;
+        (*choice)->type = ASIdentifierChoice_inherit;
+    }
+    return (*choice)->type == ASIdentifierChoice_inherit;
 }
 
 /*
  * Add an ID or range to an ASIdentifierChoice.
  */
 int v3_asid_add_id_or_range(ASIdentifiers *asid,
-			    int which,
-			    ASN1_INTEGER *min,
-			    ASN1_INTEGER *max)
+                            int which, ASN1_INTEGER *min, ASN1_INTEGER *max)
 {
-  ASIdentifierChoice **choice;
-  ASIdOrRange *aor;
-  if (asid == NULL)
-    return 0;
-  switch (which) {
-  case V3_ASID_ASNUM:
-    choice = &asid->asnum;
-    break;
-  case V3_ASID_RDI:
-    choice = &asid->rdi;
-    break;
-  default:
-    return 0;
-  }
-  if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
-    return 0;
-  if (*choice == NULL) {
-    if ((*choice = ASIdentifierChoice_new()) == NULL)
-      return 0;
-    OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
-    (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
-    if ((*choice)->u.asIdsOrRanges == NULL)
-      return 0;
-    (*choice)->type = ASIdentifierChoice_asIdsOrRanges;
-  }
-  if ((aor = ASIdOrRange_new()) == NULL)
-    return 0;
-  if (max == NULL) {
-    aor->type = ASIdOrRange_id;
-    aor->u.id = min;
-  } else {
-    aor->type = ASIdOrRange_range;
-    if ((aor->u.range = ASRange_new()) == NULL)
-      goto err;
-    ASN1_INTEGER_free(aor->u.range->min);
-    aor->u.range->min = min;
-    ASN1_INTEGER_free(aor->u.range->max);
-    aor->u.range->max = max;
-  }
-  if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
-    goto err;
-  return 1;
+    ASIdentifierChoice **choice;
+    ASIdOrRange *aor;
+    if (asid == NULL)
+        return 0;
+    switch (which) {
+    case V3_ASID_ASNUM:
+        choice = &asid->asnum;
+        break;
+    case V3_ASID_RDI:
+        choice = &asid->rdi;
+        break;
+    default:
+        return 0;
+    }
+    if (*choice != NULL && (*choice)->type == ASIdentifierChoice_inherit)
+        return 0;
+    if (*choice == NULL) {
+        if ((*choice = ASIdentifierChoice_new()) == NULL)
+            return 0;
+        OPENSSL_assert((*choice)->u.asIdsOrRanges == NULL);
+        (*choice)->u.asIdsOrRanges = sk_ASIdOrRange_new(ASIdOrRange_cmp);
+        if ((*choice)->u.asIdsOrRanges == NULL)
+            return 0;
+        (*choice)->type = ASIdentifierChoice_asIdsOrRanges;
+    }
+    if ((aor = ASIdOrRange_new()) == NULL)
+        return 0;
+    if (max == NULL) {
+        aor->type = ASIdOrRange_id;
+        aor->u.id = min;
+    } else {
+        aor->type = ASIdOrRange_range;
+        if ((aor->u.range = ASRange_new()) == NULL)
+            goto err;
+        ASN1_INTEGER_free(aor->u.range->min);
+        aor->u.range->min = min;
+        ASN1_INTEGER_free(aor->u.range->max);
+        aor->u.range->max = max;
+    }
+    if (!(sk_ASIdOrRange_push((*choice)->u.asIdsOrRanges, aor)))
+        goto err;
+    return 1;
 
  err:
-  ASIdOrRange_free(aor);
-  return 0;
+    ASIdOrRange_free(aor);
+    return 0;
 }
 
 /*
  * Extract min and max values from an ASIdOrRange.
  */
 static void extract_min_max(ASIdOrRange *aor,
-			    ASN1_INTEGER **min,
-			    ASN1_INTEGER **max)
+                            ASN1_INTEGER **min, ASN1_INTEGER **max)
 {
-  OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
-  switch (aor->type) {
-  case ASIdOrRange_id:
-    *min = aor->u.id;
-    *max = aor->u.id;
-    return;
-  case ASIdOrRange_range:
-    *min = aor->u.range->min;
-    *max = aor->u.range->max;
-    return;
-  }
+    OPENSSL_assert(aor != NULL && min != NULL && max != NULL);
+    switch (aor->type) {
+    case ASIdOrRange_id:
+        *min = aor->u.id;
+        *max = aor->u.id;
+        return;
+    case ASIdOrRange_range:
+        *min = aor->u.range->min;
+        *max = aor->u.range->max;
+        return;
+    }
 }
 
 /*
@@ -303,81 +299,82 @@ static void extract_min_max(ASIdOrRange *aor,
  */
 static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
 {
-  ASN1_INTEGER *a_max_plus_one = NULL;
-  BIGNUM *bn = NULL;
-  int i, ret = 0;
-
-  /*
-   * Empty element or inheritance is canonical.
-   */
-  if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
-    return 1;
-
-  /*
-   * If not a list, or if empty list, it's broken.
-   */
-  if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
-      sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)
-    return 0;
+    ASN1_INTEGER *a_max_plus_one = NULL;
+    BIGNUM *bn = NULL;
+    int i, ret = 0;
 
-  /*
-   * It's a list, check it.
-   */
-  for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
-    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
-    ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
-    ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
-
-    extract_min_max(a, &a_min, &a_max);
-    extract_min_max(b, &b_min, &b_max);
+    /*
+     * Empty element or inheritance is canonical.
+     */
+    if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+        return 1;
 
     /*
-     * Punt misordered list, overlapping start, or inverted range.
+     * If not a list, or if empty list, it's broken.
      */
-    if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 ||
-	ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
-	ASN1_INTEGER_cmp(b_min, b_max) > 0)
-      goto done;
+    if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+        sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)
+        return 0;
 
     /*
-     * Calculate a_max + 1 to check for adjacency.
+     * It's a list, check it.
      */
-    if ((bn == NULL && (bn = BN_new()) == NULL) ||
-	ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
-	!BN_add_word(bn, 1) ||
-	(a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
-      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
-		ERR_R_MALLOC_FAILURE);
-      goto done;
+    for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+        ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
+
+        extract_min_max(a, &a_min, &a_max);
+        extract_min_max(b, &b_min, &b_max);
+
+        /*
+         * Punt misordered list, overlapping start, or inverted range.
+         */
+        if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 ||
+            ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+            ASN1_INTEGER_cmp(b_min, b_max) > 0)
+            goto done;
+
+        /*
+         * Calculate a_max + 1 to check for adjacency.
+         */
+        if ((bn == NULL && (bn = BN_new()) == NULL) ||
+            ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+            !BN_add_word(bn, 1) ||
+            (a_max_plus_one =
+             BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL,
+                      ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+        /*
+         * Punt if adjacent or overlapping.
+         */
+        if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)
+            goto done;
     }
-    
+
     /*
-     * Punt if adjacent or overlapping.
+     * Check for inverted range.
      */
-    if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)
-      goto done;
-  }
-
-  /*
-   * Check for inverted range.
-   */
-  i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
-  {
-    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
-    ASN1_INTEGER *a_min, *a_max;
-    if (a != NULL && a->type == ASIdOrRange_range) {
-      extract_min_max(a, &a_min, &a_max);
-      if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
-	goto done;
+    i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+    {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASN1_INTEGER *a_min, *a_max;
+        if (a != NULL && a->type == ASIdOrRange_range) {
+            extract_min_max(a, &a_min, &a_max);
+            if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+                goto done;
+        }
     }
-  }
 
-  ret = 1;
+    ret = 1;
 
  done:
-  ASN1_INTEGER_free(a_max_plus_one);
-  BN_free(bn);
-  return ret;
+    ASN1_INTEGER_free(a_max_plus_one);
+    BN_free(bn);
+    return ret;
 }
 
 /*
@@ -385,9 +382,9 @@ static int ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
  */
 int v3_asid_is_canonical(ASIdentifiers *asid)
 {
-  return (asid == NULL ||
-	  (ASIdentifierChoice_is_canonical(asid->asnum) &&
-	   ASIdentifierChoice_is_canonical(asid->rdi)));
+    return (asid == NULL ||
+            (ASIdentifierChoice_is_canonical(asid->asnum) &&
+             ASIdentifierChoice_is_canonical(asid->rdi)));
 }
 
 /*
@@ -395,134 +392,136 @@ int v3_asid_is_canonical(ASIdentifiers *asid)
  */
 static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
 {
-  ASN1_INTEGER *a_max_plus_one = NULL;
-  BIGNUM *bn = NULL;
-  int i, ret = 0;
-
-  /*
-   * Nothing to do for empty element or inheritance.
-   */
-  if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
-    return 1;
-
-  /*
-   * If not a list, or if empty list, it's broken.
-   */
-  if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
-      sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
-    X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
-	      X509V3_R_EXTENSION_VALUE_ERROR);
-    return 0;
-  }
-
-  /*
-   * We have a non-empty list.  Sort it.
-   */
-  sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
-
-  /*
-   * Now check for errors and suboptimal encoding, rejecting the
-   * former and fixing the latter.
-   */
-  for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
-    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
-    ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
-    ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
-
-    extract_min_max(a, &a_min, &a_max);
-    extract_min_max(b, &b_min, &b_max);
+    ASN1_INTEGER *a_max_plus_one = NULL;
+    BIGNUM *bn = NULL;
+    int i, ret = 0;
 
     /*
-     * Make sure we're properly sorted (paranoia).
+     * Nothing to do for empty element or inheritance.
      */
-    OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+    if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
+        return 1;
 
     /*
-     * Punt inverted ranges.
+     * If not a list, or if empty list, it's broken.
      */
-    if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
-	ASN1_INTEGER_cmp(b_min, b_max) > 0)
-      goto done;
+    if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
+        sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
+        X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                  X509V3_R_EXTENSION_VALUE_ERROR);
+        return 0;
+    }
 
     /*
-     * Check for overlaps.
+     * We have a non-empty list.  Sort it.
      */
-    if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
-      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
-		X509V3_R_EXTENSION_VALUE_ERROR);
-      goto done;
-    }
+    sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
 
     /*
-     * Calculate a_max + 1 to check for adjacency.
+     * Now check for errors and suboptimal encoding, rejecting the
+     * former and fixing the latter.
      */
-    if ((bn == NULL && (bn = BN_new()) == NULL) ||
-	ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
-	!BN_add_word(bn, 1) ||
-	(a_max_plus_one = BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
-      X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE, ERR_R_MALLOC_FAILURE);
-      goto done;
+    for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASIdOrRange *b = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i + 1);
+        ASN1_INTEGER *a_min, *a_max, *b_min, *b_max;
+
+        extract_min_max(a, &a_min, &a_max);
+        extract_min_max(b, &b_min, &b_max);
+
+        /*
+         * Make sure we're properly sorted (paranoia).
+         */
+        OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
+
+        /*
+         * Punt inverted ranges.
+         */
+        if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
+            ASN1_INTEGER_cmp(b_min, b_max) > 0)
+            goto done;
+
+        /*
+         * Check for overlaps.
+         */
+        if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                      X509V3_R_EXTENSION_VALUE_ERROR);
+            goto done;
+        }
+
+        /*
+         * Calculate a_max + 1 to check for adjacency.
+         */
+        if ((bn == NULL && (bn = BN_new()) == NULL) ||
+            ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
+            !BN_add_word(bn, 1) ||
+            (a_max_plus_one =
+             BN_to_ASN1_INTEGER(bn, a_max_plus_one)) == NULL) {
+            X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                      ERR_R_MALLOC_FAILURE);
+            goto done;
+        }
+
+        /*
+         * If a and b are adjacent, merge them.
+         */
+        if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {
+            ASRange *r;
+            switch (a->type) {
+            case ASIdOrRange_id:
+                if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) {
+                    X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
+                              ERR_R_MALLOC_FAILURE);
+                    goto done;
+                }
+                r->min = a_min;
+                r->max = b_max;
+                a->type = ASIdOrRange_range;
+                a->u.range = r;
+                break;
+            case ASIdOrRange_range:
+                ASN1_INTEGER_free(a->u.range->max);
+                a->u.range->max = b_max;
+                break;
+            }
+            switch (b->type) {
+            case ASIdOrRange_id:
+                b->u.id = NULL;
+                break;
+            case ASIdOrRange_range:
+                b->u.range->max = NULL;
+                break;
+            }
+            ASIdOrRange_free(b);
+            (void)sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
+            i--;
+            continue;
+        }
     }
-    
+
     /*
-     * If a and b are adjacent, merge them.
+     * Check for final inverted range.
      */
-    if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {
-      ASRange *r;
-      switch (a->type) {
-      case ASIdOrRange_id:
-	if ((r = OPENSSL_malloc(sizeof(ASRange))) == NULL) {
-	  X509V3err(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE,
-		    ERR_R_MALLOC_FAILURE);
-	  goto done;
-	}
-	r->min = a_min;
-	r->max = b_max;
-	a->type = ASIdOrRange_range;
-	a->u.range = r;
-	break;
-      case ASIdOrRange_range:
-	ASN1_INTEGER_free(a->u.range->max);
-	a->u.range->max = b_max;
-	break;
-      }
-      switch (b->type) {
-      case ASIdOrRange_id:
-	b->u.id = NULL;
-	break;
-      case ASIdOrRange_range:
-	b->u.range->max = NULL;
-	break;
-      }
-      ASIdOrRange_free(b);
-      (void) sk_ASIdOrRange_delete(choice->u.asIdsOrRanges, i + 1);
-      i--;
-      continue;
-    }
-  }
-
-  /*
-   * Check for final inverted range.
-   */
-  i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
-  {
-    ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
-    ASN1_INTEGER *a_min, *a_max;
-    if (a != NULL && a->type == ASIdOrRange_range) {
-      extract_min_max(a, &a_min, &a_max);
-      if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
-	goto done;
+    i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
+    {
+        ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges, i);
+        ASN1_INTEGER *a_min, *a_max;
+        if (a != NULL && a->type == ASIdOrRange_range) {
+            extract_min_max(a, &a_min, &a_max);
+            if (ASN1_INTEGER_cmp(a_min, a_max) > 0)
+                goto done;
+        }
     }
-  }
 
-  OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
+    OPENSSL_assert(ASIdentifierChoice_is_canonical(choice)); /* Paranoia */
 
-  ret = 1;
+    ret = 1;
 
  done:
-  ASN1_INTEGER_free(a_max_plus_one);
-  BN_free(bn);
-  return ret;
+    ASN1_INTEGER_free(a_max_plus_one);
+    BN_free(bn);
+    return ret;
 }
 
 /*
@@ -530,142 +529,147 @@ static int ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
  */
 int v3_asid_canonize(ASIdentifiers *asid)
 {
-  return (asid == NULL ||
-	  (ASIdentifierChoice_canonize(asid->asnum) &&
-	   ASIdentifierChoice_canonize(asid->rdi)));
+    return (asid == NULL ||
+            (ASIdentifierChoice_canonize(asid->asnum) &&
+             ASIdentifierChoice_canonize(asid->rdi)));
 }
 
 /*
  * v2i method for an ASIdentifier extension.
  */
 static void *v2i_ASIdentifiers(struct v3_ext_method *method,
-			       struct v3_ext_ctx *ctx,
-			       STACK_OF(CONF_VALUE) *values)
+                               struct v3_ext_ctx *ctx,
+                               STACK_OF(CONF_VALUE) *values)
 {
-  ASN1_INTEGER *min = NULL, *max = NULL;
-  ASIdentifiers *asid = NULL;
-  int i;
-
-  if ((asid = ASIdentifiers_new()) == NULL) {
-    X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
-    return NULL;
-  }
-
-  for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
-    CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
-    int i1, i2, i3, is_range, which;
+    ASN1_INTEGER *min = NULL, *max = NULL;
+    ASIdentifiers *asid = NULL;
+    int i;
 
-    /*
-     * Figure out whether this is an AS or an RDI.
-     */
-    if (       !name_cmp(val->name, "AS")) {
-      which = V3_ASID_ASNUM;
-    } else if (!name_cmp(val->name, "RDI")) {
-      which = V3_ASID_RDI;
-    } else {
-      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_NAME_ERROR);
-      X509V3_conf_err(val);
-      goto err;
-    }
-
-    /*
-     * Handle inheritance.
-     */
-    if (!strcmp(val->value, "inherit")) {
-      if (v3_asid_add_inherit(asid, which))
-	continue;
-      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_INHERITANCE);
-      X509V3_conf_err(val);
-      goto err;
+    if ((asid = ASIdentifiers_new()) == NULL) {
+        X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+        return NULL;
     }
 
-    /*
-     * Number, range, or mistake, pick it apart and figure out which.
-     */
-    i1 = strspn(val->value, "0123456789");
-    if (val->value[i1] == '\0') {
-      is_range = 0;
-    } else {
-      is_range = 1;
-      i2 = i1 + strspn(val->value + i1, " \t");
-      if (val->value[i2] != '-') {
-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASNUMBER);
-	X509V3_conf_err(val);
-	goto err;
-      }
-      i2++;
-      i2 = i2 + strspn(val->value + i2, " \t");
-      i3 = i2 + strspn(val->value + i2, "0123456789");
-      if (val->value[i3] != '\0') {
-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_INVALID_ASRANGE);
-	X509V3_conf_err(val);
-	goto err;
-      }
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
+        int i1, i2, i3, is_range, which;
+
+        /*
+         * Figure out whether this is an AS or an RDI.
+         */
+        if (!name_cmp(val->name, "AS")) {
+            which = V3_ASID_ASNUM;
+        } else if (!name_cmp(val->name, "RDI")) {
+            which = V3_ASID_RDI;
+        } else {
+            X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                      X509V3_R_EXTENSION_NAME_ERROR);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        /*
+         * Handle inheritance.
+         */
+        if (!strcmp(val->value, "inherit")) {
+            if (v3_asid_add_inherit(asid, which))
+                continue;
+            X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                      X509V3_R_INVALID_INHERITANCE);
+            X509V3_conf_err(val);
+            goto err;
+        }
+
+        /*
+         * Number, range, or mistake, pick it apart and figure out which.
+         */
+        i1 = strspn(val->value, "0123456789");
+        if (val->value[i1] == '\0') {
+            is_range = 0;
+        } else {
+            is_range = 1;
+            i2 = i1 + strspn(val->value + i1, " \t");
+            if (val->value[i2] != '-') {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                          X509V3_R_INVALID_ASNUMBER);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            i2++;
+            i2 = i2 + strspn(val->value + i2, " \t");
+            i3 = i2 + strspn(val->value + i2, "0123456789");
+            if (val->value[i3] != '\0') {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                          X509V3_R_INVALID_ASRANGE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        }
+
+        /*
+         * Syntax is ok, read and add it.
+         */
+        if (!is_range) {
+            if (!X509V3_get_value_int(val, &min)) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+        } else {
+            char *s = BUF_strdup(val->value);
+            if (s == NULL) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            s[i1] = '\0';
+            min = s2i_ASN1_INTEGER(NULL, s);
+            max = s2i_ASN1_INTEGER(NULL, s + i2);
+            OPENSSL_free(s);
+            if (min == NULL || max == NULL) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+                goto err;
+            }
+            if (ASN1_INTEGER_cmp(min, max) > 0) {
+                X509V3err(X509V3_F_V2I_ASIDENTIFIERS,
+                          X509V3_R_EXTENSION_VALUE_ERROR);
+                goto err;
+            }
+        }
+        if (!v3_asid_add_id_or_range(asid, which, min, max)) {
+            X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        min = max = NULL;
     }
 
     /*
-     * Syntax is ok, read and add it.
+     * Canonize the result, then we're done.
      */
-    if (!is_range) {
-      if (!X509V3_get_value_int(val, &min)) {
-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
-	goto err;
-      }
-    } else {
-      char *s = BUF_strdup(val->value);
-      if (s == NULL) {
-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
-	goto err;
-      }
-      s[i1] = '\0';
-      min = s2i_ASN1_INTEGER(NULL, s);
-      max = s2i_ASN1_INTEGER(NULL, s + i2);
-      OPENSSL_free(s);
-      if (min == NULL || max == NULL) {
-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
-	goto err;
-      }
-      if (ASN1_INTEGER_cmp(min, max) > 0) {
-	X509V3err(X509V3_F_V2I_ASIDENTIFIERS, X509V3_R_EXTENSION_VALUE_ERROR);
-	goto err;
-      }
-    }
-    if (!v3_asid_add_id_or_range(asid, which, min, max)) {
-      X509V3err(X509V3_F_V2I_ASIDENTIFIERS, ERR_R_MALLOC_FAILURE);
-      goto err;
-    }
-    min = max = NULL;
-  }
-
-  /*
-   * Canonize the result, then we're done.
-   */
-  if (!v3_asid_canonize(asid))
-    goto err;
-  return asid;
+    if (!v3_asid_canonize(asid))
+        goto err;
+    return asid;
 
  err:
-  ASIdentifiers_free(asid);
-  ASN1_INTEGER_free(min);
-  ASN1_INTEGER_free(max);
-  return NULL;
+    ASIdentifiers_free(asid);
+    ASN1_INTEGER_free(min);
+    ASN1_INTEGER_free(max);
+    return NULL;
 }
 
 /*
  * OpenSSL dispatch.
  */
 const X509V3_EXT_METHOD v3_asid = {
-  NID_sbgp_autonomousSysNum,	/* nid */
-  0,				/* flags */
-  ASN1_ITEM_ref(ASIdentifiers),	/* template */
-  0, 0, 0, 0,			/* old functions, ignored */
-  0,				/* i2s */
-  0,				/* s2i */
-  0,				/* i2v */
-  v2i_ASIdentifiers,		/* v2i */
-  i2r_ASIdentifiers,		/* i2r */
-  0,				/* r2i */
-  NULL				/* extension-specific data */
+    NID_sbgp_autonomousSysNum,  /* nid */
+    0,                          /* flags */
+    ASN1_ITEM_ref(ASIdentifiers), /* template */
+    0, 0, 0, 0,                 /* old functions, ignored */
+    0,                          /* i2s */
+    0,                          /* s2i */
+    0,                          /* i2v */
+    v2i_ASIdentifiers,          /* v2i */
+    i2r_ASIdentifiers,          /* i2r */
+    0,                          /* r2i */
+    NULL                        /* extension-specific data */
 };
 
 /*
@@ -673,11 +677,11 @@ const X509V3_EXT_METHOD v3_asid = {
  */
 int v3_asid_inherits(ASIdentifiers *asid)
 {
-  return (asid != NULL &&
-	  ((asid->asnum != NULL &&
-	    asid->asnum->type == ASIdentifierChoice_inherit) ||
-	   (asid->rdi != NULL &&
-	    asid->rdi->type == ASIdentifierChoice_inherit)));
+    return (asid != NULL &&
+            ((asid->asnum != NULL &&
+              asid->asnum->type == ASIdentifierChoice_inherit) ||
+             (asid->rdi != NULL &&
+              asid->rdi->type == ASIdentifierChoice_inherit)));
 }
 
 /*
@@ -685,30 +689,30 @@ int v3_asid_inherits(ASIdentifiers *asid)
  */
 static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
 {
-  ASN1_INTEGER *p_min, *p_max, *c_min, *c_max;
-  int p, c;
-
-  if (child == NULL || parent == child)
-    return 1;
-  if (parent == NULL)
-    return 0;
-
-  p = 0;
-  for (c = 0; c < sk_ASIdOrRange_num(child); c++) {
-    extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max);
-    for (;; p++) {
-      if (p >= sk_ASIdOrRange_num(parent))
-	return 0;
-      extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max);
-      if (ASN1_INTEGER_cmp(p_max, c_max) < 0)
-	continue;
-      if (ASN1_INTEGER_cmp(p_min, c_min) > 0)
-	return 0;
-      break;
+    ASN1_INTEGER *p_min, *p_max, *c_min, *c_max;
+    int p, c;
+
+    if (child == NULL || parent == child)
+        return 1;
+    if (parent == NULL)
+        return 0;
+
+    p = 0;
+    for (c = 0; c < sk_ASIdOrRange_num(child); c++) {
+        extract_min_max(sk_ASIdOrRange_value(child, c), &c_min, &c_max);
+        for (;; p++) {
+            if (p >= sk_ASIdOrRange_num(parent))
+                return 0;
+            extract_min_max(sk_ASIdOrRange_value(parent, p), &p_min, &p_max);
+            if (ASN1_INTEGER_cmp(p_max, c_max) < 0)
+                continue;
+            if (ASN1_INTEGER_cmp(p_min, c_min) > 0)
+                return 0;
+            break;
+        }
     }
-  }
 
-  return 1;
+    return 1;
 }
 
 /*
@@ -716,156 +720,159 @@ static int asid_contains(ASIdOrRanges *parent, ASIdOrRanges *child)
  */
 int v3_asid_subset(ASIdentifiers *a, ASIdentifiers *b)
 {
-  return (a == NULL ||
-	  a == b ||
-	  (b != NULL &&
-	   !v3_asid_inherits(a) &&
-	   !v3_asid_inherits(b) &&
-	   asid_contains(b->asnum->u.asIdsOrRanges,
-			 a->asnum->u.asIdsOrRanges) &&
-	   asid_contains(b->rdi->u.asIdsOrRanges,
-			 a->rdi->u.asIdsOrRanges)));
+    return (a == NULL ||
+            a == b ||
+            (b != NULL &&
+             !v3_asid_inherits(a) &&
+             !v3_asid_inherits(b) &&
+             asid_contains(b->asnum->u.asIdsOrRanges,
+                           a->asnum->u.asIdsOrRanges) &&
+             asid_contains(b->rdi->u.asIdsOrRanges,
+                           a->rdi->u.asIdsOrRanges)));
 }
 
 /*
  * Validation error handling via callback.
  */
-#define validation_err(_err_)		\
-  do {					\
-    if (ctx != NULL) {			\
-      ctx->error = _err_;		\
-      ctx->error_depth = i;		\
-      ctx->current_cert = x;		\
-      ret = ctx->verify_cb(0, ctx);	\
-    } else {				\
-      ret = 0;				\
-    }					\
-    if (!ret)				\
-      goto done;			\
+# define validation_err(_err_)           \
+  do {                                  \
+    if (ctx != NULL) {                  \
+      ctx->error = _err_;               \
+      ctx->error_depth = i;             \
+      ctx->current_cert = x;            \
+      ret = ctx->verify_cb(0, ctx);     \
+    } else {                            \
+      ret = 0;                          \
+    }                                   \
+    if (!ret)                           \
+      goto done;                        \
   } while (0)
 
 /*
  * Core code for RFC 3779 3.3 path validation.
  */
 static int v3_asid_validate_path_internal(X509_STORE_CTX *ctx,
-					  STACK_OF(X509) *chain,
-					  ASIdentifiers *ext)
+                                          STACK_OF(X509) *chain,
+                                          ASIdentifiers *ext)
 {
-  ASIdOrRanges *child_as = NULL, *child_rdi = NULL;
-  int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
-  X509 *x = NULL;
-
-  OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
-  OPENSSL_assert(ctx != NULL || ext != NULL);
-  OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
-
-  /*
-   * Figure out where to start.  If we don't have an extension to
-   * check, we're done.  Otherwise, check canonical form and
-   * set up for walking up the chain.
-   */
-  if (ext != NULL) {
-    i = -1;
-  } else {
-    i = 0;
-    x = sk_X509_value(chain, i);
-    OPENSSL_assert(x != NULL);
-    if ((ext = x->rfc3779_asid) == NULL)
-      goto done;
-  }
-  if (!v3_asid_is_canonical(ext))
-    validation_err(X509_V_ERR_INVALID_EXTENSION);
-  if (ext->asnum != NULL)  {
-    switch (ext->asnum->type) {
-    case ASIdentifierChoice_inherit:
-      inherit_as = 1;
-      break;
-    case ASIdentifierChoice_asIdsOrRanges:
-      child_as = ext->asnum->u.asIdsOrRanges;
-      break;
-    }
-  }
-  if (ext->rdi != NULL) {
-    switch (ext->rdi->type) {
-    case ASIdentifierChoice_inherit:
-      inherit_rdi = 1;
-      break;
-    case ASIdentifierChoice_asIdsOrRanges:
-      child_rdi = ext->rdi->u.asIdsOrRanges;
-      break;
-    }
-  }
-
-  /*
-   * Now walk up the chain.  Extensions must be in canonical form, no
-   * cert may list resources that its parent doesn't list.
-   */
-  for (i++; i < sk_X509_num(chain); i++) {
-    x = sk_X509_value(chain, i);
-    OPENSSL_assert(x != NULL);
-    if (x->rfc3779_asid == NULL) {
-      if (child_as != NULL || child_rdi != NULL)
-	validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-      continue;
+    ASIdOrRanges *child_as = NULL, *child_rdi = NULL;
+    int i, ret = 1, inherit_as = 0, inherit_rdi = 0;
+    X509 *x = NULL;
+
+    OPENSSL_assert(chain != NULL && sk_X509_num(chain) > 0);
+    OPENSSL_assert(ctx != NULL || ext != NULL);
+    OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
+
+    /*
+     * Figure out where to start.  If we don't have an extension to
+     * check, we're done.  Otherwise, check canonical form and
+     * set up for walking up the chain.
+     */
+    if (ext != NULL) {
+        i = -1;
+    } else {
+        i = 0;
+        x = sk_X509_value(chain, i);
+        OPENSSL_assert(x != NULL);
+        if ((ext = x->rfc3779_asid) == NULL)
+            goto done;
     }
-    if (!v3_asid_is_canonical(x->rfc3779_asid))
-      validation_err(X509_V_ERR_INVALID_EXTENSION);
-    if (x->rfc3779_asid->asnum == NULL && child_as != NULL) {
-      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-      child_as = NULL;
-      inherit_as = 0;
+    if (!v3_asid_is_canonical(ext))
+        validation_err(X509_V_ERR_INVALID_EXTENSION);
+    if (ext->asnum != NULL) {
+        switch (ext->asnum->type) {
+        case ASIdentifierChoice_inherit:
+            inherit_as = 1;
+            break;
+        case ASIdentifierChoice_asIdsOrRanges:
+            child_as = ext->asnum->u.asIdsOrRanges;
+            break;
+        }
     }
-    if (x->rfc3779_asid->asnum != NULL &&
-	x->rfc3779_asid->asnum->type == ASIdentifierChoice_asIdsOrRanges) {
-      if (inherit_as ||
-	  asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges, child_as)) {
-	child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges;
-	inherit_as = 0;
-      } else {
-	validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-      }
+    if (ext->rdi != NULL) {
+        switch (ext->rdi->type) {
+        case ASIdentifierChoice_inherit:
+            inherit_rdi = 1;
+            break;
+        case ASIdentifierChoice_asIdsOrRanges:
+            child_rdi = ext->rdi->u.asIdsOrRanges;
+            break;
+        }
     }
-    if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) {
-      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-      child_rdi = NULL;
-      inherit_rdi = 0;
+
+    /*
+     * Now walk up the chain.  Extensions must be in canonical form, no
+     * cert may list resources that its parent doesn't list.
+     */
+    for (i++; i < sk_X509_num(chain); i++) {
+        x = sk_X509_value(chain, i);
+        OPENSSL_assert(x != NULL);
+        if (x->rfc3779_asid == NULL) {
+            if (child_as != NULL || child_rdi != NULL)
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            continue;
+        }
+        if (!v3_asid_is_canonical(x->rfc3779_asid))
+            validation_err(X509_V_ERR_INVALID_EXTENSION);
+        if (x->rfc3779_asid->asnum == NULL && child_as != NULL) {
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            child_as = NULL;
+            inherit_as = 0;
+        }
+        if (x->rfc3779_asid->asnum != NULL &&
+            x->rfc3779_asid->asnum->type ==
+            ASIdentifierChoice_asIdsOrRanges) {
+            if (inherit_as
+                || asid_contains(x->rfc3779_asid->asnum->u.asIdsOrRanges,
+                                 child_as)) {
+                child_as = x->rfc3779_asid->asnum->u.asIdsOrRanges;
+                inherit_as = 0;
+            } else {
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            }
+        }
+        if (x->rfc3779_asid->rdi == NULL && child_rdi != NULL) {
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            child_rdi = NULL;
+            inherit_rdi = 0;
+        }
+        if (x->rfc3779_asid->rdi != NULL &&
+            x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) {
+            if (inherit_rdi ||
+                asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges,
+                              child_rdi)) {
+                child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges;
+                inherit_rdi = 0;
+            } else {
+                validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+            }
+        }
     }
-    if (x->rfc3779_asid->rdi != NULL &&
-	x->rfc3779_asid->rdi->type == ASIdentifierChoice_asIdsOrRanges) {
-      if (inherit_rdi ||
-	  asid_contains(x->rfc3779_asid->rdi->u.asIdsOrRanges, child_rdi)) {
-	child_rdi = x->rfc3779_asid->rdi->u.asIdsOrRanges;
-	inherit_rdi = 0;
-      } else {
-	validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-      }
+
+    /*
+     * Trust anchor can't inherit.
+     */
+    if (x->rfc3779_asid != NULL) {
+        if (x->rfc3779_asid->asnum != NULL &&
+            x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
+        if (x->rfc3779_asid->rdi != NULL &&
+            x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit)
+            validation_err(X509_V_ERR_UNNESTED_RESOURCE);
     }
-  }
-
-  /*
-   * Trust anchor can't inherit.
-   */
-  if (x->rfc3779_asid != NULL) {
-    if (x->rfc3779_asid->asnum != NULL &&
-	x->rfc3779_asid->asnum->type == ASIdentifierChoice_inherit)
-      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-    if (x->rfc3779_asid->rdi != NULL &&
-	x->rfc3779_asid->rdi->type == ASIdentifierChoice_inherit)
-      validation_err(X509_V_ERR_UNNESTED_RESOURCE);
-  }
 
  done:
-  return ret;
+    return ret;
 }
 
-#undef validation_err
+# undef validation_err
 
 /*
  * RFC 3779 3.3 path validation -- called from X509_verify_cert().
  */
 int v3_asid_validate_path(X509_STORE_CTX *ctx)
 {
-  return v3_asid_validate_path_internal(ctx, ctx->chain, NULL);
+    return v3_asid_validate_path_internal(ctx, ctx->chain, NULL);
 }
 
 /*
@@ -873,16 +880,15 @@ int v3_asid_validate_path(X509_STORE_CTX *ctx)
  * Test whether chain covers extension.
  */
 int v3_asid_validate_resource_set(STACK_OF(X509) *chain,
-				  ASIdentifiers *ext,
-				  int allow_inheritance)
+                                  ASIdentifiers *ext, int allow_inheritance)
 {
-  if (ext == NULL)
-    return 1;
-  if (chain == NULL || sk_X509_num(chain) == 0)
-    return 0;
-  if (!allow_inheritance && v3_asid_inherits(ext))
-    return 0;
-  return v3_asid_validate_path_internal(NULL, chain, ext);
+    if (ext == NULL)
+        return 1;
+    if (chain == NULL || sk_X509_num(chain) == 0)
+        return 0;
+    if (!allow_inheritance && v3_asid_inherits(ext))
+        return 0;
+    return v3_asid_validate_path_internal(NULL, chain, ext);
 }
 
-#endif /* OPENSSL_NO_RFC3779 */
+#endif                          /* OPENSSL_NO_RFC3779 */
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c
index 82aa488f..dc00b9cb 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bcons.c
@@ -1,6 +1,7 @@
 /* v3_bcons.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,7 +57,6 @@
  *
  */
 
-
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
@@ -64,61 +64,69 @@
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist);
-static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                   BASIC_CONSTRAINTS *bcons,
+                                                   STACK_OF(CONF_VALUE)
+                                                   *extlist);
+static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
+                                                X509V3_CTX *ctx,
+                                                STACK_OF(CONF_VALUE) *values);
 
 const X509V3_EXT_METHOD v3_bcons = {
-NID_basic_constraints, 0,
-ASN1_ITEM_ref(BASIC_CONSTRAINTS),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS,
-(X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
-NULL,NULL,
-NULL
+    NID_basic_constraints, 0,
+    ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_BASIC_CONSTRAINTS,
+    (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS,
+    NULL, NULL,
+    NULL
 };
 
 ASN1_SEQUENCE(BASIC_CONSTRAINTS) = {
-	ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
-	ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
+        ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN),
+        ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER)
 } ASN1_SEQUENCE_END(BASIC_CONSTRAINTS)
 
 IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS)
 
-
 static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
-	     BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist)
+                                                   BASIC_CONSTRAINTS *bcons,
+                                                   STACK_OF(CONF_VALUE)
+                                                   *extlist)
 {
-	X509V3_add_value_bool("CA", bcons->ca, &extlist);
-	X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
-	return extlist;
+    X509V3_add_value_bool("CA", bcons->ca, &extlist);
+    X509V3_add_value_int("pathlen", bcons->pathlen, &extlist);
+    return extlist;
 }
 
 static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
+                                                X509V3_CTX *ctx,
+                                                STACK_OF(CONF_VALUE) *values)
 {
-	BASIC_CONSTRAINTS *bcons=NULL;
-	CONF_VALUE *val;
-	int i;
-	if(!(bcons = BASIC_CONSTRAINTS_new())) {
-		X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
-		val = sk_CONF_VALUE_value(values, i);
-		if(!strcmp(val->name, "CA")) {
-			if(!X509V3_get_value_bool(val, &bcons->ca)) goto err;
-		} else if(!strcmp(val->name, "pathlen")) {
-			if(!X509V3_get_value_int(val, &bcons->pathlen)) goto err;
-		} else {
-			X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
-			X509V3_conf_err(val);
-			goto err;
-		}
-	}
-	return bcons;
-	err:
-	BASIC_CONSTRAINTS_free(bcons);
-	return NULL;
+    BASIC_CONSTRAINTS *bcons = NULL;
+    CONF_VALUE *val;
+    int i;
+    if (!(bcons = BASIC_CONSTRAINTS_new())) {
+        X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        val = sk_CONF_VALUE_value(values, i);
+        if (!strcmp(val->name, "CA")) {
+            if (!X509V3_get_value_bool(val, &bcons->ca))
+                goto err;
+        } else if (!strcmp(val->name, "pathlen")) {
+            if (!X509V3_get_value_int(val, &bcons->pathlen))
+                goto err;
+        } else {
+            X509V3err(X509V3_F_V2I_BASIC_CONSTRAINTS, X509V3_R_INVALID_NAME);
+            X509V3_conf_err(val);
+            goto err;
+        }
+    }
+    return bcons;
+ err:
+    BASIC_CONSTRAINTS_free(bcons);
+    return NULL;
 }
-
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c
index 058d0d4d..b7bb3b55 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_bitst.c
@@ -1,6 +1,7 @@
 /* v3_bitst.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,80 +63,80 @@
 #include <openssl/x509v3.h>
 
 static BIT_STRING_BITNAME ns_cert_type_table[] = {
-{0, "SSL Client", "client"},
-{1, "SSL Server", "server"},
-{2, "S/MIME", "email"},
-{3, "Object Signing", "objsign"},
-{4, "Unused", "reserved"},
-{5, "SSL CA", "sslCA"},
-{6, "S/MIME CA", "emailCA"},
-{7, "Object Signing CA", "objCA"},
-{-1, NULL, NULL}
+    {0, "SSL Client", "client"},
+    {1, "SSL Server", "server"},
+    {2, "S/MIME", "email"},
+    {3, "Object Signing", "objsign"},
+    {4, "Unused", "reserved"},
+    {5, "SSL CA", "sslCA"},
+    {6, "S/MIME CA", "emailCA"},
+    {7, "Object Signing CA", "objCA"},
+    {-1, NULL, NULL}
 };
 
 static BIT_STRING_BITNAME key_usage_type_table[] = {
-{0, "Digital Signature", "digitalSignature"},
-{1, "Non Repudiation", "nonRepudiation"},
-{2, "Key Encipherment", "keyEncipherment"},
-{3, "Data Encipherment", "dataEncipherment"},
-{4, "Key Agreement", "keyAgreement"},
-{5, "Certificate Sign", "keyCertSign"},
-{6, "CRL Sign", "cRLSign"},
-{7, "Encipher Only", "encipherOnly"},
-{8, "Decipher Only", "decipherOnly"},
-{-1, NULL, NULL}
+    {0, "Digital Signature", "digitalSignature"},
+    {1, "Non Repudiation", "nonRepudiation"},
+    {2, "Key Encipherment", "keyEncipherment"},
+    {3, "Data Encipherment", "dataEncipherment"},
+    {4, "Key Agreement", "keyAgreement"},
+    {5, "Certificate Sign", "keyCertSign"},
+    {6, "CRL Sign", "cRLSign"},
+    {7, "Encipher Only", "encipherOnly"},
+    {8, "Decipher Only", "decipherOnly"},
+    {-1, NULL, NULL}
 };
 
-
-
-const X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
-const X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table);
+const X509V3_EXT_METHOD v3_nscert =
+EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table);
+const X509V3_EXT_METHOD v3_key_usage =
+EXT_BITSTRING(NID_key_usage, key_usage_type_table);
 
 STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-	     ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret)
+                                          ASN1_BIT_STRING *bits,
+                                          STACK_OF(CONF_VALUE) *ret)
 {
-	BIT_STRING_BITNAME *bnam;
-	for(bnam =method->usr_data; bnam->lname; bnam++) {
-		if(ASN1_BIT_STRING_get_bit(bits, bnam->bitnum)) 
-			X509V3_add_value(bnam->lname, NULL, &ret);
-	}
-	return ret;
+    BIT_STRING_BITNAME *bnam;
+    for (bnam = method->usr_data; bnam->lname; bnam++) {
+        if (ASN1_BIT_STRING_get_bit(bits, bnam->bitnum))
+            X509V3_add_value(bnam->lname, NULL, &ret);
+    }
+    return ret;
 }
-	
+
 ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                                     X509V3_CTX *ctx,
+                                     STACK_OF(CONF_VALUE) *nval)
 {
-	CONF_VALUE *val;
-	ASN1_BIT_STRING *bs;
-	int i;
-	BIT_STRING_BITNAME *bnam;
-	if(!(bs = M_ASN1_BIT_STRING_new())) {
-		X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		val = sk_CONF_VALUE_value(nval, i);
-		for(bnam = method->usr_data; bnam->lname; bnam++) {
-			if(!strcmp(bnam->sname, val->name) ||
-				!strcmp(bnam->lname, val->name) ) {
-				if(!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
-					X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
-						ERR_R_MALLOC_FAILURE);
-					M_ASN1_BIT_STRING_free(bs);
-					return NULL;
-				}
-				break;
-			}
-		}
-		if(!bnam->lname) {
-			X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
-					X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
-			X509V3_conf_err(val);
-			M_ASN1_BIT_STRING_free(bs);
-			return NULL;
-		}
-	}
-	return bs;
+    CONF_VALUE *val;
+    ASN1_BIT_STRING *bs;
+    int i;
+    BIT_STRING_BITNAME *bnam;
+    if (!(bs = M_ASN1_BIT_STRING_new())) {
+        X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        for (bnam = method->usr_data; bnam->lname; bnam++) {
+            if (!strcmp(bnam->sname, val->name) ||
+                !strcmp(bnam->lname, val->name)) {
+                if (!ASN1_BIT_STRING_set_bit(bs, bnam->bitnum, 1)) {
+                    X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+                              ERR_R_MALLOC_FAILURE);
+                    M_ASN1_BIT_STRING_free(bs);
+                    return NULL;
+                }
+                break;
+            }
+        }
+        if (!bnam->lname) {
+            X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,
+                      X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT);
+            X509V3_conf_err(val);
+            M_ASN1_BIT_STRING_free(bs);
+            return NULL;
+        }
+    }
+    return bs;
 }
-	
-
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c
index 11eb6b7f..b1c916fd 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_conf.c
@@ -1,6 +1,7 @@
 /* v3_conf.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -57,8 +58,6 @@
  */
 /* extension creation utilities */
 
-
-
 #include <stdio.h>
 #include <ctype.h>
 #include "cryptlib.h"
@@ -68,457 +67,466 @@
 
 static int v3_check_critical(char **value);
 static int v3_check_generic(char **value);
-static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value);
-static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type, X509V3_CTX *ctx);
+static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
+                                    int crit, char *value);
+static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
+                                            int crit, int type,
+                                            X509V3_CTX *ctx);
 static char *conf_lhash_get_string(void *db, char *section, char *value);
 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section);
 static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
-						 int crit, void *ext_struc);
-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len);
+                                  int crit, void *ext_struc);
+static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,
+                                   long *ext_len);
 /* CONF *conf:  Config file    */
 /* char *name:  Name    */
 /* char *value:  Value    */
 X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name,
-	     char *value)
-	{
-	int crit;
-	int ext_type;
-	X509_EXTENSION *ret;
-	crit = v3_check_critical(&value);
-	if ((ext_type = v3_check_generic(&value))) 
-		return v3_generic_extension(name, value, crit, ext_type, ctx);
-	ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
-	if (!ret)
-		{
-		X509V3err(X509V3_F_X509V3_EXT_NCONF,X509V3_R_ERROR_IN_EXTENSION);
-		ERR_add_error_data(4,"name=", name, ", value=", value);
-		}
-	return ret;
-	}
+                                 char *value)
+{
+    int crit;
+    int ext_type;
+    X509_EXTENSION *ret;
+    crit = v3_check_critical(&value);
+    if ((ext_type = v3_check_generic(&value)))
+        return v3_generic_extension(name, value, crit, ext_type, ctx);
+    ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value);
+    if (!ret) {
+        X509V3err(X509V3_F_X509V3_EXT_NCONF, X509V3_R_ERROR_IN_EXTENSION);
+        ERR_add_error_data(4, "name=", name, ", value=", value);
+    }
+    return ret;
+}
 
 /* CONF *conf:  Config file    */
 /* char *value:  Value    */
 X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-	     char *value)
-	{
-	int crit;
-	int ext_type;
-	crit = v3_check_critical(&value);
-	if ((ext_type = v3_check_generic(&value))) 
-		return v3_generic_extension(OBJ_nid2sn(ext_nid),
-						 value, crit, ext_type, ctx);
-	return do_ext_nconf(conf, ctx, ext_nid, crit, value);
-	}
+                                     char *value)
+{
+    int crit;
+    int ext_type;
+    crit = v3_check_critical(&value);
+    if ((ext_type = v3_check_generic(&value)))
+        return v3_generic_extension(OBJ_nid2sn(ext_nid),
+                                    value, crit, ext_type, ctx);
+    return do_ext_nconf(conf, ctx, ext_nid, crit, value);
+}
 
 /* CONF *conf:  Config file    */
 /* char *value:  Value    */
 static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid,
-	     int crit, char *value)
-	{
-	X509V3_EXT_METHOD *method;
-	X509_EXTENSION *ext;
-	STACK_OF(CONF_VALUE) *nval;
-	void *ext_struc;
-	if (ext_nid == NID_undef)
-		{
-		X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION_NAME);
-		return NULL;
-		}
-	if (!(method = X509V3_EXT_get_nid(ext_nid)))
-		{
-		X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_UNKNOWN_EXTENSION);
-		return NULL;
-		}
-	/* Now get internal extension representation based on type */
-	if (method->v2i)
-		{
-		if(*value == '@') nval = NCONF_get_section(conf, value + 1);
-		else nval = X509V3_parse_list(value);
-		if(sk_CONF_VALUE_num(nval) <= 0)
-			{
-			X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_INVALID_EXTENSION_STRING);
-			ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value);
-			return NULL;
-			}
-		ext_struc = method->v2i(method, ctx, nval);
-		if(*value != '@') sk_CONF_VALUE_pop_free(nval,
-							 X509V3_conf_free);
-		if(!ext_struc) return NULL;
-		}
-	else if(method->s2i)
-		{
-		if(!(ext_struc = method->s2i(method, ctx, value))) return NULL;
-		}
-	else if(method->r2i)
-		{
-		if(!ctx->db || !ctx->db_meth)
-			{
-			X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_NO_CONFIG_DATABASE);
-			return NULL;
-			}
-		if(!(ext_struc = method->r2i(method, ctx, value))) return NULL;
-		}
-	else
-		{
-		X509V3err(X509V3_F_DO_EXT_NCONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
-		ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
-		return NULL;
-		}
-
-	ext  = do_ext_i2d(method, ext_nid, crit, ext_struc);
-	if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
-	else method->ext_free(ext_struc);
-	return ext;
-
-	}
+                                    int crit, char *value)
+{
+    X509V3_EXT_METHOD *method;
+    X509_EXTENSION *ext;
+    STACK_OF(CONF_VALUE) *nval;
+    void *ext_struc;
+    if (ext_nid == NID_undef) {
+        X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION_NAME);
+        return NULL;
+    }
+    if (!(method = X509V3_EXT_get_nid(ext_nid))) {
+        X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_UNKNOWN_EXTENSION);
+        return NULL;
+    }
+    /* Now get internal extension representation based on type */
+    if (method->v2i) {
+        if (*value == '@')
+            nval = NCONF_get_section(conf, value + 1);
+        else
+            nval = X509V3_parse_list(value);
+        if (sk_CONF_VALUE_num(nval) <= 0) {
+            X509V3err(X509V3_F_DO_EXT_NCONF,
+                      X509V3_R_INVALID_EXTENSION_STRING);
+            ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=",
+                               value);
+            return NULL;
+        }
+        ext_struc = method->v2i(method, ctx, nval);
+        if (*value != '@')
+            sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+        if (!ext_struc)
+            return NULL;
+    } else if (method->s2i) {
+        if (!(ext_struc = method->s2i(method, ctx, value)))
+            return NULL;
+    } else if (method->r2i) {
+        if (!ctx->db || !ctx->db_meth) {
+            X509V3err(X509V3_F_DO_EXT_NCONF, X509V3_R_NO_CONFIG_DATABASE);
+            return NULL;
+        }
+        if (!(ext_struc = method->r2i(method, ctx, value)))
+            return NULL;
+    } else {
+        X509V3err(X509V3_F_DO_EXT_NCONF,
+                  X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED);
+        ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid));
+        return NULL;
+    }
+
+    ext = do_ext_i2d(method, ext_nid, crit, ext_struc);
+    if (method->it)
+        ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it));
+    else
+        method->ext_free(ext_struc);
+    return ext;
+
+}
 
 static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid,
-						 int crit, void *ext_struc)
-	{
-	unsigned char *ext_der;
-	int ext_len;
-	ASN1_OCTET_STRING *ext_oct;
-	X509_EXTENSION *ext;
-	/* Convert internal representation to DER */
-	if (method->it)
-		{
-		ext_der = NULL;
-		ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
-		if (ext_len < 0) goto merr;
-		}
-	 else
-		{
-		unsigned char *p;
-		ext_len = method->i2d(ext_struc, NULL);
-		if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr;
-		p = ext_der;
-		method->i2d(ext_struc, &p);
-		}
-	if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr;
-	ext_oct->data = ext_der;
-	ext_oct->length = ext_len;
-
-	ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
-	if (!ext) goto merr;
-	M_ASN1_OCTET_STRING_free(ext_oct);
-
-	return ext;
-
-	merr:
-	X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE);
-	return NULL;
-
-	}
+                                  int crit, void *ext_struc)
+{
+    unsigned char *ext_der;
+    int ext_len;
+    ASN1_OCTET_STRING *ext_oct;
+    X509_EXTENSION *ext;
+    /* Convert internal representation to DER */
+    if (method->it) {
+        ext_der = NULL;
+        ext_len =
+            ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it));
+        if (ext_len < 0)
+            goto merr;
+    } else {
+        unsigned char *p;
+        ext_len = method->i2d(ext_struc, NULL);
+        if (!(ext_der = OPENSSL_malloc(ext_len)))
+            goto merr;
+        p = ext_der;
+        method->i2d(ext_struc, &p);
+    }
+    if (!(ext_oct = M_ASN1_OCTET_STRING_new()))
+        goto merr;
+    ext_oct->data = ext_der;
+    ext_oct->length = ext_len;
+
+    ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct);
+    if (!ext)
+        goto merr;
+    M_ASN1_OCTET_STRING_free(ext_oct);
+
+    return ext;
+
+ merr:
+    X509V3err(X509V3_F_DO_EXT_I2D, ERR_R_MALLOC_FAILURE);
+    return NULL;
+
+}
 
 /* Given an internal structure, nid and critical flag create an extension */
 
 X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc)
-	{
-	X509V3_EXT_METHOD *method;
-	if (!(method = X509V3_EXT_get_nid(ext_nid))) {
-		X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION);
-		return NULL;
-	}
-	return do_ext_i2d(method, ext_nid, crit, ext_struc);
+{
+    X509V3_EXT_METHOD *method;
+    if (!(method = X509V3_EXT_get_nid(ext_nid))) {
+        X509V3err(X509V3_F_X509V3_EXT_I2D, X509V3_R_UNKNOWN_EXTENSION);
+        return NULL;
+    }
+    return do_ext_i2d(method, ext_nid, crit, ext_struc);
 }
 
 /* Check the extension string for critical flag */
 static int v3_check_critical(char **value)
 {
-	char *p = *value;
-	if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0;
-	p+=9;
-	while(isspace((unsigned char)*p)) p++;
-	*value = p;
-	return 1;
+    char *p = *value;
+    if ((strlen(p) < 9) || strncmp(p, "critical,", 9))
+        return 0;
+    p += 9;
+    while (isspace((unsigned char)*p))
+        p++;
+    *value = p;
+    return 1;
 }
 
 /* Check extension string for generic extension and return the type */
 static int v3_check_generic(char **value)
 {
-	int gen_type = 0;
-	char *p = *value;
-	if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4))
-		{
-		p+=4;
-		gen_type = 1;
-		}
-	else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5))
-		{
-		p+=5;
-		gen_type = 2;
-		}
-	else
-		return 0;
-
-	while (isspace((unsigned char)*p)) p++;
-	*value = p;
-	return gen_type;
+    int gen_type = 0;
+    char *p = *value;
+    if ((strlen(p) >= 4) && !strncmp(p, "DER:", 4)) {
+        p += 4;
+        gen_type = 1;
+    } else if ((strlen(p) >= 5) && !strncmp(p, "ASN1:", 5)) {
+        p += 5;
+        gen_type = 2;
+    } else
+        return 0;
+
+    while (isspace((unsigned char)*p))
+        p++;
+    *value = p;
+    return gen_type;
 }
 
 /* Create a generic extension: for now just handle DER type */
 static X509_EXTENSION *v3_generic_extension(const char *ext, char *value,
-	     int crit, int gen_type, X509V3_CTX *ctx)
-	{
-	unsigned char *ext_der=NULL;
-	long ext_len;
-	ASN1_OBJECT *obj=NULL;
-	ASN1_OCTET_STRING *oct=NULL;
-	X509_EXTENSION *extension=NULL;
-	if (!(obj = OBJ_txt2obj(ext, 0)))
-		{
-		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR);
-		ERR_add_error_data(2, "name=", ext);
-		goto err;
-		}
-
-	if (gen_type == 1)
-		ext_der = string_to_hex(value, &ext_len);
-	else if (gen_type == 2)
-		ext_der = generic_asn1(value, ctx, &ext_len);
-
-	if (ext_der == NULL)
-		{
-		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR);
-		ERR_add_error_data(2, "value=", value);
-		goto err;
-		}
-
-	if (!(oct = M_ASN1_OCTET_STRING_new()))
-		{
-		X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
-
-	oct->data = ext_der;
-	oct->length = ext_len;
-	ext_der = NULL;
-
-	extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
-
-	err:
-	ASN1_OBJECT_free(obj);
-	M_ASN1_OCTET_STRING_free(oct);
-	if(ext_der) OPENSSL_free(ext_der);
-	return extension;
-
-	}
-
-static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx, long *ext_len)
-	{
-	ASN1_TYPE *typ;
-	unsigned char *ext_der = NULL;
-	typ = ASN1_generate_v3(value, ctx);
-	if (typ == NULL)
-		return NULL;
-	*ext_len = i2d_ASN1_TYPE(typ, &ext_der);
-	ASN1_TYPE_free(typ);
-	return ext_der;
-	}
-
-/* This is the main function: add a bunch of extensions based on a config file
- * section to an extension STACK.
- */
+                                            int crit, int gen_type,
+                                            X509V3_CTX *ctx)
+{
+    unsigned char *ext_der = NULL;
+    long ext_len;
+    ASN1_OBJECT *obj = NULL;
+    ASN1_OCTET_STRING *oct = NULL;
+    X509_EXTENSION *extension = NULL;
+    if (!(obj = OBJ_txt2obj(ext, 0))) {
+        X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
+                  X509V3_R_EXTENSION_NAME_ERROR);
+        ERR_add_error_data(2, "name=", ext);
+        goto err;
+    }
+
+    if (gen_type == 1)
+        ext_der = string_to_hex(value, &ext_len);
+    else if (gen_type == 2)
+        ext_der = generic_asn1(value, ctx, &ext_len);
+
+    if (ext_der == NULL) {
+        X509V3err(X509V3_F_V3_GENERIC_EXTENSION,
+                  X509V3_R_EXTENSION_VALUE_ERROR);
+        ERR_add_error_data(2, "value=", value);
+        goto err;
+    }
+
+    if (!(oct = M_ASN1_OCTET_STRING_new())) {
+        X509V3err(X509V3_F_V3_GENERIC_EXTENSION, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    oct->data = ext_der;
+    oct->length = ext_len;
+    ext_der = NULL;
+
+    extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct);
+
+ err:
+    ASN1_OBJECT_free(obj);
+    M_ASN1_OCTET_STRING_free(oct);
+    if (ext_der)
+        OPENSSL_free(ext_der);
+    return extension;
 
+}
+
+static unsigned char *generic_asn1(char *value, X509V3_CTX *ctx,
+                                   long *ext_len)
+{
+    ASN1_TYPE *typ;
+    unsigned char *ext_der = NULL;
+    typ = ASN1_generate_v3(value, ctx);
+    if (typ == NULL)
+        return NULL;
+    *ext_len = i2d_ASN1_TYPE(typ, &ext_der);
+    ASN1_TYPE_free(typ);
+    return ext_der;
+}
+
+/*
+ * This is the main function: add a bunch of extensions based on a config
+ * file section to an extension STACK.
+ */
 
 int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section,
-	     STACK_OF(X509_EXTENSION) **sk)
-	{
-	X509_EXTENSION *ext;
-	STACK_OF(CONF_VALUE) *nval;
-	CONF_VALUE *val;	
-	int i;
-	if (!(nval = NCONF_get_section(conf, section))) return 0;
-	for (i = 0; i < sk_CONF_VALUE_num(nval); i++)
-		{
-		val = sk_CONF_VALUE_value(nval, i);
-		if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
-								return 0;
-		if (sk) X509v3_add_ext(sk, ext, -1);
-		X509_EXTENSION_free(ext);
-		}
-	return 1;
-	}
-
-/* Convenience functions to add extensions to a certificate, CRL and request */
+                            STACK_OF(X509_EXTENSION) **sk)
+{
+    X509_EXTENSION *ext;
+    STACK_OF(CONF_VALUE) *nval;
+    CONF_VALUE *val;
+    int i;
+    if (!(nval = NCONF_get_section(conf, section)))
+        return 0;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value)))
+            return 0;
+        if (sk)
+            X509v3_add_ext(sk, ext, -1);
+        X509_EXTENSION_free(ext);
+    }
+    return 1;
+}
+
+/*
+ * Convenience functions to add extensions to a certificate, CRL and request
+ */
 
 int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-	     X509 *cert)
-	{
-	STACK_OF(X509_EXTENSION) **sk = NULL;
-	if (cert)
-		sk = &cert->cert_info->extensions;
-	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-	}
+                         X509 *cert)
+{
+    STACK_OF(X509_EXTENSION) **sk = NULL;
+    if (cert)
+        sk = &cert->cert_info->extensions;
+    return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+}
 
 /* Same as above but for a CRL */
 
 int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-	     X509_CRL *crl)
-	{
-	STACK_OF(X509_EXTENSION) **sk = NULL;
-	if (crl)
-		sk = &crl->crl->extensions;
-	return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-	}
+                             X509_CRL *crl)
+{
+    STACK_OF(X509_EXTENSION) **sk = NULL;
+    if (crl)
+        sk = &crl->crl->extensions;
+    return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+}
 
 /* Add extensions to certificate request */
 
 int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section,
-	     X509_REQ *req)
-	{
-	STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
-	int i;
-	if (req)
-		sk = &extlist;
-	i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
-	if (!i || !sk)
-		return i;
-	i = X509_REQ_add_extensions(req, extlist);
-	sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
-	return i;
-	}
+                             X509_REQ *req)
+{
+    STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL;
+    int i;
+    if (req)
+        sk = &extlist;
+    i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk);
+    if (!i || !sk)
+        return i;
+    i = X509_REQ_add_extensions(req, extlist);
+    sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free);
+    return i;
+}
 
 /* Config database functions */
 
-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
-	{
-	if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string)
-		{
-		X509V3err(X509V3_F_X509V3_GET_STRING,X509V3_R_OPERATION_NOT_DEFINED);
-		return NULL;
-		}
-	if (ctx->db_meth->get_string)
-			return ctx->db_meth->get_string(ctx->db, name, section);
-	return NULL;
-	}
-
-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section)
-	{
-	if(!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section)
-		{
-		X509V3err(X509V3_F_X509V3_GET_SECTION,X509V3_R_OPERATION_NOT_DEFINED);
-		return NULL;
-		}
-	if (ctx->db_meth->get_section)
-			return ctx->db_meth->get_section(ctx->db, section);
-	return NULL;
-	}
+char *X509V3_get_string(X509V3_CTX *ctx, char *name, char *section)
+{
+    if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_string) {
+        X509V3err(X509V3_F_X509V3_GET_STRING, X509V3_R_OPERATION_NOT_DEFINED);
+        return NULL;
+    }
+    if (ctx->db_meth->get_string)
+        return ctx->db_meth->get_string(ctx->db, name, section);
+    return NULL;
+}
+
+STACK_OF(CONF_VALUE) *X509V3_get_section(X509V3_CTX *ctx, char *section)
+{
+    if (!ctx->db || !ctx->db_meth || !ctx->db_meth->get_section) {
+        X509V3err(X509V3_F_X509V3_GET_SECTION,
+                  X509V3_R_OPERATION_NOT_DEFINED);
+        return NULL;
+    }
+    if (ctx->db_meth->get_section)
+        return ctx->db_meth->get_section(ctx->db, section);
+    return NULL;
+}
 
 void X509V3_string_free(X509V3_CTX *ctx, char *str)
-	{
-	if (!str) return;
-	if (ctx->db_meth->free_string)
-			ctx->db_meth->free_string(ctx->db, str);
-	}
+{
+    if (!str)
+        return;
+    if (ctx->db_meth->free_string)
+        ctx->db_meth->free_string(ctx->db, str);
+}
 
 void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section)
-	{
-	if (!section) return;
-	if (ctx->db_meth->free_section)
-			ctx->db_meth->free_section(ctx->db, section);
-	}
+{
+    if (!section)
+        return;
+    if (ctx->db_meth->free_section)
+        ctx->db_meth->free_section(ctx->db, section);
+}
 
 static char *nconf_get_string(void *db, char *section, char *value)
-	{
-	return NCONF_get_string(db, section, value);
-	}
+{
+    return NCONF_get_string(db, section, value);
+}
 
 static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section)
-	{
-	return NCONF_get_section(db, section);
-	}
+{
+    return NCONF_get_section(db, section);
+}
 
 static X509V3_CONF_METHOD nconf_method = {
-nconf_get_string,
-nconf_get_section,
-NULL,
-NULL
+    nconf_get_string,
+    nconf_get_section,
+    NULL,
+    NULL
 };
 
 void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf)
-	{
-	ctx->db_meth = &nconf_method;
-	ctx->db = conf;
-	}
+{
+    ctx->db_meth = &nconf_method;
+    ctx->db = conf;
+}
 
 void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req,
-	     X509_CRL *crl, int flags)
-	{
-	ctx->issuer_cert = issuer;
-	ctx->subject_cert = subj;
-	ctx->crl = crl;
-	ctx->subject_req = req;
-	ctx->flags = flags;
-	}
+                    X509_CRL *crl, int flags)
+{
+    ctx->issuer_cert = issuer;
+    ctx->subject_cert = subj;
+    ctx->crl = crl;
+    ctx->subject_req = req;
+    ctx->flags = flags;
+}
 
 /* Old conf compatibility functions */
 
 X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
-	     char *value)
-	{
-	CONF ctmp;
-	CONF_set_nconf(&ctmp, conf);
-	return X509V3_EXT_nconf(&ctmp, ctx, name, value);
-	}
+                                char *value)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_nconf(&ctmp, ctx, name, value);
+}
 
 /* LHASH *conf:  Config file    */
 /* char *value:  Value    */
 X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid,
-	     char *value)
-	{
-	CONF ctmp;
-	CONF_set_nconf(&ctmp, conf);
-	return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
-	}
+                                    char *value)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value);
+}
 
 static char *conf_lhash_get_string(void *db, char *section, char *value)
-	{
-	return CONF_get_string(db, section, value);
-	}
+{
+    return CONF_get_string(db, section, value);
+}
 
 static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section)
-	{
-	return CONF_get_section(db, section);
-	}
+{
+    return CONF_get_section(db, section);
+}
 
 static X509V3_CONF_METHOD conf_lhash_method = {
-conf_lhash_get_string,
-conf_lhash_get_section,
-NULL,
-NULL
+    conf_lhash_get_string,
+    conf_lhash_get_section,
+    NULL,
+    NULL
 };
 
 void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash)
-	{
-	ctx->db_meth = &conf_lhash_method;
-	ctx->db = lhash;
-	}
+{
+    ctx->db_meth = &conf_lhash_method;
+    ctx->db = lhash;
+}
 
 int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
-	     X509 *cert)
-	{
-	CONF ctmp;
-	CONF_set_nconf(&ctmp, conf);
-	return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
-	}
+                        X509 *cert)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert);
+}
 
 /* Same as above but for a CRL */
 
 int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
-	     X509_CRL *crl)
-	{
-	CONF ctmp;
-	CONF_set_nconf(&ctmp, conf);
-	return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
-	}
+                            X509_CRL *crl)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl);
+}
 
 /* Add extensions to certificate request */
 
 int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
-	     X509_REQ *req)
-	{
-	CONF ctmp;
-	CONF_set_nconf(&ctmp, conf);
-	return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
-	}
+                            X509_REQ *req)
+{
+    CONF ctmp;
+    CONF_set_nconf(&ctmp, conf);
+    return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req);
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c
index ad0506d7..3c26ac1d 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_cpols.c
@@ -1,6 +1,7 @@
 /* v3_cpols.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -67,35 +68,38 @@
 
 /* Certificate policies extension support: this one is a bit complex... */
 
-static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, BIO *out, int indent);
-static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *value);
-static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, int indent);
+static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
+                       BIO *out, int indent);
+static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
+                                         X509V3_CTX *ctx, char *value);
+static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
+                             int indent);
 static void print_notice(BIO *out, USERNOTICE *notice, int indent);
 static POLICYINFO *policy_section(X509V3_CTX *ctx,
-				 STACK_OF(CONF_VALUE) *polstrs, int ia5org);
+                                  STACK_OF(CONF_VALUE) *polstrs, int ia5org);
 static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
-					STACK_OF(CONF_VALUE) *unot, int ia5org);
+                                      STACK_OF(CONF_VALUE) *unot, int ia5org);
 static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
 
 const X509V3_EXT_METHOD v3_cpols = {
-NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES),
-0,0,0,0,
-0,0,
-0,0,
-(X509V3_EXT_I2R)i2r_certpol,
-(X509V3_EXT_R2I)r2i_certpol,
-NULL
+    NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    (X509V3_EXT_I2R)i2r_certpol,
+    (X509V3_EXT_R2I)r2i_certpol,
+    NULL
 };
 
-ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
+ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO)
 ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES)
 
 IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES)
 
 ASN1_SEQUENCE(POLICYINFO) = {
-	ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
-	ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
+        ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT),
+        ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO)
 } ASN1_SEQUENCE_END(POLICYINFO)
 
 IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
@@ -103,352 +107,370 @@ IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO)
 ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY);
 
 ASN1_ADB(POLICYQUALINFO) = {
-	ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
-	ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
+        ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)),
+        ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE))
 } ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL);
 
 ASN1_SEQUENCE(POLICYQUALINFO) = {
-	ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
-	ASN1_ADB_OBJECT(POLICYQUALINFO)
+        ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT),
+        ASN1_ADB_OBJECT(POLICYQUALINFO)
 } ASN1_SEQUENCE_END(POLICYQUALINFO)
 
 IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO)
 
 ASN1_SEQUENCE(USERNOTICE) = {
-	ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
-	ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
+        ASN1_OPT(USERNOTICE, noticeref, NOTICEREF),
+        ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT)
 } ASN1_SEQUENCE_END(USERNOTICE)
 
 IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE)
 
 ASN1_SEQUENCE(NOTICEREF) = {
-	ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
-	ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
+        ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT),
+        ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER)
 } ASN1_SEQUENCE_END(NOTICEREF)
 
 IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF)
 
 static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method,
-		X509V3_CTX *ctx, char *value)
+                                         X509V3_CTX *ctx, char *value)
 {
-	STACK_OF(POLICYINFO) *pols = NULL;
-	char *pstr;
-	POLICYINFO *pol;
-	ASN1_OBJECT *pobj;
-	STACK_OF(CONF_VALUE) *vals;
-	CONF_VALUE *cnf;
-	int i, ia5org;
-	pols = sk_POLICYINFO_new_null();
-	if (pols == NULL) {
-		X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	vals =  X509V3_parse_list(value);
-	if (vals == NULL) {
-		X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
-		goto err;
-	}
-	ia5org = 0;
-	for(i = 0; i < sk_CONF_VALUE_num(vals); i++) {
-		cnf = sk_CONF_VALUE_value(vals, i);
-		if(cnf->value || !cnf->name ) {
-			X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_POLICY_IDENTIFIER);
-			X509V3_conf_err(cnf);
-			goto err;
-		}
-		pstr = cnf->name;
-		if(!strcmp(pstr,"ia5org")) {
-			ia5org = 1;
-			continue;
-		} else if(*pstr == '@') {
-			STACK_OF(CONF_VALUE) *polsect;
-			polsect = X509V3_get_section(ctx, pstr + 1);
-			if(!polsect) {
-				X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_SECTION);
-
-				X509V3_conf_err(cnf);
-				goto err;
-			}
-			pol = policy_section(ctx, polsect, ia5org);
-			X509V3_section_free(ctx, polsect);
-			if(!pol) goto err;
-		} else {
-			if(!(pobj = OBJ_txt2obj(cnf->name, 0))) {
-				X509V3err(X509V3_F_R2I_CERTPOL,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-				X509V3_conf_err(cnf);
-				goto err;
-			}
-			pol = POLICYINFO_new();
-			pol->policyid = pobj;
-		}
-		if (!sk_POLICYINFO_push(pols, pol)){
-			POLICYINFO_free(pol);
-			X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-	}
-	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-	return pols;
-	err:
-	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-	sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
-	return NULL;
+    STACK_OF(POLICYINFO) *pols = NULL;
+    char *pstr;
+    POLICYINFO *pol;
+    ASN1_OBJECT *pobj;
+    STACK_OF(CONF_VALUE) *vals;
+    CONF_VALUE *cnf;
+    int i, ia5org;
+    pols = sk_POLICYINFO_new_null();
+    if (pols == NULL) {
+        X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    vals = X509V3_parse_list(value);
+    if (vals == NULL) {
+        X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_X509V3_LIB);
+        goto err;
+    }
+    ia5org = 0;
+    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+        cnf = sk_CONF_VALUE_value(vals, i);
+        if (cnf->value || !cnf->name) {
+            X509V3err(X509V3_F_R2I_CERTPOL,
+                      X509V3_R_INVALID_POLICY_IDENTIFIER);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+        pstr = cnf->name;
+        if (!strcmp(pstr, "ia5org")) {
+            ia5org = 1;
+            continue;
+        } else if (*pstr == '@') {
+            STACK_OF(CONF_VALUE) *polsect;
+            polsect = X509V3_get_section(ctx, pstr + 1);
+            if (!polsect) {
+                X509V3err(X509V3_F_R2I_CERTPOL, X509V3_R_INVALID_SECTION);
+
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            pol = policy_section(ctx, polsect, ia5org);
+            X509V3_section_free(ctx, polsect);
+            if (!pol)
+                goto err;
+        } else {
+            if (!(pobj = OBJ_txt2obj(cnf->name, 0))) {
+                X509V3err(X509V3_F_R2I_CERTPOL,
+                          X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            pol = POLICYINFO_new();
+            pol->policyid = pobj;
+        }
+        if (!sk_POLICYINFO_push(pols, pol)) {
+            POLICYINFO_free(pol);
+            X509V3err(X509V3_F_R2I_CERTPOL, ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+    }
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    return pols;
+ err:
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    sk_POLICYINFO_pop_free(pols, POLICYINFO_free);
+    return NULL;
 }
 
 static POLICYINFO *policy_section(X509V3_CTX *ctx,
-				STACK_OF(CONF_VALUE) *polstrs, int ia5org)
+                                  STACK_OF(CONF_VALUE) *polstrs, int ia5org)
 {
-	int i;
-	CONF_VALUE *cnf;
-	POLICYINFO *pol;
-	POLICYQUALINFO *qual;
-	if(!(pol = POLICYINFO_new())) goto merr;
-	for(i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
-		cnf = sk_CONF_VALUE_value(polstrs, i);
-		if(!strcmp(cnf->name, "policyIdentifier")) {
-			ASN1_OBJECT *pobj;
-			if(!(pobj = OBJ_txt2obj(cnf->value, 0))) {
-				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-				X509V3_conf_err(cnf);
-				goto err;
-			}
-			pol->policyid = pobj;
-
-		} else if(!name_cmp(cnf->name, "CPS")) {
-			if(!pol->qualifiers) pol->qualifiers =
-						 sk_POLICYQUALINFO_new_null();
-			if(!(qual = POLICYQUALINFO_new())) goto merr;
-			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
-								 goto merr;
-			qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
-			qual->d.cpsuri = M_ASN1_IA5STRING_new();
-			if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
-						 strlen(cnf->value))) goto merr;
-		} else if(!name_cmp(cnf->name, "userNotice")) {
-			STACK_OF(CONF_VALUE) *unot;
-			if(*cnf->value != '@') {
-				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_EXPECTED_A_SECTION_NAME);
-				X509V3_conf_err(cnf);
-				goto err;
-			}
-			unot = X509V3_get_section(ctx, cnf->value + 1);
-			if(!unot) {
-				X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_SECTION);
-
-				X509V3_conf_err(cnf);
-				goto err;
-			}
-			qual = notice_section(ctx, unot, ia5org);
-			X509V3_section_free(ctx, unot);
-			if(!qual) goto err;
-			if(!pol->qualifiers) pol->qualifiers =
-						 sk_POLICYQUALINFO_new_null();
-			if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
-								 goto merr;
-		} else {
-			X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_INVALID_OPTION);
-
-			X509V3_conf_err(cnf);
-			goto err;
-		}
-	}
-	if(!pol->policyid) {
-		X509V3err(X509V3_F_POLICY_SECTION,X509V3_R_NO_POLICY_IDENTIFIER);
-		goto err;
-	}
-
-	return pol;
-
-	merr:
-	X509V3err(X509V3_F_POLICY_SECTION,ERR_R_MALLOC_FAILURE);
-
-	err:
-	POLICYINFO_free(pol);
-	return NULL;
-	
-	
+    int i;
+    CONF_VALUE *cnf;
+    POLICYINFO *pol;
+    POLICYQUALINFO *qual;
+    if (!(pol = POLICYINFO_new()))
+        goto merr;
+    for (i = 0; i < sk_CONF_VALUE_num(polstrs); i++) {
+        cnf = sk_CONF_VALUE_value(polstrs, i);
+        if (!strcmp(cnf->name, "policyIdentifier")) {
+            ASN1_OBJECT *pobj;
+            if (!(pobj = OBJ_txt2obj(cnf->value, 0))) {
+                X509V3err(X509V3_F_POLICY_SECTION,
+                          X509V3_R_INVALID_OBJECT_IDENTIFIER);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            pol->policyid = pobj;
+
+        } else if (!name_cmp(cnf->name, "CPS")) {
+            if (!pol->qualifiers)
+                pol->qualifiers = sk_POLICYQUALINFO_new_null();
+            if (!(qual = POLICYQUALINFO_new()))
+                goto merr;
+            if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+                goto merr;
+            qual->pqualid = OBJ_nid2obj(NID_id_qt_cps);
+            qual->d.cpsuri = M_ASN1_IA5STRING_new();
+            if (!ASN1_STRING_set(qual->d.cpsuri, cnf->value,
+                                 strlen(cnf->value)))
+                goto merr;
+        } else if (!name_cmp(cnf->name, "userNotice")) {
+            STACK_OF(CONF_VALUE) *unot;
+            if (*cnf->value != '@') {
+                X509V3err(X509V3_F_POLICY_SECTION,
+                          X509V3_R_EXPECTED_A_SECTION_NAME);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            unot = X509V3_get_section(ctx, cnf->value + 1);
+            if (!unot) {
+                X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_SECTION);
+
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            qual = notice_section(ctx, unot, ia5org);
+            X509V3_section_free(ctx, unot);
+            if (!qual)
+                goto err;
+            if (!pol->qualifiers)
+                pol->qualifiers = sk_POLICYQUALINFO_new_null();
+            if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual))
+                goto merr;
+        } else {
+            X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_INVALID_OPTION);
+
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+    }
+    if (!pol->policyid) {
+        X509V3err(X509V3_F_POLICY_SECTION, X509V3_R_NO_POLICY_IDENTIFIER);
+        goto err;
+    }
+
+    return pol;
+
+ merr:
+    X509V3err(X509V3_F_POLICY_SECTION, ERR_R_MALLOC_FAILURE);
+
+ err:
+    POLICYINFO_free(pol);
+    return NULL;
+
 }
 
 static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
-					STACK_OF(CONF_VALUE) *unot, int ia5org)
+                                      STACK_OF(CONF_VALUE) *unot, int ia5org)
 {
-	int i, ret;
-	CONF_VALUE *cnf;
-	USERNOTICE *not;
-	POLICYQUALINFO *qual;
-	if(!(qual = POLICYQUALINFO_new())) goto merr;
-	qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
-	if(!(not = USERNOTICE_new())) goto merr;
-	qual->d.usernotice = not;
-	for(i = 0; i < sk_CONF_VALUE_num(unot); i++) {
-		cnf = sk_CONF_VALUE_value(unot, i);
-		if(!strcmp(cnf->name, "explicitText")) {
-			not->exptext = M_ASN1_VISIBLESTRING_new();
-			if(!ASN1_STRING_set(not->exptext, cnf->value,
-						 strlen(cnf->value))) goto merr;
-		} else if(!strcmp(cnf->name, "organization")) {
-			NOTICEREF *nref;
-			if(!not->noticeref) {
-				if(!(nref = NOTICEREF_new())) goto merr;
-				not->noticeref = nref;
-			} else nref = not->noticeref;
-			if(ia5org) nref->organization->type = V_ASN1_IA5STRING;
-			else nref->organization->type = V_ASN1_VISIBLESTRING;
-			if(!ASN1_STRING_set(nref->organization, cnf->value,
-						 strlen(cnf->value))) goto merr;
-		} else if(!strcmp(cnf->name, "noticeNumbers")) {
-			NOTICEREF *nref;
-			STACK_OF(CONF_VALUE) *nos;
-			if(!not->noticeref) {
-				if(!(nref = NOTICEREF_new())) goto merr;
-				not->noticeref = nref;
-			} else nref = not->noticeref;
-			nos = X509V3_parse_list(cnf->value);
-			if(!nos || !sk_CONF_VALUE_num(nos)) {
-				X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_NUMBERS);
-				X509V3_conf_err(cnf);
-				goto err;
-			}
-			ret = nref_nos(nref->noticenos, nos);
-			sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
-			if (!ret)
-				goto err;
-		} else {
-			X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_INVALID_OPTION);
-			X509V3_conf_err(cnf);
-			goto err;
-		}
-	}
-
-	if(not->noticeref && 
-	      (!not->noticeref->noticenos || !not->noticeref->organization)) {
-			X509V3err(X509V3_F_NOTICE_SECTION,X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
-			goto err;
-	}
-
-	return qual;
-
-	merr:
-	X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE);
-
-	err:
-	POLICYQUALINFO_free(qual);
-	return NULL;
+    int i, ret;
+    CONF_VALUE *cnf;
+    USERNOTICE *not;
+    POLICYQUALINFO *qual;
+    if (!(qual = POLICYQUALINFO_new()))
+        goto merr;
+    qual->pqualid = OBJ_nid2obj(NID_id_qt_unotice);
+    if (!(not = USERNOTICE_new()))
+        goto merr;
+    qual->d.usernotice = not;
+    for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
+        cnf = sk_CONF_VALUE_value(unot, i);
+        if (!strcmp(cnf->name, "explicitText")) {
+            not->exptext = M_ASN1_VISIBLESTRING_new();
+            if (!ASN1_STRING_set(not->exptext, cnf->value,
+                                 strlen(cnf->value)))
+                goto merr;
+        } else if (!strcmp(cnf->name, "organization")) {
+            NOTICEREF *nref;
+            if (!not->noticeref) {
+                if (!(nref = NOTICEREF_new()))
+                    goto merr;
+                not->noticeref = nref;
+            } else
+                nref = not->noticeref;
+            if (ia5org)
+                nref->organization->type = V_ASN1_IA5STRING;
+            else
+                nref->organization->type = V_ASN1_VISIBLESTRING;
+            if (!ASN1_STRING_set(nref->organization, cnf->value,
+                                 strlen(cnf->value)))
+                goto merr;
+        } else if (!strcmp(cnf->name, "noticeNumbers")) {
+            NOTICEREF *nref;
+            STACK_OF(CONF_VALUE) *nos;
+            if (!not->noticeref) {
+                if (!(nref = NOTICEREF_new()))
+                    goto merr;
+                not->noticeref = nref;
+            } else
+                nref = not->noticeref;
+            nos = X509V3_parse_list(cnf->value);
+            if (!nos || !sk_CONF_VALUE_num(nos)) {
+                X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_NUMBERS);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            ret = nref_nos(nref->noticenos, nos);
+            sk_CONF_VALUE_pop_free(nos, X509V3_conf_free);
+            if (!ret)
+                goto err;
+        } else {
+            X509V3err(X509V3_F_NOTICE_SECTION, X509V3_R_INVALID_OPTION);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+    }
+
+    if (not->noticeref &&
+        (!not->noticeref->noticenos || !not->noticeref->organization)) {
+        X509V3err(X509V3_F_NOTICE_SECTION,
+                  X509V3_R_NEED_ORGANIZATION_AND_NUMBERS);
+        goto err;
+    }
+
+    return qual;
+
+ merr:
+    X509V3err(X509V3_F_NOTICE_SECTION, ERR_R_MALLOC_FAILURE);
+
+ err:
+    POLICYQUALINFO_free(qual);
+    return NULL;
 }
 
 static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos)
 {
-	CONF_VALUE *cnf;
-	ASN1_INTEGER *aint;
-
-	int i;
-
-	for(i = 0; i < sk_CONF_VALUE_num(nos); i++) {
-		cnf = sk_CONF_VALUE_value(nos, i);
-		if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
-			X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER);
-			goto err;
-		}
-		if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr;
-	}
-	return 1;
-
-	merr:
-	X509V3err(X509V3_F_NREF_NOS,ERR_R_MALLOC_FAILURE);
-
-	err:
-	sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
-	return 0;
+    CONF_VALUE *cnf;
+    ASN1_INTEGER *aint;
+
+    int i;
+
+    for (i = 0; i < sk_CONF_VALUE_num(nos); i++) {
+        cnf = sk_CONF_VALUE_value(nos, i);
+        if (!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) {
+            X509V3err(X509V3_F_NREF_NOS, X509V3_R_INVALID_NUMBER);
+            goto err;
+        }
+        if (!sk_ASN1_INTEGER_push(nnums, aint))
+            goto merr;
+    }
+    return 1;
+
+ merr:
+    X509V3err(X509V3_F_NREF_NOS, ERR_R_MALLOC_FAILURE);
+
+ err:
+    sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free);
+    return 0;
 }
 
-
 static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
-		BIO *out, int indent)
+                       BIO *out, int indent)
 {
-	int i;
-	POLICYINFO *pinfo;
-	/* First print out the policy OIDs */
-	for(i = 0; i < sk_POLICYINFO_num(pol); i++) {
-		pinfo = sk_POLICYINFO_value(pol, i);
-		BIO_printf(out, "%*sPolicy: ", indent, "");
-		i2a_ASN1_OBJECT(out, pinfo->policyid);
-		BIO_puts(out, "\n");
-		if(pinfo->qualifiers)
-			 print_qualifiers(out, pinfo->qualifiers, indent + 2);
-	}
-	return 1;
+    int i;
+    POLICYINFO *pinfo;
+    /* First print out the policy OIDs */
+    for (i = 0; i < sk_POLICYINFO_num(pol); i++) {
+        pinfo = sk_POLICYINFO_value(pol, i);
+        BIO_printf(out, "%*sPolicy: ", indent, "");
+        i2a_ASN1_OBJECT(out, pinfo->policyid);
+        BIO_puts(out, "\n");
+        if (pinfo->qualifiers)
+            print_qualifiers(out, pinfo->qualifiers, indent + 2);
+    }
+    return 1;
 }
 
 static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals,
-		int indent)
+                             int indent)
 {
-	POLICYQUALINFO *qualinfo;
-	int i;
-	for(i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
-		qualinfo = sk_POLICYQUALINFO_value(quals, i);
-		switch(OBJ_obj2nid(qualinfo->pqualid))
-		{
-			case NID_id_qt_cps:
-			BIO_printf(out, "%*sCPS: %s\n", indent, "",
-						qualinfo->d.cpsuri->data);
-			break;
-		
-			case NID_id_qt_unotice:
-			BIO_printf(out, "%*sUser Notice:\n", indent, "");
-			print_notice(out, qualinfo->d.usernotice, indent + 2);
-			break;
-
-			default:
-			BIO_printf(out, "%*sUnknown Qualifier: ",
-							 indent + 2, "");
-			
-			i2a_ASN1_OBJECT(out, qualinfo->pqualid);
-			BIO_puts(out, "\n");
-			break;
-		}
-	}
+    POLICYQUALINFO *qualinfo;
+    int i;
+    for (i = 0; i < sk_POLICYQUALINFO_num(quals); i++) {
+        qualinfo = sk_POLICYQUALINFO_value(quals, i);
+        switch (OBJ_obj2nid(qualinfo->pqualid)) {
+        case NID_id_qt_cps:
+            BIO_printf(out, "%*sCPS: %s\n", indent, "",
+                       qualinfo->d.cpsuri->data);
+            break;
+
+        case NID_id_qt_unotice:
+            BIO_printf(out, "%*sUser Notice:\n", indent, "");
+            print_notice(out, qualinfo->d.usernotice, indent + 2);
+            break;
+
+        default:
+            BIO_printf(out, "%*sUnknown Qualifier: ", indent + 2, "");
+
+            i2a_ASN1_OBJECT(out, qualinfo->pqualid);
+            BIO_puts(out, "\n");
+            break;
+        }
+    }
 }
 
 static void print_notice(BIO *out, USERNOTICE *notice, int indent)
 {
-	int i;
-	if(notice->noticeref) {
-		NOTICEREF *ref;
-		ref = notice->noticeref;
-		BIO_printf(out, "%*sOrganization: %s\n", indent, "",
-						 ref->organization->data);
-		BIO_printf(out, "%*sNumber%s: ", indent, "",
-			   sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
-		for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
-			ASN1_INTEGER *num;
-			char *tmp;
-			num = sk_ASN1_INTEGER_value(ref->noticenos, i);
-			if(i) BIO_puts(out, ", ");
-			tmp = i2s_ASN1_INTEGER(NULL, num);
-			BIO_puts(out, tmp);
-			OPENSSL_free(tmp);
-		}
-		BIO_puts(out, "\n");
-	}
-	if(notice->exptext)
-		BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
-							 notice->exptext->data);
+    int i;
+    if (notice->noticeref) {
+        NOTICEREF *ref;
+        ref = notice->noticeref;
+        BIO_printf(out, "%*sOrganization: %s\n", indent, "",
+                   ref->organization->data);
+        BIO_printf(out, "%*sNumber%s: ", indent, "",
+                   sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "");
+        for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) {
+            ASN1_INTEGER *num;
+            char *tmp;
+            num = sk_ASN1_INTEGER_value(ref->noticenos, i);
+            if (i)
+                BIO_puts(out, ", ");
+            tmp = i2s_ASN1_INTEGER(NULL, num);
+            BIO_puts(out, tmp);
+            OPENSSL_free(tmp);
+        }
+        BIO_puts(out, "\n");
+    }
+    if (notice->exptext)
+        BIO_printf(out, "%*sExplicit Text: %s\n", indent, "",
+                   notice->exptext->data);
 }
 
 void X509_POLICY_NODE_print(BIO *out, X509_POLICY_NODE *node, int indent)
-	{
-	const X509_POLICY_DATA *dat = node->data;
-
-	BIO_printf(out, "%*sPolicy: ", indent, "");
-			
-	i2a_ASN1_OBJECT(out, dat->valid_policy);
-	BIO_puts(out, "\n");
-	BIO_printf(out, "%*s%s\n", indent + 2, "",
-		node_data_critical(dat) ? "Critical" : "Non Critical");
-	if (dat->qualifier_set)
-		print_qualifiers(out, dat->qualifier_set, indent + 2);
-	else
-		BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
-	}
-	
+{
+    const X509_POLICY_DATA *dat = node->data;
+
+    BIO_printf(out, "%*sPolicy: ", indent, "");
+
+    i2a_ASN1_OBJECT(out, dat->valid_policy);
+    BIO_puts(out, "\n");
+    BIO_printf(out, "%*s%s\n", indent + 2, "",
+               node_data_critical(dat) ? "Critical" : "Non Critical");
+    if (dat->qualifier_set)
+        print_qualifiers(out, dat->qualifier_set, indent + 2);
+    else
+        BIO_printf(out, "%*sNo Qualifiers\n", indent + 2, "");
+}
+
 IMPLEMENT_STACK_OF(X509_POLICY_NODE)
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c
index 181a8977..6c8ec980 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_crld.c
@@ -1,6 +1,7 @@
 /* v3_crld.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,99 +65,113 @@
 #include <openssl/x509v3.h>
 
 static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
-		STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *extlist);
+                                      STACK_OF(DIST_POINT) *crld,
+                                      STACK_OF(CONF_VALUE) *extlist);
 static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+                                      X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *nval);
 
 const X509V3_EXT_METHOD v3_crld = {
-NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_crld,
-(X509V3_EXT_V2I)v2i_crld,
-0,0,
-NULL
+    NID_crl_distribution_points, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(CRL_DIST_POINTS),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_crld,
+    (X509V3_EXT_V2I)v2i_crld,
+    0, 0,
+    NULL
 };
 
 static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method,
-			STACK_OF(DIST_POINT) *crld, STACK_OF(CONF_VALUE) *exts)
+                                      STACK_OF(DIST_POINT) *crld,
+                                      STACK_OF(CONF_VALUE) *exts)
 {
-	DIST_POINT *point;
-	int i;
-	for(i = 0; i < sk_DIST_POINT_num(crld); i++) {
-		point = sk_DIST_POINT_value(crld, i);
-		if(point->distpoint) {
-			if(point->distpoint->type == 0)
-				exts = i2v_GENERAL_NAMES(NULL,
-					 point->distpoint->name.fullname, exts);
-		        else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts);
-		}
-		if(point->reasons) 
-			X509V3_add_value("reasons","<UNSUPPORTED>", &exts);
-		if(point->CRLissuer)
-			X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts);
-	}
-	return exts;
+    DIST_POINT *point;
+    int i;
+    for (i = 0; i < sk_DIST_POINT_num(crld); i++) {
+        point = sk_DIST_POINT_value(crld, i);
+        if (point->distpoint) {
+            if (point->distpoint->type == 0)
+                exts = i2v_GENERAL_NAMES(NULL,
+                                         point->distpoint->name.fullname,
+                                         exts);
+            else
+                X509V3_add_value("RelativeName", "<UNSUPPORTED>", &exts);
+        }
+        if (point->reasons)
+            X509V3_add_value("reasons", "<UNSUPPORTED>", &exts);
+        if (point->CRLissuer)
+            X509V3_add_value("CRLissuer", "<UNSUPPORTED>", &exts);
+    }
+    return exts;
 }
 
 static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                                      X509V3_CTX *ctx,
+                                      STACK_OF(CONF_VALUE) *nval)
 {
-	STACK_OF(DIST_POINT) *crld = NULL;
-	GENERAL_NAMES *gens = NULL;
-	GENERAL_NAME *gen = NULL;
-	CONF_VALUE *cnf;
-	int i;
-	if(!(crld = sk_DIST_POINT_new_null())) goto merr;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		DIST_POINT *point;
-		cnf = sk_CONF_VALUE_value(nval, i);
-		if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 
-		if(!(gens = GENERAL_NAMES_new())) goto merr;
-		if(!sk_GENERAL_NAME_push(gens, gen)) goto merr;
-		gen = NULL;
-		if(!(point = DIST_POINT_new())) goto merr;
-		if(!sk_DIST_POINT_push(crld, point)) {
-			DIST_POINT_free(point);
-			goto merr;
-		}
-		if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr;
-		point->distpoint->name.fullname = gens;
-		point->distpoint->type = 0;
-		gens = NULL;
-	}
-	return crld;
+    STACK_OF(DIST_POINT) *crld = NULL;
+    GENERAL_NAMES *gens = NULL;
+    GENERAL_NAME *gen = NULL;
+    CONF_VALUE *cnf;
+    int i;
+    if (!(crld = sk_DIST_POINT_new_null()))
+        goto merr;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        DIST_POINT *point;
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
+            goto err;
+        if (!(gens = GENERAL_NAMES_new()))
+            goto merr;
+        if (!sk_GENERAL_NAME_push(gens, gen))
+            goto merr;
+        gen = NULL;
+        if (!(point = DIST_POINT_new()))
+            goto merr;
+        if (!sk_DIST_POINT_push(crld, point)) {
+            DIST_POINT_free(point);
+            goto merr;
+        }
+        if (!(point->distpoint = DIST_POINT_NAME_new()))
+            goto merr;
+        point->distpoint->name.fullname = gens;
+        point->distpoint->type = 0;
+        gens = NULL;
+    }
+    return crld;
 
-	merr:
-	X509V3err(X509V3_F_V2I_CRLD,ERR_R_MALLOC_FAILURE);
-	err:
-	GENERAL_NAME_free(gen);
-	GENERAL_NAMES_free(gens);
-	sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
-	return NULL;
+ merr:
+    X509V3err(X509V3_F_V2I_CRLD, ERR_R_MALLOC_FAILURE);
+ err:
+    GENERAL_NAME_free(gen);
+    GENERAL_NAMES_free(gens);
+    sk_DIST_POINT_pop_free(crld, DIST_POINT_free);
+    return NULL;
 }
 
 IMPLEMENT_STACK_OF(DIST_POINT)
+
 IMPLEMENT_ASN1_SET_OF(DIST_POINT)
 
 
 ASN1_CHOICE(DIST_POINT_NAME) = {
-	ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
-	ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
+        ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0),
+        ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1)
 } ASN1_CHOICE_END(DIST_POINT_NAME)
 
 IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME)
 
 ASN1_SEQUENCE(DIST_POINT) = {
-	ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
-	ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
-	ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
+        ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0),
+        ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1),
+        ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2)
 } ASN1_SEQUENCE_END(DIST_POINT)
 
 IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT)
 
-ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
+ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CRLDistributionPoints, DIST_POINT)
 ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS)
 
 IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS)
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c
index 36576eaa..aa91c5d6 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_enum.c
@@ -1,6 +1,7 @@
 /* v3_enum.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -61,34 +62,34 @@
 #include <openssl/x509v3.h>
 
 static ENUMERATED_NAMES crl_reasons[] = {
-{0, "Unspecified", "unspecified"},
-{1, "Key Compromise", "keyCompromise"},
-{2, "CA Compromise", "CACompromise"},
-{3, "Affiliation Changed", "affiliationChanged"},
-{4, "Superseded", "superseded"},
-{5, "Cessation Of Operation", "cessationOfOperation"},
-{6, "Certificate Hold", "certificateHold"},
-{8, "Remove From CRL", "removeFromCRL"},
-{-1, NULL, NULL}
+    {0, "Unspecified", "unspecified"},
+    {1, "Key Compromise", "keyCompromise"},
+    {2, "CA Compromise", "CACompromise"},
+    {3, "Affiliation Changed", "affiliationChanged"},
+    {4, "Superseded", "superseded"},
+    {5, "Cessation Of Operation", "cessationOfOperation"},
+    {6, "Certificate Hold", "certificateHold"},
+    {8, "Remove From CRL", "removeFromCRL"},
+    {-1, NULL, NULL}
 };
 
-const X509V3_EXT_METHOD v3_crl_reason = { 
-NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
-0,0,0,0,
-(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
-0,
-0,0,0,0,
-crl_reasons};
-
+const X509V3_EXT_METHOD v3_crl_reason = {
+    NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE,
+    0,
+    0, 0, 0, 0,
+    crl_reasons
+};
 
-char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method,
-	     ASN1_ENUMERATED *e)
+char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *e)
 {
-	ENUMERATED_NAMES *enam;
-	long strval;
-	strval = ASN1_ENUMERATED_get(e);
-	for(enam = method->usr_data; enam->lname; enam++) {
-		if(strval == enam->bitnum) return BUF_strdup(enam->lname);
-	}
-	return i2s_ASN1_ENUMERATED(method, e);
+    ENUMERATED_NAMES *enam;
+    long strval;
+    strval = ASN1_ENUMERATED_get(e);
+    for (enam = method->usr_data; enam->lname; enam++) {
+        if (strval == enam->bitnum)
+            return BUF_strdup(enam->lname);
+    }
+    return i2s_ASN1_ENUMERATED(method, e);
 }
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c
index c0d14500..02201740 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_extku.c
@@ -1,6 +1,7 @@
 /* v3_extku.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,7 +57,6 @@
  *
  */
 
-
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
@@ -64,79 +64,88 @@
 #include <openssl/x509v3.h>
 
 static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *nval);
 static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-		void *eku, STACK_OF(CONF_VALUE) *extlist);
+                                                    void *eku,
+                                                    STACK_OF(CONF_VALUE)
+                                                    *extlist);
 
 const X509V3_EXT_METHOD v3_ext_ku = {
-	NID_ext_key_usage, 0,
-	ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
-	0,0,0,0,
-	0,0,
-	i2v_EXTENDED_KEY_USAGE,
-	v2i_EXTENDED_KEY_USAGE,
-	0,0,
-	NULL
+    NID_ext_key_usage, 0,
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_EXTENDED_KEY_USAGE,
+    v2i_EXTENDED_KEY_USAGE,
+    0, 0,
+    NULL
 };
 
 /* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
 const X509V3_EXT_METHOD v3_ocsp_accresp = {
-	NID_id_pkix_OCSP_acceptableResponses, 0,
-	ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
-	0,0,0,0,
-	0,0,
-	i2v_EXTENDED_KEY_USAGE,
-	v2i_EXTENDED_KEY_USAGE,
-	0,0,
-	NULL
+    NID_id_pkix_OCSP_acceptableResponses, 0,
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_EXTENDED_KEY_USAGE,
+    v2i_EXTENDED_KEY_USAGE,
+    0, 0,
+    NULL
 };
 
-ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
+ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT)
 ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE)
 
 IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
 
 static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-		void *a, STACK_OF(CONF_VALUE) *ext_list)
+                                                    void *a,
+                                                    STACK_OF(CONF_VALUE)
+                                                    *ext_list)
 {
-	EXTENDED_KEY_USAGE *eku = a;
-	int i;
-	ASN1_OBJECT *obj;
-	char obj_tmp[80];
-	for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
-		obj = sk_ASN1_OBJECT_value(eku, i);
-		i2t_ASN1_OBJECT(obj_tmp, 80, obj);
-		X509V3_add_value(NULL, obj_tmp, &ext_list);
-	}
-	return ext_list;
+    EXTENDED_KEY_USAGE *eku = a;
+    int i;
+    ASN1_OBJECT *obj;
+    char obj_tmp[80];
+    for (i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+        obj = sk_ASN1_OBJECT_value(eku, i);
+        i2t_ASN1_OBJECT(obj_tmp, 80, obj);
+        X509V3_add_value(NULL, obj_tmp, &ext_list);
+    }
+    return ext_list;
 }
 
 static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *nval)
 {
-	EXTENDED_KEY_USAGE *extku;
-	char *extval;
-	ASN1_OBJECT *objtmp;
-	CONF_VALUE *val;
-	int i;
+    EXTENDED_KEY_USAGE *extku;
+    char *extval;
+    ASN1_OBJECT *objtmp;
+    CONF_VALUE *val;
+    int i;
 
-	if(!(extku = sk_ASN1_OBJECT_new_null())) {
-		X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
+    if (!(extku = sk_ASN1_OBJECT_new_null())) {
+        X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
 
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		val = sk_CONF_VALUE_value(nval, i);
-		if(val->value) extval = val->value;
-		else extval = val->name;
-		if(!(objtmp = OBJ_txt2obj(extval, 0))) {
-			sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
-			X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-			X509V3_conf_err(val);
-			return NULL;
-		}
-		sk_ASN1_OBJECT_push(extku, objtmp);
-	}
-	return extku;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (val->value)
+            extval = val->value;
+        else
+            extval = val->name;
+        if (!(objtmp = OBJ_txt2obj(extval, 0))) {
+            sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
+            X509V3err(X509V3_F_V2I_EXTENDED_KEY_USAGE,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            return NULL;
+        }
+        sk_ASN1_OBJECT_push(extku, objtmp);
+    }
+    return extku;
 }
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c
index 84b4b1c8..760b3040 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_genn.c
@@ -1,6 +1,7 @@
 /* v3_genn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,7 +57,6 @@
  *
  */
 
-
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
@@ -64,38 +64,38 @@
 #include <openssl/x509v3.h>
 
 ASN1_SEQUENCE(OTHERNAME) = {
-	ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
-	/* Maybe have a true ANY DEFINED BY later */
-	ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
+        ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT),
+        /* Maybe have a true ANY DEFINED BY later */
+        ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0)
 } ASN1_SEQUENCE_END(OTHERNAME)
 
 IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME)
 
 ASN1_SEQUENCE(EDIPARTYNAME) = {
-	ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
-	ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
+        ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0),
+        ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1)
 } ASN1_SEQUENCE_END(EDIPARTYNAME)
 
 IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME)
 
 ASN1_CHOICE(GENERAL_NAME) = {
-	ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
-	ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
-	ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
-	/* Don't decode this */
-	ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
-	/* X509_NAME is a CHOICE type so use EXPLICIT */
-	ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
-	ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
-	ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
-	ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
-	ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
+        ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME),
+        ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL),
+        ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS),
+        /* Don't decode this */
+        ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400),
+        /* X509_NAME is a CHOICE type so use EXPLICIT */
+        ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME),
+        ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY),
+        ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI),
+        ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD),
+        ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID)
 } ASN1_CHOICE_END(GENERAL_NAME)
 
 IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME)
 
-ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
+ASN1_ITEM_TEMPLATE(GENERAL_NAMES) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME)
 ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES)
 
 IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES)
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c
index 4ff12b52..c170a55f 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ia5.c
@@ -1,6 +1,7 @@
 /* v3_ia5.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,61 +57,63 @@
  *
  */
 
-
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
 #include <openssl/conf.h>
 #include <openssl/x509v3.h>
 
-static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5);
-static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-const X509V3_EXT_METHOD v3_ns_ia5_list[] = { 
-EXT_IA5STRING(NID_netscape_base_url),
-EXT_IA5STRING(NID_netscape_revocation_url),
-EXT_IA5STRING(NID_netscape_ca_revocation_url),
-EXT_IA5STRING(NID_netscape_renewal_url),
-EXT_IA5STRING(NID_netscape_ca_policy_url),
-EXT_IA5STRING(NID_netscape_ssl_server_name),
-EXT_IA5STRING(NID_netscape_comment),
-EXT_END
+static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+                                ASN1_IA5STRING *ia5);
+static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
+                                          X509V3_CTX *ctx, char *str);
+const X509V3_EXT_METHOD v3_ns_ia5_list[] = {
+    EXT_IA5STRING(NID_netscape_base_url),
+    EXT_IA5STRING(NID_netscape_revocation_url),
+    EXT_IA5STRING(NID_netscape_ca_revocation_url),
+    EXT_IA5STRING(NID_netscape_renewal_url),
+    EXT_IA5STRING(NID_netscape_ca_policy_url),
+    EXT_IA5STRING(NID_netscape_ssl_server_name),
+    EXT_IA5STRING(NID_netscape_comment),
+    EXT_END
 };
 
-
 static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
-	     ASN1_IA5STRING *ia5)
+                                ASN1_IA5STRING *ia5)
 {
-	char *tmp;
-	if(!ia5 || !ia5->length) return NULL;
-	if(!(tmp = OPENSSL_malloc(ia5->length + 1))) {
-		X509V3err(X509V3_F_I2S_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	memcpy(tmp, ia5->data, ia5->length);
-	tmp[ia5->length] = 0;
-	return tmp;
+    char *tmp;
+    if (!ia5 || !ia5->length)
+        return NULL;
+    if (!(tmp = OPENSSL_malloc(ia5->length + 1))) {
+        X509V3err(X509V3_F_I2S_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    memcpy(tmp, ia5->data, ia5->length);
+    tmp[ia5->length] = 0;
+    return tmp;
 }
 
 static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, char *str)
+                                          X509V3_CTX *ctx, char *str)
 {
-	ASN1_IA5STRING *ia5;
-	if(!str) {
-		X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT);
-		return NULL;
-	}
-	if(!(ia5 = M_ASN1_IA5STRING_new())) goto err;
-	if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str,
-			    strlen(str))) {
-		M_ASN1_IA5STRING_free(ia5);
-		goto err;
-	}
+    ASN1_IA5STRING *ia5;
+    if (!str) {
+        X509V3err(X509V3_F_S2I_ASN1_IA5STRING,
+                  X509V3_R_INVALID_NULL_ARGUMENT);
+        return NULL;
+    }
+    if (!(ia5 = M_ASN1_IA5STRING_new()))
+        goto err;
+    if (!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char *)str,
+                         strlen(str))) {
+        M_ASN1_IA5STRING_free(ia5);
+        goto err;
+    }
 #ifdef CHARSET_EBCDIC
-        ebcdic2ascii(ia5->data, ia5->data, ia5->length);
-#endif /*CHARSET_EBCDIC*/
-	return ia5;
-	err:
-	X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE);
-	return NULL;
+    ebcdic2ascii(ia5->data, ia5->data, ia5->length);
+#endif                          /* CHARSET_EBCDIC */
+    return ia5;
+ err:
+    X509V3err(X509V3_F_S2I_ASN1_IA5STRING, ERR_R_MALLOC_FAILURE);
+    return NULL;
 }
-
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c
index e1b8699f..e052a34b 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_info.c
@@ -1,6 +1,7 @@
 /* v3_info.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -63,131 +64,147 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-				AUTHORITY_INFO_ACCESS *ainfo,
-						STACK_OF(CONF_VALUE) *ret);
-static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+                                                       *method, AUTHORITY_INFO_ACCESS
+                                                       *ainfo, STACK_OF(CONF_VALUE)
+                                                       *ret);
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+                                                        *method,
+                                                        X509V3_CTX *ctx,
+                                                        STACK_OF(CONF_VALUE)
+                                                        *nval);
 
-const X509V3_EXT_METHOD v3_info =
-{ NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
-(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
-0,0,
-NULL};
+const X509V3_EXT_METHOD v3_info = { NID_info_access, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS,
+    (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+    0, 0,
+    NULL
+};
 
-const X509V3_EXT_METHOD v3_sinfo =
-{ NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
-(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
-0,0,
-NULL};
+const X509V3_EXT_METHOD v3_sinfo = { NID_sinfo_access, X509V3_EXT_MULTILINE,
+    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+    0, 0, 0, 0,
+    0, 0,
+    (X509V3_EXT_I2V) i2v_AUTHORITY_INFO_ACCESS,
+    (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+    0, 0,
+    NULL
+};
 
 ASN1_SEQUENCE(ACCESS_DESCRIPTION) = {
-	ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
-	ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
+        ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT),
+        ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME)
 } ASN1_SEQUENCE_END(ACCESS_DESCRIPTION)
 
 IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION)
 
-ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
+ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION)
 ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS)
 
 IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS)
 
-static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-				AUTHORITY_INFO_ACCESS *ainfo,
-						STACK_OF(CONF_VALUE) *ret)
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+                                                       *method, AUTHORITY_INFO_ACCESS
+                                                       *ainfo, STACK_OF(CONF_VALUE)
+                                                       *ret)
 {
-	ACCESS_DESCRIPTION *desc;
-	int i,nlen;
-	char objtmp[80], *ntmp;
-	CONF_VALUE *vtmp;
-	for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
-		desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
-		ret = i2v_GENERAL_NAME(method, desc->location, ret);
-		if(!ret) break;
-		vtmp = sk_CONF_VALUE_value(ret, i);
-		i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
-		nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
-		ntmp = OPENSSL_malloc(nlen);
-		if(!ntmp) {
-			X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
-					ERR_R_MALLOC_FAILURE);
-			return NULL;
-		}
-		BUF_strlcpy(ntmp, objtmp, nlen);
-		BUF_strlcat(ntmp, " - ", nlen);
-		BUF_strlcat(ntmp, vtmp->name, nlen);
-		OPENSSL_free(vtmp->name);
-		vtmp->name = ntmp;
-		
-	}
-	if(!ret) return sk_CONF_VALUE_new_null();
-	return ret;
+    ACCESS_DESCRIPTION *desc;
+    int i, nlen;
+    char objtmp[80], *ntmp;
+    CONF_VALUE *vtmp;
+    for (i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
+        desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
+        ret = i2v_GENERAL_NAME(method, desc->location, ret);
+        if (!ret)
+            break;
+        vtmp = sk_CONF_VALUE_value(ret, i);
+        i2t_ASN1_OBJECT(objtmp, sizeof objtmp, desc->method);
+        nlen = strlen(objtmp) + strlen(vtmp->name) + 5;
+        ntmp = OPENSSL_malloc(nlen);
+        if (!ntmp) {
+            X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
+                      ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        BUF_strlcpy(ntmp, objtmp, nlen);
+        BUF_strlcat(ntmp, " - ", nlen);
+        BUF_strlcat(ntmp, vtmp->name, nlen);
+        OPENSSL_free(vtmp->name);
+        vtmp->name = ntmp;
+
+    }
+    if (!ret)
+        return sk_CONF_VALUE_new_null();
+    return ret;
 }
 
-static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
-				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD
+                                                        *method,
+                                                        X509V3_CTX *ctx,
+                                                        STACK_OF(CONF_VALUE)
+                                                        *nval)
 {
-	AUTHORITY_INFO_ACCESS *ainfo = NULL;
-	CONF_VALUE *cnf, ctmp;
-	ACCESS_DESCRIPTION *acc;
-	int i, objlen;
-	char *objtmp, *ptmp;
-	if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
-		X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		cnf = sk_CONF_VALUE_value(nval, i);
-		if(!(acc = ACCESS_DESCRIPTION_new())
-			|| !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
-			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		ptmp = strchr(cnf->name, ';');
-		if(!ptmp) {
-			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_INVALID_SYNTAX);
-			goto err;
-		}
-		objlen = ptmp - cnf->name;
-		ctmp.name = ptmp + 1;
-		ctmp.value = cnf->value;
-		if(!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
-								 goto err; 
-		if(!(objtmp = OPENSSL_malloc(objlen + 1))) {
-			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,ERR_R_MALLOC_FAILURE);
-			goto err;
-		}
-		strncpy(objtmp, cnf->name, objlen);
-		objtmp[objlen] = 0;
-		acc->method = OBJ_txt2obj(objtmp, 0);
-		if(!acc->method) {
-			X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,X509V3_R_BAD_OBJECT);
-			ERR_add_error_data(2, "value=", objtmp);
-			OPENSSL_free(objtmp);
-			goto err;
-		}
-		OPENSSL_free(objtmp);
+    AUTHORITY_INFO_ACCESS *ainfo = NULL;
+    CONF_VALUE *cnf, ctmp;
+    ACCESS_DESCRIPTION *acc;
+    int i, objlen;
+    char *objtmp, *ptmp;
+    if (!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) {
+        X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!(acc = ACCESS_DESCRIPTION_new())
+            || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        ptmp = strchr(cnf->name, ';');
+        if (!ptmp) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      X509V3_R_INVALID_SYNTAX);
+            goto err;
+        }
+        objlen = ptmp - cnf->name;
+        ctmp.name = ptmp + 1;
+        ctmp.value = cnf->value;
+        if (!v2i_GENERAL_NAME_ex(acc->location, method, ctx, &ctmp, 0))
+            goto err;
+        if (!(objtmp = OPENSSL_malloc(objlen + 1))) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      ERR_R_MALLOC_FAILURE);
+            goto err;
+        }
+        strncpy(objtmp, cnf->name, objlen);
+        objtmp[objlen] = 0;
+        acc->method = OBJ_txt2obj(objtmp, 0);
+        if (!acc->method) {
+            X509V3err(X509V3_F_V2I_AUTHORITY_INFO_ACCESS,
+                      X509V3_R_BAD_OBJECT);
+            ERR_add_error_data(2, "value=", objtmp);
+            OPENSSL_free(objtmp);
+            goto err;
+        }
+        OPENSSL_free(objtmp);
 
-	}
-	return ainfo;
-	err:
-	sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
-	return NULL;
+    }
+    return ainfo;
+ err:
+    sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
+    return NULL;
 }
 
-int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
-        {
-	i2a_ASN1_OBJECT(bp, a->method);
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION *a)
+{
+    i2a_ASN1_OBJECT(bp, a->method);
 #ifdef UNDEF
-	i2a_GENERAL_NAME(bp, a->location);
+    i2a_GENERAL_NAME(bp, a->location);
 #endif
-	return 2;
-	}
+    return 2;
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c
index 4bfd14cf..8bfdb37e 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_int.c
@@ -1,6 +1,7 @@
 /* v3_int.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -60,30 +61,32 @@
 #include "cryptlib.h"
 #include <openssl/x509v3.h>
 
-const X509V3_EXT_METHOD v3_crl_num = { 
-	NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
-	0,0,0,0,
-	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
-	0,
-	0,0,0,0, NULL};
+const X509V3_EXT_METHOD v3_crl_num = {
+    NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+    0,
+    0, 0, 0, 0, NULL
+};
 
-const X509V3_EXT_METHOD v3_delta_crl = { 
-	NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
-	0,0,0,0,
-	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
-	0,
-	0,0,0,0, NULL};
-
-static void * s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value)
-	{
-	return s2i_ASN1_INTEGER(meth, value);
-	}
-
-const X509V3_EXT_METHOD v3_inhibit_anyp = { 
-	NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),
-	0,0,0,0,
-	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
-	(X509V3_EXT_S2I)s2i_asn1_int,
-	0,0,0,0, NULL};
+const X509V3_EXT_METHOD v3_delta_crl = {
+    NID_delta_crl, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+    0,
+    0, 0, 0, 0, NULL
+};
 
+static void *s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx,
+                          char *value)
+{
+    return s2i_ASN1_INTEGER(meth, value);
+}
 
+const X509V3_EXT_METHOD v3_inhibit_anyp = {
+    NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+    (X509V3_EXT_S2I)s2i_asn1_int,
+    0, 0, 0, 0, NULL
+};
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c
index df3a48f4..e0c0b04f 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_lib.c
@@ -1,6 +1,7 @@
 /* v3_lib.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -66,111 +67,129 @@
 
 static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL;
 
-static int ext_cmp(const X509V3_EXT_METHOD * const *a,
-		const X509V3_EXT_METHOD * const *b);
+static int ext_cmp(const X509V3_EXT_METHOD *const *a,
+                   const X509V3_EXT_METHOD *const *b);
 static void ext_list_free(X509V3_EXT_METHOD *ext);
 
 int X509V3_EXT_add(X509V3_EXT_METHOD *ext)
 {
-	if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
-		X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
-		X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	return 1;
+    if (!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    if (!sk_X509V3_EXT_METHOD_push(ext_list, ext)) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    return 1;
 }
 
-static int ext_cmp(const X509V3_EXT_METHOD * const *a,
-		const X509V3_EXT_METHOD * const *b)
+static int ext_cmp(const X509V3_EXT_METHOD *const *a,
+                   const X509V3_EXT_METHOD *const *b)
 {
-	return ((*a)->ext_nid - (*b)->ext_nid);
+    return ((*a)->ext_nid - (*b)->ext_nid);
 }
 
 X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid)
 {
-	X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
-	int idx;
-	if(nid < 0) return NULL;
-	tmp.ext_nid = nid;
-	ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t,
-			(char *)standard_exts, STANDARD_EXTENSION_COUNT,
-			sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp);
-	if(ret) return *ret;
-	if(!ext_list) return NULL;
-	idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
-	if(idx == -1) return NULL;
-	return sk_X509V3_EXT_METHOD_value(ext_list, idx);
+    X509V3_EXT_METHOD tmp, *t = &tmp, **ret;
+    int idx;
+    if (nid < 0)
+        return NULL;
+    tmp.ext_nid = nid;
+    ret = (X509V3_EXT_METHOD **)OBJ_bsearch((char *)&t,
+                                            (char *)standard_exts,
+                                            STANDARD_EXTENSION_COUNT,
+                                            sizeof(X509V3_EXT_METHOD *),
+                                            (int (*)
+                                             (const void *,
+                                              const void *))ext_cmp);
+    if (ret)
+        return *ret;
+    if (!ext_list)
+        return NULL;
+    idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp);
+    if (idx == -1)
+        return NULL;
+    return sk_X509V3_EXT_METHOD_value(ext_list, idx);
 }
 
 X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext)
 {
-	int nid;
-	if((nid = OBJ_obj2nid(ext->object)) == NID_undef) return NULL;
-	return X509V3_EXT_get_nid(nid);
+    int nid;
+    if ((nid = OBJ_obj2nid(ext->object)) == NID_undef)
+        return NULL;
+    return X509V3_EXT_get_nid(nid);
 }
 
-
 int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist)
 {
-	for(;extlist->ext_nid!=-1;extlist++) 
-			if(!X509V3_EXT_add(extlist)) return 0;
-	return 1;
+    for (; extlist->ext_nid != -1; extlist++)
+        if (!X509V3_EXT_add(extlist))
+            return 0;
+    return 1;
 }
 
 int X509V3_EXT_add_alias(int nid_to, int nid_from)
 {
-	X509V3_EXT_METHOD *ext, *tmpext;
-	if(!(ext = X509V3_EXT_get_nid(nid_from))) {
-		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND);
-		return 0;
-	}
-	if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
-		X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	*tmpext = *ext;
-	tmpext->ext_nid = nid_to;
-	tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
-	return X509V3_EXT_add(tmpext);
+    X509V3_EXT_METHOD *ext, *tmpext;
+    if (!(ext = X509V3_EXT_get_nid(nid_from))) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,
+                  X509V3_R_EXTENSION_NOT_FOUND);
+        return 0;
+    }
+    if (!
+        (tmpext =
+         (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) {
+        X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    *tmpext = *ext;
+    tmpext->ext_nid = nid_to;
+    tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
+    return X509V3_EXT_add(tmpext);
 }
 
 void X509V3_EXT_cleanup(void)
 {
-	sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
-	ext_list = NULL;
+    sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free);
+    ext_list = NULL;
 }
 
 static void ext_list_free(X509V3_EXT_METHOD *ext)
 {
-	if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext);
+    if (ext->ext_flags & X509V3_EXT_DYNAMIC)
+        OPENSSL_free(ext);
 }
 
-/* Legacy function: we don't need to add standard extensions
- * any more because they are now kept in ext_dat.h.
+/*
+ * Legacy function: we don't need to add standard extensions any more because
+ * they are now kept in ext_dat.h.
  */
 
 int X509V3_add_standard_extensions(void)
 {
-	return 1;
+    return 1;
 }
 
 /* Return an extension internal structure */
 
 void *X509V3_EXT_d2i(X509_EXTENSION *ext)
 {
-	X509V3_EXT_METHOD *method;
-	const unsigned char *p;
-
-	if(!(method = X509V3_EXT_get(ext))) return NULL;
-	p = ext->value->data;
-	if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
-	return method->d2i(NULL, &p, ext->value->length);
+    X509V3_EXT_METHOD *method;
+    const unsigned char *p;
+
+    if (!(method = X509V3_EXT_get(ext)))
+        return NULL;
+    p = ext->value->data;
+    if (method->it)
+        return ASN1_item_d2i(NULL, &p, ext->value->length,
+                             ASN1_ITEM_ptr(method->it));
+    return method->d2i(NULL, &p, ext->value->length);
 }
 
-/* Get critical flag and decoded version of extension from a NID.
+/*-
+ * Get critical flag and decoded version of extension from a NID.
  * The "idx" variable returns the last found extension and can
  * be used to retrieve multiple extensions of the same NID.
  * However multiple extensions with the same NID is usually
@@ -185,119 +204,136 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext)
  * -2 extension occurs more than once.
  */
 
-void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx)
+void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit,
+                     int *idx)
 {
-	int lastpos, i;
-	X509_EXTENSION *ex, *found_ex = NULL;
-	if(!x) {
-		if(idx) *idx = -1;
-		if(crit) *crit = -1;
-		return NULL;
-	}
-	if(idx) lastpos = *idx + 1;
-	else lastpos = 0;
-	if(lastpos < 0) lastpos = 0;
-	for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++)
-	{
-		ex = sk_X509_EXTENSION_value(x, i);
-		if(OBJ_obj2nid(ex->object) == nid) {
-			if(idx) {
-				*idx = i;
-				found_ex = ex;
-				break;
-			} else if(found_ex) {
-				/* Found more than one */
-				if(crit) *crit = -2;
-				return NULL;
-			}
-			found_ex = ex;
-		}
-	}
-	if(found_ex) {
-		/* Found it */
-		if(crit) *crit = X509_EXTENSION_get_critical(found_ex);
-		return X509V3_EXT_d2i(found_ex);
-	}
-
-	/* Extension not found */
-	if(idx) *idx = -1;
-	if(crit) *crit = -1;
-	return NULL;
+    int lastpos, i;
+    X509_EXTENSION *ex, *found_ex = NULL;
+    if (!x) {
+        if (idx)
+            *idx = -1;
+        if (crit)
+            *crit = -1;
+        return NULL;
+    }
+    if (idx)
+        lastpos = *idx + 1;
+    else
+        lastpos = 0;
+    if (lastpos < 0)
+        lastpos = 0;
+    for (i = lastpos; i < sk_X509_EXTENSION_num(x); i++) {
+        ex = sk_X509_EXTENSION_value(x, i);
+        if (OBJ_obj2nid(ex->object) == nid) {
+            if (idx) {
+                *idx = i;
+                found_ex = ex;
+                break;
+            } else if (found_ex) {
+                /* Found more than one */
+                if (crit)
+                    *crit = -2;
+                return NULL;
+            }
+            found_ex = ex;
+        }
+    }
+    if (found_ex) {
+        /* Found it */
+        if (crit)
+            *crit = X509_EXTENSION_get_critical(found_ex);
+        return X509V3_EXT_d2i(found_ex);
+    }
+
+    /* Extension not found */
+    if (idx)
+        *idx = -1;
+    if (crit)
+        *crit = -1;
+    return NULL;
 }
 
-/* This function is a general extension append, replace and delete utility.
+/*
+ * This function is a general extension append, replace and delete utility.
  * The precise operation is governed by the 'flags' value. The 'crit' and
  * 'value' arguments (if relevant) are the extensions internal structure.
  */
 
 int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value,
-					int crit, unsigned long flags)
+                    int crit, unsigned long flags)
 {
-	int extidx = -1;
-	int errcode;
-	X509_EXTENSION *ext, *extmp;
-	unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
-
-	/* If appending we don't care if it exists, otherwise
-	 * look for existing extension.
-	 */
-	if(ext_op != X509V3_ADD_APPEND)
-		extidx = X509v3_get_ext_by_NID(*x, nid, -1);
-
-	/* See if extension exists */
-	if(extidx >= 0) {
-		/* If keep existing, nothing to do */
-		if(ext_op == X509V3_ADD_KEEP_EXISTING)
-			return 1;
-		/* If default then its an error */
-		if(ext_op == X509V3_ADD_DEFAULT) {
-			errcode = X509V3_R_EXTENSION_EXISTS;
-			goto err;
-		}
-		/* If delete, just delete it */
-		if(ext_op == X509V3_ADD_DELETE) {
-			if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1;
-			return 1;
-		}
-	} else {
-		/* If replace existing or delete, error since 
-		 * extension must exist
-		 */
-		if((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
-		   (ext_op == X509V3_ADD_DELETE)) {
-			errcode = X509V3_R_EXTENSION_NOT_FOUND;
-			goto err;
-		}
-	}
-
-	/* If we get this far then we have to create an extension:
-	 * could have some flags for alternative encoding schemes...
-	 */
-
-	ext = X509V3_EXT_i2d(nid, crit, value);
-
-	if(!ext) {
-		X509V3err(X509V3_F_X509V3_ADD1_I2D, X509V3_R_ERROR_CREATING_EXTENSION);
-		return 0;
-	}
-
-	/* If extension exists replace it.. */
-	if(extidx >= 0) {
-		extmp = sk_X509_EXTENSION_value(*x, extidx);
-		X509_EXTENSION_free(extmp);
-		if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1;
-		return 1;
-	}
-
-	if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1;
-	if(!sk_X509_EXTENSION_push(*x, ext)) return -1;
-
-	return 1;
-
-	err:
-	if(!(flags & X509V3_ADD_SILENT))
-		X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
-	return 0;
+    int extidx = -1;
+    int errcode;
+    X509_EXTENSION *ext, *extmp;
+    unsigned long ext_op = flags & X509V3_ADD_OP_MASK;
+
+    /*
+     * If appending we don't care if it exists, otherwise look for existing
+     * extension.
+     */
+    if (ext_op != X509V3_ADD_APPEND)
+        extidx = X509v3_get_ext_by_NID(*x, nid, -1);
+
+    /* See if extension exists */
+    if (extidx >= 0) {
+        /* If keep existing, nothing to do */
+        if (ext_op == X509V3_ADD_KEEP_EXISTING)
+            return 1;
+        /* If default then its an error */
+        if (ext_op == X509V3_ADD_DEFAULT) {
+            errcode = X509V3_R_EXTENSION_EXISTS;
+            goto err;
+        }
+        /* If delete, just delete it */
+        if (ext_op == X509V3_ADD_DELETE) {
+            if (!sk_X509_EXTENSION_delete(*x, extidx))
+                return -1;
+            return 1;
+        }
+    } else {
+        /*
+         * If replace existing or delete, error since extension must exist
+         */
+        if ((ext_op == X509V3_ADD_REPLACE_EXISTING) ||
+            (ext_op == X509V3_ADD_DELETE)) {
+            errcode = X509V3_R_EXTENSION_NOT_FOUND;
+            goto err;
+        }
+    }
+
+    /*
+     * If we get this far then we have to create an extension: could have
+     * some flags for alternative encoding schemes...
+     */
+
+    ext = X509V3_EXT_i2d(nid, crit, value);
+
+    if (!ext) {
+        X509V3err(X509V3_F_X509V3_ADD1_I2D,
+                  X509V3_R_ERROR_CREATING_EXTENSION);
+        return 0;
+    }
+
+    /* If extension exists replace it.. */
+    if (extidx >= 0) {
+        extmp = sk_X509_EXTENSION_value(*x, extidx);
+        X509_EXTENSION_free(extmp);
+        if (!sk_X509_EXTENSION_set(*x, extidx, ext))
+            return -1;
+        return 1;
+    }
+
+    if (!*x && !(*x = sk_X509_EXTENSION_new_null()))
+        return -1;
+    if (!sk_X509_EXTENSION_push(*x, ext))
+        return -1;
+
+    return 1;
+
+ err:
+    if (!(flags & X509V3_ADD_SILENT))
+        X509V3err(X509V3_F_X509V3_ADD1_I2D, errcode);
+    return 0;
 }
 
 IMPLEMENT_STACK_OF(X509V3_EXT_METHOD)
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c
index 624fe7e2..24c1b662 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ncons.c
@@ -1,5 +1,6 @@
 /* v3_ncons.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,7 +57,6 @@
  *
  */
 
-
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
@@ -64,156 +64,140 @@
 #include <openssl/x509v3.h>
 
 static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
-static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, 
-				void *a, BIO *bp, int ind);
+                                  X509V3_CTX *ctx,
+                                  STACK_OF(CONF_VALUE) *nval);
+static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method, void *a, BIO *bp,
+                                int ind);
 static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
-				STACK_OF(GENERAL_SUBTREE) *trees,
-					BIO *bp, int ind, char *name);
+                                   STACK_OF(GENERAL_SUBTREE) *trees, BIO *bp,
+                                   int ind, char *name);
 static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip);
 
 const X509V3_EXT_METHOD v3_name_constraints = {
-	NID_name_constraints, 0,
-	ASN1_ITEM_ref(NAME_CONSTRAINTS),
-	0,0,0,0,
-	0,0,
-	0, v2i_NAME_CONSTRAINTS,
-	i2r_NAME_CONSTRAINTS,0,
-	NULL
+    NID_name_constraints, 0,
+    ASN1_ITEM_ref(NAME_CONSTRAINTS),
+    0, 0, 0, 0,
+    0, 0,
+    0, v2i_NAME_CONSTRAINTS,
+    i2r_NAME_CONSTRAINTS, 0,
+    NULL
 };
 
 ASN1_SEQUENCE(GENERAL_SUBTREE) = {
-	ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME),
-	ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0),
-	ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1)
+        ASN1_SIMPLE(GENERAL_SUBTREE, base, GENERAL_NAME),
+        ASN1_IMP_OPT(GENERAL_SUBTREE, minimum, ASN1_INTEGER, 0),
+        ASN1_IMP_OPT(GENERAL_SUBTREE, maximum, ASN1_INTEGER, 1)
 } ASN1_SEQUENCE_END(GENERAL_SUBTREE)
 
 ASN1_SEQUENCE(NAME_CONSTRAINTS) = {
-	ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees,
-							GENERAL_SUBTREE, 0),
-	ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees,
-							GENERAL_SUBTREE, 1),
+        ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, permittedSubtrees,
+                                                        GENERAL_SUBTREE, 0),
+        ASN1_IMP_SEQUENCE_OF_OPT(NAME_CONSTRAINTS, excludedSubtrees,
+                                                        GENERAL_SUBTREE, 1),
 } ASN1_SEQUENCE_END(NAME_CONSTRAINTS)
-	
+
 
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(GENERAL_SUBTREE)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(NAME_CONSTRAINTS)
 
 static void *v2i_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
-	{
-	int i;
-	CONF_VALUE tval, *val;
-	STACK_OF(GENERAL_SUBTREE) **ptree = NULL;
-	NAME_CONSTRAINTS *ncons = NULL;
-	GENERAL_SUBTREE *sub = NULL;
-	ncons = NAME_CONSTRAINTS_new();
-	if (!ncons)
-		goto memerr;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++)
-		{
-		val = sk_CONF_VALUE_value(nval, i);
-		if (!strncmp(val->name, "permitted", 9) && val->name[9])
-			{
-			ptree = &ncons->permittedSubtrees;
-			tval.name = val->name + 10;
-			}
-		else if (!strncmp(val->name, "excluded", 8) && val->name[8])
-			{
-			ptree = &ncons->excludedSubtrees;
-			tval.name = val->name + 9;
-			}
-		else
-			{
-			X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX);
-			goto err;
-			}
-		tval.value = val->value;
-		sub = GENERAL_SUBTREE_new();
-		if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
-			goto err;
-		if (!*ptree)
-			*ptree = sk_GENERAL_SUBTREE_new_null();
-		if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))
-			goto memerr;
-		sub = NULL;
-		}
-
-	return ncons;
-
-	memerr:
-	X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
-	err:
-	if (ncons)
-		NAME_CONSTRAINTS_free(ncons);
-	if (sub)
-		GENERAL_SUBTREE_free(sub);
-
-	return NULL;
-	}
-			
-
-	
+                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+    int i;
+    CONF_VALUE tval, *val;
+    STACK_OF(GENERAL_SUBTREE) **ptree = NULL;
+    NAME_CONSTRAINTS *ncons = NULL;
+    GENERAL_SUBTREE *sub = NULL;
+    ncons = NAME_CONSTRAINTS_new();
+    if (!ncons)
+        goto memerr;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (!strncmp(val->name, "permitted", 9) && val->name[9]) {
+            ptree = &ncons->permittedSubtrees;
+            tval.name = val->name + 10;
+        } else if (!strncmp(val->name, "excluded", 8) && val->name[8]) {
+            ptree = &ncons->excludedSubtrees;
+            tval.name = val->name + 9;
+        } else {
+            X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, X509V3_R_INVALID_SYNTAX);
+            goto err;
+        }
+        tval.value = val->value;
+        sub = GENERAL_SUBTREE_new();
+        if (!v2i_GENERAL_NAME_ex(sub->base, method, ctx, &tval, 1))
+            goto err;
+        if (!*ptree)
+            *ptree = sk_GENERAL_SUBTREE_new_null();
+        if (!*ptree || !sk_GENERAL_SUBTREE_push(*ptree, sub))
+            goto memerr;
+        sub = NULL;
+    }
+
+    return ncons;
+
+ memerr:
+    X509V3err(X509V3_F_V2I_NAME_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+ err:
+    if (ncons)
+        NAME_CONSTRAINTS_free(ncons);
+    if (sub)
+        GENERAL_SUBTREE_free(sub);
+
+    return NULL;
+}
 
 static int i2r_NAME_CONSTRAINTS(X509V3_EXT_METHOD *method,
-				void *a, BIO *bp, int ind)
-	{
-	NAME_CONSTRAINTS *ncons = a;
-	do_i2r_name_constraints(method, ncons->permittedSubtrees,
-					bp, ind, "Permitted");
-	do_i2r_name_constraints(method, ncons->excludedSubtrees,
-					bp, ind, "Excluded");
-	return 1;
-	}
+                                void *a, BIO *bp, int ind)
+{
+    NAME_CONSTRAINTS *ncons = a;
+    do_i2r_name_constraints(method, ncons->permittedSubtrees,
+                            bp, ind, "Permitted");
+    do_i2r_name_constraints(method, ncons->excludedSubtrees,
+                            bp, ind, "Excluded");
+    return 1;
+}
 
 static int do_i2r_name_constraints(X509V3_EXT_METHOD *method,
-				STACK_OF(GENERAL_SUBTREE) *trees,
-					BIO *bp, int ind, char *name)
-	{
-	GENERAL_SUBTREE *tree;
-	int i;
-	if (sk_GENERAL_SUBTREE_num(trees) > 0)
-		BIO_printf(bp, "%*s%s:\n", ind, "", name);
-	for(i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++)
-		{
-		tree = sk_GENERAL_SUBTREE_value(trees, i);
-		BIO_printf(bp, "%*s", ind + 2, "");
-		if (tree->base->type == GEN_IPADD)
-			print_nc_ipadd(bp, tree->base->d.ip);
-		else
-			GENERAL_NAME_print(bp, tree->base);
-		BIO_puts(bp, "\n");
-		}
-	return 1;
-	}
+                                   STACK_OF(GENERAL_SUBTREE) *trees,
+                                   BIO *bp, int ind, char *name)
+{
+    GENERAL_SUBTREE *tree;
+    int i;
+    if (sk_GENERAL_SUBTREE_num(trees) > 0)
+        BIO_printf(bp, "%*s%s:\n", ind, "", name);
+    for (i = 0; i < sk_GENERAL_SUBTREE_num(trees); i++) {
+        tree = sk_GENERAL_SUBTREE_value(trees, i);
+        BIO_printf(bp, "%*s", ind + 2, "");
+        if (tree->base->type == GEN_IPADD)
+            print_nc_ipadd(bp, tree->base->d.ip);
+        else
+            GENERAL_NAME_print(bp, tree->base);
+        BIO_puts(bp, "\n");
+    }
+    return 1;
+}
 
 static int print_nc_ipadd(BIO *bp, ASN1_OCTET_STRING *ip)
-	{
-	int i, len;
-	unsigned char *p;
-	p = ip->data;
-	len = ip->length;
-	BIO_puts(bp, "IP:");
-	if(len == 8)
-		{
-		BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d",
-				p[0], p[1], p[2], p[3],
-				p[4], p[5], p[6], p[7]);
-		}
-	else if(len == 32)
-		{
-		for (i = 0; i < 16; i++)
-			{
-			BIO_printf(bp, "%X", p[0] << 8 | p[1]);
-			p += 2;
-			if (i == 7)
-				BIO_puts(bp, "/");
-			else if (i != 15)
-				BIO_puts(bp, ":");
-			}
-		}
-	else
-		BIO_printf(bp, "IP Address:<invalid>");
-	return 1;
-	}
-
+{
+    int i, len;
+    unsigned char *p;
+    p = ip->data;
+    len = ip->length;
+    BIO_puts(bp, "IP:");
+    if (len == 8) {
+        BIO_printf(bp, "%d.%d.%d.%d/%d.%d.%d.%d",
+                   p[0], p[1], p[2], p[3], p[4], p[5], p[6], p[7]);
+    } else if (len == 32) {
+        for (i = 0; i < 16; i++) {
+            BIO_printf(bp, "%X", p[0] << 8 | p[1]);
+            p += 2;
+            if (i == 7)
+                BIO_puts(bp, "/");
+            else if (i != 15)
+                BIO_puts(bp, ":");
+        }
+    } else
+        BIO_printf(bp, "IP Address:<invalid>");
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c
index 5c19cf41..e1b72f55 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c
@@ -1,6 +1,7 @@
 /* v3_ocsp.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -58,218 +59,253 @@
 
 #ifndef OPENSSL_NO_OCSP
 
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/ocsp.h>
-#include <openssl/x509v3.h>
+# include <stdio.h>
+# include "cryptlib.h"
+# include <openssl/conf.h>
+# include <openssl/asn1.h>
+# include <openssl/ocsp.h>
+# include <openssl/x509v3.h>
 
-/* OCSP extensions and a couple of CRL entry extensions
+/*
+ * OCSP extensions and a couple of CRL entry extensions
  */
 
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
-static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out,
+                          int indent);
+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out,
+                            int indent);
+static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out,
+                      int indent);
 
 static void *ocsp_nonce_new(void);
 static int i2d_ocsp_nonce(void *a, unsigned char **pp);
 static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
 static void ocsp_nonce_free(void *a);
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out,
+                          int indent);
 
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck,
+                            BIO *out, int indent);
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                              const char *str);
+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp,
+                               int ind);
 
 const X509V3_EXT_METHOD v3_ocsp_crlid = {
-	NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
-	0,0,0,0,
-	0,0,
-	0,0,
-	i2r_ocsp_crlid,0,
-	NULL
+    NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_crlid, 0,
+    NULL
 };
 
 const X509V3_EXT_METHOD v3_ocsp_acutoff = {
-	NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
-	0,0,0,0,
-	0,0,
-	0,0,
-	i2r_ocsp_acutoff,0,
-	NULL
+    NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_acutoff, 0,
+    NULL
 };
 
 const X509V3_EXT_METHOD v3_crl_invdate = {
-	NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
-	0,0,0,0,
-	0,0,
-	0,0,
-	i2r_ocsp_acutoff,0,
-	NULL
+    NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_acutoff, 0,
+    NULL
 };
 
 const X509V3_EXT_METHOD v3_crl_hold = {
-	NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
-	0,0,0,0,
-	0,0,
-	0,0,
-	i2r_object,0,
-	NULL
+    NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_object, 0,
+    NULL
 };
 
 const X509V3_EXT_METHOD v3_ocsp_nonce = {
-	NID_id_pkix_OCSP_Nonce, 0, NULL,
-	ocsp_nonce_new,
-	ocsp_nonce_free,
-	d2i_ocsp_nonce,
-	i2d_ocsp_nonce,
-	0,0,
-	0,0,
-	i2r_ocsp_nonce,0,
-	NULL
+    NID_id_pkix_OCSP_Nonce, 0, NULL,
+    ocsp_nonce_new,
+    ocsp_nonce_free,
+    d2i_ocsp_nonce,
+    i2d_ocsp_nonce,
+    0, 0,
+    0, 0,
+    i2r_ocsp_nonce, 0,
+    NULL
 };
 
 const X509V3_EXT_METHOD v3_ocsp_nocheck = {
-	NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
-	0,0,0,0,
-	0,s2i_ocsp_nocheck,
-	0,0,
-	i2r_ocsp_nocheck,0,
-	NULL
+    NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
+    0, 0, 0, 0,
+    0, s2i_ocsp_nocheck,
+    0, 0,
+    i2r_ocsp_nocheck, 0,
+    NULL
 };
 
 const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
-	NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
-	0,0,0,0,
-	0,0,
-	0,0,
-	i2r_ocsp_serviceloc,0,
-	NULL
+    NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    i2r_ocsp_serviceloc, 0,
+    NULL
 };
 
-static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp,
+                          int ind)
 {
-	OCSP_CRLID *a = in;
-	if (a->crlUrl)
-	        {
-		if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) goto err;
-		if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
-		if (BIO_write(bp, "\n", 1) <= 0) goto err;
-		}
-	if (a->crlNum)
-	        {
-		if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) goto err;
-		if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) goto err;
-		if (BIO_write(bp, "\n", 1) <= 0) goto err;
-		}
-	if (a->crlTime)
-	        {
-		if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) goto err;
-		if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
-		if (BIO_write(bp, "\n", 1) <= 0) goto err;
-		}
-	return 1;
-	err:
-	return 0;
+    OCSP_CRLID *a = in;
+    if (a->crlUrl) {
+        if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0)
+            goto err;
+        if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (a->crlNum) {
+        if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0)
+            goto err;
+        if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0)
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    if (a->crlTime) {
+        if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0)
+            goto err;
+        if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime))
+            goto err;
+        if (BIO_write(bp, "\n", 1) <= 0)
+            goto err;
+    }
+    return 1;
+ err:
+    return 0;
 }
 
-static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp,
+                            int ind)
 {
-	if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0;
-	if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
-	return 1;
+    if (BIO_printf(bp, "%*s", ind, "") <= 0)
+        return 0;
+    if (!ASN1_GENERALIZEDTIME_print(bp, cutoff))
+        return 0;
+    return 1;
 }
 
-
 static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
 {
-	if (BIO_printf(bp, "%*s", ind, "") <= 0) return 0;
-	if(i2a_ASN1_OBJECT(bp, oid) <= 0) return 0;
-	return 1;
+    if (BIO_printf(bp, "%*s", ind, "") <= 0)
+        return 0;
+    if (i2a_ASN1_OBJECT(bp, oid) <= 0)
+        return 0;
+    return 1;
 }
 
-/* OCSP nonce. This is needs special treatment because it doesn't have
- * an ASN1 encoding at all: it just contains arbitrary data.
+/*
+ * OCSP nonce. This is needs special treatment because it doesn't have an
+ * ASN1 encoding at all: it just contains arbitrary data.
  */
 
 static void *ocsp_nonce_new(void)
 {
-	return ASN1_OCTET_STRING_new();
+    return ASN1_OCTET_STRING_new();
 }
 
 static int i2d_ocsp_nonce(void *a, unsigned char **pp)
 {
-	ASN1_OCTET_STRING *os = a;
-	if(pp) {
-		memcpy(*pp, os->data, os->length);
-		*pp += os->length;
-	}
-	return os->length;
+    ASN1_OCTET_STRING *os = a;
+    if (pp) {
+        memcpy(*pp, os->data, os->length);
+        *pp += os->length;
+    }
+    return os->length;
 }
 
 static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
 {
-	ASN1_OCTET_STRING *os, **pos;
-	pos = a;
-	if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
-	else os = *pos;
-	if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
+    ASN1_OCTET_STRING *os, **pos;
+    pos = a;
+    if (!pos || !*pos)
+        os = ASN1_OCTET_STRING_new();
+    else
+        os = *pos;
+    if (!ASN1_OCTET_STRING_set(os, *pp, length))
+        goto err;
 
-	*pp += length;
+    *pp += length;
 
-	if(pos) *pos = os;
-	return os;
+    if (pos)
+        *pos = os;
+    return os;
 
-	err:
-	if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
-	OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
-	return NULL;
+ err:
+    if (os && (!pos || (*pos != os)))
+        M_ASN1_OCTET_STRING_free(os);
+    OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
+    return NULL;
 }
 
 static void ocsp_nonce_free(void *a)
 {
-	M_ASN1_OCTET_STRING_free(a);
+    M_ASN1_OCTET_STRING_free(a);
 }
 
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out,
+                          int indent)
 {
-	if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
-	if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
-	return 1;
+    if (BIO_printf(out, "%*s", indent, "") <= 0)
+        return 0;
+    if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0)
+        return 0;
+    return 1;
 }
 
 /* Nocheck is just a single NULL. Don't print anything and always set it */
 
-static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
+static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck,
+                            BIO *out, int indent)
 {
-	return 1;
+    return 1;
 }
 
-static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                              const char *str)
 {
-	return ASN1_NULL_new();
+    return ASN1_NULL_new();
 }
 
-static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
-        {
-	int i;
-	OCSP_SERVICELOC *a = in;
-	ACCESS_DESCRIPTION *ad;
+static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp,
+                               int ind)
+{
+    int i;
+    OCSP_SERVICELOC *a = in;
+    ACCESS_DESCRIPTION *ad;
 
-        if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
-        if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
-	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
-	        {
-				ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
-				if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0) 
-					goto err;
-				if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
-				if(BIO_puts(bp, " - ") <= 0) goto err;
-				if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
-		}
-	return 1;
-err:
-	return 0;
-	}
+    if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0)
+        goto err;
+    if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0)
+        goto err;
+    for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) {
+        ad = sk_ACCESS_DESCRIPTION_value(a->locator, i);
+        if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0)
+            goto err;
+        if (i2a_ASN1_OBJECT(bp, ad->method) <= 0)
+            goto err;
+        if (BIO_puts(bp, " - ") <= 0)
+            goto err;
+        if (GENERAL_NAME_print(bp, ad->location) <= 0)
+            goto err;
+    }
+    return 1;
+ err:
+    return 0;
+}
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c
index 823e9afc..cd6b4b2b 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pci.c
@@ -1,6 +1,7 @@
 /* v3_pci.c -*- mode:C; c-file-style: "eay" -*- */
-/* Contributed to the OpenSSL Project 2004
- * by Richard Levitte (richard@levitte.org)
+/*
+ * Contributed to the OpenSSL Project 2004 by Richard Levitte
+ * (richard@levitte.org)
  */
 /* Copyright (c) 2004 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
@@ -40,289 +41,277 @@
 #include <openssl/x509v3.h>
 
 static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
-	BIO *out, int indent);
+                   BIO *out, int indent);
 static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
-	X509V3_CTX *ctx, char *str);
+                                          X509V3_CTX *ctx, char *str);
 
 const X509V3_EXT_METHOD v3_pci =
-	{ NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
-	  0,0,0,0,
-	  0,0,
-	  NULL, NULL,
-	  (X509V3_EXT_I2R)i2r_pci,
-	  (X509V3_EXT_R2I)r2i_pci,
-	  NULL,
-	};
+    { NID_proxyCertInfo, 0, ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+    0, 0, 0, 0,
+    0, 0,
+    NULL, NULL,
+    (X509V3_EXT_I2R)i2r_pci,
+    (X509V3_EXT_R2I)r2i_pci,
+    NULL,
+};
 
 static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *pci,
-	BIO *out, int indent)
-	{
-	BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
-	if (pci->pcPathLengthConstraint)
-	  i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
-	else
-	  BIO_printf(out, "infinite");
-	BIO_puts(out, "\n");
-	BIO_printf(out, "%*sPolicy Language: ", indent, "");
-	i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
-	BIO_puts(out, "\n");
-	if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
-	  BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
-		     pci->proxyPolicy->policy->data);
-	return 1;
-	}
+                   BIO *out, int indent)
+{
+    BIO_printf(out, "%*sPath Length Constraint: ", indent, "");
+    if (pci->pcPathLengthConstraint)
+        i2a_ASN1_INTEGER(out, pci->pcPathLengthConstraint);
+    else
+        BIO_printf(out, "infinite");
+    BIO_puts(out, "\n");
+    BIO_printf(out, "%*sPolicy Language: ", indent, "");
+    i2a_ASN1_OBJECT(out, pci->proxyPolicy->policyLanguage);
+    BIO_puts(out, "\n");
+    if (pci->proxyPolicy->policy && pci->proxyPolicy->policy->data)
+        BIO_printf(out, "%*sPolicy Text: %s\n", indent, "",
+                   pci->proxyPolicy->policy->data);
+    return 1;
+}
 
 static int process_pci_value(CONF_VALUE *val,
-	ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
-	ASN1_OCTET_STRING **policy)
-	{
-	int free_policy = 0;
+                             ASN1_OBJECT **language, ASN1_INTEGER **pathlen,
+                             ASN1_OCTET_STRING **policy)
+{
+    int free_policy = 0;
 
-	if (strcmp(val->name, "language") == 0)
-		{
-		if (*language)
-			{
-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
-			X509V3_conf_err(val);
-			return 0;
-			}
-		if (!(*language = OBJ_txt2obj(val->value, 0)))
-			{
-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-			X509V3_conf_err(val);
-			return 0;
-			}
-		}
-	else if (strcmp(val->name, "pathlen") == 0)
-		{
-		if (*pathlen)
-			{
-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
-			X509V3_conf_err(val);
-			return 0;
-			}
-		if (!X509V3_get_value_int(val, pathlen))
-			{
-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_POLICY_PATH_LENGTH);
-			X509V3_conf_err(val);
-			return 0;
-			}
-		}
-	else if (strcmp(val->name, "policy") == 0)
-		{
-		unsigned char *tmp_data = NULL;
-		long val_len;
-		if (!*policy)
-			{
-			*policy = ASN1_OCTET_STRING_new();
-			if (!*policy)
-				{
-				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
-				X509V3_conf_err(val);
-				return 0;
-				}
-			free_policy = 1;
-			}
-		if (strncmp(val->value, "hex:", 4) == 0)
-			{
-			unsigned char *tmp_data2 =
-				string_to_hex(val->value + 4, &val_len);
+    if (strcmp(val->name, "language") == 0) {
+        if (*language) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED);
+            X509V3_conf_err(val);
+            return 0;
+        }
+        if (!(*language = OBJ_txt2obj(val->value, 0))) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            return 0;
+        }
+    } else if (strcmp(val->name, "pathlen") == 0) {
+        if (*pathlen) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED);
+            X509V3_conf_err(val);
+            return 0;
+        }
+        if (!X509V3_get_value_int(val, pathlen)) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_POLICY_PATH_LENGTH);
+            X509V3_conf_err(val);
+            return 0;
+        }
+    } else if (strcmp(val->name, "policy") == 0) {
+        unsigned char *tmp_data = NULL;
+        long val_len;
+        if (!*policy) {
+            *policy = ASN1_OCTET_STRING_new();
+            if (!*policy) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+                X509V3_conf_err(val);
+                return 0;
+            }
+            free_policy = 1;
+        }
+        if (strncmp(val->value, "hex:", 4) == 0) {
+            unsigned char *tmp_data2 =
+                string_to_hex(val->value + 4, &val_len);
 
-			if (!tmp_data2) 
-				{
-				X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_ILLEGAL_HEX_DIGIT);
-				X509V3_conf_err(val);
-				goto err;
-				}
+            if (!tmp_data2) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                          X509V3_R_ILLEGAL_HEX_DIGIT);
+                X509V3_conf_err(val);
+                goto err;
+            }
 
-			tmp_data = OPENSSL_realloc((*policy)->data,
-				(*policy)->length + val_len + 1);
-			if (tmp_data)
-				{
-				(*policy)->data = tmp_data;
-				memcpy(&(*policy)->data[(*policy)->length],
-					tmp_data2, val_len);
-				(*policy)->length += val_len;
-				(*policy)->data[(*policy)->length] = '\0';
-				}
-			else
-				{
-				OPENSSL_free(tmp_data2);
-				/* realloc failure implies the original data space is b0rked too! */
-				(*policy)->data = NULL;
-				(*policy)->length = 0;
-				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
-				X509V3_conf_err(val);
-				goto err;
-				}
-			OPENSSL_free(tmp_data2);
-			}
-		else if (strncmp(val->value, "file:", 5) == 0)
-			{
-			unsigned char buf[2048];
-			int n;
-			BIO *b = BIO_new_file(val->value + 5, "r");
-			if (!b)
-				{
-				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
-				X509V3_conf_err(val);
-				goto err;
-				}
-			while((n = BIO_read(b, buf, sizeof(buf))) > 0
-				|| (n == 0 && BIO_should_retry(b)))
-				{
-				if (!n) continue;
+            tmp_data = OPENSSL_realloc((*policy)->data,
+                                       (*policy)->length + val_len + 1);
+            if (tmp_data) {
+                (*policy)->data = tmp_data;
+                memcpy(&(*policy)->data[(*policy)->length],
+                       tmp_data2, val_len);
+                (*policy)->length += val_len;
+                (*policy)->data[(*policy)->length] = '\0';
+            } else {
+                OPENSSL_free(tmp_data2);
+                /*
+                 * realloc failure implies the original data space is b0rked
+                 * too!
+                 */
+                (*policy)->data = NULL;
+                (*policy)->length = 0;
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            OPENSSL_free(tmp_data2);
+        } else if (strncmp(val->value, "file:", 5) == 0) {
+            unsigned char buf[2048];
+            int n;
+            BIO *b = BIO_new_file(val->value + 5, "r");
+            if (!b) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
+                X509V3_conf_err(val);
+                goto err;
+            }
+            while ((n = BIO_read(b, buf, sizeof(buf))) > 0
+                   || (n == 0 && BIO_should_retry(b))) {
+                if (!n)
+                    continue;
 
-				tmp_data = OPENSSL_realloc((*policy)->data,
-					(*policy)->length + n + 1);
+                tmp_data = OPENSSL_realloc((*policy)->data,
+                                           (*policy)->length + n + 1);
 
-				if (!tmp_data)
-					break;
+                if (!tmp_data)
+                    break;
 
-				(*policy)->data = tmp_data;
-				memcpy(&(*policy)->data[(*policy)->length],
-					buf, n);
-				(*policy)->length += n;
-				(*policy)->data[(*policy)->length] = '\0';
-				}
-			BIO_free_all(b);
+                (*policy)->data = tmp_data;
+                memcpy(&(*policy)->data[(*policy)->length], buf, n);
+                (*policy)->length += n;
+                (*policy)->data[(*policy)->length] = '\0';
+            }
+            BIO_free_all(b);
 
-			if (n < 0)
-				{
-				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_BIO_LIB);
-				X509V3_conf_err(val);
-				goto err;
-				}
-			}
-		else if (strncmp(val->value, "text:", 5) == 0)
-			{
-			val_len = strlen(val->value + 5);
-			tmp_data = OPENSSL_realloc((*policy)->data,
-				(*policy)->length + val_len + 1);
-			if (tmp_data)
-				{
-				(*policy)->data = tmp_data;
-				memcpy(&(*policy)->data[(*policy)->length],
-					val->value + 5, val_len);
-				(*policy)->length += val_len;
-				(*policy)->data[(*policy)->length] = '\0';
-				}
-			else
-				{
-				/* realloc failure implies the original data space is b0rked too! */
-				(*policy)->data = NULL;
-				(*policy)->length = 0;
-				X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
-				X509V3_conf_err(val);
-				goto err;
-				}
-			}
-		else
-			{
-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
-			X509V3_conf_err(val);
-			goto err;
-			}
-		if (!tmp_data)
-			{
-			X509V3err(X509V3_F_PROCESS_PCI_VALUE,ERR_R_MALLOC_FAILURE);
-			X509V3_conf_err(val);
-			goto err;
-			}
-		}
-	return 1;
-err:
-	if (free_policy)
-		{
-		ASN1_OCTET_STRING_free(*policy);
-		*policy = NULL;
-		}
-	return 0;
-	}
+            if (n < 0) {
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_BIO_LIB);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        } else if (strncmp(val->value, "text:", 5) == 0) {
+            val_len = strlen(val->value + 5);
+            tmp_data = OPENSSL_realloc((*policy)->data,
+                                       (*policy)->length + val_len + 1);
+            if (tmp_data) {
+                (*policy)->data = tmp_data;
+                memcpy(&(*policy)->data[(*policy)->length],
+                       val->value + 5, val_len);
+                (*policy)->length += val_len;
+                (*policy)->data[(*policy)->length] = '\0';
+            } else {
+                /*
+                 * realloc failure implies the original data space is b0rked
+                 * too!
+                 */
+                (*policy)->data = NULL;
+                (*policy)->length = 0;
+                X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+                X509V3_conf_err(val);
+                goto err;
+            }
+        } else {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE,
+                      X509V3_R_INCORRECT_POLICY_SYNTAX_TAG);
+            X509V3_conf_err(val);
+            goto err;
+        }
+        if (!tmp_data) {
+            X509V3err(X509V3_F_PROCESS_PCI_VALUE, ERR_R_MALLOC_FAILURE);
+            X509V3_conf_err(val);
+            goto err;
+        }
+    }
+    return 1;
+ err:
+    if (free_policy) {
+        ASN1_OCTET_STRING_free(*policy);
+        *policy = NULL;
+    }
+    return 0;
+}
 
 static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
-	X509V3_CTX *ctx, char *value)
-	{
-	PROXY_CERT_INFO_EXTENSION *pci = NULL;
-	STACK_OF(CONF_VALUE) *vals;
-	ASN1_OBJECT *language = NULL;
-	ASN1_INTEGER *pathlen = NULL;
-	ASN1_OCTET_STRING *policy = NULL;
-	int i, j;
+                                          X509V3_CTX *ctx, char *value)
+{
+    PROXY_CERT_INFO_EXTENSION *pci = NULL;
+    STACK_OF(CONF_VALUE) *vals;
+    ASN1_OBJECT *language = NULL;
+    ASN1_INTEGER *pathlen = NULL;
+    ASN1_OCTET_STRING *policy = NULL;
+    int i, j;
 
-	vals = X509V3_parse_list(value);
-	for (i = 0; i < sk_CONF_VALUE_num(vals); i++)
-		{
-		CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
-		if (!cnf->name || (*cnf->name != '@' && !cnf->value))
-			{
-			X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_PROXY_POLICY_SETTING);
-			X509V3_conf_err(cnf);
-			goto err;
-			}
-		if (*cnf->name == '@')
-			{
-			STACK_OF(CONF_VALUE) *sect;
-			int success_p = 1;
+    vals = X509V3_parse_list(value);
+    for (i = 0; i < sk_CONF_VALUE_num(vals); i++) {
+        CONF_VALUE *cnf = sk_CONF_VALUE_value(vals, i);
+        if (!cnf->name || (*cnf->name != '@' && !cnf->value)) {
+            X509V3err(X509V3_F_R2I_PCI,
+                      X509V3_R_INVALID_PROXY_POLICY_SETTING);
+            X509V3_conf_err(cnf);
+            goto err;
+        }
+        if (*cnf->name == '@') {
+            STACK_OF(CONF_VALUE) *sect;
+            int success_p = 1;
 
-			sect = X509V3_get_section(ctx, cnf->name + 1);
-			if (!sect)
-				{
-				X509V3err(X509V3_F_R2I_PCI,X509V3_R_INVALID_SECTION);
-				X509V3_conf_err(cnf);
-				goto err;
-				}
-			for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++)
-				{
-				success_p =
-					process_pci_value(sk_CONF_VALUE_value(sect, j),
-						&language, &pathlen, &policy);
-				}
-			X509V3_section_free(ctx, sect);
-			if (!success_p)
-				goto err;
-			}
-		else
-			{
-			if (!process_pci_value(cnf,
-					&language, &pathlen, &policy))
-				{
-				X509V3_conf_err(cnf);
-				goto err;
-				}
-			}
-		}
+            sect = X509V3_get_section(ctx, cnf->name + 1);
+            if (!sect) {
+                X509V3err(X509V3_F_R2I_PCI, X509V3_R_INVALID_SECTION);
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+            for (j = 0; success_p && j < sk_CONF_VALUE_num(sect); j++) {
+                success_p =
+                    process_pci_value(sk_CONF_VALUE_value(sect, j),
+                                      &language, &pathlen, &policy);
+            }
+            X509V3_section_free(ctx, sect);
+            if (!success_p)
+                goto err;
+        } else {
+            if (!process_pci_value(cnf, &language, &pathlen, &policy)) {
+                X509V3_conf_err(cnf);
+                goto err;
+            }
+        }
+    }
 
-	/* Language is mandatory */
-	if (!language)
-		{
-		X509V3err(X509V3_F_R2I_PCI,X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
-		goto err;
-		}
-	i = OBJ_obj2nid(language);
-	if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy)
-		{
-		X509V3err(X509V3_F_R2I_PCI,X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
-		goto err;
-		}
+    /* Language is mandatory */
+    if (!language) {
+        X509V3err(X509V3_F_R2I_PCI,
+                  X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED);
+        goto err;
+    }
+    i = OBJ_obj2nid(language);
+    if ((i == NID_Independent || i == NID_id_ppl_inheritAll) && policy) {
+        X509V3err(X509V3_F_R2I_PCI,
+                  X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY);
+        goto err;
+    }
 
-	pci = PROXY_CERT_INFO_EXTENSION_new();
-	if (!pci)
-		{
-		X509V3err(X509V3_F_R2I_PCI,ERR_R_MALLOC_FAILURE);
-		goto err;
-		}
+    pci = PROXY_CERT_INFO_EXTENSION_new();
+    if (!pci) {
+        X509V3err(X509V3_F_R2I_PCI, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
 
-	pci->proxyPolicy->policyLanguage = language; language = NULL;
-	pci->proxyPolicy->policy = policy; policy = NULL;
-	pci->pcPathLengthConstraint = pathlen; pathlen = NULL;
-	goto end;
-err:
-	if (language) { ASN1_OBJECT_free(language); language = NULL; }
-	if (pathlen) { ASN1_INTEGER_free(pathlen); pathlen = NULL; }
-	if (policy) { ASN1_OCTET_STRING_free(policy); policy = NULL; }
-	if (pci) { PROXY_CERT_INFO_EXTENSION_free(pci); pci = NULL; }
-end:
-	sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
-	return pci;
-	}
+    pci->proxyPolicy->policyLanguage = language;
+    language = NULL;
+    pci->proxyPolicy->policy = policy;
+    policy = NULL;
+    pci->pcPathLengthConstraint = pathlen;
+    pathlen = NULL;
+    goto end;
+ err:
+    if (language) {
+        ASN1_OBJECT_free(language);
+        language = NULL;
+    }
+    if (pathlen) {
+        ASN1_INTEGER_free(pathlen);
+        pathlen = NULL;
+    }
+    if (policy) {
+        ASN1_OCTET_STRING_free(policy);
+        policy = NULL;
+    }
+    if (pci) {
+        PROXY_CERT_INFO_EXTENSION_free(pci);
+        pci = NULL;
+    }
+ end:
+    sk_CONF_VALUE_pop_free(vals, X509V3_conf_free);
+    return pci;
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c
index bb362e0e..350b3988 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcia.c
@@ -1,6 +1,7 @@
 /* v3_pcia.c -*- mode:C; c-file-style: "eay" -*- */
-/* Contributed to the OpenSSL Project 2004
- * by Richard Levitte (richard@levitte.org)
+/*
+ * Contributed to the OpenSSL Project 2004 by Richard Levitte
+ * (richard@levitte.org)
  */
 /* Copyright (c) 2004 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden).
@@ -39,17 +40,17 @@
 #include <openssl/x509v3.h>
 
 ASN1_SEQUENCE(PROXY_POLICY) =
-	{
-	ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),
-	ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)
+        {
+        ASN1_SIMPLE(PROXY_POLICY,policyLanguage,ASN1_OBJECT),
+        ASN1_OPT(PROXY_POLICY,policy,ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(PROXY_POLICY)
 
 IMPLEMENT_ASN1_FUNCTIONS(PROXY_POLICY)
 
 ASN1_SEQUENCE(PROXY_CERT_INFO_EXTENSION) =
-	{
-	ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),
-	ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)
+        {
+        ASN1_OPT(PROXY_CERT_INFO_EXTENSION,pcPathLengthConstraint,ASN1_INTEGER),
+        ASN1_SIMPLE(PROXY_CERT_INFO_EXTENSION,proxyPolicy,PROXY_POLICY)
 } ASN1_SEQUENCE_END(PROXY_CERT_INFO_EXTENSION)
 
 IMPLEMENT_ASN1_FUNCTIONS(PROXY_CERT_INFO_EXTENSION)
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c
index 86c0ff70..6a5f3379 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pcons.c
@@ -1,5 +1,6 @@
 /* v3_pcons.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,7 +57,6 @@
  *
  */
 
-
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1.h>
@@ -65,72 +65,77 @@
 #include <openssl/x509v3.h>
 
 static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-				void *bcons, STACK_OF(CONF_VALUE) *extlist);
+                                                    void *bcons,
+                                                    STACK_OF(CONF_VALUE)
+                                                    *extlist);
 static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *values);
 
 const X509V3_EXT_METHOD v3_policy_constraints = {
-NID_policy_constraints, 0,
-ASN1_ITEM_ref(POLICY_CONSTRAINTS),
-0,0,0,0,
-0,0,
-i2v_POLICY_CONSTRAINTS,
-v2i_POLICY_CONSTRAINTS,
-NULL,NULL,
-NULL
+    NID_policy_constraints, 0,
+    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_POLICY_CONSTRAINTS,
+    v2i_POLICY_CONSTRAINTS,
+    NULL, NULL,
+    NULL
 };
 
 ASN1_SEQUENCE(POLICY_CONSTRAINTS) = {
-	ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),
-	ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)
+        ASN1_IMP_OPT(POLICY_CONSTRAINTS, requireExplicitPolicy, ASN1_INTEGER,0),
+        ASN1_IMP_OPT(POLICY_CONSTRAINTS, inhibitPolicyMapping, ASN1_INTEGER,1)
 } ASN1_SEQUENCE_END(POLICY_CONSTRAINTS)
 
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_CONSTRAINTS)
 
-
 static STACK_OF(CONF_VALUE) *i2v_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-	     void *a, STACK_OF(CONF_VALUE) *extlist)
+                                                    void *a,
+                                                    STACK_OF(CONF_VALUE)
+                                                    *extlist)
 {
-	POLICY_CONSTRAINTS *pcons = a;
-	X509V3_add_value_int("Require Explicit Policy",
-			pcons->requireExplicitPolicy, &extlist);
-	X509V3_add_value_int("Inhibit Policy Mapping",
-			pcons->inhibitPolicyMapping, &extlist);
-	return extlist;
+    POLICY_CONSTRAINTS *pcons = a;
+    X509V3_add_value_int("Require Explicit Policy",
+                         pcons->requireExplicitPolicy, &extlist);
+    X509V3_add_value_int("Inhibit Policy Mapping",
+                         pcons->inhibitPolicyMapping, &extlist);
+    return extlist;
 }
 
 static void *v2i_POLICY_CONSTRAINTS(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values)
+                                    X509V3_CTX *ctx,
+                                    STACK_OF(CONF_VALUE) *values)
 {
-	POLICY_CONSTRAINTS *pcons=NULL;
-	CONF_VALUE *val;
-	int i;
-	if(!(pcons = POLICY_CONSTRAINTS_new())) {
-		X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(values); i++) {
-		val = sk_CONF_VALUE_value(values, i);
-		if(!strcmp(val->name, "requireExplicitPolicy")) {
-			if(!X509V3_get_value_int(val,
-				&pcons->requireExplicitPolicy)) goto err;
-		} else if(!strcmp(val->name, "inhibitPolicyMapping")) {
-			if(!X509V3_get_value_int(val,
-				&pcons->inhibitPolicyMapping)) goto err;
-		} else {
-			X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME);
-			X509V3_conf_err(val);
-			goto err;
-		}
-	}
-	if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {
-		X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_ILLEGAL_EMPTY_EXTENSION);
-		goto err;
-	}
+    POLICY_CONSTRAINTS *pcons = NULL;
+    CONF_VALUE *val;
+    int i;
+    if (!(pcons = POLICY_CONSTRAINTS_new())) {
+        X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
+        val = sk_CONF_VALUE_value(values, i);
+        if (!strcmp(val->name, "requireExplicitPolicy")) {
+            if (!X509V3_get_value_int(val, &pcons->requireExplicitPolicy))
+                goto err;
+        } else if (!strcmp(val->name, "inhibitPolicyMapping")) {
+            if (!X509V3_get_value_int(val, &pcons->inhibitPolicyMapping))
+                goto err;
+        } else {
+            X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS, X509V3_R_INVALID_NAME);
+            X509V3_conf_err(val);
+            goto err;
+        }
+    }
+    if (!pcons->inhibitPolicyMapping && !pcons->requireExplicitPolicy) {
+        X509V3err(X509V3_F_V2I_POLICY_CONSTRAINTS,
+                  X509V3_R_ILLEGAL_EMPTY_EXTENSION);
+        goto err;
+    }
 
-	return pcons;
-	err:
-	POLICY_CONSTRAINTS_free(pcons);
-	return NULL;
+    return pcons;
+ err:
+    POLICY_CONSTRAINTS_free(pcons);
+    return NULL;
 }
-
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c
index 076f3ff4..dd01c441 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pku.c
@@ -1,6 +1,7 @@
 /* v3_pku.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -62,42 +63,47 @@
 #include <openssl/asn1t.h>
 #include <openssl/x509v3.h>
 
-static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+                                 PKEY_USAGE_PERIOD *usage, BIO *out,
+                                 int indent);
 /*
-static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
-*/
+ * static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
+ * X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values);
+ */
 const X509V3_EXT_METHOD v3_pkey_usage_period = {
-NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
-0,0,0,0,
-0,0,0,0,
-(X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
-NULL
+    NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+    0, 0, 0, 0,
+    0, 0, 0, 0,
+    (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL,
+    NULL
 };
 
 ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = {
-	ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
-	ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
+        ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0),
+        ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1)
 } ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD)
 
 IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD)
 
 static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method,
-	     PKEY_USAGE_PERIOD *usage, BIO *out, int indent)
+                                 PKEY_USAGE_PERIOD *usage, BIO *out,
+                                 int indent)
 {
-	BIO_printf(out, "%*s", indent, "");
-	if(usage->notBefore) {
-		BIO_write(out, "Not Before: ", 12);
-		ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
-		if(usage->notAfter) BIO_write(out, ", ", 2);
-	}
-	if(usage->notAfter) {
-		BIO_write(out, "Not After: ", 11);
-		ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
-	}
-	return 1;
+    BIO_printf(out, "%*s", indent, "");
+    if (usage->notBefore) {
+        BIO_write(out, "Not Before: ", 12);
+        ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
+        if (usage->notAfter)
+            BIO_write(out, ", ", 2);
+    }
+    if (usage->notAfter) {
+        BIO_write(out, "Not After: ", 11);
+        ASN1_GENERALIZEDTIME_print(out, usage->notAfter);
+    }
+    return 1;
 }
 
-/*
+/*-
 static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(method, ctx, values)
 X509V3_EXT_METHOD *method;
 X509V3_CTX *ctx;
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c
index da03bbc3..22e9e58f 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_pmaps.c
@@ -1,5 +1,6 @@
 /* v3_pmaps.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,7 +57,6 @@
  *
  */
 
-
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/asn1t.h>
@@ -64,90 +64,94 @@
 #include <openssl/x509v3.h>
 
 static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-				void *pmps, STACK_OF(CONF_VALUE) *extlist);
+                                                 void *pmps,
+                                                 STACK_OF(CONF_VALUE)
+                                                 *extlist);
 
 const X509V3_EXT_METHOD v3_policy_mappings = {
-	NID_policy_mappings, 0,
-	ASN1_ITEM_ref(POLICY_MAPPINGS),
-	0,0,0,0,
-	0,0,
-	i2v_POLICY_MAPPINGS,
-	v2i_POLICY_MAPPINGS,
-	0,0,
-	NULL
+    NID_policy_mappings, 0,
+    ASN1_ITEM_ref(POLICY_MAPPINGS),
+    0, 0, 0, 0,
+    0, 0,
+    i2v_POLICY_MAPPINGS,
+    v2i_POLICY_MAPPINGS,
+    0, 0,
+    NULL
 };
 
 ASN1_SEQUENCE(POLICY_MAPPING) = {
-	ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT),
-	ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT)
+        ASN1_SIMPLE(POLICY_MAPPING, issuerDomainPolicy, ASN1_OBJECT),
+        ASN1_SIMPLE(POLICY_MAPPING, subjectDomainPolicy, ASN1_OBJECT)
 } ASN1_SEQUENCE_END(POLICY_MAPPING)
 
-ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) = 
-	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS,
-								POLICY_MAPPING)
+ASN1_ITEM_TEMPLATE(POLICY_MAPPINGS) =
+        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, POLICY_MAPPINGS,
+                                                                POLICY_MAPPING)
 ASN1_ITEM_TEMPLATE_END(POLICY_MAPPINGS)
 
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(POLICY_MAPPING)
 
-
 static STACK_OF(CONF_VALUE) *i2v_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-		void *a, STACK_OF(CONF_VALUE) *ext_list)
+                                                 void *a, STACK_OF(CONF_VALUE)
+                                                 *ext_list)
 {
-	POLICY_MAPPINGS *pmaps = a;
-	POLICY_MAPPING *pmap;
-	int i;
-	char obj_tmp1[80];
-	char obj_tmp2[80];
-	for(i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) {
-		pmap = sk_POLICY_MAPPING_value(pmaps, i);
-		i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy);
-		i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy);
-		X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list);
-	}
-	return ext_list;
+    POLICY_MAPPINGS *pmaps = a;
+    POLICY_MAPPING *pmap;
+    int i;
+    char obj_tmp1[80];
+    char obj_tmp2[80];
+    for (i = 0; i < sk_POLICY_MAPPING_num(pmaps); i++) {
+        pmap = sk_POLICY_MAPPING_value(pmaps, i);
+        i2t_ASN1_OBJECT(obj_tmp1, 80, pmap->issuerDomainPolicy);
+        i2t_ASN1_OBJECT(obj_tmp2, 80, pmap->subjectDomainPolicy);
+        X509V3_add_value(obj_tmp1, obj_tmp2, &ext_list);
+    }
+    return ext_list;
 }
 
 static void *v2i_POLICY_MAPPINGS(X509V3_EXT_METHOD *method,
-				X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
-	POLICY_MAPPINGS *pmaps;
-	POLICY_MAPPING *pmap;
-	ASN1_OBJECT *obj1, *obj2;
-	CONF_VALUE *val;
-	int i;
+    POLICY_MAPPINGS *pmaps;
+    POLICY_MAPPING *pmap;
+    ASN1_OBJECT *obj1, *obj2;
+    CONF_VALUE *val;
+    int i;
 
-	if(!(pmaps = sk_POLICY_MAPPING_new_null())) {
-		X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
+    if (!(pmaps = sk_POLICY_MAPPING_new_null())) {
+        X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
 
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		val = sk_CONF_VALUE_value(nval, i);
-		if(!val->value || !val->name) {
-			sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
-			X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-			X509V3_conf_err(val);
-			return NULL;
-		}
-		obj1 = OBJ_txt2obj(val->name, 0);
-		obj2 = OBJ_txt2obj(val->value, 0);
-		if(!obj1 || !obj2) {
-			sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
-			X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,X509V3_R_INVALID_OBJECT_IDENTIFIER);
-			X509V3_conf_err(val);
-			return NULL;
-		}
-		pmap = POLICY_MAPPING_new();
-		if (!pmap) {
-			sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
-			X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,ERR_R_MALLOC_FAILURE);
-			return NULL;
-		}
-		pmap->issuerDomainPolicy = obj1;
-		pmap->subjectDomainPolicy = obj2;
-		sk_POLICY_MAPPING_push(pmaps, pmap);
-	}
-	return pmaps;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        val = sk_CONF_VALUE_value(nval, i);
+        if (!val->value || !val->name) {
+            sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+            X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            return NULL;
+        }
+        obj1 = OBJ_txt2obj(val->name, 0);
+        obj2 = OBJ_txt2obj(val->value, 0);
+        if (!obj1 || !obj2) {
+            sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+            X509V3err(X509V3_F_V2I_POLICY_MAPPINGS,
+                      X509V3_R_INVALID_OBJECT_IDENTIFIER);
+            X509V3_conf_err(val);
+            return NULL;
+        }
+        pmap = POLICY_MAPPING_new();
+        if (!pmap) {
+            sk_POLICY_MAPPING_pop_free(pmaps, POLICY_MAPPING_free);
+            X509V3err(X509V3_F_V2I_POLICY_MAPPINGS, ERR_R_MALLOC_FAILURE);
+            return NULL;
+        }
+        pmap->issuerDomainPolicy = obj1;
+        pmap->subjectDomainPolicy = obj2;
+        sk_POLICY_MAPPING_push(pmaps, pmap);
+    }
+    return pmaps;
 }
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c
index c1bb17f1..4ae463e3 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_prn.c
@@ -1,6 +1,7 @@
 /* v3_prn.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,171 +65,195 @@
 
 /* Extension printing routines */
 
-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported);
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext,
+                             unsigned long flag, int indent, int supported);
 
 /* Print out a name+value stack */
 
-void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml)
+void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent,
+                        int ml)
 {
-	int i;
-	CONF_VALUE *nval;
-	if(!val) return;
-	if(!ml || !sk_CONF_VALUE_num(val)) {
-		BIO_printf(out, "%*s", indent, "");
-		if(!sk_CONF_VALUE_num(val)) BIO_puts(out, "<EMPTY>\n");
-	}
-	for(i = 0; i < sk_CONF_VALUE_num(val); i++) {
-		if(ml) BIO_printf(out, "%*s", indent, "");
-		else if(i > 0) BIO_printf(out, ", ");
-		nval = sk_CONF_VALUE_value(val, i);
-		if(!nval->name) BIO_puts(out, nval->value);
-		else if(!nval->value) BIO_puts(out, nval->name);
+    int i;
+    CONF_VALUE *nval;
+    if (!val)
+        return;
+    if (!ml || !sk_CONF_VALUE_num(val)) {
+        BIO_printf(out, "%*s", indent, "");
+        if (!sk_CONF_VALUE_num(val))
+            BIO_puts(out, "<EMPTY>\n");
+    }
+    for (i = 0; i < sk_CONF_VALUE_num(val); i++) {
+        if (ml)
+            BIO_printf(out, "%*s", indent, "");
+        else if (i > 0)
+            BIO_printf(out, ", ");
+        nval = sk_CONF_VALUE_value(val, i);
+        if (!nval->name)
+            BIO_puts(out, nval->value);
+        else if (!nval->value)
+            BIO_puts(out, nval->name);
 #ifndef CHARSET_EBCDIC
-		else BIO_printf(out, "%s:%s", nval->name, nval->value);
+        else
+            BIO_printf(out, "%s:%s", nval->name, nval->value);
 #else
-		else {
-			int len;
-			char *tmp;
-			len = strlen(nval->value)+1;
-			tmp = OPENSSL_malloc(len);
-			if (tmp)
-			{
-				ascii2ebcdic(tmp, nval->value, len);
-				BIO_printf(out, "%s:%s", nval->name, tmp);
-				OPENSSL_free(tmp);
-			}
-		}
+        else {
+            int len;
+            char *tmp;
+            len = strlen(nval->value) + 1;
+            tmp = OPENSSL_malloc(len);
+            if (tmp) {
+                ascii2ebcdic(tmp, nval->value, len);
+                BIO_printf(out, "%s:%s", nval->name, tmp);
+                OPENSSL_free(tmp);
+            }
+        }
 #endif
-		if(ml) BIO_puts(out, "\n");
-	}
+        if (ml)
+            BIO_puts(out, "\n");
+    }
 }
 
 /* Main routine: print out a general extension */
 
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent)
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag,
+                     int indent)
 {
-	void *ext_str = NULL;
-	char *value = NULL;
-	const unsigned char *p;
-	X509V3_EXT_METHOD *method;	
-	STACK_OF(CONF_VALUE) *nval = NULL;
-	int ok = 1;
-
-	if(!(method = X509V3_EXT_get(ext)))
-		return unknown_ext_print(out, ext, flag, indent, 0);
-	p = ext->value->data;
-	if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
-	else ext_str = method->d2i(NULL, &p, ext->value->length);
-
-	if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1);
-
-	if(method->i2s) {
-		if(!(value = method->i2s(method, ext_str))) {
-			ok = 0;
-			goto err;
-		}
+    void *ext_str = NULL;
+    char *value = NULL;
+    const unsigned char *p;
+    X509V3_EXT_METHOD *method;
+    STACK_OF(CONF_VALUE) *nval = NULL;
+    int ok = 1;
+
+    if (!(method = X509V3_EXT_get(ext)))
+        return unknown_ext_print(out, ext, flag, indent, 0);
+    p = ext->value->data;
+    if (method->it)
+        ext_str =
+            ASN1_item_d2i(NULL, &p, ext->value->length,
+                          ASN1_ITEM_ptr(method->it));
+    else
+        ext_str = method->d2i(NULL, &p, ext->value->length);
+
+    if (!ext_str)
+        return unknown_ext_print(out, ext, flag, indent, 1);
+
+    if (method->i2s) {
+        if (!(value = method->i2s(method, ext_str))) {
+            ok = 0;
+            goto err;
+        }
 #ifndef CHARSET_EBCDIC
-		BIO_printf(out, "%*s%s", indent, "", value);
+        BIO_printf(out, "%*s%s", indent, "", value);
 #else
-		{
-			int len;
-			char *tmp;
-			len = strlen(value)+1;
-			tmp = OPENSSL_malloc(len);
-			if (tmp)
-			{
-				ascii2ebcdic(tmp, value, len);
-				BIO_printf(out, "%*s%s", indent, "", tmp);
-				OPENSSL_free(tmp);
-			}
-		}
+        {
+            int len;
+            char *tmp;
+            len = strlen(value) + 1;
+            tmp = OPENSSL_malloc(len);
+            if (tmp) {
+                ascii2ebcdic(tmp, value, len);
+                BIO_printf(out, "%*s%s", indent, "", tmp);
+                OPENSSL_free(tmp);
+            }
+        }
 #endif
-	} else if(method->i2v) {
-		if(!(nval = method->i2v(method, ext_str, NULL))) {
-			ok = 0;
-			goto err;
-		}
-		X509V3_EXT_val_prn(out, nval, indent,
-				 method->ext_flags & X509V3_EXT_MULTILINE);
-	} else if(method->i2r) {
-		if(!method->i2r(method, ext_str, out, indent)) ok = 0;
-	} else ok = 0;
-
-	err:
-		sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
-		if(value) OPENSSL_free(value);
-		if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
-		else method->ext_free(ext_str);
-		return ok;
+    } else if (method->i2v) {
+        if (!(nval = method->i2v(method, ext_str, NULL))) {
+            ok = 0;
+            goto err;
+        }
+        X509V3_EXT_val_prn(out, nval, indent,
+                           method->ext_flags & X509V3_EXT_MULTILINE);
+    } else if (method->i2r) {
+        if (!method->i2r(method, ext_str, out, indent))
+            ok = 0;
+    } else
+        ok = 0;
+
+ err:
+    sk_CONF_VALUE_pop_free(nval, X509V3_conf_free);
+    if (value)
+        OPENSSL_free(value);
+    if (method->it)
+        ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it));
+    else
+        method->ext_free(ext_str);
+    return ok;
 }
 
-int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent)
+int X509V3_extensions_print(BIO *bp, char *title,
+                            STACK_OF(X509_EXTENSION) *exts,
+                            unsigned long flag, int indent)
 {
-	int i, j;
-
-	if(sk_X509_EXTENSION_num(exts) <= 0) return 1;
-
-	if(title) 
-		{
-		BIO_printf(bp,"%*s%s:\n",indent, "", title);
-		indent += 4;
-		}
-
-	for (i=0; i<sk_X509_EXTENSION_num(exts); i++)
-		{
-		ASN1_OBJECT *obj;
-		X509_EXTENSION *ex;
-		ex=sk_X509_EXTENSION_value(exts, i);
-		if (indent && BIO_printf(bp,"%*s",indent, "") <= 0) return 0;
-		obj=X509_EXTENSION_get_object(ex);
-		i2a_ASN1_OBJECT(bp,obj);
-		j=X509_EXTENSION_get_critical(ex);
-		if (BIO_printf(bp,": %s\n",j?"critical":"") <= 0)
-			return 0;
-		if(!X509V3_EXT_print(bp, ex, flag, indent + 4))
-			{
-			BIO_printf(bp, "%*s", indent + 4, "");
-			M_ASN1_OCTET_STRING_print(bp,ex->value);
-			}
-		if (BIO_write(bp,"\n",1) <= 0) return 0;
-		}
-	return 1;
+    int i, j;
+
+    if (sk_X509_EXTENSION_num(exts) <= 0)
+        return 1;
+
+    if (title) {
+        BIO_printf(bp, "%*s%s:\n", indent, "", title);
+        indent += 4;
+    }
+
+    for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+        ASN1_OBJECT *obj;
+        X509_EXTENSION *ex;
+        ex = sk_X509_EXTENSION_value(exts, i);
+        if (indent && BIO_printf(bp, "%*s", indent, "") <= 0)
+            return 0;
+        obj = X509_EXTENSION_get_object(ex);
+        i2a_ASN1_OBJECT(bp, obj);
+        j = X509_EXTENSION_get_critical(ex);
+        if (BIO_printf(bp, ": %s\n", j ? "critical" : "") <= 0)
+            return 0;
+        if (!X509V3_EXT_print(bp, ex, flag, indent + 4)) {
+            BIO_printf(bp, "%*s", indent + 4, "");
+            M_ASN1_OCTET_STRING_print(bp, ex->value);
+        }
+        if (BIO_write(bp, "\n", 1) <= 0)
+            return 0;
+    }
+    return 1;
 }
 
-static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported)
+static int unknown_ext_print(BIO *out, X509_EXTENSION *ext,
+                             unsigned long flag, int indent, int supported)
 {
-	switch(flag & X509V3_EXT_UNKNOWN_MASK) {
-
-		case X509V3_EXT_DEFAULT:
-		return 0;
-
-		case X509V3_EXT_ERROR_UNKNOWN:
-		if(supported)
-			BIO_printf(out, "%*s<Parse Error>", indent, "");
-		else
-			BIO_printf(out, "%*s<Not Supported>", indent, "");
-		return 1;
-
-		case X509V3_EXT_PARSE_UNKNOWN:
-			return ASN1_parse_dump(out,
-				ext->value->data, ext->value->length, indent, -1);
-		case X509V3_EXT_DUMP_UNKNOWN:
-			return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent);
-
-		default:
-		return 1;
-	}
+    switch (flag & X509V3_EXT_UNKNOWN_MASK) {
+
+    case X509V3_EXT_DEFAULT:
+        return 0;
+
+    case X509V3_EXT_ERROR_UNKNOWN:
+        if (supported)
+            BIO_printf(out, "%*s<Parse Error>", indent, "");
+        else
+            BIO_printf(out, "%*s<Not Supported>", indent, "");
+        return 1;
+
+    case X509V3_EXT_PARSE_UNKNOWN:
+        return ASN1_parse_dump(out,
+                               ext->value->data, ext->value->length, indent,
+                               -1);
+    case X509V3_EXT_DUMP_UNKNOWN:
+        return BIO_dump_indent(out, (char *)ext->value->data,
+                               ext->value->length, indent);
+
+    default:
+        return 1;
+    }
 }
-	
 
 #ifndef OPENSSL_NO_FP_API
 int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent)
 {
-	BIO *bio_tmp;
-	int ret;
-	if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
-	ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
-	BIO_free(bio_tmp);
-	return ret;
+    BIO *bio_tmp;
+    int ret;
+    if (!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE)))
+        return 0;
+    ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
+    BIO_free(bio_tmp);
+    return ret;
 }
 #endif
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c
index e18751e0..6ff1521c 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_purp.c
@@ -1,6 +1,7 @@
 /* v3_purp.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2001.
  */
 /* ====================================================================
  * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -64,29 +65,42 @@
 static void x509v3_cache_extensions(X509 *x);
 
 static int check_ssl_ca(const X509 *x);
-static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca);
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca);
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca);
 static int purpose_smime(const X509 *x, int ca);
-static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca);
-static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca);
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca);
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca);
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
+                                  int ca);
 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca);
 static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca);
 
-static int xp_cmp(const X509_PURPOSE * const *a,
-		const X509_PURPOSE * const *b);
+static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b);
 static void xptable_free(X509_PURPOSE *p);
 
 static X509_PURPOSE xstandard[] = {
-	{X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0, check_purpose_ssl_client, "SSL client", "sslclient", NULL},
-	{X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ssl_server, "SSL server", "sslserver", NULL},
-	{X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
-	{X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL},
-	{X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
-	{X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL},
-	{X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL},
-	{X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL},
+    {X509_PURPOSE_SSL_CLIENT, X509_TRUST_SSL_CLIENT, 0,
+     check_purpose_ssl_client, "SSL client", "sslclient", NULL},
+    {X509_PURPOSE_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
+     check_purpose_ssl_server, "SSL server", "sslserver", NULL},
+    {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0,
+     check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL},
+    {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign,
+     "S/MIME signing", "smimesign", NULL},
+    {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0,
+     check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL},
+    {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign,
+     "CRL signing", "crlsign", NULL},
+    {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any",
+     NULL},
+    {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper,
+     "OCSP helper", "ocsphelper", NULL},
 };
 
 #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE))
@@ -95,348 +109,367 @@ IMPLEMENT_STACK_OF(X509_PURPOSE)
 
 static STACK_OF(X509_PURPOSE) *xptable = NULL;
 
-static int xp_cmp(const X509_PURPOSE * const *a,
-		const X509_PURPOSE * const *b)
+static int xp_cmp(const X509_PURPOSE *const *a, const X509_PURPOSE *const *b)
 {
-	return (*a)->purpose - (*b)->purpose;
+    return (*a)->purpose - (*b)->purpose;
 }
 
-/* As much as I'd like to make X509_check_purpose use a "const" X509*
- * I really can't because it does recalculate hashes and do other non-const
- * things. */
+/*
+ * As much as I'd like to make X509_check_purpose use a "const" X509* I
+ * really can't because it does recalculate hashes and do other non-const
+ * things.
+ */
 int X509_check_purpose(X509 *x, int id, int ca)
 {
-	int idx;
-	const X509_PURPOSE *pt;
-	if(!(x->ex_flags & EXFLAG_SET)) {
-		CRYPTO_w_lock(CRYPTO_LOCK_X509);
-		x509v3_cache_extensions(x);
-		CRYPTO_w_unlock(CRYPTO_LOCK_X509);
-	}
-	if(id == -1) return 1;
-	idx = X509_PURPOSE_get_by_id(id);
-	if(idx == -1) return -1;
-	pt = X509_PURPOSE_get0(idx);
-	return pt->check_purpose(pt, x, ca);
+    int idx;
+    const X509_PURPOSE *pt;
+    if (!(x->ex_flags & EXFLAG_SET)) {
+        CRYPTO_w_lock(CRYPTO_LOCK_X509);
+        x509v3_cache_extensions(x);
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+    }
+    if (id == -1)
+        return 1;
+    idx = X509_PURPOSE_get_by_id(id);
+    if (idx == -1)
+        return -1;
+    pt = X509_PURPOSE_get0(idx);
+    return pt->check_purpose(pt, x, ca);
 }
 
 int X509_PURPOSE_set(int *p, int purpose)
 {
-	if(X509_PURPOSE_get_by_id(purpose) == -1) {
-		X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
-		return 0;
-	}
-	*p = purpose;
-	return 1;
+    if (X509_PURPOSE_get_by_id(purpose) == -1) {
+        X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE);
+        return 0;
+    }
+    *p = purpose;
+    return 1;
 }
 
 int X509_PURPOSE_get_count(void)
 {
-	if(!xptable) return X509_PURPOSE_COUNT;
-	return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
+    if (!xptable)
+        return X509_PURPOSE_COUNT;
+    return sk_X509_PURPOSE_num(xptable) + X509_PURPOSE_COUNT;
 }
 
-X509_PURPOSE * X509_PURPOSE_get0(int idx)
+X509_PURPOSE *X509_PURPOSE_get0(int idx)
 {
-	if(idx < 0) return NULL;
-	if(idx < (int)X509_PURPOSE_COUNT) return xstandard + idx;
-	return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
+    if (idx < 0)
+        return NULL;
+    if (idx < (int)X509_PURPOSE_COUNT)
+        return xstandard + idx;
+    return sk_X509_PURPOSE_value(xptable, idx - X509_PURPOSE_COUNT);
 }
 
 int X509_PURPOSE_get_by_sname(char *sname)
 {
-	int i;
-	X509_PURPOSE *xptmp;
-	for(i = 0; i < X509_PURPOSE_get_count(); i++) {
-		xptmp = X509_PURPOSE_get0(i);
-		if(!strcmp(xptmp->sname, sname)) return i;
-	}
-	return -1;
+    int i;
+    X509_PURPOSE *xptmp;
+    for (i = 0; i < X509_PURPOSE_get_count(); i++) {
+        xptmp = X509_PURPOSE_get0(i);
+        if (!strcmp(xptmp->sname, sname))
+            return i;
+    }
+    return -1;
 }
 
 int X509_PURPOSE_get_by_id(int purpose)
 {
-	X509_PURPOSE tmp;
-	int idx;
-	if((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
-		return purpose - X509_PURPOSE_MIN;
-	tmp.purpose = purpose;
-	if(!xptable) return -1;
-	idx = sk_X509_PURPOSE_find(xptable, &tmp);
-	if(idx == -1) return -1;
-	return idx + X509_PURPOSE_COUNT;
+    X509_PURPOSE tmp;
+    int idx;
+    if ((purpose >= X509_PURPOSE_MIN) && (purpose <= X509_PURPOSE_MAX))
+        return purpose - X509_PURPOSE_MIN;
+    tmp.purpose = purpose;
+    if (!xptable)
+        return -1;
+    idx = sk_X509_PURPOSE_find(xptable, &tmp);
+    if (idx == -1)
+        return -1;
+    return idx + X509_PURPOSE_COUNT;
 }
 
 int X509_PURPOSE_add(int id, int trust, int flags,
-			int (*ck)(const X509_PURPOSE *, const X509 *, int),
-					char *name, char *sname, void *arg)
+                     int (*ck) (const X509_PURPOSE *, const X509 *, int),
+                     char *name, char *sname, void *arg)
 {
-	int idx;
-	X509_PURPOSE *ptmp;
-	/* This is set according to what we change: application can't set it */
-	flags &= ~X509_PURPOSE_DYNAMIC;
-	/* This will always be set for application modified trust entries */
-	flags |= X509_PURPOSE_DYNAMIC_NAME;
-	/* Get existing entry if any */
-	idx = X509_PURPOSE_get_by_id(id);
-	/* Need a new entry */
-	if(idx == -1) {
-		if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
-			X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		ptmp->flags = X509_PURPOSE_DYNAMIC;
-	} else ptmp = X509_PURPOSE_get0(idx);
-
-	/* OPENSSL_free existing name if dynamic */
-	if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
-		OPENSSL_free(ptmp->name);
-		OPENSSL_free(ptmp->sname);
-	}
-	/* dup supplied name */
-	ptmp->name = BUF_strdup(name);
-	ptmp->sname = BUF_strdup(sname);
-	if(!ptmp->name || !ptmp->sname) {
-		X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
-		return 0;
-	}
-	/* Keep the dynamic flag of existing entry */
-	ptmp->flags &= X509_PURPOSE_DYNAMIC;
-	/* Set all other flags */
-	ptmp->flags |= flags;
-
-	ptmp->purpose = id;
-	ptmp->trust = trust;
-	ptmp->check_purpose = ck;
-	ptmp->usr_data = arg;
-
-	/* If its a new entry manage the dynamic table */
-	if(idx == -1) {
-		if(!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
-			X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-		if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
-			X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE);
-			return 0;
-		}
-	}
-	return 1;
+    int idx;
+    X509_PURPOSE *ptmp;
+    /*
+     * This is set according to what we change: application can't set it
+     */
+    flags &= ~X509_PURPOSE_DYNAMIC;
+    /* This will always be set for application modified trust entries */
+    flags |= X509_PURPOSE_DYNAMIC_NAME;
+    /* Get existing entry if any */
+    idx = X509_PURPOSE_get_by_id(id);
+    /* Need a new entry */
+    if (idx == -1) {
+        if (!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) {
+            X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        ptmp->flags = X509_PURPOSE_DYNAMIC;
+    } else
+        ptmp = X509_PURPOSE_get0(idx);
+
+    /* OPENSSL_free existing name if dynamic */
+    if (ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) {
+        OPENSSL_free(ptmp->name);
+        OPENSSL_free(ptmp->sname);
+    }
+    /* dup supplied name */
+    ptmp->name = BUF_strdup(name);
+    ptmp->sname = BUF_strdup(sname);
+    if (!ptmp->name || !ptmp->sname) {
+        X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+        return 0;
+    }
+    /* Keep the dynamic flag of existing entry */
+    ptmp->flags &= X509_PURPOSE_DYNAMIC;
+    /* Set all other flags */
+    ptmp->flags |= flags;
+
+    ptmp->purpose = id;
+    ptmp->trust = trust;
+    ptmp->check_purpose = ck;
+    ptmp->usr_data = arg;
+
+    /* If its a new entry manage the dynamic table */
+    if (idx == -1) {
+        if (!xptable && !(xptable = sk_X509_PURPOSE_new(xp_cmp))) {
+            X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+        if (!sk_X509_PURPOSE_push(xptable, ptmp)) {
+            X509V3err(X509V3_F_X509_PURPOSE_ADD, ERR_R_MALLOC_FAILURE);
+            return 0;
+        }
+    }
+    return 1;
 }
 
 static void xptable_free(X509_PURPOSE *p)
-	{
-	if(!p) return;
-	if (p->flags & X509_PURPOSE_DYNAMIC) 
-		{
-		if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
-			OPENSSL_free(p->name);
-			OPENSSL_free(p->sname);
-		}
-		OPENSSL_free(p);
-		}
-	}
+{
+    if (!p)
+        return;
+    if (p->flags & X509_PURPOSE_DYNAMIC) {
+        if (p->flags & X509_PURPOSE_DYNAMIC_NAME) {
+            OPENSSL_free(p->name);
+            OPENSSL_free(p->sname);
+        }
+        OPENSSL_free(p);
+    }
+}
 
 void X509_PURPOSE_cleanup(void)
 {
-	unsigned int i;
-	sk_X509_PURPOSE_pop_free(xptable, xptable_free);
-	for(i = 0; i < X509_PURPOSE_COUNT; i++) xptable_free(xstandard + i);
-	xptable = NULL;
+    unsigned int i;
+    sk_X509_PURPOSE_pop_free(xptable, xptable_free);
+    for (i = 0; i < X509_PURPOSE_COUNT; i++)
+        xptable_free(xstandard + i);
+    xptable = NULL;
 }
 
 int X509_PURPOSE_get_id(X509_PURPOSE *xp)
 {
-	return xp->purpose;
+    return xp->purpose;
 }
 
 char *X509_PURPOSE_get0_name(X509_PURPOSE *xp)
 {
-	return xp->name;
+    return xp->name;
 }
 
 char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp)
 {
-	return xp->sname;
+    return xp->sname;
 }
 
 int X509_PURPOSE_get_trust(X509_PURPOSE *xp)
 {
-	return xp->trust;
+    return xp->trust;
 }
 
 static int nid_cmp(int *a, int *b)
-	{
-	return *a - *b;
-	}
+{
+    return *a - *b;
+}
 
 int X509_supported_extension(X509_EXTENSION *ex)
-	{
-	/* This table is a list of the NIDs of supported extensions:
-	 * that is those which are used by the verify process. If
-	 * an extension is critical and doesn't appear in this list
-	 * then the verify process will normally reject the certificate.
-	 * The list must be kept in numerical order because it will be
-	 * searched using bsearch.
-	 */
-
-	static int supported_nids[] = {
-		NID_netscape_cert_type, /* 71 */
-        	NID_key_usage,		/* 83 */
-		NID_subject_alt_name,	/* 85 */
-		NID_basic_constraints,	/* 87 */
-		NID_certificate_policies, /* 89 */
-        	NID_ext_key_usage,	/* 126 */
+{
+    /*
+     * This table is a list of the NIDs of supported extensions: that is
+     * those which are used by the verify process. If an extension is
+     * critical and doesn't appear in this list then the verify process will
+     * normally reject the certificate. The list must be kept in numerical
+     * order because it will be searched using bsearch.
+     */
+
+    static int supported_nids[] = {
+        NID_netscape_cert_type, /* 71 */
+        NID_key_usage,          /* 83 */
+        NID_subject_alt_name,   /* 85 */
+        NID_basic_constraints,  /* 87 */
+        NID_certificate_policies, /* 89 */
+        NID_ext_key_usage,      /* 126 */
 #ifndef OPENSSL_NO_RFC3779
-		NID_sbgp_ipAddrBlock,	/* 290 */
-		NID_sbgp_autonomousSysNum, /* 291 */
+        NID_sbgp_ipAddrBlock,   /* 290 */
+        NID_sbgp_autonomousSysNum, /* 291 */
 #endif
-		NID_policy_constraints,	/* 401 */
-		NID_proxyCertInfo,	/* 661 */
-		NID_inhibit_any_policy	/* 748 */
-	};
+        NID_policy_constraints, /* 401 */
+        NID_proxyCertInfo,      /* 661 */
+        NID_inhibit_any_policy  /* 748 */
+    };
 
-	int ex_nid;
+    int ex_nid;
 
-	ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
+    ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex));
 
-	if (ex_nid == NID_undef) 
-		return 0;
+    if (ex_nid == NID_undef)
+        return 0;
 
-	if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
-		sizeof(supported_nids)/sizeof(int), sizeof(int),
-		(int (*)(const void *, const void *))nid_cmp))
-		return 1;
-	return 0;
-	}
- 
+    if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids,
+                    sizeof(supported_nids) / sizeof(int), sizeof(int),
+                    (int (*)(const void *, const void *))nid_cmp))
+        return 1;
+    return 0;
+}
 
 static void x509v3_cache_extensions(X509 *x)
 {
-	BASIC_CONSTRAINTS *bs;
-	PROXY_CERT_INFO_EXTENSION *pci;
-	ASN1_BIT_STRING *usage;
-	ASN1_BIT_STRING *ns;
-	EXTENDED_KEY_USAGE *extusage;
-	X509_EXTENSION *ex;
-	
-	int i;
-	if(x->ex_flags & EXFLAG_SET) return;
+    BASIC_CONSTRAINTS *bs;
+    PROXY_CERT_INFO_EXTENSION *pci;
+    ASN1_BIT_STRING *usage;
+    ASN1_BIT_STRING *ns;
+    EXTENDED_KEY_USAGE *extusage;
+    X509_EXTENSION *ex;
+
+    int i;
+    if (x->ex_flags & EXFLAG_SET)
+        return;
 #ifndef OPENSSL_NO_SHA
-	X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
+    X509_digest(x, EVP_sha1(), x->sha1_hash, NULL);
 #endif
-	/* Does subject name match issuer ? */
-	if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
-			 x->ex_flags |= EXFLAG_SI;
-	/* V1 should mean no extensions ... */
-	if(!X509_get_version(x)) x->ex_flags |= EXFLAG_V1;
-	/* Handle basic constraints */
-	if((bs=X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
-		if(bs->ca) x->ex_flags |= EXFLAG_CA;
-		if(bs->pathlen) {
-			if((bs->pathlen->type == V_ASN1_NEG_INTEGER)
-						|| !bs->ca) {
-				x->ex_flags |= EXFLAG_INVALID;
-				x->ex_pathlen = 0;
-			} else x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
-		} else x->ex_pathlen = -1;
-		BASIC_CONSTRAINTS_free(bs);
-		x->ex_flags |= EXFLAG_BCONS;
-	}
-	/* Handle proxy certificates */
-	if((pci=X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
-		if (x->ex_flags & EXFLAG_CA
-		    || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
-		    || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
-			x->ex_flags |= EXFLAG_INVALID;
-		}
-		if (pci->pcPathLengthConstraint) {
-			x->ex_pcpathlen =
-				ASN1_INTEGER_get(pci->pcPathLengthConstraint);
-		} else x->ex_pcpathlen = -1;
-		PROXY_CERT_INFO_EXTENSION_free(pci);
-		x->ex_flags |= EXFLAG_PROXY;
-	}
-	/* Handle key usage */
-	if((usage=X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
-		if(usage->length > 0) {
-			x->ex_kusage = usage->data[0];
-			if(usage->length > 1) 
-				x->ex_kusage |= usage->data[1] << 8;
-		} else x->ex_kusage = 0;
-		x->ex_flags |= EXFLAG_KUSAGE;
-		ASN1_BIT_STRING_free(usage);
-	}
-	x->ex_xkusage = 0;
-	if((extusage=X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
-		x->ex_flags |= EXFLAG_XKUSAGE;
-		for(i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
-			switch(OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage,i))) {
-				case NID_server_auth:
-				x->ex_xkusage |= XKU_SSL_SERVER;
-				break;
-
-				case NID_client_auth:
-				x->ex_xkusage |= XKU_SSL_CLIENT;
-				break;
-
-				case NID_email_protect:
-				x->ex_xkusage |= XKU_SMIME;
-				break;
-
-				case NID_code_sign:
-				x->ex_xkusage |= XKU_CODE_SIGN;
-				break;
-
-				case NID_ms_sgc:
-				case NID_ns_sgc:
-				x->ex_xkusage |= XKU_SGC;
-				break;
-
-				case NID_OCSP_sign:
-				x->ex_xkusage |= XKU_OCSP_SIGN;
-				break;
-
-				case NID_time_stamp:
-				x->ex_xkusage |= XKU_TIMESTAMP;
-				break;
-
-				case NID_dvcs:
-				x->ex_xkusage |= XKU_DVCS;
-				break;
-			}
-		}
-		sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
-	}
-
-	if((ns=X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
-		if(ns->length > 0) x->ex_nscert = ns->data[0];
-		else x->ex_nscert = 0;
-		x->ex_flags |= EXFLAG_NSCERT;
-		ASN1_BIT_STRING_free(ns);
-	}
-	x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
-	x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
+    /* Does subject name match issuer ? */
+    if (!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x)))
+        x->ex_flags |= EXFLAG_SI;
+    /* V1 should mean no extensions ... */
+    if (!X509_get_version(x))
+        x->ex_flags |= EXFLAG_V1;
+    /* Handle basic constraints */
+    if ((bs = X509_get_ext_d2i(x, NID_basic_constraints, NULL, NULL))) {
+        if (bs->ca)
+            x->ex_flags |= EXFLAG_CA;
+        if (bs->pathlen) {
+            if ((bs->pathlen->type == V_ASN1_NEG_INTEGER)
+                || !bs->ca) {
+                x->ex_flags |= EXFLAG_INVALID;
+                x->ex_pathlen = 0;
+            } else
+                x->ex_pathlen = ASN1_INTEGER_get(bs->pathlen);
+        } else
+            x->ex_pathlen = -1;
+        BASIC_CONSTRAINTS_free(bs);
+        x->ex_flags |= EXFLAG_BCONS;
+    }
+    /* Handle proxy certificates */
+    if ((pci = X509_get_ext_d2i(x, NID_proxyCertInfo, NULL, NULL))) {
+        if (x->ex_flags & EXFLAG_CA
+            || X509_get_ext_by_NID(x, NID_subject_alt_name, 0) >= 0
+            || X509_get_ext_by_NID(x, NID_issuer_alt_name, 0) >= 0) {
+            x->ex_flags |= EXFLAG_INVALID;
+        }
+        if (pci->pcPathLengthConstraint) {
+            x->ex_pcpathlen = ASN1_INTEGER_get(pci->pcPathLengthConstraint);
+        } else
+            x->ex_pcpathlen = -1;
+        PROXY_CERT_INFO_EXTENSION_free(pci);
+        x->ex_flags |= EXFLAG_PROXY;
+    }
+    /* Handle key usage */
+    if ((usage = X509_get_ext_d2i(x, NID_key_usage, NULL, NULL))) {
+        if (usage->length > 0) {
+            x->ex_kusage = usage->data[0];
+            if (usage->length > 1)
+                x->ex_kusage |= usage->data[1] << 8;
+        } else
+            x->ex_kusage = 0;
+        x->ex_flags |= EXFLAG_KUSAGE;
+        ASN1_BIT_STRING_free(usage);
+    }
+    x->ex_xkusage = 0;
+    if ((extusage = X509_get_ext_d2i(x, NID_ext_key_usage, NULL, NULL))) {
+        x->ex_flags |= EXFLAG_XKUSAGE;
+        for (i = 0; i < sk_ASN1_OBJECT_num(extusage); i++) {
+            switch (OBJ_obj2nid(sk_ASN1_OBJECT_value(extusage, i))) {
+            case NID_server_auth:
+                x->ex_xkusage |= XKU_SSL_SERVER;
+                break;
+
+            case NID_client_auth:
+                x->ex_xkusage |= XKU_SSL_CLIENT;
+                break;
+
+            case NID_email_protect:
+                x->ex_xkusage |= XKU_SMIME;
+                break;
+
+            case NID_code_sign:
+                x->ex_xkusage |= XKU_CODE_SIGN;
+                break;
+
+            case NID_ms_sgc:
+            case NID_ns_sgc:
+                x->ex_xkusage |= XKU_SGC;
+                break;
+
+            case NID_OCSP_sign:
+                x->ex_xkusage |= XKU_OCSP_SIGN;
+                break;
+
+            case NID_time_stamp:
+                x->ex_xkusage |= XKU_TIMESTAMP;
+                break;
+
+            case NID_dvcs:
+                x->ex_xkusage |= XKU_DVCS;
+                break;
+            }
+        }
+        sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
+    }
+
+    if ((ns = X509_get_ext_d2i(x, NID_netscape_cert_type, NULL, NULL))) {
+        if (ns->length > 0)
+            x->ex_nscert = ns->data[0];
+        else
+            x->ex_nscert = 0;
+        x->ex_flags |= EXFLAG_NSCERT;
+        ASN1_BIT_STRING_free(ns);
+    }
+    x->skid = X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL);
+    x->akid = X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL);
 #ifndef OPENSSL_NO_RFC3779
-	x->rfc3779_addr =X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
-	x->rfc3779_asid =X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
-					  NULL, NULL);
+    x->rfc3779_addr = X509_get_ext_d2i(x, NID_sbgp_ipAddrBlock, NULL, NULL);
+    x->rfc3779_asid = X509_get_ext_d2i(x, NID_sbgp_autonomousSysNum,
+                                       NULL, NULL);
 #endif
-	for (i = 0; i < X509_get_ext_count(x); i++)
-		{
-		ex = X509_get_ext(x, i);
-		if (!X509_EXTENSION_get_critical(ex))
-			continue;
-		if (!X509_supported_extension(ex))
-			{
-			x->ex_flags |= EXFLAG_CRITICAL;
-			break;
-			}
-		}
-	x->ex_flags |= EXFLAG_SET;
+    for (i = 0; i < X509_get_ext_count(x); i++) {
+        ex = X509_get_ext(x, i);
+        if (!X509_EXTENSION_get_critical(ex))
+            continue;
+        if (!X509_supported_extension(ex)) {
+            x->ex_flags |= EXFLAG_CRITICAL;
+            break;
+        }
+    }
+    x->ex_flags |= EXFLAG_SET;
 }
 
-/* CA checks common to all purposes
+/*-
+ * CA checks common to all purposes
  * return codes:
  * 0 not a CA
  * 1 is a CA
@@ -447,159 +480,202 @@ static void x509v3_cache_extensions(X509 *x)
 
 #define V1_ROOT (EXFLAG_V1|EXFLAG_SS)
 #define ku_reject(x, usage) \
-	(((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
+        (((x)->ex_flags & EXFLAG_KUSAGE) && !((x)->ex_kusage & (usage)))
 #define xku_reject(x, usage) \
-	(((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
+        (((x)->ex_flags & EXFLAG_XKUSAGE) && !((x)->ex_xkusage & (usage)))
 #define ns_reject(x, usage) \
-	(((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
+        (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage)))
 
 static int check_ca(const X509 *x)
 {
-	/* keyUsage if present should allow cert signing */
-	if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
-	if(x->ex_flags & EXFLAG_BCONS) {
-		if(x->ex_flags & EXFLAG_CA) return 1;
-		/* If basicConstraints says not a CA then say so */
-		else return 0;
-	} else {
-		/* we support V1 roots for...  uh, I don't really know why. */
-		if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
-		/* If key usage present it must have certSign so tolerate it */
-		else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
-		/* Older certificates could have Netscape-specific CA types */
-		else if (x->ex_flags & EXFLAG_NSCERT
-			 && x->ex_nscert & NS_ANY_CA) return 5;
-		/* can this still be regarded a CA certificate?  I doubt it */
-		return 0;
-	}
+    /* keyUsage if present should allow cert signing */
+    if (ku_reject(x, KU_KEY_CERT_SIGN))
+        return 0;
+    if (x->ex_flags & EXFLAG_BCONS) {
+        if (x->ex_flags & EXFLAG_CA)
+            return 1;
+        /* If basicConstraints says not a CA then say so */
+        else
+            return 0;
+    } else {
+        /* we support V1 roots for...  uh, I don't really know why. */
+        if ((x->ex_flags & V1_ROOT) == V1_ROOT)
+            return 3;
+        /*
+         * If key usage present it must have certSign so tolerate it
+         */
+        else if (x->ex_flags & EXFLAG_KUSAGE)
+            return 4;
+        /* Older certificates could have Netscape-specific CA types */
+        else if (x->ex_flags & EXFLAG_NSCERT && x->ex_nscert & NS_ANY_CA)
+            return 5;
+        /* can this still be regarded a CA certificate?  I doubt it */
+        return 0;
+    }
 }
 
 int X509_check_ca(X509 *x)
 {
-	if(!(x->ex_flags & EXFLAG_SET)) {
-		CRYPTO_w_lock(CRYPTO_LOCK_X509);
-		x509v3_cache_extensions(x);
-		CRYPTO_w_unlock(CRYPTO_LOCK_X509);
-	}
+    if (!(x->ex_flags & EXFLAG_SET)) {
+        CRYPTO_w_lock(CRYPTO_LOCK_X509);
+        x509v3_cache_extensions(x);
+        CRYPTO_w_unlock(CRYPTO_LOCK_X509);
+    }
 
-	return check_ca(x);
+    return check_ca(x);
 }
 
 /* Check SSL CA: common checks for SSL client and server */
 static int check_ssl_ca(const X509 *x)
 {
-	int ca_ret;
-	ca_ret = check_ca(x);
-	if(!ca_ret) return 0;
-	/* check nsCertType if present */
-	if(ca_ret != 5 || x->ex_nscert & NS_SSL_CA) return ca_ret;
-	else return 0;
+    int ca_ret;
+    ca_ret = check_ca(x);
+    if (!ca_ret)
+        return 0;
+    /* check nsCertType if present */
+    if (ca_ret != 5 || x->ex_nscert & NS_SSL_CA)
+        return ca_ret;
+    else
+        return 0;
 }
 
-
-static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca)
+static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca)
 {
-	if(xku_reject(x,XKU_SSL_CLIENT)) return 0;
-	if(ca) return check_ssl_ca(x);
-	/* We need to do digital signatures with it */
-	if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0;
-	/* nsCertType if present should allow SSL client use */	
-	if(ns_reject(x, NS_SSL_CLIENT)) return 0;
-	return 1;
+    if (xku_reject(x, XKU_SSL_CLIENT))
+        return 0;
+    if (ca)
+        return check_ssl_ca(x);
+    /* We need to do digital signatures with it */
+    if (ku_reject(x, KU_DIGITAL_SIGNATURE))
+        return 0;
+    /* nsCertType if present should allow SSL client use */
+    if (ns_reject(x, NS_SSL_CLIENT))
+        return 0;
+    return 1;
 }
 
-static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
+static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca)
 {
-	if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0;
-	if(ca) return check_ssl_ca(x);
+    if (xku_reject(x, XKU_SSL_SERVER | XKU_SGC))
+        return 0;
+    if (ca)
+        return check_ssl_ca(x);
 
-	if(ns_reject(x, NS_SSL_SERVER)) return 0;
-	/* Now as for keyUsage: we'll at least need to sign OR encipher */
-	if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_KEY_ENCIPHERMENT)) return 0;
-	
-	return 1;
+    if (ns_reject(x, NS_SSL_SERVER))
+        return 0;
+    /* Now as for keyUsage: we'll at least need to sign OR encipher */
+    if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_KEY_ENCIPHERMENT))
+        return 0;
+
+    return 1;
 
 }
 
-static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca)
+static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca)
 {
-	int ret;
-	ret = check_purpose_ssl_server(xp, x, ca);
-	if(!ret || ca) return ret;
-	/* We need to encipher or Netscape complains */
-	if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
-	return ret;
+    int ret;
+    ret = check_purpose_ssl_server(xp, x, ca);
+    if (!ret || ca)
+        return ret;
+    /* We need to encipher or Netscape complains */
+    if (ku_reject(x, KU_KEY_ENCIPHERMENT))
+        return 0;
+    return ret;
 }
 
 /* common S/MIME checks */
 static int purpose_smime(const X509 *x, int ca)
 {
-	if(xku_reject(x,XKU_SMIME)) return 0;
-	if(ca) {
-		int ca_ret;
-		ca_ret = check_ca(x);
-		if(!ca_ret) return 0;
-		/* check nsCertType if present */
-		if(ca_ret != 5 || x->ex_nscert & NS_SMIME_CA) return ca_ret;
-		else return 0;
-	}
-	if(x->ex_flags & EXFLAG_NSCERT) {
-		if(x->ex_nscert & NS_SMIME) return 1;
-		/* Workaround for some buggy certificates */
-		if(x->ex_nscert & NS_SSL_CLIENT) return 2;
-		return 0;
-	}
-	return 1;
+    if (xku_reject(x, XKU_SMIME))
+        return 0;
+    if (ca) {
+        int ca_ret;
+        ca_ret = check_ca(x);
+        if (!ca_ret)
+            return 0;
+        /* check nsCertType if present */
+        if (ca_ret != 5 || x->ex_nscert & NS_SMIME_CA)
+            return ca_ret;
+        else
+            return 0;
+    }
+    if (x->ex_flags & EXFLAG_NSCERT) {
+        if (x->ex_nscert & NS_SMIME)
+            return 1;
+        /* Workaround for some buggy certificates */
+        if (x->ex_nscert & NS_SSL_CLIENT)
+            return 2;
+        return 0;
+    }
+    return 1;
 }
 
-static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
+static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x,
+                                    int ca)
 {
-	int ret;
-	ret = purpose_smime(x, ca);
-	if(!ret || ca) return ret;
-	if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0;
-	return ret;
+    int ret;
+    ret = purpose_smime(x, ca);
+    if (!ret || ca)
+        return ret;
+    if (ku_reject(x, KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION))
+        return 0;
+    return ret;
 }
 
-static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca)
+static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x,
+                                       int ca)
 {
-	int ret;
-	ret = purpose_smime(x, ca);
-	if(!ret || ca) return ret;
-	if(ku_reject(x, KU_KEY_ENCIPHERMENT)) return 0;
-	return ret;
+    int ret;
+    ret = purpose_smime(x, ca);
+    if (!ret || ca)
+        return ret;
+    if (ku_reject(x, KU_KEY_ENCIPHERMENT))
+        return 0;
+    return ret;
 }
 
-static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca)
+static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x,
+                                  int ca)
 {
-	if(ca) {
-		int ca_ret;
-		if((ca_ret = check_ca(x)) != 2) return ca_ret;
-		else return 0;
-	}
-	if(ku_reject(x, KU_CRL_SIGN)) return 0;
-	return 1;
+    if (ca) {
+        int ca_ret;
+        if ((ca_ret = check_ca(x)) != 2)
+            return ca_ret;
+        else
+            return 0;
+    }
+    if (ku_reject(x, KU_CRL_SIGN))
+        return 0;
+    return 1;
 }
 
-/* OCSP helper: this is *not* a full OCSP check. It just checks that
- * each CA is valid. Additional checks must be made on the chain.
+/*
+ * OCSP helper: this is *not* a full OCSP check. It just checks that each CA
+ * is valid. Additional checks must be made on the chain.
  */
 
 static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca)
 {
-	/* Must be a valid CA.  Should we really support the "I don't know"
-	   value (2)? */
-	if(ca) return check_ca(x);
-	/* leaf certificate is checked in OCSP_verify() */
-	return 1;
+    /*
+     * Must be a valid CA.  Should we really support the "I don't know" value
+     * (2)?
+     */
+    if (ca)
+        return check_ca(x);
+    /* leaf certificate is checked in OCSP_verify() */
+    return 1;
 }
 
 static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
 {
-	return 1;
+    return 1;
 }
 
-/* Various checks to see if one certificate issued the second.
+/*-
+ * Various checks to see if one certificate issued the second.
  * This can be used to prune a set of possible issuer certificates
  * which have been looked up using some simple method such as by
  * subject name.
@@ -613,51 +689,48 @@ static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca)
 
 int X509_check_issued(X509 *issuer, X509 *subject)
 {
-	if(X509_NAME_cmp(X509_get_subject_name(issuer),
-			X509_get_issuer_name(subject)))
-				return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
-	x509v3_cache_extensions(issuer);
-	x509v3_cache_extensions(subject);
-	if(subject->akid) {
-		/* Check key ids (if present) */
-		if(subject->akid->keyid && issuer->skid &&
-		 ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) )
-				return X509_V_ERR_AKID_SKID_MISMATCH;
-		/* Check serial number */
-		if(subject->akid->serial &&
-			ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),
-						subject->akid->serial))
-				return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
-		/* Check issuer name */
-		if(subject->akid->issuer) {
-			/* Ugh, for some peculiar reason AKID includes
-			 * SEQUENCE OF GeneralName. So look for a DirName.
-			 * There may be more than one but we only take any
-			 * notice of the first.
-			 */
-			GENERAL_NAMES *gens;
-			GENERAL_NAME *gen;
-			X509_NAME *nm = NULL;
-			int i;
-			gens = subject->akid->issuer;
-			for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
-				gen = sk_GENERAL_NAME_value(gens, i);
-				if(gen->type == GEN_DIRNAME) {
-					nm = gen->d.dirn;
-					break;
-				}
-			}
-			if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
-				return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
-		}
-	}
-	if(subject->ex_flags & EXFLAG_PROXY)
-		{
-		if(ku_reject(issuer, KU_DIGITAL_SIGNATURE))
-			return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
-		}
-	else if(ku_reject(issuer, KU_KEY_CERT_SIGN))
-		return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
-	return X509_V_OK;
+    if (X509_NAME_cmp(X509_get_subject_name(issuer),
+                      X509_get_issuer_name(subject)))
+        return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
+    x509v3_cache_extensions(issuer);
+    x509v3_cache_extensions(subject);
+    if (subject->akid) {
+        /* Check key ids (if present) */
+        if (subject->akid->keyid && issuer->skid &&
+            ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid))
+            return X509_V_ERR_AKID_SKID_MISMATCH;
+        /* Check serial number */
+        if (subject->akid->serial &&
+            ASN1_INTEGER_cmp(X509_get_serialNumber(issuer),
+                             subject->akid->serial))
+            return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+        /* Check issuer name */
+        if (subject->akid->issuer) {
+            /*
+             * Ugh, for some peculiar reason AKID includes SEQUENCE OF
+             * GeneralName. So look for a DirName. There may be more than one
+             * but we only take any notice of the first.
+             */
+            GENERAL_NAMES *gens;
+            GENERAL_NAME *gen;
+            X509_NAME *nm = NULL;
+            int i;
+            gens = subject->akid->issuer;
+            for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+                gen = sk_GENERAL_NAME_value(gens, i);
+                if (gen->type == GEN_DIRNAME) {
+                    nm = gen->d.dirn;
+                    break;
+                }
+            }
+            if (nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer)))
+                return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH;
+        }
+    }
+    if (subject->ex_flags & EXFLAG_PROXY) {
+        if (ku_reject(issuer, KU_DIGITAL_SIGNATURE))
+            return X509_V_ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE;
+    } else if (ku_reject(issuer, KU_KEY_CERT_SIGN))
+        return X509_V_ERR_KEYUSAGE_NO_CERTSIGN;
+    return X509_V_OK;
 }
-
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c
index 202c9e48..70c27953 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_skey.c
@@ -1,6 +1,7 @@
 /* v3_skey.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -56,89 +57,92 @@
  *
  */
 
-
 #include <stdio.h>
 #include "cryptlib.h"
 #include <openssl/x509v3.h>
 
-static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str);
-const X509V3_EXT_METHOD v3_skey_id = { 
-NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
-0,0,0,0,
-(X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
-(X509V3_EXT_S2I)s2i_skey_id,
-0,0,0,0,
-NULL};
-
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
-	     ASN1_OCTET_STRING *oct)
+static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
+                                      X509V3_CTX *ctx, char *str);
+const X509V3_EXT_METHOD v3_skey_id = {
+    NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING,
+    (X509V3_EXT_S2I)s2i_skey_id,
+    0, 0, 0, 0,
+    NULL
+};
+
+char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct)
 {
-	return hex_to_string(oct->data, oct->length);
+    return hex_to_string(oct->data, oct->length);
 }
 
 ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, char *str)
+                                         X509V3_CTX *ctx, char *str)
 {
-	ASN1_OCTET_STRING *oct;
-	long length;
+    ASN1_OCTET_STRING *oct;
+    long length;
 
-	if(!(oct = M_ASN1_OCTET_STRING_new())) {
-		X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
+    if (!(oct = M_ASN1_OCTET_STRING_new())) {
+        X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
 
-	if(!(oct->data = string_to_hex(str, &length))) {
-		M_ASN1_OCTET_STRING_free(oct);
-		return NULL;
-	}
+    if (!(oct->data = string_to_hex(str, &length))) {
+        M_ASN1_OCTET_STRING_free(oct);
+        return NULL;
+    }
 
-	oct->length = length;
+    oct->length = length;
 
-	return oct;
+    return oct;
 
 }
 
 static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method,
-	     X509V3_CTX *ctx, char *str)
+                                      X509V3_CTX *ctx, char *str)
 {
-	ASN1_OCTET_STRING *oct;
-	ASN1_BIT_STRING *pk;
-	unsigned char pkey_dig[EVP_MAX_MD_SIZE];
-	unsigned int diglen;
-
-	if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str);
-
-	if(!(oct = M_ASN1_OCTET_STRING_new())) {
-		X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-
-	if(ctx && (ctx->flags == CTX_TEST)) return oct;
-
-	if(!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
-		X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
-		goto err;
-	}
-
-	if(ctx->subject_req) 
-		pk = ctx->subject_req->req_info->pubkey->public_key;
-	else pk = ctx->subject_cert->cert_info->key->public_key;
-
-	if(!pk) {
-		X509V3err(X509V3_F_S2I_SKEY_ID,X509V3_R_NO_PUBLIC_KEY);
-		goto err;
-	}
-
-	EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
-
-	if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
-		X509V3err(X509V3_F_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE);
-		goto err;
-	}
-
-	return oct;
-	
-	err:
-	M_ASN1_OCTET_STRING_free(oct);
-	return NULL;
+    ASN1_OCTET_STRING *oct;
+    ASN1_BIT_STRING *pk;
+    unsigned char pkey_dig[EVP_MAX_MD_SIZE];
+    unsigned int diglen;
+
+    if (strcmp(str, "hash"))
+        return s2i_ASN1_OCTET_STRING(method, ctx, str);
+
+    if (!(oct = M_ASN1_OCTET_STRING_new())) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+
+    if (ctx && (ctx->flags == CTX_TEST))
+        return oct;
+
+    if (!ctx || (!ctx->subject_req && !ctx->subject_cert)) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
+        goto err;
+    }
+
+    if (ctx->subject_req)
+        pk = ctx->subject_req->req_info->pubkey->public_key;
+    else
+        pk = ctx->subject_cert->cert_info->key->public_key;
+
+    if (!pk) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, X509V3_R_NO_PUBLIC_KEY);
+        goto err;
+    }
+
+    EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL);
+
+    if (!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) {
+        X509V3err(X509V3_F_S2I_SKEY_ID, ERR_R_MALLOC_FAILURE);
+        goto err;
+    }
+
+    return oct;
+
+ err:
+    M_ASN1_OCTET_STRING_free(oct);
+    return NULL;
 }
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c
index 2a6bf11b..a4e6a93e 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_sxnet.c
@@ -1,6 +1,7 @@
 /* v3_sxnet.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 1999.
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
  */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -67,196 +68,206 @@
 
 #define SXNET_TEST
 
-static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, int indent);
+static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
+                     int indent);
 #ifdef SXNET_TEST
-static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-						STACK_OF(CONF_VALUE) *nval);
+static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                        STACK_OF(CONF_VALUE) *nval);
 #endif
 const X509V3_EXT_METHOD v3_sxnet = {
-NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
-0,0,0,0,
-0,0,
-0, 
+    NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET),
+    0, 0, 0, 0,
+    0, 0,
+    0,
 #ifdef SXNET_TEST
-(X509V3_EXT_V2I)sxnet_v2i,
+    (X509V3_EXT_V2I)sxnet_v2i,
 #else
-0,
+    0,
 #endif
-(X509V3_EXT_I2R)sxnet_i2r,
-0,
-NULL
+    (X509V3_EXT_I2R)sxnet_i2r,
+    0,
+    NULL
 };
 
 ASN1_SEQUENCE(SXNETID) = {
-	ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
-	ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
+        ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER),
+        ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING)
 } ASN1_SEQUENCE_END(SXNETID)
 
 IMPLEMENT_ASN1_FUNCTIONS(SXNETID)
 
 ASN1_SEQUENCE(SXNET) = {
-	ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
-	ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
+        ASN1_SIMPLE(SXNET, version, ASN1_INTEGER),
+        ASN1_SEQUENCE_OF(SXNET, ids, SXNETID)
 } ASN1_SEQUENCE_END(SXNET)
 
 IMPLEMENT_ASN1_FUNCTIONS(SXNET)
 
 static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out,
-	     int indent)
+                     int indent)
 {
-	long v;
-	char *tmp;
-	SXNETID *id;
-	int i;
-	v = ASN1_INTEGER_get(sx->version);
-	BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
-	for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
-		id = sk_SXNETID_value(sx->ids, i);
-		tmp = i2s_ASN1_INTEGER(NULL, id->zone);
-		BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
-		OPENSSL_free(tmp);
-		M_ASN1_OCTET_STRING_print(out, id->user);
-	}
-	return 1;
+    long v;
+    char *tmp;
+    SXNETID *id;
+    int i;
+    v = ASN1_INTEGER_get(sx->version);
+    BIO_printf(out, "%*sVersion: %ld (0x%lX)", indent, "", v + 1, v);
+    for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+        id = sk_SXNETID_value(sx->ids, i);
+        tmp = i2s_ASN1_INTEGER(NULL, id->zone);
+        BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp);
+        OPENSSL_free(tmp);
+        M_ASN1_OCTET_STRING_print(out, id->user);
+    }
+    return 1;
 }
 
 #ifdef SXNET_TEST
 
-/* NBB: this is used for testing only. It should *not* be used for anything
+/*
+ * NBB: this is used for testing only. It should *not* be used for anything
  * else because it will just take static IDs from the configuration file and
  * they should really be separate values for each user.
  */
 
-
-static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-	     STACK_OF(CONF_VALUE) *nval)
+static SXNET *sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                        STACK_OF(CONF_VALUE) *nval)
 {
-	CONF_VALUE *cnf;
-	SXNET *sx = NULL;
-	int i;
-	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
-		cnf = sk_CONF_VALUE_value(nval, i);
-		if(!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
-								 return NULL;
-	}
-	return sx;
+    CONF_VALUE *cnf;
+    SXNET *sx = NULL;
+    int i;
+    for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+        cnf = sk_CONF_VALUE_value(nval, i);
+        if (!SXNET_add_id_asc(&sx, cnf->name, cnf->value, -1))
+            return NULL;
+    }
+    return sx;
 }
-		
-	
+
 #endif
 
 /* Strong Extranet utility functions */
 
 /* Add an id given the zone as an ASCII number */
 
-int SXNET_add_id_asc(SXNET **psx, char *zone, char *user,
-	     int userlen)
+int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen)
 {
-	ASN1_INTEGER *izone = NULL;
-	if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
-		X509V3err(X509V3_F_SXNET_ADD_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
-		return 0;
-	}
-	return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+    ASN1_INTEGER *izone = NULL;
+    if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
+        return 0;
+    }
+    return SXNET_add_id_INTEGER(psx, izone, user, userlen);
 }
 
 /* Add an id given the zone as an unsigned long */
 
 int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user,
-	     int userlen)
+                       int userlen)
 {
-	ASN1_INTEGER *izone = NULL;
-	if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
-		X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE);
-		M_ASN1_INTEGER_free(izone);
-		return 0;
-	}
-	return SXNET_add_id_INTEGER(psx, izone, user, userlen);
-	
+    ASN1_INTEGER *izone = NULL;
+    if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_ULONG, ERR_R_MALLOC_FAILURE);
+        M_ASN1_INTEGER_free(izone);
+        return 0;
+    }
+    return SXNET_add_id_INTEGER(psx, izone, user, userlen);
+
 }
 
-/* Add an id given the zone as an ASN1_INTEGER.
- * Note this version uses the passed integer and doesn't make a copy so don't
- * free it up afterwards.
+/*
+ * Add an id given the zone as an ASN1_INTEGER. Note this version uses the
+ * passed integer and doesn't make a copy so don't free it up afterwards.
  */
 
 int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user,
-	     int userlen)
+                         int userlen)
 {
-	SXNET *sx = NULL;
-	SXNETID *id = NULL;
-	if(!psx || !zone || !user) {
-		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_INVALID_NULL_ARGUMENT);
-		return 0;
-	}
-	if(userlen == -1) userlen = strlen(user);
-	if(userlen > 64) {
-		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_USER_TOO_LONG);
-		return 0;
-	}
-	if(!*psx) {
-		if(!(sx = SXNET_new())) goto err;
-		if(!ASN1_INTEGER_set(sx->version, 0)) goto err;
-		*psx = sx;
-	} else sx = *psx;
-	if(SXNET_get_id_INTEGER(sx, zone)) {
-		X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,X509V3_R_DUPLICATE_ZONE_ID);
-		return 0;
-	}
+    SXNET *sx = NULL;
+    SXNETID *id = NULL;
+    if (!psx || !zone || !user) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,
+                  X509V3_R_INVALID_NULL_ARGUMENT);
+        return 0;
+    }
+    if (userlen == -1)
+        userlen = strlen(user);
+    if (userlen > 64) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_USER_TOO_LONG);
+        return 0;
+    }
+    if (!*psx) {
+        if (!(sx = SXNET_new()))
+            goto err;
+        if (!ASN1_INTEGER_set(sx->version, 0))
+            goto err;
+        *psx = sx;
+    } else
+        sx = *psx;
+    if (SXNET_get_id_INTEGER(sx, zone)) {
+        X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, X509V3_R_DUPLICATE_ZONE_ID);
+        return 0;
+    }
 
-	if(!(id = SXNETID_new())) goto err;
-	if(userlen == -1) userlen = strlen(user);
-		
-	if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err;
-	if(!sk_SXNETID_push(sx->ids, id)) goto err;
-	id->zone = zone;
-	return 1;
-	
-	err:
-	X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER,ERR_R_MALLOC_FAILURE);
-	SXNETID_free(id);
-	SXNET_free(sx);
-	*psx = NULL;
-	return 0;
+    if (!(id = SXNETID_new()))
+        goto err;
+    if (userlen == -1)
+        userlen = strlen(user);
+
+    if (!M_ASN1_OCTET_STRING_set(id->user, user, userlen))
+        goto err;
+    if (!sk_SXNETID_push(sx->ids, id))
+        goto err;
+    id->zone = zone;
+    return 1;
+
+ err:
+    X509V3err(X509V3_F_SXNET_ADD_ID_INTEGER, ERR_R_MALLOC_FAILURE);
+    SXNETID_free(id);
+    SXNET_free(sx);
+    *psx = NULL;
+    return 0;
 }
 
 ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone)
 {
-	ASN1_INTEGER *izone = NULL;
-	ASN1_OCTET_STRING *oct;
-	if(!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
-		X509V3err(X509V3_F_SXNET_GET_ID_ASC,X509V3_R_ERROR_CONVERTING_ZONE);
-		return NULL;
-	}
-	oct = SXNET_get_id_INTEGER(sx, izone);
-	M_ASN1_INTEGER_free(izone);
-	return oct;
+    ASN1_INTEGER *izone = NULL;
+    ASN1_OCTET_STRING *oct;
+    if (!(izone = s2i_ASN1_INTEGER(NULL, zone))) {
+        X509V3err(X509V3_F_SXNET_GET_ID_ASC, X509V3_R_ERROR_CONVERTING_ZONE);
+        return NULL;
+    }
+    oct = SXNET_get_id_INTEGER(sx, izone);
+    M_ASN1_INTEGER_free(izone);
+    return oct;
 }
 
 ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone)
 {
-	ASN1_INTEGER *izone = NULL;
-	ASN1_OCTET_STRING *oct;
-	if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
-		X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE);
-		M_ASN1_INTEGER_free(izone);
-		return NULL;
-	}
-	oct = SXNET_get_id_INTEGER(sx, izone);
-	M_ASN1_INTEGER_free(izone);
-	return oct;
+    ASN1_INTEGER *izone = NULL;
+    ASN1_OCTET_STRING *oct;
+    if (!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) {
+        X509V3err(X509V3_F_SXNET_GET_ID_ULONG, ERR_R_MALLOC_FAILURE);
+        M_ASN1_INTEGER_free(izone);
+        return NULL;
+    }
+    oct = SXNET_get_id_INTEGER(sx, izone);
+    M_ASN1_INTEGER_free(izone);
+    return oct;
 }
 
 ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone)
 {
-	SXNETID *id;
-	int i;
-	for(i = 0; i < sk_SXNETID_num(sx->ids); i++) {
-		id = sk_SXNETID_value(sx->ids, i);
-		if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user;
-	}
-	return NULL;
+    SXNETID *id;
+    int i;
+    for (i = 0; i < sk_SXNETID_num(sx->ids); i++) {
+        id = sk_SXNETID_value(sx->ids, i);
+        if (!M_ASN1_INTEGER_cmp(id->zone, zone))
+            return id->user;
+    }
+    return NULL;
 }
 
 IMPLEMENT_STACK_OF(SXNETID)
+
 IMPLEMENT_ASN1_SET_OF(SXNETID)
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c
index 7a45216c..ff32afe8 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_utl.c
@@ -1,5 +1,6 @@
 /* v3_utl.c */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/*
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
 /* ====================================================================
@@ -10,7 +11,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -57,7 +58,6 @@
  */
 /* X509 v3 extension utilities */
 
-
 #include <stdio.h>
 #include <ctype.h>
 #include "cryptlib.h"
@@ -66,10 +66,10 @@
 #include <openssl/bn.h>
 
 static char *strip_spaces(char *name);
-static int sk_strcmp(const char * const *a, const char * const *b);
+static int sk_strcmp(const char *const *a, const char *const *b);
 static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens);
 static void str_free(void *str);
-static int append_ia5(STACK **sk, ASN1_IA5STRING *email);
+static int append_ia5(STACK ** sk, ASN1_IA5STRING *email);
 
 static int ipv4_from_asc(unsigned char *v4, const char *in);
 static int ipv6_from_asc(unsigned char *v6, const char *in);
@@ -79,793 +79,832 @@ static int ipv6_hex(unsigned char *out, const char *in, int inlen);
 /* Add a CONF_VALUE name value pair to stack */
 
 int X509V3_add_value(const char *name, const char *value,
-						STACK_OF(CONF_VALUE) **extlist)
-{
-	CONF_VALUE *vtmp = NULL;
-	char *tname = NULL, *tvalue = NULL;
-	if(name && !(tname = BUF_strdup(name))) goto err;
-	if(value && !(tvalue = BUF_strdup(value))) goto err;
-	if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err;
-	if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err;
-	vtmp->section = NULL;
-	vtmp->name = tname;
-	vtmp->value = tvalue;
-	if(!sk_CONF_VALUE_push(*extlist, vtmp)) goto err;
-	return 1;
-	err:
-	X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE);
-	if(vtmp) OPENSSL_free(vtmp);
-	if(tname) OPENSSL_free(tname);
-	if(tvalue) OPENSSL_free(tvalue);
-	return 0;
+                     STACK_OF(CONF_VALUE) **extlist)
+{
+    CONF_VALUE *vtmp = NULL;
+    char *tname = NULL, *tvalue = NULL;
+    if (name && !(tname = BUF_strdup(name)))
+        goto err;
+    if (value && !(tvalue = BUF_strdup(value)))
+        goto err;
+    if (!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE))))
+        goto err;
+    if (!*extlist && !(*extlist = sk_CONF_VALUE_new_null()))
+        goto err;
+    vtmp->section = NULL;
+    vtmp->name = tname;
+    vtmp->value = tvalue;
+    if (!sk_CONF_VALUE_push(*extlist, vtmp))
+        goto err;
+    return 1;
+ err:
+    X509V3err(X509V3_F_X509V3_ADD_VALUE, ERR_R_MALLOC_FAILURE);
+    if (vtmp)
+        OPENSSL_free(vtmp);
+    if (tname)
+        OPENSSL_free(tname);
+    if (tvalue)
+        OPENSSL_free(tvalue);
+    return 0;
 }
 
 int X509V3_add_value_uchar(const char *name, const unsigned char *value,
-			   STACK_OF(CONF_VALUE) **extlist)
-    {
-    return X509V3_add_value(name,(const char *)value,extlist);
-    }
+                           STACK_OF(CONF_VALUE) **extlist)
+{
+    return X509V3_add_value(name, (const char *)value, extlist);
+}
 
 /* Free function for STACK_OF(CONF_VALUE) */
 
 void X509V3_conf_free(CONF_VALUE *conf)
 {
-	if(!conf) return;
-	if(conf->name) OPENSSL_free(conf->name);
-	if(conf->value) OPENSSL_free(conf->value);
-	if(conf->section) OPENSSL_free(conf->section);
-	OPENSSL_free(conf);
+    if (!conf)
+        return;
+    if (conf->name)
+        OPENSSL_free(conf->name);
+    if (conf->value)
+        OPENSSL_free(conf->value);
+    if (conf->section)
+        OPENSSL_free(conf->section);
+    OPENSSL_free(conf);
 }
 
 int X509V3_add_value_bool(const char *name, int asn1_bool,
-						STACK_OF(CONF_VALUE) **extlist)
+                          STACK_OF(CONF_VALUE) **extlist)
 {
-	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
-	return X509V3_add_value(name, "FALSE", extlist);
+    if (asn1_bool)
+        return X509V3_add_value(name, "TRUE", extlist);
+    return X509V3_add_value(name, "FALSE", extlist);
 }
 
 int X509V3_add_value_bool_nf(char *name, int asn1_bool,
-						STACK_OF(CONF_VALUE) **extlist)
+                             STACK_OF(CONF_VALUE) **extlist)
 {
-	if(asn1_bool) return X509V3_add_value(name, "TRUE", extlist);
-	return 1;
+    if (asn1_bool)
+        return X509V3_add_value(name, "TRUE", extlist);
+    return 1;
 }
 
-
 char *i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *method, ASN1_ENUMERATED *a)
 {
-	BIGNUM *bntmp = NULL;
-	char *strtmp = NULL;
-	if(!a) return NULL;
-	if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
-	    !(strtmp = BN_bn2dec(bntmp)) )
-		X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE);
-	BN_free(bntmp);
-	return strtmp;
+    BIGNUM *bntmp = NULL;
+    char *strtmp = NULL;
+    if (!a)
+        return NULL;
+    if (!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) ||
+        !(strtmp = BN_bn2dec(bntmp)))
+        X509V3err(X509V3_F_I2S_ASN1_ENUMERATED, ERR_R_MALLOC_FAILURE);
+    BN_free(bntmp);
+    return strtmp;
 }
 
 char *i2s_ASN1_INTEGER(X509V3_EXT_METHOD *method, ASN1_INTEGER *a)
 {
-	BIGNUM *bntmp = NULL;
-	char *strtmp = NULL;
-	if(!a) return NULL;
-	if(!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
-	    !(strtmp = BN_bn2dec(bntmp)) )
-		X509V3err(X509V3_F_I2S_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
-	BN_free(bntmp);
-	return strtmp;
+    BIGNUM *bntmp = NULL;
+    char *strtmp = NULL;
+    if (!a)
+        return NULL;
+    if (!(bntmp = ASN1_INTEGER_to_BN(a, NULL)) ||
+        !(strtmp = BN_bn2dec(bntmp)))
+        X509V3err(X509V3_F_I2S_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
+    BN_free(bntmp);
+    return strtmp;
 }
 
 ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value)
 {
-	BIGNUM *bn = NULL;
-	ASN1_INTEGER *aint;
-	int isneg, ishex;
-	int ret;
-	if (!value) {
-		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE);
-		return 0;
-	}
-	bn = BN_new();
-	if (value[0] == '-') {
-		value++;
-		isneg = 1;
-	} else isneg = 0;
-
-	if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
-		value += 2;
-		ishex = 1;
-	} else ishex = 0;
-
-	if (ishex) ret = BN_hex2bn(&bn, value);
-	else ret = BN_dec2bn(&bn, value);
-
-	if (!ret || value[ret]) {
-		BN_free(bn);
-		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR);
-		return 0;
-	}
-
-	if (isneg && BN_is_zero(bn)) isneg = 0;
-
-	aint = BN_to_ASN1_INTEGER(bn, NULL);
-	BN_free(bn);
-	if (!aint) {
-		X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
-		return 0;
-	}
-	if (isneg) aint->type |= V_ASN1_NEG;
-	return aint;
+    BIGNUM *bn = NULL;
+    ASN1_INTEGER *aint;
+    int isneg, ishex;
+    int ret;
+    if (!value) {
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_INVALID_NULL_VALUE);
+        return 0;
+    }
+    bn = BN_new();
+    if (value[0] == '-') {
+        value++;
+        isneg = 1;
+    } else
+        isneg = 0;
+
+    if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) {
+        value += 2;
+        ishex = 1;
+    } else
+        ishex = 0;
+
+    if (ishex)
+        ret = BN_hex2bn(&bn, value);
+    else
+        ret = BN_dec2bn(&bn, value);
+
+    if (!ret || value[ret]) {
+        BN_free(bn);
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER, X509V3_R_BN_DEC2BN_ERROR);
+        return 0;
+    }
+
+    if (isneg && BN_is_zero(bn))
+        isneg = 0;
+
+    aint = BN_to_ASN1_INTEGER(bn, NULL);
+    BN_free(bn);
+    if (!aint) {
+        X509V3err(X509V3_F_S2I_ASN1_INTEGER,
+                  X509V3_R_BN_TO_ASN1_INTEGER_ERROR);
+        return 0;
+    }
+    if (isneg)
+        aint->type |= V_ASN1_NEG;
+    return aint;
 }
 
 int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
-	     STACK_OF(CONF_VALUE) **extlist)
+                         STACK_OF(CONF_VALUE) **extlist)
 {
-	char *strtmp;
-	int ret;
-	if(!aint) return 1;
-	if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0;
-	ret = X509V3_add_value(name, strtmp, extlist);
-	OPENSSL_free(strtmp);
-	return ret;
+    char *strtmp;
+    int ret;
+    if (!aint)
+        return 1;
+    if (!(strtmp = i2s_ASN1_INTEGER(NULL, aint)))
+        return 0;
+    ret = X509V3_add_value(name, strtmp, extlist);
+    OPENSSL_free(strtmp);
+    return ret;
 }
 
 int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool)
 {
-	char *btmp;
-	if(!(btmp = value->value)) goto err;
-	if(!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
-		 || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
-		|| !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
-		*asn1_bool = 0xff;
-		return 1;
-	} else if(!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
-		 || !strcmp(btmp, "N") || !strcmp(btmp, "n")
-		|| !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
-		*asn1_bool = 0;
-		return 1;
-	}
-	err:
-	X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,X509V3_R_INVALID_BOOLEAN_STRING);
-	X509V3_conf_err(value);
-	return 0;
+    char *btmp;
+    if (!(btmp = value->value))
+        goto err;
+    if (!strcmp(btmp, "TRUE") || !strcmp(btmp, "true")
+        || !strcmp(btmp, "Y") || !strcmp(btmp, "y")
+        || !strcmp(btmp, "YES") || !strcmp(btmp, "yes")) {
+        *asn1_bool = 0xff;
+        return 1;
+    } else if (!strcmp(btmp, "FALSE") || !strcmp(btmp, "false")
+               || !strcmp(btmp, "N") || !strcmp(btmp, "n")
+               || !strcmp(btmp, "NO") || !strcmp(btmp, "no")) {
+        *asn1_bool = 0;
+        return 1;
+    }
+ err:
+    X509V3err(X509V3_F_X509V3_GET_VALUE_BOOL,
+              X509V3_R_INVALID_BOOLEAN_STRING);
+    X509V3_conf_err(value);
+    return 0;
 }
 
 int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint)
 {
-	ASN1_INTEGER *itmp;
-	if(!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
-		X509V3_conf_err(value);
-		return 0;
-	}
-	*aint = itmp;
-	return 1;
+    ASN1_INTEGER *itmp;
+    if (!(itmp = s2i_ASN1_INTEGER(NULL, value->value))) {
+        X509V3_conf_err(value);
+        return 0;
+    }
+    *aint = itmp;
+    return 1;
 }
 
-#define HDR_NAME	1
-#define HDR_VALUE	2
+#define HDR_NAME        1
+#define HDR_VALUE       2
 
-/*#define DEBUG*/
+/*
+ * #define DEBUG
+ */
 
 STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line)
 {
-	char *p, *q, c;
-	char *ntmp, *vtmp;
-	STACK_OF(CONF_VALUE) *values = NULL;
-	char *linebuf;
-	int state;
-	/* We are going to modify the line so copy it first */
-	linebuf = BUF_strdup(line);
-	state = HDR_NAME;
-	ntmp = NULL;
-	/* Go through all characters */
-	for(p = linebuf, q = linebuf; (c = *p) && (c!='\r') && (c!='\n'); p++) {
-
-		switch(state) {
-			case HDR_NAME:
-			if(c == ':') {
-				state = HDR_VALUE;
-				*p = 0;
-				ntmp = strip_spaces(q);
-				if(!ntmp) {
-					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
-					goto err;
-				}
-				q = p + 1;
-			} else if(c == ',') {
-				*p = 0;
-				ntmp = strip_spaces(q);
-				q = p + 1;
+    char *p, *q, c;
+    char *ntmp, *vtmp;
+    STACK_OF(CONF_VALUE) *values = NULL;
+    char *linebuf;
+    int state;
+    /* We are going to modify the line so copy it first */
+    linebuf = BUF_strdup(line);
+    state = HDR_NAME;
+    ntmp = NULL;
+    /* Go through all characters */
+    for (p = linebuf, q = linebuf; (c = *p) && (c != '\r') && (c != '\n');
+         p++) {
+
+        switch (state) {
+        case HDR_NAME:
+            if (c == ':') {
+                state = HDR_VALUE;
+                *p = 0;
+                ntmp = strip_spaces(q);
+                if (!ntmp) {
+                    X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                              X509V3_R_INVALID_NULL_NAME);
+                    goto err;
+                }
+                q = p + 1;
+            } else if (c == ',') {
+                *p = 0;
+                ntmp = strip_spaces(q);
+                q = p + 1;
 #if 0
-				printf("%s\n", ntmp);
+                printf("%s\n", ntmp);
 #endif
-				if(!ntmp) {
-					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
-					goto err;
-				}
-				X509V3_add_value(ntmp, NULL, &values);
-			}
-			break ;
-
-			case HDR_VALUE:
-			if(c == ',') {
-				state = HDR_NAME;
-				*p = 0;
-				vtmp = strip_spaces(q);
+                if (!ntmp) {
+                    X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                              X509V3_R_INVALID_NULL_NAME);
+                    goto err;
+                }
+                X509V3_add_value(ntmp, NULL, &values);
+            }
+            break;
+
+        case HDR_VALUE:
+            if (c == ',') {
+                state = HDR_NAME;
+                *p = 0;
+                vtmp = strip_spaces(q);
 #if 0
-				printf("%s\n", ntmp);
+                printf("%s\n", ntmp);
 #endif
-				if(!vtmp) {
-					X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
-					goto err;
-				}
-				X509V3_add_value(ntmp, vtmp, &values);
-				ntmp = NULL;
-				q = p + 1;
-			}
-
-		}
-	}
-
-	if(state == HDR_VALUE) {
-		vtmp = strip_spaces(q);
+                if (!vtmp) {
+                    X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                              X509V3_R_INVALID_NULL_VALUE);
+                    goto err;
+                }
+                X509V3_add_value(ntmp, vtmp, &values);
+                ntmp = NULL;
+                q = p + 1;
+            }
+
+        }
+    }
+
+    if (state == HDR_VALUE) {
+        vtmp = strip_spaces(q);
 #if 0
-		printf("%s=%s\n", ntmp, vtmp);
+        printf("%s=%s\n", ntmp, vtmp);
 #endif
-		if(!vtmp) {
-			X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_VALUE);
-			goto err;
-		}
-		X509V3_add_value(ntmp, vtmp, &values);
-	} else {
-		ntmp = strip_spaces(q);
+        if (!vtmp) {
+            X509V3err(X509V3_F_X509V3_PARSE_LIST,
+                      X509V3_R_INVALID_NULL_VALUE);
+            goto err;
+        }
+        X509V3_add_value(ntmp, vtmp, &values);
+    } else {
+        ntmp = strip_spaces(q);
 #if 0
-		printf("%s\n", ntmp);
+        printf("%s\n", ntmp);
 #endif
-		if(!ntmp) {
-			X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
-			goto err;
-		}
-		X509V3_add_value(ntmp, NULL, &values);
-	}
-OPENSSL_free(linebuf);
-return values;
+        if (!ntmp) {
+            X509V3err(X509V3_F_X509V3_PARSE_LIST, X509V3_R_INVALID_NULL_NAME);
+            goto err;
+        }
+        X509V3_add_value(ntmp, NULL, &values);
+    }
+    OPENSSL_free(linebuf);
+    return values;
 
-err:
-OPENSSL_free(linebuf);
-sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
-return NULL;
+ err:
+    OPENSSL_free(linebuf);
+    sk_CONF_VALUE_pop_free(values, X509V3_conf_free);
+    return NULL;
 
 }
 
 /* Delete leading and trailing spaces from a string */
 static char *strip_spaces(char *name)
 {
-	char *p, *q;
-	/* Skip over leading spaces */
-	p = name;
-	while(*p && isspace((unsigned char)*p)) p++;
-	if(!*p) return NULL;
-	q = p + strlen(p) - 1;
-	while((q != p) && isspace((unsigned char)*q)) q--;
-	if(p != q) q[1] = 0;
-	if(!*p) return NULL;
-	return p;
+    char *p, *q;
+    /* Skip over leading spaces */
+    p = name;
+    while (*p && isspace((unsigned char)*p))
+        p++;
+    if (!*p)
+        return NULL;
+    q = p + strlen(p) - 1;
+    while ((q != p) && isspace((unsigned char)*q))
+        q--;
+    if (p != q)
+        q[1] = 0;
+    if (!*p)
+        return NULL;
+    return p;
 }
 
 /* hex string utilities */
 
-/* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
- * hex representation
- * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines)
+/*
+ * Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its
+ * hex representation @@@ (Contents of buffer are always kept in ASCII, also
+ * on EBCDIC machines)
  */
 
 char *hex_to_string(unsigned char *buffer, long len)
 {
-	char *tmp, *q;
-	unsigned char *p;
-	int i;
-	const static char hexdig[] = "0123456789ABCDEF";
-	if(!buffer || !len) return NULL;
-	if(!(tmp = OPENSSL_malloc(len * 3 + 1))) {
-		X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE);
-		return NULL;
-	}
-	q = tmp;
-	for(i = 0, p = buffer; i < len; i++,p++) {
-		*q++ = hexdig[(*p >> 4) & 0xf];
-		*q++ = hexdig[*p & 0xf];
-		*q++ = ':';
-	}
-	q[-1] = 0;
+    char *tmp, *q;
+    unsigned char *p;
+    int i;
+    const static char hexdig[] = "0123456789ABCDEF";
+    if (!buffer || !len)
+        return NULL;
+    if (!(tmp = OPENSSL_malloc(len * 3 + 1))) {
+        X509V3err(X509V3_F_HEX_TO_STRING, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    q = tmp;
+    for (i = 0, p = buffer; i < len; i++, p++) {
+        *q++ = hexdig[(*p >> 4) & 0xf];
+        *q++ = hexdig[*p & 0xf];
+        *q++ = ':';
+    }
+    q[-1] = 0;
 #ifdef CHARSET_EBCDIC
-	ebcdic2ascii(tmp, tmp, q - tmp - 1);
+    ebcdic2ascii(tmp, tmp, q - tmp - 1);
 #endif
 
-	return tmp;
+    return tmp;
 }
 
-/* Give a string of hex digits convert to
- * a buffer
+/*
+ * Give a string of hex digits convert to a buffer
  */
 
 unsigned char *string_to_hex(char *str, long *len)
 {
-	unsigned char *hexbuf, *q;
-	unsigned char ch, cl, *p;
-	if(!str) {
-		X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT);
-		return NULL;
-	}
-	if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err;
-	for(p = (unsigned char *)str, q = hexbuf; *p;) {
-		ch = *p++;
+    unsigned char *hexbuf, *q;
+    unsigned char ch, cl, *p;
+    if (!str) {
+        X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_INVALID_NULL_ARGUMENT);
+        return NULL;
+    }
+    if (!(hexbuf = OPENSSL_malloc(strlen(str) >> 1)))
+        goto err;
+    for (p = (unsigned char *)str, q = hexbuf; *p;) {
+        ch = *p++;
 #ifdef CHARSET_EBCDIC
-		ch = os_toebcdic[ch];
+        ch = os_toebcdic[ch];
 #endif
-		if(ch == ':') continue;
-		cl = *p++;
+        if (ch == ':')
+            continue;
+        cl = *p++;
 #ifdef CHARSET_EBCDIC
-		cl = os_toebcdic[cl];
+        cl = os_toebcdic[cl];
 #endif
-		if(!cl) {
-			X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS);
-			OPENSSL_free(hexbuf);
-			return NULL;
-		}
-		if(isupper(ch)) ch = tolower(ch);
-		if(isupper(cl)) cl = tolower(cl);
-
-		if((ch >= '0') && (ch <= '9')) ch -= '0';
-		else if ((ch >= 'a') && (ch <= 'f')) ch -= 'a' - 10;
-		else goto badhex;
-
-		if((cl >= '0') && (cl <= '9')) cl -= '0';
-		else if ((cl >= 'a') && (cl <= 'f')) cl -= 'a' - 10;
-		else goto badhex;
-
-		*q++ = (ch << 4) | cl;
-	}
+        if (!cl) {
+            X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ODD_NUMBER_OF_DIGITS);
+            OPENSSL_free(hexbuf);
+            return NULL;
+        }
+        if (isupper(ch))
+            ch = tolower(ch);
+        if (isupper(cl))
+            cl = tolower(cl);
+
+        if ((ch >= '0') && (ch <= '9'))
+            ch -= '0';
+        else if ((ch >= 'a') && (ch <= 'f'))
+            ch -= 'a' - 10;
+        else
+            goto badhex;
+
+        if ((cl >= '0') && (cl <= '9'))
+            cl -= '0';
+        else if ((cl >= 'a') && (cl <= 'f'))
+            cl -= 'a' - 10;
+        else
+            goto badhex;
+
+        *q++ = (ch << 4) | cl;
+    }
 
-	if(len) *len = q - hexbuf;
+    if (len)
+        *len = q - hexbuf;
 
-	return hexbuf;
+    return hexbuf;
 
-	err:
-	if(hexbuf) OPENSSL_free(hexbuf);
-	X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE);
-	return NULL;
+ err:
+    if (hexbuf)
+        OPENSSL_free(hexbuf);
+    X509V3err(X509V3_F_STRING_TO_HEX, ERR_R_MALLOC_FAILURE);
+    return NULL;
 
-	badhex:
-	OPENSSL_free(hexbuf);
-	X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT);
-	return NULL;
+ badhex:
+    OPENSSL_free(hexbuf);
+    X509V3err(X509V3_F_STRING_TO_HEX, X509V3_R_ILLEGAL_HEX_DIGIT);
+    return NULL;
 
 }
 
-/* V2I name comparison function: returns zero if 'name' matches
- * cmp or cmp.*
+/*
+ * V2I name comparison function: returns zero if 'name' matches cmp or cmp.*
  */
 
 int name_cmp(const char *name, const char *cmp)
 {
-	int len, ret;
-	char c;
-	len = strlen(cmp);
-	if((ret = strncmp(name, cmp, len))) return ret;
-	c = name[len];
-	if(!c || (c=='.')) return 0;
-	return 1;
+    int len, ret;
+    char c;
+    len = strlen(cmp);
+    if ((ret = strncmp(name, cmp, len)))
+        return ret;
+    c = name[len];
+    if (!c || (c == '.'))
+        return 0;
+    return 1;
 }
 
-static int sk_strcmp(const char * const *a, const char * const *b)
+static int sk_strcmp(const char *const *a, const char *const *b)
 {
-	return strcmp(*a, *b);
+    return strcmp(*a, *b);
 }
 
 STACK *X509_get1_email(X509 *x)
 {
-	GENERAL_NAMES *gens;
-	STACK *ret;
-	gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
-	ret = get_email(X509_get_subject_name(x), gens);
-	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
-	return ret;
+    GENERAL_NAMES *gens;
+    STACK *ret;
+    gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL);
+    ret = get_email(X509_get_subject_name(x), gens);
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    return ret;
 }
 
 STACK *X509_get1_ocsp(X509 *x)
 {
-	AUTHORITY_INFO_ACCESS *info;
-	STACK *ret = NULL;
-	int i;
-	info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
-	if (!info)
-		return NULL;
-	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++)
-		{
-		ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
-		if (OBJ_obj2nid(ad->method) == NID_ad_OCSP)
-			{
-			if (ad->location->type == GEN_URI)
-				{
-				if (!append_ia5(&ret, ad->location->d.uniformResourceIdentifier))
-					break;
-				}
-			}
-		}
-	AUTHORITY_INFO_ACCESS_free(info);
-	return ret;
+    AUTHORITY_INFO_ACCESS *info;
+    STACK *ret = NULL;
+    int i;
+    info = X509_get_ext_d2i(x, NID_info_access, NULL, NULL);
+    if (!info)
+        return NULL;
+    for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
+        ACCESS_DESCRIPTION *ad = sk_ACCESS_DESCRIPTION_value(info, i);
+        if (OBJ_obj2nid(ad->method) == NID_ad_OCSP) {
+            if (ad->location->type == GEN_URI) {
+                if (!append_ia5
+                    (&ret, ad->location->d.uniformResourceIdentifier))
+                    break;
+            }
+        }
+    }
+    AUTHORITY_INFO_ACCESS_free(info);
+    return ret;
 }
 
 STACK *X509_REQ_get1_email(X509_REQ *x)
 {
-	GENERAL_NAMES *gens;
-	STACK_OF(X509_EXTENSION) *exts;
-	STACK *ret;
-	exts = X509_REQ_get_extensions(x);
-	gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
-	ret = get_email(X509_REQ_get_subject_name(x), gens);
-	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
-	sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-	return ret;
+    GENERAL_NAMES *gens;
+    STACK_OF(X509_EXTENSION) *exts;
+    STACK *ret;
+    exts = X509_REQ_get_extensions(x);
+    gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL);
+    ret = get_email(X509_REQ_get_subject_name(x), gens);
+    sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
+    sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+    return ret;
 }
 
-
 static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens)
 {
-	STACK *ret = NULL;
-	X509_NAME_ENTRY *ne;
-	ASN1_IA5STRING *email;
-	GENERAL_NAME *gen;
-	int i;
-	/* Now add any email address(es) to STACK */
-	i = -1;
-	/* First supplied X509_NAME */
-	while((i = X509_NAME_get_index_by_NID(name,
-					 NID_pkcs9_emailAddress, i)) >= 0) {
-		ne = X509_NAME_get_entry(name, i);
-		email = X509_NAME_ENTRY_get_data(ne);
-		if(!append_ia5(&ret, email)) return NULL;
-	}
-	for(i = 0; i < sk_GENERAL_NAME_num(gens); i++)
-	{
-		gen = sk_GENERAL_NAME_value(gens, i);
-		if(gen->type != GEN_EMAIL) continue;
-		if(!append_ia5(&ret, gen->d.ia5)) return NULL;
-	}
-	return ret;
+    STACK *ret = NULL;
+    X509_NAME_ENTRY *ne;
+    ASN1_IA5STRING *email;
+    GENERAL_NAME *gen;
+    int i;
+    /* Now add any email address(es) to STACK */
+    i = -1;
+    /* First supplied X509_NAME */
+    while ((i = X509_NAME_get_index_by_NID(name,
+                                           NID_pkcs9_emailAddress, i)) >= 0) {
+        ne = X509_NAME_get_entry(name, i);
+        email = X509_NAME_ENTRY_get_data(ne);
+        if (!append_ia5(&ret, email))
+            return NULL;
+    }
+    for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
+        gen = sk_GENERAL_NAME_value(gens, i);
+        if (gen->type != GEN_EMAIL)
+            continue;
+        if (!append_ia5(&ret, gen->d.ia5))
+            return NULL;
+    }
+    return ret;
 }
 
 static void str_free(void *str)
 {
-	OPENSSL_free(str);
+    OPENSSL_free(str);
 }
 
-static int append_ia5(STACK **sk, ASN1_IA5STRING *email)
+static int append_ia5(STACK ** sk, ASN1_IA5STRING *email)
 {
-	char *emtmp;
-	/* First some sanity checks */
-	if(email->type != V_ASN1_IA5STRING) return 1;
-	if(!email->data || !email->length) return 1;
-	if(!*sk) *sk = sk_new(sk_strcmp);
-	if(!*sk) return 0;
-	/* Don't add duplicates */
-	if(sk_find(*sk, (char *)email->data) != -1) return 1;
-	emtmp = BUF_strdup((char *)email->data);
-	if(!emtmp || !sk_push(*sk, emtmp)) {
-		X509_email_free(*sk);
-		*sk = NULL;
-		return 0;
-	}
-	return 1;
+    char *emtmp;
+    /* First some sanity checks */
+    if (email->type != V_ASN1_IA5STRING)
+        return 1;
+    if (!email->data || !email->length)
+        return 1;
+    if (!*sk)
+        *sk = sk_new(sk_strcmp);
+    if (!*sk)
+        return 0;
+    /* Don't add duplicates */
+    if (sk_find(*sk, (char *)email->data) != -1)
+        return 1;
+    emtmp = BUF_strdup((char *)email->data);
+    if (!emtmp || !sk_push(*sk, emtmp)) {
+        X509_email_free(*sk);
+        *sk = NULL;
+        return 0;
+    }
+    return 1;
 }
 
-void X509_email_free(STACK *sk)
+void X509_email_free(STACK * sk)
 {
-	sk_pop_free(sk, str_free);
+    sk_pop_free(sk, str_free);
 }
 
-/* Convert IP addresses both IPv4 and IPv6 into an 
- * OCTET STRING compatible with RFC3280.
+/*
+ * Convert IP addresses both IPv4 and IPv6 into an OCTET STRING compatible
+ * with RFC3280.
  */
 
 ASN1_OCTET_STRING *a2i_IPADDRESS(const char *ipasc)
-	{
-	unsigned char ipout[16];
-	ASN1_OCTET_STRING *ret;
-	int iplen;
+{
+    unsigned char ipout[16];
+    ASN1_OCTET_STRING *ret;
+    int iplen;
 
-	/* If string contains a ':' assume IPv6 */
+    /* If string contains a ':' assume IPv6 */
 
-	iplen = a2i_ipadd(ipout, ipasc);
+    iplen = a2i_ipadd(ipout, ipasc);
 
-	if (!iplen)
-		return NULL;
+    if (!iplen)
+        return NULL;
 
-	ret = ASN1_OCTET_STRING_new();
-	if (!ret)
-		return NULL;
-	if (!ASN1_OCTET_STRING_set(ret, ipout, iplen))
-		{
-		ASN1_OCTET_STRING_free(ret);
-		return NULL;
-		}
-	return ret;
-	}
+    ret = ASN1_OCTET_STRING_new();
+    if (!ret)
+        return NULL;
+    if (!ASN1_OCTET_STRING_set(ret, ipout, iplen)) {
+        ASN1_OCTET_STRING_free(ret);
+        return NULL;
+    }
+    return ret;
+}
 
 ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
-	{
-	ASN1_OCTET_STRING *ret = NULL;
-	unsigned char ipout[32];
-	char *iptmp = NULL, *p;
-	int iplen1, iplen2;
-	p = strchr(ipasc,'/');
-	if (!p)
-		return NULL;
-	iptmp = BUF_strdup(ipasc);
-	if (!iptmp)
-		return NULL;
-	p = iptmp + (p - ipasc);
-	*p++ = 0;
-
-	iplen1 = a2i_ipadd(ipout, iptmp);
-
-	if (!iplen1)
-		goto err;
-
-	iplen2 = a2i_ipadd(ipout + iplen1, p);
-
-	OPENSSL_free(iptmp);
-	iptmp = NULL;
-
-	if (!iplen2 || (iplen1 != iplen2))
-		goto err;
-
-	ret = ASN1_OCTET_STRING_new();
-	if (!ret)
-		goto err;
-	if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
-		goto err;
-
-	return ret;
-
-	err:
-	if (iptmp)
-		OPENSSL_free(iptmp);
-	if (ret)
-		ASN1_OCTET_STRING_free(ret);
-	return NULL;
-	}
-	
+{
+    ASN1_OCTET_STRING *ret = NULL;
+    unsigned char ipout[32];
+    char *iptmp = NULL, *p;
+    int iplen1, iplen2;
+    p = strchr(ipasc, '/');
+    if (!p)
+        return NULL;
+    iptmp = BUF_strdup(ipasc);
+    if (!iptmp)
+        return NULL;
+    p = iptmp + (p - ipasc);
+    *p++ = 0;
+
+    iplen1 = a2i_ipadd(ipout, iptmp);
+
+    if (!iplen1)
+        goto err;
+
+    iplen2 = a2i_ipadd(ipout + iplen1, p);
+
+    OPENSSL_free(iptmp);
+    iptmp = NULL;
+
+    if (!iplen2 || (iplen1 != iplen2))
+        goto err;
+
+    ret = ASN1_OCTET_STRING_new();
+    if (!ret)
+        goto err;
+    if (!ASN1_OCTET_STRING_set(ret, ipout, iplen1 + iplen2))
+        goto err;
+
+    return ret;
+
+ err:
+    if (iptmp)
+        OPENSSL_free(iptmp);
+    if (ret)
+        ASN1_OCTET_STRING_free(ret);
+    return NULL;
+}
 
 int a2i_ipadd(unsigned char *ipout, const char *ipasc)
-	{
-	/* If string contains a ':' assume IPv6 */
-
-	if (strchr(ipasc, ':'))
-		{
-		if (!ipv6_from_asc(ipout, ipasc))
-			return 0;
-		return 16;
-		}
-	else
-		{
-		if (!ipv4_from_asc(ipout, ipasc))
-			return 0;
-		return 4;
-		}
-	}
+{
+    /* If string contains a ':' assume IPv6 */
+
+    if (strchr(ipasc, ':')) {
+        if (!ipv6_from_asc(ipout, ipasc))
+            return 0;
+        return 16;
+    } else {
+        if (!ipv4_from_asc(ipout, ipasc))
+            return 0;
+        return 4;
+    }
+}
 
 static int ipv4_from_asc(unsigned char *v4, const char *in)
-	{
-	int a0, a1, a2, a3;
-	if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
-		return 0;
-	if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
-		|| (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
-		return 0;
-	v4[0] = a0;
-	v4[1] = a1;
-	v4[2] = a2;
-	v4[3] = a3;
-	return 1;
-	}
+{
+    int a0, a1, a2, a3;
+    if (sscanf(in, "%d.%d.%d.%d", &a0, &a1, &a2, &a3) != 4)
+        return 0;
+    if ((a0 < 0) || (a0 > 255) || (a1 < 0) || (a1 > 255)
+        || (a2 < 0) || (a2 > 255) || (a3 < 0) || (a3 > 255))
+        return 0;
+    v4[0] = a0;
+    v4[1] = a1;
+    v4[2] = a2;
+    v4[3] = a3;
+    return 1;
+}
 
 typedef struct {
-		/* Temporary store for IPV6 output */
-		unsigned char tmp[16];
-		/* Total number of bytes in tmp */
-		int total;
-		/* The position of a zero (corresponding to '::') */
-		int zero_pos;
-		/* Number of zeroes */
-		int zero_cnt;
-	} IPV6_STAT;
-
+    /* Temporary store for IPV6 output */
+    unsigned char tmp[16];
+    /* Total number of bytes in tmp */
+    int total;
+    /* The position of a zero (corresponding to '::') */
+    int zero_pos;
+    /* Number of zeroes */
+    int zero_cnt;
+} IPV6_STAT;
 
 static int ipv6_from_asc(unsigned char *v6, const char *in)
-	{
-	IPV6_STAT v6stat;
-	v6stat.total = 0;
-	v6stat.zero_pos = -1;
-	v6stat.zero_cnt = 0;
-	/* Treat the IPv6 representation as a list of values
-	 * separated by ':'. The presence of a '::' will parse
- 	 * as one, two or three zero length elements.
-	 */
-	if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat))
-		return 0;
-
-	/* Now for some sanity checks */
-
-	if (v6stat.zero_pos == -1)
-		{
-		/* If no '::' must have exactly 16 bytes */
-		if (v6stat.total != 16)
-			return 0;
-		}
-	else 
-		{
-		/* If '::' must have less than 16 bytes */
-		if (v6stat.total == 16)
-			return 0;
-		/* More than three zeroes is an error */
-		if (v6stat.zero_cnt > 3)
-			return 0;
-		/* Can only have three zeroes if nothing else present */
-		else if (v6stat.zero_cnt == 3)
-			{
-			if (v6stat.total > 0)
-				return 0;
-			}
-		/* Can only have two zeroes if at start or end */
-		else if (v6stat.zero_cnt == 2)
-			{
-			if ((v6stat.zero_pos != 0)
-				&& (v6stat.zero_pos != v6stat.total))
-				return 0;
-			}
-		else 
-		/* Can only have one zero if *not* start or end */
-			{
-			if ((v6stat.zero_pos == 0)
-				|| (v6stat.zero_pos == v6stat.total))
-				return 0;
-			}
-		}
-
-	/* Format result */
-
-	if (v6stat.zero_pos >= 0)
-		{
-		/* Copy initial part */
-		memcpy(v6, v6stat.tmp, v6stat.zero_pos);
-		/* Zero middle */
-		memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
-		/* Copy final part */
-		if (v6stat.total != v6stat.zero_pos)
-			memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
-				v6stat.tmp + v6stat.zero_pos,
-				v6stat.total - v6stat.zero_pos);
-		}
-	else
-		memcpy(v6, v6stat.tmp, 16);
-
-	return 1;
-	}
+{
+    IPV6_STAT v6stat;
+    v6stat.total = 0;
+    v6stat.zero_pos = -1;
+    v6stat.zero_cnt = 0;
+    /*
+     * Treat the IPv6 representation as a list of values separated by ':'.
+     * The presence of a '::' will parse as one, two or three zero length
+     * elements.
+     */
+    if (!CONF_parse_list(in, ':', 0, ipv6_cb, &v6stat))
+        return 0;
+
+    /* Now for some sanity checks */
+
+    if (v6stat.zero_pos == -1) {
+        /* If no '::' must have exactly 16 bytes */
+        if (v6stat.total != 16)
+            return 0;
+    } else {
+        /* If '::' must have less than 16 bytes */
+        if (v6stat.total == 16)
+            return 0;
+        /* More than three zeroes is an error */
+        if (v6stat.zero_cnt > 3)
+            return 0;
+        /* Can only have three zeroes if nothing else present */
+        else if (v6stat.zero_cnt == 3) {
+            if (v6stat.total > 0)
+                return 0;
+        }
+        /* Can only have two zeroes if at start or end */
+        else if (v6stat.zero_cnt == 2) {
+            if ((v6stat.zero_pos != 0)
+                && (v6stat.zero_pos != v6stat.total))
+                return 0;
+        } else
+            /* Can only have one zero if *not* start or end */
+        {
+            if ((v6stat.zero_pos == 0)
+                || (v6stat.zero_pos == v6stat.total))
+                return 0;
+        }
+    }
+
+    /* Format result */
+
+    if (v6stat.zero_pos >= 0) {
+        /* Copy initial part */
+        memcpy(v6, v6stat.tmp, v6stat.zero_pos);
+        /* Zero middle */
+        memset(v6 + v6stat.zero_pos, 0, 16 - v6stat.total);
+        /* Copy final part */
+        if (v6stat.total != v6stat.zero_pos)
+            memcpy(v6 + v6stat.zero_pos + 16 - v6stat.total,
+                   v6stat.tmp + v6stat.zero_pos,
+                   v6stat.total - v6stat.zero_pos);
+    } else
+        memcpy(v6, v6stat.tmp, 16);
+
+    return 1;
+}
 
 static int ipv6_cb(const char *elem, int len, void *usr)
-	{
-	IPV6_STAT *s = usr;
-	/* Error if 16 bytes written */
-	if (s->total == 16)
-		return 0;
-	if (len == 0)
-		{
-		/* Zero length element, corresponds to '::' */
-		if (s->zero_pos == -1)
-			s->zero_pos = s->total;
-		/* If we've already got a :: its an error */
-		else if (s->zero_pos != s->total)
-			return 0;
-		s->zero_cnt++;
-		}
-	else 
-		{
-		/* If more than 4 characters could be final a.b.c.d form */
-		if (len > 4)
-			{
-			/* Need at least 4 bytes left */
-			if (s->total > 12)
-				return 0;
-			/* Must be end of string */
-			if (elem[len])
-				return 0;
-			if (!ipv4_from_asc(s->tmp + s->total, elem))
-				return 0;
-			s->total += 4;
-			}
-		else
-			{
-			if (!ipv6_hex(s->tmp + s->total, elem, len))
-				return 0;
-			s->total += 2;
-			}
-		}
-	return 1;
-	}
-
-/* Convert a string of up to 4 hex digits into the corresponding
- * IPv6 form.
+{
+    IPV6_STAT *s = usr;
+    /* Error if 16 bytes written */
+    if (s->total == 16)
+        return 0;
+    if (len == 0) {
+        /* Zero length element, corresponds to '::' */
+        if (s->zero_pos == -1)
+            s->zero_pos = s->total;
+        /* If we've already got a :: its an error */
+        else if (s->zero_pos != s->total)
+            return 0;
+        s->zero_cnt++;
+    } else {
+        /* If more than 4 characters could be final a.b.c.d form */
+        if (len > 4) {
+            /* Need at least 4 bytes left */
+            if (s->total > 12)
+                return 0;
+            /* Must be end of string */
+            if (elem[len])
+                return 0;
+            if (!ipv4_from_asc(s->tmp + s->total, elem))
+                return 0;
+            s->total += 4;
+        } else {
+            if (!ipv6_hex(s->tmp + s->total, elem, len))
+                return 0;
+            s->total += 2;
+        }
+    }
+    return 1;
+}
+
+/*
+ * Convert a string of up to 4 hex digits into the corresponding IPv6 form.
  */
 
 static int ipv6_hex(unsigned char *out, const char *in, int inlen)
-	{
-	unsigned char c;
-	unsigned int num = 0;
-	if (inlen > 4)
-		return 0;
-	while(inlen--)
-		{
-		c = *in++;
-		num <<= 4;
-		if ((c >= '0') && (c <= '9'))
-			num |= c - '0';
-		else if ((c >= 'A') && (c <= 'F'))
-			num |= c - 'A' + 10;
-		else if ((c >= 'a') && (c <= 'f'))
-			num |=  c - 'a' + 10;
-		else
-			return 0;
-		}
-	out[0] = num >> 8;
-	out[1] = num & 0xff;
-	return 1;
-	}
-
-
-int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE)*dn_sk,
-						unsigned long chtype)
-	{
-	CONF_VALUE *v;
-	int i, mval;
-	char *p, *type;
-	if (!nm)
-		return 0;
-
-	for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++)
-		{
-		v=sk_CONF_VALUE_value(dn_sk,i);
-		type=v->name;
-		/* Skip past any leading X. X: X, etc to allow for
-		 * multiple instances 
-		 */
-		for(p = type; *p ; p++) 
+{
+    unsigned char c;
+    unsigned int num = 0;
+    if (inlen > 4)
+        return 0;
+    while (inlen--) {
+        c = *in++;
+        num <<= 4;
+        if ((c >= '0') && (c <= '9'))
+            num |= c - '0';
+        else if ((c >= 'A') && (c <= 'F'))
+            num |= c - 'A' + 10;
+        else if ((c >= 'a') && (c <= 'f'))
+            num |= c - 'a' + 10;
+        else
+            return 0;
+    }
+    out[0] = num >> 8;
+    out[1] = num & 0xff;
+    return 1;
+}
+
+int X509V3_NAME_from_section(X509_NAME *nm, STACK_OF(CONF_VALUE) *dn_sk,
+                             unsigned long chtype)
+{
+    CONF_VALUE *v;
+    int i, mval;
+    char *p, *type;
+    if (!nm)
+        return 0;
+
+    for (i = 0; i < sk_CONF_VALUE_num(dn_sk); i++) {
+        v = sk_CONF_VALUE_value(dn_sk, i);
+        type = v->name;
+        /*
+         * Skip past any leading X. X: X, etc to allow for multiple instances
+         */
+        for (p = type; *p; p++)
 #ifndef CHARSET_EBCDIC
-			if ((*p == ':') || (*p == ',') || (*p == '.'))
+            if ((*p == ':') || (*p == ',') || (*p == '.'))
 #else
-			if ((*p == os_toascii[':']) || (*p == os_toascii[',']) || (*p == os_toascii['.']))
+            if ((*p == os_toascii[':']) || (*p == os_toascii[','])
+                || (*p == os_toascii['.']))
 #endif
-				{
-				p++;
-				if(*p) type = p;
-				break;
-				}
+            {
+                p++;
+                if (*p)
+                    type = p;
+                break;
+            }
 #ifndef CHARSET_EBCDIC
-		if (*type == '+')
+        if (*type == '+')
 #else
-		if (*type == os_toascii['+'])
+        if (*type == os_toascii['+'])
 #endif
-			{
-			mval = -1;
-			type++;
-			}
-		else
-			mval = 0;
-		if (!X509_NAME_add_entry_by_txt(nm,type, chtype,
-				(unsigned char *) v->value,-1,-1,mval))
-					return 0;
-
-		}
-	return 1;
-	}
+        {
+            mval = -1;
+            type++;
+        } else
+            mval = 0;
+        if (!X509_NAME_add_entry_by_txt(nm, type, chtype,
+                                        (unsigned char *)v->value, -1, -1,
+                                        mval))
+            return 0;
+
+    }
+    return 1;
+}
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c
index d538ad8b..40b0076a 100644
--- a/Cryptlib/OpenSSL/crypto/x509v3/v3err.c
+++ b/Cryptlib/OpenSSL/crypto/x509v3/v3err.c
@@ -7,7 +7,7 @@
  * are met:
  *
  * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
+ *    notice, this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in
@@ -53,7 +53,8 @@
  *
  */
 
-/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
  * made to it will be overwritten when the script next updates this file,
  * only reason strings will be preserved.
  */
@@ -65,155 +66,174 @@
 /* BEGIN ERROR CODES */
 #ifndef OPENSSL_NO_ERR
 
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
+# define ERR_FUNC(func) ERR_PACK(ERR_LIB_X509V3,func,0)
+# define ERR_REASON(reason) ERR_PACK(ERR_LIB_X509V3,0,reason)
 
-static ERR_STRING_DATA X509V3_str_functs[]=
-	{
-{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE),	"ASIDENTIFIERCHOICE_CANONIZE"},
-{ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL),	"ASIDENTIFIERCHOICE_IS_CANONICAL"},
-{ERR_FUNC(X509V3_F_COPY_EMAIL),	"COPY_EMAIL"},
-{ERR_FUNC(X509V3_F_COPY_ISSUER),	"COPY_ISSUER"},
-{ERR_FUNC(X509V3_F_DO_DIRNAME),	"DO_DIRNAME"},
-{ERR_FUNC(X509V3_F_DO_EXT_CONF),	"DO_EXT_CONF"},
-{ERR_FUNC(X509V3_F_DO_EXT_I2D),	"DO_EXT_I2D"},
-{ERR_FUNC(X509V3_F_DO_EXT_NCONF),	"DO_EXT_NCONF"},
-{ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS),	"DO_I2V_NAME_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_HEX_TO_STRING),	"hex_to_string"},
-{ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED),	"i2s_ASN1_ENUMERATED"},
-{ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING),	"I2S_ASN1_IA5STRING"},
-{ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER),	"i2s_ASN1_INTEGER"},
-{ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS),	"I2V_AUTHORITY_INFO_ACCESS"},
-{ERR_FUNC(X509V3_F_NOTICE_SECTION),	"NOTICE_SECTION"},
-{ERR_FUNC(X509V3_F_NREF_NOS),	"NREF_NOS"},
-{ERR_FUNC(X509V3_F_POLICY_SECTION),	"POLICY_SECTION"},
-{ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE),	"PROCESS_PCI_VALUE"},
-{ERR_FUNC(X509V3_F_R2I_CERTPOL),	"R2I_CERTPOL"},
-{ERR_FUNC(X509V3_F_R2I_PCI),	"R2I_PCI"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING),	"S2I_ASN1_IA5STRING"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER),	"s2i_ASN1_INTEGER"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING),	"s2i_ASN1_OCTET_STRING"},
-{ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID),	"S2I_ASN1_SKEY_ID"},
-{ERR_FUNC(X509V3_F_S2I_SKEY_ID),	"S2I_SKEY_ID"},
-{ERR_FUNC(X509V3_F_STRING_TO_HEX),	"string_to_hex"},
-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC),	"SXNET_add_id_asc"},
-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER),	"SXNET_add_id_INTEGER"},
-{ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG),	"SXNET_add_id_ulong"},
-{ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC),	"SXNET_get_id_asc"},
-{ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG),	"SXNET_get_id_ulong"},
-{ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS),	"V2I_ASIDENTIFIERS"},
-{ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING),	"v2i_ASN1_BIT_STRING"},
-{ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS),	"V2I_AUTHORITY_INFO_ACCESS"},
-{ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID),	"V2I_AUTHORITY_KEYID"},
-{ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS),	"V2I_BASIC_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_V2I_CRLD),	"V2I_CRLD"},
-{ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE),	"V2I_EXTENDED_KEY_USAGE"},
-{ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES),	"v2i_GENERAL_NAMES"},
-{ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX),	"v2i_GENERAL_NAME_ex"},
-{ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS),	"V2I_IPADDRBLOCKS"},
-{ERR_FUNC(X509V3_F_V2I_ISSUER_ALT),	"V2I_ISSUER_ALT"},
-{ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS),	"V2I_NAME_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS),	"V2I_POLICY_CONSTRAINTS"},
-{ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS),	"V2I_POLICY_MAPPINGS"},
-{ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT),	"V2I_SUBJECT_ALT"},
-{ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL),	"V3_ADDR_VALIDATE_PATH_INTERNAL"},
-{ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION),	"V3_GENERIC_EXTENSION"},
-{ERR_FUNC(X509V3_F_X509V3_ADD1_I2D),	"X509V3_add1_i2d"},
-{ERR_FUNC(X509V3_F_X509V3_ADD_VALUE),	"X509V3_add_value"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_ADD),	"X509V3_EXT_add"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS),	"X509V3_EXT_add_alias"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_CONF),	"X509V3_EXT_conf"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_I2D),	"X509V3_EXT_i2d"},
-{ERR_FUNC(X509V3_F_X509V3_EXT_NCONF),	"X509V3_EXT_nconf"},
-{ERR_FUNC(X509V3_F_X509V3_GET_SECTION),	"X509V3_get_section"},
-{ERR_FUNC(X509V3_F_X509V3_GET_STRING),	"X509V3_get_string"},
-{ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL),	"X509V3_get_value_bool"},
-{ERR_FUNC(X509V3_F_X509V3_PARSE_LIST),	"X509V3_parse_list"},
-{ERR_FUNC(X509V3_F_X509_PURPOSE_ADD),	"X509_PURPOSE_add"},
-{ERR_FUNC(X509V3_F_X509_PURPOSE_SET),	"X509_PURPOSE_set"},
-{0,NULL}
-	};
+static ERR_STRING_DATA X509V3_str_functs[] = {
+    {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_CANONIZE),
+     "ASIDENTIFIERCHOICE_CANONIZE"},
+    {ERR_FUNC(X509V3_F_ASIDENTIFIERCHOICE_IS_CANONICAL),
+     "ASIDENTIFIERCHOICE_IS_CANONICAL"},
+    {ERR_FUNC(X509V3_F_COPY_EMAIL), "COPY_EMAIL"},
+    {ERR_FUNC(X509V3_F_COPY_ISSUER), "COPY_ISSUER"},
+    {ERR_FUNC(X509V3_F_DO_DIRNAME), "DO_DIRNAME"},
+    {ERR_FUNC(X509V3_F_DO_EXT_CONF), "DO_EXT_CONF"},
+    {ERR_FUNC(X509V3_F_DO_EXT_I2D), "DO_EXT_I2D"},
+    {ERR_FUNC(X509V3_F_DO_EXT_NCONF), "DO_EXT_NCONF"},
+    {ERR_FUNC(X509V3_F_DO_I2V_NAME_CONSTRAINTS), "DO_I2V_NAME_CONSTRAINTS"},
+    {ERR_FUNC(X509V3_F_HEX_TO_STRING), "hex_to_string"},
+    {ERR_FUNC(X509V3_F_I2S_ASN1_ENUMERATED), "i2s_ASN1_ENUMERATED"},
+    {ERR_FUNC(X509V3_F_I2S_ASN1_IA5STRING), "I2S_ASN1_IA5STRING"},
+    {ERR_FUNC(X509V3_F_I2S_ASN1_INTEGER), "i2s_ASN1_INTEGER"},
+    {ERR_FUNC(X509V3_F_I2V_AUTHORITY_INFO_ACCESS),
+     "I2V_AUTHORITY_INFO_ACCESS"},
+    {ERR_FUNC(X509V3_F_NOTICE_SECTION), "NOTICE_SECTION"},
+    {ERR_FUNC(X509V3_F_NREF_NOS), "NREF_NOS"},
+    {ERR_FUNC(X509V3_F_POLICY_SECTION), "POLICY_SECTION"},
+    {ERR_FUNC(X509V3_F_PROCESS_PCI_VALUE), "PROCESS_PCI_VALUE"},
+    {ERR_FUNC(X509V3_F_R2I_CERTPOL), "R2I_CERTPOL"},
+    {ERR_FUNC(X509V3_F_R2I_PCI), "R2I_PCI"},
+    {ERR_FUNC(X509V3_F_S2I_ASN1_IA5STRING), "S2I_ASN1_IA5STRING"},
+    {ERR_FUNC(X509V3_F_S2I_ASN1_INTEGER), "s2i_ASN1_INTEGER"},
+    {ERR_FUNC(X509V3_F_S2I_ASN1_OCTET_STRING), "s2i_ASN1_OCTET_STRING"},
+    {ERR_FUNC(X509V3_F_S2I_ASN1_SKEY_ID), "S2I_ASN1_SKEY_ID"},
+    {ERR_FUNC(X509V3_F_S2I_SKEY_ID), "S2I_SKEY_ID"},
+    {ERR_FUNC(X509V3_F_STRING_TO_HEX), "string_to_hex"},
+    {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ASC), "SXNET_add_id_asc"},
+    {ERR_FUNC(X509V3_F_SXNET_ADD_ID_INTEGER), "SXNET_add_id_INTEGER"},
+    {ERR_FUNC(X509V3_F_SXNET_ADD_ID_ULONG), "SXNET_add_id_ulong"},
+    {ERR_FUNC(X509V3_F_SXNET_GET_ID_ASC), "SXNET_get_id_asc"},
+    {ERR_FUNC(X509V3_F_SXNET_GET_ID_ULONG), "SXNET_get_id_ulong"},
+    {ERR_FUNC(X509V3_F_V2I_ASIDENTIFIERS), "V2I_ASIDENTIFIERS"},
+    {ERR_FUNC(X509V3_F_V2I_ASN1_BIT_STRING), "v2i_ASN1_BIT_STRING"},
+    {ERR_FUNC(X509V3_F_V2I_AUTHORITY_INFO_ACCESS),
+     "V2I_AUTHORITY_INFO_ACCESS"},
+    {ERR_FUNC(X509V3_F_V2I_AUTHORITY_KEYID), "V2I_AUTHORITY_KEYID"},
+    {ERR_FUNC(X509V3_F_V2I_BASIC_CONSTRAINTS), "V2I_BASIC_CONSTRAINTS"},
+    {ERR_FUNC(X509V3_F_V2I_CRLD), "V2I_CRLD"},
+    {ERR_FUNC(X509V3_F_V2I_EXTENDED_KEY_USAGE), "V2I_EXTENDED_KEY_USAGE"},
+    {ERR_FUNC(X509V3_F_V2I_GENERAL_NAMES), "v2i_GENERAL_NAMES"},
+    {ERR_FUNC(X509V3_F_V2I_GENERAL_NAME_EX), "v2i_GENERAL_NAME_ex"},
+    {ERR_FUNC(X509V3_F_V2I_IPADDRBLOCKS), "V2I_IPADDRBLOCKS"},
+    {ERR_FUNC(X509V3_F_V2I_ISSUER_ALT), "V2I_ISSUER_ALT"},
+    {ERR_FUNC(X509V3_F_V2I_NAME_CONSTRAINTS), "V2I_NAME_CONSTRAINTS"},
+    {ERR_FUNC(X509V3_F_V2I_POLICY_CONSTRAINTS), "V2I_POLICY_CONSTRAINTS"},
+    {ERR_FUNC(X509V3_F_V2I_POLICY_MAPPINGS), "V2I_POLICY_MAPPINGS"},
+    {ERR_FUNC(X509V3_F_V2I_SUBJECT_ALT), "V2I_SUBJECT_ALT"},
+    {ERR_FUNC(X509V3_F_V3_ADDR_VALIDATE_PATH_INTERNAL),
+     "V3_ADDR_VALIDATE_PATH_INTERNAL"},
+    {ERR_FUNC(X509V3_F_V3_GENERIC_EXTENSION), "V3_GENERIC_EXTENSION"},
+    {ERR_FUNC(X509V3_F_X509V3_ADD1_I2D), "X509V3_add1_i2d"},
+    {ERR_FUNC(X509V3_F_X509V3_ADD_VALUE), "X509V3_add_value"},
+    {ERR_FUNC(X509V3_F_X509V3_EXT_ADD), "X509V3_EXT_add"},
+    {ERR_FUNC(X509V3_F_X509V3_EXT_ADD_ALIAS), "X509V3_EXT_add_alias"},
+    {ERR_FUNC(X509V3_F_X509V3_EXT_CONF), "X509V3_EXT_conf"},
+    {ERR_FUNC(X509V3_F_X509V3_EXT_I2D), "X509V3_EXT_i2d"},
+    {ERR_FUNC(X509V3_F_X509V3_EXT_NCONF), "X509V3_EXT_nconf"},
+    {ERR_FUNC(X509V3_F_X509V3_GET_SECTION), "X509V3_get_section"},
+    {ERR_FUNC(X509V3_F_X509V3_GET_STRING), "X509V3_get_string"},
+    {ERR_FUNC(X509V3_F_X509V3_GET_VALUE_BOOL), "X509V3_get_value_bool"},
+    {ERR_FUNC(X509V3_F_X509V3_PARSE_LIST), "X509V3_parse_list"},
+    {ERR_FUNC(X509V3_F_X509_PURPOSE_ADD), "X509_PURPOSE_add"},
+    {ERR_FUNC(X509V3_F_X509_PURPOSE_SET), "X509_PURPOSE_set"},
+    {0, NULL}
+};
 
-static ERR_STRING_DATA X509V3_str_reasons[]=
-	{
-{ERR_REASON(X509V3_R_BAD_IP_ADDRESS)     ,"bad ip address"},
-{ERR_REASON(X509V3_R_BAD_OBJECT)         ,"bad object"},
-{ERR_REASON(X509V3_R_BN_DEC2BN_ERROR)    ,"bn dec2bn error"},
-{ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),"bn to asn1 integer error"},
-{ERR_REASON(X509V3_R_DIRNAME_ERROR)      ,"dirname error"},
-{ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID)  ,"duplicate zone id"},
-{ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE),"error converting zone"},
-{ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),"error creating extension"},
-{ERR_REASON(X509V3_R_ERROR_IN_EXTENSION) ,"error in extension"},
-{ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME),"expected a section name"},
-{ERR_REASON(X509V3_R_EXTENSION_EXISTS)   ,"extension exists"},
-{ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR),"extension name error"},
-{ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND),"extension not found"},
-{ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),"extension setting not supported"},
-{ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR),"extension value error"},
-{ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION),"illegal empty extension"},
-{ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT)  ,"illegal hex digit"},
-{ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),"incorrect policy syntax tag"},
-{ERR_REASON(X509V3_R_INVALID_ASNUMBER)   ,"invalid asnumber"},
-{ERR_REASON(X509V3_R_INVALID_ASRANGE)    ,"invalid asrange"},
-{ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING),"invalid boolean string"},
-{ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),"invalid extension string"},
-{ERR_REASON(X509V3_R_INVALID_INHERITANCE),"invalid inheritance"},
-{ERR_REASON(X509V3_R_INVALID_IPADDRESS)  ,"invalid ipaddress"},
-{ERR_REASON(X509V3_R_INVALID_NAME)       ,"invalid name"},
-{ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT),"invalid null argument"},
-{ERR_REASON(X509V3_R_INVALID_NULL_NAME)  ,"invalid null name"},
-{ERR_REASON(X509V3_R_INVALID_NULL_VALUE) ,"invalid null value"},
-{ERR_REASON(X509V3_R_INVALID_NUMBER)     ,"invalid number"},
-{ERR_REASON(X509V3_R_INVALID_NUMBERS)    ,"invalid numbers"},
-{ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),"invalid object identifier"},
-{ERR_REASON(X509V3_R_INVALID_OPTION)     ,"invalid option"},
-{ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),"invalid policy identifier"},
-{ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),"invalid proxy policy setting"},
-{ERR_REASON(X509V3_R_INVALID_PURPOSE)    ,"invalid purpose"},
-{ERR_REASON(X509V3_R_INVALID_SAFI)       ,"invalid safi"},
-{ERR_REASON(X509V3_R_INVALID_SECTION)    ,"invalid section"},
-{ERR_REASON(X509V3_R_INVALID_SYNTAX)     ,"invalid syntax"},
-{ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR),"issuer decode error"},
-{ERR_REASON(X509V3_R_MISSING_VALUE)      ,"missing value"},
-{ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),"need organization and numbers"},
-{ERR_REASON(X509V3_R_NO_CONFIG_DATABASE) ,"no config database"},
-{ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE),"no issuer certificate"},
-{ERR_REASON(X509V3_R_NO_ISSUER_DETAILS)  ,"no issuer details"},
-{ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER),"no policy identifier"},
-{ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),"no proxy cert policy language defined"},
-{ERR_REASON(X509V3_R_NO_PUBLIC_KEY)      ,"no public key"},
-{ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS) ,"no subject details"},
-{ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS),"odd number of digits"},
-{ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED),"operation not defined"},
-{ERR_REASON(X509V3_R_OTHERNAME_ERROR)    ,"othername error"},
-{ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),"policy language alreadty defined"},
-{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH) ,"policy path length"},
-{ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),"policy path length alreadty defined"},
-{ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),"policy syntax not currently supported"},
-{ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),"policy when proxy language requires no policy"},
-{ERR_REASON(X509V3_R_SECTION_NOT_FOUND)  ,"section not found"},
-{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),"unable to get issuer details"},
-{ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),"unable to get issuer keyid"},
-{ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),"unknown bit string argument"},
-{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION)  ,"unknown extension"},
-{ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME),"unknown extension name"},
-{ERR_REASON(X509V3_R_UNKNOWN_OPTION)     ,"unknown option"},
-{ERR_REASON(X509V3_R_UNSUPPORTED_OPTION) ,"unsupported option"},
-{ERR_REASON(X509V3_R_USER_TOO_LONG)      ,"user too long"},
-{0,NULL}
-	};
+static ERR_STRING_DATA X509V3_str_reasons[] = {
+    {ERR_REASON(X509V3_R_BAD_IP_ADDRESS), "bad ip address"},
+    {ERR_REASON(X509V3_R_BAD_OBJECT), "bad object"},
+    {ERR_REASON(X509V3_R_BN_DEC2BN_ERROR), "bn dec2bn error"},
+    {ERR_REASON(X509V3_R_BN_TO_ASN1_INTEGER_ERROR),
+     "bn to asn1 integer error"},
+    {ERR_REASON(X509V3_R_DIRNAME_ERROR), "dirname error"},
+    {ERR_REASON(X509V3_R_DUPLICATE_ZONE_ID), "duplicate zone id"},
+    {ERR_REASON(X509V3_R_ERROR_CONVERTING_ZONE), "error converting zone"},
+    {ERR_REASON(X509V3_R_ERROR_CREATING_EXTENSION),
+     "error creating extension"},
+    {ERR_REASON(X509V3_R_ERROR_IN_EXTENSION), "error in extension"},
+    {ERR_REASON(X509V3_R_EXPECTED_A_SECTION_NAME), "expected a section name"},
+    {ERR_REASON(X509V3_R_EXTENSION_EXISTS), "extension exists"},
+    {ERR_REASON(X509V3_R_EXTENSION_NAME_ERROR), "extension name error"},
+    {ERR_REASON(X509V3_R_EXTENSION_NOT_FOUND), "extension not found"},
+    {ERR_REASON(X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED),
+     "extension setting not supported"},
+    {ERR_REASON(X509V3_R_EXTENSION_VALUE_ERROR), "extension value error"},
+    {ERR_REASON(X509V3_R_ILLEGAL_EMPTY_EXTENSION), "illegal empty extension"},
+    {ERR_REASON(X509V3_R_ILLEGAL_HEX_DIGIT), "illegal hex digit"},
+    {ERR_REASON(X509V3_R_INCORRECT_POLICY_SYNTAX_TAG),
+     "incorrect policy syntax tag"},
+    {ERR_REASON(X509V3_R_INVALID_ASNUMBER), "invalid asnumber"},
+    {ERR_REASON(X509V3_R_INVALID_ASRANGE), "invalid asrange"},
+    {ERR_REASON(X509V3_R_INVALID_BOOLEAN_STRING), "invalid boolean string"},
+    {ERR_REASON(X509V3_R_INVALID_EXTENSION_STRING),
+     "invalid extension string"},
+    {ERR_REASON(X509V3_R_INVALID_INHERITANCE), "invalid inheritance"},
+    {ERR_REASON(X509V3_R_INVALID_IPADDRESS), "invalid ipaddress"},
+    {ERR_REASON(X509V3_R_INVALID_NAME), "invalid name"},
+    {ERR_REASON(X509V3_R_INVALID_NULL_ARGUMENT), "invalid null argument"},
+    {ERR_REASON(X509V3_R_INVALID_NULL_NAME), "invalid null name"},
+    {ERR_REASON(X509V3_R_INVALID_NULL_VALUE), "invalid null value"},
+    {ERR_REASON(X509V3_R_INVALID_NUMBER), "invalid number"},
+    {ERR_REASON(X509V3_R_INVALID_NUMBERS), "invalid numbers"},
+    {ERR_REASON(X509V3_R_INVALID_OBJECT_IDENTIFIER),
+     "invalid object identifier"},
+    {ERR_REASON(X509V3_R_INVALID_OPTION), "invalid option"},
+    {ERR_REASON(X509V3_R_INVALID_POLICY_IDENTIFIER),
+     "invalid policy identifier"},
+    {ERR_REASON(X509V3_R_INVALID_PROXY_POLICY_SETTING),
+     "invalid proxy policy setting"},
+    {ERR_REASON(X509V3_R_INVALID_PURPOSE), "invalid purpose"},
+    {ERR_REASON(X509V3_R_INVALID_SAFI), "invalid safi"},
+    {ERR_REASON(X509V3_R_INVALID_SECTION), "invalid section"},
+    {ERR_REASON(X509V3_R_INVALID_SYNTAX), "invalid syntax"},
+    {ERR_REASON(X509V3_R_ISSUER_DECODE_ERROR), "issuer decode error"},
+    {ERR_REASON(X509V3_R_MISSING_VALUE), "missing value"},
+    {ERR_REASON(X509V3_R_NEED_ORGANIZATION_AND_NUMBERS),
+     "need organization and numbers"},
+    {ERR_REASON(X509V3_R_NO_CONFIG_DATABASE), "no config database"},
+    {ERR_REASON(X509V3_R_NO_ISSUER_CERTIFICATE), "no issuer certificate"},
+    {ERR_REASON(X509V3_R_NO_ISSUER_DETAILS), "no issuer details"},
+    {ERR_REASON(X509V3_R_NO_POLICY_IDENTIFIER), "no policy identifier"},
+    {ERR_REASON(X509V3_R_NO_PROXY_CERT_POLICY_LANGUAGE_DEFINED),
+     "no proxy cert policy language defined"},
+    {ERR_REASON(X509V3_R_NO_PUBLIC_KEY), "no public key"},
+    {ERR_REASON(X509V3_R_NO_SUBJECT_DETAILS), "no subject details"},
+    {ERR_REASON(X509V3_R_ODD_NUMBER_OF_DIGITS), "odd number of digits"},
+    {ERR_REASON(X509V3_R_OPERATION_NOT_DEFINED), "operation not defined"},
+    {ERR_REASON(X509V3_R_OTHERNAME_ERROR), "othername error"},
+    {ERR_REASON(X509V3_R_POLICY_LANGUAGE_ALREADTY_DEFINED),
+     "policy language alreadty defined"},
+    {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH), "policy path length"},
+    {ERR_REASON(X509V3_R_POLICY_PATH_LENGTH_ALREADTY_DEFINED),
+     "policy path length alreadty defined"},
+    {ERR_REASON(X509V3_R_POLICY_SYNTAX_NOT_CURRENTLY_SUPPORTED),
+     "policy syntax not currently supported"},
+    {ERR_REASON(X509V3_R_POLICY_WHEN_PROXY_LANGUAGE_REQUIRES_NO_POLICY),
+     "policy when proxy language requires no policy"},
+    {ERR_REASON(X509V3_R_SECTION_NOT_FOUND), "section not found"},
+    {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS),
+     "unable to get issuer details"},
+    {ERR_REASON(X509V3_R_UNABLE_TO_GET_ISSUER_KEYID),
+     "unable to get issuer keyid"},
+    {ERR_REASON(X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT),
+     "unknown bit string argument"},
+    {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION), "unknown extension"},
+    {ERR_REASON(X509V3_R_UNKNOWN_EXTENSION_NAME), "unknown extension name"},
+    {ERR_REASON(X509V3_R_UNKNOWN_OPTION), "unknown option"},
+    {ERR_REASON(X509V3_R_UNSUPPORTED_OPTION), "unsupported option"},
+    {ERR_REASON(X509V3_R_USER_TOO_LONG), "user too long"},
+    {0, NULL}
+};
 
 #endif
 
 void ERR_load_X509V3_strings(void)
-	{
+{
 #ifndef OPENSSL_NO_ERR
 
-	if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL)
-		{
-		ERR_load_strings(0,X509V3_str_functs);
-		ERR_load_strings(0,X509V3_str_reasons);
-		}
+    if (ERR_func_error_string(X509V3_str_functs[0].error) == NULL) {
+        ERR_load_strings(0, X509V3_str_functs);
+        ERR_load_strings(0, X509V3_str_reasons);
+    }
 #endif
-	}
+}