Bug 1244152 - NSS clang-format: lib/dev, r=kaie NSS_3_23_BETA3
authorFranziskus Kiefer <franziskuskiefer@gmail.com>
Fri, 05 Feb 2016 22:55:59 +0100
changeset 11863 58a2646809529953052c1367545145da7c5709a3
parent 11862 313155f1077bac87d574b0529247904ecb604f54
child 11864 21437b8046790cc9d36cf88aba2299f86ecb785f
push id970
push userkaie@kuix.de
push dateFri, 05 Feb 2016 21:56:17 +0000
reviewerskaie
bugs1244152
Bug 1244152 - NSS clang-format: lib/dev, r=kaie
lib/dev/ckhelper.c
lib/dev/ckhelper.h
lib/dev/dev.h
lib/dev/devm.h
lib/dev/devslot.c
lib/dev/devt.h
lib/dev/devtm.h
lib/dev/devtoken.c
lib/dev/devutil.c
lib/dev/nssdev.h
--- a/lib/dev/ckhelper.c
+++ b/lib/dev/ckhelper.c
@@ -11,389 +11,397 @@
 #ifndef CKHELPER_H
 #include "ckhelper.h"
 #endif /* CKHELPER_H */
 
 extern const NSSError NSS_ERROR_DEVICE_ERROR;
 
 static const CK_BBOOL s_true = CK_TRUE;
 NSS_IMPLEMENT_DATA const NSSItem
-g_ck_true = { (CK_VOID_PTR)&s_true, sizeof(s_true) };
+    g_ck_true = { (CK_VOID_PTR)&s_true, sizeof(s_true) };
 
 static const CK_BBOOL s_false = CK_FALSE;
 NSS_IMPLEMENT_DATA const NSSItem
-g_ck_false = { (CK_VOID_PTR)&s_false, sizeof(s_false) };
+    g_ck_false = { (CK_VOID_PTR)&s_false, sizeof(s_false) };
 
 static const CK_OBJECT_CLASS s_class_cert = CKO_CERTIFICATE;
 NSS_IMPLEMENT_DATA const NSSItem
-g_ck_class_cert = { (CK_VOID_PTR)&s_class_cert, sizeof(s_class_cert) };
+    g_ck_class_cert = { (CK_VOID_PTR)&s_class_cert, sizeof(s_class_cert) };
 
 static const CK_OBJECT_CLASS s_class_pubkey = CKO_PUBLIC_KEY;
 NSS_IMPLEMENT_DATA const NSSItem
-g_ck_class_pubkey = { (CK_VOID_PTR)&s_class_pubkey, sizeof(s_class_pubkey) };
+    g_ck_class_pubkey = { (CK_VOID_PTR)&s_class_pubkey, sizeof(s_class_pubkey) };
 
 static const CK_OBJECT_CLASS s_class_privkey = CKO_PRIVATE_KEY;
 NSS_IMPLEMENT_DATA const NSSItem
-g_ck_class_privkey = { (CK_VOID_PTR)&s_class_privkey, sizeof(s_class_privkey) };
+    g_ck_class_privkey = { (CK_VOID_PTR)&s_class_privkey, sizeof(s_class_privkey) };
 
 static PRBool
-is_string_attribute (
-  CK_ATTRIBUTE_TYPE aType
-)
+is_string_attribute(
+    CK_ATTRIBUTE_TYPE aType)
 {
     PRBool isString;
     switch (aType) {
-    case CKA_LABEL:
-    case CKA_NSS_EMAIL:
-	isString = PR_TRUE;
-	break;
-    default:
-	isString = PR_FALSE;
-	break;
+        case CKA_LABEL:
+        case CKA_NSS_EMAIL:
+            isString = PR_TRUE;
+            break;
+        default:
+            isString = PR_FALSE;
+            break;
     }
     return isString;
 }
 
-NSS_IMPLEMENT PRStatus 
-nssCKObject_GetAttributes (
-  CK_OBJECT_HANDLE object,
-  CK_ATTRIBUTE_PTR obj_template,
-  CK_ULONG count,
-  NSSArena *arenaOpt,
-  nssSession *session,
-  NSSSlot *slot
-)
+NSS_IMPLEMENT PRStatus
+nssCKObject_GetAttributes(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_PTR obj_template,
+    CK_ULONG count,
+    NSSArena *arenaOpt,
+    nssSession *session,
+    NSSSlot *slot)
 {
     nssArenaMark *mark = NULL;
     CK_SESSION_HANDLE hSession;
     CK_ULONG i = 0;
     CK_RV ckrv;
     PRStatus nssrv;
     PRBool alloced = PR_FALSE;
     void *epv = nssSlot_GetCryptokiEPV(slot);
-    hSession = session->handle; 
+    hSession = session->handle;
     if (arenaOpt) {
-	mark = nssArena_Mark(arenaOpt);
-	if (!mark) {
-	    goto loser;
-	}
+        mark = nssArena_Mark(arenaOpt);
+        if (!mark) {
+            goto loser;
+        }
     }
     nssSession_EnterMonitor(session);
     /* XXX kinda hacky, if the storage size is already in the first template
      * item, then skip the alloc portion
      */
     if (obj_template[0].ulValueLen == 0) {
-	/* Get the storage size needed for each attribute */
-	ckrv = CKAPI(epv)->C_GetAttributeValue(hSession,
-	                                       object, obj_template, count);
-	if (ckrv != CKR_OK && 
-	    ckrv != CKR_ATTRIBUTE_TYPE_INVALID &&
-	    ckrv != CKR_ATTRIBUTE_SENSITIVE) 
-	{
-	    nssSession_ExitMonitor(session);
-	    nss_SetError(NSS_ERROR_DEVICE_ERROR);
-	    goto loser;
-	}
-	/* Allocate memory for each attribute. */
-	for (i=0; i<count; i++) {
-	    CK_ULONG ulValueLen = obj_template[i].ulValueLen;
-	    if (ulValueLen == 0 || ulValueLen == (CK_ULONG) -1) {
-		obj_template[i].pValue = NULL;
-		obj_template[i].ulValueLen = 0;
-		continue;
-	    }
-	    if (is_string_attribute(obj_template[i].type)) {
-		ulValueLen++;
-	    }
-	    obj_template[i].pValue = nss_ZAlloc(arenaOpt, ulValueLen);
-	    if (!obj_template[i].pValue) {
-		nssSession_ExitMonitor(session);
-		goto loser;
-	    }
-	}
-	alloced = PR_TRUE;
+        /* Get the storage size needed for each attribute */
+        ckrv = CKAPI(epv)->C_GetAttributeValue(hSession,
+                                               object, obj_template, count);
+        if (ckrv != CKR_OK &&
+            ckrv != CKR_ATTRIBUTE_TYPE_INVALID &&
+            ckrv != CKR_ATTRIBUTE_SENSITIVE) {
+            nssSession_ExitMonitor(session);
+            nss_SetError(NSS_ERROR_DEVICE_ERROR);
+            goto loser;
+        }
+        /* Allocate memory for each attribute. */
+        for (i = 0; i < count; i++) {
+            CK_ULONG ulValueLen = obj_template[i].ulValueLen;
+            if (ulValueLen == 0 || ulValueLen == (CK_ULONG)-1) {
+                obj_template[i].pValue = NULL;
+                obj_template[i].ulValueLen = 0;
+                continue;
+            }
+            if (is_string_attribute(obj_template[i].type)) {
+                ulValueLen++;
+            }
+            obj_template[i].pValue = nss_ZAlloc(arenaOpt, ulValueLen);
+            if (!obj_template[i].pValue) {
+                nssSession_ExitMonitor(session);
+                goto loser;
+            }
+        }
+        alloced = PR_TRUE;
     }
     /* Obtain the actual attribute values. */
     ckrv = CKAPI(epv)->C_GetAttributeValue(hSession,
                                            object, obj_template, count);
     nssSession_ExitMonitor(session);
-    if (ckrv != CKR_OK && 
+    if (ckrv != CKR_OK &&
         ckrv != CKR_ATTRIBUTE_TYPE_INVALID &&
-        ckrv != CKR_ATTRIBUTE_SENSITIVE) 
-    {
-	nss_SetError(NSS_ERROR_DEVICE_ERROR);
-	goto loser;
+        ckrv != CKR_ATTRIBUTE_SENSITIVE) {
+        nss_SetError(NSS_ERROR_DEVICE_ERROR);
+        goto loser;
     }
     if (alloced && arenaOpt) {
-	nssrv = nssArena_Unmark(arenaOpt, mark);
-	if (nssrv != PR_SUCCESS) {
-	    goto loser;
-	}
+        nssrv = nssArena_Unmark(arenaOpt, mark);
+        if (nssrv != PR_SUCCESS) {
+            goto loser;
+        }
     }
 
-    if (count > 1 && ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) || 
-					(ckrv == CKR_ATTRIBUTE_SENSITIVE))) {
-	/* old tokens would keep the length of '0' and not deal with any
-	 * of the attributes we passed. For those tokens read them one at
-	 * a time */
-	for (i=0; i < count; i++) {
-	    if ((obj_template[i].ulValueLen == 0) 
-				|| (obj_template[i].ulValueLen == -1)) {
-		obj_template[i].ulValueLen=0;
-		(void) nssCKObject_GetAttributes(object,&obj_template[i], 1,
-			arenaOpt, session, slot);
-	    }
-	}
+    if (count > 1 && ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) ||
+                      (ckrv == CKR_ATTRIBUTE_SENSITIVE))) {
+        /* old tokens would keep the length of '0' and not deal with any
+         * of the attributes we passed. For those tokens read them one at
+         * a time */
+        for (i = 0; i < count; i++) {
+            if ((obj_template[i].ulValueLen == 0) ||
+                (obj_template[i].ulValueLen == -1)) {
+                obj_template[i].ulValueLen = 0;
+                (void)nssCKObject_GetAttributes(object, &obj_template[i], 1,
+                                                arenaOpt, session, slot);
+            }
+        }
     }
     return PR_SUCCESS;
 loser:
     if (alloced) {
-	if (arenaOpt) {
-	    /* release all arena memory allocated before the failure. */
-	    (void)nssArena_Release(arenaOpt, mark);
-	} else {
-	    CK_ULONG j;
-	    /* free each heap object that was allocated before the failure. */
-	    for (j=0; j<i; j++) {
-		nss_ZFreeIf(obj_template[j].pValue);
-	    }
-	}
+        if (arenaOpt) {
+            /* release all arena memory allocated before the failure. */
+            (void)nssArena_Release(arenaOpt, mark);
+        }
+        else {
+            CK_ULONG j;
+            /* free each heap object that was allocated before the failure. */
+            for (j = 0; j < i; j++) {
+                nss_ZFreeIf(obj_template[j].pValue);
+            }
+        }
     }
     return PR_FAILURE;
 }
 
 NSS_IMPLEMENT PRStatus
-nssCKObject_GetAttributeItem (
-  CK_OBJECT_HANDLE object,
-  CK_ATTRIBUTE_TYPE attribute,
-  NSSArena *arenaOpt,
-  nssSession *session,
-  NSSSlot *slot,
-  NSSItem *rvItem
-)
+nssCKObject_GetAttributeItem(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSArena *arenaOpt,
+    nssSession *session,
+    NSSSlot *slot,
+    NSSItem *rvItem)
 {
     CK_ATTRIBUTE attr = { 0, NULL, 0 };
     PRStatus nssrv;
     attr.type = attribute;
-    nssrv = nssCKObject_GetAttributes(object, &attr, 1, 
+    nssrv = nssCKObject_GetAttributes(object, &attr, 1,
                                       arenaOpt, session, slot);
     if (nssrv != PR_SUCCESS) {
-	return nssrv;
+        return nssrv;
     }
     rvItem->data = (void *)attr.pValue;
     rvItem->size = (PRUint32)attr.ulValueLen;
     return PR_SUCCESS;
 }
 
 NSS_IMPLEMENT PRBool
-nssCKObject_IsAttributeTrue (
-  CK_OBJECT_HANDLE object,
-  CK_ATTRIBUTE_TYPE attribute,
-  nssSession *session,
-  NSSSlot *slot,
-  PRStatus *rvStatus
-)
+nssCKObject_IsAttributeTrue(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_TYPE attribute,
+    nssSession *session,
+    NSSSlot *slot,
+    PRStatus *rvStatus)
 {
     CK_BBOOL bool;
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE atemplate = { 0, NULL, 0 };
     CK_RV ckrv;
     void *epv = nssSlot_GetCryptokiEPV(slot);
     attr = &atemplate;
     NSS_CK_SET_ATTRIBUTE_VAR(attr, attribute, bool);
     nssSession_EnterMonitor(session);
-    ckrv = CKAPI(epv)->C_GetAttributeValue(session->handle, object, 
+    ckrv = CKAPI(epv)->C_GetAttributeValue(session->handle, object,
                                            &atemplate, 1);
     nssSession_ExitMonitor(session);
     if (ckrv != CKR_OK) {
-	*rvStatus = PR_FAILURE;
-	return PR_FALSE;
+        *rvStatus = PR_FAILURE;
+        return PR_FALSE;
     }
     *rvStatus = PR_SUCCESS;
     return (PRBool)(bool == CK_TRUE);
 }
 
-NSS_IMPLEMENT PRStatus 
-nssCKObject_SetAttributes (
-  CK_OBJECT_HANDLE object,
-  CK_ATTRIBUTE_PTR obj_template,
-  CK_ULONG count,
-  nssSession *session,
-  NSSSlot  *slot
-)
+NSS_IMPLEMENT PRStatus
+nssCKObject_SetAttributes(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_PTR obj_template,
+    CK_ULONG count,
+    nssSession *session,
+    NSSSlot *slot)
 {
     CK_RV ckrv;
     void *epv = nssSlot_GetCryptokiEPV(slot);
     nssSession_EnterMonitor(session);
-    ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle, object, 
+    ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle, object,
                                            obj_template, count);
     nssSession_ExitMonitor(session);
     if (ckrv == CKR_OK) {
-	return PR_SUCCESS;
-    } else {
-	return PR_FAILURE;
+        return PR_SUCCESS;
+    }
+    else {
+        return PR_FAILURE;
     }
 }
 
 NSS_IMPLEMENT PRBool
-nssCKObject_IsTokenObjectTemplate (
-  CK_ATTRIBUTE_PTR objectTemplate, 
-  CK_ULONG otsize
-)
+nssCKObject_IsTokenObjectTemplate(
+    CK_ATTRIBUTE_PTR objectTemplate,
+    CK_ULONG otsize)
 {
     CK_ULONG ul;
-    for (ul=0; ul<otsize; ul++) {
-	if (objectTemplate[ul].type == CKA_TOKEN) {
-	    return (*((CK_BBOOL*)objectTemplate[ul].pValue) == CK_TRUE);
-	}
+    for (ul = 0; ul < otsize; ul++) {
+        if (objectTemplate[ul].type == CKA_TOKEN) {
+            return (*((CK_BBOOL *)objectTemplate[ul].pValue) == CK_TRUE);
+        }
     }
     return PR_FALSE;
 }
 
 static NSSCertificateType
 nss_cert_type_from_ck_attrib(CK_ATTRIBUTE_PTR attrib)
 {
     CK_CERTIFICATE_TYPE ckCertType;
     if (!attrib->pValue) {
-	/* default to PKIX */
-	return NSSCertificateType_PKIX;
+        /* default to PKIX */
+        return NSSCertificateType_PKIX;
     }
     ckCertType = *((CK_ULONG *)attrib->pValue);
     switch (ckCertType) {
-    case CKC_X_509:
-	return NSSCertificateType_PKIX;
-    default:
-	break;
+        case CKC_X_509:
+            return NSSCertificateType_PKIX;
+        default:
+            break;
     }
     return NSSCertificateType_Unknown;
 }
 
 /* incoming pointers must be valid */
 NSS_IMPLEMENT PRStatus
-nssCryptokiCertificate_GetAttributes (
-  nssCryptokiObject *certObject,
-  nssSession *sessionOpt,
-  NSSArena *arenaOpt,
-  NSSCertificateType *certTypeOpt,
-  NSSItem *idOpt,
-  NSSDER *encodingOpt,
-  NSSDER *issuerOpt,
-  NSSDER *serialOpt,
-  NSSDER *subjectOpt
-)
+nssCryptokiCertificate_GetAttributes(
+    nssCryptokiObject *certObject,
+    nssSession *sessionOpt,
+    NSSArena *arenaOpt,
+    NSSCertificateType *certTypeOpt,
+    NSSItem *idOpt,
+    NSSDER *encodingOpt,
+    NSSDER *issuerOpt,
+    NSSDER *serialOpt,
+    NSSDER *subjectOpt)
 {
     PRStatus status;
     PRUint32 i;
     nssSession *session;
     NSSSlot *slot;
     CK_ULONG template_size;
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE cert_template[6];
     /* Set up a template of all options chosen by caller */
     NSS_CK_TEMPLATE_START(cert_template, attr, template_size);
     if (certTypeOpt) {
-	NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CERTIFICATE_TYPE);
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CERTIFICATE_TYPE);
     }
     if (idOpt) {
-	NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ID);
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ID);
     }
     if (encodingOpt) {
-	NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
     }
     if (issuerOpt) {
-	NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ISSUER);
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_ISSUER);
     }
     if (serialOpt) {
-	NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SERIAL_NUMBER);
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SERIAL_NUMBER);
     }
     if (subjectOpt) {
-	NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT);
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT);
     }
     NSS_CK_TEMPLATE_FINISH(cert_template, attr, template_size);
     if (template_size == 0) {
-	/* caller didn't want anything */
-	return PR_SUCCESS;
+        /* caller didn't want anything */
+        return PR_SUCCESS;
     }
 
     status = nssToken_GetCachedObjectAttributes(certObject->token, arenaOpt,
                                                 certObject, CKO_CERTIFICATE,
                                                 cert_template, template_size);
     if (status != PR_SUCCESS) {
 
-	session = sessionOpt ? 
-	          sessionOpt : 
-	          nssToken_GetDefaultSession(certObject->token);
-	if (!session) {
-	    nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
-	    return PR_FAILURE;
-	}
+        session = sessionOpt ?
+                             sessionOpt
+                             :
+                             nssToken_GetDefaultSession(certObject->token);
+        if (!session) {
+            nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+            return PR_FAILURE;
+        }
 
-	slot = nssToken_GetSlot(certObject->token);
-	status = nssCKObject_GetAttributes(certObject->handle, 
-	                                   cert_template, template_size,
-	                                   arenaOpt, session, slot);
-	nssSlot_Destroy(slot);
-	if (status != PR_SUCCESS) {
-	    return status;
-	}
+        slot = nssToken_GetSlot(certObject->token);
+        status = nssCKObject_GetAttributes(certObject->handle,
+                                           cert_template, template_size,
+                                           arenaOpt, session, slot);
+        nssSlot_Destroy(slot);
+        if (status != PR_SUCCESS) {
+            return status;
+        }
     }
 
-    i=0;
+    i = 0;
     if (certTypeOpt) {
-	*certTypeOpt = nss_cert_type_from_ck_attrib(&cert_template[i]); i++;
+        *certTypeOpt = nss_cert_type_from_ck_attrib(&cert_template[i]);
+        i++;
     }
     if (idOpt) {
-	NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], idOpt); i++;
+        NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], idOpt);
+        i++;
     }
     if (encodingOpt) {
-	NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], encodingOpt); i++;
+        NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], encodingOpt);
+        i++;
     }
     if (issuerOpt) {
-	NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], issuerOpt); i++;
+        NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], issuerOpt);
+        i++;
     }
     if (serialOpt) {
-	NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], serialOpt); i++;
+        NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], serialOpt);
+        i++;
     }
     if (subjectOpt) {
-	NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], subjectOpt); i++;
+        NSS_CK_ATTRIBUTE_TO_ITEM(&cert_template[i], subjectOpt);
+        i++;
     }
     return PR_SUCCESS;
 }
 
-static nssTrustLevel 
-get_nss_trust (
-  CK_TRUST ckt
-)
+static nssTrustLevel
+get_nss_trust(
+    CK_TRUST ckt)
 {
     nssTrustLevel t;
     switch (ckt) {
-    case CKT_NSS_NOT_TRUSTED: t = nssTrustLevel_NotTrusted; break;
-    case CKT_NSS_TRUSTED_DELEGATOR: t = nssTrustLevel_TrustedDelegator; 
-	break;
-    case CKT_NSS_VALID_DELEGATOR: t = nssTrustLevel_ValidDelegator; break;
-    case CKT_NSS_TRUSTED: t = nssTrustLevel_Trusted; break;
-    case CKT_NSS_MUST_VERIFY_TRUST: t = nssTrustLevel_MustVerify; break;
-    case CKT_NSS_TRUST_UNKNOWN:
-    default:
-	t = nssTrustLevel_Unknown; break;
+        case CKT_NSS_NOT_TRUSTED:
+            t = nssTrustLevel_NotTrusted;
+            break;
+        case CKT_NSS_TRUSTED_DELEGATOR:
+            t = nssTrustLevel_TrustedDelegator;
+            break;
+        case CKT_NSS_VALID_DELEGATOR:
+            t = nssTrustLevel_ValidDelegator;
+            break;
+        case CKT_NSS_TRUSTED:
+            t = nssTrustLevel_Trusted;
+            break;
+        case CKT_NSS_MUST_VERIFY_TRUST:
+            t = nssTrustLevel_MustVerify;
+            break;
+        case CKT_NSS_TRUST_UNKNOWN:
+        default:
+            t = nssTrustLevel_Unknown;
+            break;
     }
     return t;
 }
 
 NSS_IMPLEMENT PRStatus
-nssCryptokiTrust_GetAttributes (
-  nssCryptokiObject *trustObject,
-  nssSession *sessionOpt,
-  NSSItem *sha1_hash,
-  nssTrustLevel *serverAuth,
-  nssTrustLevel *clientAuth,
-  nssTrustLevel *codeSigning,
-  nssTrustLevel *emailProtection,
-  PRBool *stepUpApproved
-)
+nssCryptokiTrust_GetAttributes(
+    nssCryptokiObject *trustObject,
+    nssSession *sessionOpt,
+    NSSItem *sha1_hash,
+    nssTrustLevel *serverAuth,
+    nssTrustLevel *clientAuth,
+    nssTrustLevel *codeSigning,
+    nssTrustLevel *emailProtection,
+    PRBool *stepUpApproved)
 {
     PRStatus status;
     NSSSlot *slot;
     nssSession *session;
     CK_BBOOL isToken = PR_FALSE;
     CK_BBOOL stepUp = PR_FALSE;
     CK_TRUST saTrust = CKT_NSS_TRUST_UNKNOWN;
     CK_TRUST caTrust = CKT_NSS_TRUST_UNKNOWN;
@@ -401,150 +409,155 @@ nssCryptokiTrust_GetAttributes (
     CK_TRUST csTrust = CKT_NSS_TRUST_UNKNOWN;
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE trust_template[7];
     CK_ATTRIBUTE_PTR sha1_hash_attr;
     CK_ULONG trust_size;
 
     /* Use the trust object to find the trust settings */
     NSS_CK_TEMPLATE_START(trust_template, attr, trust_size);
-    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN,                  isToken);
-    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH,      saTrust);
-    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH,      caTrust);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TOKEN, isToken);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, saTrust);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, caTrust);
     NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, epTrust);
-    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING,     csTrust);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, csTrust);
     NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_STEP_UP_APPROVED, stepUp);
     sha1_hash_attr = attr;
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH,     sha1_hash);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, sha1_hash);
     NSS_CK_TEMPLATE_FINISH(trust_template, attr, trust_size);
 
     status = nssToken_GetCachedObjectAttributes(trustObject->token, NULL,
-                                                trustObject, 
+                                                trustObject,
                                                 CKO_NSS_TRUST,
                                                 trust_template, trust_size);
     if (status != PR_SUCCESS) {
-	session = sessionOpt ? 
-	          sessionOpt : 
-	          nssToken_GetDefaultSession(trustObject->token);
-	if (!session) {
-	    nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
-	    return PR_FAILURE;
-	}
+        session = sessionOpt ?
+                             sessionOpt
+                             :
+                             nssToken_GetDefaultSession(trustObject->token);
+        if (!session) {
+            nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+            return PR_FAILURE;
+        }
 
-	slot = nssToken_GetSlot(trustObject->token);
-	status = nssCKObject_GetAttributes(trustObject->handle,
-	                                   trust_template, trust_size,
-	                                   NULL, session, slot);
-	nssSlot_Destroy(slot);
-	if (status != PR_SUCCESS) {
-	    return status;
-	}
+        slot = nssToken_GetSlot(trustObject->token);
+        status = nssCKObject_GetAttributes(trustObject->handle,
+                                           trust_template, trust_size,
+                                           NULL, session, slot);
+        nssSlot_Destroy(slot);
+        if (status != PR_SUCCESS) {
+            return status;
+        }
     }
 
     if (sha1_hash_attr->ulValueLen == -1) {
-	/* The trust object does not have the CKA_CERT_SHA1_HASH attribute. */
-	sha1_hash_attr->ulValueLen = 0;
+        /* The trust object does not have the CKA_CERT_SHA1_HASH attribute. */
+        sha1_hash_attr->ulValueLen = 0;
     }
     sha1_hash->size = sha1_hash_attr->ulValueLen;
     *serverAuth = get_nss_trust(saTrust);
     *clientAuth = get_nss_trust(caTrust);
     *emailProtection = get_nss_trust(epTrust);
     *codeSigning = get_nss_trust(csTrust);
     *stepUpApproved = stepUp;
     return PR_SUCCESS;
 }
 
 NSS_IMPLEMENT PRStatus
-nssCryptokiCRL_GetAttributes (
-  nssCryptokiObject *crlObject,
-  nssSession *sessionOpt,
-  NSSArena *arenaOpt,
-  NSSItem *encodingOpt,
-  NSSItem *subjectOpt,
-  CK_ULONG* crl_class,
-  NSSUTF8 **urlOpt,
-  PRBool *isKRLOpt
-)
+nssCryptokiCRL_GetAttributes(
+    nssCryptokiObject *crlObject,
+    nssSession *sessionOpt,
+    NSSArena *arenaOpt,
+    NSSItem *encodingOpt,
+    NSSItem *subjectOpt,
+    CK_ULONG *crl_class,
+    NSSUTF8 **urlOpt,
+    PRBool *isKRLOpt)
 {
     PRStatus status;
     NSSSlot *slot;
     nssSession *session;
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE crl_template[7];
     CK_ULONG crl_size;
     PRUint32 i;
 
     NSS_CK_TEMPLATE_START(crl_template, attr, crl_size);
     if (crl_class) {
         NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_CLASS);
     }
     if (encodingOpt) {
-	NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
     }
     if (urlOpt) {
-	NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_URL);
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_URL);
     }
     if (isKRLOpt) {
-	NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_KRL);
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_NSS_KRL);
     }
     if (subjectOpt) {
-	NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT);
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_SUBJECT);
     }
     NSS_CK_TEMPLATE_FINISH(crl_template, attr, crl_size);
 
     status = nssToken_GetCachedObjectAttributes(crlObject->token, NULL,
-                                                crlObject, 
+                                                crlObject,
                                                 CKO_NSS_CRL,
                                                 crl_template, crl_size);
     if (status != PR_SUCCESS) {
-	session = sessionOpt ? 
-	          sessionOpt : 
-	          nssToken_GetDefaultSession(crlObject->token);
-	if (session == NULL) {
-	    nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
-	    return PR_FAILURE;
-	}
+        session = sessionOpt ?
+                             sessionOpt
+                             :
+                             nssToken_GetDefaultSession(crlObject->token);
+        if (session == NULL) {
+            nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+            return PR_FAILURE;
+        }
 
-	slot = nssToken_GetSlot(crlObject->token);
-	status = nssCKObject_GetAttributes(crlObject->handle, 
-	                                   crl_template, crl_size,
-	                                   arenaOpt, session, slot);
-	nssSlot_Destroy(slot);
-	if (status != PR_SUCCESS) {
-	    return status;
-	}
+        slot = nssToken_GetSlot(crlObject->token);
+        status = nssCKObject_GetAttributes(crlObject->handle,
+                                           crl_template, crl_size,
+                                           arenaOpt, session, slot);
+        nssSlot_Destroy(slot);
+        if (status != PR_SUCCESS) {
+            return status;
+        }
     }
 
-    i=0;
+    i = 0;
     if (crl_class) {
-        NSS_CK_ATTRIBUTE_TO_ULONG(&crl_template[i], *crl_class); i++;
+        NSS_CK_ATTRIBUTE_TO_ULONG(&crl_template[i], *crl_class);
+        i++;
     }
     if (encodingOpt) {
-	NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], encodingOpt); i++;
+        NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], encodingOpt);
+        i++;
     }
     if (urlOpt) {
-	NSS_CK_ATTRIBUTE_TO_UTF8(&crl_template[i], *urlOpt); i++;
+        NSS_CK_ATTRIBUTE_TO_UTF8(&crl_template[i], *urlOpt);
+        i++;
     }
     if (isKRLOpt) {
-	NSS_CK_ATTRIBUTE_TO_BOOL(&crl_template[i], *isKRLOpt); i++;
+        NSS_CK_ATTRIBUTE_TO_BOOL(&crl_template[i], *isKRLOpt);
+        i++;
     }
     if (subjectOpt) {
-	NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], subjectOpt); i++;
+        NSS_CK_ATTRIBUTE_TO_ITEM(&crl_template[i], subjectOpt);
+        i++;
     }
     return PR_SUCCESS;
 }
 
 NSS_IMPLEMENT PRStatus
-nssCryptokiPrivateKey_SetCertificate (
-  nssCryptokiObject *keyObject,
-  nssSession *sessionOpt,
-  const NSSUTF8 *nickname,
-  NSSItem *id,
-  NSSDER *subject
-)
+nssCryptokiPrivateKey_SetCertificate(
+    nssCryptokiObject *keyObject,
+    nssSession *sessionOpt,
+    const NSSUTF8 *nickname,
+    NSSItem *id,
+    NSSDER *subject)
 {
     CK_RV ckrv;
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE key_template[3];
     CK_ULONG key_size;
     void *epv = nssToken_GetCryptokiEPV(keyObject->token);
     nssSession *session;
     NSSToken *token = keyObject->token;
@@ -553,36 +566,37 @@ nssCryptokiPrivateKey_SetCertificate (
 
     NSS_CK_TEMPLATE_START(key_template, attr, key_size);
     NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
     NSS_CK_TEMPLATE_FINISH(key_template, attr, key_size);
 
     if (sessionOpt) {
-	if (!nssSession_IsReadWrite(sessionOpt)) {
-	    return PR_FAILURE;
-	} 
-	session = sessionOpt;
-    } else if (defaultSession && nssSession_IsReadWrite(defaultSession)) {
-	session = defaultSession;
-    } else {
-	NSSSlot *slot = nssToken_GetSlot(token);
-	session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
-	nssSlot_Destroy(slot);
-	if (!session) {
-	    return PR_FAILURE;
-	}
-	createdSession = PR_TRUE;
+        if (!nssSession_IsReadWrite(sessionOpt)) {
+            return PR_FAILURE;
+        }
+        session = sessionOpt;
+    }
+    else if (defaultSession && nssSession_IsReadWrite(defaultSession)) {
+        session = defaultSession;
+    }
+    else {
+        NSSSlot *slot = nssToken_GetSlot(token);
+        session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
+        nssSlot_Destroy(slot);
+        if (!session) {
+            return PR_FAILURE;
+        }
+        createdSession = PR_TRUE;
     }
 
     ckrv = CKAPI(epv)->C_SetAttributeValue(session->handle,
                                            keyObject->handle,
                                            key_template,
                                            key_size);
 
     if (createdSession) {
-	nssSession_Destroy(session);
+        nssSession_Destroy(session);
     }
 
     return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
 }
-
--- a/lib/dev/ckhelper.h
+++ b/lib/dev/ckhelper.h
@@ -21,137 +21,130 @@ PR_BEGIN_EXTERN_C
 NSS_EXTERN_DATA const NSSItem g_ck_true;
 NSS_EXTERN_DATA const NSSItem g_ck_false;
 
 /* Object classes */
 NSS_EXTERN_DATA const NSSItem g_ck_class_cert;
 NSS_EXTERN_DATA const NSSItem g_ck_class_pubkey;
 NSS_EXTERN_DATA const NSSItem g_ck_class_privkey;
 
-#define NSS_CK_TEMPLATE_START(_template, attr, size)   \
-    attr = _template;                                  \
+#define NSS_CK_TEMPLATE_START(_template, attr, size) \
+    attr = _template;                                \
     size = 0;
 
-#define NSS_CK_SET_ATTRIBUTE_ITEM(pattr, kind, item)  \
-    (pattr)->type = kind;                             \
-    (pattr)->pValue = (CK_VOID_PTR)(item)->data;      \
-    (pattr)->ulValueLen = (CK_ULONG)(item)->size;     \
+#define NSS_CK_SET_ATTRIBUTE_ITEM(pattr, kind, item) \
+    (pattr)->type = kind;                            \
+    (pattr)->pValue = (CK_VOID_PTR)(item)->data;     \
+    (pattr)->ulValueLen = (CK_ULONG)(item)->size;    \
     (pattr)++;
 
-#define NSS_CK_SET_ATTRIBUTE_UTF8(pattr, kind, utf8)  \
-    (pattr)->type = kind;                             \
-    (pattr)->pValue = (CK_VOID_PTR)utf8;              \
+#define NSS_CK_SET_ATTRIBUTE_UTF8(pattr, kind, utf8)          \
+    (pattr)->type = kind;                                     \
+    (pattr)->pValue = (CK_VOID_PTR)utf8;                      \
     (pattr)->ulValueLen = (CK_ULONG)nssUTF8_Size(utf8, NULL); \
-    if ((pattr)->ulValueLen) ((pattr)->ulValueLen)--; \
+    if ((pattr)->ulValueLen)                                  \
+        ((pattr)->ulValueLen)--;                              \
     (pattr)++;
 
-#define NSS_CK_SET_ATTRIBUTE_VAR(pattr, kind, var)    \
-    (pattr)->type = kind;                             \
-    (pattr)->pValue = (CK_VOID_PTR)&var;              \
-    (pattr)->ulValueLen = (CK_ULONG)sizeof(var);      \
+#define NSS_CK_SET_ATTRIBUTE_VAR(pattr, kind, var) \
+    (pattr)->type = kind;                          \
+    (pattr)->pValue = (CK_VOID_PTR)&var;           \
+    (pattr)->ulValueLen = (CK_ULONG)sizeof(var);   \
     (pattr)++;
 
-#define NSS_CK_SET_ATTRIBUTE_NULL(pattr, kind)        \
-    (pattr)->type = kind;                             \
-    (pattr)->pValue = (CK_VOID_PTR)NULL;              \
-    (pattr)->ulValueLen = 0;                          \
+#define NSS_CK_SET_ATTRIBUTE_NULL(pattr, kind) \
+    (pattr)->type = kind;                      \
+    (pattr)->pValue = (CK_VOID_PTR)NULL;       \
+    (pattr)->ulValueLen = 0;                   \
     (pattr)++;
 
 #define NSS_CK_TEMPLATE_FINISH(_template, attr, size) \
     size = (attr) - (_template);                      \
-    PR_ASSERT(size <= sizeof(_template)/sizeof(_template[0]));
+    PR_ASSERT(size <= sizeof(_template) / sizeof(_template[0]));
 
 /* NSS_CK_ATTRIBUTE_TO_ITEM(attrib, item)
  *
  * Convert a CK_ATTRIBUTE to an NSSItem.
  */
 #define NSS_CK_ATTRIBUTE_TO_ITEM(attrib, item)         \
     if ((CK_LONG)(attrib)->ulValueLen > 0) {           \
-	(item)->data = (void *)(attrib)->pValue;       \
-	(item)->size = (PRUint32)(attrib)->ulValueLen; \
-    } else {                                           \
-	(item)->data = 0;                              \
-	(item)->size = 0;                              \
+        (item)->data = (void *)(attrib)->pValue;       \
+        (item)->size = (PRUint32)(attrib)->ulValueLen; \
+    }                                                  \
+    else {                                             \
+        (item)->data = 0;                              \
+        (item)->size = 0;                              \
     }
 
-#define NSS_CK_ATTRIBUTE_TO_BOOL(attrib, boolvar)        \
-    if ((attrib)->ulValueLen > 0) {                      \
-	if (*((CK_BBOOL*)(attrib)->pValue) == CK_TRUE) { \
-	    boolvar = PR_TRUE;                           \
-	} else {                                         \
-	    boolvar = PR_FALSE;                          \
-	}                                                \
+#define NSS_CK_ATTRIBUTE_TO_BOOL(attrib, boolvar)         \
+    if ((attrib)->ulValueLen > 0) {                       \
+        if (*((CK_BBOOL *)(attrib)->pValue) == CK_TRUE) { \
+            boolvar = PR_TRUE;                            \
+        }                                                 \
+        else {                                            \
+            boolvar = PR_FALSE;                           \
+        }                                                 \
     }
 
-#define NSS_CK_ATTRIBUTE_TO_ULONG(attrib, ulongvar)      \
-    if ((attrib)->ulValueLen > 0) {                      \
-	ulongvar = *((CK_ULONG*)(attrib)->pValue);       \
+#define NSS_CK_ATTRIBUTE_TO_ULONG(attrib, ulongvar) \
+    if ((attrib)->ulValueLen > 0) {                 \
+        ulongvar = *((CK_ULONG *)(attrib)->pValue); \
     }
 
 /* NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str)
  *
  * Convert a CK_ATTRIBUTE to a string.
  */
-#define NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str)      \
+#define NSS_CK_ATTRIBUTE_TO_UTF8(attrib, str) \
     str = (NSSUTF8 *)((attrib)->pValue);
 
 /* NSS_CK_ITEM_TO_ATTRIBUTE(item, attrib)
  *
  * Convert an NSSItem to a  CK_ATTRIBUTE.
  */
-#define NSS_CK_ITEM_TO_ATTRIBUTE(item, attrib)     \
-    (attrib)->pValue = (CK_VOID_PTR)(item)->data;  \
-    (attrib)->ulValueLen = (CK_ULONG)(item)->size; \
+#define NSS_CK_ITEM_TO_ATTRIBUTE(item, attrib)    \
+    (attrib)->pValue = (CK_VOID_PTR)(item)->data; \
+    (attrib)->ulValueLen = (CK_ULONG)(item)->size;
 
 /* Get an array of attributes from an object. */
-NSS_EXTERN PRStatus 
-nssCKObject_GetAttributes
-(
-  CK_OBJECT_HANDLE object,
-  CK_ATTRIBUTE_PTR obj_template,
-  CK_ULONG count,
-  NSSArena *arenaOpt,
-  nssSession *session,
-  NSSSlot *slot
-);
+NSS_EXTERN PRStatus
+nssCKObject_GetAttributes(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_PTR obj_template,
+    CK_ULONG count,
+    NSSArena *arenaOpt,
+    nssSession *session,
+    NSSSlot *slot);
 
 /* Get a single attribute as an item. */
 NSS_EXTERN PRStatus
-nssCKObject_GetAttributeItem
-(
-  CK_OBJECT_HANDLE object,
-  CK_ATTRIBUTE_TYPE attribute,
-  NSSArena *arenaOpt,
-  nssSession *session,
-  NSSSlot *slot,
-  NSSItem *rvItem
-);
+nssCKObject_GetAttributeItem(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_TYPE attribute,
+    NSSArena *arenaOpt,
+    nssSession *session,
+    NSSSlot *slot,
+    NSSItem *rvItem);
 
 NSS_EXTERN PRBool
-nssCKObject_IsAttributeTrue
-(
-  CK_OBJECT_HANDLE object,
-  CK_ATTRIBUTE_TYPE attribute,
-  nssSession *session,
-  NSSSlot *slot,
-  PRStatus *rvStatus
-);
+nssCKObject_IsAttributeTrue(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_TYPE attribute,
+    nssSession *session,
+    NSSSlot *slot,
+    PRStatus *rvStatus);
 
-NSS_EXTERN PRStatus 
-nssCKObject_SetAttributes
-(
-  CK_OBJECT_HANDLE object,
-  CK_ATTRIBUTE_PTR obj_template,
-  CK_ULONG count,
-  nssSession *session,
-  NSSSlot  *slot
-);
+NSS_EXTERN PRStatus
+nssCKObject_SetAttributes(
+    CK_OBJECT_HANDLE object,
+    CK_ATTRIBUTE_PTR obj_template,
+    CK_ULONG count,
+    nssSession *session,
+    NSSSlot *slot);
 
 NSS_EXTERN PRBool
-nssCKObject_IsTokenObjectTemplate
-(
-  CK_ATTRIBUTE_PTR objectTemplate, 
-  CK_ULONG otsize
-);
+nssCKObject_IsTokenObjectTemplate(
+    CK_ATTRIBUTE_PTR objectTemplate,
+    CK_ULONG otsize);
 
 PR_END_EXTERN_C
 
 #endif /* CKHELPER_H */
--- a/lib/dev/dev.h
+++ b/lib/dev/dev.h
@@ -35,74 +35,54 @@ PR_BEGIN_EXTERN_C
  * nssGlobalModuleList_Add
  * nssGlobalModuleList_Remove
  * nssGlobalModuleList_FindModuleByName
  * nssGlobalModuleList_FindSlotByName
  * nssGlobalModuleList_FindTokenByName
  */
 
 NSS_EXTERN PRStatus
-nss_InitializeGlobalModuleList
-(
-  void
-);
+nss_InitializeGlobalModuleList(
+    void);
 
 NSS_EXTERN PRStatus
-nss_DestroyGlobalModuleList
-(
-  void
-);
+nss_DestroyGlobalModuleList(
+    void);
 
 NSS_EXTERN NSSModule **
-nss_GetLoadedModules
-(
-  void
-);
+nss_GetLoadedModules(
+    void);
 
 NSS_EXTERN PRStatus
-nssGlobalModuleList_Add
-(
-  NSSModule *module
-);
+nssGlobalModuleList_Add(
+    NSSModule *module);
 
 NSS_EXTERN PRStatus
-nssGlobalModuleList_Remove
-(
-  NSSModule *module
-);
+nssGlobalModuleList_Remove(
+    NSSModule *module);
 
 NSS_EXTERN NSSModule *
-nssGlobalModuleList_FindModuleByName
-(
-  NSSUTF8 *moduleName
-);
+nssGlobalModuleList_FindModuleByName(
+    NSSUTF8 *moduleName);
 
 NSS_EXTERN NSSSlot *
-nssGlobalModuleList_FindSlotByName
-(
-  NSSUTF8 *slotName
-);
+nssGlobalModuleList_FindSlotByName(
+    NSSUTF8 *slotName);
 
 NSS_EXTERN NSSToken *
-nssGlobalModuleList_FindTokenByName
-(
-  NSSUTF8 *tokenName
-);
+nssGlobalModuleList_FindTokenByName(
+    NSSUTF8 *tokenName);
 
 NSS_EXTERN NSSToken *
-nss_GetDefaultCryptoToken
-(
-  void
-);
+nss_GetDefaultCryptoToken(
+    void);
 
 NSS_EXTERN NSSToken *
-nss_GetDefaultDatabaseToken
-(
-  void
-);
+nss_GetDefaultDatabaseToken(
+    void);
 
 /*
  *  |-----------|<---> NSSSlot <--> NSSToken
  *  | NSSModule |<---> NSSSlot <--> NSSToken
  *  |-----------|<---> NSSSlot <--> NSSToken
  */
 
 /* NSSModule
@@ -113,76 +93,58 @@ nss_GetDefaultDatabaseToken
  * nssModule_GetName
  * nssModule_GetSlots
  * nssModule_FindSlotByName
  * nssModule_FindTokenByName
  * nssModule_GetCertOrder
  */
 
 NSS_EXTERN NSSModule *
-nssModule_Create
-(
-  NSSUTF8 *moduleOpt,
-  NSSUTF8 *uriOpt,
-  NSSUTF8 *opaqueOpt,
-  void    *reserved
-);
+nssModule_Create(
+    NSSUTF8 *moduleOpt,
+    NSSUTF8 *uriOpt,
+    NSSUTF8 *opaqueOpt,
+    void *reserved);
 
 /* This is to use the new loading mechanism. */
 NSS_EXTERN NSSModule *
-nssModule_CreateFromSpec
-(
-  NSSUTF8 *moduleSpec,
-  NSSModule *parent,
-  PRBool loadSubModules
-);
+nssModule_CreateFromSpec(
+    NSSUTF8 *moduleSpec,
+    NSSModule *parent,
+    PRBool loadSubModules);
 
 NSS_EXTERN PRStatus
-nssModule_Destroy
-(
-  NSSModule *mod
-);
+nssModule_Destroy(
+    NSSModule *mod);
 
 NSS_EXTERN NSSModule *
-nssModule_AddRef
-(
-  NSSModule *mod
-);
+nssModule_AddRef(
+    NSSModule *mod);
 
 NSS_EXTERN NSSUTF8 *
-nssModule_GetName
-(
-  NSSModule *mod
-);
+nssModule_GetName(
+    NSSModule *mod);
 
 NSS_EXTERN NSSSlot **
-nssModule_GetSlots
-(
-  NSSModule *mod
-);
+nssModule_GetSlots(
+    NSSModule *mod);
 
 NSS_EXTERN NSSSlot *
-nssModule_FindSlotByName
-(
-  NSSModule *mod,
-  NSSUTF8 *slotName
-);
+nssModule_FindSlotByName(
+    NSSModule *mod,
+    NSSUTF8 *slotName);
 
 NSS_EXTERN NSSToken *
-nssModule_FindTokenByName
-(
-  NSSModule *mod,
-  NSSUTF8 *tokenName
-);
+nssModule_FindTokenByName(
+    NSSModule *mod,
+    NSSUTF8 *tokenName);
 
 NSS_EXTERN PRInt32
-nssModule_GetCertOrder
-(
-  NSSModule *module
-);
+nssModule_GetCertOrder(
+    NSSModule *module);
 
 /* NSSSlot
  *
  * nssSlot_Destroy
  * nssSlot_AddRef
  * nssSlot_GetName
  * nssSlot_GetTokenName
  * nssSlot_IsTokenPresent
@@ -194,151 +156,112 @@ nssModule_GetCertOrder
  * nssSlot_GetToken
  * nssSlot_Login
  * nssSlot_Logout
  * nssSlot_SetPassword
  * nssSlot_CreateSession
  */
 
 NSS_EXTERN PRStatus
-nssSlot_Destroy
-(
-  NSSSlot *slot
-);
+nssSlot_Destroy(
+    NSSSlot *slot);
 
 NSS_EXTERN NSSSlot *
-nssSlot_AddRef
-(
-  NSSSlot *slot
-);
+nssSlot_AddRef(
+    NSSSlot *slot);
 
 NSS_EXTERN void
-nssSlot_ResetDelay
-(
-  NSSSlot *slot
-);
+nssSlot_ResetDelay(
+    NSSSlot *slot);
 
 NSS_EXTERN NSSUTF8 *
-nssSlot_GetName
-(
-  NSSSlot *slot
-);
+nssSlot_GetName(
+    NSSSlot *slot);
 
 NSS_EXTERN NSSUTF8 *
-nssSlot_GetTokenName
-(
-  NSSSlot *slot
-);
+nssSlot_GetTokenName(
+    NSSSlot *slot);
 
 NSS_EXTERN NSSModule *
-nssSlot_GetModule
-(
-  NSSSlot *slot
-);
+nssSlot_GetModule(
+    NSSSlot *slot);
 
 NSS_EXTERN NSSToken *
-nssSlot_GetToken
-(
-  NSSSlot *slot
-);
+nssSlot_GetToken(
+    NSSSlot *slot);
 
 NSS_EXTERN PRBool
-nssSlot_IsTokenPresent
-(
-  NSSSlot *slot
-);
+nssSlot_IsTokenPresent(
+    NSSSlot *slot);
 
 NSS_EXTERN PRBool
-nssSlot_IsPermanent
-(
-  NSSSlot *slot
-);
+nssSlot_IsPermanent(
+    NSSSlot *slot);
 
 NSS_EXTERN PRBool
-nssSlot_IsFriendly
-(
-  NSSSlot *slot
-);
+nssSlot_IsFriendly(
+    NSSSlot *slot);
 
 NSS_EXTERN PRBool
-nssSlot_IsHardware
-(
-  NSSSlot *slot
-);
+nssSlot_IsHardware(
+    NSSSlot *slot);
 
 NSS_EXTERN PRBool
-nssSlot_IsLoggedIn
-(
-  NSSSlot *slot
-);
+nssSlot_IsLoggedIn(
+    NSSSlot *slot);
 
 NSS_EXTERN PRStatus
-nssSlot_Refresh
-(
-  NSSSlot *slot
-);
+nssSlot_Refresh(
+    NSSSlot *slot);
 
 NSS_EXTERN PRStatus
-nssSlot_Login
-(
-  NSSSlot *slot,
-  NSSCallback *pwcb
-);
+nssSlot_Login(
+    NSSSlot *slot,
+    NSSCallback *pwcb);
 extern const NSSError NSS_ERROR_INVALID_PASSWORD;
 extern const NSSError NSS_ERROR_USER_CANCELED;
 
 NSS_EXTERN PRStatus
-nssSlot_Logout
-(
-  NSSSlot *slot,
-  nssSession *sessionOpt
-);
+nssSlot_Logout(
+    NSSSlot *slot,
+    nssSession *sessionOpt);
 
 NSS_EXTERN void
-nssSlot_EnterMonitor
-(
-  NSSSlot *slot
-);
+nssSlot_EnterMonitor(
+    NSSSlot *slot);
 
 NSS_EXTERN void
-nssSlot_ExitMonitor
-(
-  NSSSlot *slot
-);
+nssSlot_ExitMonitor(
+    NSSSlot *slot);
 
 #define NSSSLOT_ASK_PASSWORD_FIRST_TIME -1
-#define NSSSLOT_ASK_PASSWORD_EVERY_TIME  0
+#define NSSSLOT_ASK_PASSWORD_EVERY_TIME 0
 NSS_EXTERN void
-nssSlot_SetPasswordDefaults
-(
-  NSSSlot *slot,
-  PRInt32 askPasswordTimeout
-);
+nssSlot_SetPasswordDefaults(
+    NSSSlot *slot,
+    PRInt32 askPasswordTimeout);
 
 NSS_EXTERN PRStatus
-nssSlot_SetPassword
-(
-  NSSSlot *slot,
-  NSSUTF8 *oldPasswordOpt,
-  NSSUTF8 *newPassword
-);
+nssSlot_SetPassword(
+    NSSSlot *slot,
+    NSSUTF8 *oldPasswordOpt,
+    NSSUTF8 *newPassword);
 extern const NSSError NSS_ERROR_INVALID_PASSWORD;
 extern const NSSError NSS_ERROR_USER_CANCELED;
 
 /*
  * nssSlot_IsLoggedIn
  */
 
 NSS_EXTERN nssSession *
-nssSlot_CreateSession
-(
-  NSSSlot *slot,
-  NSSArena *arenaOpt,
-  PRBool readWrite /* so far, this is the only flag used */
-);
+nssSlot_CreateSession(
+    NSSSlot *slot,
+    NSSArena *arenaOpt,
+    PRBool readWrite /* so far, this is the only flag used */
+    );
 
 /* NSSToken
  *
  * nssToken_Destroy
  * nssToken_AddRef
  * nssToken_GetName
  * nssToken_GetModule
  * nssToken_GetSlot
@@ -361,426 +284,344 @@ nssSlot_CreateSession
  * nssToken_FindPrivateKeyByID
  * nssToken_Digest
  * nssToken_BeginDigest
  * nssToken_ContinueDigest
  * nssToken_FinishDigest
  */
 
 NSS_EXTERN PRStatus
-nssToken_Destroy
-(
-  NSSToken *tok
-);
+nssToken_Destroy(
+    NSSToken *tok);
 
 NSS_EXTERN NSSToken *
-nssToken_AddRef
-(
-  NSSToken *tok
-);
+nssToken_AddRef(
+    NSSToken *tok);
 
 NSS_EXTERN NSSUTF8 *
-nssToken_GetName
-(
-  NSSToken *tok
-);
+nssToken_GetName(
+    NSSToken *tok);
 
 NSS_EXTERN NSSModule *
-nssToken_GetModule
-(
-  NSSToken *token
-);
+nssToken_GetModule(
+    NSSToken *token);
 
 NSS_EXTERN NSSSlot *
-nssToken_GetSlot
-(
-  NSSToken *tok
-);
+nssToken_GetSlot(
+    NSSToken *tok);
 
 NSS_EXTERN PRBool
-nssToken_NeedsPINInitialization
-(
-  NSSToken *token
-);
+nssToken_NeedsPINInitialization(
+    NSSToken *token);
 
 NSS_EXTERN nssCryptokiObject *
-nssToken_ImportCertificate
-(
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  NSSCertificateType certType,
-  NSSItem *id,
-  const NSSUTF8 *nickname,
-  NSSDER *encoding,
-  NSSDER *issuer,
-  NSSDER *subject,
-  NSSDER *serial,
-  NSSASCII7 *emailAddr,
-  PRBool asTokenObject
-);
+nssToken_ImportCertificate(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSCertificateType certType,
+    NSSItem *id,
+    const NSSUTF8 *nickname,
+    NSSDER *encoding,
+    NSSDER *issuer,
+    NSSDER *subject,
+    NSSDER *serial,
+    NSSASCII7 *emailAddr,
+    PRBool asTokenObject);
 
 NSS_EXTERN nssCryptokiObject *
-nssToken_ImportTrust
-(
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  NSSDER *certEncoding,
-  NSSDER *certIssuer,
-  NSSDER *certSerial,
-  nssTrustLevel serverAuth,
-  nssTrustLevel clientAuth,
-  nssTrustLevel codeSigning,
-  nssTrustLevel emailProtection,
-  PRBool stepUpApproved,
-  PRBool asTokenObject
-);
+nssToken_ImportTrust(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSDER *certEncoding,
+    NSSDER *certIssuer,
+    NSSDER *certSerial,
+    nssTrustLevel serverAuth,
+    nssTrustLevel clientAuth,
+    nssTrustLevel codeSigning,
+    nssTrustLevel emailProtection,
+    PRBool stepUpApproved,
+    PRBool asTokenObject);
 
 NSS_EXTERN nssCryptokiObject *
-nssToken_ImportCRL
-(
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSDER *subject,
-  NSSDER *encoding,
-  PRBool isKRL,
-  NSSUTF8 *url,
-  PRBool asTokenObject
-);
+nssToken_ImportCRL(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *subject,
+    NSSDER *encoding,
+    PRBool isKRL,
+    NSSUTF8 *url,
+    PRBool asTokenObject);
 
 /* Permanently remove an object from the token. */
 NSS_EXTERN PRStatus
-nssToken_DeleteStoredObject
-(
-  nssCryptokiObject *instance
-);
-
-NSS_EXTERN nssCryptokiObject **
-nssToken_FindObjects
-(
-  NSSToken *token,
-  nssSession *sessionOpt,
-  CK_OBJECT_CLASS objclass,
-  nssTokenSearchType searchType,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-);
+nssToken_DeleteStoredObject(
+    nssCryptokiObject *instance);
 
 NSS_EXTERN nssCryptokiObject **
-nssToken_FindCertificatesBySubject
-(
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSDER *subject,
-  nssTokenSearchType searchType,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-);
+nssToken_FindObjects(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    CK_OBJECT_CLASS objclass,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
 
 NSS_EXTERN nssCryptokiObject **
-nssToken_FindCertificatesByNickname
-(
-  NSSToken *token,
-  nssSession *sessionOpt,
-  const NSSUTF8 *name,
-  nssTokenSearchType searchType,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-);
+nssToken_FindCertificatesBySubject(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *subject,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
 
 NSS_EXTERN nssCryptokiObject **
-nssToken_FindCertificatesByEmail
-(
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSASCII7 *email,
-  nssTokenSearchType searchType,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-);
+nssToken_FindCertificatesByNickname(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    const NSSUTF8 *name,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
 
 NSS_EXTERN nssCryptokiObject **
-nssToken_FindCertificatesByID
-(
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSItem *id,
-  nssTokenSearchType searchType,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-);
+nssToken_FindCertificatesByEmail(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSASCII7 *email,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
+
+NSS_EXTERN nssCryptokiObject **
+nssToken_FindCertificatesByID(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSItem *id,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
 
 NSS_EXTERN nssCryptokiObject *
-nssToken_FindCertificateByIssuerAndSerialNumber
-(
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSDER *issuer,
-  NSSDER *serial,
-  nssTokenSearchType searchType,
-  PRStatus *statusOpt
-);
-
-NSS_EXTERN nssCryptokiObject *
-nssToken_FindCertificateByEncodedCertificate
-(
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSBER *encodedCertificate,
-  nssTokenSearchType searchType,
-  PRStatus *statusOpt
-);
+nssToken_FindCertificateByIssuerAndSerialNumber(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *issuer,
+    NSSDER *serial,
+    nssTokenSearchType searchType,
+    PRStatus *statusOpt);
 
 NSS_EXTERN nssCryptokiObject *
-nssToken_FindTrustForCertificate
-(
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSDER *certEncoding,
-  NSSDER *certIssuer,
-  NSSDER *certSerial,
-  nssTokenSearchType searchType
-);
+nssToken_FindCertificateByEncodedCertificate(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSBER *encodedCertificate,
+    nssTokenSearchType searchType,
+    PRStatus *statusOpt);
+
+NSS_EXTERN nssCryptokiObject *
+nssToken_FindTrustForCertificate(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *certEncoding,
+    NSSDER *certIssuer,
+    NSSDER *certSerial,
+    nssTokenSearchType searchType);
 
 NSS_EXTERN nssCryptokiObject **
-nssToken_FindCRLsBySubject
-(
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSDER *subject,
-  nssTokenSearchType searchType,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-);
+nssToken_FindCRLsBySubject(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *subject,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
 
 NSS_EXTERN nssCryptokiObject **
-nssToken_FindPrivateKeys
-(
-  NSSToken *token,
-  nssSession *sessionOpt,
-  nssTokenSearchType searchType,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-);
-
-NSS_EXTERN nssCryptokiObject *
-nssToken_FindPrivateKeyByID
-(
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSItem *keyID
-);
+nssToken_FindPrivateKeys(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
 
 NSS_EXTERN nssCryptokiObject *
-nssToken_FindPublicKeyByID
-(
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSItem *keyID
-);
+nssToken_FindPrivateKeyByID(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSItem *keyID);
+
+NSS_EXTERN nssCryptokiObject *
+nssToken_FindPublicKeyByID(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSItem *keyID);
 
 NSS_EXTERN NSSItem *
-nssToken_Digest
-(
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  NSSAlgorithmAndParameters *ap,
-  NSSItem *data,
-  NSSItem *rvOpt,
-  NSSArena *arenaOpt
-);
+nssToken_Digest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSAlgorithmAndParameters *ap,
+    NSSItem *data,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
 
 NSS_EXTERN PRStatus
-nssToken_BeginDigest
-(
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  NSSAlgorithmAndParameters *ap
-);
+nssToken_BeginDigest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSAlgorithmAndParameters *ap);
 
 NSS_EXTERN PRStatus
-nssToken_ContinueDigest
-(
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  NSSItem *item
-);
+nssToken_ContinueDigest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSItem *item);
 
 NSS_EXTERN NSSItem *
-nssToken_FinishDigest
-(
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  NSSItem *rvOpt,
-  NSSArena *arenaOpt
-);
+nssToken_FinishDigest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt);
 
 /* nssSession
  *
  * nssSession_Destroy
  * nssSession_EnterMonitor
  * nssSession_ExitMonitor
  * nssSession_IsReadWrite
  */
 
 NSS_EXTERN PRStatus
-nssSession_Destroy
-(
-  nssSession *s
-);
+nssSession_Destroy(
+    nssSession *s);
 
 /* would like to inline */
 NSS_EXTERN PRStatus
-nssSession_EnterMonitor
-(
-  nssSession *s
-);
+nssSession_EnterMonitor(
+    nssSession *s);
 
 /* would like to inline */
 NSS_EXTERN PRStatus
-nssSession_ExitMonitor
-(
-  nssSession *s
-);
+nssSession_ExitMonitor(
+    nssSession *s);
 
 /* would like to inline */
 NSS_EXTERN PRBool
-nssSession_IsReadWrite
-(
-  nssSession *s
-);
+nssSession_IsReadWrite(
+    nssSession *s);
 
 /* nssCryptokiObject
  *
  * An object living on a cryptoki token.
- * Not really proper to mix up the object types just because 
+ * Not really proper to mix up the object types just because
  * nssCryptokiObject itself is generic, but doing so anyway.
  *
  * nssCryptokiObject_Destroy
  * nssCryptokiObject_Equal
  * nssCryptokiObject_Clone
  * nssCryptokiCertificate_GetAttributes
  * nssCryptokiPrivateKey_GetAttributes
  * nssCryptokiPublicKey_GetAttributes
  * nssCryptokiTrust_GetAttributes
  * nssCryptokiCRL_GetAttributes
  */
 
 NSS_EXTERN void
-nssCryptokiObject_Destroy
-(
-  nssCryptokiObject *object
-);
+nssCryptokiObject_Destroy(
+    nssCryptokiObject *object);
 
 NSS_EXTERN PRBool
-nssCryptokiObject_Equal
-(
-  nssCryptokiObject *object1,
-  nssCryptokiObject *object2
-);
+nssCryptokiObject_Equal(
+    nssCryptokiObject *object1,
+    nssCryptokiObject *object2);
 
 NSS_EXTERN nssCryptokiObject *
-nssCryptokiObject_Clone
-(
-  nssCryptokiObject *object
-);
+nssCryptokiObject_Clone(
+    nssCryptokiObject *object);
 
 NSS_EXTERN PRStatus
-nssCryptokiCertificate_GetAttributes
-(
-  nssCryptokiObject *object,
-  nssSession *sessionOpt,
-  NSSArena *arenaOpt,
-  NSSCertificateType *certTypeOpt,
-  NSSItem *idOpt,
-  NSSDER *encodingOpt,
-  NSSDER *issuerOpt,
-  NSSDER *serialOpt,
-  NSSDER *subjectOpt
-);
+nssCryptokiCertificate_GetAttributes(
+    nssCryptokiObject *object,
+    nssSession *sessionOpt,
+    NSSArena *arenaOpt,
+    NSSCertificateType *certTypeOpt,
+    NSSItem *idOpt,
+    NSSDER *encodingOpt,
+    NSSDER *issuerOpt,
+    NSSDER *serialOpt,
+    NSSDER *subjectOpt);
 
 NSS_EXTERN PRStatus
-nssCryptokiTrust_GetAttributes
-(
-  nssCryptokiObject *trustObject,
-  nssSession *sessionOpt,
-  NSSItem *sha1_hash,
-  nssTrustLevel *serverAuth,
-  nssTrustLevel *clientAuth,
-  nssTrustLevel *codeSigning,
-  nssTrustLevel *emailProtection,
-  PRBool *stepUpApproved
-);
+nssCryptokiTrust_GetAttributes(
+    nssCryptokiObject *trustObject,
+    nssSession *sessionOpt,
+    NSSItem *sha1_hash,
+    nssTrustLevel *serverAuth,
+    nssTrustLevel *clientAuth,
+    nssTrustLevel *codeSigning,
+    nssTrustLevel *emailProtection,
+    PRBool *stepUpApproved);
 
 NSS_EXTERN PRStatus
-nssCryptokiCRL_GetAttributes
-(
-  nssCryptokiObject *crlObject,
-  nssSession *sessionOpt,
-  NSSArena *arenaOpt,
-  NSSItem *encodingOpt,
-  NSSItem * subjectOpt,
-  CK_ULONG * crl_class,
-  NSSUTF8 **urlOpt,
-  PRBool *isKRLOpt
-);
+nssCryptokiCRL_GetAttributes(
+    nssCryptokiObject *crlObject,
+    nssSession *sessionOpt,
+    NSSArena *arenaOpt,
+    NSSItem *encodingOpt,
+    NSSItem *subjectOpt,
+    CK_ULONG *crl_class,
+    NSSUTF8 **urlOpt,
+    PRBool *isKRLOpt);
 
 /* I'm including this to handle import of certificates in NSS 3.5.  This
  * function will set the cert-related attributes of a key, in order to
  * associate it with a cert.  Does it stay like this for 4.0?
  */
 NSS_EXTERN PRStatus
-nssCryptokiPrivateKey_SetCertificate
-(
-  nssCryptokiObject *keyObject,
-  nssSession *sessionOpt,
-  const NSSUTF8 *nickname,
-  NSSItem *id,
-  NSSDER *subject
-);
+nssCryptokiPrivateKey_SetCertificate(
+    nssCryptokiObject *keyObject,
+    nssSession *sessionOpt,
+    const NSSUTF8 *nickname,
+    NSSItem *id,
+    NSSDER *subject);
 
 NSS_EXTERN void
-nssModuleArray_Destroy
-(
-  NSSModule **modules
-);
+nssModuleArray_Destroy(
+    NSSModule **modules);
 
 /* nssSlotArray
  *
  * nssSlotArray_Destroy
  */
 
 NSS_EXTERN void
-nssSlotArray_Destroy
-(
-  NSSSlot **slots
-);
+nssSlotArray_Destroy(
+    NSSSlot **slots);
 
 /* nssTokenArray
  *
  * nssTokenArray_Destroy
  */
 
 NSS_EXTERN void
-nssTokenArray_Destroy
-(
-  NSSToken **tokens
-);
+nssTokenArray_Destroy(
+    NSSToken **tokens);
 
 /* nssCryptokiObjectArray
  *
  * nssCryptokiObjectArray_Destroy
  */
 NSS_EXTERN void
-nssCryptokiObjectArray_Destroy
-(
-  nssCryptokiObject **object
-);
+nssCryptokiObjectArray_Destroy(
+    nssCryptokiObject **object);
 
 /* nssSlotList
-*
+ *
  * An ordered list of slots.  The order can be anything, it is set in the
  * Add methods.  Perhaps it should be CreateInCertOrder, ...?
  *
  * nssSlotList_Create
  * nssSlotList_Destroy
  * nssSlotList_Add
  * nssSlotList_AddModuleSlots
  * nssSlotList_GetSlots
@@ -789,150 +630,118 @@ nssCryptokiObjectArray_Destroy
  * nssSlotList_GetBestSlot
  * nssSlotList_GetBestSlotForAlgorithmAndParameters
  * nssSlotList_GetBestSlotForAlgorithmsAndParameters
  */
 
 /* nssSlotList_Create
  */
 NSS_EXTERN nssSlotList *
-nssSlotList_Create
-(
-  NSSArena *arenaOpt
-);
+nssSlotList_Create(
+    NSSArena *arenaOpt);
 
 /* nssSlotList_Destroy
  */
 NSS_EXTERN void
-nssSlotList_Destroy
-(
-  nssSlotList *slotList
-);
+nssSlotList_Destroy(
+    nssSlotList *slotList);
 
 /* nssSlotList_Add
  *
  * Add the given slot in the given order.
  */
 NSS_EXTERN PRStatus
-nssSlotList_Add
-(
-  nssSlotList *slotList,
-  NSSSlot *slot,
-  PRUint32 order
-);
+nssSlotList_Add(
+    nssSlotList *slotList,
+    NSSSlot *slot,
+    PRUint32 order);
 
 /* nssSlotList_AddModuleSlots
  *
  * Add all slots in the module, in the given order (the slots will have
  * equal weight).
  */
 NSS_EXTERN PRStatus
-nssSlotList_AddModuleSlots
-(
-  nssSlotList *slotList,
-  NSSModule *module,
-  PRUint32 order
-);
+nssSlotList_AddModuleSlots(
+    nssSlotList *slotList,
+    NSSModule *module,
+    PRUint32 order);
 
 /* nssSlotList_GetSlots
  */
 NSS_EXTERN NSSSlot **
-nssSlotList_GetSlots
-(
-  nssSlotList *slotList
-);
+nssSlotList_GetSlots(
+    nssSlotList *slotList);
 
 /* nssSlotList_FindSlotByName
  */
 NSS_EXTERN NSSSlot *
-nssSlotList_FindSlotByName
-(
-  nssSlotList *slotList,
-  NSSUTF8 *slotName
-);
+nssSlotList_FindSlotByName(
+    nssSlotList *slotList,
+    NSSUTF8 *slotName);
 
 /* nssSlotList_FindTokenByName
  */
 NSS_EXTERN NSSToken *
-nssSlotList_FindTokenByName
-(
-  nssSlotList *slotList,
-  NSSUTF8 *tokenName
-);
+nssSlotList_FindTokenByName(
+    nssSlotList *slotList,
+    NSSUTF8 *tokenName);
 
 /* nssSlotList_GetBestSlot
  *
  * The best slot is the highest ranking in order, i.e., the first in the
  * list.
  */
 NSS_EXTERN NSSSlot *
-nssSlotList_GetBestSlot
-(
-  nssSlotList *slotList
-);
+nssSlotList_GetBestSlot(
+    nssSlotList *slotList);
 
 /* nssSlotList_GetBestSlotForAlgorithmAndParameters
  *
  * Highest-ranking slot than can handle algorithm/parameters.
  */
 NSS_EXTERN NSSSlot *
-nssSlotList_GetBestSlotForAlgorithmAndParameters
-(
-  nssSlotList *slotList,
-  NSSAlgorithmAndParameters *ap
-);
+nssSlotList_GetBestSlotForAlgorithmAndParameters(
+    nssSlotList *slotList,
+    NSSAlgorithmAndParameters *ap);
 
 /* nssSlotList_GetBestSlotForAlgorithmsAndParameters
  *
  * Highest-ranking slot than can handle all algorithms/parameters.
  */
 NSS_EXTERN NSSSlot *
-nssSlotList_GetBestSlotForAlgorithmsAndParameters
-(
-  nssSlotList *slotList,
-  NSSAlgorithmAndParameters **ap
-);
+nssSlotList_GetBestSlotForAlgorithmsAndParameters(
+    nssSlotList *slotList,
+    NSSAlgorithmAndParameters **ap);
 
 NSS_EXTERN PRBool
-nssToken_IsPresent
-(
-  NSSToken *token
-);
+nssToken_IsPresent(
+    NSSToken *token);
 
 NSS_EXTERN nssSession *
-nssToken_GetDefaultSession
-(
-  NSSToken *token
-);
+nssToken_GetDefaultSession(
+    NSSToken *token);
+
+NSS_EXTERN PRStatus
+nssToken_GetTrustOrder(
+    NSSToken *tok);
 
 NSS_EXTERN PRStatus
-nssToken_GetTrustOrder
-(
-  NSSToken *tok
-);
-
-NSS_EXTERN PRStatus
-nssToken_NotifyCertsNotVisible
-(
-  NSSToken *tok
-);
+nssToken_NotifyCertsNotVisible(
+    NSSToken *tok);
 
 NSS_EXTERN PRStatus
-nssToken_TraverseCertificates
-(
-  NSSToken *token,
-  nssSession *sessionOpt,
-  nssTokenSearchType searchType,
-  PRStatus (* callback)(nssCryptokiObject *instance, void *arg),
-  void *arg
-);
+nssToken_TraverseCertificates(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    nssTokenSearchType searchType,
+    PRStatus (*callback)(nssCryptokiObject *instance, void *arg),
+    void *arg);
 
 NSS_EXTERN PRBool
-nssToken_IsPrivateKeyAvailable
-(
-  NSSToken *token,
-  NSSCertificate *c,
-  nssCryptokiObject *instance
-);
+nssToken_IsPrivateKeyAvailable(
+    NSSToken *token,
+    NSSCertificate *c,
+    nssCryptokiObject *instance);
 
 PR_END_EXTERN_C
 
 #endif /* DEV_H */
--- a/lib/dev/devm.h
+++ b/lib/dev/devm.h
@@ -19,187 +19,139 @@
 
 PR_BEGIN_EXTERN_C
 
 /* Shortcut to cryptoki API functions. */
 #define CKAPI(epv) \
     ((CK_FUNCTION_LIST_PTR)(epv))
 
 NSS_EXTERN void
-nssDevice_AddRef
-(
- struct nssDeviceBaseStr *device
-);
+nssDevice_AddRef(
+    struct nssDeviceBaseStr *device);
 
 NSS_EXTERN PRBool
-nssDevice_Destroy
-(
- struct nssDeviceBaseStr *device
-);
+nssDevice_Destroy(
+    struct nssDeviceBaseStr *device);
 
 NSS_EXTERN PRBool
-nssModule_IsThreadSafe
-(
-  NSSModule *module
-);
+nssModule_IsThreadSafe(
+    NSSModule *module);
 
 NSS_EXTERN PRBool
-nssModule_IsInternal
-(
-  NSSModule *mod
-);
+nssModule_IsInternal(
+    NSSModule *mod);
 
 NSS_EXTERN PRBool
-nssModule_IsModuleDBOnly
-(
-  NSSModule *mod
-);
+nssModule_IsModuleDBOnly(
+    NSSModule *mod);
 
 NSS_EXTERN void *
-nssModule_GetCryptokiEPV
-(
-  NSSModule *mod
-);
+nssModule_GetCryptokiEPV(
+    NSSModule *mod);
 
 NSS_EXTERN NSSSlot *
-nssSlot_Create
-(
-  CK_SLOT_ID slotId,
-  NSSModule *parent
-);
+nssSlot_Create(
+    CK_SLOT_ID slotId,
+    NSSModule *parent);
 
 NSS_EXTERN void *
-nssSlot_GetCryptokiEPV
-(
-  NSSSlot *slot
-);
+nssSlot_GetCryptokiEPV(
+    NSSSlot *slot);
 
 NSS_EXTERN NSSToken *
-nssToken_Create
-(
-  CK_SLOT_ID slotID,
-  NSSSlot *peer
-);
+nssToken_Create(
+    CK_SLOT_ID slotID,
+    NSSSlot *peer);
 
 NSS_EXTERN void *
-nssToken_GetCryptokiEPV
-(
-  NSSToken *token
-);
+nssToken_GetCryptokiEPV(
+    NSSToken *token);
 
 NSS_EXTERN nssSession *
-nssToken_GetDefaultSession
-(
-  NSSToken *token
-);
+nssToken_GetDefaultSession(
+    NSSToken *token);
 
 NSS_EXTERN PRBool
-nssToken_IsLoginRequired
-(
-  NSSToken *token
-);
+nssToken_IsLoginRequired(
+    NSSToken *token);
 
 NSS_EXTERN void
-nssToken_Remove
-(
-  NSSToken *token
-);
+nssToken_Remove(
+    NSSToken *token);
 
 NSS_EXTERN nssCryptokiObject *
-nssCryptokiObject_Create
-(
-  NSSToken *t, 
-  nssSession *session,
-  CK_OBJECT_HANDLE h
-);
+nssCryptokiObject_Create(
+    NSSToken *t,
+    nssSession *session,
+    CK_OBJECT_HANDLE h);
 
 NSS_EXTERN nssTokenObjectCache *
-nssTokenObjectCache_Create
-(
-  NSSToken *token,
-  PRBool cacheCerts,
-  PRBool cacheTrust,
-  PRBool cacheCRLs
-);
+nssTokenObjectCache_Create(
+    NSSToken *token,
+    PRBool cacheCerts,
+    PRBool cacheTrust,
+    PRBool cacheCRLs);
 
 NSS_EXTERN void
-nssTokenObjectCache_Destroy
-(
-  nssTokenObjectCache *cache
-);
+nssTokenObjectCache_Destroy(
+    nssTokenObjectCache *cache);
 
 NSS_EXTERN void
-nssTokenObjectCache_Clear
-(
-  nssTokenObjectCache *cache
-);
+nssTokenObjectCache_Clear(
+    nssTokenObjectCache *cache);
 
 NSS_EXTERN PRBool
-nssTokenObjectCache_HaveObjectClass
-(
-  nssTokenObjectCache *cache,
-  CK_OBJECT_CLASS objclass
-);
+nssTokenObjectCache_HaveObjectClass(
+    nssTokenObjectCache *cache,
+    CK_OBJECT_CLASS objclass);
 
 NSS_EXTERN nssCryptokiObject **
-nssTokenObjectCache_FindObjectsByTemplate
-(
-  nssTokenObjectCache *cache,
-  CK_OBJECT_CLASS objclass,
-  CK_ATTRIBUTE_PTR otemplate,
-  CK_ULONG otlen,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-);
+nssTokenObjectCache_FindObjectsByTemplate(
+    nssTokenObjectCache *cache,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR otemplate,
+    CK_ULONG otlen,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt);
 
 NSS_EXTERN PRStatus
-nssTokenObjectCache_GetObjectAttributes
-(
-  nssTokenObjectCache *cache,
-  NSSArena *arenaOpt,
-  nssCryptokiObject *object,
-  CK_OBJECT_CLASS objclass,
-  CK_ATTRIBUTE_PTR atemplate,
-  CK_ULONG atlen
-);
+nssTokenObjectCache_GetObjectAttributes(
+    nssTokenObjectCache *cache,
+    NSSArena *arenaOpt,
+    nssCryptokiObject *object,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR atemplate,
+    CK_ULONG atlen);
 
 NSS_EXTERN PRStatus
-nssTokenObjectCache_ImportObject
-(
-  nssTokenObjectCache *cache,
-  nssCryptokiObject *object,
-  CK_OBJECT_CLASS objclass,
-  CK_ATTRIBUTE_PTR ot,
-  CK_ULONG otlen
-);
+nssTokenObjectCache_ImportObject(
+    nssTokenObjectCache *cache,
+    nssCryptokiObject *object,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR ot,
+    CK_ULONG otlen);
 
 NSS_EXTERN void
-nssTokenObjectCache_RemoveObject
-(
-  nssTokenObjectCache *cache,
-  nssCryptokiObject *object
-);
+nssTokenObjectCache_RemoveObject(
+    nssTokenObjectCache *cache,
+    nssCryptokiObject *object);
 
 /* XXX allows peek back into token */
 NSS_EXTERN PRStatus
-nssToken_GetCachedObjectAttributes
-(
-  NSSToken *token,
-  NSSArena *arenaOpt,
-  nssCryptokiObject *object,
-  CK_OBJECT_CLASS objclass,
-  CK_ATTRIBUTE_PTR atemplate,
-  CK_ULONG atlen
-);
+nssToken_GetCachedObjectAttributes(
+    NSSToken *token,
+    NSSArena *arenaOpt,
+    nssCryptokiObject *object,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR atemplate,
+    CK_ULONG atlen);
 
 /* PKCS#11 stores strings in a fixed-length buffer padded with spaces.  This
  * function gets the length of the actual string.
  */
 NSS_EXTERN PRUint32
-nssPKCS11String_Length
-(
-  CK_CHAR *pkcs11str, 
-  PRUint32 bufLen
-);
+nssPKCS11String_Length(
+    CK_CHAR *pkcs11str,
+    PRUint32 bufLen);
 
 PR_END_EXTERN_C
 
 #endif /* DEV_H */
--- a/lib/dev/devslot.c
+++ b/lib/dev/devslot.c
@@ -15,191 +15,186 @@
 #include "pk11pub.h"
 
 /* measured in seconds */
 #define NSSSLOT_TOKEN_DELAY_TIME 1
 
 /* this should track global and per-transaction login information */
 
 #define NSSSLOT_IS_FRIENDLY(slot) \
-  (slot->base.flags & NSSSLOT_FLAGS_FRIENDLY)
+    (slot->base.flags & NSSSLOT_FLAGS_FRIENDLY)
 
 /* measured as interval */
 static PRIntervalTime s_token_delay_time = 0;
 
 NSS_IMPLEMENT PRStatus
-nssSlot_Destroy (
-  NSSSlot *slot
-)
+nssSlot_Destroy(
+    NSSSlot *slot)
 {
     if (slot) {
-	if (PR_ATOMIC_DECREMENT(&slot->base.refCount) == 0) {
-	    PZ_DestroyLock(slot->base.lock);
-	    return nssArena_Destroy(slot->base.arena);
-	}
+        if (PR_ATOMIC_DECREMENT(&slot->base.refCount) == 0) {
+            PZ_DestroyLock(slot->base.lock);
+            return nssArena_Destroy(slot->base.arena);
+        }
     }
     return PR_SUCCESS;
 }
 
 void
 nssSlot_EnterMonitor(NSSSlot *slot)
 {
     if (slot->lock) {
-	PZ_Lock(slot->lock);
+        PZ_Lock(slot->lock);
     }
 }
 
 void
 nssSlot_ExitMonitor(NSSSlot *slot)
 {
     if (slot->lock) {
-	PZ_Unlock(slot->lock);
+        PZ_Unlock(slot->lock);
     }
 }
 
 NSS_IMPLEMENT void
-NSSSlot_Destroy (
-  NSSSlot *slot
-)
+NSSSlot_Destroy(
+    NSSSlot *slot)
 {
     (void)nssSlot_Destroy(slot);
 }
 
 NSS_IMPLEMENT NSSSlot *
-nssSlot_AddRef (
-  NSSSlot *slot
-)
+nssSlot_AddRef(
+    NSSSlot *slot)
 {
     PR_ATOMIC_INCREMENT(&slot->base.refCount);
     return slot;
 }
 
 NSS_IMPLEMENT NSSUTF8 *
-nssSlot_GetName (
-  NSSSlot *slot
-)
+nssSlot_GetName(
+    NSSSlot *slot)
 {
     return slot->base.name;
 }
 
 NSS_IMPLEMENT NSSUTF8 *
-nssSlot_GetTokenName (
-  NSSSlot *slot
-)
+nssSlot_GetTokenName(
+    NSSSlot *slot)
 {
     return nssToken_GetName(slot->token);
 }
 
 NSS_IMPLEMENT void
-nssSlot_ResetDelay (
-  NSSSlot *slot
-)
+nssSlot_ResetDelay(
+    NSSSlot *slot)
 {
     slot->lastTokenPing = 0;
 }
 
 static PRBool
 within_token_delay_period(NSSSlot *slot)
 {
     PRIntervalTime time, lastTime;
     /* Set the delay time for checking the token presence */
     if (s_token_delay_time == 0) {
-	s_token_delay_time = PR_SecondsToInterval(NSSSLOT_TOKEN_DELAY_TIME);
+        s_token_delay_time = PR_SecondsToInterval(NSSSLOT_TOKEN_DELAY_TIME);
     }
     time = PR_IntervalNow();
     lastTime = slot->lastTokenPing;
     if ((lastTime) && ((time - lastTime) < s_token_delay_time)) {
-	return PR_TRUE;
+        return PR_TRUE;
     }
     slot->lastTokenPing = time;
     return PR_FALSE;
 }
 
 NSS_IMPLEMENT PRBool
-nssSlot_IsTokenPresent (
-  NSSSlot *slot
-)
+nssSlot_IsTokenPresent(
+    NSSSlot *slot)
 {
     CK_RV ckrv;
     PRStatus nssrv;
     /* XXX */
     nssSession *session;
     CK_SLOT_INFO slotInfo;
     void *epv;
     /* permanent slots are always present unless they're disabled */
     if (nssSlot_IsPermanent(slot)) {
-	return !PK11_IsDisabled(slot->pk11slot);
+        return !PK11_IsDisabled(slot->pk11slot);
     }
     /* avoid repeated calls to check token status within set interval */
     if (within_token_delay_period(slot)) {
-	return ((slot->ckFlags & CKF_TOKEN_PRESENT) != 0);
+        return ((slot->ckFlags & CKF_TOKEN_PRESENT) != 0);
     }
 
     /* First obtain the slot info */
     epv = slot->epv;
     if (!epv) {
-	return PR_FALSE;
+        return PR_FALSE;
     }
     nssSlot_EnterMonitor(slot);
     ckrv = CKAPI(epv)->C_GetSlotInfo(slot->slotID, &slotInfo);
     nssSlot_ExitMonitor(slot);
     if (ckrv != CKR_OK) {
-	slot->token->base.name[0] = 0; /* XXX */
-	return PR_FALSE;
+        slot->token->base.name[0] = 0; /* XXX */
+        return PR_FALSE;
     }
     slot->ckFlags = slotInfo.flags;
     /* check for the presence of the token */
     if ((slot->ckFlags & CKF_TOKEN_PRESENT) == 0) {
-	if (!slot->token) {
-	    /* token was never present */
-	    return PR_FALSE;
-	}
-	session = nssToken_GetDefaultSession(slot->token);
-	if (session) {
-	    nssSession_EnterMonitor(session);
-	    /* token is not present */
-	    if (session->handle != CK_INVALID_SESSION) {
-		/* session is valid, close and invalidate it */
-		CKAPI(epv)->C_CloseSession(session->handle);
-		session->handle = CK_INVALID_SESSION;
-	    }
-	    nssSession_ExitMonitor(session);
-	}
-	if (slot->token->base.name[0] != 0) {
-	    /* notify the high-level cache that the token is removed */
-	    slot->token->base.name[0] = 0; /* XXX */
-	    nssToken_NotifyCertsNotVisible(slot->token);
-	}
-	slot->token->base.name[0] = 0; /* XXX */
-	/* clear the token cache */
-	nssToken_Remove(slot->token);
-	return PR_FALSE;
+        if (!slot->token) {
+            /* token was never present */
+            return PR_FALSE;
+        }
+        session = nssToken_GetDefaultSession(slot->token);
+        if (session) {
+            nssSession_EnterMonitor(session);
+            /* token is not present */
+            if (session->handle != CK_INVALID_SESSION) {
+                /* session is valid, close and invalidate it */
+                CKAPI(epv)
+                    ->C_CloseSession(session->handle);
+                session->handle = CK_INVALID_SESSION;
+            }
+            nssSession_ExitMonitor(session);
+        }
+        if (slot->token->base.name[0] != 0) {
+            /* notify the high-level cache that the token is removed */
+            slot->token->base.name[0] = 0; /* XXX */
+            nssToken_NotifyCertsNotVisible(slot->token);
+        }
+        slot->token->base.name[0] = 0; /* XXX */
+        /* clear the token cache */
+        nssToken_Remove(slot->token);
+        return PR_FALSE;
     }
     /* token is present, use the session info to determine if the card
      * has been removed and reinserted.
      */
     session = nssToken_GetDefaultSession(slot->token);
     if (session) {
-	PRBool isPresent = PR_FALSE;
-	nssSession_EnterMonitor(session);
-	if (session->handle != CK_INVALID_SESSION) {
-	    CK_SESSION_INFO sessionInfo;
-	    ckrv = CKAPI(epv)->C_GetSessionInfo(session->handle, &sessionInfo);
-	    if (ckrv != CKR_OK) {
-		/* session is screwy, close and invalidate it */
-		CKAPI(epv)->C_CloseSession(session->handle);
-		session->handle = CK_INVALID_SESSION;
-	    }
-	}
-	isPresent = session->handle != CK_INVALID_SESSION;
-	nssSession_ExitMonitor(session);
-	/* token not removed, finished */
-	if (isPresent)
-	    return PR_TRUE;
-    } 
+        PRBool isPresent = PR_FALSE;
+        nssSession_EnterMonitor(session);
+        if (session->handle != CK_INVALID_SESSION) {
+            CK_SESSION_INFO sessionInfo;
+            ckrv = CKAPI(epv)->C_GetSessionInfo(session->handle, &sessionInfo);
+            if (ckrv != CKR_OK) {
+                /* session is screwy, close and invalidate it */
+                CKAPI(epv)
+                    ->C_CloseSession(session->handle);
+                session->handle = CK_INVALID_SESSION;
+            }
+        }
+        isPresent = session->handle != CK_INVALID_SESSION;
+        nssSession_ExitMonitor(session);
+        /* token not removed, finished */
+        if (isPresent)
+            return PR_TRUE;
+    }
     /* the token has been removed, and reinserted, or the slot contains
      * a token it doesn't recognize. invalidate all the old
      * information we had on this token, if we can't refresh, clear
      * the present flag */
     nssToken_NotifyCertsNotVisible(slot->token);
     nssToken_Remove(slot->token);
     /* token has been removed, need to refresh with new session */
     nssrv = nssSlot_Refresh(slot);
@@ -207,51 +202,46 @@ nssSlot_IsTokenPresent (
         slot->token->base.name[0] = 0; /* XXX */
         slot->ckFlags &= ~CKF_TOKEN_PRESENT;
         return PR_FALSE;
     }
     return PR_TRUE;
 }
 
 NSS_IMPLEMENT void *
-nssSlot_GetCryptokiEPV (
-  NSSSlot *slot
-)
+nssSlot_GetCryptokiEPV(
+    NSSSlot *slot)
 {
     return slot->epv;
 }
 
 NSS_IMPLEMENT NSSToken *
-nssSlot_GetToken (
-  NSSSlot *slot
-)
+nssSlot_GetToken(
+    NSSSlot *slot)
 {
     if (nssSlot_IsTokenPresent(slot)) {
-	return nssToken_AddRef(slot->token);
+        return nssToken_AddRef(slot->token);
     }
     return (NSSToken *)NULL;
 }
 
 NSS_IMPLEMENT PRStatus
-nssSession_EnterMonitor (
-  nssSession *s
-)
+nssSession_EnterMonitor(
+    nssSession *s)
 {
-    if (s->lock) PZ_Lock(s->lock);
+    if (s->lock)
+        PZ_Lock(s->lock);
     return PR_SUCCESS;
 }
 
 NSS_IMPLEMENT PRStatus
-nssSession_ExitMonitor (
-  nssSession *s
-)
+nssSession_ExitMonitor(
+    nssSession *s)
 {
     return (s->lock) ? PZ_Unlock(s->lock) : PR_SUCCESS;
 }
 
 NSS_EXTERN PRBool
-nssSession_IsReadWrite (
-  nssSession *s
-)
+nssSession_IsReadWrite(
+    nssSession *s)
 {
     return s->isRW;
 }
-
--- a/lib/dev/devt.h
+++ b/lib/dev/devt.h
@@ -29,77 +29,71 @@
 
 #include "secmodt.h"
 
 PR_BEGIN_EXTERN_C
 
 typedef struct nssSessionStr nssSession;
 
 /* XXX until NSSTokenStr is moved */
-struct nssDeviceBaseStr
-{
-  NSSArena *arena;
-  PZLock *lock;
-  PRInt32 refCount;
-  NSSUTF8 *name;
-  PRUint32 flags;
+struct nssDeviceBaseStr {
+    NSSArena *arena;
+    PZLock *lock;
+    PRInt32 refCount;
+    NSSUTF8 *name;
+    PRUint32 flags;
 };
 
 typedef struct nssTokenObjectCacheStr nssTokenObjectCache;
 
 /* XXX until devobject.c goes away */
-struct NSSTokenStr
-{
+struct NSSTokenStr {
     struct nssDeviceBaseStr base;
-    NSSSlot *slot;  /* Parent (or peer, if you will) */
+    NSSSlot *slot;    /* Parent (or peer, if you will) */
     CK_FLAGS ckFlags; /* from CK_TOKEN_INFO.flags */
     PRUint32 flags;
     void *epv;
     nssSession *defaultSession;
     NSSTrustDomain *trustDomain;
     PRIntervalTime lastTime;
     nssTokenObjectCache *cache;
     PK11SlotInfo *pk11slot;
 };
 
 typedef enum {
-  nssSlotAskPasswordTimes_FirstTime = 0,
-  nssSlotAskPasswordTimes_EveryTime = 1,
-  nssSlotAskPasswordTimes_Timeout = 2
-} 
-nssSlotAskPasswordTimes;
+    nssSlotAskPasswordTimes_FirstTime = 0,
+    nssSlotAskPasswordTimes_EveryTime = 1,
+    nssSlotAskPasswordTimes_Timeout = 2
+} nssSlotAskPasswordTimes;
 
-struct nssSlotAuthInfoStr
-{
-  PRTime lastLogin;
-  nssSlotAskPasswordTimes askTimes;
-  PRIntervalTime askPasswordTimeout;
+struct nssSlotAuthInfoStr {
+    PRTime lastLogin;
+    nssSlotAskPasswordTimes askTimes;
+    PRIntervalTime askPasswordTimeout;
 };
 
-struct NSSSlotStr
-{
-  struct nssDeviceBaseStr base;
-  NSSModule *module; /* Parent */
-  NSSToken *token;  /* Peer */
-  CK_SLOT_ID slotID;
-  CK_FLAGS ckFlags; /* from CK_SLOT_INFO.flags */
-  struct nssSlotAuthInfoStr authInfo;
-  PRIntervalTime lastTokenPing;
-  PZLock *lock;
-  void *epv;
-  PK11SlotInfo *pk11slot;
+struct NSSSlotStr {
+    struct nssDeviceBaseStr base;
+    NSSModule *module; /* Parent */
+    NSSToken *token;   /* Peer */
+    CK_SLOT_ID slotID;
+    CK_FLAGS ckFlags; /* from CK_SLOT_INFO.flags */
+    struct nssSlotAuthInfoStr authInfo;
+    PRIntervalTime lastTokenPing;
+    PZLock *lock;
+    void *epv;
+    PK11SlotInfo *pk11slot;
 };
 
-struct nssSessionStr
-{
-  PZLock *lock;
-  CK_SESSION_HANDLE handle;
-  NSSSlot *slot;
-  PRBool isRW;
-  PRBool ownLock;
+struct nssSessionStr {
+    PZLock *lock;
+    CK_SESSION_HANDLE handle;
+    NSSSlot *slot;
+    PRBool isRW;
+    PRBool ownLock;
 };
 
 typedef enum {
     NSSCertificateType_Unknown = 0,
     NSSCertificateType_PKIX = 1
 } NSSCertificateType;
 
 typedef enum {
@@ -108,18 +102,17 @@ typedef enum {
     nssTrustLevel_Trusted = 2,
     nssTrustLevel_TrustedDelegator = 3,
     nssTrustLevel_MustVerify = 4,
     nssTrustLevel_ValidDelegator = 5
 } nssTrustLevel;
 
 typedef struct nssCryptokiInstanceStr nssCryptokiInstance;
 
-struct nssCryptokiInstanceStr
-{
+struct nssCryptokiInstanceStr {
     CK_OBJECT_HANDLE handle;
     NSSToken *token;
     PRBool isTokenObject;
     NSSUTF8 *label;
 };
 
 typedef struct nssCryptokiInstanceStr nssCryptokiObject;
 
@@ -127,30 +120,28 @@ typedef struct nssTokenCertSearchStr nss
 
 typedef enum {
     nssTokenSearchType_AllObjects = 0,
     nssTokenSearchType_SessionOnly = 1,
     nssTokenSearchType_TokenOnly = 2,
     nssTokenSearchType_TokenForced = 3
 } nssTokenSearchType;
 
-struct nssTokenCertSearchStr
-{
+struct nssTokenCertSearchStr {
     nssTokenSearchType searchType;
-    PRStatus (* callback)(NSSCertificate *c, void *arg);
+    PRStatus (*callback)(NSSCertificate *c, void *arg);
     void *cbarg;
     nssList *cached;
-    /* TODO: add a cache query callback if the list would be large 
-     *       (traversal) 
+    /* TODO: add a cache query callback if the list would be large
+     *       (traversal)
      */
 };
 
 struct nssSlotListStr;
 typedef struct nssSlotListStr nssSlotList;
 
-struct NSSAlgorithmAndParametersStr
-{
+struct NSSAlgorithmAndParametersStr {
     CK_MECHANISM mechanism;
 };
 
 PR_END_EXTERN_C
 
 #endif /* DEVT_H */
--- a/lib/dev/devtm.h
+++ b/lib/dev/devtm.h
@@ -3,17 +3,17 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #ifndef DEVTM_H
 #define DEVTM_H
 
 /*
  * devtm.h
  *
- * This file contains module-private definitions for the low-level 
+ * This file contains module-private definitions for the low-level
  * cryptoki devices.
  */
 
 #ifndef DEVT_H
 #include "devt.h"
 #endif /* DEVT_H */
 
 PR_BEGIN_EXTERN_C
--- a/lib/dev/devtoken.c
+++ b/lib/dev/devtoken.c
@@ -19,738 +19,739 @@
 extern const NSSError NSS_ERROR_NOT_FOUND;
 extern const NSSError NSS_ERROR_INVALID_ARGUMENT;
 extern const NSSError NSS_ERROR_PKCS11;
 
 /* The number of object handles to grab during each call to C_FindObjects */
 #define OBJECT_STACK_SIZE 16
 
 NSS_IMPLEMENT PRStatus
-nssToken_Destroy (
-  NSSToken *tok
-)
+nssToken_Destroy(
+    NSSToken *tok)
 {
     if (tok) {
-	if (PR_ATOMIC_DECREMENT(&tok->base.refCount) == 0) {
-	    PZ_DestroyLock(tok->base.lock);
-	    nssTokenObjectCache_Destroy(tok->cache);
-	    /* The token holds the first/last reference to the slot.
-	     * When the token is actually destroyed, that ref must go too.
-	     */
-	    (void)nssSlot_Destroy(tok->slot);
-	    return nssArena_Destroy(tok->base.arena);
-	}
+        if (PR_ATOMIC_DECREMENT(&tok->base.refCount) == 0) {
+            PZ_DestroyLock(tok->base.lock);
+            nssTokenObjectCache_Destroy(tok->cache);
+            /* The token holds the first/last reference to the slot.
+             * When the token is actually destroyed, that ref must go too.
+             */
+            (void)nssSlot_Destroy(tok->slot);
+            return nssArena_Destroy(tok->base.arena);
+        }
     }
     return PR_SUCCESS;
 }
 
 NSS_IMPLEMENT void
-nssToken_Remove (
-  NSSToken *tok
-)
+nssToken_Remove(
+    NSSToken *tok)
 {
     nssTokenObjectCache_Clear(tok->cache);
 }
 
 NSS_IMPLEMENT void
-NSSToken_Destroy (
-  NSSToken *tok
-)
+NSSToken_Destroy(
+    NSSToken *tok)
 {
     (void)nssToken_Destroy(tok);
 }
 
 NSS_IMPLEMENT NSSToken *
-nssToken_AddRef (
-  NSSToken *tok
-)
+nssToken_AddRef(
+    NSSToken *tok)
 {
     PR_ATOMIC_INCREMENT(&tok->base.refCount);
     return tok;
 }
 
 NSS_IMPLEMENT NSSSlot *
-nssToken_GetSlot (
-  NSSToken *tok
-)
+nssToken_GetSlot(
+    NSSToken *tok)
 {
     return nssSlot_AddRef(tok->slot);
 }
 
 NSS_IMPLEMENT void *
-nssToken_GetCryptokiEPV (
-  NSSToken *token
-)
+nssToken_GetCryptokiEPV(
+    NSSToken *token)
 {
     return nssSlot_GetCryptokiEPV(token->slot);
 }
 
 NSS_IMPLEMENT nssSession *
-nssToken_GetDefaultSession (
-  NSSToken *token
-)
+nssToken_GetDefaultSession(
+    NSSToken *token)
 {
     return token->defaultSession;
 }
 
 NSS_IMPLEMENT NSSUTF8 *
-nssToken_GetName (
-  NSSToken *tok
-)
+nssToken_GetName(
+    NSSToken *tok)
 {
     if (tok == NULL) {
-	return "";
+        return "";
     }
     if (tok->base.name[0] == 0) {
-	(void) nssSlot_IsTokenPresent(tok->slot);
-    } 
+        (void)nssSlot_IsTokenPresent(tok->slot);
+    }
     return tok->base.name;
 }
 
 NSS_IMPLEMENT NSSUTF8 *
-NSSToken_GetName (
-  NSSToken *token
-)
+NSSToken_GetName(
+    NSSToken *token)
 {
     return nssToken_GetName(token);
 }
 
 NSS_IMPLEMENT PRBool
-nssToken_IsLoginRequired (
-  NSSToken *token
-)
+nssToken_IsLoginRequired(
+    NSSToken *token)
 {
     return (token->ckFlags & CKF_LOGIN_REQUIRED);
 }
 
 NSS_IMPLEMENT PRBool
-nssToken_NeedsPINInitialization (
-  NSSToken *token
-)
+nssToken_NeedsPINInitialization(
+    NSSToken *token)
 {
     return (!(token->ckFlags & CKF_USER_PIN_INITIALIZED));
 }
 
 NSS_IMPLEMENT PRStatus
-nssToken_DeleteStoredObject (
-  nssCryptokiObject *instance
-)
+nssToken_DeleteStoredObject(
+    nssCryptokiObject *instance)
 {
     CK_RV ckrv;
     PRStatus status;
     PRBool createdSession = PR_FALSE;
     NSSToken *token = instance->token;
     nssSession *session = NULL;
     void *epv = nssToken_GetCryptokiEPV(instance->token);
     if (token->cache) {
-	nssTokenObjectCache_RemoveObject(token->cache, instance);
+        nssTokenObjectCache_RemoveObject(token->cache, instance);
     }
     if (instance->isTokenObject) {
-       if (token->defaultSession && 
-           nssSession_IsReadWrite(token->defaultSession)) {
-	   session = token->defaultSession;
-       } else {
-	   session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
-	   createdSession = PR_TRUE;
-       }
+        if (token->defaultSession &&
+            nssSession_IsReadWrite(token->defaultSession)) {
+            session = token->defaultSession;
+        }
+        else {
+            session = nssSlot_CreateSession(token->slot, NULL, PR_TRUE);
+            createdSession = PR_TRUE;
+        }
     }
     if (session == NULL) {
-	return PR_FAILURE;
+        return PR_FAILURE;
     }
     nssSession_EnterMonitor(session);
     ckrv = CKAPI(epv)->C_DestroyObject(session->handle, instance->handle);
     nssSession_ExitMonitor(session);
     if (createdSession) {
-	nssSession_Destroy(session);
+        nssSession_Destroy(session);
     }
     status = PR_SUCCESS;
     if (ckrv != CKR_OK) {
-	status = PR_FAILURE;
-	/* use the error stack to pass the PKCS #11 error out  */
-	nss_SetError(ckrv);
-	nss_SetError(NSS_ERROR_PKCS11);
+        status = PR_FAILURE;
+        /* use the error stack to pass the PKCS #11 error out  */
+        nss_SetError(ckrv);
+        nss_SetError(NSS_ERROR_PKCS11);
     }
     return status;
 }
 
 static nssCryptokiObject *
-import_object (
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  CK_ATTRIBUTE_PTR objectTemplate,
-  CK_ULONG otsize
-)
+import_object(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    CK_ATTRIBUTE_PTR objectTemplate,
+    CK_ULONG otsize)
 {
     nssSession *session = NULL;
     PRBool createdSession = PR_FALSE;
     nssCryptokiObject *object = NULL;
     CK_OBJECT_HANDLE handle;
     CK_RV ckrv;
     void *epv = nssToken_GetCryptokiEPV(tok);
     if (nssCKObject_IsTokenObjectTemplate(objectTemplate, otsize)) {
-	if (sessionOpt) {
-	    if (!nssSession_IsReadWrite(sessionOpt)) {
-		nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
-		return NULL;
-	    }
-	    session = sessionOpt;
-	} else if (tok->defaultSession && 
-	           nssSession_IsReadWrite(tok->defaultSession)) {
-	    session = tok->defaultSession;
-	} else {
-	    session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE);
-	    createdSession = PR_TRUE;
-	}
-    } else {
-	session = (sessionOpt) ? sessionOpt : tok->defaultSession;
+        if (sessionOpt) {
+            if (!nssSession_IsReadWrite(sessionOpt)) {
+                nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+                return NULL;
+            }
+            session = sessionOpt;
+        }
+        else if (tok->defaultSession &&
+                 nssSession_IsReadWrite(tok->defaultSession)) {
+            session = tok->defaultSession;
+        }
+        else {
+            session = nssSlot_CreateSession(tok->slot, NULL, PR_TRUE);
+            createdSession = PR_TRUE;
+        }
+    }
+    else {
+        session = (sessionOpt) ? sessionOpt : tok->defaultSession;
     }
     if (session == NULL) {
-	nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
-	return NULL;
+        nss_SetError(NSS_ERROR_INVALID_ARGUMENT);
+        return NULL;
     }
     nssSession_EnterMonitor(session);
-    ckrv = CKAPI(epv)->C_CreateObject(session->handle, 
+    ckrv = CKAPI(epv)->C_CreateObject(session->handle,
                                       objectTemplate, otsize,
                                       &handle);
     nssSession_ExitMonitor(session);
     if (ckrv == CKR_OK) {
-	object = nssCryptokiObject_Create(tok, session, handle);
-    } else {
-	nss_SetError(ckrv);
-	nss_SetError(NSS_ERROR_PKCS11);
+        object = nssCryptokiObject_Create(tok, session, handle);
+    }
+    else {
+        nss_SetError(ckrv);
+        nss_SetError(NSS_ERROR_PKCS11);
     }
     if (createdSession) {
-	nssSession_Destroy(session);
+        nssSession_Destroy(session);
     }
     return object;
 }
 
 static nssCryptokiObject **
-create_objects_from_handles (
-  NSSToken *tok,
-  nssSession *session,
-  CK_OBJECT_HANDLE *handles,
-  PRUint32 numH
-)
+create_objects_from_handles(
+    NSSToken *tok,
+    nssSession *session,
+    CK_OBJECT_HANDLE *handles,
+    PRUint32 numH)
 {
     nssCryptokiObject **objects;
     objects = nss_ZNEWARRAY(NULL, nssCryptokiObject *, numH + 1);
     if (objects) {
-	PRInt32 i;
-	for (i=0; i<(PRInt32)numH; i++) {
-	    objects[i] = nssCryptokiObject_Create(tok, session, handles[i]);
-	    if (!objects[i]) {
-		for (--i; i>0; --i) {
-		    nssCryptokiObject_Destroy(objects[i]);
-		}
-		nss_ZFreeIf(objects);
-		objects = NULL;
-		break;
-	    }
-	}
+        PRInt32 i;
+        for (i = 0; i < (PRInt32)numH; i++) {
+            objects[i] = nssCryptokiObject_Create(tok, session, handles[i]);
+            if (!objects[i]) {
+                for (--i; i > 0; --i) {
+                    nssCryptokiObject_Destroy(objects[i]);
+                }
+                nss_ZFreeIf(objects);
+                objects = NULL;
+                break;
+            }
+        }
     }
     return objects;
 }
 
 static nssCryptokiObject **
-find_objects (
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  CK_ATTRIBUTE_PTR obj_template,
-  CK_ULONG otsize,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-)
+find_objects(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    CK_ATTRIBUTE_PTR obj_template,
+    CK_ULONG otsize,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
 {
     CK_RV ckrv = CKR_OK;
     CK_ULONG count;
     CK_OBJECT_HANDLE *objectHandles = NULL;
     CK_OBJECT_HANDLE staticObjects[OBJECT_STACK_SIZE];
     PRUint32 arraySize, numHandles;
     void *epv = nssToken_GetCryptokiEPV(tok);
     nssCryptokiObject **objects;
     nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
 
     /* Don't ask the module to use an invalid session handle. */
     if (!session || session->handle == CK_INVALID_SESSION) {
-	ckrv = CKR_SESSION_HANDLE_INVALID;
-	goto loser;                
+        ckrv = CKR_SESSION_HANDLE_INVALID;
+        goto loser;
     }
 
     /* the arena is only for the array of object handles */
     if (maximumOpt > 0) {
-	arraySize = maximumOpt;
-    } else {
-	arraySize = OBJECT_STACK_SIZE;
+        arraySize = maximumOpt;
+    }
+    else {
+        arraySize = OBJECT_STACK_SIZE;
     }
     numHandles = 0;
     if (arraySize <= OBJECT_STACK_SIZE) {
-	objectHandles = staticObjects;
-    } else {
-	objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize);
+        objectHandles = staticObjects;
+    }
+    else {
+        objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize);
     }
     if (!objectHandles) {
-	ckrv = CKR_HOST_MEMORY;
-	goto loser;
+        ckrv = CKR_HOST_MEMORY;
+        goto loser;
     }
     nssSession_EnterMonitor(session); /* ==== session lock === */
     /* Initialize the find with the template */
-    ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle, 
+    ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle,
                                          obj_template, otsize);
     if (ckrv != CKR_OK) {
-	nssSession_ExitMonitor(session);
-	goto loser;
+        nssSession_ExitMonitor(session);
+        goto loser;
     }
     while (PR_TRUE) {
-	/* Issue the find for up to arraySize - numHandles objects */
-	ckrv = CKAPI(epv)->C_FindObjects(session->handle, 
-	                                 objectHandles + numHandles, 
-	                                 arraySize - numHandles, 
-	                                 &count);
-	if (ckrv != CKR_OK) {
-	    nssSession_ExitMonitor(session);
-	    goto loser;
-	}
-	/* bump the number of found objects */
-	numHandles += count;
-	if (maximumOpt > 0 || numHandles < arraySize) {
-	    /* When a maximum is provided, the search is done all at once,
-	     * so the search is finished.  If the number returned was less 
-	     * than the number sought, the search is finished.
-	     */
-	    break;
-	}
-	/* the array is filled, double it and continue */
-	arraySize *= 2;
-	if (objectHandles == staticObjects) {
-	    objectHandles = nss_ZNEWARRAY(NULL,CK_OBJECT_HANDLE, arraySize);
-	    if (objectHandles) {
-		PORT_Memcpy(objectHandles, staticObjects, 
-			OBJECT_STACK_SIZE * sizeof(objectHandles[1]));
-	    }
-	} else {
-	    objectHandles = nss_ZREALLOCARRAY(objectHandles, 
-	                                  CK_OBJECT_HANDLE, 
-	                                  arraySize);
-	}
-	if (!objectHandles) {
-	    nssSession_ExitMonitor(session);
-	    ckrv = CKR_HOST_MEMORY;
-	    goto loser;
-	}
+        /* Issue the find for up to arraySize - numHandles objects */
+        ckrv = CKAPI(epv)->C_FindObjects(session->handle,
+                                         objectHandles + numHandles,
+                                         arraySize - numHandles,
+                                         &count);
+        if (ckrv != CKR_OK) {
+            nssSession_ExitMonitor(session);
+            goto loser;
+        }
+        /* bump the number of found objects */
+        numHandles += count;
+        if (maximumOpt > 0 || numHandles < arraySize) {
+            /* When a maximum is provided, the search is done all at once,
+             * so the search is finished.  If the number returned was less
+             * than the number sought, the search is finished.
+             */
+            break;
+        }
+        /* the array is filled, double it and continue */
+        arraySize *= 2;
+        if (objectHandles == staticObjects) {
+            objectHandles = nss_ZNEWARRAY(NULL, CK_OBJECT_HANDLE, arraySize);
+            if (objectHandles) {
+                PORT_Memcpy(objectHandles, staticObjects,
+                            OBJECT_STACK_SIZE * sizeof(objectHandles[1]));
+            }
+        }
+        else {
+            objectHandles = nss_ZREALLOCARRAY(objectHandles,
+                                              CK_OBJECT_HANDLE,
+                                              arraySize);
+        }
+        if (!objectHandles) {
+            nssSession_ExitMonitor(session);
+            ckrv = CKR_HOST_MEMORY;
+            goto loser;
+        }
     }
     ckrv = CKAPI(epv)->C_FindObjectsFinal(session->handle);
     nssSession_ExitMonitor(session); /* ==== end session lock === */
     if (ckrv != CKR_OK) {
-	goto loser;
+        goto loser;
     }
     if (numHandles > 0) {
-	objects = create_objects_from_handles(tok, session,
-	                                      objectHandles, numHandles);
-    } else {
-	nss_SetError(NSS_ERROR_NOT_FOUND);
-	objects = NULL;
+        objects = create_objects_from_handles(tok, session,
+                                              objectHandles, numHandles);
+    }
+    else {
+        nss_SetError(NSS_ERROR_NOT_FOUND);
+        objects = NULL;
     }
     if (objectHandles && objectHandles != staticObjects) {
-	nss_ZFreeIf(objectHandles);
+        nss_ZFreeIf(objectHandles);
     }
-    if (statusOpt) *statusOpt = PR_SUCCESS;
+    if (statusOpt)
+        *statusOpt = PR_SUCCESS;
     return objects;
 loser:
     if (objectHandles && objectHandles != staticObjects) {
-	nss_ZFreeIf(objectHandles);
+        nss_ZFreeIf(objectHandles);
     }
     /*
      * These errors should be treated the same as if the objects just weren't
      * found..
      */
     if ((ckrv == CKR_ATTRIBUTE_TYPE_INVALID) ||
-	(ckrv == CKR_ATTRIBUTE_VALUE_INVALID) ||
-	(ckrv == CKR_DATA_INVALID) ||
-	(ckrv == CKR_DATA_LEN_RANGE) ||
-	(ckrv == CKR_FUNCTION_NOT_SUPPORTED) ||
-	(ckrv == CKR_TEMPLATE_INCOMPLETE) ||
-	(ckrv == CKR_TEMPLATE_INCONSISTENT)) {
+        (ckrv == CKR_ATTRIBUTE_VALUE_INVALID) ||
+        (ckrv == CKR_DATA_INVALID) ||
+        (ckrv == CKR_DATA_LEN_RANGE) ||
+        (ckrv == CKR_FUNCTION_NOT_SUPPORTED) ||
+        (ckrv == CKR_TEMPLATE_INCOMPLETE) ||
+        (ckrv == CKR_TEMPLATE_INCONSISTENT)) {
 
-	nss_SetError(NSS_ERROR_NOT_FOUND);
-	if (statusOpt) *statusOpt = PR_SUCCESS;
-    } else {
-	nss_SetError(ckrv);
-	nss_SetError(NSS_ERROR_PKCS11);
-	if (statusOpt) *statusOpt = PR_FAILURE;
+        nss_SetError(NSS_ERROR_NOT_FOUND);
+        if (statusOpt)
+            *statusOpt = PR_SUCCESS;
+    }
+    else {
+        nss_SetError(ckrv);
+        nss_SetError(NSS_ERROR_PKCS11);
+        if (statusOpt)
+            *statusOpt = PR_FAILURE;
     }
     return (nssCryptokiObject **)NULL;
 }
 
 static nssCryptokiObject **
-find_objects_by_template (
-  NSSToken *token,
-  nssSession *sessionOpt,
-  CK_ATTRIBUTE_PTR obj_template,
-  CK_ULONG otsize,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-)
+find_objects_by_template(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    CK_ATTRIBUTE_PTR obj_template,
+    CK_ULONG otsize,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
 {
     CK_OBJECT_CLASS objclass = (CK_OBJECT_CLASS)-1;
     nssCryptokiObject **objects = NULL;
     PRUint32 i;
 
     if (!token) {
-    	PORT_SetError(SEC_ERROR_NO_TOKEN);
-	if (statusOpt) 
-	    *statusOpt = PR_FAILURE;
-	return NULL;
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        if (statusOpt)
+            *statusOpt = PR_FAILURE;
+        return NULL;
     }
-    for (i=0; i<otsize; i++) {
-	if (obj_template[i].type == CKA_CLASS) {
-	    objclass = *(CK_OBJECT_CLASS *)obj_template[i].pValue;
-	    break;
-	}
+    for (i = 0; i < otsize; i++) {
+        if (obj_template[i].type == CKA_CLASS) {
+            objclass = *(CK_OBJECT_CLASS *)obj_template[i].pValue;
+            break;
+        }
     }
     PR_ASSERT(i < otsize);
     if (i == otsize) {
-	PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
-	if (statusOpt) *statusOpt = PR_FAILURE;
-	return NULL;
+        PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+        if (statusOpt)
+            *statusOpt = PR_FAILURE;
+        return NULL;
     }
     /* If these objects are being cached, try looking there first */
-    if (token->cache && 
-        nssTokenObjectCache_HaveObjectClass(token->cache, objclass)) 
-    {
-	PRStatus status;
-	objects = nssTokenObjectCache_FindObjectsByTemplate(token->cache,
-	                                                    objclass,
-	                                                    obj_template,
-	                                                    otsize,
-	                                                    maximumOpt,
-	                                                    &status);
-	if (status == PR_SUCCESS) {
-	    if (statusOpt) *statusOpt = status;
-	    return objects;
-	}
+    if (token->cache &&
+        nssTokenObjectCache_HaveObjectClass(token->cache, objclass)) {
+        PRStatus status;
+        objects = nssTokenObjectCache_FindObjectsByTemplate(token->cache,
+                                                            objclass,
+                                                            obj_template,
+                                                            otsize,
+                                                            maximumOpt,
+                                                            &status);
+        if (status == PR_SUCCESS) {
+            if (statusOpt)
+                *statusOpt = status;
+            return objects;
+        }
     }
     /* Either they are not cached, or cache failed; look on token. */
-    objects = find_objects(token, sessionOpt, 
-                           obj_template, otsize, 
+    objects = find_objects(token, sessionOpt,
+                           obj_template, otsize,
                            maximumOpt, statusOpt);
     return objects;
 }
 
 extern const NSSError NSS_ERROR_INVALID_CERTIFICATE;
 
 NSS_IMPLEMENT nssCryptokiObject *
-nssToken_ImportCertificate (
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  NSSCertificateType certType,
-  NSSItem *id,
-  const NSSUTF8 *nickname,
-  NSSDER *encoding,
-  NSSDER *issuer,
-  NSSDER *subject,
-  NSSDER *serial,
-  NSSASCII7 *email,
-  PRBool asTokenObject
-)
+nssToken_ImportCertificate(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSCertificateType certType,
+    NSSItem *id,
+    const NSSUTF8 *nickname,
+    NSSDER *encoding,
+    NSSDER *issuer,
+    NSSDER *subject,
+    NSSDER *serial,
+    NSSASCII7 *email,
+    PRBool asTokenObject)
 {
     PRStatus status;
     CK_CERTIFICATE_TYPE cert_type;
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE cert_tmpl[10];
     CK_ULONG ctsize;
     nssTokenSearchType searchType;
     nssCryptokiObject *rvObject = NULL;
 
     if (!tok) {
-    	PORT_SetError(SEC_ERROR_NO_TOKEN);
-	return NULL;
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return NULL;
     }
     if (certType == NSSCertificateType_PKIX) {
-	cert_type = CKC_X_509;
-    } else {
-	return (nssCryptokiObject *)NULL;
+        cert_type = CKC_X_509;
+    }
+    else {
+        return (nssCryptokiObject *)NULL;
     }
     NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
     if (asTokenObject) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
-	searchType = nssTokenSearchType_TokenOnly;
-    } else {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
-	searchType = nssTokenSearchType_SessionOnly;
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+        searchType = nssTokenSearchType_TokenOnly;
+    }
+    else {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+        searchType = nssTokenSearchType_SessionOnly;
     }
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS,            &g_ck_class_cert);
-    NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CERTIFICATE_TYPE,  cert_type);
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID,                id);
-    NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL,             nickname);
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE,             encoding);
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER,            issuer);
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT,           subject);
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER,     serial);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CERTIFICATE_TYPE, cert_type);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
+    NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encoding);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial);
     if (email) {
-	NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_EMAIL,    email);
+        NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_EMAIL, email);
     }
     NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
     /* see if the cert is already there */
     rvObject = nssToken_FindCertificateByIssuerAndSerialNumber(tok,
                                                                sessionOpt,
                                                                issuer,
                                                                serial,
                                                                searchType,
                                                                NULL);
     if (rvObject) {
-	NSSItem existingDER;
-	NSSSlot *slot = nssToken_GetSlot(tok);
-	nssSession *session = nssSlot_CreateSession(slot, NULL, PR_TRUE);
-	if (!session) {
-	    nssCryptokiObject_Destroy(rvObject);
-	    nssSlot_Destroy(slot);
-	    return (nssCryptokiObject *)NULL;
-	}
-	/* Reject any attempt to import a new cert that has the same
-	 * issuer/serial as an existing cert, but does not have the
-	 * same encoding
-	 */
-	NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
-	NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
-	NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
-	status = nssCKObject_GetAttributes(rvObject->handle, 
-	                                   cert_tmpl, ctsize, NULL,
-	                                   session, slot);
-	NSS_CK_ATTRIBUTE_TO_ITEM(cert_tmpl, &existingDER);
-	if (status == PR_SUCCESS) {
-	    if (!nssItem_Equal(encoding, &existingDER, NULL)) {
-		nss_SetError(NSS_ERROR_INVALID_CERTIFICATE);
-		status = PR_FAILURE;
-	    }
-	    nss_ZFreeIf(existingDER.data);
-	}
-	if (status == PR_FAILURE) {
-	    nssCryptokiObject_Destroy(rvObject);
-	    nssSession_Destroy(session);
-	    nssSlot_Destroy(slot);
-	    return (nssCryptokiObject *)NULL;
-	}
-	/* according to PKCS#11, label, ID, issuer, and serial number 
-	 * may change after the object has been created.  For PKIX, the
-	 * last two attributes can't change, so for now we'll only worry
-	 * about the first two.
-	 */
-	NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID,    id);
-	NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
-	NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
-	/* reset the mutable attributes on the token */
-	nssCKObject_SetAttributes(rvObject->handle, 
-	                          cert_tmpl, ctsize,
-	                          session, slot);
-	if (!rvObject->label && nickname) {
-	    rvObject->label = nssUTF8_Duplicate(nickname, NULL);
-	}
-	nssSession_Destroy(session);
-	nssSlot_Destroy(slot);
-    } else {
-	/* Import the certificate onto the token */
-	rvObject = import_object(tok, sessionOpt, cert_tmpl, ctsize);
+        NSSItem existingDER;
+        NSSSlot *slot = nssToken_GetSlot(tok);
+        nssSession *session = nssSlot_CreateSession(slot, NULL, PR_TRUE);
+        if (!session) {
+            nssCryptokiObject_Destroy(rvObject);
+            nssSlot_Destroy(slot);
+            return (nssCryptokiObject *)NULL;
+        }
+        /* Reject any attempt to import a new cert that has the same
+         * issuer/serial as an existing cert, but does not have the
+         * same encoding
+         */
+        NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
+        NSS_CK_SET_ATTRIBUTE_NULL(attr, CKA_VALUE);
+        NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
+        status = nssCKObject_GetAttributes(rvObject->handle,
+                                           cert_tmpl, ctsize, NULL,
+                                           session, slot);
+        NSS_CK_ATTRIBUTE_TO_ITEM(cert_tmpl, &existingDER);
+        if (status == PR_SUCCESS) {
+            if (!nssItem_Equal(encoding, &existingDER, NULL)) {
+                nss_SetError(NSS_ERROR_INVALID_CERTIFICATE);
+                status = PR_FAILURE;
+            }
+            nss_ZFreeIf(existingDER.data);
+        }
+        if (status == PR_FAILURE) {
+            nssCryptokiObject_Destroy(rvObject);
+            nssSession_Destroy(session);
+            nssSlot_Destroy(slot);
+            return (nssCryptokiObject *)NULL;
+        }
+        /* according to PKCS#11, label, ID, issuer, and serial number
+         * may change after the object has been created.  For PKIX, the
+         * last two attributes can't change, so for now we'll only worry
+         * about the first two.
+         */
+        NSS_CK_TEMPLATE_START(cert_tmpl, attr, ctsize);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
+        NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, nickname);
+        NSS_CK_TEMPLATE_FINISH(cert_tmpl, attr, ctsize);
+        /* reset the mutable attributes on the token */
+        nssCKObject_SetAttributes(rvObject->handle,
+                                  cert_tmpl, ctsize,
+                                  session, slot);
+        if (!rvObject->label && nickname) {
+            rvObject->label = nssUTF8_Duplicate(nickname, NULL);
+        }
+        nssSession_Destroy(session);
+        nssSlot_Destroy(slot);
+    }
+    else {
+        /* Import the certificate onto the token */
+        rvObject = import_object(tok, sessionOpt, cert_tmpl, ctsize);
     }
     if (rvObject && tok->cache) {
-	/* The cache will overwrite the attributes if the object already
-	 * exists.
-	 */
-	nssTokenObjectCache_ImportObject(tok->cache, rvObject,
-	                                 CKO_CERTIFICATE,
-	                                 cert_tmpl, ctsize);
+        /* The cache will overwrite the attributes if the object already
+         * exists.
+         */
+        nssTokenObjectCache_ImportObject(tok->cache, rvObject,
+                                         CKO_CERTIFICATE,
+                                         cert_tmpl, ctsize);
     }
     return rvObject;
 }
 
 /* traverse all objects of the given class - this should only happen
  * if the token has been marked as "traversable"
  */
 NSS_IMPLEMENT nssCryptokiObject **
-nssToken_FindObjects (
-  NSSToken *token,
-  nssSession *sessionOpt,
-  CK_OBJECT_CLASS objclass,
-  nssTokenSearchType searchType,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-)
+nssToken_FindObjects(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    CK_OBJECT_CLASS objclass,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
 {
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE obj_template[2];
     CK_ULONG obj_size;
     nssCryptokiObject **objects;
     NSS_CK_TEMPLATE_START(obj_template, attr, obj_size);
     /* Set the search to token/session only if provided */
     if (searchType == nssTokenSearchType_SessionOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
-    } else if (searchType == nssTokenSearchType_TokenOnly ||
-               searchType == nssTokenSearchType_TokenForced) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
     }
-    NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, objclass);
+    else if (searchType == nssTokenSearchType_TokenOnly ||
+             searchType == nssTokenSearchType_TokenForced) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    }
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, objclass);
     NSS_CK_TEMPLATE_FINISH(obj_template, attr, obj_size);
 
     if (searchType == nssTokenSearchType_TokenForced) {
-	objects = find_objects(token, sessionOpt,
-	                       obj_template, obj_size,
-	                       maximumOpt, statusOpt);
-    } else {
-	objects = find_objects_by_template(token, sessionOpt,
-	                                   obj_template, obj_size,
-	                                   maximumOpt, statusOpt);
+        objects = find_objects(token, sessionOpt,
+                               obj_template, obj_size,
+                               maximumOpt, statusOpt);
+    }
+    else {
+        objects = find_objects_by_template(token, sessionOpt,
+                                           obj_template, obj_size,
+                                           maximumOpt, statusOpt);
     }
     return objects;
 }
 
 NSS_IMPLEMENT nssCryptokiObject **
-nssToken_FindCertificatesBySubject (
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSDER *subject,
-  nssTokenSearchType searchType,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-)
+nssToken_FindCertificatesBySubject(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *subject,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
 {
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE subj_template[3];
     CK_ULONG stsize;
     nssCryptokiObject **objects;
     NSS_CK_TEMPLATE_START(subj_template, attr, stsize);
     /* Set the search to token/session only if provided */
     if (searchType == nssTokenSearchType_SessionOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
-    } else if (searchType == nssTokenSearchType_TokenOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    }
+    else if (searchType == nssTokenSearchType_TokenOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
     }
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
     NSS_CK_TEMPLATE_FINISH(subj_template, attr, stsize);
     /* now locate the token certs matching this template */
     objects = find_objects_by_template(token, sessionOpt,
                                        subj_template, stsize,
                                        maximumOpt, statusOpt);
     return objects;
 }
 
 NSS_IMPLEMENT nssCryptokiObject **
-nssToken_FindCertificatesByNickname (
-  NSSToken *token,
-  nssSession *sessionOpt,
-  const NSSUTF8 *name,
-  nssTokenSearchType searchType,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-)
+nssToken_FindCertificatesByNickname(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    const NSSUTF8 *name,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
 {
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE nick_template[3];
     CK_ULONG ntsize;
     nssCryptokiObject **objects;
     NSS_CK_TEMPLATE_START(nick_template, attr, ntsize);
     NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_LABEL, name);
     /* Set the search to token/session only if provided */
     if (searchType == nssTokenSearchType_SessionOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
-    } else if (searchType == nssTokenSearchType_TokenOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    }
+    else if (searchType == nssTokenSearchType_TokenOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
     }
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
     NSS_CK_TEMPLATE_FINISH(nick_template, attr, ntsize);
     /* now locate the token certs matching this template */
     objects = find_objects_by_template(token, sessionOpt,
-                                       nick_template, ntsize, 
+                                       nick_template, ntsize,
                                        maximumOpt, statusOpt);
     if (!objects) {
-	/* This is to workaround the fact that PKCS#11 doesn't specify
-	 * whether the '\0' should be included.  XXX Is that still true?
-	 * im - this is not needed by the current softoken.  However, I'm 
-	 * leaving it in until I have surveyed more tokens to see if it needed.
-	 * well, its needed by the builtin token...
-	 */
-	nick_template[0].ulValueLen++;
-	objects = find_objects_by_template(token, sessionOpt,
-	                                   nick_template, ntsize, 
-	                                   maximumOpt, statusOpt);
+        /* This is to workaround the fact that PKCS#11 doesn't specify
+         * whether the '\0' should be included.  XXX Is that still true?
+         * im - this is not needed by the current softoken.  However, I'm
+         * leaving it in until I have surveyed more tokens to see if it needed.
+         * well, its needed by the builtin token...
+         */
+        nick_template[0].ulValueLen++;
+        objects = find_objects_by_template(token, sessionOpt,
+                                           nick_template, ntsize,
+                                           maximumOpt, statusOpt);
     }
     return objects;
 }
 
 /* XXX
  * This function *does not* use the token object cache, because not even
  * the softoken will return a value for CKA_NSS_EMAIL from a call
  * to GetAttributes.  The softoken does allow searches with that attribute,
  * it just won't return a value for it.
  */
 NSS_IMPLEMENT nssCryptokiObject **
-nssToken_FindCertificatesByEmail (
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSASCII7 *email,
-  nssTokenSearchType searchType,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-)
+nssToken_FindCertificatesByEmail(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSASCII7 *email,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
 {
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE email_template[3];
     CK_ULONG etsize;
     nssCryptokiObject **objects;
     NSS_CK_TEMPLATE_START(email_template, attr, etsize);
     NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_EMAIL, email);
     /* Set the search to token/session only if provided */
     if (searchType == nssTokenSearchType_SessionOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
-    } else if (searchType == nssTokenSearchType_TokenOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    }
+    else if (searchType == nssTokenSearchType_TokenOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
     }
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
     NSS_CK_TEMPLATE_FINISH(email_template, attr, etsize);
     /* now locate the token certs matching this template */
     objects = find_objects(token, sessionOpt,
                            email_template, etsize,
                            maximumOpt, statusOpt);
     if (!objects) {
-	/* This is to workaround the fact that PKCS#11 doesn't specify
-	 * whether the '\0' should be included.  XXX Is that still true?
-	 * im - this is not needed by the current softoken.  However, I'm 
-	 * leaving it in until I have surveyed more tokens to see if it needed.
-	 * well, its needed by the builtin token...
-	 */
-	email_template[0].ulValueLen++;
-	objects = find_objects(token, sessionOpt,
-	                       email_template, etsize,
-	                       maximumOpt, statusOpt);
+        /* This is to workaround the fact that PKCS#11 doesn't specify
+         * whether the '\0' should be included.  XXX Is that still true?
+         * im - this is not needed by the current softoken.  However, I'm
+         * leaving it in until I have surveyed more tokens to see if it needed.
+         * well, its needed by the builtin token...
+         */
+        email_template[0].ulValueLen++;
+        objects = find_objects(token, sessionOpt,
+                               email_template, etsize,
+                               maximumOpt, statusOpt);
     }
     return objects;
 }
 
 NSS_IMPLEMENT nssCryptokiObject **
-nssToken_FindCertificatesByID (
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSItem *id,
-  nssTokenSearchType searchType,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-)
+nssToken_FindCertificatesByID(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSItem *id,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
 {
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE id_template[3];
     CK_ULONG idtsize;
     nssCryptokiObject **objects;
     NSS_CK_TEMPLATE_START(id_template, attr, idtsize);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, id);
     /* Set the search to token/session only if provided */
     if (searchType == nssTokenSearchType_SessionOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
-    } else if (searchType == nssTokenSearchType_TokenOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    }
+    else if (searchType == nssTokenSearchType_TokenOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
     }
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
     NSS_CK_TEMPLATE_FINISH(id_template, attr, idtsize);
     /* now locate the token certs matching this template */
     objects = find_objects_by_template(token, sessionOpt,
                                        id_template, idtsize,
                                        maximumOpt, statusOpt);
     return objects;
@@ -762,249 +763,249 @@ nssToken_FindCertificatesByID (
  */
 static PRStatus
 nssToken_decodeSerialItem(NSSItem *serial, NSSItem *serialDecode)
 {
     unsigned char *data = (unsigned char *)serial->data;
     int data_left, data_len, index;
 
     if ((serial->size >= 3) && (data[0] == 0x2)) {
-	/* remove the der encoding of the serial number before generating the
-	 * key.. */
-	data_left = serial->size-2;
-	data_len = data[1];
-	index = 2;
+        /* remove the der encoding of the serial number before generating the
+         * key.. */
+        data_left = serial->size - 2;
+        data_len = data[1];
+        index = 2;
 
-	/* extended length ? (not very likely for a serial number) */
-	if (data_len & 0x80) {
-	    int len_count = data_len & 0x7f;
+        /* extended length ? (not very likely for a serial number) */
+        if (data_len & 0x80) {
+            int len_count = data_len & 0x7f;
 
-	    data_len = 0;
-	    data_left -= len_count;
-	    if (data_left > 0) {
-		while (len_count --) {
-		    data_len = (data_len << 8) | data[index++];
-		}
-	    } 
-	}
-	/* XXX leaving any leading zeros on the serial number for backwards
-	 * compatibility
-	 */
-	/* not a valid der, must be just an unlucky serial number value */
-	if (data_len == data_left) {
-	    serialDecode->size = data_len;
-	    serialDecode->data = &data[index];
-	    return PR_SUCCESS;
-	}
+            data_len = 0;
+            data_left -= len_count;
+            if (data_left > 0) {
+                while (len_count--) {
+                    data_len = (data_len << 8) | data[index++];
+                }
+            }
+        }
+        /* XXX leaving any leading zeros on the serial number for backwards
+         * compatibility
+         */
+        /* not a valid der, must be just an unlucky serial number value */
+        if (data_len == data_left) {
+            serialDecode->size = data_len;
+            serialDecode->data = &data[index];
+            return PR_SUCCESS;
+        }
     }
     return PR_FAILURE;
 }
 
 NSS_IMPLEMENT nssCryptokiObject *
-nssToken_FindCertificateByIssuerAndSerialNumber (
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSDER *issuer,
-  NSSDER *serial,
-  nssTokenSearchType searchType,
-  PRStatus *statusOpt
-)
+nssToken_FindCertificateByIssuerAndSerialNumber(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *issuer,
+    NSSDER *serial,
+    nssTokenSearchType searchType,
+    PRStatus *statusOpt)
 {
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE_PTR serialAttr;
     CK_ATTRIBUTE cert_template[4];
     CK_ULONG ctsize;
     nssCryptokiObject **objects;
     nssCryptokiObject *rvObject = NULL;
     NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
 
     if (!token) {
-    	PORT_SetError(SEC_ERROR_NO_TOKEN);
-	if (statusOpt) 
-	    *statusOpt = PR_FAILURE;
-	return NULL;
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        if (statusOpt)
+            *statusOpt = PR_FAILURE;
+        return NULL;
     }
     /* Set the search to token/session only if provided */
     if (searchType == nssTokenSearchType_SessionOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
-    } else if ((searchType == nssTokenSearchType_TokenOnly) ||
-               (searchType == nssTokenSearchType_TokenForced)) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    }
+    else if ((searchType == nssTokenSearchType_TokenOnly) ||
+             (searchType == nssTokenSearchType_TokenForced)) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
     }
     /* Set the unique id */
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS,         &g_ck_class_cert);
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER,         issuer);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, issuer);
     serialAttr = attr;
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER,  serial);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, serial);
     NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize);
     /* get the object handle */
     if (searchType == nssTokenSearchType_TokenForced) {
-	objects = find_objects(token, sessionOpt,
-	                       cert_template, ctsize,
-	                       1, statusOpt);
-    } else {
-	objects = find_objects_by_template(token, sessionOpt,
-                                       cert_template, ctsize,
-                                       1, statusOpt);
+        objects = find_objects(token, sessionOpt,
+                               cert_template, ctsize,
+                               1, statusOpt);
+    }
+    else {
+        objects = find_objects_by_template(token, sessionOpt,
+                                           cert_template, ctsize,
+                                           1, statusOpt);
     }
     if (objects) {
-	rvObject = objects[0];
-	nss_ZFreeIf(objects);
+        rvObject = objects[0];
+        nss_ZFreeIf(objects);
     }
 
     /*
      * NSS used to incorrectly store serial numbers in their decoded form.
      * because of this old tokens have decoded serial numbers.
      */
     if (!objects) {
-	NSSItem serialDecode;
-	PRStatus status;
+        NSSItem serialDecode;
+        PRStatus status;
 
-	status = nssToken_decodeSerialItem(serial, &serialDecode);
-	if (status != PR_SUCCESS) {
-	    return NULL;
-	}
-    	NSS_CK_SET_ATTRIBUTE_ITEM(serialAttr,CKA_SERIAL_NUMBER,&serialDecode);
-	if (searchType == nssTokenSearchType_TokenForced) {
-	    objects = find_objects(token, sessionOpt,
-	                       cert_template, ctsize,
-	                       1, statusOpt);
-	} else {
-	    objects = find_objects_by_template(token, sessionOpt,
-                                       cert_template, ctsize,
-                                       1, statusOpt);
-	}
-	if (objects) {
-	    rvObject = objects[0];
-	    nss_ZFreeIf(objects);
-	}
+        status = nssToken_decodeSerialItem(serial, &serialDecode);
+        if (status != PR_SUCCESS) {
+            return NULL;
+        }
+        NSS_CK_SET_ATTRIBUTE_ITEM(serialAttr, CKA_SERIAL_NUMBER, &serialDecode);
+        if (searchType == nssTokenSearchType_TokenForced) {
+            objects = find_objects(token, sessionOpt,
+                                   cert_template, ctsize,
+                                   1, statusOpt);
+        }
+        else {
+            objects = find_objects_by_template(token, sessionOpt,
+                                               cert_template, ctsize,
+                                               1, statusOpt);
+        }
+        if (objects) {
+            rvObject = objects[0];
+            nss_ZFreeIf(objects);
+        }
     }
     return rvObject;
 }
 
 NSS_IMPLEMENT nssCryptokiObject *
-nssToken_FindCertificateByEncodedCertificate (
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSBER *encodedCertificate,
-  nssTokenSearchType searchType,
-  PRStatus *statusOpt
-)
+nssToken_FindCertificateByEncodedCertificate(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSBER *encodedCertificate,
+    nssTokenSearchType searchType,
+    PRStatus *statusOpt)
 {
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE cert_template[3];
     CK_ULONG ctsize;
     nssCryptokiObject **objects;
     nssCryptokiObject *rvObject = NULL;
     NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
     /* Set the search to token/session only if provided */
     if (searchType == nssTokenSearchType_SessionOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
-    } else if (searchType == nssTokenSearchType_TokenOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    }
+    else if (searchType == nssTokenSearchType_TokenOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
     }
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encodedCertificate);
     NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize);
     /* get the object handle */
     objects = find_objects_by_template(token, sessionOpt,
                                        cert_template, ctsize,
                                        1, statusOpt);
     if (objects) {
-	rvObject = objects[0];
-	nss_ZFreeIf(objects);
+        rvObject = objects[0];
+        nss_ZFreeIf(objects);
     }
     return rvObject;
 }
 
 NSS_IMPLEMENT nssCryptokiObject **
-nssToken_FindPrivateKeys (
-  NSSToken *token,
-  nssSession *sessionOpt,
-  nssTokenSearchType searchType,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-)
+nssToken_FindPrivateKeys(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
 {
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE key_template[2];
     CK_ULONG ktsize;
     nssCryptokiObject **objects;
 
     NSS_CK_TEMPLATE_START(key_template, attr, ktsize);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_privkey);
     if (searchType == nssTokenSearchType_SessionOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
-    } else if (searchType == nssTokenSearchType_TokenOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    }
+    else if (searchType == nssTokenSearchType_TokenOnly) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
     }
     NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);
 
     objects = find_objects_by_template(token, sessionOpt,
-                                       key_template, ktsize, 
+                                       key_template, ktsize,
                                        maximumOpt, statusOpt);
     return objects;
 }
 
 /* XXX ?there are no session cert objects, so only search token objects */
 NSS_IMPLEMENT nssCryptokiObject *
-nssToken_FindPrivateKeyByID (
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSItem *keyID
-)
+nssToken_FindPrivateKeyByID(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSItem *keyID)
 {
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE key_template[3];
     CK_ULONG ktsize;
     nssCryptokiObject **objects;
     nssCryptokiObject *rvKey = NULL;
 
     NSS_CK_TEMPLATE_START(key_template, attr, ktsize);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_privkey);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, keyID);
     NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);
 
     objects = find_objects_by_template(token, sessionOpt,
-                                       key_template, ktsize, 
+                                       key_template, ktsize,
                                        1, NULL);
     if (objects) {
-	rvKey = objects[0];
-	nss_ZFreeIf(objects);
+        rvKey = objects[0];
+        nss_ZFreeIf(objects);
     }
     return rvKey;
 }
 
 /* XXX ?there are no session cert objects, so only search token objects */
 NSS_IMPLEMENT nssCryptokiObject *
-nssToken_FindPublicKeyByID (
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSItem *keyID
-)
+nssToken_FindPublicKeyByID(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSItem *keyID)
 {
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE key_template[3];
     CK_ULONG ktsize;
     nssCryptokiObject **objects;
     nssCryptokiObject *rvKey = NULL;
 
     NSS_CK_TEMPLATE_START(key_template, attr, ktsize);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_pubkey);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ID, keyID);
     NSS_CK_TEMPLATE_FINISH(key_template, attr, ktsize);
 
     objects = find_objects_by_template(token, sessionOpt,
-                                       key_template, ktsize, 
+                                       key_template, ktsize,
                                        1, NULL);
     if (objects) {
-	rvKey = objects[0];
-	nss_ZFreeIf(objects);
+        rvKey = objects[0];
+        nss_ZFreeIf(objects);
     }
     return rvKey;
 }
 
 static void
 sha1_hash(NSSItem *input, NSSItem *output)
 {
     NSSAlgorithmAndParameters *ap;
@@ -1024,556 +1025,564 @@ md5_hash(NSSItem *input, NSSItem *output
     NSSToken *token = PK11Slot_GetNSSToken(internal);
     ap = NSSAlgorithmAndParameters_CreateMD5Digest(NULL);
     (void)nssToken_Digest(token, NULL, ap, input, output, NULL);
     PK11_FreeSlot(token->pk11slot);
     nss_ZFreeIf(ap);
 }
 
 static CK_TRUST
-get_ck_trust (
-  nssTrustLevel nssTrust
-)
+get_ck_trust(
+    nssTrustLevel nssTrust)
 {
     CK_TRUST t;
     switch (nssTrust) {
-    case nssTrustLevel_NotTrusted: t = CKT_NSS_NOT_TRUSTED; break;
-    case nssTrustLevel_TrustedDelegator: t = CKT_NSS_TRUSTED_DELEGATOR; 
-	break;
-    case nssTrustLevel_ValidDelegator: t = CKT_NSS_VALID_DELEGATOR; break;
-    case nssTrustLevel_Trusted: t = CKT_NSS_TRUSTED; break;
-    case nssTrustLevel_MustVerify: t = CKT_NSS_MUST_VERIFY_TRUST; break;
-    case nssTrustLevel_Unknown:
-    default: t = CKT_NSS_TRUST_UNKNOWN; break;
+        case nssTrustLevel_NotTrusted:
+            t = CKT_NSS_NOT_TRUSTED;
+            break;
+        case nssTrustLevel_TrustedDelegator:
+            t = CKT_NSS_TRUSTED_DELEGATOR;
+            break;
+        case nssTrustLevel_ValidDelegator:
+            t = CKT_NSS_VALID_DELEGATOR;
+            break;
+        case nssTrustLevel_Trusted:
+            t = CKT_NSS_TRUSTED;
+            break;
+        case nssTrustLevel_MustVerify:
+            t = CKT_NSS_MUST_VERIFY_TRUST;
+            break;
+        case nssTrustLevel_Unknown:
+        default:
+            t = CKT_NSS_TRUST_UNKNOWN;
+            break;
     }
     return t;
 }
- 
+
 NSS_IMPLEMENT nssCryptokiObject *
-nssToken_ImportTrust (
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  NSSDER *certEncoding,
-  NSSDER *certIssuer,
-  NSSDER *certSerial,
-  nssTrustLevel serverAuth,
-  nssTrustLevel clientAuth,
-  nssTrustLevel codeSigning,
-  nssTrustLevel emailProtection,
-  PRBool stepUpApproved,
-  PRBool asTokenObject
-)
+nssToken_ImportTrust(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSDER *certEncoding,
+    NSSDER *certIssuer,
+    NSSDER *certSerial,
+    nssTrustLevel serverAuth,
+    nssTrustLevel clientAuth,
+    nssTrustLevel codeSigning,
+    nssTrustLevel emailProtection,
+    PRBool stepUpApproved,
+    PRBool asTokenObject)
 {
     nssCryptokiObject *object;
     CK_OBJECT_CLASS tobjc = CKO_NSS_TRUST;
     CK_TRUST ckSA, ckCA, ckCS, ckEP;
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE trust_tmpl[11];
     CK_ULONG tsize;
     PRUint8 sha1[20]; /* this is cheating... */
     PRUint8 md5[16];
     NSSItem sha1_result, md5_result;
-    sha1_result.data = sha1; sha1_result.size = sizeof sha1;
-    md5_result.data = md5; md5_result.size = sizeof md5;
+    sha1_result.data = sha1;
+    sha1_result.size = sizeof sha1;
+    md5_result.data = md5;
+    md5_result.size = sizeof md5;
     sha1_hash(certEncoding, &sha1_result);
     md5_hash(certEncoding, &md5_result);
     ckSA = get_ck_trust(serverAuth);
     ckCA = get_ck_trust(clientAuth);
     ckCS = get_ck_trust(codeSigning);
     ckEP = get_ck_trust(emailProtection);
     NSS_CK_TEMPLATE_START(trust_tmpl, attr, tsize);
     if (asTokenObject) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
-    } else {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    }
+    else {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
     }
-    NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS,           tobjc);
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER,          certIssuer);
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER,   certSerial);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, tobjc);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, certSerial);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_SHA1_HASH, &sha1_result);
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_MD5_HASH,  &md5_result);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CERT_MD5_HASH, &md5_result);
     /* now set the trust values */
-    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH,      ckSA);
-    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH,      ckCA);
-    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING,     ckCS);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_SERVER_AUTH, ckSA);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CLIENT_AUTH, ckCA);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_CODE_SIGNING, ckCS);
     NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_TRUST_EMAIL_PROTECTION, ckEP);
     if (stepUpApproved) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED, 
-	                          &g_ck_true);
-    } else {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED, 
-	                          &g_ck_false);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
+                                  &g_ck_true);
+    }
+    else {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TRUST_STEP_UP_APPROVED,
+                                  &g_ck_false);
     }
     NSS_CK_TEMPLATE_FINISH(trust_tmpl, attr, tsize);
     /* import the trust object onto the token */
     object = import_object(tok, sessionOpt, trust_tmpl, tsize);
     if (object && tok->cache) {
-	nssTokenObjectCache_ImportObject(tok->cache, object, tobjc,
-	                                 trust_tmpl, tsize);
+        nssTokenObjectCache_ImportObject(tok->cache, object, tobjc,
+                                         trust_tmpl, tsize);
     }
     return object;
 }
 
 NSS_IMPLEMENT nssCryptokiObject *
-nssToken_FindTrustForCertificate (
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSDER *certEncoding,
-  NSSDER *certIssuer,
-  NSSDER *certSerial,
-  nssTokenSearchType searchType
-)
+nssToken_FindTrustForCertificate(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *certEncoding,
+    NSSDER *certIssuer,
+    NSSDER *certSerial,
+    nssTokenSearchType searchType)
 {
     CK_OBJECT_CLASS tobjc = CKO_NSS_TRUST;
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE tobj_template[5];
     CK_ULONG tobj_size;
     nssSession *session = sessionOpt ? sessionOpt : token->defaultSession;
     nssCryptokiObject *object = NULL, **objects;
 
     /* Don't ask the module to use an invalid session handle. */
     if (!session || session->handle == CK_INVALID_SESSION) {
-	PORT_SetError(SEC_ERROR_NO_TOKEN);
-	return object;
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return object;
     }
 
     NSS_CK_TEMPLATE_START(tobj_template, attr, tobj_size);
     if (searchType == nssTokenSearchType_TokenOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
     }
-    NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS,          tobjc);
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER,         certIssuer);
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER , certSerial);
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, tobjc);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_ISSUER, certIssuer);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SERIAL_NUMBER, certSerial);
     NSS_CK_TEMPLATE_FINISH(tobj_template, attr, tobj_size);
     objects = find_objects_by_template(token, session,
                                        tobj_template, tobj_size,
                                        1, NULL);
     if (objects) {
-	object = objects[0];
-	nss_ZFreeIf(objects);
+        object = objects[0];
+        nss_ZFreeIf(objects);
     }
     return object;
 }
- 
+
 NSS_IMPLEMENT nssCryptokiObject *
-nssToken_ImportCRL (
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSDER *subject,
-  NSSDER *encoding,
-  PRBool isKRL,
-  NSSUTF8 *url,
-  PRBool asTokenObject
-)
+nssToken_ImportCRL(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *subject,
+    NSSDER *encoding,
+    PRBool isKRL,
+    NSSUTF8 *url,
+    PRBool asTokenObject)
 {
     nssCryptokiObject *object;
     CK_OBJECT_CLASS crlobjc = CKO_NSS_CRL;
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE crl_tmpl[6];
     CK_ULONG crlsize;
 
     NSS_CK_TEMPLATE_START(crl_tmpl, attr, crlsize);
     if (asTokenObject) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
-    } else {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
     }
-    NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS,        crlobjc);
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT,      subject);
-    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE,        encoding);
+    else {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    }
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, crlobjc);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
+    NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_VALUE, encoding);
     NSS_CK_SET_ATTRIBUTE_UTF8(attr, CKA_NSS_URL, url);
     if (isKRL) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_true);
-    } else {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_false);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_true);
+    }
+    else {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_NSS_KRL, &g_ck_false);
     }
     NSS_CK_TEMPLATE_FINISH(crl_tmpl, attr, crlsize);
 
     /* import the crl object onto the token */
     object = import_object(token, sessionOpt, crl_tmpl, crlsize);
     if (object && token->cache) {
-	nssTokenObjectCache_ImportObject(token->cache, object, crlobjc,
-	                                 crl_tmpl, crlsize);
+        nssTokenObjectCache_ImportObject(token->cache, object, crlobjc,
+                                         crl_tmpl, crlsize);
     }
     return object;
 }
 
 NSS_IMPLEMENT nssCryptokiObject **
-nssToken_FindCRLsBySubject (
-  NSSToken *token,
-  nssSession *sessionOpt,
-  NSSDER *subject,
-  nssTokenSearchType searchType,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-)
+nssToken_FindCRLsBySubject(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    NSSDER *subject,
+    nssTokenSearchType searchType,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
 {
     CK_OBJECT_CLASS crlobjc = CKO_NSS_CRL;
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE crlobj_template[3];
     CK_ULONG crlobj_size;
     nssCryptokiObject **objects = NULL;
     nssSession *session = sessionOpt ? sessionOpt : token->defaultSession;
 
     /* Don't ask the module to use an invalid session handle. */
     if (!session || session->handle == CK_INVALID_SESSION) {
-	PORT_SetError(SEC_ERROR_NO_TOKEN);
-	return objects;
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return objects;
     }
 
     NSS_CK_TEMPLATE_START(crlobj_template, attr, crlobj_size);
     if (searchType == nssTokenSearchType_SessionOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
-    } else if (searchType == nssTokenSearchType_TokenOnly ||
-               searchType == nssTokenSearchType_TokenForced) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
     }
-    NSS_CK_SET_ATTRIBUTE_VAR( attr, CKA_CLASS, crlobjc);
+    else if (searchType == nssTokenSearchType_TokenOnly ||
+             searchType == nssTokenSearchType_TokenForced) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+    }
+    NSS_CK_SET_ATTRIBUTE_VAR(attr, CKA_CLASS, crlobjc);
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_SUBJECT, subject);
     NSS_CK_TEMPLATE_FINISH(crlobj_template, attr, crlobj_size);
 
     objects = find_objects_by_template(token, session,
                                        crlobj_template, crlobj_size,
                                        maximumOpt, statusOpt);
     return objects;
 }
 
 NSS_IMPLEMENT PRStatus
-nssToken_GetCachedObjectAttributes (
-  NSSToken *token,
-  NSSArena *arenaOpt,
-  nssCryptokiObject *object,
-  CK_OBJECT_CLASS objclass,
-  CK_ATTRIBUTE_PTR atemplate,
-  CK_ULONG atlen
-)
+nssToken_GetCachedObjectAttributes(
+    NSSToken *token,
+    NSSArena *arenaOpt,
+    nssCryptokiObject *object,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR atemplate,
+    CK_ULONG atlen)
 {
     if (!token->cache) {
-	return PR_FAILURE;
+        return PR_FAILURE;
     }
     return nssTokenObjectCache_GetObjectAttributes(token->cache, arenaOpt,
                                                    object, objclass,
                                                    atemplate, atlen);
 }
 
 NSS_IMPLEMENT NSSItem *
-nssToken_Digest (
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  NSSAlgorithmAndParameters *ap,
-  NSSItem *data,
-  NSSItem *rvOpt,
-  NSSArena *arenaOpt
-)
+nssToken_Digest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSAlgorithmAndParameters *ap,
+    NSSItem *data,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
 {
     CK_RV ckrv;
     CK_ULONG digestLen;
     CK_BYTE_PTR digest;
     NSSItem *rvItem = NULL;
     void *epv = nssToken_GetCryptokiEPV(tok);
     nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
 
     /* Don't ask the module to use an invalid session handle. */
     if (!session || session->handle == CK_INVALID_SESSION) {
-	PORT_SetError(SEC_ERROR_NO_TOKEN);
-	return rvItem;
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return rvItem;
     }
 
     nssSession_EnterMonitor(session);
     ckrv = CKAPI(epv)->C_DigestInit(session->handle, &ap->mechanism);
     if (ckrv != CKR_OK) {
-	nssSession_ExitMonitor(session);
-	return NULL;
+        nssSession_ExitMonitor(session);
+        return NULL;
     }
 #if 0
     /* XXX the standard says this should work, but it doesn't */
     ckrv = CKAPI(epv)->C_Digest(session->handle, NULL, 0, NULL, &digestLen);
     if (ckrv != CKR_OK) {
 	nssSession_ExitMonitor(session);
 	return NULL;
     }
 #endif
     digestLen = 0; /* XXX for now */
     digest = NULL;
     if (rvOpt) {
-	if (rvOpt->size > 0 && rvOpt->size < digestLen) {
-	    nssSession_ExitMonitor(session);
-	    /* the error should be bad args */
-	    return NULL;
-	}
-	if (rvOpt->data) {
-	    digest = rvOpt->data;
-	}
-	digestLen = rvOpt->size;
+        if (rvOpt->size > 0 && rvOpt->size < digestLen) {
+            nssSession_ExitMonitor(session);
+            /* the error should be bad args */
+            return NULL;
+        }
+        if (rvOpt->data) {
+            digest = rvOpt->data;
+        }
+        digestLen = rvOpt->size;
     }
     if (!digest) {
-	digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen);
-	if (!digest) {
-	    nssSession_ExitMonitor(session);
-	    return NULL;
-	}
+        digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen);
+        if (!digest) {
+            nssSession_ExitMonitor(session);
+            return NULL;
+        }
     }
-    ckrv = CKAPI(epv)->C_Digest(session->handle, 
-                                (CK_BYTE_PTR)data->data, 
+    ckrv = CKAPI(epv)->C_Digest(session->handle,
+                                (CK_BYTE_PTR)data->data,
                                 (CK_ULONG)data->size,
                                 (CK_BYTE_PTR)digest,
                                 &digestLen);
     nssSession_ExitMonitor(session);
     if (ckrv != CKR_OK) {
-	nss_ZFreeIf(digest);
-	return NULL;
+        nss_ZFreeIf(digest);
+        return NULL;
     }
     if (!rvOpt) {
-	rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest);
+        rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest);
     }
     return rvItem;
 }
 
 NSS_IMPLEMENT PRStatus
-nssToken_BeginDigest (
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  NSSAlgorithmAndParameters *ap
-)
+nssToken_BeginDigest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSAlgorithmAndParameters *ap)
 {
     CK_RV ckrv;
     void *epv = nssToken_GetCryptokiEPV(tok);
     nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
 
     /* Don't ask the module to use an invalid session handle. */
     if (!session || session->handle == CK_INVALID_SESSION) {
-	PORT_SetError(SEC_ERROR_NO_TOKEN);
-	return PR_FAILURE;
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return PR_FAILURE;
     }
 
     nssSession_EnterMonitor(session);
     ckrv = CKAPI(epv)->C_DigestInit(session->handle, &ap->mechanism);
     nssSession_ExitMonitor(session);
     return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
 }
 
 NSS_IMPLEMENT PRStatus
-nssToken_ContinueDigest (
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  NSSItem *item
-)
+nssToken_ContinueDigest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSItem *item)
 {
     CK_RV ckrv;
     void *epv = nssToken_GetCryptokiEPV(tok);
     nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
 
     /* Don't ask the module to use an invalid session handle. */
     if (!session || session->handle == CK_INVALID_SESSION) {
-	PORT_SetError(SEC_ERROR_NO_TOKEN);
-	return PR_FAILURE;
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return PR_FAILURE;
     }
 
     nssSession_EnterMonitor(session);
-    ckrv = CKAPI(epv)->C_DigestUpdate(session->handle, 
-                                      (CK_BYTE_PTR)item->data, 
+    ckrv = CKAPI(epv)->C_DigestUpdate(session->handle,
+                                      (CK_BYTE_PTR)item->data,
                                       (CK_ULONG)item->size);
     nssSession_ExitMonitor(session);
     return (ckrv == CKR_OK) ? PR_SUCCESS : PR_FAILURE;
 }
 
 NSS_IMPLEMENT NSSItem *
-nssToken_FinishDigest (
-  NSSToken *tok,
-  nssSession *sessionOpt,
-  NSSItem *rvOpt,
-  NSSArena *arenaOpt
-)
+nssToken_FinishDigest(
+    NSSToken *tok,
+    nssSession *sessionOpt,
+    NSSItem *rvOpt,
+    NSSArena *arenaOpt)
 {
     CK_RV ckrv;
     CK_ULONG digestLen;
     CK_BYTE_PTR digest;
     NSSItem *rvItem = NULL;
     void *epv = nssToken_GetCryptokiEPV(tok);
     nssSession *session = (sessionOpt) ? sessionOpt : tok->defaultSession;
 
     /* Don't ask the module to use an invalid session handle. */
     if (!session || session->handle == CK_INVALID_SESSION) {
-	PORT_SetError(SEC_ERROR_NO_TOKEN);
-	return NULL;
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return NULL;
     }
 
     nssSession_EnterMonitor(session);
     ckrv = CKAPI(epv)->C_DigestFinal(session->handle, NULL, &digestLen);
     if (ckrv != CKR_OK || digestLen == 0) {
-	nssSession_ExitMonitor(session);
-	return NULL;
+        nssSession_ExitMonitor(session);
+        return NULL;
     }
     digest = NULL;
     if (rvOpt) {
-	if (rvOpt->size > 0 && rvOpt->size < digestLen) {
-	    nssSession_ExitMonitor(session);
-	    /* the error should be bad args */
-	    return NULL;
-	}
-	if (rvOpt->data) {
-	    digest = rvOpt->data;
-	}
-	digestLen = rvOpt->size;
+        if (rvOpt->size > 0 && rvOpt->size < digestLen) {
+            nssSession_ExitMonitor(session);
+            /* the error should be bad args */
+            return NULL;
+        }
+        if (rvOpt->data) {
+            digest = rvOpt->data;
+        }
+        digestLen = rvOpt->size;
     }
     if (!digest) {
-	digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen);
-	if (!digest) {
-	    nssSession_ExitMonitor(session);
-	    return NULL;
-	}
+        digest = (CK_BYTE_PTR)nss_ZAlloc(arenaOpt, digestLen);
+        if (!digest) {
+            nssSession_ExitMonitor(session);
+            return NULL;
+        }
     }
     ckrv = CKAPI(epv)->C_DigestFinal(session->handle, digest, &digestLen);
     nssSession_ExitMonitor(session);
     if (ckrv != CKR_OK) {
-	nss_ZFreeIf(digest);
-	return NULL;
+        nss_ZFreeIf(digest);
+        return NULL;
     }
     if (!rvOpt) {
-	rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest);
+        rvItem = nssItem_Create(arenaOpt, NULL, digestLen, (void *)digest);
     }
     return rvItem;
 }
 
 NSS_IMPLEMENT PRBool
-nssToken_IsPresent (
-  NSSToken *token
-)
+nssToken_IsPresent(
+    NSSToken *token)
 {
     return nssSlot_IsTokenPresent(token->slot);
 }
 
 /* Sigh.  The methods to find objects declared above cause problems with
- * the low-level object cache in the softoken -- the objects are found in 
- * toto, then one wave of GetAttributes is done, then another.  Having a 
- * large number of objects causes the cache to be thrashed, as the objects 
+ * the low-level object cache in the softoken -- the objects are found in
+ * toto, then one wave of GetAttributes is done, then another.  Having a
+ * large number of objects causes the cache to be thrashed, as the objects
  * are gone before there's any chance to ask for their attributes.
- * So, for now, bringing back traversal methods for certs.  This way all of 
+ * So, for now, bringing back traversal methods for certs.  This way all of
  * the cert's attributes can be grabbed immediately after finding it,
  * increasing the likelihood that the cache takes care of it.
  */
 NSS_IMPLEMENT PRStatus
-nssToken_TraverseCertificates (
-  NSSToken *token,
-  nssSession *sessionOpt,
-  nssTokenSearchType searchType,
-  PRStatus (* callback)(nssCryptokiObject *instance, void *arg),
-  void *arg
-)
+nssToken_TraverseCertificates(
+    NSSToken *token,
+    nssSession *sessionOpt,
+    nssTokenSearchType searchType,
+    PRStatus (*callback)(nssCryptokiObject *instance, void *arg),
+    void *arg)
 {
     CK_RV ckrv;
     CK_ULONG count;
     CK_OBJECT_HANDLE *objectHandles;
     CK_ATTRIBUTE_PTR attr;
     CK_ATTRIBUTE cert_template[2];
     CK_ULONG ctsize;
     NSSArena *arena;
     PRUint32 arraySize, numHandles;
     nssCryptokiObject **objects;
     void *epv = nssToken_GetCryptokiEPV(token);
     nssSession *session = (sessionOpt) ? sessionOpt : token->defaultSession;
 
     /* Don't ask the module to use an invalid session handle. */
     if (!session || session->handle == CK_INVALID_SESSION) {
-	PORT_SetError(SEC_ERROR_NO_TOKEN);
-	return PR_FAILURE;
+        PORT_SetError(SEC_ERROR_NO_TOKEN);
+        return PR_FAILURE;
     }
 
     /* template for all certs */
     NSS_CK_TEMPLATE_START(cert_template, attr, ctsize);
     if (searchType == nssTokenSearchType_SessionOnly) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
-    } else if (searchType == nssTokenSearchType_TokenOnly ||
-               searchType == nssTokenSearchType_TokenForced) {
-	NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_false);
+    }
+    else if (searchType == nssTokenSearchType_TokenOnly ||
+             searchType == nssTokenSearchType_TokenForced) {
+        NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_TOKEN, &g_ck_true);
     }
     NSS_CK_SET_ATTRIBUTE_ITEM(attr, CKA_CLASS, &g_ck_class_cert);
     NSS_CK_TEMPLATE_FINISH(cert_template, attr, ctsize);
 
     /* the arena is only for the array of object handles */
     arena = nssArena_Create();
     if (!arena) {
-	return PR_FAILURE;
+        return PR_FAILURE;
     }
     arraySize = OBJECT_STACK_SIZE;
     numHandles = 0;
     objectHandles = nss_ZNEWARRAY(arena, CK_OBJECT_HANDLE, arraySize);
     if (!objectHandles) {
-	goto loser;
+        goto loser;
     }
     nssSession_EnterMonitor(session); /* ==== session lock === */
     /* Initialize the find with the template */
-    ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle, 
+    ckrv = CKAPI(epv)->C_FindObjectsInit(session->handle,
                                          cert_template, ctsize);
     if (ckrv != CKR_OK) {
-	nssSession_ExitMonitor(session);
-	goto loser;
+        nssSession_ExitMonitor(session);
+        goto loser;
     }
     while (PR_TRUE) {
-	/* Issue the find for up to arraySize - numHandles objects */
-	ckrv = CKAPI(epv)->C_FindObjects(session->handle, 
-	                                 objectHandles + numHandles, 
-	                                 arraySize - numHandles, 
-	                                 &count);
-	if (ckrv != CKR_OK) {
-	    nssSession_ExitMonitor(session);
-	    goto loser;
-	}
-	/* bump the number of found objects */
-	numHandles += count;
-	if (numHandles < arraySize) {
-	    break;
-	}
-	/* the array is filled, double it and continue */
-	arraySize *= 2;
-	objectHandles = nss_ZREALLOCARRAY(objectHandles, 
-	                                  CK_OBJECT_HANDLE, 
-	                                  arraySize);
-	if (!objectHandles) {
-	    nssSession_ExitMonitor(session);
-	    goto loser;
-	}
+        /* Issue the find for up to arraySize - numHandles objects */
+        ckrv = CKAPI(epv)->C_FindObjects(session->handle,
+                                         objectHandles + numHandles,
+                                         arraySize - numHandles,
+                                         &count);
+        if (ckrv != CKR_OK) {
+            nssSession_ExitMonitor(session);
+            goto loser;
+        }
+        /* bump the number of found objects */
+        numHandles += count;
+        if (numHandles < arraySize) {
+            break;
+        }
+        /* the array is filled, double it and continue */
+        arraySize *= 2;
+        objectHandles = nss_ZREALLOCARRAY(objectHandles,
+                                          CK_OBJECT_HANDLE,
+                                          arraySize);
+        if (!objectHandles) {
+            nssSession_ExitMonitor(session);
+            goto loser;
+        }
     }
     ckrv = CKAPI(epv)->C_FindObjectsFinal(session->handle);
     nssSession_ExitMonitor(session); /* ==== end session lock === */
     if (ckrv != CKR_OK) {
-	goto loser;
+        goto loser;
     }
     if (numHandles > 0) {
-	objects = create_objects_from_handles(token, session,
-	                                      objectHandles, numHandles);
-	if (objects) {
-	    nssCryptokiObject **op;
-	    for (op = objects; *op; op++) {
-		(void)(*callback)(*op, arg);
-	    }
-	    nss_ZFreeIf(objects);
-	}
+        objects = create_objects_from_handles(token, session,
+                                              objectHandles, numHandles);
+        if (objects) {
+            nssCryptokiObject **op;
+            for (op = objects; *op; op++) {
+                (void)(*callback)(*op, arg);
+            }
+            nss_ZFreeIf(objects);
+        }
     }
     nssArena_Destroy(arena);
     return PR_SUCCESS;
 loser:
     nssArena_Destroy(arena);
     return PR_FAILURE;
 }
 
 NSS_IMPLEMENT PRBool
-nssToken_IsPrivateKeyAvailable (
-  NSSToken *token,
-  NSSCertificate *c,
-  nssCryptokiObject *instance
-)
+nssToken_IsPrivateKeyAvailable(
+    NSSToken *token,
+    NSSCertificate *c,
+    nssCryptokiObject *instance)
 {
     CK_OBJECT_CLASS theClass;
 
-    if (token == NULL) return PR_FALSE;
-    if (c == NULL) return PR_FALSE;
+    if (token == NULL)
+        return PR_FALSE;
+    if (c == NULL)
+        return PR_FALSE;
 
     theClass = CKO_PRIVATE_KEY;
     if (!nssSlot_IsLoggedIn(token->slot)) {
-	theClass = CKO_PUBLIC_KEY;
+        theClass = CKO_PUBLIC_KEY;
     }
-    if (PK11_MatchItem(token->pk11slot, instance->handle, theClass) 
-						!= CK_INVALID_HANDLE) {
-	return PR_TRUE;
+    if (PK11_MatchItem(token->pk11slot, instance->handle, theClass) !=
+        CK_INVALID_HANDLE) {
+        return PR_TRUE;
     }
     return PR_FALSE;
 }
--- a/lib/dev/devutil.c
+++ b/lib/dev/devutil.c
@@ -6,344 +6,336 @@
 #include "devm.h"
 #endif /* DEVM_H */
 
 #ifndef CKHELPER_H
 #include "ckhelper.h"
 #endif /* CKHELPER_H */
 
 NSS_IMPLEMENT nssCryptokiObject *
-nssCryptokiObject_Create (
-  NSSToken *t, 
-  nssSession *session,
-  CK_OBJECT_HANDLE h
-)
+nssCryptokiObject_Create(
+    NSSToken *t,
+    nssSession *session,
+    CK_OBJECT_HANDLE h)
 {
     PRStatus status;
     NSSSlot *slot;
     nssCryptokiObject *object;
     CK_BBOOL *isTokenObject;
     CK_ATTRIBUTE cert_template[] = {
-	{ CKA_TOKEN, NULL, 0 },
-	{ CKA_LABEL, NULL, 0 }
+        { CKA_TOKEN, NULL, 0 },
+        { CKA_LABEL, NULL, 0 }
     };
     slot = nssToken_GetSlot(t);
     status = nssCKObject_GetAttributes(h, cert_template, 2,
                                        NULL, session, slot);
     nssSlot_Destroy(slot);
     if (status != PR_SUCCESS) {
-	/* a failure here indicates a device error */
-	return (nssCryptokiObject *)NULL;
+        /* a failure here indicates a device error */
+        return (nssCryptokiObject *)NULL;
     }
     object = nss_ZNEW(NULL, nssCryptokiObject);
     if (!object) {
-	return (nssCryptokiObject *)NULL;
+        return (nssCryptokiObject *)NULL;
     }
     object->handle = h;
     object->token = nssToken_AddRef(t);
     isTokenObject = (CK_BBOOL *)cert_template[0].pValue;
     object->isTokenObject = *isTokenObject;
     nss_ZFreeIf(isTokenObject);
     NSS_CK_ATTRIBUTE_TO_UTF8(&cert_template[1], object->label);
     return object;
 }
 
 NSS_IMPLEMENT void
-nssCryptokiObject_Destroy (
-  nssCryptokiObject *object
-)
+nssCryptokiObject_Destroy(
+    nssCryptokiObject *object)
 {
     if (object) {
-	nssToken_Destroy(object->token);
-	nss_ZFreeIf(object->label);
-	nss_ZFreeIf(object);
+        nssToken_Destroy(object->token);
+        nss_ZFreeIf(object->label);
+        nss_ZFreeIf(object);
     }
 }
 
 NSS_IMPLEMENT nssCryptokiObject *
-nssCryptokiObject_Clone (
-  nssCryptokiObject *object
-)
+nssCryptokiObject_Clone(
+    nssCryptokiObject *object)
 {
     nssCryptokiObject *rvObject;
     rvObject = nss_ZNEW(NULL, nssCryptokiObject);
     if (rvObject) {
-	rvObject->handle = object->handle;
-	rvObject->token = nssToken_AddRef(object->token);
-	rvObject->isTokenObject = object->isTokenObject;
-	if (object->label) {
-	    rvObject->label = nssUTF8_Duplicate(object->label, NULL);
-	}
+        rvObject->handle = object->handle;
+        rvObject->token = nssToken_AddRef(object->token);
+        rvObject->isTokenObject = object->isTokenObject;
+        if (object->label) {
+            rvObject->label = nssUTF8_Duplicate(object->label, NULL);
+        }
     }
     return rvObject;
 }
 
 NSS_EXTERN PRBool
-nssCryptokiObject_Equal (
-  nssCryptokiObject *o1,
-  nssCryptokiObject *o2
-)
+nssCryptokiObject_Equal(
+    nssCryptokiObject *o1,
+    nssCryptokiObject *o2)
 {
     return (o1->token == o2->token && o1->handle == o2->handle);
 }
 
 NSS_IMPLEMENT PRUint32
 nssPKCS11String_Length(CK_CHAR *pkcs11Str, PRUint32 bufLen)
 {
     PRInt32 i;
-    for (i = bufLen - 1; i>=0; ) {
-	if (pkcs11Str[i] != ' ' && pkcs11Str[i] != '\0') break;
-	--i;
+    for (i = bufLen - 1; i >= 0;) {
+        if (pkcs11Str[i] != ' ' && pkcs11Str[i] != '\0')
+            break;
+        --i;
     }
     return (PRUint32)(i + 1);
 }
 
 /*
  * Slot arrays
  */
 
 NSS_IMPLEMENT NSSSlot **
-nssSlotArray_Clone (
-  NSSSlot **slots
-)
+nssSlotArray_Clone(
+    NSSSlot **slots)
 {
     NSSSlot **rvSlots = NULL;
     NSSSlot **sp = slots;
     PRUint32 count = 0;
-    while (sp && *sp) count++;
+    while (sp && *sp)
+        count++;
     if (count > 0) {
-	rvSlots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1);
-	if (rvSlots) {
-	    for (sp = slots, count = 0; *sp; sp++) {
-		rvSlots[count++] = nssSlot_AddRef(*sp);
-	    }
-	}
+        rvSlots = nss_ZNEWARRAY(NULL, NSSSlot *, count + 1);
+        if (rvSlots) {
+            for (sp = slots, count = 0; *sp; sp++) {
+                rvSlots[count++] = nssSlot_AddRef(*sp);
+            }
+        }
     }
     return rvSlots;
 }
 
 NSS_IMPLEMENT void
-nssSlotArray_Destroy (
-  NSSSlot **slots
-)
+nssSlotArray_Destroy(
+    NSSSlot **slots)
 {
     if (slots) {
-	NSSSlot **slotp;
-	for (slotp = slots; *slotp; slotp++) {
-	    nssSlot_Destroy(*slotp);
-	}
-	nss_ZFreeIf(slots);
+        NSSSlot **slotp;
+        for (slotp = slots; *slotp; slotp++) {
+            nssSlot_Destroy(*slotp);
+        }
+        nss_ZFreeIf(slots);
     }
 }
 
 NSS_IMPLEMENT void
-NSSSlotArray_Destroy (
-  NSSSlot **slots
-)
+NSSSlotArray_Destroy(
+    NSSSlot **slots)
 {
     nssSlotArray_Destroy(slots);
 }
 
 NSS_IMPLEMENT void
-nssTokenArray_Destroy (
-  NSSToken **tokens
-)
+nssTokenArray_Destroy(
+    NSSToken **tokens)
 {
     if (tokens) {
-	NSSToken **tokenp;
-	for (tokenp = tokens; *tokenp; tokenp++) {
-	    nssToken_Destroy(*tokenp);
-	}
-	nss_ZFreeIf(tokens);
+        NSSToken **tokenp;
+        for (tokenp = tokens; *tokenp; tokenp++) {
+            nssToken_Destroy(*tokenp);
+        }
+        nss_ZFreeIf(tokens);
     }
 }
 
 NSS_IMPLEMENT void
-NSSTokenArray_Destroy (
-  NSSToken **tokens
-)
+NSSTokenArray_Destroy(
+    NSSToken **tokens)
 {
     nssTokenArray_Destroy(tokens);
 }
 
 NSS_IMPLEMENT void
-nssCryptokiObjectArray_Destroy (
-  nssCryptokiObject **objects
-)
+nssCryptokiObjectArray_Destroy(
+    nssCryptokiObject **objects)
 {
     if (objects) {
-	nssCryptokiObject **op;
-	for (op = objects; *op; op++) {
-	    nssCryptokiObject_Destroy(*op);
-	}
-	nss_ZFreeIf(objects);
+        nssCryptokiObject **op;
+        for (op = objects; *op; op++) {
+            nssCryptokiObject_Destroy(*op);
+        }
+        nss_ZFreeIf(objects);
     }
 }
 
 /* object cache for token */
 
 typedef struct
-{
-  NSSArena *arena;
-  nssCryptokiObject *object;
-  CK_ATTRIBUTE_PTR attributes;
-  CK_ULONG numAttributes;
-}
-nssCryptokiObjectAndAttributes;
+    {
+    NSSArena *arena;
+    nssCryptokiObject *object;
+    CK_ATTRIBUTE_PTR attributes;
+    CK_ULONG numAttributes;
+} nssCryptokiObjectAndAttributes;
 
 enum {
-  cachedCerts = 0,
-  cachedTrust = 1,
-  cachedCRLs = 2
+    cachedCerts = 0,
+    cachedTrust = 1,
+    cachedCRLs = 2
 } cachedObjectType;
 
-struct nssTokenObjectCacheStr
-{
-  NSSToken *token;
-  PZLock *lock;
-  PRBool loggedIn;
-  PRBool doObjectType[3];
-  PRBool searchedObjectType[3];
-  nssCryptokiObjectAndAttributes **objects[3];
+struct nssTokenObjectCacheStr {
+    NSSToken *token;
+    PZLock *lock;
+    PRBool loggedIn;
+    PRBool doObjectType[3];
+    PRBool searchedObjectType[3];
+    nssCryptokiObjectAndAttributes **objects[3];
 };
 
 NSS_IMPLEMENT nssTokenObjectCache *
-nssTokenObjectCache_Create (
-  NSSToken *token,
-  PRBool cacheCerts,
-  PRBool cacheTrust,
-  PRBool cacheCRLs
-)
+nssTokenObjectCache_Create(
+    NSSToken *token,
+    PRBool cacheCerts,
+    PRBool cacheTrust,
+    PRBool cacheCRLs)
 {
     nssTokenObjectCache *rvCache;
     rvCache = nss_ZNEW(NULL, nssTokenObjectCache);
     if (!rvCache) {
-	goto loser;
+        goto loser;
     }
     rvCache->lock = PZ_NewLock(nssILockOther); /* XXX */
     if (!rvCache->lock) {
-	goto loser;
+        goto loser;
     }
     rvCache->doObjectType[cachedCerts] = cacheCerts;
     rvCache->doObjectType[cachedTrust] = cacheTrust;
     rvCache->doObjectType[cachedCRLs] = cacheCRLs;
     rvCache->token = token; /* cache goes away with token */
     return rvCache;
 loser:
     nssTokenObjectCache_Destroy(rvCache);
     return (nssTokenObjectCache *)NULL;
 }
 
 static void
-clear_cache (
-  nssTokenObjectCache *cache
-)
+clear_cache(
+    nssTokenObjectCache *cache)
 {
     nssCryptokiObjectAndAttributes **oa;
     PRUint32 objectType;
     for (objectType = cachedCerts; objectType <= cachedCRLs; objectType++) {
-	cache->searchedObjectType[objectType] = PR_FALSE;
-	if (!cache->objects[objectType]) {
-	    continue;
-	}
-	for (oa = cache->objects[objectType]; *oa; oa++) {
-	    /* prevent the token from being destroyed */
-	    (*oa)->object->token = NULL;
-	    nssCryptokiObject_Destroy((*oa)->object);
-	    nssArena_Destroy((*oa)->arena);
-	}
-	nss_ZFreeIf(cache->objects[objectType]);
-	cache->objects[objectType] = NULL;
+        cache->searchedObjectType[objectType] = PR_FALSE;
+        if (!cache->objects[objectType]) {
+            continue;
+        }
+        for (oa = cache->objects[objectType]; *oa; oa++) {
+            /* prevent the token from being destroyed */
+            (*oa)->object->token = NULL;
+            nssCryptokiObject_Destroy((*oa)->object);
+            nssArena_Destroy((*oa)->arena);
+        }
+        nss_ZFreeIf(cache->objects[objectType]);
+        cache->objects[objectType] = NULL;
     }
 }
 
 NSS_IMPLEMENT void
-nssTokenObjectCache_Clear (
-  nssTokenObjectCache *cache
-)
+nssTokenObjectCache_Clear(
+    nssTokenObjectCache *cache)
 {
     if (cache) {
-	PZ_Lock(cache->lock);
-	clear_cache(cache);
-	PZ_Unlock(cache->lock);
+        PZ_Lock(cache->lock);
+        clear_cache(cache);
+        PZ_Unlock(cache->lock);
     }
 }
 
 NSS_IMPLEMENT void
-nssTokenObjectCache_Destroy (
-  nssTokenObjectCache *cache
-)
+nssTokenObjectCache_Destroy(
+    nssTokenObjectCache *cache)
 {
     if (cache) {
-	clear_cache(cache);
-	if (cache->lock) {
-	    PZ_DestroyLock(cache->lock);
-	}
-	nss_ZFreeIf(cache);
+        clear_cache(cache);
+        if (cache->lock) {
+            PZ_DestroyLock(cache->lock);
+        }
+        nss_ZFreeIf(cache);
     }
 }
 
 NSS_IMPLEMENT PRBool
-nssTokenObjectCache_HaveObjectClass (
-  nssTokenObjectCache *cache,
-  CK_OBJECT_CLASS objclass
-)
+nssTokenObjectCache_HaveObjectClass(
+    nssTokenObjectCache *cache,
+    CK_OBJECT_CLASS objclass)
 {
     PRBool haveIt;
     PZ_Lock(cache->lock);
     switch (objclass) {
-    case CKO_CERTIFICATE:    haveIt = cache->doObjectType[cachedCerts]; break;
-    case CKO_NETSCAPE_TRUST: haveIt = cache->doObjectType[cachedTrust]; break;
-    case CKO_NETSCAPE_CRL:   haveIt = cache->doObjectType[cachedCRLs];  break;
-    default:                 haveIt = PR_FALSE;
+        case CKO_CERTIFICATE:
+            haveIt = cache->doObjectType[cachedCerts];
+            break;
+        case CKO_NETSCAPE_TRUST:
+            haveIt = cache->doObjectType[cachedTrust];
+            break;
+        case CKO_NETSCAPE_CRL:
+            haveIt = cache->doObjectType[cachedCRLs];
+            break;
+        default:
+            haveIt = PR_FALSE;
     }
     PZ_Unlock(cache->lock);
     return haveIt;
 }
 
 static nssCryptokiObjectAndAttributes **
-create_object_array (
-  nssCryptokiObject **objects,
-  PRBool *doObjects,
-  PRUint32 *numObjects,
-  PRStatus *status
-)
+create_object_array(
+    nssCryptokiObject **objects,
+    PRBool *doObjects,
+    PRUint32 *numObjects,
+    PRStatus *status)
 {
     nssCryptokiObjectAndAttributes **rvOandA = NULL;
     *numObjects = 0;
     /* There are no objects for this type */
     if (!objects || !*objects) {
-	*status = PR_SUCCESS;
-	return rvOandA;
+        *status = PR_SUCCESS;
+        return rvOandA;
     }
-    while (*objects++) (*numObjects)++;
+    while (*objects++)
+        (*numObjects)++;
     if (*numObjects >= MAX_LOCAL_CACHE_OBJECTS) {
-	/* Hit the maximum allowed, so don't use a cache (there are
-	 * too many objects to make caching worthwhile, presumably, if
-	 * the token can handle that many objects, it can handle searching.
-	 */
-	*doObjects = PR_FALSE;
-	*status = PR_FAILURE;
-	*numObjects = 0;
-    } else {
-	rvOandA = nss_ZNEWARRAY(NULL, 
-	                        nssCryptokiObjectAndAttributes *, 
-	                        *numObjects + 1);
-	*status = rvOandA ? PR_SUCCESS : PR_FAILURE;
+        /* Hit the maximum allowed, so don't use a cache (there are
+         * too many objects to make caching worthwhile, presumably, if
+         * the token can handle that many objects, it can handle searching.
+         */
+        *doObjects = PR_FALSE;
+        *status = PR_FAILURE;
+        *numObjects = 0;
+    }
+    else {
+        rvOandA = nss_ZNEWARRAY(NULL,
+                                nssCryptokiObjectAndAttributes *,
+                                *numObjects + 1);
+        *status = rvOandA ? PR_SUCCESS : PR_FAILURE;
     }
     return rvOandA;
 }
 
 static nssCryptokiObjectAndAttributes *
-create_object (
-  nssCryptokiObject *object,
-  const CK_ATTRIBUTE_TYPE *types,
-  PRUint32 numTypes,
-  PRStatus *status
-)
+create_object(
+    nssCryptokiObject *object,
+    const CK_ATTRIBUTE_TYPE *types,
+    PRUint32 numTypes,
+    PRStatus *status)
 {
     PRUint32 j;
     NSSArena *arena = NULL;
     NSSSlot *slot = NULL;
     nssSession *session = NULL;
     nssCryptokiObjectAndAttributes *rvCachedObject = NULL;
 
     slot = nssToken_GetSlot(object->token);
@@ -353,655 +345,662 @@ create_object (
     }
     session = nssToken_GetDefaultSession(object->token);
     if (!session) {
         nss_SetError(NSS_ERROR_INVALID_POINTER);
         goto loser;
     }
     arena = nssArena_Create();
     if (!arena) {
-	goto loser;
+        goto loser;
     }
     rvCachedObject = nss_ZNEW(arena, nssCryptokiObjectAndAttributes);
     if (!rvCachedObject) {
-	goto loser;
+        goto loser;
     }
     rvCachedObject->arena = arena;
     /* The cache is tied to the token, and therefore the objects
      * in it should not hold references to the token.
      */
     nssToken_Destroy(object->token);
     rvCachedObject->object = object;
     rvCachedObject->attributes = nss_ZNEWARRAY(arena, CK_ATTRIBUTE, numTypes);
     if (!rvCachedObject->attributes) {
-	goto loser;
+        goto loser;
     }
-    for (j=0; j<numTypes; j++) {
-	rvCachedObject->attributes[j].type = types[j];
+    for (j = 0; j < numTypes; j++) {
+        rvCachedObject->attributes[j].type = types[j];
     }
     *status = nssCKObject_GetAttributes(object->handle,
                                         rvCachedObject->attributes,
                                         numTypes,
                                         arena,
                                         session,
                                         slot);
     if (*status != PR_SUCCESS) {
-	goto loser;
+        goto loser;
     }
     rvCachedObject->numAttributes = numTypes;
     *status = PR_SUCCESS;
     nssSlot_Destroy(slot);
 
     return rvCachedObject;
 loser:
     *status = PR_FAILURE;
     if (slot) {
-	nssSlot_Destroy(slot);
+        nssSlot_Destroy(slot);
     }
     if (arena)
-	nssArena_Destroy(arena);
+        nssArena_Destroy(arena);
     return (nssCryptokiObjectAndAttributes *)NULL;
 }
 
 /*
  *
  * State diagram for cache:
  *
  *            token !present            token removed
  *        +-------------------------+<----------------------+
  *        |                         ^                       |
  *        v                         |                       |
- *  +----------+   slot friendly    |  token present   +----------+ 
+ *  +----------+   slot friendly    |  token present   +----------+
  *  |   cache  | -----------------> % ---------------> |   cache  |
  *  | unloaded |                                       |  loaded  |
  *  +----------+                                       +----------+
  *    ^   |                                                 ^   |
  *    |   |   slot !friendly           slot logged in       |   |
  *    |   +-----------------------> % ----------------------+   |
  *    |                             |                           |
  *    | slot logged out             v  slot !friendly           |
  *    +-----------------------------+<--------------------------+
  *
  */
 
 /* This function must not be called with cache->lock locked. */
 static PRBool
-token_is_present (
-  nssTokenObjectCache *cache
-)
+token_is_present(
+    nssTokenObjectCache *cache)
 {
     NSSSlot *slot = nssToken_GetSlot(cache->token);
     PRBool tokenPresent = nssSlot_IsTokenPresent(slot);
     nssSlot_Destroy(slot);
     return tokenPresent;
 }
 
 static PRBool
-search_for_objects (
-  nssTokenObjectCache *cache
-)
+search_for_objects(
+    nssTokenObjectCache *cache)
 {
     PRBool doSearch = PR_FALSE;
     NSSSlot *slot = nssToken_GetSlot(cache->token);
     /* Handle non-friendly slots (slots which require login for objects) */
     if (!nssSlot_IsFriendly(slot)) {
-	if (nssSlot_IsLoggedIn(slot)) {
-	    /* Either no state change, or went from !logged in -> logged in */
-	    cache->loggedIn = PR_TRUE;
-	    doSearch = PR_TRUE;
-	} else {
-	    if (cache->loggedIn) {
-		/* went from logged in -> !logged in, destroy cached objects */
-		clear_cache(cache);
-		cache->loggedIn = PR_FALSE;
-	    } /* else no state change, still not logged in, so exit */
-	}
-    } else {
-	/* slot is friendly, thus always available for search */
-	doSearch = PR_TRUE;
+        if (nssSlot_IsLoggedIn(slot)) {
+            /* Either no state change, or went from !logged in -> logged in */
+            cache->loggedIn = PR_TRUE;
+            doSearch = PR_TRUE;
+        }
+        else {
+            if (cache->loggedIn) {
+                /* went from logged in -> !logged in, destroy cached objects */
+                clear_cache(cache);
+                cache->loggedIn = PR_FALSE;
+            } /* else no state change, still not logged in, so exit */
+        }
+    }
+    else {
+        /* slot is friendly, thus always available for search */
+        doSearch = PR_TRUE;
     }
     nssSlot_Destroy(slot);
     return doSearch;
 }
 
 static nssCryptokiObjectAndAttributes *
-create_cert (
-  nssCryptokiObject *object,
-  PRStatus *status
-)
+create_cert(
+    nssCryptokiObject *object,
+    PRStatus *status)
 {
     static const CK_ATTRIBUTE_TYPE certAttr[] = {
-	CKA_CLASS,
-	CKA_TOKEN,
-	CKA_LABEL,
-	CKA_CERTIFICATE_TYPE,
-	CKA_ID,
-	CKA_VALUE,
-	CKA_ISSUER,
-	CKA_SERIAL_NUMBER,
-	CKA_SUBJECT,
-	CKA_NETSCAPE_EMAIL
+        CKA_CLASS,
+        CKA_TOKEN,
+        CKA_LABEL,
+        CKA_CERTIFICATE_TYPE,
+        CKA_ID,
+        CKA_VALUE,
+        CKA_ISSUER,
+        CKA_SERIAL_NUMBER,
+        CKA_SUBJECT,
+        CKA_NETSCAPE_EMAIL
     };
     static const PRUint32 numCertAttr = sizeof(certAttr) / sizeof(certAttr[0]);
     return create_object(object, certAttr, numCertAttr, status);
 }
 
 static nssCryptokiObjectAndAttributes *
-create_trust (
-  nssCryptokiObject *object,
-  PRStatus *status
-)
+create_trust(
+    nssCryptokiObject *object,
+    PRStatus *status)
 {
     static const CK_ATTRIBUTE_TYPE trustAttr[] = {
-	CKA_CLASS,
-	CKA_TOKEN,
-	CKA_LABEL,
-	CKA_CERT_SHA1_HASH,
-	CKA_CERT_MD5_HASH,
-	CKA_ISSUER,
-	CKA_SUBJECT,
-	CKA_TRUST_SERVER_AUTH,
-	CKA_TRUST_CLIENT_AUTH,
-	CKA_TRUST_EMAIL_PROTECTION,
-	CKA_TRUST_CODE_SIGNING
+        CKA_CLASS,
+        CKA_TOKEN,
+        CKA_LABEL,
+        CKA_CERT_SHA1_HASH,
+        CKA_CERT_MD5_HASH,
+        CKA_ISSUER,
+        CKA_SUBJECT,
+        CKA_TRUST_SERVER_AUTH,
+        CKA_TRUST_CLIENT_AUTH,
+        CKA_TRUST_EMAIL_PROTECTION,
+        CKA_TRUST_CODE_SIGNING
     };
     static const PRUint32 numTrustAttr = sizeof(trustAttr) / sizeof(trustAttr[0]);
     return create_object(object, trustAttr, numTrustAttr, status);
 }
 
 static nssCryptokiObjectAndAttributes *
-create_crl (
-  nssCryptokiObject *object,
-  PRStatus *status
-)
+create_crl(
+    nssCryptokiObject *object,
+    PRStatus *status)
 {
     static const CK_ATTRIBUTE_TYPE crlAttr[] = {
-	CKA_CLASS,
-	CKA_TOKEN,
-	CKA_LABEL,
-	CKA_VALUE,
-	CKA_SUBJECT,
-	CKA_NETSCAPE_KRL,
-	CKA_NETSCAPE_URL
+        CKA_CLASS,
+        CKA_TOKEN,
+        CKA_LABEL,
+        CKA_VALUE,
+        CKA_SUBJECT,
+        CKA_NETSCAPE_KRL,
+        CKA_NETSCAPE_URL
     };
     static const PRUint32 numCRLAttr = sizeof(crlAttr) / sizeof(crlAttr[0]);
     return create_object(object, crlAttr, numCRLAttr, status);
 }
 
 /* Dispatch to the create function for the object type */
 static nssCryptokiObjectAndAttributes *
-create_object_of_type (
-  nssCryptokiObject *object,
-  PRUint32 objectType,
-  PRStatus *status
-)
+create_object_of_type(
+    nssCryptokiObject *object,
+    PRUint32 objectType,
+    PRStatus *status)
 {
     if (objectType == cachedCerts) {
-	return create_cert(object, status);
+        return create_cert(object, status);
     }
     if (objectType == cachedTrust) {
-	return create_trust(object, status);
+        return create_trust(object, status);
     }
     if (objectType == cachedCRLs) {
-	return create_crl(object, status);
+        return create_crl(object, status);
     }
     return (nssCryptokiObjectAndAttributes *)NULL;
 }
 
 static PRStatus
-get_token_objects_for_cache (
-  nssTokenObjectCache *cache,
-  PRUint32 objectType,
-  CK_OBJECT_CLASS objclass
-)
+get_token_objects_for_cache(
+    nssTokenObjectCache *cache,
+    PRUint32 objectType,
+    CK_OBJECT_CLASS objclass)
 {
     PRStatus status;
     nssCryptokiObject **objects;
     PRBool *doIt = &cache->doObjectType[objectType];
     PRUint32 i, numObjects;
 
-    if (!search_for_objects(cache) || 
-         cache->searchedObjectType[objectType] || 
-        !cache->doObjectType[objectType]) 
-    {
-	/* Either there was a state change that prevents a search
-	 * (token logged out), or the search was already done,
-	 * or objects of this type are not being cached.
-	 */
-	return PR_SUCCESS;
+    if (!search_for_objects(cache) ||
+        cache->searchedObjectType[objectType] ||
+        !cache->doObjectType[objectType]) {
+        /* Either there was a state change that prevents a search
+         * (token logged out), or the search was already done,
+         * or objects of this type are not being cached.
+         */
+        return PR_SUCCESS;
     }
     objects = nssToken_FindObjects(cache->token, NULL, objclass,
                                    nssTokenSearchType_TokenForced,
                                    MAX_LOCAL_CACHE_OBJECTS, &status);
     if (status != PR_SUCCESS) {
-	return status;
+        return status;
     }
     cache->objects[objectType] = create_object_array(objects,
                                                      doIt,
                                                      &numObjects,
                                                      &status);
     if (status != PR_SUCCESS) {
-	nss_ZFreeIf(objects);
-	return status;
+        nss_ZFreeIf(objects);
+        return status;
     }
-    for (i=0; i<numObjects; i++) {
-	cache->objects[objectType][i] = create_object_of_type(objects[i],
-	                                                      objectType,
-	                                                      &status);
-	if (status != PR_SUCCESS) {
-	    break;
-	}
+    for (i = 0; i < numObjects; i++) {
+        cache->objects[objectType][i] = create_object_of_type(objects[i],
+                                                              objectType,
+                                                              &status);
+        if (status != PR_SUCCESS) {
+            break;
+        }
     }
     if (status == PR_SUCCESS) {
-	nss_ZFreeIf(objects);
-    } else {
-	PRUint32 j;
-	for (j=0; j<i; j++) {
-	    /* sigh */
-	    nssToken_AddRef(cache->objects[objectType][j]->object->token);
-	    nssArena_Destroy(cache->objects[objectType][j]->arena);
-	}
-	nss_ZFreeIf(cache->objects[objectType]);
-	cache->objects[objectType] = NULL;
-	nssCryptokiObjectArray_Destroy(objects);
+        nss_ZFreeIf(objects);
+    }
+    else {
+        PRUint32 j;
+        for (j = 0; j < i; j++) {
+            /* sigh */
+            nssToken_AddRef(cache->objects[objectType][j]->object->token);
+            nssArena_Destroy(cache->objects[objectType][j]->arena);
+        }
+        nss_ZFreeIf(cache->objects[objectType]);
+        cache->objects[objectType] = NULL;
+        nssCryptokiObjectArray_Destroy(objects);
     }
     cache->searchedObjectType[objectType] = PR_TRUE;
     return status;
 }
 
 static CK_ATTRIBUTE_PTR
-find_attribute_in_object (
-  nssCryptokiObjectAndAttributes *obj,
-  CK_ATTRIBUTE_TYPE attrType
-)
+find_attribute_in_object(
+    nssCryptokiObjectAndAttributes *obj,
+    CK_ATTRIBUTE_TYPE attrType)
 {
     PRUint32 j;
-    for (j=0; j<obj->numAttributes; j++) {
-	if (attrType == obj->attributes[j].type) {
-	    return &obj->attributes[j];
-	}
+    for (j = 0; j < obj->numAttributes; j++) {
+        if (attrType == obj->attributes[j].type) {
+            return &obj->attributes[j];
+        }
     }
     return (CK_ATTRIBUTE_PTR)NULL;
 }
 
 /* Find all objects in the array that match the supplied template */
 static nssCryptokiObject **
-find_objects_in_array (
-  nssCryptokiObjectAndAttributes **objArray,
-  CK_ATTRIBUTE_PTR ot,
-  CK_ULONG otlen,
-  PRUint32 maximumOpt
-)
+find_objects_in_array(
+    nssCryptokiObjectAndAttributes **objArray,
+    CK_ATTRIBUTE_PTR ot,
+    CK_ULONG otlen,
+    PRUint32 maximumOpt)
 {
     PRIntn oi = 0;
     PRUint32 i;
     NSSArena *arena;
     PRUint32 size = 8;
     PRUint32 numMatches = 0;
     nssCryptokiObject **objects = NULL;
     nssCryptokiObjectAndAttributes **matches = NULL;
     CK_ATTRIBUTE_PTR attr;
 
     if (!objArray) {
-	return (nssCryptokiObject **)NULL;
+        return (nssCryptokiObject **)NULL;
     }
     arena = nssArena_Create();
     if (!arena) {
-	return (nssCryptokiObject **)NULL;
+        return (nssCryptokiObject **)NULL;
     }
     matches = nss_ZNEWARRAY(arena, nssCryptokiObjectAndAttributes *, size);
     if (!matches) {
-	goto loser;
+        goto loser;
     }
-    if (maximumOpt == 0) maximumOpt = ~0;
+    if (maximumOpt == 0)
+        maximumOpt = ~0;
     /* loop over the cached objects */
     for (; *objArray && numMatches < maximumOpt; objArray++) {
-	nssCryptokiObjectAndAttributes *obj = *objArray;
-	/* loop over the test template */
-	for (i=0; i<otlen; i++) {
-	    /* see if the object has the attribute */
-	    attr = find_attribute_in_object(obj, ot[i].type);
-	    if (!attr) {
-		/* nope, match failed */
-		break;
-	    }
-	    /* compare the attribute against the test value */
-	    if (ot[i].ulValueLen != attr->ulValueLen ||
-	        !nsslibc_memequal(ot[i].pValue, 
-	                          attr->pValue,
-	                          attr->ulValueLen, NULL))
-	    {
-		/* nope, match failed */
-		break;
-	    }
-	}
-	if (i == otlen) {
-	    /* all of the attributes in the test template were found
-	     * in the object's template, and they all matched
-	     */
-	    matches[numMatches++] = obj;
-	    if (numMatches == size) {
-		size *= 2;
-		matches = nss_ZREALLOCARRAY(matches, 
-		                            nssCryptokiObjectAndAttributes *, 
-		                            size);
-		if (!matches) {
-		    goto loser;
-		}
-	    }
-	}
+        nssCryptokiObjectAndAttributes *obj = *objArray;
+        /* loop over the test template */
+        for (i = 0; i < otlen; i++) {
+            /* see if the object has the attribute */
+            attr = find_attribute_in_object(obj, ot[i].type);
+            if (!attr) {
+                /* nope, match failed */
+                break;
+            }
+            /* compare the attribute against the test value */
+            if (ot[i].ulValueLen != attr->ulValueLen ||
+                !nsslibc_memequal(ot[i].pValue,
+                                  attr->pValue,
+                                  attr->ulValueLen, NULL)) {
+                /* nope, match failed */
+                break;
+            }
+        }
+        if (i == otlen) {
+            /* all of the attributes in the test template were found
+             * in the object's template, and they all matched
+             */
+            matches[numMatches++] = obj;
+            if (numMatches == size) {
+                size *= 2;
+                matches = nss_ZREALLOCARRAY(matches,
+                                            nssCryptokiObjectAndAttributes *,
+                                            size);
+                if (!matches) {
+                    goto loser;
+                }
+            }
+        }
     }
     if (numMatches > 0) {
-	objects = nss_ZNEWARRAY(NULL, nssCryptokiObject *, numMatches + 1);
-	if (!objects) {
-	    goto loser;
-	}
-	for (oi=0; oi<(PRIntn)numMatches; oi++) {
-	    objects[oi] = nssCryptokiObject_Clone(matches[oi]->object);
-	    if (!objects[oi]) {
-		goto loser;
-	    }
-	}
+        objects = nss_ZNEWARRAY(NULL, nssCryptokiObject *, numMatches + 1);
+        if (!objects) {
+            goto loser;
+        }
+        for (oi = 0; oi < (PRIntn)numMatches; oi++) {
+            objects[oi] = nssCryptokiObject_Clone(matches[oi]->object);
+            if (!objects[oi]) {
+                goto loser;
+            }
+        }
     }
     nssArena_Destroy(arena);
     return objects;
 loser:
     nssCryptokiObjectArray_Destroy(objects);
     nssArena_Destroy(arena);
     return (nssCryptokiObject **)NULL;
 }
 
 NSS_IMPLEMENT nssCryptokiObject **
-nssTokenObjectCache_FindObjectsByTemplate (
-  nssTokenObjectCache *cache,
-  CK_OBJECT_CLASS objclass,
-  CK_ATTRIBUTE_PTR otemplate,
-  CK_ULONG otlen,
-  PRUint32 maximumOpt,
-  PRStatus *statusOpt
-)
+nssTokenObjectCache_FindObjectsByTemplate(
+    nssTokenObjectCache *cache,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR otemplate,
+    CK_ULONG otlen,
+    PRUint32 maximumOpt,
+    PRStatus *statusOpt)
 {
     PRStatus status = PR_FAILURE;
     nssCryptokiObject **rvObjects = NULL;
     PRUint32 objectType;
     if (!token_is_present(cache)) {
-	status = PR_SUCCESS;
-	goto finish;
+        status = PR_SUCCESS;
+        goto finish;
     }
     switch (objclass) {
-    case CKO_CERTIFICATE:    objectType = cachedCerts; break;
-    case CKO_NETSCAPE_TRUST: objectType = cachedTrust; break;
-    case CKO_NETSCAPE_CRL:   objectType = cachedCRLs;  break;
-    default: goto finish;
+        case CKO_CERTIFICATE:
+            objectType = cachedCerts;
+            break;
+        case CKO_NETSCAPE_TRUST:
+            objectType = cachedTrust;
+            break;
+        case CKO_NETSCAPE_CRL:
+            objectType = cachedCRLs;
+            break;
+        default:
+            goto finish;
     }
     PZ_Lock(cache->lock);
     if (cache->doObjectType[objectType]) {
-	status = get_token_objects_for_cache(cache, objectType, objclass);
-	if (status == PR_SUCCESS) {
-	    rvObjects = find_objects_in_array(cache->objects[objectType], 
-	                                      otemplate, otlen, maximumOpt);
-	}
+        status = get_token_objects_for_cache(cache, objectType, objclass);
+        if (status == PR_SUCCESS) {
+            rvObjects = find_objects_in_array(cache->objects[objectType],
+                                              otemplate, otlen, maximumOpt);
+        }
     }
     PZ_Unlock(cache->lock);
 finish:
     if (statusOpt) {
-	*statusOpt = status;
+        *statusOpt = status;
     }
     return rvObjects;
 }
 
 static PRBool
-cache_available_for_object_type (
-  nssTokenObjectCache *cache,
-  PRUint32 objectType
-)
+cache_available_for_object_type(
+    nssTokenObjectCache *cache,
+    PRUint32 objectType)
 {
     if (!cache->doObjectType[objectType]) {
-	/* not caching this object kind */
-	return PR_FALSE;
+        /* not caching this object kind */
+        return PR_FALSE;
     }
     if (!cache->searchedObjectType[objectType]) {
-	/* objects are not cached yet */
-	return PR_FALSE;
+        /* objects are not cached yet */
+        return PR_FALSE;
     }
     if (!search_for_objects(cache)) {
-	/* not logged in */
-	return PR_FALSE;
+        /* not logged in */
+        return PR_FALSE;
     }
     return PR_TRUE;
 }
 
 NSS_IMPLEMENT PRStatus
-nssTokenObjectCache_GetObjectAttributes (
-  nssTokenObjectCache *cache,
-  NSSArena *arenaOpt,
-  nssCryptokiObject *object,
-  CK_OBJECT_CLASS objclass,
-  CK_ATTRIBUTE_PTR atemplate,
-  CK_ULONG atlen
-)
+nssTokenObjectCache_GetObjectAttributes(
+    nssTokenObjectCache *cache,
+    NSSArena *arenaOpt,
+    nssCryptokiObject *object,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR atemplate,
+    CK_ULONG atlen)
 {
     PRUint32 i, j;
     NSSArena *arena = NULL;
     nssArenaMark *mark = NULL;
     nssCryptokiObjectAndAttributes *cachedOA = NULL;
     nssCryptokiObjectAndAttributes **oa = NULL;
     PRUint32 objectType;
     if (!token_is_present(cache)) {
-	return PR_FAILURE;
+        return PR_FAILURE;
     }
     PZ_Lock(cache->lock);
     switch (objclass) {
-    case CKO_CERTIFICATE:    objectType = cachedCerts; break;
-    case CKO_NETSCAPE_TRUST: objectType = cachedTrust; break;
-    case CKO_NETSCAPE_CRL:   objectType = cachedCRLs;  break;
-    default: goto loser;
+        case CKO_CERTIFICATE:
+            objectType = cachedCerts;
+            break;
+        case CKO_NETSCAPE_TRUST:
+            objectType = cachedTrust;
+            break;
+        case CKO_NETSCAPE_CRL:
+            objectType = cachedCRLs;
+            break;
+        default:
+            goto loser;
     }
     if (!cache_available_for_object_type(cache, objectType)) {
-	goto loser;
+        goto loser;
     }
     oa = cache->objects[objectType];
     if (!oa) {
-	goto loser;
+        goto loser;
     }
     for (; *oa; oa++) {
-	if (nssCryptokiObject_Equal((*oa)->object, object)) {
-	    cachedOA = *oa;
-	    break;
-	}
+        if (nssCryptokiObject_Equal((*oa)->object, object)) {
+            cachedOA = *oa;
+            break;
+        }
     }
     if (!cachedOA) {
-	goto loser; /* don't have this object */
+        goto loser; /* don't have this object */
     }
     if (arenaOpt) {
-	arena = arenaOpt;
-	mark = nssArena_Mark(arena);
+        arena = arenaOpt;
+        mark = nssArena_Mark(arena);
     }
-    for (i=0; i<atlen; i++) {
-	for (j=0; j<cachedOA->numAttributes; j++) {
-	    if (atemplate[i].type == cachedOA->attributes[j].type) {
-		CK_ATTRIBUTE_PTR attr = &cachedOA->attributes[j];
-		if (cachedOA->attributes[j].ulValueLen == 0 ||
-		    cachedOA->attributes[j].ulValueLen == (CK_ULONG)-1) 
-		{
-		    break; /* invalid attribute */
-		}
-		if (atemplate[i].ulValueLen > 0) {
-		    if (atemplate[i].pValue == NULL ||
-		        atemplate[i].ulValueLen < attr->ulValueLen) 
-		    {
-			goto loser;
-		    }
-		} else {
-		    atemplate[i].pValue = nss_ZAlloc(arena, attr->ulValueLen);
-		    if (!atemplate[i].pValue) {
-			goto loser;
-		    }
-		}
-		nsslibc_memcpy(atemplate[i].pValue,
-		               attr->pValue, attr->ulValueLen);
-		atemplate[i].ulValueLen = attr->ulValueLen;
-		break;
-	    }
-	}
-	if (j == cachedOA->numAttributes) {
-	    atemplate[i].ulValueLen = (CK_ULONG)-1;
-	}
+    for (i = 0; i < atlen; i++) {
+        for (j = 0; j < cachedOA->numAttributes; j++) {
+            if (atemplate[i].type == cachedOA->attributes[j].type) {
+                CK_ATTRIBUTE_PTR attr = &cachedOA->attributes[j];
+                if (cachedOA->attributes[j].ulValueLen == 0 ||
+                    cachedOA->attributes[j].ulValueLen == (CK_ULONG)-1) {
+                    break; /* invalid attribute */
+                }
+                if (atemplate[i].ulValueLen > 0) {
+                    if (atemplate[i].pValue == NULL ||
+                        atemplate[i].ulValueLen < attr->ulValueLen) {
+                        goto loser;
+                    }
+                }
+                else {
+                    atemplate[i].pValue = nss_ZAlloc(arena, attr->ulValueLen);
+                    if (!atemplate[i].pValue) {
+                        goto loser;
+                    }
+                }
+                nsslibc_memcpy(atemplate[i].pValue,
+                               attr->pValue, attr->ulValueLen);
+                atemplate[i].ulValueLen = attr->ulValueLen;
+                break;
+            }
+        }
+        if (j == cachedOA->numAttributes) {
+            atemplate[i].ulValueLen = (CK_ULONG)-1;
+        }
     }
     PZ_Unlock(cache->lock);
     if (mark) {
-	nssArena_Unmark(arena, mark);
+        nssArena_Unmark(arena, mark);
     }
     return PR_SUCCESS;
 loser:
     PZ_Unlock(cache->lock);
     if (mark) {
-	nssArena_Release(arena, mark);
+        nssArena_Release(arena, mark);
     }
     return PR_FAILURE;
 }
 
 NSS_IMPLEMENT PRStatus
-nssTokenObjectCache_ImportObject (
-  nssTokenObjectCache *cache,
-  nssCryptokiObject *object,
-  CK_OBJECT_CLASS objclass,
-  CK_ATTRIBUTE_PTR ot,
-  CK_ULONG otlen
-)
+nssTokenObjectCache_ImportObject(
+    nssTokenObjectCache *cache,
+    nssCryptokiObject *object,
+    CK_OBJECT_CLASS objclass,
+    CK_ATTRIBUTE_PTR ot,
+    CK_ULONG otlen)
 {
     PRStatus status = PR_SUCCESS;
     PRUint32 count;
     nssCryptokiObjectAndAttributes **oa, ***otype;
     PRUint32 objectType;
     PRBool haveIt = PR_FALSE;
 
     if (!token_is_present(cache)) {
-	return PR_SUCCESS; /* cache not active, ignored */
+        return PR_SUCCESS; /* cache not active, ignored */
     }
     PZ_Lock(cache->lock);
     switch (objclass) {
-    case CKO_CERTIFICATE:    objectType = cachedCerts; break;
-    case CKO_NETSCAPE_TRUST: objectType = cachedTrust; break;
-    case CKO_NETSCAPE_CRL:   objectType = cachedCRLs;  break;
-    default:
-	PZ_Unlock(cache->lock);
-	return PR_SUCCESS; /* don't need to import it here */
+        case CKO_CERTIFICATE:
+            objectType = cachedCerts;
+            break;
+        case CKO_NETSCAPE_TRUST:
+            objectType = cachedTrust;
+            break;
+        case CKO_NETSCAPE_CRL:
+            objectType = cachedCRLs;
+            break;
+        default:
+            PZ_Unlock(cache->lock);
+            return PR_SUCCESS; /* don't need to import it here */
     }
     if (!cache_available_for_object_type(cache, objectType)) {
-	PZ_Unlock(cache->lock);
-	return PR_SUCCESS; /* cache not active, ignored */
+        PZ_Unlock(cache->lock);
+        return PR_SUCCESS; /* cache not active, ignored */
     }
     count = 0;
     otype = &cache->objects[objectType]; /* index into array of types */
-    oa = *otype; /* the array of objects for this type */
+    oa = *otype;                         /* the array of objects for this type */
     while (oa && *oa) {
-	if (nssCryptokiObject_Equal((*oa)->object, object)) {
-	    haveIt = PR_TRUE;
-	    break;
-	}
-	count++;
-	oa++;
+        if (nssCryptokiObject_Equal((*oa)->object, object)) {
+            haveIt = PR_TRUE;
+            break;
+        }
+        count++;
+        oa++;
     }
     if (haveIt) {
-	/* Destroy the old entry */
-	(*oa)->object->token = NULL;
-	nssCryptokiObject_Destroy((*oa)->object);
-	nssArena_Destroy((*oa)->arena);
-    } else {
-	/* Create space for a new entry */
-	if (count > 0) {
-	    *otype = nss_ZREALLOCARRAY(*otype,
-	                               nssCryptokiObjectAndAttributes *, 
-	                               count + 2);
-	} else {
-	    *otype = nss_ZNEWARRAY(NULL, nssCryptokiObjectAndAttributes *, 2);
-	}
+        /* Destroy the old entry */
+        (*oa)->object->token = NULL;
+        nssCryptokiObject_Destroy((*oa)->object);
+        nssArena_Destroy((*oa)->arena);
+    }
+    else {
+        /* Create space for a new entry */
+        if (count > 0) {
+            *otype = nss_ZREALLOCARRAY(*otype,
+                                       nssCryptokiObjectAndAttributes *,
+                                       count + 2);
+        }
+        else {
+            *otype = nss_ZNEWARRAY(NULL, nssCryptokiObjectAndAttributes *, 2);
+        }
     }
     if (*otype) {
-	nssCryptokiObject *copyObject = nssCryptokiObject_Clone(object);
-	(*otype)[count] = create_object_of_type(copyObject, objectType,
-	                                        &status);
-    } else {
-	status = PR_FAILURE;
+        nssCryptokiObject *copyObject = nssCryptokiObject_Clone(object);
+        (*otype)[count] = create_object_of_type(copyObject, objectType,
+                                                &status);
+    }
+    else {
+        status = PR_FAILURE;
     }
     PZ_Unlock(cache->lock);
     return status;
 }
 
 NSS_IMPLEMENT void
-nssTokenObjectCache_RemoveObject (
-  nssTokenObjectCache *cache,
-  nssCryptokiObject *object
-)
+nssTokenObjectCache_RemoveObject(
+    nssTokenObjectCache *cache,
+    nssCryptokiObject *object)
 {
     PRUint32 oType;
     nssCryptokiObjectAndAttributes **oa, **swp = NULL;
     if (!token_is_present(cache)) {
-	return;
+        return;
     }
     PZ_Lock(cache->lock);
-    for (oType=0; oType<3; oType++) {
-	if (!cache_available_for_object_type(cache, oType) ||
-	    !cache->objects[oType])
-	{
-	    continue;
-	}
-	for (oa = cache->objects[oType]; *oa; oa++) {
-	    if (nssCryptokiObject_Equal((*oa)->object, object)) {
-		swp = oa; /* the entry to remove */
-		while (oa[1]) oa++; /* go to the tail */
-		(*swp)->object->token = NULL;
-		nssCryptokiObject_Destroy((*swp)->object);
-		nssArena_Destroy((*swp)->arena); /* destroy it */
-		*swp = *oa; /* swap the last with the removed */
-		*oa = NULL; /* null-terminate the array */
-		break;
-	    }
-	}
-	if (swp) {
-	    break;
-	}
+    for (oType = 0; oType < 3; oType++) {
+        if (!cache_available_for_object_type(cache, oType) ||
+            !cache->objects[oType]) {
+            continue;
+        }
+        for (oa = cache->objects[oType]; *oa; oa++) {
+            if (nssCryptokiObject_Equal((*oa)->object, object)) {
+                swp = oa; /* the entry to remove */
+                while (oa[1])
+                    oa++; /* go to the tail */
+                (*swp)->object->token = NULL;
+                nssCryptokiObject_Destroy((*swp)->object);
+                nssArena_Destroy((*swp)->arena); /* destroy it */
+                *swp = *oa;                      /* swap the last with the removed */
+                *oa = NULL;                      /* null-terminate the array */
+                break;
+            }
+        }
+        if (swp) {
+            break;
+        }
     }
-    if ((oType <3) &&
-		cache->objects[oType] && cache->objects[oType][0] == NULL) {
-	nss_ZFreeIf(cache->objects[oType]); /* no entries remaining */
-	cache->objects[oType] = NULL;
+    if ((oType < 3) &&
+        cache->objects[oType] && cache->objects[oType][0] == NULL) {
+        nss_ZFreeIf(cache->objects[oType]); /* no entries remaining */
+        cache->objects[oType] = NULL;
     }
     PZ_Unlock(cache->lock);
 }
 
 /* These two hash algorithms are presently sufficient.
-** They are used for fingerprints of certs which are stored as the 
+** They are used for fingerprints of certs which are stored as the
 ** CKA_CERT_SHA1_HASH and CKA_CERT_MD5_HASH attributes.
 ** We don't need to add SHAxxx to these now.
 */
 /* XXX of course this doesn't belong here */
 NSS_IMPLEMENT NSSAlgorithmAndParameters *
-NSSAlgorithmAndParameters_CreateSHA1Digest (
-  NSSArena *arenaOpt
-)
+NSSAlgorithmAndParameters_CreateSHA1Digest(
+    NSSArena *arenaOpt)
 {
     NSSAlgorithmAndParameters *rvAP = NULL;
     rvAP = nss_ZNEW(arenaOpt, NSSAlgorithmAndParameters);
     if (rvAP) {
-	rvAP->mechanism.mechanism = CKM_SHA_1;
-	rvAP->mechanism.pParameter = NULL;
-	rvAP->mechanism.ulParameterLen = 0;
+        rvAP->mechanism.mechanism = CKM_SHA_1;
+        rvAP->mechanism.pParameter = NULL;
+        rvAP->mechanism.ulParameterLen = 0;
     }
     return rvAP;
 }
 
 NSS_IMPLEMENT NSSAlgorithmAndParameters *
-NSSAlgorithmAndParameters_CreateMD5Digest (
-  NSSArena *arenaOpt
-)
+NSSAlgorithmAndParameters_CreateMD5Digest(
+    NSSArena *arenaOpt)
 {
     NSSAlgorithmAndParameters *rvAP = NULL;
     rvAP = nss_ZNEW(arenaOpt, NSSAlgorithmAndParameters);
     if (rvAP) {
-	rvAP->mechanism.mechanism = CKM_MD5;
-	rvAP->mechanism.pParameter = NULL;
-	rvAP->mechanism.ulParameterLen = 0;
+        rvAP->mechanism.mechanism = CKM_MD5;
+        rvAP->mechanism.pParameter = NULL;
+        rvAP->mechanism.ulParameterLen = 0;
     }
     return rvAP;
 }
-
--- a/lib/dev/nssdev.h
+++ b/lib/dev/nssdev.h
@@ -19,22 +19,18 @@ PR_BEGIN_EXTERN_C
 
 /* NSSAlgorithmAndParameters
  *
  * NSSAlgorithmAndParameters_CreateSHA1Digest
  * NSSAlgorithmAndParameters_CreateMD5Digest
  */
 
 NSS_EXTERN NSSAlgorithmAndParameters *
-NSSAlgorithmAndParameters_CreateSHA1Digest
-(
-  NSSArena *arenaOpt
-);
+NSSAlgorithmAndParameters_CreateSHA1Digest(
+    NSSArena *arenaOpt);
 
 NSS_EXTERN NSSAlgorithmAndParameters *
-NSSAlgorithmAndParameters_CreateMD5Digest
-(
-  NSSArena *arenaOpt
-);
+NSSAlgorithmAndParameters_CreateMD5Digest(
+    NSSArena *arenaOpt);
 
 PR_END_EXTERN_C
 
 #endif /* DEV_H */