Bug 1294377 - clang-format on lib/softoken, r=kaie
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Thu, 11 Aug 2016 14:00:45 +0200
changeset 12461 5430165f67fd4157fc19899a102c3a95b48a708f
parent 12460 4c3446ba625dad9690f997648b419f772894bbc5
child 12462 8f99d6551b71606ea247bd9f65a6333c64758c21
push id1465
push userfranziskuskiefer@gmail.com
push dateThu, 11 Aug 2016 12:18:08 +0000
reviewerskaie
bugs1294377
Bug 1294377 - clang-format on lib/softoken, r=kaie
lib/softoken/fipsaudt.c
lib/softoken/fipstest.c
lib/softoken/fipstokn.c
lib/softoken/jpakesftk.c
lib/softoken/legacydb/cdbhdl.h
lib/softoken/legacydb/dbmshim.c
lib/softoken/legacydb/keydb.c
lib/softoken/legacydb/keydbi.h
lib/softoken/legacydb/lgattr.c
lib/softoken/legacydb/lgcreate.c
lib/softoken/legacydb/lgdb.h
lib/softoken/legacydb/lgdestroy.c
lib/softoken/legacydb/lgfind.c
lib/softoken/legacydb/lgfips.c
lib/softoken/legacydb/lginit.c
lib/softoken/legacydb/lgutil.c
lib/softoken/legacydb/lowcert.c
lib/softoken/legacydb/lowkey.c
lib/softoken/legacydb/lowkeyi.h
lib/softoken/legacydb/lowkeyti.h
lib/softoken/legacydb/manifest.mn
lib/softoken/legacydb/nssdbm.def
lib/softoken/legacydb/pcert.h
lib/softoken/legacydb/pcertdb.c
lib/softoken/legacydb/pcertt.h
lib/softoken/legacydb/pk11db.c
lib/softoken/lgglue.c
lib/softoken/lgglue.h
lib/softoken/lowkey.c
lib/softoken/lowkeyi.h
lib/softoken/lowkeyti.h
lib/softoken/lowpbe.c
lib/softoken/lowpbe.h
lib/softoken/manifest.mn
lib/softoken/padbuf.c
lib/softoken/pkcs11.c
lib/softoken/pkcs11c.c
lib/softoken/pkcs11i.h
lib/softoken/pkcs11ni.h
lib/softoken/pkcs11u.c
lib/softoken/sdb.c
lib/softoken/sdb.h
lib/softoken/sftkdb.c
lib/softoken/sftkdb.h
lib/softoken/sftkdbt.h
lib/softoken/sftkdbti.h
lib/softoken/sftkhmac.c
lib/softoken/sftkpars.c
lib/softoken/sftkpars.h
lib/softoken/sftkpwd.c
lib/softoken/softkver.h
lib/softoken/softoken.h
lib/softoken/softokn.def
lib/softoken/softoknt.h
lib/softoken/tlsprf.c
--- a/lib/softoken/fipsaudt.c
+++ b/lib/softoken/fipsaudt.c
@@ -18,302 +18,304 @@
  * string is stored in the output buffer.
  *
  * out: the output buffer
  * outlen: the length of the output buffer
  * argName: the name of the "pointer to object handle" argument
  * phObject: the pointer to object handle
  * rv: the return value of the PKCS #11 function
  */
-static void sftk_PrintReturnedObjectHandle(char *out, PRUint32 outlen,
-    const char *argName, CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
+static void
+sftk_PrintReturnedObjectHandle(char *out, PRUint32 outlen,
+                               const char *argName, CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
 {
     if ((rv == CKR_OK) && phObject) {
-	PR_snprintf(out, outlen,
-	    " *%s=0x%08lX", argName, (PRUint32)*phObject);
+        PR_snprintf(out, outlen,
+                    " *%s=0x%08lX", argName, (PRUint32)*phObject);
     } else {
-	PORT_Assert(outlen != 0);
-	out[0] = '\0';
+        PORT_Assert(outlen != 0);
+        out[0] = '\0';
     }
 }
 
 /*
  * MECHANISM_BUFSIZE needs to be large enough for sftk_PrintMechanism,
  * which uses <= 49 bytes.
  */
 #define MECHANISM_BUFSIZE 64
 
-static void sftk_PrintMechanism(char *out, PRUint32 outlen,
-    CK_MECHANISM_PTR pMechanism)
+static void
+sftk_PrintMechanism(char *out, PRUint32 outlen,
+                    CK_MECHANISM_PTR pMechanism)
 {
     if (pMechanism) {
-	/*
-	 * If we change the format string, we need to make sure
-	 * MECHANISM_BUFSIZE is still large enough.  We allow
-	 * 20 bytes for %p on a 64-bit platform.
-	 */
-	PR_snprintf(out, outlen, "%p {mechanism=0x%08lX, ...}",
-	    pMechanism, (PRUint32)pMechanism->mechanism);
+        /*
+         * If we change the format string, we need to make sure
+         * MECHANISM_BUFSIZE is still large enough.  We allow
+         * 20 bytes for %p on a 64-bit platform.
+         */
+        PR_snprintf(out, outlen, "%p {mechanism=0x%08lX, ...}",
+                    pMechanism, (PRUint32)pMechanism->mechanism);
     } else {
-	PR_snprintf(out, outlen, "%p", pMechanism);
+        PR_snprintf(out, outlen, "%p", pMechanism);
     }
 }
 
-void sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
-    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
-    CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
+void
+sftk_AuditCreateObject(CK_SESSION_HANDLE hSession,
+                       CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+                       CK_OBJECT_HANDLE_PTR phObject, CK_RV rv)
 {
     char msg[256];
     char shObject[32];
-    NSSAuditSeverity severity = (rv == CKR_OK) ?
-	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 
     sftk_PrintReturnedObjectHandle(shObject, sizeof shObject,
-	"phObject", phObject, rv);
+                                   "phObject", phObject, rv);
     PR_snprintf(msg, sizeof msg,
-	"C_CreateObject(hSession=0x%08lX, pTemplate=%p, ulCount=%lu, "
-	"phObject=%p)=0x%08lX%s",
-	(PRUint32)hSession, pTemplate, (PRUint32)ulCount,
-	phObject, (PRUint32)rv, shObject);
+                "C_CreateObject(hSession=0x%08lX, pTemplate=%p, ulCount=%lu, "
+                "phObject=%p)=0x%08lX%s",
+                (PRUint32)hSession, pTemplate, (PRUint32)ulCount,
+                phObject, (PRUint32)rv, shObject);
     sftk_LogAuditMessage(severity, NSS_AUDIT_LOAD_KEY, msg);
 }
 
-void sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
-    CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
-    CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv)
+void
+sftk_AuditCopyObject(CK_SESSION_HANDLE hSession,
+                     CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+                     CK_OBJECT_HANDLE_PTR phNewObject, CK_RV rv)
 {
     char msg[256];
     char shNewObject[32];
-    NSSAuditSeverity severity = (rv == CKR_OK) ?
-	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 
     sftk_PrintReturnedObjectHandle(shNewObject, sizeof shNewObject,
-	"phNewObject", phNewObject, rv);
+                                   "phNewObject", phNewObject, rv);
     PR_snprintf(msg, sizeof msg,
-	"C_CopyObject(hSession=0x%08lX, hObject=0x%08lX, "
-	"pTemplate=%p, ulCount=%lu, phNewObject=%p)=0x%08lX%s",
-	(PRUint32)hSession, (PRUint32)hObject,
-	pTemplate, (PRUint32)ulCount, phNewObject, (PRUint32)rv, shNewObject);
+                "C_CopyObject(hSession=0x%08lX, hObject=0x%08lX, "
+                "pTemplate=%p, ulCount=%lu, phNewObject=%p)=0x%08lX%s",
+                (PRUint32)hSession, (PRUint32)hObject,
+                pTemplate, (PRUint32)ulCount, phNewObject, (PRUint32)rv, shNewObject);
     sftk_LogAuditMessage(severity, NSS_AUDIT_COPY_KEY, msg);
 }
 
 /* WARNING: hObject has been destroyed and can only be printed. */
-void sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession,
-    CK_OBJECT_HANDLE hObject, CK_RV rv)
+void
+sftk_AuditDestroyObject(CK_SESSION_HANDLE hSession,
+                        CK_OBJECT_HANDLE hObject, CK_RV rv)
 {
     char msg[256];
-    NSSAuditSeverity severity = (rv == CKR_OK) ?
-	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 
     PR_snprintf(msg, sizeof msg,
-	"C_DestroyObject(hSession=0x%08lX, hObject=0x%08lX)=0x%08lX",
-	(PRUint32)hSession, (PRUint32)hObject, (PRUint32)rv);
+                "C_DestroyObject(hSession=0x%08lX, hObject=0x%08lX)=0x%08lX",
+                (PRUint32)hSession, (PRUint32)hObject, (PRUint32)rv);
     sftk_LogAuditMessage(severity, NSS_AUDIT_DESTROY_KEY, msg);
 }
 
-void sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
-    CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize, CK_RV rv)
+void
+sftk_AuditGetObjectSize(CK_SESSION_HANDLE hSession,
+                        CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize, CK_RV rv)
 {
     char msg[256];
-    NSSAuditSeverity severity = (rv == CKR_OK) ?
-	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 
     PR_snprintf(msg, sizeof msg,
-	"C_GetObjectSize(hSession=0x%08lX, hObject=0x%08lX, "
-	"pulSize=%p)=0x%08lX",
-	(PRUint32)hSession, (PRUint32)hObject,
-	pulSize, (PRUint32)rv);
+                "C_GetObjectSize(hSession=0x%08lX, hObject=0x%08lX, "
+                "pulSize=%p)=0x%08lX",
+                (PRUint32)hSession, (PRUint32)hObject,
+                pulSize, (PRUint32)rv);
     sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg);
 }
 
-void sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
-    CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
-    CK_ULONG ulCount, CK_RV rv)
+void
+sftk_AuditGetAttributeValue(CK_SESSION_HANDLE hSession,
+                            CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
+                            CK_ULONG ulCount, CK_RV rv)
 {
     char msg[256];
-    NSSAuditSeverity severity = (rv == CKR_OK) ?
-	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 
     PR_snprintf(msg, sizeof msg,
-	"C_GetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
-	"pTemplate=%p, ulCount=%lu)=0x%08lX",
-	(PRUint32)hSession, (PRUint32)hObject,
-	pTemplate, (PRUint32)ulCount, (PRUint32)rv);
+                "C_GetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
+                "pTemplate=%p, ulCount=%lu)=0x%08lX",
+                (PRUint32)hSession, (PRUint32)hObject,
+                pTemplate, (PRUint32)ulCount, (PRUint32)rv);
     sftk_LogAuditMessage(severity, NSS_AUDIT_ACCESS_KEY, msg);
 }
 
-void sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
-    CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
-    CK_ULONG ulCount, CK_RV rv)
+void
+sftk_AuditSetAttributeValue(CK_SESSION_HANDLE hSession,
+                            CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate,
+                            CK_ULONG ulCount, CK_RV rv)
 {
     char msg[256];
-    NSSAuditSeverity severity = (rv == CKR_OK) ?
-	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 
     PR_snprintf(msg, sizeof msg,
-	"C_SetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
-	"pTemplate=%p, ulCount=%lu)=0x%08lX",
-	(PRUint32)hSession, (PRUint32)hObject,
-	pTemplate, (PRUint32)ulCount, (PRUint32)rv);
+                "C_SetAttributeValue(hSession=0x%08lX, hObject=0x%08lX, "
+                "pTemplate=%p, ulCount=%lu)=0x%08lX",
+                (PRUint32)hSession, (PRUint32)hObject,
+                pTemplate, (PRUint32)ulCount, (PRUint32)rv);
     sftk_LogAuditMessage(severity, NSS_AUDIT_CHANGE_KEY, msg);
 }
 
-void sftk_AuditCryptInit(const char *opName, CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, CK_RV rv)
+void
+sftk_AuditCryptInit(const char *opName, CK_SESSION_HANDLE hSession,
+                    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey, CK_RV rv)
 {
     char msg[256];
     char mech[MECHANISM_BUFSIZE];
-    NSSAuditSeverity severity = (rv == CKR_OK) ?
-	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 
     sftk_PrintMechanism(mech, sizeof mech, pMechanism);
     PR_snprintf(msg, sizeof msg,
-	"C_%sInit(hSession=0x%08lX, pMechanism=%s, "
-	"hKey=0x%08lX)=0x%08lX",
-	opName, (PRUint32)hSession, mech,
-	(PRUint32)hKey, (PRUint32)rv);
+                "C_%sInit(hSession=0x%08lX, pMechanism=%s, "
+                "hKey=0x%08lX)=0x%08lX",
+                opName, (PRUint32)hSession, mech,
+                (PRUint32)hKey, (PRUint32)rv);
     sftk_LogAuditMessage(severity, NSS_AUDIT_CRYPT, msg);
 }
 
-void sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate,
-    CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
+void
+sftk_AuditGenerateKey(CK_SESSION_HANDLE hSession,
+                      CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate,
+                      CK_ULONG ulCount, CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
 {
     char msg[256];
     char mech[MECHANISM_BUFSIZE];
     char shKey[32];
-    NSSAuditSeverity severity = (rv == CKR_OK) ?
-	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 
     sftk_PrintMechanism(mech, sizeof mech, pMechanism);
     sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
     PR_snprintf(msg, sizeof msg,
-	"C_GenerateKey(hSession=0x%08lX, pMechanism=%s, "
-	"pTemplate=%p, ulCount=%lu, phKey=%p)=0x%08lX%s",
-	(PRUint32)hSession, mech,
-	pTemplate, (PRUint32)ulCount, phKey, (PRUint32)rv, shKey);
+                "C_GenerateKey(hSession=0x%08lX, pMechanism=%s, "
+                "pTemplate=%p, ulCount=%lu, phKey=%p)=0x%08lX%s",
+                (PRUint32)hSession, mech,
+                pTemplate, (PRUint32)ulCount, phKey, (PRUint32)rv, shKey);
     sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg);
 }
 
-void sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
-    CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
-    CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey,
-    CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv)
+void
+sftk_AuditGenerateKeyPair(CK_SESSION_HANDLE hSession,
+                          CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+                          CK_ULONG ulPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+                          CK_ULONG ulPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey,
+                          CK_OBJECT_HANDLE_PTR phPrivateKey, CK_RV rv)
 {
     char msg[512];
     char mech[MECHANISM_BUFSIZE];
     char shPublicKey[32];
     char shPrivateKey[32];
-    NSSAuditSeverity severity = (rv == CKR_OK) ?
-	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 
     sftk_PrintMechanism(mech, sizeof mech, pMechanism);
     sftk_PrintReturnedObjectHandle(shPublicKey, sizeof shPublicKey,
-	"phPublicKey", phPublicKey, rv);
+                                   "phPublicKey", phPublicKey, rv);
     sftk_PrintReturnedObjectHandle(shPrivateKey, sizeof shPrivateKey,
-	"phPrivateKey", phPrivateKey, rv);
+                                   "phPrivateKey", phPrivateKey, rv);
     PR_snprintf(msg, sizeof msg,
-	"C_GenerateKeyPair(hSession=0x%08lX, pMechanism=%s, "
-	"pPublicKeyTemplate=%p, ulPublicKeyAttributeCount=%lu, "
-	"pPrivateKeyTemplate=%p, ulPrivateKeyAttributeCount=%lu, "
-	"phPublicKey=%p, phPrivateKey=%p)=0x%08lX%s%s",
-	(PRUint32)hSession, mech,
-	pPublicKeyTemplate, (PRUint32)ulPublicKeyAttributeCount,
-	pPrivateKeyTemplate, (PRUint32)ulPrivateKeyAttributeCount,
-	phPublicKey, phPrivateKey, (PRUint32)rv, shPublicKey, shPrivateKey);
+                "C_GenerateKeyPair(hSession=0x%08lX, pMechanism=%s, "
+                "pPublicKeyTemplate=%p, ulPublicKeyAttributeCount=%lu, "
+                "pPrivateKeyTemplate=%p, ulPrivateKeyAttributeCount=%lu, "
+                "phPublicKey=%p, phPrivateKey=%p)=0x%08lX%s%s",
+                (PRUint32)hSession, mech,
+                pPublicKeyTemplate, (PRUint32)ulPublicKeyAttributeCount,
+                pPrivateKeyTemplate, (PRUint32)ulPrivateKeyAttributeCount,
+                phPublicKey, phPrivateKey, (PRUint32)rv, shPublicKey, shPrivateKey);
     sftk_LogAuditMessage(severity, NSS_AUDIT_GENERATE_KEY, msg);
 }
 
-void sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
-    CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
-    CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv)
+void
+sftk_AuditWrapKey(CK_SESSION_HANDLE hSession,
+                  CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
+                  CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
+                  CK_ULONG_PTR pulWrappedKeyLen, CK_RV rv)
 {
     char msg[256];
     char mech[MECHANISM_BUFSIZE];
-    NSSAuditSeverity severity = (rv == CKR_OK) ?
-	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 
     sftk_PrintMechanism(mech, sizeof mech, pMechanism);
     PR_snprintf(msg, sizeof msg,
-	"C_WrapKey(hSession=0x%08lX, pMechanism=%s, hWrappingKey=0x%08lX, "
-	"hKey=0x%08lX, pWrappedKey=%p, pulWrappedKeyLen=%p)=0x%08lX",
-	(PRUint32)hSession, mech, (PRUint32)hWrappingKey,
-	(PRUint32)hKey, pWrappedKey, pulWrappedKeyLen, (PRUint32)rv);
+                "C_WrapKey(hSession=0x%08lX, pMechanism=%s, hWrappingKey=0x%08lX, "
+                "hKey=0x%08lX, pWrappedKey=%p, pulWrappedKeyLen=%p)=0x%08lX",
+                (PRUint32)hSession, mech, (PRUint32)hWrappingKey,
+                (PRUint32)hKey, pWrappedKey, pulWrappedKeyLen, (PRUint32)rv);
     sftk_LogAuditMessage(severity, NSS_AUDIT_WRAP_KEY, msg);
 }
 
-void sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
-    CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
-    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
-    CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
+void
+sftk_AuditUnwrapKey(CK_SESSION_HANDLE hSession,
+                    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
+                    CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
+                    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+                    CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
 {
     char msg[256];
     char mech[MECHANISM_BUFSIZE];
     char shKey[32];
-    NSSAuditSeverity severity = (rv == CKR_OK) ?
-	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 
     sftk_PrintMechanism(mech, sizeof mech, pMechanism);
     sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
     PR_snprintf(msg, sizeof msg,
-	"C_UnwrapKey(hSession=0x%08lX, pMechanism=%s, "
-	"hUnwrappingKey=0x%08lX, pWrappedKey=%p, ulWrappedKeyLen=%lu, "
-	"pTemplate=%p, ulAttributeCount=%lu, phKey=%p)=0x%08lX%s",
-	(PRUint32)hSession, mech,
-	(PRUint32)hUnwrappingKey, pWrappedKey, (PRUint32)ulWrappedKeyLen,
-	pTemplate, (PRUint32)ulAttributeCount, phKey, (PRUint32)rv, shKey);
+                "C_UnwrapKey(hSession=0x%08lX, pMechanism=%s, "
+                "hUnwrappingKey=0x%08lX, pWrappedKey=%p, ulWrappedKeyLen=%lu, "
+                "pTemplate=%p, ulAttributeCount=%lu, phKey=%p)=0x%08lX%s",
+                (PRUint32)hSession, mech,
+                (PRUint32)hUnwrappingKey, pWrappedKey, (PRUint32)ulWrappedKeyLen,
+                pTemplate, (PRUint32)ulAttributeCount, phKey, (PRUint32)rv, shKey);
     sftk_LogAuditMessage(severity, NSS_AUDIT_UNWRAP_KEY, msg);
 }
 
-void sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
-    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
-    CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
+void
+sftk_AuditDeriveKey(CK_SESSION_HANDLE hSession,
+                    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
+                    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+                    CK_OBJECT_HANDLE_PTR phKey, CK_RV rv)
 {
     char msg[512];
     char mech[MECHANISM_BUFSIZE];
     char shKey[32];
     char sTlsKeys[128];
-    NSSAuditSeverity severity = (rv == CKR_OK) ?
-	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 
     sftk_PrintMechanism(mech, sizeof mech, pMechanism);
     sftk_PrintReturnedObjectHandle(shKey, sizeof shKey, "phKey", phKey, rv);
     if ((rv == CKR_OK) &&
-	(pMechanism->mechanism == CKM_TLS_KEY_AND_MAC_DERIVE)) {
-	CK_SSL3_KEY_MAT_PARAMS *param =
-	    (CK_SSL3_KEY_MAT_PARAMS *)pMechanism->pParameter;
-	CK_SSL3_KEY_MAT_OUT *keymat = param->pReturnedKeyMaterial;
-	PR_snprintf(sTlsKeys, sizeof sTlsKeys,
-	    " hClientMacSecret=0x%08lX hServerMacSecret=0x%08lX"
-	    " hClientKey=0x%08lX hServerKey=0x%08lX",
-	    (PRUint32)keymat->hClientMacSecret,
-	    (PRUint32)keymat->hServerMacSecret,
-	    (PRUint32)keymat->hClientKey,
-	    (PRUint32)keymat->hServerKey);
+        (pMechanism->mechanism == CKM_TLS_KEY_AND_MAC_DERIVE)) {
+        CK_SSL3_KEY_MAT_PARAMS *param =
+            (CK_SSL3_KEY_MAT_PARAMS *)pMechanism->pParameter;
+        CK_SSL3_KEY_MAT_OUT *keymat = param->pReturnedKeyMaterial;
+        PR_snprintf(sTlsKeys, sizeof sTlsKeys,
+                    " hClientMacSecret=0x%08lX hServerMacSecret=0x%08lX"
+                    " hClientKey=0x%08lX hServerKey=0x%08lX",
+                    (PRUint32)keymat->hClientMacSecret,
+                    (PRUint32)keymat->hServerMacSecret,
+                    (PRUint32)keymat->hClientKey,
+                    (PRUint32)keymat->hServerKey);
     } else {
-	sTlsKeys[0] = '\0';
+        sTlsKeys[0] = '\0';
     }
     PR_snprintf(msg, sizeof msg,
-	"C_DeriveKey(hSession=0x%08lX, pMechanism=%s, "
-	"hBaseKey=0x%08lX, pTemplate=%p, ulAttributeCount=%lu, "
-	"phKey=%p)=0x%08lX%s%s",
-	(PRUint32)hSession, mech,
-	(PRUint32)hBaseKey, pTemplate,(PRUint32)ulAttributeCount,
-	phKey, (PRUint32)rv, shKey, sTlsKeys);
+                "C_DeriveKey(hSession=0x%08lX, pMechanism=%s, "
+                "hBaseKey=0x%08lX, pTemplate=%p, ulAttributeCount=%lu, "
+                "phKey=%p)=0x%08lX%s%s",
+                (PRUint32)hSession, mech,
+                (PRUint32)hBaseKey, pTemplate, (PRUint32)ulAttributeCount,
+                phKey, (PRUint32)rv, shKey, sTlsKeys);
     sftk_LogAuditMessage(severity, NSS_AUDIT_DERIVE_KEY, msg);
 }
 
-void sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
-    CK_OBJECT_HANDLE hKey, CK_RV rv)
+void
+sftk_AuditDigestKey(CK_SESSION_HANDLE hSession,
+                    CK_OBJECT_HANDLE hKey, CK_RV rv)
 {
     char msg[256];
-    NSSAuditSeverity severity = (rv == CKR_OK) ?
-	NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+    NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
 
     PR_snprintf(msg, sizeof msg,
-	"C_DigestKey(hSession=0x%08lX, hKey=0x%08lX)=0x%08lX",
-	(PRUint32)hSession, (PRUint32)hKey, (PRUint32)rv);
+                "C_DigestKey(hSession=0x%08lX, hKey=0x%08lX)=0x%08lX",
+                (PRUint32)hSession, (PRUint32)hKey, (PRUint32)rv);
     sftk_LogAuditMessage(severity, NSS_AUDIT_DIGEST_KEY, msg);
 }
--- a/lib/softoken/fipstest.c
+++ b/lib/softoken/fipstest.c
@@ -33,619 +33,622 @@
 
 static void INIT_FUNCTION sftk_startup_tests(void);
 
 /* Windows pre-defined entry */
 #if defined(XP_WIN) && !defined(NSS_NO_INIT_SUPPORT)
 #include <windows.h>
 
 BOOL WINAPI DllMain(
-    HINSTANCE hinstDLL,  // handle to DLL module
-    DWORD fdwReason,     // reason for calling function
-    LPVOID lpReserved )  // reserved
+    HINSTANCE hinstDLL, // handle to DLL module
+    DWORD fdwReason,    // reason for calling function
+    LPVOID lpReserved)  // reserved
 {
     // Perform actions based on the reason for calling.
-    switch( fdwReason ) 
-    { 
+    switch (fdwReason) {
         case DLL_PROCESS_ATTACH:
-         // Initialize once for each new process.
-         // Return FALSE to fail DLL load.
-       sftk_startup_tests();
+            // Initialize once for each new process.
+            // Return FALSE to fail DLL load.
+            sftk_startup_tests();
             break;
 
         case DLL_THREAD_ATTACH:
-         // Do thread-specific initialization.
+            // Do thread-specific initialization.
             break;
 
         case DLL_THREAD_DETACH:
-         // Do thread-specific cleanup.
+            // Do thread-specific cleanup.
             break;
 
         case DLL_PROCESS_DETACH:
-         // Perform any necessary cleanup.
+            // Perform any necessary cleanup.
             break;
     }
-    return TRUE;  // Successful DLL_PROCESS_ATTACH.
+    return TRUE; // Successful DLL_PROCESS_ATTACH.
 }
 #endif
 
-
-
 /* FIPS preprocessor directives for RSA.                         */
-#define FIPS_RSA_TYPE                           siBuffer
-#define FIPS_RSA_PUBLIC_EXPONENT_LENGTH           3 /*   24-bits */
-#define FIPS_RSA_PRIVATE_VERSION_LENGTH           1 /*    8-bits */
-#define FIPS_RSA_MESSAGE_LENGTH                 256 /* 2048-bits */
-#define FIPS_RSA_COEFFICIENT_LENGTH             128 /* 1024-bits */
-#define FIPS_RSA_PRIME0_LENGTH                  128 /* 1024-bits */
-#define FIPS_RSA_PRIME1_LENGTH                  128 /* 1024-bits */
-#define FIPS_RSA_EXPONENT0_LENGTH               128 /* 1024-bits */
-#define FIPS_RSA_EXPONENT1_LENGTH               128 /* 1024-bits */
-#define FIPS_RSA_PRIVATE_EXPONENT_LENGTH        256 /* 2048-bits */
-#define FIPS_RSA_ENCRYPT_LENGTH                 256 /* 2048-bits */
-#define FIPS_RSA_DECRYPT_LENGTH                 256 /* 2048-bits */
-#define FIPS_RSA_SIGNATURE_LENGTH               256 /* 2048-bits */
-#define FIPS_RSA_MODULUS_LENGTH                 256 /* 2048-bits */
+#define FIPS_RSA_TYPE siBuffer
+#define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3    /*   24-bits */
+#define FIPS_RSA_PRIVATE_VERSION_LENGTH 1    /*    8-bits */
+#define FIPS_RSA_MESSAGE_LENGTH 256          /* 2048-bits */
+#define FIPS_RSA_COEFFICIENT_LENGTH 128      /* 1024-bits */
+#define FIPS_RSA_PRIME0_LENGTH 128           /* 1024-bits */
+#define FIPS_RSA_PRIME1_LENGTH 128           /* 1024-bits */
+#define FIPS_RSA_EXPONENT0_LENGTH 128        /* 1024-bits */
+#define FIPS_RSA_EXPONENT1_LENGTH 128        /* 1024-bits */
+#define FIPS_RSA_PRIVATE_EXPONENT_LENGTH 256 /* 2048-bits */
+#define FIPS_RSA_ENCRYPT_LENGTH 256          /* 2048-bits */
+#define FIPS_RSA_DECRYPT_LENGTH 256          /* 2048-bits */
+#define FIPS_RSA_SIGNATURE_LENGTH 256        /* 2048-bits */
+#define FIPS_RSA_MODULUS_LENGTH 256          /* 2048-bits */
 
 /*
 * Test the softoken RSA_HashSign and RSH_HashCheckSign.
 */
 static SECStatus
-sftk_fips_RSA_PowerUpSigSelfTest (HASH_HashType  shaAlg,
-                                  NSSLOWKEYPublicKey *rsa_public_key,
-                                  NSSLOWKEYPrivateKey *rsa_private_key,
-                                  const unsigned char *rsa_known_msg,
-                                  const unsigned int rsa_kmsg_length,
-                                  const unsigned char *rsa_known_signature)
+sftk_fips_RSA_PowerUpSigSelfTest(HASH_HashType shaAlg,
+                                 NSSLOWKEYPublicKey *rsa_public_key,
+                                 NSSLOWKEYPrivateKey *rsa_private_key,
+                                 const unsigned char *rsa_known_msg,
+                                 const unsigned int rsa_kmsg_length,
+                                 const unsigned char *rsa_known_signature)
 {
-    SECOidTag      shaOid;   /* SHA OID */
-    unsigned char  sha[HASH_LENGTH_MAX];    /* SHA digest */
-    unsigned int   shaLength = 0;           /* length of SHA */
-    unsigned int   rsa_bytes_signed;
-    unsigned char  rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH];
-    SECStatus      rv;
+    SECOidTag shaOid;                   /* SHA OID */
+    unsigned char sha[HASH_LENGTH_MAX]; /* SHA digest */
+    unsigned int shaLength = 0;         /* length of SHA */
+    unsigned int rsa_bytes_signed;
+    unsigned char rsa_computed_signature[FIPS_RSA_SIGNATURE_LENGTH];
+    SECStatus rv;
 
     if (shaAlg == HASH_AlgSHA1) {
-        if (SHA1_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
-                            != SECSuccess) {
-             goto loser;
+        if (SHA1_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
+            goto loser;
         }
         shaLength = SHA1_LENGTH;
         shaOid = SEC_OID_SHA1;
     } else if (shaAlg == HASH_AlgSHA256) {
-        if (SHA256_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
-                            != SECSuccess) {
-             goto loser;
+        if (SHA256_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
+            goto loser;
         }
         shaLength = SHA256_LENGTH;
         shaOid = SEC_OID_SHA256;
     } else if (shaAlg == HASH_AlgSHA384) {
-        if (SHA384_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
-                            != SECSuccess) {
-             goto loser;
+        if (SHA384_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
+            goto loser;
         }
         shaLength = SHA384_LENGTH;
         shaOid = SEC_OID_SHA384;
     } else if (shaAlg == HASH_AlgSHA512) {
-        if (SHA512_HashBuf(sha, rsa_known_msg, rsa_kmsg_length)
-                            != SECSuccess) {
-             goto loser;
+        if (SHA512_HashBuf(sha, rsa_known_msg, rsa_kmsg_length) != SECSuccess) {
+            goto loser;
         }
         shaLength = SHA512_LENGTH;
         shaOid = SEC_OID_SHA512;
     } else {
         goto loser;
     }
 
     /*************************************************/
     /* RSA Single-Round Known Answer Signature Test. */
     /*************************************************/
 
     /* Perform RSA signature with the RSA private key. */
-    rv = RSA_HashSign( shaOid,
-                       rsa_private_key,
-                       rsa_computed_signature,
-                       &rsa_bytes_signed,
-                       FIPS_RSA_SIGNATURE_LENGTH,
-                       sha,
-                       shaLength);
+    rv = RSA_HashSign(shaOid,
+                      rsa_private_key,
+                      rsa_computed_signature,
+                      &rsa_bytes_signed,
+                      FIPS_RSA_SIGNATURE_LENGTH,
+                      sha,
+                      shaLength);
 
-    if( ( rv != SECSuccess ) ||
-        ( rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH ) ||
-        ( PORT_Memcmp( rsa_computed_signature, rsa_known_signature,
-                       FIPS_RSA_SIGNATURE_LENGTH ) != 0 ) ) {
+    if ((rv != SECSuccess) ||
+        (rsa_bytes_signed != FIPS_RSA_SIGNATURE_LENGTH) ||
+        (PORT_Memcmp(rsa_computed_signature, rsa_known_signature,
+                     FIPS_RSA_SIGNATURE_LENGTH) != 0)) {
         goto loser;
     }
 
     /****************************************************/
     /* RSA Single-Round Known Answer Verification Test. */
     /****************************************************/
 
     /* Perform RSA verification with the RSA public key. */
-    rv = RSA_HashCheckSign( shaOid,
-                            rsa_public_key,
-                            rsa_computed_signature,
-                            rsa_bytes_signed,
-                            sha,
-                            shaLength);
+    rv = RSA_HashCheckSign(shaOid,
+                           rsa_public_key,
+                           rsa_computed_signature,
+                           rsa_bytes_signed,
+                           sha,
+                           shaLength);
 
-    if( rv != SECSuccess ) {
-         goto loser;
+    if (rv != SECSuccess) {
+        goto loser;
     }
-    return( SECSuccess );
+    return (SECSuccess);
 
 loser:
 
-    return( SECFailure );
-
+    return (SECFailure);
 }
 
 static SECStatus
-sftk_fips_RSA_PowerUpSelfTest( void )
+sftk_fips_RSA_PowerUpSelfTest(void)
 {
     /* RSA Known Modulus used in both Public/Private Key Values (2048-bits). */
     static const PRUint8 rsa_modulus[FIPS_RSA_MODULUS_LENGTH] = {
-                            0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5,
-                            0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2,
-                            0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e,
-                            0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88,
-                            0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed,
-                            0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f,
-                            0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9,
-                            0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e,
-                            0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7,
-                            0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7,
-                            0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8,
-                            0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2,
-                            0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57,
-                            0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6,
-                            0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d,
-                            0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20,
-                            0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9,
-                            0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d,
-                            0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7,
-                            0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e,
-                            0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15,
-                            0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12,
-                            0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4,
-                            0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e,
-                            0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77,
-                            0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53,
-                            0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0,
-                            0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46,
-                            0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39,
-                            0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4,
-                            0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43,
-                            0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b};
+        0xb8, 0x15, 0x00, 0x33, 0xda, 0x0c, 0x9d, 0xa5,
+        0x14, 0x8c, 0xde, 0x1f, 0x23, 0x07, 0x54, 0xe2,
+        0xc6, 0xb9, 0x51, 0x04, 0xc9, 0x65, 0x24, 0x6e,
+        0x0a, 0x46, 0x34, 0x5c, 0x37, 0x86, 0x6b, 0x88,
+        0x24, 0x27, 0xac, 0xa5, 0x02, 0x79, 0xfb, 0xed,
+        0x75, 0xc5, 0x3f, 0x6e, 0xdf, 0x05, 0x5f, 0x0f,
+        0x20, 0x70, 0xa0, 0x5b, 0x85, 0xdb, 0xac, 0xb9,
+        0x5f, 0x02, 0xc2, 0x64, 0x1e, 0x84, 0x5b, 0x3e,
+        0xad, 0xbf, 0xf6, 0x2e, 0x51, 0xd6, 0xad, 0xf7,
+        0xa7, 0x86, 0x75, 0x86, 0xec, 0xa7, 0xe1, 0xf7,
+        0x08, 0xbf, 0xdc, 0x56, 0xb1, 0x3b, 0xca, 0xd8,
+        0xfc, 0x51, 0xdf, 0x9a, 0x2a, 0x37, 0x06, 0xf2,
+        0xd1, 0x6b, 0x9a, 0x5e, 0x2a, 0xe5, 0x20, 0x57,
+        0x35, 0x9f, 0x1f, 0x98, 0xcf, 0x40, 0xc7, 0xd6,
+        0x98, 0xdb, 0xde, 0xf5, 0x64, 0x53, 0xf7, 0x9d,
+        0x45, 0xf3, 0xd6, 0x78, 0xb9, 0xe3, 0xa3, 0x20,
+        0xcd, 0x79, 0x43, 0x35, 0xef, 0xd7, 0xfb, 0xb9,
+        0x80, 0x88, 0x27, 0x2f, 0x63, 0xa8, 0x67, 0x3d,
+        0x4a, 0xfa, 0x06, 0xc6, 0xd2, 0x86, 0x0b, 0xa7,
+        0x28, 0xfd, 0xe0, 0x1e, 0x93, 0x4b, 0x17, 0x2e,
+        0xb0, 0x11, 0x6f, 0xc6, 0x2b, 0x98, 0x0f, 0x15,
+        0xe3, 0x87, 0x16, 0x7a, 0x7c, 0x67, 0x3e, 0x12,
+        0x2b, 0xf8, 0xbe, 0x48, 0xc1, 0x97, 0x47, 0xf4,
+        0x1f, 0x81, 0x80, 0x12, 0x28, 0xe4, 0x7b, 0x1e,
+        0xb7, 0x00, 0xa4, 0xde, 0xaa, 0xfb, 0x0f, 0x77,
+        0x84, 0xa3, 0xd6, 0xb2, 0x03, 0x48, 0xdd, 0x53,
+        0x8b, 0x46, 0x41, 0x28, 0x52, 0xc4, 0x53, 0xf0,
+        0x1c, 0x95, 0xd9, 0x36, 0xe0, 0x0f, 0x26, 0x46,
+        0x9c, 0x61, 0x0e, 0x80, 0xca, 0x86, 0xaf, 0x39,
+        0x95, 0xe5, 0x60, 0x43, 0x61, 0x3e, 0x2b, 0xb4,
+        0xe8, 0xbd, 0x8d, 0x77, 0x62, 0xf5, 0x32, 0x43,
+        0x2f, 0x4b, 0x65, 0x82, 0x14, 0xdd, 0x29, 0x5b
+    };
 
     /* RSA Known Public Key Values (24-bits). */
-    static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH] 
-                                                       = { 0x01, 0x00, 0x01 };
+    static const PRUint8 rsa_public_exponent[FIPS_RSA_PUBLIC_EXPONENT_LENGTH] = { 0x01, 0x00, 0x01 };
     /* RSA Known Private Key Values (version                 is    8-bits), */
     /*                              (private exponent        is 2048-bits), */
     /*                              (private prime0          is 1024-bits), */
     /*                              (private prime1          is 1024-bits), */
     /*                              (private prime exponent0 is 1024-bits), */
     /*                              (private prime exponent1 is 1024-bits), */
     /*                          and (private coefficient     is 1024-bits). */
     static const PRUint8 rsa_version[] = { 0x00 };
 
-    static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH]
-                         = {0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c,
-                            0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67,
-                            0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5,
-                            0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff,
-                            0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35,
-                            0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83,
-                            0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0,
-                            0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00,
-                            0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e,
-                            0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7,
-                            0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67,
-                            0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84,
-                            0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4,
-                            0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54,
-                            0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9,
-                            0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c,
-                            0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06,
-                            0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a,
-                            0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7,
-                            0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8,
-                            0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95,
-                            0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02,
-                            0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb,
-                            0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c,
-                            0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38,
-                            0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44,
-                            0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23,
-                            0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e,
-                            0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d,
-                            0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21,
-                            0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48,
-                            0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81 };
+    static const PRUint8 rsa_private_exponent[FIPS_RSA_PRIVATE_EXPONENT_LENGTH] = {
+        0x29, 0x08, 0x05, 0x53, 0x89, 0x76, 0xe6, 0x6c,
+        0xb5, 0x77, 0xf0, 0xca, 0xdf, 0xf3, 0xf2, 0x67,
+        0xda, 0x03, 0xd4, 0x9b, 0x4c, 0x88, 0xce, 0xe5,
+        0xf8, 0x44, 0x4d, 0xc7, 0x80, 0x58, 0xe5, 0xff,
+        0x22, 0x8f, 0xf5, 0x5b, 0x92, 0x81, 0xbe, 0x35,
+        0xdf, 0xda, 0x67, 0x99, 0x3e, 0xfc, 0xe3, 0x83,
+        0x6b, 0xa7, 0xaf, 0x16, 0xb7, 0x6f, 0x8f, 0xc0,
+        0x81, 0xfd, 0x0b, 0x77, 0x65, 0x95, 0xfb, 0x00,
+        0xad, 0x99, 0xec, 0x35, 0xc6, 0xe8, 0x23, 0x3e,
+        0xe0, 0x88, 0x88, 0x09, 0xdb, 0x16, 0x50, 0xb7,
+        0xcf, 0xab, 0x74, 0x61, 0x9e, 0x7f, 0xc5, 0x67,
+        0x38, 0x56, 0xc7, 0x90, 0x85, 0x78, 0x5e, 0x84,
+        0x21, 0x49, 0xea, 0xce, 0xb2, 0xa0, 0xff, 0xe4,
+        0x70, 0x7f, 0x57, 0x7b, 0xa8, 0x36, 0xb8, 0x54,
+        0x8d, 0x1d, 0xf5, 0x44, 0x9d, 0x68, 0x59, 0xf9,
+        0x24, 0x6e, 0x85, 0x8f, 0xc3, 0x5f, 0x8a, 0x2c,
+        0x94, 0xb7, 0xbc, 0x0e, 0xa5, 0xef, 0x93, 0x06,
+        0x38, 0xcd, 0x07, 0x0c, 0xae, 0xb8, 0x44, 0x1a,
+        0xd8, 0xe7, 0xf5, 0x9a, 0x1e, 0x9c, 0x18, 0xc7,
+        0x6a, 0xc2, 0x7f, 0x28, 0x01, 0x4f, 0xb4, 0xb8,
+        0x90, 0x97, 0x5a, 0x43, 0x38, 0xad, 0xe8, 0x95,
+        0x68, 0x83, 0x1a, 0x1b, 0x10, 0x07, 0xe6, 0x02,
+        0x52, 0x1f, 0xbf, 0x76, 0x6b, 0x46, 0xd6, 0xfb,
+        0xc3, 0xbe, 0xb5, 0xac, 0x52, 0x53, 0x01, 0x1c,
+        0xf3, 0xc5, 0xeb, 0x64, 0xf2, 0x1e, 0xc4, 0x38,
+        0xe9, 0xaa, 0xd9, 0xc3, 0x72, 0x51, 0xa5, 0x44,
+        0x58, 0x69, 0x0b, 0x1b, 0x98, 0x7f, 0xf2, 0x23,
+        0xff, 0xeb, 0xf0, 0x75, 0x24, 0xcf, 0xc5, 0x1e,
+        0xb8, 0x6a, 0xc5, 0x2f, 0x4f, 0x23, 0x50, 0x7d,
+        0x15, 0x9d, 0x19, 0x7a, 0x0b, 0x82, 0xe0, 0x21,
+        0x5b, 0x5f, 0x9d, 0x50, 0x2b, 0x83, 0xe4, 0x48,
+        0xcc, 0x39, 0xe5, 0xfb, 0x13, 0x7b, 0x6f, 0x81
+    };
 
-    static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH]   = {
-                            0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40,
-                            0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96,
-                            0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f,
-                            0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96,
-                            0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d,
-                            0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc,
-                            0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58,
-                            0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38,
-                            0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85,
-                            0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6,
-                            0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4,
-                            0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f,
-                            0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19,
-                            0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4,
-                            0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95,
-                            0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05};
-    static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH]   = {
-                            0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06,
-                            0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c,
-                            0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8,
-                            0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34,
-                            0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36,
-                            0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88,
-                            0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9,
-                            0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd,
-                            0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b,
-                            0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35,
-                            0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a,
-                            0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70,
-                            0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05,
-                            0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed,
-                            0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9,
-                            0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf};
+    static const PRUint8 rsa_prime0[FIPS_RSA_PRIME0_LENGTH] = {
+        0xe4, 0xbf, 0x21, 0x62, 0x9b, 0xa9, 0x77, 0x40,
+        0x8d, 0x2a, 0xce, 0xa1, 0x67, 0x5a, 0x4c, 0x96,
+        0x45, 0x98, 0x67, 0xbd, 0x75, 0x22, 0x33, 0x6f,
+        0xe6, 0xcb, 0x77, 0xde, 0x9e, 0x97, 0x7d, 0x96,
+        0x8c, 0x5e, 0x5d, 0x34, 0xfb, 0x27, 0xfc, 0x6d,
+        0x74, 0xdb, 0x9d, 0x2e, 0x6d, 0xf6, 0xea, 0xfc,
+        0xce, 0x9e, 0xda, 0xa7, 0x25, 0xa2, 0xf4, 0x58,
+        0x6d, 0x0a, 0x3f, 0x01, 0xc2, 0xb4, 0xab, 0x38,
+        0xc1, 0x14, 0x85, 0xb6, 0xfa, 0x94, 0xc3, 0x85,
+        0xf9, 0x3c, 0x2e, 0x96, 0x56, 0x01, 0xe7, 0xd6,
+        0x14, 0x71, 0x4f, 0xfb, 0x4c, 0x85, 0x52, 0xc4,
+        0x61, 0x1e, 0xa5, 0x1e, 0x96, 0x13, 0x0d, 0x8f,
+        0x66, 0xae, 0xa0, 0xcd, 0x7d, 0x25, 0x66, 0x19,
+        0x15, 0xc2, 0xcf, 0xc3, 0x12, 0x3c, 0xe8, 0xa4,
+        0x52, 0x4c, 0xcb, 0x28, 0x3c, 0xc4, 0xbf, 0x95,
+        0x33, 0xe3, 0x81, 0xea, 0x0c, 0x6c, 0xa2, 0x05
+    };
+    static const PRUint8 rsa_prime1[FIPS_RSA_PRIME1_LENGTH] = {
+        0xce, 0x03, 0x94, 0xf4, 0xa9, 0x2c, 0x1e, 0x06,
+        0xe7, 0x40, 0x30, 0x01, 0xf7, 0xbb, 0x68, 0x8c,
+        0x27, 0xd2, 0x15, 0xe3, 0x28, 0x49, 0x5b, 0xa8,
+        0xc1, 0x9a, 0x42, 0x7e, 0x31, 0xf9, 0x08, 0x34,
+        0x81, 0xa2, 0x0f, 0x04, 0x61, 0x34, 0xe3, 0x36,
+        0x92, 0xb1, 0x09, 0x2b, 0xe9, 0xef, 0x84, 0x88,
+        0xbe, 0x9c, 0x98, 0x60, 0xa6, 0x60, 0x84, 0xe9,
+        0x75, 0x6f, 0xcc, 0x81, 0xd1, 0x96, 0xef, 0xdd,
+        0x2e, 0xca, 0xc4, 0xf5, 0x42, 0xfb, 0x13, 0x2b,
+        0x57, 0xbf, 0x14, 0x5e, 0xc2, 0x7f, 0x77, 0x35,
+        0x29, 0xc4, 0xe5, 0xe0, 0xf9, 0x6d, 0x15, 0x4a,
+        0x42, 0x56, 0x1c, 0x3e, 0x0c, 0xc5, 0xce, 0x70,
+        0x08, 0x63, 0x1e, 0x73, 0xdb, 0x7e, 0x74, 0x05,
+        0x32, 0x01, 0xc6, 0x36, 0x32, 0x75, 0x6b, 0xed,
+        0x9d, 0xfe, 0x7c, 0x7e, 0xa9, 0x57, 0xb4, 0xe9,
+        0x22, 0xe4, 0xe7, 0xfe, 0x36, 0x07, 0x9b, 0xdf
+    };
     static const PRUint8 rsa_exponent0[FIPS_RSA_EXPONENT0_LENGTH] = {
-                            0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1,
-                            0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a,
-                            0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9,
-                            0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37,
-                            0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d,
-                            0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c,
-                            0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59,
-                            0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01,
-                            0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda,
-                            0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63,
-                            0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde,
-                            0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62,
-                            0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5,
-                            0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2,
-                            0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8,
-                            0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d};
+        0x04, 0x5a, 0x3a, 0xa9, 0x64, 0xaa, 0xd9, 0xd1,
+        0x09, 0x9e, 0x99, 0xe5, 0xea, 0x50, 0x86, 0x8a,
+        0x89, 0x72, 0x77, 0xee, 0xdb, 0xee, 0xb5, 0xa9,
+        0xd8, 0x6b, 0x60, 0xb1, 0x84, 0xb4, 0xff, 0x37,
+        0xc1, 0x1d, 0xfe, 0x8a, 0x06, 0x89, 0x61, 0x3d,
+        0x37, 0xef, 0x01, 0xd3, 0xa3, 0x56, 0x02, 0x6c,
+        0xa3, 0x05, 0xd4, 0xc5, 0x3f, 0x6b, 0x15, 0x59,
+        0x25, 0x61, 0xff, 0x86, 0xea, 0x0c, 0x84, 0x01,
+        0x85, 0x72, 0xfd, 0x84, 0x58, 0xca, 0x41, 0xda,
+        0x27, 0xbe, 0xe4, 0x68, 0x09, 0xe4, 0xe9, 0x63,
+        0x62, 0x6a, 0x31, 0x8a, 0x67, 0x8f, 0x55, 0xde,
+        0xd4, 0xb6, 0x3f, 0x90, 0x10, 0x6c, 0xf6, 0x62,
+        0x17, 0x23, 0x15, 0x7e, 0x33, 0x76, 0x65, 0xb5,
+        0xee, 0x7b, 0x11, 0x76, 0xf5, 0xbe, 0xe0, 0xf2,
+        0x57, 0x7a, 0x8c, 0x97, 0x0c, 0x68, 0xf5, 0xf8,
+        0x41, 0xcf, 0x7f, 0x66, 0x53, 0xac, 0x31, 0x7d
+    };
     static const PRUint8 rsa_exponent1[FIPS_RSA_EXPONENT1_LENGTH] = {
-                            0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b,
-                            0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea,
-                            0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44,
-                            0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02,
-                            0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c,
-                            0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a,
-                            0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4,
-                            0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb,
-                            0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea,
-                            0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07,
-                            0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97,
-                            0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55,
-                            0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4,
-                            0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7,
-                            0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40,
-                            0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59};
+        0x93, 0x54, 0x14, 0x6e, 0x73, 0x9d, 0x4d, 0x4b,
+        0xfa, 0x8c, 0xf8, 0xc8, 0x2f, 0x76, 0x22, 0xea,
+        0x38, 0x80, 0x11, 0x8f, 0x05, 0xfc, 0x90, 0x44,
+        0x3b, 0x50, 0x2a, 0x45, 0x3d, 0x4f, 0xaf, 0x02,
+        0x7d, 0xc2, 0x7b, 0xa2, 0xd2, 0x31, 0x94, 0x5c,
+        0x2e, 0xc3, 0xd4, 0x9f, 0x47, 0x09, 0x37, 0x6a,
+        0xe3, 0x85, 0xf1, 0xa3, 0x0c, 0xd8, 0xf1, 0xb4,
+        0x53, 0x7b, 0xc4, 0x71, 0x02, 0x86, 0x42, 0xbb,
+        0x96, 0xff, 0x03, 0xa3, 0xb2, 0x67, 0x03, 0xea,
+        0x77, 0x31, 0xfb, 0x4b, 0x59, 0x24, 0xf7, 0x07,
+        0x59, 0xfb, 0xa9, 0xba, 0x1e, 0x26, 0x58, 0x97,
+        0x66, 0xa1, 0x56, 0x49, 0x39, 0xb1, 0x2c, 0x55,
+        0x0a, 0x6a, 0x78, 0x18, 0xba, 0xdb, 0xcf, 0xf4,
+        0xf7, 0x32, 0x35, 0xa2, 0x04, 0xab, 0xdc, 0xa7,
+        0x6d, 0xd9, 0xd5, 0x06, 0x6f, 0xec, 0x7d, 0x40,
+        0x4c, 0xe8, 0x0e, 0xd0, 0xc9, 0xaa, 0xdf, 0x59
+    };
     static const PRUint8 rsa_coefficient[FIPS_RSA_COEFFICIENT_LENGTH] = {
-                            0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96,
-                            0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3,
-                            0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91,
-                            0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83,
-                            0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b,
-                            0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b,
-                            0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0,
-                            0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a,
-                            0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5,
-                            0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd,
-                            0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37,
-                            0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22,
-                            0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21,
-                            0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1,
-                            0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2,
-                            0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02};
+        0x17, 0xd7, 0xf5, 0x0a, 0xf0, 0x68, 0x97, 0x96,
+        0xc4, 0x29, 0x18, 0x77, 0x9a, 0x1f, 0xe3, 0xf3,
+        0x12, 0x13, 0x0f, 0x7e, 0x7b, 0xb9, 0xc1, 0x91,
+        0xf9, 0xc7, 0x08, 0x56, 0x5c, 0xa4, 0xbc, 0x83,
+        0x71, 0xf9, 0x78, 0xd9, 0x2b, 0xec, 0xfe, 0x6b,
+        0xdc, 0x2f, 0x63, 0xc9, 0xcd, 0x50, 0x14, 0x5b,
+        0xd3, 0x6e, 0x85, 0x4d, 0x0c, 0xa2, 0x0b, 0xa0,
+        0x09, 0xb6, 0xca, 0x34, 0x9c, 0xc2, 0xc1, 0x4a,
+        0xb0, 0xbc, 0x45, 0x93, 0xa5, 0x7e, 0x99, 0xb5,
+        0xbd, 0xe4, 0x69, 0x29, 0x08, 0x28, 0xd2, 0xcd,
+        0xab, 0x24, 0x78, 0x48, 0x41, 0x26, 0x0b, 0x37,
+        0xa3, 0x43, 0xd1, 0x95, 0x1a, 0xd6, 0xee, 0x22,
+        0x1c, 0x00, 0x0b, 0xc2, 0xb7, 0xa4, 0xa3, 0x21,
+        0xa9, 0xcd, 0xe4, 0x69, 0xd3, 0x45, 0x02, 0xb1,
+        0xb7, 0x3a, 0xbf, 0x51, 0x35, 0x1b, 0x78, 0xc2,
+        0xcf, 0x0c, 0x0d, 0x60, 0x09, 0xa9, 0x44, 0x02
+    };
 
     /* RSA Known Plaintext Message (1024-bits). */
     static const PRUint8 rsa_known_plaintext_msg[FIPS_RSA_MESSAGE_LENGTH] = {
-                                         "Known plaintext message utilized"
-                                         "for RSA Encryption &  Decryption"
-                                         "blocks SHA256, SHA384  and      "
-                                         "SHA512 RSA Signature KAT tests. "
-                                         "Known plaintext message utilized"
-                                         "for RSA Encryption &  Decryption"
-                                         "blocks SHA256, SHA384  and      "
-                                         "SHA512 RSA Signature KAT  tests."};
+        "Known plaintext message utilized"
+        "for RSA Encryption &  Decryption"
+        "blocks SHA256, SHA384  and      "
+        "SHA512 RSA Signature KAT tests. "
+        "Known plaintext message utilized"
+        "for RSA Encryption &  Decryption"
+        "blocks SHA256, SHA384  and      "
+        "SHA512 RSA Signature KAT  tests."
+    };
 
     /* RSA Known Signed Hash (2048-bits). */
     static const PRUint8 rsa_known_sha256_signature[] = {
-                            0x8c, 0x2d, 0x2e, 0xfb, 0x37, 0xb5, 0x6f, 0x38,
-                            0x9f, 0x06, 0x5a, 0xf3, 0x8c, 0xa0, 0xd0, 0x7a,
-                            0xde, 0xcf, 0xf9, 0x14, 0x95, 0x59, 0xd3, 0x5f,
-                            0x51, 0x5d, 0x5d, 0xad, 0xd8, 0x71, 0x33, 0x50,
-                            0x1d, 0x03, 0x3b, 0x3a, 0x32, 0x00, 0xb4, 0xde,
-                            0x7f, 0xe4, 0xb1, 0xe5, 0x6b, 0x83, 0xf4, 0x80,
-                            0x10, 0x3b, 0xb8, 0x8a, 0xdb, 0xe8, 0x0a, 0x42,
-                            0x9e, 0x8d, 0xd7, 0xbe, 0xed, 0xde, 0x5a, 0x3d,
-                            0xc6, 0xdb, 0xfe, 0x49, 0x6a, 0xe9, 0x1e, 0x75,
-                            0x66, 0xf1, 0x3f, 0x9e, 0x3f, 0xff, 0x05, 0x65,
-                            0xde, 0xca, 0x62, 0x62, 0xf3, 0xec, 0x53, 0x09,
-                            0xa0, 0x37, 0xd5, 0x66, 0x62, 0x72, 0x14, 0xb6,
-                            0x51, 0x32, 0x67, 0x50, 0xc1, 0xe1, 0x2f, 0x9e,
-                            0x98, 0x4e, 0x53, 0x96, 0x55, 0x4b, 0xc4, 0x92,
-                            0xc3, 0xb4, 0x80, 0xf0, 0x35, 0xc9, 0x00, 0x4b,
-                            0x5c, 0x85, 0x92, 0xb1, 0xe8, 0x6e, 0xa5, 0x51,
-                            0x38, 0x9f, 0xc9, 0x11, 0xb6, 0x14, 0xdf, 0x34,
-                            0x64, 0x40, 0x82, 0x82, 0xde, 0x16, 0x69, 0x93,
-                            0x89, 0x4e, 0x5c, 0x32, 0xf2, 0x0a, 0x4e, 0x9e,
-                            0xbd, 0x63, 0x99, 0x4f, 0xf3, 0x15, 0x90, 0xc2,
-                            0xfe, 0x6f, 0xb7, 0xf4, 0xad, 0xd4, 0x8e, 0x0b,
-                            0xd2, 0xf5, 0x22, 0xd2, 0x71, 0x65, 0x13, 0xf7,
-                            0x82, 0x7b, 0x75, 0xb6, 0xc1, 0xb4, 0x45, 0xbd,
-                            0x8f, 0x95, 0xcf, 0x5b, 0x95, 0x32, 0xef, 0x18,
-                            0x5f, 0xd3, 0xdf, 0x7e, 0x22, 0xdd, 0x25, 0xeb,
-                            0xe1, 0xbf, 0x3b, 0x9a, 0x55, 0x75, 0x4f, 0x3c,
-                            0x38, 0x67, 0x57, 0x04, 0x04, 0x57, 0x27, 0xf6,
-                            0x34, 0x0e, 0x57, 0x8a, 0x7c, 0xff, 0x7d, 0xca,
-                            0x8c, 0x06, 0xf8, 0x9d, 0xdb, 0xe4, 0xd8, 0x19,
-                            0xdd, 0x4d, 0xfd, 0x8f, 0xa0, 0x06, 0x53, 0xe8,
-                            0x33, 0x00, 0x70, 0x3f, 0x6b, 0xc3, 0xbd, 0x9a,
-                            0x78, 0xb5, 0xa9, 0xef, 0x6d, 0xda, 0x67, 0x92};
+        0x8c, 0x2d, 0x2e, 0xfb, 0x37, 0xb5, 0x6f, 0x38,
+        0x9f, 0x06, 0x5a, 0xf3, 0x8c, 0xa0, 0xd0, 0x7a,
+        0xde, 0xcf, 0xf9, 0x14, 0x95, 0x59, 0xd3, 0x5f,
+        0x51, 0x5d, 0x5d, 0xad, 0xd8, 0x71, 0x33, 0x50,
+        0x1d, 0x03, 0x3b, 0x3a, 0x32, 0x00, 0xb4, 0xde,
+        0x7f, 0xe4, 0xb1, 0xe5, 0x6b, 0x83, 0xf4, 0x80,
+        0x10, 0x3b, 0xb8, 0x8a, 0xdb, 0xe8, 0x0a, 0x42,
+        0x9e, 0x8d, 0xd7, 0xbe, 0xed, 0xde, 0x5a, 0x3d,
+        0xc6, 0xdb, 0xfe, 0x49, 0x6a, 0xe9, 0x1e, 0x75,
+        0x66, 0xf1, 0x3f, 0x9e, 0x3f, 0xff, 0x05, 0x65,
+        0xde, 0xca, 0x62, 0x62, 0xf3, 0xec, 0x53, 0x09,
+        0xa0, 0x37, 0xd5, 0x66, 0x62, 0x72, 0x14, 0xb6,
+        0x51, 0x32, 0x67, 0x50, 0xc1, 0xe1, 0x2f, 0x9e,
+        0x98, 0x4e, 0x53, 0x96, 0x55, 0x4b, 0xc4, 0x92,
+        0xc3, 0xb4, 0x80, 0xf0, 0x35, 0xc9, 0x00, 0x4b,
+        0x5c, 0x85, 0x92, 0xb1, 0xe8, 0x6e, 0xa5, 0x51,
+        0x38, 0x9f, 0xc9, 0x11, 0xb6, 0x14, 0xdf, 0x34,
+        0x64, 0x40, 0x82, 0x82, 0xde, 0x16, 0x69, 0x93,
+        0x89, 0x4e, 0x5c, 0x32, 0xf2, 0x0a, 0x4e, 0x9e,
+        0xbd, 0x63, 0x99, 0x4f, 0xf3, 0x15, 0x90, 0xc2,
+        0xfe, 0x6f, 0xb7, 0xf4, 0xad, 0xd4, 0x8e, 0x0b,
+        0xd2, 0xf5, 0x22, 0xd2, 0x71, 0x65, 0x13, 0xf7,
+        0x82, 0x7b, 0x75, 0xb6, 0xc1, 0xb4, 0x45, 0xbd,
+        0x8f, 0x95, 0xcf, 0x5b, 0x95, 0x32, 0xef, 0x18,
+        0x5f, 0xd3, 0xdf, 0x7e, 0x22, 0xdd, 0x25, 0xeb,
+        0xe1, 0xbf, 0x3b, 0x9a, 0x55, 0x75, 0x4f, 0x3c,
+        0x38, 0x67, 0x57, 0x04, 0x04, 0x57, 0x27, 0xf6,
+        0x34, 0x0e, 0x57, 0x8a, 0x7c, 0xff, 0x7d, 0xca,
+        0x8c, 0x06, 0xf8, 0x9d, 0xdb, 0xe4, 0xd8, 0x19,
+        0xdd, 0x4d, 0xfd, 0x8f, 0xa0, 0x06, 0x53, 0xe8,
+        0x33, 0x00, 0x70, 0x3f, 0x6b, 0xc3, 0xbd, 0x9a,
+        0x78, 0xb5, 0xa9, 0xef, 0x6d, 0xda, 0x67, 0x92
+    };
 
-   /* RSA Known Signed Hash (2048-bits). */
-   static const PRUint8 rsa_known_sha384_signature[] = {
-                            0x20, 0x2d, 0x21, 0x3a, 0xaa, 0x1e, 0x05, 0x15,
-                            0x5c, 0xca, 0x84, 0x86, 0xc0, 0x15, 0x81, 0xdf,
-                            0xd4, 0x06, 0x9f, 0xe0, 0xc1, 0xed, 0xef, 0x0f,
-                            0xfe, 0xb3, 0xc3, 0xbb, 0x28, 0xa5, 0x56, 0xbf,
-                            0xe3, 0x11, 0x5c, 0xc2, 0xc0, 0x0b, 0xfa, 0xfa,
-                            0x3d, 0xd3, 0x06, 0x20, 0xe2, 0xc9, 0xe4, 0x66,
-                            0x28, 0xb7, 0xc0, 0x3b, 0x3c, 0x96, 0xc6, 0x49,
-                            0x3b, 0xcf, 0x86, 0x49, 0x31, 0xaf, 0x5b, 0xa3,
-                            0xec, 0x63, 0x10, 0xdf, 0xda, 0x2f, 0x68, 0xac,
-                            0x7b, 0x3a, 0x49, 0xfa, 0xe6, 0x0d, 0xfe, 0x37,
-                            0x17, 0x56, 0x8e, 0x5c, 0x48, 0x97, 0x43, 0xf7,
-                            0xa0, 0xbc, 0xe3, 0x4b, 0x42, 0xde, 0x58, 0x1d,
-                            0xd9, 0x5d, 0xb3, 0x08, 0x35, 0xbd, 0xa4, 0xe1,
-                            0x80, 0xc3, 0x64, 0xab, 0x21, 0x97, 0xad, 0xfb,
-                            0x71, 0xee, 0xa3, 0x3d, 0x9c, 0xaa, 0xfa, 0x16,
-                            0x60, 0x46, 0x32, 0xda, 0x44, 0x2e, 0x10, 0x92,
-                            0x20, 0xd8, 0x98, 0x80, 0x84, 0x75, 0x5b, 0x70,
-                            0x91, 0x00, 0x33, 0x19, 0x69, 0xc9, 0x2a, 0xec,
-                            0x3d, 0xe5, 0x5f, 0x0f, 0x9a, 0xa7, 0x97, 0x1f,
-                            0x79, 0xc3, 0x1d, 0x65, 0x74, 0x62, 0xc5, 0xa1,
-                            0x23, 0x65, 0x4b, 0x84, 0xa1, 0x03, 0x98, 0xf3,
-                            0xf1, 0x02, 0x24, 0xca, 0xe5, 0xd4, 0xc8, 0xa2,
-                            0x30, 0xad, 0x72, 0x7d, 0x29, 0x60, 0x1a, 0x8e,
-                            0x6f, 0x23, 0xa4, 0xda, 0x68, 0xa4, 0x45, 0x9c,
-                            0x39, 0x70, 0x44, 0x18, 0x4b, 0x73, 0xfe, 0xf8,
-                            0x33, 0x53, 0x1d, 0x7e, 0x93, 0x93, 0xac, 0xc7,
-                            0x1e, 0x6e, 0x6b, 0xfd, 0x9e, 0xba, 0xa6, 0x71,
-                            0x70, 0x47, 0x6a, 0xd6, 0x82, 0x32, 0xa2, 0x6e,
-                            0x20, 0x72, 0xb0, 0xba, 0xec, 0x91, 0xbb, 0x6b,
-                            0xcc, 0x84, 0x0a, 0x33, 0x2b, 0x8a, 0x8d, 0xeb,
-                            0x71, 0xcd, 0xca, 0x67, 0x1b, 0xad, 0x10, 0xd4,
-                            0xce, 0x4f, 0xc0, 0x29, 0xec, 0xfa, 0xed, 0xfa};
-
-   /* RSA Known Signed Hash (2048-bits). */
-   static const PRUint8 rsa_known_sha512_signature[] = {
-                            0x35, 0x0e, 0x74, 0x9d, 0xeb, 0xc7, 0x67, 0x31,
-                            0x9f, 0xff, 0x0b, 0xbb, 0x5e, 0x66, 0xb4, 0x2f,
-                            0xbf, 0x72, 0x60, 0x4f, 0xe9, 0xbd, 0xec, 0xc8,
-                            0x17, 0x79, 0x5f, 0x39, 0x83, 0xb4, 0x54, 0x2e,
-                            0x01, 0xb9, 0xd3, 0x20, 0x47, 0xcb, 0xd4, 0x42,
-                            0xf2, 0x6e, 0x36, 0xc1, 0x97, 0xad, 0xef, 0x8e,
-                            0xe6, 0x51, 0xee, 0x5e, 0x9e, 0x88, 0xb4, 0x9d,
-                            0xda, 0x3e, 0x77, 0x4b, 0xe8, 0xae, 0x48, 0x53,
-                            0x2c, 0xc4, 0xd3, 0x25, 0x6b, 0x23, 0xb7, 0x54,
-                            0x3c, 0x95, 0x8f, 0xfb, 0x6f, 0x6d, 0xc5, 0x56,
-                            0x39, 0x69, 0x28, 0x0e, 0x74, 0x9b, 0x31, 0xe8,
-                            0x76, 0x77, 0x2b, 0xc1, 0x44, 0x89, 0x81, 0x93,
-                            0xfc, 0xf6, 0xec, 0x5f, 0x8f, 0x89, 0xfc, 0x1d,
-                            0xa4, 0x53, 0x58, 0x8c, 0xe9, 0xc0, 0xc0, 0x26,
-                            0xe6, 0xdf, 0x6d, 0x27, 0xb1, 0x8e, 0x3e, 0xb6,
-                            0x47, 0xe1, 0x02, 0x96, 0xc2, 0x5f, 0x7f, 0x3d,
-                            0xc5, 0x6c, 0x2f, 0xea, 0xaa, 0x5e, 0x39, 0xfc,
-                            0x77, 0xca, 0x00, 0x02, 0x5c, 0x64, 0x7c, 0xce,
-                            0x7d, 0x63, 0x82, 0x05, 0xed, 0xf7, 0x5b, 0x55,
-                            0x58, 0xc0, 0xeb, 0x76, 0xd7, 0x95, 0x55, 0x37,
-                            0x85, 0x7d, 0x17, 0xad, 0xd2, 0x11, 0xfd, 0x97,
-                            0x48, 0xb5, 0xc2, 0x5e, 0xc7, 0x62, 0xc0, 0xe0,
-                            0x68, 0xa8, 0x61, 0x14, 0x41, 0xca, 0x25, 0x3a,
-                            0xec, 0x48, 0x54, 0x22, 0x83, 0x2b, 0x69, 0x54,
-                            0xfd, 0xc8, 0x99, 0x9a, 0xee, 0x37, 0x03, 0xa3,
-                            0x8f, 0x0f, 0x32, 0xb0, 0xaa, 0x74, 0x39, 0x04,
-                            0x7c, 0xd9, 0xc2, 0x8f, 0xbe, 0xf2, 0xc4, 0xbe,
-                            0xdd, 0x7a, 0x7a, 0x7f, 0x72, 0xd3, 0x80, 0x59,
-                            0x18, 0xa0, 0xa1, 0x2d, 0x6f, 0xa3, 0xa9, 0x48,
-                            0xed, 0x20, 0xa6, 0xea, 0xaa, 0x10, 0x83, 0x98,
-                            0x0c, 0x13, 0x69, 0x6e, 0xcd, 0x31, 0x6b, 0xd0,
-                            0x66, 0xa6, 0x5e, 0x30, 0x0c, 0x82, 0xd5, 0x81};
-
-    static const RSAPublicKey    bl_public_key = { NULL,
-      { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,         
-                                        FIPS_RSA_MODULUS_LENGTH },
-      { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent, 
-                                        FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
-    };
-    static const RSAPrivateKey   bl_private_key = { NULL,
-      { FIPS_RSA_TYPE, (unsigned char *)rsa_version,          
-                                        FIPS_RSA_PRIVATE_VERSION_LENGTH },
-      { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,          
-                                        FIPS_RSA_MODULUS_LENGTH },
-      { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,  
-                                        FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
-      { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent, 
-                                        FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
-      { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0,           
-                                        FIPS_RSA_PRIME0_LENGTH },
-      { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1,           
-                                        FIPS_RSA_PRIME1_LENGTH },
-      { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0,        
-                                        FIPS_RSA_EXPONENT0_LENGTH },
-      { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1,        
-                                        FIPS_RSA_EXPONENT1_LENGTH },
-      { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient,      
-                                        FIPS_RSA_COEFFICIENT_LENGTH }
+    /* RSA Known Signed Hash (2048-bits). */
+    static const PRUint8 rsa_known_sha384_signature[] = {
+        0x20, 0x2d, 0x21, 0x3a, 0xaa, 0x1e, 0x05, 0x15,
+        0x5c, 0xca, 0x84, 0x86, 0xc0, 0x15, 0x81, 0xdf,
+        0xd4, 0x06, 0x9f, 0xe0, 0xc1, 0xed, 0xef, 0x0f,
+        0xfe, 0xb3, 0xc3, 0xbb, 0x28, 0xa5, 0x56, 0xbf,
+        0xe3, 0x11, 0x5c, 0xc2, 0xc0, 0x0b, 0xfa, 0xfa,
+        0x3d, 0xd3, 0x06, 0x20, 0xe2, 0xc9, 0xe4, 0x66,
+        0x28, 0xb7, 0xc0, 0x3b, 0x3c, 0x96, 0xc6, 0x49,
+        0x3b, 0xcf, 0x86, 0x49, 0x31, 0xaf, 0x5b, 0xa3,
+        0xec, 0x63, 0x10, 0xdf, 0xda, 0x2f, 0x68, 0xac,
+        0x7b, 0x3a, 0x49, 0xfa, 0xe6, 0x0d, 0xfe, 0x37,
+        0x17, 0x56, 0x8e, 0x5c, 0x48, 0x97, 0x43, 0xf7,
+        0xa0, 0xbc, 0xe3, 0x4b, 0x42, 0xde, 0x58, 0x1d,
+        0xd9, 0x5d, 0xb3, 0x08, 0x35, 0xbd, 0xa4, 0xe1,
+        0x80, 0xc3, 0x64, 0xab, 0x21, 0x97, 0xad, 0xfb,
+        0x71, 0xee, 0xa3, 0x3d, 0x9c, 0xaa, 0xfa, 0x16,
+        0x60, 0x46, 0x32, 0xda, 0x44, 0x2e, 0x10, 0x92,
+        0x20, 0xd8, 0x98, 0x80, 0x84, 0x75, 0x5b, 0x70,
+        0x91, 0x00, 0x33, 0x19, 0x69, 0xc9, 0x2a, 0xec,
+        0x3d, 0xe5, 0x5f, 0x0f, 0x9a, 0xa7, 0x97, 0x1f,
+        0x79, 0xc3, 0x1d, 0x65, 0x74, 0x62, 0xc5, 0xa1,
+        0x23, 0x65, 0x4b, 0x84, 0xa1, 0x03, 0x98, 0xf3,
+        0xf1, 0x02, 0x24, 0xca, 0xe5, 0xd4, 0xc8, 0xa2,
+        0x30, 0xad, 0x72, 0x7d, 0x29, 0x60, 0x1a, 0x8e,
+        0x6f, 0x23, 0xa4, 0xda, 0x68, 0xa4, 0x45, 0x9c,
+        0x39, 0x70, 0x44, 0x18, 0x4b, 0x73, 0xfe, 0xf8,
+        0x33, 0x53, 0x1d, 0x7e, 0x93, 0x93, 0xac, 0xc7,
+        0x1e, 0x6e, 0x6b, 0xfd, 0x9e, 0xba, 0xa6, 0x71,
+        0x70, 0x47, 0x6a, 0xd6, 0x82, 0x32, 0xa2, 0x6e,
+        0x20, 0x72, 0xb0, 0xba, 0xec, 0x91, 0xbb, 0x6b,
+        0xcc, 0x84, 0x0a, 0x33, 0x2b, 0x8a, 0x8d, 0xeb,
+        0x71, 0xcd, 0xca, 0x67, 0x1b, 0xad, 0x10, 0xd4,
+        0xce, 0x4f, 0xc0, 0x29, 0xec, 0xfa, 0xed, 0xfa
     };
 
-    /* RSA variables. */
+    /* RSA Known Signed Hash (2048-bits). */
+    static const PRUint8 rsa_known_sha512_signature[] = {
+        0x35, 0x0e, 0x74, 0x9d, 0xeb, 0xc7, 0x67, 0x31,
+        0x9f, 0xff, 0x0b, 0xbb, 0x5e, 0x66, 0xb4, 0x2f,
+        0xbf, 0x72, 0x60, 0x4f, 0xe9, 0xbd, 0xec, 0xc8,
+        0x17, 0x79, 0x5f, 0x39, 0x83, 0xb4, 0x54, 0x2e,
+        0x01, 0xb9, 0xd3, 0x20, 0x47, 0xcb, 0xd4, 0x42,
+        0xf2, 0x6e, 0x36, 0xc1, 0x97, 0xad, 0xef, 0x8e,
+        0xe6, 0x51, 0xee, 0x5e, 0x9e, 0x88, 0xb4, 0x9d,
+        0xda, 0x3e, 0x77, 0x4b, 0xe8, 0xae, 0x48, 0x53,
+        0x2c, 0xc4, 0xd3, 0x25, 0x6b, 0x23, 0xb7, 0x54,
+        0x3c, 0x95, 0x8f, 0xfb, 0x6f, 0x6d, 0xc5, 0x56,
+        0x39, 0x69, 0x28, 0x0e, 0x74, 0x9b, 0x31, 0xe8,
+        0x76, 0x77, 0x2b, 0xc1, 0x44, 0x89, 0x81, 0x93,
+        0xfc, 0xf6, 0xec, 0x5f, 0x8f, 0x89, 0xfc, 0x1d,
+        0xa4, 0x53, 0x58, 0x8c, 0xe9, 0xc0, 0xc0, 0x26,
+        0xe6, 0xdf, 0x6d, 0x27, 0xb1, 0x8e, 0x3e, 0xb6,
+        0x47, 0xe1, 0x02, 0x96, 0xc2, 0x5f, 0x7f, 0x3d,
+        0xc5, 0x6c, 0x2f, 0xea, 0xaa, 0x5e, 0x39, 0xfc,
+        0x77, 0xca, 0x00, 0x02, 0x5c, 0x64, 0x7c, 0xce,
+        0x7d, 0x63, 0x82, 0x05, 0xed, 0xf7, 0x5b, 0x55,
+        0x58, 0xc0, 0xeb, 0x76, 0xd7, 0x95, 0x55, 0x37,
+        0x85, 0x7d, 0x17, 0xad, 0xd2, 0x11, 0xfd, 0x97,
+        0x48, 0xb5, 0xc2, 0x5e, 0xc7, 0x62, 0xc0, 0xe0,
+        0x68, 0xa8, 0x61, 0x14, 0x41, 0xca, 0x25, 0x3a,
+        0xec, 0x48, 0x54, 0x22, 0x83, 0x2b, 0x69, 0x54,
+        0xfd, 0xc8, 0x99, 0x9a, 0xee, 0x37, 0x03, 0xa3,
+        0x8f, 0x0f, 0x32, 0xb0, 0xaa, 0x74, 0x39, 0x04,
+        0x7c, 0xd9, 0xc2, 0x8f, 0xbe, 0xf2, 0xc4, 0xbe,
+        0xdd, 0x7a, 0x7a, 0x7f, 0x72, 0xd3, 0x80, 0x59,
+        0x18, 0xa0, 0xa1, 0x2d, 0x6f, 0xa3, 0xa9, 0x48,
+        0xed, 0x20, 0xa6, 0xea, 0xaa, 0x10, 0x83, 0x98,
+        0x0c, 0x13, 0x69, 0x6e, 0xcd, 0x31, 0x6b, 0xd0,
+        0x66, 0xa6, 0x5e, 0x30, 0x0c, 0x82, 0xd5, 0x81
+    };
+
+    static const RSAPublicKey bl_public_key = {
+        NULL,
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
+          FIPS_RSA_MODULUS_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
+          FIPS_RSA_PUBLIC_EXPONENT_LENGTH }
+    };
+    static const RSAPrivateKey bl_private_key = {
+        NULL,
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_version,
+          FIPS_RSA_PRIVATE_VERSION_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_modulus,
+          FIPS_RSA_MODULUS_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_public_exponent,
+          FIPS_RSA_PUBLIC_EXPONENT_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_private_exponent,
+          FIPS_RSA_PRIVATE_EXPONENT_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_prime0,
+          FIPS_RSA_PRIME0_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_prime1,
+          FIPS_RSA_PRIME1_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent0,
+          FIPS_RSA_EXPONENT0_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_exponent1,
+          FIPS_RSA_EXPONENT1_LENGTH },
+        { FIPS_RSA_TYPE, (unsigned char *)rsa_coefficient,
+          FIPS_RSA_COEFFICIENT_LENGTH }
+    };
+
+/* RSA variables. */
 #ifdef CREATE_TEMP_ARENAS
-    PLArenaPool *         rsa_public_arena;
-    PLArenaPool *         rsa_private_arena;
+    PLArenaPool *rsa_public_arena;
+    PLArenaPool *rsa_private_arena;
 #endif
-    NSSLOWKEYPublicKey *  rsa_public_key;
-    NSSLOWKEYPrivateKey * rsa_private_key;
-    SECStatus             rsa_status;
+    NSSLOWKEYPublicKey *rsa_public_key;
+    NSSLOWKEYPrivateKey *rsa_private_key;
+    SECStatus rsa_status;
 
-    NSSLOWKEYPublicKey    low_public_key   = { NULL, NSSLOWKEYRSAKey };
-    NSSLOWKEYPrivateKey   low_private_key  = { NULL, NSSLOWKEYRSAKey };
+    NSSLOWKEYPublicKey low_public_key = { NULL, NSSLOWKEYRSAKey };
+    NSSLOWKEYPrivateKey low_private_key = { NULL, NSSLOWKEYRSAKey };
 
     /****************************************/
     /* Compose RSA Public/Private Key Pair. */
     /****************************************/
 
-    low_public_key.u.rsa  = bl_public_key;
+    low_public_key.u.rsa = bl_public_key;
     low_private_key.u.rsa = bl_private_key;
 
-    rsa_public_key  = &low_public_key;
+    rsa_public_key = &low_public_key;
     rsa_private_key = &low_private_key;
 
 #ifdef CREATE_TEMP_ARENAS
     /* Create some space for the RSA public key. */
-    rsa_public_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
+    rsa_public_arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE);
 
-    if( rsa_public_arena == NULL ) {
-        PORT_SetError( SEC_ERROR_NO_MEMORY );
-        return( SECFailure );
+    if (rsa_public_arena == NULL) {
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (SECFailure);
     }
 
     /* Create some space for the RSA private key. */
-    rsa_private_arena = PORT_NewArena( NSS_SOFTOKEN_DEFAULT_CHUNKSIZE );
+    rsa_private_arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE);
 
-    if( rsa_private_arena == NULL ) {
-        PORT_FreeArena( rsa_public_arena, PR_TRUE );
-        PORT_SetError( SEC_ERROR_NO_MEMORY );
-        return( SECFailure );
+    if (rsa_private_arena == NULL) {
+        PORT_FreeArena(rsa_public_arena, PR_TRUE);
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return (SECFailure);
     }
 
     rsa_public_key->arena = rsa_public_arena;
     rsa_private_key->arena = rsa_private_arena;
 #endif
 
     /**************************************************/
     /* RSA Hash tests                                 */
     /**************************************************/
 
-    rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA256,
-                           rsa_public_key, rsa_private_key,
-                           rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
-                           rsa_known_sha256_signature);
-    if( rsa_status != SECSuccess )
+    rsa_status = sftk_fips_RSA_PowerUpSigSelfTest(HASH_AlgSHA256,
+                                                  rsa_public_key, rsa_private_key,
+                                                  rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
+                                                  rsa_known_sha256_signature);
+    if (rsa_status != SECSuccess)
         goto rsa_loser;
 
-    rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA384,
-                           rsa_public_key, rsa_private_key,
-                           rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
-                           rsa_known_sha384_signature);
-    if( rsa_status != SECSuccess )
+    rsa_status = sftk_fips_RSA_PowerUpSigSelfTest(HASH_AlgSHA384,
+                                                  rsa_public_key, rsa_private_key,
+                                                  rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
+                                                  rsa_known_sha384_signature);
+    if (rsa_status != SECSuccess)
         goto rsa_loser;
 
-    rsa_status = sftk_fips_RSA_PowerUpSigSelfTest (HASH_AlgSHA512,
-                           rsa_public_key, rsa_private_key,
-                           rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
-                           rsa_known_sha512_signature);
-    if( rsa_status != SECSuccess )
+    rsa_status = sftk_fips_RSA_PowerUpSigSelfTest(HASH_AlgSHA512,
+                                                  rsa_public_key, rsa_private_key,
+                                                  rsa_known_plaintext_msg, FIPS_RSA_MESSAGE_LENGTH,
+                                                  rsa_known_sha512_signature);
+    if (rsa_status != SECSuccess)
         goto rsa_loser;
 
     /* Dispose of all RSA key material. */
-    nsslowkey_DestroyPublicKey( rsa_public_key );
-    nsslowkey_DestroyPrivateKey( rsa_private_key );
+    nsslowkey_DestroyPublicKey(rsa_public_key);
+    nsslowkey_DestroyPrivateKey(rsa_private_key);
 
-    return( SECSuccess );
+    return (SECSuccess);
 
 rsa_loser:
 
-    nsslowkey_DestroyPublicKey( rsa_public_key );
-    nsslowkey_DestroyPrivateKey( rsa_private_key );
+    nsslowkey_DestroyPublicKey(rsa_public_key);
+    nsslowkey_DestroyPrivateKey(rsa_private_key);
 
-    PORT_SetError( SEC_ERROR_LIBRARY_FAILURE );
-    return( SECFailure );
+    PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+    return (SECFailure);
 }
 
-
 static PRBool sftk_self_tests_ran = PR_FALSE;
 static PRBool sftk_self_tests_success = PR_FALSE;
 
 /*
- * This function is called at dll load time, the code tha makes this 
+ * This function is called at dll load time, the code tha makes this
  * happen is platform specific on defined above.
- */ 
+ */
 static void
 sftk_startup_tests(void)
 {
     SECStatus rv;
     const char *libraryName = SOFTOKEN_LIB_NAME;
 
     PORT_Assert(!sftk_self_tests_ran);
     PORT_Assert(!sftk_self_tests_success);
     sftk_self_tests_ran = PR_TRUE;
     sftk_self_tests_success = PR_FALSE; /* just in case */
 
     /* need to initiallize the oid library before the RSA tests */
-    rv = SECOID_Init(); 
+    rv = SECOID_Init();
     if (rv != SECSuccess) {
-       return;
+        return;
     }
-    /* make sure freebl is initialized, or our RSA check 
-     * may fail. This is normally done at freebl load time, but it's 
+    /* make sure freebl is initialized, or our RSA check
+     * may fail. This is normally done at freebl load time, but it's
      * possible we may have shut freebl down without unloading it. */
-    rv = BL_Init(); 
+    rv = BL_Init();
     if (rv != SECSuccess) {
-       return;
+        return;
     }
 
-    rv = RNG_RNGInit(); 
+    rv = RNG_RNGInit();
     if (rv != SECSuccess) {
-       return;
+        return;
     }
     /* check the RSA combined functions in softoken */
     rv = sftk_fips_RSA_PowerUpSelfTest();
-    if (rv !=SECSuccess) {
-       return;
+    if (rv != SECSuccess) {
+        return;
     }
-    if (!BLAPI_SHVerify(libraryName, 
-                               (PRFuncPtr) &sftk_fips_RSA_PowerUpSelfTest)) {
-           /* something is wrong with the library, fail without enabling
-            * the token */
-           return;
+    if (!BLAPI_SHVerify(libraryName,
+                        (PRFuncPtr)&sftk_fips_RSA_PowerUpSelfTest)) {
+        /* something is wrong with the library, fail without enabling
+         * the token */
+        return;
     }
     sftk_self_tests_success = PR_TRUE;
 }
 
-
 /*
- * this is called from nsc_Common_Initizialize entry points that gates access 
+ * this is called from nsc_Common_Initizialize entry points that gates access
  * to * all other pkcs11 functions. This prevents softoken operation if our
  * power on selftest failed.
  */
 CK_RV
-sftk_FIPSEntryOK() {
+sftk_FIPSEntryOK()
+{
 #ifdef NSS_NO_INIT_SUPPORT
-   /* this should only be set on platforms that can't handle one of the INIT
-    * schemes.  This code allows those platforms to continue to function, 
-    * though they don't meet the strict NIST requirements. If NSS_NO_INIT_SUPPORT
-    * is not set, and init support has not been properly enabled, softken
-    * will always fail because of the test below 
-    */
+    /* this should only be set on platforms that can't handle one of the INIT
+     * schemes.  This code allows those platforms to continue to function,
+     * though they don't meet the strict NIST requirements. If NSS_NO_INIT_SUPPORT
+     * is not set, and init support has not been properly enabled, softken
+     * will always fail because of the test below
+     */
     if (!sftk_self_tests_ran) {
-       sftk_startup_tests();
+        sftk_startup_tests();
     }
 #endif
     if (!sftk_self_tests_success) {
-       return CKR_DEVICE_ERROR;
+        return CKR_DEVICE_ERROR;
     }
     return CKR_OK;
- }
+}
--- a/lib/softoken/fipstokn.c
+++ b/lib/softoken/fipstokn.c
@@ -1,21 +1,21 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 /*
  * This file implements PKCS 11 on top of our existing security modules
  *
  * For more information about PKCS 11 See PKCS 11 Token Inteface Standard.
  *   This implementation has two slots:
- *	slot 1 is our generic crypto support. It does not require login
+ *  slot 1 is our generic crypto support. It does not require login
  *   (unless you've enabled FIPS). It supports Public Key ops, and all they
  *   bulk ciphers and hashes. It can also support Private Key ops for imported
  *   Private keys. It does not have any token storage.
- *	slot 2 is our private key support. It requires a login before use. It
+ *  slot 2 is our private key support. It requires a login before use. It
  *   can store Private Keys and Certs as token objects. Currently only private
  *   keys and their associated Certificates are saved on the token.
  *
  *   In this implementation, session objects are only visible to the session
  *   that created or generated them.
  */
 #include "seccomon.h"
 #include "softoken.h"
@@ -33,66 +33,65 @@
 #include <unistd.h>
 #endif
 
 #ifdef LINUX
 #include <pthread.h>
 #include <dlfcn.h>
 #define LIBAUDIT_NAME "libaudit.so.0"
 #ifndef AUDIT_CRYPTO_TEST_USER
-#define AUDIT_CRYPTO_TEST_USER          2400 /* Crypto test results */
-#define AUDIT_CRYPTO_PARAM_CHANGE_USER  2401 /* Crypto attribute change */
-#define AUDIT_CRYPTO_LOGIN              2402 /* Logged in as crypto officer */
-#define AUDIT_CRYPTO_LOGOUT             2403 /* Logged out from crypto */
-#define AUDIT_CRYPTO_KEY_USER           2404 /* Create,delete,negotiate */
-#define AUDIT_CRYPTO_FAILURE_USER       2405 /* Fail decrypt,encrypt,randomize */
+#define AUDIT_CRYPTO_TEST_USER 2400         /* Crypto test results */
+#define AUDIT_CRYPTO_PARAM_CHANGE_USER 2401 /* Crypto attribute change */
+#define AUDIT_CRYPTO_LOGIN 2402             /* Logged in as crypto officer */
+#define AUDIT_CRYPTO_LOGOUT 2403            /* Logged out from crypto */
+#define AUDIT_CRYPTO_KEY_USER 2404          /* Create,delete,negotiate */
+#define AUDIT_CRYPTO_FAILURE_USER 2405      /* Fail decrypt,encrypt,randomize */
 #endif
 static void *libaudit_handle;
 static int (*audit_open_func)(void);
 static void (*audit_close_func)(int fd);
 static int (*audit_log_user_message_func)(int audit_fd, int type,
-    const char *message, const char *hostname, const char *addr,
-    const char *tty, int result);
+                                          const char *message, const char *hostname, const char *addr,
+                                          const char *tty, int result);
 static int (*audit_send_user_message_func)(int fd, int type,
-    const char *message);
+                                           const char *message);
 
 static pthread_once_t libaudit_once_control = PTHREAD_ONCE_INIT;
 
 static void
 libaudit_init(void)
 {
     libaudit_handle = dlopen(LIBAUDIT_NAME, RTLD_LAZY);
     if (!libaudit_handle) {
-	return;
+        return;
     }
     audit_open_func = dlsym(libaudit_handle, "audit_open");
     audit_close_func = dlsym(libaudit_handle, "audit_close");
     /*
      * audit_send_user_message is the older function.
      * audit_log_user_message, if available, is preferred.
      */
     audit_log_user_message_func = dlsym(libaudit_handle,
-					"audit_log_user_message");
+                                        "audit_log_user_message");
     if (!audit_log_user_message_func) {
-	audit_send_user_message_func = dlsym(libaudit_handle,
-					     "audit_send_user_message");
+        audit_send_user_message_func = dlsym(libaudit_handle,
+                                             "audit_send_user_message");
     }
     if (!audit_open_func || !audit_close_func ||
-	(!audit_log_user_message_func && !audit_send_user_message_func)) {
-	dlclose(libaudit_handle);
-	libaudit_handle = NULL;
-	audit_open_func = NULL;
-	audit_close_func = NULL;
-	audit_log_user_message_func = NULL;
-	audit_send_user_message_func = NULL;
+        (!audit_log_user_message_func && !audit_send_user_message_func)) {
+        dlclose(libaudit_handle);
+        libaudit_handle = NULL;
+        audit_open_func = NULL;
+        audit_close_func = NULL;
+        audit_log_user_message_func = NULL;
+        audit_send_user_message_func = NULL;
     }
 }
 #endif /* LINUX */
 
-
 /*
  * ******************** Password Utilities *******************************
  */
 static PRBool isLoggedIn = PR_FALSE;
 static PRBool isLevel2 = PR_TRUE;
 PRBool sftk_fatalError = PR_FALSE;
 
 /*
@@ -111,231 +110,231 @@ PRBool sftk_fatalError = PR_FALSE;
  * if a digit is the last character of the password/PIN, the digit is not
  * counted toward its character class.
  *
  * Although NSC_SetPIN and NSC_InitPIN already do the maximum and minimum
  * password/PIN length checks, they check the length in bytes as opposed
  * to characters.  To meet the minimum password/PIN guessing probability
  * requirements in FIPS 140-2, we need to check the length in characters.
  */
-static CK_RV sftk_newPinCheck(CK_CHAR_PTR pPin, CK_ULONG ulPinLen) {
+static CK_RV
+sftk_newPinCheck(CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
+{
     unsigned int i;
-    int nchar = 0;      /* number of characters */
-    int ntrail = 0;     /* number of trailing bytes to follow */
-    int ndigit = 0;     /* number of decimal digits */
-    int nlower = 0;     /* number of ASCII lowercase letters */
-    int nupper = 0;     /* number of ASCII uppercase letters */
-    int nnonalnum = 0;  /* number of ASCII non-alphanumeric characters */
-    int nnonascii = 0;  /* number of non-ASCII characters */
-    int nclass;         /* number of character classes */
+    int nchar = 0;     /* number of characters */
+    int ntrail = 0;    /* number of trailing bytes to follow */
+    int ndigit = 0;    /* number of decimal digits */
+    int nlower = 0;    /* number of ASCII lowercase letters */
+    int nupper = 0;    /* number of ASCII uppercase letters */
+    int nnonalnum = 0; /* number of ASCII non-alphanumeric characters */
+    int nnonascii = 0; /* number of non-ASCII characters */
+    int nclass;        /* number of character classes */
 
     for (i = 0; i < ulPinLen; i++) {
-	unsigned int byte = pPin[i];
+        unsigned int byte = pPin[i];
 
-	if (ntrail) {
-	    if ((byte & 0xc0) != 0x80) {
-		/* illegal */
-		nchar = -1;
-		break;
-	    }
-	    if (--ntrail == 0) {
-		nchar++;
-		nnonascii++;
-	    }
-	    continue;
-	}
-	if ((byte & 0x80) == 0x00) {
-	    /* single-byte (ASCII) character */
-	    nchar++;
-	    if (isdigit(byte)) {
-		if (i < ulPinLen - 1) {
-		    ndigit++;
-		}
-	    } else if (islower(byte)) {
-		nlower++;
-	    } else if (isupper(byte)) {
-		if (i > 0) {
-		    nupper++;
-		}
-	    } else {
-		nnonalnum++;
-	    }
-	} else if ((byte & 0xe0) == 0xc0) {
-	    /* leading byte of two-byte character */
-	    ntrail = 1;
-	} else if ((byte & 0xf0) == 0xe0) {
-	    /* leading byte of three-byte character */
-	    ntrail = 2;
-	} else if ((byte & 0xf8) == 0xf0) {
-	    /* leading byte of four-byte character */
-	    ntrail = 3;
-	} else {
-	    /* illegal */
-	    nchar = -1;
-	    break;
-	}
+        if (ntrail) {
+            if ((byte & 0xc0) != 0x80) {
+                /* illegal */
+                nchar = -1;
+                break;
+            }
+            if (--ntrail == 0) {
+                nchar++;
+                nnonascii++;
+            }
+            continue;
+        }
+        if ((byte & 0x80) == 0x00) {
+            /* single-byte (ASCII) character */
+            nchar++;
+            if (isdigit(byte)) {
+                if (i < ulPinLen - 1) {
+                    ndigit++;
+                }
+            } else if (islower(byte)) {
+                nlower++;
+            } else if (isupper(byte)) {
+                if (i > 0) {
+                    nupper++;
+                }
+            } else {
+                nnonalnum++;
+            }
+        } else if ((byte & 0xe0) == 0xc0) {
+            /* leading byte of two-byte character */
+            ntrail = 1;
+        } else if ((byte & 0xf0) == 0xe0) {
+            /* leading byte of three-byte character */
+            ntrail = 2;
+        } else if ((byte & 0xf8) == 0xf0) {
+            /* leading byte of four-byte character */
+            ntrail = 3;
+        } else {
+            /* illegal */
+            nchar = -1;
+            break;
+        }
     }
     if (nchar == -1) {
-	/* illegal UTF8 string */
-	return CKR_PIN_INVALID;
+        /* illegal UTF8 string */
+        return CKR_PIN_INVALID;
     }
     if (nchar < FIPS_MIN_PIN) {
-	return CKR_PIN_LEN_RANGE;
+        return CKR_PIN_LEN_RANGE;
     }
     nclass = (ndigit != 0) + (nlower != 0) + (nupper != 0) +
-	     (nnonalnum != 0) + (nnonascii != 0);
+             (nnonalnum != 0) + (nnonascii != 0);
     if (nclass < 3) {
-	return CKR_PIN_LEN_RANGE;
+        return CKR_PIN_LEN_RANGE;
     }
     return CKR_OK;
 }
 
-
 /* FIPS required checks before any useful cryptographic services */
-static CK_RV sftk_fipsCheck(void) {
-    if (sftk_fatalError) 
-	return CKR_DEVICE_ERROR;
-    if (isLevel2 && !isLoggedIn) 
-	return CKR_USER_NOT_LOGGED_IN;
+static CK_RV
+sftk_fipsCheck(void)
+{
+    if (sftk_fatalError)
+        return CKR_DEVICE_ERROR;
+    if (isLevel2 && !isLoggedIn)
+        return CKR_USER_NOT_LOGGED_IN;
     return CKR_OK;
 }
 
-
-#define SFTK_FIPSCHECK() \
-    CK_RV rv; \
-    if ((rv = sftk_fipsCheck()) != CKR_OK) return rv;
+#define SFTK_FIPSCHECK()                   \
+    CK_RV rv;                              \
+    if ((rv = sftk_fipsCheck()) != CKR_OK) \
+        return rv;
 
 #define SFTK_FIPSFATALCHECK() \
-    if (sftk_fatalError) return CKR_DEVICE_ERROR;
-
+    if (sftk_fatalError)      \
+        return CKR_DEVICE_ERROR;
 
 /* grab an attribute out of a raw template */
 void *
-fc_getAttribute(CK_ATTRIBUTE_PTR pTemplate, 
-				CK_ULONG ulCount, CK_ATTRIBUTE_TYPE type)
+fc_getAttribute(CK_ATTRIBUTE_PTR pTemplate,
+                CK_ULONG ulCount, CK_ATTRIBUTE_TYPE type)
 {
     int i;
 
-    for (i=0; i < (int) ulCount; i++) {
-	if (pTemplate[i].type == type) {
-	    return pTemplate[i].pValue;
-	}
+    for (i = 0; i < (int)ulCount; i++) {
+        if (pTemplate[i].type == type) {
+            return pTemplate[i].pValue;
+        }
     }
     return NULL;
 }
 
-
-#define __PASTE(x,y)	x##y
+#define __PASTE(x, y) x##y
 
 /* ------------- forward declare all the NSC_ functions ------------- */
 #undef CK_NEED_ARG_LIST
 #undef CK_PKCS11_FUNCTION_INFO
 
-#define CK_PKCS11_FUNCTION_INFO(name) CK_RV __PASTE(NS,name)
+#define CK_PKCS11_FUNCTION_INFO(name) CK_RV __PASTE(NS, name)
 #define CK_NEED_ARG_LIST 1
 
 #include "pkcs11f.h"
 
 /* ------------- forward declare all the FIPS functions ------------- */
 #undef CK_NEED_ARG_LIST
 #undef CK_PKCS11_FUNCTION_INFO
 
-#define CK_PKCS11_FUNCTION_INFO(name) CK_RV __PASTE(F,name)
+#define CK_PKCS11_FUNCTION_INFO(name) CK_RV __PASTE(F, name)
 #define CK_NEED_ARG_LIST 1
 
 #include "pkcs11f.h"
 
 /* ------------- build the CK_CRYPTO_TABLE ------------------------- */
 static CK_FUNCTION_LIST sftk_fipsTable = {
     { 1, 10 },
 
 #undef CK_NEED_ARG_LIST
 #undef CK_PKCS11_FUNCTION_INFO
 
-#define CK_PKCS11_FUNCTION_INFO(name) __PASTE(F,name),
-
+#define CK_PKCS11_FUNCTION_INFO(name) \
+    __PASTE(F, name)                  \
+    ,
 
 #include "pkcs11f.h"
 
 };
 
 #undef CK_NEED_ARG_LIST
 #undef CK_PKCS11_FUNCTION_INFO
 
-
 #undef __PASTE
 
 /* CKO_NOT_A_KEY can be any object class that's not a key object. */
 #define CKO_NOT_A_KEY CKO_DATA
 
-#define SFTK_IS_KEY_OBJECT(objClass) \
-    (((objClass) == CKO_PUBLIC_KEY) || \
-    ((objClass) == CKO_PRIVATE_KEY) || \
-    ((objClass) == CKO_SECRET_KEY))
+#define SFTK_IS_KEY_OBJECT(objClass)    \
+    (((objClass) == CKO_PUBLIC_KEY) ||  \
+     ((objClass) == CKO_PRIVATE_KEY) || \
+     ((objClass) == CKO_SECRET_KEY))
 
 #define SFTK_IS_NONPUBLIC_KEY_OBJECT(objClass) \
     (((objClass) == CKO_PRIVATE_KEY) || ((objClass) == CKO_SECRET_KEY))
 
 static CK_RV
 sftk_get_object_class_and_fipsCheck(CK_SESSION_HANDLE hSession,
-    CK_OBJECT_HANDLE hObject, CK_OBJECT_CLASS *pObjClass)
+                                    CK_OBJECT_HANDLE hObject, CK_OBJECT_CLASS *pObjClass)
 {
     CK_RV rv;
-    CK_ATTRIBUTE class; 
+    CK_ATTRIBUTE class;
     class.type = CKA_CLASS;
     class.pValue = pObjClass;
     class.ulValueLen = sizeof(*pObjClass);
     rv = NSC_GetAttributeValue(hSession, hObject, &class, 1);
     if ((rv == CKR_OK) && SFTK_IS_NONPUBLIC_KEY_OBJECT(*pObjClass)) {
-	rv = sftk_fipsCheck();
+        rv = sftk_fipsCheck();
     }
     return rv;
 }
 
 #ifdef LINUX
 
 int
 sftk_mapLinuxAuditType(NSSAuditSeverity severity, NSSAuditType auditType)
 {
     switch (auditType) {
-    case NSS_AUDIT_ACCESS_KEY:
-    case NSS_AUDIT_CHANGE_KEY: 
-    case NSS_AUDIT_COPY_KEY:
-    case NSS_AUDIT_DERIVE_KEY:
-    case NSS_AUDIT_DESTROY_KEY:
-    case NSS_AUDIT_DIGEST_KEY:
-    case NSS_AUDIT_GENERATE_KEY: 
-    case NSS_AUDIT_LOAD_KEY:
-    case NSS_AUDIT_UNWRAP_KEY:
-    case NSS_AUDIT_WRAP_KEY:
-	return AUDIT_CRYPTO_KEY_USER;
-    case NSS_AUDIT_CRYPT:
-	return (severity == NSS_AUDIT_ERROR) ? AUDIT_CRYPTO_FAILURE_USER : 
-					 AUDIT_CRYPTO_KEY_USER;
-    case NSS_AUDIT_FIPS_STATE:
-    case NSS_AUDIT_INIT_PIN:
-    case NSS_AUDIT_INIT_TOKEN:
-    case NSS_AUDIT_SET_PIN:
-	return AUDIT_CRYPTO_PARAM_CHANGE_USER;
-    case NSS_AUDIT_SELF_TEST: 
-	return AUDIT_CRYPTO_TEST_USER;
-    case NSS_AUDIT_LOGIN:
-	return AUDIT_CRYPTO_LOGIN;
-    case NSS_AUDIT_LOGOUT:
-	return AUDIT_CRYPTO_LOGOUT;
-    /* we skip the fault case here so we can get compiler 
-     * warnings if new 'NSSAuditType's are added without
-     * added them to this list, defaults fall through */
+        case NSS_AUDIT_ACCESS_KEY:
+        case NSS_AUDIT_CHANGE_KEY:
+        case NSS_AUDIT_COPY_KEY:
+        case NSS_AUDIT_DERIVE_KEY:
+        case NSS_AUDIT_DESTROY_KEY:
+        case NSS_AUDIT_DIGEST_KEY:
+        case NSS_AUDIT_GENERATE_KEY:
+        case NSS_AUDIT_LOAD_KEY:
+        case NSS_AUDIT_UNWRAP_KEY:
+        case NSS_AUDIT_WRAP_KEY:
+            return AUDIT_CRYPTO_KEY_USER;
+        case NSS_AUDIT_CRYPT:
+            return (severity == NSS_AUDIT_ERROR) ? AUDIT_CRYPTO_FAILURE_USER : AUDIT_CRYPTO_KEY_USER;
+        case NSS_AUDIT_FIPS_STATE:
+        case NSS_AUDIT_INIT_PIN:
+        case NSS_AUDIT_INIT_TOKEN:
+        case NSS_AUDIT_SET_PIN:
+            return AUDIT_CRYPTO_PARAM_CHANGE_USER;
+        case NSS_AUDIT_SELF_TEST:
+            return AUDIT_CRYPTO_TEST_USER;
+        case NSS_AUDIT_LOGIN:
+            return AUDIT_CRYPTO_LOGIN;
+        case NSS_AUDIT_LOGOUT:
+            return AUDIT_CRYPTO_LOGOUT;
+            /* we skip the fault case here so we can get compiler
+             * warnings if new 'NSSAuditType's are added without
+             * added them to this list, defaults fall through */
     }
     /* default */
     return AUDIT_CRYPTO_PARAM_CHANGE_USER;
-} 
+}
 #endif
 
-
 /**********************************************************************
  *
  *     FIPS 140 auditable event logging
  *
  **********************************************************************/
 
 PRBool sftk_audit_enabled = PR_FALSE;
 
@@ -350,1231 +349,1308 @@ PRBool sftk_audit_enabled = PR_FALSE;
  * - for changes to data (except for authentication data and CSPs), the new
  *   and old values of the data
  * - for authentication attempts, the origin of the attempt (e.g., terminal
  *   identifier)
  * - for assuming a role, the type of role, and the location of the request
  */
 void
 sftk_LogAuditMessage(NSSAuditSeverity severity, NSSAuditType auditType,
-		     const char *msg)
+                     const char *msg)
 {
 #ifdef NSS_AUDIT_WITH_SYSLOG
     int level;
 
     switch (severity) {
-    case NSS_AUDIT_ERROR:
-	level = LOG_ERR;
-	break;
-    case NSS_AUDIT_WARNING:
-	level = LOG_WARNING;
-	break;
-    default:
-	level = LOG_INFO;
-	break;
+        case NSS_AUDIT_ERROR:
+            level = LOG_ERR;
+            break;
+        case NSS_AUDIT_WARNING:
+            level = LOG_WARNING;
+            break;
+        default:
+            level = LOG_INFO;
+            break;
     }
     /* timestamp is provided by syslog in the message header */
     syslog(level | LOG_USER /* facility */,
-	   "NSS " SOFTOKEN_LIB_NAME "[pid=%d uid=%d]: %s",
-	   (int)getpid(), (int)getuid(), msg);
+           "NSS " SOFTOKEN_LIB_NAME "[pid=%d uid=%d]: %s",
+           (int)getpid(), (int)getuid(), msg);
 #ifdef LINUX
     if (pthread_once(&libaudit_once_control, libaudit_init) != 0) {
-	return;
+        return;
     }
     if (libaudit_handle) {
-	int audit_fd;
-	int linuxAuditType;
-	int result = (severity != NSS_AUDIT_ERROR); /* 1=success; 0=failed */
-	char *message = PR_smprintf("NSS " SOFTOKEN_LIB_NAME ": %s", msg);
-	if (!message) {
-	    return;
-	}
-	audit_fd = audit_open_func();
-	if (audit_fd < 0) {
-	    PR_smprintf_free(message);
-	    return;
-	}
-	linuxAuditType = sftk_mapLinuxAuditType(severity, auditType);
-	if (audit_log_user_message_func) {
-	    audit_log_user_message_func(audit_fd, linuxAuditType, message,
-					NULL, NULL, NULL, result);
-	} else {
-	    audit_send_user_message_func(audit_fd, linuxAuditType, message);
-	}
-	audit_close_func(audit_fd);
-	PR_smprintf_free(message);
+        int audit_fd;
+        int linuxAuditType;
+        int result = (severity != NSS_AUDIT_ERROR); /* 1=success; 0=failed */
+        char *message = PR_smprintf("NSS " SOFTOKEN_LIB_NAME ": %s", msg);
+        if (!message) {
+            return;
+        }
+        audit_fd = audit_open_func();
+        if (audit_fd < 0) {
+            PR_smprintf_free(message);
+            return;
+        }
+        linuxAuditType = sftk_mapLinuxAuditType(severity, auditType);
+        if (audit_log_user_message_func) {
+            audit_log_user_message_func(audit_fd, linuxAuditType, message,
+                                        NULL, NULL, NULL, result);
+        } else {
+            audit_send_user_message_func(audit_fd, linuxAuditType, message);
+        }
+        audit_close_func(audit_fd);
+        PR_smprintf_free(message);
     }
 #endif /* LINUX */
 #else
-    /* do nothing */
+/* do nothing */
 #endif
 }
 
-
 /**********************************************************************
  *
- *     Start of PKCS 11 functions 
+ *     Start of PKCS 11 functions
  *
  **********************************************************************/
 /* return the function list */
-CK_RV FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList) {
+CK_RV
+FC_GetFunctionList(CK_FUNCTION_LIST_PTR *pFunctionList)
+{
 
     CHECK_FORK();
 
     *pFunctionList = &sftk_fipsTable;
     return CKR_OK;
 }
 
 /* sigh global so pkcs11 can read it */
 PRBool nsf_init = PR_FALSE;
 
-void fc_log_init_error(CK_RV crv) {
+void
+fc_log_init_error(CK_RV crv)
+{
     if (sftk_audit_enabled) {
-       char msg[128];
-       PR_snprintf(msg,sizeof msg,
-                       "C_Initialize()=0x%08lX "
-                       "power-up self-tests failed",
-                       (PRUint32)crv);
-       sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
+        char msg[128];
+        PR_snprintf(msg, sizeof msg,
+                    "C_Initialize()=0x%08lX "
+                    "power-up self-tests failed",
+                    (PRUint32)crv);
+        sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
     }
 }
 
-
 /* FC_Initialize initializes the PKCS #11 library. */
-CK_RV FC_Initialize(CK_VOID_PTR pReserved) {
+CK_RV
+FC_Initialize(CK_VOID_PTR pReserved)
+{
     const char *envp;
     CK_RV crv;
 
     if ((envp = PR_GetEnv("NSS_ENABLE_AUDIT")) != NULL) {
-	sftk_audit_enabled = (atoi(envp) == 1);
+        sftk_audit_enabled = (atoi(envp) == 1);
     }
 
     /* At this point we should have already done post and integrity checks.
      * if we haven't, it probably means the FIPS product has not been installed
      * or the tests failed. Don't let an application try to enter FIPS mode */
     crv = sftk_FIPSEntryOK();
     if (crv != CKR_OK) {
-       sftk_fatalError = PR_TRUE;
-       fc_log_init_error(crv);
-       return crv;
+        sftk_fatalError = PR_TRUE;
+        fc_log_init_error(crv);
+        return crv;
     }
 
-
     sftk_ForkReset(pReserved, &crv);
 
     if (nsf_init) {
-	return CKR_CRYPTOKI_ALREADY_INITIALIZED;
+        return CKR_CRYPTOKI_ALREADY_INITIALIZED;
     }
 
     crv = nsc_CommonInitialize(pReserved, PR_TRUE);
 
     /* not an 'else' rv can be set by either SFTK_LowInit or SFTK_SlotInit*/
     if (crv != CKR_OK) {
-	sftk_fatalError = PR_TRUE;
-	return crv;
+        sftk_fatalError = PR_TRUE;
+        return crv;
     }
 
     sftk_fatalError = PR_FALSE; /* any error has been reset */
     nsf_init = PR_TRUE;
     isLevel2 = PR_TRUE; /* assume level 2 unless we learn otherwise */
 
     return CKR_OK;
 }
 
 /*FC_Finalize indicates that an application is done with the PKCS #11 library.*/
-CK_RV FC_Finalize (CK_VOID_PTR pReserved) {
-   CK_RV crv;
+CK_RV
+FC_Finalize(CK_VOID_PTR pReserved)
+{
+    CK_RV crv;
 
-   if (sftk_ForkReset(pReserved, &crv)) {
-       return crv;
-   }
+    if (sftk_ForkReset(pReserved, &crv)) {
+        return crv;
+    }
 
-   if (!nsf_init) {
-      return CKR_OK;
-   }
+    if (!nsf_init) {
+        return CKR_OK;
+    }
 
-   crv = nsc_CommonFinalize (pReserved, PR_TRUE);
+    crv = nsc_CommonFinalize(pReserved, PR_TRUE);
 
-   nsf_init = (PRBool) !(crv == CKR_OK);
-   return crv;
+    nsf_init = (PRBool) !(crv == CKR_OK);
+    return crv;
 }
 
-
 /* FC_GetInfo returns general information about PKCS #11. */
-CK_RV  FC_GetInfo(CK_INFO_PTR pInfo) {
+CK_RV
+FC_GetInfo(CK_INFO_PTR pInfo)
+{
     CHECK_FORK();
 
     return NSC_GetInfo(pInfo);
 }
 
 /* FC_GetSlotList obtains a list of slots in the system. */
-CK_RV FC_GetSlotList(CK_BBOOL tokenPresent,
-	 		CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount) {
+CK_RV
+FC_GetSlotList(CK_BBOOL tokenPresent,
+               CK_SLOT_ID_PTR pSlotList, CK_ULONG_PTR pulCount)
+{
     CHECK_FORK();
 
-    return nsc_CommonGetSlotList(tokenPresent,pSlotList,pulCount,
-							 NSC_FIPS_MODULE);
+    return nsc_CommonGetSlotList(tokenPresent, pSlotList, pulCount,
+                                 NSC_FIPS_MODULE);
 }
-	
+
 /* FC_GetSlotInfo obtains information about a particular slot in the system. */
-CK_RV FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo) {
+CK_RV
+FC_GetSlotInfo(CK_SLOT_ID slotID, CK_SLOT_INFO_PTR pInfo)
+{
     CHECK_FORK();
 
-    return NSC_GetSlotInfo(slotID,pInfo);
+    return NSC_GetSlotInfo(slotID, pInfo);
 }
 
-
 /*FC_GetTokenInfo obtains information about a particular token in the system.*/
- CK_RV FC_GetTokenInfo(CK_SLOT_ID slotID,CK_TOKEN_INFO_PTR pInfo) {
+CK_RV
+FC_GetTokenInfo(CK_SLOT_ID slotID, CK_TOKEN_INFO_PTR pInfo)
+{
     CK_RV crv;
 
     CHECK_FORK();
 
-    crv = NSC_GetTokenInfo(slotID,pInfo);
+    crv = NSC_GetTokenInfo(slotID, pInfo);
     if (crv == CKR_OK) {
-	if ((pInfo->flags & CKF_LOGIN_REQUIRED) == 0) {
-	    isLevel2 = PR_FALSE;
- 	}
+        if ((pInfo->flags & CKF_LOGIN_REQUIRED) == 0) {
+            isLevel2 = PR_FALSE;
+        }
     }
     return crv;
-
 }
 
-
-
 /*FC_GetMechanismList obtains a list of mechanism types supported by a token.*/
- CK_RV FC_GetMechanismList(CK_SLOT_ID slotID,
-	CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pusCount) {
-     CHECK_FORK();
-
-    SFTK_FIPSFATALCHECK();
-    if ((slotID == FIPS_SLOT_ID) || (slotID >=SFTK_MIN_FIPS_USER_SLOT_ID)) {
-	slotID = NETSCAPE_SLOT_ID;
-    }
-    /* FIPS Slots support all functions */
-    return NSC_GetMechanismList(slotID,pMechanismList,pusCount);
-}
-
-
-/* FC_GetMechanismInfo obtains information about a particular mechanism 
- * possibly supported by a token. */
- CK_RV FC_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
-    					CK_MECHANISM_INFO_PTR pInfo) {
+CK_RV
+FC_GetMechanismList(CK_SLOT_ID slotID,
+                    CK_MECHANISM_TYPE_PTR pMechanismList, CK_ULONG_PTR pusCount)
+{
     CHECK_FORK();
 
     SFTK_FIPSFATALCHECK();
-    if ((slotID == FIPS_SLOT_ID) || (slotID >=SFTK_MIN_FIPS_USER_SLOT_ID)) {
-	slotID = NETSCAPE_SLOT_ID;
+    if ((slotID == FIPS_SLOT_ID) || (slotID >= SFTK_MIN_FIPS_USER_SLOT_ID)) {
+        slotID = NETSCAPE_SLOT_ID;
     }
     /* FIPS Slots support all functions */
-    return NSC_GetMechanismInfo(slotID,type,pInfo);
+    return NSC_GetMechanismList(slotID, pMechanismList, pusCount);
 }
 
+/* FC_GetMechanismInfo obtains information about a particular mechanism
+ * possibly supported by a token. */
+CK_RV
+FC_GetMechanismInfo(CK_SLOT_ID slotID, CK_MECHANISM_TYPE type,
+                    CK_MECHANISM_INFO_PTR pInfo)
+{
+    CHECK_FORK();
+
+    SFTK_FIPSFATALCHECK();
+    if ((slotID == FIPS_SLOT_ID) || (slotID >= SFTK_MIN_FIPS_USER_SLOT_ID)) {
+        slotID = NETSCAPE_SLOT_ID;
+    }
+    /* FIPS Slots support all functions */
+    return NSC_GetMechanismInfo(slotID, type, pInfo);
+}
 
 /* FC_InitToken initializes a token. */
- CK_RV FC_InitToken(CK_SLOT_ID slotID,CK_CHAR_PTR pPin,
- 				CK_ULONG usPinLen,CK_CHAR_PTR pLabel) {
+CK_RV
+FC_InitToken(CK_SLOT_ID slotID, CK_CHAR_PTR pPin,
+             CK_ULONG usPinLen, CK_CHAR_PTR pLabel)
+{
     CK_RV crv;
 
     CHECK_FORK();
 
-    crv = NSC_InitToken(slotID,pPin,usPinLen,pLabel);
+    crv = NSC_InitToken(slotID, pPin, usPinLen, pLabel);
     if (sftk_audit_enabled) {
-	char msg[128];
-	NSSAuditSeverity severity = (crv == CKR_OK) ?
-		NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
-	/* pLabel points to a 32-byte label, which is not null-terminated */
-	PR_snprintf(msg,sizeof msg,
-		"C_InitToken(slotID=%lu, pLabel=\"%.32s\")=0x%08lX",
-		(PRUint32)slotID,pLabel,(PRUint32)crv);
-	sftk_LogAuditMessage(severity, NSS_AUDIT_INIT_TOKEN, msg);
+        char msg[128];
+        NSSAuditSeverity severity = (crv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+        /* pLabel points to a 32-byte label, which is not null-terminated */
+        PR_snprintf(msg, sizeof msg,
+                    "C_InitToken(slotID=%lu, pLabel=\"%.32s\")=0x%08lX",
+                    (PRUint32)slotID, pLabel, (PRUint32)crv);
+        sftk_LogAuditMessage(severity, NSS_AUDIT_INIT_TOKEN, msg);
     }
     return crv;
 }
 
-
 /* FC_InitPIN initializes the normal user's PIN. */
- CK_RV FC_InitPIN(CK_SESSION_HANDLE hSession,
-    					CK_CHAR_PTR pPin, CK_ULONG ulPinLen) {
+CK_RV
+FC_InitPIN(CK_SESSION_HANDLE hSession,
+           CK_CHAR_PTR pPin, CK_ULONG ulPinLen)
+{
     CK_RV rv;
 
     CHECK_FORK();
 
-    if (sftk_fatalError) return CKR_DEVICE_ERROR;
+    if (sftk_fatalError)
+        return CKR_DEVICE_ERROR;
     /* NSC_InitPIN will only work once per database. We can either initialize
      * it to level1 (pin len == 0) or level2. If we initialize to level 2, then
      * we need to make sure the pin meets FIPS requirements */
-    if ((ulPinLen== 0) || ((rv = sftk_newPinCheck(pPin,ulPinLen)) == CKR_OK)) {
-	rv = NSC_InitPIN(hSession,pPin,ulPinLen);
-	if (rv == CKR_OK) {
-	    isLevel2 = (ulPinLen > 0) ? PR_TRUE : PR_FALSE;
-	}
+    if ((ulPinLen == 0) || ((rv = sftk_newPinCheck(pPin, ulPinLen)) == CKR_OK)) {
+        rv = NSC_InitPIN(hSession, pPin, ulPinLen);
+        if (rv == CKR_OK) {
+            isLevel2 = (ulPinLen > 0) ? PR_TRUE : PR_FALSE;
+        }
     }
     if (sftk_audit_enabled) {
-	char msg[128];
-	NSSAuditSeverity severity = (rv == CKR_OK) ?
-		NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
-	PR_snprintf(msg,sizeof msg,
-		"C_InitPIN(hSession=0x%08lX)=0x%08lX",
-		(PRUint32)hSession,(PRUint32)rv);
-	sftk_LogAuditMessage(severity, NSS_AUDIT_INIT_PIN, msg);
+        char msg[128];
+        NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+        PR_snprintf(msg, sizeof msg,
+                    "C_InitPIN(hSession=0x%08lX)=0x%08lX",
+                    (PRUint32)hSession, (PRUint32)rv);
+        sftk_LogAuditMessage(severity, NSS_AUDIT_INIT_PIN, msg);
     }
     return rv;
 }
 
-
 /* FC_SetPIN modifies the PIN of user that is currently logged in. */
 /* NOTE: This is only valid for the PRIVATE_KEY_SLOT */
- CK_RV FC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
-    CK_ULONG usOldLen, CK_CHAR_PTR pNewPin, CK_ULONG usNewLen) {
+CK_RV
+FC_SetPIN(CK_SESSION_HANDLE hSession, CK_CHAR_PTR pOldPin,
+          CK_ULONG usOldLen, CK_CHAR_PTR pNewPin, CK_ULONG usNewLen)
+{
     CK_RV rv;
 
     CHECK_FORK();
 
     if ((rv = sftk_fipsCheck()) == CKR_OK &&
-	(rv = sftk_newPinCheck(pNewPin,usNewLen)) == CKR_OK) {
-	rv = NSC_SetPIN(hSession,pOldPin,usOldLen,pNewPin,usNewLen);
-	if (rv == CKR_OK) {
-	    /* if we set the password in level1 we now go
-	     * to level2. NOTE: we don't allow the user to
-	     * go from level2 to level1 */
-	    isLevel2 = PR_TRUE; 
-	}
+        (rv = sftk_newPinCheck(pNewPin, usNewLen)) == CKR_OK) {
+        rv = NSC_SetPIN(hSession, pOldPin, usOldLen, pNewPin, usNewLen);
+        if (rv == CKR_OK) {
+            /* if we set the password in level1 we now go
+             * to level2. NOTE: we don't allow the user to
+             * go from level2 to level1 */
+            isLevel2 = PR_TRUE;
+        }
     }
     if (sftk_audit_enabled) {
-	char msg[128];
-	NSSAuditSeverity severity = (rv == CKR_OK) ?
-		NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
-	PR_snprintf(msg,sizeof msg,
-		"C_SetPIN(hSession=0x%08lX)=0x%08lX",
-		(PRUint32)hSession,(PRUint32)rv);
-	sftk_LogAuditMessage(severity, NSS_AUDIT_SET_PIN, msg);
+        char msg[128];
+        NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+        PR_snprintf(msg, sizeof msg,
+                    "C_SetPIN(hSession=0x%08lX)=0x%08lX",
+                    (PRUint32)hSession, (PRUint32)rv);
+        sftk_LogAuditMessage(severity, NSS_AUDIT_SET_PIN, msg);
     }
     return rv;
 }
 
 /* FC_OpenSession opens a session between an application and a token. */
- CK_RV FC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags,
-   CK_VOID_PTR pApplication,CK_NOTIFY Notify,CK_SESSION_HANDLE_PTR phSession) {
+CK_RV
+FC_OpenSession(CK_SLOT_ID slotID, CK_FLAGS flags,
+               CK_VOID_PTR pApplication, CK_NOTIFY Notify, CK_SESSION_HANDLE_PTR phSession)
+{
     SFTK_FIPSFATALCHECK();
 
     CHECK_FORK();
 
-    return NSC_OpenSession(slotID,flags,pApplication,Notify,phSession);
+    return NSC_OpenSession(slotID, flags, pApplication, Notify, phSession);
 }
 
-
 /* FC_CloseSession closes a session between an application and a token. */
- CK_RV FC_CloseSession(CK_SESSION_HANDLE hSession) {
+CK_RV
+FC_CloseSession(CK_SESSION_HANDLE hSession)
+{
     CHECK_FORK();
 
     return NSC_CloseSession(hSession);
 }
 
-
 /* FC_CloseAllSessions closes all sessions with a token. */
- CK_RV FC_CloseAllSessions (CK_SLOT_ID slotID) {
+CK_RV
+FC_CloseAllSessions(CK_SLOT_ID slotID)
+{
 
     CHECK_FORK();
 
-    return NSC_CloseAllSessions (slotID);
+    return NSC_CloseAllSessions(slotID);
 }
 
-
 /* FC_GetSessionInfo obtains information about the session. */
- CK_RV FC_GetSessionInfo(CK_SESSION_HANDLE hSession,
-						CK_SESSION_INFO_PTR pInfo) {
+CK_RV
+FC_GetSessionInfo(CK_SESSION_HANDLE hSession,
+                  CK_SESSION_INFO_PTR pInfo)
+{
     CK_RV rv;
     SFTK_FIPSFATALCHECK();
 
     CHECK_FORK();
 
-    rv = NSC_GetSessionInfo(hSession,pInfo);
+    rv = NSC_GetSessionInfo(hSession, pInfo);
     if (rv == CKR_OK) {
-	if ((isLoggedIn) && (pInfo->state == CKS_RO_PUBLIC_SESSION)) {
-		pInfo->state = CKS_RO_USER_FUNCTIONS;
-	}
-	if ((isLoggedIn) && (pInfo->state == CKS_RW_PUBLIC_SESSION)) {
-		pInfo->state = CKS_RW_USER_FUNCTIONS;
-	}
+        if ((isLoggedIn) && (pInfo->state == CKS_RO_PUBLIC_SESSION)) {
+            pInfo->state = CKS_RO_USER_FUNCTIONS;
+        }
+        if ((isLoggedIn) && (pInfo->state == CKS_RW_PUBLIC_SESSION)) {
+            pInfo->state = CKS_RW_USER_FUNCTIONS;
+        }
     }
     return rv;
 }
 
 /* FC_Login logs a user into a token. */
- CK_RV FC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
-				    CK_CHAR_PTR pPin, CK_ULONG usPinLen) {
+CK_RV
+FC_Login(CK_SESSION_HANDLE hSession, CK_USER_TYPE userType,
+         CK_CHAR_PTR pPin, CK_ULONG usPinLen)
+{
     CK_RV rv;
     PRBool successful;
-    if (sftk_fatalError) return CKR_DEVICE_ERROR;
-    rv = NSC_Login(hSession,userType,pPin,usPinLen);
+    if (sftk_fatalError)
+        return CKR_DEVICE_ERROR;
+    rv = NSC_Login(hSession, userType, pPin, usPinLen);
     successful = (rv == CKR_OK) || (rv == CKR_USER_ALREADY_LOGGED_IN);
     if (successful)
-	isLoggedIn = PR_TRUE;
+        isLoggedIn = PR_TRUE;
     if (sftk_audit_enabled) {
-	char msg[128];
-	NSSAuditSeverity severity;
-	severity = successful ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
-	PR_snprintf(msg,sizeof msg,
-		    "C_Login(hSession=0x%08lX, userType=%lu)=0x%08lX",
-		    (PRUint32)hSession,(PRUint32)userType,(PRUint32)rv);
-	sftk_LogAuditMessage(severity, NSS_AUDIT_LOGIN, msg);
+        char msg[128];
+        NSSAuditSeverity severity;
+        severity = successful ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+        PR_snprintf(msg, sizeof msg,
+                    "C_Login(hSession=0x%08lX, userType=%lu)=0x%08lX",
+                    (PRUint32)hSession, (PRUint32)userType, (PRUint32)rv);
+        sftk_LogAuditMessage(severity, NSS_AUDIT_LOGIN, msg);
     }
     return rv;
 }
 
 /* FC_Logout logs a user out from a token. */
- CK_RV FC_Logout(CK_SESSION_HANDLE hSession) {
+CK_RV
+FC_Logout(CK_SESSION_HANDLE hSession)
+{
     CK_RV rv;
 
     CHECK_FORK();
 
     if ((rv = sftk_fipsCheck()) == CKR_OK) {
-	rv = NSC_Logout(hSession);
-	isLoggedIn = PR_FALSE;
+        rv = NSC_Logout(hSession);
+        isLoggedIn = PR_FALSE;
     }
     if (sftk_audit_enabled) {
-	char msg[128];
-	NSSAuditSeverity severity = (rv == CKR_OK) ?
-		NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
-	PR_snprintf(msg,sizeof msg,
-		    "C_Logout(hSession=0x%08lX)=0x%08lX",
-		    (PRUint32)hSession,(PRUint32)rv);
-	sftk_LogAuditMessage(severity, NSS_AUDIT_LOGOUT, msg);
+        char msg[128];
+        NSSAuditSeverity severity = (rv == CKR_OK) ? NSS_AUDIT_INFO : NSS_AUDIT_ERROR;
+        PR_snprintf(msg, sizeof msg,
+                    "C_Logout(hSession=0x%08lX)=0x%08lX",
+                    (PRUint32)hSession, (PRUint32)rv);
+        sftk_LogAuditMessage(severity, NSS_AUDIT_LOGOUT, msg);
     }
     return rv;
 }
 
-
 /* FC_CreateObject creates a new object. */
- CK_RV FC_CreateObject(CK_SESSION_HANDLE hSession,
-		CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount, 
-					CK_OBJECT_HANDLE_PTR phObject) {
-    CK_OBJECT_CLASS * classptr;
+CK_RV
+FC_CreateObject(CK_SESSION_HANDLE hSession,
+                CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+                CK_OBJECT_HANDLE_PTR phObject)
+{
+    CK_OBJECT_CLASS *classptr;
     CK_RV rv = CKR_OK;
 
     CHECK_FORK();
 
-    classptr = (CK_OBJECT_CLASS *)fc_getAttribute(pTemplate,ulCount,CKA_CLASS);
-    if (classptr == NULL) return CKR_TEMPLATE_INCOMPLETE;
+    classptr = (CK_OBJECT_CLASS *)fc_getAttribute(pTemplate, ulCount, CKA_CLASS);
+    if (classptr == NULL)
+        return CKR_TEMPLATE_INCOMPLETE;
 
     if (*classptr == CKO_NETSCAPE_NEWSLOT || *classptr == CKO_NETSCAPE_DELSLOT) {
         if (sftk_fatalError)
             return CKR_DEVICE_ERROR;
     } else {
         rv = sftk_fipsCheck();
         if (rv != CKR_OK)
             return rv;
     }
 
     /* FIPS can't create keys from raw key material */
     if (SFTK_IS_NONPUBLIC_KEY_OBJECT(*classptr)) {
-	rv = CKR_ATTRIBUTE_VALUE_INVALID;
+        rv = CKR_ATTRIBUTE_VALUE_INVALID;
     } else {
-	rv = NSC_CreateObject(hSession,pTemplate,ulCount,phObject);
+        rv = NSC_CreateObject(hSession, pTemplate, ulCount, phObject);
     }
     if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(*classptr)) {
-	sftk_AuditCreateObject(hSession,pTemplate,ulCount,phObject,rv);
+        sftk_AuditCreateObject(hSession, pTemplate, ulCount, phObject, rv);
     }
     return rv;
 }
 
-
-
-
-
 /* FC_CopyObject copies an object, creating a new object for the copy. */
- CK_RV FC_CopyObject(CK_SESSION_HANDLE hSession,
-       CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
-					CK_OBJECT_HANDLE_PTR phNewObject) {
+CK_RV
+FC_CopyObject(CK_SESSION_HANDLE hSession,
+              CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+              CK_OBJECT_HANDLE_PTR phNewObject)
+{
     CK_RV rv;
     CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
 
     CHECK_FORK();
 
     SFTK_FIPSFATALCHECK();
     rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass);
     if (rv == CKR_OK) {
-	rv = NSC_CopyObject(hSession,hObject,pTemplate,ulCount,phNewObject);
+        rv = NSC_CopyObject(hSession, hObject, pTemplate, ulCount, phNewObject);
     }
     if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
-	sftk_AuditCopyObject(hSession,
-	    hObject,pTemplate,ulCount,phNewObject,rv);
+        sftk_AuditCopyObject(hSession,
+                             hObject, pTemplate, ulCount, phNewObject, rv);
     }
     return rv;
 }
 
-
 /* FC_DestroyObject destroys an object. */
- CK_RV FC_DestroyObject(CK_SESSION_HANDLE hSession,
-		 				CK_OBJECT_HANDLE hObject) {
+CK_RV
+FC_DestroyObject(CK_SESSION_HANDLE hSession,
+                 CK_OBJECT_HANDLE hObject)
+{
     CK_RV rv;
     CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
 
     CHECK_FORK();
 
     SFTK_FIPSFATALCHECK();
     rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass);
     if (rv == CKR_OK) {
-	rv = NSC_DestroyObject(hSession,hObject);
+        rv = NSC_DestroyObject(hSession, hObject);
     }
     if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
-	sftk_AuditDestroyObject(hSession,hObject,rv);
+        sftk_AuditDestroyObject(hSession, hObject, rv);
     }
     return rv;
 }
 
-
 /* FC_GetObjectSize gets the size of an object in bytes. */
- CK_RV FC_GetObjectSize(CK_SESSION_HANDLE hSession,
-    			CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize) {
+CK_RV
+FC_GetObjectSize(CK_SESSION_HANDLE hSession,
+                 CK_OBJECT_HANDLE hObject, CK_ULONG_PTR pulSize)
+{
     CK_RV rv;
     CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
 
     CHECK_FORK();
 
     SFTK_FIPSFATALCHECK();
     rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass);
     if (rv == CKR_OK) {
-	rv = NSC_GetObjectSize(hSession, hObject, pulSize);
+        rv = NSC_GetObjectSize(hSession, hObject, pulSize);
     }
     if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
-	sftk_AuditGetObjectSize(hSession, hObject, pulSize, rv);
+        sftk_AuditGetObjectSize(hSession, hObject, pulSize, rv);
     }
     return rv;
 }
 
-
 /* FC_GetAttributeValue obtains the value of one or more object attributes. */
- CK_RV FC_GetAttributeValue(CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) {
+CK_RV
+FC_GetAttributeValue(CK_SESSION_HANDLE hSession,
+                     CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
+{
     CK_RV rv;
     CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
 
     CHECK_FORK();
 
     SFTK_FIPSFATALCHECK();
     rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass);
     if (rv == CKR_OK) {
-	rv = NSC_GetAttributeValue(hSession,hObject,pTemplate,ulCount);
+        rv = NSC_GetAttributeValue(hSession, hObject, pTemplate, ulCount);
     }
     if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
-	sftk_AuditGetAttributeValue(hSession,hObject,pTemplate,ulCount,rv);
+        sftk_AuditGetAttributeValue(hSession, hObject, pTemplate, ulCount, rv);
     }
     return rv;
 }
 
-
 /* FC_SetAttributeValue modifies the value of one or more object attributes */
- CK_RV FC_SetAttributeValue (CK_SESSION_HANDLE hSession,
- CK_OBJECT_HANDLE hObject,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount) {
+CK_RV
+FC_SetAttributeValue(CK_SESSION_HANDLE hSession,
+                     CK_OBJECT_HANDLE hObject, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount)
+{
     CK_RV rv;
     CK_OBJECT_CLASS objClass = CKO_NOT_A_KEY;
 
     CHECK_FORK();
 
     SFTK_FIPSFATALCHECK();
     rv = sftk_get_object_class_and_fipsCheck(hSession, hObject, &objClass);
     if (rv == CKR_OK) {
-	rv = NSC_SetAttributeValue(hSession,hObject,pTemplate,ulCount);
+        rv = NSC_SetAttributeValue(hSession, hObject, pTemplate, ulCount);
     }
     if (sftk_audit_enabled && SFTK_IS_KEY_OBJECT(objClass)) {
-	sftk_AuditSetAttributeValue(hSession,hObject,pTemplate,ulCount,rv);
+        sftk_AuditSetAttributeValue(hSession, hObject, pTemplate, ulCount, rv);
     }
     return rv;
 }
 
-
-
-/* FC_FindObjectsInit initializes a search for token and session objects 
+/* FC_FindObjectsInit initializes a search for token and session objects
  * that match a template. */
- CK_RV FC_FindObjectsInit(CK_SESSION_HANDLE hSession,
-    			CK_ATTRIBUTE_PTR pTemplate,CK_ULONG usCount) {
+CK_RV
+FC_FindObjectsInit(CK_SESSION_HANDLE hSession,
+                   CK_ATTRIBUTE_PTR pTemplate, CK_ULONG usCount)
+{
     /* let publically readable object be found */
     unsigned int i;
     CK_RV rv;
     PRBool needLogin = PR_FALSE;
 
-
     CHECK_FORK();
 
     SFTK_FIPSFATALCHECK();
 
-    for (i=0; i < usCount; i++) {
-	CK_OBJECT_CLASS class;
-	if (pTemplate[i].type != CKA_CLASS) {
-	    continue;
-	}
-	if (pTemplate[i].ulValueLen != sizeof(CK_OBJECT_CLASS)) {
-	    continue;
-	}
-	if (pTemplate[i].pValue == NULL) {
-	    continue;
-	}
-	class = *(CK_OBJECT_CLASS *)pTemplate[i].pValue;
-	if ((class == CKO_PRIVATE_KEY) || (class == CKO_SECRET_KEY)) {
-	    needLogin = PR_TRUE;
-	    break;
-	}
+    for (i = 0; i < usCount; i++) {
+        CK_OBJECT_CLASS class;
+        if (pTemplate[i].type != CKA_CLASS) {
+            continue;
+        }
+        if (pTemplate[i].ulValueLen != sizeof(CK_OBJECT_CLASS)) {
+            continue;
+        }
+        if (pTemplate[i].pValue == NULL) {
+            continue;
+        }
+        class = *(CK_OBJECT_CLASS *)pTemplate[i].pValue;
+        if ((class == CKO_PRIVATE_KEY) || (class == CKO_SECRET_KEY)) {
+            needLogin = PR_TRUE;
+            break;
+        }
     }
     if (needLogin) {
-	if ((rv = sftk_fipsCheck()) != CKR_OK) return rv;
+        if ((rv = sftk_fipsCheck()) != CKR_OK)
+            return rv;
     }
-    return NSC_FindObjectsInit(hSession,pTemplate,usCount);
+    return NSC_FindObjectsInit(hSession, pTemplate, usCount);
 }
 
-
-/* FC_FindObjects continues a search for token and session objects 
+/* FC_FindObjects continues a search for token and session objects
  * that match a template, obtaining additional object handles. */
- CK_RV FC_FindObjects(CK_SESSION_HANDLE hSession,
-    CK_OBJECT_HANDLE_PTR phObject,CK_ULONG usMaxObjectCount,
-    					CK_ULONG_PTR pusObjectCount) {
+CK_RV
+FC_FindObjects(CK_SESSION_HANDLE hSession,
+               CK_OBJECT_HANDLE_PTR phObject, CK_ULONG usMaxObjectCount,
+               CK_ULONG_PTR pusObjectCount)
+{
     CHECK_FORK();
 
     /* let publically readable object be found */
     SFTK_FIPSFATALCHECK();
-    return NSC_FindObjects(hSession,phObject,usMaxObjectCount,
-    							pusObjectCount);
+    return NSC_FindObjects(hSession, phObject, usMaxObjectCount,
+                           pusObjectCount);
 }
 
-
 /*
  ************** Crypto Functions:     Encrypt ************************
  */
 
 /* FC_EncryptInit initializes an encryption operation. */
- CK_RV FC_EncryptInit(CK_SESSION_HANDLE hSession,
-		 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
+CK_RV
+FC_EncryptInit(CK_SESSION_HANDLE hSession,
+               CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    rv = NSC_EncryptInit(hSession,pMechanism,hKey);
+    rv = NSC_EncryptInit(hSession, pMechanism, hKey);
     if (sftk_audit_enabled) {
-	sftk_AuditCryptInit("Encrypt",hSession,pMechanism,hKey,rv);
+        sftk_AuditCryptInit("Encrypt", hSession, pMechanism, hKey, rv);
     }
     return rv;
 }
 
 /* FC_Encrypt encrypts single-part data. */
- CK_RV FC_Encrypt (CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
-    		CK_ULONG usDataLen, CK_BYTE_PTR pEncryptedData,
-					 CK_ULONG_PTR pusEncryptedDataLen) {
+CK_RV
+FC_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
+           CK_ULONG usDataLen, CK_BYTE_PTR pEncryptedData,
+           CK_ULONG_PTR pusEncryptedDataLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_Encrypt(hSession,pData,usDataLen,pEncryptedData,
-							pusEncryptedDataLen);
+    return NSC_Encrypt(hSession, pData, usDataLen, pEncryptedData,
+                       pusEncryptedDataLen);
 }
 
-
 /* FC_EncryptUpdate continues a multiple-part encryption operation. */
- CK_RV FC_EncryptUpdate(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pPart, CK_ULONG usPartLen, CK_BYTE_PTR pEncryptedPart,	
-					CK_ULONG_PTR pusEncryptedPartLen) {
+CK_RV
+FC_EncryptUpdate(CK_SESSION_HANDLE hSession,
+                 CK_BYTE_PTR pPart, CK_ULONG usPartLen, CK_BYTE_PTR pEncryptedPart,
+                 CK_ULONG_PTR pusEncryptedPartLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_EncryptUpdate(hSession,pPart,usPartLen,pEncryptedPart,
-						pusEncryptedPartLen);
+    return NSC_EncryptUpdate(hSession, pPart, usPartLen, pEncryptedPart,
+                             pusEncryptedPartLen);
 }
 
-
 /* FC_EncryptFinal finishes a multiple-part encryption operation. */
- CK_RV FC_EncryptFinal(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pusLastEncryptedPartLen) {
+CK_RV
+FC_EncryptFinal(CK_SESSION_HANDLE hSession,
+                CK_BYTE_PTR pLastEncryptedPart, CK_ULONG_PTR pusLastEncryptedPartLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_EncryptFinal(hSession,pLastEncryptedPart,
-						pusLastEncryptedPartLen);
+    return NSC_EncryptFinal(hSession, pLastEncryptedPart,
+                            pusLastEncryptedPartLen);
 }
 
 /*
  ************** Crypto Functions:     Decrypt ************************
  */
 
-
 /* FC_DecryptInit initializes a decryption operation. */
- CK_RV FC_DecryptInit( CK_SESSION_HANDLE hSession,
-			 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
+CK_RV
+FC_DecryptInit(CK_SESSION_HANDLE hSession,
+               CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    rv = NSC_DecryptInit(hSession,pMechanism,hKey);
+    rv = NSC_DecryptInit(hSession, pMechanism, hKey);
     if (sftk_audit_enabled) {
-	sftk_AuditCryptInit("Decrypt",hSession,pMechanism,hKey,rv);
+        sftk_AuditCryptInit("Decrypt", hSession, pMechanism, hKey, rv);
     }
     return rv;
 }
 
 /* FC_Decrypt decrypts encrypted data in a single part. */
- CK_RV FC_Decrypt(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pEncryptedData,CK_ULONG usEncryptedDataLen,CK_BYTE_PTR pData,
-    						CK_ULONG_PTR pusDataLen) {
+CK_RV
+FC_Decrypt(CK_SESSION_HANDLE hSession,
+           CK_BYTE_PTR pEncryptedData, CK_ULONG usEncryptedDataLen, CK_BYTE_PTR pData,
+           CK_ULONG_PTR pusDataLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_Decrypt(hSession,pEncryptedData,usEncryptedDataLen,pData,
-    								pusDataLen);
+    return NSC_Decrypt(hSession, pEncryptedData, usEncryptedDataLen, pData,
+                       pusDataLen);
 }
 
-
 /* FC_DecryptUpdate continues a multiple-part decryption operation. */
- CK_RV FC_DecryptUpdate(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pEncryptedPart, CK_ULONG usEncryptedPartLen,
-    				CK_BYTE_PTR pPart, CK_ULONG_PTR pusPartLen) {
+CK_RV
+FC_DecryptUpdate(CK_SESSION_HANDLE hSession,
+                 CK_BYTE_PTR pEncryptedPart, CK_ULONG usEncryptedPartLen,
+                 CK_BYTE_PTR pPart, CK_ULONG_PTR pusPartLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_DecryptUpdate(hSession,pEncryptedPart,usEncryptedPartLen,
-    							pPart,pusPartLen);
+    return NSC_DecryptUpdate(hSession, pEncryptedPart, usEncryptedPartLen,
+                             pPart, pusPartLen);
 }
 
-
 /* FC_DecryptFinal finishes a multiple-part decryption operation. */
- CK_RV FC_DecryptFinal(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pLastPart, CK_ULONG_PTR pusLastPartLen) {
+CK_RV
+FC_DecryptFinal(CK_SESSION_HANDLE hSession,
+                CK_BYTE_PTR pLastPart, CK_ULONG_PTR pusLastPartLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_DecryptFinal(hSession,pLastPart,pusLastPartLen);
+    return NSC_DecryptFinal(hSession, pLastPart, pusLastPartLen);
 }
 
-
 /*
  ************** Crypto Functions:     Digest (HASH)  ************************
  */
 
 /* FC_DigestInit initializes a message-digesting operation. */
- CK_RV FC_DigestInit(CK_SESSION_HANDLE hSession,
-    					CK_MECHANISM_PTR pMechanism) {
+CK_RV
+FC_DigestInit(CK_SESSION_HANDLE hSession,
+              CK_MECHANISM_PTR pMechanism)
+{
     SFTK_FIPSFATALCHECK();
     CHECK_FORK();
 
     return NSC_DigestInit(hSession, pMechanism);
 }
 
-
 /* FC_Digest digests data in a single part. */
- CK_RV FC_Digest(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pDigest,
-    						CK_ULONG_PTR pusDigestLen) {
+CK_RV
+FC_Digest(CK_SESSION_HANDLE hSession,
+          CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pDigest,
+          CK_ULONG_PTR pusDigestLen)
+{
     SFTK_FIPSFATALCHECK();
     CHECK_FORK();
 
-    return NSC_Digest(hSession,pData,usDataLen,pDigest,pusDigestLen);
+    return NSC_Digest(hSession, pData, usDataLen, pDigest, pusDigestLen);
 }
 
-
 /* FC_DigestUpdate continues a multiple-part message-digesting operation. */
- CK_RV FC_DigestUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,
-					    CK_ULONG usPartLen) {
+CK_RV
+FC_DigestUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+                CK_ULONG usPartLen)
+{
     SFTK_FIPSFATALCHECK();
     CHECK_FORK();
 
-    return NSC_DigestUpdate(hSession,pPart,usPartLen);
+    return NSC_DigestUpdate(hSession, pPart, usPartLen);
 }
 
-
 /* FC_DigestFinal finishes a multiple-part message-digesting operation. */
- CK_RV FC_DigestFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pDigest,
-    						CK_ULONG_PTR pusDigestLen) {
+CK_RV
+FC_DigestFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pDigest,
+               CK_ULONG_PTR pusDigestLen)
+{
     SFTK_FIPSFATALCHECK();
     CHECK_FORK();
 
-    return NSC_DigestFinal(hSession,pDigest,pusDigestLen);
+    return NSC_DigestFinal(hSession, pDigest, pusDigestLen);
 }
 
-
 /*
  ************** Crypto Functions:     Sign  ************************
  */
 
 /* FC_SignInit initializes a signature (private key encryption) operation,
- * where the signature is (will be) an appendix to the data, 
+ * where the signature is (will be) an appendix to the data,
  * and plaintext cannot be recovered from the signature */
- CK_RV FC_SignInit(CK_SESSION_HANDLE hSession,
-		 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey) {
+CK_RV
+FC_SignInit(CK_SESSION_HANDLE hSession,
+            CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    rv = NSC_SignInit(hSession,pMechanism,hKey);
+    rv = NSC_SignInit(hSession, pMechanism, hKey);
     if (sftk_audit_enabled) {
-	sftk_AuditCryptInit("Sign",hSession,pMechanism,hKey,rv);
+        sftk_AuditCryptInit("Sign", hSession, pMechanism, hKey, rv);
     }
     return rv;
 }
 
-
 /* FC_Sign signs (encrypts with private key) data in a single part,
- * where the signature is (will be) an appendix to the data, 
+ * where the signature is (will be) an appendix to the data,
  * and plaintext cannot be recovered from the signature */
- CK_RV FC_Sign(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR pData,CK_ULONG usDataLen,CK_BYTE_PTR pSignature,
-    					CK_ULONG_PTR pusSignatureLen) {
+CK_RV
+FC_Sign(CK_SESSION_HANDLE hSession,
+        CK_BYTE_PTR pData, CK_ULONG usDataLen, CK_BYTE_PTR pSignature,
+        CK_ULONG_PTR pusSignatureLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_Sign(hSession,pData,usDataLen,pSignature,pusSignatureLen);
+    return NSC_Sign(hSession, pData, usDataLen, pSignature, pusSignatureLen);
 }
 
-
 /* FC_SignUpdate continues a multiple-part signature operation,
- * where the signature is (will be) an appendix to the data, 
+ * where the signature is (will be) an appendix to the data,
  * and plaintext cannot be recovered from the signature */
- CK_RV FC_SignUpdate(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pPart,
-    							CK_ULONG usPartLen) {
+CK_RV
+FC_SignUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+              CK_ULONG usPartLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_SignUpdate(hSession,pPart,usPartLen);
+    return NSC_SignUpdate(hSession, pPart, usPartLen);
 }
 
-
-/* FC_SignFinal finishes a multiple-part signature operation, 
+/* FC_SignFinal finishes a multiple-part signature operation,
  * returning the signature. */
- CK_RV FC_SignFinal(CK_SESSION_HANDLE hSession,CK_BYTE_PTR pSignature,
-					    CK_ULONG_PTR pusSignatureLen) {
+CK_RV
+FC_SignFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSignature,
+             CK_ULONG_PTR pusSignatureLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_SignFinal(hSession,pSignature,pusSignatureLen);
+    return NSC_SignFinal(hSession, pSignature, pusSignatureLen);
 }
 
 /*
  ************** Crypto Functions:     Sign Recover  ************************
  */
 /* FC_SignRecoverInit initializes a signature operation,
- * where the (digest) data can be recovered from the signature. 
+ * where the (digest) data can be recovered from the signature.
  * E.g. encryption with the user's private key */
- CK_RV FC_SignRecoverInit(CK_SESSION_HANDLE hSession,
-			 CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
+CK_RV
+FC_SignRecoverInit(CK_SESSION_HANDLE hSession,
+                   CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    rv = NSC_SignRecoverInit(hSession,pMechanism,hKey);
+    rv = NSC_SignRecoverInit(hSession, pMechanism, hKey);
     if (sftk_audit_enabled) {
-	sftk_AuditCryptInit("SignRecover",hSession,pMechanism,hKey,rv);
+        sftk_AuditCryptInit("SignRecover", hSession, pMechanism, hKey, rv);
     }
     return rv;
 }
 
-
 /* FC_SignRecover signs data in a single operation
- * where the (digest) data can be recovered from the signature. 
+ * where the (digest) data can be recovered from the signature.
  * E.g. encryption with the user's private key */
- CK_RV FC_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
-  CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pusSignatureLen) {
+CK_RV
+FC_SignRecover(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
+               CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG_PTR pusSignatureLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_SignRecover(hSession,pData,usDataLen,pSignature,pusSignatureLen);
+    return NSC_SignRecover(hSession, pData, usDataLen, pSignature, pusSignatureLen);
 }
 
 /*
  ************** Crypto Functions:     verify  ************************
  */
 
-/* FC_VerifyInit initializes a verification operation, 
- * where the signature is an appendix to the data, 
+/* FC_VerifyInit initializes a verification operation,
+ * where the signature is an appendix to the data,
  * and plaintext cannot be recovered from the signature (e.g. DSA) */
- CK_RV FC_VerifyInit(CK_SESSION_HANDLE hSession,
-			   CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
+CK_RV
+FC_VerifyInit(CK_SESSION_HANDLE hSession,
+              CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    rv = NSC_VerifyInit(hSession,pMechanism,hKey);
+    rv = NSC_VerifyInit(hSession, pMechanism, hKey);
     if (sftk_audit_enabled) {
-	sftk_AuditCryptInit("Verify",hSession,pMechanism,hKey,rv);
+        sftk_AuditCryptInit("Verify", hSession, pMechanism, hKey, rv);
     }
     return rv;
 }
 
-
-/* FC_Verify verifies a signature in a single-part operation, 
- * where the signature is an appendix to the data, 
+/* FC_Verify verifies a signature in a single-part operation,
+ * where the signature is an appendix to the data,
  * and plaintext cannot be recovered from the signature */
- CK_RV FC_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
-    CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen) {
+CK_RV
+FC_Verify(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
+          CK_ULONG usDataLen, CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen)
+{
     /* make sure we're legal */
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_Verify(hSession,pData,usDataLen,pSignature,usSignatureLen);
+    return NSC_Verify(hSession, pData, usDataLen, pSignature, usSignatureLen);
 }
 
-
-/* FC_VerifyUpdate continues a multiple-part verification operation, 
- * where the signature is an appendix to the data, 
+/* FC_VerifyUpdate continues a multiple-part verification operation,
+ * where the signature is an appendix to the data,
  * and plaintext cannot be recovered from the signature */
- CK_RV FC_VerifyUpdate( CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
-						CK_ULONG usPartLen) {
+CK_RV
+FC_VerifyUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+                CK_ULONG usPartLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_VerifyUpdate(hSession,pPart,usPartLen);
+    return NSC_VerifyUpdate(hSession, pPart, usPartLen);
 }
 
-
-/* FC_VerifyFinal finishes a multiple-part verification operation, 
+/* FC_VerifyFinal finishes a multiple-part verification operation,
  * checking the signature. */
- CK_RV FC_VerifyFinal(CK_SESSION_HANDLE hSession,
-			CK_BYTE_PTR pSignature,CK_ULONG usSignatureLen) {
+CK_RV
+FC_VerifyFinal(CK_SESSION_HANDLE hSession,
+               CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_VerifyFinal(hSession,pSignature,usSignatureLen);
+    return NSC_VerifyFinal(hSession, pSignature, usSignatureLen);
 }
 
 /*
  ************** Crypto Functions:     Verify  Recover ************************
  */
 
-/* FC_VerifyRecoverInit initializes a signature verification operation, 
- * where the data is recovered from the signature. 
+/* FC_VerifyRecoverInit initializes a signature verification operation,
+ * where the data is recovered from the signature.
  * E.g. Decryption with the user's public key */
- CK_RV FC_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
-			CK_MECHANISM_PTR pMechanism,CK_OBJECT_HANDLE hKey) {
+CK_RV
+FC_VerifyRecoverInit(CK_SESSION_HANDLE hSession,
+                     CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hKey)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    rv = NSC_VerifyRecoverInit(hSession,pMechanism,hKey);
+    rv = NSC_VerifyRecoverInit(hSession, pMechanism, hKey);
     if (sftk_audit_enabled) {
-	sftk_AuditCryptInit("VerifyRecover",hSession,pMechanism,hKey,rv);
+        sftk_AuditCryptInit("VerifyRecover", hSession, pMechanism, hKey, rv);
     }
     return rv;
 }
 
-
-/* FC_VerifyRecover verifies a signature in a single-part operation, 
- * where the data is recovered from the signature. 
+/* FC_VerifyRecover verifies a signature in a single-part operation,
+ * where the data is recovered from the signature.
  * E.g. Decryption with the user's public key */
- CK_RV FC_VerifyRecover(CK_SESSION_HANDLE hSession,
-		 CK_BYTE_PTR pSignature,CK_ULONG usSignatureLen,
-    				CK_BYTE_PTR pData,CK_ULONG_PTR pusDataLen) {
+CK_RV
+FC_VerifyRecover(CK_SESSION_HANDLE hSession,
+                 CK_BYTE_PTR pSignature, CK_ULONG usSignatureLen,
+                 CK_BYTE_PTR pData, CK_ULONG_PTR pusDataLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_VerifyRecover(hSession,pSignature,usSignatureLen,pData,
-								pusDataLen);
+    return NSC_VerifyRecover(hSession, pSignature, usSignatureLen, pData,
+                             pusDataLen);
 }
 
 /*
  **************************** Key Functions:  ************************
  */
 
 /* FC_GenerateKey generates a secret key, creating a new key object. */
- CK_RV FC_GenerateKey(CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism,CK_ATTRIBUTE_PTR pTemplate,CK_ULONG ulCount,
-    						CK_OBJECT_HANDLE_PTR phKey) {
+CK_RV
+FC_GenerateKey(CK_SESSION_HANDLE hSession,
+               CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulCount,
+               CK_OBJECT_HANDLE_PTR phKey)
+{
     CK_BBOOL *boolptr;
 
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
     /* all secret keys must be sensitive, if the upper level code tries to say
      * otherwise, reject it. */
-    boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, ulCount, CKA_SENSITIVE);
+    boolptr = (CK_BBOOL *)fc_getAttribute(pTemplate, ulCount, CKA_SENSITIVE);
     if (boolptr != NULL) {
-	if (!(*boolptr)) {
-	    return CKR_ATTRIBUTE_VALUE_INVALID;
-	}
+        if (!(*boolptr)) {
+            return CKR_ATTRIBUTE_VALUE_INVALID;
+        }
     }
 
-    rv = NSC_GenerateKey(hSession,pMechanism,pTemplate,ulCount,phKey);
+    rv = NSC_GenerateKey(hSession, pMechanism, pTemplate, ulCount, phKey);
     if (sftk_audit_enabled) {
-	sftk_AuditGenerateKey(hSession,pMechanism,pTemplate,ulCount,phKey,rv);
+        sftk_AuditGenerateKey(hSession, pMechanism, pTemplate, ulCount, phKey, rv);
     }
     return rv;
 }
 
-
-/* FC_GenerateKeyPair generates a public-key/private-key pair, 
+/* FC_GenerateKeyPair generates a public-key/private-key pair,
  * creating new key objects. */
- CK_RV FC_GenerateKeyPair (CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
-    CK_ULONG usPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
-    CK_ULONG usPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey,
-					CK_OBJECT_HANDLE_PTR phPrivateKey) {
+CK_RV
+FC_GenerateKeyPair(CK_SESSION_HANDLE hSession,
+                   CK_MECHANISM_PTR pMechanism, CK_ATTRIBUTE_PTR pPublicKeyTemplate,
+                   CK_ULONG usPublicKeyAttributeCount, CK_ATTRIBUTE_PTR pPrivateKeyTemplate,
+                   CK_ULONG usPrivateKeyAttributeCount, CK_OBJECT_HANDLE_PTR phPublicKey,
+                   CK_OBJECT_HANDLE_PTR phPrivateKey)
+{
     CK_BBOOL *boolptr;
     CK_RV crv;
 
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-
     /* all private keys must be sensitive, if the upper level code tries to say
      * otherwise, reject it. */
-    boolptr = (CK_BBOOL *) fc_getAttribute(pPrivateKeyTemplate, 
-				usPrivateKeyAttributeCount, CKA_SENSITIVE);
+    boolptr = (CK_BBOOL *)fc_getAttribute(pPrivateKeyTemplate,
+                                          usPrivateKeyAttributeCount, CKA_SENSITIVE);
     if (boolptr != NULL) {
-	if (!(*boolptr)) {
-	    return CKR_ATTRIBUTE_VALUE_INVALID;
-	}
+        if (!(*boolptr)) {
+            return CKR_ATTRIBUTE_VALUE_INVALID;
+        }
     }
-    crv = NSC_GenerateKeyPair (hSession,pMechanism,pPublicKeyTemplate,
-    		usPublicKeyAttributeCount,pPrivateKeyTemplate,
-		usPrivateKeyAttributeCount,phPublicKey,phPrivateKey);
+    crv = NSC_GenerateKeyPair(hSession, pMechanism, pPublicKeyTemplate,
+                              usPublicKeyAttributeCount, pPrivateKeyTemplate,
+                              usPrivateKeyAttributeCount, phPublicKey, phPrivateKey);
     if (crv == CKR_GENERAL_ERROR) {
-	/* pairwise consistency check failed. */
-	sftk_fatalError = PR_TRUE;
+        /* pairwise consistency check failed. */
+        sftk_fatalError = PR_TRUE;
     }
     if (sftk_audit_enabled) {
-	sftk_AuditGenerateKeyPair(hSession,pMechanism,pPublicKeyTemplate,
-    		usPublicKeyAttributeCount,pPrivateKeyTemplate,
-		usPrivateKeyAttributeCount,phPublicKey,phPrivateKey,crv);
+        sftk_AuditGenerateKeyPair(hSession, pMechanism, pPublicKeyTemplate,
+                                  usPublicKeyAttributeCount, pPrivateKeyTemplate,
+                                  usPrivateKeyAttributeCount, phPublicKey, phPrivateKey, crv);
     }
     return crv;
 }
 
-
 /* FC_WrapKey wraps (i.e., encrypts) a key. */
- CK_RV FC_WrapKey(CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
-    CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
-					 CK_ULONG_PTR pulWrappedKeyLen) {
+CK_RV
+FC_WrapKey(CK_SESSION_HANDLE hSession,
+           CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hWrappingKey,
+           CK_OBJECT_HANDLE hKey, CK_BYTE_PTR pWrappedKey,
+           CK_ULONG_PTR pulWrappedKeyLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    rv = NSC_WrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey,
-							pulWrappedKeyLen);
+    rv = NSC_WrapKey(hSession, pMechanism, hWrappingKey, hKey, pWrappedKey,
+                     pulWrappedKeyLen);
     if (sftk_audit_enabled) {
-	sftk_AuditWrapKey(hSession,pMechanism,hWrappingKey,hKey,pWrappedKey,
-							pulWrappedKeyLen,rv);
+        sftk_AuditWrapKey(hSession, pMechanism, hWrappingKey, hKey, pWrappedKey,
+                          pulWrappedKeyLen, rv);
     }
     return rv;
 }
 
-
 /* FC_UnwrapKey unwraps (decrypts) a wrapped key, creating a new key object. */
- CK_RV FC_UnwrapKey(CK_SESSION_HANDLE hSession,
-    CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
-    CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
-    CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
-						 CK_OBJECT_HANDLE_PTR phKey) {
+CK_RV
+FC_UnwrapKey(CK_SESSION_HANDLE hSession,
+             CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hUnwrappingKey,
+             CK_BYTE_PTR pWrappedKey, CK_ULONG ulWrappedKeyLen,
+             CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+             CK_OBJECT_HANDLE_PTR phKey)
+{
     CK_BBOOL *boolptr;
 
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
     /* all secret keys must be sensitive, if the upper level code tries to say
      * otherwise, reject it. */
-    boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, 
-					ulAttributeCount, CKA_SENSITIVE);
+    boolptr = (CK_BBOOL *)fc_getAttribute(pTemplate,
+                                          ulAttributeCount, CKA_SENSITIVE);
     if (boolptr != NULL) {
-	if (!(*boolptr)) {
-	    return CKR_ATTRIBUTE_VALUE_INVALID;
-	}
+        if (!(*boolptr)) {
+            return CKR_ATTRIBUTE_VALUE_INVALID;
+        }
     }
-    rv = NSC_UnwrapKey(hSession,pMechanism,hUnwrappingKey,pWrappedKey,
-			ulWrappedKeyLen,pTemplate,ulAttributeCount,phKey);
+    rv = NSC_UnwrapKey(hSession, pMechanism, hUnwrappingKey, pWrappedKey,
+                       ulWrappedKeyLen, pTemplate, ulAttributeCount, phKey);
     if (sftk_audit_enabled) {
-	sftk_AuditUnwrapKey(hSession,pMechanism,hUnwrappingKey,pWrappedKey,
-			ulWrappedKeyLen,pTemplate,ulAttributeCount,phKey,rv);
+        sftk_AuditUnwrapKey(hSession, pMechanism, hUnwrappingKey, pWrappedKey,
+                            ulWrappedKeyLen, pTemplate, ulAttributeCount, phKey, rv);
     }
     return rv;
 }
 
-
 /* FC_DeriveKey derives a key from a base key, creating a new key object. */
- CK_RV FC_DeriveKey( CK_SESSION_HANDLE hSession,
-	 CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
-	 CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, 
-						CK_OBJECT_HANDLE_PTR phKey) {
+CK_RV
+FC_DeriveKey(CK_SESSION_HANDLE hSession,
+             CK_MECHANISM_PTR pMechanism, CK_OBJECT_HANDLE hBaseKey,
+             CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount,
+             CK_OBJECT_HANDLE_PTR phKey)
+{
     CK_BBOOL *boolptr;
 
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
     /* all secret keys must be sensitive, if the upper level code tries to say
      * otherwise, reject it. */
-    boolptr = (CK_BBOOL *) fc_getAttribute(pTemplate, 
-					ulAttributeCount, CKA_SENSITIVE);
+    boolptr = (CK_BBOOL *)fc_getAttribute(pTemplate,
+                                          ulAttributeCount, CKA_SENSITIVE);
     if (boolptr != NULL) {
-	if (!(*boolptr)) {
-	    return CKR_ATTRIBUTE_VALUE_INVALID;
-	}
+        if (!(*boolptr)) {
+            return CKR_ATTRIBUTE_VALUE_INVALID;
+        }
     }
-    rv = NSC_DeriveKey(hSession,pMechanism,hBaseKey,pTemplate,
-			ulAttributeCount, phKey);
+    rv = NSC_DeriveKey(hSession, pMechanism, hBaseKey, pTemplate,
+                       ulAttributeCount, phKey);
     if (sftk_audit_enabled) {
-	sftk_AuditDeriveKey(hSession,pMechanism,hBaseKey,pTemplate,
-			ulAttributeCount,phKey,rv);
+        sftk_AuditDeriveKey(hSession, pMechanism, hBaseKey, pTemplate,
+                            ulAttributeCount, phKey, rv);
     }
     return rv;
 }
 
 /*
  **************************** Radom Functions:  ************************
  */
 
-/* FC_SeedRandom mixes additional seed material into the token's random number 
+/* FC_SeedRandom mixes additional seed material into the token's random number
  * generator. */
- CK_RV FC_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed,
-    CK_ULONG usSeedLen) {
+CK_RV
+FC_SeedRandom(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pSeed,
+              CK_ULONG usSeedLen)
+{
     CK_RV crv;
 
     SFTK_FIPSFATALCHECK();
     CHECK_FORK();
 
-    crv = NSC_SeedRandom(hSession,pSeed,usSeedLen);
+    crv = NSC_SeedRandom(hSession, pSeed, usSeedLen);
     if (crv != CKR_OK) {
-	sftk_fatalError = PR_TRUE;
+        sftk_fatalError = PR_TRUE;
     }
     return crv;
 }
 
-
 /* FC_GenerateRandom generates random data. */
- CK_RV FC_GenerateRandom(CK_SESSION_HANDLE hSession,
-    CK_BYTE_PTR	pRandomData, CK_ULONG ulRandomLen) {
+CK_RV
+FC_GenerateRandom(CK_SESSION_HANDLE hSession,
+                  CK_BYTE_PTR pRandomData, CK_ULONG ulRandomLen)
+{
     CK_RV crv;
 
     CHECK_FORK();
 
     SFTK_FIPSFATALCHECK();
-    crv = NSC_GenerateRandom(hSession,pRandomData,ulRandomLen);
+    crv = NSC_GenerateRandom(hSession, pRandomData, ulRandomLen);
     if (crv != CKR_OK) {
-	sftk_fatalError = PR_TRUE;
-	if (sftk_audit_enabled) {
-	    char msg[128];
-	    PR_snprintf(msg,sizeof msg,
-			"C_GenerateRandom(hSession=0x%08lX, pRandomData=%p, "
-			"ulRandomLen=%lu)=0x%08lX "
-			"self-test: continuous RNG test failed",
-			(PRUint32)hSession,pRandomData,
-			(PRUint32)ulRandomLen,(PRUint32)crv);
-	    sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
-	}
+        sftk_fatalError = PR_TRUE;
+        if (sftk_audit_enabled) {
+            char msg[128];
+            PR_snprintf(msg, sizeof msg,
+                        "C_GenerateRandom(hSession=0x%08lX, pRandomData=%p, "
+                        "ulRandomLen=%lu)=0x%08lX "
+                        "self-test: continuous RNG test failed",
+                        (PRUint32)hSession, pRandomData,
+                        (PRUint32)ulRandomLen, (PRUint32)crv);
+            sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
+        }
     }
     return crv;
 }
 
-
-/* FC_GetFunctionStatus obtains an updated status of a function running 
+/* FC_GetFunctionStatus obtains an updated status of a function running
  * in parallel with an application. */
- CK_RV FC_GetFunctionStatus(CK_SESSION_HANDLE hSession) {
+CK_RV
+FC_GetFunctionStatus(CK_SESSION_HANDLE hSession)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
     return NSC_GetFunctionStatus(hSession);
 }
 
-
 /* FC_CancelFunction cancels a function running in parallel */
- CK_RV FC_CancelFunction(CK_SESSION_HANDLE hSession) {
+CK_RV
+FC_CancelFunction(CK_SESSION_HANDLE hSession)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
     return NSC_CancelFunction(hSession);
 }
 
 /*
  ****************************  Version 1.1 Functions:  ************************
  */
 
-/* FC_GetOperationState saves the state of the cryptographic 
+/* FC_GetOperationState saves the state of the cryptographic
  *operation in a session. */
-CK_RV FC_GetOperationState(CK_SESSION_HANDLE hSession, 
-	CK_BYTE_PTR  pOperationState, CK_ULONG_PTR pulOperationStateLen) {
+CK_RV
+FC_GetOperationState(CK_SESSION_HANDLE hSession,
+                     CK_BYTE_PTR pOperationState, CK_ULONG_PTR pulOperationStateLen)
+{
     SFTK_FIPSFATALCHECK();
     CHECK_FORK();
 
-    return NSC_GetOperationState(hSession,pOperationState,pulOperationStateLen);
+    return NSC_GetOperationState(hSession, pOperationState, pulOperationStateLen);
 }
 
-
-/* FC_SetOperationState restores the state of the cryptographic operation 
+/* FC_SetOperationState restores the state of the cryptographic operation
  * in a session. */
-CK_RV FC_SetOperationState(CK_SESSION_HANDLE hSession, 
-	CK_BYTE_PTR  pOperationState, CK_ULONG  ulOperationStateLen,
-        CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey) {
+CK_RV
+FC_SetOperationState(CK_SESSION_HANDLE hSession,
+                     CK_BYTE_PTR pOperationState, CK_ULONG ulOperationStateLen,
+                     CK_OBJECT_HANDLE hEncryptionKey, CK_OBJECT_HANDLE hAuthenticationKey)
+{
     SFTK_FIPSFATALCHECK();
     CHECK_FORK();
 
-    return NSC_SetOperationState(hSession,pOperationState,ulOperationStateLen,
-        				hEncryptionKey,hAuthenticationKey);
+    return NSC_SetOperationState(hSession, pOperationState, ulOperationStateLen,
+                                 hEncryptionKey, hAuthenticationKey);
 }
 
 /* FC_FindObjectsFinal finishes a search for token and session objects. */
-CK_RV FC_FindObjectsFinal(CK_SESSION_HANDLE hSession) {
+CK_RV
+FC_FindObjectsFinal(CK_SESSION_HANDLE hSession)
+{
     /* let publically readable object be found */
     SFTK_FIPSFATALCHECK();
     CHECK_FORK();
 
     return NSC_FindObjectsFinal(hSession);
 }
 
-
 /* Dual-function cryptographic operations */
 
-/* FC_DigestEncryptUpdate continues a multiple-part digesting and encryption 
+/* FC_DigestEncryptUpdate continues a multiple-part digesting and encryption
  * operation. */
-CK_RV FC_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR  pPart,
-    CK_ULONG  ulPartLen, CK_BYTE_PTR  pEncryptedPart,
-					 CK_ULONG_PTR pulEncryptedPartLen) {
+CK_RV
+FC_DigestEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+                       CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
+                       CK_ULONG_PTR pulEncryptedPartLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_DigestEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart,
-					 pulEncryptedPartLen);
+    return NSC_DigestEncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart,
+                                   pulEncryptedPartLen);
 }
 
-
-/* FC_DecryptDigestUpdate continues a multiple-part decryption and digesting 
+/* FC_DecryptDigestUpdate continues a multiple-part decryption and digesting
  * operation. */
-CK_RV FC_DecryptDigestUpdate(CK_SESSION_HANDLE hSession,
-     CK_BYTE_PTR  pEncryptedPart, CK_ULONG  ulEncryptedPartLen,
-    				CK_BYTE_PTR  pPart, CK_ULONG_PTR pulPartLen) {
+CK_RV
+FC_DecryptDigestUpdate(CK_SESSION_HANDLE hSession,
+                       CK_BYTE_PTR pEncryptedPart, CK_ULONG ulEncryptedPartLen,
+                       CK_BYTE_PTR pPart, CK_ULONG_PTR pulPartLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_DecryptDigestUpdate(hSession, pEncryptedPart,ulEncryptedPartLen,
-    				pPart,pulPartLen);
+    return NSC_DecryptDigestUpdate(hSession, pEncryptedPart, ulEncryptedPartLen,
+                                   pPart, pulPartLen);
 }
 
-/* FC_SignEncryptUpdate continues a multiple-part signing and encryption 
+/* FC_SignEncryptUpdate continues a multiple-part signing and encryption
  * operation. */
-CK_RV FC_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR  pPart,
-	 CK_ULONG  ulPartLen, CK_BYTE_PTR  pEncryptedPart,
-					 CK_ULONG_PTR pulEncryptedPartLen) {
+CK_RV
+FC_SignEncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
+                     CK_ULONG ulPartLen, CK_BYTE_PTR pEncryptedPart,
+                     CK_ULONG_PTR pulEncryptedPartLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_SignEncryptUpdate(hSession,pPart,ulPartLen,pEncryptedPart,
-					 pulEncryptedPartLen);
+    return NSC_SignEncryptUpdate(hSession, pPart, ulPartLen, pEncryptedPart,
+                                 pulEncryptedPartLen);
 }
 
-/* FC_DecryptVerifyUpdate continues a multiple-part decryption and verify 
+/* FC_DecryptVerifyUpdate continues a multiple-part decryption and verify
  * operation. */
-CK_RV FC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession, 
-	CK_BYTE_PTR  pEncryptedData, CK_ULONG  ulEncryptedDataLen, 
-				CK_BYTE_PTR  pData, CK_ULONG_PTR pulDataLen) {
+CK_RV
+FC_DecryptVerifyUpdate(CK_SESSION_HANDLE hSession,
+                       CK_BYTE_PTR pEncryptedData, CK_ULONG ulEncryptedDataLen,
+                       CK_BYTE_PTR pData, CK_ULONG_PTR pulDataLen)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    return NSC_DecryptVerifyUpdate(hSession,pEncryptedData,ulEncryptedDataLen, 
-				pData,pulDataLen);
+    return NSC_DecryptVerifyUpdate(hSession, pEncryptedData, ulEncryptedDataLen,
+                                   pData, pulDataLen);
 }
 
-
 /* FC_DigestKey continues a multi-part message-digesting operation,
  * by digesting the value of a secret key as part of the data already digested.
  */
-CK_RV FC_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey) {
+CK_RV
+FC_DigestKey(CK_SESSION_HANDLE hSession, CK_OBJECT_HANDLE hKey)
+{
     SFTK_FIPSCHECK();
     CHECK_FORK();
 
-    rv = NSC_DigestKey(hSession,hKey);
+    rv = NSC_DigestKey(hSession, hKey);
     if (sftk_audit_enabled) {
-	sftk_AuditDigestKey(hSession,hKey,rv);
+        sftk_AuditDigestKey(hSession, hKey, rv);
     }
     return rv;
 }
 
-
-CK_RV FC_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
-							 CK_VOID_PTR pReserved)
+CK_RV
+FC_WaitForSlotEvent(CK_FLAGS flags, CK_SLOT_ID_PTR pSlot,
+                    CK_VOID_PTR pReserved)
 {
     CHECK_FORK();
 
     return NSC_WaitForSlotEvent(flags, pSlot, pReserved);
 }
--- a/lib/softoken/jpakesftk.c
+++ b/lib/softoken/jpakesftk.c
@@ -4,135 +4,144 @@
 
 #include "seccomon.h"
 #include "secerr.h"
 #include "blapi.h"
 #include "pkcs11i.h"
 #include "softoken.h"
 
 static CK_RV
-jpake_mapStatus(SECStatus rv, CK_RV invalidArgsMapping) {
+jpake_mapStatus(SECStatus rv, CK_RV invalidArgsMapping)
+{
     int err;
     if (rv == SECSuccess)
         return CKR_OK;
     err = PORT_GetError();
     switch (err) {
         /* XXX: SEC_ERROR_INVALID_ARGS might be caused by invalid template
             parameters. */
-        case SEC_ERROR_INVALID_ARGS:  return invalidArgsMapping;
-        case SEC_ERROR_BAD_SIGNATURE: return CKR_SIGNATURE_INVALID;
-        case SEC_ERROR_NO_MEMORY:     return CKR_HOST_MEMORY;
+        case SEC_ERROR_INVALID_ARGS:
+            return invalidArgsMapping;
+        case SEC_ERROR_BAD_SIGNATURE:
+            return CKR_SIGNATURE_INVALID;
+        case SEC_ERROR_NO_MEMORY:
+            return CKR_HOST_MEMORY;
     }
     return CKR_FUNCTION_FAILED;
 }
 
 /* If key is not NULL then the gx value will be stored as an attribute with
    the type given by the gxAttrType parameter. */
 static CK_RV
-jpake_Sign(PLArenaPool * arena, const PQGParams * pqg, HASH_HashType hashType,
-           const SECItem * signerID, const SECItem * x,
-           CK_NSS_JPAKEPublicValue * out)
+jpake_Sign(PLArenaPool *arena, const PQGParams *pqg, HASH_HashType hashType,
+           const SECItem *signerID, const SECItem *x,
+           CK_NSS_JPAKEPublicValue *out)
 {
     SECItem gx, gv, r;
     CK_RV crv;
 
     PORT_Assert(arena != NULL);
-    
+
     gx.data = NULL;
     gv.data = NULL;
     r.data = NULL;
     crv = jpake_mapStatus(JPAKE_Sign(arena, pqg, hashType, signerID, x, NULL,
                                      NULL, &gx, &gv, &r),
                           CKR_MECHANISM_PARAM_INVALID);
     if (crv == CKR_OK) {
         if ((out->pGX != NULL && out->ulGXLen >= gx.len) ||
             (out->pGV != NULL && out->ulGVLen >= gv.len) ||
-            (out->pR  != NULL && out->ulRLen >= r.len)) {
-            PORT_Memcpy(out->pGX, gx.data, gx.len); 
-            PORT_Memcpy(out->pGV, gv.data, gv.len); 
+            (out->pR != NULL && out->ulRLen >= r.len)) {
+            PORT_Memcpy(out->pGX, gx.data, gx.len);
+            PORT_Memcpy(out->pGV, gv.data, gv.len);
             PORT_Memcpy(out->pR, r.data, r.len);
             out->ulGXLen = gx.len;
             out->ulGVLen = gv.len;
             out->ulRLen = r.len;
         } else {
             crv = CKR_MECHANISM_PARAM_INVALID;
         }
-    } 
+    }
     return crv;
 }
 
 static CK_RV
-jpake_Verify(PLArenaPool * arena, const PQGParams * pqg,
-             HASH_HashType hashType, const SECItem * signerID,
-             const CK_BYTE * peerIDData, CK_ULONG peerIDLen,
-             const CK_NSS_JPAKEPublicValue * publicValueIn)
+jpake_Verify(PLArenaPool *arena, const PQGParams *pqg,
+             HASH_HashType hashType, const SECItem *signerID,
+             const CK_BYTE *peerIDData, CK_ULONG peerIDLen,
+             const CK_NSS_JPAKEPublicValue *publicValueIn)
 {
     SECItem peerID, gx, gv, r;
-    peerID.data = (unsigned char *) peerIDData; peerID.len = peerIDLen;
-    gx.data = publicValueIn->pGX; gx.len = publicValueIn->ulGXLen;
-    gv.data = publicValueIn->pGV; gv.len = publicValueIn->ulGVLen;
-    r.data = publicValueIn->pR;   r.len = publicValueIn->ulRLen;
+    peerID.data = (unsigned char *)peerIDData;
+    peerID.len = peerIDLen;
+    gx.data = publicValueIn->pGX;
+    gx.len = publicValueIn->ulGXLen;
+    gv.data = publicValueIn->pGV;
+    gv.len = publicValueIn->ulGVLen;
+    r.data = publicValueIn->pR;
+    r.len = publicValueIn->ulRLen;
     return jpake_mapStatus(JPAKE_Verify(arena, pqg, hashType, signerID, &peerID,
                                         &gx, &gv, &r),
                            CKR_MECHANISM_PARAM_INVALID);
 }
 
-#define NUM_ELEM(x) (sizeof (x) / sizeof (x)[0])
+#define NUM_ELEM(x) (sizeof(x) / sizeof(x)[0])
 
 /* If the template has the key type set, ensure that it was set to the correct
  * value. If the template did not have the key type set, set it to the
  * correct value.
  */
 static CK_RV
-jpake_enforceKeyType(SFTKObject * key, CK_KEY_TYPE keyType) {
+jpake_enforceKeyType(SFTKObject *key, CK_KEY_TYPE keyType)
+{
     CK_RV crv;
-    SFTKAttribute * keyTypeAttr = sftk_FindAttribute(key, CKA_KEY_TYPE);
+    SFTKAttribute *keyTypeAttr = sftk_FindAttribute(key, CKA_KEY_TYPE);
     if (keyTypeAttr != NULL) {
         crv = *(CK_KEY_TYPE *)keyTypeAttr->attrib.pValue == keyType
-            ? CKR_OK
-            : CKR_TEMPLATE_INCONSISTENT;
+                  ? CKR_OK
+                  : CKR_TEMPLATE_INCONSISTENT;
         sftk_FreeAttribute(keyTypeAttr);
     } else {
         crv = sftk_forceAttribute(key, CKA_KEY_TYPE, &keyType, sizeof keyType);
     }
     return crv;
 }
 
 static CK_RV
-jpake_MultipleSecItem2Attribute(SFTKObject * key, const SFTKItemTemplate * attrs,
+jpake_MultipleSecItem2Attribute(SFTKObject *key, const SFTKItemTemplate *attrs,
                                 size_t attrsCount)
 {
     size_t i;
-    
+
     for (i = 0; i < attrsCount; ++i) {
         CK_RV crv = sftk_forceAttribute(key, attrs[i].type, attrs[i].item->data,
                                         attrs[i].item->len);
         if (crv != CKR_OK)
             return crv;
     }
     return CKR_OK;
 }
 
 CK_RV
-jpake_Round1(HASH_HashType hashType, CK_NSS_JPAKERound1Params * params,
-             SFTKObject * key)
+jpake_Round1(HASH_HashType hashType, CK_NSS_JPAKERound1Params *params,
+             SFTKObject *key)
 {
     CK_RV crv;
     PQGParams pqg;
-    PLArenaPool * arena;
+    PLArenaPool *arena;
     SECItem signerID;
     SFTKItemTemplate templateAttrs[] = {
         { CKA_PRIME, &pqg.prime },
         { CKA_SUBPRIME, &pqg.subPrime },
         { CKA_BASE, &pqg.base },
         { CKA_NSS_JPAKE_SIGNERID, &signerID }
     };
     SECItem x2, gx1, gx2;
     const SFTKItemTemplate generatedAttrs[] = {
-        { CKA_NSS_JPAKE_X2,  &x2  },
+        { CKA_NSS_JPAKE_X2, &x2 },
         { CKA_NSS_JPAKE_GX1, &gx1 },
         { CKA_NSS_JPAKE_GX2, &gx2 },
     };
     SECItem x1;
 
     PORT_Assert(params != NULL);
     PORT_Assert(key != NULL);
 
@@ -165,47 +174,47 @@ jpake_Round1(HASH_HashType hashType, CK_
         crv = jpake_Sign(arena, &pqg, hashType, &signerID, &x2, &params->gx2);
 
     /* Save the values needed for round 2 into CKA_VALUE */
     if (crv == CKR_OK) {
         gx1.data = params->gx1.pGX;
         gx1.len = params->gx1.ulGXLen;
         gx2.data = params->gx2.pGX;
         gx2.len = params->gx2.ulGXLen;
-        crv = jpake_MultipleSecItem2Attribute(key, generatedAttrs, 
+        crv = jpake_MultipleSecItem2Attribute(key, generatedAttrs,
                                               NUM_ELEM(generatedAttrs));
     }
 
     PORT_FreeArena(arena, PR_TRUE);
     return crv;
 }
 
 CK_RV
-jpake_Round2(HASH_HashType hashType, CK_NSS_JPAKERound2Params * params,
-             SFTKObject * sourceKey, SFTKObject * key)
+jpake_Round2(HASH_HashType hashType, CK_NSS_JPAKERound2Params *params,
+             SFTKObject *sourceKey, SFTKObject *key)
 {
     CK_RV crv;
-    PLArenaPool * arena;
+    PLArenaPool *arena;
     PQGParams pqg;
     SECItem signerID, x2, gx1, gx2;
-    SFTKItemTemplate sourceAttrs[] = { 
+    SFTKItemTemplate sourceAttrs[] = {
         { CKA_PRIME, &pqg.prime },
         { CKA_SUBPRIME, &pqg.subPrime },
         { CKA_BASE, &pqg.base },
         { CKA_NSS_JPAKE_SIGNERID, &signerID },
-        { CKA_NSS_JPAKE_X2,  &x2 },
+        { CKA_NSS_JPAKE_X2, &x2 },
         { CKA_NSS_JPAKE_GX1, &gx1 },
         { CKA_NSS_JPAKE_GX2, &gx2 },
     };
     SECItem x2s, gx3, gx4;
     const SFTKItemTemplate copiedAndGeneratedAttrs[] = {
         { CKA_NSS_JPAKE_SIGNERID, &signerID },
         { CKA_PRIME, &pqg.prime },
         { CKA_SUBPRIME, &pqg.subPrime },
-        { CKA_NSS_JPAKE_X2,  &x2  },
+        { CKA_NSS_JPAKE_X2, &x2 },
         { CKA_NSS_JPAKE_X2S, &x2s },
         { CKA_NSS_JPAKE_GX1, &gx1 },
         { CKA_NSS_JPAKE_GX2, &gx2 },
         { CKA_NSS_JPAKE_GX3, &gx3 },
         { CKA_NSS_JPAKE_GX4, &gx4 }
     };
     SECItem peerID;
 
@@ -246,17 +255,17 @@ jpake_Round2(HASH_HashType hashType, CK_
         s.len = params->ulSharedKeyLen;
         gx3.data = params->gx3.pGX;
         gx3.len = params->gx3.ulGXLen;
         gx4.data = params->gx4.pGX;
         gx4.len = params->gx4.ulGXLen;
         pqg.base.data = NULL;
         x2s.data = NULL;
         crv = jpake_mapStatus(JPAKE_Round2(arena, &pqg.prime, &pqg.subPrime,
-                                           &gx1, &gx3, &gx4, &pqg.base, 
+                                           &gx1, &gx3, &gx4, &pqg.base,
                                            &x2, &s, &x2s),
                               CKR_MECHANISM_PARAM_INVALID);
     }
 
     /* Generate A=base^x2s and its zero-knowledge proof. */
     if (crv == CKR_OK)
         crv = jpake_Sign(arena, &pqg, hashType, &signerID, &x2s, &params->A);
 
@@ -276,45 +285,45 @@ jpake_Round2(HASH_HashType hashType, CK_
     if (crv == CKR_OK)
         crv = jpake_enforceKeyType(key, CKK_NSS_JPAKE_ROUND2);
 
     PORT_FreeArena(arena, PR_TRUE);
     return crv;
 }
 
 CK_RV
-jpake_Final(HASH_HashType hashType, const CK_NSS_JPAKEFinalParams * param,
-            SFTKObject * sourceKey, SFTKObject * key)
+jpake_Final(HASH_HashType hashType, const CK_NSS_JPAKEFinalParams *param,
+            SFTKObject *sourceKey, SFTKObject *key)
 {
-    PLArenaPool * arena;
+    PLArenaPool *arena;
     SECItem K;
     PQGParams pqg;
     CK_RV crv;
     SECItem peerID, signerID, x2s, x2, gx1, gx2, gx3, gx4;
     SFTKItemTemplate sourceAttrs[] = {
         { CKA_NSS_JPAKE_PEERID, &peerID },
         { CKA_NSS_JPAKE_SIGNERID, &signerID },
         { CKA_PRIME, &pqg.prime },
         { CKA_SUBPRIME, &pqg.subPrime },
-        { CKA_NSS_JPAKE_X2,  &x2  },
+        { CKA_NSS_JPAKE_X2, &x2 },
         { CKA_NSS_JPAKE_X2S, &x2s },
         { CKA_NSS_JPAKE_GX1, &gx1 },
         { CKA_NSS_JPAKE_GX2, &gx2 },
         { CKA_NSS_JPAKE_GX3, &gx3 },
         { CKA_NSS_JPAKE_GX4, &gx4 }
     };
 
     PORT_Assert(param != NULL);
     PORT_Assert(sourceKey != NULL);
     PORT_Assert(key != NULL);
 
     arena = PORT_NewArena(NSS_SOFTOKEN_DEFAULT_CHUNKSIZE);
     if (arena == NULL)
         crv = CKR_HOST_MEMORY;
-    
+
     /* TODO: verify key type CKK_NSS_JPAKE_ROUND2 */
 
     crv = sftk_MultipleAttribute2SecItem(arena, sourceKey, sourceAttrs,
                                          NUM_ELEM(sourceAttrs));
 
     /* Calculate base for B=base^x4s */
     if (crv == CKR_OK) {
         pqg.base.data = NULL;
--- a/lib/softoken/legacydb/cdbhdl.h
+++ b/lib/softoken/legacydb/cdbhdl.h
@@ -15,37 +15,37 @@
 
 /*
  * Handle structure for open certificate databases
  */
 struct NSSLOWCERTCertDBHandleStr {
     DB *permCertDB;
     PZMonitor *dbMon;
     PRBool dbVerify;
-    PRInt32  ref; /* reference count */
+    PRInt32 ref; /* reference count */
 };
 
 #ifdef DBM_USING_NSPR
-#define NO_RDONLY	PR_RDONLY
-#define NO_RDWR		PR_RDWR
-#define NO_CREATE	(PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE)
+#define NO_RDONLY PR_RDONLY
+#define NO_RDWR PR_RDWR
+#define NO_CREATE (PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE)
 #else
-#define NO_RDONLY	O_RDONLY
-#define NO_RDWR		O_RDWR
-#define NO_CREATE	(O_RDWR | O_CREAT | O_TRUNC)
+#define NO_RDONLY O_RDONLY
+#define NO_RDWR O_RDWR
+#define NO_CREATE (O_RDWR | O_CREAT | O_TRUNC)
 #endif
 
-typedef DB * (*rdbfunc)(const char *appName, const char *prefix, 
-				const char *type, int flags);
+typedef DB *(*rdbfunc)(const char *appName, const char *prefix,
+                       const char *type, int flags);
 typedef int (*rdbstatusfunc)(void);
 
 #define RDB_FAIL 1
 #define RDB_RETRY 2
 
-DB * rdbopen(const char *appName, const char *prefix, 
-				const char *type, int flags, int *status);
+DB *rdbopen(const char *appName, const char *prefix,
+            const char *type, int flags, int *status);
 
-DB *dbsopen (const char *dbname , int flags, int mode, DBTYPE type, 
-						const void * appData);
-SECStatus db_Copy(DB *dest,DB *src);
+DB *dbsopen(const char *dbname, int flags, int mode, DBTYPE type,
+            const void *appData);
+SECStatus db_Copy(DB *dest, DB *src);
 int db_InitComplete(DB *db);
 
 #endif
--- a/lib/softoken/legacydb/dbmshim.c
+++ b/lib/softoken/legacydb/dbmshim.c
@@ -23,54 +23,52 @@
  *   Byte 5       .                     |                        |
  *   Byte 6       .                     | BLOB_LENGTH_LEN        |
  *   Byte 7   MSB length                |                        |
  *   Byte 8   blob_filename   -+       -+  <-- BLOB_NAME_START   |
  *   Byte 9       .            | BLOB_NAME_LEN                   |
  *     .          .            |                                 |
  *   Byte 37      .           -+                                -+
  */
-#define DBS_BLOCK_SIZE (16*1024) /* 16 k */
+#define DBS_BLOCK_SIZE (16 * 1024)                   /* 16 k */
 #define DBS_MAX_ENTRY_SIZE (DBS_BLOCK_SIZE - (2048)) /* 14 k */
-#define DBS_CACHE_SIZE	DBS_BLOCK_SIZE*8
-#define ROUNDDIV(x,y) (x+(y-1))/y
+#define DBS_CACHE_SIZE DBS_BLOCK_SIZE * 8
+#define ROUNDDIV(x, y) (x + (y - 1)) / y
 #define BLOB_HEAD_LEN 4
 #define BLOB_LENGTH_START BLOB_HEAD_LEN
 #define BLOB_LENGTH_LEN 4
-#define BLOB_NAME_START BLOB_LENGTH_START+BLOB_LENGTH_LEN
-#define BLOB_NAME_LEN 1+ROUNDDIV(SHA1_LENGTH,3)*4+1
-#define BLOB_BUF_LEN BLOB_HEAD_LEN+BLOB_LENGTH_LEN+BLOB_NAME_LEN
+#define BLOB_NAME_START BLOB_LENGTH_START + BLOB_LENGTH_LEN
+#define BLOB_NAME_LEN 1 + ROUNDDIV(SHA1_LENGTH, 3) * 4 + 1
+#define BLOB_BUF_LEN BLOB_HEAD_LEN + BLOB_LENGTH_LEN + BLOB_NAME_LEN
 
 /* a Shim data structure. This data structure has a db built into it. */
 typedef struct DBSStr DBS;
 
 struct DBSStr {
     DB db;
     char *blobdir;
     int mode;
     PRBool readOnly;
     PRFileMap *dbs_mapfile;
     unsigned char *dbs_addr;
     PRUint32 dbs_len;
     char staticBlobArea[BLOB_BUF_LEN];
 };
-    
-    
 
 /*
  * return true if the Datablock contains a blobtype
  */
 static PRBool
 dbs_IsBlob(DBT *blobData)
 {
     unsigned char *addr = (unsigned char *)blobData->data;
     if (blobData->size < BLOB_BUF_LEN) {
-	return PR_FALSE;
+        return PR_FALSE;
     }
-    return addr && ((certDBEntryType) addr[1] == certDBEntryTypeBlob);
+    return addr && ((certDBEntryType)addr[1] == certDBEntryTypeBlob);
 }
 
 /*
  * extract the filename in the blob of the real data set.
  * This value is not malloced (does not need to be freed by the caller.
  */
 static const char *
 dbs_getBlobFileName(DBT *blobData)
@@ -83,125 +81,124 @@ dbs_getBlobFileName(DBT *blobData)
 /*
  * extract the size of the actual blob from the blob record
  */
 static PRUint32
 dbs_getBlobSize(DBT *blobData)
 {
     unsigned char *addr = (unsigned char *)blobData->data;
 
-    return (PRUint32)(addr[BLOB_LENGTH_START+3] << 24) | 
-			(addr[BLOB_LENGTH_START+2] << 16) | 
-			(addr[BLOB_LENGTH_START+1] << 8) | 
-			addr[BLOB_LENGTH_START];
+    return (PRUint32)(addr[BLOB_LENGTH_START + 3] << 24) |
+           (addr[BLOB_LENGTH_START + 2] << 16) |
+           (addr[BLOB_LENGTH_START + 1] << 8) |
+           addr[BLOB_LENGTH_START];
 }
 
-
 /* We are using base64 data for the filename, but base64 data can include a
  * '/' which is interpreted as a path separator on  many platforms. Replace it
  * with an inocuous '-'. We don't need to convert back because we never actual
  * decode the filename.
  */
 
 static void
 dbs_replaceSlash(char *cp, int len)
 {
-   while (len--) {
-	if (*cp == '/') *cp = '-';
-	cp++;
-   }
+    while (len--) {
+        if (*cp == '/')
+            *cp = '-';
+        cp++;
+    }
 }
 
 /*
  * create a blob record from a key, data and return it in blobData.
  * NOTE: The data element is static data (keeping with the dbm model).
  */
 static void
-dbs_mkBlob(DBS *dbsp,const DBT *key, const DBT *data, DBT *blobData)
+dbs_mkBlob(DBS *dbsp, const DBT *key, const DBT *data, DBT *blobData)
 {
-   unsigned char sha1_data[SHA1_LENGTH];
-   char *b = dbsp->staticBlobArea;
-   PRUint32 length = data->size;
-   SECItem sha1Item;
+    unsigned char sha1_data[SHA1_LENGTH];
+    char *b = dbsp->staticBlobArea;
+    PRUint32 length = data->size;
+    SECItem sha1Item;
 
-   b[0] = CERT_DB_FILE_VERSION; /* certdb version number */
-   b[1] = (char) certDBEntryTypeBlob; /* type */
-   b[2] = 0; /* flags */
-   b[3] = 0; /* reserved */
-   b[BLOB_LENGTH_START] = length & 0xff;
-   b[BLOB_LENGTH_START+1] = (length >> 8) & 0xff;
-   b[BLOB_LENGTH_START+2] = (length >> 16) & 0xff;
-   b[BLOB_LENGTH_START+3] = (length >> 24) & 0xff;
-   sha1Item.data = sha1_data;
-   sha1Item.len = SHA1_LENGTH;
-   SHA1_HashBuf(sha1_data,key->data,key->size);
-   b[BLOB_NAME_START]='b'; /* Make sure we start with a alpha */
-   NSSBase64_EncodeItem(NULL,&b[BLOB_NAME_START+1],BLOB_NAME_LEN-1,&sha1Item);
-   b[BLOB_BUF_LEN-1] = 0;
-   dbs_replaceSlash(&b[BLOB_NAME_START+1],BLOB_NAME_LEN-1);
-   blobData->data = b;
-   blobData->size = BLOB_BUF_LEN;
-   return;
+    b[0] = CERT_DB_FILE_VERSION;      /* certdb version number */
+    b[1] = (char)certDBEntryTypeBlob; /* type */
+    b[2] = 0;                         /* flags */
+    b[3] = 0;                         /* reserved */
+    b[BLOB_LENGTH_START] = length & 0xff;
+    b[BLOB_LENGTH_START + 1] = (length >> 8) & 0xff;
+    b[BLOB_LENGTH_START + 2] = (length >> 16) & 0xff;
+    b[BLOB_LENGTH_START + 3] = (length >> 24) & 0xff;
+    sha1Item.data = sha1_data;
+    sha1Item.len = SHA1_LENGTH;
+    SHA1_HashBuf(sha1_data, key->data, key->size);
+    b[BLOB_NAME_START] = 'b'; /* Make sure we start with a alpha */
+    NSSBase64_EncodeItem(NULL, &b[BLOB_NAME_START + 1], BLOB_NAME_LEN - 1, &sha1Item);
+    b[BLOB_BUF_LEN - 1] = 0;
+    dbs_replaceSlash(&b[BLOB_NAME_START + 1], BLOB_NAME_LEN - 1);
+    blobData->data = b;
+    blobData->size = BLOB_BUF_LEN;
+    return;
 }
-   
 
 /*
  * construct a path to the actual blob. The string returned must be
  * freed by the caller with PR_smprintf_free.
  *
  * Note: this file does lots of consistancy checks on the DBT. The
  * routines that call this depend on these checks, so they don't worry
  * about them (success of this routine implies a good blobdata record).
- */ 
+ */
 static char *
-dbs_getBlobFilePath(char *blobdir,DBT *blobData)
+dbs_getBlobFilePath(char *blobdir, DBT *blobData)
 {
     const char *name;
 
     if (blobdir == NULL) {
-	PR_SetError(SEC_ERROR_BAD_DATABASE,0);
-	return NULL;
+        PR_SetError(SEC_ERROR_BAD_DATABASE, 0);
+        return NULL;
     }
     if (!dbs_IsBlob(blobData)) {
-	PR_SetError(SEC_ERROR_BAD_DATABASE,0);
-	return NULL;
+        PR_SetError(SEC_ERROR_BAD_DATABASE, 0);
+        return NULL;
     }
     name = dbs_getBlobFileName(blobData);
     if (!name || *name == 0) {
-	PR_SetError(SEC_ERROR_BAD_DATABASE,0);
-	return NULL;
+        PR_SetError(SEC_ERROR_BAD_DATABASE, 0);
+        return NULL;
     }
-    return  PR_smprintf("%s" PATH_SEPARATOR "%s", blobdir, name);
+    return PR_smprintf("%s" PATH_SEPARATOR "%s", blobdir, name);
 }
 
 /*
  * Delete a blob file pointed to by the blob record.
  */
 static void
 dbs_removeBlob(DBS *dbsp, DBT *blobData)
 {
     char *file;
 
     file = dbs_getBlobFilePath(dbsp->blobdir, blobData);
     if (!file) {
-	return;
+        return;
     }
     PR_Delete(file);
     PR_smprintf_free(file);
 }
 
 /*
  * Directory modes are slightly different, the 'x' bit needs to be on to
  * access them. Copy all the read bits to 'x' bits
  */
 static int
 dbs_DirMode(int mode)
 {
-  int x_bits = (mode >> 2) &  0111;
-  return mode | x_bits;
+    int x_bits = (mode >> 2) & 0111;
+    return mode | x_bits;
 }
 
 /*
  * write a data blob to it's file. blobdData is the blob record that will be
  * stored in the database. data is the actual data to go out on disk.
  */
 static int
 dbs_writeBlob(DBS *dbsp, int mode, DBT *blobData, const DBT *data)
@@ -209,74 +206,73 @@ dbs_writeBlob(DBS *dbsp, int mode, DBT *
     char *file = NULL;
     PRFileDesc *filed;
     PRStatus status;
     int len;
     int error = 0;
 
     file = dbs_getBlobFilePath(dbsp->blobdir, blobData);
     if (!file) {
-	goto loser;
+        goto loser;
     }
     if (PR_Access(dbsp->blobdir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
-	status = PR_MkDir(dbsp->blobdir,dbs_DirMode(mode));
-	if (status != PR_SUCCESS) {
-	    goto loser;
-	}
+        status = PR_MkDir(dbsp->blobdir, dbs_DirMode(mode));
+        if (status != PR_SUCCESS) {
+            goto loser;
+        }
     }
-    filed = PR_OpenFile(file,PR_CREATE_FILE|PR_TRUNCATE|PR_WRONLY, mode);
+    filed = PR_OpenFile(file, PR_CREATE_FILE | PR_TRUNCATE | PR_WRONLY, mode);
     if (filed == NULL) {
-	error = PR_GetError();
-	goto loser;
+        error = PR_GetError();
+        goto loser;
     }
-    len = PR_Write(filed,data->data,data->size);
+    len = PR_Write(filed, data->data, data->size);
     error = PR_GetError();
     PR_Close(filed);
     if (len < (int)data->size) {
-	goto loser;
+        goto loser;
     }
     PR_smprintf_free(file);
     return 0;
 
 loser:
     if (file) {
-	PR_Delete(file);
-	PR_smprintf_free(file);
+        PR_Delete(file);
+        PR_smprintf_free(file);
     }
     /* don't let close or delete reset the error */
-    PR_SetError(error,0);
+    PR_SetError(error, 0);
     return -1;
 }
 
-
 /*
  * we need to keep a address map in memory between calls to DBM.
  * remember what we have mapped can close it when we get another dbm
- * call. 
+ * call.
  *
  * NOTE: Not all platforms support mapped files. This code is designed to
  * detect this at runtime. If map files aren't supported the OS will indicate
  * this by failing the PR_Memmap call. In this case we emulate mapped files
  * by just reading in the file into regular memory. We signal this state by
  * making dbs_mapfile NULL and dbs_addr non-NULL.
  */
 
 static void
 dbs_freemap(DBS *dbsp)
 {
     if (dbsp->dbs_mapfile) {
-	PR_MemUnmap(dbsp->dbs_addr,dbsp->dbs_len);
-	PR_CloseFileMap(dbsp->dbs_mapfile);
-	dbsp->dbs_mapfile = NULL;
-	dbsp->dbs_addr = NULL;
-	dbsp->dbs_len = 0;
+        PR_MemUnmap(dbsp->dbs_addr, dbsp->dbs_len);
+        PR_CloseFileMap(dbsp->dbs_mapfile);
+        dbsp->dbs_mapfile = NULL;
+        dbsp->dbs_addr = NULL;
+        dbsp->dbs_len = 0;
     } else if (dbsp->dbs_addr) {
-	PORT_Free(dbsp->dbs_addr);
-	dbsp->dbs_addr = NULL;
-	dbsp->dbs_len = 0;
+        PORT_Free(dbsp->dbs_addr);
+        dbsp->dbs_addr = NULL;
+        dbsp->dbs_len = 0;
     }
     return;
 }
 
 static void
 dbs_setmap(DBS *dbsp, PRFileMap *mapfile, unsigned char *addr, PRUint32 len)
 {
     dbsp->dbs_mapfile = mapfile;
@@ -290,33 +286,32 @@ dbs_setmap(DBS *dbsp, PRFileMap *mapfile
 static unsigned char *
 dbs_EmulateMap(PRFileDesc *filed, int len)
 {
     unsigned char *addr;
     PRInt32 dataRead;
 
     addr = PORT_Alloc(len);
     if (addr == NULL) {
-	return NULL;
+        return NULL;
     }
 
-    dataRead = PR_Read(filed,addr,len);
+    dataRead = PR_Read(filed, addr, len);
     if (dataRead != len) {
-	PORT_Free(addr);
-	if (dataRead > 0) {
-	    /* PR_Read didn't set an error, we need to */
-	    PR_SetError(SEC_ERROR_BAD_DATABASE,0);
-	}
-	return NULL;
+        PORT_Free(addr);
+        if (dataRead > 0) {
+            /* PR_Read didn't set an error, we need to */
+            PR_SetError(SEC_ERROR_BAD_DATABASE, 0);
+        }
+        return NULL;
     }
 
     return addr;
 }
 
-
 /*
  * pull a database record off the disk
  * data points to the blob record on input and the real record (if we could
  * read it) on output. if there is an error data is not modified.
  */
 static int
 dbs_readBlob(DBS *dbsp, DBT *data)
 {
@@ -324,288 +319,288 @@ dbs_readBlob(DBS *dbsp, DBT *data)
     PRFileDesc *filed = NULL;
     PRFileMap *mapfile = NULL;
     unsigned char *addr = NULL;
     int error;
     int len = -1;
 
     file = dbs_getBlobFilePath(dbsp->blobdir, data);
     if (!file) {
-	goto loser;
+        goto loser;
     }
-    filed = PR_OpenFile(file,PR_RDONLY,0);
-    PR_smprintf_free(file); file = NULL;
+    filed = PR_OpenFile(file, PR_RDONLY, 0);
+    PR_smprintf_free(file);
+    file = NULL;
     if (filed == NULL) {
-	goto loser;
+        goto loser;
     }
 
     len = dbs_getBlobSize(data);
     mapfile = PR_CreateFileMap(filed, len, PR_PROT_READONLY);
     if (mapfile == NULL) {
-	 /* USE PR_GetError instead of PORT_GetError here
-	  * because we are getting the error from PR_xxx
-	  * function */
-	if (PR_GetError() != PR_NOT_IMPLEMENTED_ERROR) {
-	    goto loser;
-	}
-	addr = dbs_EmulateMap(filed, len);
+        /* USE PR_GetError instead of PORT_GetError here
+	     * because we are getting the error from PR_xxx
+	     * function */
+        if (PR_GetError() != PR_NOT_IMPLEMENTED_ERROR) {
+            goto loser;
+        }
+        addr = dbs_EmulateMap(filed, len);
     } else {
-	addr = PR_MemMap(mapfile, 0, len);
+        addr = PR_MemMap(mapfile, 0, len);
     }
     if (addr == NULL) {
-	goto loser;
+        goto loser;
     }
     PR_Close(filed);
-    dbs_setmap(dbsp,mapfile,addr,len);
+    dbs_setmap(dbsp, mapfile, addr, len);
 
     data->data = addr;
     data->size = len;
     return 0;
 
 loser:
     /* preserve the error code */
     error = PR_GetError();
     if (mapfile) {
-	PR_CloseFileMap(mapfile);
+        PR_CloseFileMap(mapfile);
     }
     if (filed) {
-	PR_Close(filed);
+        PR_Close(filed);
     }
-    PR_SetError(error,0);
+    PR_SetError(error, 0);
     return -1;
 }
 
 /*
  * actual DBM shims
  */
 static int
 dbs_get(const DB *dbs, const DBT *key, DBT *data, unsigned int flags)
 {
     int ret;
     DBS *dbsp = (DBS *)dbs;
     DB *db = (DB *)dbs->internal;
-    
 
     dbs_freemap(dbsp);
-    
-    ret = (* db->get)(db, key, data, flags);
+
+    ret = (*db->get)(db, key, data, flags);
     if ((ret == 0) && dbs_IsBlob(data)) {
-	ret = dbs_readBlob(dbsp,data);
+        ret = dbs_readBlob(dbsp, data);
     }
 
-    return(ret);
+    return (ret);
 }
 
 static int
 dbs_put(const DB *dbs, DBT *key, const DBT *data, unsigned int flags)
 {
     DBT blob;
     int ret = 0;
     DBS *dbsp = (DBS *)dbs;
     DB *db = (DB *)dbs->internal;
 
     dbs_freemap(dbsp);
 
     /* If the db is readonly, just pass the data down to rdb and let it fail */
     if (!dbsp->readOnly) {
-	DBT oldData;
-	int ret1;
+        DBT oldData;
+        int ret1;
 
-	/* make sure the current record is deleted if it's a blob */
-	ret1 = (*db->get)(db,key,&oldData,0);
+        /* make sure the current record is deleted if it's a blob */
+        ret1 = (*db->get)(db, key, &oldData, 0);
         if ((ret1 == 0) && flags == R_NOOVERWRITE) {
-	    /* let DBM return the error to maintain consistancy */
-	    return (* db->put)(db, key, data, flags);
-	}
-	if ((ret1 == 0) && dbs_IsBlob(&oldData)) {
-	    dbs_removeBlob(dbsp, &oldData);
-	}
+            /* let DBM return the error to maintain consistancy */
+            return (*db->put)(db, key, data, flags);
+        }
+        if ((ret1 == 0) && dbs_IsBlob(&oldData)) {
+            dbs_removeBlob(dbsp, &oldData);
+        }
 
-	if (data->size > DBS_MAX_ENTRY_SIZE) {
-	    dbs_mkBlob(dbsp,key,data,&blob);
-	    ret = dbs_writeBlob(dbsp, dbsp->mode, &blob, data);
-	    data = &blob;
-	}
+        if (data->size > DBS_MAX_ENTRY_SIZE) {
+            dbs_mkBlob(dbsp, key, data, &blob);
+            ret = dbs_writeBlob(dbsp, dbsp->mode, &blob, data);
+            data = &blob;
+        }
     }
 
     if (ret == 0) {
-	ret = (* db->put)(db, key, data, flags);
+        ret = (*db->put)(db, key, data, flags);
     }
-    return(ret);
+    return (ret);
 }
 
 static int
 dbs_sync(const DB *dbs, unsigned int flags)
 {
     DB *db = (DB *)dbs->internal;
     DBS *dbsp = (DBS *)dbs;
 
     dbs_freemap(dbsp);
 
-    return (* db->sync)(db, flags);
+    return (*db->sync)(db, flags);
 }
 
 static int
 dbs_del(const DB *dbs, const DBT *key, unsigned int flags)
 {
     int ret;
     DBS *dbsp = (DBS *)dbs;
     DB *db = (DB *)dbs->internal;
 
     dbs_freemap(dbsp);
 
     if (!dbsp->readOnly) {
-	DBT oldData;
-	ret = (*db->get)(db,key,&oldData,0);
-	if ((ret == 0) && dbs_IsBlob(&oldData)) {
-	    dbs_removeBlob(dbsp,&oldData);
-	}
+        DBT oldData;
+        ret = (*db->get)(db, key, &oldData, 0);
+        if ((ret == 0) && dbs_IsBlob(&oldData)) {
+            dbs_removeBlob(dbsp, &oldData);
+        }
     }
 
-    return (* db->del)(db, key, flags);
+    return (*db->del)(db, key, flags);
 }
 
 static int
 dbs_seq(const DB *dbs, DBT *key, DBT *data, unsigned int flags)
 {
     int ret;
     DBS *dbsp = (DBS *)dbs;
     DB *db = (DB *)dbs->internal;
-    
+
     dbs_freemap(dbsp);
-    
-    ret = (* db->seq)(db, key, data, flags);
+
+    ret = (*db->seq)(db, key, data, flags);
     if ((ret == 0) && dbs_IsBlob(data)) {
-	/* don't return a blob read as an error so traversals keep going */
-	(void) dbs_readBlob(dbsp,data);
+        /* don't return a blob read as an error so traversals keep going */
+        (void)dbs_readBlob(dbsp, data);
     }
 
-    return(ret);
+    return (ret);
 }
 
 static int
 dbs_close(DB *dbs)
 {
     DBS *dbsp = (DBS *)dbs;
     DB *db = (DB *)dbs->internal;
     int ret;
 
     dbs_freemap(dbsp);
-    ret = (* db->close)(db);
+    ret = (*db->close)(db);
     PORT_Free(dbsp->blobdir);
     PORT_Free(dbsp);
     return ret;
 }
 
 static int
 dbs_fd(const DB *dbs)
 {
     DB *db = (DB *)dbs->internal;
 
-    return (* db->fd)(db);
+    return (*db->fd)(db);
 }
 
 /*
  * the naming convention we use is
  * change the .xxx into .dir. (for nss it's always .db);
- * if no .extension exists or is equal to .dir, add a .dir 
+ * if no .extension exists or is equal to .dir, add a .dir
  * the returned data must be freed.
  */
 #define DIRSUFFIX ".dir"
 static char *
 dbs_mkBlobDirName(const char *dbname)
 {
     int dbname_len = PORT_Strlen(dbname);
     int dbname_end = dbname_len;
     const char *cp;
     char *blobDir = NULL;
 
     /* scan back from the end looking for either a directory separator, a '.',
      * or the end of the string. NOTE: Windows should check for both separators
      * here. For now this is safe because we know NSS always uses a '.'
      */
-    for (cp = &dbname[dbname_len]; 
-		(cp > dbname) && (*cp != '.') && (*cp != *PATH_SEPARATOR) ;
-			cp--)
-	/* Empty */ ;
+    for (cp = &dbname[dbname_len];
+         (cp > dbname) && (*cp != '.') && (*cp != *PATH_SEPARATOR);
+         cp--)
+        /* Empty */;
     if (*cp == '.') {
-	dbname_end = cp - dbname;
-	if (PORT_Strcmp(cp,DIRSUFFIX) == 0) {
-	    dbname_end = dbname_len;
-	}
+        dbname_end = cp - dbname;
+        if (PORT_Strcmp(cp, DIRSUFFIX) == 0) {
+            dbname_end = dbname_len;
+        }
     }
-    blobDir = PORT_ZAlloc(dbname_end+sizeof(DIRSUFFIX));
+    blobDir = PORT_ZAlloc(dbname_end + sizeof(DIRSUFFIX));
     if (blobDir == NULL) {
-	return NULL;
+        return NULL;
     }
-    PORT_Memcpy(blobDir,dbname,dbname_end);
-    PORT_Memcpy(&blobDir[dbname_end],DIRSUFFIX,sizeof(DIRSUFFIX));
+    PORT_Memcpy(blobDir, dbname, dbname_end);
+    PORT_Memcpy(&blobDir[dbname_end], DIRSUFFIX, sizeof(DIRSUFFIX));
     return blobDir;
 }
 
 #define DBM_DEFAULT 0
 static const HASHINFO dbs_hashInfo = {
-	DBS_BLOCK_SIZE,		/* bucket size, must be greater than = to
-				 * or maximum entry size (+ header)
-				 * we allow before blobing */
-	DBM_DEFAULT,		/* Fill Factor */
-	DBM_DEFAULT,		/* number of elements */
-	DBS_CACHE_SIZE,		/* cache size */
-	DBM_DEFAULT,		/* hash function */
-	DBM_DEFAULT,		/* byte order */
+    DBS_BLOCK_SIZE, /* bucket size, must be greater than = to
+				     * or maximum entry size (+ header)
+				     * we allow before blobing */
+    DBM_DEFAULT,    /* Fill Factor */
+    DBM_DEFAULT,    /* number of elements */
+    DBS_CACHE_SIZE, /* cache size */
+    DBM_DEFAULT,    /* hash function */
+    DBM_DEFAULT,    /* byte order */
 };
 
 /*
  * the open function. NOTE: this is the only exposed function in this file.
  * everything else is called through the function table pointer.
  */
 DB *
 dbsopen(const char *dbname, int flags, int mode, DBTYPE type,
-							 const void *userData)
+        const void *userData)
 {
-    DB *db = NULL,*dbs = NULL;
+    DB *db = NULL, *dbs = NULL;
     DBS *dbsp = NULL;
 
     /* NOTE: we are overriding userData with dbs_hashInfo. since all known
      * callers pass 0, this is ok, otherwise we should merge the two */
 
     dbsp = (DBS *)PORT_ZAlloc(sizeof(DBS));
     if (!dbsp) {
-	return NULL;
+        return NULL;
     }
     dbs = &dbsp->db;
 
-    dbsp->blobdir=dbs_mkBlobDirName(dbname);
+    dbsp->blobdir = dbs_mkBlobDirName(dbname);
     if (dbsp->blobdir == NULL) {
-	goto loser;
+        goto loser;
     }
     dbsp->mode = mode;
     dbsp->readOnly = (PRBool)(flags == NO_RDONLY);
     dbsp->dbs_mapfile = NULL;
     dbsp->dbs_addr = NULL;
     dbsp->dbs_len = 0;
 
     /* the real dbm call */
     db = dbopen(dbname, flags, mode, type, &dbs_hashInfo);
     if (db == NULL) {
-	goto loser;
+        goto loser;
     }
-    dbs->internal = (void *) db;
+    dbs->internal = (void *)db;
     dbs->type = type;
     dbs->close = dbs_close;
     dbs->get = dbs_get;
     dbs->del = dbs_del;
     dbs->put = dbs_put;
     dbs->seq = dbs_seq;
     dbs->sync = dbs_sync;
     dbs->fd = dbs_fd;
 
     return dbs;
 loser:
     if (db) {
-	(*db->close)(db);
+        (*db->close)(db);
     }
     if (dbsp->blobdir) {
         PORT_Free(dbsp->blobdir);
     }
     PORT_Free(dbsp);
     return NULL;
 }
--- a/lib/softoken/legacydb/keydb.c
+++ b/lib/softoken/legacydb/keydb.c
@@ -15,115 +15,114 @@
 #include "keydbi.h"
 #include "lgdb.h"
 
 /*
  * Record keys for keydb
  */
 #define SALT_STRING "global-salt"
 #define VERSION_STRING "Version"
-#define KEYDB_PW_CHECK_STRING	"password-check"
-#define KEYDB_PW_CHECK_LEN	14
-#define KEYDB_FAKE_PW_CHECK_STRING	"fake-password-check"
-#define KEYDB_FAKE_PW_CHECK_LEN	19
+#define KEYDB_PW_CHECK_STRING "password-check"
+#define KEYDB_PW_CHECK_LEN 14
+#define KEYDB_FAKE_PW_CHECK_STRING "fake-password-check"
+#define KEYDB_FAKE_PW_CHECK_LEN 19
 
 /* Size of the global salt for key database */
-#define SALT_LENGTH     16
+#define SALT_LENGTH 16
 
 SEC_ASN1_MKSUB(SECOID_AlgorithmIDTemplate)
 
 const SEC_ASN1Template nsslowkey_EncryptedPrivateKeyInfoTemplate[] = {
     { SEC_ASN1_SEQUENCE,
-	0, NULL, sizeof(NSSLOWKEYEncryptedPrivateKeyInfo) },
+      0, NULL, sizeof(NSSLOWKEYEncryptedPrivateKeyInfo) },
     { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
-	offsetof(NSSLOWKEYEncryptedPrivateKeyInfo,algorithm),
-	SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+      offsetof(NSSLOWKEYEncryptedPrivateKeyInfo, algorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
     { SEC_ASN1_OCTET_STRING,
-	offsetof(NSSLOWKEYEncryptedPrivateKeyInfo,encryptedData) },
+      offsetof(NSSLOWKEYEncryptedPrivateKeyInfo, encryptedData) },
     { 0 }
 };
 
 const SEC_ASN1Template nsslowkey_PointerToEncryptedPrivateKeyInfoTemplate[] = {
-	{ SEC_ASN1_POINTER, 0, nsslowkey_EncryptedPrivateKeyInfoTemplate }
+    { SEC_ASN1_POINTER, 0, nsslowkey_EncryptedPrivateKeyInfoTemplate }
 };
 
-
 /* ====== Default key databse encryption algorithm ====== */
 static void
 sec_destroy_dbkey(NSSLOWKEYDBKey *dbkey)
 {
-    if ( dbkey && dbkey->arena ) {
-	PORT_FreeArena(dbkey->arena, PR_FALSE);
+    if (dbkey && dbkey->arena) {
+        PORT_FreeArena(dbkey->arena, PR_FALSE);
     }
 }
 
 static void
 free_dbt(DBT *dbt)
 {
-    if ( dbt ) {
-	PORT_Free(dbt->data);
-	PORT_Free(dbt);
+    if (dbt) {
+        PORT_Free(dbt->data);
+        PORT_Free(dbt);
     }
-    
+
     return;
 }
 
-static int keydb_Get(NSSLOWKEYDBHandle *db, DBT *key, DBT *data, 
-		     unsigned int flags);
-static int keydb_Put(NSSLOWKEYDBHandle *db, DBT *key, DBT *data, 
-		     unsigned int flags);
+static int keydb_Get(NSSLOWKEYDBHandle *db, DBT *key, DBT *data,
+                     unsigned int flags);
+static int keydb_Put(NSSLOWKEYDBHandle *db, DBT *key, DBT *data,
+                     unsigned int flags);
 static int keydb_Sync(NSSLOWKEYDBHandle *db, unsigned int flags);
 static int keydb_Del(NSSLOWKEYDBHandle *db, DBT *key, unsigned int flags);
-static int keydb_Seq(NSSLOWKEYDBHandle *db, DBT *key, DBT *data, 
-		     unsigned int flags);
+static int keydb_Seq(NSSLOWKEYDBHandle *db, DBT *key, DBT *data,
+                     unsigned int flags);
 static void keydb_Close(NSSLOWKEYDBHandle *db);
 
 /*
  * format of key database entries for version 3 of database:
- *	byte offset	field
- *	-----------	-----
- *	0		version
- *	1		salt-len
- *	2		nn-len
- *	3..		salt-data
- *	...		nickname
- *	...		encrypted-key-data
+ *  byte offset field
+ *  ----------- -----
+ *  0       version
+ *  1       salt-len
+ *  2       nn-len
+ *  3..     salt-data
+ *  ...     nickname
+ *  ...     encrypted-key-data
  */
 static DBT *
-encode_dbkey(NSSLOWKEYDBKey *dbkey,unsigned char version)
+encode_dbkey(NSSLOWKEYDBKey *dbkey, unsigned char version)
 {
     DBT *bufitem = NULL;
     unsigned char *buf;
     int nnlen;
     char *nn;
-    
+
     bufitem = (DBT *)PORT_ZAlloc(sizeof(DBT));
-    if ( bufitem == NULL ) {
-	goto loser;
+    if (bufitem == NULL) {
+        goto loser;
     }
-    
-    if ( dbkey->nickname ) {
-	nn = dbkey->nickname;
-	nnlen = PORT_Strlen(nn) + 1;
+
+    if (dbkey->nickname) {
+        nn = dbkey->nickname;
+        nnlen = PORT_Strlen(nn) + 1;
     } else {
-	nn = "";
-	nnlen = 1;
+        nn = "";
+        nnlen = 1;
     }
-    
+
     /* compute the length of the record */
     /* 1 + 1 + 1 == version number header + salt length + nn len */
     bufitem->size = dbkey->salt.len + nnlen + dbkey->derPK.len + 1 + 1 + 1;
-    
+
     bufitem->data = (void *)PORT_ZAlloc(bufitem->size);
-    if ( bufitem->data == NULL ) {
-	goto loser;
+    if (bufitem->data == NULL) {
+        goto loser;
     }
 
     buf = (unsigned char *)bufitem->data;
-    
+
     /* set version number */
     buf[0] = version;
 
     /* set length of salt */
     PORT_Assert(dbkey->salt.len < 256);
     buf[1] = dbkey->salt.len;
 
     /* set length of nickname */
@@ -133,207 +132,207 @@ encode_dbkey(NSSLOWKEYDBKey *dbkey,unsig
     /* copy salt */
     PORT_Memcpy(&buf[3], dbkey->salt.data, dbkey->salt.len);
 
     /* copy nickname */
     PORT_Memcpy(&buf[3 + dbkey->salt.len], nn, nnlen);
 
     /* copy encrypted key */
     PORT_Memcpy(&buf[3 + dbkey->salt.len + nnlen], dbkey->derPK.data,
-	      dbkey->derPK.len);
-    
-    return(bufitem);
-    
+                dbkey->derPK.len);
+
+    return (bufitem);
+
 loser:
-    if ( bufitem ) {
-	free_dbt(bufitem);
+    if (bufitem) {
+        free_dbt(bufitem);
     }
-    
-    return(NULL);
+
+    return (NULL);
 }
 
 static NSSLOWKEYDBKey *
 decode_dbkey(DBT *bufitem, int expectedVersion)
 {
     NSSLOWKEYDBKey *dbkey;
     PLArenaPool *arena = NULL;
     unsigned char *buf;
     int version;
     int keyoff;
     int nnlen;
     int saltoff;
-    
+
     buf = (unsigned char *)bufitem->data;
 
     version = buf[0];
-    
-    if ( version != expectedVersion ) {
-	goto loser;
+
+    if (version != expectedVersion) {
+        goto loser;
     }
-    
+
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
-    if ( arena == NULL ) {
-	goto loser;
+    if (arena == NULL) {
+        goto loser;
     }
-    
+
     dbkey = (NSSLOWKEYDBKey *)PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYDBKey));
-    if ( dbkey == NULL ) {
-	goto loser;
+    if (dbkey == NULL) {
+        goto loser;
     }
 
     dbkey->arena = arena;
     dbkey->salt.data = NULL;
     dbkey->derPK.data = NULL;
-    
+
     dbkey->salt.len = buf[1];
     dbkey->salt.data = (unsigned char *)PORT_ArenaZAlloc(arena, dbkey->salt.len);
-    if ( dbkey->salt.data == NULL ) {
-	goto loser;
+    if (dbkey->salt.data == NULL) {
+        goto loser;
     }
 
     saltoff = 2;
     keyoff = 2 + dbkey->salt.len;
-    
-    if ( expectedVersion >= 3 ) {
-	nnlen = buf[2];
-	if ( nnlen ) {
-	    dbkey->nickname = (char *)PORT_ArenaZAlloc(arena, nnlen + 1);
-	    if ( dbkey->nickname ) {
-		PORT_Memcpy(dbkey->nickname, &buf[keyoff+1], nnlen);
-	    }
-	}
-	keyoff += ( nnlen + 1 );
-	saltoff = 3;
+
+    if (expectedVersion >= 3) {
+        nnlen = buf[2];
+        if (nnlen) {
+            dbkey->nickname = (char *)PORT_ArenaZAlloc(arena, nnlen + 1);
+            if (dbkey->nickname) {
+                PORT_Memcpy(dbkey->nickname, &buf[keyoff + 1], nnlen);
+            }
+        }
+        keyoff += (nnlen + 1);
+        saltoff = 3;
     }
 
     PORT_Memcpy(dbkey->salt.data, &buf[saltoff], dbkey->salt.len);
-    
+
     dbkey->derPK.len = bufitem->size - keyoff;
-    dbkey->derPK.data = (unsigned char *)PORT_ArenaZAlloc(arena,dbkey->derPK.len);
-    if ( dbkey->derPK.data == NULL ) {
-	goto loser;
+    dbkey->derPK.data = (unsigned char *)PORT_ArenaZAlloc(arena, dbkey->derPK.len);
+    if (dbkey->derPK.data == NULL) {
+        goto loser;
     }
-    
+
     PORT_Memcpy(dbkey->derPK.data, &buf[keyoff], dbkey->derPK.len);
-    
-    return(dbkey);
-    
+
+    return (dbkey);
+
 loser:
 
-    if ( arena ) {
-	PORT_FreeArena(arena, PR_FALSE);
+    if (arena) {
+        PORT_FreeArena(arena, PR_FALSE);
     }
-    
-    return(NULL);
+
+    return (NULL);
 }
 
 static NSSLOWKEYDBKey *
 get_dbkey(NSSLOWKEYDBHandle *handle, DBT *index)
 {
     NSSLOWKEYDBKey *dbkey;
     DBT entry;
     int ret;
-    
+
     /* get it from the database */
     ret = keydb_Get(handle, index, &entry, 0);
-    if ( ret ) {
-	PORT_SetError(SEC_ERROR_BAD_DATABASE);
-	return NULL;
+    if (ret) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return NULL;
     }
 
     /* set up dbkey struct */
 
     dbkey = decode_dbkey(&entry, handle->version);
 
-    return(dbkey);
+    return (dbkey);
 }
 
 static SECStatus
 put_dbkey(NSSLOWKEYDBHandle *handle, DBT *index, NSSLOWKEYDBKey *dbkey, PRBool update)
 {
     DBT *keydata = NULL;
     int status;
-    
+
     keydata = encode_dbkey(dbkey, handle->version);
-    if ( keydata == NULL ) {
-	goto loser;
+    if (keydata == NULL) {
+        goto loser;
     }
-    
+
     /* put it in the database */
-    if ( update ) {
-	status = keydb_Put(handle, index, keydata, 0);
+    if (update) {
+        status = keydb_Put(handle, index, keydata, 0);
     } else {
-	status = keydb_Put(handle, index, keydata, R_NOOVERWRITE);
+        status = keydb_Put(handle, index, keydata, R_NOOVERWRITE);
     }
-    
-    if ( status ) {
-	goto loser;
+
+    if (status) {
+        goto loser;
     }
 
     /* sync the database */
     status = keydb_Sync(handle, 0);
-    if ( status ) {
-	goto loser;
+    if (status) {
+        goto loser;
     }
 
     free_dbt(keydata);
-    return(SECSuccess);
+    return (SECSuccess);
 
 loser:
-    if ( keydata ) {
-	free_dbt(keydata);
+    if (keydata) {
+        free_dbt(keydata);
     }
-    
-    return(SECFailure);
+
+    return (SECFailure);
 }
 
 SECStatus
-nsslowkey_TraverseKeys(NSSLOWKEYDBHandle *handle, 
-		 SECStatus (* keyfunc)(DBT *k, DBT *d, void *pdata),
-		 void *udata )
+nsslowkey_TraverseKeys(NSSLOWKEYDBHandle *handle,
+                       SECStatus (*keyfunc)(DBT *k, DBT *d, void *pdata),
+                       void *udata)
 {
     DBT data;
     DBT key;
     SECStatus status;
     int ret;
 
     if (handle == NULL) {
-	return(SECFailure);
+        return (SECFailure);
     }
 
     ret = keydb_Seq(handle, &key, &data, R_FIRST);
-    if ( ret ) {
-	return(SECFailure);
+    if (ret) {
+        return (SECFailure);
     }
-    
+
     do {
-	/* skip version record */
-	if ( data.size > 1 ) {
-	    if ( key.size == ( sizeof(SALT_STRING) - 1 ) ) {
-		if ( PORT_Memcmp(key.data, SALT_STRING, key.size) == 0 ) {
-		    continue;
-		}
-	    }
+        /* skip version record */
+        if (data.size > 1) {
+            if (key.size == (sizeof(SALT_STRING) - 1)) {
+                if (PORT_Memcmp(key.data, SALT_STRING, key.size) == 0) {
+                    continue;
+                }
+            }
 
-	    /* skip password check */
-	    if ( key.size == KEYDB_PW_CHECK_LEN ) {
-		if ( PORT_Memcmp(key.data, KEYDB_PW_CHECK_STRING,
-				 KEYDB_PW_CHECK_LEN) == 0 ) {
-		    continue;
-		}
-	    }
-	    
-	    status = (* keyfunc)(&key, &data, udata);
-	    if (status != SECSuccess) {
-		return(status);
-	    }
-	}
-    } while ( keydb_Seq(handle, &key, &data, R_NEXT) == 0 );
+            /* skip password check */
+            if (key.size == KEYDB_PW_CHECK_LEN) {
+                if (PORT_Memcmp(key.data, KEYDB_PW_CHECK_STRING,
+                                KEYDB_PW_CHECK_LEN) == 0) {
+                    continue;
+                }
+            }
 
-    return(SECSuccess);
+            status = (*keyfunc)(&key, &data, udata);
+            if (status != SECSuccess) {
+                return (status);
+            }
+        }
+    } while (keydb_Seq(handle, &key, &data, R_NEXT) == 0);
+
+    return (SECSuccess);
 }
 
 #ifdef notdef
 typedef struct keyNode {
     struct keyNode *next;
     DBT key;
 } keyNode;
 
@@ -343,238 +342,236 @@ typedef struct {
 } keyList;
 
 static SECStatus
 sec_add_key_to_list(DBT *key, DBT *data, void *arg)
 {
     keyList *keylist;
     keyNode *node;
     void *keydata;
-    
+
     keylist = (keyList *)arg;
 
     /* allocate the node struct */
-    node = (keyNode*)PORT_ArenaZAlloc(keylist->arena, sizeof(keyNode));
-    if ( node == NULL ) {
-	return(SECFailure);
+    node = (keyNode *)PORT_ArenaZAlloc(keylist->arena, sizeof(keyNode));
+    if (node == NULL) {
+        return (SECFailure);
     }
-    
+
     /* allocate room for key data */
     keydata = PORT_ArenaZAlloc(keylist->arena, key->size);
-    if ( keydata == NULL ) {
-	return(SECFailure);
+    if (keydata == NULL) {
+        return (SECFailure);
     }
 
     /* link node into list */
     node->next = keylist->head;
     keylist->head = node;
 
     /* copy key into node */
     PORT_Memcpy(keydata, key->data, key->size);
     node->key.size = key->size;
     node->key.data = keydata;
-    
-    return(SECSuccess);
+
+    return (SECSuccess);
 }
 #endif
 
 static SECItem *
 decodeKeyDBGlobalSalt(DBT *saltData)
 {
     SECItem *saltitem;
-    
+
     saltitem = (SECItem *)PORT_ZAlloc(sizeof(SECItem));
-    if ( saltitem == NULL ) {
-	return(NULL);
+    if (saltitem == NULL) {
+        return (NULL);
     }
-    
+
     saltitem->data = (unsigned char *)PORT_ZAlloc(saltData->size);
-    if ( saltitem->data == NULL ) {
-	PORT_Free(saltitem);
-	return(NULL);
+    if (saltitem->data == NULL) {
+        PORT_Free(saltitem);
+        return (NULL);
     }
-    
+
     saltitem->len = saltData->size;
     PORT_Memcpy(saltitem->data, saltData->data, saltitem->len);
-    
-    return(saltitem);
+
+    return (saltitem);
 }
 
 static SECItem *
 GetKeyDBGlobalSalt(NSSLOWKEYDBHandle *handle)
 {
     DBT saltKey;
     DBT saltData;
     int ret;
-    
+
     saltKey.data = SALT_STRING;
     saltKey.size = sizeof(SALT_STRING) - 1;
 
     ret = keydb_Get(handle, &saltKey, &saltData, 0);
-    if ( ret ) {
-	return(NULL);
+    if (ret) {
+        return (NULL);
     }
 
-    return(decodeKeyDBGlobalSalt(&saltData));
+    return (decodeKeyDBGlobalSalt(&saltData));
 }
 
 static SECStatus
 StoreKeyDBGlobalSalt(NSSLOWKEYDBHandle *handle, SECItem *salt)
 {
     DBT saltKey;
     DBT saltData;
     int status;
-    
+
     saltKey.data = SALT_STRING;
     saltKey.size = sizeof(SALT_STRING) - 1;
 
     saltData.data = (void *)salt->data;
     saltData.size = salt->len;
 
     /* put global salt into the database now */
     status = keydb_Put(handle, &saltKey, &saltData, 0);
-    if ( status ) {
-	return(SECFailure);
+    if (status) {
+        return (SECFailure);
     }
 
-    return(SECSuccess);
+    return (SECSuccess);
 }
 
 static SECStatus
 makeGlobalVersion(NSSLOWKEYDBHandle *handle)
 {
     unsigned char version;
     DBT versionData;
     DBT versionKey;
     int status;
-    
+
     version = NSSLOWKEY_DB_FILE_VERSION;
     versionData.data = &version;
     versionData.size = 1;
     versionKey.data = VERSION_STRING;
-    versionKey.size = sizeof(VERSION_STRING)-1;
-		
+    versionKey.size = sizeof(VERSION_STRING) - 1;
+
     /* put version string into the database now */
     status = keydb_Put(handle, &versionKey, &versionData, 0);
-    if ( status ) {
-	return(SECFailure);
+    if (status) {
+        return (SECFailure);
     }
     handle->version = version;
 
-    return(SECSuccess);
+    return (SECSuccess);
 }
 
-
 static SECStatus
 makeGlobalSalt(NSSLOWKEYDBHandle *handle)
 {
     DBT saltKey;
     DBT saltData;
     unsigned char saltbuf[16];
     int status;
-    
+
     saltKey.data = SALT_STRING;
     saltKey.size = sizeof(SALT_STRING) - 1;
 
     saltData.data = (void *)saltbuf;
     saltData.size = sizeof(saltbuf);
     RNG_GenerateGlobalRandomBytes(saltbuf, sizeof(saltbuf));
 
     /* put global salt into the database now */
     status = keydb_Put(handle, &saltKey, &saltData, 0);
-    if ( status ) {
-	return(SECFailure);
+    if (status) {
+        return (SECFailure);
     }
 
-    return(SECSuccess);
+    return (SECSuccess);
 }
 
 static SECStatus
 encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg,
-		   SECItem *encCheck);
+                   SECItem *encCheck);
 
 static unsigned char
 nsslowkey_version(NSSLOWKEYDBHandle *handle)
 {
     DBT versionKey;
     DBT versionData;
     int ret;
     versionKey.data = VERSION_STRING;
-    versionKey.size = sizeof(VERSION_STRING)-1;
+    versionKey.size = sizeof(VERSION_STRING) - 1;
 
     if (handle->db == NULL) {
-	return 255;
+        return 255;
     }
 
     /* lookup version string in database */
-    ret = keydb_Get( handle, &versionKey, &versionData, 0 );
+    ret = keydb_Get(handle, &versionKey, &versionData, 0);
 
     /* error accessing the database */
-    if ( ret < 0 ) {
-	return 255;
+    if (ret < 0) {
+        return 255;
     }
 
-    if ( ret >= 1 ) {
-	return 0;
+    if (ret >= 1) {
+        return 0;
     }
-    return *( (unsigned char *)versionData.data);
+    return *((unsigned char *)versionData.data);
 }
 
 static PRBool
 seckey_HasAServerKey(NSSLOWKEYDBHandle *handle)
 {
     DBT key;
     DBT data;
     int ret;
     PRBool found = PR_FALSE;
 
     ret = keydb_Seq(handle, &key, &data, R_FIRST);
-    if ( ret ) {
-	return PR_FALSE;
+    if (ret) {
+        return PR_FALSE;
     }
-    
+
     do {
-	/* skip version record */
-	if ( data.size > 1 ) {
-	    /* skip salt */
-	    if ( key.size == ( sizeof(SALT_STRING) - 1 ) ) {
-		if ( PORT_Memcmp(key.data, SALT_STRING, key.size) == 0 ) {
-		    continue;
-		}
-	    }
-	    /* skip pw check entry */
-	    if ( key.size == KEYDB_PW_CHECK_LEN ) {
-		if ( PORT_Memcmp(key.data, KEYDB_PW_CHECK_STRING, 
-						KEYDB_PW_CHECK_LEN) == 0 ) {
-		    continue;
-		}
-	    }
+        /* skip version record */
+        if (data.size > 1) {
+            /* skip salt */
+            if (key.size == (sizeof(SALT_STRING) - 1)) {
+                if (PORT_Memcmp(key.data, SALT_STRING, key.size) == 0) {
+                    continue;
+                }
+            }
+            /* skip pw check entry */
+            if (key.size == KEYDB_PW_CHECK_LEN) {
+                if (PORT_Memcmp(key.data, KEYDB_PW_CHECK_STRING,
+                                KEYDB_PW_CHECK_LEN) == 0) {
+                    continue;
+                }
+            }
 
-	    /* keys stored by nickname will have 0 as the last byte of the
-	     * db key.  Other keys must be stored by modulus.  We will not
-	     * update those because they are left over from a keygen that
-	     * never resulted in a cert.
-	     */
-	    if ( ((unsigned char *)key.data)[key.size-1] != 0 ) {
-		continue;
-	    }
+            /* keys stored by nickname will have 0 as the last byte of the
+             * db key.  Other keys must be stored by modulus.  We will not
+             * update those because they are left over from a keygen that
+             * never resulted in a cert.
+             */
+            if (((unsigned char *)key.data)[key.size - 1] != 0) {
+                continue;
+            }
 
-	    if (PORT_Strcmp(key.data,"Server-Key") == 0) {
-		found = PR_TRUE;
-	        break;
-	    }
-	    
-	}
-    } while ( keydb_Seq(handle, &key, &data, R_NEXT) == 0 );
+            if (PORT_Strcmp(key.data, "Server-Key") == 0) {
+                found = PR_TRUE;
+                break;
+            }
+        }
+    } while (keydb_Seq(handle, &key, &data, R_NEXT) == 0);
 
     return found;
 }
 
 /* forward declare local create function */
-static NSSLOWKEYDBHandle * nsslowkey_NewHandle(DB *dbHandle);
+static NSSLOWKEYDBHandle *nsslowkey_NewHandle(DB *dbHandle);
 
 /*
  * currently updates key database from v2 to v3
  */
 static SECStatus
 nsslowkey_UpdateKeyDBPass1(NSSLOWKEYDBHandle *handle)
 {
     SECStatus rv;
@@ -586,446 +583,441 @@ nsslowkey_UpdateKeyDBPass1(NSSLOWKEYDBHa
     DBT data;
     unsigned char version;
     NSSLOWKEYDBKey *dbkey = NULL;
     NSSLOWKEYDBHandle *update = NULL;
     SECItem *oldSalt = NULL;
     int ret;
     SECItem checkitem;
 
-    if ( handle->updatedb == NULL ) {
-	return SECSuccess;
+    if (handle->updatedb == NULL) {
+        return SECSuccess;
     }
 
-    /* create a full DB Handle for our update so we 
+    /* create a full DB Handle for our update so we
      * can use the correct locks for the db primatives */
     update = nsslowkey_NewHandle(handle->updatedb);
-    if ( update == NULL) {
-	return SECSuccess;
+    if (update == NULL) {
+        return SECSuccess;
     }
 
     /* update has now inherited the database handle */
     handle->updatedb = NULL;
 
     /*
      * check the version record
      */
     version = nsslowkey_version(update);
     if (version != 2) {
-	goto done;
+        goto done;
     }
 
     saltKey.data = SALT_STRING;
     saltKey.size = sizeof(SALT_STRING) - 1;
 
     ret = keydb_Get(update, &saltKey, &saltData, 0);
-    if ( ret ) {
-	/* no salt in old db, so it is corrupted */
-	goto done;
+    if (ret) {
+        /* no salt in old db, so it is corrupted */
+        goto done;
     }
 
     oldSalt = decodeKeyDBGlobalSalt(&saltData);
-    if ( oldSalt == NULL ) {
-	/* bad salt in old db, so it is corrupted */
-	goto done;
+    if (oldSalt == NULL) {
+        /* bad salt in old db, so it is corrupted */
+        goto done;
     }
 
     /*
      * look for a pw check entry
      */
     checkKey.data = KEYDB_PW_CHECK_STRING;
     checkKey.size = KEYDB_PW_CHECK_LEN;
-    
-    ret = keydb_Get(update, &checkKey, &checkData, 0 );
+
+    ret = keydb_Get(update, &checkKey, &checkData, 0);
     if (ret) {
-	/*
-	 * if we have a key, but no KEYDB_PW_CHECK_STRING, then this must
-	 * be an old server database, and it does have a password associated
-	 * with it. Put a fake entry in so we can identify this db when we do
-	 * get the password for it.
-	 */
-	if (seckey_HasAServerKey(update)) {
-	    DBT fcheckKey;
-	    DBT fcheckData;
+        /*
+     * if we have a key, but no KEYDB_PW_CHECK_STRING, then this must
+     * be an old server database, and it does have a password associated
+     * with it. Put a fake entry in so we can identify this db when we do
+     * get the password for it.
+     */
+        if (seckey_HasAServerKey(update)) {
+            DBT fcheckKey;
+            DBT fcheckData;
 
-	    /*
-	     * include a fake string
-	     */
-	    fcheckKey.data = KEYDB_FAKE_PW_CHECK_STRING;
-	    fcheckKey.size = KEYDB_FAKE_PW_CHECK_LEN;
-	    fcheckData.data = "1";
-	    fcheckData.size = 1;
-	    /* put global salt into the new database now */
-	    ret = keydb_Put( handle, &saltKey, &saltData, 0);
-	    if ( ret ) {
-		goto done;
-	    }
-	    ret = keydb_Put( handle, &fcheckKey, &fcheckData, 0);
-	    if ( ret ) {
-		goto done;
-	    }
-	} else {
-	    goto done;
-	}
+            /*
+         * include a fake string
+         */
+            fcheckKey.data = KEYDB_FAKE_PW_CHECK_STRING;
+            fcheckKey.size = KEYDB_FAKE_PW_CHECK_LEN;
+            fcheckData.data = "1";
+            fcheckData.size = 1;
+            /* put global salt into the new database now */
+            ret = keydb_Put(handle, &saltKey, &saltData, 0);
+            if (ret) {
+                goto done;
+            }
+            ret = keydb_Put(handle, &fcheckKey, &fcheckData, 0);
+            if (ret) {
+                goto done;
+            }
+        } else {
+            goto done;
+        }
     } else {
-	/* put global salt into the new database now */
-	ret = keydb_Put( handle, &saltKey, &saltData, 0);
-	if ( ret ) {
-	    goto done;
-	}
+        /* put global salt into the new database now */
+        ret = keydb_Put(handle, &saltKey, &saltData, 0);
+        if (ret) {
+            goto done;
+        }
+
+        dbkey = decode_dbkey(&checkData, 2);
+        if (dbkey == NULL) {
+            goto done;
+        }
+        checkitem = dbkey->derPK;
+        dbkey->derPK.data = NULL;
 
-	dbkey = decode_dbkey(&checkData, 2);
-	if ( dbkey == NULL ) {
-	    goto done;
-	}
-	checkitem = dbkey->derPK;
-	dbkey->derPK.data = NULL;
-    
-	/* format the new pw check entry */
-	rv = encodePWCheckEntry(NULL, &dbkey->derPK, SEC_OID_RC4, &checkitem);
-	if ( rv != SECSuccess ) {
-	    goto done;
-	}
+        /* format the new pw check entry */
+        rv = encodePWCheckEntry(NULL, &dbkey->derPK, SEC_OID_RC4, &checkitem);
+        if (rv != SECSuccess) {
+            goto done;
+        }
 
-	rv = put_dbkey(handle, &checkKey, dbkey, PR_TRUE);
-	if ( rv != SECSuccess ) {
-	    goto done;
-	}
+        rv = put_dbkey(handle, &checkKey, dbkey, PR_TRUE);
+        if (rv != SECSuccess) {
+            goto done;
+        }
 
-	/* free the dbkey */
-	sec_destroy_dbkey(dbkey);
-	dbkey = NULL;
+        /* free the dbkey */
+        sec_destroy_dbkey(dbkey);
+        dbkey = NULL;
     }
-    
-    
+
     /* now traverse the database */
     ret = keydb_Seq(update, &key, &data, R_FIRST);
-    if ( ret ) {
-	goto done;
+    if (ret) {
+        goto done;
     }
-    
+
     do {
-	/* skip version record */
-	if ( data.size > 1 ) {
-	    /* skip salt */
-	    if ( key.size == ( sizeof(SALT_STRING) - 1 ) ) {
-		if ( PORT_Memcmp(key.data, SALT_STRING, key.size) == 0 ) {
-		    continue;
-		}
-	    }
-	    /* skip pw check entry */
-	    if ( key.size == checkKey.size ) {
-		if ( PORT_Memcmp(key.data, checkKey.data, key.size) == 0 ) {
-		    continue;
-		}
-	    }
+        /* skip version record */
+        if (data.size > 1) {
+            /* skip salt */
+            if (key.size == (sizeof(SALT_STRING) - 1)) {
+                if (PORT_Memcmp(key.data, SALT_STRING, key.size) == 0) {
+                    continue;
+                }
+            }
+            /* skip pw check entry */
+            if (key.size == checkKey.size) {
+                if (PORT_Memcmp(key.data, checkKey.data, key.size) == 0) {
+                    continue;
+                }
+            }
 
-	    /* keys stored by nickname will have 0 as the last byte of the
-	     * db key.  Other keys must be stored by modulus.  We will not
-	     * update those because they are left over from a keygen that
-	     * never resulted in a cert.
-	     */
-	    if ( ((unsigned char *)key.data)[key.size-1] != 0 ) {
-		continue;
-	    }
-	    
-	    dbkey = decode_dbkey(&data, 2);
-	    if ( dbkey == NULL ) {
-		continue;
-	    }
+            /* keys stored by nickname will have 0 as the last byte of the
+             * db key.  Other keys must be stored by modulus.  We will not
+             * update those because they are left over from a keygen that
+             * never resulted in a cert.
+             */
+            if (((unsigned char *)key.data)[key.size - 1] != 0) {
+                continue;
+            }
 
-	    /* This puts the key into the new database with the same
-	     * index (nickname) that it had before.  The second pass
-	     * of the update will have the password.  It will decrypt
-	     * and re-encrypt the entries using a new algorithm.
-	     */
-	    dbkey->nickname = (char *)key.data;
-	    rv = put_dbkey(handle, &key, dbkey, PR_FALSE);
-	    dbkey->nickname = NULL;
+            dbkey = decode_dbkey(&data, 2);
+            if (dbkey == NULL) {
+                continue;
+            }
 
-	    sec_destroy_dbkey(dbkey);
-	}
-    } while ( keydb_Seq(update, &key, &data, R_NEXT) == 0 );
+            /* This puts the key into the new database with the same
+             * index (nickname) that it had before.  The second pass
+             * of the update will have the password.  It will decrypt
+             * and re-encrypt the entries using a new algorithm.
+             */
+            dbkey->nickname = (char *)key.data;
+            rv = put_dbkey(handle, &key, dbkey, PR_FALSE);
+            dbkey->nickname = NULL;
+
+            sec_destroy_dbkey(dbkey);
+        }
+    } while (keydb_Seq(update, &key, &data, R_NEXT) == 0);
 
     dbkey = NULL;
 
 done:
     /* sync the database */
     ret = keydb_Sync(handle, 0);
 
     nsslowkey_CloseKeyDB(update);
-    
-    if ( oldSalt ) {
-	SECITEM_FreeItem(oldSalt, PR_TRUE);
-    }
-    
-    if ( dbkey ) {
-	sec_destroy_dbkey(dbkey);
+
+    if (oldSalt) {
+        SECITEM_FreeItem(oldSalt, PR_TRUE);
     }
 
-    return(SECSuccess);
+    if (dbkey) {
+        sec_destroy_dbkey(dbkey);
+    }
+
+    return (SECSuccess);
 }
 
 static SECStatus
-openNewDB(const char *appName, const char *prefix, const char *dbname, 
-	NSSLOWKEYDBHandle *handle, NSSLOWKEYDBNameFunc namecb, void *cbarg)
+openNewDB(const char *appName, const char *prefix, const char *dbname,
+          NSSLOWKEYDBHandle *handle, NSSLOWKEYDBNameFunc namecb, void *cbarg)
 {
     SECStatus rv = SECFailure;
     int status = RDB_FAIL;
     char *updname = NULL;
     DB *updatedb = NULL;
     PRBool updated = PR_FALSE;
     int ret;
 
     if (appName) {
-	handle->db = rdbopen( appName, prefix, "key", NO_CREATE, &status);
+        handle->db = rdbopen(appName, prefix, "key", NO_CREATE, &status);
     } else {
-	handle->db = dbopen( dbname, NO_CREATE, 0600, DB_HASH, 0 );
+        handle->db = dbopen(dbname, NO_CREATE, 0600, DB_HASH, 0);
     }
     /* if create fails then we lose */
-    if ( handle->db == NULL ) {
-	return (status == RDB_RETRY) ? SECWouldBlock: SECFailure;
+    if (handle->db == NULL) {
+        return (status == RDB_RETRY) ? SECWouldBlock : SECFailure;
     }
 
     /* force a transactional read, which will verify that one and only one
      * process attempts the update. */
     if (nsslowkey_version(handle) == NSSLOWKEY_DB_FILE_VERSION) {
-	/* someone else has already updated the database for us */
-	db_InitComplete(handle->db);
-	return SECSuccess;
+        /* someone else has already updated the database for us */
+        db_InitComplete(handle->db);
+        return SECSuccess;
     }
 
     /*
      * if we are creating a multiaccess database, see if there is a
      * local database we can update from.
      */
     if (appName) {
         NSSLOWKEYDBHandle *updateHandle;
-	updatedb = dbopen( dbname, NO_RDONLY, 0600, DB_HASH, 0 );
-	if (!updatedb) {
-	    goto noupdate;
-	}
+        updatedb = dbopen(dbname, NO_RDONLY, 0600, DB_HASH, 0);
+        if (!updatedb) {
+            goto noupdate;
+        }
 
-	/* nsslowkey_version needs a full handle because it calls
+        /* nsslowkey_version needs a full handle because it calls
          * the kdb_Get() function, which needs to lock.
          */
         updateHandle = nsslowkey_NewHandle(updatedb);
-	if (!updateHandle) {
-	    updatedb->close(updatedb);
-	    goto noupdate;
-	}
+        if (!updateHandle) {
+            updatedb->close(updatedb);
+            goto noupdate;
+        }
 
-	handle->version = nsslowkey_version(updateHandle);
-	if (handle->version != NSSLOWKEY_DB_FILE_VERSION) {
-	    nsslowkey_CloseKeyDB(updateHandle);
-	    goto noupdate;
-	}
+        handle->version = nsslowkey_version(updateHandle);
+        if (handle->version != NSSLOWKEY_DB_FILE_VERSION) {
+            nsslowkey_CloseKeyDB(updateHandle);
+            goto noupdate;
+        }
 
-	/* copy the new DB from the old one */
-	db_Copy(handle->db, updatedb);
-	nsslowkey_CloseKeyDB(updateHandle);
-	db_InitComplete(handle->db);
-	return SECSuccess;
+        /* copy the new DB from the old one */
+        db_Copy(handle->db, updatedb);
+        nsslowkey_CloseKeyDB(updateHandle);
+        db_InitComplete(handle->db);
+        return SECSuccess;
     }
 noupdate:
 
     /* update the version number */
     rv = makeGlobalVersion(handle);
-    if ( rv != SECSuccess ) {
-	goto loser;
+    if (rv != SECSuccess) {
+        goto loser;
     }
 
     /*
      * try to update from v2 db
      */
     updname = (*namecb)(cbarg, 2);
-    if ( updname != NULL ) {
-	handle->updatedb = dbopen( updname, NO_RDONLY, 0600, DB_HASH, 0 );
-        PORT_Free( updname );
+    if (updname != NULL) {
+        handle->updatedb = dbopen(updname, NO_RDONLY, 0600, DB_HASH, 0);
+        PORT_Free(updname);
 
-	if ( handle->updatedb ) {
-	    /*
-	     * Try to update the db using a null password.  If the db
-	     * doesn't have a password, then this will work.  If it does
-	     * have a password, then this will fail and we will do the
-	     * update later
-	     */
-	    rv = nsslowkey_UpdateKeyDBPass1(handle);
-	    if ( rv == SECSuccess ) {
-		updated = PR_TRUE;
-	    }
-	}
-	    
+        if (handle->updatedb) {
+            /*
+             * Try to update the db using a null password.  If the db
+             * doesn't have a password, then this will work.  If it does
+             * have a password, then this will fail and we will do the
+             * update later
+             */
+            rv = nsslowkey_UpdateKeyDBPass1(handle);
+            if (rv == SECSuccess) {
+                updated = PR_TRUE;
+            }
+        }
     }
 
     /* we are using the old salt if we updated from an old db */
-    if ( ! updated ) {
-	rv = makeGlobalSalt(handle);
-	if ( rv != SECSuccess ) {
-	   goto loser;
-	}
+    if (!updated) {
+        rv = makeGlobalSalt(handle);
+        if (rv != SECSuccess) {
+            goto loser;
+        }
     }
-	
+
     /* sync the database */
     ret = keydb_Sync(handle, 0);
-    if ( ret ) {
-	rv = SECFailure;
-	goto loser;
+    if (ret) {
+        rv = SECFailure;
+        goto loser;
     }
     rv = SECSuccess;
 
 loser:
     db_InitComplete(handle->db);
     return rv;
 }
 
-
 static DB *
-openOldDB(const char *appName, const char *prefix, const char *dbname, 
-					PRBool openflags) {
+openOldDB(const char *appName, const char *prefix, const char *dbname,
+          PRBool openflags)
+{
     DB *db = NULL;
 
     if (appName) {
-	db = rdbopen( appName, prefix, "key", openflags, NULL);
+        db = rdbopen(appName, prefix, "key", openflags, NULL);
     } else {
-	db = dbopen( dbname, openflags, 0600, DB_HASH, 0 );
+        db = dbopen(dbname, openflags, 0600, DB_HASH, 0);
     }
 
     return db;
 }
 
 /* check for correct version number */
 static PRBool
 verifyVersion(NSSLOWKEYDBHandle *handle)
 {
     int version = nsslowkey_version(handle);
 
     handle->version = version;
-    if (version != NSSLOWKEY_DB_FILE_VERSION ) {
-	if (handle->db) {
-	    keydb_Close(handle);
-	    handle->db = NULL;
-	}
+    if (version != NSSLOWKEY_DB_FILE_VERSION) {
+        if (handle->db) {
+            keydb_Close(handle);
+            handle->db = NULL;
+        }
     }
     return handle->db != NULL;
 }
 
 static NSSLOWKEYDBHandle *
 nsslowkey_NewHandle(DB *dbHandle)
 {
     NSSLOWKEYDBHandle *handle;
-    handle = (NSSLOWKEYDBHandle *)PORT_ZAlloc (sizeof(NSSLOWKEYDBHandle));
+    handle = (NSSLOWKEYDBHandle *)PORT_ZAlloc(sizeof(NSSLOWKEYDBHandle));
     if (handle == NULL) {
-	PORT_SetError (SEC_ERROR_NO_MEMORY);
-	return NULL;
+        PORT_SetError(SEC_ERROR_NO_MEMORY);
+        return NULL;
     }
 
     handle->appname = NULL;
     handle->dbname = NULL;
     handle->global_salt = NULL;
     handle->updatedb = NULL;
     handle->db = dbHandle;
     handle->ref = 1;
     handle->lock = PZ_NewLock(nssILockKeyDB);
 
     return handle;
 }
 
 NSSLOWKEYDBHandle *
 nsslowkey_OpenKeyDB(PRBool readOnly, const char *appName, const char *prefix,
-				NSSLOWKEYDBNameFunc namecb, void *cbarg)
+                    NSSLOWKEYDBNameFunc namecb, void *cbarg)
 {
     NSSLOWKEYDBHandle *handle = NULL;
     SECStatus rv;
     int openflags;
     char *dbname = NULL;
 
-
     handle = nsslowkey_NewHandle(NULL);
 
     openflags = readOnly ? NO_RDONLY : NO_RDWR;
 
-
     dbname = (*namecb)(cbarg, NSSLOWKEY_DB_FILE_VERSION);
-    if ( dbname == NULL ) {
-	goto loser;
+    if (dbname == NULL) {
+        goto loser;
     }
-    handle->appname = appName ? PORT_Strdup(appName) : NULL ;
-    handle->dbname = (appName == NULL) ? PORT_Strdup(dbname) : 
-			(prefix ? PORT_Strdup(prefix) : NULL);
+    handle->appname = appName ? PORT_Strdup(appName) : NULL;
+    handle->dbname = (appName == NULL) ? PORT_Strdup(dbname) : (prefix ? PORT_Strdup(prefix) : NULL);
     handle->readOnly = readOnly;
 
-
-
     handle->db = openOldDB(appName, prefix, dbname, openflags);
     if (handle->db) {
-	verifyVersion(handle);
-	if (handle->version == 255) {
-	    goto loser;
-	}
+        verifyVersion(handle);
+        if (handle->version == 255) {
+            goto loser;
+        }
     }
 
     /* if first open fails, try to create a new DB */
-    if ( handle->db == NULL ) {
-	if ( readOnly ) {
-	    goto loser;
-	}
+    if (handle->db == NULL) {
+        if (readOnly) {
+            goto loser;
+        }
 
-	rv = openNewDB(appName, prefix, dbname, handle, namecb, cbarg);
-	/* two processes started to initialize the database at the same time.
-	 * The multiprocess code blocked the second one, then had it retry to
-	 * see if it can just open the database normally */
-	if (rv == SECWouldBlock) {
-	    handle->db = openOldDB(appName,prefix,dbname, openflags);
-	    verifyVersion(handle);
-	    if (handle->db == NULL) {
-		goto loser;
-	    }
-	} else if (rv != SECSuccess) {
-	    goto loser;
-	}
+        rv = openNewDB(appName, prefix, dbname, handle, namecb, cbarg);
+        /* two processes started to initialize the database at the same time.
+         * The multiprocess code blocked the second one, then had it retry to
+         * see if it can just open the database normally */
+        if (rv == SECWouldBlock) {
+            handle->db = openOldDB(appName, prefix, dbname, openflags);
+            verifyVersion(handle);
+            if (handle->db == NULL) {
+                goto loser;
+            }
+        } else if (rv != SECSuccess) {
+            goto loser;
+        }
     }
 
     handle->global_salt = GetKeyDBGlobalSalt(handle);
-    if ( dbname )
-        PORT_Free( dbname );
+    if (dbname)
+        PORT_Free(dbname);
     return handle;
 
 loser:
 
-    if ( dbname )
-        PORT_Free( dbname );
+    if (dbname)
+        PORT_Free(dbname);
     PORT_SetError(SEC_ERROR_BAD_DATABASE);
     nsslowkey_CloseKeyDB(handle);
     return NULL;
 }
 
 /*
  * Close the database
  */
 void
 nsslowkey_CloseKeyDB(NSSLOWKEYDBHandle *handle)
 {
     if (handle != NULL) {
-	if (handle->db != NULL) {
-	    keydb_Close(handle);
-	}
-	if (handle->updatedb) {
-	    handle->updatedb->close(handle->updatedb);
+        if (handle->db != NULL) {
+            keydb_Close(handle);
+        }
+        if (handle->updatedb) {
+            handle->updatedb->close(handle->updatedb);
         }
-	if (handle->dbname) PORT_Free(handle->dbname);
-	if (handle->appname) PORT_Free(handle->appname);
-	if (handle->global_salt) {
-	    SECITEM_FreeItem(handle->global_salt,PR_TRUE);
-	}
-	if (handle->lock != NULL) {
-	    SKIP_AFTER_FORK(PZ_DestroyLock(handle->lock));
-	}
-	    
-	PORT_Free(handle);
+        if (handle->dbname)
+            PORT_Free(handle->dbname);
+        if (handle->appname)
+            PORT_Free(handle->appname);
+        if (handle->global_salt) {
+            SECITEM_FreeItem(handle->global_salt, PR_TRUE);
+        }
+        if (handle->lock != NULL) {
+            SKIP_AFTER_FORK(PZ_DestroyLock(handle->lock));
+        }
+
+        PORT_Free(handle);
     }
 }
 
 /* Get the key database version */
 int
 nsslowkey_GetKeyDBVersion(NSSLOWKEYDBHandle *handle)
 {
     PORT_Assert(handle != NULL);
@@ -1038,215 +1030,215 @@ nsslowkey_GetKeyDBVersion(NSSLOWKEYDBHan
  */
 SECStatus
 nsslowkey_DeleteKey(NSSLOWKEYDBHandle *handle, const SECItem *pubkey)
 {
     DBT namekey;
     int ret;
 
     if (handle == NULL) {
-	PORT_SetError(SEC_ERROR_BAD_DATABASE);
-	return(SECFailure);
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return (SECFailure);
     }
 
     /* set up db key and data */
     namekey.data = pubkey->data;
     namekey.size = pubkey->len;
 
     /* delete it from the database */
     ret = keydb_Del(handle, &namekey, 0);
-    if ( ret ) {
-	PORT_SetError(SEC_ERROR_BAD_DATABASE);
-	return(SECFailure);
+    if (ret) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return (SECFailure);
     }
 
     /* sync the database */
     ret = keydb_Sync(handle, 0);
-    if ( ret ) {
-	PORT_SetError(SEC_ERROR_BAD_DATABASE);
-	return(SECFailure);
+    if (ret) {
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return (SECFailure);
     }
 
-    return(SECSuccess);
+    return (SECSuccess);
 }
 
 /*
  * Store a key in the database, indexed by its public key modulus.(value!)
  */
 SECStatus
-nsslowkey_StoreKeyByPublicKey(NSSLOWKEYDBHandle *handle, 
-			   NSSLOWKEYPrivateKey *privkey,
-			   SECItem *pubKeyData,
-			   char *nickname,
-			   SDB *sdb)
+nsslowkey_StoreKeyByPublicKey(NSSLOWKEYDBHandle *handle,
+                              NSSLOWKEYPrivateKey *privkey,
+                              SECItem *pubKeyData,
+                              char *nickname,
+                              SDB *sdb)
 {
-    return nsslowkey_StoreKeyByPublicKeyAlg(handle, privkey, pubKeyData, 
-	     nickname, sdb, PR_FALSE);
+    return nsslowkey_StoreKeyByPublicKeyAlg(handle, privkey, pubKeyData,
+                                            nickname, sdb, PR_FALSE);
 }
 
 SECStatus
-nsslowkey_UpdateNickname(NSSLOWKEYDBHandle *handle, 
-			   NSSLOWKEYPrivateKey *privkey,
-			   SECItem *pubKeyData,
-			   char *nickname,
-			   SDB *sdb)
+nsslowkey_UpdateNickname(NSSLOWKEYDBHandle *handle,
+                         NSSLOWKEYPrivateKey *privkey,
+                         SECItem *pubKeyData,
+                         char *nickname,
+                         SDB *sdb)
 {
-    return nsslowkey_StoreKeyByPublicKeyAlg(handle, privkey, pubKeyData, 
-	     nickname, sdb, PR_TRUE);
+    return nsslowkey_StoreKeyByPublicKeyAlg(handle, privkey, pubKeyData,
+                                            nickname, sdb, PR_TRUE);
 }
 
 /* see if the symetric CKA_ID already Exists.
  */
 PRBool
 nsslowkey_KeyForIDExists(NSSLOWKEYDBHandle *handle, SECItem *id)
 {
     DBT namekey;
     DBT dummy;
     int status;
 
     namekey.data = (char *)id->data;
     namekey.size = id->len;
     status = keydb_Get(handle, &namekey, &dummy, 0);
-    if ( status ) {
-	return PR_FALSE;
+    if (status) {
+        return PR_FALSE;
     }
-    
+
     return PR_TRUE;
 }
 
 /* see if the public key for this cert is in the database filed
  * by modulus
  */
 PRBool
 nsslowkey_KeyForCertExists(NSSLOWKEYDBHandle *handle, NSSLOWCERTCertificate *cert)
 {
     NSSLOWKEYPublicKey *pubkey = NULL;
     DBT namekey;
     DBT dummy;
     int status;
-    
+
     /* get cert's public key */
     pubkey = nsslowcert_ExtractPublicKey(cert);
-    if ( pubkey == NULL ) {
-	return PR_FALSE;
+    if (pubkey == NULL) {
+        return PR_FALSE;
     }
 
     /* TNH - make key from NSSLOWKEYPublicKey */
     switch (pubkey->keyType) {
-      case NSSLOWKEYRSAKey:
-	namekey.data = pubkey->u.rsa.modulus.data;
-	namekey.size = pubkey->u.rsa.modulus.len;
-	break;
-      case NSSLOWKEYDSAKey:
-	namekey.data = pubkey->u.dsa.publicValue.data;
-	namekey.size = pubkey->u.dsa.publicValue.len;
-	break;
-      case NSSLOWKEYDHKey:
-	namekey.data = pubkey->u.dh.publicValue.data;
-	namekey.size = pubkey->u.dh.publicValue.len;
-	break;
+        case NSSLOWKEYRSAKey:
+            namekey.data = pubkey->u.rsa.modulus.data;
+            namekey.size = pubkey->u.rsa.modulus.len;
+            break;
+        case NSSLOWKEYDSAKey:
+            namekey.data = pubkey->u.dsa.publicValue.data;
+            namekey.size = pubkey->u.dsa.publicValue.len;
+            break;
+        case NSSLOWKEYDHKey:
+            namekey.data = pubkey->u.dh.publicValue.data;
+            namekey.size = pubkey->u.dh.publicValue.len;
+            break;
 #ifndef NSS_DISABLE_ECC
-      case NSSLOWKEYECKey:
-	namekey.data = pubkey->u.ec.publicValue.data;
-	namekey.size = pubkey->u.ec.publicValue.len;
-	break;
+        case NSSLOWKEYECKey:
+            namekey.data = pubkey->u.ec.publicValue.data;
+            namekey.size = pubkey->u.ec.publicValue.len;
+            break;
 #endif /* NSS_DISABLE_ECC */
-      default:
-	/* XXX We don't do Fortezza or DH yet. */
-	return PR_FALSE;
+        default:
+            /* XXX We don't do Fortezza or DH yet. */
+            return PR_FALSE;
     }
 
     if (handle->version != 3) {
-	unsigned char buf[SHA1_LENGTH];
-	SHA1_HashBuf(buf,namekey.data,namekey.size);
-	/* NOTE: don't use pubkey after this! it's now thrashed */
-	PORT_Memcpy(namekey.data,buf,sizeof(buf));
-	namekey.size = sizeof(buf);
+        unsigned char buf[SHA1_LENGTH];
+        SHA1_HashBuf(buf, namekey.data, namekey.size);
+        /* NOTE: don't use pubkey after this! it's now thrashed */
+        PORT_Memcpy(namekey.data, buf, sizeof(buf));
+        namekey.size = sizeof(buf);
     }
 
     status = keydb_Get(handle, &namekey, &dummy, 0);
     /* some databases have the key stored as a signed value */
     if (status) {
-	unsigned char *buf = (unsigned char *)PORT_Alloc(namekey.size+1);
-	if (buf) {
-	    PORT_Memcpy(&buf[1], namekey.data, namekey.size);
-	    buf[0] = 0;
-	    namekey.data = buf;
-	    namekey.size ++;
-    	    status = keydb_Get(handle, &namekey, &dummy, 0);
-	    PORT_Free(buf);
-	}
+        unsigned char *buf = (unsigned char *)PORT_Alloc(namekey.size + 1);
+        if (buf) {
+            PORT_Memcpy(&buf[1], namekey.data, namekey.size);
+            buf[0] = 0;
+            namekey.data = buf;
+            namekey.size++;
+            status = keydb_Get(handle, &namekey, &dummy, 0);
+            PORT_Free(buf);
+        }
     }
     lg_nsslowkey_DestroyPublicKey(pubkey);
-    if ( status ) {
-	return PR_FALSE;
+    if (status) {
+        return PR_FALSE;
     }
-    
+
     return PR_TRUE;
 }
 
 typedef struct NSSLowPasswordDataParamStr {
     SECItem salt;
     SECItem iter;
 } NSSLowPasswordDataParam;
 
 static const SEC_ASN1Template NSSLOWPasswordParamTemplate[] =
-{
-    {SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLowPasswordDataParam) },
-    {SEC_ASN1_OCTET_STRING, offsetof(NSSLowPasswordDataParam, salt) },
-    {SEC_ASN1_INTEGER, offsetof(NSSLowPasswordDataParam, iter) },
-    {0}
-};
+    {
+      { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(NSSLowPasswordDataParam) },
+      { SEC_ASN1_OCTET_STRING, offsetof(NSSLowPasswordDataParam, salt) },
+      { SEC_ASN1_INTEGER, offsetof(NSSLowPasswordDataParam, iter) },
+      { 0 }
+    };
 struct LGEncryptedDataInfoStr {
     SECAlgorithmID algorithm;
     SECItem encryptedData;
 };
 typedef struct LGEncryptedDataInfoStr LGEncryptedDataInfo;
 
 const SEC_ASN1Template lg_EncryptedDataInfoTemplate[] = {
     { SEC_ASN1_SEQUENCE,
-        0, NULL, sizeof(LGEncryptedDataInfo) },
+      0, NULL, sizeof(LGEncryptedDataInfo) },
     { SEC_ASN1_INLINE | SEC_ASN1_XTRN,
-        offsetof(LGEncryptedDataInfo,algorithm),
-        SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
+      offsetof(LGEncryptedDataInfo, algorithm),
+      SEC_ASN1_SUB(SECOID_AlgorithmIDTemplate) },
     { SEC_ASN1_OCTET_STRING,
-        offsetof(LGEncryptedDataInfo,encryptedData) },
+      offsetof(LGEncryptedDataInfo, encryptedData) },
     { 0 }
 };
 
 static SECItem *
 nsslowkey_EncodePW(SECOidTag alg, const SECItem *salt, SECItem *data)
 {
     NSSLowPasswordDataParam param;
     LGEncryptedDataInfo edi;
     PLArenaPool *arena;
     unsigned char one = 1;
     SECItem *epw = NULL;
     SECItem *encParam;
     SECStatus rv;
 
     param.salt = *salt;
-    param.iter.type = siBuffer;  /* encode as signed integer */
+    param.iter.type = siBuffer; /* encode as signed integer */
     param.iter.data = &one;
     param.iter.len = 1;
     edi.encryptedData = *data;
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
-	return NULL;
+        return NULL;
     }
 
     encParam = SEC_ASN1EncodeItem(arena, NULL, &param,
-				  NSSLOWPasswordParamTemplate);
+                                  NSSLOWPasswordParamTemplate);
     if (encParam == NULL) {
-	goto loser;
+        goto loser;
     }
     rv = SECOID_SetAlgorithmID(arena, &edi.algorithm, alg, encParam);
     if (rv != SECSuccess) {
-	goto loser;
+        goto loser;
     }
     epw = SEC_ASN1EncodeItem(NULL, NULL, &edi, lg_EncryptedDataInfoTemplate);
 
 loser:
     PORT_FreeArena(arena, PR_FALSE);
     return epw;
 }
 
@@ -1255,988 +1247,984 @@ nsslowkey_DecodePW(const SECItem *derDat
 {
     NSSLowPasswordDataParam param;
     LGEncryptedDataInfo edi;
     PLArenaPool *arena;
     SECItem *pwe = NULL;
     SECStatus rv;
 
     salt->data = NULL;
-    param.iter.type = siBuffer;  /* decode as signed integer */
+    param.iter.type = siBuffer; /* decode as signed integer */
 
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
-	return NULL;
+        return NULL;
     }
 
-    rv = SEC_QuickDERDecodeItem(arena, &edi, lg_EncryptedDataInfoTemplate, 
-						derData);
+    rv = SEC_QuickDERDecodeItem(arena, &edi, lg_EncryptedDataInfoTemplate,
+                                derData);
     if (rv != SECSuccess) {
-	goto loser;
+        goto loser;
     }
     *alg = SECOID_GetAlgorithmTag(&edi.algorithm);
     rv = SEC_QuickDERDecodeItem(arena, &param, NSSLOWPasswordParamTemplate,
-						&edi.algorithm.parameters);
+                                &edi.algorithm.parameters);
     if (rv != SECSuccess) {
-	goto loser;
+        goto loser;
     }
     rv = SECITEM_CopyItem(NULL, salt, &param.salt);
     if (rv != SECSuccess) {
-	goto loser;
+        goto loser;
     }
     pwe = SECITEM_DupItem(&edi.encryptedData);
 
 loser:
     if (!pwe && salt->data) {
-	PORT_Free(salt->data);
-	salt->data = NULL;
+        PORT_Free(salt->data);
+        salt->data = NULL;
     }
     PORT_FreeArena(arena, PR_FALSE);
     return pwe;
 }
 
-
 /*
  * check to see if the user has a password
  */
 static SECStatus
-nsslowkey_GetPWCheckEntry(NSSLOWKEYDBHandle *handle,NSSLOWKEYPasswordEntry *entry)
+nsslowkey_GetPWCheckEntry(NSSLOWKEYDBHandle *handle, NSSLOWKEYPasswordEntry *entry)
 {
     DBT checkkey; /*, checkdata; */
     NSSLOWKEYDBKey *dbkey = NULL;
-    SECItem   *global_salt = NULL; 
-    SECItem   *item = NULL; 
-    SECItem   entryData, oid;
-    SECItem   none = { siBuffer, NULL, 0 };
+    SECItem *global_salt = NULL;
+    SECItem *item = NULL;
+    SECItem entryData, oid;
+    SECItem none = { siBuffer, NULL, 0 };
     SECStatus rv = SECFailure;
     SECOidTag algorithm;
 
     if (handle == NULL) {
-	/* PORT_SetError */
-	return(SECFailure);
+        /* PORT_SetError */
+        return (SECFailure);
     }
 
     global_salt = GetKeyDBGlobalSalt(handle);
     if (!global_salt) {
-	global_salt = &none;
+        global_salt = &none;
     }
     if (global_salt->len > sizeof(entry->data)) {
-	/* PORT_SetError */
-	goto loser;
+        /* PORT_SetError */
+        goto loser;
     }
-	
+
     PORT_Memcpy(entry->data, global_salt->data, global_salt->len);
     entry->salt.data = entry->data;
     entry->salt.len = global_salt->len;
     entry->value.data = &entry->data[entry->salt.len];
 
     checkkey.data = KEYDB_PW_CHECK_STRING;
     checkkey.size = KEYDB_PW_CHECK_LEN;
     dbkey = get_dbkey(handle, &checkkey);
     if (dbkey == NULL) {
-	/* handle 'FAKE' check here */
-	goto loser;
+        /* handle 'FAKE' check here */
+        goto loser;
     }
 
     oid.len = dbkey->derPK.data[0];
     oid.data = &dbkey->derPK.data[1];
 
-    if (dbkey->derPK.len < (KEYDB_PW_CHECK_LEN + 1 +oid.len)) {
-	goto loser;
+    if (dbkey->derPK.len < (KEYDB_PW_CHECK_LEN + 1 + oid.len)) {
+        goto loser;
     }
     algorithm = SECOID_FindOIDTag(&oid);
     entryData.type = siBuffer;
-    entryData.len = dbkey->derPK.len - (oid.len+1);
-    entryData.data = &dbkey->derPK.data[oid.len+1];
+    entryData.len = dbkey->derPK.len - (oid.len + 1);
+    entryData.data = &dbkey->derPK.data[oid.len + 1];
 
     item = nsslowkey_EncodePW(algorithm, &dbkey->salt, &entryData);
     if (!item || (item->len + entry->salt.len) > sizeof(entry->data)) {
-	goto loser;
+        goto loser;
     }
     PORT_Memcpy(entry->value.data, item->data, item->len);
     entry->value.len = item->len;
     rv = SECSuccess;
 
 loser:
     if (item) {
-	SECITEM_FreeItem(item, PR_TRUE);
+        SECITEM_FreeItem(item, PR_TRUE);
     }
     if (dbkey) {
- 	sec_destroy_dbkey(dbkey);
+        sec_destroy_dbkey(dbkey);
     }
     if (global_salt != &none) {
-	SECITEM_FreeItem(global_salt,PR_TRUE);
+        SECITEM_FreeItem(global_salt, PR_TRUE);
     }
     return rv;
 }
 
 /*
  * check to see if the user has a password
  */
 static SECStatus
-nsslowkey_PutPWCheckEntry(NSSLOWKEYDBHandle *handle,NSSLOWKEYPasswordEntry *entry)
+nsslowkey_PutPWCheckEntry(NSSLOWKEYDBHandle *handle, NSSLOWKEYPasswordEntry *entry)
 {
     DBT checkkey;
     NSSLOWKEYDBKey *dbkey = NULL;
-    SECItem   *item = NULL; 
-    SECItem   salt; 
+    SECItem *item = NULL;
+    SECItem salt;
     SECOidTag algid = SEC_OID_UNKNOWN;
     SECStatus rv = SECFailure;
     PLArenaPool *arena;
     int ret;
 
     if (handle == NULL) {
-	/* PORT_SetError */
-	return(SECFailure);
+        /* PORT_SetError */
+        return (SECFailure);
     }
 
     checkkey.data = KEYDB_PW_CHECK_STRING;
     checkkey.size = KEYDB_PW_CHECK_LEN;
 
     salt.data = NULL;
     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
     if (arena == NULL) {
-	return SECFailure;
+        return SECFailure;
     }
 
     item = nsslowkey_DecodePW(&entry->value, &algid, &salt);
     if (item == NULL) {
-	goto loser;
+        goto loser;
     }
 
     dbkey = PORT_ArenaZNew(arena, NSSLOWKEYDBKey);
     if (dbkey == NULL) {
-	goto loser;
+        goto loser;
     }
 
     dbkey->arena = arena;
 
     rv = SECITEM_CopyItem(arena, &dbkey->salt, &salt);
     if (rv != SECSuccess) {
-	goto loser;
+        goto loser;
     }
 
     rv = encodePWCheckEntry(arena, &dbkey->derPK, algid, item);
     if (rv != SECSuccess) {
-	goto loser;
+        goto loser;
     }
 
     rv = put_dbkey(handle, &checkkey, dbkey, PR_TRUE);
     if (rv != SECSuccess) {
-	goto loser;
+        goto loser;
     }
 
     if (handle->global_salt) {
-	SECITEM_FreeItem(handle->global_salt, PR_TRUE);
-	handle->global_salt = NULL;
+        SECITEM_FreeItem(handle->global_salt, PR_TRUE);
+        handle->global_salt = NULL;
     }
     rv = StoreKeyDBGlobalSalt(handle, &entry->salt);
     if (rv != SECSuccess) {
-	goto loser;
+        goto loser;
     }
     ret = keydb_Sync(handle, 0);
-    if ( ret ) {
-	rv = SECFailure;
-	goto loser;
+    if (ret) {
+        rv = SECFailure;
+        goto loser;
     }
     handle->global_salt = GetKeyDBGlobalSalt(handle);
 
 loser:
     if (item) {
-	SECITEM_FreeItem(item, PR_TRUE);
+        SECITEM_FreeItem(item, PR_TRUE);
     }
     if (arena) {
-	PORT_FreeArena(arena, PR_TRUE);
+        PORT_FreeArena(arena, PR_TRUE);
     }
     if (salt.data) {
-	PORT_Free(salt.data);
+        PORT_Free(salt.data);
     }
     return rv;
 }
 
 #ifdef EC_DEBUG
-#define SEC_PRINT(str1, str2, num, sitem) \
+#define SEC_PRINT(str1, str2, num, sitem)             \
     printf("pkcs11c.c:%s:%s (keytype=%d) [len=%d]\n", \
-            str1, str2, num, sitem->len); \
-    for (i = 0; i < sitem->len; i++) { \
-	    printf("%02x:", sitem->data[i]); \
-    } \
-    printf("\n") 
+           str1, str2, num, sitem->len);              \
+    for (i = 0; i < sitem->len; i++) {                \
+        printf("%02x:", sitem->data[i]);              \
+    }                                                 \
+    printf("\n")
 #else
-#define SEC_PRINT(a, b, c, d) 
+#define SEC_PRINT(a, b, c, d)
 #endif /* EC_DEBUG */
 
-
-SECStatus 
-seckey_encrypt_private_key( PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk, 
-			    SDB *sdbpw, SECItem *result)
+SECStatus
+seckey_encrypt_private_key(PLArenaPool *permarena, NSSLOWKEYPrivateKey *pk,
+                           SDB *sdbpw, SECItem *result)
 {
     NSSLOWKEYPrivateKeyInfo *pki = NULL;
     SECStatus rv = SECFailure;
     PLArenaPool *temparena = NULL;
     SECItem *der_item = NULL;
     SECItem *cipherText = NULL;
     SECItem *dummy = NULL;
 #ifndef NSS_DISABLE_ECC
 #ifdef EC_DEBUG
     SECItem *fordebug = NULL;
 #endif
     int savelen;
 #endif
 
     temparena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
-    if(temparena == NULL)
-	goto loser;
+    if (temparena == NULL)
+        goto loser;
 
     /* allocate structures */
-    pki = (NSSLOWKEYPrivateKeyInfo *)PORT_ArenaZAlloc(temparena, 
-	sizeof(NSSLOWKEYPrivateKeyInfo));
+    pki = (NSSLOWKEYPrivateKeyInfo *)PORT_ArenaZAlloc(temparena,
+                                                      sizeof(NSSLOWKEYPrivateKeyInfo));
     der_item = (SECItem *)PORT_ArenaZAlloc(temparena, sizeof(SECItem));
-    if((pki == NULL) || (der_item == NULL))
-	goto loser;
-
+    if ((pki == NULL) || (der_item == NULL))
+        goto loser;
 
     /* setup private key info */
-    dummy = SEC_ASN1EncodeInteger(temparena, &(pki->version), 
-	NSSLOWKEY_PRIVATE_KEY_INFO_VERSION);
-    if(dummy == NULL)
-	goto loser;
+    dummy = SEC_ASN1EncodeInteger(temparena, &(pki->version),
+                                  NSSLOWKEY_PRIVATE_KEY_INFO_VERSION);
+    if (dummy == NULL)
+        goto loser;
 
     /* Encode the key, and set the algorithm (with params) */
     switch (pk->keyType) {
-      case NSSLOWKEYRSAKey:
-        lg_prepare_low_rsa_priv_key_for_asn1(pk);
-	dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk, 
-				   lg_nsslowkey_RSAPrivateKeyTemplate);
-	if (dummy == NULL) {
-	    rv = SECFailure;
-	    goto loser;
-	}
-	
-	rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm), 
-				   SEC_OID_PKCS1_RSA_ENCRYPTION, 0);
-	if (rv == SECFailure) {
-	    goto loser;
-	}
-	
-	break;
-      case NSSLOWKEYDSAKey:
-        lg_prepare_low_dsa_priv_key_for_asn1(pk);
-	dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
-				   lg_nsslowkey_DSAPrivateKeyTemplate);
-	if (dummy == NULL) {
-	    rv = SECFailure;
-	    goto loser;
-	}
-	
-        lg_prepare_low_pqg_params_for_asn1(&pk->u.dsa.params);
-	dummy = SEC_ASN1EncodeItem(temparena, NULL, &pk->u.dsa.params,
-				   lg_nsslowkey_PQGParamsTemplate);
-	if (dummy == NULL) {
-	    rv = SECFailure;
-	    goto loser;
-	}
-	
-	rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm),
-				   SEC_OID_ANSIX9_DSA_SIGNATURE, dummy);
-	if (rv == SECFailure) {
-	    goto loser;
-	}
-	
-	break;
-      case NSSLOWKEYDHKey:
-        lg_prepare_low_dh_priv_key_for_asn1(pk);
-	dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
-				   lg_nsslowkey_DHPrivateKeyTemplate);
-	if (dummy == NULL) {
-	    rv = SECFailure;
-	    goto loser;
-	}
+        case NSSLOWKEYRSAKey:
+            lg_prepare_low_rsa_priv_key_for_asn1(pk);
+            dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
+                                       lg_nsslowkey_RSAPrivateKeyTemplate);
+            if (dummy == NULL) {
+                rv = SECFailure;
+                goto loser;
+            }
+
+            rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm),
+                                       SEC_OID_PKCS1_RSA_ENCRYPTION, 0);
+            if (rv == SECFailure) {
+                goto loser;
+            }
+
+            break;
+        case NSSLOWKEYDSAKey:
+            lg_prepare_low_dsa_priv_key_for_asn1(pk);
+            dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
+                                       lg_nsslowkey_DSAPrivateKeyTemplate);
+            if (dummy == NULL) {
+                rv = SECFailure;
+                goto loser;
+            }
+
+            lg_prepare_low_pqg_params_for_asn1(&pk->u.dsa.params);
+            dummy = SEC_ASN1EncodeItem(temparena, NULL, &pk->u.dsa.params,
+                                       lg_nsslowkey_PQGParamsTemplate);
+            if (dummy == NULL) {
+                rv = SECFailure;
+                goto loser;
+            }
+
+            rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm),
+                                       SEC_OID_ANSIX9_DSA_SIGNATURE, dummy);
+            if (rv == SECFailure) {
+                goto loser;
+            }
 
-	rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm),
-				   SEC_OID_X942_DIFFIE_HELMAN_KEY, dummy);
-	if (rv == SECFailure) {
-	    goto loser;
-	}
-	break;
+            break;
+        case NSSLOWKEYDHKey:
+            lg_prepare_low_dh_priv_key_for_asn1(pk);
+            dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
+                                       lg_nsslowkey_DHPrivateKeyTemplate);
+            if (dummy == NULL) {
+                rv = SECFailure;
+                goto loser;
+            }
+
+            rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm),
+                                       SEC_OID_X942_DIFFIE_HELMAN_KEY, dummy);
+            if (rv == SECFailure) {
+                goto loser;
+            }
+            break;
 #ifndef NSS_DISABLE_ECC
-      case NSSLOWKEYECKey:
-	lg_prepare_low_ec_priv_key_for_asn1(pk);
-	/* Public value is encoded as a bit string so adjust length
-	 * to be in bits before ASN encoding and readjust 
-	 * immediately after.
-	 *
-	 * Since the SECG specification recommends not including the
-	 * parameters as part of ECPrivateKey, we zero out the curveOID
-	 * length before encoding and restore it later.
-	 */
-	pk->u.ec.publicValue.len <<= 3;
-	savelen = pk->u.ec.ecParams.curveOID.len;
-	pk->u.ec.ecParams.curveOID.len = 0;
-	dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
-				   lg_nsslowkey_ECPrivateKeyTemplate);
-	pk->u.ec.ecParams.curveOID.len = savelen;
-	pk->u.ec.publicValue.len >>= 3;
+        case NSSLOWKEYECKey:
+            lg_prepare_low_ec_priv_key_for_asn1(pk);
+            /* Public value is encoded as a bit string so adjust length
+             * to be in bits before ASN encoding and readjust
+             * immediately after.
+             *
+             * Since the SECG specification recommends not including the
+             * parameters as part of ECPrivateKey, we zero out the curveOID
+             * length before encoding and restore it later.
+             */
+            pk->u.ec.publicValue.len <<= 3;
+            savelen = pk->u.ec.ecParams.curveOID.len;
+            pk->u.ec.ecParams.curveOID.len = 0;
+            dummy = SEC_ASN1EncodeItem(temparena, &(pki->privateKey), pk,
+                                       lg_nsslowkey_ECPrivateKeyTemplate);
+            pk->u.ec.ecParams.curveOID.len = savelen;
+            pk->u.ec.publicValue.len >>= 3;
 
-	if (dummy == NULL) {
-	    rv = SECFailure;
-	    goto loser;
-	}
+            if (dummy == NULL) {
+                rv = SECFailure;
+                goto loser;
+            }
 
-	dummy = &pk->u.ec.ecParams.DEREncoding;
+            dummy = &pk->u.ec.ecParams.DEREncoding;
 
-	/* At this point dummy should contain the encoded params */
-	rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm),
-				   SEC_OID_ANSIX962_EC_PUBLIC_KEY, dummy);
+            /* At this point dummy should contain the encoded params */
+            rv = SECOID_SetAlgorithmID(temparena, &(pki->algorithm),
+                                       SEC_OID_ANSIX962_EC_PUBLIC_KEY, dummy);
 
-	if (rv == SECFailure) {
-	    goto loser;
-	}
-	
+            if (rv == SECFailure) {
+                goto loser;
+            }
+
 #ifdef EC_DEBUG
-	fordebug = &(pki->privateKey);
-	SEC_PRINT("seckey_encrypt_private_key()", "PrivateKey", 
-		  pk->keyType, fordebug);
+            fordebug = &(pki->privateKey);
+            SEC_PRINT("seckey_encrypt_private_key()", "PrivateKey",
+                      pk->keyType, fordebug);
 #endif
 
-	break;
+            break;
 #endif /* NSS_DISABLE_ECC */
-      default:
-	/* We don't support DH or Fortezza private keys yet */
-	PORT_Assert(PR_FALSE);
-	break;
+        default:
+            /* We don't support DH or Fortezza private keys yet */
+            PORT_Assert(PR_FALSE);
+            break;
     }
 
     /* setup encrypted private key info */
-    dummy = SEC_ASN1EncodeItem(temparena, der_item, pki, 
-	lg_nsslowkey_PrivateKeyInfoTemplate);
+    dummy = SEC_ASN1EncodeItem(temparena, der_item, pki,
+                               lg_nsslowkey_PrivateKeyInfoTemplate);
 
-    SEC_PRINT("seckey_encrypt_private_key()", "PrivateKeyInfo", 
-	      pk->keyType, der_item);
+    SEC_PRINT("seckey_encrypt_private_key()", "PrivateKeyInfo",
+              pk->keyType, der_item);
 
-    if(dummy == NULL) {
-	rv = SECFailure;
-	goto loser;
+    if (dummy == NULL) {
+        rv = SECFailure;
+        goto loser;
     }
 
     rv = lg_util_encrypt(temparena, sdbpw, dummy, &cipherText);
     if (rv != SECSuccess) {
-	goto loser;
+        goto loser;
     }
 
-    rv = SECITEM_CopyItem ( permarena, result, cipherText);
+    rv = SECITEM_CopyItem(permarena, result, cipherText);
 
 loser:
 
-    if(temparena != NULL)
-	PORT_FreeArena(temparena, PR_TRUE);
+    if (temparena != NULL)
+        PORT_FreeArena(temparena, PR_TRUE);
 
     return rv;
 }
 
-static SECStatus 
+static SECStatus
 seckey_put_private_key(NSSLOWKEYDBHandle *keydb, DBT *index, SDB *sdbpw,
-		       NSSLOWKEYPrivateKey *pk, char *nickname, PRBool update)
+                       NSSLOWKEYPrivateKey *pk, char *nickname, PRBool update)
 {
     NSSLOWKEYDBKey *dbkey = NULL;
     PLArenaPool *arena = NULL;
     SECStatus rv = SECFailure;
 
-    if((keydb == NULL) || (index == NULL) || (sdbpw == NULL) ||
-	(pk == NULL))
-	return SECFailure;
-	
+    if ((keydb == NULL) || (index == NULL) || (sdbpw == NULL) ||
+        (pk == NULL))
+        return SECFailure;
+
     arena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
-    if(arena == NULL)
-	return SECFailure;
+    if (arena == NULL)
+        return SECFailure;
 
     dbkey = (NSSLOWKEYDBKey *)PORT_ArenaZAlloc(arena, sizeof(NSSLOWKEYDBKey));
-    if(dbkey == NULL)
-	goto loser;
+    if (dbkey == NULL)
+        goto loser;
     dbkey->arena = arena;
     dbkey->nickname = nickname;
 
     rv = seckey_encrypt_private_key(arena, pk, sdbpw, &dbkey->derPK);
-    if(rv != SECSuccess)
-	goto loser;
+    if (rv != SECSuccess)
+        goto loser;
 
     rv = put_dbkey(keydb, index, dbkey, update);
 
-    /* let success fall through */
+/* let success fall through */
 loser:
-    if(arena != NULL)
-	PORT_FreeArena(arena, PR_TRUE);
+    if (arena != NULL)
+        PORT_FreeArena(arena, PR_TRUE);
 
     return rv;
 }
 
 /*
  * Store a key in the database, indexed by its public key modulus.
  * Note that the nickname is optional.  It was only used by keyutil.
  */
 SECStatus
-nsslowkey_StoreKeyByPublicKeyAlg(NSSLOWKEYDBHandle *handle, 
-			      NSSLOWKEYPrivateKey *privkey,
-			      SECItem *pubKeyData,
-			      char *nickname,
-			      SDB *sdbpw,
-                              PRBool update)
+nsslowkey_StoreKeyByPublicKeyAlg(NSSLOWKEYDBHandle *handle,
+                                 NSSLOWKEYPrivateKey *privkey,
+                                 SECItem *pubKeyData,
+                                 char *nickname,
+                                 SDB *sdbpw,
+                                 PRBool update)
 {
     DBT namekey;
     SECStatus rv;
 
     if (handle == NULL) {
-	PORT_SetError(SEC_ERROR_BAD_DATABASE);
-	return(SECFailure);
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return (SECFailure);
     }
 
     /* set up db key and data */
     namekey.data = pubKeyData->data;
     namekey.size = pubKeyData->len;
 
     /* encrypt the private key */
     rv = seckey_put_private_key(handle, &namekey, sdbpw, privkey, nickname,
-				update);
-    
-    return(rv);
+                                update);
+
+    return (rv);
 }
 
 static NSSLOWKEYPrivateKey *
-seckey_decrypt_private_key(SECItem*epki,
-			   SDB *sdbpw)
+seckey_decrypt_private_key(SECItem *epki,
+                           SDB *sdbpw)
 {
     NSSLOWKEYPrivateKey *pk = NULL;
     NSSLOWKEYPrivateKeyInfo *pki = NULL;
     SECStatus rv = SECFailure;
     PLArenaPool *temparena = NULL, *permarena = NULL;
     SECItem *dest = NULL;
 #ifdef EC_DEBUG
     SECItem *fordebug = NULL;
 #endif
 
-    if((epki == NULL) || (sdbpw == NULL))
-	goto loser;
+    if ((epki == NULL) || (sdbpw == NULL))
+        goto loser;
 
     temparena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
     permarena = PORT_NewArena(SEC_ASN1_DEFAULT_ARENA_SIZE);
-    if((temparena == NULL) || (permarena == NULL))
-	goto loser;
+    if ((temparena == NULL) || (permarena == NULL))
+        goto loser;
 
     /* allocate temporary items */
-    pki = (NSSLOWKEYPrivateKeyInfo *)PORT_ArenaZAlloc(temparena, 
-	sizeof(NSSLOWKEYPrivateKeyInfo));
+    pki = (NSSLOWKEYPrivateKeyInfo *)PORT_ArenaZAlloc(temparena,
+                                                      sizeof(NSSLOWKEYPrivateKeyInfo));
 
     /* allocate permanent arena items */
     pk = (NSSLOWKEYPrivateKey *)PORT_ArenaZAlloc(permarena,
-	sizeof(NSSLOWKEYPrivateKey));
+                                                 sizeof(NSSLOWKEYPrivateKey));
 
-    if((pk == NULL) || (pki == NULL))
-	goto loser;
+    if ((pk == NULL) || (pki == NULL))
+        goto loser;
 
     pk->arena = permarena;
 
     rv = lg_util_decrypt(sdbpw, epki, &dest);
     if (rv != SECSuccess) {
-	goto loser;
+        goto loser;
     }
-	
-    if(dest != NULL)
-    {
+
+    if (dest != NULL) {
         SECItem newPrivateKey;
         SECItem newAlgParms;
 
         SEC_PRINT("seckey_decrypt_private_key()", "PrivateKeyInfo", -1,
-		  dest);
+                  dest);
 
-	rv = SEC_QuickDERDecodeItem(temparena, pki, 
-	    lg_nsslowkey_PrivateKeyInfoTemplate, dest);
-	if(rv == SECSuccess)
-	{
-	    switch(SECOID_GetAlgorithmTag(&pki->algorithm)) {
-	      case SEC_OID_X500_RSA_ENCRYPTION:
-	      case SEC_OID_PKCS1_RSA_ENCRYPTION:
-		pk->keyType = NSSLOWKEYRSAKey;
-		lg_prepare_low_rsa_priv_key_for_asn1(pk);
-                if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
-                    &pki->privateKey) ) break;
-		rv = SEC_QuickDERDecodeItem(permarena, pk,
-					lg_nsslowkey_RSAPrivateKeyTemplate,
-					&newPrivateKey);
-		if (rv == SECSuccess) {
-		    break;
-		}
-		/* Try decoding with the alternative template, but only allow
-		 * a zero-length modulus for a secret key object.
-		 * See bug 715073.
-		 */
-		rv = SEC_QuickDERDecodeItem(permarena, pk,
-					lg_nsslowkey_RSAPrivateKeyTemplate2,
-					&newPrivateKey);
-		/* A publicExponent of 0 is the defining property of a secret
-		 * key disguised as an RSA key. When decoding with the
-		 * alternative template, only accept a secret key with an
-		 * improperly encoded modulus and a publicExponent of 0.
-		 */
-		if (rv == SECSuccess) {
-		    if (pk->u.rsa.modulus.len == 2 &&
-			pk->u.rsa.modulus.data[0] == SEC_ASN1_INTEGER &&
-			pk->u.rsa.modulus.data[1] == 0 &&
-			pk->u.rsa.publicExponent.len == 1 &&
-			pk->u.rsa.publicExponent.data[0] == 0) {
-			/* Fix the zero-length integer by setting it to 0. */
-			pk->u.rsa.modulus.data = pk->u.rsa.publicExponent.data;
-			pk->u.rsa.modulus.len = pk->u.rsa.publicExponent.len;
-		    } else {
-			PORT_SetError(SEC_ERROR_BAD_DER);
-			rv = SECFailure;
-		    }
-		}
-		break;
-	      case SEC_OID_ANSIX9_DSA_SIGNATURE:
-		pk->keyType = NSSLOWKEYDSAKey;
-		lg_prepare_low_dsa_priv_key_for_asn1(pk);
-                if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
-                    &pki->privateKey) ) break;
-		rv = SEC_QuickDERDecodeItem(permarena, pk,
-					lg_nsslowkey_DSAPrivateKeyTemplate,
-					&newPrivateKey);
-		if (rv != SECSuccess)
-		    goto loser;
-		lg_prepare_low_pqg_params_for_asn1(&pk->u.dsa.params);
-                if (SECSuccess != SECITEM_CopyItem(permarena, &newAlgParms,
-                    &pki->algorithm.parameters) ) break;
-		rv = SEC_QuickDERDecodeItem(permarena, &pk->u.dsa.params,
-					lg_nsslowkey_PQGParamsTemplate,
-					&newAlgParms);
-		break;
-	      case SEC_OID_X942_DIFFIE_HELMAN_KEY:
-		pk->keyType = NSSLOWKEYDHKey;
-		lg_prepare_low_dh_priv_key_for_asn1(pk);
-                if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
-                    &pki->privateKey) ) break;
-		rv = SEC_QuickDERDecodeItem(permarena, pk,
-					lg_nsslowkey_DHPrivateKeyTemplate,
-					&newPrivateKey);
-		break;
+        rv = SEC_QuickDERDecodeItem(temparena, pki,
+                                    lg_nsslowkey_PrivateKeyInfoTemplate, dest);
+        if (rv == SECSuccess) {
+            switch (SECOID_GetAlgorithmTag(&pki->algorithm)) {
+                case SEC_OID_X500_RSA_ENCRYPTION:
+                case SEC_OID_PKCS1_RSA_ENCRYPTION:
+                    pk->keyType = NSSLOWKEYRSAKey;
+                    lg_prepare_low_rsa_priv_key_for_asn1(pk);
+                    if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
+                                                       &pki->privateKey))
+                        break;
+                    rv = SEC_QuickDERDecodeItem(permarena, pk,
+                                                lg_nsslowkey_RSAPrivateKeyTemplate,
+                                                &newPrivateKey);
+                    if (rv == SECSuccess) {
+                        break;
+                    }
+                    /* Try decoding with the alternative template, but only allow
+                     * a zero-length modulus for a secret key object.
+                     * See bug 715073.
+                     */
+                    rv = SEC_QuickDERDecodeItem(permarena, pk,
+                                                lg_nsslowkey_RSAPrivateKeyTemplate2,
+                                                &newPrivateKey);
+                    /* A publicExponent of 0 is the defining property of a secret
+                     * key disguised as an RSA key. When decoding with the
+                     * alternative template, only accept a secret key with an
+                     * improperly encoded modulus and a publicExponent of 0.
+                     */
+                    if (rv == SECSuccess) {
+                        if (pk->u.rsa.modulus.len == 2 &&
+                            pk->u.rsa.modulus.data[0] == SEC_ASN1_INTEGER &&
+                            pk->u.rsa.modulus.data[1] == 0 &&
+                            pk->u.rsa.publicExponent.len == 1 &&
+                            pk->u.rsa.publicExponent.data[0] == 0) {
+                            /* Fix the zero-length integer by setting it to 0. */
+                            pk->u.rsa.modulus.data = pk->u.rsa.publicExponent.data;
+                            pk->u.rsa.modulus.len = pk->u.rsa.publicExponent.len;
+                        } else {
+                            PORT_SetError(SEC_ERROR_BAD_DER);
+                            rv = SECFailure;
+                        }
+                    }
+                    break;
+                case SEC_OID_ANSIX9_DSA_SIGNATURE:
+                    pk->keyType = NSSLOWKEYDSAKey;
+                    lg_prepare_low_dsa_priv_key_for_asn1(pk);
+                    if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
+                                                       &pki->privateKey))
+                        break;
+                    rv = SEC_QuickDERDecodeItem(permarena, pk,
+                                                lg_nsslowkey_DSAPrivateKeyTemplate,
+                                                &newPrivateKey);
+                    if (rv != SECSuccess)
+                        goto loser;
+                    lg_prepare_low_pqg_params_for_asn1(&pk->u.dsa.params);
+                    if (SECSuccess != SECITEM_CopyItem(permarena, &newAlgParms,
+                                                       &pki->algorithm.parameters))
+                        break;
+                    rv = SEC_QuickDERDecodeItem(permarena, &pk->u.dsa.params,
+                                                lg_nsslowkey_PQGParamsTemplate,
+                                                &newAlgParms);
+                    break;
+                case SEC_OID_X942_DIFFIE_HELMAN_KEY:
+                    pk->keyType = NSSLOWKEYDHKey;
+                    lg_prepare_low_dh_priv_key_for_asn1(pk);
+                    if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
+                                                       &pki->privateKey))
+                        break;
+                    rv = SEC_QuickDERDecodeItem(permarena, pk,
+                                                lg_nsslowkey_DHPrivateKeyTemplate,
+                                                &newPrivateKey);
+                    break;
 #ifndef NSS_DISABLE_ECC
-	      case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
-		pk->keyType = NSSLOWKEYECKey;
-		lg_prepare_low_ec_priv_key_for_asn1(pk);
+                case SEC_OID_ANSIX962_EC_PUBLIC_KEY:
+                    pk->keyType = NSSLOWKEYECKey;
+                    lg_prepare_low_ec_priv_key_for_asn1(pk);
 
 #ifdef EC_DEBUG
-		fordebug = &pki->privateKey;
-		SEC_PRINT("seckey_decrypt_private_key()", "PrivateKey", 
-			  pk->keyType, fordebug);
+                    fordebug = &pki->privateKey;
+                    SEC_PRINT("seckey_decrypt_private_key()", "PrivateKey",
+                              pk->keyType, fordebug);
 #endif
-                if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
-                    &pki->privateKey) ) break;
-		rv = SEC_QuickDERDecodeItem(permarena, pk,
-					lg_nsslowkey_ECPrivateKeyTemplate,
-					&newPrivateKey);
-		if (rv != SECSuccess)
-		    goto loser;
+                    if (SECSuccess != SECITEM_CopyItem(permarena, &newPrivateKey,
+                                                       &pki->privateKey))
+                        break;
+                    rv = SEC_QuickDERDecodeItem(permarena, pk,
+                                                lg_nsslowkey_ECPrivateKeyTemplate,
+                                                &newPrivateKey);
+                    if (rv != SECSuccess)
+                        goto loser;
 
-		lg_prepare_low_ecparams_for_asn1(&pk->u.ec.ecParams);
+                    lg_prepare_low_ecparams_for_asn1(&pk->u.ec.ecParams);
 
-		rv = SECITEM_CopyItem(permarena, 
-		    &pk->u.ec.ecParams.DEREncoding, 
-		    &pki->algorithm.parameters);
+                    rv = SECITEM_CopyItem(permarena,
+                                          &pk->u.ec.ecParams.DEREncoding,
+                                          &pki->algorithm.parameters);
 
-		if (rv != SECSuccess)
-		    goto loser;
+                    if (rv != SECSuccess)
+                        goto loser;
 
-		/* Fill out the rest of EC params */
-		rv = LGEC_FillParams(permarena, &pk->u.ec.ecParams.DEREncoding,
-				   &pk->u.ec.ecParams);
+                    /* Fill out the rest of EC params */
+                    rv = LGEC_FillParams(permarena, &pk->u.ec.ecParams.DEREncoding,
+                                         &pk->u.ec.ecParams);
 
-		if (rv != SECSuccess)
-		    goto loser;
+                    if (rv != SECSuccess)
+                        goto loser;
 
-		if (pk->u.ec.publicValue.len != 0) {
-		    pk->u.ec.publicValue.len >>= 3;
-		}
+                    if (pk->u.ec.publicValue.len != 0) {
+                        pk->u.ec.publicValue.len >>= 3;
+                    }
 
-		break;
+                    break;
 #endif /* NSS_DISABLE_ECC */
-	      default:
-		rv = SECFailure;
-		break;
-	    }
-	}
-	else if(PORT_GetError() == SEC_ERROR_BAD_DER)
-	{
-	    PORT_SetError(SEC_ERROR_BAD_PASSWORD);
-	    goto loser;
-	}
+                default:
+                    rv = SECFailure;
+                    break;
+            }
+        } else if (PORT_GetError() == SEC_ERROR_BAD_DER) {
+            PORT_SetError(SEC_ERROR_BAD_PASSWORD);
+            goto loser;
+        }
     }
 
-    /* let success fall through */
+/* let success fall through */
 loser:
-    if(temparena != NULL)
-	PORT_FreeArena(temparena, PR_TRUE);
-    if(dest != NULL)
-	SECITEM_ZfreeItem(dest, PR_TRUE);
+    if (temparena != NULL)
+        PORT_FreeArena(temparena, PR_TRUE);
+    if (dest != NULL)
+        SECITEM_ZfreeItem(dest, PR_TRUE);
 
-    if(rv != SECSuccess)
-    {
-	if(permarena != NULL)
-	    PORT_FreeArena(permarena, PR_TRUE);
-	pk = NULL;
+    if (rv != SECSuccess) {
+        if (permarena != NULL)
+            PORT_FreeArena(permarena, PR_TRUE);
+        pk = NULL;
     }
 
     return pk;
 }
 
 static NSSLOWKEYPrivateKey *
 seckey_decode_encrypted_private_key(NSSLOWKEYDBKey *dbkey, SDB *sdbpw)
 {
-    if( ( dbkey == NULL ) || ( sdbpw == NULL ) ) {
-	return NULL;
+    if ((dbkey == NULL) || (sdbpw == NULL)) {
+        return NULL;
     }
 
     return seckey_decrypt_private_key(&(dbkey->derPK), sdbpw);
 }
 
 static NSSLOWKEYPrivateKey *
 seckey_get_private_key(NSSLOWKEYDBHandle *keydb, DBT *index, char **nickname,
-		       SDB *sdbpw)
+                       SDB *sdbpw)
 {
     NSSLOWKEYDBKey *dbkey = NULL;
     NSSLOWKEYPrivateKey *pk = NULL;
 
-    if( ( keydb == NULL ) || ( index == NULL ) || ( sdbpw == NULL ) ) {
-	return NULL;
+    if ((keydb == NULL) || (index == NULL) || (sdbpw == NULL)) {
+        return NULL;
     }
 
     dbkey = get_dbkey(keydb, index);
-    if(dbkey == NULL) {
-	goto loser;
+    if (dbkey == NULL) {
+        goto loser;
     }
-    
-    if ( nickname ) {
-	if ( dbkey->nickname && ( dbkey->nickname[0] != 0 ) ) {
-	    *nickname = PORT_Strdup(dbkey->nickname);
-	} else {
-	    *nickname = NULL;
-	}
+
+    if (nickname) {
+        if (dbkey->nickname && (dbkey->nickname[0] != 0)) {
+            *nickname = PORT_Strdup(dbkey->nickname);
+        } else {
+            *nickname = NULL;
+        }
     }
-    
+
     pk = seckey_decode_encrypted_private_key(dbkey, sdbpw);
-    
-    /* let success fall through */
+
+/* let success fall through */
 loser:
 
-    if ( dbkey != NULL ) {
-	sec_destroy_dbkey(dbkey);
+    if (dbkey != NULL) {
+        sec_destroy_dbkey(dbkey);
     }
 
     return pk;
 }
 
 /*
  * Find a key in the database, indexed by its public key modulus
  * This is used to find keys that have been stored before their
  * certificate arrives.  Once the certificate arrives the key
  * is looked up by the public modulus in the certificate, and the
  * re-stored by its nickname.
  */
 NSSLOWKEYPrivateKey *
 nsslowkey_FindKeyByPublicKey(NSSLOWKEYDBHandle *handle, SECItem *modulus,
-			  				 SDB *sdbpw)
+                             SDB *sdbpw)
 {
     DBT namekey;
     NSSLOWKEYPrivateKey *pk = NULL;
 
     if (handle == NULL) {
-	PORT_SetError(SEC_ERROR_BAD_DATABASE);
-	return NULL;
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return NULL;
     }
 
     /* set up db key */
     namekey.data = modulus->data;
     namekey.size = modulus->len;
 
     pk = seckey_get_private_key(handle, &namekey, NULL, sdbpw);
-    
+
     /* no need to free dbkey, since its on the stack, and the data it
      * points to is owned by the database
      */
-    return(pk);
+    return (pk);
 }
 
 char *
-nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle, 
-					SECItem *modulus, SDB *sdbpw)
+nsslowkey_FindKeyNicknameByPublicKey(NSSLOWKEYDBHandle *handle,
+                                     SECItem *modulus, SDB *sdbpw)
 {
     DBT namekey;
     NSSLOWKEYPrivateKey *pk = NULL;
     char *nickname = NULL;
 
     if (handle == NULL) {
-	PORT_SetError(SEC_ERROR_BAD_DATABASE);
-	return NULL;
+        PORT_SetError(SEC_ERROR_BAD_DATABASE);
+        return NULL;
     }
 
     /* set up db key */
     namekey.data = modulus->data;
     namekey.size = modulus->len;
 
     pk = seckey_get_private_key(handle, &namekey, &nickname, sdbpw);
     if (pk) {
-	lg_nsslowkey_DestroyPrivateKey(pk);
+        lg_nsslowkey_DestroyPrivateKey(pk);
     }
-    
+
     /* no need to free dbkey, since its on the stack, and the data it
      * points to is owned by the database
      */
-    return(nickname);
+    return (nickname);
 }
 /* ===== ENCODING ROUTINES ===== */
 
 static SECStatus
 encodePWCheckEntry(PLArenaPool *arena, SECItem *entry, SECOidTag alg,
-		   SECItem *encCheck)
+                   SECItem *encCheck)
 {
     SECOidData *oidData;
-    
+
     oidData = SECOID_FindOIDByTag(alg);
-    if ( oidData == NULL ) {
-	return SECFailure;
+    if (oidData == NULL) {
+        return SECFailure;
     }
 
     entry->len = 1 + oidData->oid.len + encCheck->len;
-    if ( arena ) {
-	entry->data = (unsigned char *)PORT_ArenaAlloc(arena, entry->len);
+    if (arena) {
+        entry->data = (unsigned char *)PORT_ArenaAlloc(arena, entry->len);
     } else {
-	entry->data = (unsigned char *)PORT_Alloc(entry->len);
+        entry->data = (unsigned char *)PORT_Alloc(entry->len);
     }
-    
-    if ( entry->data == NULL ) {
-	return SECFailure;
+
+    if (entry->data == NULL) {
+        return SECFailure;
     }
-	
+
     /* first length of oid */
     entry->data[0] = (unsigned char)oidData->oid.len;
     /* next oid itself */
     PORT_Memcpy(&entry->data[1], oidData->oid.data, oidData->oid.len);
     /* finally the encrypted check string */
-    PORT_Memcpy(&entry->data[1+oidData->oid.len], encCheck->data,
-		encCheck->len);
+    PORT_Memcpy(&entry->data[1 + oidData->oid.len], encCheck->data,
+                encCheck->len);
 
     return SECSuccess;
 }
-    
 
-#define MAX_DB_SIZE 0xffff 
+#define MAX_DB_SIZE 0xffff
 /*
  * Clear out all the keys in the existing database
  */
 static SECStatus
 nsslowkey_ResetKeyDB(NSSLOWKEYDBHandle *handle)
 {
     SECStatus rv;
     int errors = 0;
 
-    if ( handle->db == NULL ) {
-	return(SECSuccess);
+    if (handle->db == NULL) {
+        return (SECSuccess);
     }
 
     if (handle->readOnly) {
-	/* set an error code */
-	return SECFailure;
-     }
+        /* set an error code */
+        return SECFailure;
+    }
 
     if (handle->appname == NULL && handle->dbname == NULL) {
-	return SECFailure;
+        return SECFailure;
     }
 
     keydb_Close(handle);
     if (handle->appname) {
-	handle->db= 
-	    rdbopen(handle->appname, handle->dbname, "key", NO_CREATE, NULL);
+        handle->db =
+            rdbopen(handle->appname, handle->dbname, "key", NO_CREATE, NULL);
     } else {
-	handle->db = dbopen( handle->dbname, NO_CREATE, 0600, DB_HASH, 0 );
+        handle->db = dbopen(handle->dbname, NO_CREATE, 0600, DB_HASH, 0);
     }
     if (handle->db == NULL) {
-	/* set an error code */
-	return SECFailure;
+        /* set an error code */
+        return SECFailure;
     }
-    
+
     rv = makeGlobalVersion(handle);
-    if ( rv != SECSuccess ) {
-	errors++;
-	goto done;
+    if (rv != SECSuccess) {
+        errors++;
+        goto done;
     }
 
     if (handle->global_salt) {
-	rv = StoreKeyDBGlobalSalt(handle, handle->global_salt);
+        rv = StoreKeyDBGlobalSalt(handle, handle->global_salt);
     } else {
-	rv = makeGlobalSalt(handle);
-	if ( rv == SECSuccess ) {
-	    handle->global_salt = GetKeyDBGlobalSalt(handle);
-	}
+        rv = makeGlobalSalt(handle);
+        if (rv == SECSuccess) {
+            handle->global_salt = GetKeyDBGlobalSalt(handle);
+        }
     }
-    if ( rv != SECSuccess ) {
-	errors++;
+    if (rv != SECSuccess) {
+        errors++;
     }
 
 done:
     /* sync the database */
     (void)keydb_Sync(handle, 0);
     db_InitComplete(handle->db);
 
     return (errors == 0 ? SECSuccess : SECFailure);
 }
 
 static int
 keydb_Get(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
 {
     int ret;
     PRLock *kdbLock = kdb->lock;
     DB *db = kdb->db;
-    
+
     PORT_Assert(kdbLock != NULL);
     PZ_Lock(kdbLock);
 
-    ret = (* db->get)(db, key, data, flags);
+    ret = (*db->get)(db, key, data, flags);
 
     (void)PZ_Unlock(kdbLock);
 
-    return(ret);
+    return (ret);
 }
 
 static int
 keydb_Put(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
 {
     int ret = 0;
     PRLock *kdbLock = kdb->lock;
     DB *db = kdb->db;
 
     PORT_Assert(kdbLock != NULL);
     PZ_Lock(kdbLock);
 
-    ret = (* db->put)(db, key, data, flags);
-    
+    ret = (*db->put)(db, key, data, flags);
+
     (void)PZ_Unlock(kdbLock);
 
-    return(ret);
+    return (ret);
 }
 
 static int
 keydb_Sync(NSSLOWKEYDBHandle *kdb, unsigned int flags)
 {
     int ret;
     PRLock *kdbLock = kdb->lock;
     DB *db = kdb->db;
 
     PORT_Assert(kdbLock != NULL);
     PZ_Lock(kdbLock);
 
-    ret = (* db->sync)(db, flags);
-    
+    ret = (*db->sync)(db, flags);
+
     (void)PZ_Unlock(kdbLock);
 
-    return(ret);
+    return (ret);
 }
 
 static int
 keydb_Del(NSSLOWKEYDBHandle *kdb, DBT *key, unsigned int flags)
 {
     int ret;
     PRLock *kdbLock = kdb->lock;
     DB *db = kdb->db;
 
     PORT_Assert(kdbLock != NULL);
     PZ_Lock(kdbLock);
 
-    ret = (* db->del)(db, key, flags);
-    
+    ret = (*db->del)(db, key, flags);
+
     (void)PZ_Unlock(kdbLock);
 
-    return(ret);
+    return (ret);
 }
 
 static int
 keydb_Seq(NSSLOWKEYDBHandle *kdb, DBT *key, DBT *data, unsigned int flags)
 {
     int ret;
     PRLock *kdbLock = kdb->lock;
     DB *db = kdb->db;
-    
+
     PORT_Assert(kdbLock != NULL);
     PZ_Lock(kdbLock);
-    
-    ret = (* db->seq)(db, key, data, flags);
+
+    ret = (*db->seq)(db, key, data, flags);
 
     (void)PZ_Unlock(kdbLock);
 
-    return(ret);
+    return (ret);
 }
 
 static void
 keydb_Close(NSSLOWKEYDBHandle *kdb)
 {
     PRLock *kdbLock = kdb->lock;
     DB *db = kdb->db;
 
     PORT_Assert(kdbLock != NULL);
     SKIP_AFTER_FORK(PZ_Lock(kdbLock));
 
-    (* db->close)(db);
-    
+    (*db->close)(db);
+
     SKIP_AFTER_FORK(PZ_Unlock(kdbLock));
 
     return;
 }
 
 /*
- * SDB Entry Points for the Key DB 
+ * SDB Entry Points for the Key DB
  */
 
 CK_RV
 lg_GetMetaData(SDB *sdb, const char *id, SECItem *item1, SECItem *item2)
 {
     NSSLOWKEYDBHandle *keydb;
     NSSLOWKEYPasswordEntry entry;
     SECStatus rv;
 
     keydb = lg_getKeyDB(sdb);
     if (keydb == NULL) {
         return CKR_TOKEN_WRITE_PROTECTED;
     }
-    if (PORT_Strcmp(id,"password") != 0) {
-	/* shouldn't happen */
-	return CKR_GENERAL_ERROR; /* no extra data stored */
+    if (PORT_Strcmp(id, "password") != 0) {
+        /* shouldn't happen */
+        return CKR_GENERAL_ERROR; /* no extra data stored */
     }
     rv = nsslowkey_GetPWCheckEntry(keydb, &entry);
     if (rv != SECSuccess) {
         return CKR_GENERAL_ERROR;
     }
     item1->len = entry.salt.len;
     PORT_Memcpy(item1->data, entry.salt.data, item1->len);
     item2->len = entry.value.len;
     PORT_Memcpy(item2->data, entry.value.data, item2->len);
     return CKR_OK;
 }
 
 CK_RV
-lg_PutMetaData(SDB *sdb, const char *id, 
-	       const SECItem *item1, const SECItem *item2)
+lg_PutMetaData(SDB *sdb, const char *id,
+               const SECItem *item1, const SECItem *item2)
 {
     NSSLOWKEYDBHandle *keydb;
     NSSLOWKEYPasswordEntry entry;
     SECStatus rv;
 
     keydb = lg_getKeyDB(sdb);
     if (keydb == NULL) {
         return CKR_TOKEN_WRITE_PROTECTED;
     }
-    if (PORT_Strcmp(id,"password") != 0) {
-	/* shouldn't happen */
-	return CKR_GENERAL_ERROR; /* no extra data stored */
+    if (PORT_Strcmp(id, "password") != 0) {
+        /* shouldn't happen */
+        return CKR_GENERAL_ERROR; /* no extra data stored */
     }
     entry.salt = *item1;
     entry.value = *item2;
     rv = nsslowkey_PutPWCheckEntry(keydb, &entry);
     if (rv != SECSuccess) {
         return CKR_GENERAL_ERROR;
     }
     return CKR_OK;
@@ -2253,9 +2241,8 @@ lg_Reset(SDB *sdb)
         return CKR_TOKEN_WRITE_PROTECTED;
     }
     rv = nsslowkey_ResetKeyDB(keydb);
     if (rv != SECSuccess) {
         return CKR_GENERAL_ERROR;
     }
     return CKR_OK;
 }
-
--- a/lib/softoken/legacydb/keydbi.h
+++ b/lib/softoken/legacydb/keydbi.h
@@ -12,42 +12,41 @@
 #include "seccomon.h"
 #include "mcom_db.h"
 
 /*
  * Handle structure for open key databases
  */
 struct NSSLOWKEYDBHandleStr {
     DB *db;
-    DB *updatedb;		/* used when updating an old version */
-    SECItem *global_salt;	/* password hashing salt for this db */
-    int version;		/* version of the database */
-    char *appname;		/* multiaccess app name */
-    char *dbname;		/* name of the openned DB */
-    PRBool readOnly;		/* is the DB read only */
+    DB *updatedb;         /* used when updating an old version */
+    SECItem *global_salt; /* password hashing salt for this db */
+    int version;          /* version of the database */
+    char *appname;        /* multiaccess app name */
+    char *dbname;         /* name of the openned DB */
+    PRBool readOnly;      /* is the DB read only */
     PRLock *lock;
-    PRInt32 ref;		/* reference count */
+    PRInt32 ref; /* reference count */
 };
 
 /*
 ** Typedef for callback for traversing key database.
 **      "key" is the key used to index the data in the database (nickname)
 **      "data" is the key data
-**      "pdata" is the user's data 
+**      "pdata" is the user's data
 */
-typedef SECStatus (* NSSLOWKEYTraverseKeysFunc)(DBT *key, DBT *data, void *pdata);
-
+typedef SECStatus (*NSSLOWKEYTraverseKeysFunc)(DBT *key, DBT *data, void *pdata);
 
 SEC_BEGIN_PROTOS
 
 /*
-** Traverse the entire key database, and pass the nicknames and keys to a 
+** Traverse the entire key database, and pass the nicknames and keys to a
 ** user supplied function.
 **      "f" is the user function to call for each key
 **      "udata" is the user's data, which is passed through to "f"
 */
-extern SECStatus nsslowkey_TraverseKeys(NSSLOWKEYDBHandle *handle, 
-				NSSLOWKEYTraverseKeysFunc f,
-				void *udata);
+extern SECStatus nsslowkey_TraverseKeys(NSSLOWKEYDBHandle *handle,
+                                        NSSLOWKEYTraverseKeysFunc f,
+                                        void *udata);
 
 SEC_END_PROTOS
 
 #endif /* _KEYDBI_H_ */
--- a/lib/softoken/legacydb/lgattr.c
+++ b/lib/softoken/legacydb/lgattr.c
@@ -13,1371 +13,1374 @@
 #include "blapi.h"
 #include "secerr.h"
 #include "secasn1.h"
 
 /*
  * Cache the object we are working on during Set's and Get's
  */
 typedef struct LGObjectCacheStr {
-    CK_OBJECT_CLASS  objclass;
+    CK_OBJECT_CLASS objclass;
     CK_OBJECT_HANDLE handle;
-    SDB              *sdb;
-    void             *objectInfo;
-    LGFreeFunc       infoFree;
-    SECItem          dbKey;
+    SDB *sdb;
+    void *objectInfo;
+    LGFreeFunc infoFree;
+    SECItem dbKey;
 } LGObjectCache;
 
 static const CK_OBJECT_HANDLE lg_classArray[] = {
     0, CKO_PRIVATE_KEY, CKO_PUBLIC_KEY, CKO_SECRET_KEY,
     CKO_NSS_TRUST, CKO_NSS_CRL, CKO_NSS_SMIME,
-     CKO_CERTIFICATE };
+    CKO_CERTIFICATE
+};
 
 #define handleToClass(handle) \
-    lg_classArray[((handle & LG_TOKEN_TYPE_MASK))>>LG_TOKEN_TYPE_SHIFT]
-
+    lg_classArray[((handle & LG_TOKEN_TYPE_MASK)) >> LG_TOKEN_TYPE_SHIFT]
 
 static void lg_DestroyObjectCache(LGObjectCache *obj);
 
 static LGObjectCache *
 lg_NewObjectCache(SDB *sdb, const SECItem *dbKey, CK_OBJECT_HANDLE handle)
 {
     LGObjectCache *obj = NULL;
     SECStatus rv;
 
     obj = PORT_New(LGObjectCache);
     if (obj == NULL) {
-	return NULL;
+        return NULL;
     }
 
     obj->objclass = handleToClass(handle);
     obj->handle = handle;
     obj->sdb = sdb;
     obj->objectInfo = NULL;
     obj->infoFree = NULL;
     obj->dbKey.data = NULL;
     obj->dbKey.len = 0;
     lg_DBLock(sdb);
     if (dbKey == NULL) {
-	dbKey = lg_lookupTokenKeyByHandle(sdb,handle);
+        dbKey = lg_lookupTokenKeyByHandle(sdb, handle);
     }
     if (dbKey == NULL) {
-	lg_DBUnlock(sdb);
-	goto loser;
+        lg_DBUnlock(sdb);
+        goto loser;
     }
-    rv = SECITEM_CopyItem(NULL,&obj->dbKey,dbKey);
+    rv = SECITEM_CopyItem(NULL, &obj->dbKey, dbKey);
     lg_DBUnlock(sdb);
     if (rv != SECSuccess) {
-	goto loser;
+        goto loser;
     }
 
     return obj;
 loser:
-    (void) lg_DestroyObjectCache(obj);
+    (void)lg_DestroyObjectCache(obj);
     return NULL;
 }
 
 /*
  * free all the data associated with an object. Object reference count must
  * be 'zero'.
  */
 static void
 lg_DestroyObjectCache(LGObjectCache *obj)
 {
     if (obj->dbKey.data) {
-	PORT_Free(obj->dbKey.data);
-	obj->dbKey.data = NULL;
-    } 
+        PORT_Free(obj->dbKey.data);
+        obj->dbKey.data = NULL;
+    }
     if (obj->objectInfo) {
-	(*obj->infoFree)(obj->objectInfo);
-	obj->objectInfo = NULL;
-	obj->infoFree = NULL;
+        (*obj->infoFree)(obj->objectInfo);
+        obj->objectInfo = NULL;
+        obj->infoFree = NULL;
     }
     PORT_Free(obj);
 }
 /*
  * ******************** Attribute Utilities *******************************
  */
 
 static CK_RV
 lg_ULongAttribute(CK_ATTRIBUTE *attr, CK_ATTRIBUTE_TYPE type, CK_ULONG value)
 {
     unsigned char *data;
     int i;
 
     if (attr->pValue == NULL) {
-	attr->ulValueLen = 4;
-	return CKR_OK;
+        attr->ulValueLen = 4;
+        return CKR_OK;
     }
     if (attr->ulValueLen < 4) {
-	attr->ulValueLen = (CK_ULONG) -1;
-	return CKR_BUFFER_TOO_SMALL;
+        attr->ulValueLen = (CK_ULONG)-1;
+        return CKR_BUFFER_TOO_SMALL;
     }
 
     data = (unsigned char *)attr->pValue;
-    for (i=0; i < 4; i++) {
-	data[i] = (value >> ((3-i)*8)) & 0xff;
+    for (i = 0; i < 4; i++) {
+        data[i] = (value >> ((3 - i) * 8)) & 0xff;
     }
     attr->ulValueLen = 4;
     return CKR_OK;
 }
 
 static CK_RV
-lg_CopyAttribute(CK_ATTRIBUTE *attr, CK_ATTRIBUTE_TYPE type, 
-				CK_VOID_PTR value, CK_ULONG len)
+lg_CopyAttribute(CK_ATTRIBUTE *attr, CK_ATTRIBUTE_TYPE type,
+                 CK_VOID_PTR value, CK_ULONG len)
 {
 
     if (attr->pValue == NULL) {
-	attr->ulValueLen = len;
-	return CKR_OK;
+        attr->ulValueLen = len;
+        return CKR_OK;
     }
     if (attr->ulValueLen < len) {
-	attr->ulValueLen = (CK_ULONG) -1;
-	return CKR_BUFFER_TOO_SMALL;
+        attr->ulValueLen = (CK_ULONG)-1;
+        return CKR_BUFFER_TOO_SMALL;
     }
     if (value != NULL) {
-	PORT_Memcpy(attr->pValue,value,len);
+        PORT_Memcpy(attr->pValue, value, len);
     }
     attr->ulValueLen = len;
     return CKR_OK;
 }
 
 static CK_RV
-lg_CopyAttributeSigned(CK_ATTRIBUTE *attribute, CK_ATTRIBUTE_TYPE type, 
-				void  *value, CK_ULONG len)
+lg_CopyAttributeSigned(CK_ATTRIBUTE *attribute, CK_ATTRIBUTE_TYPE type,
+                       void *value, CK_ULONG len)
 {
-    unsigned char * dval = (unsigned char *)value;
+    unsigned char *dval = (unsigned char *)value;
     if (*dval == 0) {
-	dval++;
-	len--;
+        dval++;
+        len--;
     }
-    return lg_CopyAttribute(attribute,type,dval,len);
+    return lg_CopyAttribute(attribute, type, dval, len);
 }
 
 static CK_RV
-lg_CopyPrivAttribute(CK_ATTRIBUTE *attribute, CK_ATTRIBUTE_TYPE type, 
-				void  *value, CK_ULONG len, SDB *sdbpw)
+lg_CopyPrivAttribute(CK_ATTRIBUTE *attribute, CK_ATTRIBUTE_TYPE type,
+                     void *value, CK_ULONG len, SDB *sdbpw)
 {
     SECItem plainText, *cipherText = NULL;
     CK_RV crv = CKR_USER_NOT_LOGGED_IN;
     SECStatus rv;
 
     plainText.data = value;
     plainText.len = len;
     rv = lg_util_encrypt(NULL, sdbpw, &plainText, &cipherText);
     if (rv != SECSuccess) {
-	goto loser;
+        goto loser;
     }
-    crv = lg_CopyAttribute(attribute,type,cipherText->data,cipherText->len);
+    crv = lg_CopyAttribute(attribute, type, cipherText->data, cipherText->len);
 loser:
     if (cipherText) {
-	SECITEM_FreeItem(cipherText,PR_TRUE);
+        SECITEM_FreeItem(cipherText, PR_TRUE);
     }
     return crv;
 }
 
 static CK_RV
-lg_CopyPrivAttrSigned(CK_ATTRIBUTE *attribute, CK_ATTRIBUTE_TYPE type, 
-				void  *value, CK_ULONG len, SDB *sdbpw)
+lg_CopyPrivAttrSigned(CK_ATTRIBUTE *attribute, CK_ATTRIBUTE_TYPE type,
+                      void *value, CK_ULONG len, SDB *sdbpw)
 {
-    unsigned char * dval = (unsigned char *)value;
+    unsigned char *dval = (unsigned char *)value;
 
     if (*dval == 0) {
-	dval++;
-	len--;
+        dval++;
+        len--;
     }
-    return lg_CopyPrivAttribute(attribute,type,dval,len,sdbpw);
+    return lg_CopyPrivAttribute(attribute, type, dval, len, sdbpw);
 }
 
 static CK_RV
 lg_invalidAttribute(CK_ATTRIBUTE *attr)
 {
-    attr->ulValueLen = (CK_ULONG) -1;
+    attr->ulValueLen = (CK_ULONG)-1;
     return CKR_ATTRIBUTE_TYPE_INVALID;
 }
 
-
-#define LG_DEF_ATTRIBUTE(value,len) \
-   { 0, value, len }
+#define LG_DEF_ATTRIBUTE(value, len) \
+    {                                \
+        0, value, len                \
+    }
 
 #define LG_CLONE_ATTR(attribute, type, staticAttr) \
     lg_CopyAttribute(attribute, type, staticAttr.pValue, staticAttr.ulValueLen)
 
 CK_BBOOL lg_staticTrueValue = CK_TRUE;
 CK_BBOOL lg_staticFalseValue = CK_FALSE;
-static const CK_ATTRIBUTE lg_StaticTrueAttr = 
-  LG_DEF_ATTRIBUTE(&lg_staticTrueValue,sizeof(lg_staticTrueValue));
-static const CK_ATTRIBUTE lg_StaticFalseAttr = 
-  LG_DEF_ATTRIBUTE(&lg_staticFalseValue,sizeof(lg_staticFalseValue));
-static const CK_ATTRIBUTE lg_StaticNullAttr = LG_DEF_ATTRIBUTE(NULL,0);
+static const CK_ATTRIBUTE lg_StaticTrueAttr =
+    LG_DEF_ATTRIBUTE(&lg_staticTrueValue, sizeof(lg_staticTrueValue));
+static const CK_ATTRIBUTE lg_StaticFalseAttr =
+    LG_DEF_ATTRIBUTE(&lg_staticFalseValue, sizeof(lg_staticFalseValue));
+static const CK_ATTRIBUTE lg_StaticNullAttr = LG_DEF_ATTRIBUTE(NULL, 0);
 char lg_StaticOneValue = 1;
 
 /*
- * helper functions which get the database and call the underlying 
+ * helper functions which get the database and call the underlying
  * low level database function.
  */
 static char *
 lg_FindKeyNicknameByPublicKey(SDB *sdb, SECItem *dbKey)
 {
     NSSLOWKEYDBHandle *keyHandle;
-    char * label;
+    char *label;
 
     keyHandle = lg_getKeyDB(sdb);
     if (!keyHandle) {
-	return NULL;
+        return NULL;
     }
 
-    label = nsslowkey_FindKeyNicknameByPublicKey(keyHandle, dbKey, 
-						 sdb);
+    label = nsslowkey_FindKeyNicknameByPublicKey(keyHandle, dbKey,
+                                                 sdb);
     return label;
 }
 
-
 NSSLOWKEYPrivateKey *
 lg_FindKeyByPublicKey(SDB *sdb, SECItem *dbKey)
 {
     NSSLOWKEYPrivateKey *privKey;
-    NSSLOWKEYDBHandle   *keyHandle;
+    NSSLOWKEYDBHandle *keyHandle;
 
     keyHandle = lg_getKeyDB(sdb);
     if (keyHandle == NULL) {
-	return NULL;
+        return NULL;
     }
     privKey = nsslowkey_FindKeyByPublicKey(keyHandle, dbKey, sdb);
     if (privKey == NULL) {
-	return NULL;
+        return NULL;
     }
     return privKey;
 }
 
 static certDBEntrySMime *
 lg_getSMime(LGObjectCache *obj)
 {
     certDBEntrySMime *entry;
     NSSLOWCERTCertDBHandle *certHandle;
 
     if (obj->objclass != CKO_NSS_SMIME) {
-	return NULL;
+        return NULL;
     }
     if (obj->objectInfo) {
-	return (certDBEntrySMime *)obj->objectInfo;
+        return (certDBEntrySMime *)obj->objectInfo;
     }
 
     certHandle = lg_getCertDB(obj->sdb);
     if (!certHandle) {
-	return NULL;
+        return NULL;
     }
     entry = nsslowcert_ReadDBSMimeEntry(certHandle, (char *)obj->dbKey.data);
     obj->objectInfo = (void *)entry;
-    obj->infoFree = (LGFreeFunc) nsslowcert_DestroyDBEntry;
+    obj->infoFree = (LGFreeFunc)nsslowcert_DestroyDBEntry;
     return entry;
 }
 
 static certDBEntryRevocation *
 lg_getCrl(LGObjectCache *obj)
 {
     certDBEntryRevocation *crl;
     PRBool isKrl;
     NSSLOWCERTCertDBHandle *certHandle;
 
     if (obj->objclass != CKO_NSS_CRL) {
-	return NULL;
+        return NULL;
     }
     if (obj->objectInfo) {
-	return (certDBEntryRevocation *)obj->objectInfo;
+        return (certDBEntryRevocation *)obj->objectInfo;
     }
 
-    isKrl = (PRBool) (obj->handle == LG_TOKEN_KRL_HANDLE);
+    isKrl = (PRBool)(obj->handle == LG_TOKEN_KRL_HANDLE);
     certHandle = lg_getCertDB(obj->sdb);
     if (!certHandle) {
-	return NULL;
+        return NULL;
     }
 
     crl = nsslowcert_FindCrlByKey(certHandle, &obj->dbKey, isKrl);
     obj->objectInfo = (void *)crl;
-    obj->infoFree = (LGFreeFunc) nsslowcert_DestroyDBEntry;
+    obj->infoFree = (LGFreeFunc)nsslowcert_DestroyDBEntry;
     return crl;
 }
 
 static NSSLOWCERTCertificate *
 lg_getCert(LGObjectCache *obj, NSSLOWCERTCertDBHandle *certHandle)
 {
     NSSLOWCERTCertificate *cert;
     CK_OBJECT_CLASS objClass = obj->objclass;
 
     if ((objClass != CKO_CERTIFICATE) && (objClass != CKO_NSS_TRUST)) {
-	return NULL;
+        return NULL;
     }
     if (objClass == CKO_CERTIFICATE && obj->objectInfo) {
-	return (NSSLOWCERTCertificate *)obj->objectInfo;
+        return (NSSLOWCERTCertificate *)obj->objectInfo;
     }
     cert = nsslowcert_FindCertByKey(certHandle, &obj->dbKey);
     if (objClass == CKO_CERTIFICATE) {
-	obj->objectInfo = (void *)cert;
-	obj->infoFree = (LGFreeFunc) nsslowcert_DestroyCertificate ;
+        obj->objectInfo = (void *)cert;
+        obj->infoFree = (LGFreeFunc)nsslowcert_DestroyCertificate;
     }
     return cert;
 }
 
 static NSSLOWCERTTrust *
 lg_getTrust(LGObjectCache *obj, NSSLOWCERTCertDBHandle *certHandle)
 {
     NSSLOWCERTTrust *trust;
 
     if (obj->objclass != CKO_NSS_TRUST) {
-	return NULL;
+        return NULL;
     }
     if (obj->objectInfo) {
-	return (NSSLOWCERTTrust *)obj->objectInfo;
+        return (NSSLOWCERTTrust *)obj->objectInfo;
     }
     trust = nsslowcert_FindTrustByKey(certHandle, &obj->dbKey);
     obj->objectInfo = (void *)trust;
-    obj->infoFree = (LGFreeFunc) nsslowcert_DestroyTrust ;
+    obj->infoFree = (LGFreeFunc)nsslowcert_DestroyTrust;
     return trust;
 }
 
 static NSSLOWKEYPublicKey *
 lg_GetPublicKey(LGObjectCache *obj)
 {
     NSSLOWKEYPublicKey *pubKey;
     NSSLOWKEYPrivateKey *privKey;
 
     if (obj->objclass != CKO_PUBLIC_KEY) {
-	return NULL;
+        return NULL;
     }
     if (obj->objectInfo) {
-	return (NSSLOWKEYPublicKey *)obj->objectInfo;
+        return (NSSLOWKEYPublicKey *)obj->objectInfo;
     }
     privKey = lg_FindKeyByPublicKey(obj->sdb, &obj->dbKey);
     if (privKey == NULL) {
-	return NULL;
+        return NULL;
     }
     pubKey = lg_nsslowkey_ConvertToPublicKey(privKey);
     lg_nsslowkey_DestroyPrivateKey(privKey);
-    obj->objectInfo = (void *) pubKey;
-    obj->infoFree = (LGFreeFunc) lg_nsslowkey_DestroyPublicKey ;
+    obj->objectInfo = (void *)pubKey;
+    obj->infoFree = (LGFreeFunc)lg_nsslowkey_DestroyPublicKey;
     return pubKey;
 }
 
 /*
- * we need two versions of lg_GetPrivateKey. One version that takes the 
+ * we need two versions of lg_GetPrivateKey. One version that takes the
  * DB handle so we can pass the handle we have already acquired in,
- *  rather than going through the 'getKeyDB' code again, 
+ *  rather than going through the 'getKeyDB' code again,
  *  which may fail the second time and another which just aquires
  *  the key handle from the sdb (where we don't already have a key handle.
  * This version does the former.
  */
 static NSSLOWKEYPrivateKey *
 lg_GetPrivateKeyWithDB(LGObjectCache *obj, NSSLOWKEYDBHandle *keyHandle)
 {
     NSSLOWKEYPrivateKey *privKey;
 
-    if ((obj->objclass != CKO_PRIVATE_KEY) && 
-			(obj->objclass != CKO_SECRET_KEY)) {
-	return NULL;
+    if ((obj->objclass != CKO_PRIVATE_KEY) &&
+        (obj->objclass != CKO_SECRET_KEY)) {
+        return NULL;
     }
     if (obj->objectInfo) {
-	return (NSSLOWKEYPrivateKey *)obj->objectInfo;
+        return (NSSLOWKEYPrivateKey *)obj->objectInfo;
     }
     privKey = nsslowkey_FindKeyByPublicKey(keyHandle, &obj->dbKey, obj->sdb);
     if (privKey == NULL) {
-	return NULL;
+        return NULL;
     }
-    obj->objectInfo = (void *) privKey;
-    obj->infoFree = (LGFreeFunc) lg_nsslowkey_DestroyPrivateKey ;
+    obj->objectInfo = (void *)privKey;
+    obj->infoFree = (LGFreeFunc)lg_nsslowkey_DestroyPrivateKey;
     return privKey;
 }
 
 /* this version does the latter */
 static NSSLOWKEYPrivateKey *
 lg_GetPrivateKey(LGObjectCache *obj)
 {
     NSSLOWKEYDBHandle *keyHandle;
     NSSLOWKEYPrivateKey *privKey;
 
     keyHandle = lg_getKeyDB(obj->sdb);
     if (!keyHandle) {
-	return NULL;
+        return NULL;
     }
     privKey = lg_GetPrivateKeyWithDB(obj, keyHandle);
     return privKey;
 }
 
 /* lg_GetPubItem returns data associated with the public key.
  * one only needs to free the public key. This comment is here
  * because this sematic would be non-obvious otherwise. All callers
  * should include this comment.
  */
 static SECItem *
-lg_GetPubItem(NSSLOWKEYPublicKey *pubKey) {
+lg_GetPubItem(NSSLOWKEYPublicKey *pubKey)
+{
     SECItem *pubItem = NULL;
     /* get value to compare from the cert's public key */
-    switch ( pubKey->keyType ) {
-    case NSSLOWKEYRSAKey:
-	    pubItem = &pubKey->u.rsa.modulus;
-	    break;
-    case NSSLOWKEYDSAKey:
-	    pubItem = &pubKey->u.dsa.publicValue;
-	    break;
-    case NSSLOWKEYDHKey:
-	    pubItem = &pubKey->u.dh.publicValue;
-	    break;
+    switch (pubKey->keyType) {
+        case NSSLOWKEYRSAKey:
+            pubItem = &pubKey->u.rsa.modulus;
+            break;
+        case NSSLOWKEYDSAKey:
+            pubItem = &pubKey->u.dsa.publicValue;
+            break;
+        case NSSLOWKEYDHKey:
+            pubItem = &pubKey->u.dh.publicValue;
+            break;
 #ifndef NSS_DISABLE_ECC
-    case NSSLOWKEYECKey:
-	    pubItem = &pubKey->u.ec.publicValue;
-	    break;
+        case NSSLOWKEYECKey:
+            pubItem = &pubKey->u.ec.publicValue;
+            break;
 #endif /* NSS_DISABLE_ECC */
-    default:
-	    break;
+        default:
+            break;
     }
     return pubItem;
 }
 
 static CK_RV
 lg_FindRSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
-				CK_ATTRIBUTE *attribute)
+                             CK_ATTRIBUTE *attribute)
 {
     unsigned char hash[SHA1_LENGTH];
     CK_KEY_TYPE keyType = CKK_RSA;
 
     switch (type) {
-    case CKA_KEY_TYPE:
-	return lg_ULongAttribute(attribute, type, keyType);
-    case CKA_ID:
-	SHA1_HashBuf(hash,key->u.rsa.modulus.data,key->u.rsa.modulus.len);
-	return lg_CopyAttribute(attribute,type,hash,SHA1_LENGTH);
-    case CKA_DERIVE:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-    case CKA_ENCRYPT:
-    case CKA_VERIFY:
-    case CKA_VERIFY_RECOVER:
-    case CKA_WRAP:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticTrueAttr);
-    case CKA_MODULUS:
-	return lg_CopyAttributeSigned(attribute,type,key->u.rsa.modulus.data,
-					key->u.rsa.modulus.len);
-    case CKA_PUBLIC_EXPONENT:
-	return lg_CopyAttributeSigned(attribute, type,
-				key->u.rsa.publicExponent.data,
-				key->u.rsa.publicExponent.len);
-    default:
-	break;
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.rsa.modulus.data, key->u.rsa.modulus.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_ENCRYPT:
+        case CKA_VERIFY:
+        case CKA_VERIFY_RECOVER:
+        case CKA_WRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_MODULUS:
+            return lg_CopyAttributeSigned(attribute, type, key->u.rsa.modulus.data,
+                                          key->u.rsa.modulus.len);
+        case CKA_PUBLIC_EXPONENT:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.rsa.publicExponent.data,
+                                          key->u.rsa.publicExponent.len);
+        default:
+            break;
     }
     return lg_invalidAttribute(attribute);
 }
 
 static CK_RV
 lg_FindDSAPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
-				CK_ATTRIBUTE *attribute)
+                             CK_ATTRIBUTE *attribute)
 {
     unsigned char hash[SHA1_LENGTH];
     CK_KEY_TYPE keyType = CKK_DSA;
 
     switch (type) {
-    case CKA_KEY_TYPE:
-	return lg_ULongAttribute(attribute, type, keyType);
-    case CKA_ID:
-	SHA1_HashBuf(hash,key->u.dsa.publicValue.data,
-						key->u.dsa.publicValue.len);
-	return lg_CopyAttribute(attribute,type,hash,SHA1_LENGTH);
-    case CKA_DERIVE:
-    case CKA_ENCRYPT:
-    case CKA_VERIFY_RECOVER:
-    case CKA_WRAP:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-    case CKA_VERIFY:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticTrueAttr);
-    case CKA_VALUE:
-	return lg_CopyAttributeSigned(attribute,type,
-					key->u.dsa.publicValue.data,
-					key->u.dsa.publicValue.len);
-    case CKA_PRIME:
-	return lg_CopyAttributeSigned(attribute,type,
-					key->u.dsa.params.prime.data,
-					key->u.dsa.params.prime.len);
-    case CKA_SUBPRIME:
-	return lg_CopyAttributeSigned(attribute,type,
-				key->u.dsa.params.subPrime.data,
-				key->u.dsa.params.subPrime.len);
-    case CKA_BASE:
-	return lg_CopyAttributeSigned(attribute,type,
-					key->u.dsa.params.base.data,
-					key->u.dsa.params.base.len);
-    default:
-	break;
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.dsa.publicValue.data,
+                         key->u.dsa.publicValue.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+        case CKA_ENCRYPT:
+        case CKA_VERIFY_RECOVER:
+        case CKA_WRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_VERIFY:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_VALUE:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.publicValue.data,
+                                          key->u.dsa.publicValue.len);
+        case CKA_PRIME:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.params.prime.data,
+                                          key->u.dsa.params.prime.len);
+        case CKA_SUBPRIME:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.params.subPrime.data,
+                                          key->u.dsa.params.subPrime.len);
+        case CKA_BASE:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.params.base.data,
+                                          key->u.dsa.params.base.len);
+        default:
+            break;
     }
     return lg_invalidAttribute(attribute);
 }
 
 static CK_RV
 lg_FindDHPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
-				CK_ATTRIBUTE *attribute)
+                            CK_ATTRIBUTE *attribute)
 {
     unsigned char hash[SHA1_LENGTH];
     CK_KEY_TYPE keyType = CKK_DH;
 
     switch (type) {
-    case CKA_KEY_TYPE:
-	return lg_ULongAttribute(attribute, type, keyType);
-    case CKA_ID:
-	SHA1_HashBuf(hash,key->u.dh.publicValue.data,key->u.dh.publicValue.len);
-	return lg_CopyAttribute(attribute,type,hash,SHA1_LENGTH);
-    case CKA_DERIVE:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticTrueAttr);
-    case CKA_ENCRYPT:
-    case CKA_VERIFY:
-    case CKA_VERIFY_RECOVER:
-    case CKA_WRAP:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-    case CKA_VALUE:
-	return lg_CopyAttributeSigned(attribute,type,
-					key->u.dh.publicValue.data,
-					key->u.dh.publicValue.len);
-    case CKA_PRIME:
-	return lg_CopyAttributeSigned(attribute,type,key->u.dh.prime.data,
-					key->u.dh.prime.len);
-    case CKA_BASE:
-	return lg_CopyAttributeSigned(attribute,type,key->u.dh.base.data,
-					key->u.dh.base.len);
-    default:
-	break;
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.dh.publicValue.data, key->u.dh.publicValue.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_ENCRYPT:
+        case CKA_VERIFY:
+        case CKA_VERIFY_RECOVER:
+        case CKA_WRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_VALUE:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dh.publicValue.data,
+                                          key->u.dh.publicValue.len);
+        case CKA_PRIME:
+            return lg_CopyAttributeSigned(attribute, type, key->u.dh.prime.data,
+                                          key->u.dh.prime.len);
+        case CKA_BASE:
+            return lg_CopyAttributeSigned(attribute, type, key->u.dh.base.data,
+                                          key->u.dh.base.len);
+        default:
+            break;
     }
     return lg_invalidAttribute(attribute);
 }
 
 #ifndef NSS_DISABLE_ECC
 static CK_RV
 lg_FindECPublicKeyAttribute(NSSLOWKEYPublicKey *key, CK_ATTRIBUTE_TYPE type,
-				CK_ATTRIBUTE *attribute)
+                            CK_ATTRIBUTE *attribute)
 {
     unsigned char hash[SHA1_LENGTH];
     CK_KEY_TYPE keyType = CKK_EC;
 
     switch (type) {
-    case CKA_KEY_TYPE:
-	return lg_ULongAttribute(attribute, type, keyType);
-    case CKA_ID:
-	SHA1_HashBuf(hash, key->u.ec.publicValue.data,
-		     key->u.ec.publicValue.len);
-	return lg_CopyAttribute(attribute,type,hash,SHA1_LENGTH);
-    case CKA_DERIVE:
-    case CKA_VERIFY:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticTrueAttr);
-    case CKA_ENCRYPT:
-    case CKA_VERIFY_RECOVER:
-    case CKA_WRAP:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-    case CKA_EC_PARAMS:
-	return lg_CopyAttributeSigned(attribute,type,
-					key->u.ec.ecParams.DEREncoding.data,
-					key->u.ec.ecParams.DEREncoding.len);
-    case CKA_EC_POINT:
-	if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) {
-	    return lg_CopyAttributeSigned(attribute, type,
-					key->u.ec.publicValue.data,
-					key->u.ec.publicValue.len);
-	} else {
-	    SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL, 
-					&(key->u.ec.publicValue), 
-					SEC_ASN1_GET(SEC_OctetStringTemplate));
-	    CK_RV crv;
-	    if (!pubValue) {
-		return CKR_HOST_MEMORY;
-	    }
-	    crv = lg_CopyAttributeSigned(attribute, type,
-					pubValue->data,
-					pubValue->len);
-	    SECITEM_FreeItem(pubValue, PR_TRUE);
-	    return crv;
-	}
-    default:
-	break;
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.ec.publicValue.data,
+                         key->u.ec.publicValue.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+        case CKA_VERIFY:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_ENCRYPT:
+        case CKA_VERIFY_RECOVER:
+        case CKA_WRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_EC_PARAMS:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.ec.ecParams.DEREncoding.data,
+                                          key->u.ec.ecParams.DEREncoding.len);
+        case CKA_EC_POINT:
+            if (PR_GetEnvSecure("NSS_USE_DECODED_CKA_EC_POINT")) {
+                return lg_CopyAttributeSigned(attribute, type,
+                                              key->u.ec.publicValue.data,
+                                              key->u.ec.publicValue.len);
+            } else {
+                SECItem *pubValue = SEC_ASN1EncodeItem(NULL, NULL,
+                                                       &(key->u.ec.publicValue),
+                                                       SEC_ASN1_GET(SEC_OctetStringTemplate));
+                CK_RV crv;
+                if (!pubValue) {
+                    return CKR_HOST_MEMORY;
+                }
+                crv = lg_CopyAttributeSigned(attribute, type,
+                                             pubValue->data,
+                                             pubValue->len);
+                SECITEM_FreeItem(pubValue, PR_TRUE);
+                return crv;
+            }
+        default:
+            break;
     }
     return lg_invalidAttribute(attribute);
 }
 #endif /* NSS_DISABLE_ECC */
 
-
 static CK_RV
 lg_FindPublicKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
-				CK_ATTRIBUTE *attribute)
+                          CK_ATTRIBUTE *attribute)
 {
-    NSSLOWKEYPublicKey   *key;
+    NSSLOWKEYPublicKey *key;
     CK_RV crv;
     char *label;
 
     switch (type) {
-    case CKA_PRIVATE:
-    case CKA_SENSITIVE:
-    case CKA_ALWAYS_SENSITIVE:
-    case CKA_NEVER_EXTRACTABLE:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-    case CKA_MODIFIABLE:
-    case CKA_EXTRACTABLE:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticTrueAttr);
-    case CKA_SUBJECT:
-	   return LG_CLONE_ATTR(attribute,type,lg_StaticNullAttr);
-    case CKA_START_DATE:
-    case CKA_END_DATE:
-	   return LG_CLONE_ATTR(attribute,type,lg_StaticNullAttr);
-    case CKA_LABEL:
-        label = lg_FindKeyNicknameByPublicKey(obj->sdb, &obj->dbKey);
-	if (label == NULL) {
-	   return LG_CLONE_ATTR(attribute,type,lg_StaticNullAttr);
-	}
-	crv = lg_CopyAttribute(attribute,type,label,PORT_Strlen(label));
-	PORT_Free(label);
-	return crv;
-    default:
-	break;
+        case CKA_PRIVATE:
+        case CKA_SENSITIVE:
+        case CKA_ALWAYS_SENSITIVE:
+        case CKA_NEVER_EXTRACTABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_MODIFIABLE:
+        case CKA_EXTRACTABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_SUBJECT:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        case CKA_START_DATE:
+        case CKA_END_DATE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        case CKA_LABEL:
+            label = lg_FindKeyNicknameByPublicKey(obj->sdb, &obj->dbKey);
+            if (label == NULL) {
+                return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+            }
+            crv = lg_CopyAttribute(attribute, type, label, PORT_Strlen(label));
+            PORT_Free(label);
+            return crv;
+        default:
+            break;
     }
 
     key = lg_GetPublicKey(obj);
     if (key == NULL) {
-	if (type == CKA_ID) {
-	   return LG_CLONE_ATTR(attribute,type,lg_StaticNullAttr);
-	}
-	return CKR_OBJECT_HANDLE_INVALID;
+        if (type == CKA_ID) {
+            return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        }
+        return CKR_OBJECT_HANDLE_INVALID;
     }
 
     switch (key->keyType) {
-    case NSSLOWKEYRSAKey:
-	return lg_FindRSAPublicKeyAttribute(key,type,attribute);
-    case NSSLOWKEYDSAKey:
-	return lg_FindDSAPublicKeyAttribute(key,type,attribute);
-    case NSSLOWKEYDHKey:
-	return lg_FindDHPublicKeyAttribute(key,type,attribute);
+        case NSSLOWKEYRSAKey:
+            return lg_FindRSAPublicKeyAttribute(key, type, attribute);
+        case NSSLOWKEYDSAKey:
+            return lg_FindDSAPublicKeyAttribute(key, type, attribute);
+        case NSSLOWKEYDHKey:
+            return lg_FindDHPublicKeyAttribute(key, type, attribute);
 #ifndef NSS_DISABLE_ECC
-    case NSSLOWKEYECKey:
-	return lg_FindECPublicKeyAttribute(key,type,attribute);
+        case NSSLOWKEYECKey:
+            return lg_FindECPublicKeyAttribute(key, type, attribute);
 #endif /* NSS_DISABLE_ECC */
-    default:
-	break;
+        default:
+            break;
     }
 
     return lg_invalidAttribute(attribute);
 }
 
 static CK_RV
 lg_FindSecretKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
-				CK_ATTRIBUTE *attribute)
+                          CK_ATTRIBUTE *attribute)
 {
-    NSSLOWKEYPrivateKey  *key;
+    NSSLOWKEYPrivateKey *key;
     char *label;
     unsigned char *keyString;
     CK_RV crv;
     int keyTypeLen;
     CK_ULONG keyLen;
     CK_KEY_TYPE keyType;
     PRUint32 keyTypeStorage;
 
     switch (type) {
-    case CKA_PRIVATE:
-    case CKA_SENSITIVE:
-    case CKA_ALWAYS_SENSITIVE:
-    case CKA_EXTRACTABLE:
-    case CKA_DERIVE:
-    case CKA_ENCRYPT:
-    case CKA_DECRYPT:
-    case CKA_SIGN:
-    case CKA_VERIFY:
-    case CKA_WRAP:
-    case CKA_UNWRAP:
-    case CKA_MODIFIABLE:
-    case CKA_LOCAL:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticTrueAttr);
-    case CKA_NEVER_EXTRACTABLE:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-    case CKA_START_DATE:
-    case CKA_END_DATE:
-	   return LG_CLONE_ATTR(attribute,type,lg_StaticNullAttr);
-    case CKA_LABEL:
-        label = lg_FindKeyNicknameByPublicKey(obj->sdb, &obj->dbKey);
-	if (label == NULL) {
-	   return LG_CLONE_ATTR(attribute,type,lg_StaticNullAttr);
-	}
-	crv = lg_CopyAttribute(attribute,type,label,PORT_Strlen(label));
-	PORT_Free(label);
-	return crv;
-    case CKA_ID:
-	return lg_CopyAttribute(attribute,type,obj->dbKey.data,
-						obj->dbKey.len);
-    case CKA_KEY_TYPE:
-    case CKA_VALUE_LEN:
-    case CKA_VALUE:
-	break;
-    default:
-	return lg_invalidAttribute(attribute);
+        case CKA_PRIVATE:
+        case CKA_SENSITIVE:
+        case CKA_ALWAYS_SENSITIVE:
+        case CKA_EXTRACTABLE:
+        case CKA_DERIVE:
+        case CKA_ENCRYPT:
+        case CKA_DECRYPT:
+        case CKA_SIGN:
+        case CKA_VERIFY:
+        case CKA_WRAP:
+        case CKA_UNWRAP:
+        case CKA_MODIFIABLE:
+        case CKA_LOCAL:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_NEVER_EXTRACTABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_START_DATE:
+        case CKA_END_DATE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        case CKA_LABEL:
+            label = lg_FindKeyNicknameByPublicKey(obj->sdb, &obj->dbKey);
+            if (label == NULL) {
+                return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+            }
+            crv = lg_CopyAttribute(attribute, type, label, PORT_Strlen(label));
+            PORT_Free(label);
+            return crv;
+        case CKA_ID:
+            return lg_CopyAttribute(attribute, type, obj->dbKey.data,
+                                    obj->dbKey.len);
+        case CKA_KEY_TYPE:
+        case CKA_VALUE_LEN:
+        case CKA_VALUE:
+            break;
+        default:
+            return lg_invalidAttribute(attribute);
     }
 
     key = lg_GetPrivateKey(obj);
     if (key == NULL) {
-	return CKR_OBJECT_HANDLE_INVALID;
+        return CKR_OBJECT_HANDLE_INVALID;
     }
     switch (type) {
-    case CKA_KEY_TYPE:
-	/* handle legacy databases. In legacy databases key_type was stored
-	 * in host order, with any leading zeros stripped off. Only key types
-	 * under 0x1f (AES) were stored. We assume that any values which are
-	 * either 1 byte long (big endian), or have byte[0] between 0 and 
-	 * 0x7f and bytes[1]-bytes[3] equal to '0' (little endian). All other
-	 * values are assumed to be from the new database, which is always 4
-	 * bytes in network order */
-	keyType=0;
-	keyString = key->u.rsa.coefficient.data;
-	keyTypeLen = key->u.rsa.coefficient.len;
-
+        case CKA_KEY_TYPE:
+            /* handle legacy databases. In legacy databases key_type was stored
+             * in host order, with any leading zeros stripped off. Only key types
+             * under 0x1f (AES) were stored. We assume that any values which are
+             * either 1 byte long (big endian), or have byte[0] between 0 and
+             * 0x7f and bytes[1]-bytes[3] equal to '0' (little endian). All other
+             * values are assumed to be from the new database, which is always 4
+             * bytes in network order */
+            keyType = 0;
+            keyString = key->u.rsa.coefficient.data;
+            keyTypeLen = key->u.rsa.coefficient.len;
 
-	/*
- 	 * Because of various endian and word lengths The database may have
-	 * stored the keyType value in one of the following formats:
-	 *   (kt) <= 0x1f 
-	 *                                   length data
-	 * Big Endian,     pre-3.9, all lengths: 1  (kt)
-	 * Little Endian,  pre-3.9, 32 bits:     4  (kt) 0  0  0
-	 * Little Endian,  pre-3.9, 64 bits:     8  (kt) 0  0  0   0  0  0  0
-	 * All platforms,      3.9, 32 bits:     4    0  0  0 (kt)
-	 * Big Endian,         3.9, 64 bits:     8    0  0  0 (kt) 0  0  0  0
-	 * Little  Endian,     3.9, 64 bits:     8    0  0  0  0   0  0  0 (kt)
-	 * All platforms, >= 3.9.1, all lengths: 4   (a) k1 k2 k3
-	 * where (a) is 0 or >= 0x80. currently (a) can only be 0.
-	 */
-	/*
- 	 * this key was written on a 64 bit platform with a using NSS 3.9
-	 * or earlier. Reduce the 64 bit possibilities above. When we are
-	 * through, we will only have:
-	 * 
-	 * Big Endian,     pre-3.9, all lengths: 1  (kt)
-	 * Little Endian,  pre-3.9, all lengths: 4  (kt) 0  0  0
-	 * All platforms,      3.9, all lengths: 4    0  0  0 (kt)
-	 * All platforms, => 3.9.1, all lengths: 4   (a) k1 k2 k3
-	 */
-	if (keyTypeLen == 8) {
-	    keyTypeStorage = *(PRUint32 *) keyString;
-	    if (keyTypeStorage == 0) {
-		keyString += sizeof(PRUint32);
-	    }
-	    keyTypeLen = 4;
-	}
-	/*
-	 * Now Handle:
-	 *
-	 * All platforms,      3.9, all lengths: 4    0  0  0 (kt)
-	 * All platforms, => 3.9.1, all lengths: 4   (a) k1 k2 k3
-	 *
-	 * NOTE: if  kt == 0 or ak1k2k3 == 0, the test fails and
-	 * we handle it as:
-	 *
-	 * Little Endian,  pre-3.9, all lengths: 4  (kt) 0  0  0
-	 */
-	if (keyTypeLen == sizeof(keyTypeStorage) &&
-	     (((keyString[0] & 0x80) == 0x80) ||
-		!((keyString[1] == 0) && (keyString[2] == 0)
-	   				    && (keyString[3] == 0))) ) {
-	    PORT_Memcpy(&keyTypeStorage, keyString, sizeof(keyTypeStorage));
-	    keyType = (CK_KEY_TYPE) PR_ntohl(keyTypeStorage);
-	} else {
-	/*
-	 * Now Handle:
-	 *
-	 * Big Endian,     pre-3.9, all lengths: 1  (kt)
-	 * Little Endian,  pre-3.9, all lengths: 4  (kt) 0  0  0
-	 *  -- KeyType == 0 all other cases ---: 4    0  0  0  0
-	 */
-	    keyType = (CK_KEY_TYPE) keyString[0] ;
-        }
-	return lg_ULongAttribute(attribute, type, keyType);
-    case CKA_VALUE:
-	return lg_CopyPrivAttribute(attribute,type,key->u.rsa.privateExponent.data,
-				key->u.rsa.privateExponent.len, obj->sdb);
-    case CKA_VALUE_LEN:
-	keyLen=key->u.rsa.privateExponent.len;
-	return lg_ULongAttribute(attribute,type, keyLen);
+            /*
+             * Because of various endian and word lengths The database may have
+             * stored the keyType value in one of the following formats:
+             *   (kt) <= 0x1f
+             *                                   length data
+             * Big Endian,     pre-3.9, all lengths: 1  (kt)
+             * Little Endian,  pre-3.9, 32 bits:     4  (kt) 0  0  0
+             * Little Endian,  pre-3.9, 64 bits:     8  (kt) 0  0  0   0  0  0  0
+             * All platforms,      3.9, 32 bits:     4    0  0  0 (kt)
+             * Big Endian,         3.9, 64 bits:     8    0  0  0 (kt) 0  0  0  0
+             * Little  Endian,     3.9, 64 bits:     8    0  0  0  0   0  0  0 (kt)
+             * All platforms, >= 3.9.1, all lengths: 4   (a) k1 k2 k3
+             * where (a) is 0 or >= 0x80. currently (a) can only be 0.
+             */
+            /*
+             * this key was written on a 64 bit platform with a using NSS 3.9
+             * or earlier. Reduce the 64 bit possibilities above. When we are
+             * through, we will only have:
+             *
+             * Big Endian,     pre-3.9, all lengths: 1  (kt)
+             * Little Endian,  pre-3.9, all lengths: 4  (kt) 0  0  0
+             * All platforms,      3.9, all lengths: 4    0  0  0 (kt)
+             * All platforms, => 3.9.1, all lengths: 4   (a) k1 k2 k3
+             */
+            if (keyTypeLen == 8) {
+                keyTypeStorage = *(PRUint32 *)keyString;
+                if (keyTypeStorage == 0) {
+                    keyString += sizeof(PRUint32);
+                }
+                keyTypeLen = 4;
+            }
+            /*
+             * Now Handle:
+             *
+             * All platforms,      3.9, all lengths: 4    0  0  0 (kt)
+             * All platforms, => 3.9.1, all lengths: 4   (a) k1 k2 k3
+             *
+             * NOTE: if  kt == 0 or ak1k2k3 == 0, the test fails and
+             * we handle it as:
+             *
+             * Little Endian,  pre-3.9, all lengths: 4  (kt) 0  0  0
+             */
+            if (keyTypeLen == sizeof(keyTypeStorage) &&
+                (((keyString[0] & 0x80) == 0x80) ||
+                 !((keyString[1] == 0) && (keyString[2] == 0) && (keyString[3] == 0)))) {
+                PORT_Memcpy(&keyTypeStorage, keyString, sizeof(keyTypeStorage));
+                keyType = (CK_KEY_TYPE)PR_ntohl(keyTypeStorage);
+            } else {
+                /*
+                 * Now Handle:
+                 *
+                 * Big Endian,     pre-3.9, all lengths: 1  (kt)
+                 * Little Endian,  pre-3.9, all lengths: 4  (kt) 0  0  0
+                 *  -- KeyType == 0 all other cases ---: 4    0  0  0  0
+                 */
+                keyType = (CK_KEY_TYPE)keyString[0];
+            }
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_VALUE:
+            return lg_CopyPrivAttribute(attribute, type, key->u.rsa.privateExponent.data,
+                                        key->u.rsa.privateExponent.len, obj->sdb);
+        case CKA_VALUE_LEN:
+            keyLen = key->u.rsa.privateExponent.len;
+            return lg_ULongAttribute(attribute, type, keyLen);
     }
     return lg_invalidAttribute(attribute);
 }
 
 static CK_RV
 lg_FindRSAPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
-				CK_ATTRIBUTE *attribute, SDB *sdbpw)
+                              CK_ATTRIBUTE *attribute, SDB *sdbpw)
 {
     unsigned char hash[SHA1_LENGTH];
     CK_KEY_TYPE keyType = CKK_RSA;
 
     switch (type) {
-    case CKA_KEY_TYPE:
-	return lg_ULongAttribute(attribute, type, keyType);
-    case CKA_ID:
-	SHA1_HashBuf(hash,key->u.rsa.modulus.data,key->u.rsa.modulus.len);
-	return lg_CopyAttribute(attribute,type,hash,SHA1_LENGTH);
-    case CKA_DERIVE:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-    case CKA_DECRYPT:
-    case CKA_SIGN:
-    case CKA_SIGN_RECOVER:
-    case CKA_UNWRAP:
-	return LG_CLONE_ATTR(attribute, type,lg_StaticTrueAttr);
-    case CKA_MODULUS:
-	return lg_CopyAttributeSigned(attribute,type,key->u.rsa.modulus.data,
-					key->u.rsa.modulus.len);
-    case CKA_PUBLIC_EXPONENT:
-	return lg_CopyAttributeSigned(attribute, type,
-				key->u.rsa.publicExponent.data,
-				key->u.rsa.publicExponent.len);
-    case CKA_PRIVATE_EXPONENT:
-	return lg_CopyPrivAttrSigned(attribute,type,
-				key->u.rsa.privateExponent.data,
-				key->u.rsa.privateExponent.len, sdbpw);
-    case CKA_PRIME_1:
-	return lg_CopyPrivAttrSigned(attribute, type, key->u.rsa.prime1.data,
-				key->u.rsa.prime1.len, sdbpw);
-    case CKA_PRIME_2:
-	return lg_CopyPrivAttrSigned(attribute, type, key->u.rsa.prime2.data,
-				key->u.rsa.prime2.len, sdbpw);
-    case CKA_EXPONENT_1:
-	return lg_CopyPrivAttrSigned(attribute, type, 
-				key->u.rsa.exponent1.data,
-				key->u.rsa.exponent1.len, sdbpw);
-    case CKA_EXPONENT_2:
-	return lg_CopyPrivAttrSigned(attribute, type, 
-				key->u.rsa.exponent2.data,
-				key->u.rsa.exponent2.len, sdbpw);
-    case CKA_COEFFICIENT:
-	return lg_CopyPrivAttrSigned(attribute, type, 
-				key->u.rsa.coefficient.data,
-				key->u.rsa.coefficient.len, sdbpw);
-    default:
-	break;
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.rsa.modulus.data, key->u.rsa.modulus.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_DECRYPT:
+        case CKA_SIGN:
+        case CKA_SIGN_RECOVER:
+        case CKA_UNWRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_MODULUS:
+            return lg_CopyAttributeSigned(attribute, type, key->u.rsa.modulus.data,
+                                          key->u.rsa.modulus.len);
+        case CKA_PUBLIC_EXPONENT:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.rsa.publicExponent.data,
+                                          key->u.rsa.publicExponent.len);
+        case CKA_PRIVATE_EXPONENT:
+            return lg_CopyPrivAttrSigned(attribute, type,
+                                         key->u.rsa.privateExponent.data,
+                                         key->u.rsa.privateExponent.len, sdbpw);
+        case CKA_PRIME_1:
+            return lg_CopyPrivAttrSigned(attribute, type, key->u.rsa.prime1.data,
+                                         key->u.rsa.prime1.len, sdbpw);
+        case CKA_PRIME_2:
+            return lg_CopyPrivAttrSigned(attribute, type, key->u.rsa.prime2.data,
+                                         key->u.rsa.prime2.len, sdbpw);
+        case CKA_EXPONENT_1:
+            return lg_CopyPrivAttrSigned(attribute, type,
+                                         key->u.rsa.exponent1.data,
+                                         key->u.rsa.exponent1.len, sdbpw);
+        case CKA_EXPONENT_2:
+            return lg_CopyPrivAttrSigned(attribute, type,
+                                         key->u.rsa.exponent2.data,
+                                         key->u.rsa.exponent2.len, sdbpw);
+        case CKA_COEFFICIENT:
+            return lg_CopyPrivAttrSigned(attribute, type,
+                                         key->u.rsa.coefficient.data,
+                                         key->u.rsa.coefficient.len, sdbpw);
+        default:
+            break;
     }
     return lg_invalidAttribute(attribute);
 }
 
 static CK_RV
 lg_FindDSAPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
-				CK_ATTRIBUTE *attribute, SDB *sdbpw)
+                              CK_ATTRIBUTE *attribute, SDB *sdbpw)
 {
     unsigned char hash[SHA1_LENGTH];
     CK_KEY_TYPE keyType = CKK_DSA;
 
     switch (type) {
-    case CKA_KEY_TYPE:
-	return lg_ULongAttribute(attribute, type, keyType);
-    case CKA_ID:
-	SHA1_HashBuf(hash,key->u.dsa.publicValue.data,
-			  key->u.dsa.publicValue.len);
-	return lg_CopyAttribute(attribute,type,hash,SHA1_LENGTH);
-    case CKA_DERIVE:
-    case CKA_DECRYPT:
-    case CKA_SIGN_RECOVER:
-    case CKA_UNWRAP:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-    case CKA_SIGN:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticTrueAttr);
-    case CKA_VALUE:
-	return lg_CopyPrivAttrSigned(attribute, type,
-				key->u.dsa.privateValue.data,
-				key->u.dsa.privateValue.len, sdbpw);
-    case CKA_PRIME:
-	return lg_CopyAttributeSigned(attribute, type,
-					key->u.dsa.params.prime.data,
-					key->u.dsa.params.prime.len);
-    case CKA_SUBPRIME:
-	return lg_CopyAttributeSigned(attribute, type,
-				key->u.dsa.params.subPrime.data,
-				key->u.dsa.params.subPrime.len);
-    case CKA_BASE:
-	return lg_CopyAttributeSigned(attribute, type,
-					key->u.dsa.params.base.data,
-					key->u.dsa.params.base.len);
-    case CKA_NETSCAPE_DB:
-	return lg_CopyAttributeSigned(attribute, type,
-					key->u.dsa.publicValue.data,
-					key->u.dsa.publicValue.len);
-    default:
-	break;
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.dsa.publicValue.data,
+                         key->u.dsa.publicValue.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+        case CKA_DECRYPT:
+        case CKA_SIGN_RECOVER:
+        case CKA_UNWRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_SIGN:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_VALUE:
+            return lg_CopyPrivAttrSigned(attribute, type,
+                                         key->u.dsa.privateValue.data,
+                                         key->u.dsa.privateValue.len, sdbpw);
+        case CKA_PRIME:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.params.prime.data,
+                                          key->u.dsa.params.prime.len);
+        case CKA_SUBPRIME:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.params.subPrime.data,
+                                          key->u.dsa.params.subPrime.len);
+        case CKA_BASE:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.params.base.data,
+                                          key->u.dsa.params.base.len);
+        case CKA_NETSCAPE_DB:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dsa.publicValue.data,
+                                          key->u.dsa.publicValue.len);
+        default:
+            break;
     }
     return lg_invalidAttribute(attribute);
 }
 
 static CK_RV
 lg_FindDHPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
-				CK_ATTRIBUTE *attribute, SDB *sdbpw)
+                             CK_ATTRIBUTE *attribute, SDB *sdbpw)
 {
     unsigned char hash[SHA1_LENGTH];
     CK_KEY_TYPE keyType = CKK_DH;
 
     switch (type) {
-    case CKA_KEY_TYPE:
-	return lg_ULongAttribute(attribute, type, keyType);
-    case CKA_ID:
-	SHA1_HashBuf(hash,key->u.dh.publicValue.data,key->u.dh.publicValue.len);
-	return lg_CopyAttribute(attribute,type,hash,SHA1_LENGTH);
-    case CKA_DERIVE:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticTrueAttr);
-    case CKA_DECRYPT:
-    case CKA_SIGN:
-    case CKA_SIGN_RECOVER:
-    case CKA_UNWRAP:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-    case CKA_VALUE:
-	return lg_CopyPrivAttrSigned(attribute, type,
-					key->u.dh.privateValue.data,
-					key->u.dh.privateValue.len, sdbpw);
-    case CKA_PRIME:
-	return lg_CopyAttributeSigned(attribute, type, key->u.dh.prime.data,
-					key->u.dh.prime.len);
-    case CKA_BASE:
-	return lg_CopyAttributeSigned(attribute, type, key->u.dh.base.data,
-					key->u.dh.base.len);
-    case CKA_NETSCAPE_DB:
-	return lg_CopyAttributeSigned(attribute, type,
-					key->u.dh.publicValue.data,
-					key->u.dh.publicValue.len);
-    default:
-	break;
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.dh.publicValue.data, key->u.dh.publicValue.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_DECRYPT:
+        case CKA_SIGN:
+        case CKA_SIGN_RECOVER:
+        case CKA_UNWRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_VALUE:
+            return lg_CopyPrivAttrSigned(attribute, type,
+                                         key->u.dh.privateValue.data,
+                                         key->u.dh.privateValue.len, sdbpw);
+        case CKA_PRIME:
+            return lg_CopyAttributeSigned(attribute, type, key->u.dh.prime.data,
+                                          key->u.dh.prime.len);
+        case CKA_BASE:
+            return lg_CopyAttributeSigned(attribute, type, key->u.dh.base.data,
+                                          key->u.dh.base.len);
+        case CKA_NETSCAPE_DB:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.dh.publicValue.data,
+                                          key->u.dh.publicValue.len);
+        default:
+            break;
     }
     return lg_invalidAttribute(attribute);
 }
 
 #ifndef NSS_DISABLE_ECC
 static CK_RV
 lg_FindECPrivateKeyAttribute(NSSLOWKEYPrivateKey *key, CK_ATTRIBUTE_TYPE type,
-				CK_ATTRIBUTE *attribute, SDB *sdbpw)
+                             CK_ATTRIBUTE *attribute, SDB *sdbpw)
 {
     unsigned char hash[SHA1_LENGTH];
     CK_KEY_TYPE keyType = CKK_EC;
 
     switch (type) {
-    case CKA_KEY_TYPE:
-	return lg_ULongAttribute(attribute, type, keyType);
-    case CKA_ID:
-	SHA1_HashBuf(hash,key->u.ec.publicValue.data,key->u.ec.publicValue.len);
-	return lg_CopyAttribute(attribute,type,hash,SHA1_LENGTH);
-    case CKA_DERIVE:
-    case CKA_SIGN:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticTrueAttr);
-    case CKA_DECRYPT:
-    case CKA_SIGN_RECOVER:
-    case CKA_UNWRAP:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-    case CKA_VALUE:
-	return lg_CopyPrivAttrSigned(attribute, type,
-					key->u.ec.privateValue.data,
-					key->u.ec.privateValue.len, sdbpw);
-    case CKA_EC_PARAMS:
-	return lg_CopyAttributeSigned(attribute, type,
-					key->u.ec.ecParams.DEREncoding.data,
-					key->u.ec.ecParams.DEREncoding.len);
-    case CKA_NETSCAPE_DB:
-	return lg_CopyAttributeSigned(attribute, type,
-					key->u.ec.publicValue.data,
-					key->u.ec.publicValue.len);
-    default:
-	break;
+        case CKA_KEY_TYPE:
+            return lg_ULongAttribute(attribute, type, keyType);
+        case CKA_ID:
+            SHA1_HashBuf(hash, key->u.ec.publicValue.data, key->u.ec.publicValue.len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_DERIVE:
+        case CKA_SIGN:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_DECRYPT:
+        case CKA_SIGN_RECOVER:
+        case CKA_UNWRAP:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_VALUE:
+            return lg_CopyPrivAttrSigned(attribute, type,
+                                         key->u.ec.privateValue.data,
+                                         key->u.ec.privateValue.len, sdbpw);
+        case CKA_EC_PARAMS:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.ec.ecParams.DEREncoding.data,
+                                          key->u.ec.ecParams.DEREncoding.len);
+        case CKA_NETSCAPE_DB:
+            return lg_CopyAttributeSigned(attribute, type,
+                                          key->u.ec.publicValue.data,
+                                          key->u.ec.publicValue.len);
+        default:
+            break;
     }
     return lg_invalidAttribute(attribute);
 }
 #endif /* NSS_DISABLE_ECC */
 
 static CK_RV
 lg_FindPrivateKeyAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
-				CK_ATTRIBUTE *attribute)
+                           CK_ATTRIBUTE *attribute)
 {
-    NSSLOWKEYPrivateKey  *key;
+    NSSLOWKEYPrivateKey *key;
     char *label;
     CK_RV crv;
 
     switch (type) {
-    case CKA_PRIVATE:
-    case CKA_SENSITIVE:
-    case CKA_ALWAYS_SENSITIVE:
-    case CKA_EXTRACTABLE:
-    case CKA_MODIFIABLE:
-    case CKA_LOCAL:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticTrueAttr);
-    case CKA_NEVER_EXTRACTABLE:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-    case CKA_SUBJECT:
-	   return LG_CLONE_ATTR(attribute,type,lg_StaticNullAttr);
-    case CKA_START_DATE:
-    case CKA_END_DATE:
-	   return LG_CLONE_ATTR(attribute,type,lg_StaticNullAttr);
-    case CKA_LABEL:
-        label = lg_FindKeyNicknameByPublicKey(obj->sdb, &obj->dbKey);
-	if (label == NULL) {
-	   return LG_CLONE_ATTR(attribute,type,lg_StaticNullAttr);
-	}
-	crv = lg_CopyAttribute(attribute,type,label,PORT_Strlen(label));
-	PORT_Free(label);
-	return crv;
-    default:
-	break;
+        case CKA_PRIVATE:
+        case CKA_SENSITIVE:
+        case CKA_ALWAYS_SENSITIVE:
+        case CKA_EXTRACTABLE:
+        case CKA_MODIFIABLE:
+        case CKA_LOCAL:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_NEVER_EXTRACTABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_SUBJECT:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        case CKA_START_DATE:
+        case CKA_END_DATE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        case CKA_LABEL:
+            label = lg_FindKeyNicknameByPublicKey(obj->sdb, &obj->dbKey);
+            if (label == NULL) {
+                return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+            }
+            crv = lg_CopyAttribute(attribute, type, label, PORT_Strlen(label));
+            PORT_Free(label);
+            return crv;
+        default:
+            break;
     }
     key = lg_GetPrivateKey(obj);
     if (key == NULL) {
-	return CKR_OBJECT_HANDLE_INVALID;
+        return CKR_OBJECT_HANDLE_INVALID;
     }
     switch (key->keyType) {
-    case NSSLOWKEYRSAKey:
-	return lg_FindRSAPrivateKeyAttribute(key,type,attribute,obj->sdb);
-    case NSSLOWKEYDSAKey:
-	return lg_FindDSAPrivateKeyAttribute(key,type,attribute,obj->sdb);
-    case NSSLOWKEYDHKey:
-	return lg_FindDHPrivateKeyAttribute(key,type,attribute,obj->sdb);
+        case NSSLOWKEYRSAKey:
+            return lg_FindRSAPrivateKeyAttribute(key, type, attribute, obj->sdb);
+        case NSSLOWKEYDSAKey:
+            return lg_FindDSAPrivateKeyAttribute(key, type, attribute, obj->sdb);
+        case NSSLOWKEYDHKey:
+            return lg_FindDHPrivateKeyAttribute(key, type, attribute, obj->sdb);
 #ifndef NSS_DISABLE_ECC
-    case NSSLOWKEYECKey:
-	return lg_FindECPrivateKeyAttribute(key,type,attribute,obj->sdb);
+        case NSSLOWKEYECKey:
+            return lg_FindECPrivateKeyAttribute(key, type, attribute, obj->sdb);
 #endif /* NSS_DISABLE_ECC */
-    default:
-	break;
+        default:
+            break;
     }
 
     return lg_invalidAttribute(attribute);
 }
 
 static CK_RV
 lg_FindSMIMEAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
-				CK_ATTRIBUTE *attribute)
+                      CK_ATTRIBUTE *attribute)
 {
     certDBEntrySMime *entry;
     switch (type) {
-    case CKA_PRIVATE:
-    case CKA_MODIFIABLE:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-    case CKA_NSS_EMAIL:
-	return lg_CopyAttribute(attribute,type,obj->dbKey.data,
-						obj->dbKey.len-1);
-    case CKA_NSS_SMIME_TIMESTAMP:
-    case CKA_SUBJECT:
-    case CKA_VALUE:
-	break;
-    default:
-	return lg_invalidAttribute(attribute);
+        case CKA_PRIVATE:
+        case CKA_MODIFIABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_NSS_EMAIL:
+            return lg_CopyAttribute(attribute, type, obj->dbKey.data,
+                                    obj->dbKey.len - 1);
+        case CKA_NSS_SMIME_TIMESTAMP:
+        case CKA_SUBJECT:
+        case CKA_VALUE:
+            break;
+        default:
+            return lg_invalidAttribute(attribute);
     }
     entry = lg_getSMime(obj);
     if (entry == NULL) {
-	return CKR_OBJECT_HANDLE_INVALID;
+        return CKR_OBJECT_HANDLE_INVALID;
     }
     switch (type) {
-    case CKA_NSS_SMIME_TIMESTAMP:
-	return lg_CopyAttribute(attribute,type,entry->optionsDate.data,
-					entry->optionsDate.len);
-    case CKA_SUBJECT:
-	return lg_CopyAttribute(attribute,type,entry->subjectName.data,
-					entry->subjectName.len);
-    case CKA_VALUE:
-	return lg_CopyAttribute(attribute,type,entry->smimeOptions.data,
-					entry->smimeOptions.len);
-    default:
-	break;
+        case CKA_NSS_SMIME_TIMESTAMP:
+            return lg_CopyAttribute(attribute, type, entry->optionsDate.data,
+                                    entry->optionsDate.len);
+        case CKA_SUBJECT:
+            return lg_CopyAttribute(attribute, type, entry->subjectName.data,
+                                    entry->subjectName.len);
+        case CKA_VALUE:
+            return lg_CopyAttribute(attribute, type, entry->smimeOptions.data,
+                                    entry->smimeOptions.len);
+        default:
+            break;
     }
     return lg_invalidAttribute(attribute);
 }
 
 static CK_RV
 lg_FindTrustAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
-				CK_ATTRIBUTE *attribute)
+                      CK_ATTRIBUTE *attribute)
 {
     NSSLOWCERTTrust *trust;
     NSSLOWCERTCertDBHandle *certHandle;
     NSSLOWCERTCertificate *cert;
     unsigned char hash[SHA1_LENGTH];
     unsigned int trustFlags;
     CK_RV crv;
 
     switch (type) {
-    case CKA_PRIVATE:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-    case CKA_MODIFIABLE:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticTrueAttr);
-    case CKA_CERT_SHA1_HASH:
-    case CKA_CERT_MD5_HASH:
-    case CKA_TRUST_CLIENT_AUTH:
-    case CKA_TRUST_SERVER_AUTH:
-    case CKA_TRUST_EMAIL_PROTECTION:
-    case CKA_TRUST_CODE_SIGNING:
-    case CKA_TRUST_STEP_UP_APPROVED:
-    case CKA_ISSUER:
-    case CKA_SERIAL_NUMBER:
-	break;
-    default:
-        return lg_invalidAttribute(attribute);
+        case CKA_PRIVATE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_MODIFIABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_CERT_SHA1_HASH:
+        case CKA_CERT_MD5_HASH:
+        case CKA_TRUST_CLIENT_AUTH:
+        case CKA_TRUST_SERVER_AUTH:
+        case CKA_TRUST_EMAIL_PROTECTION:
+        case CKA_TRUST_CODE_SIGNING:
+        case CKA_TRUST_STEP_UP_APPROVED:
+        case CKA_ISSUER:
+        case CKA_SERIAL_NUMBER:
+            break;
+        default:
+            return lg_invalidAttribute(attribute);
     }
     certHandle = lg_getCertDB(obj->sdb);
     if (!certHandle) {
-	return CKR_OBJECT_HANDLE_INVALID;
+        return CKR_OBJECT_HANDLE_INVALID;
     }
     trust = lg_getTrust(obj, certHandle);
     if (trust == NULL) {
-	return CKR_OBJECT_HANDLE_INVALID;
+        return CKR_OBJECT_HANDLE_INVALID;
     }
     switch (type) {
-    case CKA_CERT_SHA1_HASH:
-	SHA1_HashBuf(hash,trust->derCert->data,trust->derCert->len);
-	return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
-    case CKA_CERT_MD5_HASH:
-	MD5_HashBuf(hash,trust->derCert->data,trust->derCert->len);
-	return lg_CopyAttribute(attribute, type, hash, MD5_LENGTH);
-    case CKA_TRUST_CLIENT_AUTH:
-	trustFlags = trust->trust->sslFlags & CERTDB_TRUSTED_CLIENT_CA ?
-		trust->trust->sslFlags | CERTDB_TRUSTED_CA : 0 ;
-	goto trust;
-    case CKA_TRUST_SERVER_AUTH:
-	trustFlags = trust->trust->sslFlags;
-	goto trust;
-    case CKA_TRUST_EMAIL_PROTECTION:
-	trustFlags = trust->trust->emailFlags;
-	goto trust;
-    case CKA_TRUST_CODE_SIGNING:
-	trustFlags = trust->trust->objectSigningFlags;
-trust:
-	if (trustFlags & CERTDB_TRUSTED_CA ) {
-	    return lg_ULongAttribute(attribute, type,
-				     CKT_NSS_TRUSTED_DELEGATOR);
-	}
-	if (trustFlags & CERTDB_TRUSTED) {
-	    return lg_ULongAttribute(attribute, type, CKT_NSS_TRUSTED);
-	}
-	if (trustFlags & CERTDB_MUST_VERIFY) {
-	    return lg_ULongAttribute(attribute, type, 
-				     CKT_NSS_MUST_VERIFY_TRUST);
-	}
-	if (trustFlags & CERTDB_TRUSTED_UNKNOWN) {
-	    return lg_ULongAttribute(attribute, type, CKT_NSS_TRUST_UNKNOWN);
-	}
-	if (trustFlags & CERTDB_VALID_CA) {
-	    return lg_ULongAttribute(attribute, type, CKT_NSS_VALID_DELEGATOR);
-	}
-	if (trustFlags & CERTDB_TERMINAL_RECORD) {
-	    return lg_ULongAttribute(attribute, type, CKT_NSS_NOT_TRUSTED);
-	}
-	return lg_ULongAttribute(attribute, type, CKT_NSS_TRUST_UNKNOWN);
-    case CKA_TRUST_STEP_UP_APPROVED:
-	if (trust->trust->sslFlags & CERTDB_GOVT_APPROVED_CA) {
-	    return LG_CLONE_ATTR(attribute,type,lg_StaticTrueAttr);
-	} else {
-	    return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-	}
-    default:
-	break;
+        case CKA_CERT_SHA1_HASH:
+            SHA1_HashBuf(hash, trust->derCert->data, trust->derCert->len);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_CERT_MD5_HASH:
+            MD5_HashBuf(hash, trust->derCert->data, trust->derCert->len);
+            return lg_CopyAttribute(attribute, type, hash, MD5_LENGTH);
+        case CKA_TRUST_CLIENT_AUTH:
+            trustFlags = trust->trust->sslFlags &
+                                 CERTDB_TRUSTED_CLIENT_CA
+                             ? trust->trust->sslFlags | CERTDB_TRUSTED_CA
+                             : 0;
+            goto trust;
+        case CKA_TRUST_SERVER_AUTH:
+            trustFlags = trust->trust->sslFlags;
+            goto trust;
+        case CKA_TRUST_EMAIL_PROTECTION:
+            trustFlags = trust->trust->emailFlags;
+            goto trust;
+        case CKA_TRUST_CODE_SIGNING:
+            trustFlags = trust->trust->objectSigningFlags;
+        trust:
+            if (trustFlags & CERTDB_TRUSTED_CA) {
+                return lg_ULongAttribute(attribute, type,
+                                         CKT_NSS_TRUSTED_DELEGATOR);
+            }
+            if (trustFlags & CERTDB_TRUSTED) {
+                return lg_ULongAttribute(attribute, type, CKT_NSS_TRUSTED);
+            }
+            if (trustFlags & CERTDB_MUST_VERIFY) {
+                return lg_ULongAttribute(attribute, type,
+                                         CKT_NSS_MUST_VERIFY_TRUST);
+            }
+            if (trustFlags & CERTDB_TRUSTED_UNKNOWN) {
+                return lg_ULongAttribute(attribute, type, CKT_NSS_TRUST_UNKNOWN);
+            }
+            if (trustFlags & CERTDB_VALID_CA) {
+                return lg_ULongAttribute(attribute, type, CKT_NSS_VALID_DELEGATOR);
+            }
+            if (trustFlags & CERTDB_TERMINAL_RECORD) {
+                return lg_ULongAttribute(attribute, type, CKT_NSS_NOT_TRUSTED);
+            }
+            return lg_ULongAttribute(attribute, type, CKT_NSS_TRUST_UNKNOWN);
+        case CKA_TRUST_STEP_UP_APPROVED:
+            if (trust->trust->sslFlags & CERTDB_GOVT_APPROVED_CA) {
+                return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+            } else {
+                return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+            }
+        default:
+            break;
     }
 
-
     switch (type) {
-    case CKA_ISSUER:
-	cert = lg_getCert(obj, certHandle);
-	if (cert == NULL) break;
-	crv = lg_CopyAttribute(attribute,type,cert->derIssuer.data,
-						cert->derIssuer.len);
-	break;
-    case CKA_SERIAL_NUMBER:
-	cert = lg_getCert(obj, certHandle);
-	if (cert == NULL) break;
-	crv =  lg_CopyAttribute(attribute,type,cert->derSN.data,
-						cert->derSN.len);
-	break;
-    default:
-	cert = NULL;
-	break;
+        case CKA_ISSUER:
+            cert = lg_getCert(obj, certHandle);
+            if (cert == NULL)
+                break;
+            crv = lg_CopyAttribute(attribute, type, cert->derIssuer.data,
+                                   cert->derIssuer.len);
+            break;
+        case CKA_SERIAL_NUMBER:
+            cert = lg_getCert(obj, certHandle);
+            if (cert == NULL)
+                break;
+            crv = lg_CopyAttribute(attribute, type, cert->derSN.data,
+                                   cert->derSN.len);
+            break;
+        default:
+            cert = NULL;
+            break;
     }
     if (cert) {
-	nsslowcert_DestroyCertificate(cert);
-	return crv;
+        nsslowcert_DestroyCertificate(cert);
+        return crv;
     }
     return lg_invalidAttribute(attribute);
 }
 
 static CK_RV
 lg_FindCrlAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
-				CK_ATTRIBUTE *attribute)
+                    CK_ATTRIBUTE *attribute)
 {
     certDBEntryRevocation *crl;
 
     switch (type) {
-    case CKA_PRIVATE:
-    case CKA_MODIFIABLE:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-    case CKA_NSS_KRL:
-	return ((obj->handle == LG_TOKEN_KRL_HANDLE) 
-		? LG_CLONE_ATTR(attribute,type,lg_StaticTrueAttr)
-		: LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr));
-    case CKA_SUBJECT:
-	return lg_CopyAttribute(attribute,type,obj->dbKey.data,
-						obj->dbKey.len);
-    case CKA_NSS_URL:
-    case CKA_VALUE:
-	break;
-    default:
-	return lg_invalidAttribute(attribute);
+        case CKA_PRIVATE:
+        case CKA_MODIFIABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_NSS_KRL:
+            return ((obj->handle == LG_TOKEN_KRL_HANDLE)
+                        ? LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr)
+                        : LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr));
+        case CKA_SUBJECT:
+            return lg_CopyAttribute(attribute, type, obj->dbKey.data,
+                                    obj->dbKey.len);
+        case CKA_NSS_URL:
+        case CKA_VALUE:
+            break;
+        default:
+            return lg_invalidAttribute(attribute);
     }
-    crl =  lg_getCrl(obj);
+    crl = lg_getCrl(obj);
     if (!crl) {
-	return CKR_OBJECT_HANDLE_INVALID;
+        return CKR_OBJECT_HANDLE_INVALID;
     }
     switch (type) {
-    case CKA_NSS_URL:
-	if (crl->url == NULL) {
-	    return LG_CLONE_ATTR(attribute,type,lg_StaticNullAttr);
-	}
-	return lg_CopyAttribute(attribute, type, crl->url, 
-					PORT_Strlen(crl->url)+1);
-    case CKA_VALUE:
-	return lg_CopyAttribute(attribute, type, crl->derCrl.data, 
-						crl->derCrl.len);
-    default:
-	break;
+        case CKA_NSS_URL:
+            if (crl->url == NULL) {
+                return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+            }
+            return lg_CopyAttribute(attribute, type, crl->url,
+                                    PORT_Strlen(crl->url) + 1);
+        case CKA_VALUE:
+            return lg_CopyAttribute(attribute, type, crl->derCrl.data,
+                                    crl->derCrl.len);
+        default:
+            break;
     }
     return lg_invalidAttribute(attribute);
 }
 
 static CK_RV
 lg_FindCertAttribute(LGObjectCache *obj, CK_ATTRIBUTE_TYPE type,
-				CK_ATTRIBUTE *attribute)
+                     CK_ATTRIBUTE *attribute)
 {
-    NSSLOWCERTCertificate  *cert;
+    NSSLOWCERTCertificate *cert;
     NSSLOWCERTCertDBHandle *certHandle;
-    NSSLOWKEYPublicKey     *pubKey;
+    NSSLOWKEYPublicKey *pubKey;
     unsigned char hash[SHA1_LENGTH];
     SECItem *item;
 
     switch (type) {
-    case CKA_PRIVATE:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticFalseAttr);
-    case CKA_MODIFIABLE:
-	return LG_CLONE_ATTR(attribute,type,lg_StaticTrueAttr);
-    case CKA_CERTIFICATE_TYPE:
-        /* hardcoding X.509 into here */
-        return lg_ULongAttribute(attribute, type, CKC_X_509);
-    case CKA_VALUE:
-    case CKA_ID:
-    case CKA_LABEL:
-    case CKA_SUBJECT:
-    case CKA_ISSUER:
-    case CKA_SERIAL_NUMBER:
-    case CKA_NSS_EMAIL:
-	break;
-    default:
-	return lg_invalidAttribute(attribute);
+        case CKA_PRIVATE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticFalseAttr);
+        case CKA_MODIFIABLE:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_CERTIFICATE_TYPE:
+            /* hardcoding X.509 into here */
+            return lg_ULongAttribute(attribute, type, CKC_X_509);
+        case CKA_VALUE:
+        case CKA_ID:
+        case CKA_LABEL:
+        case CKA_SUBJECT:
+        case CKA_ISSUER:
+        case CKA_SERIAL_NUMBER:
+        case CKA_NSS_EMAIL:
+            break;
+        default:
+            return lg_invalidAttribute(attribute);
     }
 
     certHandle = lg_getCertDB(obj->sdb);
     if (certHandle == NULL) {
-	return CKR_OBJECT_HANDLE_INVALID;
+        return CKR_OBJECT_HANDLE_INVALID;
     }
 
     cert = lg_getCert(obj, certHandle);
     if (cert == NULL) {
-	return CKR_OBJECT_HANDLE_INVALID;
+        return CKR_OBJECT_HANDLE_INVALID;
     }
     switch (type) {
-    case CKA_VALUE:
-	return lg_CopyAttribute(attribute,type,cert->derCert.data,
-						cert->derCert.len);
-    case CKA_ID:
-	if (((cert->trust->sslFlags & CERTDB_USER) == 0) &&
-		((cert->trust->emailFlags & CERTDB_USER) == 0) &&
-		((cert->trust->objectSigningFlags & CERTDB_USER) == 0)) {
-	    return LG_CLONE_ATTR(attribute,type,lg_StaticNullAttr);
-	}
-	pubKey = nsslowcert_ExtractPublicKey(cert);
-	if (pubKey == NULL) break;
-	item = lg_GetPubItem(pubKey);
-	if (item == NULL) {
-	    lg_nsslowkey_DestroyPublicKey(pubKey);
-	    break;
-	}
-	SHA1_HashBuf(hash,item->data,item->len);
-	/* item is imbedded in pubKey, just free the key */
-	lg_nsslowkey_DestroyPublicKey(pubKey);
-	return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
-    case CKA_LABEL:
-	return cert->nickname 
-	       ? lg_CopyAttribute(attribute, type, cert->nickname,
-				        PORT_Strlen(cert->nickname))
-	       : LG_CLONE_ATTR(attribute,type,lg_StaticNullAttr);
-    case CKA_SUBJECT:
-	return lg_CopyAttribute(attribute,type,cert->derSubject.data,
-						cert->derSubject.len);
-    case CKA_ISSUER:
-	return lg_CopyAttribute(attribute,type,cert->derIssuer.data,
-						cert->derIssuer.len);
-    case CKA_SERIAL_NUMBER:
-	return lg_CopyAttribute(attribute,type,cert->derSN.data,
-						cert->derSN.len);
-    case CKA_NSS_EMAIL:
-	return (cert->emailAddr && cert->emailAddr[0])
-	    ? lg_CopyAttribute(attribute, type, cert->emailAddr,
-	                             PORT_Strlen(cert->emailAddr))
-	    : LG_CLONE_ATTR(attribute,type,lg_StaticNullAttr);
-    default:
-	break;
+        case CKA_VALUE:
+            return lg_CopyAttribute(attribute, type, cert->derCert.data,
+                                    cert->derCert.len);
+        case CKA_ID:
+            if (((cert->trust->sslFlags & CERTDB_USER) == 0) &&
+                ((cert->trust->emailFlags & CERTDB_USER) == 0) &&
+                ((cert->trust->objectSigningFlags & CERTDB_USER) == 0)) {
+                return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+            }
+            pubKey = nsslowcert_ExtractPublicKey(cert);
+            if (pubKey == NULL)
+                break;
+            item = lg_GetPubItem(pubKey);
+            if (item == NULL) {
+                lg_nsslowkey_DestroyPublicKey(pubKey);
+                break;
+            }
+            SHA1_HashBuf(hash, item->data, item->len);
+            /* item is imbedded in pubKey, just free the key */
+            lg_nsslowkey_DestroyPublicKey(pubKey);
+            return lg_CopyAttribute(attribute, type, hash, SHA1_LENGTH);
+        case CKA_LABEL:
+            return cert->nickname
+                       ? lg_CopyAttribute(attribute, type, cert->nickname,
+                                          PORT_Strlen(cert->nickname))
+                       : LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        case CKA_SUBJECT:
+            return lg_CopyAttribute(attribute, type, cert->derSubject.data,
+                                    cert->derSubject.len);
+        case CKA_ISSUER:
+            return lg_CopyAttribute(attribute, type, cert->derIssuer.data,
+                                    cert->derIssuer.len);
+        case CKA_SERIAL_NUMBER:
+            return lg_CopyAttribute(attribute, type, cert->derSN.data,
+                                    cert->derSN.len);
+        case CKA_NSS_EMAIL:
+            return (cert->emailAddr && cert->emailAddr[0])
+                       ? lg_CopyAttribute(attribute, type, cert->emailAddr,
+                                          PORT_Strlen(cert->emailAddr))
+                       : LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        default:
+            break;
     }
     return lg_invalidAttribute(attribute);
 }
 
 CK_RV
 lg_GetSingleAttribute(LGObjectCache *obj, CK_ATTRIBUTE *attribute)
 {
     /* handle the common ones */
     CK_ATTRIBUTE_TYPE type = attribute->type;
     switch (type) {
-    case CKA_CLASS:
-	return lg_ULongAttribute(attribute,type,obj->objclass);
-    case CKA_TOKEN:
-	return LG_CLONE_ATTR(attribute, type,lg_StaticTrueAttr);
-    case CKA_LABEL:
-	if (  (obj->objclass == CKO_CERTIFICATE) 
-	   || (obj->objclass == CKO_PRIVATE_KEY)
-	   || (obj->objclass == CKO_PUBLIC_KEY)
-	   || (obj->objclass == CKO_SECRET_KEY)) {
-	    break;
-	}
-	return LG_CLONE_ATTR(attribute,type,lg_StaticNullAttr);
-    default:
-	break;
+        case CKA_CLASS:
+            return lg_ULongAttribute(attribute, type, obj->objclass);
+        case CKA_TOKEN:
+            return LG_CLONE_ATTR(attribute, type, lg_StaticTrueAttr);
+        case CKA_LABEL:
+            if ((obj->objclass == CKO_CERTIFICATE) ||
+                (obj->objclass == CKO_PRIVATE_KEY) ||
+                (obj->objclass == CKO_PUBLIC_KEY) ||
+                (obj->objclass == CKO_SECRET_KEY)) {
+                break;
+            }
+            return LG_CLONE_ATTR(attribute, type, lg_StaticNullAttr);
+        default:
+            break;
     }
     switch (obj->objclass) {
-    case CKO_CERTIFICATE:
-	return lg_FindCertAttribute(obj,type,attribute);
-    case CKO_NSS_CRL:
-	return lg_FindCrlAttribute(obj,type,attribute);
-    case CKO_NSS_TRUST:
-	return lg_FindTrustAttribute(obj,type,attribute);
-    case CKO_NSS_SMIME:
-	return lg_FindSMIMEAttribute(obj,type,attribute);
-    case CKO_PUBLIC_KEY:
-	return lg_FindPublicKeyAttribute(obj,type,attribute);
-    case CKO_PRIVATE_KEY:
-	return lg_FindPrivateKeyAttribute(obj,type,attribute);
-    case CKO_SECRET_KEY:
-	return lg_FindSecretKeyAttribute(obj,type,attribute);
-    default:
-	break;
+        case CKO_CERTIFICATE:
+            return lg_FindCertAttribute(obj, type, attribute);
+        case CKO_NSS_CRL:
+            return lg_FindCrlAttribute(obj, type, attribute);
+        case CKO_NSS_TRUST:
+            return lg_FindTrustAttribute(obj, type, attribute);
+        case CKO_NSS_SMIME:
+            return lg_FindSMIMEAttribute(obj, type, attribute);
+        case CKO_PUBLIC_KEY:
+            return lg_FindPublicKeyAttribute(obj, type, attribute);
+        case CKO_PRIVATE_KEY:
+            return lg_FindPrivateKeyAttribute(obj, type, attribute);
+        case CKO_SECRET_KEY:
+            return lg_FindSecretKeyAttribute(obj, type, attribute);
+        default:
+            break;
     }
     return lg_invalidAttribute(attribute);
-} 
+}
 
 /*
  * Fill in the attribute template based on the data in the databas