Prepare for 1.0.2-beta2 release

Reviewed-by: Stephen Henson <steve@openssl.org>
make update
2014-07-22 21:30:33 +01:00 · 2014-07-22 21:30:33 +01:00 · 2014-07-22 21:12:25 +01:00 · 2014-07-22 20:18:06 +02:00 · 2014-07-21 22:28:09 +01:00 · 2014-07-22 07:26:55 +10:00
1614 changed files with 344392 additions and 283779 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -0,0 +1,22 @@
+openssl.pc
+libcrypto.pc
+libssl.pc
+MINFO
+makefile.one
+tmp
+out
+outinc
+rehash.time
+testlog
+make.log
+maketest.log
+cctest
+cctest.c
+cctest.a
+*.flc
+semantic.cache
+Makefile
+*.dll*
+*.so*
+*.sl*
+*.dylib*
--- a/.gitignore
+++ b/.gitignore
@ -1,21 +1,24 @@
 # Object files
 *.o
-*.obj

 # editor artefacts
 *.swp
 .#*
 #*#
 *~
-/.dir-locals.el

 # Top level excludes
 /Makefile.bak
 /Makefile
+/MINFO
 /*.a
 /include
 /*.pc
 /rehash.time
+/inc.*
+/makefile.*
+/out.*
+/tmp.*

 # Most *.c files under test/ are symlinks
 /test/*.c
@ -49,21 +52,6 @@
 *.s
 !/crypto/bn/asm/pa-risc2.s
 !/crypto/bn/asm/pa-risc2W.s
-crypto/aes/asm/a_win32.asm
-crypto/bf/asm/b_win32.asm
-crypto/bn/asm/bn_win32.asm
-crypto/bn/asm/co_win32.asm
-crypto/bn/asm/mt_win32.asm
-crypto/cast/asm/c_win32.asm
-crypto/cpu_win32.asm
-crypto/des/asm/d_win32.asm
-crypto/des/asm/y_win32.asm
-crypto/md5/asm/m5_win32.asm
-crypto/rc4/asm/r4_win32.asm
-crypto/rc5/asm/r5_win32.asm
-crypto/ripemd/asm/rm_win32.asm
-crypto/sha/asm/s1_win32.asm
-crypto/sha/asm/sha512-sse2.asm

 # Executables
 /apps/openssl
@ -92,23 +80,3 @@ crypto/sha/asm/sha512-sse2.asm
 lib
 Makefile.save
 *.bak
-tags
-TAGS
-
-# Windows
-/tmp32
-/tmp32.dbg
-/tmp32dll
-/tmp32dll.dbg
-/out32
-/out32.dbg
-/out32dll
-/out32dll.dbg
-/inc32
-/MINFO
-ms/bcb.mak
-ms/libeay32.def
-ms/nt.mak
-ms/ntdll.mak
-ms/ssleay32.def
-ms/version32.rc
--- a/.travis-create-release.sh
+++ b/.travis-create-release.sh
@ -1,10 +0,0 @@
-#! /bin/sh
-
-# $1 is expected to be $TRAVIS_OS_NAME
-
-if [ "$1" == osx ]; then
-    make -f Makefile.org \
-	 DISTTARVARS="NAME=_srcdist TAR_COMMAND='\$\$(TAR) \$\$(TARFLAGS) -s \"|^|\$\$(NAME)/|\" -T \$\$(TARFILE).list -cvf -' TARFLAGS='-n' TARFILE=_srcdist.tar" SHELL='sh -vx' dist
-else
-    make -f Makefile.org DISTTARVARS='TARFILE=_srcdist.tar NAME=_srcdist' SHELL='sh -v' dist
-fi
--- a/.travis.yml
+++ b/.travis.yml
@ -1,60 +0,0 @@
-language: c
-
-addons:
-    apt_packages:
-        - binutils-mingw-w64
-        - gcc-mingw-w64
-
-os:
-    - linux
-    - osx
-
-compiler:
-    - clang
-    - gcc
-    - i686-w64-mingw32-gcc
-    - x86_64-w64-mingw32-gcc
-
-env:
-    - CONFIG_OPTS=""
-    - CONFIG_OPTS="shared"
-    - CONFIG_OPTS="-d --strict-warnings"
-
-matrix:
-    exclude:
-        - os: osx
-          compiler: i686-w64-mingw32-gcc
-        - os: osx
-          compiler: x86_64-w64-mingw32-gcc
-        - compiler: i686-w64-mingw32-gcc
-          env: CONFIG_OPTS="-d --strict-warnings"
-        - compiler: x86_64-w64-mingw32-gcc
-          env: CONFIG_OPTS="-d --strict-warnings"
-
-before_script:
-    - sh .travis-create-release.sh $TRAVIS_OS_NAME
-    - tar -xvzf _srcdist.tar.gz
-    - cd _srcdist
-    - if [ "$CC" == i686-w64-mingw32-gcc ]; then
-          export CROSS_COMPILE=${CC%%gcc}; unset CC;
-          ./Configure mingw $CONFIG_OPTS;
-      elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
-          export CROSS_COMPILE=${CC%%gcc}; unset CC;
-          ./Configure mingw64 $CONFIG_OPTS;
-      else
-          ./config $CONFIG_OPTS;
-      fi
-    - cd ..
-
-script:
-    - cd _srcdist
-    - make
-    - if [ -z "$CROSS_COMPILE" ]; then make test; fi
-    - cd ..
-
-notifications:
-    recipient:
-        - openssl-commits@openssl.org
-    email:
-        on_success: change
-        on_failure: always
--- a/32
+++ b/32
@ -1,2 +1,30 @@
-Please https://www.openssl.org/community/thanks.html for the current
-acknowledgements.
+The OpenSSL project depends on volunteer efforts and financial support from
+the end user community. That support comes in the form of donations and paid
+sponsorships, software support contracts, paid consulting services
+and commissioned software development.
+
+Since all these activities support the continued development and improvement
+of OpenSSL we consider all these clients and customers as sponsors of the
+OpenSSL project.
+
+We would like to identify and thank the following such sponsors for their past
+or current significant support of the OpenSSL project:
+
+Major support:
+
+	Qualys		http://www.qualys.com/
+
+Very significant support:
+
+	OpenGear:	http://www.opengear.com/
+
+Significant support:
+
+	PSW Group:	http://www.psw.net/
+	Acano Ltd.	http://acano.com/
+
+Please note that we ask permission to identify sponsors and that some sponsors
+we consider eligible for inclusion here have requested to remain anonymous.
+
+Additional sponsorship or financial support is always welcome: for more
+information please contact the OpenSSL Software Foundation.
--- a/1332
+++ b/1332
--- a/38
+++ b/38
@ -1,38 +0,0 @@
-HOW TO CONTRIBUTE TO OpenSSL
----------------------------
-
-Development is coordinated on the openssl-dev mailing list (see
-http://www.openssl.org for information on subscribing). If you
-would like to submit a patch, send it to rt@openssl.org with
-the string "[PATCH]" in the subject. Please be sure to include a
-textual explanation of what your patch does.
-
-You can also make GitHub pull requests. If you do this, please also send
-mail to rt@openssl.org with a brief description and a link to the PR so
-that we can more easily keep track of it.
-
-If you are unsure as to whether a feature will be useful for the general
-OpenSSL community please discuss it on the openssl-dev mailing list first.
-Someone may be already working on the same thing or there may be a good
-reason as to why that feature isn't implemented.
-
-Patches should be as up to date as possible, preferably relative to the
-current Git or the last snapshot. They should follow our coding style
-(see https://www.openssl.org/policies/codingstyle.html) and compile without
-warnings using the --strict-warnings flag.  OpenSSL compiles on many varied
-platforms: try to ensure you only use portable features.
-
-Our preferred format for patch files is "git format-patch" output. For example
-to provide a patch file containing the last commit in your local git repository
-use the following command:
-
-# git format-patch --stdout HEAD^ >mydiffs.patch
-
-Another method of creating an acceptable patch file without using git is as
-follows:
-
-# cd openssl-work
-# [your changes]
-# ./Configure dist; make clean
-# cd ..
-# diff -ur openssl-orig openssl-work > mydiffs.patch
--- a/266
+++ b/266
@ -58,10 +58,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta
 #		library and will be loaded in run-time by the OpenSSL library.
 # sctp          include SCTP support
 # 386           generate 80386 code
-# enable-weak-ssl-ciphers
-#		Enable EXPORT and LOW SSLv3 ciphers that are disabled by
-#		default.  Note, weak SSLv2 ciphers are unconditionally
-#		disabled.
 # no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
 # no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
 # -<xxx> +<xxx> compiler options are passed through 
@ -109,11 +105,6 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimenta

 my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";

-# Warn that "make depend" should be run?
-my $warn_make_depend = 0;
-
-my $clang_devteam_warn = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof -Qunused-arguments";
-
 my $strict_warnings = 0;

 my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
@ -137,19 +128,20 @@ my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:des-586.o crypt5

 my $x86_elf_asm="$x86_asm:elf";

-my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o modexp512-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o:";
+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:";
 my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
-my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o:des_enc-sparc.o fcrypt_b.o:aes_core.o aes_cbc.o aes-sparcv9.o:::sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o:::::::ghash-sparcv9.o::void";
+my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o:des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void";
 my $sparcv8_asm=":sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::::::void";
 my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o:::::sha1-alpha.o:::::::ghash-alpha.o::void";
-my $mips32_asm=":bn-mips.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o::::::::";
 my $mips64_asm=":bn-mips.o mips-mont.o::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
+my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\s*sha512\-mips\.o//;
 my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
-my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o::void";
+my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void";
+my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o:::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:";
 my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
 my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
-my $ppc32_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o::::::::";
-my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o::::::::";
+my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:";
+my $ppc32_asm=$ppc64_asm;
 my $no_asm=":::::::::::::::void";

 # As for $BSDthreads. Idea is to maintain "collective" set of flags,
@ -183,30 +175,30 @@ my %table=(
 "debug-ben-debug-64",	"gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-ben-macos",	"cc:$gcc_devteam_warn -arch i386 -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::-Wl,-search_paths_first::::",
 "debug-ben-macos-gcc46",	"gcc-mp-4.6:$gcc_devteam_warn -Wconversion -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -O3 -DL_ENDIAN -g3 -pipe::(unknown)::::::",
-"debug-ben-darwin64","cc:$gcc_devteam_warn -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-ben-darwin64","cc:$gcc_devteam_warn -g -Wno-language-extension-token -Wno-extended-offsetof -arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-ben-debug-64-clang",	"clang:$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-ben-no-opt",	"gcc: -Wall -Wmissing-prototypes -Wstrict-prototypes -Wmissing-declarations -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG -Werror -DL_ENDIAN -DTERMIOS -Wall -g3::(unknown)::::::",
 "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
 "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
 "debug-bodo",	"gcc:$gcc_devteam_warn -Wno-error=overlength-strings -DBN_DEBUG -DBN_DEBUG_RAND -DCONF_DEBUG -DBIO_PAIR_DEBUG -m64 -DL_ENDIAN -DTERMIO -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
 "debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -Wno-overlength-strings -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -ggdb -g3 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -ggdb -g3 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-geoff32","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-geoff64","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"debug-linux-x86_64-clang","clang: -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -g -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-ia32-aes", "gcc:-DAES_EXPERIMENTAL -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:x86cpuid.o:bn-586.o co-586.o x86-mont.o:des-586.o crypt586.o:aes_x86core.o aes_cbc.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o::ghash-x86.o::elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 "dist",		"cc:-O::(unknown)::::::",

 # Basic configs that should work on any (32 and less bit) box
@ -235,17 +227,17 @@ my %table=(
 "solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 
 #### Solaris x86 with Sun C setups
-"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",

 #### SPARC Solaris with GNU C setups
 "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"solaris-sparcv8-gcc","gcc:-mcpu=v8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
 "solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
 ####
-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=v8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### SPARC Solaris with Sun C setups
@ -262,20 +254,20 @@ my %table=(

 #### SunOS configs, assuming sparc for the gcc one.
 #"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
-"sunos-gcc","gcc:-O3 -mcpu=v8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
+"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",

 #### IRIX 5.x configs
 # -mips2 flag is added by ./config when appropriate.
-"irix-gcc","gcc:-O3 -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"irix-cc", "cc:-O2 -use_readonly_const -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 #### IRIX 6.x configs
 # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
 # './Configure irix-cc -o32' manually.
-"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
-"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips64_asm}:n32:dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
 # N64 ABI builds.
-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips64_asm}:64:dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",

 #### Unified HP-UX ANSI C configs.
 # Special notes:
@ -355,24 +347,33 @@ my %table=(
 ####
 # *-generic* is endian-neutral target, but ./config is free to
 # throw in -D[BL]_ENDIAN, whichever appropriate...
-"linux-generic32","gcc:-O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc",	"gcc:-DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc32_asm}:linux32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # It's believed that majority of ARM toolchains predefine appropriate -march.
 # If you compiler does not, do complement config command line with one!
-"linux-armv4",	"gcc:-O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-armv4",	"gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aarch64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${aarch64_asm}:linux64:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Configure script adds minimally required -march for assembly support,
+# if no -march was specified at command line. mips32 and mips64 below
+# refer to contemporary MIPS Architecture specifications, MIPS32 and
+# MIPS64, rather than to kernel bitness.
+"linux-mips32",	"gcc:-mabi=32 -DTERMIO -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-mips64",   "gcc:-mabi=n32 -DTERMIO -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:n32:dlfcn:linux-shared:-fPIC:-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::32",
+"linux64-mips64",   "gcc:-mabi=64 -DTERMIO -O3 -Wall -DBN_DIV3W::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips64_asm}:64:dlfcn:linux-shared:-fPIC:-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### IA-32 targets...
-"linux-ia32-icc",	"icc:-DL_ENDIAN -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-aout",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
+"linux-ia32-icc",	"icc:-DL_ENDIAN -DTERMIO -O2::-D_REENTRANT::-ldl -no_cpprt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out",
 ####
-"linux-generic64","gcc:-O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-ia64",	"gcc:-DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-ecc","ecc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-ia64-icc","icc:-DL_ENDIAN -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux-x86_64-clang","clang: -m64 -DL_ENDIAN -O3 -Wall -Qunused-arguments::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
-"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${ppc64_asm}:linux64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-ppc64le","gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:$ppc64_asm:linux64le:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::",
+"linux-ia64",	"gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_INT:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64",	"gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x86_64-icc", "icc:-DL_ENDIAN -DTERMIO -O2::-D_REENTRANT::-ldl -no_cpprt:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux-x32",	"gcc:-mx32 -DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:linux-shared:-fPIC:-mx32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::x32",
+"linux64-s390x",	"gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${s390x_asm}:64:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### So called "highgprs" target for z/Architecture CPUs
 # "Highgprs" is kernel feature first implemented in Linux 2.6.32, see
 # /proc/cpuinfo. The idea is to preserve most significant bits of
@ -386,16 +387,16 @@ my %table=(
 # ldconfig and run-time linker to autodiscover. Unfortunately it
 # doesn't work just yet, because of couple of bugs in glibc
 # sysdeps/s390/dl-procinfo.c affecting ldconfig and ld.so.1...
-"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
+"linux32-s390x",	"gcc:-m31 -Wa,-mzarch -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$s390x_asm;$asm=~s/bn\-s390x\.o/bn_asm.o/;$asm}.":31:dlfcn:linux-shared:-fPIC:-m31:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/highgprs",
 #### SPARC Linux setups
 # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
 # assisted with debugging of following two configs.
-"linux-sparcv8","gcc:-mcpu=v8 -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv8_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # it's a real mess with -mcpu=ultrasparc option under Linux, but
 # -Wa,-Av8plus should do the trick no matter what.
-"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # GCC 3.1 is a requirement
-"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${sparcv9_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::64",
 #### Alpha Linux with GNU C and Compaq C setups
 # Special notes:
 # - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
@ -409,30 +410,31 @@ my %table=(
 #
 #					<appro@fy.chalmers.se>
 #
-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
-"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",

-# Android: linux-* but without pointers to headers and libs.
+# Android: linux-* but without -DTERMIO and pointers to headers and libs.
 "android","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "android-x86","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:".eval{my $asm=${x86_elf_asm};$asm=~s/:elf/:android/;$asm}.":dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 "android-armv7","gcc:-march=armv7-a -mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${armv4_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### *BSD [do see comment about ${BSDthreads} above!]
-"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-sparcv8",	"gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86-elf",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparcv8",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

-"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
 # simply *happens* to work around a compiler bug in gcc 3.3.3,
 # triggered by RIPEMD160 code.
-"BSD-sparc64",	"gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-ia64",	"gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"BSD-x86_64",	"gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparc64",	"gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-ia64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86_64",	"gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

@ -444,8 +446,8 @@ my %table=(

 # QNX
 "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
-"QNX6",       "gcc:::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"QNX6-i386",  "gcc:-DL_ENDIAN -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"QNX6",       "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"QNX6-i386",  "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 # BeOS
 "beos-x86-r5",   "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -mcpu=pentium -Wall::-D_REENTRANT:BEOS:-lbe -lnet:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:beos:beos-shared:-fPIC -DPIC:-shared:.so",
@ -465,11 +467,11 @@ my %table=(
 # UnixWare 2.0x fails destest with -O.
 "unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
 "unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
-"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}-1:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
 # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc.
-"sco5-cc",  "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"sco5-cc",  "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}-1:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",

 #### IBM's AIX.
 "aix3-cc",  "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
@ -518,7 +520,7 @@ my %table=(
 "SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",

 # SIEMENS BS2000/OSD: an EBCDIC-based mainframe
-"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",

 # OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
 # You need to compile using the c89.sh wrapper in the tools directory, because the
@ -560,6 +562,7 @@ my %table=(
 # Cygwin
 "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
 "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:coff:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+"Cygwin-x86_64", "gcc:-DTERMIOS -DL_ENDIAN -O3 -Wall:::CYGWIN32::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:mingw64:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
 "debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",

 # NetWare from David Ward (dsward@novell.com)
@ -578,7 +581,7 @@ my %table=(
 "netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",

 # DJGPP
-"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIO -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:",

 # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
 "ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
@ -592,7 +595,8 @@ my %table=(
 "darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc64_asm}:osx64:dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:".eval{my $asm=$x86_asm;$asm=~s/cast\-586\.o//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_INT RC4_CHUNK DES_UNROLL BF_PTR:${x86_asm}:macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
-"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin64-x86_64-cc","cc:-arch x86_64 -ggdb -g2 -O0 -DL_ENDIAN -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:".eval{my $asm=$x86_64_asm;$asm=~s/rc4\-[^:]+//;$asm}.":macosx:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 "debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${ppc32_asm}:osx32:dlfcn:darwin-shared:-fPIC:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
 # iPhoneOS/iOS
 "iphoneos-cross","llvm-gcc:-O3 -isysroot \$(CROSS_TOP)/SDKs/\$(CROSS_SDK) -fomit-frame-pointer -fno-common::-D_REENTRANT:iOS:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
@ -604,7 +608,7 @@ my %table=(
 "newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",

 ##### GNU Hurd
-"hurd-x86",  "gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+"hurd-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",

 ##### OS/2 EMX
 "OS2-EMX", "gcc::::::::",
@ -725,15 +729,14 @@ my %disabled = ( # "what"         => "comment" [or special keyword "experimental
 		 "ec_nistp_64_gcc_128" => "default",
 		 "gmp"		  => "default",
 		 "jpake"          => "experimental",
+		 "libunbound"     => "experimental",
 		 "md2"            => "default",
 		 "rc5"            => "default",
 		 "rfc3779"	  => "default",
 		 "sctp"       => "default",
 		 "shared"         => "default",
-		 "ssl2"           => "default",
+		 "ssl-trace"	  => "default",
 		 "store"	  => "experimental",
-		 "unit-test"	  => "default",
-		 "weak-ssl-ciphers" => "default",
 		 "zlib"           => "default",
 		 "zlib-dynamic"   => "default"
 	       );
@ -741,7 +744,7 @@ my @experimental = ();

 # This is what $depflags will look like with the above defaults
 # (we need this to see if we should advise the user to run "make depend"):
-my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
+my $default_depflags = " -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_LIBUNBOUND -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE";

 # Explicit "no-..." options will be collected in %disabled along with the defaults.
 # To remove something from %disabled, use "enable-foo" (unless it's experimental).
@ -817,11 +820,6 @@ PROCESS_ARGS:
 					{
 					$disabled{"tls1"} = "option(tls)"
 					}
-				elsif ($1 eq "ssl3-method")
-					{
-					$disabled{"ssl3-method"} = "option(ssl)";
-					$disabled{"ssl3"} = "option(ssl)";
-					}
 				else
 					{
 					$disabled{$1} = "option";
@ -886,16 +884,7 @@ PROCESS_ARGS:
 			}
 		elsif (/^[-+]/)
 			{
-			if (/^-[lL](.*)$/ or /^-Wl,/)
-				{
-				$libs.=$_." ";
-				}
-			elsif (/^-[^-]/ or /^\+/)
-				{
-				$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
-				$flags.=$_." ";
-				}
-			elsif (/^--prefix=(.*)$/)
+			if (/^--prefix=(.*)$/)
 				{
 				$prefix=$1;
 				}
@ -939,10 +928,14 @@ PROCESS_ARGS:
 				{
 				$cross_compile_prefix=$1;
 				}
-			else
+			elsif (/^-[lL](.*)$/ or /^-Wl,/)
 				{
-				print STDERR $usage;
-				exit(1);
+				$libs.=$_." ";
+				}
+			else	# common if (/^[-+]/), just pass down...
+				{
+				$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
+				$flags.=$_." ";
 				}
 			}
 		elsif ($_ =~ /^([^:]+):(.+)$/)
@ -1222,6 +1215,12 @@ if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
 	$shared_ldflag =~ s/\-mno\-cygwin\s*//;
 	}

+if ($target =~ /linux.*\-mips/ && !$no_asm && $flags !~ /\-m(ips|arch=)/) {
+	# minimally required architecture flags for assembly modules
+	$cflags="-mips2 $cflags" if ($target =~ /mips32/);
+	$cflags="-mips3 $cflags" if ($target =~ /mips64/);
+}
+
 my $no_shared_warn=0;
 my $no_user_cflags=0;

@ -1429,6 +1428,7 @@ if ($target =~ /\-icc$/)	# Intel C compiler
 		}
 	if ($iccver>=8)
 		{
+		$cflags=~s/\-KPIC/-fPIC/;
 		# Eliminate unnecessary dependency from libirc.a. This is
 		# essential for shared library support, as otherwise
 		# apps/openssl can end up in endless loop upon startup...
@ -1436,12 +1436,17 @@ if ($target =~ /\-icc$/)	# Intel C compiler
 		}
 	if ($iccver>=9)
 		{
-		$cflags.=" -i-static";
-		$cflags=~s/\-no_cpprt/-no-cpprt/;
+		$lflags.=" -i-static";
+		$lflags=~s/\-no_cpprt/-no-cpprt/;
 		}
 	if ($iccver>=10)
 		{
-		$cflags=~s/\-i\-static/-static-intel/;
+		$lflags=~s/\-i\-static/-static-intel/;
+		}
+	if ($iccver>=11)
+		{
+		$cflags.=" -no-intel-extensions";	# disable Cilk
+		$lflags=~s/\-no\-cpprt/-no-cxxlib/;
 		}
 	}

@ -1455,7 +1460,7 @@ if ($target =~ /\-icc$/)	# Intel C compiler
 # linker only when --prefix is not /usr.
 if ($target =~ /^BSD\-/)
 	{
-	$shared_ldflag.=" -Wl,-rpath,\$\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
+	$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
 	}

 if ($sys_id ne "")
@ -1522,7 +1527,7 @@ if ($rmd160_obj =~ /\.o$/)
 	}
 if ($aes_obj =~ /\.o$/)
 	{
-	$cflags.=" -DAES_ASM";
+	$cflags.=" -DAES_ASM" if ($aes_obj =~ m/\baes\-/);;
 	# aes-ctr.o is not a real file, only indication that assembler
 	# module implements AES_ctr32_encrypt...
 	$cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
@ -1544,7 +1549,7 @@ else	{
 	$wp_obj="wp_block.o";
 	}
 $cmll_obj=$cmll_enc	unless ($cmll_obj =~ /.o$/);
-if ($modes_obj =~ /ghash/)
+if ($modes_obj =~ /ghash\-/)
 	{
 	$cflags.=" -DGHASH_ASM";
 	}
@ -1587,20 +1592,11 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)

 if ($strict_warnings)
 	{
-	my $ecc = $cc;
-	$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
 	my $wopt;
-	die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
+	die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/);
 	foreach $wopt (split /\s+/, $gcc_devteam_warn)
 		{
-		$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
-		}
-	if ($ecc eq "clang")
-		{
-		foreach $wopt (split /\s+/, $clang_devteam_warn)
-			{
-			$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
-			}
+		$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
 		}
 	}

@ -1794,9 +1790,6 @@ open(OUT,'>crypto/opensslconf.h.new') || die "unable to create crypto/opensslcon
 print OUT "/* opensslconf.h */\n";
 print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";

-print OUT "#ifdef  __cplusplus\n";
-print OUT "extern \"C\" {\n";
-print OUT "#endif\n";
 print OUT "/* OpenSSL was configured with the following options: */\n";
 my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
 $openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n#  define OPENSSL_NO_$1\n# endif\n#endif/mg;
@ -1901,9 +1894,6 @@ while (<IN>)
 		{ print OUT $_; }
 	}
 close(IN);
-print OUT "#ifdef  __cplusplus\n";
-print OUT "}\n";
-print OUT "#endif\n";
 close(OUT);
 rename("crypto/opensslconf.h","crypto/opensslconf.h.bak") || die "unable to rename crypto/opensslconf.h\n" if -e "crypto/opensslconf.h";
 rename("crypto/opensslconf.h.new","crypto/opensslconf.h") || die "unable to rename crypto/opensslconf.h.new\n";
@ -1962,7 +1952,13 @@ EOF
 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
 	}
 	if ($depflags ne $default_depflags && !$make_depend) {
-            $warn_make_depend++;
+		print <<EOF;
+
+Since you've disabled or enabled at least one algorithm, you need to do
+the following before building:
+
+	make depend
+EOF
 	}
 }

@ -2042,18 +2038,12 @@ EOF

 print <<\EOF if ($no_shared_warn);

-You gave the option 'shared', which is not supported on this platform, so
-we will pretend you gave the option 'no-shared'.  If you know how to implement
-shared libraries, please let us know (but please first make sure you have
-tried with a current version of OpenSSL).
-EOF
-
-print <<EOF if ($warn_make_depend);
-
-*** Because of configuration changes, you MUST do the following before
-*** building:
-
-	make depend
+You gave the option 'shared'.  Normally, that would give you shared libraries.
+Unfortunately, the OpenSSL configuration doesn't include shared library support
+for this platform yet, so it will pretend you gave the option 'no-shared'.  If
+you can inform the developpers (openssl-dev\@openssl.org) how to support shared
+libraries on this platform, they will at least look at it and try their best
+(but please first make sure you have tried with a current version of OpenSSL).
 EOF

 exit(0);
--- a/1055
+++ b/1055
--- a/8
+++ b/8
@ -0,0 +1,8 @@
+#!/bin/sh
+
+BRANCH=`git rev-parse --abbrev-ref HEAD`
+
+./Configure $@ no-symlinks
+make files
+util/mk1mf.pl OUT=out.$BRANCH TMP=tmp.$BRANCH INC=inc.$BRANCH copy > makefile.$BRANCH
+make -f makefile.$BRANCH init
--- a/5
+++ b/5
@ -0,0 +1,5 @@
+#!/bin/sh
+
+BRANCH=`git rev-parse --abbrev-ref HEAD`
+
+make -f makefile.$BRANCH $@
--- a/8
+++ b/8
@ -164,10 +164,10 @@
     standard headers).  If it is a problem with OpenSSL itself, please
     report the problem to <openssl-bugs@openssl.org> (note that your
     message will be recorded in the request tracker publicly readable
-     at https://www.openssl.org/community/index.html#bugs and will be
-     forwarded to a public mailing list). Include the output of "make
-     report" in your message.  Please check out the request tracker. Maybe
-     the bug was already reported or has already been fixed.
+     via http://www.openssl.org/support/rt.html and will be forwarded to a
+     public mailing list). Include the output of "make report" in your message.
+     Please check out the request tracker. Maybe the bug was already
+     reported or has already been fixed.

     [If you encounter assembler error messages, try the "no-asm"
     configuration option as an immediate fix.]
--- a/2
+++ b/2
@ -12,7 +12,7 @@
  ---------------

 /* ====================================================================
- * Copyright (c) 1998-2016 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
--- a/MacOS/GetHTTPS.src/MacSocket.h
+++ b/MacOS/GetHTTPS.src/MacSocket.h
@ -5,98 +5,97 @@
 extern "C" {
 #endif

-enum {
+
+
+enum
+{
 	kMacSocket_TimeoutErr = -2
 };

+
 //	Since MacSocket does busy waiting, I do a callback while waiting

 typedef OSErr (*MacSocket_IdleWaitCallback)(void *);

+
 //	Call this before anything else!

 OSErr MacSocket_Startup(void);

+
 //	Call this to cleanup before quitting

 OSErr MacSocket_Shutdown(void);

-// Call this to allocate a "socket" (reference number is returned in
-// outSocketNum)
-// Note that inDoThreadSwitching is pretty much irrelevant right now, since I
-// ignore it
+
+//	Call this to allocate a "socket" (reference number is returned in outSocketNum)
+//	Note that inDoThreadSwitching is pretty much irrelevant right now, since I ignore it
 //	The inTimeoutTicks parameter is applied during reads/writes of data
-// The inIdleWaitCallback parameter specifies a callback which is called
-// during busy-waiting periods
+//	The inIdleWaitCallback parameter specifies a callback which is called during busy-waiting periods
 //	The inUserRefPtr parameter is passed back to the idle-wait callback

-OSErr MacSocket_socket(int *outSocketNum, const Boolean inDoThreadSwitching,
-                       const long inTimeoutTicks,
-                       MacSocket_IdleWaitCallback inIdleWaitCallback,
-                       void *inUserRefPtr);
+OSErr MacSocket_socket(int *outSocketNum,const Boolean inDoThreadSwitching,const long inTimeoutTicks,MacSocket_IdleWaitCallback inIdleWaitCallback,void *inUserRefPtr);
+

 //	Call this to connect to an IP/DNS address
-// Note that inTargetAddressAndPort is in "IP:port" format-- e.g.
-// 10.1.1.1:123
+//	Note that inTargetAddressAndPort is in "IP:port" format-- e.g. 10.1.1.1:123

 OSErr MacSocket_connect(const int inSocketNum,char *inTargetAddressAndPort);

+
 //	Call this to listen on a port
-// Since this a low-performance implementation, I allow a maximum of 1 (one!)
-// incoming request when I listen
+//	Since this a low-performance implementation, I allow a maximum of 1 (one!) incoming request when I listen

 OSErr MacSocket_listen(const int inSocketNum,const int inPortNum);

+
 //	Call this to close a socket

 OSErr MacSocket_close(const int inSocketNum);

-// Call this to receive data on a socket
-// Most parameters' purpose are obvious-- except maybe "inBlock" which
-// controls whether I wait for data or return immediately

-int MacSocket_recv(const int inSocketNum, void *outBuff, int outBuffLength,
-                   const Boolean inBlock);
+//	Call this to receive data on a socket
+//	Most parameters' purpose are obvious-- except maybe "inBlock" which controls whether I wait for data or return immediately
+
+int MacSocket_recv(const int inSocketNum,void *outBuff,int outBuffLength,const Boolean inBlock);
+

 //	Call this to send data on a socket

-int MacSocket_send(const int inSocketNum, const void *inBuff,
-                   int inBuffLength);
+int MacSocket_send(const int inSocketNum,const void *inBuff,int inBuffLength);

-// If zero bytes were read in a call to MacSocket_recv(), it may be that the
-// remote end has done a half-close
+
+//	If zero bytes were read in a call to MacSocket_recv(), it may be that the remote end has done a half-close
 //	This function will let you check whether that's true or not

 Boolean MacSocket_RemoteEndIsClosing(const int inSocketNum);

-// Call this to see if the listen has completed after a call to
-// MacSocket_listen()
+
+//	Call this to see if the listen has completed after a call to MacSocket_listen()

 Boolean MacSocket_ListenCompleted(const int inSocketNum);

+
 //	These really aren't very useful anymore

 Boolean MacSocket_LocalEndIsOpen(const int inSocketNum);
 Boolean MacSocket_RemoteEndIsOpen(const int inSocketNum);

-// You may wish to change the userRefPtr for a socket callback-- use this to
-// do it
+
+//	You may wish to change the userRefPtr for a socket callback-- use this to do it

 void MacSocket_SetUserRefPtr(const int inSocketNum,void *inNewRefPtr);

+
 //	Call these to get the socket's IP:port descriptor

-void MacSocket_GetLocalIPAndPort(const int inSocketNum, char *outIPAndPort,
-                                 const int inIPAndPortLength);
-void MacSocket_GetRemoteIPAndPort(const int inSocketNum, char *outIPAndPort,
-                                  const int inIPAndPortLength);
+void MacSocket_GetLocalIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength);
+void MacSocket_GetRemoteIPAndPort(const int inSocketNum,char *outIPAndPort,const int inIPAndPortLength);
+

 //	Call this to get error info from a socket

-void MacSocket_GetSocketErrorInfo(const int inSocketNum,
-                                  int *outSocketErrCode,
-                                  char *outSocketErrString,
-                                  const int inSocketErrStringMaxLength);
+void MacSocket_GetSocketErrorInfo(const int inSocketNum,int *outSocketErrCode,char *outSocketErrString,const int inSocketErrStringMaxLength);


 #ifdef __cplusplus
--- a/MacOS/Randomizer.h
+++ b/MacOS/Randomizer.h
@ -4,7 +4,8 @@

 #include <MacTypes.h>

-class CRandomizer {
+class CRandomizer
+{
 public:
 	CRandomizer (void);
 	void PeriodicAction (void);
--- a/MacOS/opensslconf.h
+++ b/MacOS/opensslconf.h
@ -21,11 +21,9 @@

 #if defined(HEADER_RC4_H)
 #if !defined(RC4_INT)
+/* using int types make the structure larger but make the code faster
+ * on most boxes I have tested - up to %20 faster. */
 /*
- * using int types make the structure larger but make the code faster on most
- * boxes I have tested - up to %20 faster.
- */
-/*-
 * I don't know what does "most" mean, but declaring "int" is a must on:
 * - Intel P6 because partial register stalls are very expensive;
 * - elder Alpha because it lacks byte load/store instructions;
@ -42,10 +40,8 @@
 #endif

 #if defined(HEADER_DES_H) && !defined(DES_LONG)
-/*
- * If this is set to 'unsigned int' on a DEC Alpha, this gives about a %20
- * speed up (longs are 8 bytes, int's are 4).
- */
+/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
+ * %20 speed up (longs are 8 bytes, int's are 4). */
 #ifndef DES_LONG
 #define DES_LONG unsigned long
 #endif
@ -62,10 +58,9 @@
 /* Should we define BN_DIV2W here? */

 /* Only one for the following should be defined */
-/*
- * The prime number generation stuff may not work when EIGHT_BIT but I don't
- * care since I've only used this mode for debuging the bignum libraries
- */
+/* The prime number generation stuff may not work when
+ * EIGHT_BIT but I don't care since I've only used this mode
+ * for debuging the bignum libraries */
 #undef SIXTY_FOUR_BIT_LONG
 #undef SIXTY_FOUR_BIT
 #define THIRTY_TWO_BIT
@ -75,10 +70,8 @@

 #if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
 #define CONFIG_HEADER_RC4_LOCL_H
-/*
- * if this is defined data[i] is used instead of *data, this is a %20 speedup
- * on x86
- */
+/* if this is defined data[i] is used instead of *data, this is a %20
+ * speedup on x86 */
 #undef RC4_INDEX
 #endif

@ -89,19 +82,15 @@

 #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
 #define CONFIG_HEADER_DES_LOCL_H
-/*
- * the following is tweaked from a config script, that is why it is a
- * protected undef/define
- */
+/* the following is tweaked from a config script, that is why it is a
+ * protected undef/define */
 #ifndef DES_PTR
 #define DES_PTR
 #endif

-/*
- * This helps C compiler generate the correct code for multiple functional
+/* This helps C compiler generate the correct code for multiple functional
 * units.  It reduces register dependancies at the expense of 2 more
- * registers
- */
+ * registers */
 #ifndef DES_RISC1
 #define DES_RISC1
 #endif
@ -113,14 +102,15 @@
 #if defined(DES_RISC1) && defined(DES_RISC2)
 YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
 #endif
-/*
- * Unroll the inner loop, this sometimes helps, sometimes hinders. Very mucy
- * CPU dependant
- */
+
+/* Unroll the inner loop, this sometimes helps, sometimes hinders.
+ * Very mucy CPU dependant */
 #ifndef DES_UNROLL
 #define DES_UNROLL
 #endif
+
 #endif /* HEADER_DES_LOCL_H */
+
 #ifndef __POWERPC__
 #define MD32_XARRAY
 #endif
--- a/Makefile.org
+++ b/Makefile.org
@ -69,7 +69,7 @@ RANLIB= ranlib
 NM= nm
 PERL= perl
 TAR= tar
-TARFLAGS= --no-recursion --record-size=10240
+TARFLAGS= --no-recursion
 MAKEDEPPROG=makedepend
 LIBDIR=lib

@ -179,11 +179,12 @@ SHARED_LDFLAGS=
 GENERAL=        Makefile
 BASENAME=       openssl
 NAME=           $(BASENAME)-$(VERSION)
-TARFILE=        ../$(NAME).tar
+TARFILE=        $(NAME).tar
+WTARFILE=       $(NAME)-win.tar
 EXHEADER=       e_os2.h
 HEADER=         e_os.h

-all: Makefile build_all
+all: Makefile build_all openssl.pc libssl.pc libcrypto.pc

 # as we stick to -e, CLEARENV ensures that local variables in lower
 # Makefiles remain local and variable. $${VAR+VAR} is tribute to Korn
@ -267,25 +268,21 @@ reflect:
 	@[ -n "$(THIS)" ] && $(CLEARENV) && $(MAKE) $(THIS) -e $(BUILDENV)

 sub_all: build_all
-
 build_all: build_libs build_apps build_tests build_tools

-build_libs: build_libcrypto build_libssl openssl.pc
-
-build_libcrypto: build_crypto build_engines libcrypto.pc
-build_libssl: build_ssl libssl.pc
+build_libs: build_crypto build_ssl build_engines

 build_crypto:
 	@dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl: build_crypto
+build_ssl:
 	@dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines: build_crypto
+build_engines:
 	@dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps: build_libs
+build_apps:
 	@dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests: build_libs
+build_tests:
 	@dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools: build_libs
+build_tools:
 	@dir=tools; target=all; $(BUILD_ONE_CMD)

 all_testapps: build_libs build_testapps
@ -329,7 +326,7 @@ clean-shared:
 			done; \
 		fi; \
 		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
-		if [ "$(PLATFORM)" = "Cygwin" ]; then \
+		if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
 			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
 		fi; \
 	done
@ -378,11 +375,11 @@ libssl.pc: Makefile
 	    echo 'libdir=$${exec_prefix}/$(LIBDIR)'; \
 	    echo 'includedir=$${prefix}/include'; \
 	    echo ''; \
-	    echo 'Name: OpenSSL'; \
+	    echo 'Name: OpenSSL-libssl'; \
 	    echo 'Description: Secure Sockets Layer and cryptography libraries'; \
 	    echo 'Version: '$(VERSION); \
-	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
+	    echo 'Requires.private: libcrypto'; \
+	    echo 'Libs: -L$${libdir} -lssl'; \
 	    echo 'Libs.private: $(EX_LIBS)'; \
 	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > libssl.pc

@ -395,10 +392,7 @@ openssl.pc: Makefile
 	    echo 'Name: OpenSSL'; \
 	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
 	    echo 'Version: '$(VERSION); \
-	    echo 'Requires: '; \
-	    echo 'Libs: -L$${libdir} -lssl -lcrypto'; \
-	    echo 'Libs.private: $(EX_LIBS)'; \
-	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+	    echo 'Requires: libssl libcrypto' ) > openssl.pc

 Makefile: Makefile.org Configure config
 	@echo "Makefile is older than Makefile.org, Configure or config."
@ -462,9 +456,6 @@ tests: rehash
 report:
 	@$(PERL) util/selftest.pl

-update: errors stacks util/libeay.num util/ssleay.num TABLE
-	@set -e; target=update; $(RECURSIVE_BUILD_CMD)
-
 depend:
 	@set -e; target=depend; $(RECURSIVE_BUILD_CMD)

@ -489,44 +480,60 @@ util/libeay.num::
 util/ssleay.num::
 	$(PERL) util/mkdef.pl ssl update

+crypto/objects/obj_dat.h: crypto/objects/obj_dat.pl crypto/objects/obj_mac.h
+	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num
+	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+crypto/objects/obj_xref.h: crypto/objects/objxref.pl crypto/objects/obj_xref.txt crypto/objects/obj_mac.num
+	$(PERL) crypto/objects/objxref.pl crypto/objects/obj_mac.num crypto/objects/obj_xref.txt >crypto/objects/obj_xref.h
+
+apps/openssl-vms.cnf: apps/openssl.cnf
+	$(PERL) VMS/VMSify-conf.pl < apps/openssl.cnf > apps/openssl-vms.cnf
+
+crypto/bn/bn_prime.h: crypto/bn/bn_prime.pl
+	$(PERL) crypto/bn/bn_prime.pl >crypto/bn/bn_prime.h
+
+
 TABLE: Configure
 	(echo 'Output of `Configure TABLE'"':"; \
 	$(PERL) Configure TABLE) > TABLE

+update: errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h crypto/objects/obj_xref.h apps/openssl-vms.cnf crypto/bn/bn_prime.h TABLE depend
+
 # Build distribution tar-file. As the list of files returned by "find" is
 # pretty long, on several platforms a "too many arguments" error or similar
 # would occur. Therefore the list of files is temporarily stored into a file
 # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
 # tar does not support the --files-from option.
-TAR_COMMAND=$(TAR) $(TARFLAGS) --files-from $(TARFILE).list \
-	                       --owner 0 --group 0 \
-			       --transform 's|^|$(NAME)/|' \
-			       -cvf -
-
-$(TARFILE).list:
-	find * \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \
-	       \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \
-	       \( \! -name '*test' -o -name bctest -o -name pod2mantest \) \
-	       \! -name '.#*' \! -name '*~' \! -type l \
-	    | sort > $(TARFILE).list
-
-tar: $(TARFILE).list
+tar:
 	find . -type d -print | xargs chmod 755
 	find . -type f -print | xargs chmod a+r
 	find . -type f -perm -0100 -print | xargs chmod a+x
-	$(TAR_COMMAND) | gzip --best > $(TARFILE).gz
-	rm -f $(TARFILE).list
-	ls -l $(TARFILE).gz
+	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+	tardy --user_number=0  --user_name=openssl \
+	      --group_number=0 --group_name=openssl \
+	      --prefix=openssl-$(VERSION) - |\
+	gzip --best >../$(TARFILE).gz; \
+	rm -f ../$(TARFILE).list; \
+	ls -l ../$(TARFILE).gz

-tar-snap: $(TARFILE).list
-	$(TAR_COMMAND) > $(TARFILE)
-	rm -f $(TARFILE).list
-	ls -l $(TARFILE)
+tar-snap:
+	@$(TAR) $(TARFLAGS) -cvf - \
+		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE \! -name '*.o' \! -name '*.a' \! -name '*.so' \! -name '*.so.*'  \! -name 'openssl' \! -name '*test' \! -name '.#*' \! -name '*~' | sort` |\
+	tardy --user_number=0  --user_name=openssl \
+	      --group_number=0 --group_name=openssl \
+	      --prefix=openssl-$(VERSION) - > ../$(TARFILE);\
+	ls -l ../$(TARFILE)

 dist:   
 	$(PERL) Configure dist
+	@$(MAKE) dist_pem_h
 	@$(MAKE) SDIRS='$(SDIRS)' clean
-	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' $(DISTTARVARS) tar
+	@$(MAKE) TAR='$(TAR)' TARFLAGS='$(TARFLAGS)' tar
+
+dist_pem_h:
+	(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)

 install: all install_docs install_sw

@ -561,11 +568,7 @@ install_sw:
 		do \
 			if [ -f "$$i" -o -f "$$i.a" ]; then \
 			(       echo installing $$i; \
-				if [ "$(PLATFORM)" != "Cygwin" ]; then \
-					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
-					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
-				else \
+				if expr "$(PLATFORM)" : "Cygwin" >/dev/null; then \
 					c=`echo $$i | sed 's/^lib\(.*\)\.dll\.a/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
@ -573,6 +576,10 @@ install_sw:
 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
 					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
+				else \
+					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new; \
+					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/$$i; \
 				fi ); \
 				if expr $(PLATFORM) : 'mingw' > /dev/null; then \
 				(	case $$i in \
@ -633,9 +640,9 @@ install_docs:
 	@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
 	here="`pwd`"; \
 	filecase=; \
-	if [ "$(PLATFORM)" = "DJGPP" -o "$(PLATFORM)" = "Cygwin" -o "$(PLATFORM)" = "mingw" ]; then \
+	case "$(PLATFORM)" in DJGPP|Cygwin*|mingw*) \
 		filecase=-i; \
-	fi; \
+	esac; \
 	set -e; for i in doc/apps/*.pod; do \
 		fn=`basename $$i .pod`; \
 		sec=`$(PERL) util/extract-section.pl 1 < $$i`; \
--- a/168
+++ b/168
@ -5,102 +5,21 @@
  This file gives a brief overview of the major changes between each OpenSSL
  release. For more details please read the CHANGES file.

-  Major changes between OpenSSL 1.0.1s and OpenSSL 1.0.1t [under development]
+  Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.2 [in beta]:

-      o
-
-  Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016]
-
-      o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL.
-      o Disable SSLv2 default build, default negotiation and weak ciphers
-        (CVE-2016-0800)
-      o Fix a double-free in DSA code (CVE-2016-0705)
-      o Disable SRP fake user seed to address a server memory leak
-        (CVE-2016-0798)
-      o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption
-        (CVE-2016-0797)
-      o Fix memory issues in BIO_*printf functions (CVE-2016-0799)
-      o Fix side channel attack on modular exponentiation (CVE-2016-0702)
-
-  Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016]
-
-      o Protection for DH small subgroup attacks
-      o SSLv2 doesn't block disabled ciphers (CVE-2015-3197)
-
-  Major changes between OpenSSL 1.0.1p and OpenSSL 1.0.1q [3 Dec 2015]
-
-      o Certificate verify crash with missing PSS parameter (CVE-2015-3194)
-      o X509_ATTRIBUTE memory leak (CVE-2015-3195)
-      o Rewrite EVP_DecodeUpdate (base64 decoding) to fix several bugs
-      o In DSA_generate_parameters_ex, if the provided seed is too short,
-        return an error
-
-  Major changes between OpenSSL 1.0.1o and OpenSSL 1.0.1p [9 Jul 2015]
-
-      o Alternate chains certificate forgery (CVE-2015-1793)
-      o Race condition handling PSK identify hint (CVE-2015-3196)
-
-  Major changes between OpenSSL 1.0.1n and OpenSSL 1.0.1o [12 Jun 2015]
-
-      o Fix HMAC ABI incompatibility
-
-  Major changes between OpenSSL 1.0.1m and OpenSSL 1.0.1n [11 Jun 2015]
-
-      o Malformed ECParameters causes infinite loop (CVE-2015-1788)
-      o Exploitable out-of-bounds read in X509_cmp_time (CVE-2015-1789)
-      o PKCS7 crash with missing EnvelopedContent (CVE-2015-1790)
-      o CMS verify infinite loop with unknown hash function (CVE-2015-1792)
-      o Race condition handling NewSessionTicket (CVE-2015-1791)
-
-  Major changes between OpenSSL 1.0.1l and OpenSSL 1.0.1m [19 Mar 2015]
-
-      o Segmentation fault in ASN1_TYPE_cmp fix (CVE-2015-0286)
-      o ASN.1 structure reuse memory corruption fix (CVE-2015-0287)
-      o PKCS7 NULL pointer dereferences fix (CVE-2015-0289)
-      o DoS via reachable assert in SSLv2 servers fix (CVE-2015-0293)
-      o Use After Free following d2i_ECPrivatekey error fix (CVE-2015-0209)
-      o X509_to_X509_REQ NULL pointer deref fix (CVE-2015-0288)
-      o Removed the export ciphers from the DEFAULT ciphers
-
-  Major changes between OpenSSL 1.0.1k and OpenSSL 1.0.1l [15 Jan 2015]
-
-      o Build fixes for the Windows and OpenVMS platforms
-
-  Major changes between OpenSSL 1.0.1j and OpenSSL 1.0.1k [8 Jan 2015]
-
-      o Fix for CVE-2014-3571
-      o Fix for CVE-2015-0206
-      o Fix for CVE-2014-3569
-      o Fix for CVE-2014-3572
-      o Fix for CVE-2015-0204
-      o Fix for CVE-2015-0205
-      o Fix for CVE-2014-8275
-      o Fix for CVE-2014-3570
-
-  Major changes between OpenSSL 1.0.1i and OpenSSL 1.0.1j [15 Oct 2014]
-
-      o Fix for CVE-2014-3513
-      o Fix for CVE-2014-3567
-      o Mitigation for CVE-2014-3566 (SSL protocol vulnerability)
-      o Fix for CVE-2014-3568
-
-  Major changes between OpenSSL 1.0.1h and OpenSSL 1.0.1i [6 Aug 2014]
-
-      o Fix for CVE-2014-3512
-      o Fix for CVE-2014-3511
-      o Fix for CVE-2014-3510
-      o Fix for CVE-2014-3507
-      o Fix for CVE-2014-3506
-      o Fix for CVE-2014-3505
-      o Fix for CVE-2014-3509
-      o Fix for CVE-2014-5139
-      o Fix for CVE-2014-3508
+      o Suite B support for TLS 1.2 and DTLS 1.2
+      o Support for DTLS 1.2
+      o TLS automatic EC curve selection.
+      o API to set TLS supported signature algorithms and curves
+      o SSL_CONF configuration API.
+      o TLS Brainpool support.
+      o ALPN support.
+      o CMS support for RSA-PSS, RSA-OAEP, ECDH and X9.42 DH.

  Major changes between OpenSSL 1.0.1g and OpenSSL 1.0.1h [5 Jun 2014]

      o Fix for CVE-2014-0224
      o Fix for CVE-2014-0221
-      o Fix for CVE-2014-0198
      o Fix for CVE-2014-0195
      o Fix for CVE-2014-3470
      o Fix for CVE-2010-5298
@ -160,6 +79,19 @@
      o Preliminary FIPS capability for unvalidated 2.0 FIPS module.
      o SRP support.

+  Major changes between OpenSSL 1.0.0j and OpenSSL 1.0.0k [5 Feb 2013]:
+
+      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+      o Fix OCSP bad key DoS attack CVE-2013-0166
+
+  Major changes between OpenSSL 1.0.0i and OpenSSL 1.0.0j [10 May 2012]:
+
+      o Fix DTLS record length checking bug CVE-2012-2333
+
+  Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.0i [19 Apr 2012]:
+
+      o Fix for ASN1 overflow bug CVE-2012-2110
+
  Major changes between OpenSSL 1.0.0g and OpenSSL 1.0.0h [12 Mar 2012]:

      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
@ -232,6 +164,62 @@
      o Opaque PRF Input TLS extension support.
      o Updated time routines to avoid OS limitations.

+  Major changes between OpenSSL 0.9.8x and OpenSSL 0.9.8y [5 Feb 2013]:
+
+      o Fix for SSL/TLS/DTLS CBC plaintext recovery attack CVE-2013-0169
+      o Fix OCSP bad key DoS attack CVE-2013-0166
+
+  Major changes between OpenSSL 0.9.8w and OpenSSL 0.9.8x [10 May 2012]:
+
+      o Fix DTLS record length checking bug CVE-2012-2333
+
+  Major changes between OpenSSL 0.9.8v and OpenSSL 0.9.8w [23 Apr 2012]:
+
+      o Fix for CVE-2012-2131 (corrected fix for 0.9.8 and CVE-2012-2110)
+
+  Major changes between OpenSSL 0.9.8u and OpenSSL 0.9.8v [19 Apr 2012]:
+
+      o Fix for ASN1 overflow bug CVE-2012-2110
+
+  Major changes between OpenSSL 0.9.8t and OpenSSL 0.9.8u [12 Mar 2012]:
+
+      o Fix for CMS/PKCS#7 MMA CVE-2012-0884
+      o Corrected fix for CVE-2011-4619
+      o Various DTLS fixes.
+
+  Major changes between OpenSSL 0.9.8s and OpenSSL 0.9.8t [18 Jan 2012]:
+
+      o Fix for DTLS DoS issue CVE-2012-0050
+
+  Major changes between OpenSSL 0.9.8r and OpenSSL 0.9.8s [4 Jan 2012]:
+
+      o Fix for DTLS plaintext recovery attack CVE-2011-4108
+      o Fix policy check double free error CVE-2011-4109
+      o Clear block padding bytes of SSL 3.0 records CVE-2011-4576
+      o Only allow one SGC handshake restart for SSL/TLS CVE-2011-4619
+      o Check for malformed RFC3779 data CVE-2011-4577
+
+  Major changes between OpenSSL 0.9.8q and OpenSSL 0.9.8r [8 Feb 2011]:
+
+      o Fix for security issue CVE-2011-0014
+
+  Major changes between OpenSSL 0.9.8p and OpenSSL 0.9.8q [2 Dec 2010]:
+
+      o Fix for security issue CVE-2010-4180
+      o Fix for CVE-2010-4252
+
+  Major changes between OpenSSL 0.9.8o and OpenSSL 0.9.8p [16 Nov 2010]:
+
+      o Fix for security issue CVE-2010-3864.
+
+  Major changes between OpenSSL 0.9.8n and OpenSSL 0.9.8o [1 Jun 2010]:
+
+      o Fix for security issue CVE-2010-0742.
+      o Various DTLS fixes.
+      o Recognise SHA2 certificates if only SSL algorithms added.
+      o Fix for no-rc4 compilation.
+      o Chil ENGINE unload workaround.
+
  Major changes between OpenSSL 0.9.8m and OpenSSL 0.9.8n [24 Mar 2010]:

      o CFB cipher definition fixes.
--- a/179
+++ b/179
@ -1,7 +1,7 @@

- OpenSSL 1.0.1t-dev
+ OpenSSL 1.0.2-beta2 22 Jul 2014

- Copyright (c) 1998-2015 The OpenSSL Project
+ Copyright (c) 1998-2011 The OpenSSL Project
 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
 All rights reserved.

@ -10,17 +10,17 @@

 The OpenSSL Project is a collaborative effort to develop a robust,
 commercial-grade, fully featured, and Open Source toolkit implementing the
- Secure Sockets Layer (SSLv3) and Transport Layer Security (TLS) protocols as
- well as a full-strength general purpose cryptograpic library. The project is
- managed by a worldwide community of volunteers that use the Internet to
- communicate, plan, and develop the OpenSSL toolkit and its related
- documentation.
+ Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+ protocols as well as a full-strength general purpose cryptography library.
+ The project is managed by a worldwide community of volunteers that use the
+ Internet to communicate, plan, and develop the OpenSSL toolkit and its
+ related documentation.

- OpenSSL is descended from the SSLeay library developed by Eric A. Young
+ OpenSSL is based on the excellent SSLeay library developed from Eric A. Young
 and Tim J. Hudson.  The OpenSSL toolkit is licensed under a dual-license (the
- OpenSSL license plus the SSLeay license), which means that you are free to
- get and use it for commercial and non-commercial purposes as long as you
- fulfill the conditions of both licenses.
+ OpenSSL license plus the SSLeay license) situation, which basically means
+ that you are free to get and use it for commercial and non-commercial
+ purposes as long as you fulfill the conditions of both licenses.

 OVERVIEW
 --------
@ -28,39 +28,90 @@
 The OpenSSL toolkit includes:

 libssl.a:
-     Provides the client and server-side implementations for SSLv3 and TLS.
+     Implementation of SSLv2, SSLv3, TLSv1 and the required code to support
+     both SSLv2, SSLv3 and TLSv1 in the one server and client.

 libcrypto.a:
-     Provides general cryptographic and X.509 support needed by SSL/TLS but
-     not logically part of it.
+     General encryption and X.509 v1/v3 stuff needed by SSL/TLS but not
+     actually logically part of it. It includes routines for the following:
+
+     Ciphers
+        libdes - EAY's libdes DES encryption package which was floating
+                 around the net for a few years, and was then relicensed by
+                 him as part of SSLeay.  It includes 15 'modes/variations'
+                 of DES (1, 2 and 3 key versions of ecb, cbc, cfb and ofb;
+                 pcbc and a more general form of cfb and ofb) including desx
+                 in cbc mode, a fast crypt(3), and routines to read
+                 passwords from the keyboard.
+        RC4 encryption,
+        RC2 encryption      - 4 different modes, ecb, cbc, cfb and ofb.
+        Blowfish encryption - 4 different modes, ecb, cbc, cfb and ofb.
+        IDEA encryption     - 4 different modes, ecb, cbc, cfb and ofb.
+
+     Digests
+        MD5 and MD2 message digest algorithms, fast implementations,
+        SHA (SHA-0) and SHA-1 message digest algorithms,
+        MDC2 message digest. A DES based hash that is popular on smart cards.
+
+     Public Key
+        RSA encryption/decryption/generation.
+            There is no limit on the number of bits.
+        DSA encryption/decryption/generation.
+            There is no limit on the number of bits.
+        Diffie-Hellman key-exchange/key generation.
+            There is no limit on the number of bits.
+
+     X.509v3 certificates
+        X509 encoding/decoding into/from binary ASN1 and a PEM
+             based ASCII-binary encoding which supports encryption with a
+             private key.  Program to generate RSA and DSA certificate
+             requests and to generate RSA and DSA certificates.
+
+     Systems
+        The normal digital envelope routines and base64 encoding.  Higher
+        level access to ciphers and digests by name.  New ciphers can be
+        loaded at run time.  The BIO io system which is a simple non-blocking
+        IO abstraction.  Current methods supported are file descriptors,
+        sockets, socket accept, socket connect, memory buffer, buffering, SSL
+        client/server, file pointer, encryption, digest, non-blocking testing
+        and null.
+
+     Data structures
+        A dynamically growing hashing system
+        A simple stack.
+        A Configuration loader that uses a format similar to MS .ini files.

 openssl:
     A command line tool that can be used for:
-        Creation of key parameters
+        Creation of RSA, DH and DSA key parameters
        Creation of X.509 certificates, CSRs and CRLs
-        Calculation of message digests
-        Encryption and decryption
-        SSL/TLS client and server tests
+        Calculation of Message Digests
+        Encryption and Decryption with Ciphers
+        SSL/TLS Client and Server Tests
        Handling of S/MIME signed or encrypted mail
-        And more...

 INSTALLATION
 ------------

- See the appropriate file:
-        INSTALL         Linux, Unix, etc.
-        INSTALL.DJGPP   DOS platform with DJGPP
-        INSTALL.NW      Netware
-        INSTALL.OS2     OS/2
-        INSTALL.VMS     VMS
-        INSTALL.W32     Windows (32bit)
-        INSTALL.W64     Windows (64bit)
-        INSTALL.WCE     Windows CE
+ To install this package under a Unix derivative, read the INSTALL file.  For
+ a Win32 platform, read the INSTALL.W32 file.  For OpenVMS systems, read
+ INSTALL.VMS.
+
+ Read the documentation in the doc/ directory.  It is quite rough, but it
+ lists the functions; you will probably have to look at the code to work out
+ how to use them. Look at the example programs.
+
+ PROBLEMS
+ --------
+
+ For some platforms, there are some known problems that may affect the user
+ or application author.  We try to collect those in doc/PROBLEMS, with current
+ thoughts on how they should be solved in a future of OpenSSL.

 SUPPORT
 -------

- See the OpenSSL website www.openssl.org for details on how to obtain
+ See the OpenSSL website www.openssl.org for details of how to obtain
 commercial technical support.

 If you have any problems with OpenSSL then please take the following steps
@ -84,36 +135,58 @@
    - Problem Description (steps that will reproduce the problem, if known)
    - Stack Traceback (if the application dumps core)

- Email the report to:
+ Report the bug to the OpenSSL project via the Request Tracker
+ (http://www.openssl.org/support/rt.html) by mail to:

-    rt@openssl.org
+    openssl-bugs@openssl.org

- In order to avoid spam, this is a moderated mailing list, and it might
- take a day for the ticket to show up.  (We also scan posts to make sure
- that security disclosures aren't publically posted by mistake.) Mail
- to this address is recorded in the public RT (request tracker) database
- (see https://www.openssl.org/community/index.html#bugs for details) and
- also forwarded the public openssl-dev mailing list.  Confidential mail
- may be sent to openssl-security@openssl.org (PGP key available from the
- key servers).
+ Note that the request tracker should NOT be used for general assistance
+ or support queries. Just because something doesn't work the way you expect
+ does not mean it is necessarily a bug in OpenSSL.

- Please do NOT use this for general assistance or support queries.
- Just because something doesn't work the way you expect does not mean it
- is necessarily a bug in OpenSSL.
-
- You can also make GitHub pull requests. If you do this, please also send
- mail to rt@openssl.org with a link to the PR so that we can more easily
- keep track of it.
+ Note that mail to openssl-bugs@openssl.org is recorded in the publicly
+ readable request tracker database and is forwarded to a public
+ mailing list. Confidential mail may be sent to openssl-security@openssl.org
+ (PGP key available from the key servers).

 HOW TO CONTRIBUTE TO OpenSSL
 ----------------------------

- See CONTRIBUTING
+ Development is coordinated on the openssl-dev mailing list (see
+ http://www.openssl.org for information on subscribing). If you
+ would like to submit a patch, send it to openssl-bugs@openssl.org with
+ the string "[PATCH]" in the subject. Please be sure to include a
+ textual explanation of what your patch does.

- LEGALITIES
- ----------
+ If you are unsure as to whether a feature will be useful for the general
+ OpenSSL community please discuss it on the openssl-dev mailing list first.
+ Someone may be already working on the same thing or there may be a good
+ reason as to why that feature isn't implemented.
+
+ Patches should be as up to date as possible, preferably relative to the
+ current Git or the last snapshot. They should follow the coding style of
+ OpenSSL and compile without warnings. Some of the core team developer targets
+ can be used for testing purposes, (debug-steve64, debug-geoff etc). OpenSSL
+ compiles on many varied platforms: try to ensure you only use portable
+ features.
+
+ Note: For legal reasons, contributions from the US can be accepted only
+ if a TSU notification and a copy of the patch are sent to crypt@bis.doc.gov
+ (formerly BXA) with a copy to the ENC Encryption Request Coordinator;
+ please take some time to look at
+    http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
+ and
+    http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e))
+ for the details. If "your encryption source code is too large to serve as
+ an email attachment", they are glad to receive it by fax instead; hope you
+ have a cheap long-distance plan.
+
+ Our preferred format for changes is "diff -u" output. You might
+ generate it like this:
+
+ # cd openssl-work
+ # [your changes]
+ # ./Configure dist; make clean
+ # cd ..
+ # diff -ur openssl-orig openssl-work > mydiffs.patch

- A number of nations, in particular the U.S., restrict the use or export
- of cryptography. If you are potentially subject to such restrictions
- you should seek competent professional legal advice before attempting to
- develop or distribute cryptographic code.
--- a/796
+++ b/796
--- a/apps/.cvsignore
+++ b/apps/.cvsignore
@ -0,0 +1,8 @@
+openssl
+Makefile.save
+der_chop
+der_chop.bak
+CA.pl
+*.flc
+semantic.cache
+*.dll
--- a/apps/Makefile
+++ b/apps/Makefile
@ -94,9 +94,6 @@ req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
 sreq.o: req.c 
 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c

-openssl-vms.cnf: openssl.cnf
-	$(PERL) $(TOP)/VMS/VMSify-conf.pl < openssl.cnf > openssl-vms.cnf
-
 files:
 	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO

@ -130,12 +127,12 @@ links:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: openssl-vms.cnf local_depend
-
-depend: local_depend
-	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-local_depend:
-	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+depend:
+	@if [ -z "$(THIS)" ]; then \
+	    $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; \
+	else \
+	    $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC); \
+	fi

 dclean:
 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
@ -147,10 +144,10 @@ clean:
 	rm -f req

 $(DLIBSSL):
-	(cd ..; $(MAKE) build_libssl)
+	(cd ..; $(MAKE) DIRS=ssl all)

 $(DLIBCRYPTO):
-	(cd ..; $(MAKE) build_libcrypto)
+	(cd ..; $(MAKE) DIRS=crypto all)

 $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	$(RM) $(EXE)
--- a/apps/app_rand.c
+++ b/apps/app_rand.c
@ -115,6 +115,7 @@
 #include <openssl/bio.h>
 #include <openssl/rand.h>

+
 static int seeded = 0;
 static int egdsocket = 0;

@ -132,27 +133,26 @@ int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn)

 	if (file == NULL)
 		file = RAND_file_name(buffer, sizeof buffer);
-    else if (RAND_egd(file) > 0) {
-        /*
-         * we try if the given filename is an EGD socket. if it is, we don't
-         * write anything back to the file.
-         */
+	else if (RAND_egd(file) > 0)
+		{
+		/* we try if the given filename is an EGD socket.
+		   if it is, we don't write anything back to the file. */
 		egdsocket = 1;
 		return 1;
 		}
-    if (file == NULL || !RAND_load_file(file, -1)) {
-        if (RAND_status() == 0) {
-            if (!dont_warn) {
+	if (file == NULL || !RAND_load_file(file, -1))
+		{
+		if (RAND_status() == 0)
+			{
+			if (!dont_warn)
+				{
 				BIO_printf(bio_e,"unable to load 'random state'\n");
-                BIO_printf(bio_e,
-                           "This means that the random number generator has not been seeded\n");
+				BIO_printf(bio_e,"This means that the random number generator has not been seeded\n");
 				BIO_printf(bio_e,"with much random data.\n");
-                if (consider_randfile) { /* explanation does not apply when a
-                                          * file is explicitly named */
-                    BIO_printf(bio_e,
-                               "Consider setting the RANDFILE environment variable to point at a file that\n");
-                    BIO_printf(bio_e,
-                               "'random' data can be kept in (the file will be overwritten).\n");
+				if (consider_randfile) /* explanation does not apply when a file is explicitly named */
+					{
+					BIO_printf(bio_e,"Consider setting the RANDFILE environment variable to point at a file that\n");
+					BIO_printf(bio_e,"'random' data can be kept in (the file will be overwritten).\n");
 					}
 				}
 			return 0;
@ -169,24 +169,22 @@ long app_RAND_load_files(char *name)
 	long tot=0;
 	int egd;
 	
-    for (;;) {
+	for (;;)
+		{
 		last=0;
 		for (p=name; ((*p != '\0') && (*p != LIST_SEPARATOR_CHAR)); p++);
-        if (*p == '\0')
-            last = 1;
+		if (*p == '\0') last=1;
 		*p='\0';
 		n=name;
 		name=p+1;
-        if (*n == '\0')
-            break;
+		if (*n == '\0') break;

 		egd=RAND_egd(n);
 		if (egd > 0)
 			tot+=egd;
 		else
 			tot+=RAND_load_file(n,-1);
-        if (last)
-            break;
+		if (last) break;
 		}
 	if (tot > 512)
 		app_RAND_allow_write_file();
@ -198,16 +196,16 @@ int app_RAND_write_file(const char *file, BIO *bio_e)
 	char buffer[200];
 	
 	if (egdsocket || !seeded)
-        /*
-         * If we did not manage to read the seed file, we should not write a
-         * low-entropy seed file back -- it would suppress a crucial warning
-         * the next time we want to use it.
-         */
+		/* If we did not manage to read the seed file,
+		 * we should not write a low-entropy seed file back --
+		 * it would suppress a crucial warning the next time
+		 * we want to use it. */
 		return 0;

 	if (file == NULL)
 		file = RAND_file_name(buffer, sizeof buffer);
-    if (file == NULL || !RAND_write_file(file)) {
+	if (file == NULL || !RAND_write_file(file))
+		{
 		BIO_printf(bio_e,"unable to write 'random state'\n");
 		return 0;
 		}
--- a/apps/apps.c
+++ b/apps/apps.c
--- a/apps/apps.h
+++ b/apps/apps.h
@ -129,9 +129,8 @@

 int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
 int app_RAND_write_file(const char *file, BIO *bio_e);
-/*
- * When `file' is NULL, use defaults. `bio_e' is for error messages.
- */
+/* When `file' is NULL, use defaults.
+ * `bio_e' is for error messages. */
 void app_RAND_allow_write_file(void);
 long app_RAND_load_files(char *file); /* `file' is a list of files to read,
                                       * separated by LIST_SEPARATOR_CHAR
@ -205,24 +204,28 @@ extern BIO *bio_err;
 #  endif
 #endif

-# ifdef OPENSSL_SYSNAME_WIN32
+#if defined(OPENSSL_SYSNAME_WIN32) || defined(OPENSSL_SYSNAME_WINCE)
 #  define openssl_fdset(a,b) FD_SET((unsigned int)a, b)
 #else
 #  define openssl_fdset(a,b) FD_SET(a, b)
 #endif

-typedef struct args_st {
+
+typedef struct args_st
+	{
 	char **data;
 	int count;
 	} ARGS;

 #define PW_MIN_LENGTH 4
-typedef struct pw_cb_data {
+typedef struct pw_cb_data
+	{
 	const void *password;
 	const char *prompt_info;
 	} PW_CB_DATA;

-int password_callback(char *buf, int bufsiz, int verify, PW_CB_DATA *cb_data);
+int password_callback(char *buf, int bufsiz, int verify,
+	PW_CB_DATA *cb_data);

 int setup_ui_method(void);
 void destroy_ui_method(void);
@ -234,8 +237,7 @@ void program_name(char *in, char *out, int size);
 int chopup_args(ARGS *arg,char *buf, int *argc, char **argv[]);
 #ifdef HEADER_X509_H
 int dump_cert_text(BIO *out, X509 *x);
-void print_name(BIO *out, const char *title, X509_NAME *nm,
-                unsigned long lflags);
+void print_name(BIO *out, const char *title, X509_NAME *nm, unsigned long lflags);
 #endif
 int set_cert_ex(unsigned long *flags, const char *arg);
 int set_name_ex(unsigned long *flags, const char *arg);
@ -245,16 +247,17 @@ int app_passwd(BIO *err, char *arg1, char *arg2, char **pass1, char **pass2);
 int add_oid_section(BIO *err, CONF *conf);
 X509 *load_cert(BIO *err, const char *file, int format,
 	const char *pass, ENGINE *e, const char *cert_descrip);
+X509_CRL *load_crl(const char *infile, int format);
+int load_cert_crl_http(const char *url, BIO *err,
+					X509 **pcert, X509_CRL **pcrl);
 EVP_PKEY *load_key(BIO *err, const char *file, int format, int maybe_stdin,
 	const char *pass, ENGINE *e, const char *key_descrip);
 EVP_PKEY *load_pubkey(BIO *err, const char *file, int format, int maybe_stdin,
 	const char *pass, ENGINE *e, const char *key_descrip);
 STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
-                           const char *pass, ENGINE *e,
-                           const char *cert_descrip);
+	const char *pass, ENGINE *e, const char *cert_descrip);
 STACK_OF(X509_CRL) *load_crls(BIO *err, const char *file, int format,
-                              const char *pass, ENGINE *e,
-                              const char *cert_descrip);
+	const char *pass, ENGINE *e, const char *cert_descrip);
 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
 #ifndef OPENSSL_NO_ENGINE
 ENGINE *setup_engine(BIO *err, const char *engine, int debug);
@ -262,8 +265,9 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug);

 #ifndef OPENSSL_NO_OCSP
 OCSP_RESPONSE *process_responder(BIO *err, OCSP_REQUEST *req,
-                                 char *host, char *path, char *port,
-                                 int use_ssl, STACK_OF(CONF_VALUE) *headers,
+				 const char *host, const char *path,
+				 const char *port, int use_ssl,
+				 const STACK_OF(CONF_VALUE) *headers,
 				 int req_timeout);
 #endif

@ -279,32 +283,31 @@ int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
 #define DB_rev_date     2
 #define DB_serial       3       /* index - unique */
 #define DB_file         4       
-# define DB_name         5      /* index - unique when active and not
-                                 * disabled */
+#define DB_name         5       /* index - unique when active and not disabled */
 #define DB_NUMBER       6

 #define DB_TYPE_REV	'R'
 #define DB_TYPE_EXP	'E'
 #define DB_TYPE_VAL	'V'

-typedef struct db_attr_st {
+typedef struct db_attr_st
+	{
 	int unique_subject;
 	} DB_ATTR;
-typedef struct ca_db_st {
+typedef struct ca_db_st
+	{
 	DB_ATTR attributes;
 	TXT_DB *db;
 	} CA_DB;

 BIGNUM *load_serial(char *serialfile, int create, ASN1_INTEGER **retai);
-int save_serial(char *serialfile, char *suffix, BIGNUM *serial,
-                ASN1_INTEGER **retai);
+int save_serial(char *serialfile, char *suffix, BIGNUM *serial, ASN1_INTEGER **retai);
 int rotate_serial(char *serialfile, char *new_suffix, char *old_suffix);
 int rand_serial(BIGNUM *b, ASN1_INTEGER *ai);
 CA_DB *load_index(char *dbfile, DB_ATTR *dbattr);
 int index_index(CA_DB *db);
 int save_index(const char *dbfile, const char *suffix, CA_DB *db);
-int rotate_index(const char *dbfile, const char *new_suffix,
-                 const char *old_suffix);
+int rotate_index(const char *dbfile, const char *new_suffix, const char *old_suffix);
 void free_index(CA_DB *db);
 #define index_name_cmp_noconst(a, b) \
 	index_name_cmp((const OPENSSL_CSTRING *)CHECKED_PTR_OF(OPENSSL_STRING, a), \
@ -334,10 +337,16 @@ void jpake_client_auth(BIO *out, BIO *conn, const char *secret);
 void jpake_server_auth(BIO *out, BIO *conn, const char *secret);
 #endif

-# if !defined(OPENSSL_NO_TLSEXT) && !defined(OPENSSL_NO_NEXTPROTONEG)
+#ifndef OPENSSL_NO_TLSEXT
 unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
-# endif                         /* !OPENSSL_NO_TLSEXT &&
-                                 * !OPENSSL_NO_NEXTPROTONEG */
+#endif  /* ndef OPENSSL_NO_TLSEXT */
+
+void print_cert_checks(BIO *bio, X509 *x,
+				const char *checkhost,
+				const char *checkemail,
+				const char *checkip);
+
+void store_setup_crl_download(X509_STORE *st);

 #define FORMAT_UNDEF    0
 #define FORMAT_ASN1     1
@ -353,6 +362,7 @@ unsigned char *next_protos_parse(unsigned short *outlen, const char *in);
 #define FORMAT_ASN1RSA	10	/* DER RSAPubicKey format */
 #define FORMAT_MSBLOB	11	/* MS Key blob format */
 #define FORMAT_PVK	12	/* MS PVK file format */
+#define FORMAT_HTTP	13	/* Download using HTTP */

 #define EXT_COPY_NONE	0
 #define EXT_COPY_ADD	1
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@ -56,9 +56,8 @@
 * [including the GNU Public Licence.]
 */

-/*
- * A nice addition from Dr Stephen Henson <steve@openssl.org> to add the
- * -strparse option which parses nested binary structures
+/* A nice addition from Dr Stephen Henson <steve@openssl.org> to 
+ * add the -strparse option which parses nested binary structures
 */

 #include <stdio.h>
@ -70,8 +69,7 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>

-/*-
- * -inform arg  - input format - default PEM (DER or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
 * -in arg	- input file - default stdin
 * -i		- indent the details by depth
 * -offset	- where in the file to start
@ -115,62 +113,76 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    if ((osk = sk_OPENSSL_STRING_new_null()) == NULL) {
+	if ((osk=sk_OPENSSL_STRING_new_null()) == NULL)
+		{
 		BIO_printf(bio_err,"Memory allocation failure\n");
 		goto end;
 		}
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			derfile= *(++argv);
-        } else if (strcmp(*argv, "-i") == 0) {
+			}
+		else if (strcmp(*argv,"-i") == 0)
+			{
 			indent=1;
-        } else if (strcmp(*argv, "-noout") == 0)
-            noout = 1;
-        else if (strcmp(*argv, "-oid") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-noout") == 0) noout = 1;
+		else if (strcmp(*argv,"-oid") == 0)
+			{
+			if (--argc < 1) goto bad;
 			oidfile= *(++argv);
-        } else if (strcmp(*argv, "-offset") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-offset") == 0)
+			{
+			if (--argc < 1) goto bad;
 			offset= atoi(*(++argv));
-        } else if (strcmp(*argv, "-length") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-length") == 0)
+			{
+			if (--argc < 1) goto bad;
 			length= atoi(*(++argv));
-            if (length == 0)
-                goto bad;
-        } else if (strcmp(*argv, "-dump") == 0) {
+			if (length == 0) goto bad;
+			}
+		else if (strcmp(*argv,"-dump") == 0)
+			{
 			dump= -1;
-        } else if (strcmp(*argv, "-dlimit") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-dlimit") == 0)
+			{
+			if (--argc < 1) goto bad;
 			dump= atoi(*(++argv));
-            if (dump <= 0)
-                goto bad;
-        } else if (strcmp(*argv, "-strparse") == 0) {
-            if (--argc < 1)
-                goto bad;
+			if (dump <= 0) goto bad;
+			}
+		else if (strcmp(*argv,"-strparse") == 0)
+			{
+			if (--argc < 1) goto bad;
 			sk_OPENSSL_STRING_push(osk,*(++argv));
-        } else if (strcmp(*argv, "-genstr") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-genstr") == 0)
+			{
+			if (--argc < 1) goto bad;
 			genstr= *(++argv);
-        } else if (strcmp(*argv, "-genconf") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-genconf") == 0)
+			{
+			if (--argc < 1) goto bad;
 			genconf= *(++argv);
-        } else {
+			}
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -179,30 +191,26 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
-        BIO_printf(bio_err,
-                   " -out arg      output file (output format is always DER\n");
+		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
 		BIO_printf(bio_err," -noout arg    don't produce any output\n");
 		BIO_printf(bio_err," -offset arg   offset into file\n");
 		BIO_printf(bio_err," -length arg   length of section in file\n");
 		BIO_printf(bio_err," -i            indent entries\n");
 		BIO_printf(bio_err," -dump         dump unknown data in hex form\n");
-        BIO_printf(bio_err,
-                   " -dlimit arg   dump the first arg bytes of unknown data in hex form\n");
+		BIO_printf(bio_err," -dlimit arg   dump the first arg bytes of unknown data in hex form\n");
 		BIO_printf(bio_err," -oid file     file of extra oid definitions\n");
 		BIO_printf(bio_err," -strparse offset\n");
-        BIO_printf(bio_err,
-                   "               a series of these can be used to 'dig' into multiple\n");
+		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
-        BIO_printf(bio_err,
-                   " -genstr str   string to generate ASN1 structure from\n");
-        BIO_printf(bio_err,
-                   " -genconf file file to generate ASN1 structure from\n");
+		BIO_printf(bio_err," -genstr str   string to generate ASN1 structure from\n");
+		BIO_printf(bio_err," -genconf file file to generate ASN1 structure from\n");
 		goto end;
 		}

@ -210,7 +218,8 @@ int MAIN(int argc, char **argv)

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
@ -222,8 +231,10 @@ int MAIN(int argc, char **argv)
 	}
 #endif

-    if (oidfile != NULL) {
-        if (BIO_read_filename(in, oidfile) <= 0) {
+	if (oidfile != NULL)
+		{
+		if (BIO_read_filename(in,oidfile) <= 0)
+			{
 			BIO_printf(bio_err,"problems opening %s\n",oidfile);
 			ERR_print_errors(bio_err);
 			goto end;
@ -233,8 +244,10 @@ int MAIN(int argc, char **argv)

 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
 			perror(infile);
 			goto end;
 			}
@ -248,22 +261,24 @@ int MAIN(int argc, char **argv)
 		}
 	}

-    if ((buf = BUF_MEM_new()) == NULL)
-        goto end;
-    if (!BUF_MEM_grow(buf, BUFSIZ * 8))
-        goto end;               /* Pre-allocate :-) */
+	if ((buf=BUF_MEM_new()) == NULL) goto end;
+	if (!BUF_MEM_grow(buf,BUFSIZ*8)) goto end; /* Pre-allocate :-) */

-    if (genstr || genconf) {
+	if (genstr || genconf)
+		{
 		num = do_generate(bio_err, genstr, genconf, buf);
-        if (num < 0) {
+		if (num < 0)
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}

-    else {
+	else
+		{

-        if (informat == FORMAT_PEM) {
+		if (informat == FORMAT_PEM)
+			{
 			BIO *tmp;

 			if ((b64=BIO_new(BIO_f_base64())) == NULL)
@ -275,12 +290,11 @@ int MAIN(int argc, char **argv)
 			}

 		num=0;
-        for (;;) {
-            if (!BUF_MEM_grow(buf, (int)num + BUFSIZ))
-                goto end;
+		for (;;)
+			{
+			if (!BUF_MEM_grow(buf,(int)num+BUFSIZ)) goto end;
 			i=BIO_read(in,&(buf->data[num]),BUFSIZ);
-            if (i <= 0)
-                break;
+			if (i <= 0) break;
 			num+=i;
 			}
 		}
@ -288,16 +302,18 @@ int MAIN(int argc, char **argv)

 	/* If any structs to parse go through in sequence */

-    if (sk_OPENSSL_STRING_num(osk)) {
+	if (sk_OPENSSL_STRING_num(osk))
+		{
 		tmpbuf=(unsigned char *)str;
 		tmplen=num;
-        for (i = 0; i < sk_OPENSSL_STRING_num(osk); i++) {
+		for (i=0; i<sk_OPENSSL_STRING_num(osk); i++)
+			{
 			ASN1_TYPE *atmp;
 			int typ;
 			j=atoi(sk_OPENSSL_STRING_value(osk,i));
-            if (j == 0) {
-                BIO_printf(bio_err, "'%s' is an invalid number\n",
-                           sk_OPENSSL_STRING_value(osk, i));
+			if (j == 0)
+				{
+				BIO_printf(bio_err,"'%s' is an invalid number\n",sk_OPENSSL_STRING_value(osk,i));
 				continue;
 				}
 			tmpbuf+=j;
@ -306,16 +322,18 @@ int MAIN(int argc, char **argv)
 			ctmpbuf = tmpbuf;
 			at = d2i_ASN1_TYPE(NULL,&ctmpbuf,tmplen);
 			ASN1_TYPE_free(atmp);
-            if (!at) {
+			if(!at)
+				{
 				BIO_printf(bio_err,"Error parsing structure\n");
 				ERR_print_errors(bio_err);
 				goto end;
 				}
 			typ = ASN1_TYPE_get(at);
 			if ((typ == V_ASN1_OBJECT)
-                || (typ == V_ASN1_BOOLEAN)
-                || (typ == V_ASN1_NULL)) {
-                BIO_printf(bio_err, "Can't parse %s type\n", ASN1_tag2str(typ));
+				|| (typ == V_ASN1_NULL))
+				{
+				BIO_printf(bio_err, "Can't parse %s type\n",
+					typ == V_ASN1_NULL ? "NULL" : "OBJECT");
 				ERR_print_errors(bio_err);
 				goto end;
 				}
@ -327,15 +345,15 @@ int MAIN(int argc, char **argv)
 		num=tmplen;
 		}

-    if (offset >= num) {
+	if (offset >= num)
+		{
 		BIO_printf(bio_err, "Error: offset too large\n");
 		goto end;
 		}

 	num -= offset;

-    if ((length == 0) || ((long)length > num))
-        length = (unsigned int)num;
+	if ((length == 0) || ((long)length > num)) length=(unsigned int)num;
 	if(derout) {
 		if(BIO_write(derout, str + offset, length) != (int)length) {
 			BIO_printf(bio_err, "Error writing output\n");
@ -345,27 +363,22 @@ int MAIN(int argc, char **argv)
 	}
 	if (!noout &&
 	    !ASN1_parse_dump(out,(unsigned char *)&(str[offset]),length,
-                         indent, dump)) {
+		    indent,dump))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	ret=0;
 end:
 	BIO_free(derout);
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (b64 != NULL)
-        BIO_free(b64);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
+	if (b64 != NULL) BIO_free(b64);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-    if (buf != NULL)
-        BUF_MEM_free(buf);
-    if (at != NULL)
-        ASN1_TYPE_free(at);
-    if (osk != NULL)
-        sk_OPENSSL_STRING_free(osk);
+	if (buf != NULL) BUF_MEM_free(buf);
+	if (at != NULL) ASN1_TYPE_free(at);
+	if (osk != NULL) sk_OPENSSL_STRING_free(osk);
 	OBJ_cleanup();
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
@ -375,17 +388,19 @@ static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
 	{
 	CONF *cnf = NULL;
 	int len;
-    long errline = 0;
+	long errline;
 	unsigned char *p;
 	ASN1_TYPE *atyp = NULL;

-    if (genconf) {
+	if (genconf)
+		{
 		cnf = NCONF_new(NULL);
 		if (!NCONF_load(cnf, genconf, &errline))
 			goto conferr;
 		if (!genstr)
 			genstr = NCONF_get_string(cnf, "default", "asn1");
-        if (!genstr) {
+		if (!genstr)
+			{
 			BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
 			goto err;
 			}
--- a/apps/ca.c
+++ b/apps/ca.c
--- a/apps/ciphers.c
+++ b/apps/ciphers.c
@ -85,6 +85,9 @@ int MAIN(int argc, char **argv)
 	{
 	int ret=1,i;
 	int verbose=0,Verbose=0;
+#ifndef OPENSSL_NO_SSL_TRACE
+	int stdname = 0;
+#endif
 	const char **pp;
 	const char *p;
 	int badops=0;
@ -114,11 +117,16 @@ int MAIN(int argc, char **argv)

 	argc--;
 	argv++;
-    while (argc >= 1) {
+	while (argc >= 1)
+		{
 		if (strcmp(*argv,"-v") == 0)
 			verbose=1;
 		else if (strcmp(*argv,"-V") == 0)
 			verbose=Verbose=1;
+#ifndef OPENSSL_NO_SSL_TRACE
+		else if (strcmp(*argv,"-stdname") == 0)
+			stdname=verbose=1;
+#endif
 #ifndef OPENSSL_NO_SSL2
 		else if (strcmp(*argv,"-ssl2") == 0)
 			meth=SSLv2_client_method();
@ -131,17 +139,22 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-tls1") == 0)
 			meth=TLSv1_client_method();
 #endif
-        else if ((strncmp(*argv, "-h", 2) == 0) || (strcmp(*argv, "-?") == 0)) {
+		else if ((strncmp(*argv,"-h",2) == 0) ||
+			 (strcmp(*argv,"-?") == 0))
+			{
 			badops=1;
 			break;
-        } else {
+			}
+		else
+			{
 			ciphers= *argv;
 			}
 		argc--;
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 		for (pp=ciphers_usage; (*pp != NULL); pp++)
 			BIO_printf(bio_err,"%s",*pp);
 		goto end;
@ -150,8 +163,7 @@ int MAIN(int argc, char **argv)
 	OpenSSL_add_ssl_algorithms();

 	ctx=SSL_CTX_new(meth);
-    if (ctx == NULL)
-        goto err;
+	if (ctx == NULL) goto err;
 	if (ciphers != NULL) {
 		if(!SSL_CTX_set_cipher_list(ctx,ciphers)) {
 			BIO_printf(bio_err, "Error in cipher list\n");
@ -159,67 +171,70 @@ int MAIN(int argc, char **argv)
 		}
 	}
 	ssl=SSL_new(ctx);
-    if (ssl == NULL)
-        goto err;
+	if (ssl == NULL) goto err;

-    if (!verbose) {
-        for (i = 0;; i++) {
+
+	if (!verbose)
+		{
+		for (i=0; ; i++)
+			{
 			p=SSL_get_cipher_list(ssl,i);
-            if (p == NULL)
-                break;
-            if (i != 0)
-                BIO_printf(STDout, ":");
+			if (p == NULL) break;
+			if (i != 0) BIO_printf(STDout,":");
 			BIO_printf(STDout,"%s",p);
 			}
 		BIO_printf(STDout,"\n");
-    } else {                    /* verbose */
-
+		}
+	else /* verbose */
+		{
 		sk=SSL_get_ciphers(ssl);

-        for (i = 0; i < sk_SSL_CIPHER_num(sk); i++) {
+		for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
+			{
 			SSL_CIPHER *c;

 			c = sk_SSL_CIPHER_value(sk,i);
 			
-            if (Verbose) {
+			if (Verbose)
+				{
 				unsigned long id = SSL_CIPHER_get_id(c);
 				int id0 = (int)(id >> 24);
 				int id1 = (int)((id >> 16) & 0xffL);
 				int id2 = (int)((id >> 8) & 0xffL);
 				int id3 = (int)(id & 0xffL);
 				
-                if ((id & 0xff000000L) == 0x02000000L) {
-                    /* SSL2 cipher */
-                    BIO_printf(STDout, "     0x%02X,0x%02X,0x%02X - ", id1,
-                               id2, id3);
-                } else if ((id & 0xff000000L) == 0x03000000L) {
-                    /* SSL3 cipher */
-                    BIO_printf(STDout, "          0x%02X,0x%02X - ", id2,
-                               id3);
-                } else {
-                    /* whatever */
-                    BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0,
-                               id1, id2, id3);
+				if ((id & 0xff000000L) == 0x02000000L)
+					BIO_printf(STDout, "     0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */
+				else if ((id & 0xff000000L) == 0x03000000L)
+					BIO_printf(STDout, "          0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */
+				else
+					BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */
 				}
+#ifndef OPENSSL_NO_SSL_TRACE
+			if (stdname)
+				{
+				const char *nm = SSL_CIPHER_standard_name(c);
+				if (nm == NULL)
+					nm = "UNKNOWN";
+				BIO_printf(STDout, "%s - ", nm);
 				}
-
+#endif
 			BIO_puts(STDout,SSL_CIPHER_description(c,buf,sizeof buf));
 			}
 		}

 	ret=0;
-    if (0) {
+	if (0)
+		{
 err:
 		SSL_load_error_strings();
 		ERR_print_errors(bio_err);
 		}
 end:
-    if (ctx != NULL)
-        SSL_CTX_free(ctx);
-    if (ssl != NULL)
-        SSL_free(ssl);
-    if (STDout != NULL)
-        BIO_free_all(STDout);
+	if (ctx != NULL) SSL_CTX_free(ctx);
+	if (ssl != NULL) SSL_free(ssl);
+	if (STDout != NULL) BIO_free_all(STDout);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
+
--- a/apps/cms.c
+++ b/apps/cms.c
--- a/apps/crl.c
+++ b/apps/crl.c
@ -96,7 +96,6 @@ static const char *crl_usage[] = {
 NULL
 };

-static X509_CRL *load_crl(char *file, int format);
 static BIO *bio_out=NULL;

 int MAIN(int, char **);
@ -106,12 +105,11 @@ int MAIN(int argc, char **argv)
 	unsigned long nmflag = 0;
 	X509_CRL *x=NULL;
 	char *CAfile = NULL, *CApath = NULL;
-    int ret = 1, i, num, badops = 0;
+	int ret=1,i,num,badops=0,badsig=0;
 	BIO *out=NULL;
-    int informat, outformat;
-    char *infile = NULL, *outfile = NULL;
-    int hash = 0, issuer = 0, lastupdate = 0, nextupdate = 0, noout =
-        0, text = 0;
+	int informat,outformat, keyformat;
+	char *infile=NULL,*outfile=NULL, *crldiff = NULL, *keyfile = NULL;
+	int hash=0,issuer=0,lastupdate=0,nextupdate=0,noout=0,text=0;
 #ifndef OPENSSL_NO_MD5
       int hash_old=0;
 #endif
@ -135,7 +133,8 @@ int MAIN(int argc, char **argv)
 		goto end;

 	if (bio_out == NULL)
-        if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
+		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
+			{
 			BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
@ -147,47 +146,68 @@ int MAIN(int argc, char **argv)

 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
+	keyformat=FORMAT_PEM;

 	argc--;
 	argv++;
 	num=0;
-    while (argc >= 1) {
+	while (argc >= 1)
+		{
 #ifdef undef
-        if (strcmp(*argv, "-p") == 0) {
-            if (--argc < 1)
-                goto bad;
-            if (!args_from_file(++argv, Nargc, Nargv)) {
-                goto end;
+		if	(strcmp(*argv,"-p") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!args_from_file(++argv,Nargc,Nargv)) { goto end; }*/
 			}
-        */}
 #endif
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-gendelta") == 0)
+			{
+			if (--argc < 1) goto bad;
+			crldiff= *(++argv);
+			}
+		else if (strcmp(*argv,"-key") == 0)
+			{
+			if (--argc < 1) goto bad;
+			keyfile= *(++argv);
+			}
+		else if (strcmp(*argv,"-keyform") == 0)
+			{
+			if (--argc < 1) goto bad;
+			keyformat=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-CApath") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-CApath") == 0)
+			{
+			if (--argc < 1) goto bad;
 			CApath = *(++argv);
 			do_ver = 1;
-        } else if (strcmp(*argv, "-CAfile") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-CAfile") == 0)
+			{
+			if (--argc < 1) goto bad;
 			CAfile = *(++argv);
 			do_ver = 1;
-        } else if (strcmp(*argv, "-verify") == 0)
+			}
+		else if (strcmp(*argv,"-verify") == 0)
 			do_ver = 1;
 		else if (strcmp(*argv,"-text") == 0)
 			text = 1;
@ -197,12 +217,12 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-hash_old") == 0)
 			hash_old= ++num;
 #endif
-        else if (strcmp(*argv, "-nameopt") == 0) {
-            if (--argc < 1)
-                goto bad;
-            if (!set_name_ex(&nmflag, *(++argv)))
-                goto bad;
-        } else if (strcmp(*argv, "-issuer") == 0)
+		else if (strcmp(*argv,"-nameopt") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if (!set_name_ex(&nmflag, *(++argv))) goto bad;
+			}
+		else if (strcmp(*argv,"-issuer") == 0)
 			issuer= ++num;
 		else if (strcmp(*argv,"-lastupdate") == 0)
 			lastupdate= ++num;
@ -214,10 +234,15 @@ int MAIN(int argc, char **argv)
 			fingerprint= ++num;
 		else if (strcmp(*argv,"-crlnumber") == 0)
 			crlnumber= ++num;
-        else if ((md_alg = EVP_get_digestbyname(*argv + 1))) {
+		else if (strcmp(*argv,"-badsig") == 0)
+			badsig = 1;
+		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
+			{
 			/* ok */
 			digest=md_alg;
-        } else {
+			}
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -226,7 +251,8 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		for (pp=crl_usage; (*pp != NULL); pp++)
 			BIO_printf(bio_err,"%s",*pp);
@ -235,105 +261,151 @@ int MAIN(int argc, char **argv)

 	ERR_load_crypto_strings();
 	x=load_crl(infile,informat);
-    if (x == NULL) {
-        goto end;
-    }
+	if (x == NULL) { goto end; }

 	if(do_ver) {
 		store = X509_STORE_new();
 		lookup=X509_STORE_add_lookup(store,X509_LOOKUP_file());
-        if (lookup == NULL)
-            goto end;
+		if (lookup == NULL) goto end;
 		if (!X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM))
 			X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
 			
 		lookup=X509_STORE_add_lookup(store,X509_LOOKUP_hash_dir());
-        if (lookup == NULL)
-            goto end;
+		if (lookup == NULL) goto end;
 		if (!X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM))
 			X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);
 		ERR_clear_error();

 		if(!X509_STORE_CTX_init(&ctx, store, NULL, NULL)) {
-            BIO_printf(bio_err, "Error initialising X509 store\n");
+			BIO_printf(bio_err,
+				"Error initialising X509 store\n");
 			goto end;
 		}

 		i = X509_STORE_get_by_subject(&ctx, X509_LU_X509, 
 					X509_CRL_get_issuer(x), &xobj);
 		if(i <= 0) {
-            BIO_printf(bio_err, "Error getting CRL issuer certificate\n");
+			BIO_printf(bio_err,
+				"Error getting CRL issuer certificate\n");
 			goto end;
 		}
 		pkey = X509_get_pubkey(xobj.data.x509);
 		X509_OBJECT_free_contents(&xobj);
 		if(!pkey) {
-            BIO_printf(bio_err, "Error getting CRL issuer public key\n");
+			BIO_printf(bio_err,
+				"Error getting CRL issuer public key\n");
 			goto end;
 		}
 		i = X509_CRL_verify(x, pkey);
 		EVP_PKEY_free(pkey);
-        if (i < 0)
-            goto end;
-        if (i == 0)
-            BIO_printf(bio_err, "verify failure\n");
-        else
-            BIO_printf(bio_err, "verify OK\n");
+		if(i < 0) goto end;
+		if(i == 0) BIO_printf(bio_err, "verify failure\n");
+		else BIO_printf(bio_err, "verify OK\n");
 	}

-    if (num) {
-        for (i = 1; i <= num; i++) {
-            if (issuer == i) {
-                print_name(bio_out, "issuer=", X509_CRL_get_issuer(x),
-                           nmflag);
+	if (crldiff)
+		{
+		X509_CRL *newcrl, *delta;
+		if (!keyfile)
+			{
+			BIO_puts(bio_err, "Missing CRL signing key\n");
+			goto end;
 			}
-            if (crlnumber == i) {
+		newcrl = load_crl(crldiff,informat);
+		if (!newcrl)
+			goto end;
+		pkey = load_key(bio_err, keyfile, keyformat, 0, NULL, NULL,
+					"CRL signing key");
+		if (!pkey)
+			{
+			X509_CRL_free(newcrl);
+			goto end;
+			}	
+		delta = X509_CRL_diff(x, newcrl, pkey, digest, 0);
+		X509_CRL_free(newcrl);
+		EVP_PKEY_free(pkey);
+		if (delta)
+			{
+			X509_CRL_free(x);
+			x = delta;
+			}
+		else
+			{
+			BIO_puts(bio_err, "Error creating delta CRL\n");
+			goto end;
+			}
+		}
+
+	if (num)
+		{
+		for (i=1; i<=num; i++)
+			{
+			if (issuer == i)
+				{
+				print_name(bio_out, "issuer=", X509_CRL_get_issuer(x), nmflag);
+				}
+			if (crlnumber == i)
+				{
 				ASN1_INTEGER *crlnum;
-                crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number, NULL, NULL);
+				crlnum = X509_CRL_get_ext_d2i(x, NID_crl_number,
+							      NULL, NULL);
 				BIO_printf(bio_out,"crlNumber=");
-                if (crlnum) {
+				if (crlnum)
+					{
 					i2a_ASN1_INTEGER(bio_out, crlnum);
 					ASN1_INTEGER_free(crlnum);
-                } else
+					}
+				else
 					BIO_puts(bio_out, "<NONE>");
 				BIO_printf(bio_out,"\n");
 				}
-            if (hash == i) {
+			if (hash == i)
+				{
 				BIO_printf(bio_out,"%08lx\n",
 					X509_NAME_hash(X509_CRL_get_issuer(x)));
 				}
 #ifndef OPENSSL_NO_MD5
-            if (hash_old == i) {
+			if (hash_old == i)
+				{
 				BIO_printf(bio_out,"%08lx\n",
-                           X509_NAME_hash_old(X509_CRL_get_issuer(x)));
+					X509_NAME_hash_old(
+						X509_CRL_get_issuer(x)));
 				}
 #endif
-            if (lastupdate == i) {
+			if (lastupdate == i)
+				{
 				BIO_printf(bio_out,"lastUpdate=");
-                ASN1_TIME_print(bio_out, X509_CRL_get_lastUpdate(x));
+				ASN1_TIME_print(bio_out,
+						X509_CRL_get_lastUpdate(x));
 				BIO_printf(bio_out,"\n");
 				}
-            if (nextupdate == i) {
+			if (nextupdate == i)
+				{
 				BIO_printf(bio_out,"nextUpdate=");
 				if (X509_CRL_get_nextUpdate(x)) 
-                    ASN1_TIME_print(bio_out, X509_CRL_get_nextUpdate(x));
+					ASN1_TIME_print(bio_out,
+						X509_CRL_get_nextUpdate(x));
 				else
 					BIO_printf(bio_out,"NONE");
 				BIO_printf(bio_out,"\n");
 				}
-            if (fingerprint == i) {
+			if (fingerprint == i)
+				{
 				int j;
 				unsigned int n;
 				unsigned char md[EVP_MAX_MD_SIZE];

-                if (!X509_CRL_digest(x, digest, md, &n)) {
+				if (!X509_CRL_digest(x,digest,md,&n))
+					{
 					BIO_printf(bio_err,"out of memory\n");
 					goto end;
 					}
 				BIO_printf(bio_out,"%s Fingerprint=",
 						OBJ_nid2sn(EVP_MD_type(digest)));
-                for (j = 0; j < (int)n; j++) {
-                    BIO_printf(bio_out, "%02X%c", md[j], (j + 1 == (int)n)
+				for (j=0; j<(int)n; j++)
+					{
+					BIO_printf(bio_out,"%02X%c",md[j],
+						(j+1 == (int)n)
 						?'\n':':');
 					}
 				}
@ -341,12 +413,14 @@ int MAIN(int argc, char **argv)
 		}

 	out=BIO_new(BIO_s_file());
-    if (out == NULL) {
+	if (out == NULL)
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -354,35 +428,41 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
 		}

-    if (text)
-        X509_CRL_print(out, x);
+	if (text) X509_CRL_print(out, x);

-    if (noout) {
+	if (noout) 
+		{
 		ret = 0;
 		goto end;
 		}

+	if (badsig)
+		x->signature->data[x->signature->length - 1] ^= 0x1;
+
 	if 	(outformat == FORMAT_ASN1)
 		i=(int)i2d_X509_CRL_bio(out,x);
 	else if (outformat == FORMAT_PEM)
 		i=PEM_write_bio_X509_CRL(out,x);
-    else {
+	else	
+		{
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
-    if (!i) {
-        BIO_printf(bio_err, "unable to write CRL\n");
-        goto end;
-    }
+	if (!i) { BIO_printf(bio_err,"unable to write CRL\n"); goto end; }
 	ret=0;
 end:
+	if (ret != 0)
+		ERR_print_errors(bio_err);
 	BIO_free_all(out);
 	BIO_free_all(bio_out);
 	bio_out=NULL;
@ -394,41 +474,3 @@ int MAIN(int argc, char **argv)
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
-
-static X509_CRL *load_crl(char *infile, int format)
-{
-    X509_CRL *x = NULL;
-    BIO *in = NULL;
-
-    in = BIO_new(BIO_s_file());
-    if (in == NULL) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
-    if (infile == NULL)
-        BIO_set_fp(in, stdin, BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
-            perror(infile);
-            goto end;
-        }
-    }
-    if (format == FORMAT_ASN1)
-        x = d2i_X509_CRL_bio(in, NULL);
-    else if (format == FORMAT_PEM)
-        x = PEM_read_bio_X509_CRL(in, NULL, NULL, NULL);
-    else {
-        BIO_printf(bio_err, "bad input format specified for input crl\n");
-        goto end;
-    }
-    if (x == NULL) {
-        BIO_printf(bio_err, "unable to load CRL\n");
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
- end:
-    BIO_free(in);
-    return (x);
-}
--- a/apps/crl2p7.c
+++ b/apps/crl2p7.c
@ -56,11 +56,9 @@
 * [including the GNU Public Licence.]
 */

-/*
- * This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu> and
- * donated 'to the cause' along with lots and lots of other fixes to the
- * library.
- */
+/* This was written by Gordon Chaffee <chaffee@plateau.cs.berkeley.edu>
+ * and donated 'to the cause' along with lots and lots of other fixes to
+ * the library. */

 #include <stdio.h>
 #include <string.h>
@ -77,8 +75,7 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile);
 #undef PROG
 #define PROG	crl2pkcs7_main

-/*-
- * -inform arg  - input format - default PEM (DER or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@ -114,37 +111,46 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-nocrl") == 0) {
+			}
+		else if (strcmp(*argv,"-nocrl") == 0)
+			{
 			nocrl=1;
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-certfile") == 0) {
-            if (--argc < 1)
-                goto bad;
-            if (!certflst)
-                certflst = sk_OPENSSL_STRING_new_null();
+			}
+		else if (strcmp(*argv,"-certfile") == 0)
+			{
+			if (--argc < 1) goto bad;
+			if(!certflst) certflst = sk_OPENSSL_STRING_new_null();
 			if (!certflst)
 				goto end;
-            if (!sk_OPENSSL_STRING_push(certflst, *(++argv))) {
+			if (!sk_OPENSSL_STRING_push(certflst,*(++argv)))
+				{
 				sk_OPENSSL_STRING_free(certflst);
 				goto end;
 				}
-        } else {
+			}
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -153,7 +159,8 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
@ -161,11 +168,9 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err," -outform arg   output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
-        BIO_printf(bio_err,
-                   " -certfile arg  certificates file of chain to a trusted CA\n");
+		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
 		BIO_printf(bio_err,"                (can be used more than once)\n");
-        BIO_printf(bio_err,
-                   " -nocrl         no crl to load, just certs from '-certfile'\n");
+		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
 		ret = 1;
 		goto end;
 		}
@ -174,16 +179,20 @@ int MAIN(int argc, char **argv)

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (!nocrl) {
+	if (!nocrl)
+		{
 		if (infile == NULL)
 			BIO_set_fp(in,stdin,BIO_NOCLOSE);
-        else {
-            if (BIO_read_filename(in, infile) <= 0) {
+		else
+			{
+			if (BIO_read_filename(in,infile) <= 0)
+				{
 				perror(infile);
 				goto end;
 				}
@ -197,39 +206,36 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"bad input format specified for input crl\n");
 			goto end;
 			}
-        if (crl == NULL) {
+		if (crl == NULL)
+			{
 			BIO_printf(bio_err,"unable to load CRL\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 	
-    if ((p7 = PKCS7_new()) == NULL)
-        goto end;
-    if ((p7s = PKCS7_SIGNED_new()) == NULL)
-        goto end;
+	if ((p7=PKCS7_new()) == NULL) goto end;
+	if ((p7s=PKCS7_SIGNED_new()) == NULL) goto end;
 	p7->type=OBJ_nid2obj(NID_pkcs7_signed);
 	p7->d.sign=p7s;
 	p7s->contents->type=OBJ_nid2obj(NID_pkcs7_data);

-    if (!ASN1_INTEGER_set(p7s->version, 1))
-        goto end;
-    if ((crl_stack = sk_X509_CRL_new_null()) == NULL)
-        goto end;
+	if (!ASN1_INTEGER_set(p7s->version,1)) goto end;
+	if ((crl_stack=sk_X509_CRL_new_null()) == NULL) goto end;
 	p7s->crl=crl_stack;
-    if (crl != NULL) {
+	if (crl != NULL)
+		{
 		sk_X509_CRL_push(crl_stack,crl);
 		crl=NULL; /* now part of p7 for OPENSSL_freeing */
 		}

-    if ((cert_stack = sk_X509_new_null()) == NULL)
-        goto end;
+	if ((cert_stack=sk_X509_new_null()) == NULL) goto end;
 	p7s->cert=cert_stack;

-    if (certflst)
-        for (i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
+	if(certflst) for(i = 0; i < sk_OPENSSL_STRING_num(certflst); i++) {
 		certfile = sk_OPENSSL_STRING_value(certflst, i);
-            if (add_certs_from_file(cert_stack, certfile) < 0) {
+		if (add_certs_from_file(cert_stack,certfile) < 0)
+			{
 			BIO_printf(bio_err, "error loading certificates\n");
 			ERR_print_errors(bio_err);
 			goto end;
@ -238,7 +244,8 @@ int MAIN(int argc, char **argv)

 	sk_OPENSSL_STRING_free(certflst);

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -246,8 +253,11 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
@ -261,27 +271,24 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
-    if (!i) {
+	if (!i)
+		{
 		BIO_printf(bio_err,"unable to write pkcs7 object\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	ret=0;
 end:
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (p7 != NULL)
-        PKCS7_free(p7);
-    if (crl != NULL)
-        X509_CRL_free(crl);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
+	if (p7 != NULL) PKCS7_free(p7);
+	if (crl != NULL) X509_CRL_free(crl);

 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}

-/*-
+/*
 *----------------------------------------------------------------------
 * int add_certs_from_file
 *
@ -300,7 +307,8 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
 	X509_INFO *xi;

 	in=BIO_new(BIO_s_file());
-    if ((in == NULL) || (BIO_read_filename(in, certfile) <= 0)) {
+	if ((in == NULL) || (BIO_read_filename(in,certfile) <= 0))
+		{
 		BIO_printf(bio_err,"error opening the file, %s\n",certfile);
 		goto end;
 		}
@ -313,9 +321,11 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
 	}

 	/* scan over it and pull out the CRL's */
-    while (sk_X509_INFO_num(sk)) {
+	while (sk_X509_INFO_num(sk))
+		{
 		xi=sk_X509_INFO_shift(sk);
-        if (xi->x509 != NULL) {
+		if (xi->x509 != NULL)
+			{
 			sk_X509_push(stack,xi->x509);
 			xi->x509=NULL;
 			count++;
@ -326,9 +336,8 @@ static int add_certs_from_file(STACK_OF(X509) *stack, char *certfile)
 	ret=count;
 end:
 	/* never need to OPENSSL_free x */
-    if (in != NULL)
-        BIO_free(in);
-    if (sk != NULL)
-        sk_X509_INFO_free(sk);
+	if (in != NULL) BIO_free(in);
+	if (sk != NULL) sk_X509_INFO_free(sk);
 	return(ret);
 	}
+
--- a/apps/dgst.c
+++ b/apps/dgst.c
@ -103,7 +103,7 @@ int MAIN(int, char **);

 int MAIN(int argc, char **argv)
 	{
-    ENGINE *e = NULL;
+	ENGINE *e = NULL, *impl = NULL;
 	unsigned char *buf=NULL;
 	int i,err=1;
 	const EVP_MD *md=NULL,*m;
@ -124,6 +124,7 @@ int MAIN(int argc, char **argv)
 	char *passargin = NULL, *passin = NULL;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
+	int engine_impl = 0;
 #endif
 	char *hmac_key=NULL;
 	char *mac_name=NULL;
@ -132,7 +133,8 @@ int MAIN(int argc, char **argv)

 	apps_startup();

-    if ((buf = (unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL) {
+	if ((buf=(unsigned char *)OPENSSL_malloc(BUFSIZE)) == NULL)
+		{
 		BIO_printf(bio_err,"out of memory\n");
 		goto end;
 		}
@ -150,56 +152,66 @@ int MAIN(int argc, char **argv)

 	argc--;
 	argv++;
-    while (argc > 0) {
-        if ((*argv)[0] != '-')
-            break;
+	while (argc > 0)
+		{
+		if ((*argv)[0] != '-') break;
 		if (strcmp(*argv,"-c") == 0)
 			separator=1;
 		else if (strcmp(*argv,"-r") == 0)
 			separator=2;
-        else if (strcmp(*argv, "-rand") == 0) {
-            if (--argc < 1)
-                break;
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) break;
 			randfile=*(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                break;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) break;
 			outfile=*(++argv);
-        } else if (strcmp(*argv, "-sign") == 0) {
-            if (--argc < 1)
-                break;
+			}
+		else if (strcmp(*argv,"-sign") == 0)
+			{
+			if (--argc < 1) break;
 			keyfile=*(++argv);
-        } else if (!strcmp(*argv, "-passin")) {
+			}
+		else if (!strcmp(*argv,"-passin"))
+			{
 			if (--argc < 1)
 				break;
 			passargin=*++argv;
-        } else if (strcmp(*argv, "-verify") == 0) {
-            if (--argc < 1)
-                break;
+			}
+		else if (strcmp(*argv,"-verify") == 0)
+			{
+			if (--argc < 1) break;
 			keyfile=*(++argv);
 			want_pub = 1;
 			do_verify = 1;
-        } else if (strcmp(*argv, "-prverify") == 0) {
-            if (--argc < 1)
-                break;
+			}
+		else if (strcmp(*argv,"-prverify") == 0)
+			{
+			if (--argc < 1) break;
 			keyfile=*(++argv);
 			do_verify = 1;
-        } else if (strcmp(*argv, "-signature") == 0) {
-            if (--argc < 1)
-                break;
+			}
+		else if (strcmp(*argv,"-signature") == 0)
+			{
+			if (--argc < 1) break;
 			sigfile=*(++argv);
-        } else if (strcmp(*argv, "-keyform") == 0) {
-            if (--argc < 1)
-                break;
+			}
+		else if (strcmp(*argv,"-keyform") == 0)
+			{
+			if (--argc < 1) break;
 			keyform=str2fmt(*(++argv));
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                break;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) break;
 			engine= *(++argv);
        		e = setup_engine(bio_err, engine, 0);
 			}
+		else if (strcmp(*argv,"-engine_impl") == 0)
+			engine_impl = 1;
 #endif
 		else if (strcmp(*argv,"-hex") == 0)
 			out_bin = 0;
@ -211,29 +223,37 @@ int MAIN(int argc, char **argv)
 			hmac_key = "etaonrishdlcupfm";
 		else if (strcmp(*argv,"-non-fips-allow") == 0)
 			non_fips_allow=1;
-        else if (!strcmp(*argv, "-hmac")) {
+		else if (!strcmp(*argv,"-hmac"))
+			{
 			if (--argc < 1)
 				break;
 			hmac_key=*++argv;
-        } else if (!strcmp(*argv, "-mac")) {
+			}
+		else if (!strcmp(*argv,"-mac"))
+			{
 			if (--argc < 1)
 				break;
 			mac_name=*++argv;
-        } else if (strcmp(*argv, "-sigopt") == 0) {
+			}
+		else if (strcmp(*argv,"-sigopt") == 0)
+			{
 			if (--argc < 1)
 				break;
 			if (!sigopts)
 				sigopts = sk_OPENSSL_STRING_new_null();
 			if (!sigopts || !sk_OPENSSL_STRING_push(sigopts, *(++argv)))
 				break;
-        } else if (strcmp(*argv, "-macopt") == 0) {
+			}
+		else if (strcmp(*argv,"-macopt") == 0)
+			{
 			if (--argc < 1)
 				break;
 			if (!macopts)
 				macopts = sk_OPENSSL_STRING_new_null();
 			if (!macopts || !sk_OPENSSL_STRING_push(macopts, *(++argv)))
 				break;
-        } else if ((m = EVP_get_digestbyname(&((*argv)[1]))) != NULL)
+			}
+		else if ((m=EVP_get_digestbyname(&((*argv)[1]))) != NULL)
 			md=m;
 		else
 			break;
@ -241,68 +261,65 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

+
 	if(do_verify && !sigfile) {
-        BIO_printf(bio_err,
-                   "No signature to verify: use the -signature option\n");
+		BIO_printf(bio_err, "No signature to verify: use the -signature option\n");
 		goto end;
 	}

-    if ((argc > 0) && (argv[0][0] == '-')) { /* bad option */
+	if ((argc > 0) && (argv[0][0] == '-')) /* bad option */
+		{
 		BIO_printf(bio_err,"unknown option '%s'\n",*argv);
 		BIO_printf(bio_err,"options are\n");
-        BIO_printf(bio_err,
-                   "-c              to output the digest with separating colons\n");
-        BIO_printf(bio_err,
-                   "-r              to output the digest in coreutils format\n");
+		BIO_printf(bio_err,"-c              to output the digest with separating colons\n");
+		BIO_printf(bio_err,"-r              to output the digest in coreutils format\n");
 		BIO_printf(bio_err,"-d              to output debug info\n");
 		BIO_printf(bio_err,"-hex            output as hex dump\n");
 		BIO_printf(bio_err,"-binary         output in binary form\n");
-        BIO_printf(bio_err, "-hmac arg       set the HMAC key to arg\n");
-        BIO_printf(bio_err, "-non-fips-allow allow use of non FIPS digest\n");
-        BIO_printf(bio_err,
-                   "-sign   file    sign digest using private key in file\n");
-        BIO_printf(bio_err,
-                   "-verify file    verify a signature using public key in file\n");
-        BIO_printf(bio_err,
-                   "-prverify file  verify a signature using private key in file\n");
-        BIO_printf(bio_err,
-                   "-keyform arg    key file format (PEM or ENGINE)\n");
-        BIO_printf(bio_err,
-                   "-out filename   output to filename rather than stdout\n");
+		BIO_printf(bio_err,"-sign   file    sign digest using private key in file\n");
+		BIO_printf(bio_err,"-verify file    verify a signature using public key in file\n");
+		BIO_printf(bio_err,"-prverify file  verify a signature using private key in file\n");
+		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
+		BIO_printf(bio_err,"-out filename   output to filename rather than stdout\n");
 		BIO_printf(bio_err,"-signature file signature to verify\n");
 		BIO_printf(bio_err,"-sigopt nm:v    signature parameter\n");
 		BIO_printf(bio_err,"-hmac key       create hashed MAC with key\n");
-        BIO_printf(bio_err,
-                   "-mac algorithm  create MAC (not neccessarily HMAC)\n");
-        BIO_printf(bio_err,
-                   "-macopt nm:v    MAC algorithm parameters or key\n");
+		BIO_printf(bio_err,"-mac algorithm  create MAC (not neccessarily HMAC)\n"); 
+		BIO_printf(bio_err,"-macopt nm:v    MAC algorithm parameters or key\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   "-engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
 #endif

 		EVP_MD_do_all_sorted(list_md_fn, bio_err);
 		goto end;
 		}

+#ifndef OPENSSL_NO_ENGINE
+	if (engine_impl)
+		impl = e;
+#endif
+
 	in=BIO_new(BIO_s_file());
 	bmd=BIO_new(BIO_f_md());
-    if ((in == NULL) || (bmd == NULL)) {
-        ERR_print_errors(bio_err);
-        goto end;
-    }
-
-    if (debug) {
+	if (debug)
+		{
 		BIO_set_callback(in,BIO_debug_callback);
 		/* needed for windows 3.1 */
 		BIO_set_callback_arg(in,(char *)bio_err);
 		}

-    if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+		{
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 		}

+	if ((in == NULL) || (bmd == NULL))
+		{
+		ERR_print_errors(bio_err);
+		goto end;
+		}
+
 	if(out_bin == -1) {
 		if(keyfile)
 			out_bin = 1;
@ -316,8 +333,7 @@ int MAIN(int argc, char **argv)
 	if(outfile) {
 		if(out_bin)
 			out = BIO_new_file(outfile, "wb");
-        else
-            out = BIO_new_file(outfile, "w");
+		else    out = BIO_new_file(outfile, "w");
 	} else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
@ -334,44 +350,52 @@ int MAIN(int argc, char **argv)
 		ERR_print_errors(bio_err);
 		goto end;
 	}
-    if ((! !mac_name + ! !keyfile + ! !hmac_key) > 1) {
+	if ((!!mac_name + !!keyfile + !!hmac_key) > 1)
+		{
 		BIO_printf(bio_err, "MAC and Signing key cannot both be specified\n");
 		goto end;
 		}

-    if (keyfile) {
+	if(keyfile)
+		{
 		if (want_pub)
 			sigkey = load_pubkey(bio_err, keyfile, keyform, 0, NULL,
 				e, "key file");
 		else
 			sigkey = load_key(bio_err, keyfile, keyform, 0, passin,
 				e, "key file");
-        if (!sigkey) {
-            /*
-             * load_[pub]key() has already printed an appropriate message
-             */
+		if (!sigkey)
+			{
+			/* load_[pub]key() has already printed an appropriate
+			   message */
 			goto end;
 			}
 		}

-    if (mac_name) {
+	if (mac_name)
+		{
 		EVP_PKEY_CTX *mac_ctx = NULL;
 		int r = 0;
-        if (!init_gen_str(bio_err, &mac_ctx, mac_name, e, 0))
+		if (!init_gen_str(bio_err, &mac_ctx, mac_name, impl, 0))
 			goto mac_end;
-        if (macopts) {
+		if (macopts)
+			{
 			char *macopt;
-            for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++) {
+			for (i = 0; i < sk_OPENSSL_STRING_num(macopts); i++)
+				{
 				macopt = sk_OPENSSL_STRING_value(macopts, i);
-                if (pkey_ctrl_string(mac_ctx, macopt) <= 0) {
+				if (pkey_ctrl_string(mac_ctx, macopt) <= 0)
+					{
 					BIO_printf(bio_err,
-                               "MAC parameter error \"%s\"\n", macopt);
+						"MAC parameter error \"%s\"\n",
+						macopt);
 					ERR_print_errors(bio_err);
 					goto mac_end;
 					}
 				}
 			}
-        if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0) {
+		if (EVP_PKEY_keygen(mac_ctx, &sigkey) <= 0)
+			{
 			BIO_puts(bio_err, "Error generating key\n");
 			ERR_print_errors(bio_err);
 			goto mac_end;
@ -384,43 +408,53 @@ int MAIN(int argc, char **argv)
 			goto end;
 		}

-    if (non_fips_allow) {
+	if (non_fips_allow)
+		{
 		EVP_MD_CTX *md_ctx;
 		BIO_get_md_ctx(bmd,&md_ctx);
 		EVP_MD_CTX_set_flags(md_ctx, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
 		}

-    if (hmac_key) {
-        sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
+	if (hmac_key)
+		{
+		sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, impl,
 					(unsigned char *)hmac_key, -1);
 		if (!sigkey)
 			goto end;
 		}

-    if (sigkey) {
+	if (sigkey)
+		{
 		EVP_MD_CTX *mctx = NULL;
 		EVP_PKEY_CTX *pctx = NULL;
 		int r;
-        if (!BIO_get_md_ctx(bmd, &mctx)) {
+		if (!BIO_get_md_ctx(bmd, &mctx))
+			{
 			BIO_printf(bio_err, "Error getting context\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (do_verify)
-            r = EVP_DigestVerifyInit(mctx, &pctx, md, NULL, sigkey);
+			r = EVP_DigestVerifyInit(mctx, &pctx, md, impl, sigkey);
 		else
-            r = EVP_DigestSignInit(mctx, &pctx, md, NULL, sigkey);
-        if (!r) {
+			r = EVP_DigestSignInit(mctx, &pctx, md, impl, sigkey);
+		if (!r)
+			{
 			BIO_printf(bio_err, "Error setting context\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
-        if (sigopts) {
+		if (sigopts)
+			{
 			char *sigopt;
-            for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
+			for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++)
+				{
 				sigopt = sk_OPENSSL_STRING_value(sigopts, i);
-                if (pkey_ctrl_string(pctx, sigopt) <= 0) {
-                    BIO_printf(bio_err, "parameter error \"%s\"\n", sigopt);
+				if (pkey_ctrl_string(pctx, sigopt) <= 0)
+					{
+					BIO_printf(bio_err,
+						"parameter error \"%s\"\n",
+						sigopt);
 					ERR_print_errors(bio_err);
 					goto end;
 					}
@ -428,10 +462,19 @@ int MAIN(int argc, char **argv)
 			}
 		}
 	/* we use md as a filter, reading from 'in' */
-    else {
+	else
+		{
+		EVP_MD_CTX *mctx = NULL;
+		if (!BIO_get_md_ctx(bmd, &mctx))
+			{
+			BIO_printf(bio_err, "Error getting context\n");
+			ERR_print_errors(bio_err);
+			goto end;
+			}
 		if (md == NULL)
 			md = EVP_md5(); 
-        if (!BIO_set_md(bmd, md)) {
+		if (!EVP_DigestInit_ex(mctx, md, impl))
+			{
 			BIO_printf(bio_err, "Error setting digest %s\n", pname);
 			ERR_print_errors(bio_err);
 			goto end;
@ -444,55 +487,62 @@ int MAIN(int argc, char **argv)
 		siglen = EVP_PKEY_size(sigkey);
 		sigbuf = OPENSSL_malloc(siglen);
 		if(!sigbio) {
-            BIO_printf(bio_err, "Error opening signature file %s\n", sigfile);
-            ERR_print_errors(bio_err);
-            goto end;
-        }
-        if (!sigbuf) {
-            BIO_printf(bio_err, "Out of memory\n");
+			BIO_printf(bio_err, "Error opening signature file %s\n",
+								sigfile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
 		siglen = BIO_read(sigbio, sigbuf, siglen);
 		BIO_free(sigbio);
 		if(siglen <= 0) {
-            BIO_printf(bio_err, "Error reading signature file %s\n", sigfile);
+			BIO_printf(bio_err, "Error reading signature file %s\n",
+								sigfile);
 			ERR_print_errors(bio_err);
 			goto end;
 		}
 	}
 	inp=BIO_push(bmd,in);

-    if (md == NULL) {
+	if (md == NULL)
+		{
 		EVP_MD_CTX *tctx;
 		BIO_get_md_ctx(bmd, &tctx);
 		md = EVP_MD_CTX_md(tctx);
 		}

-    if (argc == 0) {
+	if (argc == 0)
+		{
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
 		err=do_fp(out, buf,inp,separator, out_bin, sigkey, sigbuf,
 			  siglen,NULL,NULL,"stdin",bmd);
-    } else {
+		}
+	else
+		{
 		const char *md_name = NULL, *sig_name = NULL;
-        if (!out_bin) {
-            if (sigkey) {
+		if(!out_bin)
+			{
+			if (sigkey)
+				{
 				const EVP_PKEY_ASN1_METHOD *ameth;
 				ameth = EVP_PKEY_get0_asn1(sigkey);
 				if (ameth)
 					EVP_PKEY_asn1_get0_info(NULL, NULL,
 						NULL, NULL, &sig_name, ameth);
 				}
+			if (md)
 				md_name = EVP_MD_name(md);
 			}
 		err = 0;
-        for (i = 0; i < argc; i++) {
+		for (i=0; i<argc; i++)
+			{
 			int r;
-            if (BIO_read_filename(in, argv[i]) <= 0) {
+			if (BIO_read_filename(in,argv[i]) <= 0)
+				{
 				perror(argv[i]);
 				err++;
 				continue;
-            } else
+				}
+			else
 			r=do_fp(out,buf,inp,separator,out_bin,sigkey,sigbuf,
 				siglen,sig_name,md_name, argv[i],bmd);
 			if(r)
@ -501,12 +551,12 @@ int MAIN(int argc, char **argv)
 			}
 		}
 end:
-    if (buf != NULL) {
+	if (buf != NULL)
+		{
 		OPENSSL_cleanse(buf,BUFSIZE);
 		OPENSSL_free(buf);
 		}
-    if (in != NULL)
-        BIO_free(in);
+	if (in != NULL) BIO_free(in);
 	if (passin)
 		OPENSSL_free(passin);
 	BIO_free_all(out);
@ -515,10 +565,8 @@ int MAIN(int argc, char **argv)
 		sk_OPENSSL_STRING_free(sigopts);
 	if (macopts)
 		sk_OPENSSL_STRING_free(macopts);
-    if (sigbuf)
-        OPENSSL_free(sigbuf);
-    if (bmd != NULL)
-        BIO_free(bmd);
+	if(sigbuf) OPENSSL_free(sigbuf);
+	if (bmd != NULL) BIO_free(bmd);
 	apps_shutdown();
 	OPENSSL_EXIT(err);
 	}
@ -531,63 +579,81 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 	size_t len;
 	int i;

-    for (;;) {
+	for (;;)
+		{
 		i=BIO_read(bp,(char *)buf,BUFSIZE);
-        if (i < 0) {
+		if(i < 0)
+			{
 			BIO_printf(bio_err, "Read Error in %s\n",file);
 			ERR_print_errors(bio_err);
 			return 1;
 			}
-        if (i == 0)
-            break;
+		if (i == 0) break;
 		}
-    if (sigin) {
+	if(sigin)
+		{
 		EVP_MD_CTX *ctx;
 		BIO_get_md_ctx(bp, &ctx);
 		i = EVP_DigestVerifyFinal(ctx, sigin, (unsigned int)siglen); 
 		if(i > 0)
 			BIO_printf(out, "Verified OK\n");
-        else if (i == 0) {
+		else if(i == 0)
+			{
 			BIO_printf(out, "Verification Failure\n");
 			return 1;
-        } else {
+			}
+		else
+			{
 			BIO_printf(bio_err, "Error Verifying Data\n");
 			ERR_print_errors(bio_err);
 			return 1;
 			}
 		return 0;
 		}
-    if (key) {
+	if(key)
+		{
 		EVP_MD_CTX *ctx;
 		BIO_get_md_ctx(bp, &ctx);
 		len = BUFSIZE;
-        if (!EVP_DigestSignFinal(ctx, buf, &len)) {
+		if(!EVP_DigestSignFinal(ctx, buf, &len)) 
+			{
 			BIO_printf(bio_err, "Error Signing Data\n");
 			ERR_print_errors(bio_err);
 			return 1;
 			}
-    } else {
+		}
+	else
+		{
 		len=BIO_gets(bp,(char *)buf,BUFSIZE);
-        if ((int)len < 0) {
+		if ((int)len <0)
+			{
 			ERR_print_errors(bio_err);
 			return 1;
 			}
 		}

-    if (binout)
-        BIO_write(out, buf, len);
-    else if (sep == 2) {
+	if(binout) BIO_write(out, buf, len);
+	else if (sep == 2)
+		{
 		for (i=0; i<(int)len; i++)
 			BIO_printf(out, "%02x",buf[i]);
 		BIO_printf(out, " *%s\n", file);
-    } else {
+		}
+	else 
+		{
 		if (sig_name)
-            BIO_printf(out, "%s-%s(%s)= ", sig_name, md_name, file);
+			{
+			BIO_puts(out, sig_name);
+			if (md_name)
+				BIO_printf(out, "-%s", md_name);
+			BIO_printf(out, "(%s)= ", file);
+			}
 		else if (md_name)
 			BIO_printf(out, "%s(%s)= ", md_name, file);
 		else
 			BIO_printf(out, "(%s)= ", file);
-        for (i = 0; i < (int)len; i++) {
+		for (i=0; i<(int)len; i++)
+			{
 			if (sep && (i != 0))
 				BIO_printf(out, ":");
 			BIO_printf(out, "%02x",buf[i]);
@ -596,3 +662,4 @@ int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
 		}
 	return 0;
 	}
+
--- a/apps/dh.c
+++ b/apps/dh.c
@ -74,8 +74,7 @@
 #undef PROG
 #define PROG	dh_main

-/*-
- * -inform arg  - input format - default PEM (DER or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@ -118,28 +117,32 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
@ -151,7 +154,8 @@ int MAIN(int argc, char **argv)
 			C=1;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
-        else {
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -160,23 +164,21 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
-        BIO_printf(bio_err,
-                   " -outform arg  output format - one of DER PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 		BIO_printf(bio_err," -check        check the DH parameters\n");
-        BIO_printf(bio_err,
-                   " -text         print a text form of the DH parameters\n");
+		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e     use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 #endif
 		goto end;
 		}
@ -189,20 +191,24 @@ int MAIN(int argc, char **argv)

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
 			perror(infile);
 			goto end;
 			}
 		}
-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -210,8 +216,11 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
@ -221,17 +230,22 @@ int MAIN(int argc, char **argv)
 		dh=d2i_DHparams_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
 		dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
-    else {
+	else
+		{
 		BIO_printf(bio_err,"bad input format specified\n");
 		goto end;
 		}
-    if (dh == NULL) {
+	if (dh == NULL)
+		{
 		BIO_printf(bio_err,"unable to load DH parameters\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (text) {
+	
+
+	if (text)
+		{
 		DHparams_print(out,dh);
 #ifdef undef
 		printf("p=");
@ -244,8 +258,10 @@ int MAIN(int argc, char **argv)
 #endif
 		}
 	
-    if (check) {
-        if (!DH_check(dh, &i)) {
+	if (check)
+		{
+		if (!DH_check(dh,&i))
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
@ -260,31 +276,33 @@ int MAIN(int argc, char **argv)
 		if (i == 0)
 			printf("DH parameters appear to be ok.\n");
 		}
-    if (C) {
+	if (C)
+		{
 		unsigned char *data;
 		int len,l,bits;

 		len=BN_num_bytes(dh->p);
 		bits=BN_num_bits(dh->p);
 		data=(unsigned char *)OPENSSL_malloc(len);
-        if (data == NULL) {
+		if (data == NULL)
+			{
 			perror("OPENSSL_malloc");
 			goto end;
 			}
 		l=BN_bn2bin(dh->p,data);
 		printf("static unsigned char dh%d_p[]={",bits);
-        for (i = 0; i < l; i++) {
-            if ((i % 12) == 0)
-                printf("\n\t");
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t};\n");

 		l=BN_bn2bin(dh->g,data);
 		printf("static unsigned char dh%d_g[]={",bits);
-        for (i = 0; i < l; i++) {
-            if ((i % 12) == 0)
-                printf("\n\t");
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t};\n\n");
@ -302,7 +320,9 @@ int MAIN(int argc, char **argv)
 		OPENSSL_free(data);
 		}

-    if (!noout) {
+
+	if (!noout)
+		{
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_DHparams_bio(out,dh);
 		else if (outformat == FORMAT_PEM)
@ -311,7 +331,8 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			goto end;
 			}
-        if (!i) {
+		if (!i)
+			{
 			BIO_printf(bio_err,"unable to write DH parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
@ -319,12 +340,9 @@ int MAIN(int argc, char **argv)
 		}
 	ret=0;
 end:
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (dh != NULL)
-        DH_free(dh);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
+	if (dh != NULL) DH_free(dh);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@ -130,10 +130,9 @@
 #undef PROG
 #define PROG	dhparam_main

-# define DEFBITS 2048
+#define DEFBITS	512

-/*-
- * -inform arg  - input format - default PEM (DER or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@ -181,28 +180,32 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
@ -222,47 +225,40 @@ int MAIN(int argc, char **argv)
 			g=2;
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
-        else if (strcmp(*argv, "-rand") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
 			inrand= *(++argv);
-        } else if (((sscanf(*argv, "%d", &num) == 0) || (num <= 0)))
+			}
+		else if (((sscanf(*argv,"%d",&num) == 0) || (num <= 0)))
 			goto bad;
 		argv++;
 		argc--;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] [numbits]\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg   input format - one of DER PEM\n");
-        BIO_printf(bio_err,
-                   " -outform arg  output format - one of DER PEM\n");
+		BIO_printf(bio_err," -outform arg  output format - one of DER PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
 #ifndef OPENSSL_NO_DSA
-        BIO_printf(bio_err,
-                   " -dsaparam     read or generate DSA parameters, convert to DH\n");
+		BIO_printf(bio_err," -dsaparam     read or generate DSA parameters, convert to DH\n");
 #endif
 		BIO_printf(bio_err," -check        check the DH parameters\n");
-        BIO_printf(bio_err,
-                   " -text         print a text form of the DH parameters\n");
+		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
 		BIO_printf(bio_err," -C            Output C code\n");
-        BIO_printf(bio_err,
-                   " -2            generate parameters using  2 as the generator value\n");
-        BIO_printf(bio_err,
-                   " -5            generate parameters using  5 as the generator value\n");
-        BIO_printf(bio_err,
-                   " numbits       number of bits in to generate (default 2048)\n");
+		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
+		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
+		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e     use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 #endif
-        BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-                   LIST_SEPARATOR_CHAR);
-        BIO_printf(bio_err,
-                   "               - load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"               the random number generator\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		goto end;
@ -278,13 +274,15 @@ int MAIN(int argc, char **argv)
 		num = DEFBITS;

 #ifndef OPENSSL_NO_DSA
-    if (dsaparam) {
-        if (g) {
-            BIO_printf(bio_err,
-                       "generator may not be chosen for DSA parameters\n");
+	if (dsaparam)
+		{
+		if (g)
+			{
+			BIO_printf(bio_err, "generator may not be chosen for DSA parameters\n");
 			goto end;
 			}
-    } else
+		}
+	else
 #endif
 		{
 		/* DH parameters */
@ -296,44 +294,44 @@ int MAIN(int argc, char **argv)

 		BN_GENCB cb;
 		BN_GENCB_set(&cb, dh_cb, bio_err);
-        if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
-            BIO_printf(bio_err,
-                       "warning, not much extra random data, consider using the -rand option\n");
+		if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+			{
+			BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 			}
 		if (inrand != NULL)
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));

 #ifndef OPENSSL_NO_DSA
-        if (dsaparam) {
+		if (dsaparam)
+			{
 			DSA *dsa = DSA_new();
 			
-            BIO_printf(bio_err,
-                       "Generating DSA parameters, %d bit long prime\n", num);
-            if (!dsa
-                || !DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL,
-                                               &cb)) {
-                if (dsa)
-                    DSA_free(dsa);
+			BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
+			if(!dsa || !DSA_generate_parameters_ex(dsa, num,
+						NULL, 0, NULL, NULL, &cb))
+				{
+				if(dsa) DSA_free(dsa);
 				ERR_print_errors(bio_err);
 				goto end;
 				}

 			dh = DSA_dup_DH(dsa);
 			DSA_free(dsa);
-            if (dh == NULL) {
+			if (dh == NULL)
+				{
 				ERR_print_errors(bio_err);
 				goto end;
 				}
-        } else
+			}
+		else
 #endif
 			{
 			dh = DH_new();
-            BIO_printf(bio_err,
-                       "Generating DH parameters, %d bit long safe prime, generator %d\n",
-                       num, g);
+			BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
 			BIO_printf(bio_err,"This is going to take a long time\n");
-            if (!dh || !DH_generate_parameters_ex(dh, num, g, &cb)) {
+			if(!dh || !DH_generate_parameters_ex(dh, num, g, &cb))
+				{
 				ERR_print_errors(bio_err);
 				goto end;
 				}
@ -343,25 +341,31 @@ int MAIN(int argc, char **argv)
 	} else {

 		in=BIO_new(BIO_s_file());
-        if (in == NULL) {
+		if (in == NULL)
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (infile == NULL)
 			BIO_set_fp(in,stdin,BIO_NOCLOSE);
-        else {
-            if (BIO_read_filename(in, infile) <= 0) {
+		else
+			{
+			if (BIO_read_filename(in,infile) <= 0)
+				{
 				perror(infile);
 				goto end;
 				}
 			}

-        if (informat != FORMAT_ASN1 && informat != FORMAT_PEM) {
+		if	(informat != FORMAT_ASN1 && informat != FORMAT_PEM)
+			{
 			BIO_printf(bio_err,"bad input format specified\n");
 			goto end;
 			}
+
 #ifndef OPENSSL_NO_DSA
-        if (dsaparam) {
+		if (dsaparam)
+			{
 			DSA *dsa;
 			
 			if (informat == FORMAT_ASN1)
@ -369,7 +373,8 @@ int MAIN(int argc, char **argv)
 			else /* informat == FORMAT_PEM */
 				dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
 			
-            if (dsa == NULL) {
+			if (dsa == NULL)
+				{
 				BIO_printf(bio_err,"unable to load DSA parameters\n");
 				ERR_print_errors(bio_err);
 				goto end;
@ -377,11 +382,13 @@ int MAIN(int argc, char **argv)
 			
 			dh = DSA_dup_DH(dsa);
 			DSA_free(dsa);
-            if (dh == NULL) {
+			if (dh == NULL)
+				{
 				ERR_print_errors(bio_err);
 				goto end;
 				}
-        } else
+			}
+		else
 #endif
 			{
 			if (informat == FORMAT_ASN1)
@ -389,7 +396,8 @@ int MAIN(int argc, char **argv)
 			else /* informat == FORMAT_PEM */
 				dh=PEM_read_bio_DHparams(in,NULL,NULL,NULL);
 			
-            if (dh == NULL) {
+			if (dh == NULL)
+				{
 				BIO_printf(bio_err,"unable to load DH parameters\n");
 				ERR_print_errors(bio_err);
 				goto end;
@ -400,11 +408,13 @@ int MAIN(int argc, char **argv)
 	}
 	
 	out=BIO_new(BIO_s_file());
-    if (out == NULL) {
+	if (out == NULL)
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -412,19 +422,26 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
 		}

-    if (text) {
+
+	if (text)
+		{
 		DHparams_print(out,dh);
 		}
 	
-    if (check) {
-        if (!DH_check(dh, &i)) {
+	if (check)
+		{
+		if (!DH_check(dh,&i))
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
@ -439,35 +456,38 @@ int MAIN(int argc, char **argv)
 		if (i == 0)
 			printf("DH parameters appear to be ok.\n");
 		}
-    if (C) {
+	if (C)
+		{
 		unsigned char *data;
 		int len,l,bits;

 		len=BN_num_bytes(dh->p);
 		bits=BN_num_bits(dh->p);
 		data=(unsigned char *)OPENSSL_malloc(len);
-        if (data == NULL) {
+		if (data == NULL)
+			{
 			perror("OPENSSL_malloc");
 			goto end;
 			}
 		printf("#ifndef HEADER_DH_H\n"
-               "#include <openssl/dh.h>\n" "#endif\n");
+		       "#include <openssl/dh.h>\n"
+		       "#endif\n");
 		printf("DH *get_dh%d()\n\t{\n",bits);

 		l=BN_bn2bin(dh->p,data);
 		printf("\tstatic unsigned char dh%d_p[]={",bits);
-        for (i = 0; i < l; i++) {
-            if ((i % 12) == 0)
-                printf("\n\t\t");
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t\t};\n");

 		l=BN_bn2bin(dh->g,data);
 		printf("\tstatic unsigned char dh%d_g[]={",bits);
-        for (i = 0; i < l; i++) {
-            if ((i % 12) == 0)
-                printf("\n\t\t");
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t\t};\n");
@ -486,16 +506,24 @@ int MAIN(int argc, char **argv)
 		OPENSSL_free(data);
 		}

-    if (!noout) {
+
+	if (!noout)
+		{
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_DHparams_bio(out,dh);
 		else if (outformat == FORMAT_PEM)
+			{
+			if (dh->q)
+				i=PEM_write_bio_DHxparams(out,dh);
+			else
 				i=PEM_write_bio_DHparams(out,dh);
+			}
 		else	{
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			goto end;
 			}
-        if (!i) {
+		if (!i)
+			{
 			BIO_printf(bio_err,"unable to write DH parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
@ -503,12 +531,9 @@ int MAIN(int argc, char **argv)
 		}
 	ret=0;
 end:
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (dh != NULL)
-        DH_free(dh);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
+	if (dh != NULL) DH_free(dh);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
@ -518,14 +543,10 @@ static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
 	{
 	char c='*';

-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
 	BIO_write(cb->arg,&c,1);
 	(void)BIO_flush(cb->arg);
 #ifdef LINT
--- a/apps/dsa.c
+++ b/apps/dsa.c
@ -74,8 +74,7 @@
 #undef PROG
 #define PROG	dsa_main

-/*-
- * -inform arg  - input format - default PEM (one of DER, NET or PEM)
+/* -inform arg	- input format - default PEM (one of DER, NET or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@ -135,36 +134,42 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-passin") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargin= *(++argv);
-        } else if (strcmp(*argv, "-passout") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
@ -184,7 +189,8 @@ int MAIN(int argc, char **argv)
 			pubin=1;
 		else if (strcmp(*argv,"-pubout") == 0)
 			pubout=1;
-        else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
+		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -193,43 +199,35 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -inform arg     input format - DER or PEM\n");
 		BIO_printf(bio_err," -outform arg    output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg         input file\n");
-        BIO_printf(bio_err,
-                   " -passin arg     input file pass phrase source\n");
+		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err," -out arg        output file\n");
-        BIO_printf(bio_err,
-                   " -passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 #endif
-        BIO_printf(bio_err,
-                   " -des            encrypt PEM output with cbc des\n");
-        BIO_printf(bio_err,
-                   " -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
+		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
+		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef OPENSSL_NO_IDEA
-        BIO_printf(bio_err,
-                   " -idea           encrypt PEM output with cbc idea\n");
+		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc aes\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc camellia\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 #ifndef OPENSSL_NO_SEED
-        BIO_printf(bio_err,
-                   " -seed           encrypt PEM output with cbc seed\n");
+		BIO_printf(bio_err," -seed           encrypt PEM output with cbc seed\n");
 #endif
 		BIO_printf(bio_err," -text           print the key in text\n");
 		BIO_printf(bio_err," -noout          don't print key out\n");
@ -250,15 +248,18 @@ int MAIN(int argc, char **argv)

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
 			perror(infile);
 			goto end;
 			}
@ -276,18 +277,21 @@ int MAIN(int argc, char **argv)
 			pkey = load_key(bio_err, infile, informat, 1,
 				passin, e, "Private Key");

-        if (pkey) {
+		if (pkey)
+			{
 			dsa = EVP_PKEY_get1_DSA(pkey);
 			EVP_PKEY_free(pkey);
 			}
 		}
-    if (dsa == NULL) {
+	if (dsa == NULL)
+		{
 		BIO_printf(bio_err,"unable to load Key\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -295,39 +299,40 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
 		}

 	if (text) 
-        if (!DSA_print(out, dsa, 0)) {
+		if (!DSA_print(out,dsa,0))
+			{
 			perror(outfile);
 			ERR_print_errors(bio_err);
 			goto end;
 			}

-    if (modulus) {
+	if (modulus)
+		{
 		fprintf(stdout,"Public Key=");
 		BN_print(out,dsa->pub_key);
 		fprintf(stdout,"\n");
 		}

-    if (noout)
-        goto end;
+	if (noout) goto end;
 	BIO_printf(bio_err,"writing DSA key\n");
 	if 	(outformat == FORMAT_ASN1) {
-        if (pubin || pubout)
-            i = i2d_DSA_PUBKEY_bio(out, dsa);
-        else
-            i = i2d_DSAPrivateKey_bio(out, dsa);
+		if(pubin || pubout) i=i2d_DSA_PUBKEY_bio(out,dsa);
+		else i=i2d_DSAPrivateKey_bio(out,dsa);
 	} else if (outformat == FORMAT_PEM) {
 		if(pubin || pubout)
 			i=PEM_write_bio_DSA_PUBKEY(out,dsa);
-        else
-            i = PEM_write_bio_DSAPrivateKey(out, dsa, enc,
+		else i=PEM_write_bio_DSAPrivateKey(out,dsa,enc,
 							NULL,0,NULL, passout);
 #if !defined(OPENSSL_NO_RSA) && !defined(OPENSSL_NO_RC4)
 	} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
@ -346,22 +351,19 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
-    if (i <= 0) {
+	if (i <= 0)
+		{
 		BIO_printf(bio_err,"unable to write private key\n");
 		ERR_print_errors(bio_err);
-    } else
+		}
+	else
 		ret=0;
 end:
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (dsa != NULL)
-        DSA_free(dsa);
-    if (passin)
-        OPENSSL_free(passin);
-    if (passout)
-        OPENSSL_free(passout);
+	if(in != NULL) BIO_free(in);
+	if(out != NULL) BIO_free_all(out);
+	if(dsa != NULL) DSA_free(dsa);
+	if(passin) OPENSSL_free(passin);
+	if(passout) OPENSSL_free(passout);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@ -57,10 +57,8 @@
 */

 #include <openssl/opensslconf.h>	/* for OPENSSL_NO_DSA */
-/*
- * Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code
- */
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
 #undef OPENSSL_NO_DEPRECATED
 #endif
@ -82,8 +80,7 @@
 #undef PROG
 #define PROG	dsaparam_main

-/*-
- * -inform arg  - input format - default PEM (DER or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@ -145,35 +142,39 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if(strcmp(*argv, "-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine = *(++argv);
 			}
 #endif
 #ifdef GENCB_TEST
-        else if (strcmp(*argv, "-timebomb") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if(strcmp(*argv, "-timebomb") == 0)
+			{
+			if (--argc < 1) goto bad;
 			timebomb = atoi(*(++argv));
 			}
 #endif
@ -181,21 +182,27 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-C") == 0)
 			C=1;
-        else if (strcmp(*argv, "-genkey") == 0) {
+		else if (strcmp(*argv,"-genkey") == 0)
+			{
 			genkey=1;
 			need_rand=1;
-        } else if (strcmp(*argv, "-rand") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			need_rand=1;
-        } else if (strcmp(*argv, "-noout") == 0)
+			}
+		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
-        else if (sscanf(*argv, "%d", &num) == 1) {
+		else if (sscanf(*argv,"%d",&num) == 1)
+			{
 			/* generate a key */
 			numbits=num;
 			need_rand=1;
-        } else {
+			}
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -204,7 +211,8 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
@ -216,18 +224,14 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err," -C            Output C code\n");
 		BIO_printf(bio_err," -noout        no output\n");
 		BIO_printf(bio_err," -genkey       generate a DSA key\n");
-        BIO_printf(bio_err,
-                   " -rand         files to use for random number input\n");
+		BIO_printf(bio_err," -rand         files to use for random number input\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e     use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 #endif
 #ifdef GENCB_TEST
-        BIO_printf(bio_err,
-                   " -timebomb n   interrupt keygen after <n> seconds\n");
+		BIO_printf(bio_err," -timebomb n   interrupt keygen after <n> seconds\n");
 #endif
-        BIO_printf(bio_err,
-                   " number        number of bits to use for generating private key\n");
+		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
 		goto end;
 		}

@ -235,20 +239,24 @@ int MAIN(int argc, char **argv)

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
 			perror(infile);
 			goto end;
 			}
 		}
-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -256,8 +264,11 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
@ -267,43 +278,48 @@ int MAIN(int argc, char **argv)
        setup_engine(bio_err, engine, 0);
 #endif

-    if (need_rand) {
+	if (need_rand)
+		{
 		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 		if (inrand != NULL)
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));
 		}

-    if (numbits > 0) {
+	if (numbits > 0)
+		{
 		BN_GENCB cb;
 		BN_GENCB_set(&cb, dsa_cb, bio_err);
 		assert(need_rand);
 		dsa = DSA_new();
-        if (!dsa) {
+		if(!dsa)
+			{
 			BIO_printf(bio_err,"Error allocating DSA object\n");
 			goto end;
 			}
-        BIO_printf(bio_err, "Generating DSA parameters, %d bit long prime\n",
-                   num);
+		BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num);
 	        BIO_printf(bio_err,"This could take some time\n");
 #ifdef GENCB_TEST
-        if (timebomb > 0) {
+		if(timebomb > 0)
+	{
 		struct sigaction act;
 		act.sa_handler = timebomb_sigalarm;
 		act.sa_flags = 0;
-            BIO_printf(bio_err,
-                       "(though I'll stop it if not done within %d secs)\n",
+		BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n",
 				timebomb);
-            if (sigaction(SIGALRM, &act, NULL) != 0) {
+		if(sigaction(SIGALRM, &act, NULL) != 0)
+			{
 			BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n");
 			goto end;
 			}
 		alarm(timebomb);
 	}
 #endif
-        if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, &cb)) {
+	        if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb))
+			{
 #ifdef GENCB_TEST
-            if (stop_keygen_flag) {
+			if(stop_keygen_flag)
+				{
 				BIO_printf(bio_err,"DSA key generation time-stopped\n");
 				/* This is an asked-for behaviour! */
 				ret = 0;
@ -314,58 +330,64 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"Error, DSA key generation failed\n");
 			goto end;
 			}
-    } else if (informat == FORMAT_ASN1)
+		}
+	else if	(informat == FORMAT_ASN1)
 		dsa=d2i_DSAparams_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
 		dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL);
-    else {
+	else
+		{
 		BIO_printf(bio_err,"bad input format specified\n");
 		goto end;
 		}
-    if (dsa == NULL) {
+	if (dsa == NULL)
+		{
 		BIO_printf(bio_err,"unable to load DSA parameters\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (text) {
+	if (text)
+		{
 		DSAparams_print(out,dsa);
 		}
 	
-    if (C) {
+	if (C)
+		{
 		unsigned char *data;
 		int l,len,bits_p;

 		len=BN_num_bytes(dsa->p);
 		bits_p=BN_num_bits(dsa->p);
 		data=(unsigned char *)OPENSSL_malloc(len+20);
-        if (data == NULL) {
+		if (data == NULL)
+			{
 			perror("OPENSSL_malloc");
 			goto end;
 			}
 		l=BN_bn2bin(dsa->p,data);
 		printf("static unsigned char dsa%d_p[]={",bits_p);
-        for (i = 0; i < l; i++) {
-            if ((i % 12) == 0)
-                printf("\n\t");
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t};\n");

 		l=BN_bn2bin(dsa->q,data);
 		printf("static unsigned char dsa%d_q[]={",bits_p);
-        for (i = 0; i < l; i++) {
-            if ((i % 12) == 0)
-                printf("\n\t");
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t};\n");

 		l=BN_bn2bin(dsa->g,data);
 		printf("static unsigned char dsa%d_g[]={",bits_p);
-        for (i = 0; i < l; i++) {
-            if ((i % 12) == 0)
-                printf("\n\t");
+		for (i=0; i<l; i++)
+			{
+			if ((i%12) == 0) printf("\n\t");
 			printf("0x%02X,",data[i]);
 			}
 		printf("\n\t};\n\n");
@ -379,13 +401,14 @@ int MAIN(int argc, char **argv)
 			bits_p,bits_p);
 		printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n",
 			bits_p,bits_p);
-        printf
-            ("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
+		printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n");
 		printf("\t\t{ DSA_free(dsa); return(NULL); }\n");
 		printf("\treturn(dsa);\n\t}\n");
 		}

-    if (!noout) {
+
+	if (!noout)
+		{
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_DSAparams_bio(out,dsa);
 		else if (outformat == FORMAT_PEM)
@ -394,19 +417,21 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			goto end;
 			}
-        if (!i) {
+		if (!i)
+			{
 			BIO_printf(bio_err,"unable to write DSA parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
-    if (genkey) {
+	if (genkey)
+		{
 		DSA *dsakey;

 		assert(need_rand);
-        if ((dsakey = DSAparams_dup(dsa)) == NULL)
-            goto end;
-        if (!DSA_generate_key(dsakey)) {
+		if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end;
+		if (!DSA_generate_key(dsakey))
+			{
 			ERR_print_errors(bio_err);
 			DSA_free(dsakey);
 			goto end;
@ -414,8 +439,7 @@ int MAIN(int argc, char **argv)
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_DSAPrivateKey_bio(out,dsakey);
 		else if (outformat == FORMAT_PEM)
-            i = PEM_write_bio_DSAPrivateKey(out, dsakey, NULL, NULL, 0, NULL,
-                                            NULL);
+			i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL);
 		else	{
 			BIO_printf(bio_err,"bad output format specified for outfile\n");
 			DSA_free(dsakey);
@ -427,12 +451,9 @@ int MAIN(int argc, char **argv)
 		app_RAND_write_file(NULL, bio_err);
 	ret=0;
 end:
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (dsa != NULL)
-        DSA_free(dsa);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
+	if (dsa != NULL) DSA_free(dsa);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
@ -441,14 +462,10 @@ static int MS_CALLBACK dsa_cb(int p, int n, BN_GENCB *cb)
 	{
 	char c='*';

-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
 	BIO_write(cb->arg,&c,1);
 	(void)BIO_flush(cb->arg);
 #ifdef LINT
--- a/apps/ec.c
+++ b/apps/ec.c
@ -70,8 +70,7 @@
 #undef PROG
 #define PROG	ec_main

-/*-
- * -inform arg    - input format - default PEM (one of DER, NET or PEM)
+/* -inform arg    - input format - default PEM (one of DER, NET or PEM)
 * -outform arg   - output format - default PEM
 * -in arg        - input file - default stdin
 * -out arg       - output file - default stdout
@ -120,40 +119,49 @@ int MAIN(int argc, char **argv)
 	prog = argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if (strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-passin") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargin= *(++argv);
-        } else if (strcmp(*argv, "-passout") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargout= *(++argv);
-        } else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv, "-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
-        } else if (strcmp(*argv, "-noout") == 0)
+			}
+		else if (strcmp(*argv, "-noout") == 0)
 			noout = 1;
 		else if (strcmp(*argv, "-text") == 0)
 			text = 1;
-        else if (strcmp(*argv, "-conv_form") == 0) {
+		else if (strcmp(*argv, "-conv_form") == 0)
+			{
 			if (--argc < 1)
 				goto bad;
 			++argv;
@ -166,7 +174,9 @@ int MAIN(int argc, char **argv)
 				form = POINT_CONVERSION_HYBRID;
 			else
 				goto bad;
-        } else if (strcmp(*argv, "-param_enc") == 0) {
+			}
+		else if (strcmp(*argv, "-param_enc") == 0)
+			{
 			if (--argc < 1)
 				goto bad;
 			++argv;
@ -177,13 +187,15 @@ int MAIN(int argc, char **argv)
 				asn1_flag = 0;
 			else
 				goto bad;
-        } else if (strcmp(*argv, "-param_out") == 0)
+			}
+		else if (strcmp(*argv, "-param_out") == 0)
 			param_out = 1;
 		else if (strcmp(*argv, "-pubin") == 0)
 			pubin=1;
 		else if (strcmp(*argv, "-pubout") == 0)
 			pubout=1;
-        else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
+		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
+			{
 			BIO_printf(bio_err, "unknown option %s\n", *argv);
 			badops=1;
 			break;
@ -192,7 +204,8 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err, "%s [options] <infile >outfile\n", prog);
 		BIO_printf(bio_err, "where options are\n");
@ -222,10 +235,12 @@ int MAIN(int argc, char **argv)
 				" compressed\n");
 		BIO_printf(bio_err, "                                 "
 				" uncompressed (default)\n");
-        BIO_printf(bio_err, "                                  " " hybrid\n");
+		BIO_printf(bio_err, "                                  "
+				" hybrid\n");
 		BIO_printf(bio_err, " -param_enc arg  specifies the way"
 				" the ec parameters are encoded\n");
-        BIO_printf(bio_err, "                 in the asn1 der " "encoding\n");
+		BIO_printf(bio_err, "                 in the asn1 der "
+				"encoding\n");
 		BIO_printf(bio_err, "                 possible values:"
 				" named_curve (default)\n");
 		BIO_printf(bio_err,"                                  "
@ -239,49 +254,62 @@ int MAIN(int argc, char **argv)
        setup_engine(bio_err, engine, 0);
 #endif

-    if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) 
+		{
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
 		}

 	in = BIO_new(BIO_s_file());
 	out = BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

 	if (infile == NULL)
 		BIO_set_fp(in, stdin, BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+	else
+		{
+		if (BIO_read_filename(in, infile) <= 0)
+			{
 			perror(infile);
 			goto end;
 			}
 		}

 	BIO_printf(bio_err, "read EC key\n");
-    if (informat == FORMAT_ASN1) {
+	if (informat == FORMAT_ASN1) 
+		{
 		if (pubin) 
 			eckey = d2i_EC_PUBKEY_bio(in, NULL);
 		else 
 			eckey = d2i_ECPrivateKey_bio(in, NULL);
-    } else if (informat == FORMAT_PEM) {
+		} 
+	else if (informat == FORMAT_PEM) 
+		{
 		if (pubin) 
-            eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, NULL);
+			eckey = PEM_read_bio_EC_PUBKEY(in, NULL, NULL, 
+				NULL);
 		else 
-            eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL, passin);
-    } else {
+			eckey = PEM_read_bio_ECPrivateKey(in, NULL, NULL,
+				passin);
+		} 
+	else
+		{
 		BIO_printf(bio_err, "bad input format specified for key\n");
 		goto end;
 		}
-    if (eckey == NULL) {
+	if (eckey == NULL)
+		{
 		BIO_printf(bio_err,"unable to load Key\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out, stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
@ -289,8 +317,11 @@ int MAIN(int argc, char **argv)
 			out = BIO_push(tmpbio, out);
 			}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out, outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
@ -305,26 +336,31 @@ int MAIN(int argc, char **argv)
 		EC_KEY_set_asn1_flag(eckey, asn1_flag);

 	if (text) 
-        if (!EC_KEY_print(out, eckey, 0)) {
+		if (!EC_KEY_print(out, eckey, 0))
+			{
 			perror(outfile);
 			ERR_print_errors(bio_err);
 			goto end;
 			}

-    if (noout) {
+	if (noout) 
+		{
 		ret = 0;
 		goto end;
 		}

 	BIO_printf(bio_err, "writing EC key\n");
-    if (outformat == FORMAT_ASN1) {
+	if (outformat == FORMAT_ASN1) 
+		{
 		if (param_out)
 			i = i2d_ECPKParameters_bio(out, group);
 		else if (pubin || pubout) 
 			i = i2d_EC_PUBKEY_bio(out, eckey);
 		else 
 			i = i2d_ECPrivateKey_bio(out, eckey);
-    } else if (outformat == FORMAT_PEM) {
+		} 
+	else if (outformat == FORMAT_PEM) 
+		{
 		if (param_out)
 			i = PEM_write_bio_ECPKParameters(out, group);
 		else if (pubin || pubout)
@ -332,15 +368,20 @@ int MAIN(int argc, char **argv)
 		else 
 			i = PEM_write_bio_ECPrivateKey(out, eckey, enc,
 						NULL, 0, NULL, passout);
-    } else {
-        BIO_printf(bio_err, "bad output format specified for " "outfile\n");
+		} 
+	else 
+		{
+		BIO_printf(bio_err, "bad output format specified for "
+			"outfile\n");
 		goto end;
 		}

-    if (!i) {
+	if (!i)
+		{
 		BIO_printf(bio_err, "unable to write private key\n");
 		ERR_print_errors(bio_err);
-    } else
+		}
+	else
 		ret=0;
 end:
 	if (in)
--- a/apps/ecparam.c
+++ b/apps/ecparam.c
@ -87,8 +87,7 @@
 #undef PROG
 #define PROG	ecparam_main

-/*-
- * -inform arg      - input format - default PEM (DER or PEM)
+/* -inform arg      - input format - default PEM (DER or PEM)
 * -outform arg     - output format - default PEM
 * -in  arg         - input file  - default stdin
 * -out arg         - output file - default stdout
@ -112,8 +111,8 @@
 * -engine e        - use engine e, possibly a hardware device
 */

-static int ecparam_print_var(BIO *, BIGNUM *, const char *, int,
-                             unsigned char *);
+
+static int ecparam_print_var(BIO *,BIGNUM *,const char *,int,unsigned char *);

 int MAIN(int, char **);

@ -151,36 +150,44 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-text") == 0)
+			}
+		else if (strcmp(*argv,"-text") == 0)
 			text = 1;
 		else if (strcmp(*argv,"-C") == 0)
 			C = 1;
 		else if (strcmp(*argv,"-check") == 0)
 			check = 1;
-        else if (strcmp(*argv, "-name") == 0) {
+		else if (strcmp (*argv, "-name") == 0)
+			{
 			if (--argc < 1)
 				goto bad;
 			curve_name = *(++argv);
-        } else if (strcmp(*argv, "-list_curves") == 0)
+			}
+		else if (strcmp(*argv, "-list_curves") == 0)
 			list_curves = 1;
-        else if (strcmp(*argv, "-conv_form") == 0) {
+		else if (strcmp(*argv, "-conv_form") == 0)
+			{
 			if (--argc < 1)
 				goto bad;
 			++argv;
@ -193,7 +200,9 @@ int MAIN(int argc, char **argv)
 				form = POINT_CONVERSION_HYBRID;
 			else
 				goto bad;
-        } else if (strcmp(*argv, "-param_enc") == 0) {
+			}
+		else if (strcmp(*argv, "-param_enc") == 0)
+			{
 			if (--argc < 1)
 				goto bad;
 			++argv;
@ -204,23 +213,29 @@ int MAIN(int argc, char **argv)
 				asn1_flag = 0;
 			else
 				goto bad;
-        } else if (strcmp(*argv, "-no_seed") == 0)
+			}
+		else if (strcmp(*argv, "-no_seed") == 0)
 			no_seed = 1;
 		else if (strcmp(*argv, "-noout") == 0)
 			noout=1;
-        else if (strcmp(*argv, "-genkey") == 0) {
+		else if (strcmp(*argv,"-genkey") == 0)
+			{
 			genkey=1;
 			need_rand=1;
-        } else if (strcmp(*argv, "-rand") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv, "-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			need_rand=1;
-        } else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if(strcmp(*argv, "-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine = *(++argv);
-        } else {
+			}	
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -229,7 +244,8 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err, "%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err, "where options are\n");
@ -270,8 +286,10 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "                                   "
 				" explicit\n");
 		BIO_printf(bio_err, " -no_seed          if 'explicit'"
-                   " parameters are chosen do not" " use the seed\n");
-        BIO_printf(bio_err, " -genkey           generate ec" " key\n");
+				" parameters are chosen do not"
+				" use the seed\n");
+		BIO_printf(bio_err, " -genkey           generate ec"
+				" key\n");
 		BIO_printf(bio_err, " -rand file        files to use for"
 				" random number input\n");
 		BIO_printf(bio_err, " -engine e         use engine e, "
@ -283,20 +301,24 @@ int MAIN(int argc, char **argv)

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
 			perror(infile);
 			goto end;
 			}
 		}
-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -304,8 +326,11 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
@ -315,7 +340,8 @@ int MAIN(int argc, char **argv)
 	setup_engine(bio_err, engine, 0);
 #endif

-    if (list_curves) {
+	if (list_curves)
+		{
 		EC_builtin_curve *curves = NULL;
 		size_t crv_len = 0;
 		size_t n = 0;
@ -327,12 +353,15 @@ int MAIN(int argc, char **argv)
 		if (curves == NULL)
 			goto end;

-        if (!EC_get_builtin_curves(curves, crv_len)) {
+		if (!EC_get_builtin_curves(curves, crv_len))
+			{
 			OPENSSL_free(curves);
 			goto end;
 			}

-        for (n = 0; n < crv_len; n++) {
+		
+		for (n = 0; n < crv_len; n++)
+			{
 			const char *comment;
 			const char *sname;
 			comment = curves[n].comment;
@ -351,48 +380,67 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}

-    if (curve_name != NULL) {
+	if (curve_name != NULL)
+		{
 		int nid;

-        /*
-         * workaround for the SECG curve names secp192r1 and secp256r1 (which
-         * are the same as the curves prime192v1 and prime256v1 defined in
-         * X9.62)
+		/* workaround for the SECG curve names secp192r1
+		 * and secp256r1 (which are the same as the curves
+		 * prime192v1 and prime256v1 defined in X9.62)
 		 */
-        if (!strcmp(curve_name, "secp192r1")) {
+		if (!strcmp(curve_name, "secp192r1"))
+			{
 			BIO_printf(bio_err, "using curve name prime192v1 "
 				"instead of secp192r1\n");
 			nid = NID_X9_62_prime192v1;
-        } else if (!strcmp(curve_name, "secp256r1")) {
+			}
+		else if (!strcmp(curve_name, "secp256r1"))
+			{
 			BIO_printf(bio_err, "using curve name prime256v1 "
 				"instead of secp256r1\n");
 			nid = NID_X9_62_prime256v1;
-        } else
+			}
+		else
 			nid = OBJ_sn2nid(curve_name);

-        if (nid == 0) {
-            BIO_printf(bio_err, "unknown curve name (%s)\n", curve_name);
+		if (nid == 0)
+			nid = EC_curve_nist2nid(curve_name);
+	
+		if (nid == 0)
+			{
+			BIO_printf(bio_err, "unknown curve name (%s)\n", 
+				curve_name);
 			goto end;
 			}

 		group = EC_GROUP_new_by_curve_name(nid);
-        if (group == NULL) {
-            BIO_printf(bio_err, "unable to create curve (%s)\n", curve_name);
+		if (group == NULL)
+			{
+			BIO_printf(bio_err, "unable to create curve (%s)\n", 
+				curve_name);
 			goto end;
 			}
 		EC_GROUP_set_asn1_flag(group, asn1_flag);
 		EC_GROUP_set_point_conversion_form(group, form);
-    } else if (informat == FORMAT_ASN1) {
+		}
+	else if (informat == FORMAT_ASN1)
+		{
 		group = d2i_ECPKParameters_bio(in, NULL);
-    } else if (informat == FORMAT_PEM) {
+		}
+	else if (informat == FORMAT_PEM)
+		{
 		group = PEM_read_bio_ECPKParameters(in,NULL,NULL,NULL);
-    } else {
+		}
+	else
+		{
 		BIO_printf(bio_err, "bad input format specified\n");
 		goto end;
 		}

-    if (group == NULL) {
-        BIO_printf(bio_err, "unable to load elliptic curve parameters\n");
+	if (group == NULL)
+		{
+		BIO_printf(bio_err, 
+			"unable to load elliptic curve parameters\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
@ -403,27 +451,34 @@ int MAIN(int argc, char **argv)
 	if (new_asn1_flag)
 		EC_GROUP_set_asn1_flag(group, asn1_flag);

-    if (no_seed) {
+	if (no_seed)
+		{
 		EC_GROUP_set_seed(group, NULL, 0);
 		}

-    if (text) {
+	if (text)
+		{
 		if (!ECPKParameters_print(out, group, 0))
 			goto end;
 		}

-    if (check) {
+	if (check)
+		{
+		if (group == NULL)
+			BIO_printf(bio_err, "no elliptic curve parameters\n");
 		BIO_printf(bio_err, "checking elliptic curve parameters: ");
-        if (!EC_GROUP_check(group, NULL)) {
+		if (!EC_GROUP_check(group, NULL))
+			{
 			BIO_printf(bio_err, "failed\n");
 			ERR_print_errors(bio_err);
-            goto end;
 			}
+		else
 			BIO_printf(bio_err, "ok\n");
 			
 		}

-    if (C) {
+	if (C)
+		{
 		size_t	buf_len = 0, tmp_len = 0;
 		const EC_POINT *point;
 		int	is_prime, len = 0;
@ -432,17 +487,23 @@ int MAIN(int argc, char **argv)
 		if ((ec_p = BN_new()) == NULL || (ec_a = BN_new()) == NULL ||
 		    (ec_b = BN_new()) == NULL || (ec_gen = BN_new()) == NULL ||
 		    (ec_order = BN_new()) == NULL || 
-            (ec_cofactor = BN_new()) == NULL) {
+		    (ec_cofactor = BN_new()) == NULL )
+			{
 			perror("OPENSSL_malloc");
 			goto end;
 			}

-        is_prime = (EC_METHOD_get_field_type(meth) == NID_X9_62_prime_field);
+		is_prime = (EC_METHOD_get_field_type(meth) == 
+			NID_X9_62_prime_field);

-        if (is_prime) {
-            if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a, ec_b, NULL))
+		if (is_prime)
+			{
+			if (!EC_GROUP_get_curve_GFp(group, ec_p, ec_a,
+				ec_b, NULL))
 				goto end;
-        } else {
+			}
+		else
+			{
 			/* TODO */
 			goto end;
 			}
@ -450,15 +511,16 @@ int MAIN(int argc, char **argv)
 		if ((point = EC_GROUP_get0_generator(group)) == NULL)
 			goto end;
 		if (!EC_POINT_point2bn(group, point, 
-                               EC_GROUP_get_point_conversion_form(group),
-                               ec_gen, NULL))
+			EC_GROUP_get_point_conversion_form(group), ec_gen, 
+			NULL))
 			goto end;
 		if (!EC_GROUP_get_order(group, ec_order, NULL))
 			goto end;
 		if (!EC_GROUP_get_cofactor(group, ec_cofactor, NULL))
 			goto end;

-        if (!ec_p || !ec_a || !ec_b || !ec_gen || !ec_order || !ec_cofactor)
+		if (!ec_p || !ec_a || !ec_b || !ec_gen || 
+			!ec_order || !ec_cofactor)
 			goto end;

 		len = BN_num_bits(ec_order);
@ -478,7 +540,8 @@ int MAIN(int argc, char **argv)

 		buffer = (unsigned char *)OPENSSL_malloc(buf_len);

-        if (buffer == NULL) {
+		if (buffer == NULL)
+			{
 			perror("OPENSSL_malloc");
 			goto end;
 			}
@ -488,7 +551,8 @@ int MAIN(int argc, char **argv)
 		ecparam_print_var(out, ec_b, "ec_b", len, buffer);
 		ecparam_print_var(out, ec_gen, "ec_gen", len, buffer);
 		ecparam_print_var(out, ec_order, "ec_order", len, buffer);
-        ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, buffer);
+		ecparam_print_var(out, ec_cofactor, "ec_cofactor", len, 
+			buffer);

 		BIO_printf(out, "\n\n");

@ -507,11 +571,14 @@ int MAIN(int argc, char **argv)
 		BIO_printf(out, "\tif ((tmp_3 = BN_bin2bn(ec_b_%d, "
 				"sizeof(ec_b_%d), NULL)) == NULL)\n\t\t"
 				"goto err;\n", len, len);
-        if (is_prime) {
+		if (is_prime)
+			{
 			BIO_printf(out, "\tif ((group = EC_GROUP_new_curve_"
 				"GFp(tmp_1, tmp_2, tmp_3, NULL)) == NULL)"
 				"\n\t\tgoto err;\n\n");
-        } else {
+			}
+		else
+			{
 			/* TODO */
 			goto end;
 			}
@ -544,17 +611,20 @@ int MAIN(int argc, char **argv)
 		BIO_printf(out, "\treturn(group);\n\t}\n");
 	}

-    if (!noout) {
+	if (!noout)
+		{
 		if (outformat == FORMAT_ASN1)
 			i = i2d_ECPKParameters_bio(out, group);
 		else if (outformat == FORMAT_PEM)
 			i = PEM_write_bio_ECPKParameters(out, group);
-        else {
+		else	
+			{
 			BIO_printf(bio_err,"bad output format specified for"
 				" outfile\n");
 			goto end;
 			}
-        if (!i) {
+		if (!i)
+			{
 			BIO_printf(bio_err, "unable to write elliptic "
 				"curve parameters\n");
 			ERR_print_errors(bio_err);
@ -562,14 +632,16 @@ int MAIN(int argc, char **argv)
 			}
 		}
 	
-    if (need_rand) {
+	if (need_rand)
+		{
 		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 		if (inrand != NULL)
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 				app_RAND_load_files(inrand));
 		}

-    if (genkey) {
+	if (genkey)
+		{
 		EC_KEY *eckey = EC_KEY_new();

 		if (eckey == NULL)
@ -580,7 +652,8 @@ int MAIN(int argc, char **argv)
 		if (EC_KEY_set_group(eckey, group) == 0)
 			goto end;
 		
-        if (!EC_KEY_generate_key(eckey)) {
+		if (!EC_KEY_generate_key(eckey))
+			{
 			EC_KEY_free(eckey);
 			goto end;
 			}
@ -589,7 +662,8 @@ int MAIN(int argc, char **argv)
 		else if (outformat == FORMAT_PEM)
 			i = PEM_write_bio_ECPrivateKey(out, eckey, NULL,
 				NULL, 0, NULL, NULL);
-        else {
+		else	
+			{
 			BIO_printf(bio_err, "bad output format specified "
 				"for outfile\n");
 			EC_KEY_free(eckey);
@ -633,11 +707,13 @@ static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,
 	BIO_printf(out, "static unsigned char %s_%d[] = {", var, len);
 	if (BN_is_zero(in))
 		BIO_printf(out, "\n\t0x00");
-    else {
+	else 
+		{
 		int i, l;

 		l = BN_bn2bin(in, buffer);
-        for (i = 0; i < l - 1; i++) {
+		for (i=0; i<l-1; i++)
+			{
 			if ((i%12) == 0) 
 				BIO_printf(out, "\n\t");
 			BIO_printf(out, "0x%02X,", buffer[i]);
--- a/apps/enc.c
+++ b/apps/enc.c
@ -90,10 +90,12 @@ static void show_ciphers(const OBJ_NAME *name, void *bio_)
 		return;

 	BIO_printf(bio,"-%-25s",name->name);
-    if (++n == 3) {
+	if(++n == 3)
+		{
 		BIO_printf(bio,"\n");
 		n=0;
-    } else
+		}
+	else
 		BIO_printf(bio," ");
 	}

@ -122,8 +124,7 @@ int MAIN(int argc, char **argv)
 	const EVP_CIPHER *cipher=NULL,*c;
 	EVP_CIPHER_CTX *ctx = NULL;
 	char *inf=NULL,*outf=NULL;
-    BIO *in = NULL, *out = NULL, *b64 = NULL, *benc = NULL, *rbio =
-        NULL, *wbio = NULL;
+	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
 #define PROG_NAME_SIZE  39
 	char pname[PROG_NAME_SIZE+1];
 #ifndef OPENSSL_NO_ENGINE
@ -164,26 +165,29 @@ int MAIN(int argc, char **argv)

 	argc--;
 	argv++;
-    while (argc >= 1) {
+	while (argc >= 1)
+		{
 		if	(strcmp(*argv,"-e") == 0)
 			enc=1;
-        else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			inf= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outf= *(++argv);
-        } else if (strcmp(*argv, "-pass") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-pass") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passarg= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
@ -213,67 +217,84 @@ int MAIN(int argc, char **argv)
 		else if	(strcmp(*argv,"-z") == 0)
 			do_zlib=1;
 #endif
-        else if (strcmp(*argv, "-bufsize") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-bufsize") == 0)
+			{
+			if (--argc < 1) goto bad;
 			bufsize=(unsigned char *)*(++argv);
-        } else if (strcmp(*argv, "-k") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-k") == 0)
+			{
+			if (--argc < 1) goto bad;
 			str= *(++argv);
-        } else if (strcmp(*argv, "-kfile") == 0) {
+			}
+		else if (strcmp(*argv,"-kfile") == 0)
+			{
 			static char buf[128];
 			FILE *infile;
 			char *file;

-            if (--argc < 1)
-                goto bad;
+			if (--argc < 1) goto bad;
 			file= *(++argv);
 			infile=fopen(file,"r");
-            if (infile == NULL) {
-                BIO_printf(bio_err, "unable to read key from '%s'\n", file);
+			if (infile == NULL)
+				{
+				BIO_printf(bio_err,"unable to read key from '%s'\n",
+					file);
 				goto bad;
 				}
 			buf[0]='\0';
-            if (!fgets(buf, sizeof buf, infile)) {
-                BIO_printf(bio_err, "unable to read key from '%s'\n", file);
+			if (!fgets(buf,sizeof buf,infile))
+				{
+				BIO_printf(bio_err,"unable to read key from '%s'\n",
+					file);
 				goto bad;
 				}
 			fclose(infile);
 			i=strlen(buf);
-            if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
+			if ((i > 0) &&
+				((buf[i-1] == '\n') || (buf[i-1] == '\r')))
 				buf[--i]='\0';
-            if ((i > 0) && ((buf[i - 1] == '\n') || (buf[i - 1] == '\r')))
+			if ((i > 0) &&
+				((buf[i-1] == '\n') || (buf[i-1] == '\r')))
 				buf[--i]='\0';
-            if (i < 1) {
+			if (i < 1)
+				{
 				BIO_printf(bio_err,"zero length password\n");
 				goto bad;
 				}
 			str=buf;
-        } else if (strcmp(*argv, "-K") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-K") == 0)
+			{
+			if (--argc < 1) goto bad;
 			hkey= *(++argv);
-        } else if (strcmp(*argv, "-S") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-S") == 0)
+			{
+			if (--argc < 1) goto bad;
 			hsalt= *(++argv);
-        } else if (strcmp(*argv, "-iv") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-iv") == 0)
+			{
+			if (--argc < 1) goto bad;
 			hiv= *(++argv);
-        } else if (strcmp(*argv, "-md") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-md") == 0)
+			{
+			if (--argc < 1) goto bad;
 			md= *(++argv);
-        } else if (strcmp(*argv, "-non-fips-allow") == 0)
+			}
+		else if (strcmp(*argv,"-non-fips-allow") == 0)
 			non_fips_allow = 1;
 		else if	((argv[0][0] == '-') &&
-                 ((c = EVP_get_cipherbyname(&(argv[0][1]))) != NULL)) {
+			((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
+			{
 			cipher=c;
-        } else if (strcmp(*argv, "-none") == 0)
+			}
+		else if (strcmp(*argv,"-none") == 0)
 			cipher=NULL;
-        else {
+		else
+			{
 			BIO_printf(bio_err,"unknown option '%s'\n",*argv);
 bad:
 			BIO_printf(bio_err,"options are\n");
@ -282,38 +303,24 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"%-14s pass phrase source\n","-pass <arg>");
 			BIO_printf(bio_err,"%-14s encrypt\n","-e");
 			BIO_printf(bio_err,"%-14s decrypt\n","-d");
-            BIO_printf(bio_err,
-                       "%-14s base64 encode/decode, depending on encryption flag\n",
-                       "-a/-base64");
-            BIO_printf(bio_err, "%-14s passphrase is the next argument\n",
-                       "-k");
-            BIO_printf(bio_err,
-                       "%-14s passphrase is the first line of the file argument\n",
-                       "-kfile");
-            BIO_printf(bio_err,
-                       "%-14s the next argument is the md to use to create a key\n",
-                       "-md");
-            BIO_printf(bio_err,
-                       "%-14s   from a passphrase.  One of md2, md5, sha or sha1\n",
-                       "");
-            BIO_printf(bio_err, "%-14s salt in hex is the next argument\n",
-                       "-S");
-            BIO_printf(bio_err, "%-14s key/iv in hex is the next argument\n",
-                       "-K/-iv");
-            BIO_printf(bio_err, "%-14s print the iv/key (then exit if -P)\n",
-                       "-[pP]");
+			BIO_printf(bio_err,"%-14s base64 encode/decode, depending on encryption flag\n","-a/-base64");
+			BIO_printf(bio_err,"%-14s passphrase is the next argument\n","-k");
+			BIO_printf(bio_err,"%-14s passphrase is the first line of the file argument\n","-kfile");
+			BIO_printf(bio_err,"%-14s the next argument is the md to use to create a key\n","-md");
+			BIO_printf(bio_err,"%-14s   from a passphrase.  One of md2, md5, sha or sha1\n","");
+			BIO_printf(bio_err,"%-14s salt in hex is the next argument\n","-S");
+			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
+			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
 			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
-            BIO_printf(bio_err, "%-14s disable standard block padding\n",
-                       "-nopad");
+			BIO_printf(bio_err,"%-14s disable standard block padding\n","-nopad");
 #ifndef OPENSSL_NO_ENGINE
-            BIO_printf(bio_err,
-                       "%-14s use engine e, possibly a hardware device.\n",
-                       "-engine e");
+			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
 #endif

 			BIO_printf(bio_err,"Cipher Types\n");
 			OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
-                                   show_ciphers, bio_err);
+					       show_ciphers,
+					       bio_err);
 			BIO_printf(bio_err,"\n");

 			goto end;
@ -326,83 +333,93 @@ int MAIN(int argc, char **argv)
        setup_engine(bio_err, engine, 0);
 #endif

-    if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) {
-        BIO_printf(bio_err,
-                   "AEAD ciphers not supported by the enc utility\n");
+	if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER)
+		{
+		BIO_printf(bio_err, "AEAD ciphers not supported by the enc utility\n");
 		goto end;
 		}

-    if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE)) {
-        BIO_printf(bio_err,
-                   "Ciphers in XTS mode are not supported by the enc utility\n");
+	if (cipher && (EVP_CIPHER_mode(cipher) == EVP_CIPH_XTS_MODE))
+		{
+		BIO_printf(bio_err, "Ciphers in XTS mode are not supported by the enc utility\n");
 		goto end;
 		}

-    if (md && (dgst = EVP_get_digestbyname(md)) == NULL) {
+	if (md && (dgst=EVP_get_digestbyname(md)) == NULL)
+		{
 		BIO_printf(bio_err,"%s is an unsupported message digest type\n",md);
 		goto end;
 		}

-    if (dgst == NULL) {
+	if (dgst == NULL)
+		{
 		dgst = EVP_md5();
 		}

-    if (bufsize != NULL) {
+	if (bufsize != NULL)
+		{
 		unsigned long n;

-        for (n = 0; *bufsize; bufsize++) {
+		for (n=0; *bufsize; bufsize++)
+			{
 			i= *bufsize;
 			if ((i <= '9') && (i >= '0'))
 				n=n*10+i-'0';
-            else if (i == 'k') {
+			else if (i == 'k')
+				{
 				n*=1024;
 				bufsize++;
 				break;
 				}
 			}
-        if (*bufsize != '\0') {
+		if (*bufsize != '\0')
+			{
 			BIO_printf(bio_err,"invalid 'bufsize' specified.\n");
 			goto end;
 			}

 		/* It must be large enough for a base64 encoded line */
-        if (base64 && n < 80)
-            n = 80;
+		if (base64 && n < 80) n=80;

 		bsize=(int)n;
-        if (verbose)
-            BIO_printf(bio_err, "bufsize=%d\n", bsize);
+		if (verbose) BIO_printf(bio_err,"bufsize=%d\n",bsize);
 		}

 	strbuf=OPENSSL_malloc(SIZE);
 	buff=(unsigned char *)OPENSSL_malloc(EVP_ENCODE_LENGTH(bsize));
-    if ((buff == NULL) || (strbuf == NULL)) {
-        BIO_printf(bio_err, "OPENSSL_malloc failure %ld\n",
-                   (long)EVP_ENCODE_LENGTH(bsize));
+	if ((buff == NULL) || (strbuf == NULL))
+		{
+		BIO_printf(bio_err,"OPENSSL_malloc failure %ld\n",(long)EVP_ENCODE_LENGTH(bsize));
 		goto end;
 		}

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-    if (debug) {
+	if (debug)
+		{
 		BIO_set_callback(in,BIO_debug_callback);
 		BIO_set_callback(out,BIO_debug_callback);
 		BIO_set_callback_arg(in,(char *)bio_err);
 		BIO_set_callback_arg(out,(char *)bio_err);
 		}

-    if (inf == NULL) {
+	if (inf == NULL)
+	        {
 #ifndef OPENSSL_NO_SETVBUF_IONBF
 		if (bufsize != NULL)
 			setvbuf(stdin, (char *)NULL, _IONBF, 0);
 #endif /* ndef OPENSSL_NO_SETVBUF_IONBF */
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    } else {
-        if (BIO_read_filename(in, inf) <= 0) {
+	        }
+	else
+		{
+		if (BIO_read_filename(in,inf) <= 0)
+			{
 			perror(inf);
 			goto end;
 			}
@ -416,8 +433,10 @@ int MAIN(int argc, char **argv)
 		str = pass;
 	}

-    if ((str == NULL) && (cipher != NULL) && (hkey == NULL)) {
-        for (;;) {
+	if ((str == NULL) && (cipher != NULL) && (hkey == NULL))
+		{
+		for (;;)
+			{
 			char buf[200];

 			BIO_snprintf(buf,sizeof buf,"enter %s %s password:",
@ -425,22 +444,27 @@ int MAIN(int argc, char **argv)
 				     (enc)?"encryption":"decryption");
 			strbuf[0]='\0';
 			i=EVP_read_pw_string((char *)strbuf,SIZE,buf,enc);
-            if (i == 0) {
-                if (strbuf[0] == '\0') {
+			if (i == 0)
+				{
+				if (strbuf[0] == '\0')
+					{
 					ret=1;
 					goto end;
 					}
 				str=strbuf;
 				break;
 				}
-            if (i < 0) {
+			if (i < 0)
+				{
 				BIO_printf(bio_err,"bad password read\n");
 				goto end;
 				}
 			}
 		}

-    if (outf == NULL) {
+
+	if (outf == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifndef OPENSSL_NO_SETVBUF_IONBF
 		if (bufsize != NULL)
@ -452,8 +476,11 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outf) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outf) <= 0)
+			{
 			perror(outf);
 			goto end;
 			}
@ -464,7 +491,8 @@ int MAIN(int argc, char **argv)

 #ifdef ZLIB

-    if (do_zlib) {
+	if (do_zlib)
+		{
 		if ((bzl=BIO_new(BIO_f_zlib())) == NULL)
 			goto end;
 		if (enc)
@ -474,10 +502,12 @@ int MAIN(int argc, char **argv)
 		}
 #endif

-    if (base64) {
+	if (base64)
+		{
 		if ((b64=BIO_new(BIO_f_base64())) == NULL)
 			goto end;
-        if (debug) {
+		if (debug)
+			{
 			BIO_set_callback(b64,BIO_debug_callback);
 			BIO_set_callback_arg(b64,(char *)bio_err);
 			}
@ -489,31 +519,30 @@ int MAIN(int argc, char **argv)
 			rbio=BIO_push(b64,rbio);
 		}

-    if (cipher != NULL) {
-        /*
-         * Note that str is NULL if a key was passed on the command line, so
-         * we get no salt in that case. Is this a bug?
+	if (cipher != NULL)
+		{
+		/* Note that str is NULL if a key was passed on the command
+		 * line, so we get no salt in that case. Is this a bug?
 		 */
-        if (str != NULL) {
-            /*
-             * Salt handling: if encrypting generate a salt and write to
-             * output BIO. If decrypting read salt from input BIO.
+		if (str != NULL)
+			{
+			/* Salt handling: if encrypting generate a salt and
+			 * write to output BIO. If decrypting read salt from
+			 * input BIO.
 			 */
 			unsigned char *sptr;
-            if (nosalt)
-                sptr = NULL;
+			if(nosalt) sptr = NULL;
 			else {
 				if(enc) {
 					if(hsalt) {
 						if(!set_hex(hsalt,salt,sizeof salt)) {
-                            BIO_printf(bio_err, "invalid hex salt value\n");
+							BIO_printf(bio_err,
+								"invalid hex salt value\n");
 							goto end;
 						}
 					} else if (RAND_pseudo_bytes(salt, sizeof salt) < 0)
 						goto end;
-                    /*
-                     * If -P option then don't bother writing
-                     */
+					/* If -P option then don't bother writing */
 					if((printkey != 2)
 					   && (BIO_write(wbio,magic,
 							 sizeof magic-1) != sizeof magic-1
@ -538,36 +567,33 @@ int MAIN(int argc, char **argv)
 			}

 			EVP_BytesToKey(cipher,dgst,sptr,
-                           (unsigned char *)str, strlen(str), 1, key, iv);
-            /*
-             * zero the complete buffer or the string passed from the command
-             * line bug picked up by Larry J. Hughes Jr. <hughes@indiana.edu>
-             */
+				(unsigned char *)str,
+				strlen(str),1,key,iv);
+			/* zero the complete buffer or the string
+			 * passed from the command line
+			 * bug picked up by
+			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
 			if (str == strbuf)
 				OPENSSL_cleanse(str,SIZE);
 			else
 				OPENSSL_cleanse(str,strlen(str));
 			}
-        if (hiv != NULL) {
-            int siz = EVP_CIPHER_iv_length(cipher);
-            if (siz == 0) {
-                BIO_printf(bio_err, "warning: iv not use by this cipher\n");
-            } else if (!set_hex(hiv, iv, sizeof iv)) {
+		if ((hiv != NULL) && !set_hex(hiv,iv,sizeof iv))
+			{
 			BIO_printf(bio_err,"invalid hex iv value\n");
 			goto end;
 			}
-        }
 		if ((hiv == NULL) && (str == NULL)
-            && EVP_CIPHER_iv_length(cipher) != 0) {
-            /*
-             * No IV was explicitly set and no IV was generated during
-             * EVP_BytesToKey. Hence the IV is undefined, making correct
-             * decryption impossible.
-             */
+		    && EVP_CIPHER_iv_length(cipher) != 0)
+			{
+			/* No IV was explicitly set and no IV was generated
+			 * during EVP_BytesToKey. Hence the IV is undefined,
+			 * making correct decryption impossible. */
 			BIO_printf(bio_err, "iv undefined\n");
 			goto end;
 			}
-        if ((hkey != NULL) && !set_hex(hkey, key, EVP_CIPHER_key_length(cipher))) {
+		if ((hkey != NULL) && !set_hex(hkey,key,sizeof key))
+			{
 			BIO_printf(bio_err,"invalid hex key value\n");
 			goto end;
 			}
@ -575,17 +601,18 @@ int MAIN(int argc, char **argv)
 		if ((benc=BIO_new(BIO_f_cipher())) == NULL)
 			goto end;

-        /*
-         * Since we may be changing parameters work on the encryption context
-         * rather than calling BIO_set_cipher().
+		/* Since we may be changing parameters work on the encryption
+		 * context rather than calling BIO_set_cipher().
 		 */

 		BIO_get_cipher_ctx(benc, &ctx);

 		if (non_fips_allow)
-            EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+			EVP_CIPHER_CTX_set_flags(ctx,
+				EVP_CIPH_FLAG_NON_FIPS_ALLOW);

-        if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc)) {
+		if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
+			{
 			BIO_printf(bio_err, "Error setting cipher %s\n",
 				EVP_CIPHER_name(cipher));
 			ERR_print_errors(bio_err);
@ -595,38 +622,45 @@ int MAIN(int argc, char **argv)
 		if (nopad)
 			EVP_CIPHER_CTX_set_padding(ctx, 0);

-        if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc)) {
+		if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, iv, enc))
+			{
 			BIO_printf(bio_err, "Error setting cipher %s\n",
 				EVP_CIPHER_name(cipher));
 			ERR_print_errors(bio_err);
 			goto end;
 			}

-        if (debug) {
+		if (debug)
+			{
 			BIO_set_callback(benc,BIO_debug_callback);
 			BIO_set_callback_arg(benc,(char *)bio_err);
 			}

-        if (printkey) {
-            if (!nosalt) {
+		if (printkey)
+			{
+			if (!nosalt)
+				{
 				printf("salt=");
 				for (i=0; i<(int)sizeof(salt); i++)
 					printf("%02X",salt[i]);
 				printf("\n");
 				}
-            if (cipher->key_len > 0) {
+			if (cipher->key_len > 0)
+				{
 				printf("key=");
 				for (i=0; i<cipher->key_len; i++)
 					printf("%02X",key[i]);
 				printf("\n");
 				}
-            if (cipher->iv_len > 0) {
+			if (cipher->iv_len > 0)
+				{
 				printf("iv =");
 				for (i=0; i<cipher->iv_len; i++)
 					printf("%02X",iv[i]);
 				printf("\n");
 				}
-            if (printkey == 2) {
+			if (printkey == 2)
+				{
 				ret=0;
 				goto end;
 				}
@ -637,45 +671,40 @@ int MAIN(int argc, char **argv)
 	if (benc != NULL)
 		wbio=BIO_push(benc,wbio);

-    for (;;) {
+	for (;;)
+		{
 		inl=BIO_read(rbio,(char *)buff,bsize);
-        if (inl <= 0)
-            break;
-        if (BIO_write(wbio, (char *)buff, inl) != inl) {
+		if (inl <= 0) break;
+		if (BIO_write(wbio,(char *)buff,inl) != inl)
+			{
 			BIO_printf(bio_err,"error writing output file\n");
 			goto end;
 			}
 		}
-    if (!BIO_flush(wbio)) {
+	if (!BIO_flush(wbio))
+		{
 		BIO_printf(bio_err,"bad decrypt\n");
 		goto end;
 		}

 	ret=0;
-    if (verbose) {
+	if (verbose)
+		{
 		BIO_printf(bio_err,"bytes read   :%8ld\n",BIO_number_read(in));
 		BIO_printf(bio_err,"bytes written:%8ld\n",BIO_number_written(out));
 		}
 end:
 	ERR_print_errors(bio_err);
-    if (strbuf != NULL)
-        OPENSSL_free(strbuf);
-    if (buff != NULL)
-        OPENSSL_free(buff);
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (benc != NULL)
-        BIO_free(benc);
-    if (b64 != NULL)
-        BIO_free(b64);
+	if (strbuf != NULL) OPENSSL_free(strbuf);
+	if (buff != NULL) OPENSSL_free(buff);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
+	if (benc != NULL) BIO_free(benc);
+	if (b64 != NULL) BIO_free(b64);
 #ifdef ZLIB
-    if (bzl != NULL)
-        BIO_free(bzl);
+	if (bzl != NULL) BIO_free(bzl);
 #endif
-    if (pass)
-        OPENSSL_free(pass);
+	if(pass) OPENSSL_free(pass);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
@ -686,23 +715,25 @@ int set_hex(char *in, unsigned char *out, int size)
 	unsigned char j;

 	n=strlen(in);
-    if (n > (size * 2)) {
+	if (n > (size*2))
+		{
 		BIO_printf(bio_err,"hex string is too long\n");
 		return(0);
 		}
 	memset(out,0,size);
-    for (i = 0; i < n; i++) {
+	for (i=0; i<n; i++)
+		{
 		j=(unsigned char)*in;
 		*(in++)='\0';
-        if (j == 0)
-            break;
+		if (j == 0) break;
 		if ((j >= '0') && (j <= '9'))
 			j-='0';
 		else if ((j >= 'A') && (j <= 'F'))
 			j=j-'A'+10;
 		else if ((j >= 'a') && (j <= 'f'))
 			j=j-'a'+10;
-        else {
+		else
+			{
 			BIO_printf(bio_err,"non-hex digit\n");
 			return(0);
 			}
--- a/apps/engine.c
+++ b/apps/engine.c
@ -1,7 +1,6 @@
-/* apps/engine.c */
-/*
- * Written by Richard Levitte <richard@levitte.org> for the OpenSSL project
- * 2000.
+/* apps/engine.c -*- mode: C; c-file-style: "eay" -*- */
+/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
+ * project 2000.
 */
 /* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@ -57,6 +56,7 @@
 *
 */

+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@ -99,7 +99,10 @@ static void identity(char *ptr)

 static int append_buf(char **buf, const char *s, int *size, int step)
 	{
-    if (*buf == NULL) {
+	int l = strlen(s);
+
+	if (*buf == NULL)
+		{
 		*size = step;
 		*buf = OPENSSL_malloc(*size);
 		if (*buf == NULL)
@ -107,7 +110,11 @@ static int append_buf(char **buf, const char *s, int *size, int step)
 		**buf = '\0';
 		}

-    if (strlen(*buf) + strlen(s) >= (unsigned int)*size) {
+	if (**buf != '\0')
+		l += 2;		/* ", " */
+
+	if (strlen(*buf) + strlen(s) >= (unsigned int)*size)
+		{
 		*size += step;
 		*buf = OPENSSL_realloc(*buf, *size);
 		}
@ -127,38 +134,41 @@ static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
 	int started = 0, err = 0;
 	/* Indent before displaying input flags */
 	BIO_printf(bio_out, "%s%s(input flags): ", indent, indent);
-    if (flags == 0) {
+	if(flags == 0)
+		{
 		BIO_printf(bio_out, "<no flags>\n");
 		return 1;
 		}
-    /*
-     * If the object is internal, mark it in a way that shows instead of
-     * having it part of all the other flags, even if it really is.
-     */
-    if (flags & ENGINE_CMD_FLAG_INTERNAL) {
+        /* If the object is internal, mark it in a way that shows instead of
+         * having it part of all the other flags, even if it really is. */
+	if(flags & ENGINE_CMD_FLAG_INTERNAL)
+		{
 		BIO_printf(bio_out, "[Internal] ");
 		}

-    if (flags & ENGINE_CMD_FLAG_NUMERIC) {
+	if(flags & ENGINE_CMD_FLAG_NUMERIC)
+		{
 		BIO_printf(bio_out, "NUMERIC");
 		started = 1;
 		}
-    /*
-     * Now we check that no combinations of the mutually exclusive NUMERIC,
+	/* Now we check that no combinations of the mutually exclusive NUMERIC,
 	 * STRING, and NO_INPUT flags have been used. Future flags that can be
 	 * OR'd together with these would need to added after these to preserve
-     * the testing logic.
-     */
-    if (flags & ENGINE_CMD_FLAG_STRING) {
-        if (started) {
+	 * the testing logic. */
+	if(flags & ENGINE_CMD_FLAG_STRING)
+		{
+		if(started)
+			{
 			BIO_printf(bio_out, "|");
 			err = 1;
 			}
 		BIO_printf(bio_out, "STRING");
 		started = 1;
 		}
-    if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
-        if (started) {
+	if(flags & ENGINE_CMD_FLAG_NO_INPUT)
+		{
+		if(started)
+			{
 			BIO_printf(bio_out, "|");
 			err = 1;
 			}
@ -168,10 +178,11 @@ static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
 	/* Check for unknown flags */
 	flags = flags & ~ENGINE_CMD_FLAG_NUMERIC &
 			~ENGINE_CMD_FLAG_STRING &
-        ~ENGINE_CMD_FLAG_NO_INPUT & ~ENGINE_CMD_FLAG_INTERNAL;
-    if (flags) {
-        if (started)
-            BIO_printf(bio_out, "|");
+			~ENGINE_CMD_FLAG_NO_INPUT &
+			~ENGINE_CMD_FLAG_INTERNAL;
+	if(flags)
+		{
+		if(started) BIO_printf(bio_out, "|");
 		BIO_printf(bio_out, "<0x%04X>", flags);
 		}
 	if(err)
@ -180,8 +191,7 @@ static int util_flags(BIO *bio_out, unsigned int flags, const char *indent)
 	return 1;
 	}

-static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
-                        const char *indent)
+static int util_verbose(ENGINE *e, int verbose, BIO *bio_out, const char *indent)
 	{
 	static const int line_wrap = 78;
 	int num;
@ -193,7 +203,8 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
 	STACK_OF(OPENSSL_STRING) *cmds = NULL;
 	if(!ENGINE_ctrl(e, ENGINE_CTRL_HAS_CTRL_FUNCTION, 0, NULL, NULL) ||
 			((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_FIRST_CMD_TYPE,
-                            0, NULL, NULL)) <= 0)) {
+					0, NULL, NULL)) <= 0))
+		{
 #if 0
 		BIO_printf(bio_out, "%s<no control commands>\n", indent);
 #endif
@ -210,7 +221,8 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
 		if((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
 					NULL, NULL)) < 0)
 			goto err;
-        if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4) {
+                if (!(flags & ENGINE_CMD_FLAG_INTERNAL) || verbose >= 4)
+                        {
                        /* Get the command name */
                        if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_NAME_LEN_FROM_CMD, num,
                                NULL, NULL)) <= 0)
@ -224,7 +236,8 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
                        if((len = ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_LEN_FROM_CMD, num,
                                NULL, NULL)) < 0)
                                goto err;
-            if (len > 0) {
+                        if(len > 0)
+                                {
                                if((desc = OPENSSL_malloc(len + 1)) == NULL)
                                        goto err;
                                if(ENGINE_ctrl(e, ENGINE_CTRL_GET_DESC_FROM_CMD, num, desc,
@ -238,45 +251,42 @@ static int util_verbose(ENGINE *e, int verbose, BIO *bio_out,
                        else
                                /* Otherwise prepend a ", " */
                                xpos += BIO_printf(bio_out, ", ");
-            if (verbose == 1) {
-                /*
-                 * We're just listing names, comma-delimited
-                 */
+                        if(verbose == 1)
+                                {
+                                /* We're just listing names, comma-delimited */
                                if((xpos > (int)strlen(indent)) &&
-                    (xpos + (int)strlen(name) > line_wrap)) {
+					(xpos + (int)strlen(name) > line_wrap))
+                                        {
                                        BIO_printf(bio_out, "\n");
                                        xpos = BIO_puts(bio_out, indent);
                                        }
                                xpos += BIO_printf(bio_out, "%s", name);
-            } else {
+                                }
+                        else
+                                {
                                /* We're listing names plus descriptions */
                                BIO_printf(bio_out, "%s: %s\n", name,
                                        (desc == NULL) ? "<no description>" : desc);
                                /* ... and sometimes input flags */
-                if ((verbose >= 3) && !util_flags(bio_out, flags, indent))
+                                if((verbose >= 3) && !util_flags(bio_out, flags,
+                                        indent))
                                        goto err;
                                xpos = 0;
                                }
                        }
-        OPENSSL_free(name);
-        name = NULL;
-        if (desc) {
-            OPENSSL_free(desc);
-            desc = NULL;
-        }
+		OPENSSL_free(name); name = NULL;
+		if(desc) { OPENSSL_free(desc); desc = NULL; }
 		/* Move to the next command */
-        num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE, num, NULL, NULL);
+		num = ENGINE_ctrl(e, ENGINE_CTRL_GET_NEXT_CMD_TYPE,
+					num, NULL, NULL);
 		} while(num > 0);
 	if(xpos > 0)
 		BIO_printf(bio_out, "\n");
 	ret = 1;
 err:
-    if (cmds)
-        sk_OPENSSL_STRING_pop_free(cmds, identity);
-    if (name)
-        OPENSSL_free(name);
-    if (desc)
-        OPENSSL_free(desc);
+	if(cmds) sk_OPENSSL_STRING_pop_free(cmds, identity);
+	if(name) OPENSSL_free(name);
+	if(desc) OPENSSL_free(desc);
 	return ret;
 	}

@ -285,21 +295,27 @@ static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
 	{
 	int loop, res, num = sk_OPENSSL_STRING_num(cmds);

-    if (num < 0) {
+	if(num < 0)
+		{
 		BIO_printf(bio_out, "[Error]: internal stack error\n");
 		return;
 		}
-    for (loop = 0; loop < num; loop++) {
+	for(loop = 0; loop < num; loop++)
+		{
 		char buf[256];
 		const char *cmd, *arg;
 		cmd = sk_OPENSSL_STRING_value(cmds, loop);
 		res = 1; /* assume success */
 		/* Check if this command has no ":arg" */
-        if ((arg = strstr(cmd, ":")) == NULL) {
+		if((arg = strstr(cmd, ":")) == NULL)
+			{
 			if(!ENGINE_ctrl_cmd_string(e, cmd, NULL, 0))
 				res = 0;
-        } else {
-            if ((int)(arg - cmd) > 254) {
+			}
+		else
+			{
+			if((int)(arg - cmd) > 254)
+				{
 				BIO_printf(bio_out,"[Error]: command name too long\n");
 				return;
 				}
@ -312,7 +328,8 @@ static void util_do_cmds(ENGINE *e, STACK_OF(OPENSSL_STRING) *cmds,
 			}
 		if(res)
 			BIO_printf(bio_out, "[Success]: %s\n", cmd);
-        else {
+		else
+			{
 			BIO_printf(bio_out, "[Failure]: %s\n", cmd);
 			ERR_print_errors(bio_out);
 			}
@ -352,33 +369,40 @@ int MAIN(int argc, char **argv)

 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strncmp(*argv, "-v", 2) == 0) {
+	while (argc >= 1)
+		{
+		if (strncmp(*argv,"-v",2) == 0)
+			{
 			if(strspn(*argv + 1, "v") < strlen(*argv + 1))
 				goto skip_arg_loop;
 			if((verbose=strlen(*argv + 1)) > 4)
 				goto skip_arg_loop;
-        } else if (strcmp(*argv, "-c") == 0)
+			}
+		else if (strcmp(*argv,"-c") == 0)
 			list_cap=1;
-        else if (strncmp(*argv, "-t", 2) == 0) {
+		else if (strncmp(*argv,"-t",2) == 0)
+			{
 			test_avail=1;
 			if(strspn(*argv + 1, "t") < strlen(*argv + 1))
 				goto skip_arg_loop;
 			if((test_avail_noise = strlen(*argv + 1) - 1) > 1)
 				goto skip_arg_loop;
-        } else if (strcmp(*argv, "-pre") == 0) {
-            argc--;
-            argv++;
+			}
+		else if (strcmp(*argv,"-pre") == 0)
+			{
+			argc--; argv++;
 			if (argc == 0)
 				goto skip_arg_loop;
 			sk_OPENSSL_STRING_push(pre_cmds,*argv);
-        } else if (strcmp(*argv, "-post") == 0) {
-            argc--;
-            argv++;
+			}
+		else if (strcmp(*argv,"-post") == 0)
+			{
+			argc--; argv++;
 			if (argc == 0)
 				goto skip_arg_loop;
 			sk_OPENSSL_STRING_push(post_cmds,*argv);
-        } else if ((strncmp(*argv, "-h", 2) == 0) ||
+			}
+		else if ((strncmp(*argv,"-h",2) == 0) ||
 				(strcmp(*argv,"-?") == 0))
 			goto skip_arg_loop;
 		else
@ -390,32 +414,37 @@ int MAIN(int argc, char **argv)
 	badops = 0;
 skip_arg_loop:

-    if (badops) {
+	if (badops)
+		{
 		for (pp=engine_usage; (*pp != NULL); pp++)
 			BIO_printf(bio_err,"%s",*pp);
 		goto end;
 		}

-    if (sk_OPENSSL_STRING_num(engines) == 0) {
-        for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e)) {
+	if (sk_OPENSSL_STRING_num(engines) == 0)
+		{
+		for(e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
+			{
 			sk_OPENSSL_STRING_push(engines,(char *)ENGINE_get_id(e));
 			}
 		}

-    for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) {
+	for (i=0; i<sk_OPENSSL_STRING_num(engines); i++)
+		{
 		const char *id = sk_OPENSSL_STRING_value(engines,i);
-        if ((e = ENGINE_by_id(id)) != NULL) {
+		if ((e = ENGINE_by_id(id)) != NULL)
+			{
 			const char *name = ENGINE_get_name(e);
-            /*
-             * Do "id" first, then "name". Easier to auto-parse.
-             */
+			/* Do "id" first, then "name". Easier to auto-parse. */
 			BIO_printf(bio_out, "(%s) %s\n", id, name);
 			util_do_cmds(e, pre_cmds, bio_out, indent);
-            if (strcmp(ENGINE_get_id(e), id) != 0) {
+			if (strcmp(ENGINE_get_id(e), id) != 0)
+				{
 				BIO_printf(bio_out, "Loaded: (%s) %s\n",
 					ENGINE_get_id(e), ENGINE_get_name(e));
 				}
-            if (list_cap) {
+			if (list_cap)
+				{
 				int cap_size = 256;
 				char *cap_buf = NULL;
 				int k,n;
@ -425,45 +454,49 @@ int MAIN(int argc, char **argv)
 				ENGINE_PKEY_METHS_PTR fn_pk;

 				if (ENGINE_get_RSA(e) != NULL
-                    && !append_buf(&cap_buf, "RSA", &cap_size, 256))
+					&& !append_buf(&cap_buf, "RSA",
+						&cap_size, 256))
 					goto end;
 				if (ENGINE_get_DSA(e) != NULL
-                    && !append_buf(&cap_buf, "DSA", &cap_size, 256))
+					&& !append_buf(&cap_buf, "DSA",
+						&cap_size, 256))
 					goto end;
 				if (ENGINE_get_DH(e) != NULL
-                    && !append_buf(&cap_buf, "DH", &cap_size, 256))
+					&& !append_buf(&cap_buf, "DH",
+						&cap_size, 256))
 					goto end;
 				if (ENGINE_get_RAND(e) != NULL
-                    && !append_buf(&cap_buf, "RAND", &cap_size, 256))
+					&& !append_buf(&cap_buf, "RAND",
+						&cap_size, 256))
 					goto end;

 				fn_c = ENGINE_get_ciphers(e);
-                if (!fn_c)
-                    goto skip_ciphers;
+				if(!fn_c) goto skip_ciphers;
 				n = fn_c(e, NULL, &nids, 0);
 				for(k=0 ; k < n ; ++k)
 					if(!append_buf(&cap_buf,
-                                    OBJ_nid2sn(nids[k]), &cap_size, 256))
+						       OBJ_nid2sn(nids[k]),
+						       &cap_size, 256))
 						goto end;

 skip_ciphers:
 				fn_d = ENGINE_get_digests(e);
-                if (!fn_d)
-                    goto skip_digests;
+				if(!fn_d) goto skip_digests;
 				n = fn_d(e, NULL, &nids, 0);
 				for(k=0 ; k < n ; ++k)
 					if(!append_buf(&cap_buf,
-                                    OBJ_nid2sn(nids[k]), &cap_size, 256))
+						       OBJ_nid2sn(nids[k]),
+						       &cap_size, 256))
 						goto end;

 skip_digests:
 				fn_pk = ENGINE_get_pkey_meths(e);
-                if (!fn_pk)
-                    goto skip_pmeths;
+				if(!fn_pk) goto skip_pmeths;
 				n = fn_pk(e, NULL, &nids, 0);
 				for(k=0 ; k < n ; ++k)
 					if(!append_buf(&cap_buf,
-                                    OBJ_nid2sn(nids[k]), &cap_size, 256))
+						       OBJ_nid2sn(nids[k]),
+						       &cap_size, 256))
 						goto end;
 skip_pmeths:
 				if (cap_buf && (*cap_buf != '\0'))
@ -471,13 +504,17 @@ int MAIN(int argc, char **argv)

 				OPENSSL_free(cap_buf);
 				}
-            if (test_avail) {
+			if(test_avail)
+				{
 				BIO_printf(bio_out, "%s", indent);
-                if (ENGINE_init(e)) {
+				if (ENGINE_init(e))
+					{
 					BIO_printf(bio_out, "[ available ]\n");
 					util_do_cmds(e, post_cmds, bio_out, indent);
 					ENGINE_finish(e);
-                } else {
+					}
+				else
+					{
 					BIO_printf(bio_out, "[ unavailable ]\n");
 					if(test_avail_noise)
 						ERR_print_errors_fp(stdout);
@ -487,7 +524,8 @@ int MAIN(int argc, char **argv)
 			if((verbose > 0) && !util_verbose(e, verbose, bio_out, indent))
 				goto end;
 			ENGINE_free(e);
-        } else
+			}
+		else
 			ERR_print_errors(bio_err);
 		}

@ -498,8 +536,7 @@ int MAIN(int argc, char **argv)
 	sk_OPENSSL_STRING_pop_free(engines, identity);
 	sk_OPENSSL_STRING_pop_free(pre_cmds, identity);
 	sk_OPENSSL_STRING_pop_free(post_cmds, identity);
-    if (bio_out != NULL)
-        BIO_free_all(bio_out);
+	if (bio_out != NULL) BIO_free_all(bio_out);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
--- a/apps/errstr.c
+++ b/apps/errstr.c
@ -84,33 +84,40 @@ int MAIN(int argc, char **argv)

 	SSL_load_error_strings();

-    if ((argc > 1) && (strcmp(argv[1], "-stats") == 0)) {
+	if ((argc > 1) && (strcmp(argv[1],"-stats") == 0))
+		{
 		BIO *out=NULL;

 		out=BIO_new(BIO_s_file());
-        if ((out != NULL) && BIO_set_fp(out, stdout, BIO_NOCLOSE)) {
+		if ((out != NULL) && BIO_set_fp(out,stdout,BIO_NOCLOSE))
+			{
 #ifdef OPENSSL_SYS_VMS
 			{
 			BIO *tmpbio = BIO_new(BIO_f_linebuffer());
 			out = BIO_push(tmpbio, out);
 			}
 #endif
-            lh_ERR_STRING_DATA_node_stats_bio(ERR_get_string_table(), out);
-            lh_ERR_STRING_DATA_stats_bio(ERR_get_string_table(), out);
-            lh_ERR_STRING_DATA_node_usage_stats_bio(ERR_get_string_table(),
+			lh_ERR_STRING_DATA_node_stats_bio(
+						  ERR_get_string_table(), out);
+			lh_ERR_STRING_DATA_stats_bio(ERR_get_string_table(),
 						     out);
+			lh_ERR_STRING_DATA_node_usage_stats_bio(
+						    ERR_get_string_table(),out);
 			}
-        if (out != NULL)
-            BIO_free_all(out);
+		if (out != NULL) BIO_free_all(out);
 		argc--;
 		argv++;
 		}

-    for (i = 1; i < argc; i++) {
-        if (sscanf(argv[i], "%lx", &l)) {
+	for (i=1; i<argc; i++)
+		{
+		if (sscanf(argv[i],"%lx",&l))
+			{
 			ERR_error_string_n(l, buf, sizeof buf);
 			printf("%s\n",buf);
-        } else {
+			}
+		else
+			{
 			printf("%s: bad error code\n",argv[i]);
 			printf("usage: errstr [-stats] <errno> ...\n");
 			ret++;
--- a/apps/gendh.c
+++ b/apps/gendh.c
@ -58,10 +58,8 @@
 */

 #include <openssl/opensslconf.h>
-/*
- * Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code
- */
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
 #undef OPENSSL_NO_DEPRECATED
 #endif
@ -80,7 +78,7 @@
 #include <openssl/x509.h>
 #include <openssl/pem.h>

-# define DEFBITS 2048
+#define DEFBITS	512
 #undef PROG
 #define PROG gendh_main

@ -113,66 +111,67 @@ int MAIN(int argc, char **argv)

 	argv++;
 	argc--;
-    for (;;) {
-        if (argc <= 0)
-            break;
-        if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+	for (;;)
+		{
+		if (argc <= 0) break;
+		if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-2") == 0)
+			}
+		else if (strcmp(*argv,"-2") == 0)
 			g=2;
-/*-     else if (strcmp(*argv,"-3") == 0)
+	/*	else if (strcmp(*argv,"-3") == 0)
 			g=3; */
 		else if (strcmp(*argv,"-5") == 0)
 			g=5;
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
-        else if (strcmp(*argv, "-rand") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
 			inrand= *(++argv);
-        } else
+			}
+		else
 			break;
 		argv++;
 		argc--;
 		}
-    if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
+	if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
+		{
 bad:
 		BIO_printf(bio_err,"usage: gendh [args] [numbits]\n");
 		BIO_printf(bio_err," -out file - output the key to 'file\n");
 		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
-        /*
-         * BIO_printf(bio_err," -3 - use 3 as the generator value\n");
-         */
+	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
 		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e - use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 #endif
-        BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-                   LIST_SEPARATOR_CHAR);
-        BIO_printf(bio_err,
-                   "           - load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		goto end;
 		}
+		
 #ifndef OPENSSL_NO_ENGINE
        setup_engine(bio_err, engine, 0);
 #endif

 	out=BIO_new(BIO_s_file());
-    if (out == NULL) {
+	if (out == NULL)
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -180,28 +179,28 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
 		}

-    if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
-        BIO_printf(bio_err,
-                   "warning, not much extra random data, consider using the -rand option\n");
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			app_RAND_load_files(inrand));

-    BIO_printf(bio_err,
-               "Generating DH parameters, %d bit long safe prime, generator %d\n",
-               num, g);
+	BIO_printf(bio_err,"Generating DH parameters, %d bit long safe prime, generator %d\n",num,g);
 	BIO_printf(bio_err,"This is going to take a long time\n");

-    if (((dh = DH_new()) == NULL)
-        || !DH_generate_parameters_ex(dh, num, g, &cb))
+	if(((dh = DH_new()) == NULL) || !DH_generate_parameters_ex(dh, num, g, &cb))
 		goto end;
 		
 	app_RAND_write_file(NULL, bio_err);
@ -212,10 +211,8 @@ int MAIN(int argc, char **argv)
 end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (dh != NULL)
-        DH_free(dh);
+	if (out != NULL) BIO_free_all(out);
+	if (dh != NULL) DH_free(dh);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
@ -224,14 +221,10 @@ static int MS_CALLBACK dh_cb(int p, int n, BN_GENCB *cb)
 	{
 	char c='*';

-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
 	BIO_write(cb->arg,&c,1);
 	(void)BIO_flush(cb->arg);
 #ifdef LINT
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@ -100,30 +100,32 @@ int MAIN(int argc, char **argv)

 	argv++;
 	argc--;
-    for (;;) {
-        if (argc <= 0)
-            break;
-        if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+	for (;;)
+		{
+		if (argc <= 0) break;
+		if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-passout") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
-        else if (strcmp(*argv, "-rand") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
 			inrand= *(++argv);
-        } else if (strcmp(*argv, "-") == 0)
+			}
+		else if (strcmp(*argv,"-") == 0)
 			goto bad;
 #ifndef OPENSSL_NO_DES
 		else if (strcmp(*argv,"-des") == 0)
@ -155,57 +157,51 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-camellia256") == 0)
 			enc=EVP_camellia_256_cbc();
 #endif
-        else if (**argv != '-' && dsaparams == NULL) {
+		else if (**argv != '-' && dsaparams == NULL)
+			{
 			dsaparams = *argv;
-        } else
+			}
+		else
 			goto bad;
 		argv++;
 		argc--;
 		}

-    if (dsaparams == NULL) {
+	if (dsaparams == NULL)
+		{
 bad:
 		BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n");
 		BIO_printf(bio_err," -out file - output the key to 'file'\n");
 #ifndef OPENSSL_NO_DES
-        BIO_printf(bio_err,
-                   " -des      - encrypt the generated key with DES in cbc mode\n");
-        BIO_printf(bio_err,
-                   " -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+		BIO_printf(bio_err," -des      - encrypt the generated key with DES in cbc mode\n");
+		BIO_printf(bio_err," -des3     - encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
 #endif
 #ifndef OPENSSL_NO_IDEA
-        BIO_printf(bio_err,
-                   " -idea     - encrypt the generated key with IDEA in cbc mode\n");
+		BIO_printf(bio_err," -idea     - encrypt the generated key with IDEA in cbc mode\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 		BIO_printf(bio_err," -seed\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc seed\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc seed\n");
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc aes\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc camellia\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e - use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
 #endif
-        BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-                   LIST_SEPARATOR_CHAR);
-        BIO_printf(bio_err,
-                   "           - load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"             the random number generator\n");
 		BIO_printf(bio_err," dsaparam-file\n");
-        BIO_printf(bio_err,
-                   "           - a DSA parameter file as generated by the dsaparam command\n");
+		BIO_printf(bio_err,"           - a DSA parameter file as generated by the dsaparam command\n");
 		goto end;
 		}
+
 #ifndef OPENSSL_NO_ENGINE
        setup_engine(bio_err, engine, 0);
 #endif
@ -215,13 +211,16 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

+
 	in=BIO_new(BIO_s_file());
-    if (!(BIO_read_filename(in, dsaparams))) {
+	if (!(BIO_read_filename(in,dsaparams)))
+		{
 		perror(dsaparams);
 		goto end;
 		}

-    if ((dsa = PEM_read_bio_DSAparams(in, NULL, NULL, NULL)) == NULL) {
+	if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL)
+		{
 		BIO_printf(bio_err,"unable to load DSA parameter file\n");
 		goto end;
 		}
@ -229,10 +228,10 @@ int MAIN(int argc, char **argv)
 	in = NULL;
 		
 	out=BIO_new(BIO_s_file());
-    if (out == NULL)
-        goto end;
+	if (out == NULL) goto end;

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -240,24 +239,27 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
 		}

-    if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) {
-        BIO_printf(bio_err,
-                   "warning, not much extra random data, consider using the -rand option\n");
+	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL)
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
 			app_RAND_load_files(inrand));

-    BIO_printf(bio_err, "Generating DSA key, %d bits\n", BN_num_bits(dsa->p));
-    if (!DSA_generate_key(dsa))
-        goto end;
+	BIO_printf(bio_err,"Generating DSA key, %d bits\n",
+							BN_num_bits(dsa->p));
+	if (!DSA_generate_key(dsa)) goto end;

 	app_RAND_write_file(NULL, bio_err);

@ -267,14 +269,10 @@ int MAIN(int argc, char **argv)
 end:
 	if (ret != 0)
 		ERR_print_errors(bio_err);
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
-    if (dsa != NULL)
-        DSA_free(dsa);
-    if (passout)
-        OPENSSL_free(passout);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
+	if (dsa != NULL) DSA_free(dsa);
+	if(passout) OPENSSL_free(passout);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@ -1,7 +1,6 @@
 /* apps/genpkey.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006
 */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
@ -102,26 +101,32 @@ int MAIN(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
-    while (!badarg && *args && *args[0] == '-') {
-        if (!strcmp(*args, "-outform")) {
-            if (args[1]) {
+	while (!badarg && *args && *args[0] == '-')
+		{
+		if (!strcmp(*args,"-outform"))
+			{
+			if (args[1])
+				{
 				args++;
 				outformat=str2fmt(*args);
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-pass")) {
-            if (!args[1])
-                goto bad;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args,"-pass"))
+			{
+			if (!args[1]) goto bad;
 			passarg= *(++args);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*args, "-engine") == 0) {
+		else if (strcmp(*args,"-engine") == 0)
+			{
 			if (!args[1])
 				goto bad;
        		e = setup_engine(bio_err, *(++args), 0);
 			}
 #endif
-        else if (!strcmp(*args, "-paramfile")) {
+		else if (!strcmp (*args, "-paramfile"))
+			{
 			if (!args[1])
 				goto bad;
 			args++;
@ -129,38 +134,54 @@ int MAIN(int argc, char **argv)
 				goto bad;
 			if (!init_keygen_file(bio_err, &ctx, *args, e))
 				goto end;
-        } else if (!strcmp(*args, "-out")) {
-            if (args[1]) {
+			}
+		else if (!strcmp (*args, "-out"))
+			{
+			if (args[1])
+				{
 				args++;
 				outfile = *args;
-            } else
-                badarg = 1;
-        } else if (strcmp(*args, "-algorithm") == 0) {
+				}
+			else badarg = 1;
+			}
+		else if (strcmp(*args,"-algorithm") == 0)
+			{
 			if (!args[1])
 				goto bad;
 			if (!init_gen_str(bio_err, &ctx, *(++args),e, do_param))
 				goto end;
-        } else if (strcmp(*args, "-pkeyopt") == 0) {
+			}
+		else if (strcmp(*args,"-pkeyopt") == 0)
+			{
 			if (!args[1])
 				goto bad;
-            if (!ctx) {
+			if (!ctx)
+				{
 				BIO_puts(bio_err, "No keytype specified\n");
 				goto bad;
-            } else if (pkey_ctrl_string(ctx, *(++args)) <= 0) {
+				}
+			else if (pkey_ctrl_string(ctx, *(++args)) <= 0)
+				{
 				BIO_puts(bio_err, "parameter setting error\n");
 				ERR_print_errors(bio_err);
 				goto end;
 				}
-        } else if (strcmp(*args, "-genparam") == 0) {
+			}
+		else if (strcmp(*args,"-genparam") == 0)
+			{
 			if (ctx)
 				goto bad;
 			do_param = 1;
-        } else if (strcmp(*args, "-text") == 0)
+			}
+		else if (strcmp(*args,"-text") == 0)
 			text=1;
-        else {
+		else
+			{
 			cipher = EVP_get_cipherbyname(*args + 1);
-            if (!cipher) {
-                BIO_printf(bio_err, "Unknown cipher %s\n", *args + 1);
+			if (!cipher)
+				{
+				BIO_printf(bio_err, "Unknown cipher %s\n",
+								*args + 1);
 				badarg = 1;
 				}
 			if (do_param == 1)
@ -172,45 +193,45 @@ int MAIN(int argc, char **argv)
 	if (!ctx)
 		badarg = 1;

-    if (badarg) {
+	if (badarg)
+		{
 		bad:
 		BIO_printf(bio_err, "Usage: genpkey [options]\n");
 		BIO_printf(bio_err, "where options may be\n");
 		BIO_printf(bio_err, "-out file          output file\n");
-        BIO_printf(bio_err,
-                   "-outform X         output format (DER or PEM)\n");
-        BIO_printf(bio_err,
-                   "-pass arg          output file pass phrase source\n");
-        BIO_printf(bio_err,
-                   "-<cipher>          use cipher <cipher> to encrypt the key\n");
+		BIO_printf(bio_err, "-outform X         output format (DER or PEM)\n");
+		BIO_printf(bio_err, "-pass arg          output file pass phrase source\n");
+		BIO_printf(bio_err, "-<cipher>          use cipher <cipher> to encrypt the key\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   "-engine e          use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, "-engine e          use engine e, possibly a hardware device.\n");
 #endif
 		BIO_printf(bio_err, "-paramfile file    parameters file\n");
 		BIO_printf(bio_err, "-algorithm alg     the public key algorithm\n");
-        BIO_printf(bio_err,
-                   "-pkeyopt opt:value set the public key algorithm option <opt>\n"
+		BIO_printf(bio_err, "-pkeyopt opt:value set the public key algorithm option <opt>\n"
 				            "                   to value <value>\n");
-        BIO_printf(bio_err,
-                   "-genparam          generate parameters, not key\n");
+		BIO_printf(bio_err, "-genparam          generate parameters, not key\n");
 		BIO_printf(bio_err, "-text              print the in text\n");
-        BIO_printf(bio_err,
-                   "NB: options order may be important!  See the manual page.\n");
+		BIO_printf(bio_err, "NB: options order may be important!  See the manual page.\n");
 		goto end;
 		}

-    if (!app_passwd(bio_err, passarg, NULL, &pass, NULL)) {
+	if (!app_passwd(bio_err, passarg, NULL, &pass, NULL))
+		{
 		BIO_puts(bio_err, "Error getting password\n");
 		goto end;
 		}

-    if (outfile) {
-        if (!(out = BIO_new_file(outfile, "wb"))) {
-            BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+	if (outfile)
+		{
+		if (!(out = BIO_new_file (outfile, "wb")))
+			{
+			BIO_printf(bio_err,
+				 "Can't open output file %s\n", outfile);
 			goto end;
 			}
-    } else {
+		}
+	else
+		{
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
@ -223,14 +244,19 @@ int MAIN(int argc, char **argv)
 	EVP_PKEY_CTX_set_cb(ctx, genpkey_cb);
 	EVP_PKEY_CTX_set_app_data(ctx, bio_err);

-    if (do_param) {
-        if (EVP_PKEY_paramgen(ctx, &pkey) <= 0) {
+	if (do_param)
+		{
+		if (EVP_PKEY_paramgen(ctx, &pkey) <= 0)
+			{
 			BIO_puts(bio_err, "Error generating parameters\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
-    } else {
-        if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
+		}
+	else
+		{
+		if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
+			{
 			BIO_puts(bio_err, "Error generating key\n");
 			ERR_print_errors(bio_err);
 			goto end;
@ -240,26 +266,31 @@ int MAIN(int argc, char **argv)
 	if (do_param)
 		rv = PEM_write_bio_Parameters(out, pkey);
 	else if (outformat == FORMAT_PEM) 
-        rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0, NULL, pass);
+		rv = PEM_write_bio_PrivateKey(out, pkey, cipher, NULL, 0,
+								NULL, pass);
 	else if (outformat == FORMAT_ASN1)
 		rv = i2d_PrivateKey_bio(out, pkey);
-    else {
+	else
+		{
 		BIO_printf(bio_err, "Bad format specified for key\n");
 		goto end;
 		}

-    if (rv <= 0) {
+	if (rv <= 0)
+		{
 		BIO_puts(bio_err, "Error writing key\n");
 		ERR_print_errors(bio_err);
 		}

-    if (text) {
+	if (text)
+		{
 		if (do_param)
 			rv = EVP_PKEY_print_params(out, pkey, 0, NULL);
 		else
 			rv = EVP_PKEY_print_private(out, pkey, 0, NULL);

-        if (rv <= 0) {
+		if (rv <= 0)
+			{
 			BIO_puts(bio_err, "Error printing key\n");
 			ERR_print_errors(bio_err);
 			}
@ -287,13 +318,15 @@ static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
 	BIO *pbio;
 	EVP_PKEY *pkey = NULL;
 	EVP_PKEY_CTX *ctx = NULL;
-    if (*pctx) {
+	if (*pctx)
+		{
 		BIO_puts(err, "Parameters already set!\n");
 		return 0;
 		}

 	pbio = BIO_new_file(file, "r");
-    if (!pbio) {
+	if (!pbio)
+		{
 		BIO_printf(err, "Can't open parameter file %s\n", file);
 		return 0;
 		}
@ -301,7 +334,8 @@ static int init_keygen_file(BIO *err, EVP_PKEY_CTX **pctx,
 	pkey = PEM_read_bio_Parameters(pbio, NULL);
 	BIO_free(pbio);

-    if (!pkey) {
+	if (!pkey)
+		{
 		BIO_printf(bio_err, "Error reading parameter file %s\n", file);
 		return 0;
 		}
@ -334,7 +368,8 @@ int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
 	ENGINE *tmpeng = NULL;
 	int pkey_id;

-    if (*pctx) {
+	if (*pctx)
+		{
 		BIO_puts(err, "Algorithm already set!\n");
 		return 0;
 		}
@ -346,7 +381,8 @@ int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,
 		ameth = ENGINE_get_pkey_asn1_meth_str(e, algname, -1);
 #endif

-    if (!ameth) {
+	if (!ameth)
+		{
 		BIO_printf(bio_err, "Algorithm %s not found\n", algname);
 		return 0;
 		}
@ -362,10 +398,13 @@ int init_gen_str(BIO *err, EVP_PKEY_CTX **pctx,

 	if (!ctx)
 		goto err;
-    if (do_param) {
+	if (do_param)
+		{
 		if (EVP_PKEY_paramgen_init(ctx) <= 0)
 			goto err;
-    } else {
+		}
+	else
+		{
 		if (EVP_PKEY_keygen_init(ctx) <= 0)
 			goto err;
 		}
@ -388,14 +427,10 @@ static int genpkey_cb(EVP_PKEY_CTX *ctx)
 	BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
 	int p;
 	p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
 	BIO_write(b,&c,1);
 	(void)BIO_flush(b);
 #ifdef LINT
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@ -57,10 +57,8 @@
 */

 #include <openssl/opensslconf.h>
-/*
- * Until the key-gen callbacks are modified to use newer prototypes, we allow
- * deprecated functions for openssl-internal code
- */
+/* Until the key-gen callbacks are modified to use newer prototypes, we allow
+ * deprecated functions for openssl-internal code */
 #ifdef OPENSSL_NO_DEPRECATED
 #undef OPENSSL_NO_DEPRECATED
 #endif
@ -109,8 +107,7 @@ int MAIN(int argc, char **argv)
 	BIGNUM *bn = BN_new();
 	RSA *rsa = NULL;

-    if (!bn)
-        goto err;
+	if(!bn) goto err;

 	apps_startup();
 	BN_GENCB_set(&cb, genrsa_cb, bio_err);
@ -121,34 +118,36 @@ int MAIN(int argc, char **argv)

 	if (!load_config(bio_err, NULL))
 		goto err;
-    if ((out = BIO_new(BIO_s_file())) == NULL) {
+	if ((out=BIO_new(BIO_s_file())) == NULL)
+		{
 		BIO_printf(bio_err,"unable to create BIO for output\n");
 		goto err;
 		}

 	argv++;
 	argc--;
-    for (;;) {
-        if (argc <= 0)
-            break;
-        if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+	for (;;)
+		{
+		if (argc <= 0) break;
+		if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-3") == 0)
+			}
+		else if (strcmp(*argv,"-3") == 0)
 			f4=3;
 		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
 			f4=RSA_F4;
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
-        else if (strcmp(*argv, "-rand") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-rand") == 0)
+			{
+			if (--argc < 1) goto bad;
 			inrand= *(++argv);
 			}
 #ifndef OPENSSL_NO_DES
@ -181,55 +180,46 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-camellia256") == 0)
 			enc=EVP_camellia_256_cbc();
 #endif
-        else if (strcmp(*argv, "-passout") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargout= *(++argv);
-        } else
+			}
+		else
 			break;
 		argv++;
 		argc--;
 		}
-    if ((argc >= 1) && ((sscanf(*argv, "%d", &num) == 0) || (num < 0))) {
+	if ((argc >= 1) && ((sscanf(*argv,"%d",&num) == 0) || (num < 0)))
+		{
 bad:
 		BIO_printf(bio_err,"usage: genrsa [args] [numbits]\n");
-        BIO_printf(bio_err,
-                   " -des            encrypt the generated key with DES in cbc mode\n");
-        BIO_printf(bio_err,
-                   " -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
+		BIO_printf(bio_err," -des            encrypt the generated key with DES in cbc mode\n");
+		BIO_printf(bio_err," -des3           encrypt the generated key with DES in ede cbc mode (168 bit key)\n");
 #ifndef OPENSSL_NO_IDEA
-        BIO_printf(bio_err,
-                   " -idea           encrypt the generated key with IDEA in cbc mode\n");
+		BIO_printf(bio_err," -idea           encrypt the generated key with IDEA in cbc mode\n");
 #endif
 #ifndef OPENSSL_NO_SEED
 		BIO_printf(bio_err," -seed\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc seed\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc seed\n");
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc aes\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc camellia\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 		BIO_printf(bio_err," -out file       output the key to 'file\n");
-        BIO_printf(bio_err,
-                   " -passout arg    output file pass phrase source\n");
-        BIO_printf(bio_err,
-                   " -f4             use F4 (0x10001) for the E value\n");
+		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
 		BIO_printf(bio_err," -3              use 3 for the E value\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 #endif
-        BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-                   LIST_SEPARATOR_CHAR);
-        BIO_printf(bio_err,
-                   "                 load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
 		goto err;
 		}
@ -240,11 +230,13 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "Error getting password\n");
 		goto err;
 	}
+
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -252,17 +244,20 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto err;
 			}
 		}

 	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
-        && !RAND_status()) {
-        BIO_printf(bio_err,
-                   "warning, not much extra random data, consider using the -rand option\n");
+		&& !RAND_status())
+		{
+		BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n");
 		}
 	if (inrand != NULL)
 		BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
@ -283,12 +278,11 @@ int MAIN(int argc, char **argv)
 		
 	app_RAND_write_file(NULL, bio_err);

-    /*
-     * We need to do the following for when the base number size is < long,
-     * esp windows 3.1 :-(.
-     */
+	/* We need to do the following for when the base number size is <
+	 * long, esp windows 3.1 :-(. */
 	l=0L;
-    for (i = 0; i < rsa->e->top; i++) {
+	for (i=0; i<rsa->e->top; i++)
+		{
 #ifndef SIXTY_FOUR_BIT
 		l<<=BN_BITS4;
 		l<<=BN_BITS4;
@ -301,21 +295,16 @@ int MAIN(int argc, char **argv)
 	cb_data.password = passout;
 	cb_data.prompt_info = outfile;
 	if (!PEM_write_bio_RSAPrivateKey(out,rsa,enc,NULL,0,
-                                         (pem_password_cb *)password_callback,
-                                         &cb_data))
+		(pem_password_cb *)password_callback,&cb_data))
 		goto err;
 	}

 	ret=0;
 err:
-    if (bn)
-        BN_free(bn);
-    if (rsa)
-        RSA_free(rsa);
-    if (out)
-        BIO_free_all(out);
-    if (passout)
-        OPENSSL_free(passout);
+	if (bn) BN_free(bn);
+	if (rsa) RSA_free(rsa);
+	if (out) BIO_free_all(out);
+	if(passout) OPENSSL_free(passout);
 	if (ret != 0)
 		ERR_print_errors(bio_err);
 	apps_shutdown();
@ -326,14 +315,10 @@ static int MS_CALLBACK genrsa_cb(int p, int n, BN_GENCB *cb)
 	{
 	char c='*';

-    if (p == 0)
-        c = '.';
-    if (p == 1)
-        c = '+';
-    if (p == 2)
-        c = '*';
-    if (p == 3)
-        c = '\n';
+	if (p == 0) c='.';
+	if (p == 1) c='+';
+	if (p == 2) c='*';
+	if (p == 3) c='\n';
 	BIO_write(cb->arg,&c,1);
 	(void)BIO_flush(cb->arg);
 #ifdef LINT
--- a/apps/makeapps.com
+++ b/apps/makeapps.com
@ -776,7 +776,7 @@ $ IF F$TYPE(USER_CCFLAGS) .NES. "" THEN CCEXTRAFLAGS = USER_CCFLAGS
 $ CCDISABLEWARNINGS = "" !!! "MAYLOSEDATA3" !!! "LONGLONGTYPE,LONGLONGSUFX,FOUNDCR"
 $ IF F$TYPE(USER_CCDISABLEWARNINGS) .NES. ""
 $ THEN
-$     IF CCDISABLEWARNINGS .NES. "" THEN CCDISABLEWARNINGS = CCDISABLEWARNINGS + ","
+$     IF CCDISABLEWARNINGS .NES. THEN CCDISABLEWARNINGS = CCDISABLEWARNINGS + ","
 $     CCDISABLEWARNINGS = CCDISABLEWARNINGS + USER_CCDISABLEWARNINGS
 $ ENDIF
 $!
--- a/apps/nseq.c
+++ b/apps/nseq.c
@ -1,7 +1,6 @@
 /* nseq.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999.
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@ -77,27 +76,22 @@ int MAIN(int argc, char **argv)
 	NETSCAPE_CERT_SEQUENCE *seq = NULL;
 	int i, ret = 1;
 	int badarg = 0;
-    if (bio_err == NULL)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 	ERR_load_crypto_strings();
 	args = argv + 1;
 	while (!badarg && *args && *args[0] == '-') {
-        if (!strcmp(*args, "-toseq"))
-            toseq = 1;
+		if (!strcmp (*args, "-toseq")) toseq = 1;
 		else if (!strcmp (*args, "-in")) {
 			if (args[1]) {
 				args++;
 				infile = *args;
-            } else
-                badarg = 1;
+			} else badarg = 1;
 		} else if (!strcmp (*args, "-out")) {
 			if (args[1]) {
 				args++;
 				outfile = *args;
-            } else
-                badarg = 1;
-        } else
-            badarg = 1;
+			} else badarg = 1;
+		} else badarg = 1;
 		args++;
 	}

@ -113,15 +107,16 @@ int MAIN(int argc, char **argv)

 	if (infile) {
 		if (!(in = BIO_new_file (infile, "r"))) {
-            BIO_printf(bio_err, "Can't open input file %s\n", infile);
+			BIO_printf (bio_err,
+				 "Can't open input file %s\n", infile);
 			goto end;
 		}
-    } else
-        in = BIO_new_fp(stdin, BIO_NOCLOSE);
+	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);

 	if (outfile) {
 		if (!(out = BIO_new_file (outfile, "w"))) {
-            BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+			BIO_printf (bio_err,
+				 "Can't open output file %s\n", outfile);
 			goto end;
 		}
 	} else {
@ -139,7 +134,8 @@ int MAIN(int argc, char **argv)
 		while((x509 = PEM_read_bio_X509(in, NULL, NULL, NULL))) 
 		    sk_X509_push(seq->certs,x509);

-        if (!sk_X509_num(seq->certs)) {
+		if(!sk_X509_num(seq->certs))
+		{
 			BIO_printf (bio_err, "Error reading certs file %s\n", infile);
 			ERR_print_errors(bio_err);
 			goto end;
@ -168,3 +164,4 @@ int MAIN(int argc, char **argv)

 	OPENSSL_EXIT(ret);
 }
+
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
--- a/apps/openssl.c
+++ b/apps/openssl.c
@ -109,11 +109,11 @@
 *
 */

+
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
-#define OPENSSL_C               /* tells apps.h to use complete
-                                 * apps_startup() */
+#define OPENSSL_C /* tells apps.h to use complete apps_startup() */
 #include "apps.h"
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
@ -126,8 +126,7 @@
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
 #endif
-#define USE_SOCKETS             /* needed for the _O_BINARY defs in the MS
-                                 * world */
+#define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
 #include "progs.h"
 #include "s_apps.h"
 #include <openssl/err.h>
@ -135,12 +134,10 @@
 #include <openssl/fips.h>
 #endif

-/*
- * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
- * the base prototypes (we cast each variable inside the function to the
- * required type of "FUNCTION*"). This removes the necessity for
- * macro-generated wrapper functions.
- */
+/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
+ * base prototypes (we cast each variable inside the function to the required
+ * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
+ * functions. */

 static LHASH_OF(FUNCTION) *prog_init(void );
 static int do_cmd(LHASH_OF(FUNCTION) *prog,int argc,char *argv[]);
@ -155,6 +152,7 @@ CONF *config = NULL;
 BIO *bio_err=NULL;
 #endif

+
 static void lock_dbg_cb(int mode, int type, const char *file, int line)
 	{
 	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
@ -162,49 +160,58 @@ static void lock_dbg_cb(int mode, int type, const char *file, int line)
 	int rw;
 	
 	rw = mode & (CRYPTO_READ|CRYPTO_WRITE);
-    if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE))) {
+	if (!((rw == CRYPTO_READ) || (rw == CRYPTO_WRITE)))
+		{
 		errstr = "invalid mode";
 		goto err;
 		}

-    if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
+	if (type < 0 || type >= CRYPTO_NUM_LOCKS)
+		{
 		errstr = "type out of bounds";
 		goto err;
 		}

-    if (mode & CRYPTO_LOCK) {
-        if (modes[type]) {
+	if (mode & CRYPTO_LOCK)
+		{
+		if (modes[type])
+			{
 			errstr = "already locked";
-            /*
-             * must not happen in a single-threaded program (would deadlock)
-             */
+			/* must not happen in a single-threaded program
+			 * (would deadlock) */
 			goto err;
 			}

 		modes[type] = rw;
-    } else if (mode & CRYPTO_UNLOCK) {
-        if (!modes[type]) {
+		}
+	else if (mode & CRYPTO_UNLOCK)
+		{
+		if (!modes[type])
+			{
 			errstr = "not locked";
 			goto err;
 			}
 		
-        if (modes[type] != rw) {
+		if (modes[type] != rw)
+			{
 			errstr = (rw == CRYPTO_READ) ?
 				"CRYPTO_r_unlock on write lock" :
 				"CRYPTO_w_unlock on read lock";
 			}

 		modes[type] = 0;
-    } else {
+		}
+	else
+		{
 		errstr = "invalid mode";
 		goto err;
 		}

 err:
-    if (errstr) {
+	if (errstr)
+		{
 		/* we cannot use bio_err here */
-        fprintf(stderr,
-                "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
+		fprintf(stderr, "openssl (lock_dbg_cb): %s (mode=%d, type=%d) at %s:%d\n",
 			errstr, mode, type, file, line);
 		}
 	}
@ -231,8 +238,7 @@ int main(int Argc, char *ARGV[])
 	long errline;

 #if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
-    /*-
-     * 2011-03-22 SMS.
+	/* 2011-03-22 SMS.
 	 * If we have 32-bit pointers everywhere, then we're safe, and
 	 * we bypass this mess, as on non-VMS systems.  (See ARGV,
 	 * above.)
@ -259,27 +265,25 @@ int main(int Argc, char *ARGV[])
 # if !defined( VMS_TRUST_ARGV)
 	 || (_Argv[ Argc] != NULL)      /* Untrusted argv[argc] not NULL. */
 # endif
-        ) {
+		)
+		{
 		int i;
 		Argv = OPENSSL_malloc( (Argc+ 1)* sizeof( char *));
-        if (Argv == NULL) {
-            ret = -1;
-            goto end;
-        }
+		if (Argv == NULL)
+			{ ret = -1; goto end; }
 		for(i = 0; i < Argc; i++)
 			Argv[i] = _Argv[i];
 		Argv[ Argc] = NULL;     /* Certain NULL termination. */
 		free_Argv = 1;
-    } else {
-        /*
-         * Use the known-good 32-bit argv[] (which needs the type cast to
-         * satisfy the compiler), or the trusted or tested-good 64-bit argv[]
-         * as-is.
-         */
+		}
+	else
+		{
+		/* Use the known-good 32-bit argv[] (which needs the
+		 * type cast to satisfy the compiler), or the trusted or
+		 * tested-good 64-bit argv[] as-is. */
 		Argv = (char **)_Argv;
 		}
-#endif                          /* defined( OPENSSL_SYS_VMS) &&
-                                 * (__INITIAL_POINTER_SIZE == 64) */
+#endif /* defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64) */

 	arg.data=NULL;
 	arg.count=0;
@ -288,13 +292,15 @@ int main(int Argc, char *ARGV[])
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-    if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) { /* if not defined, use
-                                                   * compiled-in library
-                                                   * defaults */
-        if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off"))) {
+	if (getenv("OPENSSL_DEBUG_MEMORY") != NULL) /* if not defined, use compiled-in library defaults */
+		{
+		if (!(0 == strcmp(getenv("OPENSSL_DEBUG_MEMORY"), "off")))
+			{
 			CRYPTO_malloc_debug_init();
 			CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL);
-        } else {
+			}
+		else
+			{
 			/* OPENSSL_DEBUG_MEMORY=off */
 			CRYPTO_set_mem_debug_functions(0, 0, 0, 0, 0);
 			}
@ -334,14 +340,19 @@ int main(int Argc, char *ARGV[])

 	config=NCONF_new(NULL);
 	i=NCONF_load(config,p,&errline);
-    if (i == 0) {
+	if (i == 0)
+		{
 		if (ERR_GET_REASON(ERR_peek_last_error())
-            == CONF_R_NO_SUCH_FILE) {
-            BIO_printf(bio_err, "WARNING: can't open config file: %s\n", p);
+		    == CONF_R_NO_SUCH_FILE)
+			{
+			BIO_printf(bio_err,
+				   "WARNING: can't open config file: %s\n",p);
 			ERR_clear_error();
 			NCONF_free(config);
 			config = NULL;
-        } else {
+			}
+		else
+			{
 			ERR_print_errors(bio_err);
 			NCONF_free(config);
 			exit(1);
@ -355,58 +366,55 @@ int main(int Argc, char *ARGV[])

 	f.name=pname;
 	fp=lh_FUNCTION_retrieve(prog,&f);
-    if (fp != NULL) {
+	if (fp != NULL)
+		{
 		Argv[0]=pname;
 		ret=fp->func(Argc,Argv);
 		goto end;
 		}

-    /*
-     * ok, now check that there are not arguments, if there are, run with
-     * them, shifting the ssleay off the front
-     */
-    if (Argc != 1) {
+	/* ok, now check that there are not arguments, if there are,
+	 * run with them, shifting the ssleay off the front */
+	if (Argc != 1)
+		{
 		Argc--;
 		Argv++;
 		ret=do_cmd(prog,Argc,Argv);
-        if (ret < 0)
-            ret = 0;
+		if (ret < 0) ret=0;
 		goto end;
 		}

 	/* ok, lets enter the old 'OpenSSL>' mode */
 	
-    for (;;) {
+	for (;;)
+		{
 		ret=0;
 		p=buf;
 		n=sizeof buf;
 		i=0;
-        for (;;) {
+		for (;;)
+			{
 			p[0]='\0';
 			if (i++)
 				prompt=">";
-            else
-                prompt = "OpenSSL> ";
+			else	prompt="OpenSSL> ";
 			fputs(prompt,stdout);
 			fflush(stdout);
 			if (!fgets(p,n,stdin))
 				goto end;
-            if (p[0] == '\0')
-                goto end;
+			if (p[0] == '\0') goto end;
 			i=strlen(p);
-            if (i <= 1)
-                break;
-            if (p[i - 2] != '\\')
-                break;
+			if (i <= 1) break;
+			if (p[i-2] != '\\') break;
 			i-=2;
 			p+=i;
 			n-=i;
 			}
-        if (!chopup_args(&arg, buf, &argc, &argv))
-            break;
+		if (!chopup_args(&arg,buf,&argc,&argv)) break;

 		ret=do_cmd(prog,argc,argv);
-        if (ret < 0) {
+		if (ret < 0)
+			{
 			ret=0;
 			goto end;
 			}
@ -419,28 +427,29 @@ int main(int Argc, char *ARGV[])
 end:
 	if (to_free)
 		OPENSSL_free(to_free);
-    if (config != NULL) {
+	if (config != NULL)
+		{
 		NCONF_free(config);
 		config=NULL;
 		}
-    if (prog != NULL)
-        lh_FUNCTION_free(prog);
-    if (arg.data != NULL)
-        OPENSSL_free(arg.data);
+	if (prog != NULL) lh_FUNCTION_free(prog);
+	if (arg.data != NULL) OPENSSL_free(arg.data);

-#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
-    /* Free any duplicate Argv[] storage. */
-    if (free_Argv) {
-        OPENSSL_free(Argv);
-    }
-#endif
 	apps_shutdown();
+
 	CRYPTO_mem_leaks(bio_err);
-    if (bio_err != NULL) {
+	if (bio_err != NULL)
+		{
 		BIO_free(bio_err);
 		bio_err=NULL;
 		}
-
+#if defined( OPENSSL_SYS_VMS) && (__INITIAL_POINTER_SIZE == 64)
+	/* Free any duplicate Argv[] storage. */
+	if (free_Argv)
+		{
+		OPENSSL_free(Argv);
+		}
+#endif
 	OPENSSL_EXIT(ret);
 	}

@ -451,31 +460,37 @@ int main(int Argc, char *ARGV[])
 #define LIST_CIPHER_ALGORITHMS "list-cipher-algorithms"
 #define LIST_PUBLIC_KEY_ALGORITHMS "list-public-key-algorithms"

+
 static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
 	{
 	FUNCTION f,*fp;
 	int i,ret=1,tp,nl;

-    if ((argc <= 0) || (argv[0] == NULL)) {
-        ret = 0;
-        goto end;
-    }
+	if ((argc <= 0) || (argv[0] == NULL))
+		{ ret=0; goto end; }
 	f.name=argv[0];
 	fp=lh_FUNCTION_retrieve(prog,&f);
-    if (fp == NULL) {
-        if (EVP_get_digestbyname(argv[0])) {
+	if (fp == NULL)
+		{
+		if (EVP_get_digestbyname(argv[0]))
+			{
 			f.type = FUNC_TYPE_MD;
 			f.func = dgst_main;
 			fp = &f;
-        } else if (EVP_get_cipherbyname(argv[0])) {
+			}
+		else if (EVP_get_cipherbyname(argv[0]))
+			{
 			f.type = FUNC_TYPE_CIPHER;
 			f.func = enc_main;
 			fp = &f;
 			}
 		}
-    if (fp != NULL) {
+	if (fp != NULL)
+		{
 		ret=fp->func(argc,argv);
-    } else if ((strncmp(argv[0], "no-", 3)) == 0) {
+		}
+	else if ((strncmp(argv[0],"no-",3)) == 0)
+		{
 		BIO *bio_stdout = BIO_new_fp(stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -491,18 +506,22 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
 			BIO_printf(bio_stdout, "%s\n", argv[0]+3);
 		BIO_free_all(bio_stdout);
 		goto end;
-    } else if ((strcmp(argv[0], "quit") == 0) ||
+		}
+	else if ((strcmp(argv[0],"quit") == 0) ||
 		(strcmp(argv[0],"q") == 0) ||
 		(strcmp(argv[0],"exit") == 0) ||
-               (strcmp(argv[0], "bye") == 0)) {
+		(strcmp(argv[0],"bye") == 0))
+		{
 		ret= -1;
 		goto end;
-    } else if ((strcmp(argv[0], LIST_STANDARD_COMMANDS) == 0) ||
+		}
+	else if ((strcmp(argv[0],LIST_STANDARD_COMMANDS) == 0) ||
 		(strcmp(argv[0],LIST_MESSAGE_DIGEST_COMMANDS) == 0) ||
 		(strcmp(argv[0],LIST_MESSAGE_DIGEST_ALGORITHMS) == 0) ||
 		(strcmp(argv[0],LIST_CIPHER_COMMANDS) == 0) ||
 		(strcmp(argv[0],LIST_CIPHER_ALGORITHMS) == 0) ||
-               (strcmp(argv[0], LIST_PUBLIC_KEY_ALGORITHMS) == 0)) {
+		(strcmp(argv[0],LIST_PUBLIC_KEY_ALGORITHMS) == 0))
+		{
 		int list_type;
 		BIO *bio_stdout;

@ -535,21 +554,26 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
 			list_md(bio_stdout);	
 		if (list_type == FUNC_TYPE_CIPHER_ALG)
 			list_cipher(bio_stdout);	
-        else {
+		else
+			{
 			for (fp=functions; fp->name != NULL; fp++)
 				if (fp->type == list_type)
-                    BIO_printf(bio_stdout, "%s\n", fp->name);
+					BIO_printf(bio_stdout, "%s\n",
+								fp->name);
 			}
 		BIO_free_all(bio_stdout);
 		ret=0;
 		goto end;
-    } else {
+		}
+	else
+		{
 		BIO_printf(bio_err,"openssl:Error: '%s' is an invalid command.\n",
 			argv[0]);
 		BIO_printf(bio_err, "\nStandard commands");
 		i=0;
 		tp=0;
-        for (fp = functions; fp->name != NULL; fp++) {
+		for (fp=functions; fp->name != NULL; fp++)
+			{
 			nl=0;
 #ifdef OPENSSL_NO_CAMELLIA
 			if (((i++) % 5) == 0)
@ -560,18 +584,20 @@ static int do_cmd(LHASH_OF(FUNCTION) *prog, int argc, char *argv[])
 				BIO_printf(bio_err,"\n");
 				nl=1;
 				}
-            if (fp->type != tp) {
+			if (fp->type != tp)
+				{
 				tp=fp->type;
-                if (!nl)
-                    BIO_printf(bio_err, "\n");
-                if (tp == FUNC_TYPE_MD) {
+				if (!nl) BIO_printf(bio_err,"\n");
+				if (tp == FUNC_TYPE_MD)
+					{
 					i=1;
 					BIO_printf(bio_err,
 						"\nMessage Digest commands (see the `dgst' command for more details)\n");
-                } else if (tp == FUNC_TYPE_CIPHER) {
+					}
+				else if (tp == FUNC_TYPE_CIPHER)
+					{
 					i=1;
-                    BIO_printf(bio_err,
-                               "\nCipher commands (see the `enc' command for more details)\n");
+					BIO_printf(bio_err,"\nCipher commands (see the `enc' command for more details)\n");
 					}
 				}
 #ifdef OPENSSL_NO_CAMELLIA
@ -600,18 +626,23 @@ static int SortFnByName(const void *_f1, const void *_f2)
 static void list_pkey(BIO *out)
 	{
 	int i;
-    for (i = 0; i < EVP_PKEY_asn1_get_count(); i++) {
+	for (i = 0; i < EVP_PKEY_asn1_get_count(); i++)
+		{
 		const EVP_PKEY_ASN1_METHOD *ameth;
 		int pkey_id, pkey_base_id, pkey_flags;
 		const char *pinfo, *pem_str;
 		ameth = EVP_PKEY_asn1_get0(i);
 		EVP_PKEY_asn1_get0_info(&pkey_id, &pkey_base_id, &pkey_flags,
 						&pinfo, &pem_str, ameth);
-        if (pkey_flags & ASN1_PKEY_ALIAS) {
-            BIO_printf(out, "Name: %s\n", OBJ_nid2ln(pkey_id));
+		if (pkey_flags & ASN1_PKEY_ALIAS)
+			{
+			BIO_printf(out, "Name: %s\n", 
+					OBJ_nid2ln(pkey_id));
 			BIO_printf(out, "\tType: Alias to %s\n",
 					OBJ_nid2ln(pkey_base_id));
-        } else {
+			}
+		else
+			{
 			BIO_printf(out, "Name: %s\n", pinfo);
 			BIO_printf(out, "\tType: %s Algorithm\n", 
 				pkey_flags & ASN1_PKEY_DYNAMIC ?
@ -630,7 +661,8 @@ static void list_cipher_fn(const EVP_CIPHER *c,
 	{
 	if (c)
 		BIO_printf(arg, "%s\n", EVP_CIPHER_name(c));
-    else {
+	else
+		{
 		if (!from)
 			from = "<undefined>";
 		if (!to)
@ -649,7 +681,8 @@ static void list_md_fn(const EVP_MD *m,
 	{
 	if (m)
 		BIO_printf(arg, "%s\n", EVP_MD_name(m));
-    else {
+	else
+		{
 		if (!from)
 			from = "<undefined>";
 		if (!to)
@ -667,14 +700,12 @@ static int MS_CALLBACK function_cmp(const FUNCTION * a, const FUNCTION * b)
 	{
 	return strncmp(a->name,b->name,8);
 	}
-
 static IMPLEMENT_LHASH_COMP_FN(function, FUNCTION)

 static unsigned long MS_CALLBACK function_hash(const FUNCTION *a)
 	{
 	return lh_strhash(a->name);
 	}	
-
 static IMPLEMENT_LHASH_HASH_FN(function, FUNCTION)

 static LHASH_OF(FUNCTION) *prog_init(void)
@ -684,7 +715,8 @@ static LHASH_OF(FUNCTION) *prog_init(void)
 	size_t i;

 	/* Purely so it looks nice when the user hits ? */
-    for (i = 0, f = functions; f->name != NULL; ++f, ++i) ;
+	for(i=0,f=functions ; f->name != NULL ; ++f,++i)
+	    ;
 	qsort(functions,i,sizeof *functions,SortFnByName);

 	if ((ret=lh_FUNCTION_new()) == NULL)
@ -694,3 +726,4 @@ static LHASH_OF(FUNCTION) *prog_init(void)
 		(void)lh_FUNCTION_insert(ret,f);
 	return(ret);
 	}
+
--- a/apps/passwd.c
+++ b/apps/passwd.c
@ -22,9 +22,11 @@
 # include <openssl/md5.h>
 #endif

+
 #undef PROG
 #define PROG passwd_main

+
 static unsigned const char cov_2char[64]={
 	/* from crypto/des/fcrypt.c */
 	0x2E,0x2F,0x30,0x31,0x32,0x33,0x34,0x35,
@ -38,12 +40,10 @@ static unsigned const char cov_2char[64] = {
 };

 static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
-                     char *passwd, BIO *out, int quiet, int table,
-                     int reverse, size_t pw_maxlen, int usecrypt, int use1,
-                     int useapr1);
+	char *passwd, BIO *out, int quiet, int table, int reverse,
+	size_t pw_maxlen, int usecrypt, int use1, int useapr1);

-/*-
- * -crypt        - standard Unix password algorithm (default)
+/* -crypt        - standard Unix password algorithm (default)
 * -1            - MD5-based password algorithm
 * -apr1         - MD5-based password algorithm, Apache variant
 * -salt string  - salt
@ -94,32 +94,45 @@ int MAIN(int argc, char **argv)

 	badopt = 0, opt_done = 0;
 	i = 0;
-    while (!badopt && !opt_done && argv[++i] != NULL) {
+	while (!badopt && !opt_done && argv[++i] != NULL)
+		{
 		if (strcmp(argv[i], "-crypt") == 0)
 			usecrypt = 1;
 		else if (strcmp(argv[i], "-1") == 0)
 			use1 = 1;
 		else if (strcmp(argv[i], "-apr1") == 0)
 			useapr1 = 1;
-        else if (strcmp(argv[i], "-salt") == 0) {
-            if ((argv[i + 1] != NULL) && (salt == NULL)) {
+		else if (strcmp(argv[i], "-salt") == 0)
+			{
+			if ((argv[i+1] != NULL) && (salt == NULL))
+				{
 				passed_salt = 1;
 				salt = argv[++i];
-            } else
+				}
+			else
 				badopt = 1;
-        } else if (strcmp(argv[i], "-in") == 0) {
-            if ((argv[i + 1] != NULL) && !pw_source_defined) {
+			}
+		else if (strcmp(argv[i], "-in") == 0)
+			{
+			if ((argv[i+1] != NULL) && !pw_source_defined)
+				{
 				pw_source_defined = 1;
 				infile = argv[++i];
-            } else
+				}
+			else
 				badopt = 1;
-        } else if (strcmp(argv[i], "-stdin") == 0) {
-            if (!pw_source_defined) {
+			}
+		else if (strcmp(argv[i], "-stdin") == 0)
+			{
+			if (!pw_source_defined)
+				{
 				pw_source_defined = 1;
 				in_stdin = 1;
-            } else
+				}
+			else
 				badopt = 1;
-        } else if (strcmp(argv[i], "-noverify") == 0)
+			}
+		else if (strcmp(argv[i], "-noverify") == 0)
 			in_noverify = 1;
 		else if (strcmp(argv[i], "-quiet") == 0)
 			quiet = 1;
@ -135,7 +148,8 @@ int MAIN(int argc, char **argv)
 			pw_source_defined = 1;
 			passwds = &argv[i];
 			opt_done = 1;
-        } else
+			}
+		else
 			badopt = 1;
 		}

@ -146,32 +160,27 @@ int MAIN(int argc, char **argv)

 	/* reject unsupported algorithms */
 #ifdef OPENSSL_NO_DES
-    if (usecrypt)
-        badopt = 1;
+	if (usecrypt) badopt = 1;
 #endif
 #ifdef NO_MD5CRYPT_1
-    if (use1 || useapr1)
-        badopt = 1;
+	if (use1 || useapr1) badopt = 1;
 #endif

-    if (badopt) {
+	if (badopt) 
+		{
 		BIO_printf(bio_err, "Usage: passwd [options] [passwords]\n");
 		BIO_printf(bio_err, "where options are\n");
 #ifndef OPENSSL_NO_DES
-        BIO_printf(bio_err,
-                   "-crypt             standard Unix password algorithm (default)\n");
+		BIO_printf(bio_err, "-crypt             standard Unix password algorithm (default)\n");
 #endif
 #ifndef NO_MD5CRYPT_1
-        BIO_printf(bio_err,
-                   "-1                 MD5-based password algorithm\n");
-        BIO_printf(bio_err,
-                   "-apr1              MD5-based password algorithm, Apache variant\n");
+		BIO_printf(bio_err, "-1                 MD5-based password algorithm\n");
+		BIO_printf(bio_err, "-apr1              MD5-based password algorithm, Apache variant\n");
 #endif
 		BIO_printf(bio_err, "-salt string       use provided salt\n");
 		BIO_printf(bio_err, "-in file           read passwords from file\n");
 		BIO_printf(bio_err, "-stdin             read passwords from stdin\n");
-        BIO_printf(bio_err,
-                   "-noverify          never verify when reading password from terminal\n");
+		BIO_printf(bio_err, "-noverify          never verify when reading password from terminal\n");
 		BIO_printf(bio_err, "-quiet             no warnings\n");
 		BIO_printf(bio_err, "-table             format output as table\n");
 		BIO_printf(bio_err, "-reverse           switch table columns\n");
@ -179,15 +188,19 @@ int MAIN(int argc, char **argv)
 		goto err;
 		}

-    if ((infile != NULL) || in_stdin) {
+	if ((infile != NULL) || in_stdin)
+		{
 		in = BIO_new(BIO_s_file());
 		if (in == NULL)
 			goto err;
-        if (infile != NULL) {
+		if (infile != NULL)
+			{
 			assert(in_stdin == 0);
 			if (BIO_read_filename(in, infile) <= 0)
 				goto err;
-        } else {
+			}
+		else
+			{
 			assert(in_stdin);
 			BIO_set_fp(in, stdin, BIO_NOCLOSE);
 			}
@ -196,59 +209,61 @@ int MAIN(int argc, char **argv)
 	if (usecrypt)
 		pw_maxlen = 8;
 	else if (use1 || useapr1)
-        pw_maxlen = 256;        /* arbitrary limit, should be enough for most
-                                 * passwords */
+		pw_maxlen = 256; /* arbitrary limit, should be enough for most passwords */

-    if (passwds == NULL) {
+	if (passwds == NULL)
+		{
 		/* no passwords on the command line */

 		passwd_malloc_size = pw_maxlen + 2;
-        /*
-         * longer than necessary so that we can warn about truncation
-         */
+		/* longer than necessary so that we can warn about truncation */
 		passwd = passwd_malloc = OPENSSL_malloc(passwd_malloc_size);
 		if (passwd_malloc == NULL)
 			goto err;
 		}

-    if ((in == NULL) && (passwds == NULL)) {
+	if ((in == NULL) && (passwds == NULL))
+		{
 		/* build a null-terminated list */
 		static char *passwds_static[2] = {NULL, NULL};
 		
 		passwds = passwds_static;
 		if (in == NULL)
-            if (EVP_read_pw_string
-                (passwd_malloc, passwd_malloc_size, "Password: ",
-                 !(passed_salt || in_noverify)) != 0)
+			if (EVP_read_pw_string(passwd_malloc, passwd_malloc_size, "Password: ", !(passed_salt || in_noverify)) != 0)
 				goto err;
 		passwds[0] = passwd_malloc;
 		}

-    if (in == NULL) {
+	if (in == NULL)
+		{
 		assert(passwds != NULL);
 		assert(*passwds != NULL);
 		
-        do {                    /* loop over list of passwords */
+		do /* loop over list of passwords */
+			{
 			passwd = *passwds++;
 			if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
-                           quiet, table, reverse, pw_maxlen, usecrypt, use1,
-                           useapr1))
+				quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
 				goto err;
 			}
 		while (*passwds != NULL);
-    } else
+		}
+	else
 		/* in != NULL */
 		{
 		int done;

 		assert (passwd != NULL);
-        do {
+		do
+			{
 			int r = BIO_gets(in, passwd, pw_maxlen + 1);
-            if (r > 0) {
+			if (r > 0)
+				{
 				char *c = (strchr(passwd, '\n')) ;
 				if (c != NULL)
 					*c = 0; /* truncate at newline */
-                else {
+				else
+					{
 					/* ignore rest of line */
 					char trash[BUFSIZ];
 					do
@ -257,8 +272,7 @@ int MAIN(int argc, char **argv)
 					}
 				
 				if (!do_passwd(passed_salt, &salt, &salt_malloc, passwd, out,
-                               quiet, table, reverse, pw_maxlen, usecrypt,
-                               use1, useapr1))
+					quiet, table, reverse, pw_maxlen, usecrypt, use1, useapr1))
 					goto err;
 				}
 			done = (r <= 0);
@ -281,20 +295,21 @@ int MAIN(int argc, char **argv)
 	OPENSSL_EXIT(ret);
 	}

+
 #ifndef NO_MD5CRYPT_1
-/*
- * MD5-based password algorithm (should probably be available as a library
- * function; then the static buffer would not be acceptable). For magic
- * string "1", this should be compatible to the MD5-based BSD password
- * algorithm. For 'magic' string "apr1", this is compatible to the MD5-based
- * Apache password algorithm. (Apparently, the Apache password algorithm is
- * identical except that the 'magic' string was changed -- the laziest
- * application of the NIH principle I've ever encountered.)
+/* MD5-based password algorithm (should probably be available as a library
+ * function; then the static buffer would not be acceptable).
+ * For magic string "1", this should be compatible to the MD5-based BSD
+ * password algorithm.
+ * For 'magic' string "apr1", this is compatible to the MD5-based Apache
+ * password algorithm.
+ * (Apparently, the Apache password algorithm is identical except that the
+ * 'magic' string was changed -- the laziest application of the NIH principle
+ * I've ever encountered.)
 */
 static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	{
-    /* "$apr1$..salt..$.......md5hash..........\0" */
-    static char out_buf[6 + 9 + 24 + 2];
+	static char out_buf[6 + 9 + 24 + 2]; /* "$apr1$..salt..$.......md5hash..........\0" */
 	unsigned char buf[MD5_DIGEST_LENGTH];
 	char *salt_out;
 	int n;
@ -334,13 +349,15 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	EVP_DigestUpdate(&md, buf, i);
 	
 	n = passwd_len;
-    while (n) {
+	while (n)
+		{
 		EVP_DigestUpdate(&md, (n & 1) ? "\0" : passwd, 1);
 		n >>= 1;
 		}
 	EVP_DigestFinal_ex(&md, buf, NULL);

-    for (i = 0; i < 1000; i++) {
+	for (i = 0; i < 1000; i++)
+		{
 		EVP_DigestInit_ex(&md2,EVP_md5(), NULL);
 		EVP_DigestUpdate(&md2, (i & 1) ? (unsigned const char *) passwd : buf,
 		                       (i & 1) ? passwd_len : sizeof buf);
@ -362,13 +379,11 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 		char *output;

 		/* silly output permutation */
-        for (dest = 0, source = 0; dest < 14;
-             dest++, source = (source + 6) % 17)
+		for (dest = 0, source = 0; dest < 14; dest++, source = (source + 6) % 17)
 			buf_perm[dest] = buf[source];
 		buf_perm[14] = buf[5];
 		buf_perm[15] = buf[11];
-#  ifndef PEDANTIC              /* Unfortunately, this generates a "no
-                                 * effect" warning */
+#ifndef PEDANTIC /* Unfortunately, this generates a "no effect" warning */
 		assert(16 == sizeof buf_perm);
 #endif
 		
@ -377,7 +392,8 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 		
 		*output++ = '$';

-        for (i = 0; i < 15; i += 3) {
+		for (i = 0; i < 15; i += 3)
+			{
 			*output++ = cov_2char[buf_perm[i+2] & 0x3f];
 			*output++ = cov_2char[((buf_perm[i+1] & 0xf) << 2) |
 				                  (buf_perm[i+2] >> 6)];
@ -397,10 +413,10 @@ static char *md5crypt(const char *passwd, const char *magic, const char *salt)
 	}
 #endif

+
 static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
-                     char *passwd, BIO *out, int quiet, int table,
-                     int reverse, size_t pw_maxlen, int usecrypt, int use1,
-                     int useapr1)
+	char *passwd, BIO *out,	int quiet, int table, int reverse,
+	size_t pw_maxlen, int usecrypt, int use1, int useapr1)
 	{
 	char *hash = NULL;

@ -408,10 +424,13 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	assert(salt_malloc_p != NULL);

 	/* first make sure we have a salt */
-    if (!passed_salt) {
+	if (!passed_salt)
+		{
 #ifndef OPENSSL_NO_DES
-        if (usecrypt) {
-            if (*salt_malloc_p == NULL) {
+		if (usecrypt)
+			{
+			if (*salt_malloc_p == NULL)
+				{
 				*salt_p = *salt_malloc_p = OPENSSL_malloc(3);
 				if (*salt_malloc_p == NULL)
 					goto err;
@ -422,17 +441,19 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 			(*salt_p)[1] = cov_2char[(*salt_p)[1] & 0x3f]; /* 6 bits */
 			(*salt_p)[2] = 0;
 #ifdef CHARSET_EBCDIC
-            ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert back
-                                                * to ASCII */
+			ascii2ebcdic(*salt_p, *salt_p, 2); /* des_crypt will convert
+			                                    * back to ASCII */
 #endif
 			}
 #endif /* !OPENSSL_NO_DES */

 #ifndef NO_MD5CRYPT_1
-        if (use1 || useapr1) {
+		if (use1 || useapr1)
+			{
 			int i;
 			
-            if (*salt_malloc_p == NULL) {
+			if (*salt_malloc_p == NULL)
+				{
 				*salt_p = *salt_malloc_p = OPENSSL_malloc(9);
 				if (*salt_malloc_p == NULL)
 					goto err;
@ -450,14 +471,11 @@ static int do_passwd(int passed_salt, char **salt_p, char **salt_malloc_p,
 	assert(*salt_p != NULL);
 	
 	/* truncate password if necessary */
-    if ((strlen(passwd) > pw_maxlen)) {
+	if ((strlen(passwd) > pw_maxlen))
+		{
 		if (!quiet)
-            /*
-             * XXX: really we should know how to print a size_t, not cast it
-             */
-            BIO_printf(bio_err,
-                       "Warning: truncating password to %u characters\n",
-                       (unsigned)pw_maxlen);
+			/* XXX: really we should know how to print a size_t, not cast it */
+			BIO_printf(bio_err, "Warning: truncating password to %u characters\n", (unsigned)pw_maxlen);
 		passwd[pw_maxlen] = 0;
 		}
 	assert(strlen(passwd) <= pw_maxlen);
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@ -1,6 +1,5 @@
 /* pkcs12.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
 /* ====================================================================
@ -73,23 +72,19 @@

 const EVP_CIPHER *enc;

+
 #define NOKEYS		0x1
 #define NOCERTS 	0x2
 #define INFO		0x4
 #define CLCERTS		0x8
 #define CACERTS		0x10

-static int get_cert_chain(X509 *cert, X509_STORE *store,
-                          STACK_OF(X509) **chain);
-int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen,
-                        int options, char *pempass);
-int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
-                          char *pass, int passlen, int options,
-                          char *pempass);
-int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass,
+int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain);
+int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass, int passlen, int options, char *pempass);
+int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags, char *pass,
 			  int passlen, int options, char *pempass);
-int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
-                  const char *name);
+int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bags, char *pass, int passlen, int options, char *pempass);
+int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name);
 void hex_prin(BIO *out, unsigned char *buf, int len);
 int alg_print(BIO *x, X509_ALGOR *alg);
 int cert_load(BIO *in, STACK_OF(X509) *sk);
@ -135,13 +130,6 @@ int MAIN(int argc, char **argv)

    apps_startup();

-    enc = EVP_des_ede3_cbc();
-    if (bio_err == NULL)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
-
-    if (!load_config(bio_err, NULL))
-        goto end;
-
 #ifdef OPENSSL_FIPS
    if (FIPS_mode())
 	cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
@ -149,66 +137,50 @@ int MAIN(int argc, char **argv)
 #endif
    cert_pbe = NID_pbe_WithSHA1And40BitRC2_CBC;

+    enc = EVP_des_ede3_cbc();
+    if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
+
    args = argv + 1;

+
    while (*args) {
 	if (*args[0] == '-') {
-            if (!strcmp(*args, "-nokeys"))
-                options |= NOKEYS;
-            else if (!strcmp(*args, "-keyex"))
-                keytype = KEY_EX;
-            else if (!strcmp(*args, "-keysig"))
-                keytype = KEY_SIG;
-            else if (!strcmp(*args, "-nocerts"))
-                options |= NOCERTS;
-            else if (!strcmp(*args, "-clcerts"))
-                options |= CLCERTS;
-            else if (!strcmp(*args, "-cacerts"))
-                options |= CACERTS;
-            else if (!strcmp(*args, "-noout"))
-                options |= (NOKEYS | NOCERTS);
-            else if (!strcmp(*args, "-info"))
-                options |= INFO;
-            else if (!strcmp(*args, "-chain"))
-                chain = 1;
-            else if (!strcmp(*args, "-twopass"))
-                twopass = 1;
-            else if (!strcmp(*args, "-nomacver"))
-                macver = 0;
+		if (!strcmp (*args, "-nokeys")) options |= NOKEYS;
+		else if (!strcmp (*args, "-keyex")) keytype = KEY_EX;
+		else if (!strcmp (*args, "-keysig")) keytype = KEY_SIG;
+		else if (!strcmp (*args, "-nocerts")) options |= NOCERTS;
+		else if (!strcmp (*args, "-clcerts")) options |= CLCERTS;
+		else if (!strcmp (*args, "-cacerts")) options |= CACERTS;
+		else if (!strcmp (*args, "-noout")) options |= (NOKEYS|NOCERTS);
+		else if (!strcmp (*args, "-info")) options |= INFO;
+		else if (!strcmp (*args, "-chain")) chain = 1;
+		else if (!strcmp (*args, "-twopass")) twopass = 1;
+		else if (!strcmp (*args, "-nomacver")) macver = 0;
 		else if (!strcmp (*args, "-descert"))
    			cert_pbe = NID_pbe_WithSHA1And3_Key_TripleDES_CBC;
-            else if (!strcmp(*args, "-export"))
-                export_cert = 1;
-            else if (!strcmp(*args, "-des"))
-                enc = EVP_des_cbc();
-            else if (!strcmp(*args, "-des3"))
-                enc = EVP_des_ede3_cbc();
+		else if (!strcmp (*args, "-export")) export_cert = 1;
+		else if (!strcmp (*args, "-des")) enc=EVP_des_cbc();
+		else if (!strcmp (*args, "-des3")) enc = EVP_des_ede3_cbc();
 #ifndef OPENSSL_NO_IDEA
-            else if (!strcmp(*args, "-idea"))
-                enc = EVP_idea_cbc();
+		else if (!strcmp (*args, "-idea")) enc=EVP_idea_cbc();
 #endif
 #ifndef OPENSSL_NO_SEED
-            else if (!strcmp(*args, "-seed"))
-                enc = EVP_seed_cbc();
+		else if (!strcmp(*args, "-seed")) enc=EVP_seed_cbc();
 #endif
 #ifndef OPENSSL_NO_AES
-            else if (!strcmp(*args, "-aes128"))
-                enc = EVP_aes_128_cbc();
-            else if (!strcmp(*args, "-aes192"))
-                enc = EVP_aes_192_cbc();
-            else if (!strcmp(*args, "-aes256"))
-                enc = EVP_aes_256_cbc();
+		else if (!strcmp(*args,"-aes128")) enc=EVP_aes_128_cbc();
+		else if (!strcmp(*args,"-aes192")) enc=EVP_aes_192_cbc();
+		else if (!strcmp(*args,"-aes256")) enc=EVP_aes_256_cbc();
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
-            else if (!strcmp(*args, "-camellia128"))
-                enc = EVP_camellia_128_cbc();
-            else if (!strcmp(*args, "-camellia192"))
-                enc = EVP_camellia_192_cbc();
-            else if (!strcmp(*args, "-camellia256"))
-                enc = EVP_camellia_256_cbc();
+		else if (!strcmp(*args,"-camellia128")) enc=EVP_camellia_128_cbc();
+		else if (!strcmp(*args,"-camellia192")) enc=EVP_camellia_192_cbc();
+		else if (!strcmp(*args,"-camellia256")) enc=EVP_camellia_256_cbc();
 #endif
-            else if (!strcmp(*args, "-noiter"))
-                iter = 1;
+		else if (!strcmp (*args, "-noiter")) iter = 1;
 		else if (!strcmp (*args, "-maciter"))
 					 maciter = PKCS12_DEFAULT_ITER;
 		else if (!strcmp (*args, "-nomaciter"))
@ -219,10 +191,8 @@ int MAIN(int argc, char **argv)
 		    if (args[1]) {
 			args++;	
 			macalg = *args;
-                } else
-                    badarg = 1;
-            else if (!strcmp(*args, "-nodes"))
-                enc = NULL;
+		    } else badarg = 1;
+		else if (!strcmp (*args, "-nodes")) enc=NULL;
 		else if (!strcmp (*args, "-certpbe")) {
 			if (!set_pbe(bio_err, &cert_pbe, *++args))
 				badarg = 1;
@ -233,98 +203,81 @@ int MAIN(int argc, char **argv)
 		    if (args[1]) {
 			args++;	
 			inrand = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-inkey")) {
 		    if (args[1]) {
 			args++;	
 			keyname = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-certfile")) {
 		    if (args[1]) {
 			args++;	
 			certfile = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-name")) {
 		    if (args[1]) {
 			args++;	
 			name = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-LMK"))
 			add_lmk = 1;
 		else if (!strcmp (*args, "-CSP")) {
 		    if (args[1]) {
 			args++;	
 			csp_name = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-caname")) {
 		    if (args[1]) {
 			args++;	
-                    if (!canames)
-                        canames = sk_OPENSSL_STRING_new_null();
+			if (!canames) canames = sk_OPENSSL_STRING_new_null();
 			sk_OPENSSL_STRING_push(canames, *args);
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-in")) {
 		    if (args[1]) {
 			args++;	
 			infile = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-out")) {
 		    if (args[1]) {
 			args++;	
 			outfile = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp(*args,"-passin")) {
 		    if (args[1]) {
 			args++;	
 			passargin = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp(*args,"-passout")) {
 		    if (args[1]) {
 			args++;	
 			passargout = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp (*args, "-password")) {
 		    if (args[1]) {
 			args++;	
 			passarg = *args;
 		    	noprompt = 1;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp(*args,"-CApath")) {
 		    if (args[1]) {
 			args++;	
 			CApath = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 		} else if (!strcmp(*args,"-CAfile")) {
 		    if (args[1]) {
 			args++;	
 			CAfile = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 #ifndef OPENSSL_NO_ENGINE
 		} else if (!strcmp(*args,"-engine")) {
 		    if (args[1]) {
 			args++;	
 			engine = *args;
-                } else
-                    badarg = 1;
+		    } else badarg = 1;
 #endif
-            } else
-                badarg = 1;
+		} else badarg = 1;

-        } else
-            badarg = 1;
+	} else badarg = 1;
 	args++;
    }

@ -338,23 +291,18 @@ int MAIN(int argc, char **argv)
 	BIO_printf (bio_err, "-CApath arg   - PEM format directory of CA's\n");
 	BIO_printf (bio_err, "-CAfile arg   - PEM format file of CA's\n");
 	BIO_printf (bio_err, "-name \"name\"  use name as friendly name\n");
-        BIO_printf(bio_err,
-                   "-caname \"nm\"  use nm as CA friendly name (can be used more than once).\n");
+	BIO_printf (bio_err, "-caname \"nm\"  use nm as CA friendly name (can be used more than once).\n");
 	BIO_printf (bio_err, "-in  infile   input filename\n");
 	BIO_printf (bio_err, "-out outfile  output filename\n");
-        BIO_printf(bio_err,
-                   "-noout        don't output anything, just verify.\n");
+	BIO_printf (bio_err, "-noout        don't output anything, just verify.\n");
 	BIO_printf (bio_err, "-nomacver     don't verify MAC.\n");
 	BIO_printf (bio_err, "-nocerts      don't output certificates.\n");
-        BIO_printf(bio_err,
-                   "-clcerts      only output client certificates.\n");
+	BIO_printf (bio_err, "-clcerts      only output client certificates.\n");
 	BIO_printf (bio_err, "-cacerts      only output CA certificates.\n");
 	BIO_printf (bio_err, "-nokeys       don't output private keys.\n");
-        BIO_printf(bio_err,
-                   "-info         give info about PKCS#12 structure.\n");
+	BIO_printf (bio_err, "-info         give info about PKCS#12 structure.\n");
 	BIO_printf (bio_err, "-des          encrypt private keys with DES\n");
-        BIO_printf(bio_err,
-                   "-des3         encrypt private keys with triple DES (default)\n");
+	BIO_printf (bio_err, "-des3         encrypt private keys with triple DES (default)\n");
 #ifndef OPENSSL_NO_IDEA
 	BIO_printf (bio_err, "-idea         encrypt private keys with idea\n");
 #endif
@ -363,58 +311,45 @@ int MAIN(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_AES
 	BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
-        BIO_printf(bio_err,
-                   "              encrypt PEM output with cbc aes\n");
+	BIO_printf (bio_err, "              encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 	BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
-        BIO_printf(bio_err,
-                   "              encrypt PEM output with cbc camellia\n");
+	BIO_printf (bio_err, "              encrypt PEM output with cbc camellia\n");
 #endif
 	BIO_printf (bio_err, "-nodes        don't encrypt private keys\n");
 	BIO_printf (bio_err, "-noiter       don't use encryption iteration\n");
 	BIO_printf (bio_err, "-nomaciter    don't use MAC iteration\n");
 	BIO_printf (bio_err, "-maciter      use MAC iteration\n");
 	BIO_printf (bio_err, "-nomac        don't generate MAC\n");
-        BIO_printf(bio_err,
-                   "-twopass      separate MAC, encryption passwords\n");
-        BIO_printf(bio_err,
-                   "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
-        BIO_printf(bio_err,
-                   "-certpbe alg  specify certificate PBE algorithm (default RC2-40)\n");
-        BIO_printf(bio_err,
-                   "-keypbe alg   specify private key PBE algorithm (default 3DES)\n");
-        BIO_printf(bio_err,
-                   "-macalg alg   digest algorithm used in MAC (default SHA1)\n");
+	BIO_printf (bio_err, "-twopass      separate MAC, encryption passwords\n");
+	BIO_printf (bio_err, "-descert      encrypt PKCS#12 certificates with triple DES (default RC2-40)\n");
+	BIO_printf (bio_err, "-certpbe alg  specify certificate PBE algorithm (default RC2-40)\n");
+	BIO_printf (bio_err, "-keypbe alg   specify private key PBE algorithm (default 3DES)\n");
+	BIO_printf (bio_err, "-macalg alg   digest algorithm used in MAC (default SHA1)\n");
 	BIO_printf (bio_err, "-keyex        set MS key exchange type\n");
 	BIO_printf (bio_err, "-keysig       set MS key signature type\n");
-        BIO_printf(bio_err,
-                   "-password p   set import/export password source\n");
+	BIO_printf (bio_err, "-password p   set import/export password source\n");
 	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
 	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   "-engine e     use engine e, possibly a hardware device.\n");
+	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
 #endif
-        BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-                   LIST_SEPARATOR_CHAR);
-        BIO_printf(bio_err,
-                   "              load the file (or the files in the directory) into\n");
+	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
 	BIO_printf(bio_err,  "              the random number generator\n");
 	BIO_printf(bio_err,  "-CSP name     Microsoft CSP name\n");
-        BIO_printf(bio_err,
-                   "-LMK          Add local machine keyset attribute to private key\n");
+	BIO_printf(bio_err,  "-LMK          Add local machine keyset attribute to private key\n");
    	goto end;
    }
+
 #ifndef OPENSSL_NO_ENGINE
    e = setup_engine(bio_err, engine, 0);
 #endif

    if(passarg) {
-        if (export_cert)
-            passargout = passarg;
-        else
-            passargin = passarg;
+	if(export_cert) passargout = passarg;
+	else passargin = passarg;
    }

    if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
@ -423,10 +358,8 @@ int MAIN(int argc, char **argv)
    }

    if(!cpass) {
-        if (export_cert)
-            cpass = passout;
-        else
-            cpass = passin;
+    	if(export_cert) cpass = passout;
+    	else cpass = passin;
    }

    if(cpass) {
@ -449,16 +382,15 @@ int MAIN(int argc, char **argv)
    CRYPTO_push_info("read files");
 #endif

-    if (!infile)
-        in = BIO_new_fp(stdin, BIO_NOCLOSE);
-    else
-        in = BIO_new_file(infile, "rb");
+    if (!infile) in = BIO_new_fp(stdin, BIO_NOCLOSE);
+    else in = BIO_new_file(infile, "rb");
    if (!in) {
 	    BIO_printf(bio_err, "Error opening input file %s\n",
 						infile ? infile : "<stdin>");
 	    perror (infile);
 	    goto end;
   }
+
 #ifdef CRYPTO_MDEBUG
    CRYPTO_pop_info();
    CRYPTO_push_info("write files");
@ -472,8 +404,7 @@ int MAIN(int argc, char **argv)
 	    out = BIO_push(tmpbio, out);
 	}
 #endif
-    } else
-        out = BIO_new_file(outfile, "wb");
+    } else out = BIO_new_file(outfile, "wb");
    if (!out) {
 	BIO_printf(bio_err, "Error opening output file %s\n",
 						outfile ? outfile : "<stdout>");
@ -484,8 +415,8 @@ int MAIN(int argc, char **argv)
 #ifdef CRYPTO_MDEBUG
    CRYPTO_push_info("read MAC password");
 #endif
-        if (EVP_read_pw_string
-            (macpass, sizeof macpass, "Enter MAC Password:", export_cert)) {
+	if(EVP_read_pw_string (macpass, sizeof macpass, "Enter MAC Password:", export_cert))
+	{
    	    BIO_printf (bio_err, "Can't read Password\n");
    	    goto end;
       	}
@ -502,7 +433,8 @@ int MAIN(int argc, char **argv)
 	unsigned char *catmp = NULL;
 	int i;

-        if ((options & (NOCERTS | NOKEYS)) == (NOCERTS | NOKEYS)) {
+	if ((options & (NOCERTS|NOKEYS)) == (NOCERTS|NOKEYS))
+		{	
 		BIO_printf(bio_err, "Nothing to do!\n");
 		goto export_end;
 		}
@ -514,29 +446,35 @@ int MAIN(int argc, char **argv)
 	CRYPTO_push_info("process -export_cert");
 	CRYPTO_push_info("reading private key");
 #endif
-        if (!(options & NOKEYS)) {
+	if (!(options & NOKEYS))
+		{
 		key = load_key(bio_err, keyname ? keyname : infile,
 				FORMAT_PEM, 1, passin, e, "private key");
 		if (!key)
 			goto export_end;
 		}
+
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
 	CRYPTO_push_info("reading certs from input");
 #endif

 	/* Load in all certs in input file */
-        if (!(options & NOCERTS)) {
+	if(!(options & NOCERTS))
+		{
 		certs = load_certs(bio_err, infile, FORMAT_PEM, NULL, e,
 							"certificates");
 		if (!certs)
 			goto export_end;

-            if (key) {
+		if (key)
+			{
 			/* Look for matching private key */
-                for (i = 0; i < sk_X509_num(certs); i++) {
+			for(i = 0; i < sk_X509_num(certs); i++)
+				{
 				x = sk_X509_value(certs, i);
-                    if (X509_check_private_key(x, key)) {
+				if(X509_check_private_key(x, key))
+					{
 					ucert = x;
 					/* Zero keyid and alias */
 					X509_keyid_set1(ucert, NULL, 0);
@ -546,21 +484,23 @@ int MAIN(int argc, char **argv)
 					break;
 					}
 				}
-                if (!ucert) {
-                    BIO_printf(bio_err,
-                               "No certificate matches private key\n");
+			if (!ucert)
+				{
+				BIO_printf(bio_err, "No certificate matches private key\n");
 				goto export_end;
 				}
 			}

 		}
+
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
 	CRYPTO_push_info("reading certs from input 2");
 #endif

 	/* Add any more certificates asked for */
-        if (certfile) {
+	if(certfile)
+		{
 		STACK_OF(X509) *morecerts=NULL;
 		if(!(morecerts = load_certs(bio_err, certfile, FORMAT_PEM,
 					    NULL, e,
@ -570,6 +510,7 @@ int MAIN(int argc, char **argv)
 			sk_X509_push(certs, sk_X509_shift(morecerts));
 		sk_X509_free(morecerts);
 		}
+
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
 	CRYPTO_push_info("reading certs from certfile");
@ -585,7 +526,8 @@ int MAIN(int argc, char **argv)
        	int vret;
 		STACK_OF(X509) *chain2;
 		X509_STORE *store = X509_STORE_new();
-            if (!store) {
+		if (!store)
+			{
 			BIO_printf (bio_err, "Memory allocation error\n");
 			goto export_end;
 			}
@ -595,7 +537,7 @@ int MAIN(int argc, char **argv)
 		vret = get_cert_chain (ucert, store, &chain2);
 		X509_STORE_free(store);

-            if (vret == X509_V_OK) {
+		if (!vret) {
 		    /* Exclude verified certificate */
 		    for (i = 1; i < sk_X509_num (chain2) ; i++) 
 			sk_X509_push(certs, sk_X509_value (chain2, i));
@ -603,7 +545,7 @@ int MAIN(int argc, char **argv)
 		    X509_free(sk_X509_value(chain2, 0));
 		    sk_X509_free(chain2);
 		} else {
-                if (vret != X509_V_ERR_UNSPECIFIED)
+			if (vret >= 0)
 				BIO_printf (bio_err, "Error %s getting chain.\n",
 					X509_verify_cert_error_string(vret));
 			else
@ -614,15 +556,15 @@ int MAIN(int argc, char **argv)

 	/* Add any CA names */

-        for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++) {
+	for (i = 0; i < sk_OPENSSL_STRING_num(canames); i++)
+		{
 		catmp = (unsigned char *)sk_OPENSSL_STRING_value(canames, i);
 		X509_alias_set1(sk_X509_value(certs, i), catmp, -1);
 		}

 	if (csp_name && key)
 		EVP_PKEY_add1_attr_by_NID(key, NID_ms_csp_name,
-                                      MBSTRING_ASC, (unsigned char *)csp_name,
-                                      -1);
+				MBSTRING_ASC, (unsigned char *)csp_name, -1);

 	if (add_lmk && key)
 		EVP_PKEY_add1_attr_by_NID(key, NID_LocalKeySet, 0, NULL, -1);
@ -633,13 +575,12 @@ int MAIN(int argc, char **argv)
 #endif

 	if(!noprompt &&
-            EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:",
-                               1)) {
+		EVP_read_pw_string(pass, sizeof pass, "Enter Export Password:", 1))
+		{
 	    	BIO_printf (bio_err, "Can't read Password\n");
 	    	goto export_end;
        	}
-        if (!twopass)
-            BUF_strlcpy(macpass, pass, sizeof macpass);
+	if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);

 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
@ -649,15 +590,19 @@ int MAIN(int argc, char **argv)
 	p12 = PKCS12_create(cpass, name, key, ucert, certs,
 				key_pbe, cert_pbe, iter, -1, keytype);

-        if (!p12) {
+	if (!p12)
+		{
 	    	ERR_print_errors (bio_err);
 		goto export_end;
 		}

-        if (macalg) {
+	if (macalg)
+		{
 		macmd = EVP_get_digestbyname(macalg);
-            if (!macmd) {
-                BIO_printf(bio_err, "Unknown digest algorithm %s\n", macalg);
+		if (!macmd)
+			{
+			BIO_printf(bio_err, "Unknown digest algorithm %s\n", 
+						macalg);
 			}
 		}

@ -680,12 +625,9 @@ int MAIN(int argc, char **argv)
 	CRYPTO_push_info("process -export_cert: freeing");
 #endif

-        if (key)
-            EVP_PKEY_free(key);
-        if (certs)
-            sk_X509_pop_free(certs, X509_free);
-        if (ucert)
-            X509_free(ucert);
+	if (key) EVP_PKEY_free(key);
+	if (certs) sk_X509_pop_free(certs, X509_free);
+	if (ucert) X509_free(ucert);

 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
@ -698,12 +640,11 @@ int MAIN(int argc, char **argv)
 	ERR_print_errors(bio_err);
 	goto end;
    }
+
 #ifdef CRYPTO_MDEBUG
    CRYPTO_push_info("read import password");
 #endif
-    if (!noprompt
-        && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:",
-                              0)) {
+    if(!noprompt && EVP_read_pw_string(pass, sizeof pass, "Enter Import Password:", 0)) {
 	BIO_printf (bio_err, "Can't read Password\n");
 	goto end;
    }
@ -711,12 +652,9 @@ int MAIN(int argc, char **argv)
    CRYPTO_pop_info();
 #endif

-    if (!twopass)
-        BUF_strlcpy(macpass, pass, sizeof macpass);
+    if (!twopass) BUF_strlcpy(macpass, pass, sizeof macpass);

-    if ((options & INFO) && p12->mac)
-        BIO_printf(bio_err, "MAC Iteration %ld\n",
-                   p12->mac->iter ? ASN1_INTEGER_get(p12->mac->iter) : 1);
+    if ((options & INFO) && p12->mac) BIO_printf (bio_err, "MAC Iteration %ld\n", p12->mac->iter ? ASN1_INTEGER_get (p12->mac->iter) : 1);
    if(macver) {
 #ifdef CRYPTO_MDEBUG
    CRYPTO_push_info("verify MAC");
@ -724,8 +662,7 @@ int MAIN(int argc, char **argv)
 	/* If we enter empty password try no password first */
 	if(!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
 		/* If mac and crypto pass the same set it to NULL too */
-            if (!twopass)
-                cpass = NULL;
+		if(!twopass) cpass = NULL;
 	} else if (!PKCS12_verify_mac(p12, mpass, -1)) {
 	    BIO_printf (bio_err, "Mac verify error: invalid password?\n");
 	    ERR_print_errors (bio_err);
@ -736,6 +673,7 @@ int MAIN(int argc, char **argv)
    CRYPTO_pop_info();
 #endif
    }
+
 #ifdef CRYPTO_MDEBUG
    CRYPTO_push_info("output keys and certificates");
 #endif
@ -749,21 +687,16 @@ int MAIN(int argc, char **argv)
 #endif
    ret = 0;
 end:
-    if (p12)
-        PKCS12_free(p12);
-    if (export_cert || inrand)
-        app_RAND_write_file(NULL, bio_err);
+    if (p12) PKCS12_free(p12);
+    if(export_cert || inrand) app_RAND_write_file(NULL, bio_err);
 #ifdef CRYPTO_MDEBUG
    CRYPTO_remove_all_info();
 #endif
    BIO_free(in);
    BIO_free_all(out);
-    if (canames)
-        sk_OPENSSL_STRING_free(canames);
-    if (passin)
-        OPENSSL_free(passin);
-    if (passout)
-        OPENSSL_free(passout);
+    if (canames) sk_OPENSSL_STRING_free(canames);
+    if(passin) OPENSSL_free(passin);
+    if(passout) OPENSSL_free(passout);
    apps_shutdown();
    OPENSSL_EXIT(ret);
 }
@ -777,25 +710,22 @@ int dump_certs_keys_p12(BIO *out, PKCS12 *p12, char *pass,
 	int ret = 0;
 	PKCS7 *p7;

-    if (!(asafes = PKCS12_unpack_authsafes(p12)))
-        return 0;
+	if (!( asafes = PKCS12_unpack_authsafes(p12))) return 0;
 	for (i = 0; i < sk_PKCS7_num (asafes); i++) {
 		p7 = sk_PKCS7_value (asafes, i);
 		bagnid = OBJ_obj2nid (p7->type);
 		if (bagnid == NID_pkcs7_data) {
 			bags = PKCS12_unpack_p7data(p7);
-            if (options & INFO)
-                BIO_printf(bio_err, "PKCS7 Data\n");
+			if (options & INFO) BIO_printf (bio_err, "PKCS7 Data\n");
 		} else if (bagnid == NID_pkcs7_encrypted) {
 			if (options & INFO) {
 				BIO_printf(bio_err, "PKCS7 Encrypted data: ");
-                alg_print(bio_err, p7->d.encrypted->enc_data->algorithm);
+				alg_print(bio_err, 
+					p7->d.encrypted->enc_data->algorithm);
 			}
 			bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
-        } else
-            continue;
-        if (!bags)
-            goto err;
+		} else continue;
+		if (!bags) goto err;
 	    	if (!dump_certs_pkeys_bags (out, bags, pass, passlen, 
 						 options, pempass)) {
 			sk_PKCS12_SAFEBAG_pop_free (bags, PKCS12_SAFEBAG_free);
@ -820,7 +750,8 @@ int dump_certs_pkeys_bags(BIO *out, STACK_OF(PKCS12_SAFEBAG) *bags,
 	for (i = 0; i < sk_PKCS12_SAFEBAG_num (bags); i++) {
 		if (!dump_certs_pkeys_bag (out,
 					   sk_PKCS12_SAFEBAG_value (bags, i),
-                                  pass, passlen, options, pempass))
+					   pass, passlen,
+					   options, pempass))
 		    return 0;
 	}
 	return 1;
@ -833,16 +764,14 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 	PKCS8_PRIV_KEY_INFO *p8;
 	X509 *x509;
 	
-    switch (M_PKCS12_bag_type(bag)) {
+	switch (M_PKCS12_bag_type(bag))
+	{
 	case NID_keyBag:
-        if (options & INFO)
-            BIO_printf(bio_err, "Key bag\n");
-        if (options & NOKEYS)
-            return 1;
+		if (options & INFO) BIO_printf (bio_err, "Key bag\n");
+		if (options & NOKEYS) return 1;
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		p8 = bag->value.keybag;
-        if (!(pkey = EVP_PKCS82PKEY(p8)))
-            return 0;
+		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
 		print_attribs (out, p8->attributes, "Key Attributes");
 		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
 		EVP_PKEY_free(pkey);
@ -853,8 +782,7 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 			BIO_printf (bio_err, "Shrouded Keybag: ");
 			alg_print (bio_err, bag->value.shkeybag->algor);
 		}
-        if (options & NOKEYS)
-            return 1;
+		if (options & NOKEYS) return 1;
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen)))
 				return 0;
@ -869,28 +797,22 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,
 	break;

 	case NID_certBag:
-        if (options & INFO)
-            BIO_printf(bio_err, "Certificate bag\n");
-        if (options & NOCERTS)
-            return 1;
+		if (options & INFO) BIO_printf (bio_err, "Certificate bag\n");
+		if (options & NOCERTS) return 1;
                if (PKCS12_get_attr(bag, NID_localKeyID)) {
-            if (options & CACERTS)
-                return 1;
-        } else if (options & CLCERTS)
-            return 1;
+			if (options & CACERTS) return 1;
+		} else if (options & CLCERTS) return 1;
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate )
 								 return 1;
-        if (!(x509 = PKCS12_certbag2x509(bag)))
-            return 0;
+		if (!(x509 = PKCS12_certbag2x509(bag))) return 0;
 		dump_cert_text (out, x509);
 		PEM_write_bio_X509 (out, x509);
 		X509_free(x509);
 	break;

 	case NID_safeContentsBag:
-        if (options & INFO)
-            BIO_printf(bio_err, "Safe Contents bag\n");
+		if (options & INFO) BIO_printf (bio_err, "Safe Contents bag\n");
 		print_attribs (out, bag->attrib, "Bag Attributes");
 		return dump_certs_pkeys_bags (out, bag->value.safes, pass,
 							    passlen, options, pempass);
@ -907,25 +829,32 @@ int dump_certs_pkeys_bag(BIO *out, PKCS12_SAFEBAG *bag, char *pass,

 /* Given a single certificate return a verified chain or NULL if error */

-static int get_cert_chain(X509 *cert, X509_STORE *store,
-                          STACK_OF(X509) **chain)
+/* Hope this is OK .... */
+
+int get_cert_chain (X509 *cert, X509_STORE *store, STACK_OF(X509) **chain)
 {
 	X509_STORE_CTX store_ctx;
-    STACK_OF(X509) *chn = NULL;
+	STACK_OF(X509) *chn;
 	int i = 0;

-    if (!X509_STORE_CTX_init(&store_ctx, store, cert, NULL)) {
-        *chain = NULL;
-        return X509_V_ERR_UNSPECIFIED;
-    }
-
-    if (X509_verify_cert(&store_ctx) > 0)
+	/* FIXME: Should really check the return status of X509_STORE_CTX_init
+	 * for an error, but how that fits into the return value of this
+	 * function is less obvious. */
+	X509_STORE_CTX_init(&store_ctx, store, cert, NULL);
+	if (X509_verify_cert(&store_ctx) <= 0) {
+		i = X509_STORE_CTX_get_error (&store_ctx);
+		if (i == 0)
+			/* avoid returning 0 if X509_verify_cert() did not
+			 * set an appropriate error value in the context */
+			i = -1;
+		chn = NULL;
+		goto err;
+	} else
 		chn = X509_STORE_CTX_get1_chain(&store_ctx);
-    else if ((i = X509_STORE_CTX_get_error(&store_ctx)) == 0)
-        i = X509_V_ERR_UNSPECIFIED;
-
+err:
 	X509_STORE_CTX_cleanup(&store_ctx);
 	*chain = chn;
+	
 	return i;
 }	

@ -967,15 +896,13 @@ int cert_load(BIO *in, STACK_OF(X509) *sk)
 #ifdef CRYPTO_MDEBUG
 	CRYPTO_pop_info();
 #endif
-    if (ret)
-        ERR_clear_error();
+	if(ret) ERR_clear_error();
 	return ret;
 }

 /* Generalised attribute print: handle PKCS#8 and bag attributes */

-int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
-                  const char *name)
+int print_attribs (BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,const char *name)
 {
 	X509_ATTRIBUTE *attr;
 	ASN1_TYPE *av;
@ -997,8 +924,7 @@ int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
 		if(attr_nid == NID_undef) {
 			i2a_ASN1_OBJECT (out, attr->object);
 			BIO_printf(out, ": ");
-        } else
-            BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));
+		} else BIO_printf(out, "%s: ", OBJ_nid2ln(attr_nid));

 		if(sk_ASN1_TYPE_num(attr->value.set)) {
 			av = sk_ASN1_TYPE_value(attr->value.set, 0);
@ -1026,8 +952,7 @@ int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
 					BIO_printf(out, "<Unsupported tag %d>\n", av->type);
 				break;
 			}
-        } else
-            BIO_printf(out, "<No Values>\n");
+		} else BIO_printf(out, "<No Values>\n");
 	}
 	return 1;
 }
@ -1035,20 +960,21 @@ int print_attribs(BIO *out, STACK_OF(X509_ATTRIBUTE) *attrlst,
 void hex_prin(BIO *out, unsigned char *buf, int len)
 {
 	int i;
-    for (i = 0; i < len; i++)
-        BIO_printf(out, "%02X ", buf[i]);
+	for (i = 0; i < len; i++) BIO_printf (out, "%02X ", buf[i]);
 }

 static int set_pbe(BIO *err, int *ppbe, const char *str)
 	{
 	if (!str)
 		return 0;
-    if (!strcmp(str, "NONE")) {
+	if (!strcmp(str, "NONE"))
+		{
 		*ppbe = -1;
 		return 1;
 		}
 	*ppbe=OBJ_txt2nid(str);
-    if (*ppbe == NID_undef) {
+	if (*ppbe == NID_undef)
+		{
 		BIO_printf(bio_err, "Unknown PBE algorithm %s\n", str);
 		return 0;
 		}
--- a/apps/pkcs7.c
+++ b/apps/pkcs7.c
@ -71,8 +71,7 @@
 #undef PROG
 #define PROG	pkcs7_main

-/*-
- * -inform arg  - input format - default PEM (DER or PEM)
+/* -inform arg	- input format - default PEM (DER or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@ -111,24 +110,29 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-noout") == 0)
+			}
+		else if (strcmp(*argv,"-noout") == 0)
 			noout=1;
 		else if (strcmp(*argv,"-text") == 0)
 			text=1;
@ -137,13 +141,14 @@ int MAIN(int argc, char **argv)
 		else if (strcmp(*argv,"-print_certs") == 0)
 			print_certs=1;
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
-        else {
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -152,7 +157,8 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
@ -160,14 +166,11 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
 		BIO_printf(bio_err," -in arg       input file\n");
 		BIO_printf(bio_err," -out arg      output file\n");
-        BIO_printf(bio_err,
-                   " -print_certs  print any certs or crl in the input\n");
-        BIO_printf(bio_err,
-                   " -text         print full details of certificates\n");
+		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
+		BIO_printf(bio_err," -text         print full details of certificates\n");
 		BIO_printf(bio_err," -noout        don't output encoded data\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e     use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
 #endif
 		ret = 1;
 		goto end;
@ -181,17 +184,20 @@ int MAIN(int argc, char **argv)

 	in=BIO_new(BIO_s_file());
 	out=BIO_new(BIO_s_file());
-    if ((in == NULL) || (out == NULL)) {
+	if ((in == NULL) || (out == NULL))
+		{
 		ERR_print_errors(bio_err);
                goto end;
                }

 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
-            BIO_printf(bio_err, "unable to load input file\n");
-            ERR_print_errors(bio_err);
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+		if (in == NULL)
+			{
+			perror(infile);
 			goto end;
 			}
 		}
@ -200,17 +206,20 @@ int MAIN(int argc, char **argv)
 		p7=d2i_PKCS7_bio(in,NULL);
 	else if (informat == FORMAT_PEM)
 		p7=PEM_read_bio_PKCS7(in,NULL,NULL,NULL);
-    else {
+	else
+		{
 		BIO_printf(bio_err,"bad input format specified for pkcs7 object\n");
 		goto end;
 		}
-    if (p7 == NULL) {
+	if (p7 == NULL)
+		{
 		BIO_printf(bio_err,"unable to load PKCS7 object\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -218,8 +227,11 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
@ -228,53 +240,51 @@ int MAIN(int argc, char **argv)
 	if (p7_print)
 		PKCS7_print_ctx(out, p7, 0, NULL);

-    if (print_certs) {
+	if (print_certs)
+		{
 		STACK_OF(X509) *certs=NULL;
 		STACK_OF(X509_CRL) *crls=NULL;

 		i=OBJ_obj2nid(p7->type);
-        switch (i) {
+		switch (i)
+			{
 		case NID_pkcs7_signed:
-            if (p7->d.sign != NULL) {
 			certs=p7->d.sign->cert;
 			crls=p7->d.sign->crl;
-            }
 			break;
 		case NID_pkcs7_signedAndEnveloped:
-            if (p7->d.signed_and_enveloped != NULL) {
 			certs=p7->d.signed_and_enveloped->cert;
 			crls=p7->d.signed_and_enveloped->crl;
-            }
 			break;
 		default:
 			break;
 			}

-        if (certs != NULL) {
+		if (certs != NULL)
+			{
 			X509 *x;

-            for (i = 0; i < sk_X509_num(certs); i++) {
+			for (i=0; i<sk_X509_num(certs); i++)
+				{
 				x=sk_X509_value(certs,i);
-                if (text)
-                    X509_print(out, x);
-                else
-                    dump_cert_text(out, x);
+				if(text) X509_print(out, x);
+				else dump_cert_text(out, x);

-                if (!noout)
-                    PEM_write_bio_X509(out, x);
+				if(!noout) PEM_write_bio_X509(out,x);
 				BIO_puts(out,"\n");
 				}
 			}
-        if (crls != NULL) {
+		if (crls != NULL)
+			{
 			X509_CRL *crl;

-            for (i = 0; i < sk_X509_CRL_num(crls); i++) {
+			for (i=0; i<sk_X509_CRL_num(crls); i++)
+				{
 				crl=sk_X509_CRL_value(crls,i);

 				X509_CRL_print(out, crl);

-                if (!noout)
-                    PEM_write_bio_X509_CRL(out, crl);
+				if(!noout)PEM_write_bio_X509_CRL(out,crl);
 				BIO_puts(out,"\n");
 				}
 			}
@ -293,7 +303,8 @@ int MAIN(int argc, char **argv)
 			goto end;
 			}

-        if (!i) {
+		if (!i)
+			{
 			BIO_printf(bio_err,"unable to write pkcs7 object\n");
 			ERR_print_errors(bio_err);
 			goto end;
@ -301,12 +312,9 @@ int MAIN(int argc, char **argv)
 	}
 	ret=0;
 end:
-    if (p7 != NULL)
-        PKCS7_free(p7);
-    if (in != NULL)
-        BIO_free(in);
-    if (out != NULL)
-        BIO_free_all(out);
+	if (p7 != NULL) PKCS7_free(p7);
+	if (in != NULL) BIO_free(in);
+	if (out != NULL) BIO_free_all(out);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@ -1,7 +1,6 @@
 /* pkcs8.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999-2004.
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999-2004.
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@ -91,8 +90,7 @@ int MAIN(int argc, char **argv)
 	char *engine=NULL;
 #endif

-    if (bio_err == NULL)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);

 	if (!load_config(bio_err, NULL))
 		goto end;
@ -103,40 +101,75 @@ int MAIN(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
-    while (!badarg && *args && *args[0] == '-') {
-        if (!strcmp(*args, "-v2")) {
-            if (args[1]) {
+	while (!badarg && *args && *args[0] == '-')
+		{
+		if (!strcmp(*args,"-v2"))
+			{
+			if (args[1])
+				{
 				args++;
 				cipher=EVP_get_cipherbyname(*args);
-                if (!cipher) {
-                    BIO_printf(bio_err, "Unknown cipher %s\n", *args);
+				if (!cipher)
+					{
+					BIO_printf(bio_err,
+						 "Unknown cipher %s\n", *args);
 					badarg = 1;
 					}
-            } else
+				}
+			else
 				badarg = 1;
-        } else if (!strcmp(*args, "-v1")) {
-            if (args[1]) {
+			}
+		else if (!strcmp(*args,"-v1"))
+			{
+			if (args[1])
+				{
 				args++;
 				pbe_nid=OBJ_txt2nid(*args);
-                if (pbe_nid == NID_undef) {
-                    BIO_printf(bio_err, "Unknown PBE algorithm %s\n", *args);
+				if (pbe_nid == NID_undef)
+					{
+					BIO_printf(bio_err,
+						 "Unknown PBE algorithm %s\n", *args);
 					badarg = 1;
 					}
-            } else
+				}
+			else
 				badarg = 1;
-        } else if (!strcmp(*args, "-inform")) {
-            if (args[1]) {
+			}
+		else if (!strcmp(*args,"-v2prf"))
+			{
+			if (args[1])
+				{
+				args++;
+				pbe_nid=OBJ_txt2nid(*args);
+				if (!EVP_PBE_find(EVP_PBE_TYPE_PRF, pbe_nid, NULL, NULL, 0))
+					{
+					BIO_printf(bio_err,
+						 "Unknown PRF algorithm %s\n", *args);
+					badarg = 1;
+					}
+				}
+			else
+				badarg = 1;
+			}
+		else if (!strcmp(*args,"-inform"))
+			{
+			if (args[1])
+				{
 				args++;
 				informat=str2fmt(*args);
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-outform")) {
-            if (args[1]) {
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args,"-outform"))
+			{
+			if (args[1])
+				{
 				args++;
 				outformat=str2fmt(*args);
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-topk8"))
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-topk8"))
 			topk8 = 1;
 		else if (!strcmp (*args, "-noiter"))
 			iter = 1;
@ -148,76 +181,76 @@ int MAIN(int argc, char **argv)
 			p8_broken = PKCS8_NS_DB;
 		else if (!strcmp (*args, "-embed"))
 			p8_broken = PKCS8_EMBEDDED_PARAM;
-        else if (!strcmp(*args, "-passin")) {
-            if (!args[1])
-                goto bad;
+		else if (!strcmp(*args,"-passin"))
+			{
+			if (!args[1]) goto bad;
 			passargin= *(++args);
-        } else if (!strcmp(*args, "-passout")) {
-            if (!args[1])
-                goto bad;
+			}
+		else if (!strcmp(*args,"-passout"))
+			{
+			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*args, "-engine") == 0) {
-            if (!args[1])
-                goto bad;
+		else if (strcmp(*args,"-engine") == 0)
+			{
+			if (!args[1]) goto bad;
 			engine= *(++args);
 			}
 #endif
-        else if (!strcmp(*args, "-in")) {
-            if (args[1]) {
+		else if (!strcmp (*args, "-in"))
+			{
+			if (args[1])
+				{
 				args++;
 				infile = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-out")) {
-            if (args[1]) {
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-out"))
+			{
+			if (args[1])
+				{
 				args++;
 				outfile = *args;
-            } else
-                badarg = 1;
-        } else
-            badarg = 1;
+				}
+			else badarg = 1;
+			}
+		else badarg = 1;
 		args++;
 		}

-    if (badarg) {
+	if (badarg)
+		{
 		bad:
 		BIO_printf(bio_err, "Usage pkcs8 [options]\n");
 		BIO_printf(bio_err, "where options are\n");
 		BIO_printf(bio_err, "-in file        input file\n");
 		BIO_printf(bio_err, "-inform X       input format (DER or PEM)\n");
-        BIO_printf(bio_err,
-                   "-passin arg     input file pass phrase source\n");
+		BIO_printf(bio_err, "-passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err, "-outform X      output format (DER or PEM)\n");
 		BIO_printf(bio_err, "-out file       output file\n");
-        BIO_printf(bio_err,
-                   "-passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err, "-passout arg    output file pass phrase source\n");
 		BIO_printf(bio_err, "-topk8          output PKCS8 file\n");
-        BIO_printf(bio_err,
-                   "-nooct          use (nonstandard) no octet format\n");
-        BIO_printf(bio_err,
-                   "-embed          use (nonstandard) embedded DSA parameters format\n");
-        BIO_printf(bio_err,
-                   "-nsdb           use (nonstandard) DSA Netscape DB format\n");
+		BIO_printf(bio_err, "-nooct          use (nonstandard) no octet format\n");
+		BIO_printf(bio_err, "-embed          use (nonstandard) embedded DSA parameters format\n");
+		BIO_printf(bio_err, "-nsdb           use (nonstandard) DSA Netscape DB format\n");
 		BIO_printf(bio_err, "-noiter         use 1 as iteration count\n");
-        BIO_printf(bio_err,
-                   "-nocrypt        use or expect unencrypted private key\n");
-        BIO_printf(bio_err,
-                   "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
-        BIO_printf(bio_err,
-                   "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
+		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
+		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
+		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 #endif
 		goto end;
 		}
+
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif

-    if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+	if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
+		{
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
 		}
@ -225,20 +258,29 @@ int MAIN(int argc, char **argv)
 	if ((pbe_nid == -1) && !cipher)
 		pbe_nid = NID_pbeWithMD5AndDES_CBC;

-    if (infile) {
-        if (!(in = BIO_new_file(infile, "rb"))) {
-            BIO_printf(bio_err, "Can't open input file %s\n", infile);
+	if (infile)
+		{
+		if (!(in = BIO_new_file(infile, "rb")))
+			{
+			BIO_printf(bio_err,
+				 "Can't open input file %s\n", infile);
 			goto end;
 			}
-    } else
+		}
+	else
 		in = BIO_new_fp (stdin, BIO_NOCLOSE);

-    if (outfile) {
-        if (!(out = BIO_new_file(outfile, "wb"))) {
-            BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+	if (outfile)
+		{
+		if (!(out = BIO_new_file (outfile, "wb")))
+			{
+			BIO_printf(bio_err,
+				 "Can't open output file %s\n", outfile);
 			goto end;
 			}
-    } else {
+		}
+	else
+		{
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
@ -247,37 +289,45 @@ int MAIN(int argc, char **argv)
 			}
 #endif
 		}
-    if (topk8) {
-        pkey = load_key(bio_err, infile, informat, 1, passin, e, "key");
+	if (topk8)
+		{
+		pkey = load_key(bio_err, infile, informat, 1,
+			passin, e, "key");
 		if (!pkey)
 			goto end;
-        if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken))) {
+		if (!(p8inf = EVP_PKEY2PKCS8_broken(pkey, p8_broken)))
+			{
 			BIO_printf(bio_err, "Error converting key\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
-        if (nocrypt) {
+		if (nocrypt)
+			{
 			if (outformat == FORMAT_PEM) 
 				PEM_write_bio_PKCS8_PRIV_KEY_INFO(out, p8inf);
 			else if (outformat == FORMAT_ASN1)
 				i2d_PKCS8_PRIV_KEY_INFO_bio(out, p8inf);
-            else {
+			else
+				{
 				BIO_printf(bio_err, "Bad format specified for key\n");
 				goto end;
 				}
-        } else {
+			}
+		else
+			{
 			if (passout)
 				p8pass = passout;
-            else {
+			else
+				{
 				p8pass = pass;
-                if (EVP_read_pw_string
-                    (pass, sizeof pass, "Enter Encryption Password:", 1))
+				if (EVP_read_pw_string(pass, sizeof pass, "Enter Encryption Password:", 1))
 					goto end;
 				}
 			app_RAND_load_file(NULL, bio_err, 0);
 			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
 					p8pass, strlen(p8pass),
-                                     NULL, 0, iter, p8inf))) {
+					NULL, 0, iter, p8inf)))
+				{
 				BIO_printf(bio_err, "Error encrypting key\n");
 				ERR_print_errors(bio_err);
 				goto end;
@ -287,7 +337,8 @@ int MAIN(int argc, char **argv)
 				PEM_write_bio_PKCS8(out, p8);
 			else if (outformat == FORMAT_ASN1)
 				i2d_PKCS8_bio(out, p8);
-            else {
+			else
+				{
 				BIO_printf(bio_err, "Bad format specified for key\n");
 				goto end;
 				}
@ -297,54 +348,65 @@ int MAIN(int argc, char **argv)
 		goto end;
 		}

-    if (nocrypt) {
+	if (nocrypt)
+		{
 		if (informat == FORMAT_PEM) 
 			p8inf = PEM_read_bio_PKCS8_PRIV_KEY_INFO(in,NULL,NULL, NULL);
 		else if (informat == FORMAT_ASN1)
 			p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(in, NULL);
-        else {
+		else
+			{
 			BIO_printf(bio_err, "Bad format specified for key\n");
 			goto end;
 			}
-    } else {
+		}
+	else
+		{
 		if (informat == FORMAT_PEM) 
 			p8 = PEM_read_bio_PKCS8(in, NULL, NULL, NULL);
 		else if (informat == FORMAT_ASN1)
 			p8 = d2i_PKCS8_bio(in, NULL);
-        else {
+		else
+			{
 			BIO_printf(bio_err, "Bad format specified for key\n");
 			goto end;
 			}

-        if (!p8) {
+		if (!p8)
+			{
 			BIO_printf (bio_err, "Error reading key\n");
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		if (passin)
 			p8pass = passin;
-        else {
+		else
+			{
 			p8pass = pass;
 			EVP_read_pw_string(pass, sizeof pass, "Enter Password:", 0);
 			}
 		p8inf = PKCS8_decrypt(p8, p8pass, strlen(p8pass));
 		}

-    if (!p8inf) {
+	if (!p8inf)
+		{
 		BIO_printf(bio_err, "Error decrypting key\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (!(pkey = EVP_PKCS82PKEY(p8inf))) {
+	if (!(pkey = EVP_PKCS82PKEY(p8inf)))
+		{
 		BIO_printf(bio_err, "Error converting key\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	
-    if (p8inf->broken) {
+	if (p8inf->broken)
+		{
 		BIO_printf(bio_err, "Warning: broken key encoding: ");
-        switch (p8inf->broken) {
+		switch (p8inf->broken)
+			{
 			case PKCS8_NO_OCTET:
 			BIO_printf(bio_err, "No Octet String in PrivateKey\n");
 			break;
@ -371,7 +433,8 @@ int MAIN(int argc, char **argv)
 		PEM_write_bio_PrivateKey(out, pkey, NULL, NULL, 0, NULL, passout);
 	else if (outformat == FORMAT_ASN1)
 		i2d_PrivateKey_bio(out, pkey);
-    else {
+	else
+		{
 		BIO_printf(bio_err, "Bad format specified for key\n");
 			goto end;
 		}
--- a/apps/pkey.c
+++ b/apps/pkey.c
@ -1,7 +1,6 @@
 /* apps/pkey.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006
 */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
@ -96,103 +95,129 @@ int MAIN(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
-    while (!badarg && *args && *args[0] == '-') {
-        if (!strcmp(*args, "-inform")) {
-            if (args[1]) {
+	while (!badarg && *args && *args[0] == '-')
+		{
+		if (!strcmp(*args,"-inform"))
+			{
+			if (args[1])
+				{
 				args++;
 				informat=str2fmt(*args);
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-outform")) {
-            if (args[1]) {
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args,"-outform"))
+			{
+			if (args[1])
+				{
 				args++;
 				outformat=str2fmt(*args);
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-passin")) {
-            if (!args[1])
-                goto bad;
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp(*args,"-passin"))
+			{
+			if (!args[1]) goto bad;
 			passargin= *(++args);
-        } else if (!strcmp(*args, "-passout")) {
-            if (!args[1])
-                goto bad;
+			}
+		else if (!strcmp(*args,"-passout"))
+			{
+			if (!args[1]) goto bad;
 			passargout= *(++args);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*args, "-engine") == 0) {
-            if (!args[1])
-                goto bad;
+		else if (strcmp(*args,"-engine") == 0)
+			{
+			if (!args[1]) goto bad;
 			engine= *(++args);
 			}
 #endif
-        else if (!strcmp(*args, "-in")) {
-            if (args[1]) {
+		else if (!strcmp (*args, "-in"))
+			{
+			if (args[1])
+				{
 				args++;
 				infile = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-out")) {
-            if (args[1]) {
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-out"))
+			{
+			if (args[1])
+				{
 				args++;
 				outfile = *args;
-            } else
-                badarg = 1;
-        } else if (strcmp(*args, "-pubin") == 0) {
+				}
+			else badarg = 1;
+			}
+		else if (strcmp(*args,"-pubin") == 0)
+			{
 			pubin=1;
 			pubout=1;
 			pubtext=1;
-        } else if (strcmp(*args, "-pubout") == 0)
+			}
+		else if (strcmp(*args,"-pubout") == 0)
 			pubout=1;
-        else if (strcmp(*args, "-text_pub") == 0) {
+		else if (strcmp(*args,"-text_pub") == 0)
+			{
 			pubtext=1;
 			text=1;
-        } else if (strcmp(*args, "-text") == 0)
+			}
+		else if (strcmp(*args,"-text") == 0)
 			text=1;
 		else if (strcmp(*args,"-noout") == 0)
 			noout=1;
-        else {
+		else
+			{
 			cipher = EVP_get_cipherbyname(*args + 1);
-            if (!cipher) {
-                BIO_printf(bio_err, "Unknown cipher %s\n", *args + 1);
+			if (!cipher)
+				{
+				BIO_printf(bio_err, "Unknown cipher %s\n",
+								*args + 1);
 				badarg = 1;
 				}
 			}
 		args++;
 		}

-    if (badarg) {
+	if (badarg)
+		{
 		bad:
 		BIO_printf(bio_err, "Usage pkey [options]\n");
 		BIO_printf(bio_err, "where options are\n");
 		BIO_printf(bio_err, "-in file        input file\n");
 		BIO_printf(bio_err, "-inform X       input format (DER or PEM)\n");
-        BIO_printf(bio_err,
-                   "-passin arg     input file pass phrase source\n");
+		BIO_printf(bio_err, "-passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err, "-outform X      output format (DER or PEM)\n");
 		BIO_printf(bio_err, "-out file       output file\n");
-        BIO_printf(bio_err,
-                   "-passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err, "-passout arg    output file pass phrase source\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   "-engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 #endif
 		return 1;
 		}
+
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif

-    if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+	if (!app_passwd(bio_err, passargin, passargout, &passin, &passout))
+		{
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto end;
 		}

-    if (outfile) {
-        if (!(out = BIO_new_file(outfile, "wb"))) {
-            BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+	if (outfile)
+		{
+		if (!(out = BIO_new_file (outfile, "wb")))
+			{
+			BIO_printf(bio_err,
+				 "Can't open output file %s\n", outfile);
 			goto end;
 			}
-    } else {
+		}
+	else
+		{
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
@ -206,30 +231,38 @@ int MAIN(int argc, char **argv)
 		pkey = load_pubkey(bio_err, infile, informat, 1,
 			passin, e, "Public Key");
 	else
-        pkey = load_key(bio_err, infile, informat, 1, passin, e, "key");
+		pkey = load_key(bio_err, infile, informat, 1,
+			passin, e, "key");
 	if (!pkey)
 		goto end;

-    if (!noout) {
-        if (outformat == FORMAT_PEM) {
+	if (!noout)
+		{
+		if (outformat == FORMAT_PEM) 
+			{
 			if (pubout)
 				PEM_write_bio_PUBKEY(out,pkey);
 			else
 				PEM_write_bio_PrivateKey(out, pkey, cipher,
 							NULL, 0, NULL, passout);
-        } else if (outformat == FORMAT_ASN1) {
+			}
+		else if (outformat == FORMAT_ASN1)
+			{
 			if (pubout)
 				i2d_PUBKEY_bio(out, pkey);
 			else
 				i2d_PrivateKey_bio(out, pkey);
-        } else {
+			}
+		else
+			{
 			BIO_printf(bio_err, "Bad format specified for key\n");
 			goto end;
 			}

 		}

-    if (text) {
+	if (text)
+		{
 		if (pubtext)
 			EVP_PKEY_print_public(out, pkey, 0, NULL);
 		else
--- a/apps/pkeyparam.c
+++ b/apps/pkeyparam.c
@ -1,7 +1,6 @@
 /* apps/pkeyparam.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006
 */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
@ -88,24 +87,30 @@ int MAIN(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	args = argv + 1;
-    while (!badarg && *args && *args[0] == '-') {
-        if (!strcmp(*args, "-in")) {
-            if (args[1]) {
+	while (!badarg && *args && *args[0] == '-')
+		{
+		if (!strcmp (*args, "-in"))
+			{
+			if (args[1])
+				{
 				args++;
 				infile = *args;
-            } else
-                badarg = 1;
-        } else if (!strcmp(*args, "-out")) {
-            if (args[1]) {
+				}
+			else badarg = 1;
+			}
+		else if (!strcmp (*args, "-out"))
+			{
+			if (args[1])
+				{
 				args++;
 				outfile = *args;
-            } else
-                badarg = 1;
+				}
+			else badarg = 1;
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*args, "-engine") == 0) {
-            if (!args[1])
-                goto bad;
+		else if (strcmp(*args,"-engine") == 0)
+			{
+			if (!args[1]) goto bad;
 			engine= *(++args);
 			}
 #endif
@ -117,7 +122,8 @@ int MAIN(int argc, char **argv)
 		args++;
 		}

-    if (badarg) {
+	if (badarg)
+		{
 #ifndef OPENSSL_NO_ENGINE
 		bad:
 #endif
@ -126,32 +132,40 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "-in file        input file\n");
 		BIO_printf(bio_err, "-out file       output file\n");
 		BIO_printf(bio_err, "-text           print parameters as text\n");
-        BIO_printf(bio_err,
-                   "-noout          don't output encoded parameters\n");
+		BIO_printf(bio_err, "-noout          don't output encoded parameters\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   "-engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 #endif
 		return 1;
 		}
+
 #ifndef OPENSSL_NO_ENGINE
        setup_engine(bio_err, engine, 0);
 #endif

-    if (infile) {
-        if (!(in = BIO_new_file(infile, "r"))) {
-            BIO_printf(bio_err, "Can't open input file %s\n", infile);
+	if (infile)
+		{
+		if (!(in = BIO_new_file (infile, "r")))
+			{
+			BIO_printf(bio_err,
+				 "Can't open input file %s\n", infile);
 			goto end;
 			}
-    } else
+		}
+	else
 		in = BIO_new_fp (stdin, BIO_NOCLOSE);

-    if (outfile) {
-        if (!(out = BIO_new_file(outfile, "w"))) {
-            BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+	if (outfile)
+		{
+		if (!(out = BIO_new_file (outfile, "w")))
+			{
+			BIO_printf(bio_err,
+				 "Can't open output file %s\n", outfile);
 			goto end;
 			}
-    } else {
+		}
+	else
+		{
 		out = BIO_new_fp (stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
@ -162,7 +176,8 @@ int MAIN(int argc, char **argv)
 		}

 	pkey = PEM_read_bio_Parameters(in, NULL);
-    if (!pkey) {
+	if (!pkey)
+		{
 		BIO_printf(bio_err, "Error reading parameters\n");
 		ERR_print_errors(bio_err);
 		goto end;
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@ -1,6 +1,5 @@
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2006.
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
 */
 /* ====================================================================
 * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
@ -56,6 +55,7 @@
 *
 */

+
 #include "apps.h"
 #include <string.h>
 #include <openssl/err.h>
@ -107,66 +107,73 @@ int MAIN(int argc, char **argv)
 	argc--;
 	argv++;

-    if (!bio_err)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+	if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);

 	if (!load_config(bio_err, NULL))
 		goto end;
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	
-    while (argc >= 1) {
-        if (!strcmp(*argv, "-in")) {
+	while(argc >= 1)
+		{
+		if (!strcmp(*argv,"-in"))
+			{
+			if (--argc < 1) badarg = 1;
+                        else infile= *(++argv);
+			}
+		else if (!strcmp(*argv,"-out"))
+			{
+			if (--argc < 1) badarg = 1;
+			else outfile= *(++argv);
+			}
+		else if (!strcmp(*argv,"-sigfile"))
+			{
+			if (--argc < 1) badarg = 1;
+			else sigfile= *(++argv);
+			}
+		else if(!strcmp(*argv, "-inkey"))
+			{
 			if (--argc < 1)
 				badarg = 1;
 			else
-                infile = *(++argv);
-        } else if (!strcmp(*argv, "-out")) {
-            if (--argc < 1)
-                badarg = 1;
-            else
-                outfile = *(++argv);
-        } else if (!strcmp(*argv, "-sigfile")) {
-            if (--argc < 1)
-                badarg = 1;
-            else
-                sigfile = *(++argv);
-        } else if (!strcmp(*argv, "-inkey")) {
-            if (--argc < 1)
-                badarg = 1;
-            else {
+				{
 				ctx = init_ctx(&keysize,
 						*(++argv), keyform, key_type,
 						passargin, pkey_op, e);
-                if (!ctx) {
-                    BIO_puts(bio_err, "Error initializing context\n");
+				if (!ctx)
+					{
+					BIO_puts(bio_err,
+						"Error initializing context\n");
 					ERR_print_errors(bio_err);
 					badarg = 1;
 					}
 				}
-        } else if (!strcmp(*argv, "-peerkey")) {
+			}
+		else if (!strcmp(*argv,"-peerkey"))
+			{
 			if (--argc < 1)
 				badarg = 1;
 			else if (!setup_peer(bio_err, ctx, peerform, *(++argv)))
 				badarg = 1;
-        } else if (!strcmp(*argv, "-passin")) {
-            if (--argc < 1)
-                badarg = 1;
-            else
-                passargin = *(++argv);
-        } else if (strcmp(*argv, "-peerform") == 0) {
-            if (--argc < 1)
-                badarg = 1;
-            else
-                peerform = str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-keyform") == 0) {
-            if (--argc < 1)
-                badarg = 1;
-            else
-                keyform = str2fmt(*(++argv));
+			}
+		else if (!strcmp(*argv,"-passin"))
+			{
+			if (--argc < 1) badarg = 1;
+			else passargin= *(++argv);
+			}
+		else if (strcmp(*argv,"-peerform") == 0)
+			{
+			if (--argc < 1) badarg = 1;
+			else peerform=str2fmt(*(++argv));
+			}
+		else if (strcmp(*argv,"-keyform") == 0)
+			{
+			if (--argc < 1) badarg = 1;
+			else keyform=str2fmt(*(++argv));
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (!strcmp(*argv, "-engine")) {
+		else if(!strcmp(*argv, "-engine"))
+			{
 			if (--argc < 1)
 				badarg = 1;
 			else
@ -195,20 +202,26 @@ int MAIN(int argc, char **argv)
 			pkey_op = EVP_PKEY_OP_DECRYPT;
 		else if(!strcmp(*argv, "-derive"))
 			pkey_op = EVP_PKEY_OP_DERIVE;
-        else if (strcmp(*argv, "-pkeyopt") == 0) {
+		else if (strcmp(*argv,"-pkeyopt") == 0)
+			{
 			if (--argc < 1)
 				badarg = 1;
-            else if (!ctx) {
-                BIO_puts(bio_err, "-pkeyopt command before -inkey\n");
+			else if (!ctx)
+				{
+				BIO_puts(bio_err,
+					"-pkeyopt command before -inkey\n");
 				badarg = 1;
-            } else if (pkey_ctrl_string(ctx, *(++argv)) <= 0) {
+				}
+			else if (pkey_ctrl_string(ctx, *(++argv)) <= 0)
+				{
 				BIO_puts(bio_err, "parameter setting error\n");
 				ERR_print_errors(bio_err);
 				goto end;
 				}
-        } else
-            badarg = 1;
-        if (badarg) {
+			}
+		else badarg = 1;
+		if(badarg)
+			{
 			usage();
 			goto end;
 			}
@ -216,17 +229,20 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (!ctx) {
+	if (!ctx)
+		{
 		usage();
 		goto end;
 		}

-    if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) {
+	if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY))
+		{
 		BIO_puts(bio_err, "Signature file specified for non verify\n");
 		goto end;
 		}

-    if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY)) {
+	if (!sigfile && (pkey_op == EVP_PKEY_OP_VERIFY))
+		{
 		BIO_puts(bio_err, "No signature file specified for verify\n");
 		goto end;
 		}
@ -234,24 +250,33 @@ int MAIN(int argc, char **argv)
 /* FIXME: seed PRNG only if needed */
 	app_RAND_load_file(NULL, bio_err, 0);

-    if (pkey_op != EVP_PKEY_OP_DERIVE) {
-        if (infile) {
-            if (!(in = BIO_new_file(infile, "rb"))) {
-                BIO_puts(bio_err, "Error Opening Input File\n");
+	if (pkey_op != EVP_PKEY_OP_DERIVE)
+		{
+		if(infile)
+			{
+			if(!(in = BIO_new_file(infile, "rb")))
+				{
+				BIO_puts(bio_err,
+					"Error Opening Input File\n");
 				ERR_print_errors(bio_err);	
 				goto end;
 				}
-        } else
+			}
+		else
 			in = BIO_new_fp(stdin, BIO_NOCLOSE);
 		}

-    if (outfile) {
-        if (!(out = BIO_new_file(outfile, "wb"))) {
+	if(outfile)
+		{
+		if(!(out = BIO_new_file(outfile, "wb")))
+			{
 			BIO_printf(bio_err, "Error Creating Output File\n");
 			ERR_print_errors(bio_err);	
 			goto end;
 			}
-    } else {
+		}
+	else
+		{
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -261,32 +286,40 @@ int MAIN(int argc, char **argv)
 #endif
 	}

-    if (sigfile) {
+	if (sigfile)
+		{
 		BIO *sigbio = BIO_new_file(sigfile, "rb");
-        if (!sigbio) {
-            BIO_printf(bio_err, "Can't open signature file %s\n", sigfile);
+		if (!sigbio)
+			{
+			BIO_printf(bio_err, "Can't open signature file %s\n",
+								sigfile);
 			goto end;
 			}
 		siglen = bio_to_mem(&sig, keysize * 10, sigbio);
 		BIO_free(sigbio);
-        if (siglen <= 0) {
+		if (siglen <= 0)
+			{
 			BIO_printf(bio_err, "Error reading signature data\n");
 			goto end;
 			}
 		}
 	
-    if (in) {
+	if (in)
+		{
 		/* Read the input data */
 		buf_inlen = bio_to_mem(&buf_in, keysize * 10, in);
-        if (buf_inlen <= 0) {
+		if(buf_inlen <= 0)
+			{
 			BIO_printf(bio_err, "Error reading input Data\n");
 			exit(1);
 			}
-        if (rev) {
+		if(rev)
+			{
 			size_t i;
 			unsigned char ctmp;
 			size_t l = (size_t)buf_inlen;
-            for (i = 0; i < l / 2; i++) {
+			for(i = 0; i < l/2; i++)
+				{
 				ctmp = buf_in[i];
 				buf_in[i] = buf_in[l - 1 - i];
 				buf_in[l - 1 - i] = ctmp;
@ -294,7 +327,8 @@ int MAIN(int argc, char **argv)
 			}
 		}

-    if (pkey_op == EVP_PKEY_OP_VERIFY) {
+	if(pkey_op == EVP_PKEY_OP_VERIFY)
+		{
 		rv  = EVP_PKEY_verify(ctx, sig, (size_t)siglen,
 				      buf_in, (size_t)buf_inlen);
 		if (rv == 0)
@ -303,10 +337,13 @@ int MAIN(int argc, char **argv)
 			BIO_puts(out, "Signature Verified Successfully\n");
 		if (rv >= 0)
 			goto end;
-    } else {
+		}
+	else
+		{	
 		rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
 			      buf_in, (size_t)buf_inlen);
-        if (rv > 0) {
+		if (rv > 0)
+			{
 			buf_out = OPENSSL_malloc(buf_outlen);
 			if (!buf_out)
 				rv = -1;
@ -317,16 +354,19 @@ int MAIN(int argc, char **argv)
 			}
 		}

-    if (rv <= 0) {
+	if(rv <= 0)
+		{
 		BIO_printf(bio_err, "Public Key operation error\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	ret = 0;
-    if (asn1parse) {
+	if(asn1parse)
+		{
 		if(!ASN1_parse_dump(out, buf_out, buf_outlen, 1, -1))
 			ERR_print_errors(bio_err);
-    } else if (hexdump)
+		}
+	else if(hexdump)
 		BIO_dump(out, (char *)buf_out, buf_outlen);
 	else
 		BIO_write(out, buf_out, buf_outlen);
@ -350,25 +390,21 @@ static void usage()
 	BIO_printf(bio_err, "Usage: pkeyutl [options]\n");
 	BIO_printf(bio_err, "-in file        input file\n");
 	BIO_printf(bio_err, "-out file       output file\n");
-    BIO_printf(bio_err,
-               "-sigfile file signature file (verify operation only)\n");
+	BIO_printf(bio_err, "-sigfile file signature file (verify operation only)\n");
 	BIO_printf(bio_err, "-inkey file     input key\n");
 	BIO_printf(bio_err, "-keyform arg    private key format - default PEM\n");
 	BIO_printf(bio_err, "-pubin          input is a public key\n");
-    BIO_printf(bio_err,
-               "-certin         input is a certificate carrying a public key\n");
+	BIO_printf(bio_err, "-certin         input is a certificate carrying a public key\n");
 	BIO_printf(bio_err, "-pkeyopt X:Y    public key options\n");
 	BIO_printf(bio_err, "-sign           sign with private key\n");
 	BIO_printf(bio_err, "-verify         verify with public key\n");
-    BIO_printf(bio_err,
-               "-verifyrecover  verify with public key, recover original data\n");
+	BIO_printf(bio_err, "-verifyrecover  verify with public key, recover original data\n");
 	BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
 	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
 	BIO_printf(bio_err, "-derive         derive shared secret\n");
 	BIO_printf(bio_err, "-hexdump        hex dump output\n");
 #ifndef OPENSSL_NO_ENGINE
-    BIO_printf(bio_err,
-               "-engine e       use engine e, possibly a hardware device.\n");
+	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 #endif
 	BIO_printf(bio_err, "-passin arg     pass phrase source\n");

@ -385,15 +421,18 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
 	X509 *x;
 	if(((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT) 
 		|| (pkey_op == EVP_PKEY_OP_DERIVE))
-        && (key_type != KEY_PRIVKEY)) {
+		&& (key_type != KEY_PRIVKEY))
+		{
 		BIO_printf(bio_err, "A private key is needed for this operation\n");
 		goto end;
 		}
-    if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+		{
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 		}
-    switch (key_type) {
+	switch(key_type)
+		{
 		case KEY_PRIVKEY:
 		pkey = load_key(bio_err, keyfile, keyform, 0,
 			passin, e, "Private Key");
@ -405,8 +444,10 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
 		break;

 		case KEY_CERT:
-        x = load_cert(bio_err, keyfile, keyform, NULL, e, "Certificate");
-        if (x) {
+		x = load_cert(bio_err, keyfile, keyform,
+			NULL, e, "Certificate");
+		if(x)
+			{
 			pkey = X509_get_pubkey(x);
 			X509_free(x);
 			}
@ -426,7 +467,8 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
 	if (!ctx)
 		goto end;

-    switch (pkey_op) {
+	switch(pkey_op)
+		{
 		case EVP_PKEY_OP_SIGN:
 		rv = EVP_PKEY_sign_init(ctx);
 		break;
@ -452,7 +494,8 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,
 		break;
 		}

-    if (rv <= 0) {
+	if (rv <= 0)
+		{
 		EVP_PKEY_CTX_free(ctx);
 		ctx = NULL;
 		}
@ -464,6 +507,7 @@ static EVP_PKEY_CTX *init_ctx(int *pkeysize,

 	return ctx;

+
 	}

 static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
@ -471,14 +515,16 @@ static int setup_peer(BIO *err, EVP_PKEY_CTX *ctx, int peerform,
 	{
 	EVP_PKEY *peer = NULL;
 	int ret;
-    if (!ctx) {
+	if (!ctx)
+		{
 		BIO_puts(err, "-peerkey command before -inkey\n");
 		return 0;
 		}
 		
 	peer = load_pubkey(bio_err, file, peerform, 0, NULL, NULL, "Peer Key");

-    if (!peer) {
+	if (!peer)
+		{
 		BIO_printf(bio_err, "Error reading peer key %s\n", file);
 		ERR_print_errors(err);
 		return 0;
@ -497,7 +543,8 @@ static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
 		unsigned char *in, size_t inlen)
 	{
 	int rv = 0;
-    switch (pkey_op) {
+	switch(pkey_op)
+		{
 		case EVP_PKEY_OP_VERIFYRECOVER:
 		rv  = EVP_PKEY_verify_recover(ctx, out, poutlen, in, inlen);
 		break;
--- a/apps/prime.c
+++ b/apps/prime.c
@ -52,6 +52,7 @@
 #include "apps.h"
 #include <openssl/bn.h>

+
 #undef PROG
 #define PROG prime_main

@ -75,7 +76,8 @@ int MAIN(int argc, char **argv)

    --argc;
    ++argv;
-    while (argc >= 1 && **argv == '-') {
+    while (argc >= 1 && **argv == '-')
+	{
 	if(!strcmp(*argv,"-hex"))
 	    hex=1;
 	else if(!strcmp(*argv,"-generate"))
@ -92,7 +94,8 @@ int MAIN(int argc, char **argv)
 		goto bad;
 	    else
 		checks=atoi(*++argv);
-        else {
+	else
+	    {
 	    BIO_printf(bio_err,"Unknown option '%s'\n",*argv);
 	    goto bad;
 	    }
@ -100,12 +103,14 @@ int MAIN(int argc, char **argv)
 	++argv;
 	}

-    if (argv[0] == NULL && !generate) {
+    if (argv[0] == NULL && !generate)
+	{
 	BIO_printf(bio_err,"No prime specified\n");
 	goto bad;
 	}

-    if ((bio_out = BIO_new(BIO_s_file())) != NULL) {
+    if ((bio_out=BIO_new(BIO_s_file())) != NULL)
+	{
 	BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 	    {
@ -115,10 +120,12 @@ int MAIN(int argc, char **argv)
 #endif
 	}

-    if (generate) {
+    if(generate)
+	{
 	char *s;

-        if (!bits) {
+	if(!bits)
+	    {
 	    BIO_printf(bio_err,"Specifiy the number of bits.\n");
 	    return 1;
 	    }
@ -127,7 +134,9 @@ int MAIN(int argc, char **argv)
 	s=hex ? BN_bn2hex(bn) : BN_bn2dec(bn);
 	BIO_printf(bio_out,"%s\n",s);
 	OPENSSL_free(s);
-    } else {
+	}
+    else
+	{
 	if(hex)
 	    BN_hex2bn(&bn,argv[0]);
 	else
--- a/apps/rand.c
+++ b/apps/rand.c
@ -66,8 +66,7 @@
 #undef PROG
 #define PROG rand_main

-/*-
- * -out file         - write to file
+/* -out file         - write to file
 * -rand file:file   - PRNG seed files
 * -base64           - base64 encode output
 * -hex              - hex encode output
@ -101,44 +100,57 @@ int MAIN(int argc, char **argv)

 	badopt = 0;
 	i = 0;
-    while (!badopt && argv[++i] != NULL) {
-        if (strcmp(argv[i], "-out") == 0) {
+	while (!badopt && argv[++i] != NULL)
+		{
+		if (strcmp(argv[i], "-out") == 0)
+			{
 			if ((argv[i+1] != NULL) && (outfile == NULL))
 				outfile = argv[++i];
 			else
 				badopt = 1;
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(argv[i], "-engine") == 0) {
+		else if (strcmp(argv[i], "-engine") == 0)
+			{
 			if ((argv[i+1] != NULL) && (engine == NULL))
 				engine = argv[++i];
 			else
 				badopt = 1;
 			}
 #endif
-        else if (strcmp(argv[i], "-rand") == 0) {
+		else if (strcmp(argv[i], "-rand") == 0)
+			{
 			if ((argv[i+1] != NULL) && (inrand == NULL))
 				inrand = argv[++i];
 			else
 				badopt = 1;
-        } else if (strcmp(argv[i], "-base64") == 0) {
+			}
+		else if (strcmp(argv[i], "-base64") == 0)
+			{
 			if (!base64)
 				base64 = 1;
 			else
 				badopt = 1;
-        } else if (strcmp(argv[i], "-hex") == 0) {
+			}
+		else if (strcmp(argv[i], "-hex") == 0)
+			{
 			if (!hex)
 				hex = 1;
 			else
 				badopt = 1;
-        } else if (isdigit((unsigned char)argv[i][0])) {
-            if (num < 0) {
+			}
+		else if (isdigit((unsigned char)argv[i][0]))
+			{
+			if (num < 0)
+				{
 				r = sscanf(argv[i], "%d", &num);
 				if (r == 0 || num < 0)
 					badopt = 1;
-            } else
+				}
+			else
 				badopt = 1;
-        } else
+			}
+		else
 			badopt = 1;
 		}

@ -148,20 +160,20 @@ int MAIN(int argc, char **argv)
 	if (num < 0)
 		badopt = 1;
 	
-    if (badopt) {
+	if (badopt) 
+		{
 		BIO_printf(bio_err, "Usage: rand [options] num\n");
 		BIO_printf(bio_err, "where options are\n");
 		BIO_printf(bio_err, "-out file             - write to file\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   "-engine e             - use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err, "-engine e             - use engine e, possibly a hardware device.\n");
 #endif
-        BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n",
-                   LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
 		BIO_printf(bio_err, "-base64               - base64 encode output\n");
 		BIO_printf(bio_err, "-hex                  - hex encode output\n");
 		goto err;
 		}
+
 #ifndef OPENSSL_NO_ENGINE
        setup_engine(bio_err, engine, 0);
 #endif
@ -176,7 +188,8 @@ int MAIN(int argc, char **argv)
 		goto err;
 	if (outfile != NULL)
 		r = BIO_write_filename(out, outfile);
-    else {
+	else
+		{
 		r = BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -188,14 +201,16 @@ int MAIN(int argc, char **argv)
 	if (r <= 0)
 		goto err;

-    if (base64) {
+	if (base64)
+		{
 		BIO *b64 = BIO_new(BIO_f_base64());
 		if (b64 == NULL)
 			goto err;
 		out = BIO_push(b64, out);
 		}
 	
-    while (num > 0) {
+	while (num > 0) 
+		{
 		unsigned char buf[4096];
 		int chunk;

@ -207,7 +222,8 @@ int MAIN(int argc, char **argv)
 			goto err;
 		if (!hex) 
 			BIO_write(out, buf, chunk);
-        else {
+		else
+			{
 			for (i = 0; i < chunk; i++)
 				BIO_printf(out, "%02x", buf[i]);
 			}
--- a/apps/req.c
+++ b/apps/req.c
--- a/apps/rsa.c
+++ b/apps/rsa.c
@ -74,8 +74,7 @@
 #undef PROG
 #define PROG	rsa_main

-/*-
- * -inform arg  - input format - default PEM (one of DER, NET or PEM)
+/* -inform arg	- input format - default PEM (one of DER, NET or PEM)
 * -outform arg - output format - default PEM
 * -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
@ -135,36 +134,42 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-passin") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargin= *(++argv);
-        } else if (strcmp(*argv, "-passout") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
@ -192,7 +197,8 @@ int MAIN(int argc, char **argv)
 			modulus=1;
 		else if (strcmp(*argv,"-check") == 0)
 			check=1;
-        else if ((enc = EVP_get_cipherbyname(&(argv[0][1]))) == NULL) {
+		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -201,53 +207,42 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
 		BIO_printf(bio_err,"where options are\n");
-        BIO_printf(bio_err,
-                   " -inform arg     input format - one of DER NET PEM\n");
-        BIO_printf(bio_err,
-                   " -outform arg    output format - one of DER NET PEM\n");
+		BIO_printf(bio_err," -inform arg     input format - one of DER NET PEM\n");
+		BIO_printf(bio_err," -outform arg    output format - one of DER NET PEM\n");
 		BIO_printf(bio_err," -in arg         input file\n");
 		BIO_printf(bio_err," -sgckey         Use IIS SGC key format\n");
-        BIO_printf(bio_err,
-                   " -passin arg     input file pass phrase source\n");
+		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
 		BIO_printf(bio_err," -out arg        output file\n");
-        BIO_printf(bio_err,
-                   " -passout arg    output file pass phrase source\n");
-        BIO_printf(bio_err,
-                   " -des            encrypt PEM output with cbc des\n");
-        BIO_printf(bio_err,
-                   " -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
+		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
+		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
+		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
 #ifndef OPENSSL_NO_IDEA
-        BIO_printf(bio_err,
-                   " -idea           encrypt PEM output with cbc idea\n");
+		BIO_printf(bio_err," -idea           encrypt PEM output with cbc idea\n");
 #endif
 #ifndef OPENSSL_NO_SEED
-        BIO_printf(bio_err,
-                   " -seed           encrypt PEM output with cbc seed\n");
+		BIO_printf(bio_err," -seed           encrypt PEM output with cbc seed\n");
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc aes\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n");
-        BIO_printf(bio_err,
-                   "                 encrypt PEM output with cbc camellia\n");
+		BIO_printf(bio_err,"                 encrypt PEM output with cbc camellia\n");
 #endif
 		BIO_printf(bio_err," -text           print the key in text\n");
 		BIO_printf(bio_err," -noout          don't print key out\n");
 		BIO_printf(bio_err," -modulus        print the RSA key modulus\n");
 		BIO_printf(bio_err," -check          verify key consistency\n");
-        BIO_printf(bio_err,
-                   " -pubin          expect a public key in input file\n");
+		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
 		BIO_printf(bio_err," -pubout         output a public key\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e       use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
 #endif
 		goto end;
 		}
@ -273,21 +268,25 @@ int MAIN(int argc, char **argv)
 	{
 		EVP_PKEY	*pkey;

-        if (pubin) {
+		if (pubin)
+			{
 			int tmpformat=-1;
-            if (pubin == 2) {
+			if (pubin == 2)
+				{
 				if (informat == FORMAT_PEM)
 					tmpformat = FORMAT_PEMRSA;
 				else if (informat == FORMAT_ASN1)
 					tmpformat = FORMAT_ASN1RSA;
-            } else if (informat == FORMAT_NETSCAPE && sgckey)
+				}
+			else if (informat == FORMAT_NETSCAPE && sgckey)
 				tmpformat = FORMAT_IISSGC;
 			else
 				tmpformat = informat;
 					
 			pkey = load_pubkey(bio_err, infile, tmpformat, 1,
 				passin, e, "Public Key");
-        } else
+			}
+		else
 			pkey = load_key(bio_err, infile,
 				(informat == FORMAT_NETSCAPE && sgckey ?
 					FORMAT_IISSGC : informat), 1,
@ -298,12 +297,14 @@ int MAIN(int argc, char **argv)
 		EVP_PKEY_free(pkey);
 	}

-    if (rsa == NULL) {
+	if (rsa == NULL)
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

-    if (outfile == NULL) {
+	if (outfile == NULL)
+		{
 		BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -311,73 +312,84 @@ int MAIN(int argc, char **argv)
 		out = BIO_push(tmpbio, out);
 		}
 #endif
-    } else {
-        if (BIO_write_filename(out, outfile) <= 0) {
+		}
+	else
+		{
+		if (BIO_write_filename(out,outfile) <= 0)
+			{
 			perror(outfile);
 			goto end;
 			}
 		}

 	if (text) 
-        if (!RSA_print(out, rsa, 0)) {
+		if (!RSA_print(out,rsa,0))
+			{
 			perror(outfile);
 			ERR_print_errors(bio_err);
 			goto end;
 			}

-    if (modulus) {
+	if (modulus)
+		{
 		BIO_printf(out,"Modulus=");
 		BN_print(out,rsa->n);
 		BIO_printf(out,"\n");
 		}

-    if (check) {
+	if (check)
+		{
 		int r = RSA_check_key(rsa);

 		if (r == 1)
 			BIO_printf(out,"RSA key ok\n");
-        else if (r == 0) {
+		else if (r == 0)
+			{
 			unsigned long err;

 			while ((err = ERR_peek_error()) != 0 &&
 				ERR_GET_LIB(err) == ERR_LIB_RSA &&
 				ERR_GET_FUNC(err) == RSA_F_RSA_CHECK_KEY &&
-                   ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE) {
-                BIO_printf(out, "RSA key error: %s\n",
-                           ERR_reason_error_string(err));
+				ERR_GET_REASON(err) != ERR_R_MALLOC_FAILURE)
+				{
+				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(err));
 				ERR_get_error(); /* remove e from error stack */
 				}
 			}
 		
-        if (r == -1 || ERR_peek_error() != 0) { /* should happen only if r ==
-                                                 * -1 */
+		if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}
 		
-    if (noout) {
+	if (noout)
+		{
 		ret = 0;
 		goto end;
 		}
 	BIO_printf(bio_err,"writing RSA key\n");
 	if 	(outformat == FORMAT_ASN1) {
-        if (pubout || pubin) {
+		if(pubout || pubin) 
+			{
 			if (pubout == 2)
 				i=i2d_RSAPublicKey_bio(out,rsa);
 			else
 				i=i2d_RSA_PUBKEY_bio(out,rsa);
-        } else
-            i = i2d_RSAPrivateKey_bio(out, rsa);
+			}
+		else i=i2d_RSAPrivateKey_bio(out,rsa);
 	}
 #ifndef OPENSSL_NO_RC4
-    else if (outformat == FORMAT_NETSCAPE) {
+	else if (outformat == FORMAT_NETSCAPE)
+		{
 		unsigned char *p,*pp;
 		int size;

 		i=1;
 		size=i2d_RSA_NET(rsa,NULL,NULL, sgckey);
-        if ((p = (unsigned char *)OPENSSL_malloc(size)) == NULL) {
+		if ((p=(unsigned char *)OPENSSL_malloc(size)) == NULL)
+			{
 			BIO_printf(bio_err,"Memory allocation failure\n");
 			goto end;
 			}
@ -388,13 +400,14 @@ int MAIN(int argc, char **argv)
 		}
 #endif
 	else if (outformat == FORMAT_PEM) {
-        if (pubout || pubin) {
+		if(pubout || pubin)
+			{
 			if (pubout == 2)
 		    		i=PEM_write_bio_RSAPublicKey(out,rsa);
 			else
 		    		i=PEM_write_bio_RSA_PUBKEY(out,rsa);
-        } else
-            i = PEM_write_bio_RSAPrivateKey(out, rsa,
+			}
+		else i=PEM_write_bio_RSAPrivateKey(out,rsa,
 						enc,NULL,0,NULL,passout);
 #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_RC4)
 	} else if (outformat == FORMAT_MSBLOB || outformat == FORMAT_PVK) {
@ -413,20 +426,18 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err,"bad output format specified for outfile\n");
 		goto end;
 		}
-    if (i <= 0) {
+	if (i <= 0)
+		{
 		BIO_printf(bio_err,"unable to write key\n");
 		ERR_print_errors(bio_err);
-    } else
+		}
+	else
 		ret=0;
 end:
-    if (out != NULL)
-        BIO_free_all(out);
-    if (rsa != NULL)
-        RSA_free(rsa);
-    if (passin)
-        OPENSSL_free(passin);
-    if (passout)
-        OPENSSL_free(passout);
+	if(out != NULL) BIO_free_all(out);
+	if(rsa != NULL) RSA_free(rsa);
+	if(passin) OPENSSL_free(passin);
+	if(passout) OPENSSL_free(passout);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@ -1,7 +1,6 @@
 /* rsautl.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 2000.
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2000.
 */
 /* ====================================================================
 * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
@ -109,8 +108,7 @@ int MAIN(int argc, char **argv)
 	argc--;
 	argv++;

-    if (!bio_err)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+	if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);

 	if (!load_config(bio_err, NULL))
 		goto end;
@ -118,7 +116,8 @@ int MAIN(int argc, char **argv)
 	OpenSSL_add_all_algorithms();
 	pad = RSA_PKCS1_PADDING;
 	
-    while (argc >= 1) {
+	while(argc >= 1)
+	{
 		if (!strcmp(*argv,"-in")) {
 			if (--argc < 1)
 				badarg = 1;
@ -155,34 +154,24 @@ int MAIN(int argc, char **argv)
 			key_type = KEY_PUBKEY;
 		} else if(!strcmp(*argv, "-certin")) {
 			key_type = KEY_CERT;
-        } else if (!strcmp(*argv, "-asn1parse"))
-            asn1parse = 1;
-        else if (!strcmp(*argv, "-hexdump"))
-            hexdump = 1;
-        else if (!strcmp(*argv, "-raw"))
-            pad = RSA_NO_PADDING;
-        else if (!strcmp(*argv, "-oaep"))
-            pad = RSA_PKCS1_OAEP_PADDING;
-        else if (!strcmp(*argv, "-ssl"))
-            pad = RSA_SSLV23_PADDING;
-        else if (!strcmp(*argv, "-pkcs"))
-            pad = RSA_PKCS1_PADDING;
-        else if (!strcmp(*argv, "-x931"))
-            pad = RSA_X931_PADDING;
+		} 
+		else if(!strcmp(*argv, "-asn1parse")) asn1parse = 1;
+		else if(!strcmp(*argv, "-hexdump")) hexdump = 1;
+		else if(!strcmp(*argv, "-raw")) pad = RSA_NO_PADDING;
+		else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
+		else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
+		else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
+		else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
 		else if(!strcmp(*argv, "-sign")) {
 			rsa_mode = RSA_SIGN;
 			need_priv = 1;
-        } else if (!strcmp(*argv, "-verify"))
-            rsa_mode = RSA_VERIFY;
-        else if (!strcmp(*argv, "-rev"))
-            rev = 1;
-        else if (!strcmp(*argv, "-encrypt"))
-            rsa_mode = RSA_ENCRYPT;
+		} else if(!strcmp(*argv, "-verify")) rsa_mode = RSA_VERIFY;
+		else if(!strcmp(*argv, "-rev")) rev = 1;
+		else if(!strcmp(*argv, "-encrypt")) rsa_mode = RSA_ENCRYPT;
 		else if(!strcmp(*argv, "-decrypt")) {
 			rsa_mode = RSA_DECRYPT;
 			need_priv = 1;
-        } else
-            badarg = 1;
+		} else badarg = 1;
 		if(badarg) {
 			usage();
 			goto end;
@ -195,6 +184,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "A private key is needed for this operation\n");
 		goto end;
 	}
+
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif
@ -218,7 +208,8 @@ int MAIN(int argc, char **argv)
 		break;

 		case KEY_CERT:
-        x = load_cert(bio_err, keyfile, keyform, NULL, e, "Certificate");
+		x = load_cert(bio_err, keyfile, keyform,
+			NULL, e, "Certificate");
 		if(x) {
 			pkey = X509_get_pubkey(x);
 			X509_free(x);
@ -239,14 +230,14 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

+
 	if(infile) {
 		if(!(in = BIO_new_file(infile, "rb"))) {
 			BIO_printf(bio_err, "Error Reading Input File\n");
 			ERR_print_errors(bio_err);	
 			goto end;
 		}
-    } else
-        in = BIO_new_fp(stdin, BIO_NOCLOSE);
+	} else in = BIO_new_fp(stdin, BIO_NOCLOSE);

 	if(outfile) {
 		if(!(out = BIO_new_file(outfile, "wb"))) {
@ -268,11 +259,6 @@ int MAIN(int argc, char **argv)

 	rsa_in = OPENSSL_malloc(keysize * 2);
 	rsa_out = OPENSSL_malloc(keysize);
-    if (!rsa_in || !rsa_out) {
-        BIO_printf(bio_err, "Out of memory\n");
-        ERR_print_errors(bio_err);
-        goto end;
-    }

 	/* Read the input data */
 	rsa_inlen = BIO_read(in, rsa_in, keysize * 2);
@ -296,8 +282,7 @@ int MAIN(int argc, char **argv)
 		break;

 		case RSA_SIGN:
-        rsa_outlen =
-            RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+			rsa_outlen  = RSA_private_encrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
 		break;

 		case RSA_ENCRYPT:
@ -305,8 +290,7 @@ int MAIN(int argc, char **argv)
 		break;

 		case RSA_DECRYPT:
-        rsa_outlen =
-            RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
+			rsa_outlen  = RSA_private_decrypt(rsa_inlen, rsa_in, rsa_out, rsa, pad);
 		break;

 	}
@ -321,20 +305,15 @@ int MAIN(int argc, char **argv)
 		if(!ASN1_parse_dump(out, rsa_out, rsa_outlen, 1, -1)) {
 			ERR_print_errors(bio_err);
 		}
-    } else if (hexdump)
-        BIO_dump(out, (char *)rsa_out, rsa_outlen);
-    else
-        BIO_write(out, rsa_out, rsa_outlen);
+	} else if(hexdump) BIO_dump(out, (char *)rsa_out, rsa_outlen);
+	else BIO_write(out, rsa_out, rsa_outlen);
 	end:
 	RSA_free(rsa);
 	BIO_free(in);
 	BIO_free_all(out);
-    if (rsa_in)
-        OPENSSL_free(rsa_in);
-    if (rsa_out)
-        OPENSSL_free(rsa_out);
-    if (passin)
-        OPENSSL_free(passin);
+	if(rsa_in) OPENSSL_free(rsa_in);
+	if(rsa_out) OPENSSL_free(rsa_out);
+	if(passin) OPENSSL_free(passin);
 	return ret;
 }

@ -346,12 +325,10 @@ static void usage()
 	BIO_printf(bio_err, "-inkey file     input key\n");
 	BIO_printf(bio_err, "-keyform arg    private key format - default PEM\n");
 	BIO_printf(bio_err, "-pubin          input is an RSA public\n");
-    BIO_printf(bio_err,
-               "-certin         input is a certificate carrying an RSA public key\n");
+	BIO_printf(bio_err, "-certin         input is a certificate carrying an RSA public key\n");
 	BIO_printf(bio_err, "-ssl            use SSL v2 padding\n");
 	BIO_printf(bio_err, "-raw            use no padding\n");
-    BIO_printf(bio_err,
-               "-pkcs           use PKCS#1 v1.5 padding (default)\n");
+	BIO_printf(bio_err, "-pkcs           use PKCS#1 v1.5 padding (default)\n");
 	BIO_printf(bio_err, "-oaep           use PKCS#1 OAEP\n");
 	BIO_printf(bio_err, "-sign           sign with private key\n");
 	BIO_printf(bio_err, "-verify         verify with public key\n");
@ -359,8 +336,7 @@ static void usage()
 	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
 	BIO_printf(bio_err, "-hexdump        hex dump output\n");
 #ifndef OPENSSL_NO_ENGINE
-    BIO_printf(bio_err,
-               "-engine e       use engine e, possibly a hardware device.\n");
+	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
 	BIO_printf (bio_err, "-passin arg    pass phrase source\n");
 #endif

--- a/apps/s_apps.h
+++ b/apps/s_apps.h
@ -108,8 +108,7 @@
 * Hudson (tjh@cryptsoft.com).
 *
 */
-/* conflicts with winsock2 stuff on netware */
-#if !defined(OPENSSL_SYS_NETWARE)
+#if !defined(OPENSSL_SYS_NETWARE)  /* conflicts with winsock2 stuff on netware */
 #include <sys/types.h>
 #endif
 #include <openssl/opensslconf.h>
@ -123,9 +122,7 @@
 #endif

 #if defined(OPENSSL_SYS_VMS) && !defined(FD_SET)
-/*
- * VAX C does not defined fd_set and friends, but it's actually quite simple
- */
+/* VAX C does not defined fd_set and friends, but it's actually quite simple */
 /* These definitions are borrowed from SOCKETSHR.	/Richard Levitte */
 #define MAX_NOFILE	32
 #define	NBBY		 8		/* number of bits in a byte	*/
@ -151,34 +148,54 @@ typedef fd_mask fd_set;
 #define PORT_STR        "4433"
 #define PROTOCOL        "tcp"

-int do_server(int port, int type, int *ret,
-              int (*cb) (char *hostname, int s, unsigned char *context),
-              unsigned char *context);
+int do_server(int port, int type, int *ret, int (*cb) (char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept);
 #ifdef HEADER_X509_H
 int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
 #endif
 #ifdef HEADER_SSL_H
 int set_cert_stuff(SSL_CTX *ctx, char *cert_file, char *key_file);
-int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key);
+int set_cert_key_stuff(SSL_CTX *ctx, X509 *cert, EVP_PKEY *key,
+					STACK_OF(X509) *chain, int build_chain);
+int ssl_print_sigalgs(BIO *out, SSL *s);
+int ssl_print_point_formats(BIO *out, SSL *s);
+int ssl_print_curves(BIO *out, SSL *s, int noshared);
 #endif
+int ssl_print_tmp_key(BIO *out, SSL *s);
 int init_client(int *sock, char *server, int port, int type);
 int should_retry(int i);
 int extract_port(char *str, short *port_ptr);
-int extract_host_port(char *str, char **host_ptr, unsigned char *ip,
-                      short *p);
+int extract_host_port(char *str,char **host_ptr,unsigned char *ip,short *p);

 long MS_CALLBACK bio_dump_callback(BIO *bio, int cmd, const char *argp,
 				   int argi, long argl, long ret);

 #ifdef HEADER_SSL_H
 void MS_CALLBACK apps_ssl_info_callback(const SSL *s, int where, int ret);
-void MS_CALLBACK msg_cb(int write_p, int version, int content_type,
-                        const void *buf, size_t len, SSL *ssl, void *arg);
+void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg);
 void MS_CALLBACK tlsext_cb(SSL *s, int client_server, int type,
-                           unsigned char *data, int len, void *arg);
+					unsigned char *data, int len,
+					void *arg);
 #endif

-int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie,
-                                         unsigned int *cookie_len);
-int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie,
-                                       unsigned int cookie_len);
+int MS_CALLBACK generate_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len);
+int MS_CALLBACK verify_cookie_callback(SSL *ssl, unsigned char *cookie, unsigned int cookie_len);
+
+typedef struct ssl_excert_st SSL_EXCERT;
+
+void ssl_ctx_set_excert(SSL_CTX *ctx, SSL_EXCERT *exc);
+void ssl_excert_free(SSL_EXCERT *exc);
+int args_excert(char ***pargs, int *pargc,
+			int *badarg, BIO *err, SSL_EXCERT **pexc);
+int load_excert(SSL_EXCERT **pexc, BIO *err);
+void print_ssl_summary(BIO *bio, SSL *s);
+#ifdef HEADER_SSL_H
+int args_ssl(char ***pargs, int *pargc, SSL_CONF_CTX *cctx,
+			int *badarg, BIO *err, STACK_OF(OPENSSL_STRING) **pstr);
+int args_ssl_call(SSL_CTX *ctx, BIO *err, SSL_CONF_CTX *cctx,
+		STACK_OF(OPENSSL_STRING) *str, int no_ecdhe, int no_jpake);
+int ssl_ctx_add_crls(SSL_CTX *ctx, STACK_OF(X509_CRL) *crls, int crl_download);
+int ssl_load_stores(SSL_CTX *ctx,
+			const char *vfyCApath, const char *vfyCAfile,
+			const char *chCApath, const char *chCAfile,
+			STACK_OF(X509_CRL) *crls, int crl_download);
+#endif
--- a/apps/s_cb.c
+++ b/apps/s_cb.c
--- a/apps/s_client.c
+++ b/apps/s_client.c
--- a/apps/s_server.c
+++ b/apps/s_server.c
--- a/apps/s_socket.c
+++ b/apps/s_socket.c
@ -1,6 +1,4 @@
-/*
- * apps/s_socket.c - socket-related functions used by s_client and s_server
- */
+/* apps/s_socket.c -  socket-related functions used by s_client and s_server */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@ -70,12 +68,10 @@
 #include "../e_os2.h"
 #endif

-/*
- * With IPv6, it looks like Digital has mixed up the proper order of
- * recursive header file inclusion, resulting in the compiler complaining
- * that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which is
- * needed to have fileno() declared correctly...  So let's define u_int
- */
+/* With IPv6, it looks like Digital has mixed up the proper order of
+   recursive header file inclusion, resulting in the compiler complaining
+   that u_int isn't defined, but only if _POSIX_C_SOURCE is defined, which
+   is needed to have fileno() declared correctly...  So let's define u_int */
 #if defined(OPENSSL_SYS_VMS_DECC) && !defined(__U_INT)
 #define __U_INT
 typedef unsigned int u_int;
@ -135,8 +131,10 @@ extern HINSTANCE _hInstance;    /* nice global CRT provides */
 static LONG FAR PASCAL topHookProc(HWND hwnd, UINT message, WPARAM wParam,
 	     LPARAM lParam)
 	{
-    if (hwnd == topWnd) {
-        switch (message) {
+	if (hwnd == topWnd)
+		{
+		switch(message)
+			{
 		case WM_DESTROY:
 		case WM_CLOSE:
 			SetWindowLong(topWnd,GWL_WNDPROC,(LONG)lpTopWndProc);
@ -159,7 +157,8 @@ static BOOL CALLBACK enumproc(HWND hwnd, LPARAM lParam)
 #ifdef OPENSSL_SYS_WINDOWS
 static void ssl_sock_cleanup(void)
 	{
-    if (wsa_init_done) {
+	if (wsa_init_done)
+		{
 		wsa_init_done=0;
 #ifndef OPENSSL_SYS_WINCE
 		WSACancelBlockingCall();
@ -170,7 +169,8 @@ static void ssl_sock_cleanup(void)
 #elif defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK)
 static void sock_cleanup(void)
    {
-    if (wsa_init_done) {
+    if (wsa_init_done)
+        {
        wsa_init_done=0;
 		WSACleanup();
 		}
@ -185,7 +185,8 @@ static int ssl_sock_init(void)
 	if (sock_init())
 		return (0);
 #elif defined(OPENSSL_SYS_WINDOWS)
-    if (!wsa_init_done) {
+	if (!wsa_init_done)
+		{
 		int err;
 	  
 #ifdef SIGINT
@ -193,12 +194,13 @@ static int ssl_sock_init(void)
 #endif
 		wsa_init_done=1;
 		memset(&wsa_state,0,sizeof(wsa_state));
-        if (WSAStartup(0x0101, &wsa_state) != 0) {
+		if (WSAStartup(0x0101,&wsa_state)!=0)
+			{
 			err=WSAGetLastError();
-            BIO_printf(bio_err, "unable to start WINSOCK, error code=%d\n",
-                       err);
+			BIO_printf(bio_err,"unable to start WINSOCK, error code=%d\n",err);
 			return(0);
 			}
+
 #ifdef OPENSSL_SYS_WIN16
 		EnumTaskWindows(GetCurrentTask(),enumproc,0L);
 		lpTopWndProc=(FARPROC)GetWindowLong(topWnd,GWL_WNDPROC);
@ -212,7 +214,8 @@ static int ssl_sock_init(void)
   WSADATA wsaData;
   int err;

-    if (!wsa_init_done) {
+   if (!wsa_init_done)
+      {
   
 # ifdef SIGINT
      signal(SIGINT,(void (*)(int))sock_cleanup);
@ -221,9 +224,9 @@ static int ssl_sock_init(void)
      wsa_init_done=1;
      wVerReq = MAKEWORD( 2, 0 );
      err = WSAStartup(wVerReq,&wsaData);
-        if (err != 0) {
-            BIO_printf(bio_err, "unable to start WINSOCK2, error code=%d\n",
-                       err);
+      if (err != 0)
+         {
+         BIO_printf(bio_err,"unable to start WINSOCK2, error code=%d\n",err);
         return(0);
         }
      }
@ -247,8 +250,7 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
 	struct sockaddr_in them;
 	int s,i;

-    if (!ssl_sock_init())
-        return (0);
+	if (!ssl_sock_init()) return(0);

 	memset((char *)&them,0,sizeof(them));
 	them.sin_family=AF_INET;
@ -256,7 +258,8 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
 	addr=(unsigned long)
 		((unsigned long)ip[0]<<24L)|
 		((unsigned long)ip[1]<<16L)|
-        ((unsigned long)ip[2] << 8L) | ((unsigned long)ip[3]);
+		((unsigned long)ip[2]<< 8L)|
+		((unsigned long)ip[3]);
 	them.sin_addr.s_addr=htonl(addr);

 	if (type == SOCK_STREAM)
@ -264,61 +267,57 @@ static int init_client_ip(int *sock, unsigned char ip[4], int port, int type)
 	else /* ( type == SOCK_DGRAM) */
 		s=socket(AF_INET,SOCK_DGRAM,IPPROTO_UDP);
 			
-    if (s == INVALID_SOCKET) {
-        perror("socket");
-        return (0);
-    }
+	if (s == INVALID_SOCKET) { perror("socket"); return(0); }
+
 #if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE)
-    if (type == SOCK_STREAM) {
+	if (type == SOCK_STREAM)
+		{
 		i=0;
 		i=setsockopt(s,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i));
-        if (i < 0) {
-            closesocket(s);
-            perror("keepalive");
-            return (0);
-        }
+		if (i < 0) { closesocket(s); perror("keepalive"); return(0); }
 		}
 #endif

-    if (connect(s, (struct sockaddr *)&them, sizeof(them)) == -1) {
-        closesocket(s);
-        perror("connect");
-        return (0);
-    }
+	if (connect(s,(struct sockaddr *)&them,sizeof(them)) == -1)
+		{ closesocket(s); perror("connect"); return(0); }
 	*sock=s;
 	return(1);
 	}

-int do_server(int port, int type, int *ret,
-              int (*cb) (char *hostname, int s, unsigned char *context),
-              unsigned char *context)
+int do_server(int port, int type, int *ret, int (*cb)(char *hostname, int s, int stype, unsigned char *context), unsigned char *context, int naccept)
 	{
 	int sock;
 	char *name = NULL;
 	int accept_socket = 0;
 	int i;

-    if (!init_server(&accept_socket, port, type))
-        return (0);
+	if (!init_server(&accept_socket,port,type)) return(0);

-    if (ret != NULL) {
+	if (ret != NULL)
+		{
 		*ret=accept_socket;
 		/* return(1);*/
 		}
-    for (;;) {
-        if (type == SOCK_STREAM) {
-            if (do_accept(accept_socket, &sock, &name) == 0) {
+  	for (;;)
+  		{
+		if (type==SOCK_STREAM)
+			{
+			if (do_accept(accept_socket,&sock,&name) == 0)
+				{
 				SHUTDOWN(accept_socket);
 				return(0);
 				}
-        } else
+			}
+		else
 			sock = accept_socket;
-        i = (*cb) (name, sock, context);
-        if (name != NULL)
-            OPENSSL_free(name);
+		i=(*cb)(name,sock, type, context);
+		if (name != NULL) OPENSSL_free(name);
 		if (type==SOCK_STREAM)
 			SHUTDOWN2(sock);
-        if (i < 0) {
+		if (naccept != -1)
+			naccept--;
+		if (i < 0 || naccept == 0)
+			{
 			SHUTDOWN2(accept_socket);
 			return(i);
 			}
@ -331,8 +330,7 @@ static int init_server_long(int *sock, int port, char *ip, int type)
 	struct sockaddr_in server;
 	int s= -1;

-    if (!ssl_sock_init())
-        return (0);
+	if (!ssl_sock_init()) return(0);

 	memset((char *)&server,0,sizeof(server));
 	server.sin_family=AF_INET;
@ -352,27 +350,28 @@ static int init_server_long(int *sock, int port, char *ip, int type)
 		else /* type == SOCK_DGRAM */
 			s=socket(AF_INET, SOCK_DGRAM,IPPROTO_UDP);

-    if (s == INVALID_SOCKET)
-        goto err;
+	if (s == INVALID_SOCKET) goto err;
 #if defined SOL_SOCKET && defined SO_REUSEADDR
 		{
 		int j = 1;
-        setsockopt(s, SOL_SOCKET, SO_REUSEADDR, (void *)&j, sizeof j);
+		setsockopt(s, SOL_SOCKET, SO_REUSEADDR,
+			   (void *) &j, sizeof j);
 		}
 #endif
-    if (bind(s, (struct sockaddr *)&server, sizeof(server)) == -1) {
+	if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1)
+		{
 #ifndef OPENSSL_SYS_WINDOWS
 		perror("bind");
 #endif
 		goto err;
 		}
 	/* Make it 128 for linux */
-    if (type == SOCK_STREAM && listen(s, 128) == -1)
-        goto err;
+	if (type==SOCK_STREAM && listen(s,128) == -1) goto err;
 	*sock=s;
 	ret=1;
 err:
-    if ((ret == 0) && (s != -1)) {
+	if ((ret == 0) && (s != -1))
+		{
 		SHUTDOWN(s);
 		}
 	return(ret);
@ -391,8 +390,7 @@ static int do_accept(int acc_sock, int *sock, char **host)
 	int len;
 /*	struct linger ling; */

-    if (!ssl_sock_init())
-        return (0);
+	if (!ssl_sock_init()) return(0);

 #ifndef OPENSSL_SYS_WINDOWS
 redoit:
@ -400,23 +398,22 @@ static int do_accept(int acc_sock, int *sock, char **host)

 	memset((char *)&from,0,sizeof(from));
 	len=sizeof(from);
-    /*
-     * Note: under VMS with SOCKETSHR the fourth parameter is currently of
-     * type (int *) whereas under other systems it is (void *) if you don't
-     * have a cast it will choke the compiler: if you do have a cast then you
-     * can either go for (int *) or (void *).
+	/* Note: under VMS with SOCKETSHR the fourth parameter is currently
+	 * of type (int *) whereas under other systems it is (void *) if
+	 * you don't have a cast it will choke the compiler: if you do
+	 * have a cast then you can either go for (int *) or (void *).
 	 */
 	ret=accept(acc_sock,(struct sockaddr *)&from,(void *)&len);
-    if (ret == INVALID_SOCKET) {
+	if (ret == INVALID_SOCKET)
+		{
 #if defined(OPENSSL_SYS_WINDOWS) || (defined(OPENSSL_SYS_NETWARE) && !defined(NETWARE_BSDSOCK))
 		int i;
 		i=WSAGetLastError();
 		BIO_printf(bio_err,"accept error %d\n",i);
 #else
-        if (errno == EINTR) {
-            /*
-             * check_timeout();
-             */
+		if (errno == EINTR)
+			{
+			/*check_timeout(); */
 			goto redoit;
 			}
 		fprintf(stderr,"errno=%d ",errno);
@ -425,7 +422,7 @@ static int do_accept(int acc_sock, int *sock, char **host)
 		return(0);
 		}

-/*-
+/*
 	ling.l_onoff=1;
 	ling.l_linger=0;
 	i=setsockopt(ret,SOL_SOCKET,SO_LINGER,(char *)&ling,sizeof(ling));
@ -435,8 +432,7 @@ static int do_accept(int acc_sock, int *sock, char **host)
 	if (i < 0) { perror("keepalive"); return(0); }
 */

-    if (host == NULL)
-        goto end;
+	if (host == NULL) goto end;
 #ifndef BIT_FIELD_LIMITS
 	/* I should use WSAAsyncGetHostByName() under windows */
 	h1=gethostbyaddr((char *)&from.sin_addr.s_addr,
@ -445,12 +441,16 @@ static int do_accept(int acc_sock, int *sock, char **host)
 	h1=gethostbyaddr((char *)&from.sin_addr,
 		sizeof(struct in_addr),AF_INET);
 #endif
-    if (h1 == NULL) {
+	if (h1 == NULL)
+		{
 		BIO_printf(bio_err,"bad gethostbyaddr\n");
 		*host=NULL;
 		/* return(0); */
-    } else {
-        if ((*host = (char *)OPENSSL_malloc(strlen(h1->h_name) + 1)) == NULL) {
+		}
+	else
+		{
+		if ((*host=(char *)OPENSSL_malloc(strlen(h1->h_name)+1)) == NULL)
+			{
 			perror("OPENSSL_malloc");
 			closesocket(ret);
 			return(0);
@ -458,12 +458,14 @@ static int do_accept(int acc_sock, int *sock, char **host)
 		BUF_strlcpy(*host,h1->h_name,strlen(h1->h_name)+1);

 		h2=GetHostByName(*host);
-        if (h2 == NULL) {
+		if (h2 == NULL)
+			{
 			BIO_printf(bio_err,"gethostbyname failure\n");
 			closesocket(ret);
 			return(0);
 			}
-        if (h2->h_addrtype != AF_INET) {
+		if (h2->h_addrtype != AF_INET)
+			{
 			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
 			closesocket(ret);
 			return(0);
@ -481,7 +483,8 @@ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,

 	h=str;
 	p=strchr(str,':');
-    if (p == NULL) {
+	if (p == NULL)
+		{
 		BIO_printf(bio_err,"no port defined\n");
 		return(0);
 		}
@ -489,8 +492,7 @@ int extract_host_port(char *str, char **host_ptr, unsigned char *ip,

 	if ((ip != NULL) && !host_ip(str,ip))
 		goto err;
-    if (host_ptr != NULL)
-        *host_ptr = h;
+	if (host_ptr != NULL) *host_ptr=h;

 	if (!extract_port(p,port_ptr))
 		goto err;
@ -504,10 +506,11 @@ static int host_ip(char *str, unsigned char ip[4])
 	unsigned int in[4]; 
 	int i;

-    if (sscanf(str, "%u.%u.%u.%u", &(in[0]), &(in[1]), &(in[2]), &(in[3])) ==
-        4) {
+	if (sscanf(str,"%u.%u.%u.%u",&(in[0]),&(in[1]),&(in[2]),&(in[3])) == 4)
+		{
 		for (i=0; i<4; i++)
-            if (in[i] > 255) {
+			if (in[i] > 255)
+				{
 				BIO_printf(bio_err,"invalid IP address\n");
 				goto err;
 				}
@ -515,19 +518,22 @@ static int host_ip(char *str, unsigned char ip[4])
 		ip[1]=in[1];
 		ip[2]=in[2];
 		ip[3]=in[3];
-    } else {                    /* do a gethostbyname */
+		}
+	else
+		{ /* do a gethostbyname */
 		struct hostent *he;

-        if (!ssl_sock_init())
-            return (0);
+		if (!ssl_sock_init()) return(0);

 		he=GetHostByName(str);
-        if (he == NULL) {
+		if (he == NULL)
+			{
 			BIO_printf(bio_err,"gethostbyname failure\n");
 			goto err;
 			}
 		/* cast to short because of win16 winsock definition */
-        if ((short)he->h_addrtype != AF_INET) {
+		if ((short)he->h_addrtype != AF_INET)
+			{
 			BIO_printf(bio_err,"gethostbyname addr is not AF_INET\n");
 			return(0);
 			}
@ -549,9 +555,11 @@ int extract_port(char *str, short *port_ptr)
 	i=atoi(str);
 	if (i != 0)
 		*port_ptr=(unsigned short)i;
-    else {
+	else
+		{
 		s=getservbyname(str,"tcp");
-        if (s == NULL) {
+		if (s == NULL)
+			{
 			BIO_printf(bio_err,"getservbyname failure for %s\n",str);
 			return(0);
 			}
@ -561,7 +569,8 @@ int extract_port(char *str, short *port_ptr)
 	}

 #define GHBN_NUM	4
-static struct ghbn_cache_st {
+static struct ghbn_cache_st
+	{
 	char name[128];
 	struct hostent ent;
 	unsigned long order;
@ -576,30 +585,35 @@ static struct hostent *GetHostByName(char *name)
 	int i,lowi=0;
 	unsigned long low= (unsigned long)-1;

-    for (i = 0; i < GHBN_NUM; i++) {
-        if (low > ghbn_cache[i].order) {
+	for (i=0; i<GHBN_NUM; i++)
+		{
+		if (low > ghbn_cache[i].order)
+			{
 			low=ghbn_cache[i].order;
 			lowi=i;
 			}
-        if (ghbn_cache[i].order > 0) {
+		if (ghbn_cache[i].order > 0)
+			{
 			if (strncmp(name,ghbn_cache[i].name,128) == 0)
 				break;
 			}
 		}
-    if (i == GHBN_NUM) {        /* no hit */
+	if (i == GHBN_NUM) /* no hit*/
+		{
 		ghbn_miss++;
 		ret=gethostbyname(name);
-        if (ret == NULL)
-            return (NULL);
+		if (ret == NULL) return(NULL);
 		/* else add to cache */
-        if (strlen(name) < sizeof ghbn_cache[0].name) {
+		if(strlen(name) < sizeof ghbn_cache[0].name)
+			{
 			strcpy(ghbn_cache[lowi].name,name);
-            memcpy((char *)&(ghbn_cache[lowi].ent), ret,
-                   sizeof(struct hostent));
+			memcpy((char *)&(ghbn_cache[lowi].ent),ret,sizeof(struct hostent));
 			ghbn_cache[lowi].order=ghbn_miss+ghbn_hits;
 			}
 		return(ret);
-    } else {
+		}
+	else
+		{
 		ghbn_hits++;
 		ret= &(ghbn_cache[i].ent);
 		ghbn_cache[i].order=ghbn_miss+ghbn_hits;
--- a/apps/s_time.c
+++ b/apps/s_time.c
@ -58,7 +58,7 @@

 #define NO_SHUTDOWN

-/* ----------------------------------------
+/*-----------------------------------------
   s_time - SSL client connection timer program
   Written and donated by Larry Streepy <streepy@healthcare.com>
  -----------------------------------------*/
@ -93,10 +93,7 @@

 #define SSL_CONNECT_NAME	"localhost:4433"

-/* no default cert. */
-/*
- * #define TEST_CERT "client.pem"
- */
+/*#define TEST_CERT "client.pem" */ /* no default cert. */

 #undef BUFSIZZ
 #define BUFSIZZ 1024*10
@ -186,8 +183,7 @@ static void s_time_usage(void)

 	printf( "usage: s_time <args>\n\n" );

-    printf("-connect host:port - host:port to connect to (default is %s)\n",
-           SSL_CONNECT_NAME);
+	printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME);
 #ifdef FIONBIO
 	printf("-nbio         - Run with non-blocking IO\n");
 	printf("-ssl2         - Just use SSLv2\n");
@ -216,19 +212,20 @@ static int parseArgs(int argc, char **argv)
    argv++;

    while (argc >= 1) {
-        if (strcmp(*argv, "-connect") == 0) {
-            if (--argc < 1)
-                goto bad;
+	if (strcmp(*argv,"-connect") == 0)
+		{
+		if (--argc < 1) goto bad;
 		host= *(++argv);
 		}
 #if 0
-        else if (strcmp(*argv, "-host") == 0) {
-            if (--argc < 1)
-                goto bad;
+	else if( strcmp(*argv,"-host") == 0)
+		{
+		if (--argc < 1) goto bad;
 		host= *(++argv);
-        } else if (strcmp(*argv, "-port") == 0) {
-            if (--argc < 1)
-                goto bad;
+		}
+	else if( strcmp(*argv,"-port") == 0)
+		{
+		if (--argc < 1) goto bad;
 		port= *(++argv);
 		}
 #endif
@ -239,39 +236,33 @@ static int parseArgs(int argc, char **argv)
 	else if( strcmp(*argv,"-verify") == 0) {

 	    tm_verify=SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE;
-            if (--argc < 1)
-                goto bad;
+	    if (--argc < 1) goto bad;
 	    verify_depth=atoi(*(++argv));
 	    BIO_printf(bio_err,"verify depth is %d\n",verify_depth);

 	} else if( strcmp(*argv,"-cert") == 0) {

-            if (--argc < 1)
-                goto bad;
+	    if (--argc < 1) goto bad;
 	    t_cert_file= *(++argv);

 	} else if( strcmp(*argv,"-key") == 0) {

-            if (--argc < 1)
-                goto bad;
+	    if (--argc < 1) goto bad;
 	    t_key_file= *(++argv);

 	} else if( strcmp(*argv,"-CApath") == 0) {

-            if (--argc < 1)
-                goto bad;
+	    if (--argc < 1) goto bad;
 	    CApath= *(++argv);

 	} else if( strcmp(*argv,"-CAfile") == 0) {

-            if (--argc < 1)
-                goto bad;
+	    if (--argc < 1) goto bad;
 	    CAfile= *(++argv);

 	} else if( strcmp(*argv,"-cipher") == 0) {

-            if (--argc < 1)
-                goto bad;
+	    if (--argc < 1) goto bad;
 	    tm_cipher= *(++argv);
 	}
 #ifdef FIONBIO
@ -279,15 +270,17 @@ static int parseArgs(int argc, char **argv)
 	    t_nbio=1;
 	}
 #endif
-        else if (strcmp(*argv, "-www") == 0) {
-            if (--argc < 1)
-                goto bad;
+	else if(strcmp(*argv,"-www") == 0)
+		{
+		if (--argc < 1) goto bad;
 		s_www_path= *(++argv);
-            if (strlen(s_www_path) > MYBUFSIZ - 100) {
+		if(strlen(s_www_path) > MYBUFSIZ-100)
+			{
 			BIO_printf(bio_err,"-www option too long\n");
 			badop=1;
 			}
-        } else if (strcmp(*argv, "-bugs") == 0)
+		}
+	else if(strcmp(*argv,"-bugs") == 0)
 	    st_bugs=1;
 #ifndef OPENSSL_NO_SSL2
 	else if(strcmp(*argv,"-ssl2") == 0)
@ -299,14 +292,10 @@ static int parseArgs(int argc, char **argv)
 #endif
 	else if( strcmp(*argv,"-time") == 0) {

-            if (--argc < 1)
-                goto bad;
+	    if (--argc < 1) goto bad;
 	    maxTime= atoi(*(++argv));
-            if (maxTime <= 0) {
-                BIO_printf(bio_err, "time must be > 0\n");
-                badop = 1;
 	}
-        } else {
+	else {
 	    BIO_printf(bio_err,"unknown option %s\n",*argv);
 	    badop=1;
 	    break;
@ -316,8 +305,7 @@ static int parseArgs(int argc, char **argv)
 	argv++;
    }

-    if (perform == 0)
-        perform = 3;
+    if (perform == 0) perform=3;

    if(badop) {
 bad:
@ -361,20 +349,24 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);

+#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
 	s_time_meth=SSLv23_client_method();
+#elif !defined(OPENSSL_NO_SSL3)
+	s_time_meth=SSLv3_client_method();
+#elif !defined(OPENSSL_NO_SSL2)
+	s_time_meth=SSLv2_client_method();
+#endif

 	/* parse the command line arguments */
 	if( parseArgs( argc, argv ) < 0 )
 		goto end;

 	OpenSSL_add_ssl_algorithms();
-    if ((tm_ctx = SSL_CTX_new(s_time_meth)) == NULL)
-        return (1);
+	if ((tm_ctx=SSL_CTX_new(s_time_meth)) == NULL) return(1);

 	SSL_CTX_set_quiet_shutdown(tm_ctx,1);

-    if (st_bugs)
-        SSL_CTX_set_options(tm_ctx, SSL_OP_ALL);
+	if (st_bugs) SSL_CTX_set_options(tm_ctx,SSL_OP_ALL);
 	SSL_CTX_set_cipher_list(tm_ctx,tm_cipher);
 	if(!set_cert_stuff(tm_ctx,t_cert_file,t_key_file)) 
 		goto end;
@ -382,10 +374,9 @@ int MAIN(int argc, char **argv)
 	SSL_load_error_strings();

 	if ((!SSL_CTX_load_verify_locations(tm_ctx,CAfile,CApath)) ||
-        (!SSL_CTX_set_default_verify_paths(tm_ctx))) {
-        /*
-         * BIO_printf(bio_err,"error setting default verify locations\n");
-         */
+		(!SSL_CTX_set_default_verify_paths(tm_ctx)))
+		{
+		/* BIO_printf(bio_err,"error setting default verify locations\n"); */
 		ERR_print_errors(bio_err);
 		/* goto end; */
 		}
@ -397,8 +388,7 @@ int MAIN(int argc, char **argv)
 		fprintf( stderr, "No CIPHER specified\n" );
 	}

-    if (!(perform & 1))
-        goto next;
+	if (!(perform & 1)) goto next;
 	printf( "Collecting connection statistics for %d seconds\n", maxTime );

 	/* Loop and time how long it takes to make connections */
@ -406,9 +396,9 @@ int MAIN(int argc, char **argv)
 	bytes_read=0;
 	finishtime=(long)time(NULL)+maxTime;
 	tm_Time_F(START);
-    for (;;) {
-        if (finishtime < (long)time(NULL))
-            break;
+	for (;;)
+		{
+		if (finishtime < (long)time(NULL)) break;
 #ifdef WIN32_STUFF

 		if( flushWinMsgs(0) == -1 )
@ -421,13 +411,14 @@ int MAIN(int argc, char **argv)
 		if( (scon = doConnection( NULL )) == NULL )
 			goto end;

-        if (s_www_path != NULL) {
-            BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
-                         s_www_path);
+		if (s_www_path != NULL)
+			{
+			BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 			SSL_write(scon,buf,strlen(buf));
 			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
 				bytes_read+=i;
 			}
+
 #ifdef NO_SHUTDOWN
 		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 #else
@ -438,7 +429,8 @@ int MAIN(int argc, char **argv)
 		nConn += 1;
 		if (SSL_session_reused(scon))
 			ver='r';
-        else {
+		else
+			{
 			ver=SSL_version(scon);
 			if (ver == TLS1_VERSION)
 				ver='t';
@ -458,32 +450,28 @@ int MAIN(int argc, char **argv)
 	totalTime += tm_Time_F(STOP); /* Add the time for this iteration */

 	i=(int)((long)time(NULL)-finishtime+maxTime);
-    printf
-        ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
-         nConn, totalTime, ((double)nConn / totalTime), bytes_read);
-    printf
-        ("%d connections in %ld real seconds, %ld bytes read per connection\n",
-         nConn, (long)time(NULL) - finishtime + maxTime, bytes_read / nConn);
+	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
+	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);

-    /*
-     * Now loop and time connections using the same session id over and over
-     */
+	/* Now loop and time connections using the same session id over and over */

 next:
-    if (!(perform & 2))
-        goto end;
+	if (!(perform & 2)) goto end;
 	printf( "\n\nNow timing with session id reuse.\n" );

 	/* Get an SSL object so we can reuse the session id */
-    if ((scon = doConnection(NULL)) == NULL) {
+	if( (scon = doConnection( NULL )) == NULL )
+		{
 		fprintf( stderr, "Unable to get connection\n" );
 		goto end;
 		}

-    if (s_www_path != NULL) {
+	if (s_www_path != NULL)
+		{
 		BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 		SSL_write(scon,buf,strlen(buf));
-        while (SSL_read(scon, buf, sizeof(buf)) > 0) ;
+		while (SSL_read(scon,buf,sizeof(buf)) > 0)
+			;
 		}
 #ifdef NO_SHUTDOWN
 	SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
@ -501,9 +489,9 @@ int MAIN(int argc, char **argv)
 	bytes_read=0;
 	tm_Time_F(START);
 		
-    for (;;) {
-        if (finishtime < (long)time(NULL))
-            break;
+	for (;;)
+		{
+		if (finishtime < (long)time(NULL)) break;

 #ifdef WIN32_STUFF
 		if( flushWinMsgs(0) == -1 )
@ -516,13 +504,14 @@ int MAIN(int argc, char **argv)
 	 	if( (doConnection( scon )) == NULL )
 			goto end;

-        if (s_www_path) {
-            BIO_snprintf(buf, sizeof buf, "GET %s HTTP/1.0\r\n\r\n",
-                         s_www_path);
+		if (s_www_path)
+			{
+			BIO_snprintf(buf,sizeof buf,"GET %s HTTP/1.0\r\n\r\n",s_www_path);
 			SSL_write(scon,buf,strlen(buf));
 			while ((i=SSL_read(scon,buf,sizeof(buf))) > 0)
 				bytes_read+=i;
 			}
+
 #ifdef NO_SHUTDOWN
 		SSL_set_shutdown(scon,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
 #else
@ -533,7 +522,8 @@ int MAIN(int argc, char **argv)
 		nConn += 1;
 		if (SSL_session_reused(scon))
 			ver='r';
-        else {
+		else
+			{
 			ver=SSL_version(scon);
 			if (ver == TLS1_VERSION)
 				ver='t';
@ -549,20 +539,16 @@ int MAIN(int argc, char **argv)
 		}
 	totalTime += tm_Time_F(STOP); /* Add the time for this iteration*/

-    printf
-        ("\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n",
-         nConn, totalTime, ((double)nConn / totalTime), bytes_read);
-    printf
-        ("%d connections in %ld real seconds, %ld bytes read per connection\n",
-         nConn, (long)time(NULL) - finishtime + maxTime,
-         bytes_read / (nConn?nConn:1));
+
+	printf( "\n\n%d connections in %.2fs; %.2f connections/user sec, bytes read %ld\n", nConn, totalTime, ((double)nConn/totalTime),bytes_read);
+	printf( "%d connections in %ld real seconds, %ld bytes read per connection\n",nConn,(long)time(NULL)-finishtime+maxTime,bytes_read/nConn);

 	ret=0;
 end:
-    if (scon != NULL)
-        SSL_free(scon);
+	if (scon != NULL) SSL_free(scon);

-    if (tm_ctx != NULL) {
+	if (tm_ctx != NULL)
+		{
 		SSL_CTX_free(tm_ctx);
 		tm_ctx=NULL;
 		}
@ -570,7 +556,7 @@ int MAIN(int argc, char **argv)
 	OPENSSL_EXIT(ret);
 	}

-/*-
+/***********************************************************************
 * doConnection - make a connection
 * Args:
 *		scon	= earlier ssl connection for session id, or NULL
@ -592,7 +578,8 @@ static SSL *doConnection(SSL *scon)

 	if (scon == NULL)
 		serverCon=SSL_new(tm_ctx);
-    else {
+	else
+		{
 		serverCon=scon;
 		SSL_set_connect_state(serverCon);
 		}
@ -607,25 +594,27 @@ static SSL *doConnection(SSL *scon)
 	/* ok, lets connect */
 	for(;;) {
 		i=SSL_connect(serverCon);
-        if (BIO_sock_should_retry(i)) {
+		if (BIO_sock_should_retry(i))
+			{
 			BIO_printf(bio_err,"DELAY\n");

 			i=SSL_get_fd(serverCon);
 			width=i+1;
 			FD_ZERO(&readfds);
 			openssl_fdset(i,&readfds);
-            /*
-             * Note: under VMS with SOCKETSHR the 2nd parameter is currently
-             * of type (int *) whereas under other systems it is (void *) if
-             * you don't have a cast it will choke the compiler: if you do
-             * have a cast then you can either go for (int *) or (void *).
+			/* Note: under VMS with SOCKETSHR the 2nd parameter
+			 * is currently of type (int *) whereas under other
+			 * systems it is (void *) if you don't have a cast it
+			 * will choke the compiler: if you do have a cast then
+			 * you can either go for (int *) or (void *).
 			 */
 			select(width,(void *)&readfds,NULL,NULL,NULL);
 			continue;
 			}
 		break;
 		}
-    if (i <= 0) {
+	if(i <= 0)
+		{
 		BIO_printf(bio_err,"ERROR\n");
 		if (verify_error != X509_V_OK)
 			BIO_printf(bio_err,"verify error:%s\n",
@ -639,3 +628,5 @@ static SSL *doConnection(SSL *scon)

 	return serverCon;
 	}
+
+
--- a/apps/sess_id.c
+++ b/apps/sess_id.c
@ -110,34 +110,41 @@ int MAIN(int argc, char **argv)
 	argc--;
 	argv++;
 	num=0;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-inform") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if 	(strcmp(*argv,"-inform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			informat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-outform") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-outform") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outformat=str2fmt(*(++argv));
-        } else if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-text") == 0)
+			}
+		else if (strcmp(*argv,"-text") == 0)
 			text= ++num;
 		else if (strcmp(*argv,"-cert") == 0)
 			cert= ++num;
 		else if (strcmp(*argv,"-noout") == 0)
 			noout= ++num;
-        else if (strcmp(*argv, "-context") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-context") == 0)
+		    {
+		    if(--argc < 1) goto bad;
 		    context=*++argv;
-        } else {
+		    }
+		else
+			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
@ -146,7 +153,8 @@ int MAIN(int argc, char **argv)
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		for (pp=sess_id_usage; (*pp != NULL); pp++)
 			BIO_printf(bio_err,"%s",*pp);
@ -155,19 +163,20 @@ int MAIN(int argc, char **argv)

 	ERR_load_crypto_strings();
 	x=load_sess_id(infile,informat);
-    if (x == NULL) {
-        goto end;
-    }
+	if (x == NULL) { goto end; }
 	peer = SSL_SESSION_get0_peer(x);

-    if (context) {
+	if(context)
+	    {
 	    size_t ctx_len = strlen(context);
-        if (ctx_len > SSL_MAX_SID_CTX_LENGTH) {
+	    if(ctx_len > SSL_MAX_SID_CTX_LENGTH)
+		{
 		BIO_printf(bio_err,"Context too long\n");
 		goto end;
 		}
 	    SSL_SESSION_set1_id_context(x, (unsigned char *)context, ctx_len);
 	    }
+
 #ifdef undef
 	/* just testing for memory leaks :-) */
 	{
@ -189,14 +198,17 @@ int MAIN(int argc, char **argv)
 	}
 #endif

-    if (!noout || text) {
+	if (!noout || text)
+		{
 		out=BIO_new(BIO_s_file());
-        if (out == NULL) {
+		if (out == NULL)
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}

-        if (outfile == NULL) {
+		if (outfile == NULL)
+			{
 			BIO_set_fp(out,stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 			{
@ -204,18 +216,23 @@ int MAIN(int argc, char **argv)
 			out = BIO_push(tmpbio, out);
 			}
 #endif
-        } else {
-            if (BIO_write_filename(out, outfile) <= 0) {
+			}
+		else
+			{
+			if (BIO_write_filename(out,outfile) <= 0)
+				{
 				perror(outfile);
 				goto end;
 				}
 			}
 		}

-    if (text) {
+	if (text)
+		{
 		SSL_SESSION_print(out,x);

-        if (cert) {
+		if (cert)
+			{
 			if (peer == NULL)
 				BIO_puts(out,"No certificate present\n");
 			else
@ -223,7 +240,8 @@ int MAIN(int argc, char **argv)
 			}
 		}

-    if (!noout && !cert) {
+	if (!noout && !cert)
+		{
 		if 	(outformat == FORMAT_ASN1)
 			i=i2d_SSL_SESSION_bio(out,x);
 		else if (outformat == FORMAT_PEM)
@ -236,7 +254,9 @@ int MAIN(int argc, char **argv)
 			BIO_printf(bio_err,"unable to write SSL_SESSION\n");
 			goto end;
 			}
-    } else if (!noout && (peer != NULL)) { /* just print the certificate */
+		}
+	else if (!noout && (peer != NULL)) /* just print the certificate */
+		{
 		if 	(outformat == FORMAT_ASN1)
 			i=(int)i2d_X509_bio(out,peer);
 		else if (outformat == FORMAT_PEM)
@ -252,10 +272,8 @@ int MAIN(int argc, char **argv)
 		}
 	ret=0;
 end:
-    if (out != NULL)
-        BIO_free_all(out);
-    if (x != NULL)
-        SSL_SESSION_free(x);
+	if (out != NULL) BIO_free_all(out);
+	if (x != NULL) SSL_SESSION_free(x);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
@ -266,15 +284,18 @@ static SSL_SESSION *load_sess_id(char *infile, int format)
 	BIO *in=NULL;

 	in=BIO_new(BIO_s_file());
-    if (in == NULL) {
+	if (in == NULL)
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}

 	if (infile == NULL)
 		BIO_set_fp(in,stdin,BIO_NOCLOSE);
-    else {
-        if (BIO_read_filename(in, infile) <= 0) {
+	else
+		{
+		if (BIO_read_filename(in,infile) <= 0)
+			{
 			perror(infile);
 			goto end;
 			}
@ -287,14 +308,15 @@ static SSL_SESSION *load_sess_id(char *infile, int format)
 		BIO_printf(bio_err,"bad input format specified for input crl\n");
 		goto end;
 		}
-    if (x == NULL) {
+	if (x == NULL)
+		{
 		BIO_printf(bio_err,"unable to load SSL_SESSION\n");
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	
 end:
-    if (in != NULL)
-        BIO_free(in);
+	if (in != NULL) BIO_free(in);
 	return(x);
 	}
+
--- a/apps/smime.c
+++ b/apps/smime.c
@ -1,6 +1,5 @@
 /* smime.c */
-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project.
 */
 /* ====================================================================
@ -125,7 +124,8 @@ int MAIN(int argc, char **argv)

 	apps_startup();

-    if (bio_err == NULL) {
+	if (bio_err == NULL)
+		{
 		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
 		}
@ -133,7 +133,8 @@ int MAIN(int argc, char **argv)
 	if (!load_config(bio_err, NULL))
 		goto end;

-    while (!badarg && *args && *args[0] == '-') {
+	while (!badarg && *args && *args[0] == '-')
+		{
 		if (!strcmp (*args, "-encrypt"))
 			operation = SMIME_ENCRYPT;
 		else if (!strcmp (*args, "-decrypt"))
@ -210,7 +211,8 @@ int MAIN(int argc, char **argv)
 				flags |= PKCS7_NOOLDMIMETYPE;
 		else if (!strcmp (*args, "-crlfeol"))
 				flags |= PKCS7_CRLFEOL;
-        else if (!strcmp(*args, "-rand")) {
+		else if (!strcmp(*args,"-rand"))
+			{
 			if (!args[1])
 				goto argerr;
 			args++;
@ -218,34 +220,45 @@ int MAIN(int argc, char **argv)
 			need_rand = 1;
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (!strcmp(*args, "-engine")) {
+		else if (!strcmp(*args,"-engine"))
+			{
 			if (!args[1])
 				goto argerr;
 			engine = *++args;
 			}
 #endif
-        else if (!strcmp(*args, "-passin")) {
+		else if (!strcmp(*args,"-passin"))
+			{
 			if (!args[1])
 				goto argerr;
 			passargin = *++args;
-        } else if (!strcmp(*args, "-to")) {
+			}
+		else if (!strcmp (*args, "-to"))
+			{
 			if (!args[1])
 				goto argerr;
 			to = *++args;
-        } else if (!strcmp(*args, "-from")) {
+			}
+		else if (!strcmp (*args, "-from"))
+			{
 			if (!args[1])
 				goto argerr;
 			from = *++args;
-        } else if (!strcmp(*args, "-subject")) {
+			}
+		else if (!strcmp (*args, "-subject"))
+			{
 			if (!args[1])
 				goto argerr;
 			subject = *++args;
-        } else if (!strcmp(*args, "-signer")) {
+			}
+		else if (!strcmp (*args, "-signer"))
+			{
 			if (!args[1])
 				goto argerr;
 			/* If previous -signer argument add signer to list */

-            if (signerfile) {
+			if (signerfile)
+				{
 				if (!sksigners)
 					sksigners = sk_OPENSSL_STRING_new_null();
 				sk_OPENSSL_STRING_push(sksigners, signerfile);
@ -257,24 +270,34 @@ int MAIN(int argc, char **argv)
 				keyfile = NULL;
 				}
 			signerfile = *++args;
-        } else if (!strcmp(*args, "-recip")) {
+			}
+		else if (!strcmp (*args, "-recip"))
+			{
 			if (!args[1])
 				goto argerr;
 			recipfile = *++args;
-        } else if (!strcmp(*args, "-md")) {
+			}
+		else if (!strcmp (*args, "-md"))
+			{
 			if (!args[1])
 				goto argerr;
 			sign_md = EVP_get_digestbyname(*++args);
-            if (sign_md == NULL) {
-                BIO_printf(bio_err, "Unknown digest %s\n", *args);
+			if (sign_md == NULL)
+				{
+				BIO_printf(bio_err, "Unknown digest %s\n",
+							*args);
 				goto argerr;
 				}
-        } else if (!strcmp(*args, "-inkey")) {
+			}
+		else if (!strcmp (*args, "-inkey"))
+			{
 			if (!args[1])	
 				goto argerr;
 			/* If previous -inkey arument add signer to list */
-            if (keyfile) {
-                if (!signerfile) {
+			if (keyfile)
+				{
+				if (!signerfile)
+					{
 					BIO_puts(bio_err, "Illegal -inkey without -signer\n");
 					goto argerr;
 					}
@ -287,61 +310,84 @@ int MAIN(int argc, char **argv)
 				sk_OPENSSL_STRING_push(skkeys, keyfile);
 				}
 			keyfile = *++args;
-        } else if (!strcmp(*args, "-keyform")) {
+			}
+		else if (!strcmp (*args, "-keyform"))
+			{
 			if (!args[1])
 				goto argerr;
 			keyform = str2fmt(*++args);
-        } else if (!strcmp(*args, "-certfile")) {
+			}
+		else if (!strcmp (*args, "-certfile"))
+			{
 			if (!args[1])
 				goto argerr;
 			certfile = *++args;
-        } else if (!strcmp(*args, "-CAfile")) {
+			}
+		else if (!strcmp (*args, "-CAfile"))
+			{
 			if (!args[1])
 				goto argerr;
 			CAfile = *++args;
-        } else if (!strcmp(*args, "-CApath")) {
+			}
+		else if (!strcmp (*args, "-CApath"))
+			{
 			if (!args[1])
 				goto argerr;
 			CApath = *++args;
-        } else if (!strcmp(*args, "-in")) {
+			}
+		else if (!strcmp (*args, "-in"))
+			{
 			if (!args[1])
 				goto argerr;
 			infile = *++args;
-        } else if (!strcmp(*args, "-inform")) {
+			}
+		else if (!strcmp (*args, "-inform"))
+			{
 			if (!args[1])
 				goto argerr;
 			informat = str2fmt(*++args);
-        } else if (!strcmp(*args, "-outform")) {
+			}
+		else if (!strcmp (*args, "-outform"))
+			{
 			if (!args[1])
 				goto argerr;
 			outformat = str2fmt(*++args);
-        } else if (!strcmp(*args, "-out")) {
+			}
+		else if (!strcmp (*args, "-out"))
+			{
 			if (!args[1])
 				goto argerr;
 			outfile = *++args;
-        } else if (!strcmp(*args, "-content")) {
+			}
+		else if (!strcmp (*args, "-content"))
+			{
 			if (!args[1])
 				goto argerr;
 			contfile = *++args;
-        } else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
+			}
+		else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
 			continue;
 		else if ((cipher = EVP_get_cipherbyname(*args + 1)) == NULL)
 			badarg = 1;
 		args++;
 		}

-    if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners)) {
+	if (!(operation & SMIME_SIGNERS) && (skkeys || sksigners))
+		{
 		BIO_puts(bio_err, "Multiple signers or keys not allowed\n");
 		goto argerr;
 		}

-    if (operation & SMIME_SIGNERS) {
+	if (operation & SMIME_SIGNERS)
+		{
 		/* Check to see if any final signer needs to be appended */
-        if (keyfile && !signerfile) {
+		if (keyfile && !signerfile)
+			{
 			BIO_puts(bio_err, "Illegal -inkey without -signer\n");
 			goto argerr;
 			}
-        if (signerfile) {
+		if (signerfile)
+			{
 			if (!sksigners)
 				sksigners = sk_OPENSSL_STRING_new_null();
 			sk_OPENSSL_STRING_push(sksigners, signerfile);
@ -351,29 +397,37 @@ int MAIN(int argc, char **argv)
 				keyfile = signerfile;
 			sk_OPENSSL_STRING_push(skkeys, keyfile);
 			}
-        if (!sksigners) {
+		if (!sksigners)
+			{
 			BIO_printf(bio_err, "No signer certificate specified\n");
 			badarg = 1;
 			}
 		signerfile = NULL;
 		keyfile = NULL;
 		need_rand = 1;
-    } else if (operation == SMIME_DECRYPT) {
-        if (!recipfile && !keyfile) {
-            BIO_printf(bio_err,
-                       "No recipient certificate or key specified\n");
+		}
+	else if (operation == SMIME_DECRYPT)
+		{
+		if (!recipfile && !keyfile)
+			{
+			BIO_printf(bio_err, "No recipient certificate or key specified\n");
 			badarg = 1;
 			}
-    } else if (operation == SMIME_ENCRYPT) {
-        if (!*args) {
+		}
+	else if (operation == SMIME_ENCRYPT)
+		{
+		if (!*args)
+			{
 			BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");
 			badarg = 1;
 			}
 		need_rand = 1;
-    } else if (!operation)
+		}
+	else if (!operation)
 		badarg = 1;

-    if (badarg) {
+	if (badarg)
+		{
 		argerr:
 		BIO_printf (bio_err, "Usage smime [options] cert.pem ...\n");
 		BIO_printf (bio_err, "where options are\n");
@ -396,81 +450,60 @@ int MAIN(int argc, char **argv)
 #endif
 #ifndef OPENSSL_NO_AES
 		BIO_printf (bio_err, "-aes128, -aes192, -aes256\n");
-        BIO_printf(bio_err,
-                   "               encrypt PEM output with cbc aes\n");
+		BIO_printf (bio_err, "               encrypt PEM output with cbc aes\n");
 #endif
 #ifndef OPENSSL_NO_CAMELLIA
 		BIO_printf (bio_err, "-camellia128, -camellia192, -camellia256\n");
-        BIO_printf(bio_err,
-                   "               encrypt PEM output with cbc camellia\n");
+		BIO_printf (bio_err, "               encrypt PEM output with cbc camellia\n");
 #endif
-        BIO_printf(bio_err,
-                   "-nointern      don't search certificates in message for signer\n");
-        BIO_printf(bio_err,
-                   "-nosigs        don't verify message signature\n");
-        BIO_printf(bio_err,
-                   "-noverify      don't verify signers certificate\n");
-        BIO_printf(bio_err,
-                   "-nocerts       don't include signers certificate when signing\n");
+		BIO_printf (bio_err, "-nointern      don't search certificates in message for signer\n");
+		BIO_printf (bio_err, "-nosigs        don't verify message signature\n");
+		BIO_printf (bio_err, "-noverify      don't verify signers certificate\n");
+		BIO_printf (bio_err, "-nocerts       don't include signers certificate when signing\n");
 		BIO_printf (bio_err, "-nodetach      use opaque signing\n");
-        BIO_printf(bio_err,
-                   "-noattr        don't include any signed attributes\n");
-        BIO_printf(bio_err,
-                   "-binary        don't translate message to text\n");
+		BIO_printf (bio_err, "-noattr        don't include any signed attributes\n");
+		BIO_printf (bio_err, "-binary        don't translate message to text\n");
 		BIO_printf (bio_err, "-certfile file other certificates file\n");
 		BIO_printf (bio_err, "-signer file   signer certificate file\n");
-        BIO_printf(bio_err,
-                   "-recip  file   recipient certificate file for decryption\n");
+		BIO_printf (bio_err, "-recip  file   recipient certificate file for decryption\n");
 		BIO_printf (bio_err, "-in file       input file\n");
-        BIO_printf(bio_err,
-                   "-inform arg    input format SMIME (default), PEM or DER\n");
-        BIO_printf(bio_err,
-                   "-inkey file    input private key (if not signer or recipient)\n");
-        BIO_printf(bio_err,
-                   "-keyform arg   input private key format (PEM or ENGINE)\n");
+		BIO_printf (bio_err, "-inform arg    input format SMIME (default), PEM or DER\n");
+		BIO_printf (bio_err, "-inkey file    input private key (if not signer or recipient)\n");
+		BIO_printf (bio_err, "-keyform arg   input private key format (PEM or ENGINE)\n");
 		BIO_printf (bio_err, "-out file      output file\n");
-        BIO_printf(bio_err,
-                   "-outform arg   output format SMIME (default), PEM or DER\n");
-        BIO_printf(bio_err,
-                   "-content file  supply or override content for detached signature\n");
+		BIO_printf (bio_err, "-outform arg   output format SMIME (default), PEM or DER\n");
+		BIO_printf (bio_err, "-content file  supply or override content for detached signature\n");
 		BIO_printf (bio_err, "-to addr       to address\n");
 		BIO_printf (bio_err, "-from ad       from address\n");
 		BIO_printf (bio_err, "-subject s     subject\n");
-        BIO_printf(bio_err,
-                   "-text          include or delete text MIME headers\n");
-        BIO_printf(bio_err,
-                   "-CApath dir    trusted certificates directory\n");
+		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
+		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
-        BIO_printf(bio_err,
-                   "-no_alt_chains only ever use the first certificate chain found\n");
-        BIO_printf(bio_err,
-                   "-crl_check     check revocation status of signer's certificate using CRLs\n");
-        BIO_printf(bio_err,
-                   "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
+		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
+		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   "-engine e      use engine e, possibly a hardware device.\n");
+		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
 #endif
 		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
-        BIO_printf(bio_err, "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-                   LIST_SEPARATOR_CHAR);
-        BIO_printf(bio_err,
-                   "               load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,  "               the random number generator\n");
-        BIO_printf(bio_err,
-                   "cert.pem       recipient certificate(s) for encryption\n");
+		BIO_printf (bio_err, "cert.pem       recipient certificate(s) for encryption\n");
 		goto end;
 		}
+
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif

-    if (!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+	if (!app_passwd(bio_err, passargin, NULL, &passin, NULL))
+		{
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 		}

-    if (need_rand) {
+	if (need_rand)
+		{
 		app_RAND_load_file(NULL, bio_err, (inrand != NULL));
 		if (inrand != NULL)
 			BIO_printf(bio_err,"%ld semi-random bytes loaded\n",
@ -482,24 +515,32 @@ int MAIN(int argc, char **argv)
 	if (!(operation & SMIME_SIGNERS))
 		flags &= ~PKCS7_DETACHED;

-    if (operation & SMIME_OP) {
+	if (operation & SMIME_OP)
+		{
 		if (outformat == FORMAT_ASN1)
 			outmode = "wb";
-    } else {
+		}
+	else
+		{
 		if (flags & PKCS7_BINARY)
 			outmode = "wb";
 		}

-    if (operation & SMIME_IP) {
+	if (operation & SMIME_IP)
+		{
 		if (informat == FORMAT_ASN1)
 			inmode = "rb";
-    } else {
+		}
+	else
+		{
 		if (flags & PKCS7_BINARY)
 			inmode = "rb";
 		}

-    if (operation == SMIME_ENCRYPT) {
-        if (!cipher) {
+	if (operation == SMIME_ENCRYPT)
+		{
+		if (!cipher)
+			{
 #ifndef OPENSSL_NO_DES			
 			cipher = EVP_des_ede3_cbc();
 #else
@ -508,13 +549,13 @@ int MAIN(int argc, char **argv)
 #endif
 			}
 		encerts = sk_X509_new_null();
-        while (*args) {
+		while (*args)
+			{
 			if (!(cert = load_cert(bio_err,*args,FORMAT_PEM,
-                                   NULL, e, "recipient certificate file"))) {
+				NULL, e, "recipient certificate file")))
+				{
 #if 0				/* An appropriate message is already printed */
-                BIO_printf(bio_err,
-                           "Can't read recipient certificate file %s\n",
-                           *args);
+				BIO_printf(bio_err, "Can't read recipient certificate file %s\n", *args);
 #endif
 				goto end;
 				}
@ -524,77 +565,99 @@ int MAIN(int argc, char **argv)
 			}
 		}

-    if (certfile) {
+	if (certfile)
+		{
 		if (!(other = load_certs(bio_err,certfile,FORMAT_PEM, NULL,
-                                 e, "certificate file"))) {
+			e, "certificate file")))
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}

-    if (recipfile && (operation == SMIME_DECRYPT)) {
+	if (recipfile && (operation == SMIME_DECRYPT))
+		{
 		if (!(recip = load_cert(bio_err,recipfile,FORMAT_PEM,NULL,
-                                e, "recipient certificate file"))) {
+			e, "recipient certificate file")))
+			{
 			ERR_print_errors(bio_err);
 			goto end;
 			}
 		}

-    if (operation == SMIME_DECRYPT) {
+	if (operation == SMIME_DECRYPT)
+		{
 		if (!keyfile)
 			keyfile = recipfile;
-    } else if (operation == SMIME_SIGN) {
+		}
+	else if (operation == SMIME_SIGN)
+		{
 		if (!keyfile)
 			keyfile = signerfile;
-    } else
-        keyfile = NULL;
+		}
+	else keyfile = NULL;

-    if (keyfile) {
+	if (keyfile)
+		{
 		key = load_key(bio_err, keyfile, keyform, 0, passin, e,
 			       "signing key file");
 		if (!key)
 			goto end;
 		}

-    if (infile) {
-        if (!(in = BIO_new_file(infile, inmode))) {
-            BIO_printf(bio_err, "Can't open input file %s\n", infile);
+	if (infile)
+		{
+		if (!(in = BIO_new_file(infile, inmode)))
+			{
+			BIO_printf (bio_err,
+				 "Can't open input file %s\n", infile);
 			goto end;
 			}
-    } else
+		}
+	else
 		in = BIO_new_fp(stdin, BIO_NOCLOSE);

-    if (operation & SMIME_IP) {
+	if (operation & SMIME_IP)
+		{
 		if (informat == FORMAT_SMIME) 
 			p7 = SMIME_read_PKCS7(in, &indata);
 		else if (informat == FORMAT_PEM) 
 			p7 = PEM_read_bio_PKCS7(in, NULL, NULL, NULL);
 		else if (informat == FORMAT_ASN1) 
 			p7 = d2i_PKCS7_bio(in, NULL);
-        else {
+		else
+			{
 			BIO_printf(bio_err, "Bad input format for PKCS#7 file\n");
 			goto end;
 			}

-        if (!p7) {
+		if (!p7)
+			{
 			BIO_printf(bio_err, "Error reading S/MIME message\n");
 			goto end;
 			}
-        if (contfile) {
+		if (contfile)
+			{
 			BIO_free(indata);
-            if (!(indata = BIO_new_file(contfile, "rb"))) {
+			if (!(indata = BIO_new_file(contfile, "rb")))
+				{
 				BIO_printf(bio_err, "Can't read content file %s\n", contfile);
 				goto end;
 				}
 			}
 		}

-    if (outfile) {
-        if (!(out = BIO_new_file(outfile, outmode))) {
-            BIO_printf(bio_err, "Can't open output file %s\n", outfile);
+	if (outfile)
+		{
+		if (!(out = BIO_new_file(outfile, outmode)))
+			{
+			BIO_printf (bio_err,
+				 "Can't open output file %s\n", outfile);
 			goto end;
 			}
-    } else {
+		}
+	else
+		{
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 		{
@ -604,7 +667,8 @@ int MAIN(int argc, char **argv)
 #endif
 		}

-    if (operation == SMIME_VERIFY) {
+	if (operation == SMIME_VERIFY)
+		{
 		if (!(store = setup_verify(bio_err, CAfile, CApath)))
 			goto end;
 		X509_STORE_set_verify_cb(store, smime_cb);
@ -612,31 +676,47 @@ int MAIN(int argc, char **argv)
 			X509_STORE_set1_param(store, vpm);
 		}

+
 	ret = 3;

-    if (operation == SMIME_ENCRYPT) {
+	if (operation == SMIME_ENCRYPT)
+		{
 		if (indef)
 			flags |= PKCS7_STREAM;
 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
-    } else if (operation & SMIME_SIGNERS) {
+		}
+	else if (operation & SMIME_SIGNERS)
+		{
 		int i;
-        /*
-         * If detached data content we only enable streaming if S/MIME output
-         * format.
+		/* If detached data content we only enable streaming if
+		 * S/MIME output format.
 		 */
-        if (operation == SMIME_SIGN) {
-            if (flags & PKCS7_DETACHED) {
+		if (operation == SMIME_SIGN)
+			{
+			if (flags & PKCS7_DETACHED)
+				{
 				if (outformat == FORMAT_SMIME)
 					flags |= PKCS7_STREAM;
-            } else if (indef)
+				}
+			else if (indef)
 				flags |= PKCS7_STREAM;
 			flags |= PKCS7_PARTIAL;
 			p7 = PKCS7_sign(NULL, NULL, other, in, flags);
 			if (!p7)
 				goto end;
-        } else
+			if (flags & PKCS7_NOCERTS)
+				{
+				for (i = 0; i < sk_X509_num(other); i++)
+					{
+					X509 *x = sk_X509_value(other, i);
+					PKCS7_add_certificate(p7, x);
+					}
+				}
+			}
+		else
 			flags |= PKCS7_REUSE_DIGEST;
-        for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++) {
+		for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)
+			{
 			signerfile = sk_OPENSSL_STRING_value(sksigners, i);
 			keyfile = sk_OPENSSL_STRING_value(skkeys, i);
 			signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,
@ -647,7 +727,8 @@ int MAIN(int argc, char **argv)
 			       "signing key file");
 			if (!key)
 				goto end;
-            if (!PKCS7_sign_add_signer(p7, signer, key, sign_md, flags))
+			if (!PKCS7_sign_add_signer(p7, signer, key,
+						sign_md, flags))
 				goto end;
 			X509_free(signer);
 			signer = NULL;
@ -655,57 +736,71 @@ int MAIN(int argc, char **argv)
 			key = NULL;
 			}
 		/* If not streaming or resigning finalize structure */
-        if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM)) {
+		if ((operation == SMIME_SIGN) && !(flags & PKCS7_STREAM))
+			{
 			if (!PKCS7_final(p7, in, flags))
 				goto end;
 			}
 		}

-    if (!p7) {
+	if (!p7)
+		{
 		BIO_printf(bio_err, "Error creating PKCS#7 structure\n");
 		goto end;
 		}

 	ret = 4;
-    if (operation == SMIME_DECRYPT) {
-        if (!PKCS7_decrypt(p7, key, recip, out, flags)) {
+	if (operation == SMIME_DECRYPT)
+		{
+		if (!PKCS7_decrypt(p7, key, recip, out, flags))
+			{
 			BIO_printf(bio_err, "Error decrypting PKCS#7 structure\n");
 			goto end;
 			}
-    } else if (operation == SMIME_VERIFY) {
+		}
+	else if (operation == SMIME_VERIFY)
+		{
 		STACK_OF(X509) *signers;
 		if (PKCS7_verify(p7, other, store, indata, out, flags))
 			BIO_printf(bio_err, "Verification successful\n");
-        else {
+		else
+			{
 			BIO_printf(bio_err, "Verification failure\n");
 			goto end;
 			}
 		signers = PKCS7_get0_signers(p7, other, flags);
-        if (!save_certs(signerfile, signers)) {
-            BIO_printf(bio_err, "Error writing signers to %s\n", signerfile);
+		if (!save_certs(signerfile, signers))
+			{
+			BIO_printf(bio_err, "Error writing signers to %s\n",
+								signerfile);
 			ret = 5;
 			goto end;
 			}
 		sk_X509_free(signers);
-    } else if (operation == SMIME_PK7OUT)
+		}
+	else if (operation == SMIME_PK7OUT)
 		PEM_write_bio_PKCS7(out, p7);
-    else {
+	else
+		{
 		if (to)
 			BIO_printf(out, "To: %s\n", to);
 		if (from)
 			BIO_printf(out, "From: %s\n", from);
 		if (subject)
 			BIO_printf(out, "Subject: %s\n", subject);
-        if (outformat == FORMAT_SMIME) {
+		if (outformat == FORMAT_SMIME) 
+			{
 			if (operation == SMIME_RESIGN)
 				SMIME_write_PKCS7(out, p7, indata, flags);
 			else
 				SMIME_write_PKCS7(out, p7, in, flags);
-        } else if (outformat == FORMAT_PEM)
+			}
+		else if (outformat == FORMAT_PEM) 
 			PEM_write_bio_PKCS7_stream(out, p7, in, flags);
 		else if (outformat == FORMAT_ASN1) 
 			i2d_PKCS7_bio_stream(out,p7, in, flags);
-        else {
+		else
+			{
 			BIO_printf(bio_err, "Bad output format for PKCS#7 file\n");
 			goto end;
 			}
@ -714,8 +809,7 @@ int MAIN(int argc, char **argv)
 end:
 	if (need_rand)
 		app_RAND_write_file(NULL, bio_err);
-    if (ret)
-        ERR_print_errors(bio_err);
+	if (ret) ERR_print_errors(bio_err);
 	sk_X509_pop_free(encerts, X509_free);
 	sk_X509_pop_free(other, X509_free);
 	if (vpm)
@ -733,8 +827,7 @@ int MAIN(int argc, char **argv)
 	BIO_free(in);
 	BIO_free(indata);
 	BIO_free_all(out);
-    if (passin)
-        OPENSSL_free(passin);
+	if (passin) OPENSSL_free(passin);
 	return (ret);
 }

@ -745,14 +838,14 @@ static int save_certs(char *signerfile, STACK_OF(X509) *signers)
 	if (!signerfile)
 		return 1;
 	tmp = BIO_new_file(signerfile, "w");
-    if (!tmp)
-        return 0;
+	if (!tmp) return 0;
 	for(i = 0; i < sk_X509_num(signers); i++)
 		PEM_write_bio_X509(tmp, sk_X509_value(signers, i));
 	BIO_free(tmp);
 	return 1;
 	}
 	
+
 /* Minimal callback just to output policy info (if any) */

 static int smime_cb(int ok, X509_STORE_CTX *ctx)
--- a/apps/speed.c
+++ b/apps/speed.c
--- a/apps/spkac.c
+++ b/apps/spkac.c
@ -1,8 +1,8 @@
 /* apps/spkac.c */

-/*
- * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
- * 1999. Based on an original idea by Massimiliano Pala (madwolf@openca.org).
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 1999. Based on an original idea by Massimiliano Pala
+ * (madwolf@openca.org).
 */
 /* ====================================================================
 * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
@ -73,8 +73,7 @@
 #undef PROG
 #define PROG	spkac_main

-/*-
- * -in arg      - input file - default stdin
+/* -in arg	- input file - default stdin
 * -out arg	- output file - default stdout
 */

@ -100,8 +99,7 @@ int MAIN(int argc, char **argv)

 	apps_startup();

-    if (!bio_err)
-        bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+	if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);

 	if (!load_config(bio_err, NULL))
 		goto end;
@ -109,40 +107,47 @@ int MAIN(int argc, char **argv)
 	prog=argv[0];
 	argc--;
 	argv++;
-    while (argc >= 1) {
-        if (strcmp(*argv, "-in") == 0) {
-            if (--argc < 1)
-                goto bad;
+	while (argc >= 1)
+		{
+		if (strcmp(*argv,"-in") == 0)
+			{
+			if (--argc < 1) goto bad;
 			infile= *(++argv);
-        } else if (strcmp(*argv, "-out") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-out") == 0)
+			{
+			if (--argc < 1) goto bad;
 			outfile= *(++argv);
-        } else if (strcmp(*argv, "-passin") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargin= *(++argv);
-        } else if (strcmp(*argv, "-key") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-key") == 0)
+			{
+			if (--argc < 1) goto bad;
 			keyfile= *(++argv);
-        } else if (strcmp(*argv, "-challenge") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-challenge") == 0)
+			{
+			if (--argc < 1) goto bad;
 			challenge= *(++argv);
-        } else if (strcmp(*argv, "-spkac") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-spkac") == 0)
+			{
+			if (--argc < 1) goto bad;
 			spkac= *(++argv);
-        } else if (strcmp(*argv, "-spksect") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-spksect") == 0)
+			{
+			if (--argc < 1) goto bad;
 			spksect= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif
@ -152,30 +157,27 @@ int MAIN(int argc, char **argv)
 			pubkey=1;
 		else if (strcmp(*argv,"-verify") == 0)
 			verify=1;
-        else
-            badops = 1;
+		else badops = 1;
 		argc--;
 		argv++;
 		}

-    if (badops) {
+	if (badops)
+		{
 bad:
 		BIO_printf(bio_err,"%s [options]\n",prog);
 		BIO_printf(bio_err,"where options are\n");
 		BIO_printf(bio_err," -in arg        input file\n");
 		BIO_printf(bio_err," -out arg       output file\n");
-        BIO_printf(bio_err,
-                   " -key arg       create SPKAC using private key\n");
-        BIO_printf(bio_err,
-                   " -passin arg    input file pass phrase source\n");
+		BIO_printf(bio_err," -key arg       create SPKAC using private key\n");
+		BIO_printf(bio_err," -passin arg    input file pass phrase source\n");
 		BIO_printf(bio_err," -challenge arg challenge string\n");
 		BIO_printf(bio_err," -spkac arg     alternative SPKAC name\n");
 		BIO_printf(bio_err," -noout         don't print SPKAC\n");
 		BIO_printf(bio_err," -pubkey        output public key\n");
 		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
 #ifndef OPENSSL_NO_ENGINE
-        BIO_printf(bio_err,
-                   " -engine e      use engine e, possibly a hardware device.\n");
+		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
 #endif
 		goto end;
 		}
@ -185,6 +187,7 @@ int MAIN(int argc, char **argv)
 		BIO_printf(bio_err, "Error getting password\n");
 		goto end;
 	}
+
 #ifndef OPENSSL_NO_ENGINE
        e = setup_engine(bio_err, engine, 0);
 #endif
@ -197,15 +200,13 @@ int MAIN(int argc, char **argv)
 			goto end;
 		}
 		spki = NETSCAPE_SPKI_new();
-        if (challenge)
-            ASN1_STRING_set(spki->spkac->challenge,
+		if(challenge) ASN1_STRING_set(spki->spkac->challenge,
 						 challenge, (int)strlen(challenge));
 		NETSCAPE_SPKI_set_pubkey(spki, pkey);
 		NETSCAPE_SPKI_sign(spki, pkey, EVP_md5());
 		spkstr = NETSCAPE_SPKI_b64_encode(spki);

-        if (outfile)
-            out = BIO_new_file(outfile, "w");
+		if (outfile) out = BIO_new_file(outfile, "w");
 		else {
 			out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
@ -227,10 +228,10 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

-    if (infile)
-        in = BIO_new_file(infile, "r");
-    else
-        in = BIO_new_fp(stdin, BIO_NOCLOSE);
+	
+
+	if (infile) in = BIO_new_file(infile, "r");
+	else in = BIO_new_fp(stdin, BIO_NOCLOSE);

 	if(!in) {
 		BIO_printf(bio_err, "Error opening input file\n");
@ -263,8 +264,7 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

-    if (outfile)
-        out = BIO_new_file(outfile, "w");
+	if (outfile) out = BIO_new_file(outfile, "w");
 	else {
 		out = BIO_new_fp(stdout, BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
@ -281,21 +281,18 @@ int MAIN(int argc, char **argv)
 		goto end;
 	}

-    if (!noout)
-        NETSCAPE_SPKI_print(out, spki);
+	if(!noout) NETSCAPE_SPKI_print(out, spki);
 	pkey = NETSCAPE_SPKI_get_pubkey(spki);
 	if(verify) {
 		i = NETSCAPE_SPKI_verify(spki, pkey);
-        if (i > 0)
-            BIO_printf(bio_err, "Signature OK\n");
+		if (i > 0) BIO_printf(bio_err, "Signature OK\n");
 		else {
 			BIO_printf(bio_err, "Signature Failure\n");
 			ERR_print_errors(bio_err);
 			goto end;
 		}
 	}
-    if (pubkey)
-        PEM_write_bio_PUBKEY(out, pkey);
+	if(pubkey) PEM_write_bio_PUBKEY(out, pkey);

 	ret = 0;

@ -305,8 +302,7 @@ int MAIN(int argc, char **argv)
 	BIO_free(in);
 	BIO_free_all(out);
 	EVP_PKEY_free(pkey);
-    if (passin)
-        OPENSSL_free(passin);
+	if(passin) OPENSSL_free(passin);
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}
--- a/apps/srp.c
+++ b/apps/srp.c
@ -1,7 +1,6 @@
 /* apps/srp.c */
-/*
- * Written by Peter Sylvester (peter.sylvester@edelweb.fr) for the EdelKey
- * project and contributed to the OpenSSL project 2004.
+/* Written by Peter Sylvester (peter.sylvester@edelweb.fr)  
+ * for the EdelKey project and contributed to the OpenSSL project 2004.
 */
 /* ====================================================================
 * Copyright (c) 2004 The OpenSSL Project.  All rights reserved.
@ -115,26 +114,26 @@ static char *section = NULL;
 #define VERBOSE if (verbose) 
 #define VVERBOSE if (verbose>1) 

+
 int MAIN(int, char **);

 static int get_index(CA_DB *db, char* id, char type)
 	{
 	char ** pp;
 	int i;
-    if (id == NULL)
-        return -1;
+	if (id == NULL) return -1;
 	if (type == DB_SRP_INDEX) 
-        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+	for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
+		{
 		pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
-            if (pp[DB_srptype][0] == DB_SRP_INDEX
-                && !strcmp(id, pp[DB_srpid]))
+		if (pp[DB_srptype][0] == DB_SRP_INDEX  && !strcmp(id,pp[DB_srpid])) 
 			return i;
-    } else
-        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+		}
+	else for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
+		{
 		pp = sk_OPENSSL_PSTRING_value(db->db->data,i);

-            if (pp[DB_srptype][0] != DB_SRP_INDEX
-                && !strcmp(id, pp[DB_srpid]))
+		if (pp[DB_srptype][0] != DB_SRP_INDEX && !strcmp(id,pp[DB_srpid])) 
 			return i;
 		}

@ -143,11 +142,13 @@ static int get_index(CA_DB *db, char *id, char type)

 static void print_entry(CA_DB *db, BIO *bio, int indx, int verbose, char *s)
 	{
-    if (indx >= 0 && verbose) {
+	if (indx >= 0 && verbose)
+		{
 		int j;
 		char **pp = sk_OPENSSL_PSTRING_value(db->db->data, indx);
 		BIO_printf(bio, "%s \"%s\"\n", s, pp[DB_srpid]);
-        for (j = 0; j < DB_NUMBER; j++) {
+		for (j = 0; j < DB_NUMBER; j++)
+			{
 			BIO_printf(bio_err,"  %d = \"%s\"\n", j, pp[j]);
 			}
 		}
@ -160,13 +161,14 @@ static void print_index(CA_DB *db, BIO *bio, int indexindex, int verbose)

 static void print_user(CA_DB *db, BIO *bio, int userindex, int verbose)
 	{
-    if (verbose > 0) {
+	if (verbose > 0)
+		{
 		char **pp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);

-        if (pp[DB_srptype][0] != 'I') {
+		if (pp[DB_srptype][0] != 'I')
+			{
 			print_entry(db, bio, userindex, verbose, "User entry");
-            print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose,
-                        "g N entry");
+			print_entry(db, bio, get_index(db, pp[DB_srpgN], 'I'), verbose, "g N entry");
 			}

 		}
@ -177,19 +179,21 @@ static int update_index(CA_DB *db, BIO *bio, char **row)
 	char ** irow;
 	int i;

-    if ((irow =
-         (char **)OPENSSL_malloc(sizeof(char *) * (DB_NUMBER + 1))) == NULL) {
+	if ((irow=(char **)OPENSSL_malloc(sizeof(char *)*(DB_NUMBER+1))) == NULL)
+		{
 		BIO_printf(bio_err,"Memory allocation failure\n");
 		return 0;
 		}

-    for (i = 0; i < DB_NUMBER; i++) {
+	for (i=0; i<DB_NUMBER; i++)
+		{
 		irow[i]=row[i];
 		row[i]=NULL;
 		}
 	irow[DB_NUMBER]=NULL;

-    if (!TXT_DB_insert(db->db, irow)) {
+	if (!TXT_DB_insert(db->db,irow))
+		{
 		BIO_printf(bio,"failed to update srpvfile\n");
 		BIO_printf(bio,"TXT_DB error number %ld\n",db->db->error);
 		OPENSSL_free(irow);
@ -203,6 +207,7 @@ static void lookup_fail(const char *name, char *tag)
 	BIO_printf(bio_err,"variable lookup failed for %s::%s\n",name,tag);
 	}

+
 static char *srp_verify_user(const char *user, const char *srp_verifier,
 			     char *srp_usersalt, const char *g, const char *N,
 			     const char *passin, BIO *bio, int verbose)
@ -215,18 +220,17 @@ static char *srp_verify_user(const char *user, const char *srp_verifier,
 	cb_tmp.prompt_info = user;
 	cb_tmp.password = passin;

-    if (password_callback(password, 1024, 0, &cb_tmp) > 0) {
-        VERBOSE BIO_printf(bio,
-                           "Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
-                           user, srp_verifier, srp_usersalt, g, N);
+ 	if (password_callback(password, 1024, 0, &cb_tmp) >0)
+		{
+		VERBOSE BIO_printf(bio,"Validating\n   user=\"%s\"\n srp_verifier=\"%s\"\n srp_usersalt=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,srp_verifier,srp_usersalt, g, N);
 		BIO_printf(bio, "Pass %s\n", password);

-        if (!
-            (gNid =
-             SRP_create_verifier(user, password, &srp_usersalt, &verifier, N,
-                                 g))) {
+		if (!(gNid=SRP_create_verifier(user, password, &srp_usersalt, &verifier, N, g)))
+			{
 			BIO_printf(bio, "Internal error validating SRP verifier\n");
-        } else {
+			}
+		else
+			{
 			if (strcmp(verifier, srp_verifier))
 				gNid = NULL;
 			OPENSSL_free(verifier);
@ -246,19 +250,16 @@ static char *srp_create_user(char *user, char **srp_verifier,
        cb_tmp.prompt_info = user;
        cb_tmp.password = passout;

-    if (password_callback(password, 1024, 1, &cb_tmp) > 0) {
-        VERBOSE BIO_printf(bio,
-                           "Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",
-                           user, g, N);
-        if (!
-            (gNid =
-             SRP_create_verifier(user, password, &salt, srp_verifier, N,
-                                 g))) {
+	if (password_callback(password,1024,1,&cb_tmp) >0)
+		{
+		VERBOSE BIO_printf(bio,"Creating\n user=\"%s\"\n g=\"%s\"\n N=\"%s\"\n",user,g,N);
+		if (!(gNid =SRP_create_verifier(user, password, &salt, srp_verifier, N, g)))
+			{
 			BIO_printf(bio,"Internal error creating SRP verifier\n");
-        } else
+			}
+		else 
 			*srp_usersalt = salt;
-        VVERBOSE BIO_printf(bio, "gNid=%s salt =\"%s\"\n verifier =\"%s\"\n",
-                            gNid, salt, *srp_verifier);
+		VVERBOSE BIO_printf(bio,"gNid=%s salt =\"%s\"\n verifier =\"%s\"\n", gNid,salt, *srp_verifier);

 		}
 	return gNid;
@ -316,22 +317,26 @@ int MAIN(int argc, char **argv)

 	argc--;
 	argv++;
-    while (argc >= 1 && badops == 0) {
+	while (argc >= 1 && badops == 0)
+		{
 		if	(strcmp(*argv,"-verbose") == 0)
 			verbose++;
-        else if (strcmp(*argv, "-config") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if	(strcmp(*argv,"-config") == 0)
+			{
+			if (--argc < 1) goto bad;
 			configfile= *(++argv);
-        } else if (strcmp(*argv, "-name") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-name") == 0)
+			{
+			if (--argc < 1) goto bad;
 			section= *(++argv);
-        } else if (strcmp(*argv, "-srpvfile") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if	(strcmp(*argv,"-srpvfile") == 0)
+			{
+			if (--argc < 1) goto bad;
 			dbfile= *(++argv);
-        } else if (strcmp(*argv, "-add") == 0)
+			}
+		else if (strcmp(*argv,"-add") == 0)
 			add_user=1;
 		else if (strcmp(*argv,"-delete") == 0)
 			delete_user=1;
@ -339,72 +344,76 @@ int MAIN(int argc, char **argv)
 			modify_user=1;
 		else if (strcmp(*argv,"-list") == 0)
 			list_user=1;
-        else if (strcmp(*argv, "-gn") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-gn") == 0)
+			{
+			if (--argc < 1) goto bad;
 			gN= *(++argv);
-        } else if (strcmp(*argv, "-userinfo") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-userinfo") == 0)
+			{
+			if (--argc < 1) goto bad;
 			userinfo= *(++argv);
-        } else if (strcmp(*argv, "-passin") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passin") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargin= *(++argv);
-        } else if (strcmp(*argv, "-passout") == 0) {
-            if (--argc < 1)
-                goto bad;
+			}
+		else if (strcmp(*argv,"-passout") == 0)
+			{
+			if (--argc < 1) goto bad;
 			passargout= *(++argv);
 			}
 #ifndef OPENSSL_NO_ENGINE
-        else if (strcmp(*argv, "-engine") == 0) {
-            if (--argc < 1)
-                goto bad;
+		else if (strcmp(*argv,"-engine") == 0)
+			{
+			if (--argc < 1) goto bad;
 			engine= *(++argv);
 			}
 #endif

-        else if (**argv == '-') {
+		else if (**argv == '-')
+			{
 bad:
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
 			badops=1;
 			break;
-        } else
+			}
+		else 
 			break;
 	
 		argc--;
 		argv++;
 		}

-    if (dbfile && configfile) {
-        BIO_printf(bio_err,
-                   "-dbfile and -configfile cannot be specified together.\n");
+	if (dbfile && configfile)
+		{
+		BIO_printf(bio_err,"-dbfile and -configfile cannot be specified together.\n");
 		badops = 1;
 		}
-    if (add_user + delete_user + modify_user + list_user != 1) {
-        BIO_printf(bio_err,
-                   "Exactly one of the options -add, -delete, -modify -list must be specified.\n");
+	if (add_user+delete_user+modify_user+list_user != 1)
+		{
+		BIO_printf(bio_err,"Exactly one of the options -add, -delete, -modify -list must be specified.\n");
 		badops = 1;
 		}
-    if (delete_user + modify_user + delete_user == 1 && argc <= 0) {
-        BIO_printf(bio_err,
-                   "Need at least one user for options -add, -delete, -modify. \n");
+	if (delete_user+modify_user+delete_user== 1 && argc <= 0)
+		{
+		BIO_printf(bio_err,"Need at least one user for options -add, -delete, -modify. \n");
 		badops = 1;
 		}
-    if ((passin || passout) && argc != 1) {
-        BIO_printf(bio_err,
-                   "-passin, -passout arguments only valid with one user.\n");
+	if ((passin || passout) && argc != 1 )
+		{
+		BIO_printf(bio_err,"-passin, -passout arguments only valid with one user.\n");
 		badops = 1;
 		}

-    if (badops) {
+	if (badops)
+		{
 		for (pp=srp_usage; (*pp != NULL); pp++)
 			BIO_printf(bio_err,"%s",*pp);

-        BIO_printf(bio_err, " -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR,
-                   LIST_SEPARATOR_CHAR);
-        BIO_printf(bio_err,
-                   "                 load the file (or the files in the directory) into\n");
+		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
 		BIO_printf(bio_err,"                 the random number generator\n");
 		goto err;
 		}
@ -415,38 +424,32 @@ int MAIN(int argc, char **argv)
 	setup_engine(bio_err, engine, 0);
 #endif

-    if (!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))
+		{
 		BIO_printf(bio_err, "Error getting passwords\n");
 		goto err;
 		}

-    if (!dbfile) {
+        if (!dbfile)
+		{
+

 	/*****************************************************************/
 		tofree=NULL;
+		if (configfile == NULL) configfile = getenv("OPENSSL_CONF");
+		if (configfile == NULL) configfile = getenv("SSLEAY_CONF");
 		if (configfile == NULL)
-            configfile = getenv("OPENSSL_CONF");
-        if (configfile == NULL)
-            configfile = getenv("SSLEAY_CONF");
-        if (configfile == NULL) {
+			{
 			const char *s=X509_get_default_cert_area();
 			size_t len;

 #ifdef OPENSSL_SYS_VMS
 			len = strlen(s)+sizeof(CONFIG_FILE);
 			tofree=OPENSSL_malloc(len);
-            if (!tofree) {
-                BIO_printf(bio_err, "Out of memory\n");
-                goto err;
-            }
 			strcpy(tofree,s);
 #else
 			len = strlen(s)+sizeof(CONFIG_FILE)+1;
 			tofree=OPENSSL_malloc(len);
-            if (!tofree) {
-                BIO_printf(bio_err, "Out of memory\n");
-                goto err;
-            }
 			BUF_strlcpy(tofree,s,len);
 			BUF_strlcat(tofree,"/",len);
 #endif
@ -454,19 +457,20 @@ int MAIN(int argc, char **argv)
 			configfile=tofree;
 			}

-        VERBOSE BIO_printf(bio_err, "Using configuration from %s\n",
-                           configfile);
+		VERBOSE BIO_printf(bio_err,"Using configuration from %s\n",configfile);
 		conf = NCONF_new(NULL);
-        if (NCONF_load(conf, configfile, &errorline) <= 0) {
+		if (NCONF_load(conf,configfile,&errorline) <= 0)
+			{
 			if (errorline <= 0)
 				BIO_printf(bio_err,"error loading the config file '%s'\n",
 					configfile);
 			else
-                BIO_printf(bio_err, "error on line %ld of config file '%s'\n",
-                           errorline, configfile);
+				BIO_printf(bio_err,"error on line %ld of config file '%s'\n"
+					,errorline,configfile);
 			goto err;
 			}
-        if (tofree) {
+		if(tofree)
+			{
 			OPENSSL_free(tofree);
 			tofree = NULL;
 			}
@ -475,13 +479,13 @@ int MAIN(int argc, char **argv)
 			goto err;

 	/* Lets get the config section we are using */
-        if (section == NULL) {
-            VERBOSE BIO_printf(bio_err,
-                               "trying to read " ENV_DEFAULT_SRP
-                               " in \" BASE_SECTION \"\n");
+		if (section == NULL)
+			{
+			VERBOSE BIO_printf(bio_err,"trying to read " ENV_DEFAULT_SRP " in \" BASE_SECTION \"\n");

 			section=NCONF_get_string(conf,BASE_SECTION,ENV_DEFAULT_SRP);
-            if (section == NULL) {
+			if (section == NULL)
+				{
 				lookup_fail(BASE_SECTION,ENV_DEFAULT_SRP);
 				goto err;
 				}
@ -490,11 +494,11 @@ int MAIN(int argc, char **argv)
 		if (randfile == NULL && conf)
 	        	randfile = NCONF_get_string(conf, BASE_SECTION, "RANDFILE");

-        VERBOSE BIO_printf(bio_err,
-                           "trying to read " ENV_DATABASE
-                           " in section \"%s\"\n", section);
 	
-        if ((dbfile = NCONF_get_string(conf, section, ENV_DATABASE)) == NULL) {
+		VERBOSE BIO_printf(bio_err,"trying to read " ENV_DATABASE " in section \"%s\"\n",section);
+
+		if ((dbfile=NCONF_get_string(conf,section,ENV_DATABASE)) == NULL)
+			{
 			lookup_fail(section,ENV_DATABASE);
 			goto err;
 			}
@ -505,18 +509,18 @@ int MAIN(int argc, char **argv)
       	else 
 		app_RAND_load_file(randfile, bio_err, 0);

-    VERBOSE BIO_printf(bio_err, "Trying to read SRP verifier file \"%s\"\n",
-                       dbfile);
+	VERBOSE BIO_printf(bio_err,"Trying to read SRP verifier file \"%s\"\n",dbfile);

 	db = load_index(dbfile, &db_attr);
-    if (db == NULL)
-        goto err;
+	if (db == NULL) goto err;

 	/* Lets check some fields */
-    for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+	for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
+		{
 		pp = sk_OPENSSL_PSTRING_value(db->db->data, i);
 	
-        if (pp[DB_srptype][0] == DB_SRP_INDEX) {
+		if (pp[DB_srptype][0] == DB_SRP_INDEX)
+			{
 			maxgN = i;
 			if (gNindex < 0 && gN != NULL && !strcmp(gN, pp[DB_srpid]))
 				gNindex = i;
@ -527,68 +531,77 @@ int MAIN(int argc, char **argv)
 	
 	VERBOSE BIO_printf(bio_err, "Database initialised\n");

-    if (gNindex >= 0) {
+	if (gNindex >= 0)
+		{
 		gNrow = sk_OPENSSL_PSTRING_value(db->db->data,gNindex);
 		print_entry(db, bio_err, gNindex, verbose > 1, "Default g and N");
-    } else if (maxgN > 0 && !SRP_get_default_gN(gN)) {
+		}
+	else if (maxgN > 0 && !SRP_get_default_gN(gN))
+		{
 		BIO_printf(bio_err, "No g and N value for index \"%s\"\n", gN);
 		goto err;
-    } else {
+		}
+	else
+		{
 		VERBOSE BIO_printf(bio_err, "Database has no g N information.\n");
 		gNrow = NULL;
 		}
 	
+
 	VVERBOSE BIO_printf(bio_err,"Starting user processing\n");

 	if (argc > 0)
 		user = *(argv++) ;

-    while (list_user || user) {
+	while (list_user || user)
+		{
 		int userindex = -1;
 		if (user) 
 			VVERBOSE BIO_printf(bio_err, "Processing user \"%s\"\n", user);
-        if ((userindex = get_index(db, user, 'U')) >= 0) {
+		if ((userindex = get_index(db, user, 'U')) >= 0)
+			{
 			print_user(db, bio_err, userindex, (verbose > 0) || list_user);
 			}
 		
-        if (list_user) {
-            if (user == NULL) {
+		if (list_user)
+			{
+			if (user == NULL)
+				{
 				BIO_printf(bio_err,"List all users\n");

-                for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+				for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
+					{
 					print_user(db,bio_err, i, 1);
 					}
 				list_user = 0;
-            } else if (userindex < 0) {
-                BIO_printf(bio_err,
-                           "user \"%s\" does not exist, ignored. t\n", user);
+				}
+			else if (userindex < 0)
+				{
+				BIO_printf(bio_err, "user \"%s\" does not exist, ignored. t\n",
+					   user);
 				errors++;
 				}
-        } else if (add_user) {
-            if (userindex >= 0) {
+			}
+		else if (add_user)
+			{
+			if (userindex >= 0)
+				{
 				/* reactivation of a new user */
-                char **row =
-                    sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+				char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
 				BIO_printf(bio_err, "user \"%s\" reactivated.\n", user);
 				row[DB_srptype][0] = 'V';

 				doupdatedb = 1;
-            } else {
-                char *row[DB_NUMBER];
-                char *gNid;
+				}
+			else
+				{
+				char *row[DB_NUMBER] ; char *gNid;
 				row[DB_srpverifier] = NULL;
 				row[DB_srpsalt] = NULL;
 				row[DB_srpinfo] = NULL;
-                if (!
-                    (gNid =
-                     srp_create_user(user, &(row[DB_srpverifier]),
-                                     &(row[DB_srpsalt]),
-                                     gNrow ? gNrow[DB_srpsalt] : gN,
-                                     gNrow ? gNrow[DB_srpverifier] : NULL,
-                                     passout, bio_err, verbose))) {
-                    BIO_printf(bio_err,
-                               "Cannot create srp verifier for user \"%s\", operation abandoned .\n",
-                               user);
+				if (!(gNid = srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:gN,gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
+					{
+						BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned .\n", user);
 						errors++;
 						goto err;
 					}
@ -596,89 +609,62 @@ int MAIN(int argc, char **argv)
 				row[DB_srptype] = BUF_strdup("v");
 				row[DB_srpgN] = BUF_strdup(gNid);

-                if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype]
-                    || !row[DB_srpverifier] || !row[DB_srpsalt] || (userinfo
-                                                                    &&
-                                                                    (!(row
-                                                                       [DB_srpinfo]
-                                                                       =
-                                                                       BUF_strdup
-                                                                       (userinfo))))
-                    || !update_index(db, bio_err, row)) {
-                    if (row[DB_srpid])
-                        OPENSSL_free(row[DB_srpid]);
-                    if (row[DB_srpgN])
-                        OPENSSL_free(row[DB_srpgN]);
-                    if (row[DB_srpinfo])
-                        OPENSSL_free(row[DB_srpinfo]);
-                    if (row[DB_srptype])
-                        OPENSSL_free(row[DB_srptype]);
-                    if (row[DB_srpverifier])
-                        OPENSSL_free(row[DB_srpverifier]);
-                    if (row[DB_srpsalt])
-                        OPENSSL_free(row[DB_srpsalt]);
+				if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
+					(userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))) || 
+					!update_index(db, bio_err, row))
+					{
+					if (row[DB_srpid]) OPENSSL_free(row[DB_srpid]);
+					if (row[DB_srpgN]) OPENSSL_free(row[DB_srpgN]);
+					if (row[DB_srpinfo]) OPENSSL_free(row[DB_srpinfo]);
+					if (row[DB_srptype]) OPENSSL_free(row[DB_srptype]);
+					if (row[DB_srpverifier]) OPENSSL_free(row[DB_srpverifier]);
+					if (row[DB_srpsalt]) OPENSSL_free(row[DB_srpsalt]);
 					goto err;
 					}
 				doupdatedb = 1;
 				}
-        } else if (modify_user) {
-            if (userindex < 0) {
-                BIO_printf(bio_err,
-                           "user \"%s\" does not exist, operation ignored.\n",
-                           user);
+			}
+		else if (modify_user)
+			{
+			if (userindex < 0)
+				{
+				BIO_printf(bio_err,"user \"%s\" does not exist, operation ignored.\n",user);
 				errors++;
-            } else {
+				}
+			else
+				{

-                char **row =
-                    sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+				char **row = sk_OPENSSL_PSTRING_value(db->db->data, userindex);
 				char type = row[DB_srptype][0];
-                if (type == 'v') {
-                    BIO_printf(bio_err,
-                               "user \"%s\" already updated, operation ignored.\n",
-                               user);
+				if (type == 'v')
+					{
+					BIO_printf(bio_err,"user \"%s\" already updated, operation ignored.\n",user);
 					errors++;
-                } else {
+					}
+				else
+					{
 					char *gNid;

-                    if (row[DB_srptype][0] == 'V') {
+					if (row[DB_srptype][0] == 'V')
+						{
 						int user_gN;
 						char **irow = NULL;
-                        VERBOSE BIO_printf(bio_err,
-                                           "Verifying password for user \"%s\"\n",
-                                           user);
-                        if ((user_gN =
-                             get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
-                            irow =
-                                (char **)sk_OPENSSL_PSTRING_value(db->
-                                                                  db->data,
-                                                                  userindex);
+						VERBOSE BIO_printf(bio_err,"Verifying password for user \"%s\"\n",user);
+						if ( (user_gN = get_index(db, row[DB_srpgN], DB_SRP_INDEX)) >= 0)
+							irow = (char **)sk_OPENSSL_PSTRING_value(db->db->data, userindex);

-                        if (!srp_verify_user
-                            (user, row[DB_srpverifier], row[DB_srpsalt],
-                             irow ? irow[DB_srpsalt] : row[DB_srpgN],
-                             irow ? irow[DB_srpverifier] : NULL, passin,
-                             bio_err, verbose)) {
-                            BIO_printf(bio_err,
-                                       "Invalid password for user \"%s\", operation abandoned.\n",
-                                       user);
+ 						if (!srp_verify_user(user, row[DB_srpverifier], row[DB_srpsalt], irow ? irow[DB_srpsalt] : row[DB_srpgN], irow ? irow[DB_srpverifier] : NULL, passin, bio_err, verbose))
+							{
+							BIO_printf(bio_err, "Invalid password for user \"%s\", operation abandoned.\n", user);
 							errors++;
 							goto err;
 							}
 						} 
-                    VERBOSE BIO_printf(bio_err,
-                                       "Password for user \"%s\" ok.\n",
-                                       user);
+					VERBOSE BIO_printf(bio_err,"Password for user \"%s\" ok.\n",user);

-                    if (!
-                        (gNid =
-                         srp_create_user(user, &(row[DB_srpverifier]),
-                                         &(row[DB_srpsalt]),
-                                         gNrow ? gNrow[DB_srpsalt] : NULL,
-                                         gNrow ? gNrow[DB_srpverifier] : NULL,
-                                         passout, bio_err, verbose))) {
-                        BIO_printf(bio_err,
-                                   "Cannot create srp verifier for user \"%s\", operation abandoned.\n",
-                                   user);
+					if (!(gNid=srp_create_user(user,&(row[DB_srpverifier]), &(row[DB_srpsalt]),gNrow?gNrow[DB_srpsalt]:NULL, gNrow?gNrow[DB_srpverifier]:NULL, passout, bio_err,verbose)))
+						{
+						BIO_printf(bio_err, "Cannot create srp verifier for user \"%s\", operation abandoned.\n", user);
 						errors++;
 						goto err;
 						}
@ -686,24 +672,24 @@ int MAIN(int argc, char **argv)
 					row[DB_srptype][0] = 'v';
 					row[DB_srpgN] = BUF_strdup(gNid);
 
-                    if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype]
-                        || !row[DB_srpverifier] || !row[DB_srpsalt]
-                        || (userinfo
-                            && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))
+					if (!row[DB_srpid] || !row[DB_srpgN] || !row[DB_srptype] || !row[DB_srpverifier] || !row[DB_srpsalt] ||
+						(userinfo && (!(row[DB_srpinfo] = BUF_strdup(userinfo)))))  
 						goto err;

 					doupdatedb = 1;
 					}
 				}
-        } else if (delete_user) {
-            if (userindex < 0) {
-                BIO_printf(bio_err,
-                           "user \"%s\" does not exist, operation ignored. t\n",
-                           user);
+			}
+		else if (delete_user)
+			{
+			if (userindex < 0)
+				{
+				BIO_printf(bio_err, "user \"%s\" does not exist, operation ignored. t\n", user);
 				errors++;
-            } else {
-                char **xpp =
-                    sk_OPENSSL_PSTRING_value(db->db->data, userindex);
+				}
+			else
+				{
+				char **xpp = sk_OPENSSL_PSTRING_value(db->db->data,userindex);
 				BIO_printf(bio_err, "user \"%s\" revoked. t\n", user);

 				xpp[DB_srptype][0] = 'R';
@ -713,7 +699,8 @@ int MAIN(int argc, char **argv)
 			}
 		if (--argc > 0)
 			user = *(argv++) ;
-        else {
+		else
+			{
 			user = NULL;
 			list_user = 0;
 			}
@ -721,24 +708,26 @@ int MAIN(int argc, char **argv)

 	VERBOSE BIO_printf(bio_err,"User procession done.\n");

-    if (doupdatedb) {
+
+	if (doupdatedb)
+		{
 		/* Lets check some fields */
-        for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++) {
+		for (i = 0; i < sk_OPENSSL_PSTRING_num(db->db->data); i++)
+			{
 			pp = sk_OPENSSL_PSTRING_value(db->db->data,i);
 	
-            if (pp[DB_srptype][0] == 'v') {
+			if (pp[DB_srptype][0] == 'v')
+				{
 				pp[DB_srptype][0] = 'V';
 				print_user(db, bio_err, i, verbose);
 				}
 			}

 		VERBOSE BIO_printf(bio_err, "Trying to update srpvfile.\n");
-        if (!save_index(dbfile, "new", db))
-            goto err;
+		if (!save_index(dbfile, "new", db)) goto err;
 				
 		VERBOSE BIO_printf(bio_err, "Temporary srpvfile created.\n");
-        if (!rotate_index(dbfile, "new", "old"))
-            goto err;
+		if (!rotate_index(dbfile, "new", "old")) goto err;

 		VERBOSE BIO_printf(bio_err, "srpvfile updated.\n");
 		}
@ -751,18 +740,17 @@ int MAIN(int argc, char **argv)
 	VERBOSE BIO_printf(bio_err,"SRP terminating with code %d.\n",ret);
 	if(tofree)
 		OPENSSL_free(tofree);
-    if (ret)
-        ERR_print_errors(bio_err);
-    if (randfile)
-        app_RAND_write_file(randfile, bio_err);
-    if (conf)
-        NCONF_free(conf);
-    if (db)
-        free_index(db);
+	if (ret) ERR_print_errors(bio_err);
+	if (randfile) app_RAND_write_file(randfile, bio_err);
+	if (conf) NCONF_free(conf);
+	if (db) free_index(db);

 	OBJ_cleanup();
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
 	}

+
+
 #endif
+
--- a/apps/testdsa.h
+++ b/apps/testdsa.h
@ -7,7 +7,6 @@ static unsigned char dsa512_priv[] = {
 	0x65,0xe5,0xc7,0x38,0x60,0x24,0xb5,0x89,0xd4,0x9c,0xeb,0x4c,
 	0x9c,0x1d,0x7a,0x22,0xbd,0xd1,0xc2,0xd2,
 	};
-
 static unsigned char dsa512_pub[] = {
 	0x00,0x95,0xa7,0x0d,0xec,0x93,0x68,0xba,0x5f,0xf7,0x5f,0x07,
 	0xf2,0x3b,0xad,0x6b,0x01,0xdc,0xbe,0xec,0xde,0x04,0x7a,0x3a,
@ -16,7 +15,6 @@ static unsigned char dsa512_pub[] = {
 	0x8c,0x38,0x5d,0x83,0x56,0x7d,0xee,0x53,0x05,0x3e,0x24,0x84,
 	0xbe,0xba,0x0a,0x6b,0xc8,
 	};
-
 static unsigned char dsa512_p[]={
 	0x9D,0x1B,0x69,0x8E,0x26,0xDB,0xF2,0x2B,0x11,0x70,0x19,0x86,
 	0xF6,0x19,0xC8,0xF8,0x19,0xF2,0x18,0x53,0x94,0x46,0x06,0xD0,
@ -25,12 +23,10 @@ static unsigned char dsa512_p[] = {
 	0x96,0xE4,0x37,0x33,0xBB,0x2D,0x5A,0xD7,0x5A,0x11,0x40,0x66,
 	0xA2,0x76,0x7D,0x31,
 	};
-
 static unsigned char dsa512_q[]={
 	0xFB,0x53,0xEF,0x50,0xB4,0x40,0x92,0x31,0x56,0x86,0x53,0x7A,
 	0xE8,0x8B,0x22,0x9A,0x49,0xFB,0x71,0x8F,
 	};
-
 static unsigned char dsa512_g[]={
 	0x83,0x3E,0x88,0xE5,0xC5,0x89,0x73,0xCE,0x3B,0x6C,0x01,0x49,
 	0xBF,0xB3,0xC7,0x9F,0x0A,0xEA,0x44,0x91,0xE5,0x30,0xAA,0xD9,
@ -44,15 +40,14 @@ DSA *get_dsa512()
 	{
 	DSA *dsa;

-    if ((dsa = DSA_new()) == NULL)
-        return (NULL);
+	if ((dsa=DSA_new()) == NULL) return(NULL);
 	dsa->priv_key=BN_bin2bn(dsa512_priv,sizeof(dsa512_priv),NULL);
 	dsa->pub_key=BN_bin2bn(dsa512_pub,sizeof(dsa512_pub),NULL);
 	dsa->p=BN_bin2bn(dsa512_p,sizeof(dsa512_p),NULL);
 	dsa->q=BN_bin2bn(dsa512_q,sizeof(dsa512_q),NULL);
 	dsa->g=BN_bin2bn(dsa512_g,sizeof(dsa512_g),NULL);
-    if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
-        || (dsa->q == NULL) || (dsa->g == NULL))
+	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+				(dsa->q == NULL) || (dsa->g == NULL))
 		return(NULL);
 	return(dsa);
 	}
@ -61,7 +56,6 @@ static unsigned char dsa1024_priv[] = {
 	0x7d,0x21,0xda,0xbb,0x62,0x15,0x47,0x36,0x07,0x67,0x12,0xe8,
 	0x8c,0xaa,0x1c,0xcd,0x38,0x12,0x61,0x18,
 	};
-
 static unsigned char dsa1024_pub[]={
 	0x3c,0x4e,0x9c,0x2a,0x7f,0x16,0xc1,0x25,0xeb,0xac,0x78,0x63,
 	0x90,0x14,0x8c,0x8b,0xf4,0x68,0x43,0x3c,0x2d,0xee,0x65,0x50,
@ -75,7 +69,6 @@ static unsigned char dsa1024_pub[] = {
 	0x2c,0x0b,0xc3,0x13,0x50,0x61,0xe5,0xad,0xbd,0x36,0xb8,0x97,
 	0x4e,0x40,0x7d,0xe8,0x83,0x0d,0xbc,0x4b
 	};
-
 static unsigned char dsa1024_p[]={
 	0xA7,0x3F,0x6E,0x85,0xBF,0x41,0x6A,0x29,0x7D,0xF0,0x9F,0x47,
 	0x19,0x30,0x90,0x9A,0x09,0x1D,0xDA,0x6A,0x33,0x1E,0xC5,0x3D,
@ -89,12 +82,10 @@ static unsigned char dsa1024_p[] = {
 	0x39,0x4F,0xFD,0xB7,0x43,0x1F,0xB5,0xA4,0x65,0x6F,0xCD,0x80,
 	0x11,0xE4,0x70,0x95,0x5B,0x50,0xCD,0x49,
 	};
-
 static unsigned char dsa1024_q[]={
 	0xF7,0x07,0x31,0xED,0xFA,0x6C,0x06,0x03,0xD5,0x85,0x8A,0x1C,
 	0xAC,0x9C,0x65,0xE7,0x50,0x66,0x65,0x6F,
 	};
-
 static unsigned char dsa1024_g[]={
 	0x4D,0xDF,0x4C,0x03,0xA6,0x91,0x8A,0xF5,0x19,0x6F,0x50,0x46,
 	0x25,0x99,0xE5,0x68,0x6F,0x30,0xE3,0x69,0xE1,0xE5,0xB3,0x5D,
@ -113,15 +104,14 @@ DSA *get_dsa1024()
 	{
 	DSA *dsa;

-    if ((dsa = DSA_new()) == NULL)
-        return (NULL);
+	if ((dsa=DSA_new()) == NULL) return(NULL);
 	dsa->priv_key=BN_bin2bn(dsa1024_priv,sizeof(dsa1024_priv),NULL);
 	dsa->pub_key=BN_bin2bn(dsa1024_pub,sizeof(dsa1024_pub),NULL);
 	dsa->p=BN_bin2bn(dsa1024_p,sizeof(dsa1024_p),NULL);
 	dsa->q=BN_bin2bn(dsa1024_q,sizeof(dsa1024_q),NULL);
 	dsa->g=BN_bin2bn(dsa1024_g,sizeof(dsa1024_g),NULL);
-    if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
-        || (dsa->q == NULL) || (dsa->g == NULL))
+	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+				(dsa->q == NULL) || (dsa->g == NULL))
 		return(NULL);
 	return(dsa);
 	}
@ -130,7 +120,6 @@ static unsigned char dsa2048_priv[] = {
 	0x32,0x67,0x92,0xf6,0xc4,0xe2,0xe2,0xe8,0xa0,0x8b,0x6b,0x45,
 	0x0c,0x8a,0x76,0xb0,0xee,0xcf,0x91,0xa7,
 	};
-
 static unsigned char dsa2048_pub[]={
 	0x17,0x8f,0xa8,0x11,0x84,0x92,0xec,0x83,0x47,0xc7,0x6a,0xb0,
 	0x92,0xaf,0x5a,0x20,0x37,0xa3,0x64,0x79,0xd2,0xd0,0x3d,0xcd,
@ -155,7 +144,6 @@ static unsigned char dsa2048_pub[] = {
 	0x72,0xf4,0x10,0xe6,0x8d,0x52,0x16,0x7f,0xf2,0xc9,0xf8,0x33,
 	0x8b,0x33,0xb7,0xce,
 	};
-
 static unsigned char dsa2048_p[]={
 	0xA0,0x25,0xFA,0xAD,0xF4,0x8E,0xB9,0xE5,0x99,0xF3,0x5D,0x6F,
 	0x4F,0x83,0x34,0xE2,0x7E,0xCF,0x6F,0xBF,0x30,0xAF,0x6F,0x81,
@ -180,12 +168,10 @@ static unsigned char dsa2048_p[] = {
 	0x5D,0xA7,0xD8,0x54,0xC3,0x65,0x7D,0xC3,0xB0,0x1D,0xBF,0xAE,
 	0xF8,0x68,0xCF,0x9B,
 	};
-
 static unsigned char dsa2048_q[]={
 	0x97,0xE7,0x33,0x4D,0xD3,0x94,0x3E,0x0B,0xDB,0x62,0x74,0xC6,
 	0xA1,0x08,0xDD,0x19,0xA3,0x75,0x17,0x1B,
 	};
-
 static unsigned char dsa2048_g[]={
 	0x2C,0x78,0x16,0x59,0x34,0x63,0xF4,0xF3,0x92,0xFC,0xB5,0xA5,
 	0x4F,0x13,0xDE,0x2F,0x1C,0xA4,0x3C,0xAE,0xAD,0x38,0x3F,0x7E,
@ -215,19 +201,17 @@ DSA *get_dsa2048()
 	{
 	DSA *dsa;
 
-    if ((dsa = DSA_new()) == NULL)
-        return (NULL);
+	if ((dsa=DSA_new()) == NULL) return(NULL);
 	dsa->priv_key=BN_bin2bn(dsa2048_priv,sizeof(dsa2048_priv),NULL);
 	dsa->pub_key=BN_bin2bn(dsa2048_pub,sizeof(dsa2048_pub),NULL);
 	dsa->p=BN_bin2bn(dsa2048_p,sizeof(dsa2048_p),NULL);
 	dsa->q=BN_bin2bn(dsa2048_q,sizeof(dsa2048_q),NULL);
 	dsa->g=BN_bin2bn(dsa2048_g,sizeof(dsa2048_g),NULL);
-    if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL)
-        || (dsa->q == NULL) || (dsa->g == NULL))
+	if ((dsa->priv_key == NULL) || (dsa->pub_key == NULL) || (dsa->p == NULL) ||
+				(dsa->q == NULL) || (dsa->g == NULL))
 		return(NULL);
 	return(dsa);
 	}

-static const char rnd_seed[] =
-    "string to make the random number generator think it has entropy";
+static const char rnd_seed[] = "string to make the random number generator think it has entropy";
 static int rnd_fake = 0;
--- a/apps/ts.c
+++ b/apps/ts.c
--- a/apps/verify.c
+++ b/apps/verify.c
@ -88,13 +88,13 @@ int MAIN(int argc, char **argv)
 	X509_STORE *cert_ctx=NULL;
 	X509_LOOKUP *lookup=NULL;
 	X509_VERIFY_PARAM *vpm = NULL;
+	int crl_download = 0;
 #ifndef OPENSSL_NO_ENGINE
 	char *engine=NULL;
 #endif

 	cert_ctx=X509_STORE_new();
-    if (cert_ctx == NULL)
-        goto end;
+	if (cert_ctx == NULL) goto end;
 	X509_STORE_set_verify_cb(cert_ctx,cb);

 	ERR_load_crypto_strings();
@ -110,37 +110,48 @@ int MAIN(int argc, char **argv)

 	argc--;
 	argv++;
-    for (;;) {
-        if (argc >= 1) {
-            if (strcmp(*argv, "-CApath") == 0) {
-                if (argc-- < 1)
-                    goto end;
+	for (;;)
+		{
+		if (argc >= 1)
+			{
+			if (strcmp(*argv,"-CApath") == 0)
+				{
+				if (argc-- < 1) goto end;
 				CApath= *(++argv);
-            } else if (strcmp(*argv, "-CAfile") == 0) {
-                if (argc-- < 1)
-                    goto end;
+				}
+			else if (strcmp(*argv,"-CAfile") == 0)
+				{
+				if (argc-- < 1) goto end;
 				CAfile= *(++argv);
-            } else if (args_verify(&argv, &argc, &badarg, bio_err, &vpm)) {
+				}
+			else if (args_verify(&argv, &argc, &badarg, bio_err,
+									&vpm))
+				{
 				if (badarg)
 					goto end;
 				continue;
-            } else if (strcmp(*argv, "-untrusted") == 0) {
-                if (argc-- < 1)
-                    goto end;
+				}
+			else if (strcmp(*argv,"-untrusted") == 0)
+				{
+				if (argc-- < 1) goto end;
 				untfile= *(++argv);
-            } else if (strcmp(*argv, "-trusted") == 0) {
-                if (argc-- < 1)
-                    goto end;
+				}
+			else if (strcmp(*argv,"-trusted") == 0)
+				{
+				if (argc-- < 1) goto end;
 				trustfile= *(++argv);
-            } else if (strcmp(*argv, "-CRLfile") == 0) {
-                if (argc-- < 1)
-                    goto end;
+				}
+			else if (strcmp(*argv,"-CRLfile") == 0)
+				{
+				if (argc-- < 1) goto end;
 				crlfile= *(++argv);
 				}
+			else if (strcmp(*argv,"-crl_download") == 0)
+				crl_download = 1;
 #ifndef OPENSSL_NO_ENGINE
-            else if (strcmp(*argv, "-engine") == 0) {
-                if (--argc < 1)
-                    goto end;
+			else if (strcmp(*argv,"-engine") == 0)
+				{
+				if (--argc < 1) goto end;
 				engine= *(++argv);
 				}
 #endif
@ -154,7 +165,8 @@ int MAIN(int argc, char **argv)
 				break;
 			argc--;
 			argv++;
-        } else
+			}
+		else
 			break;
 		}

@ -166,8 +178,7 @@ int MAIN(int argc, char **argv)
 		X509_STORE_set1_param(cert_ctx, vpm);

 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
-    if (lookup == NULL)
-        abort();
+	if (lookup == NULL) abort();
 	if (CAfile) {
 		i=X509_LOOKUP_load_file(lookup,CAfile,X509_FILETYPE_PEM);
 		if(!i) {
@ -175,12 +186,10 @@ int MAIN(int argc, char **argv)
 			ERR_print_errors(bio_err);
 			goto end;
 		}
-    } else
-        X509_LOOKUP_load_file(lookup, NULL, X509_FILETYPE_DEFAULT);
+	} else X509_LOOKUP_load_file(lookup,NULL,X509_FILETYPE_DEFAULT);
 		
 	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_hash_dir());
-    if (lookup == NULL)
-        abort();
+	if (lookup == NULL) abort();
 	if (CApath) {
 		i=X509_LOOKUP_add_dir(lookup,CApath,X509_FILETYPE_PEM);
 		if(!i) {
@ -188,36 +197,45 @@ int MAIN(int argc, char **argv)
 			ERR_print_errors(bio_err);
 			goto end;
 		}
-    } else
-        X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT);
+	} else X509_LOOKUP_add_dir(lookup,NULL,X509_FILETYPE_DEFAULT);

 	ERR_clear_error();

-    if (untfile) {
+	if(untfile)
+		{
 		untrusted = load_certs(bio_err, untfile, FORMAT_PEM,
 					NULL, e, "untrusted certificates");
 		if(!untrusted)
 			goto end;
 		}

-    if (trustfile) {
+	if(trustfile)
+		{
 		trusted = load_certs(bio_err, trustfile, FORMAT_PEM,
 					NULL, e, "trusted certificates");
 		if(!trusted)
 			goto end;
 		}

-    if (crlfile) {
-        crls = load_crls(bio_err, crlfile, FORMAT_PEM, NULL, e, "other CRLs");
+	if(crlfile)
+		{
+		crls = load_crls(bio_err, crlfile, FORMAT_PEM,
+					NULL, e, "other CRLs");
 		if(!crls)
 			goto end;
 		}

 	ret = 0;
-    if (argc < 1) {
+
+	if (crl_download)
+		store_setup_crl_download(cert_ctx);
+	if (argc < 1)
+		{ 
 		if (1 != check(cert_ctx, NULL, untrusted, trusted, crls, e))
 			ret = -1;
-    } else {
+		}
+	else
+		{
 		for (i=0; i<argc; i++)
 			if (1 != check(cert_ctx,argv[i], untrusted, trusted, crls, e))
 				ret = -1;
@ -225,16 +243,16 @@ int MAIN(int argc, char **argv)

 end:
 	if (ret == 1) {
-        BIO_printf(bio_err,
-                   "usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
-        BIO_printf(bio_err, " [-no_alt_chains] [-attime timestamp]");
+		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
+		BIO_printf(bio_err," [-attime timestamp]");
 #ifndef OPENSSL_NO_ENGINE
 		BIO_printf(bio_err," [-engine e]");
 #endif
 		BIO_printf(bio_err," cert1 cert2 ...\n");

 		BIO_printf(bio_err,"recognized usages:\n");
-        for (i = 0; i < X509_PURPOSE_get_count(); i++) {
+		for(i = 0; i < X509_PURPOSE_get_count(); i++)
+			{
 			X509_PURPOSE *ptmp;
 			ptmp = X509_PURPOSE_get0(i);
 			BIO_printf(bio_err, "\t%-10s\t%s\n",
@ -242,10 +260,8 @@ int MAIN(int argc, char **argv)
 				   X509_PURPOSE_get0_name(ptmp));
 			}
 	}
-    if (vpm)
-        X509_VERIFY_PARAM_free(vpm);
-    if (cert_ctx != NULL)
-        X509_STORE_free(cert_ctx);
+	if (vpm) X509_VERIFY_PARAM_free(vpm);
+	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
 	sk_X509_pop_free(untrusted, X509_free);
 	sk_X509_pop_free(trusted, X509_free);
 	sk_X509_CRL_pop_free(crls, X509_CRL_free);
@ -267,17 +283,18 @@ static int check(X509_STORE *ctx, char *file,
 	fprintf(stdout,"%s: ",(file == NULL)?"stdin":file);

 	csc = X509_STORE_CTX_new();
-    if (csc == NULL) {
+	if (csc == NULL)
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
 	X509_STORE_set_flags(ctx, vflags);
-    if (!X509_STORE_CTX_init(csc, ctx, x, uchain)) {
+	if(!X509_STORE_CTX_init(csc,ctx,x,uchain))
+		{
 		ERR_print_errors(bio_err);
 		goto end;
 		}
-    if (tchain)
-        X509_STORE_CTX_trusted_stack(csc, tchain);
+	if(tchain) X509_STORE_CTX_trusted_stack(csc, tchain);
 	if (crls)
 		X509_STORE_CTX_set0_crls(csc, crls);
 	i=X509_verify_cert(csc);
@ -285,13 +302,14 @@ static int check(X509_STORE *ctx, char *file,

 	ret=0;
 end:
-    if (i > 0) {
+	if (i > 0)
+		{
 		fprintf(stdout,"OK\n");
 		ret=1;
-    } else
+		}
+	else
 		ERR_print_errors(bio_err);
-    if (x != NULL)
-        X509_free(x);
+	if (x != NULL) X509_free(x);

 	return(ret);
 	}
@ -301,8 +319,10 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
 	int cert_error = X509_STORE_CTX_get_error(ctx);
 	X509 *current_cert = X509_STORE_CTX_get_current_cert(ctx);

-    if (!ok) {
-        if (current_cert) {
+	if (!ok)
+		{
+		if (current_cert)
+			{
 			X509_NAME_print_ex_fp(stdout,
 				X509_get_subject_name(current_cert),
 				0, XN_FLAG_ONELINE);
@ -313,14 +333,15 @@ static int MS_CALLBACK cb(int ok, X509_STORE_CTX *ctx)
 			cert_error,
 			X509_STORE_CTX_get_error_depth(ctx),
 			X509_verify_cert_error_string(cert_error));
-        switch (cert_error) {
+		switch(cert_error)
+			{
 			case X509_V_ERR_NO_EXPLICIT_POLICY:
 				policies_print(NULL, ctx);
 			case X509_V_ERR_CERT_HAS_EXPIRED:

-            /*
-             * since we are just checking the certificates, it is ok if they
-             * are self signed. But we should still warn the user.
+			/* since we are just checking the certificates, it is
+			 * ok if they are self signed. But we should still warn
+			 * the user.
 			 */

 			case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
--- a/apps/version.c
+++ b/apps/version.c
@ -148,9 +148,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);

-    if (argc == 1)
-        version = 1;
-    for (i = 1; i < argc; i++) {
+	if (argc == 1) version=1;
+	for (i=1; i<argc; i++)
+		{
 		if (strcmp(argv[i],"-v") == 0)
 			version=1;	
 		else if (strcmp(argv[i],"-b") == 0)
@ -165,26 +165,31 @@ int MAIN(int argc, char **argv)
 			dir=1;
 		else if (strcmp(argv[i],"-a") == 0)
 			date=version=cflags=options=platform=dir=1;
-        else {
+		else
+			{
 			BIO_printf(bio_err,"usage:version -[avbofpd]\n");
 			ret=1;
 			goto end;
 			}
 		}

-    if (version) {
-        if (SSLeay() == SSLEAY_VERSION_NUMBER) {
+	if (version)
+		{
+		if (SSLeay() == SSLEAY_VERSION_NUMBER)
+			{
 			printf("%s\n",SSLeay_version(SSLEAY_VERSION));
-        } else {
+			}
+		else
+			{
 			printf("%s (Library: %s)\n",
-                   OPENSSL_VERSION_TEXT, SSLeay_version(SSLEAY_VERSION));
+				OPENSSL_VERSION_TEXT,
+				SSLeay_version(SSLEAY_VERSION));
 			}
 		}
-    if (date)
-        printf("%s\n", SSLeay_version(SSLEAY_BUILT_ON));
-    if (platform)
-        printf("%s\n", SSLeay_version(SSLEAY_PLATFORM));
-    if (options) {
+	if (date)    printf("%s\n",SSLeay_version(SSLEAY_BUILT_ON));
+	if (platform) printf("%s\n",SSLeay_version(SSLEAY_PLATFORM));
+	if (options) 
+		{
 		printf("options:  ");
 		printf("%s ",BN_options());
 #ifndef OPENSSL_NO_MD2
@ -204,10 +209,8 @@ int MAIN(int argc, char **argv)
 #endif
 		printf("\n");
 		}
-    if (cflags)
-        printf("%s\n", SSLeay_version(SSLEAY_CFLAGS));
-    if (dir)
-        printf("%s\n", SSLeay_version(SSLEAY_DIR));
+	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+	if (dir)  printf("%s\n",SSLeay_version(SSLEAY_DIR));
 end:
 	apps_shutdown();
 	OPENSSL_EXIT(ret);
--- a/apps/vms_decc_init.c
+++ b/apps/vms_decc_init.c
@ -5,7 +5,7 @@

 #ifdef USE_DECC_INIT

-/*-
+/*
 * 2010-04-26 SMS.
 *
 *----------------------------------------------------------------------
@ -22,34 +22,37 @@
 #include <stdlib.h>
 #include <unixlib.h>

+
 /* Global storage. */

 /* Flag to sense if decc_init() was called. */

 int decc_init_done = -1;

+
 /* Structure to hold a DECC$* feature name and its desired value. */

-typedef struct {
+typedef struct
+{
    char *name;
    int value;
 } decc_feat_t;

-/*
- * Array of DECC$* feature names and their desired values. Note:
- * DECC$ARGV_PARSE_STYLE is the urgent one.
+
+/* Array of DECC$* feature names and their desired values.
+ * Note: DECC$ARGV_PARSE_STYLE is the urgent one.
 */

-decc_feat_t decc_feat_array[] = {
+decc_feat_t decc_feat_array[] =
+{
 /* Preserve command-line case with SET PROCESS/PARSE_STYLE=EXTENDED */
 { "DECC$ARGV_PARSE_STYLE", 1 },

 /* Preserve case for file names on ODS5 disks. */
 { "DECC$EFS_CASE_PRESERVE", 1 },

-    /*
-     * Enable multiple dots (and most characters) in ODS5 file names, while
-     * preserving VMS-ness of ";version".
+ /* Enable multiple dots (and most characters) in ODS5 file names,
+  * while preserving VMS-ness of ";version".
  */
 { "DECC$EFS_CHARSET", 1 },

@ -57,6 +60,7 @@ decc_feat_t decc_feat_array[] = {
 { (char *)NULL, 0 }
 };

+
 /* LIB$INITIALIZE initialization function. */

 static void decc_init( void)
@ -72,9 +76,11 @@ static void decc_init(void)

    /* Get debug option. */
    openssl_debug_decc_init = getenv( "OPENSSL_DEBUG_DECC_INIT");
-    if (openssl_debug_decc_init != NULL) {
+    if (openssl_debug_decc_init != NULL)
+    {
        verbose = strtol( openssl_debug_decc_init, NULL, 10);
-        if (verbose <= 0) {
+        if (verbose <= 0)
+        {
            verbose = 1;
        }
    }
@ -84,10 +90,12 @@ static void decc_init(void)

    /* Loop through all items in the decc_feat_array[]. */

-    for (i = 0; decc_feat_array[i].name != NULL; i++) {
+    for (i = 0; decc_feat_array[ i].name != NULL; i++)
+    {
        /* Get the feature index. */
        feat_index = decc$feature_get_index( decc_feat_array[ i].name);
-        if (feat_index >= 0) {
+        if (feat_index >= 0)
+        {
            /* Valid item.  Collect its properties. */
            feat_value = decc$feature_get_value( feat_index, 1);
            feat_value_min = decc$feature_get_value( feat_index, 2);
@ -95,34 +103,43 @@ static void decc_init(void)

            /* Check the validity of our desired value. */
            if ((decc_feat_array[ i].value >= feat_value_min) &&
-                (decc_feat_array[i].value <= feat_value_max)) {
+             (decc_feat_array[ i].value <= feat_value_max))
+            {
                /* Valid value.  Set it if necessary. */
-                if (feat_value != decc_feat_array[i].value) {
+                if (feat_value != decc_feat_array[ i].value)
+                {
                    sts = decc$feature_set_value( feat_index,
-                                                 1, decc_feat_array[i].value);
+                     1,
+                     decc_feat_array[ i].value);

-                    if (verbose > 1) {
+                     if (verbose > 1)
+                     {
                         fprintf( stderr, " %s = %d, sts = %d.\n",
                          decc_feat_array[ i].name,
-                                decc_feat_array[i].value, sts);
+                          decc_feat_array[ i].value,
+                          sts);
                     }
                }
-            } else {
+            }
+            else
+            {
                /* Invalid DECC feature value. */
                fprintf( stderr,
                 " INVALID DECC$FEATURE VALUE, %d: %d <= %s <= %d.\n",
                 feat_value,
-                        feat_value_min, decc_feat_array[i].name,
-                        feat_value_max);
+                 feat_value_min, decc_feat_array[ i].name, feat_value_max);
            }
-        } else {
+        }
+        else
+        {
            /* Invalid DECC feature name. */
            fprintf( stderr,
             " UNKNOWN DECC$FEATURE: %s.\n", decc_feat_array[ i].name);
        }
    }

-    if (verbose > 0) {
+    if (verbose > 0)
+    {
        fprintf( stderr, " DECC_INIT complete.\n");
    }
 }
@ -131,9 +148,8 @@ static void decc_init(void)

 #pragma nostandard

-/*
- * Establish the LIB$INITIALIZE PSECTs, with proper alignment and other
- * attributes.  Note that "nopic" is significant only on VAX.
+/* Establish the LIB$INITIALIZE PSECTs, with proper alignment and
+ * other attributes.  Note that "nopic" is significant only on VAX.
 */
 #pragma extern_model save

--- a/apps/winrand.c
+++ b/apps/winrand.c
@ -53,8 +53,7 @@
 *
 */

-/*-
- * Usage: winrand [filename]
+/* Usage: winrand [filename]
 *
 * Collects entropy from mouse movements and other events and writes
 * random data to filename or .rnd
@ -99,13 +98,14 @@ int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,

        hwnd = CreateWindow(appname, OPENSSL_VERSION_TEXT,
 		WS_OVERLAPPEDWINDOW, CW_USEDEFAULT, CW_USEDEFAULT,
-                        CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance,
-                        NULL);
+		CW_USEDEFAULT, CW_USEDEFAULT, NULL, NULL, hInstance, NULL);

 	ShowWindow(hwnd, iCmdShow);
 	UpdateWindow(hwnd);

-    while (GetMessage(&msg, NULL, 0, 0)) {
+
+	while (GetMessage(&msg, NULL, 0, 0))
+		{
 		TranslateMessage(&msg);
 		DispatchMessage(&msg);
 		}
@ -120,7 +120,8 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
        RECT rect;
        static int seeded = 0;

-    switch (iMsg) {
+	switch (iMsg)
+		{
 	case WM_PAINT:
 		hdc = BeginPaint(hwnd, &ps);
 		GetClientRect(hwnd, &rect);
@ -134,7 +135,8 @@ LRESULT CALLBACK WndProc(HWND hwnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
                return 0;
                }

-    if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0) {
+        if (RAND_event(iMsg, wParam, lParam) == 1 && seeded == 0)
+                {
                seeded = 1;
                if (RAND_write_file(filename) <= 0)
                        MessageBox(hwnd, "Couldn't write random file!",
--- a/apps/x509.c
+++ b/apps/x509.c
--- a/appveyor.yml
+++ b/appveyor.yml
@ -1,60 +0,0 @@
-platform:
-    - x86
-    - x64
-
-environment:
-    matrix:
-        - VSVER: 9
-        - VSVER: 10
-        - VSVER: 11
-        - VSVER: 12
-        - VSVER: 14
-
-configuration:
-    - plain
-    - shared
-
-matrix:
-    allow_failures:
-        - platform: x64
-          VSVER: 9
-        - platform: x64
-          VSVER: 10
-        - platform: x64
-          VSVER: 11
-
-before_build:
-    - ps: >-
-        If ($env:Platform -Match "x86") {
-            $env:VCVARS_PLATFORM="x86"
-            $env:TARGET="VC-WIN32"
-            $env:DO="do_ms"
-        } Else {
-            $env:VCVARS_PLATFORM="amd64"
-            $env:TARGET="VC-WIN64A"
-            $env:DO="do_win64a"
-        }
-    - ps: >-
-        If ($env:Configuration -Like "*shared*") {
-            $env:MAK="ntdll.mak"
-        } Else {
-            $env:MAK="nt.mak"
-        }
-    - ps: $env:VSCOMNTOOLS=(Get-Content ("env:VS" + "$env:VSVER" + "0COMNTOOLS"))
-    - call "%VSCOMNTOOLS%\..\..\VC\vcvarsall.bat" %VCVARS_PLATFORM%
-    - perl Configure %TARGET% no-asm
-    - call ms\%DO%
-
-build_script:
-    - nmake /f ms\%MAK%
-
-test_script:
-    - nmake /f ms\%MAK% test
-
-notifications:
-    - provider: Email
-      to:
-          - openssl-commits@openssl.org
-      on_build_success: false
-      on_build_failure: true
-      on_build_status_changed: true
--- a/bugs/alpha.c
+++ b/bugs/alpha.c
@ -56,13 +56,11 @@
 * [including the GNU Public Licence.]
 */

-/*
- * while not exactly a bug (ASN1 C leaves this undefined) it is something to
- * watch out for.  This was fine on linux/NT/Solaris but not Alpha
- */
+/* while not exactly a bug (ASN1 C leaves this undefined) it is
+ * something to watch out for.  This was fine on linux/NT/Solaris but not
+ * Alpha */

-/*-
- * it is basically an example of
+/* it is basically an example of
 * func(*(a++),*(a++))
 * which parameter is evaluated first?  It is not defined in ASN1 C.
 */
@ -86,7 +84,8 @@ main()

        p=data;

-    for (i = 0; i < 4; i++) {
+        for (i=0; i<4; i++)
+                {
                func(p,*(p++));
                }
        }
--- a/bugs/dggccbug.c
+++ b/bugs/dggccbug.c
@ -4,18 +4,17 @@

 #include <stdio.h>

-/*
- * There is a bug in gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14
- * 1994) as shipped with DGUX 5.4R3.10 that can be bypassed by defining
- * DG_GCC_BUG in my code. The bug manifests itself by the vaule of a pointer
- * that is used only by reference, not having it's value change when it is
- * used to check for exiting the loop.  Probably caused by there being 2
- * copies of the valiable, one in a register and one being an address that is
- * passed.
- */
+/* There is a bug in
+ * gcc version 2.5.8 (88open OCS/BCS, DG-2.5.8.3, Oct 14 1994)
+ * as shipped with DGUX 5.4R3.10 that can be bypassed by defining
+ * DG_GCC_BUG in my code.
+ * The bug manifests itself by the vaule of a pointer that is
+ * used only by reference, not having it's value change when it is used
+ * to check for exiting the loop.  Probably caused by there being 2
+ * copies of the valiable, one in a register and one being an address
+ * that is passed. */

-/*-
- * compare the out put from
+/* compare the out put from
 * gcc dggccbug.c; ./a.out
 * and
 * gcc -O dggccbug.c; ./a.out
@ -35,7 +34,8 @@ main()
 	int dummy;
 #endif

-    while (p < 3) {
+	while (p<3)
+		{
 		fprintf(stderr,"%08X\n",p);
 		inc(&p);
 #ifdef FIXBUG
--- a/bugs/sgiccbug.c
+++ b/bugs/sgiccbug.c
@ -4,26 +4,22 @@

 #include <stdio.h>

-/*
- * This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are the
- * only versions of IRIX I have access to. defining FIXBUG removes the bug.
- * (bug is still present in IRIX 6.3 according to Gage
- * <agage@forgetmenot.Mines.EDU>
+/* This compiler bug it present on IRIX 5.3, 5.1 and 4.0.5 (these are
+ * the only versions of IRIX I have access to.
+ * defining FIXBUG removes the bug.
+ * (bug is still present in IRIX 6.3 according to
+ * Gage <agage@forgetmenot.Mines.EDU>
 */
 
-/*-
- * Compare the output from
+/* Compare the output from
 * cc sgiccbug.c; ./a.out
 * and
 * cc -O sgiccbug.c; ./a.out
 */

-static unsigned long a[4] =
-    { 0x01234567, 0x89ABCDEF, 0xFEDCBA98, 0x76543210 };
-static unsigned long b[4] =
-    { 0x89ABCDEF, 0xFEDCBA98, 0x76543210, 0x01234567 };
-static unsigned long c[4] =
-    { 0x77777778, 0x8ACF1357, 0x88888888, 0x7530ECA9 };
+static unsigned long a[4]={0x01234567,0x89ABCDEF,0xFEDCBA98,0x76543210};
+static unsigned long b[4]={0x89ABCDEF,0xFEDCBA98,0x76543210,0x01234567};
+static unsigned long c[4]={0x77777778,0x8ACF1357,0x88888888,0x7530ECA9};

 main()
 	{
@ -48,7 +44,8 @@ unsigned long *r, *a, *b;
 	bp=b;
 	rp=r;
 	carry=0;
-    for (i = 0; i < 4; i++) {
+	for (i=0; i<4; i++)
+		{
 		t1= *(ap++);
 		t2= *(bp++);
 		t1=(t1-t2);
--- a/bugs/stream.c
+++ b/bugs/stream.c
@ -64,9 +64,8 @@
 #include <openssl/des.h>
 #endif

-/*
- * show how stream ciphers are not very good.  The mac has no affect on RC4
- * while it does for cfb DES
+/* show how stream ciphers are not very good.  The mac has no affect
+ * on RC4 while it does for cfb DES
 */

 main()
--- a/bugs/ultrixcc.c
+++ b/bugs/ultrixcc.c
@ -1,7 +1,6 @@
 #include <stdio.h>

-/*-
- * This is a cc optimiser bug for ultrix 4.3, mips CPU.
+/* This is a cc optimiser bug for ultrix 4.3, mips CPU.
 * What happens is that the compiler, due to the (a)&7,
 * does
 * i=a&7;
@ -21,7 +20,8 @@ main()
 int f(a)
 int a;
 	{
-    switch (a & 7) {
+	switch(a&7)
+		{
 	case 7:
 		printf("7\n");
 	case 6:
@ -42,3 +42,4 @@ int a;
 #endif
 		}
 	}	
+
--- a/19
+++ b/19
@ -587,15 +587,33 @@ case "$GUESSOS" in
 	fi
 	;;
  ppc64-*-linux2)
+	if [ -z "$KERNEL_BITS" ]; then
 	    echo "WARNING! If you wish to build 64-bit library, then you have to"
 	    echo "         invoke './Configure linux-ppc64' *manually*."
 	    if [ "$TEST" = "false" -a -t 1 ]; then
 		echo "         You have about 5 seconds to press Ctrl-C to abort."
 		(trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
 	    fi
+	fi
+	if [ "$KERNEL_BITS" = "64" ]; then
+	    OUT="linux-ppc64"
+	else
 	    OUT="linux-ppc"
+	    (echo "__LP64__" | gcc -E -x c - 2>/dev/null | grep "^__LP64__" 2>&1 > /dev/null) || options="$options -m32"
+	fi
 	;;
+  ppc64le-*-linux2) OUT="linux-ppc64le" ;;
  ppc-*-linux2) OUT="linux-ppc" ;;
+  mips64*-*-linux2)
+	echo "WARNING! If you wish to build 64-bit library, then you have to"
+	echo "         invoke './Configure linux64-mips64' *manually*."
+	if [ "$TEST" = "false" -a -t 1 ]; then
+	    echo "         You have about 5 seconds to press Ctrl-C to abort."
+	    (trap "stty `stty -g`" 2 0; stty -icanon min 0 time 50; read waste) <&1
+	fi
+	OUT="linux-mips64"
+	;;
+  mips*-*-linux2) OUT="linux-mips32" ;;
  ppc60x-*-vxworks*) OUT="vxworks-ppc60x" ;;
  ppcgen-*-vxworks*) OUT="vxworks-ppcgen" ;;
  pentium-*-vxworks*) OUT="vxworks-pentium" ;;
@ -644,6 +662,7 @@ case "$GUESSOS" in
  armv[1-3]*-*-linux2) OUT="linux-generic32" ;;
  armv[7-9]*-*-linux2) OUT="linux-armv4"; options="$options -march=armv7-a" ;;
  arm*-*-linux2) OUT="linux-armv4" ;;
+  aarch64-*-linux2) OUT="linux-aarch64" ;;
  sh*b-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
  sh*-*-linux2)  OUT="linux-generic32"; options="$options -DL_ENDIAN" ;;
  m68k*-*-linux2) OUT="linux-generic32"; options="$options -DB_ENDIAN" ;;
--- a/crypto/.cvsignore
+++ b/crypto/.cvsignore
@ -0,0 +1,8 @@
+lib
+buildinf.h
+opensslconf.h
+Makefile.save
+*.flc
+semantic.cache
+*cpuid.s
+uplink-cof.s
--- a/crypto/LPdir_nyi.c
+++ b/crypto/LPdir_nyi.c
@ -1,6 +1,4 @@
-/*
- * $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $
- */
+/* $LP: LPlib/source/LPdir_win.c,v 1.1 2004/06/14 10:07:56 _cvs_levitte Exp $ */
 /*
 * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
 * All rights reserved.
@ -31,15 +29,12 @@
 #include "LPdir.h"
 #endif

-struct LP_dir_context_st {
-    void *dummy;
-};
+struct LP_dir_context_st { void *dummy; };
 const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 	{
 	errno = EINVAL;
 	return 0;
 	}
-
 int LP_find_file_end(LP_DIR_CTX **ctx)
 	{
 	errno = EINVAL;
--- a/crypto/LPdir_unix.c
+++ b/crypto/LPdir_unix.c
@ -1,7 +1,4 @@
-/*
- * $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp
- * $
- */
+/* $LP: LPlib/source/LPdir_unix.c,v 1.11 2004/09/23 22:07:22 _cvs_levitte Exp $ */
 /*
 * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
 * All rights reserved.
@ -39,30 +36,28 @@
 #include "LPdir.h"
 #endif

-/*
- * The POSIXly macro for the maximum number of characters in a file path is
- * NAME_MAX.  However, some operating systems use PATH_MAX instead.
- * Therefore, it seems natural to first check for PATH_MAX and use that, and
- * if it doesn't exist, use NAME_MAX.
- */
+/* The POSIXly macro for the maximum number of characters in a file path
+   is NAME_MAX.  However, some operating systems use PATH_MAX instead.
+   Therefore, it seems natural to first check for PATH_MAX and use that,
+   and if it doesn't exist, use NAME_MAX. */
 #if defined(PATH_MAX)
 # define LP_ENTRY_SIZE PATH_MAX
 #elif defined(NAME_MAX)
 # define LP_ENTRY_SIZE NAME_MAX
 #endif

-/*
- * Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
- * exist.  It's also possible that NAME_MAX exists but is define to a very
- * small value (HP-UX offers 14), so we need to check if we got a result, and
- * if it meets a minimum standard, and create or change it if not.
- */
+/* Of course, there's the possibility that neither PATH_MAX nor NAME_MAX
+   exist.  It's also possible that NAME_MAX exists but is define to a
+   very small value (HP-UX offers 14), so we need to check if we got a
+   result, and if it meets a minimum standard, and create or change it
+   if not. */
 #if !defined(LP_ENTRY_SIZE) || LP_ENTRY_SIZE<255
 # undef LP_ENTRY_SIZE
 # define LP_ENTRY_SIZE 255
 #endif

-struct LP_dir_context_st {
+struct LP_dir_context_st
+{
  DIR *dir;
  char entry_name[LP_ENTRY_SIZE+1];
 };
@ -71,22 +66,26 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 {
  struct dirent *direntry = NULL;

-    if (ctx == NULL || directory == NULL) {
+  if (ctx == NULL || directory == NULL)
+    {
      errno = EINVAL;
      return 0;
    }

  errno = 0;
-    if (*ctx == NULL) {
+  if (*ctx == NULL)
+    {
      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
-        if (*ctx == NULL) {
+      if (*ctx == NULL)
+	{
 	  errno = ENOMEM;
 	  return 0;
 	}
      memset(*ctx, '\0', sizeof(LP_DIR_CTX));

      (*ctx)->dir = opendir(directory);
-        if ((*ctx)->dir == NULL) {
+      if ((*ctx)->dir == NULL)
+	{
 	  int save_errno = errno; /* Probably not needed, but I'm paranoid */
 	  free(*ctx);
 	  *ctx = NULL;
@ -96,23 +95,25 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
    }

  direntry = readdir((*ctx)->dir);
-    if (direntry == NULL) {
+  if (direntry == NULL)
+    {
      return 0;
    }

-    strncpy((*ctx)->entry_name, direntry->d_name,
-            sizeof((*ctx)->entry_name) - 1);
+  strncpy((*ctx)->entry_name, direntry->d_name, sizeof((*ctx)->entry_name) - 1);
  (*ctx)->entry_name[sizeof((*ctx)->entry_name) - 1] = '\0';
  return (*ctx)->entry_name;
 }

 int LP_find_file_end(LP_DIR_CTX **ctx)
 {
-    if (ctx != NULL && *ctx != NULL) {
+  if (ctx != NULL && *ctx != NULL)
+    {
      int ret = closedir((*ctx)->dir);

      free(*ctx);
-        switch (ret) {
+      switch (ret)
+	{
 	case 0:
 	  return 1;
 	case -1:
--- a/crypto/LPdir_vms.c
+++ b/crypto/LPdir_vms.c
@ -1,3 +1,4 @@
+/* $LP: LPlib/source/LPdir_vms.c,v 1.20 2004/08/26 13:36:05 _cvs_levitte Exp $ */
 /*
 * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
 * All rights reserved.
@ -46,7 +47,8 @@
 # define EVMSERR	65535  /* error for non-translatable VMS errors */
 #endif

-struct LP_dir_context_st {
+struct LP_dir_context_st
+{
  unsigned long VMS_context;
  char filespec[ NAMX_MAXRSS+ 1];
  char result[ NAMX_MAXRSS+ 1];
@ -74,38 +76,38 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
  flags |= LIB$M_FIL_LONG_NAMES;
 #endif

-    if (ctx == NULL || directory == NULL) {
+  if (ctx == NULL || directory == NULL)
+    {
      errno = EINVAL;
      return 0;
    }

  errno = 0;
-    if (*ctx == NULL) {
+  if (*ctx == NULL)
+    {
      size_t filespeclen = strlen(directory);
      char *filespec = NULL;

-        if (filespeclen == 0) {
-            errno = ENOENT;
-            return 0;
-        }
-
      /* MUST be a VMS directory specification!  Let's estimate if it is. */
      if (directory[filespeclen-1] != ']'
 	  && directory[filespeclen-1] != '>'
-            && directory[filespeclen - 1] != ':') {
+	  && directory[filespeclen-1] != ':')
+	{
 	  errno = EINVAL;
 	  return 0;
 	}

      filespeclen += 4;		/* "*.*;" */

-        if (filespeclen > NAMX_MAXRSS) {
+      if (filespeclen > NAMX_MAXRSS)
+	{
 	  errno = ENAMETOOLONG;
 	  return 0;
 	}

      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
-        if (*ctx == NULL) {
+      if (*ctx == NULL)
+	{
 	  errno = ENOMEM;
 	  return 0;
 	}
@ -138,32 +140,38 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
  status = lib$find_file(&(*ctx)->filespec_dsc, &(*ctx)->result_dsc,
 			 &(*ctx)->VMS_context, 0, 0, 0, &flags);

-    if (status == RMS$_NMF) {
+  if (status == RMS$_NMF)
+    {
      errno = 0;
      vaxc$errno = status;
      return NULL;
    }

-    if (!$VMS_STATUS_SUCCESS(status)) {
+  if(!$VMS_STATUS_SUCCESS(status))
+    {
      errno = EVMSERR;
      vaxc$errno = status;
      return NULL;
    }

-    /*
-     * Quick, cheap and dirty way to discard any device and directory, since
-     * we only want file names
-     */
+  /* Quick, cheap and dirty way to discard any device and directory,
+     since we only want file names */
  l = (*ctx)->result_dsc.dsc$w_length;
  p = (*ctx)->result_dsc.dsc$a_pointer;
  r = p;
-    for (; *p; p++) {
-        if (*p == '^' && p[1] != '\0') { /* Take care of ODS-5 escapes */
+  for (; *p; p++)
+    {
+      if (*p == '^' && p[1] != '\0') /* Take care of ODS-5 escapes */
+	{
 	  p++;
-        } else if (*p == ':' || *p == '>' || *p == ']') {
+	}
+      else if (*p == ':' || *p == '>' || *p == ']')
+	{
 	  l -= p + 1 - r;
 	  r = p + 1;
-        } else if (*p == ';') {
+	}
+      else if (*p == ';')
+	{
 	  l = p - r;
 	  break;
 	}
@ -178,12 +186,14 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)

 int LP_find_file_end(LP_DIR_CTX **ctx)
 {
-    if (ctx != NULL && *ctx != NULL) {
+  if (ctx != NULL && *ctx != NULL)
+    {
      int status = lib$find_file_end(&(*ctx)->VMS_context);

      free(*ctx);

-        if (!$VMS_STATUS_SUCCESS(status)) {
+      if(!$VMS_STATUS_SUCCESS(status))
+	{
 	  errno = EVMSERR;
 	  vaxc$errno = status;
 	  return 0;
@ -193,3 +203,4 @@ int LP_find_file_end(LP_DIR_CTX **ctx)
  errno = EINVAL;
  return 0;
 }
+
--- a/crypto/LPdir_win.c
+++ b/crypto/LPdir_win.c
@ -1,3 +1,4 @@
+/* $LP: LPlib/source/LPdir_win.c,v 1.10 2004/08/26 13:36:05 _cvs_levitte Exp $ */
 /*
 * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
 * All rights reserved.
@ -29,15 +30,14 @@
 #include "LPdir.h"
 #endif

-/*
- * We're most likely overcautious here, but let's reserve for broken WinCE
- * headers and explicitly opt for UNICODE call. Keep in mind that our WinCE
- * builds are compiled with -DUNICODE [as well as -D_UNICODE].
- */
+/* We're most likely overcautious here, but let's reserve for
+    broken WinCE headers and explicitly opt for UNICODE call.
+    Keep in mind that our WinCE builds are compiled with -DUNICODE
+    [as well as -D_UNICODE]. */
 #if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
 # define FindFirstFile FindFirstFileW
 #endif
-#if defined(LP_SYS_WINCE) && !defined(FindNextFile)
+#if defined(LP_SYS_WINCE) && !defined(FindFirstFile)
 # define FindNextFile FindNextFileW
 #endif

@ -45,7 +45,8 @@
 #define NAME_MAX 255
 #endif

-struct LP_dir_context_st {
+struct LP_dir_context_st
+{
  WIN32_FIND_DATA ctx;
  HANDLE handle;
  char entry_name[NAME_MAX+1];
@ -53,102 +54,83 @@ struct LP_dir_context_st {

 const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)
 {
-    if (ctx == NULL || directory == NULL) {
+  if (ctx == NULL || directory == NULL)
+    {
      errno = EINVAL;
      return 0;
    }

  errno = 0;
-    if (*ctx == NULL) {
-        const char *extdir = directory;
-        char *extdirbuf = NULL;
-        size_t dirlen = strlen(directory);
-
-        if (dirlen == 0) {
-            errno = ENOENT;
-            return 0;
-        }
-
+  if (*ctx == NULL)
+    {
      *ctx = (LP_DIR_CTX *)malloc(sizeof(LP_DIR_CTX));
-        if (*ctx == NULL) {
+      if (*ctx == NULL)
+	{
 	  errno = ENOMEM;
 	  return 0;
 	}
      memset(*ctx, '\0', sizeof(LP_DIR_CTX));

-        if (directory[dirlen - 1] != '*') {
-            extdirbuf = (char *)malloc(dirlen + 3);
-            if (extdirbuf == NULL) {
-                free(*ctx);
-                *ctx = NULL;
-                errno = ENOMEM;
-                return 0;
-            }
-            if (directory[dirlen - 1] != '/' && directory[dirlen - 1] != '\\')
-                extdir = strcat(strcpy(extdirbuf, directory), "/*");
-            else
-                extdir = strcat(strcpy(extdirbuf, directory), "*");
-        }
-
-        if (sizeof(TCHAR) != sizeof(char)) {
+      if (sizeof(TCHAR) != sizeof(char))
+	{
 	  TCHAR *wdir = NULL;
 	  /* len_0 denotes string length *with* trailing 0 */ 
-            size_t index = 0, len_0 = strlen(extdir) + 1;
+	  size_t index = 0,len_0 = strlen(directory) + 1;

-            wdir = (TCHAR *)calloc(len_0, sizeof(TCHAR));
-            if (wdir == NULL) {
-                if (extdirbuf != NULL) {
-                    free(extdirbuf);
-                }
+	  wdir = (TCHAR *)malloc(len_0 * sizeof(TCHAR));
+	  if (wdir == NULL)
+	    {
 	      free(*ctx);
 	      *ctx = NULL;
 	      errno = ENOMEM;
 	      return 0;
 	    }
+
 #ifdef LP_MULTIBYTE_AVAILABLE
-            if (!MultiByteToWideChar
-                (CP_ACP, 0, extdir, len_0, (WCHAR *)wdir, len_0))
+	  if (!MultiByteToWideChar(CP_ACP, 0, directory, len_0, (WCHAR *)wdir, len_0))
 #endif
 	    for (index = 0; index < len_0; index++)
-                    wdir[index] = (TCHAR)extdir[index];
+	      wdir[index] = (TCHAR)directory[index];

 	  (*ctx)->handle = FindFirstFile(wdir, &(*ctx)->ctx);

 	  free(wdir);
-        } else {
-            (*ctx)->handle = FindFirstFile((TCHAR *)extdir, &(*ctx)->ctx);
-        }
-        if (extdirbuf != NULL) {
-            free(extdirbuf);
 	}
+      else
+	(*ctx)->handle = FindFirstFile((TCHAR *)directory, &(*ctx)->ctx);

-        if ((*ctx)->handle == INVALID_HANDLE_VALUE) {
+      if ((*ctx)->handle == INVALID_HANDLE_VALUE)
+	{
 	  free(*ctx);
 	  *ctx = NULL;
 	  errno = EINVAL;
 	  return 0;
 	}
-    } else {
-        if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE) {
+    }
+  else
+    {
+      if (FindNextFile((*ctx)->handle, &(*ctx)->ctx) == FALSE)
+	{
 	  return 0;
 	}
    }
-    if (sizeof(TCHAR) != sizeof(char)) {
+
+  if (sizeof(TCHAR) != sizeof(char))
+    {
      TCHAR *wdir = (*ctx)->ctx.cFileName;
      size_t index, len_0 = 0;

-        while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1))
-            len_0++;
+      while (wdir[len_0] && len_0 < (sizeof((*ctx)->entry_name) - 1)) len_0++;
      len_0++;

 #ifdef LP_MULTIBYTE_AVAILABLE
-        if (!WideCharToMultiByte
-            (CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
+      if (!WideCharToMultiByte(CP_ACP, 0, (WCHAR *)wdir, len_0, (*ctx)->entry_name,
 			       sizeof((*ctx)->entry_name), NULL, 0))
 #endif
 	for (index = 0; index < len_0; index++)
 	  (*ctx)->entry_name[index] = (char)wdir[index];
-    } else
+    }
+  else
    strncpy((*ctx)->entry_name, (const char *)(*ctx)->ctx.cFileName,
 	    sizeof((*ctx)->entry_name)-1);

@ -159,7 +141,8 @@ const char *LP_find_file(LP_DIR_CTX **ctx, const char *directory)

 int LP_find_file_end(LP_DIR_CTX **ctx)
 {
-    if (ctx != NULL && *ctx != NULL) {
+  if (ctx != NULL && *ctx != NULL)
+    {
      FindClose((*ctx)->handle);
      free(*ctx);
      *ctx = NULL;
--- a/crypto/LPdir_win32.c
+++ b/crypto/LPdir_win32.c
@ -1,7 +1,4 @@
-/*
- * $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
- * $
- */
+/* $LP: LPlib/source/LPdir_win32.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
 /*
 * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
 * All rights reserved.
--- a/crypto/LPdir_wince.c
+++ b/crypto/LPdir_wince.c
@ -1,7 +1,4 @@
-/*
- * $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp
- * $
- */
+/* $LP: LPlib/source/LPdir_wince.c,v 1.3 2004/08/26 13:36:05 _cvs_levitte Exp $ */
 /*
 * Copyright (c) 2004, Richard Levitte <richard@levitte.org>
 * All rights reserved.
@ -29,8 +26,6 @@
 */

 #define LP_SYS_WINCE
-/*
- * We might want to define LP_MULTIBYTE_AVAILABLE here.  It's currently under
- * investigation what the exact conditions would be
- */
+/* We might want to define LP_MULTIBYTE_AVAILABLE here.  It's currently
+   under investigation what the exact conditions would be */
 #include "LPdir_win.c"
--- a/crypto/Makefile
+++ b/crypto/Makefile
@ -31,7 +31,6 @@ CPUID_OBJ=mem_clr.o
 LIBS=

 GENERAL=Makefile README crypto-lib.com install.com
-TEST=constant_time_test.c

 LIB= $(TOP)/libcrypto.a
 SHARED_LIB= libcrypto$(SHLIB_EXT)
@ -44,8 +43,7 @@ SRC= $(LIBSRC)

 EXHEADER= crypto.h opensslv.h opensslconf.h ebcdic.h symhacks.h \
 	ossl_typ.h
-HEADER=	cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h \
-	constant_time_locl.h $(EXHEADER)
+HEADER=	cryptlib.h buildinf.h md32_common.h o_time.h o_str.h o_dir.h $(EXHEADER)

 ALL=    $(GENERAL) $(SRC) $(HEADER)

@ -55,7 +53,12 @@ top:
 all: shared

 buildinf.h: ../Makefile
-	$(PERL) $(TOP)/util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)" >buildinf.h
+	( echo "#ifndef MK1MF_BUILD"; \
+	echo '  /* auto-generated by crypto/Makefile for crypto/cversion.c */'; \
+	echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
+	echo '  #define PLATFORM "$(PLATFORM)"'; \
+	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
+	echo '#endif' ) >buildinf.h

 x86cpuid.s:	x86cpuid.pl perlasm/x86asm.pl
 	$(PERL) x86cpuid.pl $(PERLASM_SCHEME) $(CFLAGS) $(PROCESSOR) > $@
@ -88,7 +91,7 @@ subdirs:
 	@target=all; $(RECURSIVE_MAKE)

 files:
-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
 	@target=files; $(RECURSIVE_MAKE)

 links:
@ -102,7 +105,7 @@ lib:	$(LIB)
 	@touch lib
 $(LIB):	$(LIBOBJ)
 	$(AR) $(LIB) $(LIBOBJ)
-	[ -z "$(FIPSLIBDIR)" ] || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
+	test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
 	$(RANLIB) $(LIB) || echo Never mind.

 shared: buildinf.h lib subdirs
@ -125,17 +128,12 @@ install:
 lint:
 	@target=lint; $(RECURSIVE_MAKE)

-update: local_depend
-	@[ -z "$(THIS)" ] || (set -e; target=update; $(RECURSIVE_MAKE) )
-	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-
-depend: local_depend
-	@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
-	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
-local_depend:
+depend:
 	@[ -z "$(THIS)" -o -f buildinf.h ] || touch buildinf.h # fake buildinf.h if it does not exist
 	@[ -z "$(THIS)" ] || $(MAKEDEPEND) -- $(CFLAG) $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
 	@[ -z "$(THIS)" -o -s buildinf.h ] || rm buildinf.h
+	@[ -z "$(THIS)" ] || (set -e; target=depend; $(RECURSIVE_MAKE) )
+	@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi

 clean:
 	rm -f buildinf.h *.s *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
--- a/crypto/aes/.cvsignore
+++ b/crypto/aes/.cvsignore
@ -0,0 +1,8 @@
+lib
+Makefile.save
+*.flc
+semantic.cache
+aes-*.s
+aesni-*.s
+bsaes-*.s
+vpaes-*.s
--- a/crypto/aes/Makefile
+++ b/crypto/aes/Makefile
@ -65,12 +65,22 @@ aesni-x86_64.s: asm/aesni-x86_64.pl
 	$(PERL) asm/aesni-x86_64.pl $(PERLASM_SCHEME) > $@
 aesni-sha1-x86_64.s:	asm/aesni-sha1-x86_64.pl
 	$(PERL) asm/aesni-sha1-x86_64.pl $(PERLASM_SCHEME) > $@
+aesni-sha256-x86_64.s:	asm/aesni-sha256-x86_64.pl
+	$(PERL) asm/aesni-sha256-x86_64.pl $(PERLASM_SCHEME) > $@
+aesni-mb-x86_64.s:	asm/aesni-mb-x86_64.pl
+	$(PERL) asm/aesni-mb-x86_64.pl $(PERLASM_SCHEME) > $@

 aes-sparcv9.s: asm/aes-sparcv9.pl
 	$(PERL) asm/aes-sparcv9.pl $(CFLAGS) > $@
+aest4-sparcv9.s: asm/aest4-sparcv9.pl
+	$(PERL) asm/aest4-sparcv9.pl $(CFLAGS) > $@

 aes-ppc.s:	asm/aes-ppc.pl
 	$(PERL) asm/aes-ppc.pl $(PERLASM_SCHEME) $@
+vpaes-ppc.s:	asm/vpaes-ppc.pl
+	$(PERL) asm/vpaes-ppc.pl $(PERLASM_SCHEME) $@
+aesp8-ppc.s:	asm/aesp8-ppc.pl
+	$(PERL) asm/aesp8-ppc.pl $(PERLASM_SCHEME) $@

 aes-parisc.s:	asm/aes-parisc.pl
 	$(PERL) asm/aes-parisc.pl $(PERLASM_SCHEME) $@
@ -78,12 +88,18 @@ aes-parisc.s:	asm/aes-parisc.pl
 aes-mips.S:	asm/aes-mips.pl
 	$(PERL) asm/aes-mips.pl $(PERLASM_SCHEME) $@

+aesv8-armx.S:	asm/aesv8-armx.pl
+	$(PERL) asm/aesv8-armx.pl $(PERLASM_SCHEME) $@
+aesv8-armx.o:	aesv8-armx.S
+
 # GNU make "catch all"
 aes-%.S:	asm/aes-%.pl;	$(PERL) $< $(PERLASM_SCHEME) > $@
 aes-armv4.o:	aes-armv4.S
+bsaes-%.S:	asm/bsaes-%.pl;	$(PERL) $< $(PERLASM_SCHEME) $@
+bsaes-armv7.o:	bsaes-armv7.S

 files:
-	$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
+	$(PERL) $(TOP)/util/files.pl "AES_ENC=$(AES_ENC)" Makefile >> $(TOP)/MINFO

 links:
 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
@ -106,8 +122,6 @@ tests:
 lint:
 	lint -DLINT $(INCLUDES) $(SRC)>fluff

-update: depend
-
 depend:
 	@[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
 	$(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
@ -149,7 +163,7 @@ aes_wrap.o: ../../e_os.h ../../include/openssl/aes.h
 aes_wrap.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
 aes_wrap.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
 aes_wrap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
-aes_wrap.o: ../../include/openssl/opensslconf.h
+aes_wrap.o: ../../include/openssl/modes.h ../../include/openssl/opensslconf.h
 aes_wrap.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
 aes_wrap.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
 aes_wrap.o: ../../include/openssl/symhacks.h ../cryptlib.h aes_wrap.c
--- a/crypto/aes/aes.h
+++ b/crypto/aes/aes.h
@ -1,4 +1,4 @@
-/* crypto/aes/aes.h */
+/* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@ -63,10 +63,8 @@
 #define AES_ENCRYPT	1
 #define AES_DECRYPT	0

-/*
- * Because array size can't be a const in C, the following two are macros.
- * Both sizes are in bytes.
- */
+/* Because array size can't be a const in C, the following two are macros.
+   Both sizes are in bytes. */
 #define AES_MAXNR 14
 #define AES_BLOCK_SIZE 16

--- a/crypto/aes/aes_cbc.c
+++ b/crypto/aes/aes_cbc.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_cbc.c */
+/* crypto/aes/aes_cbc.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
 *
@ -54,13 +54,10 @@

 void AES_cbc_encrypt(const unsigned char *in, unsigned char *out,
 		     size_t len, const AES_KEY *key,
-                     unsigned char *ivec, const int enc)
-{
+		     unsigned char *ivec, const int enc) {

 	if (enc)
-        CRYPTO_cbc128_encrypt(in, out, len, key, ivec,
-                              (block128_f) AES_encrypt);
+		CRYPTO_cbc128_encrypt(in,out,len,key,ivec,(block128_f)AES_encrypt);
 	else
-        CRYPTO_cbc128_decrypt(in, out, len, key, ivec,
-                              (block128_f) AES_decrypt);
+		CRYPTO_cbc128_decrypt(in,out,len,key,ivec,(block128_f)AES_decrypt);
 }
--- a/crypto/aes/aes_cfb.c
+++ b/crypto/aes/aes_cfb.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_cfb.c */
+/* crypto/aes/aes_cfb.c -*- mode:C; c-file-style: "eay" -*- */
 /* ====================================================================
 * Copyright (c) 2002-2006 The OpenSSL Project.  All rights reserved.
 *
@ -52,19 +52,16 @@
 #include <openssl/aes.h>
 #include <openssl/modes.h>

-/*
- * The input and output encrypted as though 128bit cfb mode is being used.
- * The extra state information to record how much of the 128bit block we have
- * used is contained in *num;
+/* The input and output encrypted as though 128bit cfb mode is being
+ * used.  The extra state information to record how much of the
+ * 128bit block we have used is contained in *num;
 */

 void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out,
 	size_t length, const AES_KEY *key,
-                        unsigned char *ivec, int *num, const int enc)
-{
+	unsigned char *ivec, int *num, const int enc) {

-    CRYPTO_cfb128_encrypt(in, out, length, key, ivec, num, enc,
-                          (block128_f) AES_encrypt);
+	CRYPTO_cfb128_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt);
 }

 /* N.B. This expects the input to be packed, MS bit first */
@ -72,14 +69,13 @@ void AES_cfb1_encrypt(const unsigned char *in, unsigned char *out,
 		      size_t length, const AES_KEY *key,
 		      unsigned char *ivec, int *num, const int enc)
    {
-    CRYPTO_cfb128_1_encrypt(in, out, length, key, ivec, num, enc,
-                            (block128_f) AES_encrypt);
+    CRYPTO_cfb128_1_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt);
    }

 void AES_cfb8_encrypt(const unsigned char *in, unsigned char *out,
 		      size_t length, const AES_KEY *key,
 		      unsigned char *ivec, int *num, const int enc)
    {
-    CRYPTO_cfb128_8_encrypt(in, out, length, key, ivec, num, enc,
-                            (block128_f) AES_encrypt);
+    CRYPTO_cfb128_8_encrypt(in,out,length,key,ivec,num,enc,(block128_f)AES_encrypt);
    }
+
--- a/crypto/aes/aes_core.c
+++ b/crypto/aes/aes_core.c
@ -1,4 +1,4 @@
-/* crypto/aes/aes_core.c */
+/* crypto/aes/aes_core.c -*- mode:C; c-file-style: "eay" -*- */
 /**
 * rijndael-alg-fst.c
 *
@ -40,7 +40,7 @@
 #include "aes_locl.h"

 #ifndef AES_ASM
-/*-
+/*
 Te0[x] = S [x].[02, 01, 01, 03];
 Te1[x] = S [x].[03, 02, 01, 01];
 Te2[x] = S [x].[01, 03, 02, 01];
@ -626,8 +626,7 @@ static const u32 rcon[] = {
 * Expand the cipher key into the encryption key schedule.
 */
 int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
-{
+			AES_KEY *key) {

 	u32 *rk;
   	int i = 0;
@ -728,8 +727,7 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 * Expand the cipher key into the decryption key schedule.
 */
 int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
-{
+			 AES_KEY *key) {

        u32 *rk;
 	int i, j, status;
@ -972,8 +970,7 @@ void AES_encrypt(const unsigned char *in, unsigned char *out,
 * in and out can overlap
 */
 void AES_decrypt(const unsigned char *in, unsigned char *out,
-                 const AES_KEY *key)
-{
+		 const AES_KEY *key) {

 	const u32 *rk;
 	u32 s0, s1, s2, s3, t0, t1, t2, t3;
@ -1130,31 +1127,31 @@ void AES_decrypt(const unsigned char *in, unsigned char *out,
 	 * map cipher state to byte array block:
 	 */
   	s0 =
-        ((u32)Td4[(t0 >> 24)       ] << 24) ^
-        ((u32)Td4[(t3 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t2 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t1      ) & 0xff])       ^
+   		(Td4[(t0 >> 24)       ] << 24) ^
+   		(Td4[(t3 >> 16) & 0xff] << 16) ^
+   		(Td4[(t2 >>  8) & 0xff] <<  8) ^
+   		(Td4[(t1      ) & 0xff])       ^
   		rk[0];
 	PUTU32(out     , s0);
   	s1 =
-        ((u32)Td4[(t1 >> 24)       ] << 24) ^
-        ((u32)Td4[(t0 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t3 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t2      ) & 0xff])       ^
+   		(Td4[(t1 >> 24)       ] << 24) ^
+   		(Td4[(t0 >> 16) & 0xff] << 16) ^
+   		(Td4[(t3 >>  8) & 0xff] <<  8) ^
+   		(Td4[(t2      ) & 0xff])       ^
   		rk[1];
 	PUTU32(out +  4, s1);
   	s2 =
-        ((u32)Td4[(t2 >> 24)       ] << 24) ^
-        ((u32)Td4[(t1 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t0 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t3      ) & 0xff])       ^
+   		(Td4[(t2 >> 24)       ] << 24) ^
+   		(Td4[(t1 >> 16) & 0xff] << 16) ^
+   		(Td4[(t0 >>  8) & 0xff] <<  8) ^
+   		(Td4[(t3      ) & 0xff])       ^
   		rk[2];
 	PUTU32(out +  8, s2);
   	s3 =
-        ((u32)Td4[(t3 >> 24)       ] << 24) ^
-        ((u32)Td4[(t2 >> 16) & 0xff] << 16) ^
-        ((u32)Td4[(t1 >>  8) & 0xff] <<  8) ^
-        ((u32)Td4[(t0      ) & 0xff])       ^
+   		(Td4[(t3 >> 24)       ] << 24) ^
+   		(Td4[(t2 >> 16) & 0xff] << 16) ^
+   		(Td4[(t1 >>  8) & 0xff] <<  8) ^
+   		(Td4[(t0      ) & 0xff])       ^
   		rk[3];
 	PUTU32(out + 12, s3);
 }
@ -1205,8 +1202,7 @@ static const u32 rcon[] = {
 * Expand the cipher key into the encryption key schedule.
 */
 int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
-{
+			AES_KEY *key) {
 	u32 *rk;
   	int i = 0;
 	u32 temp;
@ -1233,10 +1229,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 		while (1) {
 			temp  = rk[3];
 			rk[4] = rk[0] ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 8) ^
-                ((u32)Te4[(temp >> 24)       ]) ^
+				(Te4[(temp >> 16) & 0xff] << 24) ^
+				(Te4[(temp >>  8) & 0xff] << 16) ^
+				(Te4[(temp      ) & 0xff] << 8) ^
+				(Te4[(temp >> 24)       ]) ^
 				rcon[i];
 			rk[5] = rk[1] ^ rk[4];
 			rk[6] = rk[2] ^ rk[5];
@ -1253,10 +1249,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 		while (1) {
 			temp = rk[ 5];
 			rk[ 6] = rk[ 0] ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 8) ^
-                ((u32)Te4[(temp >> 24)       ]) ^
+				(Te4[(temp >> 16) & 0xff] << 24) ^
+				(Te4[(temp >>  8) & 0xff] << 16) ^
+				(Te4[(temp      ) & 0xff] << 8) ^
+				(Te4[(temp >> 24)       ]) ^
 				rcon[i];
 			rk[ 7] = rk[ 1] ^ rk[ 6];
 			rk[ 8] = rk[ 2] ^ rk[ 7];
@ -1275,10 +1271,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 		while (1) {
 			temp = rk[ 7];
 			rk[ 8] = rk[ 0] ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 24) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 16) ^
-                ((u32)Te4[(temp      ) & 0xff] << 8) ^
-                ((u32)Te4[(temp >> 24)       ]) ^
+				(Te4[(temp >> 16) & 0xff] << 24) ^
+				(Te4[(temp >>  8) & 0xff] << 16) ^
+				(Te4[(temp      ) & 0xff] << 8) ^
+				(Te4[(temp >> 24)       ]) ^
 				rcon[i];
 			rk[ 9] = rk[ 1] ^ rk[ 8];
 			rk[10] = rk[ 2] ^ rk[ 9];
@ -1288,10 +1284,10 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 			}
 			temp = rk[11];
 			rk[12] = rk[ 4] ^
-                ((u32)Te4[(temp >> 24)       ] << 24) ^
-                ((u32)Te4[(temp >> 16) & 0xff] << 16) ^
-                ((u32)Te4[(temp >>  8) & 0xff] << 8) ^
-                ((u32)Te4[(temp      ) & 0xff]);
+				(Te4[(temp >> 24)       ] << 24) ^
+				(Te4[(temp >> 16) & 0xff] << 16) ^
+				(Te4[(temp >>  8) & 0xff] << 8) ^
+				(Te4[(temp      ) & 0xff]);
 			rk[13] = rk[ 5] ^ rk[12];
 			rk[14] = rk[ 6] ^ rk[13];
 			rk[15] = rk[ 7] ^ rk[14];
@ -1306,8 +1302,7 @@ int private_AES_set_encrypt_key(const unsigned char *userKey, const int bits,
 * Expand the cipher key into the decryption key schedule.
 */
 int private_AES_set_decrypt_key(const unsigned char *userKey, const int bits,
-                                AES_KEY *key)
-{
+			 AES_KEY *key) {

        u32 *rk;
 	int i, j, status;
--- a/Show More
+++ b/Show More