1344 changed files with 269345 additions and 276121 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -0,0 +1,22 @@
+openssl.pc
+libcrypto.pc
+libssl.pc
+MINFO
+makefile.one
+tmp
+out
+outinc
+rehash.time
+testlog
+make.log
+maketest.log
+cctest
+cctest.c
+cctest.a
+*.flc
+semantic.cache
+Makefile
+*.dll*
+*.so*
+*.sl*
+*.dylib*
--- a/.gitignore
+++ b/.gitignore
@ -1,13 +1,11 @@
 # Object files
 *.o
-*.obj

 # editor artefacts
 *.swp
 .#*
 #*#
 *~
-/.dir-locals.el

 # Top level excludes
 /Makefile.bak
@ -49,21 +47,6 @@
 *.s
 !/crypto/bn/asm/pa-risc2.s
 !/crypto/bn/asm/pa-risc2W.s
-crypto/aes/asm/a_win32.asm
-crypto/bf/asm/b_win32.asm
-crypto/bn/asm/bn_win32.asm
-crypto/bn/asm/co_win32.asm
-crypto/bn/asm/mt_win32.asm
-crypto/cast/asm/c_win32.asm
-crypto/cpu_win32.asm
-crypto/des/asm/d_win32.asm
-crypto/des/asm/y_win32.asm
-crypto/md5/asm/m5_win32.asm
-crypto/rc4/asm/r4_win32.asm
-crypto/rc5/asm/r5_win32.asm
-crypto/ripemd/asm/rm_win32.asm
-crypto/sha/asm/s1_win32.asm
-crypto/sha/asm/sha512-sse2.asm

 # Executables
 /apps/openssl
@ -94,21 +77,3 @@ Makefile.save
 *.bak
 tags
 TAGS
-
-# Windows
-/tmp32
-/tmp32.dbg
-/tmp32dll
-/tmp32dll.dbg
-/out32
-/out32.dbg
-/out32dll
-/out32dll.dbg
-/inc32
-/MINFO
-ms/bcb.mak
-ms/libeay32.def
-ms/nt.mak
-ms/ntdll.mak
-ms/ssleay32.def
-ms/version32.rc
--- a/.travis-create-release.sh
+++ b/.travis-create-release.sh
@ -1,10 +0,0 @@
-#! /bin/sh
-
-# $1 is expected to be $TRAVIS_OS_NAME
-
-if [ "$1" == osx ]; then
-    make -f Makefile.org \
-	 DISTTARVARS="NAME=_srcdist TAR_COMMAND='\$\$(TAR) \$\$(TARFLAGS) -s \"|^|\$\$(NAME)/|\" -T \$\$(TARFILE).list -cvf -' TARFLAGS='-n' TARFILE=_srcdist.tar" SHELL='sh -vx' dist
-else
-    make -f Makefile.org DISTTARVARS='TARFILE=_srcdist.tar NAME=_srcdist' SHELL='sh -v' dist
-fi
--- a/.travis.yml
+++ b/.travis.yml
@ -1,60 +0,0 @@
-language: c
-
-addons:
-    apt_packages:
-        - binutils-mingw-w64
-        - gcc-mingw-w64
-
-os:
-    - linux
-    - osx
-
-compiler:
-    - clang
-    - gcc
-    - i686-w64-mingw32-gcc
-    - x86_64-w64-mingw32-gcc
-
-env:
-    - CONFIG_OPTS=""
-    - CONFIG_OPTS="shared"
-    - CONFIG_OPTS="-d --strict-warnings"
-
-matrix:
-    exclude:
-        - os: osx
-          compiler: i686-w64-mingw32-gcc
-        - os: osx
-          compiler: x86_64-w64-mingw32-gcc
-        - compiler: i686-w64-mingw32-gcc
-          env: CONFIG_OPTS="-d --strict-warnings"
-        - compiler: x86_64-w64-mingw32-gcc
-          env: CONFIG_OPTS="-d --strict-warnings"
-
-before_script:
-    - sh .travis-create-release.sh $TRAVIS_OS_NAME
-    - tar -xvzf _srcdist.tar.gz
-    - cd _srcdist
-    - if [ "$CC" == i686-w64-mingw32-gcc ]; then
-          export CROSS_COMPILE=${CC%%gcc}; unset CC;
-          ./Configure mingw $CONFIG_OPTS;
-      elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
-          export CROSS_COMPILE=${CC%%gcc}; unset CC;
-          ./Configure mingw64 $CONFIG_OPTS;
-      else
-          ./config $CONFIG_OPTS;
-      fi
-    - cd ..
-
-script:
-    - cd _srcdist
-    - make
-    - if [ -z "$CROSS_COMPILE" ]; then make test; fi
-    - cd ..
-
-notifications:
-    recipient:
-        - openssl-commits@openssl.org
-    email:
-        on_success: change
-        on_failure: always
--- a/32
+++ b/32
@ -1,2 +1,30 @@
-Please https://www.openssl.org/community/thanks.html for the current
-acknowledgements.
+The OpenSSL project depends on volunteer efforts and financial support from
+the end user community. That support comes in the form of donations and paid
+sponsorships, software support contracts, paid consulting services
+and commissioned software development.
+
+Since all these activities support the continued development and improvement
+of OpenSSL we consider all these clients and customers as sponsors of the
+OpenSSL project.
+
+We would like to identify and thank the following such sponsors for their past
+or current significant support of the OpenSSL project:
+
+Major support:
+
+	Qualys		http://www.qualys.com/
+
+Very significant support:
+
+	OpenGear:	http://www.opengear.com/
+
+Significant support:
+
+	PSW Group:	http://www.psw.net/
+	Acano Ltd.	http://acano.com/
+
+Please note that we ask permission to identify sponsors and that some sponsors
+we consider eligible for inclusion here have requested to remain anonymous.
+
+Additional sponsorship or financial support is always welcome: for more
+information please contact the OpenSSL Software Foundation.
--- a/826
+++ b/826
--- a/38
+++ b/38
@ -1,38 +0,0 @@
-HOW TO CONTRIBUTE TO OpenSSL
----------------------------
-
-Development is coordinated on the openssl-dev mailing list (see
-http://www.openssl.org for information on subscribing). If you
-would like to submit a patch, send it to rt@openssl.org with
-the string "[PATCH]" in the subject. Please be sure to include a
-textual explanation of what your patch does.
-
-You can also make GitHub pull requests. If you do this, please also send
-mail to rt@openssl.org with a brief description and a link to the PR so
-that we can more easily keep track of it.
-
-If you are unsure as to whether a feature will be useful for the general
-OpenSSL community please discuss it on the openssl-dev mailing list first.
-Someone may be already working on the same thing or there may be a good
-reason as to why that feature isn't implemented.
-
-Patches should be as up to date as possible, preferably relative to the
-current Git or the last snapshot. They should follow our coding style
-(see https://www.openssl.org/policies/codingstyle.html) and compile without
-warnings using the --strict-warnings flag.  OpenSSL compiles on many varied
-platforms: try to ensure you only use portable features.
-
-Our preferred format for patch files is "git format-patch" output. For example
-to provide a patch file containing the last commit in your local git repository
-use the following command:
-
-# git format-patch --stdout HEAD^ >mydiffs.patch
-
-Another method of creating an acceptable patch file without using git is as
-follows:
-
-# cd openssl-work
-# [your changes]
-# ./Configure dist; make clean
-# cd ..
-# diff -ur openssl-orig openssl-work > mydiffs.patch
--- a/164
+++ b/164
@ -58,10 +58,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 #		library and will be loaded in run-time by the OpenSSL library.
 # sctp          include SCTP support
 # 386           generate 80386 code
-# enable-weak-ssl-ciphers
-#		Enable EXPORT and LOW SSLv3 ciphers that are disabled by
-#		default.  Note, weak SSLv2 ciphers are unconditionally
-#		disabled.
 # no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
 # -<xxx> +<xxx> compiler options are passed through 
@ -109,11 +105,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta

 my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";

-# Warn that "make depend" should be run?
-my $warn_make_depend = 0;
-
-my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
-
 my $strict_warnings = 0;

 my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
@ -194,19 +185,18 @@ my %table=(
 "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"debug-linux-x86_64-clang","clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "dist",		"cc:-O::(unknown)::::::",

 # Basic configs that should work on any (32 and less bit) box
@ -240,12 +230,12 @@ my %table=(

 #### SPARC Solaris with GNU C setups
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
 "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Solaris with Sun C setups
@ -262,20 +252,20 @@ my %table=(

 #### SunOS configs, assuming sparc for the gcc one.
 #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
-"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
+"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",

 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-cc -o32' manually.
-"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",

 #### Unified HP-UX ANSI C configs.
 # Special notes:
@ -355,24 +345,23 @@ my %table=(
 ####
 # *-generic* is endian-neutral target, but ./config is free to
 # throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc",	"gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # It's believed that majority of ARM toolchains predefine appropriate -march.
 # If you compiler does not, do complement config command line with one!
-"linux-armv4",	"gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-armv4",	"gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IA-32 targets...
-"linux-ia32-icc",	"icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+"linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
 ####
-"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ia64",	"gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x86_64-clang","clang: -m64 -DL_ENDIAN -O3 -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### So called "highgprs" target for z/Architecture CPUs
 # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
 # /proc/cpuinfo. The idea is to preserve most significant bits of
@ -386,16 +375,16 @@ my %table=(
 # ldconfig and run-time linker to autodiscover. Unfortunately it
 # doesn't work just yet, because of couple of bugs in glibc
 # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
-"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
+"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
 #### SPARC Linux setups
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
 # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@ -409,30 +398,30 @@ my %table=(
 #
 #					<appro@fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",

-# Android: linux-* but without pointers to headers and libs.
+# Android: linux-* but without -DTERMIO and pointers to headers and libs.
 "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### *BSD [do see comment about ${BSDthreads} above!]
-"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-sparcv8",	"gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86-elf",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparcv8",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

-"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
 # simply *happens* to work around a compiler bug in gcc 3.3.3,
 # triggered by RIPEMD160 code.
-"BSD-sparc64",	"gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-ia64",	"gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86_64",	"gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-ia64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86_64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

@ -444,8 +433,8 @@ my %table=(

 # QNX
 "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
-"QNX6",       "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"QNX6-i386",  "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"QNX6",       "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"QNX6-i386",  "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # BeOS
 "beos-x86-r5",   "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so",
@ -518,7 +507,7 @@ my %table=(
 "SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",

 # SIEMENS BS2000/OSD: an EBCDIC-based mainframe
-"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",

 # OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
 # You need to compile using the c89.sh wrapper in the tools directory, because the
@ -578,7 +567,7 @@ my %table=(
 "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",

 # DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",

 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
@ -604,7 +593,7 @@ my %table=(
 "newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",

 ##### GNU Hurd
-"hurd-x86",  "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+"hurd-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",

 ##### OS/2 EMX
 "OS2-EMX", "gcc::::::::",
@ -730,10 +719,8 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
 		 "rfc3779"	  => "default",
 		 "sctp"       => "default",
 		 "shared"         => "default",
-		 "ssl2"           => "default",
 		 "store"	  => "experimental",
 		 "unit-test"	  => "default",
-		 "weak-ssl-ciphers" => "default",
 		 "zlib"           => "default",
 		 "zlib-dynamic"   => "default"
 	       );
@ -1455,7 +1442,7 @@ if ($target =~ /\-icc$/)	# Intel C compiler
 # linker only when --prefix is not /usr.
 if ($target =~ /^BSD\-/)
 	{
-	$shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
+	$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
 	}

 if ($sys_id ne "")
@ -1587,20 +1574,11 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)

 if ($strict_warnings)
 	{
-	my $ecc = $cc;
-	$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
 	my $wopt;
-	die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
+	die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/);
 	foreach $wopt (split /\s+/, $gcc_devteam_warn)
 		{
-		$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
-		}
-	if ($ecc eq "clang")
-		{
-		foreach $wopt (split /\s+/, $clang_devteam_warn)
-			{
-			$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
-			}
+		$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
 		}
 	}

@ -1962,7 +1940,13 @@ EOF
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
 	}
 	if ($depflags ne $default_depflags && !$make_depend) {
-            $warn_make_depend++;
+		print <<EOF;
+
+Since you've disabled or enabled at least one algorithm, you need to do
+the following before building:
+
+	make depend
+EOF
 	}
 }

@ -2042,18 +2026,12 @@ EOF

 print <<\EOF if ($no_shared_warn);

-You gave the option 'shared', which is not supported on this platform, so
-we will pretend you gave the option 'no-shared'.  If you know how to implement
-shared libraries, please let us know (but please first make sure you have
-tried with a current version of OpenSSL).
-EOF
-
-print <<EOF if ($warn_make_depend);
-
-*** Because of configuration changes, you MUST do the following before
-*** building:
-
-	make depend
+You gave the option 'shared'.  Normally, that would give you shared libraries.
+Unfortunately, the OpenSSL configuration doesn't include shared library support
+for this platform yet, so it will pretend you gave the option 'no-shared'.  If
+you can inform the developpers (openssl-dev\@openssl.org) how to support shared
+libraries on this platform, they will at least look at it and try their best
+(but please first make sure you have tried with a current version of OpenSSL).
 EOF

 exit(0);
--- a/1041
+++ b/1041
--- a/8
+++ b/8
@ -164,10 +164,10 @@
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
     message will be recorded in the request tracker publicly readable
-     at https://www.openssl.org/community/index.html#bugs and will be
-     forwarded to a public mailing list). Include the output of "make
-     report" in your message.  Please check out the request tracker. Maybe
-     the bug was already reported or has already been fixed.
+     via http://www.openssl.org/support/rt.html and will be forwarded to a
+     public mailing list). Include the output of "make report" in your message.
+     Please check out the request tracker. Maybe the bug was already
+     reported or has already been fixed.

     [If you encounter assembler error messages, try the "no-asm"
     configuration option as an immediate fix.]
--- a/2
+++ b/2
@ -12,7 +12,7 @@
  ---------------

 /* ====================================================================
- * Copyright (c) 1998-2016 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/MacOS/GetHTTPS.src/MacSocket.h
+++ b/MacOS/GetHTTPS.src/MacSocket.h
@ -5,98 +5,97 @@
 extern "C" {
 #endif

-enum {
+
+
+enum
+{
 	kMacSocket_TimeoutErr = -2
 };

+
 //	Since MacSocket does busy waiting, I do a callback while waiting

 typedef OSErr (*MacSocket_IdleWaitCallback)(void *);

+
 //	Call this before anything else!

 OSErr MacSocket_Startup(void);

+
 //	Call this to cleanup before quitting

 OSErr MacSocket_Shutdown(void);

-// Call this to allocate a "socket" (reference number is returned in
-// outSocketNum)
-// Note that inDoThreadSwitching is pretty much irrelevant right now, since I
-// ignore it
+
+//	Call this to allocate a "socket" (reference number is returned in outSocketNum)
+//	Note that inDoThreadSwitching is pretty much irrelevant right now, since I ignore it
 //	The inTimeoutTicks parameter is applied during reads/writes of data
-// The inIdleWaitCallback parameter specifies a callback which is called
-// during busy-waiting periods
+//	The inIdleWaitCallback parameter specifies a callback which is called during busy-waiting periods
 //	The inUserRefPtr parameter is passed back to the idle-wait callback

-OSErr MacSocket_socket(int *outSocketNum, const Boolean inDoThreadSwitching,
-                       const long inTimeoutTicks,
-                       MacSocket_IdleWaitCallback inIdleWaitCallback,
-                       void *inUserRefPtr);
+OSErr MacSocket_socket(int *outSocketNum,const Boolean inDoThreadSwitching,const long inTimeoutTicks,MacSocket_IdleWaitCallback inIdleWaitCallback,void *inUserRefPtr);
+

 //	Call this to connect to an IP/DNS address
-// Note that inTargetAddressAndPort is in "IP:port" format-- e.g.
-// 10.1.1.1:123
+//	Note that inTargetAddressAndPort is in "IP:port" format-- e.g. 10.1.1.1:123

 OSErr MacSocket_connect(const int inSocketNum,char *inTargetAddressAndPort);

+
 //	Call this to listen on a port
-// Since this a low-performance implementation, I allow a maximum of 1 (one!)
-// incoming request when I listen
+//	Since this a low-performance implementation, I allow a maximum of 1 (one!) incoming request when I listen

 OSErr MacSocket_listen(const int inSocketNum,const int inPortNum);

+
 //	Call this to close a socket

 OSErr MacSocket_close(const int inSocketNum);

-// Call this to receive data on a socket
-// Most parameters' purpose are obvious-- except maybe "inBlock" which
-// controls whether I wait for data or return immediately

-int MacSocket_recv(const int inSocketNum, void *outBuff, int outBuffLength,
-                   const Boolean inBlock);
+//	Call this to receive data on a socket
+//	Most parameters' purpose are obvious-- except maybe "inBlock" which controls whether I wait for data or return immediately
+
+int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const Boolean inBlock);
+

 //	Call this to send data on a socket

-int MacSocket_send(const int inSocketNum, const void *inBuff,
-                   int inBuffLength);
+int MacSocket_send(const int inSocketNum,const void *inBuff,int inBuffLength);

-// If zero bytes were read in a call to MacSocket_recv(), it may be that the
-// remote end has done a half-close
+
+//	If zero bytes were read in a call to MacSocket_recv(), it may be that the remote end has done a half-close
 //	This function will let you check whether that's true or not

 Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum);

-// Call this to see if the listen has completed after a call to
-// MacSocket_listen()
+
+//	Call this to see if the listen has completed after a call to MacSocket_listen()

 Boolean MacSocket_ListenCompleted(const int inSocketNum);

+
 //	These really aren't very useful anymore

 Boolean MacSocket_LocalEndIsOpen(const int inSocketNum);
 Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum);

-// You may wish to change the userRefPtr for a socket callback-- use this to
-// do it
+
+//	You may wish to change the userRefPtr for a socket callback-- use this to do it

 void MacSocket_SetUserRefPtr(const int inSocketNum,void *inNewRefPtr);

+
 //	Call these to get the socket's IP:port descriptor

-void MacSocket_GetLocalIPAndPort(const int inSocketNum, char *outIPAndPort,
-                                 const int inIPAndPortLength);
-void MacSocket_GetRemoteIPAndPort(const int inSocketNum, char *outIPAndPort,
-                                  const int inIPAndPortLength);
+void MacSocket_GetLocalIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength);
+void MacSocket_GetRemoteIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength);
+

 //	Call this to get error info from a socket

-void MacSocket_GetSocketErrorInfo(const int inSocketNum,
-                                  int *outSocketErrCode,
-                                  char *outSocketErrString,
-                                  const int inSocketErrStringMaxLength);
+void MacSocket_GetSocketErrorInfo(const int inSocketNum,int *outSocketErrCode,char *outSocketErrString,const int inSocketErrStringMaxLength);


 #ifdef __cplusplus
--- a/MacOS/Randomizer.h
+++ b/MacOS/Randomizer.h
@ -4,7 +4,8 @@

 #include <MacTypes.h>

-class CRandomizer {
+class CRandomizer
+{
 public:
 	CRandomizer (void);
 	void PeriodicAction (void);
--- a/MacOS/opensslconf.h
+++ b/MacOS/opensslconf.h
@ -21,11 +21,9 @@

 #if defined(HEADER_RC4_H)
 #if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
 /*
- * using int types make the structure larger but make the code faster on most
- * boxes I have tested - up to %20 faster.
- */
-/*-
 * I don't know what does "most" mean, but declaring "int" is a must on:
 * - Intel P6 because partial register stalls are very expensive;
 * - elder Alpha because it lacks byte load/store instructions;
@ -42,10 +40,8 @@
 #endif

 #if defined(HEADER_DES_H) && !defined(DES_LONG)
-/*
- * If this is set to 'unsigned int' on a DEC Alpha, this gives about a %20
- * speed up (longs are 8 bytes, int's are 4).
- */
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
 #ifndef DES_LONG
 #define DES_LONG unsigned long
 #endif
@ -62,10 +58,9 @@
 /* Should we define BN_DIV2W here? */

 /* Only one for the following should be defined */
-/*
- * The prime number generation stuff may not work when EIGHT_BIT but I don't
- * care since I've only used this mode for debuging the bignum libraries
- */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
 #undef SIXTY_FOUR_BIT_LONG
 #undef SIXTY_FOUR_BIT
 #define THIRTY_TWO_BIT
@ -75,10 +70,8 @@

 #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
 #define CONFIG_HEADER_RC4_LOCL_H
-/*
- * if this is defined data[i] is used instead of *data, this is a %20 speedup
- * on x86
- */
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
 #undef RC4_INDEX
 #endif

@ -89,19 +82,15 @@

 #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
 #define CONFIG_HEADER_DES_LOCL_H
-/*
- * the following is tweaked from a config script, that is why it is a
- * protected undef/define
- */
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
 #ifndef DES_PTR
 #define DES_PTR
 #endif

-/*
- * This helps C compiler generate the correct code for multiple functional
+/* This helps C compiler generate the correct code for multiple functional
 * units.  It reduces register dependancies at the expense of 2 more
- * registers
- */
+ * registers */
 #ifndef DES_RISC1
 #define DES_RISC1
 #endif
@ -113,14 +102,15 @@
 #if defined(DES_RISC1) && defined(DES_RISC2)
 YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #endif
-/*
- * Unroll the inner loop, this sometimes helps, sometimes hinders. Very mucy
- * CPU dependant
- */
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
 #ifndef DES_UNROLL
 #define DES_UNROLL
 #endif
+
 #endif /* HEADER_DES_LOCL_H */
+
 #ifndef __POWERPC__
 #define MD32_XARRAY
 #endif
--- a/Makefile.org
+++ b/Makefile.org
@ -179,11 +179,12 @@ SHARED_LDFLAGS=
 GENERAL=        Makefile
 BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        ../$(NAME).tar
+TARFILE=        $(NAME).tar
+WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h

-all: Makefile build_all
+all: Makefile build_all openssl.pc libssl.pc libcrypto.pc

 # as we stick to -e, CLEARENV ensures that local variables in lower
 # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
@ -267,25 +268,21 @@ reflect:
 	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)

 sub_all: build_all
-
 build_all: build_libs build_apps build_tests build_tools

-build_libs: build_libcrypto build_libssl openssl.pc
-
-build_libcrypto: build_crypto build_engines libcrypto.pc
-build_libssl: build_ssl libssl.pc
+build_libs: build_crypto build_ssl build_engines

 build_crypto:
 	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl: build_crypto
+build_ssl:
 	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines: build_crypto
+build_engines:
 	@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps: build_libs
+build_apps:
 	@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests: build_libs
+build_tests:
 	@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools: build_libs
+build_tools:
 	@dir=tools; target=all; $(BUILD_ONE_CMD)

 all_testapps: build_libs build_testapps
@ -462,9 +459,6 @@ tests: rehash
 report:
 	@$(PERL) util/selftest.pl

-update: errors stacks util/libeay.num util/ssleay.num TABLE
-	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
-
 depend:
 	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)

@ -489,44 +483,60 @@ util/libeay.num::
 util/ssleay.num::
 	$(PERL) util/mkdef.pl ssl update

+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
+	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
+	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
+	$(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
+
+apps/openssl-vms.cnf: apps/openssl.cnf
+	$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+
+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+	$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
 	$(PERL) Configure TABLE) > TABLE

+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+
 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
 # would occur. Therefore the list of files is temporarily stored into a file
 # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
 # tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
-	                       --owner 0 --group 0 \
-			       --transform 's|^|$(NAME)/|' \
-			       -cvf -
-
-$(TARFILE).list:
-	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
-	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
-	       \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
-	       \! -name '.#*' \! -name '*~' \! -type l \
-	    | sort > $(TARFILE).list
-
-tar: $(TARFILE).list
+tar:
 	find . -type d -print | xargs chmod 755
 	find . -type f -print | xargs chmod a+r
 	find . -type f -perm -0100 -print | xargs chmod a+x
-	$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
-	rm -f $(TARFILE).list
-	ls -l $(TARFILE).gz
+	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+	tardy --user_number=0  --user_name=openssl \
+	      --group_number=0 --group_name=openssl \
+	      --prefix=openssl-$(VERSION) - |\
+	gzip --best >../$(TARFILE).gz; \
+	rm -f ../$(TARFILE).list; \
+	ls -l ../$(TARFILE).gz

-tar-snap: $(TARFILE).list
-	$(TAR_COMMAND) > $(TARFILE)
-	rm -f $(TARFILE).list
-	ls -l $(TARFILE)
+tar-snap:
+	@$(TAR) $(TARFLAGS) -cvf - \
+		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
+	tardy --user_number=0  --user_name=openssl \
+	      --group_number=0 --group_name=openssl \
+	      --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
+	ls -l ../$(TARFILE)

 dist:   
 	$(PERL) Configure dist
+	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='$(SDIRS)' clean
-	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
+
+dist_pem_h:
+	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)

 install: all install_docs install_sw

--- a/130
+++ b/130
@ -5,67 +5,6 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

-  Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [under development]
-
-      o
-
-  Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016]
-
-      o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
-      o Disable SSLv2 default build, default negotiation and weak ciphers
-        (CVE-2016-0800)
-      o Fix a double-free in DSA code (CVE-2016-0705)
-      o Disable SRP fake user seed to address a server memory leak
-        (CVE-2016-0798)
-      o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
-        (CVE-2016-0797)
-      o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
-      o Fix side channel attack on modular exponentiation (CVE-2016-0702)
-
-  Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
-
-      o Protection for DH small subgroup attacks
-      o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
-
-  Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015]
-
-      o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
-      o X509_ATTRIBUTE memory leak (CVE-2015-3195)
-      o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
-      o In DSA_generate_parameters_ex, if the provided seed is too short,
-        return an error
-
-  Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015]
-
-      o Alternate chains certificate forgery (CVE-2015-1793)
-      o Race condition handling PSK identify hint (CVE-2015-3196)
-
-  Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]
-
-      o Fix HMAC ABI incompatibility
-
-  Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
-
-      o Malformed ECParameters causes infinite loop (CVE-2015-1788)
-      o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
-      o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
-      o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
-      o Race condition handling NewSessionTicket (CVE-2015-1791)
-
-  Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]
-
-      o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
-      o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
-      o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
-      o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
-      o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
-      o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
-      o Removed the export ciphers from the DEFAULT ciphers
-
-  Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
-
-      o Build fixes for the Windows and OpenVMS platforms
-
  Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]

      o Fix for CVE-2014-3571
@ -160,6 +99,19 @@
      o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
      o SRP support.

+  Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
+
+      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+      o Fix OCSP bad key DoS attack CVE-2013-0166
+
+  Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
+
+      o Fix DTLS record length checking bug CVE-2012-2333
+
+  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
+
+      o Fix for ASN1 overflow bug CVE-2012-2110
+
  Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:

      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
@ -232,6 +184,62 @@
      o Opaque PRF Input TLS extension support.
      o Updated time routines to avoid OS limitations.

+  Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
+
+      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+      o Fix OCSP bad key DoS attack CVE-2013-0166
+
+  Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
+
+      o Fix DTLS record length checking bug CVE-2012-2333
+
+  Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
+
+      o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
+
+  Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
+
+      o Fix for ASN1 overflow bug CVE-2012-2110
+
+  Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
+
+      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+      o Corrected fix for CVE-2011-4619
+      o Various DTLS fixes.
+
+  Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
+
+      o Fix for DTLS DoS issue CVE-2012-0050
+
+  Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
+
+      o Fix for DTLS plaintext recovery attack CVE-2011-4108
+      o Fix policy check double free error CVE-2011-4109
+      o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
+      o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
+      o Check for malformed RFC3779 data CVE-2011-4577
+
+  Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
+
+      o Fix for security issue CVE-2011-0014
+
+  Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
+
+      o Fix for security issue CVE-2010-4180
+      o Fix for CVE-2010-4252
+
+  Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
+
+      o Fix for security issue CVE-2010-3864.
+
+  Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
+
+      o Fix for security issue CVE-2010-0742.
+      o Various DTLS fixes.
+      o Recognise SHA2 certificates if only SSL algorithms added.
+      o Fix for no-rc4 compilation.
+      o Chil ENGINE unload workaround.
+
  Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:

      o CFB cipher definition fixes.
--- a/205
+++ b/205
@ -1,7 +1,7 @@

- OpenSSL 1.0.1t-dev
+ OpenSSL 1.0.1k 8 Jan 2015

- Copyright (c) 1998-2015 The OpenSSL Project
+ Copyright (c) 1998-2011 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.

@ -10,17 +10,17 @@

 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, fully featured, and Open Source toolkit implementing the
- Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
- well as a full-strength general purpose cryptograpic library. The project is
- managed by a worldwide community of volunteers that use the Internet to
- communicate, plan, and develop the OpenSSL toolkit and its related
- documentation.
+ Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+ protocols as well as a full-strength general purpose cryptography library.
+ The project is managed by a worldwide community of volunteers that use the
+ Internet to communicate, plan, and develop the OpenSSL toolkit and its
+ related documentation.

- OpenSSL is descended from the SSLeay library developed by Eric A. Young
+ OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
 and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
- OpenSSL license plus the SSLeay license), which means that you are free to
- get and use it for commercial and non-commercial purposes as long as you
- fulfill the conditions of both licenses.
+ OpenSSL license plus the SSLeay license) situation, which basically means
+ that you are free to get and use it for commercial and non-commercial
+ purposes as long as you fulfill the conditions of both licenses.

 OVERVIEW
 --------
@ -28,39 +28,116 @@
 The OpenSSL toolkit includes:

 libssl.a:
-     Provides the client and server-side implementations for SSLv3 and TLS.
+     Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
+     both SSLv2, SSLv3 and TLSv1 in the one server and client.

 libcrypto.a:
-     Provides general cryptographic and X.509 support needed by SSL/TLS but
-     not logically part of it.
+     General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
+     actually logically part of it. It includes routines for the following:
+
+     Ciphers
+        libdes - EAY's libdes DES encryption package which was floating
+                 around the net for a few years, and was then relicensed by
+                 him as part of SSLeay.  It includes 15 'modes/variations'
+                 of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
+                 pcbc and a more general form of cfb and ofb) including desx
+                 in cbc mode, a fast crypt(3), and routines to read
+                 passwords from the keyboard.
+        RC4 encryption,
+        RC2 encryption      - 4 different modes, ecb, cbc, cfb and ofb.
+        Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
+        IDEA encryption     - 4 different modes, ecb, cbc, cfb and ofb.
+
+     Digests
+        MD5 and MD2 message digest algorithms, fast implementations,
+        SHA (SHA-0) and SHA-1 message digest algorithms,
+        MDC2 message digest. A DES based hash that is popular on smart cards.
+
+     Public Key
+        RSA encryption/decryption/generation.
+            There is no limit on the number of bits.
+        DSA encryption/decryption/generation.
+            There is no limit on the number of bits.
+        Diffie-Hellman key-exchange/key generation.
+            There is no limit on the number of bits.
+
+     X.509v3 certificates
+        X509 encoding/decoding into/from binary ASN1 and a PEM
+             based ASCII-binary encoding which supports encryption with a
+             private key.  Program to generate RSA and DSA certificate
+             requests and to generate RSA and DSA certificates.
+
+     Systems
+        The normal digital envelope routines and base64 encoding.  Higher
+        level access to ciphers and digests by name.  New ciphers can be
+        loaded at run time.  The BIO io system which is a simple non-blocking
+        IO abstraction.  Current methods supported are file descriptors,
+        sockets, socket accept, socket connect, memory buffer, buffering, SSL
+        client/server, file pointer, encryption, digest, non-blocking testing
+        and null.
+
+     Data structures
+        A dynamically growing hashing system
+        A simple stack.
+        A Configuration loader that uses a format similar to MS .ini files.

 openssl:
     A command line tool that can be used for:
-        Creation of key parameters
+        Creation of RSA, DH and DSA key parameters
        Creation of X.509 certificates, CSRs and CRLs
-        Calculation of message digests
-        Encryption and decryption
-        SSL/TLS client and server tests
+        Calculation of Message Digests
+        Encryption and Decryption with Ciphers
+        SSL/TLS Client and Server Tests
        Handling of S/MIME signed or encrypted mail
-        And more...
+
+
+ PATENTS
+ -------
+
+ Various companies hold various patents for various algorithms in various
+ locations around the world. _YOU_ are responsible for ensuring that your use
+ of any algorithms is legal by checking if there are any patents in your
+ country.  The file contains some of the patents that we know about or are
+ rumored to exist. This is not a definitive list.
+
+ RSA Security holds software patents on the RC5 algorithm.  If you
+ intend to use this cipher, you must contact RSA Security for
+ licensing conditions. Their web page is http://www.rsasecurity.com/.
+
+ RC4 is a trademark of RSA Security, so use of this label should perhaps
+ only be used with RSA Security's permission.
+
+ The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
+ Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They
+ should be contacted if that algorithm is to be used; their web page is
+ http://www.ascom.ch/.
+
+ NTT and Mitsubishi have patents and pending patents on the Camellia
+ algorithm, but allow use at no charge without requiring an explicit
+ licensing agreement: http://info.isl.ntt.co.jp/crypt/eng/info/chiteki.html

 INSTALLATION
 ------------

- See the appropriate file:
-        INSTALL         Linux, Unix, etc.
-        INSTALL.DJGPP   DOS platform with DJGPP
-        INSTALL.NW      Netware
-        INSTALL.OS2     OS/2
-        INSTALL.VMS     VMS
-        INSTALL.W32     Windows (32bit)
-        INSTALL.W64     Windows (64bit)
-        INSTALL.WCE     Windows CE
+ To install this package under a Unix derivative, read the INSTALL file.  For
+ a Win32 platform, read the INSTALL.W32 file.  For OpenVMS systems, read
+ INSTALL.VMS.
+
+ Read the documentation in the doc/ directory.  It is quite rough, but it
+ lists the functions; you will probably have to look at the code to work out
+ how to use them. Look at the example programs.
+
+ PROBLEMS
+ --------
+
+ For some platforms, there are some known problems that may affect the user
+ or application author.  We try to collect those in doc/PROBLEMS, with current
+ thoughts on how they should be solved in a future of OpenSSL.

 SUPPORT
 -------

- See the OpenSSL website www.openssl.org for details on how to obtain
+ See the OpenSSL website www.openssl.org for details of how to obtain
 commercial technical support.

 If you have any problems with OpenSSL then please take the following steps
@ -84,36 +161,58 @@
    - Problem Description (steps that will reproduce the problem, if known)
    - Stack Traceback (if the application dumps core)

- Email the report to:
+ Report the bug to the OpenSSL project via the Request Tracker
+ (http://www.openssl.org/support/rt.html) by mail to:

-    rt@openssl.org
+    openssl-bugs@openssl.org

- In order to avoid spam, this is a moderated mailing list, and it might
- take a day for the ticket to show up.  (We also scan posts to make sure
- that security disclosures aren't publically posted by mistake.) Mail
- to this address is recorded in the public RT (request tracker) database
- (see https://www.openssl.org/community/index.html#bugs for details) and
- also forwarded the public openssl-dev mailing list.  Confidential mail
- may be sent to openssl-security@openssl.org (PGP key available from the
- key servers).
+ Note that the request tracker should NOT be used for general assistance
+ or support queries. Just because something doesn't work the way you expect
+ does not mean it is necessarily a bug in OpenSSL.

- Please do NOT use this for general assistance or support queries.
- Just because something doesn't work the way you expect does not mean it
- is necessarily a bug in OpenSSL.
-
- You can also make GitHub pull requests. If you do this, please also send
- mail to rt@openssl.org with a link to the PR so that we can more easily
- keep track of it.
+ Note that mail to openssl-bugs@openssl.org is recorded in the publicly
+ readable request tracker database and is forwarded to a public
+ mailing list. Confidential mail may be sent to openssl-security@openssl.org
+ (PGP key available from the key servers).

 HOW TO CONTRIBUTE TO OpenSSL
 ----------------------------

- See CONTRIBUTING
+ Development is coordinated on the openssl-dev mailing list (see
+ http://www.openssl.org for information on subscribing). If you
+ would like to submit a patch, send it to openssl-bugs@openssl.org with
+ the string "[PATCH]" in the subject. Please be sure to include a
+ textual explanation of what your patch does.

- LEGALITIES
- ----------
+ If you are unsure as to whether a feature will be useful for the general
+ OpenSSL community please discuss it on the openssl-dev mailing list first.
+ Someone may be already working on the same thing or there may be a good
+ reason as to why that feature isn't implemented.
+
+ Patches should be as up to date as possible, preferably relative to the
+ current Git or the last snapshot. They should follow the coding style of
+ OpenSSL and compile without warnings. Some of the core team developer targets
+ can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
+ compiles on many varied platforms: try to ensure you only use portable
+ features.
+
+ Note: For legal reasons, contributions from the US can be accepted only
+ if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
+ (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
+ please take some time to look at
+    http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
+ and
+    http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
+ for the details. If "your encryption source code is too large to serve as
+ an email attachment", they are glad to receive it by fax instead; hope you
+ have a cheap long-distance plan.
+
+ Our preferred format for changes is "diff -u" output. You might
+ generate it like this:
+
+ # cd openssl-work
+ # [your changes]
+ # ./Configure dist; make clean
+ # cd ..
+ # diff -ur openssl-orig openssl-work > mydiffs.patch

- A number of nations, in particular the U.S., restrict the use or export
- of cryptography. If you are potentially subject to such restrictions
- you should seek competent professional legal advice before attempting to
- develop or distribute cryptographic code.
--- a/108
+++ b/108
@ -35,7 +35,7 @@ $multilib     =

 *** BS2000-OSD
 $cc           = c89
-$cflags       = -O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC
+$cflags       = -O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@ -68,7 +68,7 @@ $multilib     =

 *** BSD-generic32
 $cc           = gcc
-$cflags       = -O3 -fomit-frame-pointer -Wall
+$cflags       = -DTERMIOS -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -101,7 +101,7 @@ $multilib     =

 *** BSD-generic64
 $cc           = gcc
-$cflags       = -O3 -Wall
+$cflags       = -DTERMIOS -O3 -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -134,7 +134,7 @@ $multilib     =

 *** BSD-ia64
 $cc           = gcc
-$cflags       = -DL_ENDIAN -O3 -Wall
+$cflags       = -DL_ENDIAN -DTERMIOS -O3 -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -167,7 +167,7 @@ $multilib     =

 *** BSD-sparc64
 $cc           = gcc
-$cflags       = -DB_ENDIAN -O3 -DMD32_REG_T=int -Wall
+$cflags       = -DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -200,7 +200,7 @@ $multilib     =

 *** BSD-sparcv8
 $cc           = gcc
-$cflags       = -DB_ENDIAN -O3 -mcpu=v8 -Wall
+$cflags       = -DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -233,7 +233,7 @@ $multilib     =

 *** BSD-x86
 $cc           = gcc
-$cflags       = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall
+$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -266,7 +266,7 @@ $multilib     =

 *** BSD-x86-elf
 $cc           = gcc
-$cflags       = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall
+$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -299,7 +299,7 @@ $multilib     =

 *** BSD-x86_64
 $cc           = gcc
-$cflags       = -DL_ENDIAN -O3 -Wall
+$cflags       = -DL_ENDIAN -DTERMIOS -O3 -Wall
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -398,7 +398,7 @@ $multilib     =

 *** DJGPP
 $cc           = gcc
-$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
+$cflags       = -I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall
 $unistd       = 
 $thread_cflag = 
 $sys_id       = MSDOS
@ -530,7 +530,7 @@ $multilib     =

 *** QNX6
 $cc           = gcc
-$cflags       = 
+$cflags       = -DTERMIOS
 $unistd       = 
 $thread_cflag = 
 $sys_id       = 
@ -563,7 +563,7 @@ $multilib     =

 *** QNX6-i386
 $cc           = gcc
-$cflags       = -DL_ENDIAN -O2 -Wall
+$cflags       = -DL_ENDIAN -DTERMIOS -O2 -Wall
 $unistd       = 
 $thread_cflag = 
 $sys_id       = 
@ -1520,7 +1520,7 @@ $multilib     =

 *** debug-BSD-x86-elf
 $cc           = gcc
-$cflags       = -DL_ENDIAN -O3 -Wall -g
+$cflags       = -DL_ENDIAN -DTERMIOS -O3 -Wall -g
 $unistd       = 
 $thread_cflag = -pthread -D_THREAD_SAFE -D_REENTRANT
 $sys_id       = 
@ -2213,7 +2213,7 @@ $multilib     =

 *** debug-levitte-linux-elf-extreme
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2279,7 +2279,7 @@ $multilib     =

 *** debug-levitte-linux-noasm-extreme
 $cc           = gcc
-$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
+$cflags       = -DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2312,7 +2312,7 @@ $multilib     =

 *** debug-linux-elf
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2345,7 +2345,7 @@ $multilib     =

 *** debug-linux-elf-noefence
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2378,7 +2378,7 @@ $multilib     =

 *** debug-linux-generic32
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2411,7 +2411,7 @@ $multilib     =

 *** debug-linux-generic64
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2444,7 +2444,7 @@ $multilib     =

 *** debug-linux-ia32-aes
 $cc           = gcc
-$cflags       = -DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall
+$cflags       = -DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2477,7 +2477,7 @@ $multilib     =

 *** debug-linux-pentium
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2510,7 +2510,7 @@ $multilib     =

 *** debug-linux-ppro
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2543,7 +2543,7 @@ $multilib     =

 *** debug-linux-x86_64
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -2642,7 +2642,7 @@ $multilib     =

 *** debug-solaris-sparcv8-gcc
 $cc           = gcc
-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN
+$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -3566,7 +3566,7 @@ $multilib     = /pa20_64

 *** hurd-x86
 $cc           = gcc
-$cflags       = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall
+$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -3632,7 +3632,7 @@ $multilib     =

 *** irix-cc
 $cc           = cc
-$cflags       = -O2 -use_readonly_const -DB_ENDIAN
+$cflags       = -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@ -3665,7 +3665,7 @@ $multilib     =

 *** irix-gcc
 $cc           = gcc
-$cflags       = -O3 -DB_ENDIAN
+$cflags       = -O3 -DTERMIOS -DB_ENDIAN
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@ -3698,7 +3698,7 @@ $multilib     =

 *** irix-mips3-cc
 $cc           = cc
-$cflags       = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W
+$cflags       = -n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W
 $unistd       = 
 $thread_cflag = -D_SGI_MP_SOURCE
 $sys_id       = 
@ -3731,7 +3731,7 @@ $multilib     = 32

 *** irix-mips3-gcc
 $cc           = gcc
-$cflags       = -mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W
+$cflags       = -mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W
 $unistd       = 
 $thread_cflag = -D_SGI_MP_SOURCE
 $sys_id       = 
@ -3764,7 +3764,7 @@ $multilib     = 32

 *** irix64-mips4-cc
 $cc           = cc
-$cflags       = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W
+$cflags       = -64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W
 $unistd       = 
 $thread_cflag = -D_SGI_MP_SOURCE
 $sys_id       = 
@ -3797,7 +3797,7 @@ $multilib     = 64

 *** irix64-mips4-gcc
 $cc           = gcc
-$cflags       = -mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W
+$cflags       = -mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W
 $unistd       = 
 $thread_cflag = -D_SGI_MP_SOURCE
 $sys_id       = 
@ -3830,7 +3830,7 @@ $multilib     = 64

 *** linux-alpha+bwx-ccc
 $cc           = ccc
-$cflags       = -fast -readonly_strings -DL_ENDIAN
+$cflags       = -fast -readonly_strings -DL_ENDIAN -DTERMIO
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -3863,7 +3863,7 @@ $multilib     =

 *** linux-alpha+bwx-gcc
 $cc           = gcc
-$cflags       = -O3 -DL_ENDIAN
+$cflags       = -O3 -DL_ENDIAN -DTERMIO
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -3896,7 +3896,7 @@ $multilib     =

 *** linux-alpha-ccc
 $cc           = ccc
-$cflags       = -fast -readonly_strings -DL_ENDIAN
+$cflags       = -fast -readonly_strings -DL_ENDIAN -DTERMIO
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -3929,7 +3929,7 @@ $multilib     =

 *** linux-alpha-gcc
 $cc           = gcc
-$cflags       = -O3 -DL_ENDIAN
+$cflags       = -O3 -DL_ENDIAN -DTERMIO
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -3962,7 +3962,7 @@ $multilib     =

 *** linux-aout
 $cc           = gcc
-$cflags       = -DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = 
@ -3995,7 +3995,7 @@ $multilib     =

 *** linux-armv4
 $cc           = gcc
-$cflags       = -O3 -Wall
+$cflags       = -DTERMIO -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4028,7 +4028,7 @@ $multilib     =

 *** linux-elf
 $cc           = gcc
-$cflags       = -DL_ENDIAN -O3 -fomit-frame-pointer -Wall
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4061,7 +4061,7 @@ $multilib     =

 *** linux-generic32
 $cc           = gcc
-$cflags       = -O3 -fomit-frame-pointer -Wall
+$cflags       = -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4094,7 +4094,7 @@ $multilib     =

 *** linux-generic64
 $cc           = gcc
-$cflags       = -O3 -Wall
+$cflags       = -DTERMIO -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4127,7 +4127,7 @@ $multilib     =

 *** linux-ia32-icc
 $cc           = icc
-$cflags       = -DL_ENDIAN -O2 -no_cpprt
+$cflags       = -DL_ENDIAN -DTERMIO -O2 -no_cpprt
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4160,7 +4160,7 @@ $multilib     =

 *** linux-ia64
 $cc           = gcc
-$cflags       = -DL_ENDIAN -O3 -Wall
+$cflags       = -DL_ENDIAN -DTERMIO -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4193,7 +4193,7 @@ $multilib     =

 *** linux-ia64-ecc
 $cc           = ecc
-$cflags       = -DL_ENDIAN -O2 -Wall -no_cpprt
+$cflags       = -DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4226,7 +4226,7 @@ $multilib     =

 *** linux-ia64-icc
 $cc           = icc
-$cflags       = -DL_ENDIAN -O2 -Wall -no_cpprt
+$cflags       = -DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4259,7 +4259,7 @@ $multilib     =

 *** linux-ppc
 $cc           = gcc
-$cflags       = -DB_ENDIAN -O3 -Wall
+$cflags       = -DB_ENDIAN -DTERMIO -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4292,7 +4292,7 @@ $multilib     =

 *** linux-ppc64
 $cc           = gcc
-$cflags       = -m64 -DB_ENDIAN -O3 -Wall
+$cflags       = -m64 -DB_ENDIAN -DTERMIO -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4325,7 +4325,7 @@ $multilib     = 64

 *** linux-sparcv8
 $cc           = gcc
-$cflags       = -mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W
+$cflags       = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4358,7 +4358,7 @@ $multilib     =

 *** linux-sparcv9
 $cc           = gcc
-$cflags       = -m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W
+$cflags       = -m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = ULTRASPARC
@ -4391,7 +4391,7 @@ $multilib     =

 *** linux-x86_64
 $cc           = gcc
-$cflags       = -m64 -DL_ENDIAN -O3 -Wall
+$cflags       = -m64 -DL_ENDIAN -DTERMIO -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4424,7 +4424,7 @@ $multilib     = 64

 *** linux32-s390x
 $cc           = gcc
-$cflags       = -m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall
+$cflags       = -m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4457,7 +4457,7 @@ $multilib     = /highgprs

 *** linux64-s390x
 $cc           = gcc
-$cflags       = -m64 -DB_ENDIAN -O3 -Wall
+$cflags       = -m64 -DB_ENDIAN -DTERMIO -O3 -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -4490,7 +4490,7 @@ $multilib     = 64

 *** linux64-sparcv9
 $cc           = gcc
-$cflags       = -m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall
+$cflags       = -m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = ULTRASPARC
@ -5315,7 +5315,7 @@ $multilib     =

 *** solaris-sparcv8-gcc
 $cc           = gcc
-$cflags       = -mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
+$cflags       = -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
 $unistd       = 
 $thread_cflag = -D_REENTRANT
 $sys_id       = 
@ -5612,7 +5612,7 @@ $multilib     = /64

 *** sunos-gcc
 $cc           = gcc
-$cflags       = -O3 -mcpu=v8 -Dssize_t=int
+$cflags       = -O3 -mv8 -Dssize_t=int
 $unistd       = 
 $thread_cflag = (unknown)
 $sys_id       = SUNOS
--- a/apps/.cvsignore
+++ b/apps/.cvsignore
@ -0,0 +1,8 @@
+openssl
+Makefile.save
+der_chop
+der_chop.bak
+CA.pl
+*.flc
+semantic.cache
+*.dll
--- a/apps/Makefile
+++ b/apps/Makefile
@ -94,9 +94,6 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 sreq.o: req.c 
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c

-openssl-vms.cnf: openssl.cnf
-	$(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf
-
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

@ -130,12 +127,12 @@ links:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: openssl-vms.cnf local_depend
-
-depend: local_depend
-	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-local_depend:
-	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+depend:
+	@if [ -z "$(THIS)" ]; then \
+	    $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
+	else \
+	    $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
+	fi

 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@ -147,10 +144,10 @@ clean:
 	rm -f req

 $(DLIBSSL):
-	(cd ..; $(MAKE) build_libssl)
+	(cd ..; $(MAKE) DIRS=ssl all)

 $(DLIBCRYPTO):
-	(cd ..; $(MAKE) build_libcrypto)
+	(cd ..; $(MAKE) DIRS=crypto all)

 $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(EXE)
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@ -115,6 +115,7 @@
 #include <openssl/bio.h>
 #include <openssl/rand.h>

+
 static int seeded = 0;
 static int egdsocket = 0;

@ -132,27 +133,26 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)

 	if (file == NULL)
 		file = RAND_file_name(buffer, sizeof buffer);
-    else if (RAND_egd(file) > 0) {
-        /*
-         * we try if the given filename is an EGD socket. if it is, we don't
-         * write anything back to the file.
-         */
+	else if (RAND_egd(file) > 0)
+		{
+		/* we try if the given filename is an EGD socket.
+		   if it is, we don't write anything back to the file. */
 		egdsocket = 1;
 		return 1;
 		}
-    if (file == NULL || !RAND_load_file(file, -1)) {
-        if (RAND_status() == 0) {
-            if (!dont_warn) {
+	if (file == NULL || !RAND_load_file(file, -1))
+		{
+		if (RAND_status() == 0)
+			{
+			if (!dont_warn)
+				{
 				BIO_printf(bio_e,"unable to load 'random state'\n");
-                BIO_printf(bio_e,
-                           "This means that the random number generator has not been seeded\n");
+				BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
 				BIO_printf(bio_e,"with much random data.\n");
-                if (consider_randfile) { /* explanation does not apply when a
-                                          * file is explicitly named */
-                    BIO_printf(bio_e,
-                               "Consider setting the RANDFILE environment variable to point at a file that\n");
-                    BIO_printf(bio_e,
-                               "'random' data can be kept in (the file will be overwritten).\n");
+				if (consider_randfile) /* explanation does not apply when a file is explicitly named */
+					{
+					BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
+					BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
 					}
 				}
 			return 0;
@ -169,24 +169,22 @@ long app_RAND_load_files(char *name)
 	long tot=0;
 	int egd;
 	
-    for (;;) {
+	for (;;)
+		{
 		last=0;
 		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
-        if (*p == '\0')
-            last = 1;
+		if (*p == '\0') last=1;
 		*p='\0';
 		n=name;
 		name=p+1;
-        if (*n == '\0')
-            break;
+		if (*n == '\0') break;

 		egd=RAND_egd(n);
 		if (egd > 0)
 			tot+=egd;
 		else
 			tot+=RAND_load_file(n,-1);
-        if (last)
-            break;
+		if (last) break;
 		}
 	if (tot > 512)
 		app_RAND_allow_write_file();
@ -198,16 +196,16 @@ int app_RAND_write_file(const char *file, BIO *bio_e)
 	char buffer[200];
 	
 	if (egdsocket || !seeded)
-        /*
-         * If we did not manage to read the seed file, we should not write a
-         * low-entropy seed file back -- it would suppress a crucial warning
-         * the next time we want to use it.
-         */
+		/* If we did not manage to read the seed file,
+		 * we should not write a low-entropy seed file back --
+		 * it would suppress a crucial warning the next time
+		 * we want to use it. */
 		return 0;

 	if (file == NULL)
 		file = RAND_file_name(buffer, sizeof buffer);
-    if (file == NULL || !RAND_write_file(file)) {
+	if (file == NULL || !RAND_write_file(file))
+		{
 		BIO_printf(bio_e,"unable to write 'random state'\n");
 		return 0;
 		}
--- a/apps/apps.c
+++ b/apps/apps.c
--- a/apps/apps.h
+++ b/apps/apps.h
@ -129,9 +129,8 @@

 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
 int app_RAND_write_file(const char *file, BIO *bio_e);
-/*
- * When `file' is NULL, use defaults. `bio_e' is for error messages.
- */
+/* When `file' is NULL, use defaults.
+ * `bio_e' is for error messages. */
 void app_RAND_allow_write_file(void);
 long app_RAND_load_files(char *file); /* `file' is a list of files to read,
                                       * separated by LIST_SEPARATOR_CHAR
@ -211,18 +210,22 @@ extern BIO *bio_err;
 #  define openssl_fdset(a,b) FD_SET(a, b)
 #endif

-typedef struct args_st {
+
+typedef struct args_st
+	{
 	char **data;
 	int count;
 	} ARGS;

 #define PW_MIN_LENGTH 4
-typedef struct pw_cb_data {
+typedef struct pw_cb_data
+	{
 	const void *password;
 	const char *prompt_info;
 	} PW_CB_DATA;

-int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
+int password_callback(char *buf, int bufsiz, int verify,
+	PW_CB_DATA *cb_data);

 int setup_ui_method(void);
 void destroy_ui_method(void);
@ -234,8 +237,7 @@ void program_name(char *in, char *out, int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 #ifdef HEADER_X509_H
 int dump_cert_text(BIO *out, X509 *x);
-void print_name(BIO *out, const char *title, X509_NAME *nm,
-                unsigned long lflags);
+void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags);
 #endif
 int set_cert_ex(unsigned long *flags, const char *arg);
 int set_name_ex(unsigned long *flags, const char *arg);
@ -250,11 +252,9 @@ EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
 EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
 	const char *pass, ENGINE *e, const char *key_descrip);
 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
-                           const char *pass, ENGINE *e,
-                           const char *cert_descrip);
+	const char *pass, ENGINE *e, const char *cert_descrip);
 STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
-                              const char *pass, ENGINE *e,
-                              const char *cert_descrip);
+	const char *pass, ENGINE *e, const char *cert_descrip);
 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
 #ifndef OPENSSL_NO_ENGINE
 ENGINE *setup_engine(BIO *err, const char *engine, int debug);
@ -262,8 +262,8 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug);

 #ifndef OPENSSL_NO_OCSP
 OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
-                                 char *host, char *path, char *port,
-                                 int use_ssl, STACK_OF(CONF_VALUE) *headers,
+			char *host, char *path, char *port, int use_ssl,
+			STACK_OF(CONF_VALUE) *headers,
 			int req_timeout);
 #endif

@ -279,32 +279,31 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
 #define DB_rev_date     2
 #define DB_serial       3       /* index - unique */
 #define DB_file         4       
-# define DB_name         5      /* index - unique when active and not
-                                 * disabled */
+#define DB_name         5       /* index - unique when active and not disabled */
 #define DB_NUMBER       6

 #define DB_TYPE_REV	'R'
 #define DB_TYPE_EXP	'E'
 #define DB_TYPE_VAL	'V'

-typedef struct db_attr_st {
+typedef struct db_attr_st
+	{
 	int unique_subject;
 	} DB_ATTR;
-typedef struct ca_db_st {
+typedef struct ca_db_st
+	{
 	DB_ATTR attributes;
 	TXT_DB *db;
 	} CA_DB;

 BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
-                ASN1_INTEGER **retai);
+int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
 int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
 int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
 CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
 int index_index(CA_DB *db);
 int save_index(const char *dbfile, const char *suffix, CA_DB *db);
-int rotate_index(const char *dbfile, const char *new_suffix,
-                 const char *old_suffix);
+int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);
 void free_index(CA_DB *db);
 #define index_name_cmp_noconst(a, b) \
 	index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
@ -336,8 +335,7 @@ void jpake_server_auth(BIO *out, BIO *conn, const char *secret);

 #if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
 unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
-# endif                         /* !OPENSSL_NO_TLSEXT &&
-                                 * !OPENSSL_NO_NEXTPROTONEG */
+#endif  /* !OPENSSL_NO_TLSEXT && !OPENSSL_NO_NEXTPROTONEG */

 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@ -56,9 +56,8 @@
 * [including the GNU Public Licence.]
 */

-/*
- * A nice addition from Dr Stephen Henson <steve@openssl.org> to add the
- * -strparse option which parses nested binary structures
+/* A nice addition from Dr Stephen Henson <steve@openssl.org> to 
+ * add the -strparse option which parses nested binary structures
 */

 #include <stdio.h>
@ -70,8 +69,7 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>

-/*-
- * -inform arg  - input format - default PEM (DER or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
 * -in arg	- input file - default stdin
 * -i		- indent the details by depth
 * -offset	- where in the file to start
@ -115,62 +113,76 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
+	if ((osk=sk_OPENSSL_STRING_new_null()) == NULL)
+		{
 		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto end;
 		}
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			derfile= *(++argv);
-        } else if (strcmp(*argv, "-i") == 0) {
+			}
+		else if (strcmp(*argv,"-i") == 0)
+			{
 			indent=1;
-        } else if (strcmp(*argv, "-noout") == 0)
-            noout = 1;
-        else if (strcmp(*argv, "-oid") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-noout") == 0) noout = 1;
+		else if (strcmp(*argv,"-oid") == 0)
+			{
+			if (--argc < 1) goto bad;
 			oidfile= *(++argv);
-        } else if (strcmp(*argv, "-offset") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-offset") == 0)
+			{
+			if (--argc < 1) goto bad;
 			offset= atoi(*(++argv));
-        } else if (strcmp(*argv, "-length") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-length") == 0)
+			{
+			if (--argc < 1) goto bad;
 			length= atoi(*(++argv));
-            if (length == 0)
-                goto bad;
-        } else if (strcmp(*argv, "-dump") == 0) {
+			if (length == 0) goto bad;
+			}
+		else if (strcmp(*argv,"-dump") == 0)
+			{
 			dump= -1;
-        } else if (strcmp(*argv, "-dlimit") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-dlimit") == 0)
+			{
+			if (--argc < 1) goto bad;
 			dump= atoi(*(++argv));
-            if (dump <= 0)
-                goto bad;
-        } else if (strcmp(*argv, "-strparse") == 0) {
-            if (--argc < 1)
-                goto bad;
+			if (dump <= 0) goto bad;
+			}
+		else if (strcmp(*argv,"-strparse") == 0)
+			{
+			if (--argc < 1) goto bad;
 			sk_OPENSSL_STRING_push(osk,*(++argv));
-        } else if (strcmp(*argv, "-genstr") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-genstr") == 0)
+			{
+			if (--argc < 1) goto bad;
 			genstr= *(++argv);
-        } else if (strcmp(*argv, "-genconf") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-genconf") == 0)
+			{
+			if (--argc < 1) goto bad;
 			genconf= *(++argv);
-        } else {
+			}
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -179,30 +191,26 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
-        BIO_printf(bio_err,
-                   " -out arg      output file (output format is always DER\n");
+		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
 		BIO_printf(bio_err," -noout arg    don't produce any output\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
 		BIO_printf(bio_err," -length arg   length of section in file\n");
 		BIO_printf(bio_err," -i            indent entries\n");
 		BIO_printf(bio_err," -dump         dump unknown data in hex form\n");
-        BIO_printf(bio_err,
-                   " -dlimit arg   dump the first arg bytes of unknown data in hex form\n");
+		BIO_printf(bio_err," -dlimit arg   dump the first arg bytes of unknown data in hex form\n");
 		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
 		BIO_printf(bio_err," -strparse offset\n");
-        BIO_printf(bio_err,
-                   "               a series of these can be used to 'dig' into multiple\n");
+		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
-        BIO_printf(bio_err,
-                   " -genstr str   string to generate ASN1 structure from\n");
-        BIO_printf(bio_err,
-                   " -genconf file file to generate ASN1 structure from\n");
+		BIO_printf(bio_err," -genstr str   string to generate ASN1 structure from\n");
+		BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n");
 		goto end;
 		}

@ -210,7 +218,8 @@ int MAIN(int argc, char **argv)

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
@ -222,8 +231,10 @@ int MAIN(int argc, char **argv)
 	}
 #endif

-    if (oidfile != NULL) {
-        if (BIO_read_filename(in, oidfile) <= 0) {
+	if (oidfile != NULL)
+		{
+		if (BIO_read_filename(in,oidfile) <= 0)
+			{
 			BIO_printf(bio_err,"problems opening %s\n",oidfile);
 			ERR_print_errors(bio_err);
 			goto end;
@ -233,8 +244,10 @@ int MAIN(int argc, char **argv)

 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
 			perror(infile);
 			goto end;
 			}
@ -248,22 +261,24 @@ int MAIN(int argc, char **argv)
 		}
 	}

-    if ((buf = BUF_MEM_new()) == NULL)
-        goto end;
-    if (!BUF_MEM_grow(buf, BUFSIZ * 8))
-        goto end;               /* Pre-allocate :-) */
+	if ((buf=BUF_MEM_new()) == NULL) goto end;
+	if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */

-    if (genstr || genconf) {
+	if (genstr || genconf)
+		{
 		num = do_generate(bio_err, genstr, genconf, buf);
-        if (num < 0) {
+		if (num < 0)
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}

-    else {
+	else
+		{

-        if (informat == FORMAT_PEM) {
+		if (informat == FORMAT_PEM)
+			{
 			BIO *tmp;

 			if ((b64=BIO_new(BIO_f_base64())) == NULL)
@ -275,12 +290,11 @@ int MAIN(int argc, char **argv)
 			}

 		num=0;
-        for (;;) {
-            if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
-                goto end;
+		for (;;)
+			{
+			if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
 			i=BIO_read(in,&(buf->data[num]),BUFSIZ);
-            if (i <= 0)
-                break;
+			if (i <= 0) break;
 			num+=i;
 			}
 		}
@ -288,16 +302,18 @@ int MAIN(int argc, char **argv)

 	/* If any structs to parse go through in sequence */

-    if (sk_OPENSSL_STRING_num(osk)) {
+	if (sk_OPENSSL_STRING_num(osk))
+		{
 		tmpbuf=(unsigned char *)str;
 		tmplen=num;
-        for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
+		for (i=0; i<sk_OPENSSL_STRING_num(osk); i++)
+			{
 			ASN1_TYPE *atmp;
 			int typ;
 			j=atoi(sk_OPENSSL_STRING_value(osk,i));
-            if (j == 0) {
-                BIO_printf(bio_err, "'%s' is an invalid number\n",
-                           sk_OPENSSL_STRING_value(osk, i));
+			if (j == 0)
+				{
+				BIO_printf(bio_err,"'%s' is an invalid number\n",sk_OPENSSL_STRING_value(osk,i));
 				continue;
 				}
 			tmpbuf+=j;
@ -306,16 +322,18 @@ int MAIN(int argc, char **argv)
 			ctmpbuf = tmpbuf;
 			at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen);
 			ASN1_TYPE_free(atmp);
-            if (!at) {
+			if(!at)
+				{
 				BIO_printf(bio_err,"Error parsing structure\n");
 				ERR_print_errors(bio_err);
 				goto end;
 				}
 			typ = ASN1_TYPE_get(at);
 			if ((typ == V_ASN1_OBJECT)
-                || (typ == V_ASN1_BOOLEAN)
-                || (typ == V_ASN1_NULL)) {
-                BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
+				|| (typ == V_ASN1_NULL))
+				{
+				BIO_printf(bio_err, "Can't parse %s type\n",
+					typ == V_ASN1_NULL ? "NULL" : "OBJECT");
 				ERR_print_errors(bio_err);
 				goto end;
 				}
@ -327,15 +345,15 @@ int MAIN(int argc, char **argv)
 		num=tmplen;
 		}

-    if (offset >= num) {
+	if (offset >= num)
+		{
 		BIO_printf(bio_err, "Error: offset too large\n");
 		goto end;
 		}

 	num -= offset;

-    if ((length == 0) || ((long)length > num))
-        length = (unsigned int)num;
+	if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
 	if(derout) {
 		if(BIO_write(derout, str + offset, length) != (int)length) {
 			BIO_printf(bio_err, "Error writing output\n");
@ -345,27 +363,22 @@ int MAIN(int argc, char **argv)
 	}
 	if (!noout &&
 	    !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
-                         indent, dump)) {
+		    indent,dump))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	ret=0;
 end:
 	BIO_free(derout);
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (b64 != NULL)
-        BIO_free(b64);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
+	if (b64 != NULL) BIO_free(b64);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-    if (buf != NULL)
-        BUF_MEM_free(buf);
-    if (at != NULL)
-        ASN1_TYPE_free(at);
-    if (osk != NULL)
-        sk_OPENSSL_STRING_free(osk);
+	if (buf != NULL) BUF_MEM_free(buf);
+	if (at != NULL) ASN1_TYPE_free(at);
+	if (osk != NULL) sk_OPENSSL_STRING_free(osk);
 	OBJ_cleanup();
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
@ -375,17 +388,19 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
 	{
 	CONF *cnf = NULL;
 	int len;
-    long errline = 0;
+	long errline;
 	unsigned char *p;
 	ASN1_TYPE *atyp = NULL;

-    if (genconf) {
+	if (genconf)
+		{
 		cnf = NCONF_new(NULL);
 		if (!NCONF_load(cnf, genconf, &errline))
 			goto conferr;
 		if (!genstr)
 			genstr = NCONF_get_string(cnf, "default", "asn1");
-        if (!genstr) {
+		if (!genstr)
+			{
 			BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
 			goto err;
 			}
--- a/apps/ca.c
+++ b/apps/ca.c
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@ -114,7 +114,8 @@ int MAIN(int argc, char **argv)

 	argc--;
 	argv++;
-    while (argc >= 1) {
+	while (argc >= 1)
+		{
 		if (strcmp(*argv,"-v") == 0)
 			verbose=1;
 		else if (strcmp(*argv,"-V") == 0)
@ -131,17 +132,22 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-tls1") == 0)
 			meth=TLSv1_client_method();
 #endif
-        else if ((strncmp(*argv, "-h", 2) == 0) || (strcmp(*argv, "-?") == 0)) {
+		else if ((strncmp(*argv,"-h",2) == 0) ||
+			 (strcmp(*argv,"-?") == 0))
+			{
 			badops=1;
 			break;
-        } else {
+			}
+		else
+			{
 			ciphers= *argv;
 			}
 		argc--;
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 		for (pp=ciphers_usage; (*pp != NULL); pp++)
 			BIO_printf(bio_err,"%s",*pp);
 		goto end;
@ -150,8 +156,7 @@ int MAIN(int argc, char **argv)
 	OpenSSL_add_ssl_algorithms();

 	ctx=SSL_CTX_new(meth);
-    if (ctx == NULL)
-        goto err;
+	if (ctx == NULL) goto err;
 	if (ciphers != NULL) {
 		if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
 			BIO_printf(bio_err, "Error in cipher list\n");
@ -159,48 +164,44 @@ int MAIN(int argc, char **argv)
 		}
 	}
 	ssl=SSL_new(ctx);
-    if (ssl == NULL)
-        goto err;
+	if (ssl == NULL) goto err;

-    if (!verbose) {
-        for (i = 0;; i++) {
+
+	if (!verbose)
+		{
+		for (i=0; ; i++)
+			{
 			p=SSL_get_cipher_list(ssl,i);
-            if (p == NULL)
-                break;
-            if (i != 0)
-                BIO_printf(STDout, ":");
+			if (p == NULL) break;
+			if (i != 0) BIO_printf(STDout,":");
 			BIO_printf(STDout,"%s",p);
 			}
 		BIO_printf(STDout,"\n");
-    } else {                    /* verbose */
-
+		}
+	else /* verbose */
+		{
 		sk=SSL_get_ciphers(ssl);

-        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+		for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
+			{
 			SSL_CIPHER *c;

 			c = sk_SSL_CIPHER_value(sk,i);
 			
-            if (Verbose) {
+			if (Verbose)
+				{
 				unsigned long id = SSL_CIPHER_get_id(c);
 				int id0 = (int)(id >> 24);
 				int id1 = (int)((id >> 16) & 0xffL);
 				int id2 = (int)((id >> 8) & 0xffL);
 				int id3 = (int)(id & 0xffL);
 				
-                if ((id & 0xff000000L) == 0x02000000L) {
-                    /* SSL2 cipher */
-                    BIO_printf(STDout, "     0x%02X,0x%02X,0x%02X - ", id1,
-                               id2, id3);
-                } else if ((id & 0xff000000L) == 0x03000000L) {
-                    /* SSL3 cipher */
-                    BIO_printf(STDout, "          0x%02X,0x%02X - ", id2,
-                               id3);
-                } else {
-                    /* whatever */
-                    BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0,
-                               id1, id2, id3);
-                }
+				if ((id & 0xff000000L) == 0x02000000L)
+					BIO_printf(STDout, "     0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */
+				else if ((id & 0xff000000L) == 0x03000000L)
+					BIO_printf(STDout, "          0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */
+				else
+					BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
 				}

 			BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf));
@ -208,18 +209,17 @@ int MAIN(int argc, char **argv)
 		}

 	ret=0;
-    if (0) {
+	if (0)
+		{
 err:
 		SSL_load_error_strings();
 		ERR_print_errors(bio_err);
 		}
 end:
-    if (ctx != NULL)
-        SSL_CTX_free(ctx);
-    if (ssl != NULL)
-        SSL_free(ssl);
-    if (STDout != NULL)
-        BIO_free_all(STDout);
+	if (ctx != NULL) SSL_CTX_free(ctx);
+	if (ssl != NULL) SSL_free(ssl);
+	if (STDout != NULL) BIO_free_all(STDout);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
+
--- a/apps/cms.c
+++ b/apps/cms.c
--- a/apps/crl.c
+++ b/apps/crl.c
@ -110,8 +110,7 @@ int MAIN(int argc, char **argv)
 	BIO *out=NULL;
 	int informat,outformat;
 	char *infile=NULL,*outfile=NULL;
-    int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
-        0, text = 0;
+	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
 #ifndef OPENSSL_NO_MD5
       int hash_old=0;
 #endif
@ -135,7 +134,8 @@ int MAIN(int argc, char **argv)
 		goto end;

 	if (bio_out == NULL)
-        if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
+		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
+			{
 			BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
@ -151,43 +151,48 @@ int MAIN(int argc, char **argv)
 	argc--;
 	argv++;
 	num=0;
-    while (argc >= 1) {
+	while (argc >= 1)
+		{
 #ifdef undef
-        if (strcmp(*argv, "-p") == 0) {
-            if (--argc < 1)
-                goto bad;
-            if (!args_from_file(++argv, Nargc, Nargv)) {
-                goto end;
+		if	(strcmp(*argv,"-p") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/
 			}
-        */}
 #endif
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-CApath") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-CApath") == 0)
+			{
+			if (--argc < 1) goto bad;
 			CApath = *(++argv);
 			do_ver = 1;
-        } else if (strcmp(*argv, "-CAfile") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-CAfile") == 0)
+			{
+			if (--argc < 1) goto bad;
 			CAfile = *(++argv);
 			do_ver = 1;
-        } else if (strcmp(*argv, "-verify") == 0)
+			}
+		else if (strcmp(*argv,"-verify") == 0)
 			do_ver = 1;
 		else if (strcmp(*argv,"-text") == 0)
 			text = 1;
@ -197,12 +202,12 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-hash_old") == 0)
 			hash_old= ++num;
 #endif
-        else if (strcmp(*argv, "-nameopt") == 0) {
-            if (--argc < 1)
-                goto bad;
-            if (!set_name_ex(&nmflag, *(++argv)))
-                goto bad;
-        } else if (strcmp(*argv, "-issuer") == 0)
+		else if (strcmp(*argv,"-nameopt") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+			}
+		else if (strcmp(*argv,"-issuer") == 0)
 			issuer= ++num;
 		else if (strcmp(*argv,"-lastupdate") == 0)
 			lastupdate= ++num;
@ -214,10 +219,13 @@ int MAIN(int argc, char **argv)
 			fingerprint= ++num;
 		else if (strcmp(*argv,"-crlnumber") == 0)
 			crlnumber= ++num;
-        else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
+		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
+			{
 			/* ok */
 			digest=md_alg;
-        } else {
+			}
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -226,7 +234,8 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		for (pp=crl_usage; (*pp != NULL); pp++)
 			BIO_printf(bio_err,"%s",*pp);
@ -235,105 +244,118 @@ int MAIN(int argc, char **argv)

 	ERR_load_crypto_strings();
 	x=load_crl(infile,informat);
-    if (x == NULL) {
-        goto end;
-    }
+	if (x == NULL) { goto end; }

 	if(do_ver) {
 		store = X509_STORE_new();
 		lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
-        if (lookup == NULL)
-            goto end;
+		if (lookup == NULL) goto end;
 		if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
 			X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
 			
 		lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
-        if (lookup == NULL)
-            goto end;
+		if (lookup == NULL) goto end;
 		if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
 			X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
 		ERR_clear_error();

 		if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
-            BIO_printf(bio_err, "Error initialising X509 store\n");
+			BIO_printf(bio_err,
+				"Error initialising X509 store\n");
 			goto end;
 		}

 		i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, 
 					X509_CRL_get_issuer(x), &xobj);
 		if(i <= 0) {
-            BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
+			BIO_printf(bio_err,
+				"Error getting CRL issuer certificate\n");
 			goto end;
 		}
 		pkey = X509_get_pubkey(xobj.data.x509);
 		X509_OBJECT_free_contents(&xobj);
 		if(!pkey) {
-            BIO_printf(bio_err, "Error getting CRL issuer public key\n");
+			BIO_printf(bio_err,
+				"Error getting CRL issuer public key\n");
 			goto end;
 		}
 		i = X509_CRL_verify(x, pkey);
 		EVP_PKEY_free(pkey);
-        if (i < 0)
-            goto end;
-        if (i == 0)
-            BIO_printf(bio_err, "verify failure\n");
-        else
-            BIO_printf(bio_err, "verify OK\n");
+		if(i < 0) goto end;
+		if(i == 0) BIO_printf(bio_err, "verify failure\n");
+		else BIO_printf(bio_err, "verify OK\n");
 	}

-    if (num) {
-        for (i = 1; i <= num; i++) {
-            if (issuer == i) {
-                print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
-                           nmflag);
+	if (num)
+		{
+		for (i=1; i<=num; i++)
+			{
+			if (issuer == i)
+				{
+				print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
 				}
-            if (crlnumber == i) {
+			if (crlnumber == i)
+				{
 				ASN1_INTEGER *crlnum;
-                crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
+				crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number,
+							      NULL, NULL);
 				BIO_printf(bio_out,"crlNumber=");
-                if (crlnum) {
+				if (crlnum)
+					{
 					i2a_ASN1_INTEGER(bio_out, crlnum);
 					ASN1_INTEGER_free(crlnum);
-                } else
+					}
+				else
 					BIO_puts(bio_out, "<NONE>");
 				BIO_printf(bio_out,"\n");
 				}
-            if (hash == i) {
+			if (hash == i)
+				{
 				BIO_printf(bio_out,"%08lx\n",
 					X509_NAME_hash(X509_CRL_get_issuer(x)));
 				}
 #ifndef OPENSSL_NO_MD5
-            if (hash_old == i) {
+			if (hash_old == i)
+				{
 				BIO_printf(bio_out,"%08lx\n",
-                           X509_NAME_hash_old(X509_CRL_get_issuer(x)));
+					X509_NAME_hash_old(
+						X509_CRL_get_issuer(x)));
 				}
 #endif
-            if (lastupdate == i) {
+			if (lastupdate == i)
+				{
 				BIO_printf(bio_out,"lastUpdate=");
-                ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x));
+				ASN1_TIME_print(bio_out,
+						X509_CRL_get_lastUpdate(x));
 				BIO_printf(bio_out,"\n");
 				}
-            if (nextupdate == i) {
+			if (nextupdate == i)
+				{
 				BIO_printf(bio_out,"nextUpdate=");
 				if (X509_CRL_get_nextUpdate(x)) 
-                    ASN1_TIME_print(bio_out, X509_CRL_get_nextUpdate(x));
+					ASN1_TIME_print(bio_out,
+						X509_CRL_get_nextUpdate(x));
 				else
 					BIO_printf(bio_out,"NONE");
 				BIO_printf(bio_out,"\n");
 				}
-            if (fingerprint == i) {
+			if (fingerprint == i)
+				{
 				int j;
 				unsigned int n;
 				unsigned char md[EVP_MAX_MD_SIZE];

-                if (!X509_CRL_digest(x, digest, md, &n)) {
+				if (!X509_CRL_digest(x,digest,md,&n))
+					{
 					BIO_printf(bio_err,"out of memory\n");
 					goto end;
 					}
 				BIO_printf(bio_out,"%s Fingerprint=",
 						OBJ_nid2sn(EVP_MD_type(digest)));
-                for (j = 0; j < (int)n; j++) {
-                    BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
+				for (j=0; j<(int)n; j++)
+					{
+					BIO_printf(bio_out,"%02X%c",md[j],
+						(j+1 == (int)n)
 						?'\n':':');
 					}
 				}
@ -341,12 +363,14 @@ int MAIN(int argc, char **argv)
 		}

 	out=BIO_new(BIO_s_file());
-    if (out == NULL) {
+	if (out == NULL)
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -354,17 +378,20 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
 		}

-    if (text)
-        X509_CRL_print(out, x);
+	if (text) X509_CRL_print(out, x);

-    if (noout) {
+	if (noout) 
+		{
 		ret = 0;
 		goto end;
 		}
@ -373,14 +400,12 @@ int MAIN(int argc, char **argv)
 		i=(int)i2d_X509_CRL_bio(out,x);
 	else if (outformat == FORMAT_PEM)
 		i=PEM_write_bio_X509_CRL(out,x);
-    else {
+	else	
+		{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
-    if (!i) {
-        BIO_printf(bio_err, "unable to write CRL\n");
-        goto end;
-    }
+	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
 	ret=0;
 end:
 	BIO_free_all(out);
@ -401,15 +426,18 @@ static X509_CRL *load_crl(char *infile, int format)
 	BIO *in=NULL;

 	in=BIO_new(BIO_s_file());
-    if (in == NULL) {
+	if (in == NULL)
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
 			perror(infile);
 			goto end;
 			}
@ -422,7 +450,8 @@ static X509_CRL *load_crl(char *infile, int format)
 		BIO_printf(bio_err,"bad input format specified for input crl\n");
 		goto end;
 		}
-    if (x == NULL) {
+	if (x == NULL)
+		{
 		BIO_printf(bio_err,"unable to load CRL\n");
 		ERR_print_errors(bio_err);
 		goto end;
@ -432,3 +461,4 @@ static X509_CRL *load_crl(char *infile, int format)
 	BIO_free(in);
 	return(x);
 	}
+
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@ -56,11 +56,9 @@
 * [including the GNU Public Licence.]
 */

-/*
- * This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu> and
- * donated 'to the cause' along with lots and lots of other fixes to the
- * library.
- */
+/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu>
+ * and donated 'to the cause' along with lots and lots of other fixes to
+ * the library. */

 #include <stdio.h>
 #include <string.h>
@ -77,8 +75,7 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
 #undef PROG
 #define PROG	crl2pkcs7_main

-/*-
- * -inform arg  - input format - default PEM (DER or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@ -114,37 +111,46 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-nocrl") == 0) {
+			}
+		else if (strcmp(*argv,"-nocrl") == 0)
+			{
 			nocrl=1;
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-certfile") == 0) {
-            if (--argc < 1)
-                goto bad;
-            if (!certflst)
-                certflst = sk_OPENSSL_STRING_new_null();
+			}
+		else if (strcmp(*argv,"-certfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
 			if (!certflst)
 				goto end;
-            if (!sk_OPENSSL_STRING_push(certflst, *(++argv))) {
+			if (!sk_OPENSSL_STRING_push(certflst,*(++argv)))
+				{
 				sk_OPENSSL_STRING_free(certflst);
 				goto end;
 				}
-        } else {
+			}
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -153,7 +159,8 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
@ -161,11 +168,9 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err," -outform arg   output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
-        BIO_printf(bio_err,
-                   " -certfile arg  certificates file of chain to a trusted CA\n");
+		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
 		BIO_printf(bio_err,"                (can be used more than once)\n");
-        BIO_printf(bio_err,
-                   " -nocrl         no crl to load, just certs from '-certfile'\n");
+		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
 		ret = 1;
 		goto end;
 		}
@ -174,16 +179,20 @@ int MAIN(int argc, char **argv)

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (!nocrl) {
+	if (!nocrl)
+		{
 		if (infile == NULL)
 			BIO_set_fp(in,stdin,BIO_NOCLOSE);
-        else {
-            if (BIO_read_filename(in, infile) <= 0) {
+		else
+			{
+			if (BIO_read_filename(in,infile) <= 0)
+				{
 				perror(infile);
 				goto end;
 				}
@ -197,39 +206,36 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"bad input format specified for input crl\n");
 			goto end;
 			}
-        if (crl == NULL) {
+		if (crl == NULL)
+			{
 			BIO_printf(bio_err,"unable to load CRL\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 	
-    if ((p7 = PKCS7_new()) == NULL)
-        goto end;
-    if ((p7s = PKCS7_SIGNED_new()) == NULL)
-        goto end;
+	if ((p7=PKCS7_new()) == NULL) goto end;
+	if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;
 	p7->type=OBJ_nid2obj(NID_pkcs7_signed);
 	p7->d.sign=p7s;
 	p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);

-    if (!ASN1_INTEGER_set(p7s->version, 1))
-        goto end;
-    if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
-        goto end;
+	if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
+	if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
 	p7s->crl=crl_stack;
-    if (crl != NULL) {
+	if (crl != NULL)
+		{
 		sk_X509_CRL_push(crl_stack,crl);
 		crl=NULL; /* now part of p7 for OPENSSL_freeing */
 		}

-    if ((cert_stack = sk_X509_new_null()) == NULL)
-        goto end;
+	if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
 	p7s->cert=cert_stack;

-    if (certflst)
-        for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
+	if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
 		certfile = sk_OPENSSL_STRING_value(certflst, i);
-            if (add_certs_from_file(cert_stack, certfile) < 0) {
+		if (add_certs_from_file(cert_stack,certfile) < 0)
+			{
 			BIO_printf(bio_err, "error loading certificates\n");
 			ERR_print_errors(bio_err);
 			goto end;
@ -238,7 +244,8 @@ int MAIN(int argc, char **argv)

 	sk_OPENSSL_STRING_free(certflst);

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -246,8 +253,11 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
@ -261,27 +271,24 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
-    if (!i) {
+	if (!i)
+		{
 		BIO_printf(bio_err,"unable to write pkcs7 object\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	ret=0;
 end:
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (p7 != NULL)
-        PKCS7_free(p7);
-    if (crl != NULL)
-        X509_CRL_free(crl);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
+	if (p7 != NULL) PKCS7_free(p7);
+	if (crl != NULL) X509_CRL_free(crl);

 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}

-/*-
+/*
 *----------------------------------------------------------------------
 * int add_certs_from_file
 *
@ -300,7 +307,8 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
 	X509_INFO *xi;

 	in=BIO_new(BIO_s_file());
-    if ((in == NULL) || (BIO_read_filename(in, certfile) <= 0)) {
+	if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
+		{
 		BIO_printf(bio_err,"error opening the file, %s\n",certfile);
 		goto end;
 		}
@ -313,9 +321,11 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
 	}

 	/* scan over it and pull out the CRL's */
-    while (sk_X509_INFO_num(sk)) {
+	while (sk_X509_INFO_num(sk))
+		{
 		xi=sk_X509_INFO_shift(sk);
-        if (xi->x509 != NULL) {
+		if (xi->x509 != NULL)
+			{
 			sk_X509_push(stack,xi->x509);
 			xi->x509=NULL;
 			count++;
@ -326,9 +336,8 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
 	ret=count;
 end:
 	/* never need to OPENSSL_free x */
-    if (in != NULL)
-        BIO_free(in);
-    if (sk != NULL)
-        sk_X509_INFO_free(sk);
+	if (in != NULL) BIO_free(in);
+	if (sk != NULL) sk_X509_INFO_free(sk);
 	return(ret);
 	}
+
--- a/apps/dgst.c
+++ b/apps/dgst.c
@ -132,7 +132,8 @@ int MAIN(int argc, char **argv)

 	apps_startup();

-    if ((buf = (unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) {
+	if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
+		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
@ -150,53 +151,61 @@ int MAIN(int argc, char **argv)

 	argc--;
 	argv++;
-    while (argc > 0) {
-        if ((*argv)[0] != '-')
-            break;
+	while (argc > 0)
+		{
+		if ((*argv)[0] != '-') break;
 		if (strcmp(*argv,"-c") == 0)
 			separator=1;
 		else if (strcmp(*argv,"-r") == 0)
 			separator=2;
-        else if (strcmp(*argv, "-rand") == 0) {
-            if (--argc < 1)
-                break;
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) break;
 			randfile=*(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                break;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) break;
 			outfile=*(++argv);
-        } else if (strcmp(*argv, "-sign") == 0) {
-            if (--argc < 1)
-                break;
+			}
+		else if (strcmp(*argv,"-sign") == 0)
+			{
+			if (--argc < 1) break;
 			keyfile=*(++argv);
-        } else if (!strcmp(*argv, "-passin")) {
+			}
+		else if (!strcmp(*argv,"-passin"))
+			{
 			if (--argc < 1)
 				break;
 			passargin=*++argv;
-        } else if (strcmp(*argv, "-verify") == 0) {
-            if (--argc < 1)
-                break;
+			}
+		else if (strcmp(*argv,"-verify") == 0)
+			{
+			if (--argc < 1) break;
 			keyfile=*(++argv);
 			want_pub = 1;
 			do_verify = 1;
-        } else if (strcmp(*argv, "-prverify") == 0) {
-            if (--argc < 1)
-                break;
+			}
+		else if (strcmp(*argv,"-prverify") == 0)
+			{
+			if (--argc < 1) break;
 			keyfile=*(++argv);
 			do_verify = 1;
-        } else if (strcmp(*argv, "-signature") == 0) {
-            if (--argc < 1)
-                break;
+			}
+		else if (strcmp(*argv,"-signature") == 0)
+			{
+			if (--argc < 1) break;
 			sigfile=*(++argv);
-        } else if (strcmp(*argv, "-keyform") == 0) {
-            if (--argc < 1)
-                break;
+			}
+		else if (strcmp(*argv,"-keyform") == 0)
+			{
+			if (--argc < 1) break;
 			keyform=str2fmt(*(++argv));
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                break;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) break;
 			engine= *(++argv);
        		e = setup_engine(bio_err, engine, 0);
 			}
@ -211,29 +220,37 @@ int MAIN(int argc, char **argv)
 			hmac_key = "etaonrishdlcupfm";
 		else if (strcmp(*argv,"-non-fips-allow") == 0)
 			non_fips_allow=1;
-        else if (!strcmp(*argv, "-hmac")) {
+		else if (!strcmp(*argv,"-hmac"))
+			{
 			if (--argc < 1)
 				break;
 			hmac_key=*++argv;
-        } else if (!strcmp(*argv, "-mac")) {
+			}
+		else if (!strcmp(*argv,"-mac"))
+			{
 			if (--argc < 1)
 				break;
 			mac_name=*++argv;
-        } else if (strcmp(*argv, "-sigopt") == 0) {
+			}
+		else if (strcmp(*argv,"-sigopt") == 0)
+			{
 			if (--argc < 1)
 				break;
 			if (!sigopts)
 				sigopts = sk_OPENSSL_STRING_new_null();
 			if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
 				break;
-        } else if (strcmp(*argv, "-macopt") == 0) {
+			}
+		else if (strcmp(*argv,"-macopt") == 0)
+			{
 			if (--argc < 1)
 				break;
 			if (!macopts)
 				macopts = sk_OPENSSL_STRING_new_null();
 			if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
 				break;
-        } else if ((m = EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+			}
+		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
 			md=m;
 		else
 			break;
@ -241,44 +258,35 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

+
 	if(do_verify && !sigfile) {
-        BIO_printf(bio_err,
-                   "No signature to verify: use the -signature option\n");
+		BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
 		goto end;
 	}

-    if ((argc > 0) && (argv[0][0] == '-')) { /* bad option */
+	if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
+		{
 		BIO_printf(bio_err,"unknown option '%s'\n",*argv);
 		BIO_printf(bio_err,"options are\n");
-        BIO_printf(bio_err,
-                   "-c              to output the digest with separating colons\n");
-        BIO_printf(bio_err,
-                   "-r              to output the digest in coreutils format\n");
+		BIO_printf(bio_err,"-c              to output the digest with separating colons\n");
+		BIO_printf(bio_err,"-r              to output the digest in coreutils format\n");
 		BIO_printf(bio_err,"-d              to output debug info\n");
 		BIO_printf(bio_err,"-hex            output as hex dump\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
 		BIO_printf(bio_err,"-hmac arg       set the HMAC key to arg\n");
 		BIO_printf(bio_err,"-non-fips-allow allow use of non FIPS digest\n");
-        BIO_printf(bio_err,
-                   "-sign   file    sign digest using private key in file\n");
-        BIO_printf(bio_err,
-                   "-verify file    verify a signature using public key in file\n");
-        BIO_printf(bio_err,
-                   "-prverify file  verify a signature using private key in file\n");
-        BIO_printf(bio_err,
-                   "-keyform arg    key file format (PEM or ENGINE)\n");
-        BIO_printf(bio_err,
-                   "-out filename   output to filename rather than stdout\n");
+		BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
+		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
+		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
+		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
+		BIO_printf(bio_err,"-out filename   output to filename rather than stdout\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-sigopt nm:v    signature parameter\n");
 		BIO_printf(bio_err,"-hmac key       create hashed MAC with key\n");
-        BIO_printf(bio_err,
-                   "-mac algorithm  create MAC (not neccessarily HMAC)\n");
-        BIO_printf(bio_err,
-                   "-macopt nm:v    MAC algorithm parameters or key\n");
+		BIO_printf(bio_err,"-mac algorithm  create MAC (not neccessarily HMAC)\n"); 
+		BIO_printf(bio_err,"-macopt nm:v    MAC algorithm parameters or key\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   "-engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 #endif

 		EVP_MD_do_all_sorted(list_md_fn, bio_err);
@ -287,22 +295,25 @@ int MAIN(int argc, char **argv)

 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
-    if ((in == NULL) || (bmd == NULL)) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
-    if (debug) {
+	if (debug)
+		{
 		BIO_set_callback(in,BIO_debug_callback);
 		/* needed for windows 3.1 */
 		BIO_set_callback_arg(in,(char *)bio_err);
 		}

-    if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+		{
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 		}

+	if ((in == NULL) || (bmd == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
 	if(out_bin == -1) {
 		if(keyfile)
 			out_bin = 1;
@ -316,8 +327,7 @@ int MAIN(int argc, char **argv)
 	if(outfile) {
 		if(out_bin)
 			out = BIO_new_file(outfile, "wb");
-        else
-            out = BIO_new_file(outfile, "w");
+		else    out = BIO_new_file(outfile, "w");
 	} else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
@ -334,44 +344,52 @@ int MAIN(int argc, char **argv)
 		ERR_print_errors(bio_err);
 		goto end;
 	}
-    if ((! !mac_name + ! !keyfile + ! !hmac_key) > 1) {
+	if ((!!mac_name + !!keyfile + !!hmac_key) > 1)
+		{
 		BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
 		goto end;
 		}

-    if (keyfile) {
+	if(keyfile)
+		{
 		if (want_pub)
 			sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
 				e, "key file");
 		else
 			sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
 				e, "key file");
-        if (!sigkey) {
-            /*
-             * load_[pub]key() has already printed an appropriate message
-             */
+		if (!sigkey)
+			{
+			/* load_[pub]key() has already printed an appropriate
+			   message */
 			goto end;
 			}
 		}

-    if (mac_name) {
+	if (mac_name)
+		{
 		EVP_PKEY_CTX *mac_ctx = NULL;
 		int r = 0;
 		if (!init_gen_str(bio_err, &mac_ctx, mac_name,e, 0))
 			goto mac_end;
-        if (macopts) {
+		if (macopts)
+			{
 			char *macopt;
-            for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
+			for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++)
+				{
 				macopt = sk_OPENSSL_STRING_value(macopts, i);
-                if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
+				if (pkey_ctrl_string(mac_ctx, macopt) <= 0)
+					{
 					BIO_printf(bio_err,
-                               "MAC parameter error \"%s\"\n", macopt);
+						"MAC parameter error \"%s\"\n",
+						macopt);
 					ERR_print_errors(bio_err);
 					goto mac_end;
 					}
 				}
 			}
-        if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
+		if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0)
+			{
 			BIO_puts(bio_err, "Error generating key\n");
 			ERR_print_errors(bio_err);
 			goto mac_end;
@ -384,24 +402,28 @@ int MAIN(int argc, char **argv)
 			goto end;
 		}

-    if (non_fips_allow) {
+	if (non_fips_allow)
+		{
 		EVP_MD_CTX *md_ctx;
 		BIO_get_md_ctx(bmd,&md_ctx);
 		EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 		}

-    if (hmac_key) {
+	if (hmac_key)
+		{
 		sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
 					(unsigned char *)hmac_key, -1);
 		if (!sigkey)
 			goto end;
 		}

-    if (sigkey) {
+	if (sigkey)
+		{
 		EVP_MD_CTX *mctx = NULL;
 		EVP_PKEY_CTX *pctx = NULL;
 		int r;
-        if (!BIO_get_md_ctx(bmd, &mctx)) {
+		if (!BIO_get_md_ctx(bmd, &mctx))
+			{
 			BIO_printf(bio_err, "Error getting context\n");
 			ERR_print_errors(bio_err);
 			goto end;
@ -410,17 +432,23 @@ int MAIN(int argc, char **argv)
 			r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey);
 		else
 			r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey);
-        if (!r) {
+		if (!r)
+			{
 			BIO_printf(bio_err, "Error setting context\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
-        if (sigopts) {
+		if (sigopts)
+			{
 			char *sigopt;
-            for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
+			for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++)
+				{
 				sigopt = sk_OPENSSL_STRING_value(sigopts, i);
-                if (pkey_ctrl_string(pctx, sigopt) <= 0) {
-                    BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
+				if (pkey_ctrl_string(pctx, sigopt) <= 0)
+					{
+					BIO_printf(bio_err,
+						"parameter error \"%s\"\n",
+						sigopt);
 					ERR_print_errors(bio_err);
 					goto end;
 					}
@ -428,10 +456,12 @@ int MAIN(int argc, char **argv)
 			}
 		}
 	/* we use md as a filter, reading from 'in' */
-    else {
+	else
+		{
 		if (md == NULL)
 			md = EVP_md5(); 
-        if (!BIO_set_md(bmd, md)) {
+		if (!BIO_set_md(bmd,md))
+			{
 			BIO_printf(bio_err, "Error setting digest %s\n", pname);
 			ERR_print_errors(bio_err);
 			goto end;
@ -444,39 +474,42 @@ int MAIN(int argc, char **argv)
 		siglen = EVP_PKEY_size(sigkey);
 		sigbuf = OPENSSL_malloc(siglen);
 		if(!sigbio) {
-            BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-        if (!sigbuf) {
-            BIO_printf(bio_err, "Out of memory\n");
+			BIO_printf(bio_err, "Error opening signature file %s\n",
+								sigfile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
 		siglen = BIO_read(sigbio, sigbuf, siglen);
 		BIO_free(sigbio);
 		if(siglen <= 0) {
-            BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
+			BIO_printf(bio_err, "Error reading signature file %s\n",
+								sigfile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
 	}
 	inp=BIO_push(bmd,in);

-    if (md == NULL) {
+	if (md == NULL)
+		{
 		EVP_MD_CTX *tctx;
 		BIO_get_md_ctx(bmd, &tctx);
 		md = EVP_MD_CTX_md(tctx);
 		}

-    if (argc == 0) {
+	if (argc == 0)
+		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
 			  siglen,NULL,NULL,"stdin",bmd);
-    } else {
+		}
+	else
+		{
 		const char *md_name = NULL, *sig_name = NULL;
-        if (!out_bin) {
-            if (sigkey) {
+		if(!out_bin)
+			{
+			if (sigkey)
+				{
 				const EVP_PKEY_ASN1_METHOD *ameth;
 				ameth = EVP_PKEY_get0_asn1(sigkey);
 				if (ameth)
@ -486,13 +519,16 @@ int MAIN(int argc, char **argv)
 			md_name = EVP_MD_name(md);
 			}
 		err = 0;
-        for (i = 0; i < argc; i++) {
+		for (i=0; i<argc; i++)
+			{
 			int r;
-            if (BIO_read_filename(in, argv[i]) <= 0) {
+			if (BIO_read_filename(in,argv[i]) <= 0)
+				{
 				perror(argv[i]);
 				err++;
 				continue;
-            } else
+				}
+			else
 			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
 				siglen,sig_name,md_name, argv[i],bmd);
 			if(r)
@ -501,12 +537,12 @@ int MAIN(int argc, char **argv)
 			}
 		}
 end:
-    if (buf != NULL) {
+	if (buf != NULL)
+		{
 		OPENSSL_cleanse(buf,BUFSIZE);
 		OPENSSL_free(buf);
 		}
-    if (in != NULL)
-        BIO_free(in);
+	if (in != NULL) BIO_free(in);
 	if (passin)
 		OPENSSL_free(passin);
 	BIO_free_all(out);
@ -515,10 +551,8 @@ int MAIN(int argc, char **argv)
 		sk_OPENSSL_STRING_free(sigopts);
 	if (macopts)
 		sk_OPENSSL_STRING_free(macopts);
-    if (sigbuf)
-        OPENSSL_free(sigbuf);
-    if (bmd != NULL)
-        BIO_free(bmd);
+	if(sigbuf) OPENSSL_free(sigbuf);
+	if (bmd != NULL) BIO_free(bmd);
 	apps_shutdown();
 	OPENSSL_EXIT(err);
 	}
@ -531,63 +565,76 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	size_t len;
 	int i;

-    for (;;) {
+	for (;;)
+		{
 		i=BIO_read(bp,(char *)buf,BUFSIZE);
-        if (i < 0) {
+		if(i < 0)
+			{
 			BIO_printf(bio_err, "Read Error in %s\n",file);
 			ERR_print_errors(bio_err);
 			return 1;
 			}
-        if (i == 0)
-            break;
+		if (i == 0) break;
 		}
-    if (sigin) {
+	if(sigin)
+		{
 		EVP_MD_CTX *ctx;
 		BIO_get_md_ctx(bp, &ctx);
 		i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen); 
 		if(i > 0)
 			BIO_printf(out, "Verified OK\n");
-        else if (i == 0) {
+		else if(i == 0)
+			{
 			BIO_printf(out, "Verification Failure\n");
 			return 1;
-        } else {
+			}
+		else
+			{
 			BIO_printf(bio_err, "Error Verifying Data\n");
 			ERR_print_errors(bio_err);
 			return 1;
 			}
 		return 0;
 		}
-    if (key) {
+	if(key)
+		{
 		EVP_MD_CTX *ctx;
 		BIO_get_md_ctx(bp, &ctx);
 		len = BUFSIZE;
-        if (!EVP_DigestSignFinal(ctx, buf, &len)) {
+		if(!EVP_DigestSignFinal(ctx, buf, &len)) 
+			{
 			BIO_printf(bio_err, "Error Signing Data\n");
 			ERR_print_errors(bio_err);
 			return 1;
 			}
-    } else {
+		}
+	else
+		{
 		len=BIO_gets(bp,(char *)buf,BUFSIZE);
-        if ((int)len < 0) {
+		if ((int)len <0)
+			{
 			ERR_print_errors(bio_err);
 			return 1;
 			}
 		}

-    if (binout)
-        BIO_write(out, buf, len);
-    else if (sep == 2) {
+	if(binout) BIO_write(out, buf, len);
+	else if (sep == 2)
+		{
 		for (i=0; i<(int)len; i++)
 			BIO_printf(out, "%02x",buf[i]);
 		BIO_printf(out, " *%s\n", file);
-    } else {
+		}
+	else 
+		{
 		if (sig_name)
 			BIO_printf(out, "%s-%s(%s)= ", sig_name, md_name, file);
 		else if (md_name)
 			BIO_printf(out, "%s(%s)= ", md_name, file);
 		else
 			BIO_printf(out, "(%s)= ", file);
-        for (i = 0; i < (int)len; i++) {
+		for (i=0; i<(int)len; i++)
+			{
 			if (sep && (i != 0))
 				BIO_printf(out, ":");
 			BIO_printf(out, "%02x",buf[i]);
@ -596,3 +643,4 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 		}
 	return 0;
 	}
+
--- a/apps/dh.c
+++ b/apps/dh.c
@ -74,8 +74,7 @@
 #undef PROG
 #define PROG	dh_main

-/*-
- * -inform arg  - input format - default PEM (DER or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@ -118,28 +117,32 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
@ -151,7 +154,8 @@ int MAIN(int argc, char **argv)
 			C=1;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
-        else {
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -160,23 +164,21 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
-        BIO_printf(bio_err,
-                   " -outform arg  output format - one of DER PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -check        check the DH parameters\n");
-        BIO_printf(bio_err,
-                   " -text         print a text form of the DH parameters\n");
+		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e     use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 #endif
 		goto end;
 		}
@ -189,20 +191,24 @@ int MAIN(int argc, char **argv)

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
 			perror(infile);
 			goto end;
 			}
 		}
-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -210,8 +216,11 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
@ -221,17 +230,22 @@ int MAIN(int argc, char **argv)
 		dh=d2i_DHparams_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
 		dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
-    else {
+	else
+		{
 		BIO_printf(bio_err,"bad input format specified\n");
 		goto end;
 		}
-    if (dh == NULL) {
+	if (dh == NULL)
+		{
 		BIO_printf(bio_err,"unable to load DH parameters\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (text) {
+	
+
+	if (text)
+		{
 		DHparams_print(out,dh);
 #ifdef undef
 		printf("p=");
@ -244,8 +258,10 @@ int MAIN(int argc, char **argv)
 #endif
 		}
 	
-    if (check) {
-        if (!DH_check(dh, &i)) {
+	if (check)
+		{
+		if (!DH_check(dh,&i))
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
@ -260,31 +276,33 @@ int MAIN(int argc, char **argv)
 		if (i == 0)
 			printf("DH parameters appear to be ok.\n");
 		}
-    if (C) {
+	if (C)
+		{
 		unsigned char *data;
 		int len,l,bits;

 		len=BN_num_bytes(dh->p);
 		bits=BN_num_bits(dh->p);
 		data=(unsigned char *)OPENSSL_malloc(len);
-        if (data == NULL) {
+		if (data == NULL)
+			{
 			perror("OPENSSL_malloc");
 			goto end;
 			}
 		l=BN_bn2bin(dh->p,data);
 		printf("static unsigned char dh%d_p[]={",bits);
-        for (i = 0; i < l; i++) {
-            if ((i % 12) == 0)
-                printf("\n\t");
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t};\n");

 		l=BN_bn2bin(dh->g,data);
 		printf("static unsigned char dh%d_g[]={",bits);
-        for (i = 0; i < l; i++) {
-            if ((i % 12) == 0)
-                printf("\n\t");
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t};\n\n");
@ -302,7 +320,9 @@ int MAIN(int argc, char **argv)
 		OPENSSL_free(data);
 		}

-    if (!noout) {
+
+	if (!noout)
+		{
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_DHparams_bio(out,dh);
 		else if (outformat == FORMAT_PEM)
@ -311,7 +331,8 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			goto end;
 			}
-        if (!i) {
+		if (!i)
+			{
 			BIO_printf(bio_err,"unable to write DH parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
@ -319,12 +340,9 @@ int MAIN(int argc, char **argv)
 		}
 	ret=0;
 end:
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (dh != NULL)
-        DH_free(dh);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
+	if (dh != NULL) DH_free(dh);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@ -130,10 +130,9 @@
 #undef PROG
 #define PROG	dhparam_main

-# define DEFBITS 2048
+#define DEFBITS	512

-/*-
- * -inform arg  - input format - default PEM (DER or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@ -181,28 +180,32 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
@ -222,47 +225,40 @@ int MAIN(int argc, char **argv)
 			g=2;
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
-        else if (strcmp(*argv, "-rand") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
 			inrand= *(++argv);
-        } else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0)))
+			}
+		else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
 			goto bad;
 		argv++;
 		argc--;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] [numbits]\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
-        BIO_printf(bio_err,
-                   " -outform arg  output format - one of DER PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 #ifndef OPENSSL_NO_DSA
-        BIO_printf(bio_err,
-                   " -dsaparam     read or generate DSA parameters, convert to DH\n");
+		BIO_printf(bio_err," -dsaparam     read or generate DSA parameters, convert to DH\n");
 #endif
 		BIO_printf(bio_err," -check        check the DH parameters\n");
-        BIO_printf(bio_err,
-                   " -text         print a text form of the DH parameters\n");
+		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
-        BIO_printf(bio_err,
-                   " -2            generate parameters using  2 as the generator value\n");
-        BIO_printf(bio_err,
-                   " -5            generate parameters using  5 as the generator value\n");
-        BIO_printf(bio_err,
-                   " numbits       number of bits in to generate (default 2048)\n");
+		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
+		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
+		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e     use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 #endif
-        BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-                   LIST_SEPARATOR_CHAR);
-        BIO_printf(bio_err,
-                   "               - load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		goto end;
@ -278,13 +274,15 @@ int MAIN(int argc, char **argv)
 		num = DEFBITS;

 #ifndef OPENSSL_NO_DSA
-    if (dsaparam) {
-        if (g) {
-            BIO_printf(bio_err,
-                       "generator may not be chosen for DSA parameters\n");
+	if (dsaparam)
+		{
+		if (g)
+			{
+			BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
 			goto end;
 			}
-    } else
+		}
+	else
 #endif
 		{
 		/* DH parameters */
@ -296,44 +294,44 @@ int MAIN(int argc, char **argv)

 		BN_GENCB cb;
 		BN_GENCB_set(&cb, dh_cb, bio_err);
-        if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
-            BIO_printf(bio_err,
-                       "warning, not much extra random data, consider using the -rand option\n");
+		if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+			{
+			BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 			}
 		if (inrand != NULL)
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));

 #ifndef OPENSSL_NO_DSA
-        if (dsaparam) {
+		if (dsaparam)
+			{
 			DSA *dsa = DSA_new();
 			
-            BIO_printf(bio_err,
-                       "Generating DSA parameters, %d bit long prime\n", num);
-            if (!dsa
-                || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
-                                               &cb)) {
-                if (dsa)
-                    DSA_free(dsa);
+			BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
+			if(!dsa || !DSA_generate_parameters_ex(dsa, num,
+						NULL, 0, NULL, NULL, &cb))
+				{
+				if(dsa) DSA_free(dsa);
 				ERR_print_errors(bio_err);
 				goto end;
 				}

 			dh = DSA_dup_DH(dsa);
 			DSA_free(dsa);
-            if (dh == NULL) {
+			if (dh == NULL)
+				{
 				ERR_print_errors(bio_err);
 				goto end;
 				}
-        } else
+			}
+		else
 #endif
 			{
 			dh = DH_new();
-            BIO_printf(bio_err,
-                       "Generating DH parameters, %d bit long safe prime, generator %d\n",
-                       num, g);
+			BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
 			BIO_printf(bio_err,"This is going to take a long time\n");
-            if (!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) {
+			if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
+				{
 				ERR_print_errors(bio_err);
 				goto end;
 				}
@ -343,25 +341,31 @@ int MAIN(int argc, char **argv)
 	} else {

 		in=BIO_new(BIO_s_file());
-        if (in == NULL) {
+		if (in == NULL)
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (infile == NULL)
 			BIO_set_fp(in,stdin,BIO_NOCLOSE);
-        else {
-            if (BIO_read_filename(in, infile) <= 0) {
+		else
+			{
+			if (BIO_read_filename(in,infile) <= 0)
+				{
 				perror(infile);
 				goto end;
 				}
 			}

-        if (informat != FORMAT_ASN1 && informat != FORMAT_PEM) {
+		if	(informat != FORMAT_ASN1 && informat != FORMAT_PEM)
+			{
 			BIO_printf(bio_err,"bad input format specified\n");
 			goto end;
 			}
+
 #ifndef OPENSSL_NO_DSA
-        if (dsaparam) {
+		if (dsaparam)
+			{
 			DSA *dsa;
 			
 			if (informat == FORMAT_ASN1)
@ -369,7 +373,8 @@ int MAIN(int argc, char **argv)
 			else /* informat == FORMAT_PEM */
 				dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
 			
-            if (dsa == NULL) {
+			if (dsa == NULL)
+				{
 				BIO_printf(bio_err,"unable to load DSA parameters\n");
 				ERR_print_errors(bio_err);
 				goto end;
@ -377,11 +382,13 @@ int MAIN(int argc, char **argv)
 			
 			dh = DSA_dup_DH(dsa);
 			DSA_free(dsa);
-            if (dh == NULL) {
+			if (dh == NULL)
+				{
 				ERR_print_errors(bio_err);
 				goto end;
 				}
-        } else
+			}
+		else
 #endif
 			{
 			if (informat == FORMAT_ASN1)
@ -389,7 +396,8 @@ int MAIN(int argc, char **argv)
 			else /* informat == FORMAT_PEM */
 				dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
 			
-            if (dh == NULL) {
+			if (dh == NULL)
+				{
 				BIO_printf(bio_err,"unable to load DH parameters\n");
 				ERR_print_errors(bio_err);
 				goto end;
@ -400,11 +408,13 @@ int MAIN(int argc, char **argv)
 	}
 	
 	out=BIO_new(BIO_s_file());
-    if (out == NULL) {
+	if (out == NULL)
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -412,19 +422,26 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
 		}

-    if (text) {
+
+	if (text)
+		{
 		DHparams_print(out,dh);
 		}
 	
-    if (check) {
-        if (!DH_check(dh, &i)) {
+	if (check)
+		{
+		if (!DH_check(dh,&i))
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
@ -439,35 +456,38 @@ int MAIN(int argc, char **argv)
 		if (i == 0)
 			printf("DH parameters appear to be ok.\n");
 		}
-    if (C) {
+	if (C)
+		{
 		unsigned char *data;
 		int len,l,bits;

 		len=BN_num_bytes(dh->p);
 		bits=BN_num_bits(dh->p);
 		data=(unsigned char *)OPENSSL_malloc(len);
-        if (data == NULL) {
+		if (data == NULL)
+			{
 			perror("OPENSSL_malloc");
 			goto end;
 			}
 		printf("#ifndef HEADER_DH_H\n"
-               "#include <openssl/dh.h>\n" "#endif\n");
+		       "#include <openssl/dh.h>\n"
+		       "#endif\n");
 		printf("DH *get_dh%d()\n\t{\n",bits);

 		l=BN_bn2bin(dh->p,data);
 		printf("\tstatic unsigned char dh%d_p[]={",bits);
-        for (i = 0; i < l; i++) {
-            if ((i % 12) == 0)
-                printf("\n\t\t");
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t\t};\n");

 		l=BN_bn2bin(dh->g,data);
 		printf("\tstatic unsigned char dh%d_g[]={",bits);
-        for (i = 0; i < l; i++) {
-            if ((i % 12) == 0)
-                printf("\n\t\t");
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t\t};\n");
@ -486,7 +506,9 @@ int MAIN(int argc, char **argv)
 		OPENSSL_free(data);
 		}

-    if (!noout) {
+
+	if (!noout)
+		{
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_DHparams_bio(out,dh);
 		else if (outformat == FORMAT_PEM)
@ -495,7 +517,8 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			goto end;
 			}
-        if (!i) {
+		if (!i)
+			{
 			BIO_printf(bio_err,"unable to write DH parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
@ -503,12 +526,9 @@ int MAIN(int argc, char **argv)
 		}
 	ret=0;
 end:
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (dh != NULL)
-        DH_free(dh);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
+	if (dh != NULL) DH_free(dh);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
@ -518,14 +538,10 @@ static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
 	{
 	char c='*';

-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
 	BIO_write(cb->arg,&c,1);
 	(void)BIO_flush(cb->arg);
 #ifdef LINT
--- a/apps/dsa.c
+++ b/apps/dsa.c
@ -74,8 +74,7 @@
 #undef PROG
 #define PROG	dsa_main

-/*-
- * -inform arg  - input format - default PEM (one of DER, NET or PEM)
+/* -inform arg	- input format - default PEM (one of DER, NET or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@ -135,36 +134,42 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-passin") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargin= *(++argv);
-        } else if (strcmp(*argv, "-passout") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
@ -184,7 +189,8 @@ int MAIN(int argc, char **argv)
 			pubin=1;
 		else if (strcmp(*argv,"-pubout") == 0)
 			pubout=1;
-        else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
+		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -193,43 +199,35 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg     input format - DER or PEM\n");
 		BIO_printf(bio_err," -outform arg    output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg         input file\n");
-        BIO_printf(bio_err,
-                   " -passin arg     input file pass phrase source\n");
+		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err," -out arg        output file\n");
-        BIO_printf(bio_err,
-                   " -passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 #endif
-        BIO_printf(bio_err,
-                   " -des            encrypt PEM output with cbc des\n");
-        BIO_printf(bio_err,
-                   " -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
+		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
+		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef OPENSSL_NO_IDEA
-        BIO_printf(bio_err,
-                   " -idea           encrypt PEM output with cbc idea\n");
+		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc aes\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc camellia\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 #ifndef OPENSSL_NO_SEED
-        BIO_printf(bio_err,
-                   " -seed           encrypt PEM output with cbc seed\n");
+		BIO_printf(bio_err," -seed           encrypt PEM output with cbc seed\n");
 #endif
 		BIO_printf(bio_err," -text           print the key in text\n");
 		BIO_printf(bio_err," -noout          don't print key out\n");
@ -250,15 +248,18 @@ int MAIN(int argc, char **argv)

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
 			perror(infile);
 			goto end;
 			}
@ -276,18 +277,21 @@ int MAIN(int argc, char **argv)
 			pkey = load_key(bio_err, infile, informat, 1,
 				passin, e, "Private Key");

-        if (pkey) {
+		if (pkey)
+			{
 			dsa = EVP_PKEY_get1_DSA(pkey);
 			EVP_PKEY_free(pkey);
 			}
 		}
-    if (dsa == NULL) {
+	if (dsa == NULL)
+		{
 		BIO_printf(bio_err,"unable to load Key\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -295,39 +299,40 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
 		}

 	if (text) 
-        if (!DSA_print(out, dsa, 0)) {
+		if (!DSA_print(out,dsa,0))
+			{
 			perror(outfile);
 			ERR_print_errors(bio_err);
 			goto end;
 			}

-    if (modulus) {
+	if (modulus)
+		{
 		fprintf(stdout,"Public Key=");
 		BN_print(out,dsa->pub_key);
 		fprintf(stdout,"\n");
 		}

-    if (noout)
-        goto end;
+	if (noout) goto end;
 	BIO_printf(bio_err,"writing DSA key\n");
 	if 	(outformat == FORMAT_ASN1) {
-        if (pubin || pubout)
-            i = i2d_DSA_PUBKEY_bio(out, dsa);
-        else
-            i = i2d_DSAPrivateKey_bio(out, dsa);
+		if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa);
+		else i=i2d_DSAPrivateKey_bio(out,dsa);
 	} else if (outformat == FORMAT_PEM) {
 		if(pubin || pubout)
 			i=PEM_write_bio_DSA_PUBKEY(out,dsa);
-        else
-            i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
+		else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
 							NULL,0,NULL, passout);
 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
 	} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
@ -346,22 +351,19 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
-    if (i <= 0) {
+	if (i <= 0)
+		{
 		BIO_printf(bio_err,"unable to write private key\n");
 		ERR_print_errors(bio_err);
-    } else
+		}
+	else
 		ret=0;
 end:
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (dsa != NULL)
-        DSA_free(dsa);
-    if (passin)
-        OPENSSL_free(passin);
-    if (passout)
-        OPENSSL_free(passout);
+	if(in != NULL) BIO_free(in);
+	if(out != NULL) BIO_free_all(out);
+	if(dsa != NULL) DSA_free(dsa);
+	if(passin) OPENSSL_free(passin);
+	if(passout) OPENSSL_free(passout);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@ -57,10 +57,8 @@
 */

 #include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */
-/*
- * Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code
- */
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
 #undef OPENSSL_NO_DEPRECATED
 #endif
@ -82,8 +80,7 @@
 #undef PROG
 #define PROG	dsaparam_main

-/*-
- * -inform arg  - input format - default PEM (DER or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@ -145,35 +142,39 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if(strcmp(*argv, "-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine = *(++argv);
 			}
 #endif
 #ifdef GENCB_TEST
-        else if (strcmp(*argv, "-timebomb") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if(strcmp(*argv, "-timebomb") == 0)
+			{
+			if (--argc < 1) goto bad;
 			timebomb = atoi(*(++argv));
 			}
 #endif
@ -181,21 +182,27 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
 			C=1;
-        else if (strcmp(*argv, "-genkey") == 0) {
+		else if (strcmp(*argv,"-genkey") == 0)
+			{
 			genkey=1;
 			need_rand=1;
-        } else if (strcmp(*argv, "-rand") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			need_rand=1;
-        } else if (strcmp(*argv, "-noout") == 0)
+			}
+		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
-        else if (sscanf(*argv, "%d", &num) == 1) {
+		else if (sscanf(*argv,"%d",&num) == 1)
+			{
 			/* generate a key */
 			numbits=num;
 			need_rand=1;
-        } else {
+			}
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -204,7 +211,8 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
@ -216,18 +224,14 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -genkey       generate a DSA key\n");
-        BIO_printf(bio_err,
-                   " -rand         files to use for random number input\n");
+		BIO_printf(bio_err," -rand         files to use for random number input\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e     use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 #endif
 #ifdef GENCB_TEST
-        BIO_printf(bio_err,
-                   " -timebomb n   interrupt keygen after <n> seconds\n");
+		BIO_printf(bio_err," -timebomb n   interrupt keygen after <n> seconds\n");
 #endif
-        BIO_printf(bio_err,
-                   " number        number of bits to use for generating private key\n");
+		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
 		goto end;
 		}

@ -235,20 +239,24 @@ int MAIN(int argc, char **argv)

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
 			perror(infile);
 			goto end;
 			}
 		}
-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -256,8 +264,11 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
@ -267,43 +278,48 @@ int MAIN(int argc, char **argv)
        setup_engine(bio_err, engine, 0);
 #endif

-    if (need_rand) {
+	if (need_rand)
+		{
 		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 		if (inrand != NULL)
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));
 		}

-    if (numbits > 0) {
+	if (numbits > 0)
+		{
 		BN_GENCB cb;
 		BN_GENCB_set(&cb, dsa_cb, bio_err);
 		assert(need_rand);
 		dsa = DSA_new();
-        if (!dsa) {
+		if(!dsa)
+			{
 			BIO_printf(bio_err,"Error allocating DSA object\n");
 			goto end;
 			}
-        BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
-                   num);
+		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
 	        BIO_printf(bio_err,"This could take some time\n");
 #ifdef GENCB_TEST
-        if (timebomb > 0) {
+		if(timebomb > 0)
+	{
 		struct sigaction act;
 		act.sa_handler = timebomb_sigalarm;
 		act.sa_flags = 0;
-            BIO_printf(bio_err,
-                       "(though I'll stop it if not done within %d secs)\n",
+		BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n",
 				timebomb);
-            if (sigaction(SIGALRM, &act, NULL) != 0) {
+		if(sigaction(SIGALRM, &act, NULL) != 0)
+			{
 			BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n");
 			goto end;
 			}
 		alarm(timebomb);
 	}
 #endif
-        if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, &cb)) {
+	        if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb))
+			{
 #ifdef GENCB_TEST
-            if (stop_keygen_flag) {
+			if(stop_keygen_flag)
+				{
 				BIO_printf(bio_err,"DSA key generation time-stopped\n");
 				/* This is an asked-for behaviour! */
 				ret = 0;
@ -314,58 +330,64 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"Error, DSA key generation failed\n");
 			goto end;
 			}
-    } else if (informat == FORMAT_ASN1)
+		}
+	else if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAparams_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
 		dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
-    else {
+	else
+		{
 		BIO_printf(bio_err,"bad input format specified\n");
 		goto end;
 		}
-    if (dsa == NULL) {
+	if (dsa == NULL)
+		{
 		BIO_printf(bio_err,"unable to load DSA parameters\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (text) {
+	if (text)
+		{
 		DSAparams_print(out,dsa);
 		}
 	
-    if (C) {
+	if (C)
+		{
 		unsigned char *data;
 		int l,len,bits_p;

 		len=BN_num_bytes(dsa->p);
 		bits_p=BN_num_bits(dsa->p);
 		data=(unsigned char *)OPENSSL_malloc(len+20);
-        if (data == NULL) {
+		if (data == NULL)
+			{
 			perror("OPENSSL_malloc");
 			goto end;
 			}
 		l=BN_bn2bin(dsa->p,data);
 		printf("static unsigned char dsa%d_p[]={",bits_p);
-        for (i = 0; i < l; i++) {
-            if ((i % 12) == 0)
-                printf("\n\t");
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t};\n");

 		l=BN_bn2bin(dsa->q,data);
 		printf("static unsigned char dsa%d_q[]={",bits_p);
-        for (i = 0; i < l; i++) {
-            if ((i % 12) == 0)
-                printf("\n\t");
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t};\n");

 		l=BN_bn2bin(dsa->g,data);
 		printf("static unsigned char dsa%d_g[]={",bits_p);
-        for (i = 0; i < l; i++) {
-            if ((i % 12) == 0)
-                printf("\n\t");
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t};\n\n");
@ -379,13 +401,14 @@ int MAIN(int argc, char **argv)
 			bits_p,bits_p);
 		printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
 			bits_p,bits_p);
-        printf
-            ("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
+		printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
 		printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
 		printf("\treturn(dsa);\n\t}\n");
 		}

-    if (!noout) {
+
+	if (!noout)
+		{
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_DSAparams_bio(out,dsa);
 		else if (outformat == FORMAT_PEM)
@ -394,19 +417,21 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			goto end;
 			}
-        if (!i) {
+		if (!i)
+			{
 			BIO_printf(bio_err,"unable to write DSA parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
-    if (genkey) {
+	if (genkey)
+		{
 		DSA *dsakey;

 		assert(need_rand);
-        if ((dsakey = DSAparams_dup(dsa)) == NULL)
-            goto end;
-        if (!DSA_generate_key(dsakey)) {
+		if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
+		if (!DSA_generate_key(dsakey))
+			{
 			ERR_print_errors(bio_err);
 			DSA_free(dsakey);
 			goto end;
@ -414,8 +439,7 @@ int MAIN(int argc, char **argv)
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_DSAPrivateKey_bio(out,dsakey);
 		else if (outformat == FORMAT_PEM)
-            i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL,
-                                            NULL);
+			i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
 		else	{
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			DSA_free(dsakey);
@ -427,12 +451,9 @@ int MAIN(int argc, char **argv)
 		app_RAND_write_file(NULL, bio_err);
 	ret=0;
 end:
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (dsa != NULL)
-        DSA_free(dsa);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
+	if (dsa != NULL) DSA_free(dsa);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
@ -441,14 +462,10 @@ static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
 	{
 	char c='*';

-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
 	BIO_write(cb->arg,&c,1);
 	(void)BIO_flush(cb->arg);
 #ifdef LINT
--- a/apps/ec.c
+++ b/apps/ec.c
@ -70,8 +70,7 @@
 #undef PROG
 #define PROG	ec_main

-/*-
- * -inform arg    - input format - default PEM (one of DER, NET or PEM)
+/* -inform arg    - input format - default PEM (one of DER, NET or PEM)
 * -outform arg   - output format - default PEM
 * -in arg        - input file - default stdin
 * -out arg       - output file - default stdout
@ -120,40 +119,49 @@ int MAIN(int argc, char **argv)
 	prog = argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if (strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-passin") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargin= *(++argv);
-        } else if (strcmp(*argv, "-passout") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargout= *(++argv);
-        } else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv, "-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
-        } else if (strcmp(*argv, "-noout") == 0)
+			}
+		else if (strcmp(*argv, "-noout") == 0)
 			noout = 1;
 		else if (strcmp(*argv, "-text") == 0)
 			text = 1;
-        else if (strcmp(*argv, "-conv_form") == 0) {
+		else if (strcmp(*argv, "-conv_form") == 0)
+			{
 			if (--argc < 1)
 				goto bad;
 			++argv;
@ -166,7 +174,9 @@ int MAIN(int argc, char **argv)
 				form = POINT_CONVERSION_HYBRID;
 			else
 				goto bad;
-        } else if (strcmp(*argv, "-param_enc") == 0) {
+			}
+		else if (strcmp(*argv, "-param_enc") == 0)
+			{
 			if (--argc < 1)
 				goto bad;
 			++argv;
@ -177,13 +187,15 @@ int MAIN(int argc, char **argv)
 				asn1_flag = 0;
 			else
 				goto bad;
-        } else if (strcmp(*argv, "-param_out") == 0)
+			}
+		else if (strcmp(*argv, "-param_out") == 0)
 			param_out = 1;
 		else if (strcmp(*argv, "-pubin") == 0)
 			pubin=1;
 		else if (strcmp(*argv, "-pubout") == 0)
 			pubout=1;
-        else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
+		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
+			{
 			BIO_printf(bio_err, "unknown option %s\n", *argv);
 			badops=1;
 			break;
@ -192,7 +204,8 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
 		BIO_printf(bio_err, "where options are\n");
@ -222,10 +235,12 @@ int MAIN(int argc, char **argv)
 				" compressed\n");
 		BIO_printf(bio_err, "                                 "
 				" uncompressed (default)\n");
-        BIO_printf(bio_err, "                                  " " hybrid\n");
+		BIO_printf(bio_err, "                                  "
+				" hybrid\n");
 		BIO_printf(bio_err, " -param_enc arg  specifies the way"
 				" the ec parameters are encoded\n");
-        BIO_printf(bio_err, "                 in the asn1 der " "encoding\n");
+		BIO_printf(bio_err, "                 in the asn1 der "
+				"encoding\n");
 		BIO_printf(bio_err, "                 possible values:"
 				" named_curve (default)\n");
 		BIO_printf(bio_err,"                                  "
@ -239,49 +254,62 @@ int MAIN(int argc, char **argv)
        setup_engine(bio_err, engine, 0);
 #endif

-    if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 
+		{
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
 		}

 	in = BIO_new(BIO_s_file());
 	out = BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

 	if (infile == NULL)
 		BIO_set_fp(in, stdin, BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+	else
+		{
+		if (BIO_read_filename(in, infile) <= 0)
+			{
 			perror(infile);
 			goto end;
 			}
 		}

 	BIO_printf(bio_err, "read EC key\n");
-    if (informat == FORMAT_ASN1) {
+	if (informat == FORMAT_ASN1) 
+		{
 		if (pubin) 
 			eckey = d2i_EC_PUBKEY_bio(in, NULL);
 		else 
 			eckey = d2i_ECPrivateKey_bio(in, NULL);
-    } else if (informat == FORMAT_PEM) {
+		} 
+	else if (informat == FORMAT_PEM) 
+		{
 		if (pubin) 
-            eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
+			eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, 
+				NULL);
 		else 
-            eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
-    } else {
+			eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL,
+				passin);
+		} 
+	else
+		{
 		BIO_printf(bio_err, "bad input format specified for key\n");
 		goto end;
 		}
-    if (eckey == NULL) {
+	if (eckey == NULL)
+		{
 		BIO_printf(bio_err,"unable to load Key\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out, stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
@ -289,8 +317,11 @@ int MAIN(int argc, char **argv)
 			out = BIO_push(tmpbio, out);
 			}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out, outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
@ -305,26 +336,31 @@ int MAIN(int argc, char **argv)
 		EC_KEY_set_asn1_flag(eckey, asn1_flag);

 	if (text) 
-        if (!EC_KEY_print(out, eckey, 0)) {
+		if (!EC_KEY_print(out, eckey, 0))
+			{
 			perror(outfile);
 			ERR_print_errors(bio_err);
 			goto end;
 			}

-    if (noout) {
+	if (noout) 
+		{
 		ret = 0;
 		goto end;
 		}

 	BIO_printf(bio_err, "writing EC key\n");
-    if (outformat == FORMAT_ASN1) {
+	if (outformat == FORMAT_ASN1) 
+		{
 		if (param_out)
 			i = i2d_ECPKParameters_bio(out, group);
 		else if (pubin || pubout) 
 			i = i2d_EC_PUBKEY_bio(out, eckey);
 		else 
 			i = i2d_ECPrivateKey_bio(out, eckey);
-    } else if (outformat == FORMAT_PEM) {
+		} 
+	else if (outformat == FORMAT_PEM) 
+		{
 		if (param_out)
 			i = PEM_write_bio_ECPKParameters(out, group);
 		else if (pubin || pubout)
@ -332,15 +368,20 @@ int MAIN(int argc, char **argv)
 		else 
 			i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
 						NULL, 0, NULL, passout);
-    } else {
-        BIO_printf(bio_err, "bad output format specified for " "outfile\n");
+		} 
+	else 
+		{
+		BIO_printf(bio_err, "bad output format specified for "
+			"outfile\n");
 		goto end;
 		}

-    if (!i) {
+	if (!i)
+		{
 		BIO_printf(bio_err, "unable to write private key\n");
 		ERR_print_errors(bio_err);
-    } else
+		}
+	else
 		ret=0;
 end:
 	if (in)
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@ -87,8 +87,7 @@
 #undef PROG
 #define PROG	ecparam_main

-/*-
- * -inform arg      - input format - default PEM (DER or PEM)
+/* -inform arg      - input format - default PEM (DER or PEM)
 * -outform arg     - output format - default PEM
 * -in  arg         - input file  - default stdin
 * -out arg         - output file - default stdout
@ -112,8 +111,8 @@
 * -engine e        - use engine e, possibly a hardware device
 */

-static int ecparam_print_var(BIO *, BIGNUM *, const char *, int,
-                             unsigned char *);
+
+static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *);

 int MAIN(int, char **);

@ -151,36 +150,44 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-text") == 0)
+			}
+		else if (strcmp(*argv,"-text") == 0)
 			text = 1;
 		else if (strcmp(*argv,"-C") == 0)
 			C = 1;
 		else if (strcmp(*argv,"-check") == 0)
 			check = 1;
-        else if (strcmp(*argv, "-name") == 0) {
+		else if (strcmp (*argv, "-name") == 0)
+			{
 			if (--argc < 1)
 				goto bad;
 			curve_name = *(++argv);
-        } else if (strcmp(*argv, "-list_curves") == 0)
+			}
+		else if (strcmp(*argv, "-list_curves") == 0)
 			list_curves = 1;
-        else if (strcmp(*argv, "-conv_form") == 0) {
+		else if (strcmp(*argv, "-conv_form") == 0)
+			{
 			if (--argc < 1)
 				goto bad;
 			++argv;
@ -193,7 +200,9 @@ int MAIN(int argc, char **argv)
 				form = POINT_CONVERSION_HYBRID;
 			else
 				goto bad;
-        } else if (strcmp(*argv, "-param_enc") == 0) {
+			}
+		else if (strcmp(*argv, "-param_enc") == 0)
+			{
 			if (--argc < 1)
 				goto bad;
 			++argv;
@ -204,23 +213,29 @@ int MAIN(int argc, char **argv)
 				asn1_flag = 0;
 			else
 				goto bad;
-        } else if (strcmp(*argv, "-no_seed") == 0)
+			}
+		else if (strcmp(*argv, "-no_seed") == 0)
 			no_seed = 1;
 		else if (strcmp(*argv, "-noout") == 0)
 			noout=1;
-        else if (strcmp(*argv, "-genkey") == 0) {
+		else if (strcmp(*argv,"-genkey") == 0)
+			{
 			genkey=1;
 			need_rand=1;
-        } else if (strcmp(*argv, "-rand") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv, "-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			need_rand=1;
-        } else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if(strcmp(*argv, "-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine = *(++argv);
-        } else {
+			}	
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -229,7 +244,8 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err, "where options are\n");
@ -270,8 +286,10 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "                                   "
 				" explicit\n");
 		BIO_printf(bio_err, " -no_seed          if 'explicit'"
-                   " parameters are chosen do not" " use the seed\n");
-        BIO_printf(bio_err, " -genkey           generate ec" " key\n");
+				" parameters are chosen do not"
+				" use the seed\n");
+		BIO_printf(bio_err, " -genkey           generate ec"
+				" key\n");
 		BIO_printf(bio_err, " -rand file        files to use for"
 				" random number input\n");
 		BIO_printf(bio_err, " -engine e         use engine e, "
@ -283,20 +301,24 @@ int MAIN(int argc, char **argv)

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
 			perror(infile);
 			goto end;
 			}
 		}
-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -304,8 +326,11 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
@ -315,7 +340,8 @@ int MAIN(int argc, char **argv)
 	setup_engine(bio_err, engine, 0);
 #endif

-    if (list_curves) {
+	if (list_curves)
+		{
 		EC_builtin_curve *curves = NULL;
 		size_t crv_len = 0;
 		size_t n = 0;
@ -327,12 +353,15 @@ int MAIN(int argc, char **argv)
 		if (curves == NULL)
 			goto end;

-        if (!EC_get_builtin_curves(curves, crv_len)) {
+		if (!EC_get_builtin_curves(curves, crv_len))
+			{
 			OPENSSL_free(curves);
 			goto end;
 			}

-        for (n = 0; n < crv_len; n++) {
+		
+		for (n = 0; n < crv_len; n++)
+			{
 			const char *comment;
 			const char *sname;
 			comment = curves[n].comment;
@ -351,48 +380,64 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}

-    if (curve_name != NULL) {
+	if (curve_name != NULL)
+		{
 		int nid;

-        /*
-         * workaround for the SECG curve names secp192r1 and secp256r1 (which
-         * are the same as the curves prime192v1 and prime256v1 defined in
-         * X9.62)
+		/* workaround for the SECG curve names secp192r1
+		 * and secp256r1 (which are the same as the curves
+		 * prime192v1 and prime256v1 defined in X9.62)
 		 */
-        if (!strcmp(curve_name, "secp192r1")) {
+		if (!strcmp(curve_name, "secp192r1"))
+			{
 			BIO_printf(bio_err, "using curve name prime192v1 "
 				"instead of secp192r1\n");
 			nid = NID_X9_62_prime192v1;
-        } else if (!strcmp(curve_name, "secp256r1")) {
+			}
+		else if (!strcmp(curve_name, "secp256r1"))
+			{
 			BIO_printf(bio_err, "using curve name prime256v1 "
 				"instead of secp256r1\n");
 			nid = NID_X9_62_prime256v1;
-        } else
+			}
+		else
 			nid = OBJ_sn2nid(curve_name);
 	
-        if (nid == 0) {
-            BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name);
+		if (nid == 0)
+			{
+			BIO_printf(bio_err, "unknown curve name (%s)\n", 
+				curve_name);
 			goto end;
 			}

 		group = EC_GROUP_new_by_curve_name(nid);
-        if (group == NULL) {
-            BIO_printf(bio_err, "unable to create curve (%s)\n", curve_name);
+		if (group == NULL)
+			{
+			BIO_printf(bio_err, "unable to create curve (%s)\n", 
+				curve_name);
 			goto end;
 			}
 		EC_GROUP_set_asn1_flag(group, asn1_flag);
 		EC_GROUP_set_point_conversion_form(group, form);
-    } else if (informat == FORMAT_ASN1) {
+		}
+	else if (informat == FORMAT_ASN1)
+		{
 		group = d2i_ECPKParameters_bio(in, NULL);
-    } else if (informat == FORMAT_PEM) {
+		}
+	else if (informat == FORMAT_PEM)
+		{
 		group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
-    } else {
+		}
+	else
+		{
 		BIO_printf(bio_err, "bad input format specified\n");
 		goto end;
 		}

-    if (group == NULL) {
-        BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
+	if (group == NULL)
+		{
+		BIO_printf(bio_err, 
+			"unable to load elliptic curve parameters\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
@ -403,27 +448,34 @@ int MAIN(int argc, char **argv)
 	if (new_asn1_flag)
 		EC_GROUP_set_asn1_flag(group, asn1_flag);

-    if (no_seed) {
+	if (no_seed)
+		{
 		EC_GROUP_set_seed(group, NULL, 0);
 		}

-    if (text) {
+	if (text)
+		{
 		if (!ECPKParameters_print(out, group, 0))
 			goto end;
 		}

-    if (check) {
+	if (check)
+		{
+		if (group == NULL)
+			BIO_printf(bio_err, "no elliptic curve parameters\n");
 		BIO_printf(bio_err, "checking elliptic curve parameters: ");
-        if (!EC_GROUP_check(group, NULL)) {
+		if (!EC_GROUP_check(group, NULL))
+			{
 			BIO_printf(bio_err, "failed\n");
 			ERR_print_errors(bio_err);
-            goto end;
 			}
+		else
 			BIO_printf(bio_err, "ok\n");
 			
 		}

-    if (C) {
+	if (C)
+		{
 		size_t	buf_len = 0, tmp_len = 0;
 		const EC_POINT *point;
 		int	is_prime, len = 0;
@ -432,17 +484,23 @@ int MAIN(int argc, char **argv)
 		if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
 		    (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
 		    (ec_order = BN_new()) == NULL || 
-            (ec_cofactor = BN_new()) == NULL) {
+		    (ec_cofactor = BN_new()) == NULL )
+			{
 			perror("OPENSSL_malloc");
 			goto end;
 			}

-        is_prime = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);
+		is_prime = (EC_METHOD_get_field_type(meth) == 
+			NID_X9_62_prime_field);

-        if (is_prime) {
-            if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, ec_b, NULL))
+		if (is_prime)
+			{
+			if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
+				ec_b, NULL))
 				goto end;
-        } else {
+			}
+		else
+			{
 			/* TODO */
 			goto end;
 			}
@ -450,15 +508,16 @@ int MAIN(int argc, char **argv)
 		if ((point = EC_GROUP_get0_generator(group)) == NULL)
 			goto end;
 		if (!EC_POINT_point2bn(group, point, 
-                               EC_GROUP_get_point_conversion_form(group),
-                               ec_gen, NULL))
+			EC_GROUP_get_point_conversion_form(group), ec_gen, 
+			NULL))
 			goto end;
 		if (!EC_GROUP_get_order(group, ec_order, NULL))
 			goto end;
 		if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
 			goto end;

-        if (!ec_p || !ec_a || !ec_b || !ec_gen || !ec_order || !ec_cofactor)
+		if (!ec_p || !ec_a || !ec_b || !ec_gen || 
+			!ec_order || !ec_cofactor)
 			goto end;

 		len = BN_num_bits(ec_order);
@ -478,7 +537,8 @@ int MAIN(int argc, char **argv)

 		buffer = (unsigned char *)OPENSSL_malloc(buf_len);

-        if (buffer == NULL) {
+		if (buffer == NULL)
+			{
 			perror("OPENSSL_malloc");
 			goto end;
 			}
@ -488,7 +548,8 @@ int MAIN(int argc, char **argv)
 		ecparam_print_var(out, ec_b, "ec_b", len, buffer);
 		ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
 		ecparam_print_var(out, ec_order, "ec_order", len, buffer);
-        ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, buffer);
+		ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, 
+			buffer);

 		BIO_printf(out, "\n\n");

@ -507,11 +568,14 @@ int MAIN(int argc, char **argv)
 		BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
 				"sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
 				"goto err;\n", len, len);
-        if (is_prime) {
+		if (is_prime)
+			{
 			BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
 				"GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
 				"\n\t\tgoto err;\n\n");
-        } else {
+			}
+		else
+			{
 			/* TODO */
 			goto end;
 			}
@ -544,17 +608,20 @@ int MAIN(int argc, char **argv)
 		BIO_printf(out, "\treturn(group);\n\t}\n");
 	}

-    if (!noout) {
+	if (!noout)
+		{
 		if (outformat == FORMAT_ASN1)
 			i = i2d_ECPKParameters_bio(out, group);
 		else if (outformat == FORMAT_PEM)
 			i = PEM_write_bio_ECPKParameters(out, group);
-        else {
+		else	
+			{
 			BIO_printf(bio_err,"bad output format specified for"
 				" outfile\n");
 			goto end;
 			}
-        if (!i) {
+		if (!i)
+			{
 			BIO_printf(bio_err, "unable to write elliptic "
 				"curve parameters\n");
 			ERR_print_errors(bio_err);
@ -562,14 +629,16 @@ int MAIN(int argc, char **argv)
 			}
 		}
 	
-    if (need_rand) {
+	if (need_rand)
+		{
 		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 		if (inrand != NULL)
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));
 		}

-    if (genkey) {
+	if (genkey)
+		{
 		EC_KEY *eckey = EC_KEY_new();

 		if (eckey == NULL)
@ -580,7 +649,8 @@ int MAIN(int argc, char **argv)
 		if (EC_KEY_set_group(eckey, group) == 0)
 			goto end;
 		
-        if (!EC_KEY_generate_key(eckey)) {
+		if (!EC_KEY_generate_key(eckey))
+			{
 			EC_KEY_free(eckey);
 			goto end;
 			}
@ -589,7 +659,8 @@ int MAIN(int argc, char **argv)
 		else if (outformat == FORMAT_PEM)
 			i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
 				NULL, 0, NULL, NULL);
-        else {
+		else	
+			{
 			BIO_printf(bio_err, "bad output format specified "
 				"for outfile\n");
 			EC_KEY_free(eckey);
@ -633,11 +704,13 @@ static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
 	BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
 	if (BN_is_zero(in))
 		BIO_printf(out, "\n\t0x00");
-    else {
+	else 
+		{
 		int i, l;

 		l = BN_bn2bin(in, buffer);
-        for (i = 0; i < l - 1; i++) {
+		for (i=0; i<l-1; i++)
+			{
 			if ((i%12) == 0) 
 				BIO_printf(out, "\n\t");
 			BIO_printf(out, "0x%02X,", buffer[i]);
--- a/apps/enc.c
+++ b/apps/enc.c
@ -90,10 +90,12 @@ static void show_ciphers(const OBJ_NAME *name, void *bio_)
 		return;

 	BIO_printf(bio,"-%-25s",name->name);
-    if (++n == 3) {
+	if(++n == 3)
+		{
 		BIO_printf(bio,"\n");
 		n=0;
-    } else
+		}
+	else
 		BIO_printf(bio," ");
 	}

@ -122,8 +124,7 @@ int MAIN(int argc, char **argv)
 	const EVP_CIPHER *cipher=NULL,*c;
 	EVP_CIPHER_CTX *ctx = NULL;
 	char *inf=NULL,*outf=NULL;
-    BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
-        NULL, *wbio = NULL;
+	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  39
 	char pname[PROG_NAME_SIZE+1];
 #ifndef OPENSSL_NO_ENGINE
@ -164,26 +165,29 @@ int MAIN(int argc, char **argv)

 	argc--;
 	argv++;
-    while (argc >= 1) {
+	while (argc >= 1)
+		{
 		if	(strcmp(*argv,"-e") == 0)
 			enc=1;
-        else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			inf= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outf= *(++argv);
-        } else if (strcmp(*argv, "-pass") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-pass") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passarg= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
@ -213,67 +217,84 @@ int MAIN(int argc, char **argv)
 		else if	(strcmp(*argv,"-z") == 0)
 			do_zlib=1;
 #endif
-        else if (strcmp(*argv, "-bufsize") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-bufsize") == 0)
+			{
+			if (--argc < 1) goto bad;
 			bufsize=(unsigned char *)*(++argv);
-        } else if (strcmp(*argv, "-k") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-k") == 0)
+			{
+			if (--argc < 1) goto bad;
 			str= *(++argv);
-        } else if (strcmp(*argv, "-kfile") == 0) {
+			}
+		else if (strcmp(*argv,"-kfile") == 0)
+			{
 			static char buf[128];
 			FILE *infile;
 			char *file;

-            if (--argc < 1)
-                goto bad;
+			if (--argc < 1) goto bad;
 			file= *(++argv);
 			infile=fopen(file,"r");
-            if (infile == NULL) {
-                BIO_printf(bio_err, "unable to read key from '%s'\n", file);
+			if (infile == NULL)
+				{
+				BIO_printf(bio_err,"unable to read key from '%s'\n",
+					file);
 				goto bad;
 				}
 			buf[0]='\0';
-            if (!fgets(buf, sizeof buf, infile)) {
-                BIO_printf(bio_err, "unable to read key from '%s'\n", file);
+			if (!fgets(buf,sizeof buf,infile))
+				{
+				BIO_printf(bio_err,"unable to read key from '%s'\n",
+					file);
 				goto bad;
 				}
 			fclose(infile);
 			i=strlen(buf);
-            if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
+			if ((i > 0) &&
+				((buf[i-1] == '\n') || (buf[i-1] == '\r')))
 				buf[--i]='\0';
-            if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
+			if ((i > 0) &&
+				((buf[i-1] == '\n') || (buf[i-1] == '\r')))
 				buf[--i]='\0';
-            if (i < 1) {
+			if (i < 1)
+				{
 				BIO_printf(bio_err,"zero length password\n");
 				goto bad;
 				}
 			str=buf;
-        } else if (strcmp(*argv, "-K") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-K") == 0)
+			{
+			if (--argc < 1) goto bad;
 			hkey= *(++argv);
-        } else if (strcmp(*argv, "-S") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-S") == 0)
+			{
+			if (--argc < 1) goto bad;
 			hsalt= *(++argv);
-        } else if (strcmp(*argv, "-iv") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-iv") == 0)
+			{
+			if (--argc < 1) goto bad;
 			hiv= *(++argv);
-        } else if (strcmp(*argv, "-md") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-md") == 0)
+			{
+			if (--argc < 1) goto bad;
 			md= *(++argv);
-        } else if (strcmp(*argv, "-non-fips-allow") == 0)
+			}
+		else if (strcmp(*argv,"-non-fips-allow") == 0)
 			non_fips_allow = 1;
 		else if	((argv[0][0] == '-') &&
-                 ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
+			((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
+			{
 			cipher=c;
-        } else if (strcmp(*argv, "-none") == 0)
+			}
+		else if (strcmp(*argv,"-none") == 0)
 			cipher=NULL;
-        else {
+		else
+			{
 			BIO_printf(bio_err,"unknown option '%s'\n",*argv);
 bad:
 			BIO_printf(bio_err,"options are\n");
@ -282,38 +303,24 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
 			BIO_printf(bio_err,"%-14s encrypt\n","-e");
 			BIO_printf(bio_err,"%-14s decrypt\n","-d");
-            BIO_printf(bio_err,
-                       "%-14s base64 encode/decode, depending on encryption flag\n",
-                       "-a/-base64");
-            BIO_printf(bio_err, "%-14s passphrase is the next argument\n",
-                       "-k");
-            BIO_printf(bio_err,
-                       "%-14s passphrase is the first line of the file argument\n",
-                       "-kfile");
-            BIO_printf(bio_err,
-                       "%-14s the next argument is the md to use to create a key\n",
-                       "-md");
-            BIO_printf(bio_err,
-                       "%-14s   from a passphrase.  One of md2, md5, sha or sha1\n",
-                       "");
-            BIO_printf(bio_err, "%-14s salt in hex is the next argument\n",
-                       "-S");
-            BIO_printf(bio_err, "%-14s key/iv in hex is the next argument\n",
-                       "-K/-iv");
-            BIO_printf(bio_err, "%-14s print the iv/key (then exit if -P)\n",
-                       "-[pP]");
+			BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
+			BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
+			BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
+			BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
+			BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
+			BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S");
+			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
+			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
-            BIO_printf(bio_err, "%-14s disable standard block padding\n",
-                       "-nopad");
+			BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad");
 #ifndef OPENSSL_NO_ENGINE
-            BIO_printf(bio_err,
-                       "%-14s use engine e, possibly a hardware device.\n",
-                       "-engine e");
+			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
 #endif

 			BIO_printf(bio_err,"Cipher Types\n");
 			OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
-                                   show_ciphers, bio_err);
+					       show_ciphers,
+					       bio_err);
 			BIO_printf(bio_err,"\n");

 			goto end;
@ -326,83 +333,93 @@ int MAIN(int argc, char **argv)
        setup_engine(bio_err, engine, 0);
 #endif

-    if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
-        BIO_printf(bio_err,
-                   "AEAD ciphers not supported by the enc utility\n");
+	if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
+		{
+		BIO_printf(bio_err, "AEAD ciphers not supported by the enc utility\n");
 		goto end;
 		}

-    if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
-        BIO_printf(bio_err,
-                   "Ciphers in XTS mode are not supported by the enc utility\n");
+	if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE))
+		{
+		BIO_printf(bio_err, "Ciphers in XTS mode are not supported by the enc utility\n");
 		goto end;
 		}

-    if (md && (dgst = EVP_get_digestbyname(md)) == NULL) {
+	if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
+		{
 		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
 		goto end;
 		}

-    if (dgst == NULL) {
+	if (dgst == NULL)
+		{
 		dgst = EVP_md5();
 		}

-    if (bufsize != NULL) {
+	if (bufsize != NULL)
+		{
 		unsigned long n;

-        for (n = 0; *bufsize; bufsize++) {
+		for (n=0; *bufsize; bufsize++)
+			{
 			i= *bufsize;
 			if ((i <= '9') && (i >= '0'))
 				n=n*10+i-'0';
-            else if (i == 'k') {
+			else if (i == 'k')
+				{
 				n*=1024;
 				bufsize++;
 				break;
 				}
 			}
-        if (*bufsize != '\0') {
+		if (*bufsize != '\0')
+			{
 			BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
 			goto end;
 			}

 		/* It must be large enough for a base64 encoded line */
-        if (base64 && n < 80)
-            n = 80;
+		if (base64 && n < 80) n=80;

 		bsize=(int)n;
-        if (verbose)
-            BIO_printf(bio_err, "bufsize=%d\n", bsize);
+		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
 		}

 	strbuf=OPENSSL_malloc(SIZE);
 	buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
-    if ((buff == NULL) || (strbuf == NULL)) {
-        BIO_printf(bio_err, "OPENSSL_malloc failure %ld\n",
-                   (long)EVP_ENCODE_LENGTH(bsize));
+	if ((buff == NULL) || (strbuf == NULL))
+		{
+		BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
 		goto end;
 		}

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-    if (debug) {
+	if (debug)
+		{
 		BIO_set_callback(in,BIO_debug_callback);
 		BIO_set_callback(out,BIO_debug_callback);
 		BIO_set_callback_arg(in,(char *)bio_err);
 		BIO_set_callback_arg(out,(char *)bio_err);
 		}

-    if (inf == NULL) {
+	if (inf == NULL)
+	        {
 #ifndef OPENSSL_NO_SETVBUF_IONBF
 		if (bufsize != NULL)
 			setvbuf(stdin, (char *)NULL, _IONBF, 0);
 #endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    } else {
-        if (BIO_read_filename(in, inf) <= 0) {
+	        }
+	else
+		{
+		if (BIO_read_filename(in,inf) <= 0)
+			{
 			perror(inf);
 			goto end;
 			}
@ -416,8 +433,10 @@ int MAIN(int argc, char **argv)
 		str = pass;
 	}

-    if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
-        for (;;) {
+	if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
+		{
+		for (;;)
+			{
 			char buf[200];

 			BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
@ -425,22 +444,27 @@ int MAIN(int argc, char **argv)
 				     (enc)?"encryption":"decryption");
 			strbuf[0]='\0';
 			i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
-            if (i == 0) {
-                if (strbuf[0] == '\0') {
+			if (i == 0)
+				{
+				if (strbuf[0] == '\0')
+					{
 					ret=1;
 					goto end;
 					}
 				str=strbuf;
 				break;
 				}
-            if (i < 0) {
+			if (i < 0)
+				{
 				BIO_printf(bio_err,"bad password read\n");
 				goto end;
 				}
 			}
 		}

-    if (outf == NULL) {
+
+	if (outf == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifndef OPENSSL_NO_SETVBUF_IONBF
 		if (bufsize != NULL)
@ -452,8 +476,11 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outf) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outf) <= 0)
+			{
 			perror(outf);
 			goto end;
 			}
@ -464,7 +491,8 @@ int MAIN(int argc, char **argv)

 #ifdef ZLIB

-    if (do_zlib) {
+	if (do_zlib)
+		{
 		if ((bzl=BIO_new(BIO_f_zlib())) == NULL)
 			goto end;
 		if (enc)
@ -474,10 +502,12 @@ int MAIN(int argc, char **argv)
 		}
 #endif

-    if (base64) {
+	if (base64)
+		{
 		if ((b64=BIO_new(BIO_f_base64())) == NULL)
 			goto end;
-        if (debug) {
+		if (debug)
+			{
 			BIO_set_callback(b64,BIO_debug_callback);
 			BIO_set_callback_arg(b64,(char *)bio_err);
 			}
@ -489,31 +519,30 @@ int MAIN(int argc, char **argv)
 			rbio=BIO_push(b64,rbio);
 		}

-    if (cipher != NULL) {
-        /*
-         * Note that str is NULL if a key was passed on the command line, so
-         * we get no salt in that case. Is this a bug?
+	if (cipher != NULL)
+		{
+		/* Note that str is NULL if a key was passed on the command
+		 * line, so we get no salt in that case. Is this a bug?
 		 */
-        if (str != NULL) {
-            /*
-             * Salt handling: if encrypting generate a salt and write to
-             * output BIO. If decrypting read salt from input BIO.
+		if (str != NULL)
+			{
+			/* Salt handling: if encrypting generate a salt and
+			 * write to output BIO. If decrypting read salt from
+			 * input BIO.
 			 */
 			unsigned char *sptr;
-            if (nosalt)
-                sptr = NULL;
+			if(nosalt) sptr = NULL;
 			else {
 				if(enc) {
 					if(hsalt) {
 						if(!set_hex(hsalt,salt,sizeof salt)) {
-                            BIO_printf(bio_err, "invalid hex salt value\n");
+							BIO_printf(bio_err,
+								"invalid hex salt value\n");
 							goto end;
 						}
 					} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
 						goto end;
-                    /*
-                     * If -P option then don't bother writing
-                     */
+					/* If -P option then don't bother writing */
 					if((printkey != 2)
 					   && (BIO_write(wbio,magic,
 							 sizeof magic-1) != sizeof magic-1
@ -538,36 +567,33 @@ int MAIN(int argc, char **argv)
 			}

 			EVP_BytesToKey(cipher,dgst,sptr,
-                           (unsigned char *)str, strlen(str), 1, key, iv);
-            /*
-             * zero the complete buffer or the string passed from the command
-             * line bug picked up by Larry J. Hughes Jr. <hughes@indiana.edu>
-             */
+				(unsigned char *)str,
+				strlen(str),1,key,iv);
+			/* zero the complete buffer or the string
+			 * passed from the command line
+			 * bug picked up by
+			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
 			if (str == strbuf)
 				OPENSSL_cleanse(str,SIZE);
 			else
 				OPENSSL_cleanse(str,strlen(str));
 			}
-        if (hiv != NULL) {
-            int siz = EVP_CIPHER_iv_length(cipher);
-            if (siz == 0) {
-                BIO_printf(bio_err, "warning: iv not use by this cipher\n");
-            } else if (!set_hex(hiv, iv, sizeof iv)) {
+		if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
+			{
 			BIO_printf(bio_err,"invalid hex iv value\n");
 			goto end;
 			}
-        }
 		if ((hiv == NULL) && (str == NULL)
-            && EVP_CIPHER_iv_length(cipher) != 0) {
-            /*
-             * No IV was explicitly set and no IV was generated during
-             * EVP_BytesToKey. Hence the IV is undefined, making correct
-             * decryption impossible.
-             */
+		    && EVP_CIPHER_iv_length(cipher) != 0)
+			{
+			/* No IV was explicitly set and no IV was generated
+			 * during EVP_BytesToKey. Hence the IV is undefined,
+			 * making correct decryption impossible. */
 			BIO_printf(bio_err, "iv undefined\n");
 			goto end;
 			}
-        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
+		if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
+			{
 			BIO_printf(bio_err,"invalid hex key value\n");
 			goto end;
 			}
@ -575,17 +601,18 @@ int MAIN(int argc, char **argv)
 		if ((benc=BIO_new(BIO_f_cipher())) == NULL)
 			goto end;

-        /*
-         * Since we may be changing parameters work on the encryption context
-         * rather than calling BIO_set_cipher().
+		/* Since we may be changing parameters work on the encryption
+		 * context rather than calling BIO_set_cipher().
 		 */

 		BIO_get_cipher_ctx(benc, &ctx);

 		if (non_fips_allow)
-            EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+			EVP_CIPHER_CTX_set_flags(ctx,
+				EVP_CIPH_FLAG_NON_FIPS_ALLOW);

-        if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
+		if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
+			{
 			BIO_printf(bio_err, "Error setting cipher %s\n",
 				EVP_CIPHER_name(cipher));
 			ERR_print_errors(bio_err);
@ -595,38 +622,45 @@ int MAIN(int argc, char **argv)
 		if (nopad)
 			EVP_CIPHER_CTX_set_padding(ctx, 0);

-        if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
+		if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
+			{
 			BIO_printf(bio_err, "Error setting cipher %s\n",
 				EVP_CIPHER_name(cipher));
 			ERR_print_errors(bio_err);
 			goto end;
 			}

-        if (debug) {
+		if (debug)
+			{
 			BIO_set_callback(benc,BIO_debug_callback);
 			BIO_set_callback_arg(benc,(char *)bio_err);
 			}

-        if (printkey) {
-            if (!nosalt) {
+		if (printkey)
+			{
+			if (!nosalt)
+				{
 				printf("salt=");
 				for (i=0; i<(int)sizeof(salt); i++)
 					printf("%02X",salt[i]);
 				printf("\n");
 				}
-            if (cipher->key_len > 0) {
+			if (cipher->key_len > 0)
+				{
 				printf("key=");
 				for (i=0; i<cipher->key_len; i++)
 					printf("%02X",key[i]);
 				printf("\n");
 				}
-            if (cipher->iv_len > 0) {
+			if (cipher->iv_len > 0)
+				{
 				printf("iv =");
 				for (i=0; i<cipher->iv_len; i++)
 					printf("%02X",iv[i]);
 				printf("\n");
 				}
-            if (printkey == 2) {
+			if (printkey == 2)
+				{
 				ret=0;
 				goto end;
 				}
@ -637,45 +671,40 @@ int MAIN(int argc, char **argv)
 	if (benc != NULL)
 		wbio=BIO_push(benc,wbio);

-    for (;;) {
+	for (;;)
+		{
 		inl=BIO_read(rbio,(char *)buff,bsize);
-        if (inl <= 0)
-            break;
-        if (BIO_write(wbio, (char *)buff, inl) != inl) {
+		if (inl <= 0) break;
+		if (BIO_write(wbio,(char *)buff,inl) != inl)
+			{
 			BIO_printf(bio_err,"error writing output file\n");
 			goto end;
 			}
 		}
-    if (!BIO_flush(wbio)) {
+	if (!BIO_flush(wbio))
+		{
 		BIO_printf(bio_err,"bad decrypt\n");
 		goto end;
 		}

 	ret=0;
-    if (verbose) {
+	if (verbose)
+		{
 		BIO_printf(bio_err,"bytes read   :%8ld\n",BIO_number_read(in));
 		BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
 		}
 end:
 	ERR_print_errors(bio_err);
-    if (strbuf != NULL)
-        OPENSSL_free(strbuf);
-    if (buff != NULL)
-        OPENSSL_free(buff);
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (benc != NULL)
-        BIO_free(benc);
-    if (b64 != NULL)
-        BIO_free(b64);
+	if (strbuf != NULL) OPENSSL_free(strbuf);
+	if (buff != NULL) OPENSSL_free(buff);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
+	if (benc != NULL) BIO_free(benc);
+	if (b64 != NULL) BIO_free(b64);
 #ifdef ZLIB
-    if (bzl != NULL)
-        BIO_free(bzl);
+	if (bzl != NULL) BIO_free(bzl);
 #endif
-    if (pass)
-        OPENSSL_free(pass);
+	if(pass) OPENSSL_free(pass);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
@ -686,23 +715,25 @@ int set_hex(char *in, unsigned char *out, int size)
 	unsigned char j;

 	n=strlen(in);
-    if (n > (size * 2)) {
+	if (n > (size*2))
+		{
 		BIO_printf(bio_err,"hex string is too long\n");
 		return(0);
 		}
 	memset(out,0,size);
-    for (i = 0; i < n; i++) {
+	for (i=0; i<n; i++)
+		{
 		j=(unsigned char)*in;
 		*(in++)='\0';
-        if (j == 0)
-            break;
+		if (j == 0) break;
 		if ((j >= '0') && (j <= '9'))
 			j-='0';
 		else if ((j >= 'A') && (j <= 'F'))
 			j=j-'A'+10;
 		else if ((j >= 'a') && (j <= 'f'))
 			j=j-'a'+10;
-        else {
+		else
+			{
 			BIO_printf(bio_err,"non-hex digit\n");
 			return(0);
 			}
--- a/apps/engine.c
+++ b/apps/engine.c
@ -1,7 +1,6 @@
-/* apps/engine.c */
-/*
- * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
- * 2000.
+/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
+ * project 2000.
 */
 /* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@ -57,6 +56,7 @@
 *
 */

+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@ -99,7 +99,10 @@ static void identity(char *ptr)

 static int append_buf(char **buf, const char *s, int *size, int step)
 	{
-    if (*buf == NULL) {
+	int l = strlen(s);
+
+	if (*buf == NULL)
+		{
 		*size = step;
 		*buf = OPENSSL_malloc(*size);
 		if (*buf == NULL)
@ -107,7 +110,11 @@ static int append_buf(char **buf, const char *s, int *size, int step)
 		**buf = '\0';
 		}

-    if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
+	if (**buf != '\0')
+		l += 2;		/* ", " */
+
+	if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
+		{
 		*size += step;
 		*buf = OPENSSL_realloc(*buf, *size);
 		}
@ -127,38 +134,41 @@ static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
 	int started = 0, err = 0;
 	/* Indent before displaying input flags */
 	BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
-    if (flags == 0) {
+	if(flags == 0)
+		{
 		BIO_printf(bio_out, "<no flags>\n");
 		return 1;
 		}
-    /*
-     * If the object is internal, mark it in a way that shows instead of
-     * having it part of all the other flags, even if it really is.
-     */
-    if (flags & ENGINE_CMD_FLAG_INTERNAL) {
+        /* If the object is internal, mark it in a way that shows instead of
+         * having it part of all the other flags, even if it really is. */
+	if(flags & ENGINE_CMD_FLAG_INTERNAL)
+		{
 		BIO_printf(bio_out, "[Internal] ");
 		}

-    if (flags & ENGINE_CMD_FLAG_NUMERIC) {
+	if(flags & ENGINE_CMD_FLAG_NUMERIC)
+		{
 		BIO_printf(bio_out, "NUMERIC");
 		started = 1;
 		}
-    /*
-     * Now we check that no combinations of the mutually exclusive NUMERIC,
+	/* Now we check that no combinations of the mutually exclusive NUMERIC,
 	 * STRING, and NO_INPUT flags have been used. Future flags that can be
 	 * OR'd together with these would need to added after these to preserve
-     * the testing logic.
-     */
-    if (flags & ENGINE_CMD_FLAG_STRING) {
-        if (started) {
+	 * the testing logic. */
+	if(flags & ENGINE_CMD_FLAG_STRING)
+		{
+		if(started)
+			{
 			BIO_printf(bio_out, "|");
 			err = 1;
 			}
 		BIO_printf(bio_out, "STRING");
 		started = 1;
 		}
-    if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
-        if (started) {
+	if(flags & ENGINE_CMD_FLAG_NO_INPUT)
+		{
+		if(started)
+			{
 			BIO_printf(bio_out, "|");
 			err = 1;
 			}
@ -168,10 +178,11 @@ static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
 	/* Check for unknown flags */
 	flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
 			~ENGINE_CMD_FLAG_STRING &
-        ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
-    if (flags) {
-        if (started)
-            BIO_printf(bio_out, "|");
+			~ENGINE_CMD_FLAG_NO_INPUT &
+			~ENGINE_CMD_FLAG_INTERNAL;
+	if(flags)
+		{
+		if(started) BIO_printf(bio_out, "|");
 		BIO_printf(bio_out, "<0x%04X>", flags);
 		}
 	if(err)
@ -180,8 +191,7 @@ static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
 	return 1;
 	}

-static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
-                        const char *indent)
+static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent)
 	{
 	static const int line_wrap = 78;
 	int num;
@ -193,7 +203,8 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
 	STACK_OF(OPENSSL_STRING) *cmds = NULL;
 	if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
 			((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
-                            0, NULL, NULL)) <= 0)) {
+					0, NULL, NULL)) <= 0))
+		{
 #if 0
 		BIO_printf(bio_out, "%s<no control commands>\n", indent);
 #endif
@ -210,7 +221,8 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
 		if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
 					NULL, NULL)) < 0)
 			goto err;
-        if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
+                if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4)
+                        {
                        /* Get the command name */
                        if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
                                NULL, NULL)) <= 0)
@ -224,7 +236,8 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
                        if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
                                NULL, NULL)) < 0)
                                goto err;
-            if (len > 0) {
+                        if(len > 0)
+                                {
                                if((desc = OPENSSL_malloc(len + 1)) == NULL)
                                        goto err;
                                if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
@ -238,45 +251,42 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
                        else
                                /* Otherwise prepend a ", " */
                                xpos += BIO_printf(bio_out, ", ");
-            if (verbose == 1) {
-                /*
-                 * We're just listing names, comma-delimited
-                 */
+                        if(verbose == 1)
+                                {
+                                /* We're just listing names, comma-delimited */
                                if((xpos > (int)strlen(indent)) &&
-                    (xpos + (int)strlen(name) > line_wrap)) {
+					(xpos + (int)strlen(name) > line_wrap))
+                                        {
                                        BIO_printf(bio_out, "\n");
                                        xpos = BIO_puts(bio_out, indent);
                                        }
                                xpos += BIO_printf(bio_out, "%s", name);
-            } else {
+                                }
+                        else
+                                {
                                /* We're listing names plus descriptions */
                                BIO_printf(bio_out, "%s: %s\n", name,
                                        (desc == NULL) ? "<no description>" : desc);
                                /* ... and sometimes input flags */
-                if ((verbose >= 3) && !util_flags(bio_out, flags, indent))
+                                if((verbose >= 3) && !util_flags(bio_out, flags,
+                                        indent))
                                        goto err;
                                xpos = 0;
                                }
                        }
-        OPENSSL_free(name);
-        name = NULL;
-        if (desc) {
-            OPENSSL_free(desc);
-            desc = NULL;
-        }
+		OPENSSL_free(name); name = NULL;
+		if(desc) { OPENSSL_free(desc); desc = NULL; }
 		/* Move to the next command */
-        num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL);
+		num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
+					num, NULL, NULL);
 		} while(num > 0);
 	if(xpos > 0)
 		BIO_printf(bio_out, "\n");
 	ret = 1;
 err:
-    if (cmds)
-        sk_OPENSSL_STRING_pop_free(cmds, identity);
-    if (name)
-        OPENSSL_free(name);
-    if (desc)
-        OPENSSL_free(desc);
+	if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity);
+	if(name) OPENSSL_free(name);
+	if(desc) OPENSSL_free(desc);
 	return ret;
 	}

@ -285,21 +295,27 @@ static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
 	{
 	int loop, res, num = sk_OPENSSL_STRING_num(cmds);

-    if (num < 0) {
+	if(num < 0)
+		{
 		BIO_printf(bio_out, "[Error]: internal stack error\n");
 		return;
 		}
-    for (loop = 0; loop < num; loop++) {
+	for(loop = 0; loop < num; loop++)
+		{
 		char buf[256];
 		const char *cmd, *arg;
 		cmd = sk_OPENSSL_STRING_value(cmds, loop);
 		res = 1; /* assume success */
 		/* Check if this command has no ":arg" */
-        if ((arg = strstr(cmd, ":")) == NULL) {
+		if((arg = strstr(cmd, ":")) == NULL)
+			{
 			if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
 				res = 0;
-        } else {
-            if ((int)(arg - cmd) > 254) {
+			}
+		else
+			{
+			if((int)(arg - cmd) > 254)
+				{
 				BIO_printf(bio_out,"[Error]: command name too long\n");
 				return;
 				}
@ -312,7 +328,8 @@ static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
 			}
 		if(res)
 			BIO_printf(bio_out, "[Success]: %s\n", cmd);
-        else {
+		else
+			{
 			BIO_printf(bio_out, "[Failure]: %s\n", cmd);
 			ERR_print_errors(bio_out);
 			}
@ -352,33 +369,40 @@ int MAIN(int argc, char **argv)

 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strncmp(*argv, "-v", 2) == 0) {
+	while (argc >= 1)
+		{
+		if (strncmp(*argv,"-v",2) == 0)
+			{
 			if(strspn(*argv + 1, "v") < strlen(*argv + 1))
 				goto skip_arg_loop;
 			if((verbose=strlen(*argv + 1)) > 4)
 				goto skip_arg_loop;
-        } else if (strcmp(*argv, "-c") == 0)
+			}
+		else if (strcmp(*argv,"-c") == 0)
 			list_cap=1;
-        else if (strncmp(*argv, "-t", 2) == 0) {
+		else if (strncmp(*argv,"-t",2) == 0)
+			{
 			test_avail=1;
 			if(strspn(*argv + 1, "t") < strlen(*argv + 1))
 				goto skip_arg_loop;
 			if((test_avail_noise = strlen(*argv + 1) - 1) > 1)
 				goto skip_arg_loop;
-        } else if (strcmp(*argv, "-pre") == 0) {
-            argc--;
-            argv++;
+			}
+		else if (strcmp(*argv,"-pre") == 0)
+			{
+			argc--; argv++;
 			if (argc == 0)
 				goto skip_arg_loop;
 			sk_OPENSSL_STRING_push(pre_cmds,*argv);
-        } else if (strcmp(*argv, "-post") == 0) {
-            argc--;
-            argv++;
+			}
+		else if (strcmp(*argv,"-post") == 0)
+			{
+			argc--; argv++;
 			if (argc == 0)
 				goto skip_arg_loop;
 			sk_OPENSSL_STRING_push(post_cmds,*argv);
-        } else if ((strncmp(*argv, "-h", 2) == 0) ||
+			}
+		else if ((strncmp(*argv,"-h",2) == 0) ||
 				(strcmp(*argv,"-?") == 0))
 			goto skip_arg_loop;
 		else
@ -390,32 +414,37 @@ int MAIN(int argc, char **argv)
 	badops = 0;
 skip_arg_loop:

-    if (badops) {
+	if (badops)
+		{
 		for (pp=engine_usage; (*pp != NULL); pp++)
 			BIO_printf(bio_err,"%s",*pp);
 		goto end;
 		}

-    if (sk_OPENSSL_STRING_num(engines) == 0) {
-        for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
+	if (sk_OPENSSL_STRING_num(engines) == 0)
+		{
+		for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
+			{
 			sk_OPENSSL_STRING_push(engines,(char *)ENGINE_get_id(e));
 			}
 		}

-    for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) {
+	for (i=0; i<sk_OPENSSL_STRING_num(engines); i++)
+		{
 		const char *id = sk_OPENSSL_STRING_value(engines,i);
-        if ((e = ENGINE_by_id(id)) != NULL) {
+		if ((e = ENGINE_by_id(id)) != NULL)
+			{
 			const char *name = ENGINE_get_name(e);
-            /*
-             * Do "id" first, then "name". Easier to auto-parse.
-             */
+			/* Do "id" first, then "name". Easier to auto-parse. */
 			BIO_printf(bio_out, "(%s) %s\n", id, name);
 			util_do_cmds(e, pre_cmds, bio_out, indent);
-            if (strcmp(ENGINE_get_id(e), id) != 0) {
+			if (strcmp(ENGINE_get_id(e), id) != 0)
+				{
 				BIO_printf(bio_out, "Loaded: (%s) %s\n",
 					ENGINE_get_id(e), ENGINE_get_name(e));
 				}
-            if (list_cap) {
+			if (list_cap)
+				{
 				int cap_size = 256;
 				char *cap_buf = NULL;
 				int k,n;
@ -425,45 +454,49 @@ int MAIN(int argc, char **argv)
 				ENGINE_PKEY_METHS_PTR fn_pk;

 				if (ENGINE_get_RSA(e) != NULL
-                    && !append_buf(&cap_buf, "RSA", &cap_size, 256))
+					&& !append_buf(&cap_buf, "RSA",
+						&cap_size, 256))
 					goto end;
 				if (ENGINE_get_DSA(e) != NULL
-                    && !append_buf(&cap_buf, "DSA", &cap_size, 256))
+					&& !append_buf(&cap_buf, "DSA",
+						&cap_size, 256))
 					goto end;
 				if (ENGINE_get_DH(e) != NULL
-                    && !append_buf(&cap_buf, "DH", &cap_size, 256))
+					&& !append_buf(&cap_buf, "DH",
+						&cap_size, 256))
 					goto end;
 				if (ENGINE_get_RAND(e) != NULL
-                    && !append_buf(&cap_buf, "RAND", &cap_size, 256))
+					&& !append_buf(&cap_buf, "RAND",
+						&cap_size, 256))
 					goto end;

 				fn_c = ENGINE_get_ciphers(e);
-                if (!fn_c)
-                    goto skip_ciphers;
+				if(!fn_c) goto skip_ciphers;
 				n = fn_c(e, NULL, &nids, 0);
 				for(k=0 ; k < n ; ++k)
 					if(!append_buf(&cap_buf,
-                                    OBJ_nid2sn(nids[k]), &cap_size, 256))
+						       OBJ_nid2sn(nids[k]),
+						       &cap_size, 256))
 						goto end;

 skip_ciphers:
 				fn_d = ENGINE_get_digests(e);
-                if (!fn_d)
-                    goto skip_digests;
+				if(!fn_d) goto skip_digests;
 				n = fn_d(e, NULL, &nids, 0);
 				for(k=0 ; k < n ; ++k)
 					if(!append_buf(&cap_buf,
-                                    OBJ_nid2sn(nids[k]), &cap_size, 256))
+						       OBJ_nid2sn(nids[k]),
+						       &cap_size, 256))
 						goto end;

 skip_digests:
 				fn_pk = ENGINE_get_pkey_meths(e);
-                if (!fn_pk)
-                    goto skip_pmeths;
+				if(!fn_pk) goto skip_pmeths;
 				n = fn_pk(e, NULL, &nids, 0);
 				for(k=0 ; k < n ; ++k)
 					if(!append_buf(&cap_buf,
-                                    OBJ_nid2sn(nids[k]), &cap_size, 256))
+						       OBJ_nid2sn(nids[k]),
+						       &cap_size, 256))
 						goto end;
 skip_pmeths:
 				if (cap_buf && (*cap_buf != '\0'))
@ -471,13 +504,17 @@ int MAIN(int argc, char **argv)

 				OPENSSL_free(cap_buf);
 				}
-            if (test_avail) {
+			if(test_avail)
+				{
 				BIO_printf(bio_out, "%s", indent);
-                if (ENGINE_init(e)) {
+				if (ENGINE_init(e))
+					{
 					BIO_printf(bio_out, "[ available ]\n");
 					util_do_cmds(e, post_cmds, bio_out, indent);
 					ENGINE_finish(e);
-                } else {
+					}
+				else
+					{
 					BIO_printf(bio_out, "[ unavailable ]\n");
 					if(test_avail_noise)
 						ERR_print_errors_fp(stdout);
@ -487,7 +524,8 @@ int MAIN(int argc, char **argv)
 			if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
 				goto end;
 			ENGINE_free(e);
-        } else
+			}
+		else
 			ERR_print_errors(bio_err);
 		}

@ -498,8 +536,7 @@ int MAIN(int argc, char **argv)
 	sk_OPENSSL_STRING_pop_free(engines, identity);
 	sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
 	sk_OPENSSL_STRING_pop_free(post_cmds, identity);
-    if (bio_out != NULL)
-        BIO_free_all(bio_out);
+	if (bio_out != NULL) BIO_free_all(bio_out);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
--- a/apps/errstr.c
+++ b/apps/errstr.c
@ -84,33 +84,40 @@ int MAIN(int argc, char **argv)

 	SSL_load_error_strings();

-    if ((argc > 1) && (strcmp(argv[1], "-stats") == 0)) {
+	if ((argc > 1) && (strcmp(argv[1],"-stats") == 0))
+		{
 		BIO *out=NULL;

 		out=BIO_new(BIO_s_file());
-        if ((out != NULL) && BIO_set_fp(out, stdout, BIO_NOCLOSE)) {
+		if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
+			{
 #ifdef OPENSSL_SYS_VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
 			}
 #endif
-            lh_ERR_STRING_DATA_node_stats_bio(ERR_get_string_table(), out);
-            lh_ERR_STRING_DATA_stats_bio(ERR_get_string_table(), out);
-            lh_ERR_STRING_DATA_node_usage_stats_bio(ERR_get_string_table(),
+			lh_ERR_STRING_DATA_node_stats_bio(
+						  ERR_get_string_table(), out);
+			lh_ERR_STRING_DATA_stats_bio(ERR_get_string_table(),
 						     out);
+			lh_ERR_STRING_DATA_node_usage_stats_bio(
+						    ERR_get_string_table(),out);
 			}
-        if (out != NULL)
-            BIO_free_all(out);
+		if (out != NULL) BIO_free_all(out);
 		argc--;
 		argv++;
 		}

-    for (i = 1; i < argc; i++) {
-        if (sscanf(argv[i], "%lx", &l)) {
+	for (i=1; i<argc; i++)
+		{
+		if (sscanf(argv[i],"%lx",&l))
+			{
 			ERR_error_string_n(l, buf, sizeof buf);
 			printf("%s\n",buf);
-        } else {
+			}
+		else
+			{
 			printf("%s: bad error code\n",argv[i]);
 			printf("usage: errstr [-stats] <errno> ...\n");
 			ret++;
--- a/apps/gendh.c
+++ b/apps/gendh.c
@ -58,10 +58,8 @@
 */

 #include <openssl/opensslconf.h>
-/*
- * Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code
- */
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
 #undef OPENSSL_NO_DEPRECATED
 #endif
@ -80,7 +78,7 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>

-# define DEFBITS 2048
+#define DEFBITS	512
 #undef PROG
 #define PROG gendh_main

@ -113,66 +111,67 @@ int MAIN(int argc, char **argv)

 	argv++;
 	argc--;
-    for (;;) {
-        if (argc <= 0)
-            break;
-        if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+	for (;;)
+		{
+		if (argc <= 0) break;
+		if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-2") == 0)
+			}
+		else if (strcmp(*argv,"-2") == 0)
 			g=2;
-/*-     else if (strcmp(*argv,"-3") == 0)
+	/*	else if (strcmp(*argv,"-3") == 0)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
-        else if (strcmp(*argv, "-rand") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
 			inrand= *(++argv);
-        } else
+			}
+		else
 			break;
 		argv++;
 		argc--;
 		}
-    if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
+	if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
+		{
 bad:
 		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
 		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
-        /*
-         * BIO_printf(bio_err," -3 - use 3 as the generator value\n");
-         */
+	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
 		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e - use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 #endif
-        BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-                   LIST_SEPARATOR_CHAR);
-        BIO_printf(bio_err,
-                   "           - load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
+		
 #ifndef OPENSSL_NO_ENGINE
        setup_engine(bio_err, engine, 0);
 #endif

 	out=BIO_new(BIO_s_file());
-    if (out == NULL) {
+	if (out == NULL)
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -180,28 +179,28 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
 		}

-    if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
-        BIO_printf(bio_err,
-                   "warning, not much extra random data, consider using the -rand option\n");
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			app_RAND_load_files(inrand));

-    BIO_printf(bio_err,
-               "Generating DH parameters, %d bit long safe prime, generator %d\n",
-               num, g);
+	BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");

-    if (((dh = DH_new()) == NULL)
-        || !DH_generate_parameters_ex(dh, num, g, &cb))
+	if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))
 		goto end;
 		
 	app_RAND_write_file(NULL, bio_err);
@ -212,10 +211,8 @@ int MAIN(int argc, char **argv)
 end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (dh != NULL)
-        DH_free(dh);
+	if (out != NULL) BIO_free_all(out);
+	if (dh != NULL) DH_free(dh);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
@ -224,14 +221,10 @@ static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
 	{
 	char c='*';

-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
 	BIO_write(cb->arg,&c,1);
 	(void)BIO_flush(cb->arg);
 #ifdef LINT
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@ -100,30 +100,32 @@ int MAIN(int argc, char **argv)

 	argv++;
 	argc--;
-    for (;;) {
-        if (argc <= 0)
-            break;
-        if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+	for (;;)
+		{
+		if (argc <= 0) break;
+		if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-passout") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
-        else if (strcmp(*argv, "-rand") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
 			inrand= *(++argv);
-        } else if (strcmp(*argv, "-") == 0)
+			}
+		else if (strcmp(*argv,"-") == 0)
 			goto bad;
 #ifndef OPENSSL_NO_DES
 		else if (strcmp(*argv,"-des") == 0)
@ -155,57 +157,51 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-camellia256") == 0)
 			enc=EVP_camellia_256_cbc();
 #endif
-        else if (**argv != '-' && dsaparams == NULL) {
+		else if (**argv != '-' && dsaparams == NULL)
+			{
 			dsaparams = *argv;
-        } else
+			}
+		else
 			goto bad;
 		argv++;
 		argc--;
 		}

-    if (dsaparams == NULL) {
+	if (dsaparams == NULL)
+		{
 bad:
 		BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
 		BIO_printf(bio_err," -out file - output the key to 'file'\n");
 #ifndef OPENSSL_NO_DES
-        BIO_printf(bio_err,
-                   " -des      - encrypt the generated key with DES in cbc mode\n");
-        BIO_printf(bio_err,
-                   " -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
+		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
 #endif
 #ifndef OPENSSL_NO_IDEA
-        BIO_printf(bio_err,
-                   " -idea     - encrypt the generated key with IDEA in cbc mode\n");
+		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 		BIO_printf(bio_err," -seed\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc seed\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc seed\n");
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc aes\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc camellia\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e - use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 #endif
-        BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-                   LIST_SEPARATOR_CHAR);
-        BIO_printf(bio_err,
-                   "           - load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		BIO_printf(bio_err," dsaparam-file\n");
-        BIO_printf(bio_err,
-                   "           - a DSA parameter file as generated by the dsaparam command\n");
+		BIO_printf(bio_err,"           - a DSA parameter file as generated by the dsaparam command\n");
 		goto end;
 		}
+
 #ifndef OPENSSL_NO_ENGINE
        setup_engine(bio_err, engine, 0);
 #endif
@ -215,13 +211,16 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

+
 	in=BIO_new(BIO_s_file());
-    if (!(BIO_read_filename(in, dsaparams))) {
+	if (!(BIO_read_filename(in,dsaparams)))
+		{
 		perror(dsaparams);
 		goto end;
 		}

-    if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
+	if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
+		{
 		BIO_printf(bio_err,"unable to load DSA parameter file\n");
 		goto end;
 		}
@ -229,10 +228,10 @@ int MAIN(int argc, char **argv)
 	in = NULL;
 		
 	out=BIO_new(BIO_s_file());
-    if (out == NULL)
-        goto end;
+	if (out == NULL) goto end;

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -240,24 +239,27 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
 		}

-    if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
-        BIO_printf(bio_err,
-                   "warning, not much extra random data, consider using the -rand option\n");
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			app_RAND_load_files(inrand));

-    BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(dsa->p));
-    if (!DSA_generate_key(dsa))
-        goto end;
+	BIO_printf(bio_err,"Generating DSA key, %d bits\n",
+							BN_num_bits(dsa->p));
+	if (!DSA_generate_key(dsa)) goto end;

 	app_RAND_write_file(NULL, bio_err);

@ -267,14 +269,10 @@ int MAIN(int argc, char **argv)
 end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (dsa != NULL)
-        DSA_free(dsa);
-    if (passout)
-        OPENSSL_free(passout);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
+	if (dsa != NULL) DSA_free(dsa);
+	if(passout) OPENSSL_free(passout);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@ -1,7 +1,6 @@
 /* apps/genpkey.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006
 */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
@ -102,26 +101,32 @@ int MAIN(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
-    while (!badarg && *args && *args[0] == '-') {
-        if (!strcmp(*args, "-outform")) {
-            if (args[1]) {
+	while (!badarg && *args && *args[0] == '-')
+		{
+		if (!strcmp(*args,"-outform"))
+			{
+			if (args[1])
+				{
 				args++;
 				outformat=str2fmt(*args);
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-pass")) {
-            if (!args[1])
-                goto bad;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args,"-pass"))
+			{
+			if (!args[1]) goto bad;
 			passarg= *(++args);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*args, "-engine") == 0) {
+		else if (strcmp(*args,"-engine") == 0)
+			{
 			if (!args[1])
 				goto bad;
        		e = setup_engine(bio_err, *(++args), 0);
 			}
 #endif
-        else if (!strcmp(*args, "-paramfile")) {
+		else if (!strcmp (*args, "-paramfile"))
+			{
 			if (!args[1])
 				goto bad;
 			args++;
@ -129,38 +134,54 @@ int MAIN(int argc, char **argv)
 				goto bad;
 			if (!init_keygen_file(bio_err, &ctx, *args, e))
 				goto end;
-        } else if (!strcmp(*args, "-out")) {
-            if (args[1]) {
+			}
+		else if (!strcmp (*args, "-out"))
+			{
+			if (args[1])
+				{
 				args++;
 				outfile = *args;
-            } else
-                badarg = 1;
-        } else if (strcmp(*args, "-algorithm") == 0) {
+				}
+			else badarg = 1;
+			}
+		else if (strcmp(*args,"-algorithm") == 0)
+			{
 			if (!args[1])
 				goto bad;
 			if (!init_gen_str(bio_err, &ctx, *(++args),e, do_param))
 				goto end;
-        } else if (strcmp(*args, "-pkeyopt") == 0) {
+			}
+		else if (strcmp(*args,"-pkeyopt") == 0)
+			{
 			if (!args[1])
 				goto bad;
-            if (!ctx) {
+			if (!ctx)
+				{
 				BIO_puts(bio_err, "No keytype specified\n");
 				goto bad;
-            } else if (pkey_ctrl_string(ctx, *(++args)) <= 0) {
+				}
+			else if (pkey_ctrl_string(ctx, *(++args)) <= 0)
+				{
 				BIO_puts(bio_err, "parameter setting error\n");
 				ERR_print_errors(bio_err);
 				goto end;
 				}
-        } else if (strcmp(*args, "-genparam") == 0) {
+			}
+		else if (strcmp(*args,"-genparam") == 0)
+			{
 			if (ctx)
 				goto bad;
 			do_param = 1;
-        } else if (strcmp(*args, "-text") == 0)
+			}
+		else if (strcmp(*args,"-text") == 0)
 			text=1;
-        else {
+		else
+			{
 			cipher = EVP_get_cipherbyname(*args + 1);
-            if (!cipher) {
-                BIO_printf(bio_err, "Unknown cipher %s\n", *args + 1);
+			if (!cipher)
+				{
+				BIO_printf(bio_err, "Unknown cipher %s\n",
+								*args + 1);
 				badarg = 1;
 				}
 			if (do_param == 1)
@ -172,45 +193,45 @@ int MAIN(int argc, char **argv)
 	if (!ctx)
 		badarg = 1;

-    if (badarg) {
+	if (badarg)
+		{
 		bad:
 		BIO_printf(bio_err, "Usage: genpkey [options]\n");
 		BIO_printf(bio_err, "where options may be\n");
 		BIO_printf(bio_err, "-out file          output file\n");
-        BIO_printf(bio_err,
-                   "-outform X         output format (DER or PEM)\n");
-        BIO_printf(bio_err,
-                   "-pass arg          output file pass phrase source\n");
-        BIO_printf(bio_err,
-                   "-<cipher>          use cipher <cipher> to encrypt the key\n");
+		BIO_printf(bio_err, "-outform X         output format (DER or PEM)\n");
+		BIO_printf(bio_err, "-pass arg          output file pass phrase source\n");
+		BIO_printf(bio_err, "-<cipher>          use cipher <cipher> to encrypt the key\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   "-engine e          use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, "-engine e          use engine e, possibly a hardware device.\n");
 #endif
 		BIO_printf(bio_err, "-paramfile file    parameters file\n");
 		BIO_printf(bio_err, "-algorithm alg     the public key algorithm\n");
-        BIO_printf(bio_err,
-                   "-pkeyopt opt:value set the public key algorithm option <opt>\n"
+		BIO_printf(bio_err, "-pkeyopt opt:value set the public key algorithm option <opt>\n"
 				            "                   to value <value>\n");
-        BIO_printf(bio_err,
-                   "-genparam          generate parameters, not key\n");
+		BIO_printf(bio_err, "-genparam          generate parameters, not key\n");
 		BIO_printf(bio_err, "-text              print the in text\n");
-        BIO_printf(bio_err,
-                   "NB: options order may be important!  See the manual page.\n");
+		BIO_printf(bio_err, "NB: options order may be important!  See the manual page.\n");
 		goto end;
 		}

-    if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
+	if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
+		{
 		BIO_puts(bio_err, "Error getting password\n");
 		goto end;
 		}

-    if (outfile) {
-        if (!(out = BIO_new_file(outfile, "wb"))) {
-            BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+	if (outfile)
+		{
+		if (!(out = BIO_new_file (outfile, "wb")))
+			{
+			BIO_printf(bio_err,
+				 "Can't open output file %s\n", outfile);
 			goto end;
 			}
-    } else {
+		}
+	else
+		{
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
@ -223,14 +244,19 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
 	EVP_PKEY_CTX_set_app_data(ctx, bio_err);

-    if (do_param) {
-        if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
+	if (do_param)
+		{
+		if (EVP_PKEY_paramgen(ctx, &pkey) <= 0)
+			{
 			BIO_puts(bio_err, "Error generating parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
-    } else {
-        if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
+		}
+	else
+		{
+		if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+			{
 			BIO_puts(bio_err, "Error generating key\n");
 			ERR_print_errors(bio_err);
 			goto end;
@ -240,26 +266,31 @@ int MAIN(int argc, char **argv)
 	if (do_param)
 		rv = PEM_write_bio_Parameters(out, pkey);
 	else if (outformat == FORMAT_PEM) 
-        rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass);
+		rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0,
+								NULL, pass);
 	else if (outformat == FORMAT_ASN1)
 		rv = i2d_PrivateKey_bio(out, pkey);
-    else {
+	else
+		{
 		BIO_printf(bio_err, "Bad format specified for key\n");
 		goto end;
 		}

-    if (rv <= 0) {
+	if (rv <= 0)
+		{
 		BIO_puts(bio_err, "Error writing key\n");
 		ERR_print_errors(bio_err);
 		}

-    if (text) {
+	if (text)
+		{
 		if (do_param)
 			rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
 		else
 			rv = EVP_PKEY_print_private(out, pkey, 0, NULL);

-        if (rv <= 0) {
+		if (rv <= 0)
+			{
 			BIO_puts(bio_err, "Error printing key\n");
 			ERR_print_errors(bio_err);
 			}
@ -287,13 +318,15 @@ static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
 	BIO *pbio;
 	EVP_PKEY *pkey = NULL;
 	EVP_PKEY_CTX *ctx = NULL;
-    if (*pctx) {
+	if (*pctx)
+		{
 		BIO_puts(err, "Parameters already set!\n");
 		return 0;
 		}

 	pbio = BIO_new_file(file, "r");
-    if (!pbio) {
+	if (!pbio)
+		{
 		BIO_printf(err, "Can't open parameter file %s\n", file);
 		return 0;
 		}
@ -301,7 +334,8 @@ static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
 	pkey = PEM_read_bio_Parameters(pbio, NULL);
 	BIO_free(pbio);

-    if (!pkey) {
+	if (!pkey)
+		{
 		BIO_printf(bio_err, "Error reading parameter file %s\n", file);
 		return 0;
 		}
@ -334,7 +368,8 @@ int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
 	ENGINE *tmpeng = NULL;
 	int pkey_id;

-    if (*pctx) {
+	if (*pctx)
+		{
 		BIO_puts(err, "Algorithm already set!\n");
 		return 0;
 		}
@ -346,7 +381,8 @@ int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
 		ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
 #endif

-    if (!ameth) {
+	if (!ameth)
+		{
 		BIO_printf(bio_err, "Algorithm %s not found\n", algname);
 		return 0;
 		}
@ -362,10 +398,13 @@ int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,

 	if (!ctx)
 		goto err;
-    if (do_param) {
+	if (do_param)
+		{
 		if (EVP_PKEY_paramgen_init(ctx) <= 0)
 			goto err;
-    } else {
+		}
+	else
+		{
 		if (EVP_PKEY_keygen_init(ctx) <= 0)
 			goto err;
 		}
@ -388,14 +427,10 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx)
 	BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
 	int p;
 	p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
 	BIO_write(b,&c,1);
 	(void)BIO_flush(b);
 #ifdef LINT
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@ -57,10 +57,8 @@
 */

 #include <openssl/opensslconf.h>
-/*
- * Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code
- */
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
 #undef OPENSSL_NO_DEPRECATED
 #endif
@ -109,8 +107,7 @@ int MAIN(int argc, char **argv)
 	BIGNUM *bn = BN_new();
 	RSA *rsa = NULL;

-    if (!bn)
-        goto err;
+	if(!bn) goto err;

 	apps_startup();
 	BN_GENCB_set(&cb, genrsa_cb, bio_err);
@ -121,34 +118,36 @@ int MAIN(int argc, char **argv)

 	if (!load_config(bio_err, NULL))
 		goto err;
-    if ((out = BIO_new(BIO_s_file())) == NULL) {
+	if ((out=BIO_new(BIO_s_file())) == NULL)
+		{
 		BIO_printf(bio_err,"unable to create BIO for output\n");
 		goto err;
 		}

 	argv++;
 	argc--;
-    for (;;) {
-        if (argc <= 0)
-            break;
-        if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+	for (;;)
+		{
+		if (argc <= 0) break;
+		if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-3") == 0)
+			}
+		else if (strcmp(*argv,"-3") == 0)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
-        else if (strcmp(*argv, "-rand") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
 #ifndef OPENSSL_NO_DES
@ -181,55 +180,46 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-camellia256") == 0)
 			enc=EVP_camellia_256_cbc();
 #endif
-        else if (strcmp(*argv, "-passout") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargout= *(++argv);
-        } else
+			}
+		else
 			break;
 		argv++;
 		argc--;
 		}
-    if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
+	if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
+		{
 bad:
 		BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
-        BIO_printf(bio_err,
-                   " -des            encrypt the generated key with DES in cbc mode\n");
-        BIO_printf(bio_err,
-                   " -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+		BIO_printf(bio_err," -des            encrypt the generated key with DES in cbc mode\n");
+		BIO_printf(bio_err," -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
 #ifndef OPENSSL_NO_IDEA
-        BIO_printf(bio_err,
-                   " -idea           encrypt the generated key with IDEA in cbc mode\n");
+		BIO_printf(bio_err," -idea           encrypt the generated key with IDEA in cbc mode\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 		BIO_printf(bio_err," -seed\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc seed\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc seed\n");
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc aes\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc camellia\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 		BIO_printf(bio_err," -out file       output the key to 'file\n");
-        BIO_printf(bio_err,
-                   " -passout arg    output file pass phrase source\n");
-        BIO_printf(bio_err,
-                   " -f4             use F4 (0x10001) for the E value\n");
+		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3              use 3 for the E value\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 #endif
-        BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-                   LIST_SEPARATOR_CHAR);
-        BIO_printf(bio_err,
-                   "                 load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
 		goto err;
 		}
@ -240,11 +230,13 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "Error getting password\n");
 		goto err;
 	}
+
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -252,17 +244,20 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto err;
 			}
 		}

 	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
-        && !RAND_status()) {
-        BIO_printf(bio_err,
-                   "warning, not much extra random data, consider using the -rand option\n");
+		&& !RAND_status())
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
@ -283,12 +278,11 @@ int MAIN(int argc, char **argv)
 		
 	app_RAND_write_file(NULL, bio_err);

-    /*
-     * We need to do the following for when the base number size is < long,
-     * esp windows 3.1 :-(.
-     */
+	/* We need to do the following for when the base number size is <
+	 * long, esp windows 3.1 :-(. */
 	l=0L;
-    for (i = 0; i < rsa->e->top; i++) {
+	for (i=0; i<rsa->e->top; i++)
+		{
 #ifndef SIXTY_FOUR_BIT
 		l<<=BN_BITS4;
 		l<<=BN_BITS4;
@ -301,21 +295,16 @@ int MAIN(int argc, char **argv)
 	cb_data.password = passout;
 	cb_data.prompt_info = outfile;
 	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,
-                                         (pem_password_cb *)password_callback,
-                                         &cb_data))
+		(pem_password_cb *)password_callback,&cb_data))
 		goto err;
 	}

 	ret=0;
 err:
-    if (bn)
-        BN_free(bn);
-    if (rsa)
-        RSA_free(rsa);
-    if (out)
-        BIO_free_all(out);
-    if (passout)
-        OPENSSL_free(passout);
+	if (bn) BN_free(bn);
+	if (rsa) RSA_free(rsa);
+	if (out) BIO_free_all(out);
+	if(passout) OPENSSL_free(passout);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	apps_shutdown();
@ -326,14 +315,10 @@ static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)
 	{
 	char c='*';

-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
 	BIO_write(cb->arg,&c,1);
 	(void)BIO_flush(cb->arg);
 #ifdef LINT
--- a/apps/nseq.c
+++ b/apps/nseq.c
@ -1,7 +1,6 @@
 /* nseq.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@ -77,27 +76,22 @@ int MAIN(int argc, char **argv)
 	NETSCAPE_CERT_SEQUENCE *seq = NULL;
 	int i, ret = 1;
 	int badarg = 0;
-    if (bio_err == NULL)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 	ERR_load_crypto_strings();
 	args = argv + 1;
 	while (!badarg && *args && *args[0] == '-') {
-        if (!strcmp(*args, "-toseq"))
-            toseq = 1;
+		if (!strcmp (*args, "-toseq")) toseq = 1;
 		else if (!strcmp (*args, "-in")) {
 			if (args[1]) {
 				args++;
 				infile = *args;
-            } else
-                badarg = 1;
+			} else badarg = 1;
 		} else if (!strcmp (*args, "-out")) {
 			if (args[1]) {
 				args++;
 				outfile = *args;
-            } else
-                badarg = 1;
-        } else
-            badarg = 1;
+			} else badarg = 1;
+		} else badarg = 1;
 		args++;
 	}

@ -113,15 +107,16 @@ int MAIN(int argc, char **argv)

 	if (infile) {
 		if (!(in = BIO_new_file (infile, "r"))) {
-            BIO_printf(bio_err, "Can't open input file %s\n", infile);
+			BIO_printf (bio_err,
+				 "Can't open input file %s\n", infile);
 			goto end;
 		}
-    } else
-        in = BIO_new_fp(stdin, BIO_NOCLOSE);
+	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);

 	if (outfile) {
 		if (!(out = BIO_new_file (outfile, "w"))) {
-            BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+			BIO_printf (bio_err,
+				 "Can't open output file %s\n", outfile);
 			goto end;
 		}
 	} else {
@ -139,7 +134,8 @@ int MAIN(int argc, char **argv)
 		while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) 
 		    sk_X509_push(seq->certs,x509);

-        if (!sk_X509_num(seq->certs)) {
+		if(!sk_X509_num(seq->certs))
+		{
 			BIO_printf (bio_err, "Error reading certs file %s\n", infile);
 			ERR_print_errors(bio_err);
 			goto end;
@ -168,3 +164,4 @@ int MAIN(int argc, char **argv)

 	OPENSSL_EXIT(ret);
 }
+
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
--- a/apps/openssl.c
+++ b/apps/openssl.c
@ -109,11 +109,11 @@
 *
 */

+
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#define OPENSSL_C               /* tells apps.h to use complete
-                                 * apps_startup() */
+#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
 #include "apps.h"
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
@ -126,8 +126,7 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#define USE_SOCKETS             /* needed for the _O_BINARY defs in the MS
-                                 * world */
+#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
 #include "progs.h"
 #include "s_apps.h"
 #include <openssl/err.h>
@ -135,12 +134,10 @@
 #include <openssl/fips.h>
 #endif

-/*
- * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
- * the base prototypes (we cast each variable inside the function to the
- * required type of "FUNCTION*"). This removes the necessity for
- * macro-generated wrapper functions.
- */
+/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
+ * base prototypes (we cast each variable inside the function to the required
+ * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
+ * functions. */

 static LHASH_OF(FUNCTION) *prog_init(void );
 static int do_cmd(LHASH_OF(FUNCTION) *prog,int argc,char *argv[]);
@ -155,6 +152,7 @@ CONF *config = NULL;
 BIO *bio_err=NULL;
 #endif

+
 static void lock_dbg_cb(int mode, int type, const char *file, int line)
 	{
 	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
@ -162,49 +160,58 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
 	int rw;
 	
 	rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
-    if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) {
+	if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
+		{
 		errstr = "invalid mode";
 		goto err;
 		}

-    if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
+	if (type < 0 || type >= CRYPTO_NUM_LOCKS)
+		{
 		errstr = "type out of bounds";
 		goto err;
 		}

-    if (mode & CRYPTO_LOCK) {
-        if (modes[type]) {
+	if (mode & CRYPTO_LOCK)
+		{
+		if (modes[type])
+			{
 			errstr = "already locked";
-            /*
-             * must not happen in a single-threaded program (would deadlock)
-             */
+			/* must not happen in a single-threaded program
+			 * (would deadlock) */
 			goto err;
 			}

 		modes[type] = rw;
-    } else if (mode & CRYPTO_UNLOCK) {
-        if (!modes[type]) {
+		}
+	else if (mode & CRYPTO_UNLOCK)
+		{
+		if (!modes[type])
+			{
 			errstr = "not locked";
 			goto err;
 			}
 		
-        if (modes[type] != rw) {
+		if (modes[type] != rw)
+			{
 			errstr = (rw == CRYPTO_READ) ?
 				"CRYPTO_r_unlock on write lock" :
 				"CRYPTO_w_unlock on read lock";
 			}

 		modes[type] = 0;
-    } else {
+		}
+	else
+		{
 		errstr = "invalid mode";
 		goto err;
 		}

 err:
-    if (errstr) {
+	if (errstr)
+		{
 		/* we cannot use bio_err here */
-        fprintf(stderr,
-                "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
+		fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
 			errstr, mode, type, file, line);
 		}
 	}
@ -231,8 +238,7 @@ int main(int Argc, char *ARGV[])
 	long errline;

 #if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
-    /*-
-     * 2011-03-22 SMS.
+	/* 2011-03-22 SMS.
 	 * If we have 32-bit pointers everywhere, then we're safe, and
 	 * we bypass this mess, as on non-VMS systems.  (See ARGV,
 	 * above.)
@ -259,27 +265,25 @@ int main(int Argc, char *ARGV[])
 # if !defined( VMS_TRUST_ARGV)
 	 || (_Argv[ Argc] != NULL)      /* Untrusted argv[argc] not NULL. */
 # endif
-        ) {
+		)
+		{
 		int i;
 		Argv = OPENSSL_malloc( (Argc+ 1)* sizeof( char *));
-        if (Argv == NULL) {
-            ret = -1;
-            goto end;
-        }
+		if (Argv == NULL)
+			{ ret = -1; goto end; }
 		for(i = 0; i < Argc; i++)
 			Argv[i] = _Argv[i];
 		Argv[ Argc] = NULL;     /* Certain NULL termination. */
 		free_Argv = 1;
-    } else {
-        /*
-         * Use the known-good 32-bit argv[] (which needs the type cast to
-         * satisfy the compiler), or the trusted or tested-good 64-bit argv[]
-         * as-is.
-         */
+		}
+	else
+		{
+		/* Use the known-good 32-bit argv[] (which needs the
+		 * type cast to satisfy the compiler), or the trusted or
+		 * tested-good 64-bit argv[] as-is. */
 		Argv = (char **)_Argv;
 		}
-#endif                          /* defined( OPENSSL_SYS_VMS) &&
-                                 * (__INITIAL_POINTER_SIZE == 64) */
+#endif /* defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) */

 	arg.data=NULL;
 	arg.count=0;
@ -288,13 +292,15 @@ int main(int Argc, char *ARGV[])
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-    if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) { /* if not defined, use
-                                                   * compiled-in library
-                                                   * defaults */
-        if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))) {
+	if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */
+		{
+		if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
+			{
 			CRYPTO_malloc_debug_init();
 			CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-        } else {
+			}
+		else
+			{
 			/* OPENSSL_DEBUG_MEMORY=off */
 			CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
 			}
@ -334,14 +340,19 @@ int main(int Argc, char *ARGV[])

 	config=NCONF_new(NULL);
 	i=NCONF_load(config,p,&errline);
-    if (i == 0) {
+	if (i == 0)
+		{
 		if (ERR_GET_REASON(ERR_peek_last_error())
-            == CONF_R_NO_SUCH_FILE) {
-            BIO_printf(bio_err, "WARNING: can't open config file: %s\n", p);
+		    == CONF_R_NO_SUCH_FILE)
+			{
+			BIO_printf(bio_err,
+				   "WARNING: can't open config file: %s\n",p);
 			ERR_clear_error();
 			NCONF_free(config);
 			config = NULL;
-        } else {
+			}
+		else
+			{
 			ERR_print_errors(bio_err);
 			NCONF_free(config);
 			exit(1);
@ -355,58 +366,55 @@ int main(int Argc, char *ARGV[])

 	f.name=pname;
 	fp=lh_FUNCTION_retrieve(prog,&f);
-    if (fp != NULL) {
+	if (fp != NULL)
+		{
 		Argv[0]=pname;
 		ret=fp->func(Argc,Argv);
 		goto end;
 		}

-    /*
-     * ok, now check that there are not arguments, if there are, run with
-     * them, shifting the ssleay off the front
-     */
-    if (Argc != 1) {
+	/* ok, now check that there are not arguments, if there are,
+	 * run with them, shifting the ssleay off the front */
+	if (Argc != 1)
+		{
 		Argc--;
 		Argv++;
 		ret=do_cmd(prog,Argc,Argv);
-        if (ret < 0)
-            ret = 0;
+		if (ret < 0) ret=0;
 		goto end;
 		}

 	/* ok, lets enter the old 'OpenSSL>' mode */
 	
-    for (;;) {
+	for (;;)
+		{
 		ret=0;
 		p=buf;
 		n=sizeof buf;
 		i=0;
-        for (;;) {
+		for (;;)
+			{
 			p[0]='\0';
 			if (i++)
 				prompt=">";
-            else
-                prompt = "OpenSSL> ";
+			else	prompt="OpenSSL> ";
 			fputs(prompt,stdout);
 			fflush(stdout);
 			if (!fgets(p,n,stdin))
 				goto end;
-            if (p[0] == '\0')
-                goto end;
+			if (p[0] == '\0') goto end;
 			i=strlen(p);
-            if (i <= 1)
-                break;
-            if (p[i - 2] != '\\')
-                break;
+			if (i <= 1) break;
+			if (p[i-2] != '\\') break;
 			i-=2;
 			p+=i;
 			n-=i;
 			}
-        if (!chopup_args(&arg, buf, &argc, &argv))
-            break;
+		if (!chopup_args(&arg,buf,&argc,&argv)) break;

 		ret=do_cmd(prog,argc,argv);
-        if (ret < 0) {
+		if (ret < 0)
+			{
 			ret=0;
 			goto end;
 			}
@ -419,27 +427,29 @@ int main(int Argc, char *ARGV[])
 end:
 	if (to_free)
 		OPENSSL_free(to_free);
-    if (config != NULL) {
+	if (config != NULL)
+		{
 		NCONF_free(config);
 		config=NULL;
 		}
-    if (prog != NULL)
-        lh_FUNCTION_free(prog);
-    if (arg.data != NULL)
-        OPENSSL_free(arg.data);
+	if (prog != NULL) lh_FUNCTION_free(prog);
+	if (arg.data != NULL) OPENSSL_free(arg.data);

+
+	if (bio_err != NULL)
+		{
+		BIO_free(bio_err);
+		bio_err=NULL;
+		}
 #if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
 	/* Free any duplicate Argv[] storage. */
-    if (free_Argv) {
+	if (free_Argv)
+		{
 		OPENSSL_free(Argv);
 		}
 #endif
 	apps_shutdown();
 	CRYPTO_mem_leaks(bio_err);
-    if (bio_err != NULL) {
-        BIO_free(bio_err);
-        bio_err = NULL;
-    }

 	OPENSSL_EXIT(ret);
 	}
@ -451,31 +461,37 @@ int main(int Argc, char *ARGV[])
 #define LIST_CIPHER_ALGORITHMS "list-cipher-algorithms"
 #define LIST_PUBLIC_KEY_ALGORITHMS "list-public-key-algorithms"

+
 static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
 	{
 	FUNCTION f,*fp;
 	int i,ret=1,tp,nl;

-    if ((argc <= 0) || (argv[0] == NULL)) {
-        ret = 0;
-        goto end;
-    }
+	if ((argc <= 0) || (argv[0] == NULL))
+		{ ret=0; goto end; }
 	f.name=argv[0];
 	fp=lh_FUNCTION_retrieve(prog,&f);
-    if (fp == NULL) {
-        if (EVP_get_digestbyname(argv[0])) {
+	if (fp == NULL)
+		{
+		if (EVP_get_digestbyname(argv[0]))
+			{
 			f.type = FUNC_TYPE_MD;
 			f.func = dgst_main;
 			fp = &f;
-        } else if (EVP_get_cipherbyname(argv[0])) {
+			}
+		else if (EVP_get_cipherbyname(argv[0]))
+			{
 			f.type = FUNC_TYPE_CIPHER;
 			f.func = enc_main;
 			fp = &f;
 			}
 		}
-    if (fp != NULL) {
+	if (fp != NULL)
+		{
 		ret=fp->func(argc,argv);
-    } else if ((strncmp(argv[0], "no-", 3)) == 0) {
+		}
+	else if ((strncmp(argv[0],"no-",3)) == 0)
+		{
 		BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -491,18 +507,22 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
 			BIO_printf(bio_stdout, "%s\n", argv[0]+3);
 		BIO_free_all(bio_stdout);
 		goto end;
-    } else if ((strcmp(argv[0], "quit") == 0) ||
+		}
+	else if ((strcmp(argv[0],"quit") == 0) ||
 		(strcmp(argv[0],"q") == 0) ||
 		(strcmp(argv[0],"exit") == 0) ||
-               (strcmp(argv[0], "bye") == 0)) {
+		(strcmp(argv[0],"bye") == 0))
+		{
 		ret= -1;
 		goto end;
-    } else if ((strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0) ||
+		}
+	else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
 		(strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
 		(strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) ||
 		(strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0) ||
 		(strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) ||
-               (strcmp(argv[0], LIST_PUBLIC_KEY_ALGORITHMS) == 0)) {
+		(strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0))
+		{
 		int list_type;
 		BIO *bio_stdout;

@ -535,21 +555,26 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
 			list_md(bio_stdout);	
 		if (list_type == FUNC_TYPE_CIPHER_ALG)
 			list_cipher(bio_stdout);	
-        else {
+		else
+			{
 			for (fp=functions; fp->name != NULL; fp++)
 				if (fp->type == list_type)
-                    BIO_printf(bio_stdout, "%s\n", fp->name);
+					BIO_printf(bio_stdout, "%s\n",
+								fp->name);
 			}
 		BIO_free_all(bio_stdout);
 		ret=0;
 		goto end;
-    } else {
+		}
+	else
+		{
 		BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
 			argv[0]);
 		BIO_printf(bio_err, "\nStandard commands");
 		i=0;
 		tp=0;
-        for (fp = functions; fp->name != NULL; fp++) {
+		for (fp=functions; fp->name != NULL; fp++)
+			{
 			nl=0;
 #ifdef OPENSSL_NO_CAMELLIA
 			if (((i++) % 5) == 0)
@ -560,18 +585,20 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
 				BIO_printf(bio_err,"\n");
 				nl=1;
 				}
-            if (fp->type != tp) {
+			if (fp->type != tp)
+				{
 				tp=fp->type;
-                if (!nl)
-                    BIO_printf(bio_err, "\n");
-                if (tp == FUNC_TYPE_MD) {
+				if (!nl) BIO_printf(bio_err,"\n");
+				if (tp == FUNC_TYPE_MD)
+					{
 					i=1;
 					BIO_printf(bio_err,
 						"\nMessage Digest commands (see the `dgst' command for more details)\n");
-                } else if (tp == FUNC_TYPE_CIPHER) {
+					}
+				else if (tp == FUNC_TYPE_CIPHER)
+					{
 					i=1;
-                    BIO_printf(bio_err,
-                               "\nCipher commands (see the `enc' command for more details)\n");
+					BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
 					}
 				}
 #ifdef OPENSSL_NO_CAMELLIA
@ -600,18 +627,23 @@ static int SortFnByName(const void *_f1, const void *_f2)
 static void list_pkey(BIO *out)
 	{
 	int i;
-    for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+	for (i = 0; i < EVP_PKEY_asn1_get_count(); i++)
+		{
 		const EVP_PKEY_ASN1_METHOD *ameth;
 		int pkey_id, pkey_base_id, pkey_flags;
 		const char *pinfo, *pem_str;
 		ameth = EVP_PKEY_asn1_get0(i);
 		EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
 						&pinfo, &pem_str, ameth);
-        if (pkey_flags & ASN1_PKEY_ALIAS) {
-            BIO_printf(out, "Name: %s\n", OBJ_nid2ln(pkey_id));
+		if (pkey_flags & ASN1_PKEY_ALIAS)
+			{
+			BIO_printf(out, "Name: %s\n", 
+					OBJ_nid2ln(pkey_id));
 			BIO_printf(out, "\tType: Alias to %s\n",
 					OBJ_nid2ln(pkey_base_id));
-        } else {
+			}
+		else
+			{
 			BIO_printf(out, "Name: %s\n", pinfo);
 			BIO_printf(out, "\tType: %s Algorithm\n", 
 				pkey_flags & ASN1_PKEY_DYNAMIC ?
@ -630,7 +662,8 @@ static void list_cipher_fn(const EVP_CIPHER *c,
 	{
 	if (c)
 		BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
-    else {
+	else
+		{
 		if (!from)
 			from = "<undefined>";
 		if (!to)
@ -649,7 +682,8 @@ static void list_md_fn(const EVP_MD *m,
 	{
 	if (m)
 		BIO_printf(arg, "%s\n", EVP_MD_name(m));
-    else {
+	else
+		{
 		if (!from)
 			from = "<undefined>";
 		if (!to)
@ -667,14 +701,12 @@ static int MS_CALLBACK function_cmp(const FUNCTION * a, const FUNCTION * b)
 	{
 	return strncmp(a->name,b->name,8);
 	}
-
 static IMPLEMENT_LHASH_COMP_FN(function, FUNCTION)

 static unsigned long MS_CALLBACK function_hash(const FUNCTION *a)
 	{
 	return lh_strhash(a->name);
 	}	
-
 static IMPLEMENT_LHASH_HASH_FN(function, FUNCTION)

 static LHASH_OF(FUNCTION) *prog_init(void)
@ -684,7 +716,8 @@ static LHASH_OF(FUNCTION) *prog_init(void)
 	size_t i;

 	/* Purely so it looks nice when the user hits ? */
-    for (i = 0, f = functions; f->name != NULL; ++f, ++i) ;
+	for(i=0,f=functions ; f->name != NULL ; ++f,++i)
+	    ;
 	qsort(functions,i,sizeof *functions,SortFnByName);

 	if ((ret=lh_FUNCTION_new()) == NULL)
@ -694,3 +727,4 @@ static LHASH_OF(FUNCTION) *prog_init(void)
 		(void)lh_FUNCTION_insert(ret,f);
 	return(ret);
 	}
+
--- a/apps/passwd.c
+++ b/apps/passwd.c
@ -22,9 +22,11 @@
 # include <openssl/md5.h>
 #endif

+
 #undef PROG
 #define PROG passwd_main

+
 static unsigned const char cov_2char[64]={
 	/* from crypto/des/fcrypt.c */
 	0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
@ -38,12 +40,10 @@ static unsigned const char cov_2char[64] = {
 };

 static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
-                     char *passwd, BIO *out, int quiet, int table,
-                     int reverse, size_t pw_maxlen, int usecrypt, int use1,
-                     int useapr1);
+	char *passwd, BIO *out, int quiet, int table, int reverse,
+	size_t pw_maxlen, int usecrypt, int use1, int useapr1);

-/*-
- * -crypt        - standard Unix password algorithm (default)
+/* -crypt        - standard Unix password algorithm (default)
 * -1            - MD5-based password algorithm
 * -apr1         - MD5-based password algorithm, Apache variant
 * -salt string  - salt
@ -94,32 +94,45 @@ int MAIN(int argc, char **argv)

 	badopt = 0, opt_done = 0;
 	i = 0;
-    while (!badopt && !opt_done && argv[++i] != NULL) {
+	while (!badopt && !opt_done && argv[++i] != NULL)
+		{
 		if (strcmp(argv[i], "-crypt") == 0)
 			usecrypt = 1;
 		else if (strcmp(argv[i], "-1") == 0)
 			use1 = 1;
 		else if (strcmp(argv[i], "-apr1") == 0)
 			useapr1 = 1;
-        else if (strcmp(argv[i], "-salt") == 0) {
-            if ((argv[i + 1] != NULL) && (salt == NULL)) {
+		else if (strcmp(argv[i], "-salt") == 0)
+			{
+			if ((argv[i+1] != NULL) && (salt == NULL))
+				{
 				passed_salt = 1;
 				salt = argv[++i];
-            } else
+				}
+			else
 				badopt = 1;
-        } else if (strcmp(argv[i], "-in") == 0) {
-            if ((argv[i + 1] != NULL) && !pw_source_defined) {
+			}
+		else if (strcmp(argv[i], "-in") == 0)
+			{
+			if ((argv[i+1] != NULL) && !pw_source_defined)
+				{
 				pw_source_defined = 1;
 				infile = argv[++i];
-            } else
+				}
+			else
 				badopt = 1;
-        } else if (strcmp(argv[i], "-stdin") == 0) {
-            if (!pw_source_defined) {
+			}
+		else if (strcmp(argv[i], "-stdin") == 0)
+			{
+			if (!pw_source_defined)
+				{
 				pw_source_defined = 1;
 				in_stdin = 1;
-            } else
+				}
+			else
 				badopt = 1;
-        } else if (strcmp(argv[i], "-noverify") == 0)
+			}
+		else if (strcmp(argv[i], "-noverify") == 0)
 			in_noverify = 1;
 		else if (strcmp(argv[i], "-quiet") == 0)
 			quiet = 1;
@ -135,7 +148,8 @@ int MAIN(int argc, char **argv)
 			pw_source_defined = 1;
 			passwds = &argv[i];
 			opt_done = 1;
-        } else
+			}
+		else
 			badopt = 1;
 		}

@ -146,32 +160,27 @@ int MAIN(int argc, char **argv)

 	/* reject unsupported algorithms */
 #ifdef OPENSSL_NO_DES
-    if (usecrypt)
-        badopt = 1;
+	if (usecrypt) badopt = 1;
 #endif
 #ifdef NO_MD5CRYPT_1
-    if (use1 || useapr1)
-        badopt = 1;
+	if (use1 || useapr1) badopt = 1;
 #endif

-    if (badopt) {
+	if (badopt) 
+		{
 		BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
 		BIO_printf(bio_err, "where options are\n");
 #ifndef OPENSSL_NO_DES
-        BIO_printf(bio_err,
-                   "-crypt             standard Unix password algorithm (default)\n");
+		BIO_printf(bio_err, "-crypt             standard Unix password algorithm (default)\n");
 #endif
 #ifndef NO_MD5CRYPT_1
-        BIO_printf(bio_err,
-                   "-1                 MD5-based password algorithm\n");
-        BIO_printf(bio_err,
-                   "-apr1              MD5-based password algorithm, Apache variant\n");
+		BIO_printf(bio_err, "-1                 MD5-based password algorithm\n");
+		BIO_printf(bio_err, "-apr1              MD5-based password algorithm, Apache variant\n");
 #endif
 		BIO_printf(bio_err, "-salt string       use provided salt\n");
 		BIO_printf(bio_err, "-in file           read passwords from file\n");
 		BIO_printf(bio_err, "-stdin             read passwords from stdin\n");
-        BIO_printf(bio_err,
-                   "-noverify          never verify when reading password from terminal\n");
+		BIO_printf(bio_err, "-noverify          never verify when reading password from terminal\n");
 		BIO_printf(bio_err, "-quiet             no warnings\n");
 		BIO_printf(bio_err, "-table             format output as table\n");
 		BIO_printf(bio_err, "-reverse           switch table columns\n");
@ -179,15 +188,19 @@ int MAIN(int argc, char **argv)
 		goto err;
 		}

-    if ((infile != NULL) || in_stdin) {
+	if ((infile != NULL) || in_stdin)
+		{
 		in = BIO_new(BIO_s_file());
 		if (in == NULL)
 			goto err;
-        if (infile != NULL) {
+		if (infile != NULL)
+			{
 			assert(in_stdin == 0);
 			if (BIO_read_filename(in, infile) <= 0)
 				goto err;
-        } else {
+			}
+		else
+			{
 			assert(in_stdin);
 			BIO_set_fp(in, stdin, BIO_NOCLOSE);
 			}
@ -196,59 +209,61 @@ int MAIN(int argc, char **argv)
 	if (usecrypt)
 		pw_maxlen = 8;
 	else if (use1 || useapr1)
-        pw_maxlen = 256;        /* arbitrary limit, should be enough for most
-                                 * passwords */
+		pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */

-    if (passwds == NULL) {
+	if (passwds == NULL)
+		{
 		/* no passwords on the command line */

 		passwd_malloc_size = pw_maxlen + 2;
-        /*
-         * longer than necessary so that we can warn about truncation
-         */
+		/* longer than necessary so that we can warn about truncation */
 		passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
 		if (passwd_malloc == NULL)
 			goto err;
 		}

-    if ((in == NULL) && (passwds == NULL)) {
+	if ((in == NULL) && (passwds == NULL))
+		{
 		/* build a null-terminated list */
 		static char *passwds_static[2] = {NULL, NULL};
 		
 		passwds = passwds_static;
 		if (in == NULL)
-            if (EVP_read_pw_string
-                (passwd_malloc, passwd_malloc_size, "Password: ",
-                 !(passed_salt || in_noverify)) != 0)
+			if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
 				goto err;
 		passwds[0] = passwd_malloc;
 		}

-    if (in == NULL) {
+	if (in == NULL)
+		{
 		assert(passwds != NULL);
 		assert(*passwds != NULL);
 		
-        do {                    /* loop over list of passwords */
+		do /* loop over list of passwords */
+			{
 			passwd = *passwds++;
 			if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
-                           quiet, table, reverse, pw_maxlen, usecrypt, use1,
-                           useapr1))
+				quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
 				goto err;
 			}
 		while (*passwds != NULL);
-    } else
+		}
+	else
 		/* in != NULL */
 		{
 		int done;

 		assert (passwd != NULL);
-        do {
+		do
+			{
 			int r = BIO_gets(in, passwd, pw_maxlen + 1);
-            if (r > 0) {
+			if (r > 0)
+				{
 				char *c = (strchr(passwd, '\n')) ;
 				if (c != NULL)
 					*c = 0; /* truncate at newline */
-                else {
+				else
+					{
 					/* ignore rest of line */
 					char trash[BUFSIZ];
 					do
@ -257,8 +272,7 @@ int MAIN(int argc, char **argv)
 					}
 				
 				if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
-                               quiet, table, reverse, pw_maxlen, usecrypt,
-                               use1, useapr1))
+					quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
 					goto err;
 				}
 			done = (r <= 0);
@ -281,20 +295,21 @@ int MAIN(int argc, char **argv)
 	OPENSSL_EXIT(ret);
 	}

+
 #ifndef NO_MD5CRYPT_1
-/*
- * MD5-based password algorithm (should probably be available as a library
- * function; then the static buffer would not be acceptable). For magic
- * string "1", this should be compatible to the MD5-based BSD password
- * algorithm. For 'magic' string "apr1", this is compatible to the MD5-based
- * Apache password algorithm. (Apparently, the Apache password algorithm is
- * identical except that the 'magic' string was changed -- the laziest
- * application of the NIH principle I've ever encountered.)
+/* MD5-based password algorithm (should probably be available as a library
+ * function; then the static buffer would not be acceptable).
+ * For magic string "1", this should be compatible to the MD5-based BSD
+ * password algorithm.
+ * For 'magic' string "apr1", this is compatible to the MD5-based Apache
+ * password algorithm.
+ * (Apparently, the Apache password algorithm is identical except that the
+ * 'magic' string was changed -- the laziest application of the NIH principle
+ * I've ever encountered.)
 */
 static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	{
-    /* "$apr1$..salt..$.......md5hash..........\0" */
-    static char out_buf[6 + 9 + 24 + 2];
+	static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
 	unsigned char buf[MD5_DIGEST_LENGTH];
 	char *salt_out;
 	int n;
@ -334,13 +349,15 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	EVP_DigestUpdate(&md, buf, i);
 	
 	n = passwd_len;
-    while (n) {
+	while (n)
+		{
 		EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
 		n >>= 1;
 		}
 	EVP_DigestFinal_ex(&md, buf, NULL);

-    for (i = 0; i < 1000; i++) {
+	for (i = 0; i < 1000; i++)
+		{
 		EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
 		EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf,
 		                       (i & 1) ? passwd_len : sizeof buf);
@ -362,13 +379,11 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 		char *output;

 		/* silly output permutation */
-        for (dest = 0, source = 0; dest < 14;
-             dest++, source = (source + 6) % 17)
+		for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17)
 			buf_perm[dest] = buf[source];
 		buf_perm[14] = buf[5];
 		buf_perm[15] = buf[11];
-#  ifndef PEDANTIC              /* Unfortunately, this generates a "no
-                                 * effect" warning */
+#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */
 		assert(16 == sizeof buf_perm);
 #endif
 		
@ -377,7 +392,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 		
 		*output++ = '$';

-        for (i = 0; i < 15; i += 3) {
+		for (i = 0; i < 15; i += 3)
+			{
 			*output++ = cov_2char[buf_perm[i+2] & 0x3f];
 			*output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) |
 				                  (buf_perm[i+2] >> 6)];
@ -397,10 +413,10 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	}
 #endif

+
 static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
-                     char *passwd, BIO *out, int quiet, int table,
-                     int reverse, size_t pw_maxlen, int usecrypt, int use1,
-                     int useapr1)
+	char *passwd, BIO *out,	int quiet, int table, int reverse,
+	size_t pw_maxlen, int usecrypt, int use1, int useapr1)
 	{
 	char *hash = NULL;

@ -408,10 +424,13 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	assert(salt_malloc_p != NULL);

 	/* first make sure we have a salt */
-    if (!passed_salt) {
+	if (!passed_salt)
+		{
 #ifndef OPENSSL_NO_DES
-        if (usecrypt) {
-            if (*salt_malloc_p == NULL) {
+		if (usecrypt)
+			{
+			if (*salt_malloc_p == NULL)
+				{
 				*salt_p = *salt_malloc_p = OPENSSL_malloc(3);
 				if (*salt_malloc_p == NULL)
 					goto err;
@ -422,17 +441,19 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 			(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
 			(*salt_p)[2] = 0;
 #ifdef CHARSET_EBCDIC
-            ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert back
-                                                * to ASCII */
+			ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert
+			                                    * back to ASCII */
 #endif
 			}
 #endif /* !OPENSSL_NO_DES */

 #ifndef NO_MD5CRYPT_1
-        if (use1 || useapr1) {
+		if (use1 || useapr1)
+			{
 			int i;
 			
-            if (*salt_malloc_p == NULL) {
+			if (*salt_malloc_p == NULL)
+				{
 				*salt_p = *salt_malloc_p = OPENSSL_malloc(9);
 				if (*salt_malloc_p == NULL)
 					goto err;
@ -450,14 +471,11 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	assert(*salt_p != NULL);
 	
 	/* truncate password if necessary */
-    if ((strlen(passwd) > pw_maxlen)) {
+	if ((strlen(passwd) > pw_maxlen))
+		{
 		if (!quiet)
-            /*
-             * XXX: really we should know how to print a size_t, not cast it
-             */
-            BIO_printf(bio_err,
-                       "Warning: truncating password to %u characters\n",
-                       (unsigned)pw_maxlen);
+			/* XXX: really we should know how to print a size_t, not cast it */
+			BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen);
 		passwd[pw_maxlen] = 0;
 		}
 	assert(strlen(passwd) <= pw_maxlen);
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@ -1,6 +1,5 @@
 /* pkcs12.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
 /* ====================================================================
@ -73,23 +72,19 @@

 const EVP_CIPHER *enc;

+
 #define NOKEYS		0x1
 #define NOCERTS 	0x2
 #define INFO		0x4
 #define CLCERTS		0x8
 #define CACERTS		0x10

-static int get_cert_chain(X509 *cert, X509_STORE *store,
-                          STACK_OF(X509) **chain);
-int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
-                        int options, char *pempass);
-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
-                          char *pass, int passlen, int options,
-                          char *pempass);
-int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass,
+int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
+int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
+int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
 			  int passlen, int options, char *pempass);
-int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
-                  const char *name);
+int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
+int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
 int alg_print(BIO *x, X509_ALGOR *alg);
 int cert_load(BIO *in, STACK_OF(X509) *sk);
@ -135,13 +130,6 @@ int MAIN(int argc, char **argv)

    apps_startup();

-    enc = EVP_des_ede3_cbc();
-    if (bio_err == NULL)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
-    if (!load_config(bio_err, NULL))
-        goto end;
-
 #ifdef OPENSSL_FIPS
    if (FIPS_mode())
 	cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
@ -149,66 +137,50 @@ int MAIN(int argc, char **argv)
 #endif
    cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;

+    enc = EVP_des_ede3_cbc();
+    if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+
    args = argv + 1;

+
    while (*args) {
 	if (*args[0] == '-') {
-            if (!strcmp(*args, "-nokeys"))
-                options |= NOKEYS;
-            else if (!strcmp(*args, "-keyex"))
-                keytype = KEY_EX;
-            else if (!strcmp(*args, "-keysig"))
-                keytype = KEY_SIG;
-            else if (!strcmp(*args, "-nocerts"))
-                options |= NOCERTS;
-            else if (!strcmp(*args, "-clcerts"))
-                options |= CLCERTS;
-            else if (!strcmp(*args, "-cacerts"))
-                options |= CACERTS;
-            else if (!strcmp(*args, "-noout"))
-                options |= (NOKEYS | NOCERTS);
-            else if (!strcmp(*args, "-info"))
-                options |= INFO;
-            else if (!strcmp(*args, "-chain"))
-                chain = 1;
-            else if (!strcmp(*args, "-twopass"))
-                twopass = 1;
-            else if (!strcmp(*args, "-nomacver"))
-                macver = 0;
+		if (!strcmp (*args, "-nokeys")) options |= NOKEYS;
+		else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;
+		else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;
+		else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;
+		else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;
+		else if (!strcmp (*args, "-cacerts")) options |= CACERTS;
+		else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);
+		else if (!strcmp (*args, "-info")) options |= INFO;
+		else if (!strcmp (*args, "-chain")) chain = 1;
+		else if (!strcmp (*args, "-twopass")) twopass = 1;
+		else if (!strcmp (*args, "-nomacver")) macver = 0;
 		else if (!strcmp (*args, "-descert"))
    			cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-            else if (!strcmp(*args, "-export"))
-                export_cert = 1;
-            else if (!strcmp(*args, "-des"))
-                enc = EVP_des_cbc();
-            else if (!strcmp(*args, "-des3"))
-                enc = EVP_des_ede3_cbc();
+		else if (!strcmp (*args, "-export")) export_cert = 1;
+		else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
+		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
 #ifndef OPENSSL_NO_IDEA
-            else if (!strcmp(*args, "-idea"))
-                enc = EVP_idea_cbc();
+		else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
 #endif
 #ifndef OPENSSL_NO_SEED
-            else if (!strcmp(*args, "-seed"))
-                enc = EVP_seed_cbc();
+		else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc();
 #endif
 #ifndef OPENSSL_NO_AES
-            else if (!strcmp(*args, "-aes128"))
-                enc = EVP_aes_128_cbc();
-            else if (!strcmp(*args, "-aes192"))
-                enc = EVP_aes_192_cbc();
-            else if (!strcmp(*args, "-aes256"))
-                enc = EVP_aes_256_cbc();
+		else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
+		else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
+		else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
-            else if (!strcmp(*args, "-camellia128"))
-                enc = EVP_camellia_128_cbc();
-            else if (!strcmp(*args, "-camellia192"))
-                enc = EVP_camellia_192_cbc();
-            else if (!strcmp(*args, "-camellia256"))
-                enc = EVP_camellia_256_cbc();
+		else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc();
+		else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc();
+		else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc();
 #endif
-            else if (!strcmp(*args, "-noiter"))
-                iter = 1;
+		else if (!strcmp (*args, "-noiter")) iter = 1;
 		else if (!strcmp (*args, "-maciter"))
 					 maciter = PKCS12_DEFAULT_ITER;
 		else if (!strcmp (*args, "-nomaciter"))
@ -219,10 +191,8 @@ int MAIN(int argc, char **argv)
 		    if (args[1]) {
 			args++;	
 			macalg = *args;
-                } else
-                    badarg = 1;
-            else if (!strcmp(*args, "-nodes"))
-                enc = NULL;
+		    } else badarg = 1;
+		else if (!strcmp (*args, "-nodes")) enc=NULL;
 		else if (!strcmp (*args, "-certpbe")) {
 			if (!set_pbe(bio_err, &cert_pbe, *++args))
 				badarg = 1;
@ -233,98 +203,81 @@ int MAIN(int argc, char **argv)
 		    if (args[1]) {
 			args++;	
 			inrand = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-inkey")) {
 		    if (args[1]) {
 			args++;	
 			keyname = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-certfile")) {
 		    if (args[1]) {
 			args++;	
 			certfile = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-name")) {
 		    if (args[1]) {
 			args++;	
 			name = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-LMK"))
 			add_lmk = 1;
 		else if (!strcmp (*args, "-CSP")) {
 		    if (args[1]) {
 			args++;	
 			csp_name = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-caname")) {
 		    if (args[1]) {
 			args++;	
-                    if (!canames)
-                        canames = sk_OPENSSL_STRING_new_null();
+			if (!canames) canames = sk_OPENSSL_STRING_new_null();
 			sk_OPENSSL_STRING_push(canames, *args);
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-in")) {
 		    if (args[1]) {
 			args++;	
 			infile = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-out")) {
 		    if (args[1]) {
 			args++;	
 			outfile = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp(*args,"-passin")) {
 		    if (args[1]) {
 			args++;	
 			passargin = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp(*args,"-passout")) {
 		    if (args[1]) {
 			args++;	
 			passargout = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-password")) {
 		    if (args[1]) {
 			args++;	
 			passarg = *args;
 		    	noprompt = 1;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp(*args,"-CApath")) {
 		    if (args[1]) {
 			args++;	
 			CApath = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp(*args,"-CAfile")) {
 		    if (args[1]) {
 			args++;	
 			CAfile = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 #ifndef OPENSSL_NO_ENGINE
 		} else if (!strcmp(*args,"-engine")) {
 		    if (args[1]) {
 			args++;	
 			engine = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 #endif
-            } else
-                badarg = 1;
+		} else badarg = 1;

-        } else
-            badarg = 1;
+	} else badarg = 1;
 	args++;
    }

@ -338,23 +291,18 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-CApath arg   - PEM format directory of CA's\n");
 	BIO_printf (bio_err, "-CAfile arg   - PEM format file of CA's\n");
 	BIO_printf (bio_err, "-name \"name\"  use name as friendly name\n");
-        BIO_printf(bio_err,
-                   "-caname \"nm\"  use nm as CA friendly name (can be used more than once).\n");
+	BIO_printf (bio_err, "-caname \"nm\"  use nm as CA friendly name (can be used more than once).\n");
 	BIO_printf (bio_err, "-in  infile   input filename\n");
 	BIO_printf (bio_err, "-out outfile  output filename\n");
-        BIO_printf(bio_err,
-                   "-noout        don't output anything, just verify.\n");
+	BIO_printf (bio_err, "-noout        don't output anything, just verify.\n");
 	BIO_printf (bio_err, "-nomacver     don't verify MAC.\n");
 	BIO_printf (bio_err, "-nocerts      don't output certificates.\n");
-        BIO_printf(bio_err,
-                   "-clcerts      only output client certificates.\n");
+	BIO_printf (bio_err, "-clcerts      only output client certificates.\n");
 	BIO_printf (bio_err, "-cacerts      only output CA certificates.\n");
 	BIO_printf (bio_err, "-nokeys       don't output private keys.\n");
-        BIO_printf(bio_err,
-                   "-info         give info about PKCS#12 structure.\n");
+	BIO_printf (bio_err, "-info         give info about PKCS#12 structure.\n");
 	BIO_printf (bio_err, "-des          encrypt private keys with DES\n");
-        BIO_printf(bio_err,
-                   "-des3         encrypt private keys with triple DES (default)\n");
+	BIO_printf (bio_err, "-des3         encrypt private keys with triple DES (default)\n");
 #ifndef OPENSSL_NO_IDEA
 	BIO_printf (bio_err, "-idea         encrypt private keys with idea\n");
 #endif
@ -363,58 +311,45 @@ int MAIN(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_AES
 	BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
-        BIO_printf(bio_err,
-                   "              encrypt PEM output with cbc aes\n");
+	BIO_printf (bio_err, "              encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
-        BIO_printf(bio_err,
-                   "              encrypt PEM output with cbc camellia\n");
+	BIO_printf (bio_err, "              encrypt PEM output with cbc camellia\n");
 #endif
 	BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
 	BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");
 	BIO_printf (bio_err, "-nomaciter    don't use MAC iteration\n");
 	BIO_printf (bio_err, "-maciter      use MAC iteration\n");
 	BIO_printf (bio_err, "-nomac        don't generate MAC\n");
-        BIO_printf(bio_err,
-                   "-twopass      separate MAC, encryption passwords\n");
-        BIO_printf(bio_err,
-                   "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
-        BIO_printf(bio_err,
-                   "-certpbe alg  specify certificate PBE algorithm (default RC2-40)\n");
-        BIO_printf(bio_err,
-                   "-keypbe alg   specify private key PBE algorithm (default 3DES)\n");
-        BIO_printf(bio_err,
-                   "-macalg alg   digest algorithm used in MAC (default SHA1)\n");
+	BIO_printf (bio_err, "-twopass      separate MAC, encryption passwords\n");
+	BIO_printf (bio_err, "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
+	BIO_printf (bio_err, "-certpbe alg  specify certificate PBE algorithm (default RC2-40)\n");
+	BIO_printf (bio_err, "-keypbe alg   specify private key PBE algorithm (default 3DES)\n");
+	BIO_printf (bio_err, "-macalg alg   digest algorithm used in MAC (default SHA1)\n");
 	BIO_printf (bio_err, "-keyex        set MS key exchange type\n");
 	BIO_printf (bio_err, "-keysig       set MS key signature type\n");
-        BIO_printf(bio_err,
-                   "-password p   set import/export password source\n");
+	BIO_printf (bio_err, "-password p   set import/export password source\n");
 	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   "-engine e     use engine e, possibly a hardware device.\n");
+	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
 #endif
-        BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-                   LIST_SEPARATOR_CHAR);
-        BIO_printf(bio_err,
-                   "              load the file (or the files in the directory) into\n");
+	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
 	BIO_printf(bio_err,  "-CSP name     Microsoft CSP name\n");
-        BIO_printf(bio_err,
-                   "-LMK          Add local machine keyset attribute to private key\n");
+	BIO_printf(bio_err,  "-LMK          Add local machine keyset attribute to private key\n");
    	goto end;
    }
+
 #ifndef OPENSSL_NO_ENGINE
    e = setup_engine(bio_err, engine, 0);
 #endif

    if(passarg) {
-        if (export_cert)
-            passargout = passarg;
-        else
-            passargin = passarg;
+	if(export_cert) passargout = passarg;
+	else passargin = passarg;
    }

    if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
@ -423,10 +358,8 @@ int MAIN(int argc, char **argv)
    }

    if(!cpass) {
-        if (export_cert)
-            cpass = passout;
-        else
-            cpass = passin;
+    	if(export_cert) cpass = passout;
+    	else cpass = passin;
    }

    if(cpass) {
@ -449,16 +382,15 @@ int MAIN(int argc, char **argv)
    CRYPTO_push_info("read files");
 #endif

-    if (!infile)
-        in = BIO_new_fp(stdin, BIO_NOCLOSE);
-    else
-        in = BIO_new_file(infile, "rb");
+    if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);
+    else in = BIO_new_file(infile, "rb");
    if (!in) {
 	    BIO_printf(bio_err, "Error opening input file %s\n",
 						infile ? infile : "<stdin>");
 	    perror (infile);
 	    goto end;
   }
+
 #ifdef CRYPTO_MDEBUG
    CRYPTO_pop_info();
    CRYPTO_push_info("write files");
@ -472,8 +404,7 @@ int MAIN(int argc, char **argv)
 	    out = BIO_push(tmpbio, out);
 	}
 #endif
-    } else
-        out = BIO_new_file(outfile, "wb");
+    } else out = BIO_new_file(outfile, "wb");
    if (!out) {
 	BIO_printf(bio_err, "Error opening output file %s\n",
 						outfile ? outfile : "<stdout>");
@ -484,8 +415,8 @@ int MAIN(int argc, char **argv)
 #ifdef CRYPTO_MDEBUG
    CRYPTO_push_info("read MAC password");
 #endif
-        if (EVP_read_pw_string
-            (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
+	if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
+	{
    	    BIO_printf (bio_err, "Can't read Password\n");
    	    goto end;
       	}
@ -502,7 +433,8 @@ int MAIN(int argc, char **argv)
 	unsigned char *catmp = NULL;
 	int i;

-        if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
+	if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS))
+		{	
 		BIO_printf(bio_err, "Nothing to do!\n");
 		goto export_end;
 		}
@ -514,29 +446,35 @@ int MAIN(int argc, char **argv)
 	CRYPTO_push_info("process -export_cert");
 	CRYPTO_push_info("reading private key");
 #endif
-        if (!(options & NOKEYS)) {
+	if (!(options & NOKEYS))
+		{
 		key = load_key(bio_err, keyname ? keyname : infile,
 				FORMAT_PEM, 1, passin, e, "private key");
 		if (!key)
 			goto export_end;
 		}
+
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
 	CRYPTO_push_info("reading certs from input");
 #endif

 	/* Load in all certs in input file */
-        if (!(options & NOCERTS)) {
+	if(!(options & NOCERTS))
+		{
 		certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
 							"certificates");
 		if (!certs)
 			goto export_end;

-            if (key) {
+		if (key)
+			{
 			/* Look for matching private key */
-                for (i = 0; i < sk_X509_num(certs); i++) {
+			for(i = 0; i < sk_X509_num(certs); i++)
+				{
 				x = sk_X509_value(certs, i);
-                    if (X509_check_private_key(x, key)) {
+				if(X509_check_private_key(x, key))
+					{
 					ucert = x;
 					/* Zero keyid and alias */
 					X509_keyid_set1(ucert, NULL, 0);
@ -546,21 +484,23 @@ int MAIN(int argc, char **argv)
 					break;
 					}
 				}
-                if (!ucert) {
-                    BIO_printf(bio_err,
-                               "No certificate matches private key\n");
+			if (!ucert)
+				{
+				BIO_printf(bio_err, "No certificate matches private key\n");
 				goto export_end;
 				}
 			}

 		}
+
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
 	CRYPTO_push_info("reading certs from input 2");
 #endif

 	/* Add any more certificates asked for */
-        if (certfile) {
+	if(certfile)
+		{
 		STACK_OF(X509) *morecerts=NULL;
 		if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
 					    NULL, e,
@ -570,6 +510,7 @@ int MAIN(int argc, char **argv)
 			sk_X509_push(certs, sk_X509_shift(morecerts));
 		sk_X509_free(morecerts);
 		}
+
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
 	CRYPTO_push_info("reading certs from certfile");
@ -585,7 +526,8 @@ int MAIN(int argc, char **argv)
        	int vret;
 		STACK_OF(X509) *chain2;
 		X509_STORE *store = X509_STORE_new();
-            if (!store) {
+		if (!store)
+			{
 			BIO_printf (bio_err, "Memory allocation error\n");
 			goto export_end;
 			}
@ -595,7 +537,7 @@ int MAIN(int argc, char **argv)
 		vret = get_cert_chain (ucert, store, &chain2);
 		X509_STORE_free(store);

-            if (vret == X509_V_OK) {
+		if (!vret) {
 		    /* Exclude verified certificate */
 		    for (i = 1; i < sk_X509_num (chain2) ; i++) 
 			sk_X509_push(certs, sk_X509_value (chain2, i));
@ -603,7 +545,7 @@ int MAIN(int argc, char **argv)
 		    X509_free(sk_X509_value(chain2, 0));
 		    sk_X509_free(chain2);
 		} else {
-                if (vret != X509_V_ERR_UNSPECIFIED)
+			if (vret >= 0)
 				BIO_printf (bio_err, "Error %s getting chain.\n",
 					X509_verify_cert_error_string(vret));
 			else
@ -614,15 +556,15 @@ int MAIN(int argc, char **argv)

 	/* Add any CA names */

-        for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) {
+	for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++)
+		{
 		catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
 		X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
 		}

 	if (csp_name && key)
 		EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
-                                      MBSTRING_ASC, (unsigned char *)csp_name,
-                                      -1);
+				MBSTRING_ASC, (unsigned char *)csp_name, -1);

 	if (add_lmk && key)
 		EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
@ -633,13 +575,12 @@ int MAIN(int argc, char **argv)
 #endif

 	if(!noprompt &&
-            EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
-                               1)) {
+		EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1))
+		{
 	    	BIO_printf (bio_err, "Can't read Password\n");
 	    	goto export_end;
        	}
-        if (!twopass)
-            BUF_strlcpy(macpass, pass, sizeof macpass);
+	if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);

 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
@ -649,15 +590,19 @@ int MAIN(int argc, char **argv)
 	p12 = PKCS12_create(cpass, name, key, ucert, certs,
 				key_pbe, cert_pbe, iter, -1, keytype);

-        if (!p12) {
+	if (!p12)
+		{
 	    	ERR_print_errors (bio_err);
 		goto export_end;
 		}

-        if (macalg) {
+	if (macalg)
+		{
 		macmd = EVP_get_digestbyname(macalg);
-            if (!macmd) {
-                BIO_printf(bio_err, "Unknown digest algorithm %s\n", macalg);
+		if (!macmd)
+			{
+			BIO_printf(bio_err, "Unknown digest algorithm %s\n", 
+						macalg);
 			}
 		}

@ -680,12 +625,9 @@ int MAIN(int argc, char **argv)
 	CRYPTO_push_info("process -export_cert: freeing");
 #endif

-        if (key)
-            EVP_PKEY_free(key);
-        if (certs)
-            sk_X509_pop_free(certs, X509_free);
-        if (ucert)
-            X509_free(ucert);
+	if (key) EVP_PKEY_free(key);
+	if (certs) sk_X509_pop_free(certs, X509_free);
+	if (ucert) X509_free(ucert);

 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
@ -698,12 +640,11 @@ int MAIN(int argc, char **argv)
 	ERR_print_errors(bio_err);
 	goto end;
    }
+
 #ifdef CRYPTO_MDEBUG
    CRYPTO_push_info("read import password");
 #endif
-    if (!noprompt
-        && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:",
-                              0)) {
+    if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
 	BIO_printf (bio_err, "Can't read Password\n");
 	goto end;
    }
@ -711,12 +652,9 @@ int MAIN(int argc, char **argv)
    CRYPTO_pop_info();
 #endif

-    if (!twopass)
-        BUF_strlcpy(macpass, pass, sizeof macpass);
+    if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);

-    if ((options & INFO) && p12->mac)
-        BIO_printf(bio_err, "MAC Iteration %ld\n",
-                   p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1);
+    if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
    if(macver) {
 #ifdef CRYPTO_MDEBUG
    CRYPTO_push_info("verify MAC");
@ -724,8 +662,7 @@ int MAIN(int argc, char **argv)
 	/* If we enter empty password try no password first */
 	if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
 		/* If mac and crypto pass the same set it to NULL too */
-            if (!twopass)
-                cpass = NULL;
+		if(!twopass) cpass = NULL;
 	} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
 	    BIO_printf (bio_err, "Mac verify error: invalid password?\n");
 	    ERR_print_errors (bio_err);
@ -736,6 +673,7 @@ int MAIN(int argc, char **argv)
    CRYPTO_pop_info();
 #endif
    }
+
 #ifdef CRYPTO_MDEBUG
    CRYPTO_push_info("output keys and certificates");
 #endif
@ -749,21 +687,16 @@ int MAIN(int argc, char **argv)
 #endif
    ret = 0;
 end:
-    if (p12)
-        PKCS12_free(p12);
-    if (export_cert || inrand)
-        app_RAND_write_file(NULL, bio_err);
+    if (p12) PKCS12_free(p12);
+    if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
 #ifdef CRYPTO_MDEBUG
    CRYPTO_remove_all_info();
 #endif
    BIO_free(in);
    BIO_free_all(out);
-    if (canames)
-        sk_OPENSSL_STRING_free(canames);
-    if (passin)
-        OPENSSL_free(passin);
-    if (passout)
-        OPENSSL_free(passout);
+    if (canames) sk_OPENSSL_STRING_free(canames);
+    if(passin) OPENSSL_free(passin);
+    if(passout) OPENSSL_free(passout);
    apps_shutdown();
    OPENSSL_EXIT(ret);
 }
@ -777,25 +710,22 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass,
 	int ret = 0;
 	PKCS7 *p7;

-    if (!(asafes = PKCS12_unpack_authsafes(p12)))
-        return 0;
+	if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
 	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
 		p7 = sk_PKCS7_value (asafes, i);
 		bagnid = OBJ_obj2nid (p7->type);
 		if (bagnid == NID_pkcs7_data) {
 			bags = PKCS12_unpack_p7data(p7);
-            if (options & INFO)
-                BIO_printf(bio_err, "PKCS7 Data\n");
+			if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
 		} else if (bagnid == NID_pkcs7_encrypted) {
 			if (options & INFO) {
 				BIO_printf(bio_err, "PKCS7 Encrypted data: ");
-                alg_print(bio_err, p7->d.encrypted->enc_data->algorithm);
+				alg_print(bio_err, 
+					p7->d.encrypted->enc_data->algorithm);
 			}
 			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
-        } else
-            continue;
-        if (!bags)
-            goto err;
+		} else continue;
+		if (!bags) goto err;
 	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
 						 options, pempass)) {
 			sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
@ -820,7 +750,8 @@ int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
 	for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
 		if (!dump_certs_pkeys_bag (out,
 					   sk_PKCS12_SAFEBAG_value (bags, i),
-                                  pass, passlen, options, pempass))
+					   pass, passlen,
+					   options, pempass))
 		    return 0;
 	}
 	return 1;
@ -833,16 +764,14 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 	PKCS8_PRIV_KEY_INFO *p8;
 	X509 *x509;
 	
-    switch (M_PKCS12_bag_type(bag)) {
+	switch (M_PKCS12_bag_type(bag))
+	{
 	case NID_keyBag:
-        if (options & INFO)
-            BIO_printf(bio_err, "Key bag\n");
-        if (options & NOKEYS)
-            return 1;
+		if (options & INFO) BIO_printf (bio_err, "Key bag\n");
+		if (options & NOKEYS) return 1;
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		p8 = bag->value.keybag;
-        if (!(pkey = EVP_PKCS82PKEY(p8)))
-            return 0;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
 		print_attribs (out, p8->attributes, "Key Attributes");
 		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
 		EVP_PKEY_free(pkey);
@ -853,8 +782,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 			BIO_printf (bio_err, "Shrouded Keybag: ");
 			alg_print (bio_err, bag->value.shkeybag->algor);
 		}
-        if (options & NOKEYS)
-            return 1;
+		if (options & NOKEYS) return 1;
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
 				return 0;
@ -869,28 +797,22 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 	break;

 	case NID_certBag:
-        if (options & INFO)
-            BIO_printf(bio_err, "Certificate bag\n");
-        if (options & NOCERTS)
-            return 1;
+		if (options & INFO) BIO_printf (bio_err, "Certificate bag\n");
+		if (options & NOCERTS) return 1;
                if (PKCS12_get_attr(bag, NID_localKeyID)) {
-            if (options & CACERTS)
-                return 1;
-        } else if (options & CLCERTS)
-            return 1;
+			if (options & CACERTS) return 1;
+		} else if (options & CLCERTS) return 1;
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
 								 return 1;
-        if (!(x509 = PKCS12_certbag2x509(bag)))
-            return 0;
+		if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
 		dump_cert_text (out, x509);
 		PEM_write_bio_X509 (out, x509);
 		X509_free(x509);
 	break;

 	case NID_safeContentsBag:
-        if (options & INFO)
-            BIO_printf(bio_err, "Safe Contents bag\n");
+		if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		return dump_certs_pkeys_bags (out, bag->value.safes, pass,
 							    passlen, options, pempass);
@ -907,25 +829,32 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,

 /* Given a single certificate return a verified chain or NULL if error */

-static int get_cert_chain(X509 *cert, X509_STORE *store,
-                          STACK_OF(X509) **chain)
+/* Hope this is OK .... */
+
+int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 {
 	X509_STORE_CTX store_ctx;
-    STACK_OF(X509) *chn = NULL;
+	STACK_OF(X509) *chn;
 	int i = 0;

-    if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
-        *chain = NULL;
-        return X509_V_ERR_UNSPECIFIED;
-    }
-
-    if (X509_verify_cert(&store_ctx) > 0)
+	/* FIXME: Should really check the return status of X509_STORE_CTX_init
+	 * for an error, but how that fits into the return value of this
+	 * function is less obvious. */
+	X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
+	if (X509_verify_cert(&store_ctx) <= 0) {
+		i = X509_STORE_CTX_get_error (&store_ctx);
+		if (i == 0)
+			/* avoid returning 0 if X509_verify_cert() did not
+			 * set an appropriate error value in the context */
+			i = -1;
+		chn = NULL;
+		goto err;
+	} else
 		chn = X509_STORE_CTX_get1_chain(&store_ctx);
-    else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
-        i = X509_V_ERR_UNSPECIFIED;
-
+err:
 	X509_STORE_CTX_cleanup(&store_ctx);
 	*chain = chn;
+	
 	return i;
 }	

@ -967,15 +896,13 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
 #endif
-    if (ret)
-        ERR_clear_error();
+	if(ret) ERR_clear_error();
 	return ret;
 }

 /* Generalised attribute print: handle PKCS#8 and bag attributes */

-int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
-                  const char *name)
+int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
 {
 	X509_ATTRIBUTE *attr;
 	ASN1_TYPE *av;
@ -997,8 +924,7 @@ int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
 		if(attr_nid == NID_undef) {
 			i2a_ASN1_OBJECT (out, attr->object);
 			BIO_printf(out, ": ");
-        } else
-            BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
+		} else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));

 		if(sk_ASN1_TYPE_num(attr->value.set)) {
 			av = sk_ASN1_TYPE_value(attr->value.set, 0);
@ -1026,8 +952,7 @@ int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
 					BIO_printf(out, "<Unsupported tag %d>\n", av->type);
 				break;
 			}
-        } else
-            BIO_printf(out, "<No Values>\n");
+		} else BIO_printf(out, "<No Values>\n");
 	}
 	return 1;
 }
@ -1035,20 +960,21 @@ int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
 void hex_prin(BIO *out, unsigned char *buf, int len)
 {
 	int i;
-    for (i = 0; i < len; i++)
-        BIO_printf(out, "%02X ", buf[i]);
+	for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
 }

 static int set_pbe(BIO *err, int *ppbe, const char *str)
 	{
 	if (!str)
 		return 0;
-    if (!strcmp(str, "NONE")) {
+	if (!strcmp(str, "NONE"))
+		{
 		*ppbe = -1;
 		return 1;
 		}
 	*ppbe=OBJ_txt2nid(str);
-    if (*ppbe == NID_undef) {
+	if (*ppbe == NID_undef)
+		{
 		BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
 		return 0;
 		}
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@ -71,8 +71,7 @@
 #undef PROG
 #define PROG	pkcs7_main

-/*-
- * -inform arg  - input format - default PEM (DER or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@ -111,24 +110,29 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-noout") == 0)
+			}
+		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
@ -137,13 +141,14 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-print_certs") == 0)
 			print_certs=1;
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
-        else {
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -152,7 +157,8 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
@ -160,14 +166,11 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-        BIO_printf(bio_err,
-                   " -print_certs  print any certs or crl in the input\n");
-        BIO_printf(bio_err,
-                   " -text         print full details of certificates\n");
+		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
+		BIO_printf(bio_err," -text         print full details of certificates\n");
 		BIO_printf(bio_err," -noout        don't output encoded data\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e     use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 #endif
 		ret = 1;
 		goto end;
@ -181,17 +184,20 @@ int MAIN(int argc, char **argv)

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
                goto end;
                }

 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
-            BIO_printf(bio_err, "unable to load input file\n");
-            ERR_print_errors(bio_err);
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+		if (in == NULL)
+			{
+			perror(infile);
 			goto end;
 			}
 		}
@ -200,17 +206,20 @@ int MAIN(int argc, char **argv)
 		p7=d2i_PKCS7_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
 		p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);
-    else {
+	else
+		{
 		BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
 		goto end;
 		}
-    if (p7 == NULL) {
+	if (p7 == NULL)
+		{
 		BIO_printf(bio_err,"unable to load PKCS7 object\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -218,8 +227,11 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
@ -228,53 +240,51 @@ int MAIN(int argc, char **argv)
 	if (p7_print)
 		PKCS7_print_ctx(out, p7, 0, NULL);

-    if (print_certs) {
+	if (print_certs)
+		{
 		STACK_OF(X509) *certs=NULL;
 		STACK_OF(X509_CRL) *crls=NULL;

 		i=OBJ_obj2nid(p7->type);
-        switch (i) {
+		switch (i)
+			{
 		case NID_pkcs7_signed:
-            if (p7->d.sign != NULL) {
 			certs=p7->d.sign->cert;
 			crls=p7->d.sign->crl;
-            }
 			break;
 		case NID_pkcs7_signedAndEnveloped:
-            if (p7->d.signed_and_enveloped != NULL) {
 			certs=p7->d.signed_and_enveloped->cert;
 			crls=p7->d.signed_and_enveloped->crl;
-            }
 			break;
 		default:
 			break;
 			}

-        if (certs != NULL) {
+		if (certs != NULL)
+			{
 			X509 *x;

-            for (i = 0; i < sk_X509_num(certs); i++) {
+			for (i=0; i<sk_X509_num(certs); i++)
+				{
 				x=sk_X509_value(certs,i);
-                if (text)
-                    X509_print(out, x);
-                else
-                    dump_cert_text(out, x);
+				if(text) X509_print(out, x);
+				else dump_cert_text(out, x);

-                if (!noout)
-                    PEM_write_bio_X509(out, x);
+				if(!noout) PEM_write_bio_X509(out,x);
 				BIO_puts(out,"\n");
 				}
 			}
-        if (crls != NULL) {
+		if (crls != NULL)
+			{
 			X509_CRL *crl;

-            for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+			for (i=0; i<sk_X509_CRL_num(crls); i++)
+				{
 				crl=sk_X509_CRL_value(crls,i);

 				X509_CRL_print(out, crl);

-                if (!noout)
-                    PEM_write_bio_X509_CRL(out, crl);
+				if(!noout)PEM_write_bio_X509_CRL(out,crl);
 				BIO_puts(out,"\n");
 				}
 			}
@ -293,7 +303,8 @@ int MAIN(int argc, char **argv)
 			goto end;
 			}

-        if (!i) {
+		if (!i)
+			{
 			BIO_printf(bio_err,"unable to write pkcs7 object\n");
 			ERR_print_errors(bio_err);
 			goto end;
@ -301,12 +312,9 @@ int MAIN(int argc, char **argv)
 	}
 	ret=0;
 end:
-    if (p7 != NULL)
-        PKCS7_free(p7);
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
+	if (p7 != NULL) PKCS7_free(p7);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@ -1,7 +1,6 @@
 /* pkcs8.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999-2004.
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999-2004.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@ -91,8 +90,7 @@ int MAIN(int argc, char **argv)
 	char *engine=NULL;
 #endif

-    if (bio_err == NULL)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);

 	if (!load_config(bio_err, NULL))
 		goto end;
@ -103,40 +101,59 @@ int MAIN(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
-    while (!badarg && *args && *args[0] == '-') {
-        if (!strcmp(*args, "-v2")) {
-            if (args[1]) {
+	while (!badarg && *args && *args[0] == '-')
+		{
+		if (!strcmp(*args,"-v2"))
+			{
+			if (args[1])
+				{
 				args++;
 				cipher=EVP_get_cipherbyname(*args);
-                if (!cipher) {
-                    BIO_printf(bio_err, "Unknown cipher %s\n", *args);
+				if (!cipher)
+					{
+					BIO_printf(bio_err,
+						 "Unknown cipher %s\n", *args);
 					badarg = 1;
 					}
-            } else
+				}
+			else
 				badarg = 1;
-        } else if (!strcmp(*args, "-v1")) {
-            if (args[1]) {
+			}
+		else if (!strcmp(*args,"-v1"))
+			{
+			if (args[1])
+				{
 				args++;
 				pbe_nid=OBJ_txt2nid(*args);
-                if (pbe_nid == NID_undef) {
-                    BIO_printf(bio_err, "Unknown PBE algorithm %s\n", *args);
+				if (pbe_nid == NID_undef)
+					{
+					BIO_printf(bio_err,
+						 "Unknown PBE algorithm %s\n", *args);
 					badarg = 1;
 					}
-            } else
+				}
+			else
 				badarg = 1;
-        } else if (!strcmp(*args, "-inform")) {
-            if (args[1]) {
+			}
+		else if (!strcmp(*args,"-inform"))
+			{
+			if (args[1])
+				{
 				args++;
 				informat=str2fmt(*args);
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-outform")) {
-            if (args[1]) {
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args,"-outform"))
+			{
+			if (args[1])
+				{
 				args++;
 				outformat=str2fmt(*args);
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-topk8"))
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-topk8"))
 			topk8 = 1;
 		else if (!strcmp (*args, "-noiter"))
 			iter = 1;
@ -148,76 +165,76 @@ int MAIN(int argc, char **argv)
 			p8_broken = PKCS8_NS_DB;
 		else if (!strcmp (*args, "-embed"))
 			p8_broken = PKCS8_EMBEDDED_PARAM;
-        else if (!strcmp(*args, "-passin")) {
-            if (!args[1])
-                goto bad;
+		else if (!strcmp(*args,"-passin"))
+			{
+			if (!args[1]) goto bad;
 			passargin= *(++args);
-        } else if (!strcmp(*args, "-passout")) {
-            if (!args[1])
-                goto bad;
+			}
+		else if (!strcmp(*args,"-passout"))
+			{
+			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*args, "-engine") == 0) {
-            if (!args[1])
-                goto bad;
+		else if (strcmp(*args,"-engine") == 0)
+			{
+			if (!args[1]) goto bad;
 			engine= *(++args);
 			}
 #endif
-        else if (!strcmp(*args, "-in")) {
-            if (args[1]) {
+		else if (!strcmp (*args, "-in"))
+			{
+			if (args[1])
+				{
 				args++;
 				infile = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-out")) {
-            if (args[1]) {
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-out"))
+			{
+			if (args[1])
+				{
 				args++;
 				outfile = *args;
-            } else
-                badarg = 1;
-        } else
-            badarg = 1;
+				}
+			else badarg = 1;
+			}
+		else badarg = 1;
 		args++;
 		}

-    if (badarg) {
+	if (badarg)
+		{
 		bad:
 		BIO_printf(bio_err, "Usage pkcs8 [options]\n");
 		BIO_printf(bio_err, "where options are\n");
 		BIO_printf(bio_err, "-in file        input file\n");
 		BIO_printf(bio_err, "-inform X       input format (DER or PEM)\n");
-        BIO_printf(bio_err,
-                   "-passin arg     input file pass phrase source\n");
+		BIO_printf(bio_err, "-passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err, "-outform X      output format (DER or PEM)\n");
 		BIO_printf(bio_err, "-out file       output file\n");
-        BIO_printf(bio_err,
-                   "-passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err, "-passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err, "-topk8          output PKCS8 file\n");
-        BIO_printf(bio_err,
-                   "-nooct          use (nonstandard) no octet format\n");
-        BIO_printf(bio_err,
-                   "-embed          use (nonstandard) embedded DSA parameters format\n");
-        BIO_printf(bio_err,
-                   "-nsdb           use (nonstandard) DSA Netscape DB format\n");
+		BIO_printf(bio_err, "-nooct          use (nonstandard) no octet format\n");
+		BIO_printf(bio_err, "-embed          use (nonstandard) embedded DSA parameters format\n");
+		BIO_printf(bio_err, "-nsdb           use (nonstandard) DSA Netscape DB format\n");
 		BIO_printf(bio_err, "-noiter         use 1 as iteration count\n");
-        BIO_printf(bio_err,
-                   "-nocrypt        use or expect unencrypted private key\n");
-        BIO_printf(bio_err,
-                   "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
-        BIO_printf(bio_err,
-                   "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
+		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
+		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
+		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 #endif
 		goto end;
 		}
+
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif

-    if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+	if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
+		{
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
 		}
@ -225,20 +242,29 @@ int MAIN(int argc, char **argv)
 	if ((pbe_nid == -1) && !cipher)
 		pbe_nid = NID_pbeWithMD5AndDES_CBC;

-    if (infile) {
-        if (!(in = BIO_new_file(infile, "rb"))) {
-            BIO_printf(bio_err, "Can't open input file %s\n", infile);
+	if (infile)
+		{
+		if (!(in = BIO_new_file(infile, "rb")))
+			{
+			BIO_printf(bio_err,
+				 "Can't open input file %s\n", infile);
 			goto end;
 			}
-    } else
+		}
+	else
 		in = BIO_new_fp (stdin, BIO_NOCLOSE);

-    if (outfile) {
-        if (!(out = BIO_new_file(outfile, "wb"))) {
-            BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+	if (outfile)
+		{
+		if (!(out = BIO_new_file (outfile, "wb")))
+			{
+			BIO_printf(bio_err,
+				 "Can't open output file %s\n", outfile);
 			goto end;
 			}
-    } else {
+		}
+	else
+		{
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
@ -247,37 +273,45 @@ int MAIN(int argc, char **argv)
 			}
 #endif
 		}
-    if (topk8) {
-        pkey = load_key(bio_err, infile, informat, 1, passin, e, "key");
+	if (topk8)
+		{
+		pkey = load_key(bio_err, infile, informat, 1,
+			passin, e, "key");
 		if (!pkey)
 			goto end;
-        if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
+		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
+			{
 			BIO_printf(bio_err, "Error converting key\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
-        if (nocrypt) {
+		if (nocrypt)
+			{
 			if (outformat == FORMAT_PEM) 
 				PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
 			else if (outformat == FORMAT_ASN1)
 				i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
-            else {
+			else
+				{
 				BIO_printf(bio_err, "Bad format specified for key\n");
 				goto end;
 				}
-        } else {
+			}
+		else
+			{
 			if (passout)
 				p8pass = passout;
-            else {
+			else
+				{
 				p8pass = pass;
-                if (EVP_read_pw_string
-                    (pass, sizeof pass, "Enter Encryption Password:", 1))
+				if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
 					goto end;
 				}
 			app_RAND_load_file(NULL, bio_err, 0);
 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
 					p8pass, strlen(p8pass),
-                                     NULL, 0, iter, p8inf))) {
+					NULL, 0, iter, p8inf)))
+				{
 				BIO_printf(bio_err, "Error encrypting key\n");
 				ERR_print_errors(bio_err);
 				goto end;
@ -287,7 +321,8 @@ int MAIN(int argc, char **argv)
 				PEM_write_bio_PKCS8(out, p8);
 			else if (outformat == FORMAT_ASN1)
 				i2d_PKCS8_bio(out, p8);
-            else {
+			else
+				{
 				BIO_printf(bio_err, "Bad format specified for key\n");
 				goto end;
 				}
@ -297,54 +332,65 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}

-    if (nocrypt) {
+	if (nocrypt)
+		{
 		if (informat == FORMAT_PEM) 
 			p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
 		else if (informat == FORMAT_ASN1)
 			p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
-        else {
+		else
+			{
 			BIO_printf(bio_err, "Bad format specified for key\n");
 			goto end;
 			}
-    } else {
+		}
+	else
+		{
 		if (informat == FORMAT_PEM) 
 			p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
 		else if (informat == FORMAT_ASN1)
 			p8 = d2i_PKCS8_bio(in, NULL);
-        else {
+		else
+			{
 			BIO_printf(bio_err, "Bad format specified for key\n");
 			goto end;
 			}

-        if (!p8) {
+		if (!p8)
+			{
 			BIO_printf (bio_err, "Error reading key\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (passin)
 			p8pass = passin;
-        else {
+		else
+			{
 			p8pass = pass;
 			EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
 			}
 		p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
 		}

-    if (!p8inf) {
+	if (!p8inf)
+		{
 		BIO_printf(bio_err, "Error decrypting key\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
+	if (!(pkey = EVP_PKCS82PKEY(p8inf)))
+		{
 		BIO_printf(bio_err, "Error converting key\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	
-    if (p8inf->broken) {
+	if (p8inf->broken)
+		{
 		BIO_printf(bio_err, "Warning: broken key encoding: ");
-        switch (p8inf->broken) {
+		switch (p8inf->broken)
+			{
 			case PKCS8_NO_OCTET:
 			BIO_printf(bio_err, "No Octet String in PrivateKey\n");
 			break;
@ -371,7 +417,8 @@ int MAIN(int argc, char **argv)
 		PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
 	else if (outformat == FORMAT_ASN1)
 		i2d_PrivateKey_bio(out, pkey);
-    else {
+	else
+		{
 		BIO_printf(bio_err, "Bad format specified for key\n");
 			goto end;
 		}
--- a/apps/pkey.c
+++ b/apps/pkey.c
@ -1,7 +1,6 @@
 /* apps/pkey.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006
 */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
@ -96,103 +95,129 @@ int MAIN(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
-    while (!badarg && *args && *args[0] == '-') {
-        if (!strcmp(*args, "-inform")) {
-            if (args[1]) {
+	while (!badarg && *args && *args[0] == '-')
+		{
+		if (!strcmp(*args,"-inform"))
+			{
+			if (args[1])
+				{
 				args++;
 				informat=str2fmt(*args);
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-outform")) {
-            if (args[1]) {
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args,"-outform"))
+			{
+			if (args[1])
+				{
 				args++;
 				outformat=str2fmt(*args);
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-passin")) {
-            if (!args[1])
-                goto bad;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args,"-passin"))
+			{
+			if (!args[1]) goto bad;
 			passargin= *(++args);
-        } else if (!strcmp(*args, "-passout")) {
-            if (!args[1])
-                goto bad;
+			}
+		else if (!strcmp(*args,"-passout"))
+			{
+			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*args, "-engine") == 0) {
-            if (!args[1])
-                goto bad;
+		else if (strcmp(*args,"-engine") == 0)
+			{
+			if (!args[1]) goto bad;
 			engine= *(++args);
 			}
 #endif
-        else if (!strcmp(*args, "-in")) {
-            if (args[1]) {
+		else if (!strcmp (*args, "-in"))
+			{
+			if (args[1])
+				{
 				args++;
 				infile = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-out")) {
-            if (args[1]) {
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-out"))
+			{
+			if (args[1])
+				{
 				args++;
 				outfile = *args;
-            } else
-                badarg = 1;
-        } else if (strcmp(*args, "-pubin") == 0) {
+				}
+			else badarg = 1;
+			}
+		else if (strcmp(*args,"-pubin") == 0)
+			{
 			pubin=1;
 			pubout=1;
 			pubtext=1;
-        } else if (strcmp(*args, "-pubout") == 0)
+			}
+		else if (strcmp(*args,"-pubout") == 0)
 			pubout=1;
-        else if (strcmp(*args, "-text_pub") == 0) {
+		else if (strcmp(*args,"-text_pub") == 0)
+			{
 			pubtext=1;
 			text=1;
-        } else if (strcmp(*args, "-text") == 0)
+			}
+		else if (strcmp(*args,"-text") == 0)
 			text=1;
 		else if (strcmp(*args,"-noout") == 0)
 			noout=1;
-        else {
+		else
+			{
 			cipher = EVP_get_cipherbyname(*args + 1);
-            if (!cipher) {
-                BIO_printf(bio_err, "Unknown cipher %s\n", *args + 1);
+			if (!cipher)
+				{
+				BIO_printf(bio_err, "Unknown cipher %s\n",
+								*args + 1);
 				badarg = 1;
 				}
 			}
 		args++;
 		}

-    if (badarg) {
+	if (badarg)
+		{
 		bad:
 		BIO_printf(bio_err, "Usage pkey [options]\n");
 		BIO_printf(bio_err, "where options are\n");
 		BIO_printf(bio_err, "-in file        input file\n");
 		BIO_printf(bio_err, "-inform X       input format (DER or PEM)\n");
-        BIO_printf(bio_err,
-                   "-passin arg     input file pass phrase source\n");
+		BIO_printf(bio_err, "-passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err, "-outform X      output format (DER or PEM)\n");
 		BIO_printf(bio_err, "-out file       output file\n");
-        BIO_printf(bio_err,
-                   "-passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err, "-passout arg    output file pass phrase source\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   "-engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 #endif
 		return 1;
 		}
+
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif

-    if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+	if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
+		{
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
 		}

-    if (outfile) {
-        if (!(out = BIO_new_file(outfile, "wb"))) {
-            BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+	if (outfile)
+		{
+		if (!(out = BIO_new_file (outfile, "wb")))
+			{
+			BIO_printf(bio_err,
+				 "Can't open output file %s\n", outfile);
 			goto end;
 			}
-    } else {
+		}
+	else
+		{
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
@ -206,30 +231,38 @@ int MAIN(int argc, char **argv)
 		pkey = load_pubkey(bio_err, infile, informat, 1,
 			passin, e, "Public Key");
 	else
-        pkey = load_key(bio_err, infile, informat, 1, passin, e, "key");
+		pkey = load_key(bio_err, infile, informat, 1,
+			passin, e, "key");
 	if (!pkey)
 		goto end;

-    if (!noout) {
-        if (outformat == FORMAT_PEM) {
+	if (!noout)
+		{
+		if (outformat == FORMAT_PEM) 
+			{
 			if (pubout)
 				PEM_write_bio_PUBKEY(out,pkey);
 			else
 				PEM_write_bio_PrivateKey(out, pkey, cipher,
 							NULL, 0, NULL, passout);
-        } else if (outformat == FORMAT_ASN1) {
+			}
+		else if (outformat == FORMAT_ASN1)
+			{
 			if (pubout)
 				i2d_PUBKEY_bio(out, pkey);
 			else
 				i2d_PrivateKey_bio(out, pkey);
-        } else {
+			}
+		else
+			{
 			BIO_printf(bio_err, "Bad format specified for key\n");
 			goto end;
 			}

 		}

-    if (text) {
+	if (text)
+		{
 		if (pubtext)
 			EVP_PKEY_print_public(out, pkey, 0, NULL);
 		else
--- a/apps/pkeyparam.c
+++ b/apps/pkeyparam.c
@ -1,7 +1,6 @@
 /* apps/pkeyparam.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006
 */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
@ -88,24 +87,30 @@ int MAIN(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
-    while (!badarg && *args && *args[0] == '-') {
-        if (!strcmp(*args, "-in")) {
-            if (args[1]) {
+	while (!badarg && *args && *args[0] == '-')
+		{
+		if (!strcmp (*args, "-in"))
+			{
+			if (args[1])
+				{
 				args++;
 				infile = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-out")) {
-            if (args[1]) {
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-out"))
+			{
+			if (args[1])
+				{
 				args++;
 				outfile = *args;
-            } else
-                badarg = 1;
+				}
+			else badarg = 1;
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*args, "-engine") == 0) {
-            if (!args[1])
-                goto bad;
+		else if (strcmp(*args,"-engine") == 0)
+			{
+			if (!args[1]) goto bad;
 			engine= *(++args);
 			}
 #endif
@ -117,7 +122,8 @@ int MAIN(int argc, char **argv)
 		args++;
 		}

-    if (badarg) {
+	if (badarg)
+		{
 #ifndef OPENSSL_NO_ENGINE
 		bad:
 #endif
@ -126,32 +132,40 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-in file        input file\n");
 		BIO_printf(bio_err, "-out file       output file\n");
 		BIO_printf(bio_err, "-text           print parameters as text\n");
-        BIO_printf(bio_err,
-                   "-noout          don't output encoded parameters\n");
+		BIO_printf(bio_err, "-noout          don't output encoded parameters\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   "-engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 #endif
 		return 1;
 		}
+
 #ifndef OPENSSL_NO_ENGINE
        setup_engine(bio_err, engine, 0);
 #endif

-    if (infile) {
-        if (!(in = BIO_new_file(infile, "r"))) {
-            BIO_printf(bio_err, "Can't open input file %s\n", infile);
+	if (infile)
+		{
+		if (!(in = BIO_new_file (infile, "r")))
+			{
+			BIO_printf(bio_err,
+				 "Can't open input file %s\n", infile);
 			goto end;
 			}
-    } else
+		}
+	else
 		in = BIO_new_fp (stdin, BIO_NOCLOSE);

-    if (outfile) {
-        if (!(out = BIO_new_file(outfile, "w"))) {
-            BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+	if (outfile)
+		{
+		if (!(out = BIO_new_file (outfile, "w")))
+			{
+			BIO_printf(bio_err,
+				 "Can't open output file %s\n", outfile);
 			goto end;
 			}
-    } else {
+		}
+	else
+		{
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
@ -162,7 +176,8 @@ int MAIN(int argc, char **argv)
 		}

 	pkey = PEM_read_bio_Parameters(in, NULL);
-    if (!pkey) {
+	if (!pkey)
+		{
 		BIO_printf(bio_err, "Error reading parameters\n");
 		ERR_print_errors(bio_err);
 		goto end;
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@ -1,6 +1,5 @@
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
 */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
@ -56,6 +55,7 @@
 *
 */

+
 #include "apps.h"
 #include <string.h>
 #include <openssl/err.h>
@ -107,66 +107,73 @@ int MAIN(int argc, char **argv)
 	argc--;
 	argv++;

-    if (!bio_err)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+	if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);

 	if (!load_config(bio_err, NULL))
 		goto end;
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	
-    while (argc >= 1) {
-        if (!strcmp(*argv, "-in")) {
+	while(argc >= 1)
+		{
+		if (!strcmp(*argv,"-in"))
+			{
+			if (--argc < 1) badarg = 1;
+                        else infile= *(++argv);
+			}
+		else if (!strcmp(*argv,"-out"))
+			{
+			if (--argc < 1) badarg = 1;
+			else outfile= *(++argv);
+			}
+		else if (!strcmp(*argv,"-sigfile"))
+			{
+			if (--argc < 1) badarg = 1;
+			else sigfile= *(++argv);
+			}
+		else if(!strcmp(*argv, "-inkey"))
+			{
 			if (--argc < 1)
 				badarg = 1;
 			else
-                infile = *(++argv);
-        } else if (!strcmp(*argv, "-out")) {
-            if (--argc < 1)
-                badarg = 1;
-            else
-                outfile = *(++argv);
-        } else if (!strcmp(*argv, "-sigfile")) {
-            if (--argc < 1)
-                badarg = 1;
-            else
-                sigfile = *(++argv);
-        } else if (!strcmp(*argv, "-inkey")) {
-            if (--argc < 1)
-                badarg = 1;
-            else {
+				{
 				ctx = init_ctx(&keysize,
 						*(++argv), keyform, key_type,
 						passargin, pkey_op, e);
-                if (!ctx) {
-                    BIO_puts(bio_err, "Error initializing context\n");
+				if (!ctx)
+					{
+					BIO_puts(bio_err,
+						"Error initializing context\n");
 					ERR_print_errors(bio_err);
 					badarg = 1;
 					}
 				}
-        } else if (!strcmp(*argv, "-peerkey")) {
+			}
+		else if (!strcmp(*argv,"-peerkey"))
+			{
 			if (--argc < 1)
 				badarg = 1;
 			else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
 				badarg = 1;
-        } else if (!strcmp(*argv, "-passin")) {
-            if (--argc < 1)
-                badarg = 1;
-            else
-                passargin = *(++argv);
-        } else if (strcmp(*argv, "-peerform") == 0) {
-            if (--argc < 1)
-                badarg = 1;
-            else
-                peerform = str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-keyform") == 0) {
-            if (--argc < 1)
-                badarg = 1;
-            else
-                keyform = str2fmt(*(++argv));
+			}
+		else if (!strcmp(*argv,"-passin"))
+			{
+			if (--argc < 1) badarg = 1;
+			else passargin= *(++argv);
+			}
+		else if (strcmp(*argv,"-peerform") == 0)
+			{
+			if (--argc < 1) badarg = 1;
+			else peerform=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-keyform") == 0)
+			{
+			if (--argc < 1) badarg = 1;
+			else keyform=str2fmt(*(++argv));
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (!strcmp(*argv, "-engine")) {
+		else if(!strcmp(*argv, "-engine"))
+			{
 			if (--argc < 1)
 				badarg = 1;
 			else
@ -195,20 +202,26 @@ int MAIN(int argc, char **argv)
 			pkey_op = EVP_PKEY_OP_DECRYPT;
 		else if(!strcmp(*argv, "-derive"))
 			pkey_op = EVP_PKEY_OP_DERIVE;
-        else if (strcmp(*argv, "-pkeyopt") == 0) {
+		else if (strcmp(*argv,"-pkeyopt") == 0)
+			{
 			if (--argc < 1)
 				badarg = 1;
-            else if (!ctx) {
-                BIO_puts(bio_err, "-pkeyopt command before -inkey\n");
+			else if (!ctx)
+				{
+				BIO_puts(bio_err,
+					"-pkeyopt command before -inkey\n");
 				badarg = 1;
-            } else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) {
+				}
+			else if (pkey_ctrl_string(ctx, *(++argv)) <= 0)
+				{
 				BIO_puts(bio_err, "parameter setting error\n");
 				ERR_print_errors(bio_err);
 				goto end;
 				}
-        } else
-            badarg = 1;
-        if (badarg) {
+			}
+		else badarg = 1;
+		if(badarg)
+			{
 			usage();
 			goto end;
 			}
@ -216,17 +229,20 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (!ctx) {
+	if (!ctx)
+		{
 		usage();
 		goto end;
 		}

-    if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {
+	if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY))
+		{
 		BIO_puts(bio_err, "Signature file specified for non verify\n");
 		goto end;
 		}

-    if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) {
+	if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY))
+		{
 		BIO_puts(bio_err, "No signature file specified for verify\n");
 		goto end;
 		}
@ -234,24 +250,33 @@ int MAIN(int argc, char **argv)
 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);

-    if (pkey_op != EVP_PKEY_OP_DERIVE) {
-        if (infile) {
-            if (!(in = BIO_new_file(infile, "rb"))) {
-                BIO_puts(bio_err, "Error Opening Input File\n");
+	if (pkey_op != EVP_PKEY_OP_DERIVE)
+		{
+		if(infile)
+			{
+			if(!(in = BIO_new_file(infile, "rb")))
+				{
+				BIO_puts(bio_err,
+					"Error Opening Input File\n");
 				ERR_print_errors(bio_err);	
 				goto end;
 				}
-        } else
+			}
+		else
 			in = BIO_new_fp(stdin, BIO_NOCLOSE);
 		}

-    if (outfile) {
-        if (!(out = BIO_new_file(outfile, "wb"))) {
+	if(outfile)
+		{
+		if(!(out = BIO_new_file(outfile, "wb")))
+			{
 			BIO_printf(bio_err, "Error Creating Output File\n");
 			ERR_print_errors(bio_err);	
 			goto end;
 			}
-    } else {
+		}
+	else
+		{
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -261,32 +286,40 @@ int MAIN(int argc, char **argv)
 #endif
 	}

-    if (sigfile) {
+	if (sigfile)
+		{
 		BIO *sigbio = BIO_new_file(sigfile, "rb");
-        if (!sigbio) {
-            BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
+		if (!sigbio)
+			{
+			BIO_printf(bio_err, "Can't open signature file %s\n",
+								sigfile);
 			goto end;
 			}
 		siglen = bio_to_mem(&sig, keysize * 10, sigbio);
 		BIO_free(sigbio);
-        if (siglen <= 0) {
+		if (siglen <= 0)
+			{
 			BIO_printf(bio_err, "Error reading signature data\n");
 			goto end;
 			}
 		}
 	
-    if (in) {
+	if (in)
+		{
 		/* Read the input data */
 		buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
-        if (buf_inlen <= 0) {
+		if(buf_inlen <= 0)
+			{
 			BIO_printf(bio_err, "Error reading input Data\n");
 			exit(1);
 			}
-        if (rev) {
+		if(rev)
+			{
 			size_t i;
 			unsigned char ctmp;
 			size_t l = (size_t)buf_inlen;
-            for (i = 0; i < l / 2; i++) {
+			for(i = 0; i < l/2; i++)
+				{
 				ctmp = buf_in[i];
 				buf_in[i] = buf_in[l - 1 - i];
 				buf_in[l - 1 - i] = ctmp;
@ -294,7 +327,8 @@ int MAIN(int argc, char **argv)
 			}
 		}

-    if (pkey_op == EVP_PKEY_OP_VERIFY) {
+	if(pkey_op == EVP_PKEY_OP_VERIFY)
+		{
 		rv  = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
 				      buf_in, (size_t)buf_inlen);
 		if (rv == 0)
@ -303,10 +337,13 @@ int MAIN(int argc, char **argv)
 			BIO_puts(out, "Signature Verified Successfully\n");
 		if (rv >= 0)
 			goto end;
-    } else {
+		}
+	else
+		{	
 		rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
 			      buf_in, (size_t)buf_inlen);
-        if (rv > 0) {
+		if (rv > 0)
+			{
 			buf_out = OPENSSL_malloc(buf_outlen);
 			if (!buf_out)
 				rv = -1;
@ -317,16 +354,19 @@ int MAIN(int argc, char **argv)
 			}
 		}

-    if (rv <= 0) {
+	if(rv <= 0)
+		{
 		BIO_printf(bio_err, "Public Key operation error\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	ret = 0;
-    if (asn1parse) {
+	if(asn1parse)
+		{
 		if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
 			ERR_print_errors(bio_err);
-    } else if (hexdump)
+		}
+	else if(hexdump)
 		BIO_dump(out, (char *)buf_out, buf_outlen);
 	else
 		BIO_write(out, buf_out, buf_outlen);
@ -350,25 +390,21 @@ static void usage()
 	BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
 	BIO_printf(bio_err, "-in file        input file\n");
 	BIO_printf(bio_err, "-out file       output file\n");
-    BIO_printf(bio_err,
-               "-sigfile file signature file (verify operation only)\n");
+	BIO_printf(bio_err, "-sigfile file signature file (verify operation only)\n");
 	BIO_printf(bio_err, "-inkey file     input key\n");
 	BIO_printf(bio_err, "-keyform arg    private key format - default PEM\n");
 	BIO_printf(bio_err, "-pubin          input is a public key\n");
-    BIO_printf(bio_err,
-               "-certin         input is a certificate carrying a public key\n");
+	BIO_printf(bio_err, "-certin         input is a certificate carrying a public key\n");
 	BIO_printf(bio_err, "-pkeyopt X:Y    public key options\n");
 	BIO_printf(bio_err, "-sign           sign with private key\n");
 	BIO_printf(bio_err, "-verify         verify with public key\n");
-    BIO_printf(bio_err,
-               "-verifyrecover  verify with public key, recover original data\n");
+	BIO_printf(bio_err, "-verifyrecover  verify with public key, recover original data\n");
 	BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
 	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
 	BIO_printf(bio_err, "-derive         derive shared secret\n");
 	BIO_printf(bio_err, "-hexdump        hex dump output\n");
 #ifndef OPENSSL_NO_ENGINE
-    BIO_printf(bio_err,
-               "-engine e       use engine e, possibly a hardware device.\n");
+	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 #endif
 	BIO_printf(bio_err, "-passin arg     pass phrase source\n");

@ -385,15 +421,18 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
 	X509 *x;
 	if(((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) 
 		|| (pkey_op == EVP_PKEY_OP_DERIVE))
-        && (key_type != KEY_PRIVKEY)) {
+		&& (key_type != KEY_PRIVKEY))
+		{
 		BIO_printf(bio_err, "A private key is needed for this operation\n");
 		goto end;
 		}
-    if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+		{
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 		}
-    switch (key_type) {
+	switch(key_type)
+		{
 		case KEY_PRIVKEY:
 		pkey = load_key(bio_err, keyfile, keyform, 0,
 			passin, e, "Private Key");
@ -405,8 +444,10 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
 		break;

 		case KEY_CERT:
-        x = load_cert(bio_err, keyfile, keyform, NULL, e, "Certificate");
-        if (x) {
+		x = load_cert(bio_err, keyfile, keyform,
+			NULL, e, "Certificate");
+		if(x)
+			{
 			pkey = X509_get_pubkey(x);
 			X509_free(x);
 			}
@ -426,7 +467,8 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
 	if (!ctx)
 		goto end;

-    switch (pkey_op) {
+	switch(pkey_op)
+		{
 		case EVP_PKEY_OP_SIGN:
 		rv = EVP_PKEY_sign_init(ctx);
 		break;
@ -452,7 +494,8 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
 		break;
 		}

-    if (rv <= 0) {
+	if (rv <= 0)
+		{
 		EVP_PKEY_CTX_free(ctx);
 		ctx = NULL;
 		}
@ -464,6 +507,7 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,

 	return ctx;

+
 	}

 static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
@ -471,14 +515,16 @@ static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
 	{
 	EVP_PKEY *peer = NULL;
 	int ret;
-    if (!ctx) {
+	if (!ctx)
+		{
 		BIO_puts(err, "-peerkey command before -inkey\n");
 		return 0;
 		}
 		
 	peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");

-    if (!peer) {
+	if (!peer)
+		{
 		BIO_printf(bio_err, "Error reading peer key %s\n", file);
 		ERR_print_errors(err);
 		return 0;
@ -497,7 +543,8 @@ static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
 		unsigned char *in, size_t inlen)
 	{
 	int rv = 0;
-    switch (pkey_op) {
+	switch(pkey_op)
+		{
 		case EVP_PKEY_OP_VERIFYRECOVER:
 		rv  = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
 		break;
--- a/apps/prime.c
+++ b/apps/prime.c
@ -52,6 +52,7 @@
 #include "apps.h"
 #include <openssl/bn.h>

+
 #undef PROG
 #define PROG prime_main

@ -75,7 +76,8 @@ int MAIN(int argc, char **argv)

    --argc;
    ++argv;
-    while (argc >= 1 && **argv == '-') {
+    while (argc >= 1 && **argv == '-')
+	{
 	if(!strcmp(*argv,"-hex"))
 	    hex=1;
 	else if(!strcmp(*argv,"-generate"))
@ -92,7 +94,8 @@ int MAIN(int argc, char **argv)
 		goto bad;
 	    else
 		checks=atoi(*++argv);
-        else {
+	else
+	    {
 	    BIO_printf(bio_err,"Unknown option '%s'\n",*argv);
 	    goto bad;
 	    }
@ -100,12 +103,14 @@ int MAIN(int argc, char **argv)
 	++argv;
 	}

-    if (argv[0] == NULL && !generate) {
+    if (argv[0] == NULL && !generate)
+	{
 	BIO_printf(bio_err,"No prime specified\n");
 	goto bad;
 	}

-    if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
+    if ((bio_out=BIO_new(BIO_s_file())) != NULL)
+	{
 	BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 	    {
@ -115,10 +120,12 @@ int MAIN(int argc, char **argv)
 #endif
 	}

-    if (generate) {
+    if(generate)
+	{
 	char *s;

-        if (!bits) {
+	if(!bits)
+	    {
 	    BIO_printf(bio_err,"Specifiy the number of bits.\n");
 	    return 1;
 	    }
@ -127,7 +134,9 @@ int MAIN(int argc, char **argv)
 	s=hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
 	BIO_printf(bio_out,"%s\n",s);
 	OPENSSL_free(s);
-    } else {
+	}
+    else
+	{
 	if(hex)
 	    BN_hex2bn(&bn,argv[0]);
 	else
--- a/apps/rand.c
+++ b/apps/rand.c
@ -66,8 +66,7 @@
 #undef PROG
 #define PROG rand_main

-/*-
- * -out file         - write to file
+/* -out file         - write to file
 * -rand file:file   - PRNG seed files
 * -base64           - base64 encode output
 * -hex              - hex encode output
@ -101,44 +100,57 @@ int MAIN(int argc, char **argv)

 	badopt = 0;
 	i = 0;
-    while (!badopt && argv[++i] != NULL) {
-        if (strcmp(argv[i], "-out") == 0) {
+	while (!badopt && argv[++i] != NULL)
+		{
+		if (strcmp(argv[i], "-out") == 0)
+			{
 			if ((argv[i+1] != NULL) && (outfile == NULL))
 				outfile = argv[++i];
 			else
 				badopt = 1;
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(argv[i], "-engine") == 0) {
+		else if (strcmp(argv[i], "-engine") == 0)
+			{
 			if ((argv[i+1] != NULL) && (engine == NULL))
 				engine = argv[++i];
 			else
 				badopt = 1;
 			}
 #endif
-        else if (strcmp(argv[i], "-rand") == 0) {
+		else if (strcmp(argv[i], "-rand") == 0)
+			{
 			if ((argv[i+1] != NULL) && (inrand == NULL))
 				inrand = argv[++i];
 			else
 				badopt = 1;
-        } else if (strcmp(argv[i], "-base64") == 0) {
+			}
+		else if (strcmp(argv[i], "-base64") == 0)
+			{
 			if (!base64)
 				base64 = 1;
 			else
 				badopt = 1;
-        } else if (strcmp(argv[i], "-hex") == 0) {
+			}
+		else if (strcmp(argv[i], "-hex") == 0)
+			{
 			if (!hex)
 				hex = 1;
 			else
 				badopt = 1;
-        } else if (isdigit((unsigned char)argv[i][0])) {
-            if (num < 0) {
+			}
+		else if (isdigit((unsigned char)argv[i][0]))
+			{
+			if (num < 0)
+				{
 				r = sscanf(argv[i], "%d", &num);
 				if (r == 0 || num < 0)
 					badopt = 1;
-            } else
+				}
+			else
 				badopt = 1;
-        } else
+			}
+		else
 			badopt = 1;
 		}

@ -148,20 +160,20 @@ int MAIN(int argc, char **argv)
 	if (num < 0)
 		badopt = 1;
 	
-    if (badopt) {
+	if (badopt) 
+		{
 		BIO_printf(bio_err, "Usage: rand [options] num\n");
 		BIO_printf(bio_err, "where options are\n");
 		BIO_printf(bio_err, "-out file             - write to file\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   "-engine e             - use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, "-engine e             - use engine e, possibly a hardware device.\n");
 #endif
-        BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n",
-                   LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err, "-base64               - base64 encode output\n");
 		BIO_printf(bio_err, "-hex                  - hex encode output\n");
 		goto err;
 		}
+
 #ifndef OPENSSL_NO_ENGINE
        setup_engine(bio_err, engine, 0);
 #endif
@ -176,7 +188,8 @@ int MAIN(int argc, char **argv)
 		goto err;
 	if (outfile != NULL)
 		r = BIO_write_filename(out, outfile);
-    else {
+	else
+		{
 		r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -188,14 +201,16 @@ int MAIN(int argc, char **argv)
 	if (r <= 0)
 		goto err;

-    if (base64) {
+	if (base64)
+		{
 		BIO *b64 = BIO_new(BIO_f_base64());
 		if (b64 == NULL)
 			goto err;
 		out = BIO_push(b64, out);
 		}
 	
-    while (num > 0) {
+	while (num > 0) 
+		{
 		unsigned char buf[4096];
 		int chunk;

@ -207,7 +222,8 @@ int MAIN(int argc, char **argv)
 			goto err;
 		if (!hex) 
 			BIO_write(out, buf, chunk);
-        else {
+		else
+			{
 			for (i = 0; i < chunk; i++)
 				BIO_printf(out, "%02x", buf[i]);
 			}
--- a/apps/req.c
+++ b/apps/req.c
--- a/apps/rsa.c
+++ b/apps/rsa.c
@ -74,8 +74,7 @@
 #undef PROG
 #define PROG	rsa_main

-/*-
- * -inform arg  - input format - default PEM (one of DER, NET or PEM)
+/* -inform arg	- input format - default PEM (one of DER, NET or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@ -135,36 +134,42 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-passin") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargin= *(++argv);
-        } else if (strcmp(*argv, "-passout") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
@ -192,7 +197,8 @@ int MAIN(int argc, char **argv)
 			modulus=1;
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
-        else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
+		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -201,53 +207,42 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-        BIO_printf(bio_err,
-                   " -inform arg     input format - one of DER NET PEM\n");
-        BIO_printf(bio_err,
-                   " -outform arg    output format - one of DER NET PEM\n");
+		BIO_printf(bio_err," -inform arg     input format - one of DER NET PEM\n");
+		BIO_printf(bio_err," -outform arg    output format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -in arg         input file\n");
 		BIO_printf(bio_err," -sgckey         Use IIS SGC key format\n");
-        BIO_printf(bio_err,
-                   " -passin arg     input file pass phrase source\n");
+		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err," -out arg        output file\n");
-        BIO_printf(bio_err,
-                   " -passout arg    output file pass phrase source\n");
-        BIO_printf(bio_err,
-                   " -des            encrypt PEM output with cbc des\n");
-        BIO_printf(bio_err,
-                   " -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
+		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
+		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef OPENSSL_NO_IDEA
-        BIO_printf(bio_err,
-                   " -idea           encrypt PEM output with cbc idea\n");
+		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
 #ifndef OPENSSL_NO_SEED
-        BIO_printf(bio_err,
-                   " -seed           encrypt PEM output with cbc seed\n");
+		BIO_printf(bio_err," -seed           encrypt PEM output with cbc seed\n");
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc aes\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc camellia\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 		BIO_printf(bio_err," -text           print the key in text\n");
 		BIO_printf(bio_err," -noout          don't print key out\n");
 		BIO_printf(bio_err," -modulus        print the RSA key modulus\n");
 		BIO_printf(bio_err," -check          verify key consistency\n");
-        BIO_printf(bio_err,
-                   " -pubin          expect a public key in input file\n");
+		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
 		BIO_printf(bio_err," -pubout         output a public key\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 #endif
 		goto end;
 		}
@ -273,21 +268,25 @@ int MAIN(int argc, char **argv)
 	{
 		EVP_PKEY	*pkey;

-        if (pubin) {
+		if (pubin)
+			{
 			int tmpformat=-1;
-            if (pubin == 2) {
+			if (pubin == 2)
+				{
 				if (informat == FORMAT_PEM)
 					tmpformat = FORMAT_PEMRSA;
 				else if (informat == FORMAT_ASN1)
 					tmpformat = FORMAT_ASN1RSA;
-            } else if (informat == FORMAT_NETSCAPE && sgckey)
+				}
+			else if (informat == FORMAT_NETSCAPE && sgckey)
 				tmpformat = FORMAT_IISSGC;
 			else
 				tmpformat = informat;
 					
 			pkey = load_pubkey(bio_err, infile, tmpformat, 1,
 				passin, e, "Public Key");
-        } else
+			}
+		else
 			pkey = load_key(bio_err, infile,
 				(informat == FORMAT_NETSCAPE && sgckey ?
 					FORMAT_IISSGC : informat), 1,
@ -298,12 +297,14 @@ int MAIN(int argc, char **argv)
 		EVP_PKEY_free(pkey);
 	}

-    if (rsa == NULL) {
+	if (rsa == NULL)
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -311,73 +312,84 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
 		}

 	if (text) 
-        if (!RSA_print(out, rsa, 0)) {
+		if (!RSA_print(out,rsa,0))
+			{
 			perror(outfile);
 			ERR_print_errors(bio_err);
 			goto end;
 			}

-    if (modulus) {
+	if (modulus)
+		{
 		BIO_printf(out,"Modulus=");
 		BN_print(out,rsa->n);
 		BIO_printf(out,"\n");
 		}

-    if (check) {
+	if (check)
+		{
 		int r = RSA_check_key(rsa);

 		if (r == 1)
 			BIO_printf(out,"RSA key ok\n");
-        else if (r == 0) {
+		else if (r == 0)
+			{
 			unsigned long err;

 			while ((err = ERR_peek_error()) != 0 &&
 				ERR_GET_LIB(err) == ERR_LIB_RSA &&
 				ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
-                   ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
-                BIO_printf(out, "RSA key error: %s\n",
-                           ERR_reason_error_string(err));
+				ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
+				{
+				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
 				ERR_get_error(); /* remove e from error stack */
 				}
 			}
 		
-        if (r == -1 || ERR_peek_error() != 0) { /* should happen only if r ==
-                                                 * -1 */
+		if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 		
-    if (noout) {
+	if (noout)
+		{
 		ret = 0;
 		goto end;
 		}
 	BIO_printf(bio_err,"writing RSA key\n");
 	if 	(outformat == FORMAT_ASN1) {
-        if (pubout || pubin) {
+		if(pubout || pubin) 
+			{
 			if (pubout == 2)
 				i=i2d_RSAPublicKey_bio(out,rsa);
 			else
 				i=i2d_RSA_PUBKEY_bio(out,rsa);
-        } else
-            i = i2d_RSAPrivateKey_bio(out, rsa);
+			}
+		else i=i2d_RSAPrivateKey_bio(out,rsa);
 	}
 #ifndef OPENSSL_NO_RC4
-    else if (outformat == FORMAT_NETSCAPE) {
+	else if (outformat == FORMAT_NETSCAPE)
+		{
 		unsigned char *p,*pp;
 		int size;

 		i=1;
 		size=i2d_RSA_NET(rsa,NULL,NULL, sgckey);
-        if ((p = (unsigned char *)OPENSSL_malloc(size)) == NULL) {
+		if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL)
+			{
 			BIO_printf(bio_err,"Memory allocation failure\n");
 			goto end;
 			}
@ -388,13 +400,14 @@ int MAIN(int argc, char **argv)
 		}
 #endif
 	else if (outformat == FORMAT_PEM) {
-        if (pubout || pubin) {
+		if(pubout || pubin)
+			{
 			if (pubout == 2)
 		    		i=PEM_write_bio_RSAPublicKey(out,rsa);
 			else
 		    		i=PEM_write_bio_RSA_PUBKEY(out,rsa);
-        } else
-            i = PEM_write_bio_RSAPrivateKey(out, rsa,
+			}
+		else i=PEM_write_bio_RSAPrivateKey(out,rsa,
 						enc,NULL,0,NULL,passout);
 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
 	} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
@ -413,20 +426,18 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
-    if (i <= 0) {
+	if (i <= 0)
+		{
 		BIO_printf(bio_err,"unable to write key\n");
 		ERR_print_errors(bio_err);
-    } else
+		}
+	else
 		ret=0;
 end:
-    if (out != NULL)
-        BIO_free_all(out);
-    if (rsa != NULL)
-        RSA_free(rsa);
-    if (passin)
-        OPENSSL_free(passin);
-    if (passout)
-        OPENSSL_free(passout);
+	if(out != NULL) BIO_free_all(out);
+	if(rsa != NULL) RSA_free(rsa);
+	if(passin) OPENSSL_free(passin);
+	if(passout) OPENSSL_free(passout);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@ -1,7 +1,6 @@
 /* rsautl.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2000.
 */
 /* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@ -109,8 +108,7 @@ int MAIN(int argc, char **argv)
 	argc--;
 	argv++;

-    if (!bio_err)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+	if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);

 	if (!load_config(bio_err, NULL))
 		goto end;
@ -118,7 +116,8 @@ int MAIN(int argc, char **argv)
 	OpenSSL_add_all_algorithms();
 	pad = RSA_PKCS1_PADDING;
 	
-    while (argc >= 1) {
+	while(argc >= 1)
+	{
 		if (!strcmp(*argv,"-in")) {
 			if (--argc < 1)
 				badarg = 1;
@ -155,34 +154,24 @@ int MAIN(int argc, char **argv)
 			key_type = KEY_PUBKEY;
 		} else if(!strcmp(*argv, "-certin")) {
 			key_type = KEY_CERT;
-        } else if (!strcmp(*argv, "-asn1parse"))
-            asn1parse = 1;
-        else if (!strcmp(*argv, "-hexdump"))
-            hexdump = 1;
-        else if (!strcmp(*argv, "-raw"))
-            pad = RSA_NO_PADDING;
-        else if (!strcmp(*argv, "-oaep"))
-            pad = RSA_PKCS1_OAEP_PADDING;
-        else if (!strcmp(*argv, "-ssl"))
-            pad = RSA_SSLV23_PADDING;
-        else if (!strcmp(*argv, "-pkcs"))
-            pad = RSA_PKCS1_PADDING;
-        else if (!strcmp(*argv, "-x931"))
-            pad = RSA_X931_PADDING;
+		} 
+		else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1;
+		else if(!strcmp(*argv, "-hexdump")) hexdump = 1;
+		else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING;
+		else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
+		else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
+		else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
+		else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
 		else if(!strcmp(*argv, "-sign")) {
 			rsa_mode = RSA_SIGN;
 			need_priv = 1;
-        } else if (!strcmp(*argv, "-verify"))
-            rsa_mode = RSA_VERIFY;
-        else if (!strcmp(*argv, "-rev"))
-            rev = 1;
-        else if (!strcmp(*argv, "-encrypt"))
-            rsa_mode = RSA_ENCRYPT;
+		} else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY;
+		else if(!strcmp(*argv, "-rev")) rev = 1;
+		else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT;
 		else if(!strcmp(*argv, "-decrypt")) {
 			rsa_mode = RSA_DECRYPT;
 			need_priv = 1;
-        } else
-            badarg = 1;
+		} else badarg = 1;
 		if(badarg) {
 			usage();
 			goto end;
@ -195,6 +184,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "A private key is needed for this operation\n");
 		goto end;
 	}
+
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif
@ -218,7 +208,8 @@ int MAIN(int argc, char **argv)
 		break;

 		case KEY_CERT:
-        x = load_cert(bio_err, keyfile, keyform, NULL, e, "Certificate");
+		x = load_cert(bio_err, keyfile, keyform,
+			NULL, e, "Certificate");
 		if(x) {
 			pkey = X509_get_pubkey(x);
 			X509_free(x);
@ -239,14 +230,14 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

+
 	if(infile) {
 		if(!(in = BIO_new_file(infile, "rb"))) {
 			BIO_printf(bio_err, "Error Reading Input File\n");
 			ERR_print_errors(bio_err);	
 			goto end;
 		}
-    } else
-        in = BIO_new_fp(stdin, BIO_NOCLOSE);
+	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);

 	if(outfile) {
 		if(!(out = BIO_new_file(outfile, "wb"))) {
@ -268,11 +259,6 @@ int MAIN(int argc, char **argv)

 	rsa_in = OPENSSL_malloc(keysize * 2);
 	rsa_out = OPENSSL_malloc(keysize);
-    if (!rsa_in || !rsa_out) {
-        BIO_printf(bio_err, "Out of memory\n");
-        ERR_print_errors(bio_err);
-        goto end;
-    }

 	/* Read the input data */
 	rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
@ -296,8 +282,7 @@ int MAIN(int argc, char **argv)
 		break;

 		case RSA_SIGN:
-        rsa_outlen =
-            RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+			rsa_outlen  = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
 		break;

 		case RSA_ENCRYPT:
@ -305,8 +290,7 @@ int MAIN(int argc, char **argv)
 		break;

 		case RSA_DECRYPT:
-        rsa_outlen =
-            RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+			rsa_outlen  = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
 		break;

 	}
@ -321,20 +305,15 @@ int MAIN(int argc, char **argv)
 		if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
 			ERR_print_errors(bio_err);
 		}
-    } else if (hexdump)
-        BIO_dump(out, (char *)rsa_out, rsa_outlen);
-    else
-        BIO_write(out, rsa_out, rsa_outlen);
+	} else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
+	else BIO_write(out, rsa_out, rsa_outlen);
 	end:
 	RSA_free(rsa);
 	BIO_free(in);
 	BIO_free_all(out);
-    if (rsa_in)
-        OPENSSL_free(rsa_in);
-    if (rsa_out)
-        OPENSSL_free(rsa_out);
-    if (passin)
-        OPENSSL_free(passin);
+	if(rsa_in) OPENSSL_free(rsa_in);
+	if(rsa_out) OPENSSL_free(rsa_out);
+	if(passin) OPENSSL_free(passin);
 	return ret;
 }

@ -346,12 +325,10 @@ static void usage()
 	BIO_printf(bio_err, "-inkey file     input key\n");
 	BIO_printf(bio_err, "-keyform arg    private key format - default PEM\n");
 	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
-    BIO_printf(bio_err,
-               "-certin         input is a certificate carrying an RSA public key\n");
+	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
 	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
 	BIO_printf(bio_err, "-raw            use no padding\n");
-    BIO_printf(bio_err,
-               "-pkcs           use PKCS#1 v1.5 padding (default)\n");
+	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
 	BIO_printf(bio_err, "-oaep           use PKCS#1 OAEP\n");
 	BIO_printf(bio_err, "-sign           sign with private key\n");
 	BIO_printf(bio_err, "-verify         verify with public key\n");
@ -359,8 +336,7 @@ static void usage()
 	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
 	BIO_printf(bio_err, "-hexdump        hex dump output\n");
 #ifndef OPENSSL_NO_ENGINE
-    BIO_printf(bio_err,
-               "-engine e       use engine e, possibly a hardware device.\n");
+	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 	BIO_printf (bio_err, "-passin arg    pass phrase source\n");
 #endif

--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@ -108,8 +108,7 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* conflicts with winsock2 stuff on netware */
-#if !defined(OPENSSL_SYS_NETWARE)
+#if !defined(OPENSSL_SYS_NETWARE)  /* conflicts with winsock2 stuff on netware */
 #include <sys/types.h>
 #endif
 #include <openssl/opensslconf.h>
@ -123,9 +122,7 @@
 #endif

 #if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
-/*
- * VAX C does not defined fd_set and friends, but it's actually quite simple
- */
+/* VAX C does not defined fd_set and friends, but it's actually quite simple */
 /* These definitions are borrowed from SOCKETSHR.	/Richard Levitte */
 #define MAX_NOFILE	32
 #define	NBBY		 8		/* number of bits in a byte	*/
@ -151,9 +148,7 @@ typedef fd_mask fd_set;
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"

-int do_server(int port, int type, int *ret,
-              int (*cb) (char *hostname, int s, unsigned char *context),
-              unsigned char *context);
+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, unsigned char *context), unsigned char *context);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #endif
@ -164,21 +159,18 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
 int init_client(int *sock, char *server, int port, int type);
 int should_retry(int i);
 int extract_port(char *str, short *port_ptr);
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
-                      short *p);
+int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);

 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
 				   int argi, long argl, long ret);

 #ifdef HEADER_SSL_H
 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
-void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
-                        const void *buf, size_t len, SSL *ssl, void *arg);
+void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
 void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
-                           unsigned char *data, int len, void *arg);
+					unsigned char *data, int len,
+					void *arg);
 #endif

-int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
-                                         unsigned int *cookie_len);
-int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie,
-                                       unsigned int cookie_len);
+int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
+int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len);
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
@ -111,7 +111,6 @@

 #include <stdio.h>
 #include <stdlib.h>
-#include <string.h> /* for memcpy() */
 #define USE_SOCKETS
 #define NON_MAIN
 #include "apps.h"
@ -141,25 +140,32 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)
 	depth=	X509_STORE_CTX_get_error_depth(ctx);

 	BIO_printf(bio_err,"depth=%d ",depth);
-    if (err_cert) {
+	if (err_cert)
+		{
 		X509_NAME_print_ex(bio_err, X509_get_subject_name(err_cert),
 					0, XN_FLAG_ONELINE);
 		BIO_puts(bio_err, "\n");
-    } else
+		}
+	else
 		BIO_puts(bio_err, "<no cert>\n");
-    if (!ok) {
+	if (!ok)
+		{
 		BIO_printf(bio_err,"verify error:num=%d:%s\n",err,
 			X509_verify_cert_error_string(err));
-        if (verify_depth >= depth) {
+		if (verify_depth >= depth)
+			{
 			if (!verify_return_error)
 				ok=1;
 			verify_error=X509_V_OK;
-        } else {
+			}
+		else
+			{
 			ok=0;
 			verify_error=X509_V_ERR_CERT_CHAIN_TOO_LONG;
 			}
 		}
-    switch (err) {
+	switch (err)
+		{
 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
 		BIO_puts(bio_err,"issuer= ");
 		X509_NAME_print_ex(bio_err, X509_get_issuer_name(err_cert),
@ -191,29 +197,30 @@ int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx)

 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 	{
-    if (cert_file != NULL) {
-        /*-
+	if (cert_file != NULL)
+		{
+		/*
 		SSL *ssl;
 		X509 *x509;
 		*/

 		if (SSL_CTX_use_certificate_file(ctx,cert_file,
-                                         SSL_FILETYPE_PEM) <= 0) {
-            BIO_printf(bio_err, "unable to get certificate from '%s'\n",
-                       cert_file);
+			SSL_FILETYPE_PEM) <= 0)
+			{
+			BIO_printf(bio_err,"unable to get certificate from '%s'\n",cert_file);
 			ERR_print_errors(bio_err);
 			return(0);
 			}
-        if (key_file == NULL)
-            key_file = cert_file;
-        if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) {
-            BIO_printf(bio_err, "unable to get private key from '%s'\n",
-                       key_file);
+		if (key_file == NULL) key_file=cert_file;
+		if (SSL_CTX_use_PrivateKey_file(ctx,key_file,
+			SSL_FILETYPE_PEM) <= 0)
+			{
+			BIO_printf(bio_err,"unable to get private key from '%s'\n",key_file);
 			ERR_print_errors(bio_err);
 			return(0);
 			}

-        /*-
+		/*
 		In theory this is no longer needed 
 		ssl=SSL_new(ctx);
 		x509=SSL_get_certificate(ssl);
@ -228,18 +235,15 @@ int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file)
 		SSL_free(ssl);
 		*/

-        /*
-         * If we are using DSA, we can copy the parameters from the private
-         * key
-         */
+		/* If we are using DSA, we can copy the parameters from
+		 * the private key */

-        /*
-         * Now we know that a key and cert have been set against the SSL
-         * context
-         */
-        if (!SSL_CTX_check_private_key(ctx)) {
-            BIO_printf(bio_err,
-                       "Private key does not match the certificate public key\n");
+
+		/* Now we know that a key and cert have been set against
+		 * the SSL context */
+		if (!SSL_CTX_check_private_key(ctx))
+			{
+			BIO_printf(bio_err,"Private key does not match the certificate public key\n");
 			return(0);
 			}
 		}
@ -250,23 +254,25 @@ int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key)
 	{
 	if (cert ==  NULL)
 		return 1;
-    if (SSL_CTX_use_certificate(ctx, cert) <= 0) {
+	if (SSL_CTX_use_certificate(ctx,cert) <= 0)
+		{
 		BIO_printf(bio_err,"error setting certificate\n");
 		ERR_print_errors(bio_err);
 		return 0;
 		}
-    if (SSL_CTX_use_PrivateKey(ctx, key) <= 0) {
+	if (SSL_CTX_use_PrivateKey(ctx,key) <= 0)
+		{
 		BIO_printf(bio_err,"error setting private key\n");
 		ERR_print_errors(bio_err);
 		return 0;
 		}

-    /*
-     * Now we know that a key and cert have been set against the SSL context
-     */
-    if (!SSL_CTX_check_private_key(ctx)) {
-        BIO_printf(bio_err,
-                   "Private key does not match the certificate public key\n");
+		
+		/* Now we know that a key and cert have been set against
+		 * the SSL context */
+	if (!SSL_CTX_check_private_key(ctx))
+		{
+		BIO_printf(bio_err,"Private key does not match the certificate public key\n");
 		return 0;
 		}
 	return 1;
@ -278,15 +284,17 @@ long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
 	BIO *out;

 	out=(BIO *)BIO_get_callback_arg(bio);
-    if (out == NULL)
-        return (ret);
+	if (out == NULL) return(ret);

-    if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) {
+	if (cmd == (BIO_CB_READ|BIO_CB_RETURN))
+		{
 		BIO_printf(out,"read from %p [%p] (%lu bytes => %ld (0x%lX))\n",
 			(void *)bio,argp,(unsigned long)argi,ret,ret);
 		BIO_dump(out,argp,(int)ret);
 		return(ret);
-    } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) {
+		}
+	else if (cmd == (BIO_CB_WRITE|BIO_CB_RETURN))
+		{
 		BIO_printf(out,"write to %p [%p] (%lu bytes => %ld (0x%lX))\n",
 			(void *)bio,argp,(unsigned long)argi,ret,ret);
 		BIO_dump(out,argp,(int)ret);
@ -301,42 +309,45 @@ void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret)

 	w=where& ~SSL_ST_MASK;

-    if (w & SSL_ST_CONNECT)
-        str = "SSL_connect";
-    else if (w & SSL_ST_ACCEPT)
-        str = "SSL_accept";
-    else
-        str = "undefined";
+	if (w & SSL_ST_CONNECT) str="SSL_connect";
+	else if (w & SSL_ST_ACCEPT) str="SSL_accept";
+	else str="undefined";

-    if (where & SSL_CB_LOOP) {
+	if (where & SSL_CB_LOOP)
+		{
 		BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
-    } else if (where & SSL_CB_ALERT) {
+		}
+	else if (where & SSL_CB_ALERT)
+		{
 		str=(where & SSL_CB_READ)?"read":"write";
 		BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
 			str,
 			SSL_alert_type_string_long(ret),
 			SSL_alert_desc_string_long(ret));
-    } else if (where & SSL_CB_EXIT) {
+		}
+	else if (where & SSL_CB_EXIT)
+		{
 		if (ret == 0)
 			BIO_printf(bio_err,"%s:failed in %s\n",
 				str,SSL_state_string_long(s));
-        else if (ret < 0) {
+		else if (ret < 0)
+			{
 			BIO_printf(bio_err,"%s:error in %s\n",
 				str,SSL_state_string_long(s));
 			}
 		}
 	}

-void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
-                        const void *buf, size_t len, SSL *ssl, void *arg)
+
+void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)
 	{
 	BIO *bio = arg;
-    const char *str_write_p, *str_version, *str_content_type =
-        "", *str_details1 = "", *str_details2 = "";
+	const char *str_write_p, *str_version, *str_content_type = "", *str_details1 = "", *str_details2= "";
 	
 	str_write_p = write_p ? ">>>" : "<<<";

-    switch (version) {
+	switch (version)
+		{
 	case SSL2_VERSION:
 		str_version = "SSL 2.0";
 		break;
@ -362,20 +373,23 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
 		str_version = "???";
 		}

-    if (version == SSL2_VERSION) {
+	if (version == SSL2_VERSION)
+		{
 		str_details1 = "???";

-        if (len > 0) {
-            switch (((const unsigned char *)buf)[0]) {
+		if (len > 0)
+			{
+			switch (((const unsigned char*)buf)[0])
+				{
 				case 0:
 					str_details1 = ", ERROR:";
 					str_details2 = " ???";
-                if (len >= 3) {
-                    unsigned err =
-                        (((const unsigned char *)buf)[1] << 8) +
-                        ((const unsigned char *)buf)[2];
+					if (len >= 3)
+						{
+						unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2];
 						
-                    switch (err) {
+						switch (err)
+							{
 						case 0x0001:
 							str_details2 = " NO-CIPHER-ERROR";
 							break;
@ -424,8 +438,11 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
 	    version == TLS1_VERSION ||
 	    version == TLS1_1_VERSION ||
 	    version == TLS1_2_VERSION ||
-        version == DTLS1_VERSION || version == DTLS1_BAD_VER) {
-        switch (content_type) {
+	    version == DTLS1_VERSION ||
+	    version == DTLS1_BAD_VER)
+		{
+		switch (content_type)
+			{
 		case 20:
 			str_content_type = "ChangeCipherSpec";
 			break;
@ -437,11 +454,14 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
 			break;
 			}

-        if (content_type == 21) { /* Alert */
+		if (content_type == 21) /* Alert */
+			{
 			str_details1 = ", ???";
 			
-            if (len == 2) {
-                switch (((const unsigned char *)buf)[0]) {
+			if (len == 2)
+				{
+				switch (((const unsigned char*)buf)[0])
+					{
 				case 1:
 					str_details1 = ", warning";
 					break;
@ -451,7 +471,8 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
 					}

 				str_details2 = " ???";
-                switch (((const unsigned char *)buf)[1]) {
+				switch (((const unsigned char*)buf)[1])
+					{
 				case 0:
 					str_details2 = " close_notify";
 					break;
@ -543,11 +564,14 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
 				}
 			}
 		
-        if (content_type == 22) { /* Handshake */
+		if (content_type == 22) /* Handshake */
+			{
 			str_details1 = "???";

-            if (len > 0) {
-                switch (((const unsigned char *)buf)[0]) {
+			if (len > 0)
+				{
+				switch (((const unsigned char*)buf)[0])
+					{
 				case 0:
 					str_details1 = ", HelloRequest";
 					break;
@ -584,12 +608,16 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
 					}
 				}
 			}
+
 #ifndef OPENSSL_NO_HEARTBEATS
-        if (content_type == 24) { /* Heartbeat */
+		if (content_type == 24) /* Heartbeat */
+			{
 			str_details1 = ", Heartbeat";
 			
-            if (len > 0) {
-                switch (((const unsigned char *)buf)[0]) {
+			if (len > 0)
+				{
+				switch (((const unsigned char*)buf)[0])
+					{
 				case 1:
 					str_details1 = ", HeartbeatRequest";
 					break;
@ -602,11 +630,10 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
 #endif
 		}

-    BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version,
-               str_content_type, (unsigned long)len, str_details1,
-               str_details2);
+	BIO_printf(bio, "%s %s%s [length %04lx]%s%s\n", str_write_p, str_version, str_content_type, (unsigned long)len, str_details1, str_details2);

-    if (len > 0) {
+	if (len > 0)
+		{
 		size_t num, i;
 		
 		BIO_printf(bio, "   ");
@ -615,7 +642,8 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
 		if (num > 16)
 			num = 16;
 #endif
-        for (i = 0; i < num; i++) {
+		for (i = 0; i < num; i++)
+			{
 			if (i % 16 == 0 && i > 0)
 				BIO_printf(bio, "\n   ");
 			BIO_printf(bio, " %02x", ((const unsigned char*)buf)[i]);
@ -628,12 +656,14 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
 	}

 void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
-                           unsigned char *data, int len, void *arg)
+					unsigned char *data, int len,
+					void *arg)
 	{
 	BIO *bio = arg;
 	char *extname;

-    switch (type) {
+	switch(type)
+		{
 		case TLSEXT_TYPE_server_name:
 		extname = "server name";
 		break;
@ -728,13 +758,13 @@ void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
 		}
 	
 	BIO_printf(bio, "TLS %s extension \"%s\" (id=%d), len=%d\n",
-               client_server ? "server" : "client", extname, type, len);
+			client_server ? "server": "client",
+			extname, type, len);
 	BIO_dump(bio, (char *)data, len);
 	(void)BIO_flush(bio);
 	}

-int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
-                                         unsigned int *cookie_len)
+int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len)
 	{
 	unsigned char *buffer, result[EVP_MAX_MD_SIZE];
 	unsigned int length, resultlength;
@ -747,8 +777,10 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
 	} peer;

 	/* Initialize a random secret */
-    if (!cookie_initialized) {
-        if (RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH) <= 0) {
+	if (!cookie_initialized)
+		{
+		if (!RAND_bytes(cookie_secret, COOKIE_SECRET_LENGTH))
+			{
 			BIO_printf(bio_err,"error setting random cookie secret\n");
 			return 0;
 			}
@ -760,7 +792,8 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,

 	/* Create buffer with peer's address and port */
 	length = 0;
-    switch (peer.sa.sa_family) {
+	switch (peer.sa.sa_family)
+		{
 	case AF_INET:
 		length += sizeof(struct in_addr);
 		length += sizeof(peer.s4.sin_port);
@ -777,22 +810,30 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
 		}
 	buffer = OPENSSL_malloc(length);

-    if (buffer == NULL) {
+	if (buffer == NULL)
+		{
 		BIO_printf(bio_err,"out of memory\n");
 		return 0;
 		}

-    switch (peer.sa.sa_family) {
+	switch (peer.sa.sa_family)
+		{
 	case AF_INET:
-        memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port));
+		memcpy(buffer,
+		       &peer.s4.sin_port,
+		       sizeof(peer.s4.sin_port));
 		memcpy(buffer + sizeof(peer.s4.sin_port),
-               &peer.s4.sin_addr, sizeof(struct in_addr));
+		       &peer.s4.sin_addr,
+		       sizeof(struct in_addr));
 		break;
 #if OPENSSL_USE_IPV6
 	case AF_INET6:
-        memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port));
+		memcpy(buffer,
+		       &peer.s6.sin6_port,
+		       sizeof(peer.s6.sin6_port));
 		memcpy(buffer + sizeof(peer.s6.sin6_port),
-               &peer.s6.sin6_addr, sizeof(struct in6_addr));
+		       &peer.s6.sin6_addr,
+		       sizeof(struct in6_addr));
 		break;
 #endif
 	default:
@ -811,8 +852,7 @@ int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
 	return 1;
 	}

-int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie,
-                                       unsigned int cookie_len)
+int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len)
 	{
 	unsigned char *buffer, result[EVP_MAX_MD_SIZE];
 	unsigned int length, resultlength;
@ -833,7 +873,8 @@ int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie,

 	/* Create buffer with peer's address and port */
 	length = 0;
-    switch (peer.sa.sa_family) {
+	switch (peer.sa.sa_family)
+		{
 	case AF_INET:
 		length += sizeof(struct in_addr);
 		length += sizeof(peer.s4.sin_port);
@ -850,22 +891,30 @@ int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie,
 		}
 	buffer = OPENSSL_malloc(length);
 	
-    if (buffer == NULL) {
+	if (buffer == NULL)
+		{
 		BIO_printf(bio_err,"out of memory\n");
 		return 0;
 		}

-    switch (peer.sa.sa_family) {
+	switch (peer.sa.sa_family)
+		{
 	case AF_INET:
-        memcpy(buffer, &peer.s4.sin_port, sizeof(peer.s4.sin_port));
+		memcpy(buffer,
+		       &peer.s4.sin_port,
+		       sizeof(peer.s4.sin_port));
 		memcpy(buffer + sizeof(peer.s4.sin_port),
-               &peer.s4.sin_addr, sizeof(struct in_addr));
+		       &peer.s4.sin_addr,
+		       sizeof(struct in_addr));
 		break;
 #if OPENSSL_USE_IPV6
 	case AF_INET6:
-        memcpy(buffer, &peer.s6.sin6_port, sizeof(peer.s6.sin6_port));
+		memcpy(buffer,
+		       &peer.s6.sin6_port,
+		       sizeof(peer.s6.sin6_port));
 		memcpy(buffer + sizeof(peer.s6.sin6_port),
-               &peer.s6.sin6_addr, sizeof(struct in6_addr));
+		       &peer.s6.sin6_addr,
+		       sizeof(struct in6_addr));
 		break;
 #endif
 	default:
@ -878,8 +927,7 @@ int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie,
 	     buffer, length, result, &resultlength);
 	OPENSSL_free(buffer);

-    if (cookie_len == resultlength
-        && memcmp(result, cookie, resultlength) == 0)
+	if (cookie_len == resultlength && memcmp(result, cookie, resultlength) == 0)
 		return 1;

 	return 0;
--- a/apps/s_client.c
+++ b/apps/s_client.c
--- a/apps/s_server.c
+++ b/apps/s_server.c
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@ -1,6 +1,4 @@
-/*
- * apps/s_socket.c - socket-related functions used by s_client and s_server
- */
+/* apps/s_socket.c -  socket-related functions used by s_client and s_server */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -70,12 +68,10 @@
 #include "../e_os2.h"
 #endif

-/*
- * With IPv6, it looks like Digital has mixed up the proper order of
- * recursive header file inclusion, resulting in the compiler complaining
- * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
- * needed to have fileno() declared correctly...  So let's define u_int
- */
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
 #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
 #define __U_INT
 typedef unsigned int u_int;
@ -135,8 +131,10 @@ extern HINSTANCE _hInstance;    /* nice global CRT provides */
 static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
 	     LPARAM lParam)
 	{
-    if (hwnd == topWnd) {
-        switch (message) {
+	if (hwnd == topWnd)
+		{
+		switch(message)
+			{
 		case WM_DESTROY:
 		case WM_CLOSE:
 			SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
@ -159,7 +157,8 @@ static BOOL CALLBACK enumproc(HWND hwnd, LPARAM lParam)
 #ifdef OPENSSL_SYS_WINDOWS
 static void ssl_sock_cleanup(void)
 	{
-    if (wsa_init_done) {
+	if (wsa_init_done)
+		{
 		wsa_init_done=0;
 #ifndef OPENSSL_SYS_WINCE
 		WSACancelBlockingCall();
@ -170,7 +169,8 @@ static void ssl_sock_cleanup(void)
 #elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
 static void sock_cleanup(void)
    {
-    if (wsa_init_done) {
+    if (wsa_init_done)
+        {
        wsa_init_done=0;
 		WSACleanup();
 		}
@ -185,7 +185,8 @@ static int ssl_sock_init(void)
 	if (sock_init())
 		return (0);
 #elif defined(OPENSSL_SYS_WINDOWS)
-    if (!wsa_init_done) {
+	if (!wsa_init_done)
+		{
 		int err;
 	  
 #ifdef SIGINT
@ -193,12 +194,13 @@ static int ssl_sock_init(void)
 #endif
 		wsa_init_done=1;
 		memset(&wsa_state,0,sizeof(wsa_state));
-        if (WSAStartup(0x0101, &wsa_state) != 0) {
+		if (WSAStartup(0x0101,&wsa_state)!=0)
+			{
 			err=WSAGetLastError();
-            BIO_printf(bio_err, "unable to start WINSOCK, error code=%d\n",
-                       err);
+			BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err);
 			return(0);
 			}
+
 #ifdef OPENSSL_SYS_WIN16
 		EnumTaskWindows(GetCurrentTask(),enumproc,0L);
 		lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
@ -212,7 +214,8 @@ static int ssl_sock_init(void)
   WSADATA wsaData;
   int err;

-    if (!wsa_init_done) {
+   if (!wsa_init_done)
+      {
   
 # ifdef SIGINT
      signal(SIGINT,(void (*)(int))sock_cleanup);
@ -221,9 +224,9 @@ static int ssl_sock_init(void)
      wsa_init_done=1;
      wVerReq = MAKEWORD( 2, 0 );
      err = WSAStartup(wVerReq,&wsaData);
-        if (err != 0) {
-            BIO_printf(bio_err, "unable to start WINSOCK2, error code=%d\n",
-                       err);
+      if (err != 0)
+         {
+         BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err);
         return(0);
         }
      }
@ -247,8 +250,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
 	struct sockaddr_in them;
 	int s,i;

-    if (!ssl_sock_init())
-        return (0);
+	if (!ssl_sock_init()) return(0);

 	memset((char *)&them,0,sizeof(them));
 	them.sin_family=AF_INET;
@ -256,7 +258,8 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
 	addr=(unsigned long)
 		((unsigned long)ip[0]<<24L)|
 		((unsigned long)ip[1]<<16L)|
-        ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
+		((unsigned long)ip[2]<< 8L)|
+		((unsigned long)ip[3]);
 	them.sin_addr.s_addr=htonl(addr);

 	if (type == SOCK_STREAM)
@ -264,61 +267,55 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
 	else /* ( type == SOCK_DGRAM) */
 		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
 			
-    if (s == INVALID_SOCKET) {
-        perror("socket");
-        return (0);
-    }
+	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+
 #if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
-    if (type == SOCK_STREAM) {
+	if (type == SOCK_STREAM)
+		{
 		i=0;
 		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-        if (i < 0) {
-            closesocket(s);
-            perror("keepalive");
-            return (0);
-        }
+		if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
 		}
 #endif

-    if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
-        closesocket(s);
-        perror("connect");
-        return (0);
-    }
+	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
+		{ closesocket(s); perror("connect"); return(0); }
 	*sock=s;
 	return(1);
 	}

-int do_server(int port, int type, int *ret,
-              int (*cb) (char *hostname, int s, unsigned char *context),
-              unsigned char *context)
+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, unsigned char *context), unsigned char *context)
 	{
 	int sock;
 	char *name = NULL;
 	int accept_socket = 0;
 	int i;

-    if (!init_server(&accept_socket, port, type))
-        return (0);
+	if (!init_server(&accept_socket,port,type)) return(0);

-    if (ret != NULL) {
+	if (ret != NULL)
+		{
 		*ret=accept_socket;
 		/* return(1);*/
 		}
-    for (;;) {
-        if (type == SOCK_STREAM) {
-            if (do_accept(accept_socket, &sock, &name) == 0) {
+  	for (;;)
+  		{
+		if (type==SOCK_STREAM)
+			{
+			if (do_accept(accept_socket,&sock,&name) == 0)
+				{
 				SHUTDOWN(accept_socket);
 				return(0);
 				}
-        } else
+			}
+		else
 			sock = accept_socket;
 		i=(*cb)(name,sock, context);
-        if (name != NULL)
-            OPENSSL_free(name);
+		if (name != NULL) OPENSSL_free(name);
 		if (type==SOCK_STREAM)
 			SHUTDOWN2(sock);
-        if (i < 0) {
+		if (i < 0)
+			{
 			SHUTDOWN2(accept_socket);
 			return(i);
 			}
@ -331,8 +328,7 @@ static int init_server_long(int *sock, int port, char *ip, int type)
 	struct sockaddr_in server;
 	int s= -1;

-    if (!ssl_sock_init())
-        return (0);
+	if (!ssl_sock_init()) return(0);

 	memset((char *)&server,0,sizeof(server));
 	server.sin_family=AF_INET;
@ -352,27 +348,28 @@ static int init_server_long(int *sock, int port, char *ip, int type)
 		else /* type == SOCK_DGRAM */
 			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);

-    if (s == INVALID_SOCKET)
-        goto err;
+	if (s == INVALID_SOCKET) goto err;
 #if defined SOL_SOCKET && defined SO_REUSEADDR
 		{
 		int j = 1;
-        setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
+		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
+			   (void *) &j, sizeof j);
 		}
 #endif
-    if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
+	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+		{
 #ifndef OPENSSL_SYS_WINDOWS
 		perror("bind");
 #endif
 		goto err;
 		}
 	/* Make it 128 for linux */
-    if (type == SOCK_STREAM && listen(s, 128) == -1)
-        goto err;
+	if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
 	*sock=s;
 	ret=1;
 err:
-    if ((ret == 0) && (s != -1)) {
+	if ((ret == 0) && (s != -1))
+		{
 		SHUTDOWN(s);
 		}
 	return(ret);
@ -391,8 +388,7 @@ static int do_accept(int acc_sock, int *sock, char **host)
 	int len;
 /*	struct linger ling; */

-    if (!ssl_sock_init())
-        return (0);
+	if (!ssl_sock_init()) return(0);

 #ifndef OPENSSL_SYS_WINDOWS
 redoit:
@ -400,23 +396,22 @@ static int do_accept(int acc_sock, int *sock, char **host)

 	memset((char *)&from,0,sizeof(from));
 	len=sizeof(from);
-    /*
-     * Note: under VMS with SOCKETSHR the fourth parameter is currently of
-     * type (int *) whereas under other systems it is (void *) if you don't
-     * have a cast it will choke the compiler: if you do have a cast then you
-     * can either go for (int *) or (void *).
+	/* Note: under VMS with SOCKETSHR the fourth parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
 	 */
 	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
-    if (ret == INVALID_SOCKET) {
+	if (ret == INVALID_SOCKET)
+		{
 #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
 		int i;
 		i=WSAGetLastError();
 		BIO_printf(bio_err,"accept error %d\n",i);
 #else
-        if (errno == EINTR) {
-            /*
-             * check_timeout();
-             */
+		if (errno == EINTR)
+			{
+			/*check_timeout(); */
 			goto redoit;
 			}
 		fprintf(stderr,"errno=%d ",errno);
@ -425,7 +420,7 @@ static int do_accept(int acc_sock, int *sock, char **host)
 		return(0);
 		}

-/*-
+/*
 	ling.l_onoff=1;
 	ling.l_linger=0;
 	i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
@ -435,8 +430,7 @@ static int do_accept(int acc_sock, int *sock, char **host)
 	if (i < 0) { perror("keepalive"); return(0); }
 */

-    if (host == NULL)
-        goto end;
+	if (host == NULL) goto end;
 #ifndef BIT_FIELD_LIMITS
 	/* I should use WSAAsyncGetHostByName() under windows */
 	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
@ -445,12 +439,16 @@ static int do_accept(int acc_sock, int *sock, char **host)
 	h1=gethostbyaddr((char *)&from.sin_addr,
 		sizeof(struct in_addr),AF_INET);
 #endif
-    if (h1 == NULL) {
+	if (h1 == NULL)
+		{
 		BIO_printf(bio_err,"bad gethostbyaddr\n");
 		*host=NULL;
 		/* return(0); */
-    } else {
-        if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {
+		}
+	else
+		{
+		if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
+			{
 			perror("OPENSSL_malloc");
 			closesocket(ret);
 			return(0);
@ -458,12 +456,14 @@ static int do_accept(int acc_sock, int *sock, char **host)
 		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);

 		h2=GetHostByName(*host);
-        if (h2 == NULL) {
+		if (h2 == NULL)
+			{
 			BIO_printf(bio_err,"gethostbyname failure\n");
 			closesocket(ret);
 			return(0);
 			}
-        if (h2->h_addrtype != AF_INET) {
+		if (h2->h_addrtype != AF_INET)
+			{
 			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
 			closesocket(ret);
 			return(0);
@ -481,7 +481,8 @@ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,

 	h=str;
 	p=strchr(str,':');
-    if (p == NULL) {
+	if (p == NULL)
+		{
 		BIO_printf(bio_err,"no port defined\n");
 		return(0);
 		}
@ -489,8 +490,7 @@ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,

 	if ((ip != NULL) && !host_ip(str,ip))
 		goto err;
-    if (host_ptr != NULL)
-        *host_ptr = h;
+	if (host_ptr != NULL) *host_ptr=h;

 	if (!extract_port(p,port_ptr))
 		goto err;
@ -504,10 +504,11 @@ static int host_ip(char *str, unsigned char ip[4])
 	unsigned int in[4]; 
 	int i;

-    if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
-        4) {
+	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
+		{
 		for (i=0; i<4; i++)
-            if (in[i] > 255) {
+			if (in[i] > 255)
+				{
 				BIO_printf(bio_err,"invalid IP address\n");
 				goto err;
 				}
@ -515,19 +516,22 @@ static int host_ip(char *str, unsigned char ip[4])
 		ip[1]=in[1];
 		ip[2]=in[2];
 		ip[3]=in[3];
-    } else {                    /* do a gethostbyname */
+		}
+	else
+		{ /* do a gethostbyname */
 		struct hostent *he;

-        if (!ssl_sock_init())
-            return (0);
+		if (!ssl_sock_init()) return(0);

 		he=GetHostByName(str);
-        if (he == NULL) {
+		if (he == NULL)
+			{
 			BIO_printf(bio_err,"gethostbyname failure\n");
 			goto err;
 			}
 		/* cast to short because of win16 winsock definition */
-        if ((short)he->h_addrtype != AF_INET) {
+		if ((short)he->h_addrtype != AF_INET)
+			{
 			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
 			return(0);
 			}
@ -549,9 +553,11 @@ int extract_port(char *str, short *port_ptr)
 	i=atoi(str);
 	if (i != 0)
 		*port_ptr=(unsigned short)i;
-    else {
+	else
+		{
 		s=getservbyname(str,"tcp");
-        if (s == NULL) {
+		if (s == NULL)
+			{
 			BIO_printf(bio_err,"getservbyname failure for %s\n",str);
 			return(0);
 			}
@ -561,7 +567,8 @@ int extract_port(char *str, short *port_ptr)
 	}

 #define GHBN_NUM	4
-static struct ghbn_cache_st {
+static struct ghbn_cache_st
+	{
 	char name[128];
 	struct hostent ent;
 	unsigned long order;
@ -576,30 +583,35 @@ static struct hostent *GetHostByName(char *name)
 	int i,lowi=0;
 	unsigned long low= (unsigned long)-1;

-    for (i = 0; i < GHBN_NUM; i++) {
-        if (low > ghbn_cache[i].order) {
+	for (i=0; i<GHBN_NUM; i++)
+		{
+		if (low > ghbn_cache[i].order)
+			{
 			low=ghbn_cache[i].order;
 			lowi=i;
 			}
-        if (ghbn_cache[i].order > 0) {
+		if (ghbn_cache[i].order > 0)
+			{
 			if (strncmp(name,ghbn_cache[i].name,128) == 0)
 				break;
 			}
 		}
-    if (i == GHBN_NUM) {        /* no hit */
+	if (i == GHBN_NUM) /* no hit*/
+		{
 		ghbn_miss++;
 		ret=gethostbyname(name);
-        if (ret == NULL)
-            return (NULL);
+		if (ret == NULL) return(NULL);
 		/* else add to cache */
-        if (strlen(name) < sizeof ghbn_cache[0].name) {
+		if(strlen(name) < sizeof ghbn_cache[0].name)
+			{
 			strcpy(ghbn_cache[lowi].name,name);
-            memcpy((char *)&(ghbn_cache[lowi].ent), ret,
-                   sizeof(struct hostent));
+			memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
 			ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
 			}
 		return(ret);
-    } else {
+		}
+	else
+		{
 		ghbn_hits++;
 		ret= &(ghbn_cache[i].ent);
 		ghbn_cache[i].order=ghbn_miss+ghbn_hits;
--- a/apps/s_time.c
+++ b/apps/s_time.c
@ -58,7 +58,7 @@

 #define NO_SHUTDOWN

-/* ----------------------------------------
+/*-----------------------------------------
   s_time - SSL client connection timer program
   Written and donated by Larry Streepy <streepy@healthcare.com>
  -----------------------------------------*/
@ -93,10 +93,7 @@

 #define SSL_CONNECT_NAME	"localhost:4433"

-/* no default cert. */
-/*
- * #define TEST_CERT "client.pem"
- */
+/*#define TEST_CERT "client.pem" */ /* no default cert. */

 #undef BUFSIZZ
 #define BUFSIZZ 1024*10
@ -186,8 +183,7 @@ static void s_time_usage(void)

 	printf( "usage: s_time <args>\n\n" );

-    printf("-connect host:port - host:port to connect to (default is %s)\n",
-           SSL_CONNECT_NAME);
+	printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
 #ifdef FIONBIO
 	printf("-nbio         - Run with non-blocking IO\n");
 	printf("-ssl2         - Just use SSLv2\n");
@ -216,19 +212,20 @@ static int parseArgs(int argc, char **argv)
    argv++;

    while (argc >= 1) {
-        if (strcmp(*argv, "-connect") == 0) {
-            if (--argc < 1)
-                goto bad;
+	if (strcmp(*argv,"-connect") == 0)
+		{
+		if (--argc < 1) goto bad;
 		host= *(++argv);
 		}
 #if 0
-        else if (strcmp(*argv, "-host") == 0) {
-            if (--argc < 1)
-                goto bad;
+	else if( strcmp(*argv,"-host") == 0)
+		{
+		if (--argc < 1) goto bad;
 		host= *(++argv);
-        } else if (strcmp(*argv, "-port") == 0) {
-            if (--argc < 1)
-                goto bad;
+		}
+	else if( strcmp(*argv,"-port") == 0)
+		{
+		if (--argc < 1) goto bad;
 		port= *(++argv);
 		}
 #endif
@ -239,39 +236,33 @@ static int parseArgs(int argc, char **argv)
 	else if( strcmp(*argv,"-verify") == 0) {

 	    tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
-            if (--argc < 1)
-                goto bad;
+	    if (--argc < 1) goto bad;
 	    verify_depth=atoi(*(++argv));
 	    BIO_printf(bio_err,"verify depth is %d\n",verify_depth);

 	} else if( strcmp(*argv,"-cert") == 0) {

-            if (--argc < 1)
-                goto bad;
+	    if (--argc < 1) goto bad;
 	    t_cert_file= *(++argv);

 	} else if( strcmp(*argv,"-key") == 0) {

-            if (--argc < 1)
-                goto bad;
+	    if (--argc < 1) goto bad;
 	    t_key_file= *(++argv);

 	} else if( strcmp(*argv,"-CApath") == 0) {

-            if (--argc < 1)
-                goto bad;
+	    if (--argc < 1) goto bad;
 	    CApath= *(++argv);

 	} else if( strcmp(*argv,"-CAfile") == 0) {

-            if (--argc < 1)
-                goto bad;
+	    if (--argc < 1) goto bad;
 	    CAfile= *(++argv);

 	} else if( strcmp(*argv,"-cipher") == 0) {

-            if (--argc < 1)
-                goto bad;
+	    if (--argc < 1) goto bad;
 	    tm_cipher= *(++argv);
 	}
 #ifdef FIONBIO
@ -279,15 +270,17 @@ static int parseArgs(int argc, char **argv)
 	    t_nbio=1;
 	}
 #endif
-        else if (strcmp(*argv, "-www") == 0) {
-            if (--argc < 1)
-                goto bad;
+	else if(strcmp(*argv,"-www") == 0)
+		{
+		if (--argc < 1) goto bad;
 		s_www_path= *(++argv);
-            if (strlen(s_www_path) > MYBUFSIZ - 100) {
+		if(strlen(s_www_path) > MYBUFSIZ-100)
+			{
 			BIO_printf(bio_err,"-www option too long\n");
 			badop=1;
 			}
-        } else if (strcmp(*argv, "-bugs") == 0)
+		}
+	else if(strcmp(*argv,"-bugs") == 0)
 	    st_bugs=1;
 #ifndef OPENSSL_NO_SSL2
 	else if(strcmp(*argv,"-ssl2") == 0)
@ -299,14 +292,10 @@ static int parseArgs(int argc, char **argv)
 #endif
 	else if( strcmp(*argv,"-time") == 0) {

-            if (--argc < 1)
-                goto bad;
+	    if (--argc < 1) goto bad;
 	    maxTime= atoi(*(++argv));
-            if (maxTime <= 0) {
-                BIO_printf(bio_err, "time must be > 0\n");
-                badop = 1;
 	}
-        } else {
+	else {
 	    BIO_printf(bio_err,"unknown option %s\n",*argv);
 	    badop=1;
 	    break;
@ -316,8 +305,7 @@ static int parseArgs(int argc, char **argv)
 	argv++;
    }

-    if (perform == 0)
-        perform = 3;
+    if (perform == 0) perform=3;

    if(badop) {
 bad:
@ -368,13 +356,11 @@ int MAIN(int argc, char **argv)
 		goto end;

 	OpenSSL_add_ssl_algorithms();
-    if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
-        return (1);
+	if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);

 	SSL_CTX_set_quiet_shutdown(tm_ctx,1);

-    if (st_bugs)
-        SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
+	if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
 	SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
 	if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) 
 		goto end;
@ -382,10 +368,9 @@ int MAIN(int argc, char **argv)
 	SSL_load_error_strings();

 	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
-        (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
-        /*
-         * BIO_printf(bio_err,"error setting default verify locations\n");
-         */
+		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
+		{
+		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
 		ERR_print_errors(bio_err);
 		/* goto end; */
 		}
@ -397,8 +382,7 @@ int MAIN(int argc, char **argv)
 		fprintf( stderr, "No CIPHER specified\n" );
 	}

-    if (!(perform & 1))
-        goto next;
+	if (!(perform & 1)) goto next;
 	printf( "Collecting connection statistics for %d seconds\n", maxTime );

 	/* Loop and time how long it takes to make connections */
@ -406,9 +390,9 @@ int MAIN(int argc, char **argv)
 	bytes_read=0;
 	finishtime=(long)time(NULL)+maxTime;
 	tm_Time_F(START);
-    for (;;) {
-        if (finishtime < (long)time(NULL))
-            break;
+	for (;;)
+		{
+		if (finishtime < (long)time(NULL)) break;
 #ifdef WIN32_STUFF

 		if( flushWinMsgs(0) == -1 )
@ -421,13 +405,14 @@ int MAIN(int argc, char **argv)
 		if( (scon = doConnection( NULL )) == NULL )
 			goto end;

-        if (s_www_path != NULL) {
-            BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
-                         s_www_path);
+		if (s_www_path != NULL)
+			{
+			BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 			SSL_write(scon,buf,strlen(buf));
 			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
 				bytes_read+=i;
 			}
+
 #ifdef NO_SHUTDOWN
 		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 #else
@ -438,7 +423,8 @@ int MAIN(int argc, char **argv)
 		nConn += 1;
 		if (SSL_session_reused(scon))
 			ver='r';
-        else {
+		else
+			{
 			ver=SSL_version(scon);
 			if (ver == TLS1_VERSION)
 				ver='t';
@ -458,32 +444,28 @@ int MAIN(int argc, char **argv)
 	totalTime += tm_Time_F(STOP); /* Add the time for this iteration */

 	i=(int)((long)time(NULL)-finishtime+maxTime);
-    printf
-        ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
-         nConn, totalTime, ((double)nConn / totalTime), bytes_read);
-    printf
-        ("%d connections in %ld real seconds, %ld bytes read per connection\n",
-         nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn);
+	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
+	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);

-    /*
-     * Now loop and time connections using the same session id over and over
-     */
+	/* Now loop and time connections using the same session id over and over */

 next:
-    if (!(perform & 2))
-        goto end;
+	if (!(perform & 2)) goto end;
 	printf( "\n\nNow timing with session id reuse.\n" );

 	/* Get an SSL object so we can reuse the session id */
-    if ((scon = doConnection(NULL)) == NULL) {
+	if( (scon = doConnection( NULL )) == NULL )
+		{
 		fprintf( stderr, "Unable to get connection\n" );
 		goto end;
 		}

-    if (s_www_path != NULL) {
+	if (s_www_path != NULL)
+		{
 		BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 		SSL_write(scon,buf,strlen(buf));
-        while (SSL_read(scon, buf, sizeof(buf)) > 0) ;
+		while (SSL_read(scon,buf,sizeof(buf)) > 0)
+			;
 		}
 #ifdef NO_SHUTDOWN
 	SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
@ -501,9 +483,9 @@ int MAIN(int argc, char **argv)
 	bytes_read=0;
 	tm_Time_F(START);
 		
-    for (;;) {
-        if (finishtime < (long)time(NULL))
-            break;
+	for (;;)
+		{
+		if (finishtime < (long)time(NULL)) break;

 #ifdef WIN32_STUFF
 		if( flushWinMsgs(0) == -1 )
@ -516,13 +498,14 @@ int MAIN(int argc, char **argv)
 	 	if( (doConnection( scon )) == NULL )
 			goto end;

-        if (s_www_path) {
-            BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
-                         s_www_path);
+		if (s_www_path)
+			{
+			BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 			SSL_write(scon,buf,strlen(buf));
 			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
 				bytes_read+=i;
 			}
+
 #ifdef NO_SHUTDOWN
 		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 #else
@ -533,7 +516,8 @@ int MAIN(int argc, char **argv)
 		nConn += 1;
 		if (SSL_session_reused(scon))
 			ver='r';
-        else {
+		else
+			{
 			ver=SSL_version(scon);
 			if (ver == TLS1_VERSION)
 				ver='t';
@ -549,20 +533,16 @@ int MAIN(int argc, char **argv)
 		}
 	totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/

-    printf
-        ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
-         nConn, totalTime, ((double)nConn / totalTime), bytes_read);
-    printf
-        ("%d connections in %ld real seconds, %ld bytes read per connection\n",
-         nConn, (long)time(NULL) - finishtime + maxTime,
-         bytes_read / (nConn?nConn:1));
+
+	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
+	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);

 	ret=0;
 end:
-    if (scon != NULL)
-        SSL_free(scon);
+	if (scon != NULL) SSL_free(scon);

-    if (tm_ctx != NULL) {
+	if (tm_ctx != NULL)
+		{
 		SSL_CTX_free(tm_ctx);
 		tm_ctx=NULL;
 		}
@ -570,7 +550,7 @@ int MAIN(int argc, char **argv)
 	OPENSSL_EXIT(ret);
 	}

-/*-
+/***********************************************************************
 * doConnection - make a connection
 * Args:
 *		scon	= earlier ssl connection for session id, or NULL
@ -592,7 +572,8 @@ static SSL *doConnection(SSL *scon)

 	if (scon == NULL)
 		serverCon=SSL_new(tm_ctx);
-    else {
+	else
+		{
 		serverCon=scon;
 		SSL_set_connect_state(serverCon);
 		}
@ -607,25 +588,27 @@ static SSL *doConnection(SSL *scon)
 	/* ok, lets connect */
 	for(;;) {
 		i=SSL_connect(serverCon);
-        if (BIO_sock_should_retry(i)) {
+		if (BIO_sock_should_retry(i))
+			{
 			BIO_printf(bio_err,"DELAY\n");

 			i=SSL_get_fd(serverCon);
 			width=i+1;
 			FD_ZERO(&readfds);
 			openssl_fdset(i,&readfds);
-            /*
-             * Note: under VMS with SOCKETSHR the 2nd parameter is currently
-             * of type (int *) whereas under other systems it is (void *) if
-             * you don't have a cast it will choke the compiler: if you do
-             * have a cast then you can either go for (int *) or (void *).
+			/* Note: under VMS with SOCKETSHR the 2nd parameter
+			 * is currently of type (int *) whereas under other
+			 * systems it is (void *) if you don't have a cast it
+			 * will choke the compiler: if you do have a cast then
+			 * you can either go for (int *) or (void *).
 			 */
 			select(width,(void *)&readfds,NULL,NULL,NULL);
 			continue;
 			}
 		break;
 		}
-    if (i <= 0) {
+	if(i <= 0)
+		{
 		BIO_printf(bio_err,"ERROR\n");
 		if (verify_error != X509_V_OK)
 			BIO_printf(bio_err,"verify error:%s\n",
@ -639,3 +622,5 @@ static SSL *doConnection(SSL *scon)

 	return serverCon;
 	}
+
+
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@ -110,34 +110,41 @@ int MAIN(int argc, char **argv)
 	argc--;
 	argv++;
 	num=0;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-text") == 0)
+			}
+		else if (strcmp(*argv,"-text") == 0)
 			text= ++num;
 		else if (strcmp(*argv,"-cert") == 0)
 			cert= ++num;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
-        else if (strcmp(*argv, "-context") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-context") == 0)
+		    {
+		    if(--argc < 1) goto bad;
 		    context=*++argv;
-        } else {
+		    }
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -146,7 +153,8 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		for (pp=sess_id_usage; (*pp != NULL); pp++)
 			BIO_printf(bio_err,"%s",*pp);
@ -155,19 +163,20 @@ int MAIN(int argc, char **argv)

 	ERR_load_crypto_strings();
 	x=load_sess_id(infile,informat);
-    if (x == NULL) {
-        goto end;
-    }
+	if (x == NULL) { goto end; }
 	peer = SSL_SESSION_get0_peer(x);

-    if (context) {
+	if(context)
+	    {
 	    size_t ctx_len = strlen(context);
-        if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+	    if(ctx_len > SSL_MAX_SID_CTX_LENGTH)
+		{
 		BIO_printf(bio_err,"Context too long\n");
 		goto end;
 		}
 	    SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len);
 	    }
+
 #ifdef undef
 	/* just testing for memory leaks :-) */
 	{
@ -189,14 +198,17 @@ int MAIN(int argc, char **argv)
 	}
 #endif

-    if (!noout || text) {
+	if (!noout || text)
+		{
 		out=BIO_new(BIO_s_file());
-        if (out == NULL) {
+		if (out == NULL)
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}

-        if (outfile == NULL) {
+		if (outfile == NULL)
+			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
@ -204,18 +216,23 @@ int MAIN(int argc, char **argv)
 			out = BIO_push(tmpbio, out);
 			}
 #endif
-        } else {
-            if (BIO_write_filename(out, outfile) <= 0) {
+			}
+		else
+			{
+			if (BIO_write_filename(out,outfile) <= 0)
+				{
 				perror(outfile);
 				goto end;
 				}
 			}
 		}

-    if (text) {
+	if (text)
+		{
 		SSL_SESSION_print(out,x);

-        if (cert) {
+		if (cert)
+			{
 			if (peer == NULL)
 				BIO_puts(out,"No certificate present\n");
 			else
@ -223,7 +240,8 @@ int MAIN(int argc, char **argv)
 			}
 		}

-    if (!noout && !cert) {
+	if (!noout && !cert)
+		{
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_SSL_SESSION_bio(out,x);
 		else if (outformat == FORMAT_PEM)
@ -236,7 +254,9 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"unable to write SSL_SESSION\n");
 			goto end;
 			}
-    } else if (!noout && (peer != NULL)) { /* just print the certificate */
+		}
+	else if (!noout && (peer != NULL)) /* just print the certificate */
+		{
 		if 	(outformat == FORMAT_ASN1)
 			i=(int)i2d_X509_bio(out,peer);
 		else if (outformat == FORMAT_PEM)
@ -252,10 +272,8 @@ int MAIN(int argc, char **argv)
 		}
 	ret=0;
 end:
-    if (out != NULL)
-        BIO_free_all(out);
-    if (x != NULL)
-        SSL_SESSION_free(x);
+	if (out != NULL) BIO_free_all(out);
+	if (x != NULL) SSL_SESSION_free(x);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
@ -266,15 +284,18 @@ static SSL_SESSION *load_sess_id(char *infile, int format)
 	BIO *in=NULL;

 	in=BIO_new(BIO_s_file());
-    if (in == NULL) {
+	if (in == NULL)
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
 			perror(infile);
 			goto end;
 			}
@ -287,14 +308,15 @@ static SSL_SESSION *load_sess_id(char *infile, int format)
 		BIO_printf(bio_err,"bad input format specified for input crl\n");
 		goto end;
 		}
-    if (x == NULL) {
+	if (x == NULL)
+		{
 		BIO_printf(bio_err,"unable to load SSL_SESSION\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	
 end:
-    if (in != NULL)
-        BIO_free(in);
+	if (in != NULL) BIO_free(in);
 	return(x);
 	}
+
--- a/apps/smime.c
+++ b/apps/smime.c
@ -1,6 +1,5 @@
 /* smime.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
 /* ====================================================================
@ -125,7 +124,8 @@ int MAIN(int argc, char **argv)

 	apps_startup();

-    if (bio_err == NULL) {
+	if (bio_err == NULL)
+		{
 		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
 		}
@ -133,7 +133,8 @@ int MAIN(int argc, char **argv)
 	if (!load_config(bio_err, NULL))
 		goto end;

-    while (!badarg && *args && *args[0] == '-') {
+	while (!badarg && *args && *args[0] == '-')
+		{
 		if (!strcmp (*args, "-encrypt"))
 			operation = SMIME_ENCRYPT;
 		else if (!strcmp (*args, "-decrypt"))
@ -210,7 +211,8 @@ int MAIN(int argc, char **argv)
 				flags |= PKCS7_NOOLDMIMETYPE;
 		else if (!strcmp (*args, "-crlfeol"))
 				flags |= PKCS7_CRLFEOL;
-        else if (!strcmp(*args, "-rand")) {
+		else if (!strcmp(*args,"-rand"))
+			{
 			if (!args[1])
 				goto argerr;
 			args++;
@ -218,34 +220,45 @@ int MAIN(int argc, char **argv)
 			need_rand = 1;
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (!strcmp(*args, "-engine")) {
+		else if (!strcmp(*args,"-engine"))
+			{
 			if (!args[1])
 				goto argerr;
 			engine = *++args;
 			}
 #endif
-        else if (!strcmp(*args, "-passin")) {
+		else if (!strcmp(*args,"-passin"))
+			{
 			if (!args[1])
 				goto argerr;
 			passargin = *++args;
-        } else if (!strcmp(*args, "-to")) {
+			}
+		else if (!strcmp (*args, "-to"))
+			{
 			if (!args[1])
 				goto argerr;
 			to = *++args;
-        } else if (!strcmp(*args, "-from")) {
+			}
+		else if (!strcmp (*args, "-from"))
+			{
 			if (!args[1])
 				goto argerr;
 			from = *++args;
-        } else if (!strcmp(*args, "-subject")) {
+			}
+		else if (!strcmp (*args, "-subject"))
+			{
 			if (!args[1])
 				goto argerr;
 			subject = *++args;
-        } else if (!strcmp(*args, "-signer")) {
+			}
+		else if (!strcmp (*args, "-signer"))
+			{
 			if (!args[1])
 				goto argerr;
 			/* If previous -signer argument add signer to list */

-            if (signerfile) {
+			if (signerfile)
+				{
 				if (!sksigners)
 					sksigners = sk_OPENSSL_STRING_new_null();
 				sk_OPENSSL_STRING_push(sksigners, signerfile);
@ -257,24 +270,34 @@ int MAIN(int argc, char **argv)
 				keyfile = NULL;
 				}
 			signerfile = *++args;
-        } else if (!strcmp(*args, "-recip")) {
+			}
+		else if (!strcmp (*args, "-recip"))
+			{
 			if (!args[1])
 				goto argerr;
 			recipfile = *++args;
-        } else if (!strcmp(*args, "-md")) {
+			}
+		else if (!strcmp (*args, "-md"))
+			{
 			if (!args[1])
 				goto argerr;
 			sign_md = EVP_get_digestbyname(*++args);
-            if (sign_md == NULL) {
-                BIO_printf(bio_err, "Unknown digest %s\n", *args);
+			if (sign_md == NULL)
+				{
+				BIO_printf(bio_err, "Unknown digest %s\n",
+							*args);
 				goto argerr;
 				}
-        } else if (!strcmp(*args, "-inkey")) {
+			}
+		else if (!strcmp (*args, "-inkey"))
+			{
 			if (!args[1])	
 				goto argerr;
 			/* If previous -inkey arument add signer to list */
-            if (keyfile) {
-                if (!signerfile) {
+			if (keyfile)
+				{
+				if (!signerfile)
+					{
 					BIO_puts(bio_err, "Illegal -inkey without -signer\n");
 					goto argerr;
 					}
@ -287,61 +310,84 @@ int MAIN(int argc, char **argv)
 				sk_OPENSSL_STRING_push(skkeys, keyfile);
 				}
 			keyfile = *++args;
-        } else if (!strcmp(*args, "-keyform")) {
+			}
+		else if (!strcmp (*args, "-keyform"))
+			{
 			if (!args[1])
 				goto argerr;
 			keyform = str2fmt(*++args);
-        } else if (!strcmp(*args, "-certfile")) {
+			}
+		else if (!strcmp (*args, "-certfile"))
+			{
 			if (!args[1])
 				goto argerr;
 			certfile = *++args;
-        } else if (!strcmp(*args, "-CAfile")) {
+			}
+		else if (!strcmp (*args, "-CAfile"))
+			{
 			if (!args[1])
 				goto argerr;
 			CAfile = *++args;
-        } else if (!strcmp(*args, "-CApath")) {
+			}
+		else if (!strcmp (*args, "-CApath"))
+			{
 			if (!args[1])
 				goto argerr;
 			CApath = *++args;
-        } else if (!strcmp(*args, "-in")) {
+			}
+		else if (!strcmp (*args, "-in"))
+			{
 			if (!args[1])
 				goto argerr;
 			infile = *++args;
-        } else if (!strcmp(*args, "-inform")) {
+			}
+		else if (!strcmp (*args, "-inform"))
+			{
 			if (!args[1])
 				goto argerr;
 			informat = str2fmt(*++args);
-        } else if (!strcmp(*args, "-outform")) {
+			}
+		else if (!strcmp (*args, "-outform"))
+			{
 			if (!args[1])
 				goto argerr;
 			outformat = str2fmt(*++args);
-        } else if (!strcmp(*args, "-out")) {
+			}
+		else if (!strcmp (*args, "-out"))
+			{
 			if (!args[1])
 				goto argerr;
 			outfile = *++args;
-        } else if (!strcmp(*args, "-content")) {
+			}
+		else if (!strcmp (*args, "-content"))
+			{
 			if (!args[1])
 				goto argerr;
 			contfile = *++args;
-        } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
+			}
+		else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
 			continue;
 		else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
 			badarg = 1;
 		args++;
 		}

-    if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
+	if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
+		{
 		BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
 		goto argerr;
 		}

-    if (operation & SMIME_SIGNERS) {
+	if (operation & SMIME_SIGNERS)
+		{
 		/* Check to see if any final signer needs to be appended */
-        if (keyfile && !signerfile) {
+		if (keyfile && !signerfile)
+			{
 			BIO_puts(bio_err, "Illegal -inkey without -signer\n");
 			goto argerr;
 			}
-        if (signerfile) {
+		if (signerfile)
+			{
 			if (!sksigners)
 				sksigners = sk_OPENSSL_STRING_new_null();
 			sk_OPENSSL_STRING_push(sksigners, signerfile);
@ -351,29 +397,37 @@ int MAIN(int argc, char **argv)
 				keyfile = signerfile;
 			sk_OPENSSL_STRING_push(skkeys, keyfile);
 			}
-        if (!sksigners) {
+		if (!sksigners)
+			{
 			BIO_printf(bio_err, "No signer certificate specified\n");
 			badarg = 1;
 			}
 		signerfile = NULL;
 		keyfile = NULL;
 		need_rand = 1;
-    } else if (operation == SMIME_DECRYPT) {
-        if (!recipfile && !keyfile) {
-            BIO_printf(bio_err,
-                       "No recipient certificate or key specified\n");
+		}
+	else if (operation == SMIME_DECRYPT)
+		{
+		if (!recipfile && !keyfile)
+			{
+			BIO_printf(bio_err, "No recipient certificate or key specified\n");
 			badarg = 1;
 			}
-    } else if (operation == SMIME_ENCRYPT) {
-        if (!*args) {
+		}
+	else if (operation == SMIME_ENCRYPT)
+		{
+		if (!*args)
+			{
 			BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
 			badarg = 1;
 			}
 		need_rand = 1;
-    } else if (!operation)
+		}
+	else if (!operation)
 		badarg = 1;

-    if (badarg) {
+	if (badarg)
+		{
 		argerr:
 		BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
 		BIO_printf (bio_err, "where options are\n");
@ -396,81 +450,60 @@ int MAIN(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
-        BIO_printf(bio_err,
-                   "               encrypt PEM output with cbc aes\n");
+		BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
-        BIO_printf(bio_err,
-                   "               encrypt PEM output with cbc camellia\n");
+		BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");
 #endif
-        BIO_printf(bio_err,
-                   "-nointern      don't search certificates in message for signer\n");
-        BIO_printf(bio_err,
-                   "-nosigs        don't verify message signature\n");
-        BIO_printf(bio_err,
-                   "-noverify      don't verify signers certificate\n");
-        BIO_printf(bio_err,
-                   "-nocerts       don't include signers certificate when signing\n");
+		BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
+		BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
+		BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");
+		BIO_printf (bio_err, "-nocerts       don't include signers certificate when signing\n");
 		BIO_printf (bio_err, "-nodetach      use opaque signing\n");
-        BIO_printf(bio_err,
-                   "-noattr        don't include any signed attributes\n");
-        BIO_printf(bio_err,
-                   "-binary        don't translate message to text\n");
+		BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
+		BIO_printf (bio_err, "-binary        don't translate message to text\n");
 		BIO_printf (bio_err, "-certfile file other certificates file\n");
 		BIO_printf (bio_err, "-signer file   signer certificate file\n");
-        BIO_printf(bio_err,
-                   "-recip  file   recipient certificate file for decryption\n");
+		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
 		BIO_printf (bio_err, "-in file       input file\n");
-        BIO_printf(bio_err,
-                   "-inform arg    input format SMIME (default), PEM or DER\n");
-        BIO_printf(bio_err,
-                   "-inkey file    input private key (if not signer or recipient)\n");
-        BIO_printf(bio_err,
-                   "-keyform arg   input private key format (PEM or ENGINE)\n");
+		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
+		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
+		BIO_printf (bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");
 		BIO_printf (bio_err, "-out file      output file\n");
-        BIO_printf(bio_err,
-                   "-outform arg   output format SMIME (default), PEM or DER\n");
-        BIO_printf(bio_err,
-                   "-content file  supply or override content for detached signature\n");
+		BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
+		BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
 		BIO_printf (bio_err, "-to addr       to address\n");
 		BIO_printf (bio_err, "-from ad       from address\n");
 		BIO_printf (bio_err, "-subject s     subject\n");
-        BIO_printf(bio_err,
-                   "-text          include or delete text MIME headers\n");
-        BIO_printf(bio_err,
-                   "-CApath dir    trusted certificates directory\n");
+		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
+		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
-        BIO_printf(bio_err,
-                   "-no_alt_chains only ever use the first certificate chain found\n");
-        BIO_printf(bio_err,
-                   "-crl_check     check revocation status of signer's certificate using CRLs\n");
-        BIO_printf(bio_err,
-                   "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
+		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   "-engine e      use engine e, possibly a hardware device.\n");
+		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
 #endif
 		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
-        BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-                   LIST_SEPARATOR_CHAR);
-        BIO_printf(bio_err,
-                   "               load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,  "               the random number generator\n");
-        BIO_printf(bio_err,
-                   "cert.pem       recipient certificate(s) for encryption\n");
+		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
 		goto end;
 		}
+
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif

-    if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+		{
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 		}

-    if (need_rand) {
+	if (need_rand)
+		{
 		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 		if (inrand != NULL)
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
@ -482,24 +515,32 @@ int MAIN(int argc, char **argv)
 	if (!(operation & SMIME_SIGNERS))
 		flags &= ~PKCS7_DETACHED;

-    if (operation & SMIME_OP) {
+	if (operation & SMIME_OP)
+		{
 		if (outformat == FORMAT_ASN1)
 			outmode = "wb";
-    } else {
+		}
+	else
+		{
 		if (flags & PKCS7_BINARY)
 			outmode = "wb";
 		}

-    if (operation & SMIME_IP) {
+	if (operation & SMIME_IP)
+		{
 		if (informat == FORMAT_ASN1)
 			inmode = "rb";
-    } else {
+		}
+	else
+		{
 		if (flags & PKCS7_BINARY)
 			inmode = "rb";
 		}

-    if (operation == SMIME_ENCRYPT) {
-        if (!cipher) {
+	if (operation == SMIME_ENCRYPT)
+		{
+		if (!cipher)
+			{
 #ifndef OPENSSL_NO_DES			
 			cipher = EVP_des_ede3_cbc();
 #else
@ -508,13 +549,13 @@ int MAIN(int argc, char **argv)
 #endif
 			}
 		encerts = sk_X509_new_null();
-        while (*args) {
+		while (*args)
+			{
 			if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
-                                   NULL, e, "recipient certificate file"))) {
+				NULL, e, "recipient certificate file")))
+				{
 #if 0				/* An appropriate message is already printed */
-                BIO_printf(bio_err,
-                           "Can't read recipient certificate file %s\n",
-                           *args);
+				BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
 #endif
 				goto end;
 				}
@ -524,77 +565,99 @@ int MAIN(int argc, char **argv)
 			}
 		}

-    if (certfile) {
+	if (certfile)
+		{
 		if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
-                                 e, "certificate file"))) {
+			e, "certificate file")))
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}

-    if (recipfile && (operation == SMIME_DECRYPT)) {
+	if (recipfile && (operation == SMIME_DECRYPT))
+		{
 		if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
-                                e, "recipient certificate file"))) {
+			e, "recipient certificate file")))
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}

-    if (operation == SMIME_DECRYPT) {
+	if (operation == SMIME_DECRYPT)
+		{
 		if (!keyfile)
 			keyfile = recipfile;
-    } else if (operation == SMIME_SIGN) {
+		}
+	else if (operation == SMIME_SIGN)
+		{
 		if (!keyfile)
 			keyfile = signerfile;
-    } else
-        keyfile = NULL;
+		}
+	else keyfile = NULL;

-    if (keyfile) {
+	if (keyfile)
+		{
 		key = load_key(bio_err, keyfile, keyform, 0, passin, e,
 			       "signing key file");
 		if (!key)
 			goto end;
 		}

-    if (infile) {
-        if (!(in = BIO_new_file(infile, inmode))) {
-            BIO_printf(bio_err, "Can't open input file %s\n", infile);
+	if (infile)
+		{
+		if (!(in = BIO_new_file(infile, inmode)))
+			{
+			BIO_printf (bio_err,
+				 "Can't open input file %s\n", infile);
 			goto end;
 			}
-    } else
+		}
+	else
 		in = BIO_new_fp(stdin, BIO_NOCLOSE);

-    if (operation & SMIME_IP) {
+	if (operation & SMIME_IP)
+		{
 		if (informat == FORMAT_SMIME) 
 			p7 = SMIME_read_PKCS7(in, &indata);
 		else if (informat == FORMAT_PEM) 
 			p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
 		else if (informat == FORMAT_ASN1) 
 			p7 = d2i_PKCS7_bio(in, NULL);
-        else {
+		else
+			{
 			BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
 			goto end;
 			}

-        if (!p7) {
+		if (!p7)
+			{
 			BIO_printf(bio_err, "Error reading S/MIME message\n");
 			goto end;
 			}
-        if (contfile) {
+		if (contfile)
+			{
 			BIO_free(indata);
-            if (!(indata = BIO_new_file(contfile, "rb"))) {
+			if (!(indata = BIO_new_file(contfile, "rb")))
+				{
 				BIO_printf(bio_err, "Can't read content file %s\n", contfile);
 				goto end;
 				}
 			}
 		}

-    if (outfile) {
-        if (!(out = BIO_new_file(outfile, outmode))) {
-            BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+	if (outfile)
+		{
+		if (!(out = BIO_new_file(outfile, outmode)))
+			{
+			BIO_printf (bio_err,
+				 "Can't open output file %s\n", outfile);
 			goto end;
 			}
-    } else {
+		}
+	else
+		{
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -604,7 +667,8 @@ int MAIN(int argc, char **argv)
 #endif
 		}

-    if (operation == SMIME_VERIFY) {
+	if (operation == SMIME_VERIFY)
+		{
 		if (!(store = setup_verify(bio_err, CAfile, CApath)))
 			goto end;
 		X509_STORE_set_verify_cb(store, smime_cb);
@ -612,31 +676,39 @@ int MAIN(int argc, char **argv)
 			X509_STORE_set1_param(store, vpm);
 		}

+
 	ret = 3;

-    if (operation == SMIME_ENCRYPT) {
+	if (operation == SMIME_ENCRYPT)
+		{
 		if (indef)
 			flags |= PKCS7_STREAM;
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
-    } else if (operation & SMIME_SIGNERS) {
+		}
+	else if (operation & SMIME_SIGNERS)
+		{
 		int i;
-        /*
-         * If detached data content we only enable streaming if S/MIME output
-         * format.
+		/* If detached data content we only enable streaming if
+		 * S/MIME output format.
 		 */
-        if (operation == SMIME_SIGN) {
-            if (flags & PKCS7_DETACHED) {
+		if (operation == SMIME_SIGN)
+			{
+			if (flags & PKCS7_DETACHED)
+				{
 				if (outformat == FORMAT_SMIME)
 					flags |= PKCS7_STREAM;
-            } else if (indef)
+				}
+			else if (indef)
 				flags |= PKCS7_STREAM;
 			flags |= PKCS7_PARTIAL;
 			p7 = PKCS7_sign(NULL, NULL, other, in, flags);
 			if (!p7)
 				goto end;
-        } else
+			}
+		else
 			flags |= PKCS7_REUSE_DIGEST;
-        for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
+		for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
+			{
 			signerfile = sk_OPENSSL_STRING_value(sksigners, i);
 			keyfile = sk_OPENSSL_STRING_value(skkeys, i);
 			signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
@ -647,7 +719,8 @@ int MAIN(int argc, char **argv)
 			       "signing key file");
 			if (!key)
 				goto end;
-            if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags))
+			if (!PKCS7_sign_add_signer(p7, signer, key,
+						sign_md, flags))
 				goto end;
 			X509_free(signer);
 			signer = NULL;
@ -655,57 +728,71 @@ int MAIN(int argc, char **argv)
 			key = NULL;
 			}
 		/* If not streaming or resigning finalize structure */
-        if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) {
+		if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM))
+			{
 			if (!PKCS7_final(p7, in, flags))
 				goto end;
 			}
 		}

-    if (!p7) {
+	if (!p7)
+		{
 		BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
 		goto end;
 		}

 	ret = 4;
-    if (operation == SMIME_DECRYPT) {
-        if (!PKCS7_decrypt(p7, key, recip, out, flags)) {
+	if (operation == SMIME_DECRYPT)
+		{
+		if (!PKCS7_decrypt(p7, key, recip, out, flags))
+			{
 			BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
 			goto end;
 			}
-    } else if (operation == SMIME_VERIFY) {
+		}
+	else if (operation == SMIME_VERIFY)
+		{
 		STACK_OF(X509) *signers;
 		if (PKCS7_verify(p7, other, store, indata, out, flags))
 			BIO_printf(bio_err, "Verification successful\n");
-        else {
+		else
+			{
 			BIO_printf(bio_err, "Verification failure\n");
 			goto end;
 			}
 		signers = PKCS7_get0_signers(p7, other, flags);
-        if (!save_certs(signerfile, signers)) {
-            BIO_printf(bio_err, "Error writing signers to %s\n", signerfile);
+		if (!save_certs(signerfile, signers))
+			{
+			BIO_printf(bio_err, "Error writing signers to %s\n",
+								signerfile);
 			ret = 5;
 			goto end;
 			}
 		sk_X509_free(signers);
-    } else if (operation == SMIME_PK7OUT)
+		}
+	else if (operation == SMIME_PK7OUT)
 		PEM_write_bio_PKCS7(out, p7);
-    else {
+	else
+		{
 		if (to)
 			BIO_printf(out, "To: %s\n", to);
 		if (from)
 			BIO_printf(out, "From: %s\n", from);
 		if (subject)
 			BIO_printf(out, "Subject: %s\n", subject);
-        if (outformat == FORMAT_SMIME) {
+		if (outformat == FORMAT_SMIME) 
+			{
 			if (operation == SMIME_RESIGN)
 				SMIME_write_PKCS7(out, p7, indata, flags);
 			else
 				SMIME_write_PKCS7(out, p7, in, flags);
-        } else if (outformat == FORMAT_PEM)
+			}
+		else if (outformat == FORMAT_PEM) 
 			PEM_write_bio_PKCS7_stream(out, p7, in, flags);
 		else if (outformat == FORMAT_ASN1) 
 			i2d_PKCS7_bio_stream(out,p7, in, flags);
-        else {
+		else
+			{
 			BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
 			goto end;
 			}
@ -714,8 +801,7 @@ int MAIN(int argc, char **argv)
 end:
 	if (need_rand)
 		app_RAND_write_file(NULL, bio_err);
-    if (ret)
-        ERR_print_errors(bio_err);
+	if (ret) ERR_print_errors(bio_err);
 	sk_X509_pop_free(encerts, X509_free);
 	sk_X509_pop_free(other, X509_free);
 	if (vpm)
@ -733,8 +819,7 @@ int MAIN(int argc, char **argv)
 	BIO_free(in);
 	BIO_free(indata);
 	BIO_free_all(out);
-    if (passin)
-        OPENSSL_free(passin);
+	if (passin) OPENSSL_free(passin);
 	return (ret);
 }

@ -745,14 +830,14 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers)
 	if (!signerfile)
 		return 1;
 	tmp = BIO_new_file(signerfile, "w");
-    if (!tmp)
-        return 0;
+	if (!tmp) return 0;
 	for(i = 0; i < sk_X509_num(signers); i++)
 		PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
 	BIO_free(tmp);
 	return 1;
 	}
 	
+
 /* Minimal callback just to output policy info (if any) */

 static int smime_cb(int ok, X509_STORE_CTX *ctx)
--- a/apps/speed.c
+++ b/apps/speed.c
--- a/apps/spkac.c
+++ b/apps/spkac.c
@ -1,8 +1,8 @@
 /* apps/spkac.c */

-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org).
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999. Based on an original idea by Massimiliano Pala
+ * (madwolf@openca.org).
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@ -73,8 +73,7 @@
 #undef PROG
 #define PROG	spkac_main

-/*-
- * -in arg      - input file - default stdin
+/* -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
 */

@ -100,8 +99,7 @@ int MAIN(int argc, char **argv)

 	apps_startup();

-    if (!bio_err)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+	if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);

 	if (!load_config(bio_err, NULL))
 		goto end;
@ -109,40 +107,47 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-passin") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargin= *(++argv);
-        } else if (strcmp(*argv, "-key") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-key") == 0)
+			{
+			if (--argc < 1) goto bad;
 			keyfile= *(++argv);
-        } else if (strcmp(*argv, "-challenge") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-challenge") == 0)
+			{
+			if (--argc < 1) goto bad;
 			challenge= *(++argv);
-        } else if (strcmp(*argv, "-spkac") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-spkac") == 0)
+			{
+			if (--argc < 1) goto bad;
 			spkac= *(++argv);
-        } else if (strcmp(*argv, "-spksect") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-spksect") == 0)
+			{
+			if (--argc < 1) goto bad;
 			spksect= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
@ -152,30 +157,27 @@ int MAIN(int argc, char **argv)
 			pubkey=1;
 		else if (strcmp(*argv,"-verify") == 0)
 			verify=1;
-        else
-            badops = 1;
+		else badops = 1;
 		argc--;
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options]\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
-        BIO_printf(bio_err,
-                   " -key arg       create SPKAC using private key\n");
-        BIO_printf(bio_err,
-                   " -passin arg    input file pass phrase source\n");
+		BIO_printf(bio_err," -key arg       create SPKAC using private key\n");
+		BIO_printf(bio_err," -passin arg    input file pass phrase source\n");
 		BIO_printf(bio_err," -challenge arg challenge string\n");
 		BIO_printf(bio_err," -spkac arg     alternative SPKAC name\n");
 		BIO_printf(bio_err," -noout         don't print SPKAC\n");
 		BIO_printf(bio_err," -pubkey        output public key\n");
 		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e      use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 #endif
 		goto end;
 		}
@ -185,6 +187,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 	}
+
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif
@ -197,15 +200,13 @@ int MAIN(int argc, char **argv)
 			goto end;
 		}
 		spki = NETSCAPE_SPKI_new();
-        if (challenge)
-            ASN1_STRING_set(spki->spkac->challenge,
+		if(challenge) ASN1_STRING_set(spki->spkac->challenge,
 						 challenge, (int)strlen(challenge));
 		NETSCAPE_SPKI_set_pubkey(spki, pkey);
 		NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
 		spkstr = NETSCAPE_SPKI_b64_encode(spki);

-        if (outfile)
-            out = BIO_new_file(outfile, "w");
+		if (outfile) out = BIO_new_file(outfile, "w");
 		else {
 			out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
@ -227,10 +228,10 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

-    if (infile)
-        in = BIO_new_file(infile, "r");
-    else
-        in = BIO_new_fp(stdin, BIO_NOCLOSE);
+	
+
+	if (infile) in = BIO_new_file(infile, "r");
+	else in = BIO_new_fp(stdin, BIO_NOCLOSE);

 	if(!in) {
 		BIO_printf(bio_err, "Error opening input file\n");
@ -263,8 +264,7 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

-    if (outfile)
-        out = BIO_new_file(outfile, "w");
+	if (outfile) out = BIO_new_file(outfile, "w");
 	else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
@ -281,21 +281,18 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

-    if (!noout)
-        NETSCAPE_SPKI_print(out, spki);
+	if(!noout) NETSCAPE_SPKI_print(out, spki);
 	pkey = NETSCAPE_SPKI_get_pubkey(spki);
 	if(verify) {
 		i = NETSCAPE_SPKI_verify(spki, pkey);
-        if (i > 0)
-            BIO_printf(bio_err, "Signature OK\n");
+		if (i > 0) BIO_printf(bio_err, "Signature OK\n");
 		else {
 			BIO_printf(bio_err, "Signature Failure\n");
 			ERR_print_errors(bio_err);
 			goto end;
 		}
 	}
-    if (pubkey)
-        PEM_write_bio_PUBKEY(out, pkey);
+	if(pubkey) PEM_write_bio_PUBKEY(out, pkey);

 	ret = 0;

@ -305,8 +302,7 @@ int MAIN(int argc, char **argv)
 	BIO_free(in);
 	BIO_free_all(out);
 	EVP_PKEY_free(pkey);
-    if (passin)
-        OPENSSL_free(passin);
+	if(passin) OPENSSL_free(passin);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
--- a/apps/srp.c
+++ b/apps/srp.c
@ -1,7 +1,6 @@
 /* apps/srp.c */
-/*
- * Written by Peter Sylvester (peter.sylvester@edelweb.fr) for the EdelKey
- * project and contributed to the OpenSSL project 2004.
+/* Written by Peter Sylvester (peter.sylvester@edelweb.fr)  
+ * for the EdelKey project and contributed to the OpenSSL project 2004.
 */
 /* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@ -115,26 +114,26 @@ static char *section = NULL;
 #define VERBOSE if (verbose) 
 #define VVERBOSE if (verbose>1) 

+
 int MAIN(int, char **);

 static int get_index(CA_DB *db, char* id, char type)
 	{
 	char ** pp;
 	int i;
-    if (id == NULL)
-        return -1;
+	if (id == NULL) return -1;
 	if (type == DB_SRP_INDEX) 
-        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+	for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
+		{
 		pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
-            if (pp[DB_srptype][0] == DB_SRP_INDEX
-                && !strcmp(id, pp[DB_srpid]))
+		if (pp[DB_srptype][0] == DB_SRP_INDEX  && !strcmp(id,pp[DB_srpid])) 
 			return i;
-    } else
-        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+		}
+	else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
+		{
 		pp = sk_OPENSSL_PSTRING_value(db->db->data,i);

-            if (pp[DB_srptype][0] != DB_SRP_INDEX
-                && !strcmp(id, pp[DB_srpid]))
+		if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) 
 			return i;
 		}

@ -143,11 +142,13 @@ static int get_index(CA_DB *db, char *id, char type)

 static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)
 	{
-    if (indx >= 0 && verbose) {
+	if (indx >= 0 && verbose)
+		{
 		int j;
 		char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
 		BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
-        for (j = 0; j < DB_NUMBER; j++) {
+		for (j = 0; j < DB_NUMBER; j++)
+			{
 			BIO_printf(bio_err,"  %d = \"%s\"\n", j, pp[j]);
 			}
 		}
@ -160,13 +161,14 @@ static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose)

 static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)
 	{
-    if (verbose > 0) {
+	if (verbose > 0)
+		{
 		char **pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);

-        if (pp[DB_srptype][0] != 'I') {
+		if (pp[DB_srptype][0] != 'I')
+			{
 			print_entry(db, bio, userindex, verbose, "User entry");
-            print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose,
-                        "g N entry");
+			print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose, "g N entry");
 			}

 		}
@ -177,19 +179,21 @@ static int update_index(CA_DB *db, BIO *bio, char **row)
 	char ** irow;
 	int i;

-    if ((irow =
-         (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
+	if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
+		{
 		BIO_printf(bio_err,"Memory allocation failure\n");
 		return 0;
 		}

-    for (i = 0; i < DB_NUMBER; i++) {
+	for (i=0; i<DB_NUMBER; i++)
+		{
 		irow[i]=row[i];
 		row[i]=NULL;
 		}
 	irow[DB_NUMBER]=NULL;

-    if (!TXT_DB_insert(db->db, irow)) {
+	if (!TXT_DB_insert(db->db,irow))
+		{
 		BIO_printf(bio,"failed to update srpvfile\n");
 		BIO_printf(bio,"TXT_DB error number %ld\n",db->db->error);
 		OPENSSL_free(irow);
@ -203,6 +207,7 @@ static void lookup_fail(const char *name, char *tag)
 	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
 	}

+
 static char *srp_verify_user(const char *user, const char *srp_verifier,
 			     char *srp_usersalt, const char *g, const char *N,
 			     const char *passin, BIO *bio, int verbose)
@ -215,18 +220,17 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
 	cb_tmp.prompt_info = user;
 	cb_tmp.password = passin;

-    if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
-        VERBOSE BIO_printf(bio,
-                           "Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
-                           user, srp_verifier, srp_usersalt, g, N);
+ 	if (password_callback(password, 1024, 0, &cb_tmp) >0)
+		{
+		VERBOSE BIO_printf(bio,"Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,srp_verifier,srp_usersalt, g, N);
 		BIO_printf(bio, "Pass %s\n", password);

-        if (!
-            (gNid =
-             SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
-                                 g))) {
+		if (!(gNid=SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, g)))
+			{
 			BIO_printf(bio, "Internal error validating SRP verifier\n");
-        } else {
+			}
+		else
+			{
 			if (strcmp(verifier, srp_verifier))
 				gNid = NULL;
 			OPENSSL_free(verifier);
@ -246,19 +250,16 @@ static char *srp_create_user(char *user, char **srp_verifier,
        cb_tmp.prompt_info = user;
        cb_tmp.password = passout;

-    if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
-        VERBOSE BIO_printf(bio,
-                           "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
-                           user, g, N);
-        if (!
-            (gNid =
-             SRP_create_verifier(user, password, &salt, srp_verifier, N,
-                                 g))) {
+	if (password_callback(password,1024,1,&cb_tmp) >0)
+		{
+		VERBOSE BIO_printf(bio,"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,g,N);
+		if (!(gNid =SRP_create_verifier(user, password, &salt, srp_verifier, N, g)))
+			{
 			BIO_printf(bio,"Internal error creating SRP verifier\n");
-        } else
+			}
+		else 
 			*srp_usersalt = salt;
-        VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
-                            gNid, salt, *srp_verifier);
+		VVERBOSE BIO_printf(bio,"gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,salt, *srp_verifier);

 		}
 	return gNid;
@ -316,22 +317,26 @@ int MAIN(int argc, char **argv)

 	argc--;
 	argv++;
-    while (argc >= 1 && badops == 0) {
+	while (argc >= 1 && badops == 0)
+		{
 		if	(strcmp(*argv,"-verbose") == 0)
 			verbose++;
-        else if (strcmp(*argv, "-config") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if	(strcmp(*argv,"-config") == 0)
+			{
+			if (--argc < 1) goto bad;
 			configfile= *(++argv);
-        } else if (strcmp(*argv, "-name") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-name") == 0)
+			{
+			if (--argc < 1) goto bad;
 			section= *(++argv);
-        } else if (strcmp(*argv, "-srpvfile") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if	(strcmp(*argv,"-srpvfile") == 0)
+			{
+			if (--argc < 1) goto bad;
 			dbfile= *(++argv);
-        } else if (strcmp(*argv, "-add") == 0)
+			}
+		else if (strcmp(*argv,"-add") == 0)
 			add_user=1;
 		else if (strcmp(*argv,"-delete") == 0)
 			delete_user=1;
@ -339,72 +344,76 @@ int MAIN(int argc, char **argv)
 			modify_user=1;
 		else if (strcmp(*argv,"-list") == 0)
 			list_user=1;
-        else if (strcmp(*argv, "-gn") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-gn") == 0)
+			{
+			if (--argc < 1) goto bad;
 			gN= *(++argv);
-        } else if (strcmp(*argv, "-userinfo") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-userinfo") == 0)
+			{
+			if (--argc < 1) goto bad;
 			userinfo= *(++argv);
-        } else if (strcmp(*argv, "-passin") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargin= *(++argv);
-        } else if (strcmp(*argv, "-passout") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif

-        else if (**argv == '-') {
+		else if (**argv == '-')
+			{
 bad:
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
-        } else
+			}
+		else 
 			break;
 	
 		argc--;
 		argv++;
 		}

-    if (dbfile && configfile) {
-        BIO_printf(bio_err,
-                   "-dbfile and -configfile cannot be specified together.\n");
+	if (dbfile && configfile)
+		{
+		BIO_printf(bio_err,"-dbfile and -configfile cannot be specified together.\n");
 		badops = 1;
 		}
-    if (add_user + delete_user + modify_user + list_user != 1) {
-        BIO_printf(bio_err,
-                   "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
+	if (add_user+delete_user+modify_user+list_user != 1)
+		{
+		BIO_printf(bio_err,"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
 		badops = 1;
 		}
-    if (delete_user + modify_user + delete_user == 1 && argc <= 0) {
-        BIO_printf(bio_err,
-                   "Need at least one user for options -add, -delete, -modify. \n");
+	if (delete_user+modify_user+delete_user== 1 && argc <= 0)
+		{
+		BIO_printf(bio_err,"Need at least one user for options -add, -delete, -modify. \n");
 		badops = 1;
 		}
-    if ((passin || passout) && argc != 1) {
-        BIO_printf(bio_err,
-                   "-passin, -passout arguments only valid with one user.\n");
+	if ((passin || passout) && argc != 1 )
+		{
+		BIO_printf(bio_err,"-passin, -passout arguments only valid with one user.\n");
 		badops = 1;
 		}

-    if (badops) {
+	if (badops)
+		{
 		for (pp=srp_usage; (*pp != NULL); pp++)
 			BIO_printf(bio_err,"%s",*pp);

-        BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-                   LIST_SEPARATOR_CHAR);
-        BIO_printf(bio_err,
-                   "                 load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
 		goto err;
 		}
@ -415,38 +424,32 @@ int MAIN(int argc, char **argv)
 	setup_engine(bio_err, engine, 0);
 #endif

-    if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
+		{
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto err;
 		}

-    if (!dbfile) {
+        if (!dbfile)
+		{
+

 	/*****************************************************************/
 		tofree=NULL;
+		if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
+		if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
 		if (configfile == NULL)
-            configfile = getenv("OPENSSL_CONF");
-        if (configfile == NULL)
-            configfile = getenv("SSLEAY_CONF");
-        if (configfile == NULL) {
+			{
 			const char *s=X509_get_default_cert_area();
 			size_t len;

 #ifdef OPENSSL_SYS_VMS
 			len = strlen(s)+sizeof(CONFIG_FILE);
 			tofree=OPENSSL_malloc(len);
-            if (!tofree) {
-                BIO_printf(bio_err, "Out of memory\n");
-                goto err;
-            }
 			strcpy(tofree,s);
 #else
 			len = strlen(s)+sizeof(CONFIG_FILE)+1;
 			tofree=OPENSSL_malloc(len);
-            if (!tofree) {
-                BIO_printf(bio_err, "Out of memory\n");
-                goto err;
-            }
 			BUF_strlcpy(tofree,s,len);
 			BUF_strlcat(tofree,"/",len);
 #endif
@ -454,19 +457,20 @@ int MAIN(int argc, char **argv)
 			configfile=tofree;
 			}

-        VERBOSE BIO_printf(bio_err, "Using configuration from %s\n",
-                           configfile);
+		VERBOSE BIO_printf(bio_err,"Using configuration from %s\n",configfile);
 		conf = NCONF_new(NULL);
-        if (NCONF_load(conf, configfile, &errorline) <= 0) {
+		if (NCONF_load(conf,configfile,&errorline) <= 0)
+			{
 			if (errorline <= 0)
 				BIO_printf(bio_err,"error loading the config file '%s'\n",
 					configfile);
 			else
-                BIO_printf(bio_err, "error on line %ld of config file '%s'\n",
-                           errorline, configfile);
+				BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
+					,errorline,configfile);
 			goto err;
 			}
-        if (tofree) {
+		if(tofree)
+			{
 			OPENSSL_free(tofree);
 			tofree = NULL;
 			}
@ -475,13 +479,13 @@ int MAIN(int argc, char **argv)
 			goto err;

 	/* Lets get the config section we are using */
-        if (section == NULL) {
-            VERBOSE BIO_printf(bio_err,
-                               "trying to read " ENV_DEFAULT_SRP
-                               " in \" BASE_SECTION \"\n");
+		if (section == NULL)
+			{
+			VERBOSE BIO_printf(bio_err,"trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n");

 			section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_SRP);
-            if (section == NULL) {
+			if (section == NULL)
+				{
 				lookup_fail(BASE_SECTION,ENV_DEFAULT_SRP);
 				goto err;
 				}
@ -490,11 +494,11 @@ int MAIN(int argc, char **argv)
 		if (randfile == NULL && conf)
 	        	randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");

-        VERBOSE BIO_printf(bio_err,
-                           "trying to read " ENV_DATABASE
-                           " in section \"%s\"\n", section);
 	
-        if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
+		VERBOSE BIO_printf(bio_err,"trying to read " ENV_DATABASE " in section \"%s\"\n",section);
+
+		if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+			{
 			lookup_fail(section,ENV_DATABASE);
 			goto err;
 			}
@ -505,18 +509,18 @@ int MAIN(int argc, char **argv)
       	else 
 		app_RAND_load_file(randfile, bio_err, 0);

-    VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
-                       dbfile);
+	VERBOSE BIO_printf(bio_err,"Trying to read SRP verifier file \"%s\"\n",dbfile);

 	db = load_index(dbfile, &db_attr);
-    if (db == NULL)
-        goto err;
+	if (db == NULL) goto err;

 	/* Lets check some fields */
-    for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+	for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
+		{
 		pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
 	
-        if (pp[DB_srptype][0] == DB_SRP_INDEX) {
+		if (pp[DB_srptype][0] == DB_SRP_INDEX)
+			{
 			maxgN = i;
 			if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
 				gNindex = i;
@ -527,68 +531,77 @@ int MAIN(int argc, char **argv)
 	
 	VERBOSE BIO_printf(bio_err, "Database initialised\n");

-    if (gNindex >= 0) {
+	if (gNindex >= 0)
+		{
 		gNrow = sk_OPENSSL_PSTRING_value(db->db->data,gNindex);
 		print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
-    } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
+		}
+	else if (maxgN > 0 && !SRP_get_default_gN(gN))
+		{
 		BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
 		goto err;
-    } else {
+		}
+	else
+		{
 		VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");
 		gNrow = NULL;
 		}
 	
+
 	VVERBOSE BIO_printf(bio_err,"Starting user processing\n");

 	if (argc > 0)
 		user = *(argv++) ;

-    while (list_user || user) {
+	while (list_user || user)
+		{
 		int userindex = -1;
 		if (user) 
 			VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);
-        if ((userindex = get_index(db, user, 'U')) >= 0) {
+		if ((userindex = get_index(db, user, 'U')) >= 0)
+			{
 			print_user(db, bio_err, userindex, (verbose > 0) || list_user);
 			}
 		
-        if (list_user) {
-            if (user == NULL) {
+		if (list_user)
+			{
+			if (user == NULL)
+				{
 				BIO_printf(bio_err,"List all users\n");

-                for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+				for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
+					{
 					print_user(db,bio_err, i, 1);
 					}
 				list_user = 0;
-            } else if (userindex < 0) {
-                BIO_printf(bio_err,
-                           "user \"%s\" does not exist, ignored. t\n", user);
+				}
+			else if (userindex < 0)
+				{
+				BIO_printf(bio_err, "user \"%s\" does not exist, ignored. t\n",
+					   user);
 				errors++;
 				}
-        } else if (add_user) {
-            if (userindex >= 0) {
+			}
+		else if (add_user)
+			{
+			if (userindex >= 0)
+				{
 				/* reactivation of a new user */
-                char **row =
-                    sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+				char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
 				BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
 				row[DB_srptype][0] = 'V';

 				doupdatedb = 1;
-            } else {
-                char *row[DB_NUMBER];
-                char *gNid;
+				}
+			else
+				{
+				char *row[DB_NUMBER] ; char *gNid;
 				row[DB_srpverifier] = NULL;
 				row[DB_srpsalt] = NULL;
 				row[DB_srpinfo] = NULL;
-                if (!
-                    (gNid =
-                     srp_create_user(user, &(row[DB_srpverifier]),
-                                     &(row[DB_srpsalt]),
-                                     gNrow ? gNrow[DB_srpsalt] : gN,
-                                     gNrow ? gNrow[DB_srpverifier] : NULL,
-                                     passout, bio_err, verbose))) {
-                    BIO_printf(bio_err,
-                               "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
-                               user);
+				if (!(gNid = srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:gN,gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
+					{
+						BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user);
 						errors++;
 						goto err;
 					}
@ -596,89 +609,62 @@ int MAIN(int argc, char **argv)
 				row[DB_srptype] = BUF_strdup("v");
 				row[DB_srpgN] = BUF_strdup(gNid);

-                if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype]
-                    || !row[DB_srpverifier] || !row[DB_srpsalt] || (userinfo
-                                                                    &&
-                                                                    (!(row
-                                                                       [DB_srpinfo]
-                                                                       =
-                                                                       BUF_strdup
-                                                                       (userinfo))))
-                    || !update_index(db, bio_err, row)) {
-                    if (row[DB_srpid])
-                        OPENSSL_free(row[DB_srpid]);
-                    if (row[DB_srpgN])
-                        OPENSSL_free(row[DB_srpgN]);
-                    if (row[DB_srpinfo])
-                        OPENSSL_free(row[DB_srpinfo]);
-                    if (row[DB_srptype])
-                        OPENSSL_free(row[DB_srptype]);
-                    if (row[DB_srpverifier])
-                        OPENSSL_free(row[DB_srpverifier]);
-                    if (row[DB_srpsalt])
-                        OPENSSL_free(row[DB_srpsalt]);
+				if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
+					(userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) || 
+					!update_index(db, bio_err, row))
+					{
+					if (row[DB_srpid]) OPENSSL_free(row[DB_srpid]);
+					if (row[DB_srpgN]) OPENSSL_free(row[DB_srpgN]);
+					if (row[DB_srpinfo]) OPENSSL_free(row[DB_srpinfo]);
+					if (row[DB_srptype]) OPENSSL_free(row[DB_srptype]);
+					if (row[DB_srpverifier]) OPENSSL_free(row[DB_srpverifier]);
+					if (row[DB_srpsalt]) OPENSSL_free(row[DB_srpsalt]);
 					goto err;
 					}
 				doupdatedb = 1;
 				}
-        } else if (modify_user) {
-            if (userindex < 0) {
-                BIO_printf(bio_err,
-                           "user \"%s\" does not exist, operation ignored.\n",
-                           user);
+			}
+		else if (modify_user)
+			{
+			if (userindex < 0)
+				{
+				BIO_printf(bio_err,"user \"%s\" does not exist, operation ignored.\n",user);
 				errors++;
-            } else {
+				}
+			else
+				{

-                char **row =
-                    sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+				char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
 				char type = row[DB_srptype][0];
-                if (type == 'v') {
-                    BIO_printf(bio_err,
-                               "user \"%s\" already updated, operation ignored.\n",
-                               user);
+				if (type == 'v')
+					{
+					BIO_printf(bio_err,"user \"%s\" already updated, operation ignored.\n",user);
 					errors++;
-                } else {
+					}
+				else
+					{
 					char *gNid;

-                    if (row[DB_srptype][0] == 'V') {
+					if (row[DB_srptype][0] == 'V')
+						{
 						int user_gN;
 						char **irow = NULL;
-                        VERBOSE BIO_printf(bio_err,
-                                           "Verifying password for user \"%s\"\n",
-                                           user);
-                        if ((user_gN =
-                             get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
-                            irow =
-                                (char **)sk_OPENSSL_PSTRING_value(db->
-                                                                  db->data,
-                                                                  userindex);
+						VERBOSE BIO_printf(bio_err,"Verifying password for user \"%s\"\n",user);
+						if ( (user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
+							irow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);

-                        if (!srp_verify_user
-                            (user, row[DB_srpverifier], row[DB_srpsalt],
-                             irow ? irow[DB_srpsalt] : row[DB_srpgN],
-                             irow ? irow[DB_srpverifier] : NULL, passin,
-                             bio_err, verbose)) {
-                            BIO_printf(bio_err,
-                                       "Invalid password for user \"%s\", operation abandoned.\n",
-                                       user);
+ 						if (!srp_verify_user(user, row[DB_srpverifier], row[DB_srpsalt], irow ? irow[DB_srpsalt] : row[DB_srpgN], irow ? irow[DB_srpverifier] : NULL, passin, bio_err, verbose))
+							{
+							BIO_printf(bio_err, "Invalid password for user \"%s\", operation abandoned.\n", user);
 							errors++;
 							goto err;
 							}
 						} 
-                    VERBOSE BIO_printf(bio_err,
-                                       "Password for user \"%s\" ok.\n",
-                                       user);
+					VERBOSE BIO_printf(bio_err,"Password for user \"%s\" ok.\n",user);

-                    if (!
-                        (gNid =
-                         srp_create_user(user, &(row[DB_srpverifier]),
-                                         &(row[DB_srpsalt]),
-                                         gNrow ? gNrow[DB_srpsalt] : NULL,
-                                         gNrow ? gNrow[DB_srpverifier] : NULL,
-                                         passout, bio_err, verbose))) {
-                        BIO_printf(bio_err,
-                                   "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
-                                   user);
+					if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
+						{
+						BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
 						errors++;
 						goto err;
 						}
@ -686,24 +672,24 @@ int MAIN(int argc, char **argv)
 					row[DB_srptype][0] = 'v';
 					row[DB_srpgN] = BUF_strdup(gNid);
 
-                    if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype]
-                        || !row[DB_srpverifier] || !row[DB_srpsalt]
-                        || (userinfo
-                            && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))
+					if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
+						(userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))  
 						goto err;

 					doupdatedb = 1;
 					}
 				}
-        } else if (delete_user) {
-            if (userindex < 0) {
-                BIO_printf(bio_err,
-                           "user \"%s\" does not exist, operation ignored. t\n",
-                           user);
+			}
+		else if (delete_user)
+			{
+			if (userindex < 0)
+				{
+				BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored. t\n", user);
 				errors++;
-            } else {
-                char **xpp =
-                    sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+				}
+			else
+				{
+				char **xpp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
 				BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);

 				xpp[DB_srptype][0] = 'R';
@ -713,7 +699,8 @@ int MAIN(int argc, char **argv)
 			}
 		if (--argc > 0)
 			user = *(argv++) ;
-        else {
+		else
+			{
 			user = NULL;
 			list_user = 0;
 			}
@ -721,24 +708,26 @@ int MAIN(int argc, char **argv)

 	VERBOSE BIO_printf(bio_err,"User procession done.\n");

-    if (doupdatedb) {
+
+	if (doupdatedb)
+		{
 		/* Lets check some fields */
-        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+		for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
+			{
 			pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
 	
-            if (pp[DB_srptype][0] == 'v') {
+			if (pp[DB_srptype][0] == 'v')
+				{
 				pp[DB_srptype][0] = 'V';
 				print_user(db, bio_err, i, verbose);
 				}
 			}

 		VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n");
-        if (!save_index(dbfile, "new", db))
-            goto err;
+		if (!save_index(dbfile, "new", db)) goto err;
 				
 		VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n");
-        if (!rotate_index(dbfile, "new", "old"))
-            goto err;
+		if (!rotate_index(dbfile, "new", "old")) goto err;

 		VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");
 		}
@ -751,18 +740,17 @@ int MAIN(int argc, char **argv)
 	VERBOSE BIO_printf(bio_err,"SRP terminating with code %d.\n",ret);
 	if(tofree)
 		OPENSSL_free(tofree);
-    if (ret)
-        ERR_print_errors(bio_err);
-    if (randfile)
-        app_RAND_write_file(randfile, bio_err);
-    if (conf)
-        NCONF_free(conf);
-    if (db)
-        free_index(db);
+	if (ret) ERR_print_errors(bio_err);
+	if (randfile) app_RAND_write_file(randfile, bio_err);
+	if (conf) NCONF_free(conf);
+	if (db) free_index(db);

 	OBJ_cleanup();
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}

+
+
 #endif
+
--- a/apps/testdsa.h
+++ b/apps/testdsa.h
@ -7,7 +7,6 @@ static unsigned char dsa512_priv[] = {
 	0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c,
 	0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2,
 	};
-
 static unsigned char dsa512_pub[] = {
 	0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07,
 	0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a,
@ -16,7 +15,6 @@ static unsigned char dsa512_pub[] = {
 	0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84,
 	0xbe,0xba,0x0a,0x6b,0xc8,
 	};
-
 static unsigned char dsa512_p[]={
 	0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
 	0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
@ -25,12 +23,10 @@ static unsigned char dsa512_p[] = {
 	0x96,0xE4,0x37,0x33,0xBB,0x2D,0x5A,0xD7,0x5A,0x11,0x40,0x66,
 	0xA2,0x76,0x7D,0x31,
 	};
-
 static unsigned char dsa512_q[]={
 	0xFB,0x53,0xEF,0x50,0xB4,0x40,0x92,0x31,0x56,0x86,0x53,0x7A,
 	0xE8,0x8B,0x22,0x9A,0x49,0xFB,0x71,0x8F,
 	};
-
 static unsigned char dsa512_g[]={
 	0x83,0x3E,0x88,0xE5,0xC5,0x89,0x73,0xCE,0x3B,0x6C,0x01,0x49,
 	0xBF,0xB3,0xC7,0x9F,0x0A,0xEA,0x44,0x91,0xE5,0x30,0xAA,0xD9,
@ -44,15 +40,14 @@ DSA *get_dsa512()
 	{
 	DSA *dsa;

-    if ((dsa = DSA_new()) == NULL)
-        return (NULL);
+	if ((dsa=DSA_new()) == NULL) return(NULL);
 	dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL);
 	dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL);
 	dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
 	dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
 	dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
-    if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
-        || (dsa->q == NULL) || (dsa->g == NULL))
+	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+				(dsa->q == NULL) || (dsa->g == NULL))
 		return(NULL);
 	return(dsa);
 	}
@ -61,7 +56,6 @@ static unsigned char dsa1024_priv[] = {
 	0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8,
 	0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18,
 	};
-
 static unsigned char dsa1024_pub[]={
 	0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63,
 	0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50,
@ -75,7 +69,6 @@ static unsigned char dsa1024_pub[] = {
 	0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97,
 	0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b
 	};
-
 static unsigned char dsa1024_p[]={
 	0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
 	0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
@ -89,12 +82,10 @@ static unsigned char dsa1024_p[] = {
 	0x39,0x4F,0xFD,0xB7,0x43,0x1F,0xB5,0xA4,0x65,0x6F,0xCD,0x80,
 	0x11,0xE4,0x70,0x95,0x5B,0x50,0xCD,0x49,
 	};
-
 static unsigned char dsa1024_q[]={
 	0xF7,0x07,0x31,0xED,0xFA,0x6C,0x06,0x03,0xD5,0x85,0x8A,0x1C,
 	0xAC,0x9C,0x65,0xE7,0x50,0x66,0x65,0x6F,
 	};
-
 static unsigned char dsa1024_g[]={
 	0x4D,0xDF,0x4C,0x03,0xA6,0x91,0x8A,0xF5,0x19,0x6F,0x50,0x46,
 	0x25,0x99,0xE5,0x68,0x6F,0x30,0xE3,0x69,0xE1,0xE5,0xB3,0x5D,
@ -113,15 +104,14 @@ DSA *get_dsa1024()
 	{
 	DSA *dsa;

-    if ((dsa = DSA_new()) == NULL)
-        return (NULL);
+	if ((dsa=DSA_new()) == NULL) return(NULL);
 	dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL);
 	dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL);
 	dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
 	dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
 	dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
-    if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
-        || (dsa->q == NULL) || (dsa->g == NULL))
+	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+				(dsa->q == NULL) || (dsa->g == NULL))
 		return(NULL);
 	return(dsa);
 	}
@ -130,7 +120,6 @@ static unsigned char dsa2048_priv[] = {
 	0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45,
 	0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7,
 	};
-
 static unsigned char dsa2048_pub[]={
 	0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0,
 	0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd,
@ -155,7 +144,6 @@ static unsigned char dsa2048_pub[] = {
 	0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33,
 	0x8b,0x33,0xb7,0xce,
 	};
-
 static unsigned char dsa2048_p[]={
 	0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
 	0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
@ -180,12 +168,10 @@ static unsigned char dsa2048_p[] = {
 	0x5D,0xA7,0xD8,0x54,0xC3,0x65,0x7D,0xC3,0xB0,0x1D,0xBF,0xAE,
 	0xF8,0x68,0xCF,0x9B,
 	};
-
 static unsigned char dsa2048_q[]={
 	0x97,0xE7,0x33,0x4D,0xD3,0x94,0x3E,0x0B,0xDB,0x62,0x74,0xC6,
 	0xA1,0x08,0xDD,0x19,0xA3,0x75,0x17,0x1B,
 	};
-
 static unsigned char dsa2048_g[]={
 	0x2C,0x78,0x16,0x59,0x34,0x63,0xF4,0xF3,0x92,0xFC,0xB5,0xA5,
 	0x4F,0x13,0xDE,0x2F,0x1C,0xA4,0x3C,0xAE,0xAD,0x38,0x3F,0x7E,
@ -215,19 +201,17 @@ DSA *get_dsa2048()
 	{
 	DSA *dsa;
 
-    if ((dsa = DSA_new()) == NULL)
-        return (NULL);
+	if ((dsa=DSA_new()) == NULL) return(NULL);
 	dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL);
 	dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL);
 	dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
 	dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
 	dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
-    if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
-        || (dsa->q == NULL) || (dsa->g == NULL))
+	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+				(dsa->q == NULL) || (dsa->g == NULL))
 		return(NULL);
 	return(dsa);
 	}

-static const char rnd_seed[] =
-    "string to make the random number generator think it has entropy";
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
 static int rnd_fake = 0;
--- a/apps/ts.c
+++ b/apps/ts.c
--- a/apps/verify.c
+++ b/apps/verify.c
@ -93,8 +93,7 @@ int MAIN(int argc, char **argv)
 #endif

 	cert_ctx=X509_STORE_new();
-    if (cert_ctx == NULL)
-        goto end;
+	if (cert_ctx == NULL) goto end;
 	X509_STORE_set_verify_cb(cert_ctx,cb);

 	ERR_load_crypto_strings();
@ -110,37 +109,46 @@ int MAIN(int argc, char **argv)

 	argc--;
 	argv++;
-    for (;;) {
-        if (argc >= 1) {
-            if (strcmp(*argv, "-CApath") == 0) {
-                if (argc-- < 1)
-                    goto end;
+	for (;;)
+		{
+		if (argc >= 1)
+			{
+			if (strcmp(*argv,"-CApath") == 0)
+				{
+				if (argc-- < 1) goto end;
 				CApath= *(++argv);
-            } else if (strcmp(*argv, "-CAfile") == 0) {
-                if (argc-- < 1)
-                    goto end;
+				}
+			else if (strcmp(*argv,"-CAfile") == 0)
+				{
+				if (argc-- < 1) goto end;
 				CAfile= *(++argv);
-            } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
+				}
+			else if (args_verify(&argv, &argc, &badarg, bio_err,
+									&vpm))
+				{
 				if (badarg)
 					goto end;
 				continue;
-            } else if (strcmp(*argv, "-untrusted") == 0) {
-                if (argc-- < 1)
-                    goto end;
+				}
+			else if (strcmp(*argv,"-untrusted") == 0)
+				{
+				if (argc-- < 1) goto end;
 				untfile= *(++argv);
-            } else if (strcmp(*argv, "-trusted") == 0) {
-                if (argc-- < 1)
-                    goto end;
+				}
+			else if (strcmp(*argv,"-trusted") == 0)
+				{
+				if (argc-- < 1) goto end;
 				trustfile= *(++argv);
-            } else if (strcmp(*argv, "-CRLfile") == 0) {
-                if (argc-- < 1)
-                    goto end;
+				}
+			else if (strcmp(*argv,"-CRLfile") == 0)
+				{
+				if (argc-- < 1) goto end;
 				crlfile= *(++argv);
 				}
 #ifndef OPENSSL_NO_ENGINE
-            else if (strcmp(*argv, "-engine") == 0) {
-                if (--argc < 1)
-                    goto end;
+			else if (strcmp(*argv,"-engine") == 0)
+				{
+				if (--argc < 1) goto end;
 				engine= *(++argv);
 				}
 #endif
@ -154,7 +162,8 @@ int MAIN(int argc, char **argv)
 				break;
 			argc--;
 			argv++;
-        } else
+			}
+		else
 			break;
 		}

@ -166,8 +175,7 @@ int MAIN(int argc, char **argv)
 		X509_STORE_set1_param(cert_ctx, vpm);

 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
-    if (lookup == NULL)
-        abort();
+	if (lookup == NULL) abort();
 	if (CAfile) {
 		i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM);
 		if(!i) {
@ -175,12 +183,10 @@ int MAIN(int argc, char **argv)
 			ERR_print_errors(bio_err);
 			goto end;
 		}
-    } else
-        X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
 		
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
-    if (lookup == NULL)
-        abort();
+	if (lookup == NULL) abort();
 	if (CApath) {
 		i=X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM);
 		if(!i) {
@ -188,36 +194,42 @@ int MAIN(int argc, char **argv)
 			ERR_print_errors(bio_err);
 			goto end;
 		}
-    } else
-        X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);

 	ERR_clear_error();

-    if (untfile) {
+	if(untfile)
+		{
 		untrusted = load_certs(bio_err, untfile, FORMAT_PEM,
 					NULL, e, "untrusted certificates");
 		if(!untrusted)
 			goto end;
 		}

-    if (trustfile) {
+	if(trustfile)
+		{
 		trusted = load_certs(bio_err, trustfile, FORMAT_PEM,
 					NULL, e, "trusted certificates");
 		if(!trusted)
 			goto end;
 		}

-    if (crlfile) {
-        crls = load_crls(bio_err, crlfile, FORMAT_PEM, NULL, e, "other CRLs");
+	if(crlfile)
+		{
+		crls = load_crls(bio_err, crlfile, FORMAT_PEM,
+					NULL, e, "other CRLs");
 		if(!crls)
 			goto end;
 		}

 	ret = 0;
-    if (argc < 1) {
+	if (argc < 1)
+		{ 
 		if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
 			ret = -1;
-    } else {
+		}
+	else
+		{
 		for (i=0; i<argc; i++)
 			if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e))
 				ret = -1;
@ -225,16 +237,16 @@ int MAIN(int argc, char **argv)

 end:
 	if (ret == 1) {
-        BIO_printf(bio_err,
-                   "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
-        BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
+		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
+		BIO_printf(bio_err," [-attime timestamp]");
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," [-engine e]");
 #endif
 		BIO_printf(bio_err," cert1 cert2 ...\n");

 		BIO_printf(bio_err,"recognized usages:\n");
-        for (i = 0; i < X509_PURPOSE_get_count(); i++) {
+		for(i = 0; i < X509_PURPOSE_get_count(); i++)
+			{
 			X509_PURPOSE *ptmp;
 			ptmp = X509_PURPOSE_get0(i);
 			BIO_printf(bio_err, "\t%-10s\t%s\n",
@ -242,10 +254,8 @@ int MAIN(int argc, char **argv)
 				   X509_PURPOSE_get0_name(ptmp));
 			}
 	}
-    if (vpm)
-        X509_VERIFY_PARAM_free(vpm);
-    if (cert_ctx != NULL)
-        X509_STORE_free(cert_ctx);
+	if (vpm) X509_VERIFY_PARAM_free(vpm);
+	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
 	sk_X509_pop_free(untrusted, X509_free);
 	sk_X509_pop_free(trusted, X509_free);
 	sk_X509_CRL_pop_free(crls, X509_CRL_free);
@ -267,17 +277,18 @@ static int check(X509_STORE *ctx, char *file,
 	fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);

 	csc = X509_STORE_CTX_new();
-    if (csc == NULL) {
+	if (csc == NULL)
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	X509_STORE_set_flags(ctx, vflags);
-    if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
+	if(!X509_STORE_CTX_init(csc,ctx,x,uchain))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-    if (tchain)
-        X509_STORE_CTX_trusted_stack(csc, tchain);
+	if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
 	if (crls)
 		X509_STORE_CTX_set0_crls(csc, crls);
 	i=X509_verify_cert(csc);
@ -285,13 +296,14 @@ static int check(X509_STORE *ctx, char *file,

 	ret=0;
 end:
-    if (i > 0) {
+	if (i > 0)
+		{
 		fprintf(stdout,"OK\n");
 		ret=1;
-    } else
+		}
+	else
 		ERR_print_errors(bio_err);
-    if (x != NULL)
-        X509_free(x);
+	if (x != NULL) X509_free(x);

 	return(ret);
 	}
@ -301,8 +313,10 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
 	int cert_error = X509_STORE_CTX_get_error(ctx);
 	X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);

-    if (!ok) {
-        if (current_cert) {
+	if (!ok)
+		{
+		if (current_cert)
+			{
 			X509_NAME_print_ex_fp(stdout,
 				X509_get_subject_name(current_cert),
 				0, XN_FLAG_ONELINE);
@ -313,14 +327,15 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
 			cert_error,
 			X509_STORE_CTX_get_error_depth(ctx),
 			X509_verify_cert_error_string(cert_error));
-        switch (cert_error) {
+		switch(cert_error)
+			{
 			case X509_V_ERR_NO_EXPLICIT_POLICY:
 				policies_print(NULL, ctx);
 			case X509_V_ERR_CERT_HAS_EXPIRED:

-            /*
-             * since we are just checking the certificates, it is ok if they
-             * are self signed. But we should still warn the user.
+			/* since we are just checking the certificates, it is
+			 * ok if they are self signed. But we should still warn
+			 * the user.
 			 */

 			case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
--- a/apps/version.c
+++ b/apps/version.c
@ -148,9 +148,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-    if (argc == 1)
-        version = 1;
-    for (i = 1; i < argc; i++) {
+	if (argc == 1) version=1;
+	for (i=1; i<argc; i++)
+		{
 		if (strcmp(argv[i],"-v") == 0)
 			version=1;	
 		else if (strcmp(argv[i],"-b") == 0)
@ -165,26 +165,31 @@ int MAIN(int argc, char **argv)
 			dir=1;
 		else if (strcmp(argv[i],"-a") == 0)
 			date=version=cflags=options=platform=dir=1;
-        else {
+		else
+			{
 			BIO_printf(bio_err,"usage:version -[avbofpd]\n");
 			ret=1;
 			goto end;
 			}
 		}

-    if (version) {
-        if (SSLeay() == SSLEAY_VERSION_NUMBER) {
+	if (version)
+		{
+		if (SSLeay() == SSLEAY_VERSION_NUMBER)
+			{
 			printf("%s\n",SSLeay_version(SSLEAY_VERSION));
-        } else {
+			}
+		else
+			{
 			printf("%s (Library: %s)\n",
-                   OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION));
+				OPENSSL_VERSION_TEXT,
+				SSLeay_version(SSLEAY_VERSION));
 			}
 		}
-    if (date)
-        printf("%s\n", SSLeay_version(SSLEAY_BUILT_ON));
-    if (platform)
-        printf("%s\n", SSLeay_version(SSLEAY_PLATFORM));
-    if (options) {
+	if (date)    printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
+	if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));
+	if (options) 
+		{
 		printf("options:  ");
 		printf("%s ",BN_options());
 #ifndef OPENSSL_NO_MD2
@ -204,10 +209,8 @@ int MAIN(int argc, char **argv)
 #endif
 		printf("\n");
 		}
-    if (cflags)
-        printf("%s\n", SSLeay_version(SSLEAY_CFLAGS));
-    if (dir)
-        printf("%s\n", SSLeay_version(SSLEAY_DIR));
+	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+	if (dir)  printf("%s\n",SSLeay_version(SSLEAY_DIR));
 end:
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
--- a/apps/vms_decc_init.c
+++ b/apps/vms_decc_init.c
@ -5,7 +5,7 @@

 #ifdef USE_DECC_INIT

-/*-
+/*
 * 2010-04-26 SMS.
 *
 *----------------------------------------------------------------------
@ -22,34 +22,37 @@
 #include <stdlib.h>
 #include <unixlib.h>

+
 /* Global storage. */

 /* Flag to sense if decc_init() was called. */

 int decc_init_done = -1;

+
 /* Structure to hold a DECC$* feature name and its desired value. */

-typedef struct {
+typedef struct
+{
    char *name;
    int value;
 } decc_feat_t;

-/*
- * Array of DECC$* feature names and their desired values. Note:
- * DECC$ARGV_PARSE_STYLE is the urgent one.
+
+/* Array of DECC$* feature names and their desired values.
+ * Note: DECC$ARGV_PARSE_STYLE is the urgent one.
 */

-decc_feat_t decc_feat_array[] = {
+decc_feat_t decc_feat_array[] =
+{
 /* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */
 { "DECC$ARGV_PARSE_STYLE", 1 },

 /* Preserve case for file names on ODS5 disks. */
 { "DECC$EFS_CASE_PRESERVE", 1 },

-    /*
-     * Enable multiple dots (and most characters) in ODS5 file names, while
-     * preserving VMS-ness of ";version".
+ /* Enable multiple dots (and most characters) in ODS5 file names,
+  * while preserving VMS-ness of ";version".
  */
 { "DECC$EFS_CHARSET", 1 },

@ -57,6 +60,7 @@ decc_feat_t decc_feat_array[] = {
 { (char *)NULL, 0 }
 };

+
 /* LIB$INITIALIZE initialization function. */

 static void decc_init( void)
@ -72,9 +76,11 @@ static void decc_init(void)

    /* Get debug option. */
    openssl_debug_decc_init = getenv( "OPENSSL_DEBUG_DECC_INIT");
-    if (openssl_debug_decc_init != NULL) {
+    if (openssl_debug_decc_init != NULL)
+    {
        verbose = strtol( openssl_debug_decc_init, NULL, 10);
-        if (verbose <= 0) {
+        if (verbose <= 0)
+        {
            verbose = 1;
        }
    }
@ -84,10 +90,12 @@ static void decc_init(void)

    /* Loop through all items in the decc_feat_array[]. */

-    for (i = 0; decc_feat_array[i].name != NULL; i++) {
+    for (i = 0; decc_feat_array[ i].name != NULL; i++)
+    {
        /* Get the feature index. */
        feat_index = decc$feature_get_index( decc_feat_array[ i].name);
-        if (feat_index >= 0) {
+        if (feat_index >= 0)
+        {
            /* Valid item.  Collect its properties. */
            feat_value = decc$feature_get_value( feat_index, 1);
            feat_value_min = decc$feature_get_value( feat_index, 2);
@ -95,34 +103,43 @@ static void decc_init(void)

            /* Check the validity of our desired value. */
            if ((decc_feat_array[ i].value >= feat_value_min) &&
-                (decc_feat_array[i].value <= feat_value_max)) {
+             (decc_feat_array[ i].value <= feat_value_max))
+            {
                /* Valid value.  Set it if necessary. */
-                if (feat_value != decc_feat_array[i].value) {
+                if (feat_value != decc_feat_array[ i].value)
+                {
                    sts = decc$feature_set_value( feat_index,
-                                                 1, decc_feat_array[i].value);
+                     1,
+                     decc_feat_array[ i].value);

-                    if (verbose > 1) {
+                     if (verbose > 1)
+                     {
                         fprintf( stderr, " %s = %d, sts = %d.\n",
                          decc_feat_array[ i].name,
-                                decc_feat_array[i].value, sts);
+                          decc_feat_array[ i].value,
+                          sts);
                     }
                }
-            } else {
+            }
+            else
+            {
                /* Invalid DECC feature value. */
                fprintf( stderr,
                 " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n",
                 feat_value,
-                        feat_value_min, decc_feat_array[i].name,
-                        feat_value_max);
+                 feat_value_min, decc_feat_array[ i].name, feat_value_max);
            }
-        } else {
+        }
+        else
+        {
            /* Invalid DECC feature name. */
            fprintf( stderr,
             " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[ i].name);
        }
    }

-    if (verbose > 0) {
+    if (verbose > 0)
+    {
        fprintf( stderr, " DECC_INIT complete.\n");
    }
 }
@ -131,9 +148,8 @@ static void decc_init(void)

 #pragma nostandard

-/*
- * Establish the LIB$INITIALIZE PSECTs, with proper alignment and other
- * attributes.  Note that "nopic" is significant only on VAX.
+/* Establish the LIB$INITIALIZE PSECTs, with proper alignment and
+ * other attributes.  Note that "nopic" is significant only on VAX.
 */
 #pragma extern_model save

--- a/apps/winrand.c
+++ b/apps/winrand.c
@ -53,8 +53,7 @@
 *
 */

-/*-
- * Usage: winrand [filename]
+/* Usage: winrand [filename]
 *
 * Collects entropy from mouse movements and other events and writes
 * random data to filename or .rnd
@ -99,13 +98,14 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,

        hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
 		WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
-                        CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance,
-                        NULL);
+		CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance, NULL);

 	ShowWindow(hwnd, iCmdShow);
 	UpdateWindow(hwnd);

-    while (GetMessage(&msg, NULL, 0, 0)) {
+
+	while (GetMessage(&msg, NULL, 0, 0))
+		{
 		TranslateMessage(&msg);
 		DispatchMessage(&msg);
 		}
@ -120,7 +120,8 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
        RECT rect;
        static int seeded = 0;

-    switch (iMsg) {
+	switch (iMsg)
+		{
 	case WM_PAINT:
 		hdc = BeginPaint(hwnd, &ps);
 		GetClientRect(hwnd, &rect);
@ -134,7 +135,8 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
                return 0;
                }

-    if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0) {
+        if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0)
+                {
                seeded = 1;
                if (RAND_write_file(filename) <= 0)
                        MessageBox(hwnd, "Couldn't write random file!",
--- a/apps/x509.c
+++ b/apps/x509.c
--- a/appveyor.yml
+++ b/appveyor.yml
@ -1,60 +0,0 @@
-platform:
-    - x86
-    - x64
-
-environment:
-    matrix:
-        - VSVER: 9
-        - VSVER: 10
-        - VSVER: 11
-        - VSVER: 12
-        - VSVER: 14
-
-configuration:
-    - plain
-    - shared
-
-matrix:
-    allow_failures:
-        - platform: x64
-          VSVER: 9
-        - platform: x64
-          VSVER: 10
-        - platform: x64
-          VSVER: 11
-
-before_build:
-    - ps: >-
-        If ($env:Platform -Match "x86") {
-            $env:VCVARS_PLATFORM="x86"
-            $env:TARGET="VC-WIN32"
-            $env:DO="do_ms"
-        } Else {
-            $env:VCVARS_PLATFORM="amd64"
-            $env:TARGET="VC-WIN64A"
-            $env:DO="do_win64a"
-        }
-    - ps: >-
-        If ($env:Configuration -Like "*shared*") {
-            $env:MAK="ntdll.mak"
-        } Else {
-            $env:MAK="nt.mak"
-        }
-    - ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS"))
-    - call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
-    - perl Configure %TARGET% no-asm
-    - call ms\%DO%
-
-build_script:
-    - nmake /f ms\%MAK%
-
-test_script:
-    - nmake /f ms\%MAK% test
-
-notifications:
-    - provider: Email
-      to:
-          - openssl-commits@openssl.org
-      on_build_success: false
-      on_build_failure: true
-      on_build_status_changed: true
--- a/bugs/alpha.c
+++ b/bugs/alpha.c
@ -56,13 +56,11 @@
 * [including the GNU Public Licence.]
 */

-/*
- * while not exactly a bug (ASN1 C leaves this undefined) it is something to
- * watch out for.  This was fine on linux/NT/Solaris but not Alpha
- */
+/* while not exactly a bug (ASN1 C leaves this undefined) it is
+ * something to watch out for.  This was fine on linux/NT/Solaris but not
+ * Alpha */

-/*-
- * it is basically an example of
+/* it is basically an example of
 * func(*(a++),*(a++))
 * which parameter is evaluated first?  It is not defined in ASN1 C.
 */
@ -86,7 +84,8 @@ main()

        p=data;

-    for (i = 0; i < 4; i++) {
+        for (i=0; i<4; i++)
+                {
                func(p,*(p++));
                }
        }
--- a/bugs/dggccbug.c
+++ b/bugs/dggccbug.c
@ -4,18 +4,17 @@

 #include <stdio.h>

-/*
- * There is a bug in gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14
- * 1994) as shipped with DGUX 5.4R3.10 that can be bypassed by defining
- * DG_GCC_BUG in my code. The bug manifests itself by the vaule of a pointer
- * that is used only by reference, not having it's value change when it is
- * used to check for exiting the loop.  Probably caused by there being 2
- * copies of the valiable, one in a register and one being an address that is
- * passed.
- */
+/* There is a bug in
+ * gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14 1994)
+ * as shipped with DGUX 5.4R3.10 that can be bypassed by defining
+ * DG_GCC_BUG in my code.
+ * The bug manifests itself by the vaule of a pointer that is
+ * used only by reference, not having it's value change when it is used
+ * to check for exiting the loop.  Probably caused by there being 2
+ * copies of the valiable, one in a register and one being an address
+ * that is passed. */

-/*-
- * compare the out put from
+/* compare the out put from
 * gcc dggccbug.c; ./a.out
 * and
 * gcc -O dggccbug.c; ./a.out
@ -35,7 +34,8 @@ main()
 	int dummy;
 #endif

-    while (p < 3) {
+	while (p<3)
+		{
 		fprintf(stderr,"%08X\n",p);
 		inc(&p);
 #ifdef FIXBUG
--- a/bugs/sgiccbug.c
+++ b/bugs/sgiccbug.c
@ -4,26 +4,22 @@

 #include <stdio.h>

-/*
- * This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are the
- * only versions of IRIX I have access to. defining FIXBUG removes the bug.
- * (bug is still present in IRIX 6.3 according to Gage
- * <agage@forgetmenot.Mines.EDU>
+/* This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are
+ * the only versions of IRIX I have access to.
+ * defining FIXBUG removes the bug.
+ * (bug is still present in IRIX 6.3 according to
+ * Gage <agage@forgetmenot.Mines.EDU>
 */
 
-/*-
- * Compare the output from
+/* Compare the output from
 * cc sgiccbug.c; ./a.out
 * and
 * cc -O sgiccbug.c; ./a.out
 */

-static unsigned long a[4] =
-    { 0x01234567, 0x89ABCDEF, 0xFEDCBA98, 0x76543210 };
-static unsigned long b[4] =
-    { 0x89ABCDEF, 0xFEDCBA98, 0x76543210, 0x01234567 };
-static unsigned long c[4] =
-    { 0x77777778, 0x8ACF1357, 0x88888888, 0x7530ECA9 };
+static unsigned long a[4]={0x01234567,0x89ABCDEF,0xFEDCBA98,0x76543210};
+static unsigned long b[4]={0x89ABCDEF,0xFEDCBA98,0x76543210,0x01234567};
+static unsigned long c[4]={0x77777778,0x8ACF1357,0x88888888,0x7530ECA9};

 main()
 	{
@ -48,7 +44,8 @@ unsigned long *r, *a, *b;
 	bp=b;
 	rp=r;
 	carry=0;
-    for (i = 0; i < 4; i++) {
+	for (i=0; i<4; i++)
+		{
 		t1= *(ap++);
 		t2= *(bp++);
 		t1=(t1-t2);
--- a/bugs/stream.c
+++ b/bugs/stream.c
@ -64,9 +64,8 @@
 #include <openssl/des.h>
 #endif

-/*
- * show how stream ciphers are not very good.  The mac has no affect on RC4
- * while it does for cfb DES
+/* show how stream ciphers are not very good.  The mac has no affect
+ * on RC4 while it does for cfb DES
 */

 main()
--- a/bugs/ultrixcc.c
+++ b/bugs/ultrixcc.c
@ -1,7 +1,6 @@
 #include <stdio.h>

-/*-
- * This is a cc optimiser bug for ultrix 4.3, mips CPU.
+/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
 * What happens is that the compiler, due to the (a)&7,
 * does
 * i=a&7;
@ -21,7 +20,8 @@ main()
 int f(a)
 int a;
 	{
-    switch (a & 7) {
+	switch(a&7)
+		{
 	case 7:
 		printf("7\n");
 	case 6:
@ -42,3 +42,4 @@ int a;
 #endif
 		}
 	}	
+
--- a/crypto/.cvsignore
+++ b/crypto/.cvsignore
@ -0,0 +1,8 @@
+lib
+buildinf.h
+opensslconf.h
+Makefile.save
+*.flc
+semantic.cache
+*cpuid.s
+uplink-cof.s
--- a/crypto/LPdir_nyi.c
+++ b/crypto/LPdir_nyi.c
@ -1,6 +1,4 @@
-/*
- * $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $
- */
+/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */
 /*
 * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
 * All rights reserved.
@ -31,15 +29,12 @@
 #include "LPdir.h"
 #endif

-struct LP_dir_context_st {
-    void *dummy;
-};
+struct LP_dir_context_st { void *dummy; };
 const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 	{
 	errno = EINVAL;
 	return 0;
 	}
-
 int LP_find_file_end(LP_DIR_CTX **ctx)
 	{
 	errno = EINVAL;
--- a/crypto/LPdir_unix.c
+++ b/crypto/LPdir_unix.c
@ -1,7 +1,4 @@
-/*
- * $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp
- * $
- */
+/* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp $ */
 /*
 * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
 * All rights reserved.
@ -39,30 +36,28 @@
 #include "LPdir.h"
 #endif

-/*
- * The POSIXly macro for the maximum number of characters in a file path is
- * NAME_MAX.  However, some operating systems use PATH_MAX instead.
- * Therefore, it seems natural to first check for PATH_MAX and use that, and
- * if it doesn't exist, use NAME_MAX.
- */
+/* The POSIXly macro for the maximum number of characters in a file path
+   is NAME_MAX.  However, some operating systems use PATH_MAX instead.
+   Therefore, it seems natural to first check for PATH_MAX and use that,
+   and if it doesn't exist, use NAME_MAX. */
 #if defined(PATH_MAX)
 # define LP_ENTRY_SIZE PATH_MAX
 #elif defined(NAME_MAX)
 # define LP_ENTRY_SIZE NAME_MAX
 #endif

-/*
- * Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
- * exist.  It's also possible that NAME_MAX exists but is define to a very
- * small value (HP-UX offers 14), so we need to check if we got a result, and
- * if it meets a minimum standard, and create or change it if not.
- */
+/* Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
+   exist.  It's also possible that NAME_MAX exists but is define to a
+   very small value (HP-UX offers 14), so we need to check if we got a
+   result, and if it meets a minimum standard, and create or change it
+   if not. */
 #if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255
 # undef LP_ENTRY_SIZE
 # define LP_ENTRY_SIZE 255
 #endif

-struct LP_dir_context_st {
+struct LP_dir_context_st
+{
  DIR *dir;
  char entry_name[LP_ENTRY_SIZE+1];
 };
@ -71,22 +66,26 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 {
  struct dirent *direntry = NULL;

-    if (ctx == NULL || directory == NULL) {
+  if (ctx == NULL || directory == NULL)
+    {
      errno = EINVAL;
      return 0;
    }

  errno = 0;
-    if (*ctx == NULL) {
+  if (*ctx == NULL)
+    {
      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
-        if (*ctx == NULL) {
+      if (*ctx == NULL)
+	{
 	  errno = ENOMEM;
 	  return 0;
 	}
      memset(*ctx, '\0', sizeof(LP_DIR_CTX));

      (*ctx)->dir = opendir(directory);
-        if ((*ctx)->dir == NULL) {
+      if ((*ctx)->dir == NULL)
+	{
 	  int save_errno = errno; /* Probably not needed, but I'm paranoid */
 	  free(*ctx);
 	  *ctx = NULL;
@ -96,23 +95,25 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
    }

  direntry = readdir((*ctx)->dir);
-    if (direntry == NULL) {
+  if (direntry == NULL)
+    {
      return 0;
    }

-    strncpy((*ctx)->entry_name, direntry->d_name,
-            sizeof((*ctx)->entry_name) - 1);
+  strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1);
  (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
  return (*ctx)->entry_name;
 }

 int LP_find_file_end(LP_DIR_CTX **ctx)
 {
-    if (ctx != NULL && *ctx != NULL) {
+  if (ctx != NULL && *ctx != NULL)
+    {
      int ret = closedir((*ctx)->dir);

      free(*ctx);
-        switch (ret) {
+      switch (ret)
+	{
 	case 0:
 	  return 1;
 	case -1:
--- a/crypto/LPdir_vms.c
+++ b/crypto/LPdir_vms.c
@ -46,7 +46,8 @@
 # define EVMSERR	65535  /* error for non-translatable VMS errors */
 #endif

-struct LP_dir_context_st {
+struct LP_dir_context_st
+{
  unsigned long VMS_context;
  char filespec[ NAMX_MAXRSS+ 1];
  char result[ NAMX_MAXRSS+ 1];
@ -74,17 +75,20 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
  flags |= LIB$M_FIL_LONG_NAMES;
 #endif

-    if (ctx == NULL || directory == NULL) {
+  if (ctx == NULL || directory == NULL)
+    {
      errno = EINVAL;
      return 0;
    }

  errno = 0;
-    if (*ctx == NULL) {
+  if (*ctx == NULL)
+    {
      size_t filespeclen = strlen(directory);
      char *filespec = NULL;

-        if (filespeclen == 0) {
+      if (filespeclen == 0)
+	{
 	  errno = ENOENT;
 	  return 0;
 	}
@ -92,20 +96,23 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
      /* MUST be a VMS directory specification!  Let's estimate if it is. */
      if (directory[filespeclen-1] != ']'
 	  && directory[filespeclen-1] != '>'
-            && directory[filespeclen - 1] != ':') {
+	  && directory[filespeclen-1] != ':')
+	{
 	  errno = EINVAL;
 	  return 0;
 	}

      filespeclen += 4;		/* "*.*;" */

-        if (filespeclen > NAMX_MAXRSS) {
+      if (filespeclen > NAMX_MAXRSS)
+	{
 	  errno = ENAMETOOLONG;
 	  return 0;
 	}

      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
-        if (*ctx == NULL) {
+      if (*ctx == NULL)
+	{
 	  errno = ENOMEM;
 	  return 0;
 	}
@ -138,32 +145,38 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
  status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
 			 &(*ctx)->VMS_context, 0, 0, 0, &flags);

-    if (status == RMS$_NMF) {
+  if (status == RMS$_NMF)
+    {
      errno = 0;
      vaxc$errno = status;
      return NULL;
    }

-    if (!$VMS_STATUS_SUCCESS(status)) {
+  if(!$VMS_STATUS_SUCCESS(status))
+    {
      errno = EVMSERR;
      vaxc$errno = status;
      return NULL;
    }

-    /*
-     * Quick, cheap and dirty way to discard any device and directory, since
-     * we only want file names
-     */
+  /* Quick, cheap and dirty way to discard any device and directory,
+     since we only want file names */
  l = (*ctx)->result_dsc.dsc$w_length;
  p = (*ctx)->result_dsc.dsc$a_pointer;
  r = p;
-    for (; *p; p++) {
-        if (*p == '^' && p[1] != '\0') { /* Take care of ODS-5 escapes */
+  for (; *p; p++)
+    {
+      if (*p == '^' && p[1] != '\0') /* Take care of ODS-5 escapes */
+	{
 	  p++;
-        } else if (*p == ':' || *p == '>' || *p == ']') {
+	}
+      else if (*p == ':' || *p == '>' || *p == ']')
+	{
 	  l -= p + 1 - r;
 	  r = p + 1;
-        } else if (*p == ';') {
+	}
+      else if (*p == ';')
+	{
 	  l = p - r;
 	  break;
 	}
@ -178,12 +191,14 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)

 int LP_find_file_end(LP_DIR_CTX **ctx)
 {
-    if (ctx != NULL && *ctx != NULL) {
+  if (ctx != NULL && *ctx != NULL)
+    {
      int status = lib$find_file_end(&(*ctx)->VMS_context);

      free(*ctx);

-        if (!$VMS_STATUS_SUCCESS(status)) {
+      if(!$VMS_STATUS_SUCCESS(status))
+	{
 	  errno = EVMSERR;
 	  vaxc$errno = status;
 	  return 0;
@ -193,3 +208,4 @@ int LP_find_file_end(LP_DIR_CTX **ctx)
  errno = EINVAL;
  return 0;
 }
+
--- a/crypto/LPdir_win.c
+++ b/crypto/LPdir_win.c
@ -29,11 +29,10 @@
 #include "LPdir.h"
 #endif

-/*
- * We're most likely overcautious here, but let's reserve for broken WinCE
- * headers and explicitly opt for UNICODE call. Keep in mind that our WinCE
- * builds are compiled with -DUNICODE [as well as -D_UNICODE].
- */
+/* We're most likely overcautious here, but let's reserve for
+    broken WinCE headers and explicitly opt for UNICODE call.
+    Keep in mind that our WinCE builds are compiled with -DUNICODE
+    [as well as -D_UNICODE]. */
 #if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
 # define FindFirstFile FindFirstFileW
 #endif
@ -45,7 +44,8 @@
 #define NAME_MAX 255
 #endif

-struct LP_dir_context_st {
+struct LP_dir_context_st
+{
  WIN32_FIND_DATA ctx;
  HANDLE handle;
  char entry_name[NAME_MAX+1];
@ -53,32 +53,38 @@ struct LP_dir_context_st {

 const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 {
-    if (ctx == NULL || directory == NULL) {
+  if (ctx == NULL || directory == NULL)
+    {
      errno = EINVAL;
      return 0;
    }

  errno = 0;
-    if (*ctx == NULL) {
+  if (*ctx == NULL)
+    {
      const char *extdir = directory;
      char *extdirbuf = NULL;
      size_t dirlen = strlen (directory);

-        if (dirlen == 0) {
+      if (dirlen == 0)
+	{
 	  errno = ENOENT;
 	  return 0;
 	}

      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
-        if (*ctx == NULL) {
+      if (*ctx == NULL)
+	{
 	  errno = ENOMEM;
 	  return 0;
 	}
      memset(*ctx, '\0', sizeof(LP_DIR_CTX));

-        if (directory[dirlen - 1] != '*') {
+      if (directory[dirlen-1] != '*')
+	{
 	  extdirbuf = (char *)malloc(dirlen + 3);
-            if (extdirbuf == NULL) {
+	  if (extdirbuf == NULL)
+	    {
 	      free(*ctx);
 	      *ctx = NULL;
 	      errno = ENOMEM;
@ -90,14 +96,17 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 	    extdir = strcat(strcpy (extdirbuf,directory),"*");
 	}

-        if (sizeof(TCHAR) != sizeof(char)) {
+      if (sizeof(TCHAR) != sizeof(char))
+	{
 	  TCHAR *wdir = NULL;
 	  /* len_0 denotes string length *with* trailing 0 */ 
 	  size_t index = 0,len_0 = strlen(extdir) + 1;

 	  wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR));
-            if (wdir == NULL) {
-                if (extdirbuf != NULL) {
+	  if (wdir == NULL)
+	    {
+	      if (extdirbuf != NULL)
+		{
 		  free (extdirbuf);
 		}
 	      free(*ctx);
@ -105,9 +114,9 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 	      errno = ENOMEM;
 	      return 0;
 	    }
+
 #ifdef LP_MULTIBYTE_AVAILABLE
-            if (!MultiByteToWideChar
-                (CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0))
+	  if (!MultiByteToWideChar(CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0))
 #endif
 	    for (index = 0; index < len_0; index++)
 	      wdir[index] = (TCHAR)extdir[index];
@ -115,40 +124,47 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 	  (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);

 	  free(wdir);
-        } else {
+	}
+      else
+	{
 	  (*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx);
 	}
-        if (extdirbuf != NULL) {
+      if (extdirbuf != NULL)
+	{
 	  free (extdirbuf);
 	}

-        if ((*ctx)->handle == INVALID_HANDLE_VALUE) {
+      if ((*ctx)->handle == INVALID_HANDLE_VALUE)
+	{
 	  free(*ctx);
 	  *ctx = NULL;
 	  errno = EINVAL;
 	  return 0;
 	}
-    } else {
-        if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE) {
+    }
+  else
+    {
+      if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE)
+	{
 	  return 0;
 	}
    }
-    if (sizeof(TCHAR) != sizeof(char)) {
+  if (sizeof(TCHAR) != sizeof(char))
+    {
      TCHAR *wdir = (*ctx)->ctx.cFileName;
      size_t index, len_0 = 0;

-        while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1))
-            len_0++;
+      while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1)) len_0++;
      len_0++;

 #ifdef LP_MULTIBYTE_AVAILABLE
-        if (!WideCharToMultiByte
-            (CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
+      if (!WideCharToMultiByte(CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
 			       sizeof((*ctx)->entry_name), NULL, 0))
 #endif
 	for (index = 0; index < len_0; index++)
 	  (*ctx)->entry_name[index] = (char)wdir[index];
-    } else
+    }
+  else
    strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
 	    sizeof((*ctx)->entry_name)-1);

@ -159,7 +175,8 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)

 int LP_find_file_end(LP_DIR_CTX **ctx)
 {
-    if (ctx != NULL && *ctx != NULL) {
+  if (ctx != NULL && *ctx != NULL)
+    {
      FindClose((*ctx)->handle);
      free(*ctx);
      *ctx = NULL;
--- a/crypto/LPdir_win32.c
+++ b/crypto/LPdir_win32.c
@ -1,7 +1,4 @@
-/*
- * $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
- * $
- */
+/* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
 /*
 * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
 * All rights reserved.
--- a/crypto/LPdir_wince.c
+++ b/crypto/LPdir_wince.c
@ -1,7 +1,4 @@
-/*
- * $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
- * $
- */
+/* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
 /*
 * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
 * All rights reserved.
@ -29,8 +26,6 @@
 */

 #define LP_SYS_WINCE
-/*
- * We might want to define LP_MULTIBYTE_AVAILABLE here.  It's currently under
- * investigation what the exact conditions would be
- */
+/* We might want to define LP_MULTIBYTE_AVAILABLE here.  It's currently
+   under investigation what the exact conditions would be */
 #include "LPdir_win.c"
--- a/crypto/Makefile
+++ b/crypto/Makefile
@ -55,7 +55,7 @@ top:
 all: shared

 buildinf.h: ../Makefile
-	$(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
+	$(PERL) $(TOP)/util/mkbuildinf.pl "$(CFLAGS)" "$(PLATFORM)" >buildinf.h

 x86cpuid.s:	x86cpuid.pl perlasm/x86asm.pl
 	$(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
@ -125,17 +125,12 @@ install:
 lint:
 	@target=lint; $(RECURSIVE_MAKE)

-update: local_depend
-	@[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) )
-	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
-depend: local_depend
-	@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
-	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-local_depend:
+depend:
 	@[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist
 	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 	@[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h
+	@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
+	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi

 clean:
 	rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--- a/crypto/aes/.cvsignore
+++ b/crypto/aes/.cvsignore
@ -0,0 +1,5 @@
+lib
+Makefile.save
+*.flc
+semantic.cache
+aes-*.s
--- a/crypto/aes/Makefile
+++ b/crypto/aes/Makefile
@ -106,8 +106,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
--- a/crypto/aes/aes.h
+++ b/crypto/aes/aes.h
@ -1,4 +1,4 @@
-/* crypto/aes/aes.h */
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@ -63,10 +63,8 @@
 #define AES_ENCRYPT	1
 #define AES_DECRYPT	0

-/*
- * Because array size can't be a const in C, the following two are macros.
- * Both sizes are in bytes.
- */
+/* Because array size can't be a const in C, the following two are macros.
+   Both sizes are in bytes. */
 #define AES_MAXNR 14
 #define AES_BLOCK_SIZE 16

--- a/crypto/aes/aes_cbc.c
+++ b/crypto/aes/aes_cbc.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_cbc.c */
+/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@ -54,13 +54,10 @@

 void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 		     size_t len, const AES_KEY *key,
-                     unsigned char *ivec, const int enc)
-{
+		     unsigned char *ivec, const int enc) {

 	if (enc)
-        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
-                              (block128_f) AES_encrypt);
+		CRYPTO_cbc128_encrypt(in,out,len,key,ivec,(block128_f)AES_encrypt);
 	else
-        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
-                              (block128_f) AES_decrypt);
+		CRYPTO_cbc128_decrypt(in,out,len,key,ivec,(block128_f)AES_decrypt);
 }
--- a/crypto/aes/aes_cfb.c
+++ b/crypto/aes/aes_cfb.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_cfb.c */
+/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
@ -52,19 +52,16 @@
 #include <openssl/aes.h>
 #include <openssl/modes.h>

-/*
- * The input and output encrypted as though 128bit cfb mode is being used.
- * The extra state information to record how much of the 128bit block we have
- * used is contained in *num;
+/* The input and output encrypted as though 128bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
 */

 void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
 	size_t length, const AES_KEY *key,
-                        unsigned char *ivec, int *num, const int enc)
-{
+	unsigned char *ivec, int *num, const int enc) {

-    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
-                          (block128_f) AES_encrypt);
+	CRYPTO_cfb128_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt);
 }

 /* N.B. This expects the input to be packed, MS bit first */
@ -72,14 +69,13 @@ void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
 		      size_t length, const AES_KEY *key,
 		      unsigned char *ivec, int *num, const int enc)
    {
-    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
-                            (block128_f) AES_encrypt);
+    CRYPTO_cfb128_1_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt);
    }

 void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
 		      size_t length, const AES_KEY *key,
 		      unsigned char *ivec, int *num, const int enc)
    {
-    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
-                            (block128_f) AES_encrypt);
+    CRYPTO_cfb128_8_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt);
    }
+
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c */
+/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
 /**
 * rijndael-alg-fst.c
 *
@ -40,7 +40,7 @@
 #include "aes_locl.h"

 #ifndef AES_ASM
-/*-
+/*
 Te0[x] = S [x].[02, 01, 01, 03];
 Te1[x] = S [x].[03, 02, 01, 01];
 Te2[x] = S [x].[01, 03, 02, 01];
@ -626,8 +626,7 @@ static const u32 rcon[] = {
 * Expand the cipher key into the encryption key schedule.
 */
 int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
-{
+			AES_KEY *key) {

 	u32 *rk;
   	int i = 0;
@ -728,8 +727,7 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 * Expand the cipher key into the decryption key schedule.
 */
 int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
-{
+			 AES_KEY *key) {

        u32 *rk;
 	int i, j, status;
@ -972,8 +970,7 @@ void AES_encrypt(const unsigned char *in, unsigned char *out,
 * in and out can overlap
 */
 void AES_decrypt(const unsigned char *in, unsigned char *out,
-                 const AES_KEY *key)
-{
+		 const AES_KEY *key) {

 	const u32 *rk;
 	u32 s0, s1, s2, s3, t0, t1, t2, t3;
@ -1130,31 +1127,31 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
 	 * map cipher state to byte array block:
 	 */
   	s0 =
-        ((u32)Td4[(t0 >> 24)       ] << 24) ^
-        ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t2 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t1      ) & 0xff])       ^
+   		(Td4[(t0 >> 24)       ] << 24) ^
+   		(Td4[(t3 >> 16) & 0xff] << 16) ^
+   		(Td4[(t2 >>  8) & 0xff] <<  8) ^
+   		(Td4[(t1      ) & 0xff])       ^
   		rk[0];
 	PUTU32(out     , s0);
   	s1 =
-        ((u32)Td4[(t1 >> 24)       ] << 24) ^
-        ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t3 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t2      ) & 0xff])       ^
+   		(Td4[(t1 >> 24)       ] << 24) ^
+   		(Td4[(t0 >> 16) & 0xff] << 16) ^
+   		(Td4[(t3 >>  8) & 0xff] <<  8) ^
+   		(Td4[(t2      ) & 0xff])       ^
   		rk[1];
 	PUTU32(out +  4, s1);
   	s2 =
-        ((u32)Td4[(t2 >> 24)       ] << 24) ^
-        ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t0 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t3      ) & 0xff])       ^
+   		(Td4[(t2 >> 24)       ] << 24) ^
+   		(Td4[(t1 >> 16) & 0xff] << 16) ^
+   		(Td4[(t0 >>  8) & 0xff] <<  8) ^
+   		(Td4[(t3      ) & 0xff])       ^
   		rk[2];
 	PUTU32(out +  8, s2);
   	s3 =
-        ((u32)Td4[(t3 >> 24)       ] << 24) ^
-        ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t1 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t0      ) & 0xff])       ^
+   		(Td4[(t3 >> 24)       ] << 24) ^
+   		(Td4[(t2 >> 16) & 0xff] << 16) ^
+   		(Td4[(t1 >>  8) & 0xff] <<  8) ^
+   		(Td4[(t0      ) & 0xff])       ^
   		rk[3];
 	PUTU32(out + 12, s3);
 }
@ -1205,8 +1202,7 @@ static const u32 rcon[] = {
 * Expand the cipher key into the encryption key schedule.
 */
 int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
-{
+			AES_KEY *key) {
 	u32 *rk;
   	int i = 0;
 	u32 temp;
@ -1233,10 +1229,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 		while (1) {
 			temp  = rk[3];
 			rk[4] = rk[0] ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 8) ^
-                ((u32)Te4[(temp >> 24)       ]) ^
+				(Te4[(temp >> 16) & 0xff] << 24) ^
+				(Te4[(temp >>  8) & 0xff] << 16) ^
+				(Te4[(temp      ) & 0xff] << 8) ^
+				(Te4[(temp >> 24)       ]) ^
 				rcon[i];
 			rk[5] = rk[1] ^ rk[4];
 			rk[6] = rk[2] ^ rk[5];
@ -1253,10 +1249,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 		while (1) {
 			temp = rk[ 5];
 			rk[ 6] = rk[ 0] ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 8) ^
-                ((u32)Te4[(temp >> 24)       ]) ^
+				(Te4[(temp >> 16) & 0xff] << 24) ^
+				(Te4[(temp >>  8) & 0xff] << 16) ^
+				(Te4[(temp      ) & 0xff] << 8) ^
+				(Te4[(temp >> 24)       ]) ^
 				rcon[i];
 			rk[ 7] = rk[ 1] ^ rk[ 6];
 			rk[ 8] = rk[ 2] ^ rk[ 7];
@ -1275,10 +1271,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 		while (1) {
 			temp = rk[ 7];
 			rk[ 8] = rk[ 0] ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 8) ^
-                ((u32)Te4[(temp >> 24)       ]) ^
+				(Te4[(temp >> 16) & 0xff] << 24) ^
+				(Te4[(temp >>  8) & 0xff] << 16) ^
+				(Te4[(temp      ) & 0xff] << 8) ^
+				(Te4[(temp >> 24)       ]) ^
 				rcon[i];
 			rk[ 9] = rk[ 1] ^ rk[ 8];
 			rk[10] = rk[ 2] ^ rk[ 9];
@ -1288,10 +1284,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 			}
 			temp = rk[11];
 			rk[12] = rk[ 4] ^
-                ((u32)Te4[(temp >> 24)       ] << 24) ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 16) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 8) ^
-                ((u32)Te4[(temp      ) & 0xff]);
+				(Te4[(temp >> 24)       ] << 24) ^
+				(Te4[(temp >> 16) & 0xff] << 16) ^
+				(Te4[(temp >>  8) & 0xff] << 8) ^
+				(Te4[(temp      ) & 0xff]);
 			rk[13] = rk[ 5] ^ rk[12];
 			rk[14] = rk[ 6] ^ rk[13];
 			rk[15] = rk[ 7] ^ rk[14];
@ -1306,8 +1302,7 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 * Expand the cipher key into the decryption key schedule.
 */
 int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
-{
+			 AES_KEY *key) {

        u32 *rk;
 	int i, j, status;
--- a/crypto/aes/aes_ctr.c
+++ b/crypto/aes/aes_ctr.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ctr.c */
+/* crypto/aes/aes_ctr.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@ -56,8 +56,6 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out,
 			size_t length, const AES_KEY *key,
 			unsigned char ivec[AES_BLOCK_SIZE],
 			unsigned char ecount_buf[AES_BLOCK_SIZE],
-                        unsigned int *num)
-{
-    CRYPTO_ctr128_encrypt(in, out, length, key, ivec, ecount_buf, num,
-                          (block128_f) AES_encrypt);
+			unsigned int *num) {
+	CRYPTO_ctr128_encrypt(in,out,length,key,ivec,ecount_buf,num,(block128_f)AES_encrypt);
 }
--- a/crypto/aes/aes_ecb.c
+++ b/crypto/aes/aes_ecb.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ecb.c */
+/* crypto/aes/aes_ecb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@ -60,8 +60,7 @@
 #include "aes_locl.h"

 void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
-                     const AES_KEY *key, const int enc)
-{
+		     const AES_KEY *key, const int enc) {

        assert(in && out && key);
 	assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
@ -71,3 +70,4 @@ void AES_ecb_encrypt(const unsigned char *in, unsigned char *out,
 	else
 		AES_decrypt(in, out, key);
 }
+
--- a/crypto/aes/aes_ige.c
+++ b/crypto/aes/aes_ige.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_ige.c */
+/* crypto/aes/aes_ige.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
 *
@ -89,22 +89,22 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,

 	len = length / AES_BLOCK_SIZE;

-    if (AES_ENCRYPT == enc) {
+	if (AES_ENCRYPT == enc)
+		{
 		if (in != out &&
-            (UNALIGNED_MEMOPS_ARE_FAST
-             || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
-             0)) {
+		    (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
+			{
 			aes_block_t *ivp = (aes_block_t *)ivec;
 			aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);

-            while (len) {
+			while (len)
+				{
 				aes_block_t *inp = (aes_block_t *)in;
 				aes_block_t *outp = (aes_block_t *)out;

 				for(n=0 ; n < N_WORDS; ++n)
 					outp->data[n] = inp->data[n] ^ ivp->data[n];
-                AES_encrypt((unsigned char *)outp->data,
-                            (unsigned char *)outp->data, key);
+				AES_encrypt((unsigned char *)outp->data, (unsigned char *)outp->data, key);
 				for(n=0 ; n < N_WORDS; ++n)
 					outp->data[n] ^= iv2p->data[n];
 				ivp = outp;
@ -115,7 +115,9 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
 				}
 			memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
 			memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
-        } else {
+			}
+		else
+			{
 			aes_block_t tmp, tmp2;
 			aes_block_t iv;
 			aes_block_t iv2;
@ -123,12 +125,12 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
 			load_block(iv, ivec);
 			load_block(iv2, ivec + AES_BLOCK_SIZE);

-            while (len) {
+			while (len)
+				{
 				load_block(tmp, in);
 				for(n=0 ; n < N_WORDS; ++n)
 					tmp2.data[n] = tmp.data[n] ^ iv.data[n];
-                AES_encrypt((unsigned char *)tmp2.data,
-                            (unsigned char *)tmp2.data, key);
+				AES_encrypt((unsigned char *)tmp2.data, (unsigned char *)tmp2.data, key);
 				for(n=0 ; n < N_WORDS; ++n)
 					tmp2.data[n] ^= iv2.data[n];
 				store_block(out, tmp2);
@ -141,23 +143,24 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
 			memcpy(ivec, iv.data, AES_BLOCK_SIZE);
 			memcpy(ivec + AES_BLOCK_SIZE, iv2.data, AES_BLOCK_SIZE);
 			}
-    } else {
+		}
+	else
+		{
 		if (in != out &&
-            (UNALIGNED_MEMOPS_ARE_FAST
-             || ((size_t)in | (size_t)out | (size_t)ivec) % sizeof(long) ==
-             0)) {
+		    (UNALIGNED_MEMOPS_ARE_FAST || ((size_t)in|(size_t)out|(size_t)ivec)%sizeof(long)==0))
+			{
 			aes_block_t *ivp = (aes_block_t *)ivec;
 			aes_block_t *iv2p = (aes_block_t *)(ivec + AES_BLOCK_SIZE);

-            while (len) {
+			while (len)
+				{
 				aes_block_t tmp;
 				aes_block_t *inp = (aes_block_t *)in;
 				aes_block_t *outp = (aes_block_t *)out;

 				for(n=0 ; n < N_WORDS; ++n)
 					tmp.data[n] = inp->data[n] ^ iv2p->data[n];
-                AES_decrypt((unsigned char *)tmp.data,
-                            (unsigned char *)outp->data, key);
+				AES_decrypt((unsigned char *)tmp.data, (unsigned char *)outp->data, key);
 				for(n=0 ; n < N_WORDS; ++n)
 					outp->data[n] ^= ivp->data[n];
 				ivp = inp;
@ -168,7 +171,9 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
 				}
 			memcpy(ivec, ivp->data, AES_BLOCK_SIZE);
 			memcpy(ivec + AES_BLOCK_SIZE, iv2p->data, AES_BLOCK_SIZE);
-        } else {
+			}
+		else
+			{
 			aes_block_t tmp, tmp2;
 			aes_block_t iv;
 			aes_block_t iv2;
@ -176,13 +181,13 @@ void AES_ige_encrypt(const unsigned char *in, unsigned char *out,
 			load_block(iv, ivec);
 			load_block(iv2, ivec + AES_BLOCK_SIZE);

-            while (len) {
+			while (len)
+				{
 				load_block(tmp, in);
 				tmp2 = tmp;
 				for(n=0 ; n < N_WORDS; ++n)
 					tmp.data[n] ^= iv2.data[n];
-                AES_decrypt((unsigned char *)tmp.data,
-                            (unsigned char *)tmp.data, key);
+				AES_decrypt((unsigned char *)tmp.data, (unsigned char *)tmp.data, key);
 				for(n=0 ; n < N_WORDS; ++n)
 					tmp.data[n] ^= iv.data[n];
 				store_block(out, tmp);
@ -223,16 +228,16 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
 	OPENSSL_assert((AES_ENCRYPT == enc)||(AES_DECRYPT == enc));
 	OPENSSL_assert((length%AES_BLOCK_SIZE) == 0);

-    if (AES_ENCRYPT == enc) {
-        /*
-         * XXX: Do a separate case for when in != out (strictly should check
-         * for overlap, too)
-         */
+	if (AES_ENCRYPT == enc)
+		{
+		/* XXX: Do a separate case for when in != out (strictly should
+		   check for overlap, too) */

 		/* First the forward pass */ 
 		iv = ivec;
 		iv2 = ivec + AES_BLOCK_SIZE;
-        while (len >= AES_BLOCK_SIZE) {
+		while (len >= AES_BLOCK_SIZE)
+			{
 			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
 				out[n] = in[n] ^ iv[n];
 			AES_encrypt(out, out, key);
@ -250,41 +255,35 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
 		iv = ivec + AES_BLOCK_SIZE*2;
 		iv2 = ivec + AES_BLOCK_SIZE*3;
 		len = length;
-        while (len >= AES_BLOCK_SIZE) {
+		while(len >= AES_BLOCK_SIZE)
+			{
 			out -= AES_BLOCK_SIZE;
-            /*
-             * XXX: reduce copies by alternating between buffers
-             */
+			/* XXX: reduce copies by alternating between buffers */
 			memcpy(tmp, out, AES_BLOCK_SIZE);
 			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
 				out[n] ^= iv[n];
-            /*
-             * hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE);
-             */
+			/*			hexdump(stdout, "out ^ iv", out, AES_BLOCK_SIZE); */
 			AES_encrypt(out, out, key);
-            /*
-             * hexdump(stdout,"enc", out, AES_BLOCK_SIZE);
-             */
-            /*
-             * hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE);
-             */
+			/*			hexdump(stdout,"enc", out, AES_BLOCK_SIZE); */
+			/*			hexdump(stdout,"iv2", iv2, AES_BLOCK_SIZE); */
 			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
 				out[n] ^= iv2[n];
-            /*
-             * hexdump(stdout,"out", out, AES_BLOCK_SIZE);
-             */
+			/*			hexdump(stdout,"out", out, AES_BLOCK_SIZE); */
 			iv = out;
 			memcpy(prev, tmp, AES_BLOCK_SIZE);
 			iv2 = prev;
 			len -= AES_BLOCK_SIZE;
 			}
-    } else {
+		}
+	else
+		{
 		/* First backwards */
 		iv = ivec + AES_BLOCK_SIZE*2;
 		iv2 = ivec + AES_BLOCK_SIZE*3;
 		in += length;
 		out += length;
-        while (len >= AES_BLOCK_SIZE) {
+		while (len >= AES_BLOCK_SIZE)
+			{
 			in -= AES_BLOCK_SIZE;
 			out -= AES_BLOCK_SIZE;
 			memcpy(tmp, in, AES_BLOCK_SIZE);
@ -304,7 +303,8 @@ void AES_bi_ige_encrypt(const unsigned char *in, unsigned char *out,
 		iv = ivec;
 		iv2 = ivec + AES_BLOCK_SIZE;
 		len = length;
-        while (len >= AES_BLOCK_SIZE) {
+		while (len >= AES_BLOCK_SIZE)
+			{
 			memcpy(tmp, out, AES_BLOCK_SIZE);
 			memcpy(tmp2, out, AES_BLOCK_SIZE);
 			for(n=0 ; n < AES_BLOCK_SIZE ; ++n)
--- a/crypto/aes/aes_locl.h
+++ b/crypto/aes/aes_locl.h
@ -1,4 +1,4 @@
-/* crypto/aes/aes.h */
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
--- a/Show More
+++ b/Show More